From 171a75c09458054b135e86d4ce8c15dda58902ed Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 15 Mar 2023 11:36:50 +0100
Subject: [PATCH 001/346] Bump webpack from 5.75.0 to 5.76.1 in /frontend
 (#371)

Bumps [webpack](https://github.com/webpack/webpack) from 5.75.0 to
5.76.1.
---
 frontend/yarn.lock | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/frontend/yarn.lock b/frontend/yarn.lock
index 8dc48c22b..911acfa48 100644
--- a/frontend/yarn.lock
+++ b/frontend/yarn.lock
@@ -12219,9 +12219,9 @@ webpack-sources@^3.2.3:
   integrity sha512-/DyMEOrDgLKKIG0fmvtz+4dUX/3Ghozwgm6iPp8KRhvn+eQf9+Q7GWxVNMk3+uCPWfdXYC4ExGBckIXdFEfH1w==
 
 webpack@^5.64.4:
-  version "5.75.0"
-  resolved "https://registry.npmjs.org/webpack/-/webpack-5.75.0.tgz"
-  integrity sha512-piaIaoVJlqMsPtX/+3KTTO6jfvrSYgauFVdt8cr9LTHKmcq/AMd4mhzsiP7ZF/PGRNPGA8336jldh9l2Kt2ogQ==
+  version "5.76.1"
+  resolved "https://registry.yarnpkg.com/webpack/-/webpack-5.76.1.tgz#7773de017e988bccb0f13c7d75ec245f377d295c"
+  integrity sha512-4+YIK4Abzv8172/SGqObnUjaIHjLEuUasz9EwQj/9xmPPkYJy2Mh03Q/lJfSD3YLzbxy5FeTq5Uw0323Oh6SJQ==
   dependencies:
     "@types/eslint-scope" "^3.7.3"
     "@types/estree" "^0.0.51"

From 40029630fb8b33f472390e598b46d691052e7cb4 Mon Sep 17 00:00:00 2001
From: dlpzx <71252798+dlpzx@users.noreply.github.com>
Date: Mon, 20 Mar 2023 16:58:01 +0100
Subject: [PATCH 002/346] Upgrade sqlalchemy 13.16 -> 1.3.24 and starlette
 0.19.1 -> 0.25.0, ariadne 0.13 -> 0.17, fastapi 0.78 -> 0.92 (#379)

### Feature or Bugfix
- Bugfix

### Detail
- Upgrade starlette version: vulnerability found in starlette <0.25
(https://security.snyk.io/vuln/SNYK-PYTHON-STARLETTE-3319937). It does
not affect data.all as we do not use `python-multipart` but nevertheless
it is better to be in a non-vulnerable version.
- Upgrade sqlalchemy version: the vulnerability is not stopping the CICD
pipeline, but by upgrading we are able to use the latest version of
alembic and we can revert the pinning of the version which happened in
https://github.com/awslabs/aws-dataall/pull/354
- Upgrade ariadne to version 0.17.0: needed to support starlette 0.25.0
Higher version of ariadne==0.18.0 removes `PLAYGROUND_HTML` constant
that we use in testing (Check
[docs](https://ariadnegraphql.org/docs/0.17/constants-reference))
- Upgrade fastapi version to 0.92.0: needed to support starlette 0.25.0
(Version that supports this particular version of starlette,
[docs](https://fastapi.tiangolo.com/release-notes/#0920))
### Relates
- #378

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.
---
 Makefile                                  | 4 ++--
 backend/dataall/cdkproxy/requirements.txt | 3 ++-
 backend/requirements.txt                  | 6 ++++--
 deploy/stacks/dbmigration.py              | 2 +-
 4 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/Makefile b/Makefile
index 9e3492333..4c695ed4f 100644
--- a/Makefile
+++ b/Makefile
@@ -76,12 +76,12 @@ assume-role:
 	rm .assume_role_json
 
 drop-tables: upgrade-pip install-backend
-	pip install 'alembic==1.9.4'
+	pip install 'alembic'
 	export PYTHONPATH=./backend && \
 	python backend/migrations/drop_tables.py
 
 upgrade-db: upgrade-pip install-backend
-	pip install 'alembic==1.9.4'
+	pip install 'alembic'
 	export PYTHONPATH=./backend && \
 	alembic -c backend/alembic.ini upgrade head
 
diff --git a/backend/dataall/cdkproxy/requirements.txt b/backend/dataall/cdkproxy/requirements.txt
index 9fd74e6ab..f2da84ebe 100644
--- a/backend/dataall/cdkproxy/requirements.txt
+++ b/backend/dataall/cdkproxy/requirements.txt
@@ -5,7 +5,8 @@ boto3-stubs==1.24.85
 botocore==1.27.85
 cdk-nag==2.7.2
 constructs==10.0.73
-fastapi==0.78.0
+starlette==0.25.0
+fastapi == 0.92.0
 Flask==2.0.3
 PyYAML==6.0
 requests==2.27.1
diff --git a/backend/requirements.txt b/backend/requirements.txt
index 47f416aff..1b6fbe97d 100644
--- a/backend/requirements.txt
+++ b/backend/requirements.txt
@@ -1,7 +1,8 @@
-ariadne==0.13.0
+ariadne==0.17.0
 aws-xray-sdk==2.4.3
 boto3==1.24.85
 botocore==1.27.85
+fastapi == 0.92.0
 Flask==2.0.3
 flask-cors==3.0.10
 nanoid==2.0.0
@@ -12,4 +13,5 @@ pyjwt==2.4.0
 PyYAML==6.0
 requests==2.27.1
 requests_aws4auth==1.1.1
-sqlalchemy==1.3.16
\ No newline at end of file
+sqlalchemy==1.3.24
+starlette==0.25.0
\ No newline at end of file
diff --git a/deploy/stacks/dbmigration.py b/deploy/stacks/dbmigration.py
index 1930dcff0..f48712795 100644
--- a/deploy/stacks/dbmigration.py
+++ b/deploy/stacks/dbmigration.py
@@ -108,7 +108,7 @@ def __init__(
                                 'python -m venv env',
                                 '. env/bin/activate',
                                 'pip install -r backend/requirements.txt',
-                                'pip install "alembic==1.9.4"',
+                                'pip install alembic',
                                 'export PYTHONPATH=backend',
                                 f'export envname={envname}',
                                 f'alembic -c backend/alembic.ini upgrade head',

From 79f0e4ca12840563338dbbe206e04a199233b1b4 Mon Sep 17 00:00:00 2001
From: dlpzx <71252798+dlpzx@users.noreply.github.com>
Date: Mon, 27 Mar 2023 10:15:52 +0200
Subject: [PATCH 003/346] Add dependency in dataset stack (#385)

### Feature or Bugfix
- Bugfix

### Detail
- Added dependency to dataset S3 Bucket for the dataset crawler

### Relates
- #384

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.
---
 backend/dataall/cdkproxy/stacks/dataset.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/backend/dataall/cdkproxy/stacks/dataset.py b/backend/dataall/cdkproxy/stacks/dataset.py
index f7da39072..4ee53beb1 100644
--- a/backend/dataall/cdkproxy/stacks/dataset.py
+++ b/backend/dataall/cdkproxy/stacks/dataset.py
@@ -459,7 +459,7 @@ def __init__(self, scope, id, target_uri: str = None, **kwargs):
             },
         )
 
-        glue.CfnCrawler(
+        crawler = glue.CfnCrawler(
             self,
             dataset.GlueCrawlerName,
             description=f'datall Glue Crawler for bucket {dataset.S3BucketName}',
@@ -475,6 +475,7 @@ def __init__(self, scope, id, target_uri: str = None, **kwargs):
                 ]
             ),
         )
+        crawler.node.add_dependency(dataset_bucket)
 
         job_args = {
             '--additional-python-modules': 'pydeequ,great_expectations,requests',

From 95c8619798bf3651e66f2a4522f5686efcd5635d Mon Sep 17 00:00:00 2001
From: wolanlu <101870655+wolanlu@users.noreply.github.com>
Date: Tue, 28 Mar 2023 16:18:37 +0200
Subject: [PATCH 004/346] feat: generate url with dynamically domain name for
 quicksight embeded dashboards (#380)

feat: generate url with dynamically domain name for quicksight embeded
dashboards

### Feature or Bugfix
- Feature

### Detail
Previously one had to configure statically data.all domain name inside
QuickSight to allow dashboards to be embeddable inside data.all. With
new api it is possible to dynamically set in inside request. User no
longer has to configure QuickSight before using it.

### Relates

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.
---
 .../dataall/api/Objects/Dashboard/resolvers.py |   7 +++++++
 backend/dataall/aws/handlers/quicksight.py     |  16 +++++++++-------
 backend/requirements.txt                       |   4 ++--
 deploy/pivot_role/pivotRole.yaml               |   2 +-
 documentation/userguide/docs/environments.md   |   9 ---------
 .../docs/pictures/environments/boot_qs_3.png   | Bin 112581 -> 0 bytes
 6 files changed, 19 insertions(+), 19 deletions(-)
 delete mode 100644 documentation/userguide/docs/pictures/environments/boot_qs_3.png

diff --git a/backend/dataall/api/Objects/Dashboard/resolvers.py b/backend/dataall/api/Objects/Dashboard/resolvers.py
index 799354207..a44800502 100644
--- a/backend/dataall/api/Objects/Dashboard/resolvers.py
+++ b/backend/dataall/api/Objects/Dashboard/resolvers.py
@@ -7,6 +7,12 @@
 from ....db import permissions, models
 from ....db.api import ResourcePolicy, Glossary, Vote
 from ....searchproxy import indexers
+from ....utils import Parameter
+
+param_store = Parameter()
+ENVNAME = os.getenv("envname", "local")
+DOMAIN_NAME = param_store.get_parameter(env=ENVNAME, path="frontend/custom_domain_name") if ENVNAME not in ["local", "dkrcompose"] else None
+DOMAIN_URL = f"https://{DOMAIN_NAME}" if DOMAIN_NAME else "http://localhost:8080"
 
 
 def get_quicksight_reader_url(context, source, dashboardUri: str = None):
@@ -33,6 +39,7 @@ def get_quicksight_reader_url(context, source, dashboardUri: str = None):
                 region=env.region,
                 UserName=context.username,
                 DashboardId=dash.DashboardId,
+                domain_name=DOMAIN_URL,
             )
         else:
             shared_groups = db.api.Dashboard.query_all_user_groups_shareddashboard(
diff --git a/backend/dataall/aws/handlers/quicksight.py b/backend/dataall/aws/handlers/quicksight.py
index c468296de..54ca9ad5e 100644
--- a/backend/dataall/aws/handlers/quicksight.py
+++ b/backend/dataall/aws/handlers/quicksight.py
@@ -234,9 +234,7 @@ def register_user_in_group(AwsAccountId, UserName, GroupName, UserRole='READER')
         return Quicksight.describe_user(AwsAccountId, UserName)
 
     @staticmethod
-    def get_reader_session(
-        AwsAccountId, region, UserName, UserRole='READER', DashboardId=None
-    ):
+    def get_reader_session(AwsAccountId, region, UserName, UserRole="READER", DashboardId=None, domain_name: str = None):
 
         client = Quicksight.get_quicksight_client(AwsAccountId, region)
         user = Quicksight.describe_user(AwsAccountId, UserName)
@@ -245,12 +243,16 @@ def get_reader_session(
                 AwsAccountId=AwsAccountId, UserName=UserName, GroupName=DEFAULT_GROUP_NAME, UserRole=UserRole
             )
 
-        response = client.get_dashboard_embed_url(
+        response = client.generate_embed_url_for_registered_user(
             AwsAccountId=AwsAccountId,
-            DashboardId=DashboardId,
-            IdentityType='QUICKSIGHT',
             SessionLifetimeInMinutes=120,
-            UserArn=user.get('Arn'),
+            UserArn=user.get("Arn"),
+            ExperienceConfiguration={
+                "Dashboard": {
+                    "InitialDashboardId": DashboardId,
+                },
+            },
+            AllowedDomains=[domain_name],
         )
         return response.get('EmbedUrl')
 
diff --git a/backend/requirements.txt b/backend/requirements.txt
index 1b6fbe97d..7429e61c9 100644
--- a/backend/requirements.txt
+++ b/backend/requirements.txt
@@ -1,7 +1,7 @@
 ariadne==0.17.0
 aws-xray-sdk==2.4.3
-boto3==1.24.85
-botocore==1.27.85
+boto3==1.26.95
+botocore==1.29.95
 fastapi == 0.92.0
 Flask==2.0.3
 flask-cors==3.0.10
diff --git a/deploy/pivot_role/pivotRole.yaml b/deploy/pivot_role/pivotRole.yaml
index 601d30f70..3dc29385e 100644
--- a/deploy/pivot_role/pivotRole.yaml
+++ b/deploy/pivot_role/pivotRole.yaml
@@ -593,7 +593,7 @@ Resources:
               - "quicksight:DescribeDashboard"
               - "quicksight:DescribeUser"
               - "quicksight:SearchDashboards"
-              - "quicksight:GetDashboardEmbedUrl"
+              - "quicksight:GenerateEmbedUrlForRegisteredUser"
               - "quicksight:GenerateEmbedUrlForAnonymousUser"
               - "quicksight:UpdateUser"
               - "quicksight:ListUserGroups"
diff --git a/documentation/userguide/docs/environments.md b/documentation/userguide/docs/environments.md
index 9aabe13b6..9c18cbe44 100644
--- a/documentation/userguide/docs/environments.md
+++ b/documentation/userguide/docs/environments.md
@@ -77,15 +77,6 @@ Enterprise option as show below:
 
 ![quicksight](pictures/environments/boot_qs_2.png#zoom#shadow)
 
-After you've successfully subscribed to QuickSight, we need to trust <span style="color:grey">*data.all*</span> domain on QuickSight
-to enable Dashboard Embedding on <span style="color:grey">*data.all*</span> UI. To do that go to:
-
-1. Manage QuickSight
-2. Domains and Embedding
-3. Put <span style="color:grey">*data.all*</span> domain and check include subdomains
-4. Save
-
-![quicksight_domain](pictures/environments/boot_qs_3.png#zoom#shadow)
 
 ## :material-new-box: **Link an environment**
 ### Necessary permissions
diff --git a/documentation/userguide/docs/pictures/environments/boot_qs_3.png b/documentation/userguide/docs/pictures/environments/boot_qs_3.png
deleted file mode 100644
index b0c39e6fd67447658609c97a961d6999810c8e25..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 112581
zcmagG2UJtb+dYgZqEQ49<bu*vM1s<LRZvhMv?K(igpPEicSHq5q*&-3B#?yOI|2$w
zmEJ)_dhZh2e{$d7Th{ljo9kLYOmfbgGiT<R{p`J;307BCq=GO($jHd3o;-f2Nk&G=
zPew*Qb?z*9XY#C0EE(A;1xtB(^(XT3Z0e5o=9V^QWMp^Vn;06>KDm3R#mLCeu%&~W
z3*zXe`R2_#O+&w?FAZ!RU+PoZQa;7#>HYkR=I3cd16jI8eVO&ecWi`0o|bIC((w4&
zHw9foRlj!zInap=COE}YdR*9V-|rKsX)-w&=py;}_%LL{tuq`HY_60M_cYHq(?v*A
zepL<17kx4Ggl6}0eq02b1>3>dh<gzU@6QRn+MtNY`S|))QrOqPkqhKfJh?J5kW&h`
z1EW~ZBq&SVd6IMIRCnh-MdYK{1x5}?*cWvr<a)dEK(7X$0H1)dAz6U<!=1TnKl4rL
zrtiPWkTNsm>!g5Kv3)H(^VeUlekO)AV{d8Te&@Ca^v(vJK1C7yDA<9L&)0-YRZ!$*
zenpueU%u+W$%&KL>C;uWPd833ot&IZ9G{#_nq9ouUiQMX?i3k!x3Qb9sNn?YSS>T{
zC+09185F!eM|LX6lI#q4bqf42fgdum(;ouKD8XM^@bfT*{J%e?<WD*M->=E1h+ljF
zmw)mE{Dqr1nwi--J+pUq*0c@=ry8_GXgh1eR3uF7ZF!7L?TyWN+-)6*hmc9ROMsWQ
zX3j=z?zT2|P7?0YH~#*H1b9t+oA(CW-(PXImcF44Q)iR6cQj)Y;o;-qyCDN%V`GzY
zG&Psde5mlB!@>WgZ#;8$c97uZb#rs$aTDaRceLQ;7Z(@j<rCl)5V!}vanH%a&e_QQ
zo}JUp|2oNkpXZ^OlZm6HgR`Z*9UJkyM#lCo&eAt-5F7fRfB$uzX6}~%+mfBre{Kuh
zATRL~UVa`v-v2o_I8=)Gu7tX!yP1v7LrYuGJ)jL4Q9)6uzrX+g`{aLH{69x(|L>9f
zVnY1?_t5|I(f{{Qq?4JWyuB@G(^=+!AI*Ob{=Xmo=Rhf5;;sLmuK2Hh{`+0f(J~Mz
z-v4=MGLYw@kTNo|`(#fZK0vsiS{`?cp+k-YZbaV_SE9KExqa(A^ft{SI*rRt4fHOL
zoIAur((t+Ok#zJlDoYKVZ_gQ@(Rleb<y_V+4#?w9jatvJgo!vzl|^NySB(FGo+P}V
zUKM#%*(AF=C7t=h_h6-L{Mk9S7i8q5e%+@fA1#}cGH+iUnm-EoSWbQE5!tCTH1|pU
z65zT2Cib~8&%d0SjQsmK8sppP-wH@w0P*r7o}ZFye|N>{-x{WQtnh+HknvvFzg?sM
zy9+eN<_R$u{`K|+$X~~NfA;(?$xZ^-XsQQVp8l#ws$c%@wGWrszN#pMm|P~=g*5ls
zra{Y$oU{MdFk8gC``zpHYqbZt!j?U^s<~{JWDnP0CAtjgST2Q!k$zG%_YL>xT4;@-
zU-U|>B4J5V;yG$~-*^$*xB;1ki~rW$u4?{w*)c2{r_7^y^m_=!M+bXlS~*WMO4KCe
z|D_-N$Kfx;`Q5tKA~WSke>LR`WEl~xW0-u4+OArs$lUeE1Ih~SnxoxO4~K6F=ro^$
zU9D6(3f*e=g3#;Y0&|>>xBjKe_Ep%X+0A1G%(7iqMxIE!&a_6Zj5&3c9PLd`;*fZA
zJSwj=*_ZGg1B*8Ye=RkAzDfM)lw2!z>J)EQ2xqYso%D9fmN&MOJlgKPDZes%>uaA=
zvGrgllc=4I%hEtezy*epPh9Y^u0AZ>wlR=uRU$LV6F2VEC0+VETsFHcBYLDYlH0^U
zw!3L5x2lsOd(!vd9=rLCJG<;8r_66J|962g5I(fmiZC9YsT#)KDYd2Ib-2--^Z5M@
zolfzE&mYGu0-Qz1oj)EOAFS!@a&Aq1Q06J1<xm=8v`8?bmfluZN;PsFwC>A#zq8QW
zj6+~Q%&1Ez$L&fJ=F{ztmW#SvjdI9GZ-z_tD7^b?s?=f=_5B0KN|@xTL$v$uu!W#;
z#P@?tdlCVl<%ArnJz8oT-;pFOIW3B}Q3x<Q+3)fz)LY7Lyi^n`Xi<6hVRN>2LBrL%
z+7UA`(ns<JzG~tnsvfE;Nb1{GGGA;)iY?O`3zsFqB^8~CahmINiHt`39hKyu>n51J
z{!9gp{z#P{|AEy}RsGe-`9OFsPS|?6YOS_S+kLRk@8t0dtTlEK-Zh24dvdtd)xvE3
z2X$0`co|`=8pFq4DE*OJ*m^)Hpn|}KuJyjn`)HCx_{ony|Lkp5w1MY$7Wbe2uhlS@
z`O!W*{jZxJt|8c?Ha~c+)rfkc8oDZ@b?s|hGEEFTX6UQHLmk`oJKjp(?SreWIIC2O
z&NC)?t%^(T|NhuJ?xH|Yp7CmJ34JXA!_vY}&DNb9*<TZ}(ayr3<X~tGSHYdEnxQB#
zwEK!I9$(L1{EKD*AzxIx-f&?c?a>9ic0t;>`*i3)jn`hwv8k3_^;DqgB{jm(ZCG5n
zS6}d?-$@O&M__C_Xr)ob*6(O%a9r(Aj7lCV&p^62I>nE~qZ@)zNVqJTawfT_c}axI
z#AX%pdv13uKNez6#{8vM{7l0&NMY9+@ng0lzUs2v&1>@9Q(kxU#AcZ4)Wd^O+(?`$
zvxKt){NimHfs<vbYcoMrN)lhUPnlQ8t8simplwG>OEfc-D(nt+mZCYn^fhHDM~`IG
zd%vG<3N0!$Ya4mQpl{kGds00*fq`8+IG8+H?d+$)PRY_`Y*R8jM__SVpl@88@7T)z
zj*tgKRc4gy2xXQQm}~nZ#ebz_&|r0@ho-brtJ-y^A2rI~e0|#0I=9{U+uKK%`YXEc
zT{pB!4lL=vp0YLD5pt+ZW{VmcPFJLsT+B+>yHn}DVSKQN&$Ah?bg`>dM|vrAU49B~
zx$5W33u6h%(4$B!^!}vB9JANnxEpM0#w=QYw!u(e9(F=5x8<@Zd$!;>paHG8ag9{a
z{G)uILa+56PAkW1F3~MXdaGUVa$K*fWQP!8HeB{N#!TojtRnNBX)gwrEBAbVb7pro
z-hM>KBGGJTX|OE#3g?L5$pLyWe3K?I53>bAtr-}9WneV7>+j{1O*k^Xmt^~sk?;ug
z#{&%Xv5%IFkX2vS-HK4jXU%z0_jD_l7JY?&XDf6d6f#tl#6Jn}PL|pX8-KhFE4&#d
z)?g;c#Dbc$b|0zrIUqFt;vt3$>&e<0uI6qhg4}}{yG5trLNlH=jiwCWrGETeVf;Xj
zu5PMafL@cJSu5RO-6m@+{?2-OxQu}8TWo_)KpRu2)4}eFi1#0dXzqp2x%yRc0^C$(
zc#H0cs*T#r`Jf-pZz?ghALno1^x-VneZ(5SJoj0yU4<g1(h|vwJ74X#Hen}Ci2mSK
z^9iNz5*aVJ_2Tp;2i_i;gXQU$GR$kQ)ctY|SbRKi6Wg#;n3wg?dRDFS*ZZNO6K}Ss
z!=-nJOvc-;@P4gctz6PWW`zy59kub+4ULpoA1w?Nm?$ztH9-WA9(cw&%M!Z1QwXOA
zSYr%$YW}LVl-BFVPN&JM99^F09P^%>ZVq?jJ)%eHU7lE(y}Pp&g)8>xOc2-E-8x0;
zd9Ra0ikU=go>9yENlEl2EV!D}$PsAZ0cdE<NVP{1*9-Xb{<XT3RaNBsNP)P}Yoc+O
zaX7{a%-Jd~ipZP<u;B1m@Bf(&hdr`xbwFgzbio5ZN92KJEB7zh909|&J(uj~N}m8F
zx9-P9E}<Sdx9S-SufWaIeCd}X?`SlriqFtV9{-sh-)~LrTO7z)it;-com8oaC`{(g
ztL~Z6ae8^9a#>Er3<*IY9WsAvv1iDs>}0Y#2#=>UbXe!r3<$x}>v;7M6b`~xeGbUP
zR<G^5uPCWqU7@P*_sMdq6t&RurLl^ljyT~qGg*kEOW51#-wW}W`v`XZ>b38zbI}s$
z#*Qd%RHqrr*K46CW4tAYDNXdsz2=?5*o%BShMt!F+nbM2&`M@W-=p<L>i6MFGrj#h
zwSRtrFkY-{lvW!7;!y)qzNs>-0YPPr$B=C`T;MHc6f`fFRiL_w$Nbdjk6oi;G_F*r
zmZfuZn2$a_=ludphTu)j-P@l_4hnl)1ELxN<$^m=e|PaXz~7!g{e63(H^*ylb$2R=
zmC!LzWT93D8;!oJLp$6FA%z}j?xo~wu>U?-tFxC6x>VxxDgs7fW(B#9%y3_?r;LYu
zOXJ=aQppxzM_<mm4_kt;_orPb8Eg6(y-9_<3pGSs>bZ;fk+F0KuAyEI7X1n`&2%^p
zO%b>>n723nRS#!{*xUXU!dv+Q!JZ><H6R#zta(k$AtjViun88FWzqXAnW=j#P(6aF
zXv;920RQo4#5%7cMT<Vds@0aRhsERf``kCM#tMSZh+o5b&KQN8$UFGAD2fJ%1^qEJ
zS@Rj=CC6m%%_k^&?8|by@yb}Jpi8xVq1|9^;z3y9LDHf4Q>dZVPuv%j{BK;q>2~5`
zZM$$BnXc5XLK)+ECzL81Q!J?gw=A@eQxw#Pol1|(%_}qwzy`<3eH*o}8)v4y#CIgF
z)FzyoLv3-5lB>#hwR%ex#dI`e6232Q!gHjY@3~_oDwQq!I5OI#IV|){f^QXCHA!lC
zyzV5s^~dxp20d76o>Gc1W#+N=cHa5Ez%!?~`=i5NqDd^$5uq<I-{Ha;m{Z#nIuH@$
zd<Hw3etrKcGn-W(Z1R(THpI8jy9BctqHPPt>H8aEW@0j^o&qp;YTMi<yw;={&RLB{
zqkXXf*1BbOJ9z%+R@FW*0xvKa;5;?D(lj2j`fO`32wCCegz0lFvvg);^Qt%BwxNVX
zv&hva!3rH=cI(Icn~IgwV1bgcATImjHz`VM-}WS5^W{k%e=W#89v|mdo4@8y$uf@<
zrys+4YQpG~YOzn@r;2cVMZ~W6#j?RC%aUNdGK&XVvyoUb_+UpVtspPC%J>`Bvm)<u
zR=RWCH-5c`O)*Fp@_(b3O~3`}QPo}CsNCYU&L)G;&4+hHUs=l7o61gtb2Qa>?z|l=
z8O`l66h5J?q?Yuxyguy?n-&R*H&~yyojS_CNeXL<)Bm6;K;jV3w={7|>d4?$B}78T
zdy&YXKZb&tKC`o8p)asB8ui%Ryb8g7%?e5wIt!DM=Qz{4yV=HDHCH_wXFcY6q>0S%
z?L!D-m$=uf_a?k<%CdT|`;V^qEz}~A*eTt};b*T^0wOC1SzmeZAfIKj(hu*8KRBxB
zR%R`S=D)LJ8bC%y`w+IDBa^!ij^+?`oUEqM$NlPcOr;_pSNt}t-{F5FUtpE3RnYzi
z>pV>><*+!}9?|61gDxyjq?mPriEt=uf(rasZnU65?|L3VBY4fWY}}kMc-{&+*dM~o
z{igpY%Tyc2`_L|4snU|f5PNaoj-nG12t}%6m81fUtQhnh{I8iK8Q%nY_OEBTP5P9L
zPF8z3iB6i@<y~9z9uEq1>37Jpid$8CkQyj^Pb)hnk{3Ne<+Io|I2PTSCZv{Ok1Oqa
z9IgK{)d6Wk47jkAhNo2Bo<l}K74pIf%e`u{E4b@maq#WUijV8nqz|sO>e*vtfg$9_
zN}qK%%sc_Bwj+C%<4uY@CSkbzhE>e?St=$|-5AU-Q7VpuHNTV5+bS_M6{7lO00Hs*
z)n9W*2-c^0l=Mk=AA9x6PI8#fb8h~k3w$omL&x#w6?(f5qqz;ykZX7}Qj{>;wUG?h
zUkq=j^zn>!>hTsf9n96&Z%7^&hv*46W8~C?13qmSu#JaP^ZG0%>z^zulFH%)?)?xs
z*DMsCPR-{c4b#mugwww-8*>c78}uCp59+(=n|@Ye&SZbqXlp_vV)u6BDoa5x>ss{j
z*!o=2D;juzFjFBC_RS>jl6rt?s~L#qpE&+PM1G!)Moh)p?=1Egu}FJrCytb?1al@i
z#8VGx*kTu-z*w_bJ7kCRjpV&RY#u+1kGrxB(!37ZHw2l+HuH|S3iZ82w~6O_>H8A&
z_jgxD2er<`Mvza6PPjK7Z-o1m8yPfqW%@SUw1e98OLrv8PBNX@o3C*W3oJth%w6EE
zj^G&k6wJ!sH;GCED_s#jnxC8BiPmtjsh8dmmv{N5!q5}W#LvjRm)zpvc5yLCSu29$
zwj%Ag6<DkD1q2B0C;NLT<nSw9P*^yMeIdMG(~s<gFj%Me*FH#F;%8glB_)V>SEJG8
z4you4flJR#r^Dzuelitlci~g*d<^kk7pSq<d<>w;JG^uxnVkEs<N#buEYJj)QeJns
zZ+fuN%(@n6vLl~NU?u`lv`gDS{g2EktvcVMmgaTOZ4Y7!DXH36DRK!47526&=gR5}
z4}2Y3OG)(#$0{5UWQDuce<yazP|L_Hdlvu{MUf?$!<vU8tJ>Xt0aF%#NxA1^C7b|)
zeXk+mw?D)1(H|$!e|YXQi1{w`$&!_h6ppozRY&QVmK0&V42u)UDQxn|;hZdgvgF~>
zycAXJwKcDv<HH}WxUYR}nY4Y?b`4tC?6}(k%rf5PmU?D2hMwoET$ap_2s<HTQ9YKE
zS9uMVQ83=Z+Pg=3UMnSb#{DgwXSmTTF+Y)WT-bp&tTlJvJ0w3g8phFJ1yvj<Z-FrP
z(+NQX2BnuMezav4nuf++XA#|xx37KP+)Myy=T4apeSGBrv)h<aToC-^!~K3-g)QOc
z2Fx!3Y8JLfxe#s=Oo}`E{g6#Us{On8cb0Unb4bIh_AK8`SJ|%{-u7Y@mo}(3&$c{E
zZ$Kautg8KF0!x+|pLv9vwVAB-x%Fdv?)KK$_v=dsUHBQ*$QaK*`u%i$T=)BEaB-}?
zoKxL<>CZ!jKjqj%c7+bD0FN=I_c6|1ppqVnxZ??r>cZg=6ga{Uhf)AhItpc_L<%Q2
zKps&!jf})DKIS-z)^iMwgd$rd+*X&VLn;u)N%H}SJ2*a6KbD{>WMeB4-=s4E;ORBa
zO66!C3~NcztAcD{10gC>P`9Ovyfx^MuMj(y30VZGMpP@dYWaFV4p>$z;!TPk2GjC%
zZ9aNgwTuyPo=SxB3pyuWci}b-jn0m43ZJ^>lZLyzb7h>)*D6UVbYZFaESS;7KF9lW
zt3PCq|J)>ex|_U{;Wq!HUWm)uUC(g5`On6*zQF2%c7gGu-+H0`*#!apbOu(>bT}5E
z!#i8%3YRWv4P@&~H^FP?lDrz?O>&88yPbfxM~nGTzL9GqmFUB!ce`EKk3O2K(NmX9
zY~ek5!B!TXarEMd)Wu4dr5njQ4@ku{SJWwb7p^(3XR!WEX|G)&D%+~6voQo!2u0%?
zyFGMgwtC7;S%woM%Yi88k=2`CVwy)cyYF#rN6u&SJ7+G!_1D*6ohHtK{2V|)Iq7#L
zN{X64u~W^(n>gE2%}AIuy-P?c?0t?)$!1m|$DcO_T!vb_sJ%fhVQVjA4%K@hE-ckg
z*e183O`D^ARqpU#cr-R8HmwKfKKA$F!_3!eWYIw}$JoU_tO;?}t+d<>-;N(ER19Ys
z00he2QP)iBL<yI|{jIrCz+vfs$%@cQH3Mn$xQT)5uo=b*&O{0&17P8CkA_+5cBQXt
zv%=b>rE2@b#5J6c(`<V|2yg8Wl`!Ckbcrbo*AHEQQ*tXa-l5CP+M<ZSsbXnf8J_WZ
zc4^yod8pt_49hDHl5Ksl<A~t+njqy-NTfe+QfJjVjmjKt!+XQy<WxGQ%Bw^=>ahFJ
zYkhh40TB9DTEp6d)hgFXpS_jb@J=Vvgxm5IxlZ86@y2_bGt<_0#-Em0>3n-jZ`+;r
z$WFB*k{dPK<~4&M&9LrX_n&7sydv#E><P}VDxbg0kYHf`=7isHfxc^!de+>u92Po(
z7Spg;{x>@H)S1nvfPc>WR>4BDvp~GMMF;rjmPXZoyNVWTz`0jno%1AxivA|&)j`Yb
z)RO;7Xy;L!<KKFkutd7g*<Re211-OnT7F1s`hi~eufEFmwcYx8ZV;(3Ol0`aQ@p)B
z)<*i4{k^&J0hjFUfgYnHU!Vb<6m-Lfq&#4GmF=^N;GOXdeYPsMV)axxF7!tlK{E+e
zk{8~?8==ql>6p9cCVA}T^)*MR(QS5f^V%z(BsGf<wCX>L0Jr?PbIS0HYsm|0Xi-&o
z+M|yl93h=D8*$47Q(2M^{(dVt|7`9%8;DlJl6BPRZW*iczEZ-Q`x0l;UVUG;s7v~o
z5!S7?P&aO&g)yEV*zTc}@31l$lsmRJY-W8~N|BR)(7{V`$oN-Z9(vzjzAaFlB#N4Y
zo?DhX#fn(G+OQ-!Ny|RldE16$H0`-X^MvbUk$00{`+T1DS{S5QNI%Aorp1E%IAF5C
z`9j@2f>s$km=V@sLFy{l*3NjRT;Xm1UL`rD1T+~o+CGbuT85`(cKW-DW`|)FBu7fV
z*ZDu<r;p(KUA{?Q=4X=qjx8@-y_*ko00Lb5M!xcy!>UDImgD6?r@}sdLM#Y5$UK8_
z2t8!B{$d=OAXD6tXN|23NE>-fdcL-JouUwtDc)f31WeS{u|oL`a`savJOtQOSHZxM
z$UT!BJZqi)Da?RR#6sTX8dKHwXP0G2rfZg0*H48-ZTKR5W_9N}6UP^cJYkeS*(Hwy
zmW$WL_}aYYWEFWSshEC;g_KnvZnlm49=+Y0I9NIU%a6SAyXW~RQnUO%69rx8pV>hl
z!}JU}<+|;qkgN9!2|G&%z5mrK2gF{vZar?_D=<LF)+x#cfihPTY1o8s*q&Ql^H);I
z>!KwE9v**uL2c47zW<_`x1=lYAVYQn#X{)1d-={A@{>Kk6NU=gldyw~$thWDM!SHQ
zR61p^_X@*EKFWyV`_6}HUEQ)ck&t7ZLet>>ERCBBOV7#47wF#X921Tk4-P%u8LfS$
z8UnN`9L-Sv3*7ui0tR&mV^2oXopJVzch;3viE7x=aWktt2PWE3CxYS^(wJZYIbnWi
zfAj11jk}~`p}!Q}Im+lMm+=O`P9+aWG6I4JmLSHjoII%-W4H$Rk|<m6`)rBia|uqW
zpR3j-Sq#Fj)0D`)VWenKBsus$l0zICI{bE(SCrj2W`kILp8>c{g&t_~-if4Qm62)_
zkztEa^`BQ#*<tqWGV$3R<XuE*-yp>UockU6g4!`H`gn06_v`l2?WdjbqFqSqfjso&
zC7C~l+?t=?*be2_H-%oCn_ZP!EuRL$j&W`XtM8xs-AO;cUcDf|sFc*~O^g!RY9vmp
z#J+C73Btf*lk>F1vDtc}3#7Ocvz>`cGG&&%O-j)`D}>{jXfzl_<{~Cd7kdc>%`DcB
zLavr<OgC4V?C9*JUR^U7Q}vxu_IKdG*r~5o%{II<XsYy(YuAR_keqh{Y(M3dU6>8R
zkF%B9t1k)=Wwe9eAJz2!5;tw3shUp<S)NZ1FZDZ|W?hw`H@Nf{-<RW^JU<<fV6J@U
zOfCl6#V`PdMAh(b5prwi`nM2<GLTtSLe-c>pZ#DfGbpvu(XDdLIXDDT!bpO+lb$Sx
z(kF+(AtIcf&`QnB&6H6HyKXsN<yHnL{pK15{f|+y6o}x3S1PP}1W78tuw&gH{I6pS
z-jYN;`4`R@Q;2ym8ZN%)JhNpofJb$)c+RK3`SRxSO}+A=JhUuIXE;Y!^Z=x0D?Q4*
zF3kw6<~Jfah1V&<aGgQ^EgC9>GOZSc^%rq{-Rw$l?I03(i0{~S&6POo+yWr-#LupH
zpB(M!vjW7FCk^oDYOQnoe0TbliIA|=8QD{;hJkB$uNwrGDdt@<RtQ;VBsIrdUfj>l
z??K=8L>r)tOYJ8oCOnt!!PSQW4Zrjw^%argqzEFC0#z`iLMO<!Cy9XWD@Ba&t3V&X
z@?flB!qS5v7VB|f0zch@W8RJCLR49ewXzZ4ZSi^)o2trdAI59Suk1&zooR@SsTB7~
zW>OW=3Yk!R!>Al=OESQ*T=?@vHF_s9WTBFRYJ&iJ!fZh`S@>3VoLn0i+f`F~^yWP1
z+OZB@5KF#4p2-NqGqrof+5i<K8kQ*0ACL}_$W)2_V8dWp75$mF{d@)OIh3(N(5GP+
zJ+Z3OL*b-@6{Ej{17qz=D1Yy;ki|^eqmboS)H3-15Dx==#{wi_E>1d&5`yOK4qHYB
zK++=$-tofLQ6+ZcBOONA{X0k(Ko@QyZ;v8sbaI{w|1C_XS{C|zUNZPl!_z#cdOtFz
z;A!=qjQ8Eh7$d3ylJV){x!<>n&!a`gBV+WdTuXqUI6mQfV7r$N5IeFhxBM5xZI}V=
z-5qsT=hpzT#AD+dLzTEd&_zaL-s<(22i<%rAa`gLc%3cD{s&p^a9CME%zZlEdkmXJ
zS4^2sQ*l1M^MLi9ZfSACL`WTHRFwgnUU2Nks`Dp_bPySvuJ2E-zargVg8mMNX*=_*
zNTEdwkV?GI7(iufPt8WQ_a(&Owem_iLKt-WQv?dVD;#xL%z*-53Yf_j?<n8QPMsR7
z$P2vF6cNWm?rq>2hHxp=vTJ75(}kl+VP4-?nU+tiS6lPtw-1*0_E)CN+<k~z8k-Yw
zov8KpU~uJLAMpAeeVn*Cw_kgnzvhfG$&d^qpSrKG)Ga$45Mx<MRr!F8!+-q%f2kqa
zB<H~PY130Rj<4^~qwzgApVN}YZ*~+t(wydYYe8F=A3tK7NQe<%2vKTJxbyrXspBGE
zzsOVQ<*JpqSN)k*@Vv^U4ku#!AwjauPxnTP-<7Cxm?!xK=+TgxxsU6}B4ZXrGn%Uz
zQfLL&Ix23EYLW)^1(m))hEBX{pc%{<9mc$WpY8B?(e;0BIg?h9)f+oTPU<8Px~HK0
zPTVc~`ww0ywI8nEbD$<Qf4^Khg$~7p|JQAPL~+Pocs+?expZ(qwYIf1WtQy%<*#8O
z`JhtBF8mHsQlU@-seCbzJur90?I)^R*3-VbZUUuw1b9POw~B#cFrg5}G_xDZB0Vy0
z(SCY3#>C&gcE3s7Zlsv2dCt_$&<@If!D3MSfYb~F*_zf*K=F08P}Ci)N>(iwwk?C$
z+*x`;Ot{M?eXZ+`c6Cden<Rb$Ew!*}wX#j~ylM13UGpoqRq_SQTE8xiG=;O;UwP>T
z@0DJ(Ko#@W{%P<y2J%_euT9GuO!Z7T2p+{dUY+7|pT`*3&0C!l-jJG7rV4D4KY2Ob
zHtQ)_%Ok8-$0|ynZTw0|_^`<jixVmU3&rqd#p~~#Su52_05dJU;Iy^*8tBeqUCvs(
zvol8)gr^nQuXp1X;?qeP3_#BI`;34_aK-a!1yLazAalbaU&&AUP3Bf_w%!#LvFN;h
zP1G)d*|CLPr*!F6Cl{)=I+6$3%3S1o<Y_%#Spra8qYxc7FcE-`RA#W^t&VACC|4bM
zp>mgHmJT8GQ0)rGndPOtx>9;>t)b`5%yXS?l&^h#_GhBC3QeC#{`vW8T#FfxQ%uA=
z(F#j90v}EeSkE!3=7Tx9763Apuhg9!uNDLBKODu2PRa<m@#w8KV9RVk(hmqFL2i1f
z^tdFv^ZNAysX}KOLdsG&v*ZAjvMZ;yFE8$;s`TJ5HYph(Jm;t;O4wD+Dk9CWNiG0F
zV62840xpaKhB_vLc4si<hO77b_$Q#zR&)aG)QZw)8J-izr4or<Md!fcMYM{{VP!m3
zL?2R^)aK)O8K25~I)z^o^OlHe*-BeypUbC)yfK6^tucnIlZ({sxPKb}jM!DSE%4-A
zw%|!ls}(%UnhsYl@q>iGR6g+H^Y9&@gT~3_I(UIt4tp>UWc?hF&*l<I>~eM3gVfT6
zYS2r=8PNt-b!UvG0QvoMprj+Y&URE}a0O83;Bgq)O|+f9B*x~5<$`0%mx{p(ZwsIQ
zLmZPkU_~2waq9Gq=BB3_JCmQEd>lJ^R+lRXYynF>86g+W0&When{W6a3huH7hJRHR
zIv{v&%qe_fc*1>}O7dX2$mzQA?qYu%MK$1GoP3FXqHJ`XFHe5WO6lmB(*on~Vj!mu
z%Tr7LF8%&w>a%yv3UJX_SE4B5Adg($#dWd*LfR|$60^h*Fq!-gTtPbEeF(nJYn4gl
z);jYnXD?lUMqFl(xV?RU`cp0sqWxTwXFdjF)^7B(eVj5C+z2(zQme@#oSvl50j7k3
zOts{ejC5H=SJR@+VT<I7lOOZpe6qzI@uH*cKhe-1|4a(CsF5#R;@hzyoXjJU+Ie>R
zL>>%(aob58N(O(S1NclY!a}CLde)1(m0apo(_xa!z}ZqX9WFaT_ZYhEwOTQ!r;eey
zSGCUtg#WGb1x&o&9vH43QEh)xP1U4#5M@W;iiD9$6CQJkfX?${;4>Fz?+gMqqqSA{
z0GCQ$3NI_*HYvZrNv{sIK@$Bh+0Un&a-V7-L*lyNr#|BtyMV9EO-0q0>#y8ve-`)Y
zN_UrsdlND59u2pENVvB8r15uWlJqF@9l=-lBr|DaXAtcc8CQ5@_v>Mq?rqONN>=Y5
ziFp<mM144U>kbP?2dx!{uqi^7E~{h1N$#6Zu8CWHy1*y=JFm0%h|v0D-pO%GydMaj
zDt{S6w6NP-U9!pX2W>@8nXvfTR)ekOmmc2ik*BOR`xA<Za3u29-0z`;>(iW0JIxAy
zyQ4+Ai&94+!3nQpp!fklb!1o)b^thgmRJs(mzsZ~T}V9+Uh;*cD{%QY$3PQ#zt4qa
z#Lm9rF}rI85yfleEDiu=el2PW4S7Jni+%codS^uFF9GCKCXQNI&nE3+ip_AL-5ofE
zBY5y``qp<4fBR{GHLt{HZ+vhEn{Bu<Qlf>|x+hwP3A=!@C2Ser6Ml$mPy@yVi*9xN
zR0Ve=>dw3V{GvfUr_iNeAZu`akoWSTaKI}o0Qd6UCOkMdr%!8?32rOPw^)hkm|4d;
zA-eFGRM(mG3>=G(Fs_hwl1b<pjfVo2JiZiqF4|?e+G8u*pvH4mym*{C6z?LupM^Dc
zGEz5tTJ8Q^x6~$fbk<Mbp`HS>s6{0!In&HKKI_ya*+n&qUz2Yn&#W@DQB{eI#{Cw`
ztk<bzy*qqt;JLuD_vq@UAHu_P%CmofklO`jLOAS!ErA;I!S9GtV_L`}Z2=uTj}Gml
zRw^Z-qyA>_cSae5Y1k(nH*4CL5M9f~hq(HCPIKERW-|GE#>*e`m|wT4PCNlaUZu};
zjId4i*?r!I@LM=U`|f`u=85F@JFe^lJ3+-ox&HUHT-$v#*^txp?Td;qClkUKR5JZz
z!j#?4aM|jEjNkAF8R<}g9jA8w=9rfn0hy4SjXqgxRu5AC!gE!v!%h{ev{G)pZ?eW|
zA(Ju>P+RPl)zdZBIm}z;O_DriqfUTua#K}-h2f%iznrFaMlZ(jn_PGPV@~gArDqIF
z!wKjnw=YqsJ7yOjzKOb*Qy=!(;7VlJb@3jKI;H9zasmS)(xL6uLouo6Sq2D>6{3j^
zKhb*&AH?h$Llgmab@@Cj0hyv#p1~ix^NR~R7)=1fu!^_P%wff$H~J7vHeCR4$3wPE
zA_Ug1d5f>SI{49s!4&xI7%#T<I=L(lb?;7i*_U;xZR56ed1G<RF4Uf`JNV6crATP3
z(u=(jYhJf7UrS9y&6sCJUviIqNnS0Xb$qQ`k#$8z@nj_5=#`h2v|FZXVwzi3v_@A7
zt$pNeeD>49$U5(Bxi-0`xI^S*P%Ua@>*LU3c(Z8DSOH<{0IsuG)$Mn2Cn>?X=ZU1t
z<u2Xh+A+Pg*xQAXCAA?B_ZB*~$Ft5no%^$PW55f0-d@-v_crD3y@|b<x)bfS6j@Z8
zyC1^_fhxI8;-6t4?c=?K7{bY7q*{VQ!}-gG$i0P=I+SbrK4bs(i5d6a5E51q__AEY
zcBEW4%b=!G7x$81)RwTlu<AUc+FD1<cK39gG_81)CY_mQ9x{y}bpmj_!kn|;7|_eU
zhtD^nW?tDm@yUfahFZKd@`%h!eBQ*!a~CPH1;lg7525=qh1cF|o^AE~1pkA%*dmJb
zg-UAt!FllY0~TP`tyvF8aMt1*PpY*?U%s~WMbECiBO&Iwyh>y}l%}uI%ElO$&2*`H
zwPw$NA#mSoaOg{%I>M~Xv)&v2B)f@jAo{ZhT>$jiQ9<>|@d3tEo4r@pzSeSUuB(gI
z7za@cJ^|Qo@mPE3*ZjBswhW969m^v1>U%|&jcDh+6b2rNuYDVFpS1k`C{??#Rwj47
z47PD$h3p?H<CpGa42ZQ89V%Y_E=jEcGih7f>2&%W-yp-@e(5itzZTvtic8Wl%Gkv&
z#OBo<drBUzH^L&*tqSDYk$A0P;GUabeKJSz^Z0pMow4od!S>d;+hm0aA^>Nxe!eP9
zL-N;~n<^i_<0`u+Lkyl#1XQY~9qUnY9rqlhuRk69Bwx<4IpE$0xzWG9I<I&tqoK*Y
zD`#oUb17%_x{n`W@RqOKsQcQ?&!4g~gwseqtlvh&{6Wti>l*X+3ICftxA$3Sw?-0j
z7Tc|eP5{*-nSLQD)F9K|y&`7!ThFoh{xK4rODm+K^2ep+xXWV*TfH?1{y1Mc+`iJo
zd-PH~=K>%13%wZ;_1vDn8_k2neLBd#Q4XMv;;zfu#JJgGPhYc3kkc;Nj-2#wxX_vr
znXEGq=sQn=tTe>cbZbjrrBH9Ix+tf74m6$-zzO{Jm_>7mv*1W>ZKOEYiP+31_}Grn
z9_H-<U5xo4!Z7m&jz}f(NcL9L?#tZ^NNwepp>pJ<!1&(L_0x05UW84R%r+v}6Qw>0
zXH;d>(87)0lRwH>g`D2`b|)0Ip2@4~KWqO$IJwp)^s*js8uc}DJ?y!VX0qL5eNJ6=
z!VZY_V@^x%J{n4K!a79dSf9~WRh^D$F+ejTy=fMSUX(xe;bjj`{b3>@t>~Jn*2nxs
zQ1#;poU)a-#$`vD>o0hytNY+uRVec9Yj&crUkSh;5jvK3+?Xos>=O&IqyNEGt@$mB
z`~k<7rv~By_NS^UVR}#*=QZ#f58>Yl`Yiia8|HT%vac$+BGkLHt%#SsI%!&kR`0+W
zsk`{><el-YZwRnU8zQDKK0&_i=81b{bw?f2(MlhY>|CN0?pDEsQPFSw5%fcgi9fuY
zK}||k{?ok-TPuOExudUF)Wp1eC<$SQ4uz1AY3V($wc4eZW+(bK6V<~M6TuV8ZZ{=;
z7ZTOBeHQZF*HU)B9aObEsgp<!{Ks791;b+t4h(C9kmuKjVALpm+PAqVkfLi>@h#~R
zj&kRu18;dr!Hi`ij+!at%mb6`tGuU!U9wB57zMtr^khX%x$a5t4b{|#LyETH8A_3N
z_une~>^qlw`s~FP0W>D?9rAG|rd!k}GEGidIN&W|19nr?>bL`#3Wm+}B@CR5p+)Yq
zu@;9${LumAr|GA-?r(Rc&J7m3LP5pc2W34P{C!{(*+gA_nwH;<UdF`R6%v`2&@AlO
z1Ebu#&QzhFK++Rb83C`)k%OV>GPg{8s6&~A9qH3rvp*GZS@%R#)qZJ5i<Y$&ql_Ua
zqfozCifl^tI~jax^xjr+z!jMvhZ{Qdc)6MSG4KSj{y9SZP3_`34xj7jpA_g1!*IRX
zf>~C)#F@q$$oWlrJ{OuOda3J^8v2SChOP}n?liU#esrJ}8%uFq8Cq|!>guO3amT_h
zj#G9%9DIG+*aF3(dWGrE;ko8R2e)}4+s(Wt!us-a&>=)GYrHSrFX+!tIdbijuV@4f
z=Cjtd9^j4xUJ?e}O8LZO`j5wg>v>^kvZJNOwv+zI0-I+w-)7!9=VYU<1oxl=*!CEc
zjMj<V!xMkxpQWHdWPa|RIHBg^9)4%Jme<d_+Kq2wGT?-PePiPEBrl0{zxuueH@}bj
z+`%PY<gFQ9U_XbYo8s=nPW-Bq-*&AHX1$ui+-;eA;9I3oyA69}+Zyd1B7+`nJlHwe
zz-#9`cy;!euB?wHhv^i2IOO=`c>c#4uqE@+_gbRG^5OL{fiB}LbgsxOb@m>MWEr0u
zOWoYQzaQD6-lNO4?-I0qv{+JECxsxHP`yZDORGl!>lOArj)T7J-F9ouBvRmNZNE}N
zA)<{UtuBawh0*x>bD37Pa)?vK-hFk2F%Iw&3wH^{IyIdzD2GoZt`4;lZ6@(_gqvUZ
zVrCrf*3Ps&VvB3hUuf_12z$`=Us1==d6n;cE4-g&n2w3o9Fn8lW2`QiU`B#g>qRME
zGc6*!GNbkS-v&R;UJ5Gnpzb)Bf2F(={qeiS&dY<%N$tIqFPc|6q5UW%j@4My`)Gb^
zf(lBHY|6&WX{9WLt7XVe)+NCj#{=V)@H@QM`?eLC@El7yGPL6s078#_Z6q+<I8AxU
zxxV1|+0h=&k%7YGM_HcOwYCFn-tsZehXql>#GiNnG-dNG&VMeV71R+&|BhVts1P^k
zrNlX`0NOrm6qaU$YV=SmKTVP1F^(`|<o&4bpTzr4dA9b`+8ulNtbo_9jp%slCOa&8
zF5a7#aeul&dFHyzIVyX#LC>e4yRKtrO%Ra=fFQiNm(}`E)--$f-qYfi4)GyiRd3-x
zW*5F~5B%#lN0D!{uU^_L&W%tv!q`KU>9Ygij&;1eQA)-14~dmltBS!cV$aofS*nAM
z>E+UJZQ4hR9KCxfvf3StOyhJs+~tS}EJPXk9a?@tlvU=y78ivO&TI{h{9|pb)3Je#
z`grUu+pQdVH|Rw8#bln5bL52e#E<pA`h5LVYZ|-WkNZGP2g3n)p~m<ko@8G=G9VnR
zw~cwD7jIV8g&-zQ``Q1q=Cpg)-&xD}>X`~ao>xv8_P)Q&Wuoz=Oj0-?IgZk)J%)d^
zK*$1%nN~*7M6)Kz=0wJvh(3$(!gMA|R!wOhowiajjQn*8vTGfq^MF`)Whd4%^5AjB
z?K{o=-jQ+gj-Xt}&c?9g;Eyg}*e0=t12`jG8?$A0`rw%Fibw0XoL973!c@^X!>ve^
z!SiYQa3<kaTeaEf+WQoKz*+nL!h*BxcOg*H@K&nkjBop#Dd8L|KGg}?iLa%52>sf#
zUV*zW1xSGLp&r7`o?E%yFk~*#NVa8Ybqwp!$3D^aNm+;%=;h1uoOOWr<9D&`I!m@A
z#m`d<jyW2->ZQG}yratbJW;kx==H%_X*nraiA~IR)h4fNM!vtosp|Y7?bzi7R1o=O
zLDzLc=5XL^J=AZ)@8sxa7wb~RPT1nXpjc<^UA<FTtD+NL3u}+smTU9Y3kn9NkMvt)
zy1i)dyrutWYFHj7uPUT<Lbc#;@G+mltm?y=7A@SYpe%jitdE2YW-NWZW&w?JY=5_(
zSuG=9<y7RX*F{le(fNln)eug48eqSrxA%Ef@JhHZ`@;$tmzB{f^>Ixi17|Rh6}y@p
zEm4I6+>}sKA^E+4*vz%RIRCs8>~t7JKE~uDj6SV4mL+&I5;mO^UP@AAcjq|pJ+w(1
zz`{BAE_z-?a^q+P$9|2=yFb?Os}4g(T7o*hF^6i$#qRW=3;y(Ec*|84*}h!aE?$r{
zSc$R}&Q>AFGS>wYF!&L58Q|P;^dZpnpzgU|lmZHb1N_uT;Y=G0Sw!e$p~i{Q(;m=h
z47TUinS_Zq9U0v*)e1RY7Ew6r@k-lM*h;mkMNq-7vt&w0+6TPF+4Y^N^0e4i<*4i;
zy3VH@fmQfHuh`&bC9o3H)<#dQ@l>sGPwcI+N={5Zay=q!>HM>B`IBO|SV`q%?CzBd
zcknGdd5_2BCssRP9OkKP+pYcW331*C4t%%CGSnL$k|c#l9d9sf83B^ZkkD-h=Y!|1
zba?uU;fvf0X?qrXI^jhUS&)06RLnJ~X*>@qD;-W=>?}0?5vnQNm60?mie!L3yb$!!
zHyMp1Xhfzm35aO*I^@S43P)vx4bpruQl@B)i`PJgPLXx(C1%Mc;{7P5PQ=n=4`hI>
zy1z7#b8Rbb*u(k_nj&|~&;R|rjK$ehi{YOKa2I>$kUfLI@U6XTM?L}J-|eIaCLc)<
zI#w(H*=^gxN=`U=?bGYI9S&XGPPg1W)Lep+_ikHwJ>|fZ8OO?=X;{l!y>lo&P&tV)
zbJxFF4Q)Y)WG#0F<+o-P=Vo-_4?PUn2H7!dZ%7J|FTS9Gve85-Ic4U`emm^kvJz2O
zI5_7QR<c@V$!IMdN#m3`W$MOpZcu@wjfW2v9DJIbLjS&#F=iy|s|qq~>z}zZz#of|
z*D}GXd|aNoKjARHE+#T}f!Odh$bUDSsMPMgQQ~-oBq6$bMu_t^mH$hg`yA#EPR>@4
z;;e^q&Ug#Qv9zKx1ELYet6JziyFI?Cy}`Q1WA^`;2oiz8p_!z?;m#Lwgz?p%yy3dx
z=hTB4Qw=Fd2`)oB#G7;@DqK*0w<EW&%wHMK)zwKr|MS?0dd9SF5hbZ}+~Fg(7?bz*
z8jLL>Ua7s|JfUMFw@c=rotP+%mOoFIoC8#A5!E%3TT*@?X?}l8WXj*`Pv_qhrcTkW
z0|g7~KQ`bmtxOa!CW}~NGRN;x0GT1-Q!@TpwqTX(iWQ_QZ4{)~Hh}sHnXn;B7DP5Z
z04Q@gg+R|7B$mIa$sQF;x`MSwtIE|DkHkkENCEx)nt<sWqNeGbqf%y?%t`R|JvnlV
z7k9#xSoK3aQBAUY^WBZUM?0vh=}yU<=jjTJbu0`d>Ztwoc~g{BUbgF>NIOtgTv6vR
z$2~A_r-36s0UEi8Sl?Sw1af)v{p(Befa6~VBu}w<5DU{V(C6)~yVC-Qg_d@sfE>5`
z$f;Ip5-u&`sB#<SxFuDYN2I};!kDX+<=TndEYZ@ivp357@!@vpKS3E_wAg?Af=rOr
zhjC1)l^lCErqU2xjb!U5E)&r)hgVu|R&h42W9839KsDW^EM@2a-U~ny6!sP_qkaw)
znkmD7V%Hsjano*S2-qTqn_2yAfVxlw=$?xE>iu!GVBPx;N_UNbTeAo_&4+<=!G>rs
ztwPRJc<(z(F6TEce^is<r$XV?w}J1|`2cye57?k#uFM2upc?Jyo9i@rC2=T64ed?(
z*%OO4f%Re(5XR3A2C^+zUM+FABucvFRwdnL?>}OIB3e|XHXfEC0%n0awhC33bX|T1
zap-UGA<9vh>5(#fdnQ*@eSVUntLHILAjXwG-I?lyt3%^`c88l0HJ(2oQ0lBmxabY(
z0)fWuor+nCOuUfguj{*jx++tvUkBCJCNpi(qT^~CzrKyT`u^ie3!H=Xv?;VjhCb*q
zTN{6n05#RNpOj9xj@p)j>Q08=zyXXp87(j&mWmb~y=;9z5ewPxo9#-rADKvba9Z?T
z_5i4Iu(n8ai8=x_oT~+&9`2<|z-!3GAgXKT#3B!7hcBlvvIwfVr=K5R9<6l2FR8KP
z8k#{V)iBVUR>@n4suL2WKeIcx9Zl$7FRfJgLrC@^V5I?kA(~EyOKnH>+$t?fi1n7p
z54FIGwQAtfbyG2{7%=^vKnGJ|SjVX$9dZq7Mx;LmcJ}Xkp52*ChWr0k=B@cHv$r(Z
zwUe3ZZRW7uttfdj;3LGL<Y++G-eoVv7o1F)Xr<71?tX-^LisQ(qE-NbSO%_a0<oh+
z!W-lNk^@A-dO~ga=ny$k$h%&pEJ*PZh4yjz4U`U<RrLT92p_#BsEG<0D6>bSH2%UT
zgG$OV7O!RgGG+F$YxdPfV9rb~`~bvr1(^mik+>HC5kTf|1~3@BxsF#~dwoSUA9%4l
z^-)HNxa<8Rl=LwWNn{OU-Zw86Kktqdg65VQ(Q|`*!J}W<H~vw^nnz7vZ7+`%DX}O6
zNYcfZssSHyEJzLuXUXYzg3Evk3%1d6!RBtYa_0>J;nD_h^<{w1k|;z!Fawx=1(@Dl
zFTH23f7@dv4wwz;RRTm>(q-{CxiLjdKOQCOqXv0I@8}DvL#BFlNEER6lix`Bg;x;@
zeY+33+APhQ@X(O+l$kEJw45Cymk-=clACZK+_+JJ>Im1V0ES9-3*k?e?%LXAg5S|h
za$4+DlgGQF47HZ?NUDNLpc&kiwyax~mv4#!Hhkpm#TRFHmPWy&vUj=CKFql0aY!K~
zn;BTy?@$i8*DvI3osF5YMwVdNt%M&gfAK#JYpk(~$0_+pg8JdVcP;=n!ULFAx&oCO
zvvhKj;tDWXzX2}AahE~;0iXu7I8^#(28JX57M3zHlAbjCfg)zRss<#|kI2PSad4wZ
z8M^7D{8bRfc4Ot;6W&{}YoG!HY<!@$f7T3`B3!?7M3*OUOpeisez@unfNWFZ6*&DX
zYOn`|s%X|*g%ZL8hnQRpyD@!JfG#j#t86_3got(rbv%<bI@@+5iF2R;B5*|*nTE5>
z(w5cBl>r!Z1Zim{%?ayIwu+k+;LHJ}Waq<^=Nb;UFPl-icEPV}>W&HcczEAlMujj5
zwSi52{fq!V=WJ#@!V?;y`94a)sqYQY4DhjZD$`|FGfHrcNM6GOV8gQoinrZsRWtck
z3!%7~*XOT{VdDl=A3e8<W6CGi+!+@T>rK;y>BB9ZJHUgQH1A4U2_vo$lByKM`f10T
z8dgjXX2hosH0w4x`(@~(7pf!ceU_?$bZ+@~b*vI)mk#?KvTLBO0hy~eOdr8jod`tT
z_%O8qi`oSPpmc$fB;g`Z-1Mj8t`k>8rjxN%i)MfwlLT^03X_h7YBb{Ph6};M#XVcu
z$NJ(pqVNJ;@AIRC?NlQ@pDo_J<2y+DSgUxk=V_AtsEXOotVq{IMJG$EzjTkT`yFnq
z_7OLA==dJ{(O2y3KQ8RRnvi$@Hk4nu@-wEm_uL0y<VyuhK!+JWgf_2c_o=8{hTLNc
zHL&-9Ywrx#cJH>QRk-wV`8_JR#^zTUo7d>mu!UQo$T1((q74BVZ;iYIn8&)9^SH<(
zxh>DMawdEC?4;)-bRu$rIPX^e!Wr0WR^9cBfVu8(_kY(hs@e&d0Bp*}UE{sZ?hvhc
zy?0_Ql6^{RK(Ms)e7KY9)$i;Ju?K?v+^YOw-={ZFF)u(I>Sy7}kb5pfdd%|Va7PEj
z6Y*Y2CEzV6SMGE~-Fp?G(*FW7NtcAZp%EFYG&NlUMdHd4$DlyvxqRN@Oo*K)qfq8F
zn9SD1T?~TD4St=bmf|D)h)G6LVP$DM>OFvr^i}Hi#MW0SF{|{X2VhTzW5N<<2M7=`
z&_|$p_}A=L8?Rr%rML2b)bW)s;_zvmodk_bgqs6(5`T%<#EfDsI-m49S>4e+;wINe
z!=@IADom0efI*lkAA0je2}r<B(7y!gh*c#OGbY^AK7?Cbl3HX;dfj197_~q+@2d>V
zkQZ1LZX!S7Y!ELzfc&e|9L9Xp{Rr*TAF6~+(O~>Wr1l9t0#z8OVn7CNwtBlq8CIcC
zW;Z_e$p@5DIn`t3`n2y2R6zIv?Xe`MlGt10<rXcvZ}afmGl(92gX==iHwqj?J2F}C
z`8RqI*JbTJZ=AX`2*-MtV{syAkD18FU#=|~3`IHlze5;X>HVIkf%A4^Gm{pfCtxbf
z(Aw5K!`;#YPO5gv0dc5g5-?HMFjWshZl`mL?WEn+&i^8G9cOS+IFf79p^?f?y2?r=
zl79((9@HXp+Pwj>5klFYG+Yu^9|9sd;s6*n$5^$de|iYL!_#_3Dj$5X?C8fvWvL;f
z0Ztsu{eWz?;!%x!+H5^#<V62rQT7%v*oH~!$*&tYbqMDcKlSs5L?KhLtclURG-4Aa
z!=!A*RSImt69=lQT!!mG$km@sJ)E6p+f#o7i1A0ypkFp&$apI-!V4#VM?r0fy82jt
z!AJ_bp75BpY8*}=@?)0eCsm~4Z1Fcql>8ScgGTo_*!N;gkRYQRb(ax)qkpHBQoar9
z)Kj!1LuU@v)ePJQK)PHV-j9V?M0#QKL!%^#xCZx&PXj)mg=+?;hmOUwmOf(7dOhr`
zHx#0Jk*)X$4YO~aMtxw<mhu*U=*9|2=5ut4nvjCHu5}uG?XsAoTz=XI<4L-oiLN7-
zc2XvF_o~}hJyfYXsYD}rgLGdRzO&%iC!i>6$u$qqK>S68;?7%8i~puUQD9dVc`May
zQE>5{m9oiIIo+fB{VAuCJOC1&npzfa<ya5qVv=L)#X8MieV7CIb6<Y|)cQzHy}mN$
zmL^*|zmay6vhXD-gbb=mBVzz3>r|hpP>O)7XKLI*<rvsP<9g=fr?e`aE%%<AM6BJ}
z-hv@RaU<KH%Kn_&Be)qBdM`5g*=JQy4jU^Ni(xnK7oxQ+7i;g@id8{huPVAvbY`uM
z>35diDbGgbO{ju>Ns0i$NhUbKk2CH2Q8)!&6?BgZvs+_y#lCD0YDQ#v4e;fP+bZn|
zPdJNxX<w+2P))T0AI%ZgUX%5P<o|P>M~Wc?kd{sW*yoO@r>o!|tH=UlnKR$bmlga-
zcTB|%;jh_HVLz(3Lx)*$KCj5L!B!}hU*HthL?1!Ay(%aNq!Puqwl`jqY~RV?b3Q)Y
z=Xrbx@QmKZQ`K!GI~F5@)QIif)m49l#Y~wXZ7_x+!<c-{{VpO-CvMf?pS2matZ*K-
zE8(@cVVU=J49+gNKSqc?58*wk(`)%%GEZu!5=beLBA31RQi)#6^3sz@gmx*|V5&0J
zG#PAT1NN$kA@YE$ijOSgj`M&=)GliPY)(@7ZW?4trGi~jy<jgIQ?PqT#FA3vJKs(f
zDrvk1r!ekwZl=vce?wQ;H)9Ab5{boiYTraPEl%fOy{E$dc~v<_ufkEhGHI=CGM?N-
ze~Sp;sy<XuPBOIp7b>Ou-1EJ;r(o?>4yo*(jNJdem~S^=Krlah!)Fb*m2>d48ub2E
zY1kgk#)3e__P!d+-0$=I?8K05R{#d7jvW#{VJY(+k@R2=BOsI$7>PU=w|FkblT3Q<
zCB=oYu@t(`W<Gv1SB_+?<Kre-44R$}_Pz5})kIbhtWfuSVwSrO@D@d%f<EprlNc35
zBII%23n>3qrKQyuhZmqO-r?;fz7qW@Gv^oB6$m^0Jl|2p)7zuYeii3IrL?pKFv<U=
zA*gd`6NUo0Yp7B?Vn&Rb#Nti!<|a)p^l$d(#G3+xUR_jb7YlEgl~yNuFgF_i+jg2s
z>qPAx>~2cJyE=4q#`O`$>}qDql@%-C#&p{e{jx*K)#x8V^qSuOkMXm?Sa|Y0aAA(?
z{c*~6se`p?FCmO)tMX#5k*rhvK(v^82zIvk0s3OLZtb-siLd)hYXh%o@R$EkGxfZR
zr`)&K50)m4{6?pIe5I?2{#MK&=`vk9LvV8!)}xzq6wf%qgLTAuE^w0`Ui)%?n>YXX
zNC8W{h+|*YJ2WSO95`zVlBB&xh6+r^bLYFdn>h)GVAHT6p#8<pM@WsAS?yTqf+Qiy
zKu{LF47PT8vcG$dAC8%RNa7*f|9_O7by$^K*Y3B70s>M>NVjyTbSSN~ba!_zx?$1M
zASDJ$cc*lBcXxMl=GuF|@AsWI^qlMB5B4Q{#q&IK%rVEf@82MK0p~0m#OZMjN!s5j
z=XCL!C^nh`d!e1Zxg!Ei$u(QWZgUXUO!`1tF*kqB9Z38OWI0iEfmRf|(y$`JK5x$U
zsK;?Bj6I{c3vLD{HsQhL*3#-PZ(|PZ9TQK2gZOJfdN5k;wAYNVa#Tw$5?WxC>P+>;
z$$9WC^#l@i@`nMlCtrJkNJgcEg!lPb@GpWo;x-aoR<nfDhfEzQg-Yc-bxyE3Efq0?
zgY$@jC^#pMfj+zu2!7=t37!DuA`?3wi!5Dw)si3haEfc}ro-((e5nV6fWaCxCnEq5
z1#>c}MT}|1g=FmO04XV(<1~j_p<5*lbEqXufdwl%Ddwr0IBX8H%tY_H4lK6hMcISA
zW)~0WMD+n%>nq4?8CLDCJZcm9*n!vJbjpgqzAHmI%@VwvU1}ha%MXPd<pDtO!JXJs
zs=HXlPh!yvAhhp)0|Rl@Pk5X!AY{v=`*3T8SH;!EKYL{=6drj8P7k0z?F>_WIibPa
zA6H8!_?(=?IX^I8jF1$|>>F70A@nsc{L))k9rkw&Yoxh(E_5WGOV|D=P<aDRw%`n=
zsN8+Bx#3}73o2NXFrY;r?^!Z3MaUDH#a+=W1zFI&;)X%Uil#+?J6v6171TSn8U;?i
z_rI5P&+LQTXn0(#lmSWY)?{fmGRBDL@ftl2vb#)$3rLxge7g7DfwX@RhBCvEf?>xp
zyxw0qNCWYIG2qyBR@rZ0R*KGj%Mu41FPx)FhqRByayOYwCz-eM9V*}6J%uHqlHQqC
zpbb<8^7hf0xd2prp!l5QJ)7189$=d{S-o?BEwl}Co07$r5a1A+F$Wv|u4{iGt5P*k
z!|cE)PoxJh>wUJbGn+e1BB|jpqJVUD(za^2vDb2j@lU@Q5Y^_oT^uS_SnHgTOXr$p
z62J0Ht*44j(DeCb1^a_E{GdiqrkA8nvVe$!Y*z4odLU6S&&~rJb!|}Javbq{q>x{|
z%Z0N@)9nftkVF?Ku}y%=86KzTy(vJAu>k%5B84~orxCy{1J1ks{s}>sA@(1Zg9St%
zB;aU5(j9<b{lSm&Sr@afI11q~QShI;sJ2934lN9Rrh0dKvjfT)HVPkMGMwdPp)=TV
z2Zyijax*)R-#<6YhX5QGk(m`@Gf9eEPBzPc2v;o4V+AJUy|=pYJ#9D3)Trm90UFP~
z7fj;pxEMrz*|ZJnAtgXOG^t=nOK}6rv>MO}P_)6(rWFI+tm2tccB@%)&K-7JZ;gtm
zq<0bm-5TdDHYUFeLvgRU0;3f6zkkRDOO~-=_(XmK$1;mi9>Qs}D1<YvkgGa^TK|lX
z%0;6oiFRDB<#WJ$1&8#26a{fucQ`;Z1?2g6#^5`b0k!bd_C&G956EWb_bT_QjML0R
zSxKEN5Bs`ZJ(${W3I{>3BkMh@qPTq;414wf8M|WspysGIWZWGb^YZBYGwVzNwycQT
zA%8)4WSJGnh|BXxRDNcmu{dage##6V>Oyvgj?0KVZ#Hd<IAdkA0t2X*Xxa_thxec{
zjHK&3?D-{JEZ{E_{j$~Y0hR+P1pQbQtnD`-%g)-xXV&(*+78q`X>t>J9ISc}8_uOE
z*)((+_s;WHz31ddu+$vvbS@zApzv8Io90kKF3jfzOeP7v1Mel9;#$puc46AGYGlW@
z2X@w%kE9je=c$%<I^d)dzfioptpMeD`XaTXAmHa>I^?Xu+{sNhbZ|Sqp`Nljf96~Z
z%o>^@cD%p5QNC~+InBe?-%Vc_^@h5(`94IoRS1K1>Y93iD}IR0Wbi9}Ti_bKy!MY^
z0sik9kB9rS>Q=t;dzv2~0`e5wjSxGkQMG;tCOi8#TFfs=0a^;y8*8})K(KqVGeq5`
zvtZO8E_9Z;FVpvRK@$P!ra`5x7-XH}sOi~RG77mw4#To4muQ~-GSytWFagUpT;IO4
zhlWDNBl@R?pc*k}JC(mj%@hafjG@H5Yb_~usK5F~e|V?B1NnMh2D8+WP!?ISQD3U1
zlt>R6o+XGI4zV$?QV{ZKhD0LftOY0&JFS_mD=WN%1+bklAR7_|lrIbLP=q8$|ERA$
zo$Mm~P9jgLb-X4<ElcN7F#=FtbG*KAW1w&=6n^+-4oKCfYoY{aU73oc>7J1(?bK>t
z0oCX9^+#~;z@oAhTro9P<yX%U=m(|TDvy_at1zYc+(Vr_xS@4NK;5d4goR^wprp^>
zWO?cbS{P>ofvwlmpmtxbF_OlmWoH72Y!Pu&9(tPeg7^wSiKcXzF(Z!BC;Gj=sL{f5
zN6ptd$~nXeGc?Qq;3<2ULdCHJB|*o>f&cJm5MT|s*~dPwcFGqxfkH*aruYMWP*%22
z*9TQMKnQ_VwYN$kGDtrvalth+y8_`u!cK^GKbgxRE9?<m4d84voupeIeT|lSH=ZUi
zvN80%`VTu$7-M{b;>ia-vL4@C5T$2$B5(2RC40OxD|ukGey}aPK)vB|IW|@j&I)b;
zb=4_g+1yH%YuYfaPZfMv6`li>TObSCpk;b$NIRS>_dQ$#RN{BJE_dx`OH78gw+@yp
zS`Jqj)d^U1{jwjPoPF7o8<QK!NPgM(Eg%}kc60|N+TKiX@Qz#~1j;-7Q>D2Mn6f4G
z3Fa2iqj<bZ1H?P>loj7tu+vmk_w%GZN_?ennUkhmuKN7-ERh+))UQ_hJ^1%nh;2-&
z5x27Y8N@y08}X`220B1iMW14)8<6(;=-sBKn}H4_EwA2sK>(I_Ab)JUD#<&NcLw>4
zyPW6bYBs@*BSZ04U!TTCU(oG#xhT`qI@;tMP}MqSJaY!=z^+Fy4ik}`=kYXnkmTmV
zvV_5=W>9#kRst!EMO)21j?FA&{9!7skYei51vw+w;;ENBE9a;P7Z~5aPN>`&J0mvB
z+~b=5+eQ^I_DVfJAZEn%o2lkZy~h*%%WrAO!)a^z;?NDsUt4-jFcA@0`Nol$iji4{
z?D6e=U%!J}I8!3@`-dki^&PY$If2IAA=&R&DV@F)3Aj9lyNnxn-pz28iCA{u-$_Vr
z{;GThdxkYY%ASb;P6@TgP3-~kbV_;lcBB~|2E9TgXRyyv>;FHWgVJzdz3m4$6&_Rl
z+W(G7K|1eCkh18Tvd=neUF6}>Akh<)*i3Hy9Ig^uhB9NdS>oFch$8Q(lYeb3+~@a}
z7wiVXKpEWr+c69?#BDfOgSqRUj=9u#lvH-QyFN^*;{RQM06Kj^@CjHiA|GEp3VyA+
z)=d8#t;hYBe}AC>^UdA5fzCFb6^9BqByO=+8O<o2-<<3f;2{2g7};ckRJ`hWEP2U5
zPsh*a>92yT_89WH>C2g*(J!7qnx{|ZFr3h}U?;^N`)kTu9!YV9qaa9I^$`8)H9j?f
zmbQv^9j)a{Z(tNevL5&U)nl_<3Ogn`{N2IV^dwhj!h>DmqyKFX#B={O!uv22ywk;T
z$U<2Z==i;$VSM~cl>sZ=eD;9-)4z_Ui7K8heJQWcZxp2e$y<;MO03@VE&k=X$c+?S
z&${zx6+!BcmNPJmtr_!sHhz6lG{MH@vj4F)5SU1R7a~gXL22(NXx|h=uKEVLfQqnk
zX^|lijd=I;`(d_>%wQ#NEEeZ4oBFRw%KkbQpfz>0I_jC-q61k#)t7(XEIB->GUMA%
z^Nhcab`&xh5_lx&<KN);pvUYOe*-OUIp&n4;!&uR<Y>Zwy$=By1`h_f?9vI9i2q%_
z53uboyesY2R<~b=3y=uH6=qR4O<h-MZL(cgfd?zPRzaX!zlDS7SLKZMPp^TB;Kew%
z2Kk3tFErAd$b~)+UTSf|FKM75bDn2gqt7uxAZJ7JtB(QW8!Y>S2gW(Q`_-?mj5om}
zw`zU&#}UiS@T}zX03SV8O-p<8U3(?}&ICmzw`xTT+5NEXR>42>sMEwK3e;mLesU1}
z>I=Zc39NJghp(dL@{11RpD*D}0RTDC@JrUeT5YfzQhUxH02$-HLHN6Oj)Jj%FhiSu
z^<2YVgQOU+<`V&6>zD8B&4W2!Vx!loq*}J_G*x3F*LYNJK5M>r>@k|*_JV4`X0p;`
zDIg_$qRJxVrqKFUYD&*SY*n?emuY<}82cDu{`S|O0~7iBtkQGBieI|)6vweJqm3wS
zW&XrWNiDzHssz|DCwuy8k`1)poPV0PUC(A3pWfh~3UDxkITaPlbSb%)g3WSHZxPnk
zF%+4!Ol$Y*Te3!T^ps}rjHm6&9*{2gVbvq$1S@|b51+WG*qPe7QPL_g!D^i<18zs_
z1v16D!CA-A5%x*G(#^?+wbTNw?~;X#PJH@TyJOmGM}lfawTjj`KD~+jQYAN!O$=Ma
zV-Qm`_LV@p{Ctj78upa^*CRc}6XjZ6e~X!-7CyY=3>EYe|0yW@<-{rp;&h45TIbJw
zn+qHFt29s5JJG#jEh<SwxOUaijG;<LWAwp1wbDUN&(DF9cMH`7GmaCFVz<3AdUl{#
zQk??_2ahk8>+`1~mg<WRU6l$Izo$H%7RRSk$q2ovbV%a<=DdZK>+vN+u~MW5qCrvW
zJ}^DOcK*$C%4cFInk%1#KmrJ$&f_Y6%@sj~OJd6@w;@I?{W9rfUz-Vc@cmN}a}~pl
zyLS&FTtjSEoNA)&N{(}qqhgi0v(tEY<{ZLQXLTRHJNN8pj;fAigo$2k_TJX1S^KaS
zl~e)c(b{;c!<IUSa{WQN3M0$X71HUJv|P?0-^k7<YzB>3W8c=E9HEZE-HHdrMw6i(
zb1ED2Ts`5uKZAElmEw+W0{al|+U)a1Q`|nLSf2`e6cf&*>&a-iM7#IjQ7UPGG*qkZ
zZq#(xOglD9-mYz<M)=61*cZ*rMEDU-Dd<giW(oO+92wpc$U|=RzjekHKm7UP37sa7
zEowch>!iL~y<^zU+*kje1lA6Vy2V+~NlljUT>0FpSA1EePtkTlj25oOY;CkT-3QC_
zijMl(s8uru4J>vxW7+HuwZ@WoPY|5YP99r6xkznX!)bO9==M3!wdwosj|Wh$M8UZ}
zXbOvat}rQr=H8}Swx#XwyP(Gp*)d?hHa+1wF&~)b%xmK>w<wJ#s_4nZp-~-14Y^!F
z*qgNIJ3(%2UOe?k!||ykXP-=)y3JyoCX#myzk?)bxVSoHPt5;;KY5nFApa_6^K{2^
zvUwm)<!IDmC#F}af-kUca*8Sfe`nO8yUnT|o1lD#v3BWAwu-0c)%M*i;wAp>t~f$w
z)xqba-J&XlSGH?@o+eQBlYxvO=Y^g(l==!&`8s+@uN;bU)vLyL@CU!gzvAB&;$B(o
znpv~rzw$ioh1U!zyjdz|Qxg+=rz$M(s8aNV!7=~Um1>lG$0^yw*m6&uzmO0HZF&z8
z6Xm0)v2256evNnhbK+ypYu(PHLmSC*H+g-|z1=VD`rPM^Qe0P^Q!jcPGz4?4lGw*t
z<)<n{wB4I5k^&#&sOxN9&AQ7aa2<sBxUi2KFIgLs4R5!5_xU>o)(~t8UCr3X^9qDb
zIyCwa*P-pzT<RL1<UiI4d*tu?*#jM^9b!6aRb-+3ee+Tlclwx~El;6qlFDrdhq%^?
zXa417?7fAeE7!o=vspYt$(z<rxARu?BqCgvSyJ6v+619)g@xy)#6qv(fAd3v0Edt=
z&B8NvG|IfWa=VHl=Fz%yI^I@8<8Ie1Y0GA*Se}ZMl2*%3TZ8HR(u2zdGVXA9zebs3
zJw{4r3ft9>W~t2|XLk<+$;av=bYc_wSm#bp3dPTua(at5J_U=9_-L1(%#Z?TuokLy
zn#5l6Y!sO_x!{}QYC`rckrBjOkUg(|!gs5lJoCe1s%5(-w3s`JDsBw4LXo1;?Y;7F
zRCb+l$W41dsKzE|7jj9Z+ndVw%Dhatc6l>&udSAQ5MJWarrpFSFwAW9QHbYFWk1_q
z4Oauagx^?nwIgz5C+;cV@p^l<y}<I$rRllx`IgR<*tq%7Ld@_5ZE?YVYnI{^v-R{Q
zy9stsDw+`7{#0cAHuXYDwk66Qnmgrun9H=klF(-hyE*;X1nf9Zr67$#DX16XZ-2g$
zdG(jRU1oqjKOg*Z_7O)f=`l4}D%Eek6d3=!X68FgP`7H@Ec3WUvwPH;E9bzA#ZRY@
zLr^wpNv$R&rht;)>hKx8#P4kifxps>b@Vfx4PwvnDl4k+2)~Z{Mn{G-mPo9He8Uu%
zvT)BiDO{_gEu}dQH&$C^TzsT2X8CHbB+`xz-XxxfI{S(^d@XwPlx}j7KfW|2OQOm^
zOE_JPMPOJpVfqIu5A_UH*xk#}XU9Iy;fvm#9@-FH&FQ5#$X05F?^l=^F}?QcD&!JQ
zN8r_n@8ZM!<6GpO+`}@%^`CCRW>VE3Qn*OtVNqK7lI@Ol4+H(zKi=@(zS6r-T;^;g
z&u^<ubjr&Rgf)H4aA@CfOkCZ%%PPP0)FesH2@K2qAVP0{uaE9Re>h2J{YC8#gTSJe
z=PlmT3(@5yUWZ_Y{AbQ48AWM0z2z;-UC9?cUwz2@swEAenIWE14C^->W&svOvOS)*
z4jGetGpvV_x}}@!5-R!~d-YR?DXOIm=*+bwsX5TJnptA5=Z7)dIKW<$?B8|5Dp6br
zjX$~2hp1}R(MnP3<^_u?Tv5Q0k^JTdXn(qQ9QNxQYxdUs+;0^);wh49xX&rEn5T$6
zO~*~<$`&H#JdvGJJw-lF1~U?2tOQY<t@=C7TIpzB%{dt*98Y{#ERgz=YtCgd?b#C@
z&A#kxKUE+inKWZEcf;`gE0Z*PZuv=BoF3*vj9a{=IN4rT{uee{g**a8ByRpkav=<1
zw$7`%BUx6ML7{UZ4sMwKelxZ0RH#XoIEL=rEr-T=cq>RVwpS@3F*-jPEgmE8ClD7(
zsj^{r9A;0s1|?)qVT|1d|L)1oIfZYZN$AbWsf^1dOWuxoZoY}oq$#QNa^<j|Ou84e
zGXf@tG6Fi%+%fmF?6YTn*gT1I;O+9hus-V|k1UJ|@~`vgTIHTBBd&e*Qa(?e^5vvu
z8?(_S`$8Xod_am?>5=Y(p)%RJ4kQrhQqztM`yQc|Szu!e&nA;U<iP<dm;8dcg-9`c
zXYV|%+A3#XDI$Kh&AxMHhEBB$;Svq5DHcpwY7bT_l$|SxGWyEQbj9iF!kLx_lG@&M
zBb$oZj)TDW-SR+$ygH6!&-vZ{1)nYk>J_N>O(SvrjbY^*I{6>y<7h&YDF@>c%52y{
zi!^hi&`bX?XFF(6&nvb$GIM#o;ur&^GXKt?$|6FR6Q$q9*w^riB;JJNdtE1AcoM*P
zfG3wHRpi%2^mmJMED;?NJ$nxQ7;*QHg4FU+_fXv_bBbs0Y~L#8$j~I;?%@l}w5lbQ
zukD3+(jiW$7QPogn&+t*s+67Wu4h<V)?-(H`jG!dIY!P_x0CANd>c0?2*iQsp?G}5
zm)sS7dOB~HZ7QuOw0B2$(Wk<vQ>M0S)XsOtv>IPH&0)@Z-i#FJgh|Scb~L)Ev4_<t
zL_py?T1F#qh}ZFM@ts}s3R~~KmS$}!Art1;jtK0YR<D&kzusBiABwPR`u-&_DR8wR
z(AA%F=zBnGB>L3hCr=eMBE@+23FYRgqA<B@vvK<?8TX-{#+be~|9fb&SQ(PnWWt%T
zb_35MFR%ECXWmZ-0yc?1Q26>KS=Mn5=P6{%bTtK{p~2u0<8DViO+Y53Y@9Ot+i(kg
z?M#gxuazKOhrR(>U|5%1#i3V5_sBYpaMDoOTLL#1P2sa!;+FhP8e*bZT6;F9(`k2s
z$qqyCa;U_px9IA0;+%h8txF)SS>8q8CUhdg&d~px_$^}6h{cC#ij}K5&#PAwxJMq4
zr3=2eK&*TrKk-9Fmsx3BjoZT^pC4Kdf_WE|Yd6f?B+4#?H2Bi=$?Qgs%2mf_GR0Dx
z>Zw7C53J;ho+~GL1i0rD6bj-pAccT{u&IaQ+B4A2@7WAzIGS-M0a-I}pAIazZN$^@
zMP-B5nA43Tv&1`RFm6*#(I@hzD>+YEMba^(IPZHSG@`Ok%NTEY+*}G<{`3scA}d!<
z{QbTJeZ7J8qs+!dy2ZRUQ>O6!xcyNTO$aJvJ++<NuD0O7FiDh?nxE~SUG${GEwy%$
z0)?eTjml2U)OWRt(a9}U&F+lq9q`bd6s$B;5U)_l@}?GJvP3EIDJJjd;E!}Od^MAz
zw_T^ds>@PI3`%%>2nc4V(cdMI!k)2}2!kfTqYxaX(~$>5pis{dO3cqkuU^4C47v;i
zpqZHt8e3(zK=_6{@<q9|2Jq?dfF_z4D4cLM$L>UDT9@oVwOI#f&KCd|1r^|m#K(b}
z7I{+>h;bk*u}Y1A)+Yc&kOECVnC5^&)ELard6NihW`qK&oBSfcvb@aMkcN8_gSZg!
z{4M>Cj3^+4nWJ8Trt8-NpkeX{ZIg%1Q-Hiq-VLTky|kL;*)AE9dT<q)7Y6ttgQuB5
z>R#pvTAG&Qpx@aDx^3uygXVzc3ji5w1wCw2%`RV5ezy_c!+7oq4~yM(P#!8zt?O*(
zg^{c|W&-zKO3G2$8cwu5Na{!+`x+OpBPh>MY77J$$`0Nz^jvn*CvO9k`xDdA9K6-;
zM7<%<yl!f)0791+@>%j7JS<}&^5>xUAE46|paM~GqG`#k0tn0n&?J1NXzq*NVcR_;
z$ppIT1wb_unDpgCDKJGmUk(pmcLHKz)eE3^_7j%nG1@dzb5h$G`W}(%2@2j#+<P^0
z1<C%fF%?1SirN$PK!U@l4kUJE*FMOM1>cT|@0|iYau{a6;^Si^!T#o{V_;xF0geE-
z_F<8;-I=E4j%dkkq31KkU&17sDVG`DTV}9v>?TRz^Cf;4KR=lxRVcn;0!zF9B~NIM
zbe9^(#8b)rzWTU_whEmB&#mYem(J3bmPmD-&!p*9(8#ys)Ud)%V)>Hkxr;_s%@V1}
z$mS|+mKuRPp(p78+)ZR48qI*>X$GQ_?X?G>K1(nbO_iv@G7?FRK5+X8G?$3Lx_|_m
zcmP?B6qUFZYUTm+vLs(m+Yd?Z`1FHHlGhmdDd-s|cm<tNz>#Yv0p-!F2+7gD1ePZF
zZtxIvAKKa8dvojtWd0%0gqS{k7>`clYaVE)7MzT#si`3*R+jwK&XoNkG7j8*g2jeC
zjgss$`im=|t!pBIu5-{I6ZE^i7~0VJ`Ze6@U3ir8b%cMP!hT}W$5dberD`SR0%Gcy
z<`oM8>A*+fUsVkDO|=RYKT&}~vQ?d8a*QF=H^YM600=Q#me5~_I~xRK^ESA=F7_nH
z^cM4#L9)cK{*f|NxrX1Q4{)e%@_VApj{$V4sG!&{s%48+i`<PKfNdgPkE_?PjDfjO
zAI$J!$VC5d26yG-y2x1iOkj2H168R?TBbDBZ?dPq(knV{Z`Qt`O5nB#1cnUiP+XQq
z<x~K|5KdThc>6=X2Ag-7-k)dN%+`1L(EC0@z`gqqm08egHx1e)gGg;Niky#DCv<Jq
zTK&ZZ7FNvwdOzO34>W14ApqVk`J@)O+68PTD*#-x5e!=}aTeICTq8neaRmVOCz#qt
zJ87LEzrEt%4_-Ty$gGl4p-b_e3^P0Js$(r8-hC`-BXaGAm*~5I;*gVR=ZUN<)ld^d
z=I<fXxdI_WAefLbu?l$!<}|$s1&&i5P8HmUBQ+q)pc56F3Mb^AbSv{*&Xq6{C3d%;
z_eXfn$>0opMxDWHLl1T7H4`8)je*H2kYG$MrQcr3f<w&lZ>?N(R%;_i3O=vZ>GT2@
z_uTp7X$&BestNpYwxqh44^M*W^2DaDfb4jji-#1c_7bF3-x-ojA0XLa+|&VLDD!F)
zS`)Cl$jQK*NGLD|<oZ~Cn*T?Q0&VY=c6;d_Fwu(qcxQ^e28gP?JxE@9JRR|cz?KX4
za1#nA`@}BrdORi;*+IW`ygom8U=V;tOa$gmeeVZ-HW>hhRO|Kb`i`2P<9T<x>QD)m
z47|X+E}wEuXvW{UwoEFL8vxUI_r2i5LE6&P4C}LO?2M0#%)hE!OGO5f8fOyfGr*NH
zsw@%DzKOC7bX#1$zjj6B+@tiBB^6f*Xl9JZ0sCl(trS>px|pQ+4zlyAXe}z;6pyzj
zUchjo3!u&XILW-|Enm{4^9S+zqpX*-ZonF&vg>g86NtLmcUIlX-GP!ppy@fnO`=h1
zVwt+Lav@o`hVwYn$(#QaxIR7i23Ht+M{$7?!f2}p#b-$f^ypD2F#|dtTvmOt3Wi5-
zL)xM1XF!pzrU66+Xw%~h893<%l^a6ilQ0qOXf!dFv@8$RLF%$Fp_)Z$Y;MGz;IfeX
z@~U3GW^E3^1zlyjKWsi`4G7^2FyYGCa?>_|mjy*8PQLb%oCHyqz)+a;P0GC;7!#*M
z*M;fN<tNh#-+sVjyDSD^BhyY?)qq#FtrHK1wQ;Ef0rEz0?qJtN4Mo%+Y0)bR%{)LN
zvU7w@dXS(OuCmak2mBSMwaxf2CQuU?D5+?Q5gpjU(fds&*_B5~5qz*vvQ;1Gi^@R^
zMe%pdZot>n2;!&Z9RAT$7P}p%I+PCfz635XERQuffoHyrWwF}S8HYuwxv(of``^~x
zYZLSYK6e+BmtWX~NEq&or7b>K>~fp^9&_ZJk-56$u)?ZkNM;Cl2CSzM=$V#&2`d}c
z0u3-PaZc%|YF%eW1mC4``dN)Lc;1lX2!Z7QyD_!~_%$lO1%*7I`;rLcKSP@IOCnRi
zX@=Q8vQY-x`GM{$FjMaPWKSm0jGkwa4S~62tkzADN}$!;bAK2asJCeLKN8G@s^^<3
z98DiPBu<Js*d-;+LD;PCC%6ZnjcpCf|M^UOIz|e`XJ_1}j2;8lB!b7l=|+|^e-tXS
zHXcPO9-K4gb12wAY)bZC&;(cSp`afOfy;p6VN#OK_8;ptojCX2FLVffqDQJg+;E51
zpIxYD#4N0s5Y^VHXBbfFt`1h}<26?;sseYNq`ZV>-_VBBv`yd)J;m2?pcp_|1p;j4
zAJ1pwAr`B;kl?Cv<E+E5&oUaB^l5D4M0?%<u=_phUDsdl-FeR&rbK8|wRMk}Vkn=+
z^vu4nm6!)lKZ|rbcxLkCUEYex=72N^lUdxq;u*$&IrBfyhgYP<uoHeQgxHK6kR0z9
zNoh})ng)^R{QEm<J0pIm4y)+|L)CQOyn>i!xNbsa)|TB<Ic#(j*sW4|b8H*#A;8z1
zXdqG^UjUr&cJU*tT3Fym!lFu;7d}4$30T=D2A)&VuxC#Z-$=D9^6j<nNJy>e%iq8B
z!<h#up8!ZW>FsHqQvj-V%o@z=#2J3u>;v04+NDMhyas?JkpM9=wPzh+VP+yc(EkTr
z?14V^m9TO@_<kz*eofQh5P}@s#yJdlvjU|}Vbigq1U7y)+G(J@Z%DQbZmsqe;U4t~
zR%>*XcAp2<XdJ<q<?>=Gr=8(A$0K$vZd2-6OSaqLH_h-hmd?h(d=2~~(J_9c-|k=|
zC^GP<5r5!b5N3;D5EKB9<D9?{)_Wo%ptXI(y;BmMyF|R53bsNS;AJfUNvyKU<_u7)
z31o<2`c-@G)t=GYGoD~_joCeSNl6mEs&|s_1J=AJu$dEAvqE2kfh<I|*D4&(0^{A&
z@Z}?kNsz(nUhv@+FC!SK!B2g)*~X>w<IDv{Iam_H5D2N6CicA6S%X`<-xgc<^~Gl!
z^xfD?++q;ot*Sn^(i0-jA@)uG^hF2+3#?t4`sk}`rTmck74HkKRzdQIAjBa9XcYTn
zKlbpnrQx(KTs?_eknOBeO4Z5qW}aWnyMN<-PdqQ#t86gmMi0Tum}n(4u;pyy5bfaZ
z0@HJn3%+aQxhm(ih1*5jg|Q%#_r4nBIWHZe9pe8_8MSw8aKp2Ku*^HPOqUus?yeq<
zL)CvgT%Ri7d%-IAQuY$_dEL79$aw>b=mk`KHdIf@m`Ry|gmdVSwKzQKoKg2+mO=BO
z&Kl5omtFTlzaqxkkoOg@#eXGOiEh2mv+Q$P;~w*q`{iwHgVl90iZ?R3JlDk`y7E#h
zA54*`1JZ|3CdQYZAb)-c|FdG?;R!h{2G>);ZJ0Ii&+`G3sX#M`)9NHYxDXmM$^W3b
z3fB&l!DjCyOVD1vBZqgRt-cMw7sxgsi(hMo8DSV+7L<#7?3iEoac$+0xoZ=k5cAcD
z6(gFLi&R$2O#lQIp(8kL^p~2Af$W_435`z!Y`0RYv)_1+b%dUYafi-b2r@uF*qGqe
z=(|C}q$JC#j%MlnXoOmh(fx3ISyJ?xr8ch<#B-=@9dFmT=WH8lYcjhfNQ@bA(dt5J
zbf3Amtl!ryUE?VCAK)jJ<Kg(ja~s&x%GFm+sSYCSboA|0s|@tsaKbCL8ryo-J{~0a
z+L_XO>2?{mpWF#4_;~~|#MeWNO_n=w+t)O@cH6hvxvoKxi@Q+XU#SdjQSW2fBiB8J
zk>MrxU;hMIZ{krQIcf`*>}Jr{$RWNlG1?A`6U~3!V&D0^zAh&}>cByR94+34ODC=^
zs0@z$85*10m~Q?N8e4du5};SKHHWx9<}=`%c(_M5{{H3#947NC^uL17yWl@Gou+x#
z?&0;#ga%@yh9f?**%PtC%71ytLC&`*>Gbmf&N!`K&sUN_h~TmpIK%St9QO;Z3XAFV
zm3CY+R&VQSx*-xFzJuB!;<(|7*f*ocAZGXCAi+~l)&W0ukKACrpYqT3IZ(eahNDV#
zSvJhjSe+2v6f=TJvXBzoXx^ZFWjaQB{I;5OlN|g-V2SsK0iY$`(uyGB4MzL{6#yPQ
z<Ua=_iPn6XgV>XX^8z@U_w=9}23h^LKr_lVwv$HOd&~TH7t%j)oXd2jg~(Ldx>||R
zc*F7L7+}n~BYOXOWV4P-Ct$y{Zh5K%U-OQohR(S!gqQ(RPo~}YfiL<hscJkQBzi+U
z+lvm3{x*WOp{4ddxNyXatV?kB^0n-9(8qP!$Aj_tGr;^-43PB7<CBNtpjcId$w~p>
zr1?ygKaa0<(P17h@Og-F7;Yd7-#%CK{;eM2RZHdTJM>kSn)|%$8vvwl3AYN;Ok!Ld
zsKWO&kE(;h#;)6gm4t&(QlG{hpih^eVO?$Xu|xRzln+p6OYM@5yzJO<x=QDU{f%hQ
zP?_0oc(gfZCzbj1LOrky;LC6{>?1AuE<U&wcs&J_&w`XGG%(y$Lup*8*F8fyPmg8J
z4&`3-f%h6qYC|Ovcb?Av&k7jbmyWF!7tJQ$l<t$~e=O_LJ@p>pOWuCxP%`}2K_0}J
zKT<sq5uh)>r#OBLqTX%*3&Dy^($<Iz*v^axWJL*|f*BM>>DovK?Wi8?H7_v2rqNx%
zL&A#ewAlp;QkA4!wK)FLZ7-g%JpEI_+b;A{0I~4}svxdFx2@oF>!0^+1|HDYT#ZW$
zHQBE=($3nzz>H7zTzR-L@MesCr-#QioMsdX>c=!)bDb|qJHg28?+y47w$LX~KTE`N
zNcdvq`m8&|U~#66k6ahCGj2a&7@s}-DH&oqcd-iF?KW}%G$<jgU~M)fbF-E1^po%7
zB0b+Tid4X=5<G9&Up7$J-oBr1xe&s!vcPU(aE!)+5XltHQpX$~7APcqObFD!&ikb5
zkBBqH|G@%i?Ya8N%Hwe`FKjJx?I`F*{*pz9H+t2FtV>5ySv7piPL_YaWQ9Wq(GTXC
z>=}AYYEBc_wgzeugaB7ywuSqB_XN>M0Gm9kiu9bcPPVm{W1-BMLe~i@v|F*#=+mDI
znO~IctPqrM<zUwdfFyU=?yx)9@6FcAC?I}993{YNRpQe_k)8o(k*3Y2qr^apd8B*@
zhi)(Rq>U?p=L!Icy+s<QVlp@1!=kVjw>}p5tMde-oMo47b!`hUc-)_6^?Hr+KQ=Cu
zE0M&S)hi>?{*gV0Bax&oP(t@@f#<*<lmI?b<A3%-_UYKgy2LmzIb80bdUDz0oJQ4k
zb;UrYLlsMEPvZ8W{xK65+Jmi=NOE++8tZ#66nK}vHKB83gir79H|}q~GlEi%*L4Y$
zWYDcy^hZ=^i#zi?0x0As8B!@9E$!6m21M{DVmw;Iu0t57TjR+WNj4XMR)P`2tx7Ae
z(w3!r-)vGKP^4Nw1TcM`q~~(1wlUDili`x-k|9zvBze7c#xd_e-PO#Z4<y!u|7qFt
zYD`}iLws#zRVO&a{Dbbj+2;MW`&fcGZTqbb1CeLe&HK&GW>}<XqyrBm)DjodkTaJ>
zyA3M~NaSCR7U(p=-Fu-{TgR8?am5zu1h2#635E_RS*wrVt>EdYBVX4Xm%W$lNPMee
zyD62(+9K5L)~1`crp!v<0Csenh7-6xqZ+0}en2ODBs3*|_08ZvFF%BPK?!tiHt(5)
z|7>3>zK4V0EWBOyxwjxcGy(9wR;iI2qifa4JRuOtD(ys5*E0e^>n?r9DB1WBWKE*<
z`?Az2&iIHyiQQ9TPiIpg7YTt_J@V3wTl+si9qZ^(&4ld)RT?YQ%TMm+tp3h|^L>YB
zXUMfDq<htj5t|y13&%)(+9i6CdFdVt9+UXlc~|+adZ!%!Dp|!^g^<j#bAF&rzz25s
z#D0~`_ow-VscIvF(=HmB8ND1>$V5U7>*95B()FBuh?$#XVe%HS$GGAn54)}>=LL%F
zI@z$}&j`BK#ur#RPomw5p^1=aKu#LPRvc|puDThr{f~Lhp*YFaOxod;)5$-IWu3hD
z8Z*kw#(D*kF<UYAGUWrT1&ozK(Np|9D8?vA4WmE5%i4+V+8?e0oCApl3U-RhlYM2~
z3848x4z>b@=G6^<YJ$eMgT4dEqhZbDq0>RB(S6v<`)K!&-UQ#YFMk^Y7>aDvH;fZF
z0y(;=F9v7n+xT(Gdr9rlAH{ks5aOTRs)cV_$ia&U=q^@@j8Bsa1|-Dq)Ppf44a)6p
z^Wpt%Ho-5h!7h~Zaq-bBMEQNH7;CP+PPfZMs|lEMhzcYxWi;-uEA(ojuwKN%yfoND
zR;`tR_L2(NeM*~l(tYv<ZYqrQ>N$NBj4tjS8)Z|LW+Ap4XQ0@rcOyb?fWo3VZgnVJ
z1r;-(<ZO+)IXT-+SG7vSvB}f3aqcU03n$c@uiDBh?jMB_APSlRw)dO=k|BM^zn`%b
znc${<7m4oI>lo0ndwXJD<V;_En*F;R^tzJD8r1QU_Hp_U61EEh4~6#4CW^ixy@1j}
zU$ztiE_!A|^$wU9_sWWvXDiAFjgx|9k~E(z!0Q~a;U;VDvNf{fEJ8kr?AE)X>~VH)
zm9r1je^sJ%rrIFiAs4D3z5K9-Nq%ko7T1kgptkCHg1#K)jtl~+We5Hy0neTh--+wv
z_qIN*Jx3g?bipo!%xz%0GKN+O=wo$=kwam4D(_O!3T+fwJeVyY?7nOCxoCoVjRPL_
zTOvm5ORDA3X2i^H4%?)7vTI95dLB=T&zFFFUc-f4oz$cE3M}UnuY=vT(X+}=1LG2J
zLs_z}z%oO2p2d6=hky>L(79UoMxY-ntf*O2=4<Qa!oDFtX1UOCmifaj{8Z%b-!EtA
zA80*uz*K+w2g^nT1dz5lCBg@xIgdo%J=tx+AnXeJ!3*paiS;A)lw>5*-LdQ1nc08E
zf^5cnhx#zWH~f8pe#@GJRw`^N|2lP~4_e{Wz2}RLrxQj9&GChLZK|5p5JEpc3Z*50
z!og03EFvAX3lc2G!rUfYJb>7KN{N1eCHokS{m?Wj3B4~{-VvaIl!^I(QSLP%P}CM#
zOjonkp;m6AbGx2wK1IJm#}x(Ra5OU^_?WuI6tMFx6+J(I^tbARLi+-ES=yki-0<02
z*T8s9mkwM~fx`UMqapt#w`VZ#(oIE!+7sDl`F!EuU2z>5M4+mZ)HMg7Qe{SuzOvsf
z?A92v)5m{@0>&fg^38Oso&w$t3RDh)PWE9zp<UVFS`X4gs?BP7z$Mh*2CBq#T_(X5
zbrXh3D!qb!W1ueh64*|-(}DBmRIgbuby8%Y9&lU8Km~40s1@eT6|z3;JzSzRsVso?
z%>)5+Czs)}3jB-mD}s=UK>Z?1&%X2CZ*#E00%4v)nmqoQuFX&ke<IW88!RHk81$Uj
z(C;N1Wb-gTQCkpeWq8X9Z<{TzqhC3UwQ|2LVC%!$y^MT7jz-7&_dZhtE8O+y5?=!_
zQQb$IvhDK;tm6IFmi0%l>)UI-X^#mj$I}hqYATwmOe8>2^mo^KdiI8FH47qND*e};
zUrBvExD`<l2~Z5lL4KgWkat47M_VV+%3HTD->rY((ic=0GfM=TPJR!Wcq-BT(cKpV
zo(CYT_ooX=J{Lflr{PIe4hf9k0hKW4Vi=%->b!D&t@6>5L+cvG^uCbLS4tFWCIP^(
zo?=76XX~zEs=YS(o?>VL<M}N#q46KLV2i}<)bej|oF8%^(7vtX-#H#)P@;4vtzkSN
zn?*l-Wm%W9rgeO|WUzPy_8C-`2N>=CB)E2<)?-O9_qE@x>hj{y9T>D!XX|MOq9bdV
z8$VA2bih67iACJcl%Fp^3TM#B>hrSo;7v}KeqFwYL`@FU*%_ZfGIMGhm|GRHT`>#T
zJ`eT|_*Qw{$wD`>^Xp8vjPGZpGM#`>!j>LglaH8(>%(&;c+-oqkR($F8~*Hn;tomy
z+sd%1RW&b`+<RglEPb%Mr}I=6Pp=+b^x$RKm<gTUo$bz<rt6NuRioTzKC1EwLwu}U
zjUPP*q0U-^gyd_>a*Zow`mMG8VChKXJJsQX`|s9Qs84Li>zJ$*$`BqH@t_r{O_?l%
z_?6^e8}t9H`*~tGp5}0`j;39Zlgp~oe-Q~QLhu69lxG^O<llQ}LsNL#r?M32T-UE*
zRpGDD1s(PGvjv2ysXPhY_b+klTb#WT=bXvEAdCdTm3ST}<?6&J8lUekcyoPxWu~}K
za@4*4W}oRZ!a`+W%N}p2E1i%s*-g}$4j4{Sj3~X-7J*j!#Z_hJi@nrz-+VbU+URHq
zQ62RmZavOLZkO$@;DPq5dS4rY`SLIL^&9-K@(8acHjPsa@keZ`0+D4C+2N7T)_Ar5
zOaz}(!nx5O`3HRnyEU+KPFn4Hrh|QP7?(W|2+Fo|b=p<X#VN90(wxP@KqW#lfxK3n
zfqF7DezdoVmfVx`;`9R87W)QH!nj&8o}mIEWb}ZN8@03lAc<+xZ9>$Z7D@1fh<Wpu
zSNLt}Q+m@2BOPdu{c@r<&9YAKfE|a~`EXh0yA+}8<_iV9I2-eE=~NVp!LM(tbg9%2
zmdK`XNr&l)%AwYbyWg^2Dq-`9Ecl;)%qOid*kb3W*J&v{CAREvRBXmwnoec2_-M0+
zpv~1~Kp)r48P`>~6iCCb?mXXc6p^u29`~>Pj@Kp_&@QHKYOU+I1^>XW(utzlUB~G5
zHdlRum546T#M@8SMT}(opfOsl&4QK!^H+Hzit>z0JtFaN#rPTIu#E*ri8gcTnlbw@
zG8CO{qW;`va*fEFiF^d*>@)O7bL|fh#QK`WxO~o@pYUS{V;u2W=hM~ko((|uamh!-
ze8ngXV9w7e*1I+<2$9GtJ4K|s<Ft*angj6LsV#p4mcI!Xrg|>vr6rul2WNa~T`{aR
z6=_gtw>zFDfomFTnz`@UVe?D+OX|N{PAk5D5Rc!kWPWw=Gmh>6p$xfeYMt{Qh7t@|
zIYkkR>-EE1N!f;8DdNqf*odReWOoTFsR$3XVTNssMjMV^DklBgY@DEhns<Y^PGIb1
zsnXlgq%1}c{bgHoJ6^U_(H9D82L{menj)1v`Z%Z1)j=!2E_0$nI^EC%Uoy37Ykh*l
zPW?)vHVKDi+wJoKU-sO8Bys<<fJk`n5yc7fNKk8&p_6GJs_hj$cR)qUKLw1r!5#=L
zuIXA`|AuS~9nUL(8hPSzwZq<({q`mC`!jR{lzj2e);iaQg0EWyG1DX4MR@jSz#y}b
zoaUG-xeMILW+-Fp4T_Ky(R<P1<vL${fqh`vv{*q`<xQr)@`t|lqpn92t-|aivF_|d
z1DW^An(`0ozY}vADtJVEZqNe166lCm=BZ{D`Ut^1X5C1B_Vm9MeKFu5f-arO@=q}n
zk;w@kqs1J0(P2OrX?T?D1!JrR$)S;(0WL^)!3XoKWK^;q)9BbvQx@#5A%6rz-_8(~
zJw52(6TJWciIO!P%b-&~#NdQyI4naW-eTga&ps0`kcyc;BV)w)tf*LrDF0k*M%L<|
z7x7(E1L#jagU$Lo5?e;b*Ln{^=^3+jgI5kImw0u)sr0`Vlm7l+KSAKp2@Vt`jFz*T
z7iXcM@m6H8{8_?)=;81f<=mBRnxWd>%3<OnAk;^qMfcZ|f8j|5B%iYW3}D>WuN(Ps
z{fG)=F;7vHNB)s9I#V}9o86YEJMU%x^FjRkn*LKrCc^^<p^p-Q*2KZOev$9krmY2$
zsksfi6MS5SA#}PBCaDDG^maBn)1Qm&*|x%yFs_)6?Hn!}eK#1>(>O?W*a;c~;EruU
zez5=RtN-(D{`rf{B0LO^Xbqa72)0^L_lrPN65Hcxx-Hl|9)nrzUP!U-m&Zu_ch`0a
zY!<4ZZy=&<mRl+Sg84h)W^>?u+d2Et&TX3_CJ(a$`)A~W`HF?kImNwPiftgQTW&;y
z;iiN?B5uyqlR=gNDcl+hpbLL}%U4F1$CRb=U#|ZDmZ)k!KyMg21Vy6q<2NvaeNZAu
zncQ%>9nBN?J?mDggyz-2;E?sHaw`a!6)zA=tI$XpudchGNViN%k%4@$xu8E36!n#Z
zYy@LA5;#p+`($kmt5${(<}$!MUGH0x-ctar!wCeX(QzK<moUYK&&o#{e)v&nRNSrB
z#YVUb+3!2mbo|~G*Ntw6C!k=Dpt)>#OmhTgvm%1wi<;?w7+V2=B}}`+Ec;>>*6oqt
z5jv)Tw@?`eh)aCXaFy5HY4QLQoXYC!_+he`F#vr`x8nu_&_iBnh>-Aks66r9JF1kR
zX)*&bzm@n+B92d)w8r%5<u%Fk<ecdKzgkTH`?CGp?~3=~prXr_5(W@0Hn4g}vfisH
z0z^Ni1#%?HPwXUKS4UiSOLg3r#vhPOb|Y0jqh=Lhl9FH)3o&P5{-*=zzbtm|L#g@V
zK0ag^Idi3j2f&2{VBKohc%`Y^x6SGnXtj>&zrWky%moZJ$ji4mU}EBC=@Q+-tfDf~
zRSx67?n?i$DgU|<QLKR;yX^g(7@1)vxsvbi7r>t@ArVomxm!qd>z`rc*T1|=@e=BO
zFPiu8UsIlcyXJqr4lBk7Xkt+K=<l@~e}1bNF0g*Tg{!0fR(JWA08XEb1mgu3VeUT@
zm0t^PpF6-|vWOE_K6~;ncksXbXS>jAGD9jZ)qm`rzqzI|oA8|y&D&rsI|l%4H+8EN
z2X7zmFEm-qj3{Yo=%--+UbW|i_#_Q>W(cXb30JEFy`qIyd@B?%_sq4EVO<bZ`kDZ<
z5jPLGr3>sg24hx&tC?qSVLd8$XOJd@sA){@5V`ID+z0Tj42}G!Ez~lZ=Shrnaj>a%
z=k<42_51Vp(fsf&E7D~Q096dx^Y+5%9Mqy8F^u8=zdY&JNY{WbxBx;D3?t~f@dCu0
zN1*71#_Mw2USC8|b`BD@rg$w66S7rRvs?xJ5K!9Y3MJy@f{AZ_zWPGuAE)=G<_4(B
zRJ9U7!N!u)l%a}dM`jQ7Q&sH0#nIz<vtqH-j)4ZWMFNk(JLBPkbOta*Nk;4h{tsVm
zAf3<wt@m`$qFVqZ+eaXN6k3228ZY+%$Hd?AI4j=*paCrN=!l}!`A_P&TI7t~dQkS(
zQCxmH3C{if%$r@H;*SLzMJ=-mTgZB?p-A}V1#dV&i=zolTvaJx<ZOB?s$~XLW?-hz
z-aasB2Y{{<FD%&KTk!<BSh<G`45{A;tLWDOP6o4XGn5&`8nd)$<FHqw1zB@Injuqa
zsxTG)K;4+{dSB303+yEGS9c(427;ZL9f*H9OH8KNV4}}YW?=4G?1(h%g!IZB;7uNE
zy(Ir#BrY(;YM8=6{S54jI$aFqC;&5nVz<`IP@Ez{{zhyE+@-{mH>mMea0axxmSq!$
zIzWE2klsFW3cBIUD|g^2cnoBGdCt0ARX{E04+Dw_@%q)?-JaD`Jp|vnR&g1q9oR`R
zG0>Wtuom{f@Y+}Dd!SK)0@KW)Kfn;;zg#D`lg+pWpbm6w237qnSiQi<mQi={k%T)V
zEm=t_c;2W2irlBiBfwa*39`<57{?|JD7}UmQMTK_Ai7625`W62EKGboihDrgo!Iyb
z;0jO;F9w7{H?F$sWMCXE+;CutZ@680v@`WWn107`#)0bb9GGIW0FEQ&AwR)hY2d(r
z(2R9pY4&d|vwsb6+D|FHEWPgIs@|VX*f0mR7Vj8OKd+W_vuH`S!p{)-q8soP31HLi
z?4C`519GEf^^T&<(`Trc4_$<&+6QP;2I2uDWU_{d#`mEg^%BTNjgs_jX~oC**}6+_
zz&6L-|4>RRkib^VnrQ$aGZMZKSZG_28@+I9D1I=&pFBFwpFCu(`6c}8f;<2gzO?(8
z4InwTrL${qK1m2mJbdU&Ad9hJwb&d))e6JHVIxeO`9^<wvrIU_?85a&WCU(!GV}6K
zs4KqXdOs<U6SYc3flRFVA)jUh40-2FO-8{A1v{$w{g}&oknm$MA2bLZH=7j$BHSuX
z$0hJ<0^#2LyK1PHMwLAh3@DF*5sek$9Z_xw05IFjhWHQ7r_l)jM+xtA#!1U{();=o
z?n&bkXthNgK(-6p8o^jQ!nv0_Jk%UlBLKjIMRNsk@S0&Y;z5)>d_{Yp;TCVv7xetM
zaax%d@l!6kPLy#h$D2xR+&S0gT3CUmK__@U5|kyR*8#%`0_N;B!t|5o6oe!J+MJ;0
zG(-i7C=(cdJK4xWpMufLmTK6aGQKWH^}R^qrmNIFxw&6ro&4itPS$~Fh$m?L;SwKX
zmymqc{yYUfJW&}P!0DC-mDg#Ry8;!|m0Hr`b6BpN=sO8WdYV9Py)6An;5I2{8ylb+
z6n_A&5NcGqV4&)@9(-Lzy73oBa`eyp)kVDAm@G5sLcGoNr0OhEBBA}6Kt)*CqG;HU
zp*4Zk{Qgf3;W$za7_Xe@V~PC56XLFm7!6Utbd1Bg0jP@Nl><){sfWCu>D=}EmrN2%
zz<lGWw=l(k8ZpKz=a1f4-c>q2lr4Swya#9IqSYnN<2r$fW0V3+t$a4J6)SOSjmH~9
z7I#ZiroVscN2siUIBoLr>Fx~oyt+RGnz0}PFWOj*Ng3t9A)4-5AsdGn=jZ7T+C~x)
z`|UA8@j?w0@(f$ngSHH9<!3Y}QE1Um+>E)q&p_wxgB%_PEwRfwDVC%SZ4>JW)7U8>
zha1AtHd6LlK$4^C&|ouka`vS8F7zuv1>SsO{->|S<)m4DqE}E8J{<i`Ef|()o^mHB
zZF}zs6t<D^ElMKu2TKy*JBP8N`2gQ^GGqD6x}H(8O@QRm9r_YtP;gZr(lRZ-j|Qzc
zBQY4%?r;5#-iPK<RlH5PwotFUh?{Zfbc)SFlw17UB^vn9>Ez01)UQ?<C%VZe2c<D5
zu*WzqV7uQG!I-raZYm=T3Mv4qgiQwV8j90dr76FYjyJp$nFlbW0_y^(ub&-d=oSn%
za(V9~(qknK?}f~u^tn$u%}0iq7lWvTKI?I~q>6<wj<moiYXo%T8RA~C%3x;b;ja8C
zIDZ;!Yvt{Xfr`*DnBHF1SO=35!}hLKih%pisvZ%=8H)g9)8mp54B02-WIwFX=-7`5
zq%ojG(NcDYhaXo(K6MLAR5=4|&*WP#TFLXVuj%9D>SX$h3PGQ50cMCg<ePiMyS~?=
zH%9%Wn_zBiN9PjF+e6idG^xqT*B$pCz6^*bXB<j2pRy<~{dogaKwop{M#^Bv`xYDT
z80W@WGQ%p;npM-|G^{Z9Rt}Z+ksy+;4qs8a&pBzvm803Vze$Zq;OLm{5o95T1g|?D
z^{^)?zJ`DIenbbbql=Og>H=Z=j&RoT*+C|ENMZNT_^Z&*rr2YwoUxU-AM-q0Oo(fd
z?2OoX=z~6N0A1SR(eBHD$1$D#_RKu8l-e0&@-+r40?ib4%!L6%Dj*{<f4WHYj)xY)
z*E;{R_@K*pKP+h4r~YC!$)^YKm|oij?gH&*3%lVbJIwP2ie@t~plinj{?a?4gM^A8
zw_4NH09=QZO1|P$^%zK4Z{mwKrSHk_sqbF`DPc)+EVRNex8*ckS5l8+Qg~-=BhVii
zM^#rv4dbdDC@bxBW&zx}31C%B1n3<Gq^IkUG{oUlq-C~da|&r+(*1TDe}>-Bh1r$|
z<MB6sB?1!?%f>j8PSyv=t>FArgi$E2bG~19l}AZP89;(`H!hWuPi@4S_J0VCE%+l&
z0Vu4R2bg0uIo$Q>>_dDpP!2rka(`GD|2zeZQz`jSw3ciao<C^Mi5TN7)vbQ%0f=Bp
zBx3Xnw>MX60`g@ct`de>f%p8yk1Qgo*V-e=8G4K2+wcoPBEh!L`Lmrk2)P7*_5&n%
z5c}eV?Bd4#`z$8V!WnWV>1F|WXI&b*MQw;z74ygGU63A>I)d8b&}({AKY93e!N+{#
z!IwxsxdfJ?(q5Ph^8%87NK?1RaGu5#k0=IR$NgX&+I0PchH2O)3&e?uIRbls9Wy#f
z??oj>-~aSAw9gxaRF+UJ>_u{g+GQE4%{Mmm@s~>{t7?38xqZ>mUheOV{N#*kMRmlK
zEQOiYbSN%=p7{>4*3AzY)}eXDirgLYGWt~pd7dpTuzASChHakmQpfYHO&Kye#OdSJ
z<x7Rv^{tqK4Ok=Z_<m(sv>7K+*3uO%+K~njP(R>Yx0~@0j#EqBnmjzEn_H@?*~yid
zqUK+MY)+=-^_CD<#)yxmWY)QjQu5nH?Hy%`8~k4<rB5YD))8J;5}@xY1pyqQ9d-iu
z*S@4h<QHU~09l6|(pgKsYk=;;hBF0(Z8^A73dYYtrfp54pv@N`ho=hbf{6$HXy>K9
z{Fv)mStgx=SPn#Nwm<6@wpXjr&n%#ZZ|%i#q$UDES${Hb9$j=!L`YTc@D`7gwd3sK
z_G%Bo*0M7$?RBEFZq)J1Xbgc-)Hi!z@^L{@gpHMeR@&w&W03X?NUtE=NR_g|koYH9
zpaS04fZSwu6eA~9sN7d~1IutaOe<xZ|Dc*M<H{!VPg|i1!e_T(ZhoI?4n6DYnlB1%
zZ$~>-DK=EO*=2c~2)Zuxu&KjR5FT1yi5#oGn5xPI679vxAl$8o;+C|L#l_%ng-_?Y
zOlbdH9tGF%V!^wWe=L@!fccU%X@kM>Z(m8*xD!PM@n6JdspoY;MH+D0Exr_N_IzZM
zti%&QOLKw=oI6hvu~*-Fx?Q<-wUwVZ;~HQ-zqr;*yC7id3WTgv-*{PE+s&To2}|IG
zlyu;lj^)h+8-E^mShZ6>KWK_TPF-FmXxgp2vJ@A6?SV?BKoLg#?E3i>P)#FyK$nLM
zi|Pg;eNDD*TD3gEGEuwN#~%B&k^B7Ho;Il;PF&nR2FK@jIdq;)4}1}w!piZZ3=Zk7
z94-9Z$<XIu;d~X-XQMG&rdYNUon`|wNE~oaS+(d_0`;cyWhBs?;*f}qY82>l8bzgX
zcARyo)Ux6H?}MrL(|3Q|{DFaH#1wjkm8(`>CKg^(54KhMT;e%9XPvxP=sT>@J4IcL
z>43_v$X>rNptEnC%<t(j*%PH2#vM!Qw<zBl!U~g6k3?pAPE4Maji;e~fu=x0bpZ(t
z#XJPiY1{2%fVgYM9yfXDx}3p4`;~4p;ug*d2K~}mpSF-{Gr(AmzsFrn3F4!q<AWX5
zLWWjWDi7MV$-#uXiVgqInn3&9;Pvc<VJK=R&=(fU$UcNHa#F}naw6^f5pX-^_y<v{
z)0643=`|d^GeC^@%kDAUy-1{QlY>7XKIu65hrEOpzQU%@Nb2xo&sr!b5QC!Rd3uA~
zhwFld^Ls47X3!N&<O!kI<o^6n)7!0{oUox&`+9r{LAvR=rwAK)AQJy#*_=+Gxv-t8
z7G@2H$XB^_Z~&6B$Yb<B<jl)Pj<&z*kQ?J!kL-zBfg~J(1it8dX0b)~$^W&H6>wpZ
z{2#`?I-u$-{aX<v3_w8AOM@WYARS6~bLmn#C8S$gC8eahrMr<%X^@g`E*<Z=GdsKU
z+nL>c|GP?k<DBO_@rh~5aA?YFofwo*uCR_rkNox~c5TFNUdx?20r*IJ$TTme{L;Hl
zd{aMgj?Y0T)^y??1Rk&)oGa@j$0zo%z#?4BEB0hfm_P$DKx|}%KY0cm52omnSZ`Us
z2e51t7K8jrYh9hFr=&Xl8EnI;RG;Rf=Zokd4YK!%If#RZ_1HFYRL8WO;rmy|*;iN{
z<&DN(;e?z6?eennq8$KF&AaukSIH}zvRa?w_x$=fG2$75NKkJEX1Fgh^eUIF)$nkr
z7YG1DP{O#)#-3kFFQFD0A=uP!1l0_#NhdsaLrT82g_{TPNmK#mfuDQKs`3fUBE$)M
z{wz0?F$?I(J>cDWbrzaoE8@}}NgA^j--v}nVl}lH5o^q^<RYAR#6}`_-@uZ5ujN&#
z-##yWH<q<?%17jBtP-V|LHp#Pw&hPl8xo7bgtIG2zoclFA_C1#wH{&yX76`X_n*LF
zC;~6iZsRXHZuXVoSwX=b!<Pg9xP8(qru|5AB%D{QDD%g$?yExN)5pa35A6C_Io63C
zu^=791&7QXxNaBx9#?1bFN61o_?MpEKG}s0L(cKv^ghahV{pe>PRT-{v%JyW_l)MB
z>hDd-_2`SbG>?8fDCu~rr5+Rwa`|cXU#WDw0{BYmw67}3P9m1uxB`Ui9v*q&UH03W
z^0p$7Vg-b1AL_TCet<5+ozcc+o4z|ibO+HIFEf{;H{F&{l{<ypW=S#>1<>g;TrucJ
z<H%+Oy3&AZ>W|pMpXyabs1*l+3tUbc)T{fVnSAw9`mJ$C$P{+?51d^_7~Hrxpyqn9
z;ka8R%DfgGWu8P2icE>nLk(Nir$H@3e~htE2r%1fSZOr@L+^MvLhrTWv_#qaE_b)N
ziBhG?b~15`;|1nI<e@((FI$o}Y6I5Z)*fuq9o49s*1l?wFn7D13^<BeASQay%Avo%
z!gY|~lkLSl@ZI4_O=9l`-st@`h7=Vd!oES5dHdu{7Ev?E8Ng%4E(;Svm1^cM&Ig?J
zJp#q`P7S}adzq6u65Dl?zHJ!h-i5wg?u;|l+BDi$3XDysn_#kHYW`>_d#m@f%58AL
zVNJ4rK>En7=uks!QtNQThHs^c^!y#yuE(>?1vlCD;tC?C%4JmR|2sf0KtXVG8u+yz
z^?i|6E9Go=>-0%kv`iJh*0cDFSWB&Gzq_X_iug_aSEm|zFgmF!%i2Rt9XEvhhQp3W
zB)rVbRvuY(E^#lGdKu~p+BbVDWR^Jp0P_pnwNifa^aymDN|8;^6g&FOtTJv7dl}#P
zem<Q&qrk5Aq_RCqNkq~~PH3G=qi%!Fl8Yj7&YdF!F!`S1%e5XvK7h#+2cUdmv&wOO
zE?EhOIiuk$zS;)<d2drbqM(co-s8EMiZ8qojux{ni*6!AOaFc|@|5$k=Hmho+4P!t
zw8&NcvETP)0r_4tmO`})Cq!_`o8sXQl+KlgcUv=6#RtFmTJJJ?21oKDq4-;sEWH&u
zdDc5t3^!;I4lA)nAx9CI9ipBkz2dS$xo>O8&0WfT5`BUZspOBB3c+=xiEy?ZQ+OSp
zvuqg5KlH8z&*ey_S6Aq~`lAR!Bj}wtdv{BytF~uXb9JecI7nToF9619XKccbn+7#H
z(V{*|bm;p1bZ269Iesg@EalK8&UH+($>i${VhPO82^YtKM}CHKb$CmJy)Le742p0M
zAEZ9K@_MMA;mhRujAZ5dktDf9r=Sl+x)GBtH321~;H)AeGpS_mVE*a0c1f+&$#wbK
z9c6tRYYqQ0d{|A?x#!UE5oVyfHHM3&4)LndAjeaTHTU|<bN@+EfzbnDF6l0E$dmXj
zbW)|cb=>P!p?klOAL8j<cDi;x_ED@odSshu$u-EGa*cN`0@)VmWab0$BsfT=p!c1&
zh}!_0PLeVI#HRE_(A{B|wXW!EgWKvx`)&7IuHu?xTZ;kyON-?WUzB5ibLWv|u9=!d
z%d3MZCbF#CaKX?F-9)9_A`!PNn`h}wcoPfoarXdu<q^N@y6J!+<f(pAMAcd2;kSwj
zV;qLdF2|_SO)?77&n`?IVONcyv)AMvBOiX`C(dQ{t!wgl$K8d0%{t4Tl7F{hcO|M6
zm9dldvYXjYZ7`W{=Lqt{F`atk{GlhDw+rgy9d9E3Wu~Hv(9dV=EK>o0z_0$<{%_tC
zCb7p@9`|o8yFO0npe&uC)KHT+e(m^sn>h+{x1O#Vb*I=_9M#pkih`3>!e-!+Y&%Xn
zhgIXJ^mxJ)^4L|Xue_YB0D%qFl1p>^(L^wJ)_xxdhaym=q0f-l+Ab68M-jqi)jQuu
z5dK`jJ0cpYv^|bUXgR(+s8C5=B{-`-81@d4^Ha>|V__`EHAT<*B52Pjzf0QN5W*Tf
zPG@GjY0`O{^b~g?w-7>3H`IxilkLwT0y_5<J`tY4n?f#|Ke;>mH{%uf%@Ch(k+zpW
zQiD(S@3gYOLSRH#^}fKp_}f0vWu387Cs!t88YZ^t>uN~A2$>2f+eY_!3aOD0De!e_
zSP$Ur@(IkuK*V6ecsRE&p1Eh!riDsM);Qn0`2BUA^9%j$m#z2~dcQhFbeNi#!w!Q`
z7%=Ld-z?nTOjJ$*uE)K_H*e4*lup)wvGKRV<0<;@&l`zKKVN4s*nKu-8Mu3bB|;$-
zDIM@u=*qs>VBlE~Nq0>PD^9WW+9+rsnJ17B)XF4s4f}mH>hXnkVmsPc+42cK_tTjD
z>A&x<hL28Q<6&~hdu%xxhJ?s$XGvDyik=$GfuS&R(9_;FW7y+@YB+*Ra>ztH__lkJ
z1e?hRTj$r*0OzJrQ}NdP+(`npUaqe_qU}Jj5{gnT-HaoB?15y%IW)gqoBY$Y9~K#1
zB1Q)H)AaN}d<;Eq>Y5*R1zfwiX|+Z?v8G~ciVUHj-6c;Ua#D!W5VN005AS~38iGS<
z&@F7PNxs}cpfY&Y#pMC9msxUKo@57d+x684#{(vb=Fs<VVt4d$aOtL!?R^e9*C>|#
z&R0wsRu8#7S(9FjMfX=H8}fRI=yEkW`yO!*HM+moI#oUXiux->33|(P61yc_nY~n4
za`W%wpJp>bL9$<FHjxz}zvo+-QeFvlD1tYwN)%RplSgjfol9)nq6n{o#AhFNqU@}_
z>gMOYRFA-D>(>-M()YL*#o}DIm@CeWNQL`zfAf&*#<tYIB(WZ2g4eqy@ab`7jf>2C
zzpZqS`Uxh{9~Q9p&-nW@>qFR_XKYw;IR+5)A4M=CYS^Ju)FcB=Wo4*c5X~$~IAOBu
z?8+;fmaTqK-{;C}UA?X0Wyv<w1*iMP9_f5aP4$m1#DWB!?TAX?jT})1h*fY%oQE%g
zZE(U(DE>tvo9Qb)l)DzM-w5;Kx<4#=v>e#DEVR+Zv+J@BgV?rXa_~cgh`#lu!#RWp
zWJpS#h@p5=QQ1~!=Z*cri1LW6;g|^bm%|O48*S1d9|IzTY(rQNS3_TP;%~!w2D<ga
z*&EKrJSm%Et<;wSE{8_TKG}?9T#l6VvCJJDMD`Hg=JL<Wgq*zoi-R?Tlit=0i)JG`
zgpQo%(_{6%sObGLR1pg~(|G5M8LDx+0b<A)$uSezvzQGxL%v1(17*V|%u*&{JG=fB
zg5br9_;1i6^P2Dpx1#YHDEX56DzBrpP}43$D8%ak84cqRW-|(BPqmb0mOb~xL2Lo*
z-20-tc&#k+%_s|QznU?ZNpa`v0@=_h+Y42(ZxXk#CJ>7-@yN_M+6-~wR%n)k>f$=5
z<>QN6N8FxMR15YUGeQNTHq@r{DXcc!TLtA7>?!GqTW(nwj#0>BT*c=WNo;Qwo$ceR
zC8~A)Z@K`FcY-Ukq$vN)-6^H+F#GHmgAioA9OFi;yLN;^JUiLBKiPt!yVmJy6->sW
zKU*(j%xW_5t>gPu!a<qy0%;uPyOBo`Vpfv&Z8%bDO|hqMD{tf<TN7Fx^B{{7rBEAD
z=`$Wgu26CNBnR4_a=2~IoL#PrUH0)iA0t|o)zwUfsL{vd>Nd)NuaI(Ou^hg%J0f5l
z1tJ0Ses_6mpzSA?DA&O*o^gSEp%@NI_y&eNBBEdAl(M9m@1l@C)^BxbuX+gvCjIHS
zrQU{t)gh)dshF5*__%;>R&3eIB@tYL!njSo%7V{%#jWG4ALHNQ0#?I1At}oN2O&PQ
zivXIVbW;THVK>>_y918VINCA=gS!Saujc!fG~E_3ps2UsEAFLo&)BB+Tkr;t7B7{2
zf5+c-`EkpUe&OKDw#cD-<3x~i%5oR#@K#wbBRaaMP9HB_>v<QRl&hI3Pwcg81Mf29
zynuko$_IzVPcW2zJaiV4r6*SLf#OT(7V6%U0)vLz$$_ORVkX!23@+MqicDQdHOWmK
z+-mg?ZshNfWf3l*a&_M5p}NS{1T4P|bN+xVkYY__-7a(c@N|d$-%&K)<MDzQb<liP
zoSnLVv}2=`5Q1E1Cs$u_{?eiG^QCN0X@ZkZNZd%3Gt2Jxiq@UUY#4D*FPiY3H`H5Y
z`DHrl(`#RUuPuvS%VJ;@<!HTsxb&)l(BOqWBPwf1WY;4-t32GU*)~jc#-?0ZcPnE0
zqXE(C-XDw$RQ!&E%=H^1`1%T{xDu0MR$s6<Sl)WLb%o+9mGpEJDz_R6r9NbZe8OX7
z6jj6}`<y@`d`Py<;6p=-iE8`d47Oc9`1A>cTh_Uwl-SDen;2cl1GYv6ei%mAig};d
zWRP`2FYlUk(XV=?B)Ku~lHQwoO#fwnDWK5N&&s6XS;-ttm$KRLfOEG-Jl^euQiEEb
zqvqYume*Vwtwh;n&V*CW8PohTWuNpu=Z1l;+RLh=RH2<{E}G}+hOgu0*G_rGfUfcL
zI<99VskesZ-Qb0?V^^$gL&rW^xaVUykF(OvjiR1ZuN6m5w8(s;ud6(w&|y`5*I04Y
ze&CySts{7IHOVh>rx(9?bqJ`%uhnkM|KKfYaXAsib|oy9<|oAD!(>_m9*q;z%8urL
z*^>p~h$|mzcp#2D<-fhWW;9B#I97l^61MynWOeg&A_tu@1q?XHh5K!fM%&OoA%CiO
zTXE(6*?jLF=YCDRbdGTA57O#=2<E5#kC0bUjV0m6&Qm|RC0&H^I>Qoe{Eq8@G(y{5
zWFoyZY)(zosxO5%&U}5QFZPlZ{Cq{_DKhAET<M%XM%YAcCxj#<XERT!=AEvjiiW1k
zib}R?@Y<I&x?gH0pk#l0UBvgJDx@{-rh(4SD$gU+EYR3l)2<w%|74Jemvwnj_aKT)
z+G<q1U|;^D?LqgJ|2eRdkRB5A`T`Jz{yN6D2fy^Ssq9M$<s^ITcrm;7v&8U>iI;20
zK09ItPqq<O26t-ii1!J`W$=gJJHpfF#D5vYu#!gf%ztBbGP0Z{p_Dk(RFu%pZ^@GI
z)S#!*y%xqm6-gXp-z|3Ru&R-~;U;Wh?D>5okdrCqIJ_J%5QS?^2$XafMzM$EmO};M
z&W2wmy-m$+`v(~ZoOrAFCJH8EgVi`7jh6hQ@D<YV#|qi8II4M-kr!x8WL;E~n4g#(
zTH`QL<FIDO5DMnkW)mbujt_7d*ch7~+{x%@m*Z`HbAsa}1Zo(tPL7kGcd^dLxjp{4
z5WO|i_%XKf{kc+%Bb1dlyI`$Ati4U-;}-IDIAIE_TO(ld4;FE2i6SfxeiZ*gJ4V~(
zWlozyc<f)AQ1Ei%Xd=S2*4{s|6EEcmn*Moj${Mmn(!?^sftz|74nb)7*(HML203@>
zGWC8xba7)VvqG8*+ENWa?OSPw{=$7#4@2q3vS;U+oL2b_!{9wa+8kzKW!0%`n7*HY
z6NAcMbL>NSU^PoZc}0ytm}~~97LT1Z4Zy&rZtkq(a<yjt6(cwDcc;Ma_IF?c%3S)1
zuzlslQ9_{(=Mn{H59VaD%P;)8_^^^yIN&}Zn+y^$D-Q<hv2)$8uzNB+iUZ$P9?t%J
zHS`7Fzh*Uy-hIi0Z3)78un^MfWVakEUv?ar=!&9bt9o$aHeX{u3gMW2o;3h>V?va&
zQg_-M`;N$G<%LefHDoogyz2KRHdpuC$2|8#iAn$?LR6|=mJp2-<E*E_CkCzsoP&y{
z%UkZjldb*E&g5h^M3|T;e7&}Z?nj5;X^c^6J_He*hTD~T?UzJJm^w4)M|mUt(#hIR
znZY+r)Zek$hLa_*xKL<5ye5wcR;b?#T~<nWi(6r)e4P=<47<>#gPk5QZ}xst^26n=
z;c}XEI=twZk&an&&pP_v`#A+&gyhwVjPX>ba-OC7(*?$pn)lcSpAG`O`W-u_>~$#U
zXBtVX?H*$!M;$%?&V^G9b#A}J+!N^iyr&TpCX;9Brcty^0utCQ=l&zjq#c6AYq>7J
zRjVLfV3HPqs^^EdnkXJ!{-ZaWC$^l~M9b65*WTA0qMtd65AjP(fpTsTqK{*!;(H$e
zDotgngt)TkDR5rbWOwebvz_f`?Bjs;u9vUr|606Lk6mM>XR8{uc!7Lx+MVtYati%&
zU}y0fqEp1`CQIgO@V!<eruRHy2Py<LPN@#~oWgycOq2@UJ2(quoX~CW6N%B5+d!Vs
z2@QPDgr42M#=MNWZ2wpXl05r#Gv(jMg9Ro4HRlof3u0)_?wdaMkE6`{5IB)xVUjTf
zxZGBMm-2XRCHnrkkZxC$<@dt1WS0ZSzU2>XY6$2HvCxPhpZ(6T31!Z@^6``cMkSXE
z;rAZooQ?FH4jZq59uC^vc6jV}wg?P1r`_2o$MRdH#&asVF!d#&IP7^A*bD81F>WBq
zAkWw%^`(Aefa5c{w`Ie6+>=U<&$e!uj@<mY)kf1Xj?O8a5qyxewzS9`l*i6j(NX7I
z`ktd<nV-yFOt`LNrO7JZ>HP-Y^#{Xu+ErFm?GAvgqQw4A)|fyEpHsH<Nrbd017ga`
zJye?DY^dlPsUq@?a5-8XkW^Yw1o}@6R1xKMYf?;XX-b4mEJ4Xfb`T-6yosOseYr+!
z62q7$kcwV7S9cYoZ(OWQuok5|Q<$=LK0$B&$t-ze0I?Gck_+B<cChoHDy})Wz<hB2
z&~Q78^#Zy4%v8B-*KJ@ydJV1h#iFyj?x(#C@~%kaV7=Ahdm}Kual1_;&si-26@2<X
zgAAVEBAz90cDfyQobuoDZzwgIA2Mm#HokV%`VuTCfe{p;Tg=$lx8^R1pJMtYaqX0%
zY3l5{E9AW~KkU+^F|3Ljb5!EZ?=y+t;Bxs~ckL!*K8Wh^7GvB4E3i?;Ekerb6k{IH
z6>x#ErV-goo$oI+q19lVy`73wUyS<VgXz;$+V`&(UmE9gdPgrp!$abn)nhZGJI=LY
zF7qq@JRa&n_pT;cPLp-}BGGOE%%;z$Fkwa&6d1%!cm7~<uRg{*4~hd)dzz2=cE0_w
z2%9&>e^#jJK3ZX0eLE16HtSe6iyD~?1283yh|=_M9y9+3amNoC8U2(7b%Swd0MsY>
zeYT2SG-U}(V(&^ud)p_BTw_aP+nX2|f4=*_1HsgB;PF+3D|j0DUtj9}cqdheb+x6h
z^vie|UMdZro6%c@A?6n{(=X(-2ylUhLm7|f(N?D9pW%xIW{9&=Vb^xn-_Dei<MO95
zbt_J&`90hpUP3Nvp;`RDLY6;hv=IJ7Hsp6qq24$($=&j^u4+0&Y1e#1)hokFTI*cf
zj|;=}`A3{hI(h$m3jgek2qprQBG;q-KmY0fg1w94zPs8^cO>%l@qhWIe|$-B;|bpF
z`Pw2ZRiq7|MsVQRb91=7%VRKCQF$}b=>F!%x3?Sb#0x(N`hcrI#Ax{UtoF|{o!>uu
zt3)@0Dc%#;<8@59ajATRt0NYZdk;VGZsePNw^f)5&{DsN^MJ{Ywu-`=rXKFQ{-5dB
zkj3ZzyxRXB{pkIP#LLSC&~O6aDrH1K^8r{s%A$Y~xAvQ<GUGR(MLr2+$b`FOlPsQ*
zQ5#Ras=UBF1CCq0ZrPLuG3TW6$p4O+`YYN~uLG+ZOz~TR#z^ZqfPaB=GG(aBdcg*K
zz-4p$p<(L(8sfnP7qweFd{I<V=4=^L0Z<+0R5`8!@Yxpt&As<bu!E1-CpqArOFb~n
zxa4NIo*W$R$mDjmf9x-*AJ+Ok2EmA(^nXp!Nf3-Byolm}^c~v!?b1NhXf5l83KzZ3
zwvHdgx&i>ANj(eNK8s*{@~sR2zIF6wq`6t@9JihV<1SUB(=VLXR-|u33cBrEzy(>j
zpZ3?j+aZWy&?W$I=H-xJX<$%ja4BDE&@lu~AF{0q5<YKWG6tUk@$mvf7S$Ypo!EF#
z+|2%jS&am$LjS+7ch$Rjh*X3Q*#x*O(}`}2;c8?500bpqa%|A+D?ywBr}Q;m!7-dR
z070R}FWoL(*-v2rhj#$2(A$S_@xN4UOQ7VDdP)hqPkI8{kBqsS%5rE3aQ&1}UpQ4y
zhD@Ox5J$6~R~X;|XmY8W${&T*e_8rqf7n6EZuFgX$@IvSJzhGRdE**`C))}q`eSg-
ziP!^jK8mxUNjduub#f?%f3D0lfZ*W(oD+R-LycaG4_uYQ4``wK!Sx1}L7w^b42aLQ
ztq-TS0hA~XaH1#XkEj;_f@!_*kqma!0sf)$4RCY5;kW_|aS^CSpa6TJ$IhO+aPh&d
zIQ<2H&zkd6Gbx)BMuKHw+~sA`zXT4LsA}4dDmiM!I;pT17h$4(I5O(6{~ZMc@v#I$
zFF-gK2DV>?)Is4QWav_%E*9WjBk9EJgj-HlRtIFSDarBS<SFMqK{=4ray}#FSvvnv
z!eueZ^g@IXCDFR^{3y@!#~)e%S<!F7-ddlnvHzGw46N86P|pBdTyL1mMrN!g{-!H{
zjJ5$YX1vG1yHzWI3r_OMwx|;C(3JPPbFP4j6Z+E~w1MvnKaP!2d0rSW7XC-5|7Vc<
z>j%LpOhMkhRsUF%dME>5))m--+WWP?zL=v~1_Z9crNLb24l**X*2Qhw10Fv!TcRYx
z_gQ1^f@r;&k+#-xUPQ{@0v*w+4{0m5yg*yy0Y^(Zn|2+NKilVzcSwT{x*Gt*j1Jqj
zvz4-1k<0|ORaxbq9hd+3K^}riBK_nG4D`H8C$7$qEF~emG8|LwI(_93pw839VUZAG
z`EB@Bi!PYYGJcZ)@{<V3pC`dvw;uIZaGnA)lK`MD5CG<qbQX1Vdj|aHxTwS-a6HUI
z0=916mq2XqnO0|$!_HIeA?X@QK*?G?8OkyIj~DbW0tgEt0U#;@=>;wMDWG;^#Z9+t
zK&}%BKwzw-BM;!>Y~GgT`1%GQGwrnKu;3##oHH3ne48AV>^mB}#silgYE9&}hxh8+
zz+iw_$8{sq2AHmA^kw2(b52~SF!%ugs{qsE{is#0MKLXclO_d4g2LQK|2jqgK4ODY
z!CR4f=*H`w^j8Y>RU9>_zVNE5mL*Ot2vA?x-Wo9eLM065q%?jW(nU2>^gLg!IC(Xn
zVlQn**YkF#oLdIS5v>madq|ren(R1JYJ-9TBb0i0u+`H6UVWKg&_B=jVwD?(r<(mI
zwW@zzn75tOSB=rE-yp?ck(+P<NRJ4x?P>#}AHairG0=yfHKJ?I^X4c89;5|5Br5f1
zECQV7;b>kQb6_I=X0k*-)i`&a4a}aUzp&9b0O2r;+Knu@ZmEB;3zycW010W%$RJ>j
z)3AkIr~@^;nWAsJNDmzCaNO?A05G>d7*TPOaKu(hw9{EG{YU1~pN^#-uRHpxsOQ04
z67#*`AK!>Gd<S5JVb>#|-Z#lozXw;5671Hf{67APj4C-9PSgC+4}h<mHh^#I_x&?<
zLQc;+I6;23%4iutX#xOGxm8s0(Bw(&k1)%5aO&>^t-NWnLw(@8ohgscnE!Sc@l`0E
z{(K=^6J?c!{(-)8SkCYWDm39GZuI}=8+b>55rlf^^PgY5M2qhM^r0KtIF=?5Iuq^W
zpW+U{vjZS=!Eoe8VX+PP0S{FCQN(qmd6_VoLK5=J<TG6wg``15bZP?-ZQ{oO<Tf*{
zp#l))#+GnW&6e0X!NE!tJ@H*$J8&mUUS1!%7-EP94~!cb#>cw&k}KhGcM?V#M!z>H
zwa<5Ew0wsJKE%nAb<s%P0*!<=_>hCzCOiQre-a4IT3Vj9ypW}=hT6B*<~!PM4sra?
z-FA){^nit7r9Io2(%?cT6tK>j9J(XDo_ecM1;h+h+Zy(I$4jAT6q~zbugr^bksohI
ziHBbCZW2y+gWFQ0BHKLN9n34a20(qK=g1~@yyX#%bfaTkZnmO*EU47)r;KB#^y+~e
z8yd|LI7Xz-HuH<6=PZG}R}F7xHRW<^C|9=<%8Q;0I4&7@Y?c5~BCUt((CK(4ec>~(
zdwt6<0Xpg)!z2K~Fgfi*H|6pF*EaQ5Nx4I2{1z=bKB%Z}xAyKZ==kxM8#sHu+nv=w
zFrj+$!dV-TEYxfsOyx6TVU`2V)l=(pfWvq^0ksc<*#WHi)4^&$VMii^p6nLaQofrq
z#(k*)VAk<Rvixv)rFR}6H<{*uOEQvJ9iP11j<kP9`}}|B5}6V|0R!Z5JxcbL{wt|+
z_X-t$RONbxvXNba%^ko<X#=vr2xQODULM4P{v9zx{l4%KQHC5KB%q0qsr>?u(E&j5
zKmg9!_%R+o{EoQ()??D5yx*sb{{|4RTjAU-uz3x2lG`PVz-bGor0G4|9h7KekEbXH
z`hexG7}sUvVcE|i5kR(y)#(>_Z>(_Y$gibs*z!A>CZH{V57H^K`7Ge*^=&-LeXFpl
z6+j+MsSUvo^j~5-?Esx#q$impj0;u3o*rpQZuwdwo_zv3dU56P?RNX+%(C5pYvn4U
zE+FN#g1Pn^I=FY=&~v*csv`Ez_fHN-_TG+WY2a_RznQ2}xP=GlZEkyE-*sn~Th^Tf
zm9)QCJNolV)<AWR>t8vBCsNhfDHWeo3cS|Dp&jp}>aZ{c?};`EXUM`Nk#hU&49FM&
zcP=RvPzV>nO`^lmT|!}zWq5lB0}h6P;XIo;HUO*b5BiN?#GS#n`U84|`bT(Fiwupa
z{_dwwN%W$14LBS=d<A42>uD1n6LQe;0u~WcF#pm5(4^EPNi@k%xN#2ErEOovELIe*
zhMzV+?za*zYD@4)9ZrFe|NMA!yjS$~3ykZRV16P!L@8|vz_8LrqBceXfFpEZ(~kLi
zG9S1u#u&xEW40!wnz1OCsRs3iWzDT23Gc;v`XU&AK72&LRssWf&qr!dTmOp1>tf|x
zML0TIdd1Ny=u1$NjtQtG9s|?#zH00FqCezG|9Pzb<-=`V1bRq@{P)YUfe*Qc6bSJs
z)sI(={}5p<WaDO@S_C-z`T9o(B%&m3fRss;K$b<S_alUt=6eb^dyl{r5Y~mq+xx=9
zzYK%C85}yR+6XblZUIi2t@LpzR>Tn05{_JU?hA59338TLay)N+z&P1Lg1ZV-n4ba1
zNdsXj*puDpdyW=?k5k?2-o-qRrKoYvEK8h?21m4~cdTh%Ba!`fX(j#qSEiQqL*V3#
z4(NOia3U8y|F^);GFEa3&<nU&0stgZ`vE=dwo14k?t}2VGjM{Asv79q-&<nRNwSE2
zyYR_!qv8J}VFPThSV8|KEA=NcjvFH#?RD|2ruRjK+F7?j9Z|6X6hlnsqu|!dHiZz5
zan)b@d%Cw5u^saB1|jspQ6~5>(oajIA11N_rRf#9I(z^*ga#zn{lXo)a8?5`cxnvY
zYag1q-VBlCf3_)sQ(2pl5+kbviQG#3eKKXx1EsK>Q+L5`Mp|@GV$&+w0bmZ(MN?b`
z=o^DKd1c>?L6)6_S_x;7z#a(UMf3wnVH{e?AYI`bvco6Ixa6U9U3aB+6X?hO(v<yI
z0`aGM_c<w?d_)%Y@e<RXQTi7g&_o4KEWXj)cH@5dSXD}~ofg8tqF^N(b##yn()r)?
z9Fpl}=Kw~rx^)-0B|k-bTHFU_YWxn{lgw@aLW`7Y%Q@$u^g`>&ZTI4bMWinwnA1;%
z*sV}XoxRD{vsnD3s~j$WZT)4q^ry@E*R_ILSw5G7RwJ3GyD4ZfdOe_uY|#ize6aS>
z+Pm>TkmA)w)^Hs@rYj;HSoHrec{XVn0X!>QsNpJwNb_;$V>`*|4BZg-<KbU-C972r
ztqu<pqervl7_DMMEMCWHKV;^@ZQHUtSn8-8+`TKAqs}Y8Y+#&KtGEN!?_A7Vtp81A
z?DiFuFhg}=%TFVd7rcX9ozW3{UN1+pbtJ9SPrcQ9(%2`~r~Hf;a1#)?i7$^g4E5Es
zWfGnO9<_d|93i`z5jVk<Rrk*p{iNsF6#7t4kme%XWl>4`ZVY6BI2RofEGtn#FitMK
z{|1PKTJUSltptinQ>sxczL`)r3>yNPe7)8Zx?u8QwrG+Y>WXO&(oYCnmL7fxmJBvt
z2AnJ4skM&$GDIncb9T-^g<8mfsEg}$P?iC_7Ch%#$0~tvf&4hof%W}Rv9iUx-+V8O
za6TU1LP@pTn2)Su9dFEhQM~%+VEnhA&#}a#sTglHzxe~=q*q9!j>uKR;2KNjL&miD
zU*@Zd?V=VUUWCjBqJSh_yn{vd6V8t|SOle>6~Y=^8y}!mrAZ3FQ6ps4jrP%0pW_l7
zBKKxq{)AWapJjQz^FG0pD<7A6FB0&u)MVd)_o$DRUik$i-MZ=e9UQ@J`K*<!MxYel
zgPxb_*%v+oztu#NvD@LC`+MOzd<Hlcmb39HTxvS=_FDor^B@<P*W3()ALjs*TJlQ#
zOPS}|bc9vXmnJytf9Wd!ZB-t1$D5rDvp7fK4XQHqi3*)Y8HF3Ln7(V>#skz4a-T34
z0drHD2^^Y4gWsrd=d|A&YTm63<5xj9;YD>Ds7jS81zdWfN^~e3vU<GFK^r8FlP1;H
zzG8Q-E<qAx_;P_RACalK>G-Hk>K{LbpG>Xy2`w;mp>H6h*g~I9^b?AWr>oqy6kYyD
zmZXk@+P;eW>oeo-(UEZe{=c~4I3M4nsFEQZ97t6y|3i>_@xzCA{)QxsMAvRTZe@?=
zW2NMzx85EX0~dr;5P5DYyV)k7kzyRs$~)Fw4zM*vPHrlt5BbUqIr?o5{rBs+TyQ2h
zrr)H0OR)ROiW+Ajeg>`A4l$2EDXez95qR%}U_D-c>v=UQek3aKc8o5XLQ(N!l#OS=
z)|1-!ycu?Oj3;?7l*sIrg9JX2221*)kxG767FYf<no)D>>RG(kxV3%4Z<><JdVIkT
zxh$xdIMW_1w~K+DdkE;B{10Eo<_9Y<R_XF8!H;BO23bk{^A%a|{+sI<u&m3_A<;T*
zm%d(IndbvZV)T2)@E8B(uXwl7e#NeYlRVCk)@C-x^9zl>e^RBy3)lrGr|hV_Ltw>W
z;&u=QNsx=^)t4Ia|7Ixovk8H~=?Ih(Rq&cjxXgC>)g}0sCCFIc0e#oW-0Wlmjjo3X
z8l-|eQw8#CiT~|Z1fQb9C50pq;x_%`spTMQ3C~`>i~CWmUB?k(*7dgBw;8mr5?9Ab
zg5p=35NQ9aTOSb+PXU$KQ%0R_SyfQpjM}_|n_L6Mh%s4kTvxdPZv_s}Mr~6{{YeLO
zaH@bjvdQ#0cI4;*E*&)P?OL}CvQCv%(i})NIl#1pu7S=cPNQe=`|tjTT)YU9$SmNv
zgsaq}52A8E_#5Xy!AfjU^%9f8HUW%<-C}YG)~YO64iYBS5<Q_RkMqOTk2{KAHs%}Z
zU_e(rvwx{5h1E2i9_-THi{m2sY3MW0^D^TNzA?;FPtYSOl!|5Guv_V-dt}5y^$XLs
z&i3PPPcu;JXUgqWHW2J*va1#LN1FmKz}hwP1;C3Koi8Tib6O?31GeI>J?J=0f=--c
zb$;{t-+5@3d3(7|odfX%EP<^oAmdd5G=!#GzjiHwWX57`AW5~_W|3m1{UUAWF%cJr
zIZm%#jv#2!&AyjKVu^U<^M!gm-)XYgFF7tSDG}>8qudn}Zy=024YFAa&@i*g3*@T+
zq}a+C3l}CPSJh~^%I?^gBH-nK$W*==+wAgJb4hOtlCL`N8r{HS_V^(K`ovb?DL5X9
z1!GG*_ljS+(}LT8o51$=6ODQvTM-aWZ?v4N9k=B0ym5OEkGXwu%vn(t2R%S<)dDC@
zasZ!sLSW|#ih9$JGLFz^x@*ISaJ(%4*}ll=`x+aC!CqV)=awk`*iRhZK-YW*-cpg{
zKkx&Z9b}fs5?wmS?b67Qy5DVpG2{drp3QuFYY5sMS?=I`ETWuNYMDfET|Zm}w60Q6
zjE}IX*J@U4J1_cwygLS`Jx`3t(D3n}{k(VDoDE3=UC8K}*O$3CvkNyToG*XH8P1Zj
z$Fyuum0N=4y32(IrG1n8iBp#!Fv{a`uJVzyAUqB?V9#m|8+2G`MlR^U-YhgW<cG|B
zApX0pRU`XVwNUc}<iFKhBkED0M^*`jPt{-3eL~Pk@&IwLO-AWbq=7}(WfkW=kOq+!
zQiujYw8lvj3=)IuZxw%)fE$@gd+%%ZK5Q`8NgGHk4XY{DY9K+afea9ClrkS|UdCJA
zGQIDOl8^b}-aM!_C=&qKVa5rlzghJ}d_!HoUI7on;P!mbv%q?xQ58sDe0%o%(R<8x
z>3alqzx!=Q1__pua5;mwJOdUT)LI$|H(Hh4dcJ<wTM}Kj(G4^#PQbFB!4k@+3VZoA
zkO{W#1}a{%jkn{9GU#!dyCIqhK%1_o(qd`}LUCm$<JbrMku-q(w}tF}<S97DYXfV;
zaiKpob7|!BYW<Ylb7ax^u1Zu;5VElUCct^mQUkvQrPE!By}Tbq+FJ+#z-s9m;F6Oc
zLL}7+J9jr|(3pTk$SfQbJQ^v5rWeDgI}Z@C>#hoBXPM}}kf>6hIC%Ar^IX2!_~~d}
zJ~;Tl%!m0)bp+$g;Uxo>W+jBrwL0LMC)?GX)+;wT1JI`;;4G%1s;mJyi3BeXwL#va
zP(A?k;xOvQFiof=&$MD3`JOcpQuzBm5wB<l47jILYuP0Jon?A=Y>Au4M8?4Me$gjH
zk}qG?U@<MmX46swNWWC6zh%*^w0H~DB5f9MhLlSb4WU5xzl#9{AqvzZ_UO*jdOcAz
zR&~w-W0ErTI{+$$H)SL|gb?BLH=d}GFOkM__;>_!?;pC#t%Q_0jTdT7c*=|_$9G}7
z6=>I0f>LDgS-R+lCq=`JED;;-KR}y`;Aj#}p7wGQ41Tsj8>I@Q9?w28sNPkCp^d@T
zpC$AFXNtEVI658yK>;%(7tQz4wf7FldlA<^#2X(c;=xUBe~M$uOR?&nAl00^-%;uv
zJEYT%+=O-M)l07)O`OGp`+XxRQ|EE*I-x0p?!-B3<2%!y-72s7I0>!|z(60U*Z~1!
zts=@K%^^xPhg~q~sFT6oSFS~OfBv`IM@_JSJo;{5gbKcU=HmUm;jIy%Q`Z@0#ToVy
z|1os)nQB2=sDb3`{4|nGf|JX!veL>4j>ZC=hUtFQT*VGXgD<joLD08R-!KAPl`j-O
zlLkbn>s|`=8M&x``0c?8ULdvJi^#`GAhsv*yt!iV%4N-AkN1f)qmPM6i>d&O4kx2N
zpKnCuHOMXBh$7toHg0Eo1+ba{58MV|Y!Rqj0?vRRz_v#uCfl^-!1Ix|1Bgto3D&8d
zcr)Ww3~zv@@Q=)BIA0t3u6*U>U~6nkac^Pl@(9rPU?K5Y3WCd7v|cVig>Gu`@xxn2
zwxrIUa>9R{Z|%5oye@VbPMM0Ww6RSPM3pGCcc2e$HD85s^ww~$RryN3m+eulPPL8x
zd+=xBEHkN&d5hq`Sw%J(sEME?VyII)c60)Q1XDT@!!y)}4InMvjWgSZlP&5_jp02a
zAX`~G=T61iu&hY#8RnaNTq)&KU`*fv#?~H^D{NK?O0wJ?uz4u3SRs614`TkuBMLVR
z4hICl&a8k};6+V07j2McWh4{>JM!OScO)u;WS1?N$JPe2AiYp=BbWq|3f0Io^mTwn
zzmt_<#S#{n`{~CIeKeiC=aIR{A%J~Xy>|sSgZ|4qAc^rp2n4e;$+A4@c$TbEs!>I^
z7)F6d#3GMQ;Q~bnpUsX1^qTJ|*&Ki-f>T1ST226;B8EM1o!EUAKX1>+=3F9^!av78
zd)n1YXb}q?c68jEpKI_;U^kBex*C_vz7^k}`8t|_32gaC^4HUF>2mYwZ*OBFBV{?H
zCb?<gZ%5Dyci&rz&y7Z<0FuZSR}&1G#;zs;WUZ~R8pE!~RZ#ko<L0ON?XG7Jth1A2
z&AtOw6^2puco2{t6j!bX)~$qR^C<o0=D-cxHF>#e)8<q=?ddp`f|A-J<G|gl$O9Z7
zAN$!&mcVq5eBnBj-~?zuOsf{CFV5?agV<7B2CN=xz2Z9?m8r@>;Z!4SNFbuLq2IPw
z#-n57y@AC5w&Lrvd>YF_egdCdAXCG@Zu#la*{1@pfCd6)1HT7)n@%w*lyXDQPW4oi
z5|4g=aW)wb)>CEf<xBuNFxyih*WNPYUTAL_5Q@n<mEVr|n}rtn*xTkz>}Z%cQ+oWh
z_e+8C`T*j?u*Ff^3qL1!AW&-w6f?4P;s794JfJ>Z@@&N-&JroAwaRQf@8gBo!l342
zEF~xGv|(N==D9*E(s!`lw-81>Hhsr#xNb5KnHvz5{<<dqwN6NU5nJ!#6L+J^l}lkL
z!Op;81Z~a(IXAuojEE}xf#064w$xc&ikwlN<*|em#%G5z?rVm$o4*T4fBc^y0n!*D
zJaKwEn=psb&Ffts@AM`-^lxtd|7OV<I$k6uoBfmb{$>^b>x#iA76tH)R7-Ym{@b0w
ze?q+Bj!@rNLMig!B*6dYa*WczH%hm!4*hWt|L3cJvfYk!^}fno@aOxxmH4m!W0BGW
z+b7=fO?Zf)Fak0<gx9EUpG9CVdwO!voWT4h@?KU6xCJ!9f>;0N#{Tsie*5$|TQE~H
z`tjNZ7cN2|${9(9F6Pbd8dkg+p*zs&|AijCA4Ou)s%#PT+tmslB7lKbIjD8MgA_RO
zDxg5@Z+>|<41vEn{Q>NV|LbzLYXtW7RHbFYc!37%#HEclN(O}>1}i1$5AxsMOypND
zgt$k99KXr$w(w0p{F@g;QiXQboLMx8Oy8zNTtD07+4R83EN>8iA?#nEPWTJvAs%L#
znREQ(KE10ET=yxw@M8mU{=<_NY(>z3v@7TP0FWRxbdlV#4M?y}1Fyh{vEH@Xzvke7
zzNByxZ#pUJx;MjQ?}5jZWmovK@XMU^@G>xP)CA<Dxl=&99|qMQ*15_XcMz`NMT^xG
zGH|OfT=1CrrVY}{Sr*G%&_14oBQ{V&pVBC{yTW#NexMUEk=WJm_rX=Fflk6>#-4Xa
z4Zh}+bxy?%7n}J-R>1zS5==&>Kr)-SvnlESZ*TJ7|0y0J7=y?>erdP=v!!Srtu>ln
z>j$U=H|+Q>L(V}0QV3>d@4(n|av<rYww@iBQZO(cgJFiX*6mpv(!sl(>D70`%<qra
z7c1#?>Z`{=u6+2b-yFPu`z<Hr8Jcx9V4aw+(@-lAmhkksJjwUd?K3fNP0zwSIQeU@
zKG}6McUxV1)9*j6^WS%-;1{GaiXhOH(XAD-*qSJ|23mq2w9bJ5-gMIqjIm0`TN+k-
z1=ONsg!<MGfmTAz9TRXSf+ET)M8|UTJXf*YL<V=8*T@&|!3_#RCV0SQ08^W=Ih~_G
zj*FKBuPD_^nn7Z00N20*3VzjI`Hv64Otwxiw^Iz%+k?_~N9<=RE6}=#_XfVsr@?i(
zLAlck69(d`ACg>t#Y+tE10uCnwM{Aw-h04ct|qYt9Y5$DwJsI8QOlXinp!Ze{Vo~x
zT;DjHyVK+1;Pr%-%7O};;66~_DFlh0DoDgB)_(q7k^JYUGo?Zz<r4?0ZCglh41GDM
zR%)9KBn2f;zcA`HQZ%r)UG{;*64Y^6sICDMnZ`OTBS3(vraATG77UxV;fFR10}h9n
zt#N1sHCbntbi6_1>lI*u1f|tN!l=+uD%|s2aDQhobPvc`5VL3cjPu|ii8>Ym(9gJg
z6Q~5CUZd`)9@2oK6}77>q?!4dUL`LI3_7}t-#K!F!N(5q?O9+#Y%cnhYyw9=J#Z&`
zB-9s#$NC?(8vO1eRS<yAu|qs-Z}f{;102w;=I%`q@a!9~q}eGLFyeWgD(r7y#RL4s
zV(*q~Rar4llrwF?7e%gMqN_CRoiq3-npubuOe*S!fc99Ds3?sAIBGZft&x{?H|t!f
zI%zj^bC1g}DAcgo9xg<JvO}iNkXAb%A=0yH3C$dyWI5*&Y76z52{DzqR+uqhaNGP8
z)G9OjP^j6!Gcu#t0&1MPTAh#ZWQ*Cbb25<F?I%JsPl~JQCULl{idh}#6xGp25DUyB
zG4;kWT7$q*MJvQ82RnI)3!{KrTmY@|so<yd1gObogkiC{I*E<XuZw(uuBdCSZaem$
zBgnt)({Lv5yZ7!-MhJ0qIj@4ouw-dle3=~W(K0G^BE}vQD*fJEUDejN%(z#QV$9Dv
zpa#b4(pC!qnEiz(>@8OtP|t6lRn`z0cM1LEj&x|EG9GoP!nt`M^kp1G)i_rsAY92P
z;rI>OQV+=EqcC+k#f+dW+c=~2rpD(a>+d-`HTPnl0X<$-uvWTXH{hj*C{~zVNg!#x
z1UbqB9@>h0pNKDcuQL%MB**hS@6ek2kYq9Pbb-`!chi1Y47WxV0nH&#xj=mw$<nkh
zZc%Y?ljw%{!wqvD6cbSvv`02iCN4xnM&|P7B{}oG_TZ&34y|&DK}Rs9D@x^WeLAi_
z1c1TdU=LClyxi7|+7a}Opq7ra5yyeunFT#_kr>knBr_(8y-+$yjbcMuLSd6=P%KR)
z845*O&BuZc@eeSqwg%Igx{X>pdl!(@&hniB82sw5-j(Tpd)^q`Y~H{$XiAo6gW^=-
zp&^j8Q3Y4oT?XXfIXdj~)mDIVmeMRk<|9yu|Kjn^{HE>tW6RaSy)cbuFmo+#`~4YG
zSq61hlXTco&LF7kHg)<okdpY(e&*(6F9J=ZU%znX;F4;~_i4wa6dRb8XbEP@UPnN_
zTUDC$6IAi5s+k~>gY$a(#ykH(`Aup*1+Jh9EfndM%DnrjHoOTj>jtLr+9kt#TUEIL
zu%eYRO)N>1KlTmY-ubPKMzI5~(G0!q<hNZHs32%axn&)q8I^>4d=;UBy*`H5-}CBg
z6HViDzM7lI8>DQkAvabutUhJW{X#Uq<t|EBkh~O<r7>fQ8gA)a?TxKlSPUi+lK>3_
z7XKwsQ`oKL;37(HA>X#8T3~{SaWx^a*5C_*u9xMKCJUwqyL<bv=XHL;1ilLY{%{3J
zU<jKwt099-a2#drV_nUnfYHr*AdD;36i-Mi_biiEt;oWxz3>zhXf@Ws1(rH&uii(3
z5#rdR^z86Apg<35cOILPY}=vH0d>z~rz_CFsi}_S$vRIvWe0kxHt{sksbwO8k7-Qi
zl%MtjEJ}~@fN~eBuE}8XPMO|?U~c$Y2#aN&{WL%*ZiANYNyuku*kj?ny3HSj3GKp!
z8`^OJ2TDA%n=RZhhQTf;qa$z_%z#RB%|HY0AM}J$l7gE<SCKI?Q%G7@+mY`FSA4Ak
zEUgcj*|E)>w@WlQJT<mia&Gfp%7<-SbHZz1WsMrURnmNRj!YfA7m>NRZzXXr;q%n8
zB;BusYAq5K7V_s{P&#)7U=Lfa?`V^XJmd3pVlU8}`{G%5;ALl^xO1LP>IK|eveM<q
z<TT<6<N?yoo*V!bkBHHojBqiNLv(#nmy>+c_#9RPxqn^V=i%~77RN~CUiwI;RGsqr
zqT!Zxk>nXESAFt%AC`PA7N6m|{&~-f;=Xz;q}K!6mvr;jJB*TpfoKi^d+tr)ztv2C
zK7CM(LYudQo>CYKq9HTG_$5nmkzTmpGqgMczoS}k4xmfcSgbC>_47XX_z^70?uCpU
zNYCVXU!CmCXp4>O%h*0O&Qbm<cUQqOUGFPDL4dsXVAQ-*?&tWCVK7)80maa-@Iw1H
z0*|J$NwUK8J5Ph#a_*jik^SaC{?R&-Yt@n=Cy!T|HekUIuoI|lLbaP*Q)tt(8_jht
z-`v8x*&TrZjkjsQOwcL6ruIs%P^shy;3XYkORuMYJ1=5WB_CwzWu}e0x@1PZsofZP
zQa`$SyQO<u25;iQgq1PmgcRo7HlNu7n621-E0too1+0<s4dTzP&1Y%X$7QO+&e!A?
zE+<o!G(iRV$ic++N?pSOS?U|N$LLBMFhH_qy96igtW06deOfc^uaGz?AMqQtmIvan
zg8fX82{7C_2Rfvan<RXenIv(w^y}wo2g2zgu1o90Ndv{6*dDyYAURq9z#8L;y69N<
zVKcYa;0>2mHG`Kpckkm3)kf1bV8EC;!phW!tGhNabB`A_i(au@B&31n@iq?_v(Md&
zD<jI$A8h@KltfUKqvpZoUaR?eLr8M#xJok2E(Y0<jP9Xky;zm-B?;cB2D+&kC9d{y
zm6j)~JGu;C$)>kzZoi6W=FSjHMaF2{fXa>8dDfQvHH=d?%qmMRWw&zlVCKFM_kyb|
zdYGhfzP&l&c@8XPGpDJ|Y&DxCe<1UqLS<}8#<LA}s)`<aLFi(&e_A0N*~qV>;Qm{O
zH&T2p4*)yrW#&M8HdwpKqk*Q**8}%JvR*X^t@~|KvdR_S6ITw!bSn1w!$FFRXSCP#
z16T|!pL2t6x`diMuLu3Y^G$KD(Y@;3hO~M?*U`{4OD6%%jh3%5nDd9rxS~Q=A;v5^
z0Xh^m)bPYTW#eq|(=7AKUWlfBo`1%!%JqQ5UVCkmqW}%8iLr+%_0#+-vm0mWzhw3#
zjtFoTQwJm4amu^^4PH*#t?5J^al;W%nu#bxDN}xXC6SqE2`cRs3RlkIdKdebFM}%1
z<`X<Jm+;1YxD;R{lQ}=X?orm#27RPB<$oQ|3zL=F3py?mO=`cgdAZ}8oH)D+M5Ao(
z_C4?+MT9Ga);W>YLUg0Vl=ir=+Zz@G2%&>YNTe`XvAr}linQPW=tx}%fDw$qYLx|5
z_aw2Kk1sd1HBC(V4;}fRWNAEUpCztWAM535NIVi_G=tgoAfsL%MrFD9#8%PP3gO61
z2w*g<jJ+0Pbc$ZnVB}K)(bG{JL+LiIb>sY7Qs>s#qdbxv{);aAS=+7}9@?@SFv2u1
z@0L=Ui)wtM^(ZnQ*OQi~%E}d|p=3N{B+w^0aawj+<$|pY#A@3X@dkBOb0nMwi?I-X
zOG1Xc@*9z_G57Q8&<!@v&@l3=)<GT*nfG^rSIyoQbYJgtUA)Y?o!_z!zIhBcFow9U
zr;2;Y330n)S05HGI7pbOWRYZ!K;P)JP{W2E5=%8~9BaoTV$UkKky@sQBJd1;Zt+b-
z&>Qz1+mTe;4Dr#QmP2=5Ol!_V2r?VbN~1#n{@B79>|btTHd<snXJAeej*8|L(Jj82
zH>&w!i8m%2`U)GOZb>+PV{Ko<^Ht3^cg{gEQP*UC<9fWGgDi5Zy*6?$J(=`aFc;Yn
z{{m*FF(L3KYQ;BwaZ8>c5=?Gt%@v-l<k#|n8T4ZRY<-ai{iRzi7P~UQWhOkHl6`PY
zgjtM}1_^?_A6d8tPO%+3#ep6$uCYCN^q;j5?bu+8wpD;KvA<RNYK-=9GacC@lVzAS
z<Rsb~!P|_E%Fz83;`+4-Py(QOQ-pBsJ&DTrC(r~BbWmahCr&Sz4h!|Igr}NP;au<H
zT&X-$c38+gh%eJ{ruOuFQ4z8?m+!je>E%FQI&xL#d+^uBMwzJKqj43su_OX%^KSBn
z5P1vH17ZQhj|5dtJJakY&ni;*CEN0xsLULS-6t|I+Q(XsZv^=mVLF+h8C_&sH}6t`
z=94)rR!Z6tQdGT!RwcQIKh~_tC#>S&fkQv~{s~S)m%J%QhwgE>u;bBQ>#?l(o~%P5
z+M$`&?XE~Een<WD4czWeBw0FSn@9<+{5c&>uDs9Va2e1BDAkH;H)%(yp=0HvO;BZ8
z^@?LPo6%Sx3U)b#oxO>F01m<G*o;j|`PJfi@@WOe_v2c^Gk)(Y&wS0?WE<#yNO4!(
zN6}4CY~1iK@~Jkn{i*xw+}*K!EBzv$`ooEu!o`%0f}Rqe`4~BMqS{oGx(aAU_@@2V
zYgu`C_xkh(2x~ghS78f|`i_Q@IA^*b9Z*Tf{p@r&Y1oEU38R}%4`xs7hZ!9I%s$3N
z>!kUac_()y!b~?z_iG><y_$j)JI=L?0%J|B(4L?!h>2V5RF2iJlYYEF$xJ&Yp#_I_
zpy;^T-E5%3T$Ai>);<d86tR?oYsy<(d`uwSo3m;Hlet>gP3ue_8??<0&Fg!q9Ey5!
z6Zy&h1o=Wj418y_#<f0%XdX0^c~8A*(O#J~_*mv;Bcu}F=aY1QAyhT2D{x$;)1p4E
zrhx^VvUgo2^0JMOy-qG>ihiyy_y%gjl$H68Idx%=Vnww`15Qx~w`S4wHeKNs=BM?G
zzFyO^^iQHc2n|Z+Np&?L^Z^K8Q+~?LO$wMz79nR7Xm5~eakyG3+CT?IYORR%#+Y%q
z#;-G?E(l&i2l>BDRBA#R2fw)&JlVqIsVaJneo#xS;)FB^i!8>zJlM7Nbi2MW+9fnU
zU;UftyM;8yq)j<ncX&oZ7=!R0P5gqy#ExC1Sut#PoLOowhE3%|cv3r0z`WyzcKH0;
z>m6%P`@NVkB{o$BUdcV%B^>rRwc+<vx?|qb8`k3}I+RyM;(H6n;Zl2n*k{}Jz(&eq
zzfo*2C(3*4lN69vTaFiC7;Q(onF(V)*kN^$Lb@~lfRt#ZHwbIJQ(=gis9Ac;7B<2_
z)O-vM{T}tZ(oH%_4Fw^NmadouG05Mq$;Sj9CcUgly9TqD7O94~u?N!E<kYL0c6J5u
zGNvrWi=guiV#SYi9@B&nnp;>1c{*P5+B3VT<`+R#9VA)#*hvEYV-LsI`>Z$CnXY2A
zB{_G#G8%%((9~)0QEywrGB%Tv>qGj{1$vmP@*WQ#_Qjo;@WMb<B>C~PtRsP2{PWAq
zra)S>o<bDY*$rzWhuTM(7Ang`&y<KQ)3GToUaA-C@Kt#_6Z3IxlB#a0IPu*HEElML
zc5{)cQ>a-SXkJmK<Rv49p17EHrxfyTHS=rg=GQ<KnRF>|GGAytD~2o@o?XL+c1HUH
zZcRz*Eel+(t)d~SO@v5ct6wh#o3xDWhTK!VY^%GKPD7JZuef0t$zPuA;hB}@q?yJ5
zr0`%=ntBuYIDKZ?r78>zJKZG{${>HKen)7&2DIPIiIW8$?nPsZ9*b$DDd+j|1e`mT
zW^L|g#RVY5r~AA*%<X5&#rr(Zc^+=Ni9?XT-Vp6mWY!1CKQmXj_nzJ8l$d=;O~g8S
zzwTlGmUhHEdhYY`c!IEeq1rP4jb|v7*9aOTSghCM1C6hTLWCL~^38UjN9G@y(Xqi~
zQ-6;E(sz+QvE=1AB?ik)<wjLVD&%{mDF)N_2X@j0sf-aSdrqWvxhu=H+3ayG5Xhj1
zF0xf^N~{ykBtFYH7~&d26K8*TBYU34oPi@aW{2}^V(`+kb#&cvc%g0P!lmNNQG@a|
zi@>-@8H6i+t5DFU+PO(o@k`binnL{3PcH~?wJ3)JuUEn|w?bs&iyf#yMf9G6-s<=U
z-}cr&V)0&9k1(dkq}rF8m0*NE0Cu)5<TgYK`8*Tr_?K==B+uQ3qoLcXeA9G-q}QDL
zs*Iuyfy3{K*bOEw!{8Yw90&pgAx^<isi|5&@|a&DzQJv;bH!{a5O1tz97FTbT$|Xz
zQ}%DFG1Tl|!x;z`6t_S@m9%ZcW`<I%AIi2J&Z7R-8Pd>pu%`C(xiPC!XZewD=h(PU
z=X?)EUgvypRgQN9iyF;n91qDE$*M++jU>xK8{&q09Kolpq=(>b1PV;Y-0+xgk)K6*
z1lD~r6Z=}4cTC1H8}iF$!uN<2-VQWM_Cj#Wr3ae!g)<#hRHOG|6`g5IGW4<_lh{y2
z#(JA!k)%$<{RWY?Ew?=`0oknoN7!}8Q@#KHxSbS*E>h-c3T2a#RiSLoIY>qs2^ra2
zG?X$bdnFtk;~3d94P=#_O|o}p=I`~Xd%OL<b-RDu$5owkoX_X;e!t$Y*Yov!K3`UT
zi2~USGkis((wOvtmNn&4{;m0^TLq${Br2?a!Lf>@9KfS<Uzi?S<>D7VH_@Ht8<OgS
zZ^}JJPrcZl+?&cycad|HpmA?=KvaYC+{M=%<MxC(p^^H?k;*-Oxk_=h3zB=xMict*
zRNKeBF1;fkkTQ&`QmA#1K&SO)c|4res=8lR9=t<q2ntRAT#?$J3*tXeLG|)8hiIu=
z<Yt^-GUqK&%J>Z|a+!Xregwe7Nq{_`GLp)^`iRI*h(evpugJ#46-pdW4h+?B5Dr=i
z9P#(<)g`PfZzo49L%EF7+;H8OUjbpCMfM`^B3C7qAg$ia2q^M~y>rMz%tnuuvZ+;a
z_suUn<ZrNkB{tUC=Qg+}KeG4f%CbI#?=_H_B<|Lhco5<pUh@G@n^P0?1(3kPjZYz+
zEcmh*#V6#{uNB81#g~t<N|4ksZEz-hhSeseNWv<GF#dF<<fXar%$ihUcr_e_ptuve
z`(0nsTV~k!5CfnQIo1aGW4ulXIyGvwXeVt8_0_)1-gAcq3;LHUr)CQ(Ik9twdPUq7
zRN|v!Q7)>Bp0*3tDZTFUm{gwzA!+kG`wA@*@@~^WTl}fk!q$0Ad+dvG#4g(7At`F_
z;<mI2)yv#PBe9Z>aTwH8%d2@1x!G1oi7%|umbwVzfLZRSV=nENPYAJrV3e^&G}i{u
z)^#*k1wv8J4S{`0+WRd#bKXJ=O2YiW!igT*?cT@?whPP|ZQk~`G~C&9&jj7syvnUx
z)Z&LrG1sh>&{q~2qNTsw!iUmal-#rW)GLQ}F|PGhzIym53*uC{=033;dhLGMyB0pR
zE&ez%8`MiceEP6kFqF(C*AmNvSx#mWkT_Sec8P11`S`2tsGq_ipR&}<uDAyb1)R|n
z-u<Q3yQHsjmrmU00_u>%jAcuBO}QaxXC449{C3Z?_?vO8iLz@c^R3W!jHfb$>F(E!
z!h1VLO8_!f_*_<Fh0L5pcsqNYsfI#*lFTw$Q*XaZcjR@E!&feub<aExy|au=9vpMQ
z(i_uLSj9WHUOMnLNG25+Baa--$#cfz?Q5_h5m&rkj+kt!l6Z&tL}YIN`mMcQ9iz5%
z-Zzs#PFlJ*XB$Fw>yh(fMez!j4FDvi%PohBaHGa}6(GzXeB*oGR(Yj~g}_9X5D9dm
zE$7Z8vQ&g#ggSqUY|xtHIN>tB61$Mz=hkzmbkMt^>6MK1Nk84#o3Roc44xQM?O<7r
z3IWt^y3-gbRq59-LZTMGPc0Kufr-|v(CTaAva)8rA7Y(xMmIE#_Be*1`s_>sS*-Ra
z_F!T|hQJ}SJMHD3p6!e{FC98mr%__iA@a<Wq!eG4mc`7})$#cG<44Vam7qf*fs$lH
zd42HQVd%l}o*t5Ue{PCaL(pPP3uiBxIxk9+0N(3JqKHD{f|_KgD&7WXdi8<Gi1-{-
z#)ampqWkHh6$ZtUj~FmPE!x=<+1yvm&V1JJELZ|`px(D~sIg8>{6WZ?w(9XDx8dl&
zApO5hGp|={v02PdI9)txbQg$cO9h%Sk15u_OsbEGl=W%O=)SDDP~NR#f6~Q-He-}o
zsbt{p<4g22PA63K&?>WWJd1^6k0p<pf2(hW520w$SgB*reVgJqw8mVe#!s*E6Z=E7
zeN0QeZCu_r35SyFu}8};+=_AG;Ml1N^L@^v<xh^<F+p}9?+0!EupMV+U^wFAS~VVd
z@mW3KjvuMrpoas{{{30~Lo$ObDboWXE?==Pe0*@g4t-6Ay}2tG9zh+uba}cz9U8wF
zs{<RLS~#Xtu0nM2_5z96$z~@?ZM~yrH(eGF?UAfDk6i&ik(M3jIp(u6Rqy2n6<?D}
znKA0#a=CdoAa#gva&r}H(#n>5)a|LMe$QFHxpXcXkr;na5tGyJ*D!xG8YjBCc1ip)
zUA5cC`)pC33wd8*lpljHnr-LpSKJW+o1@HkJXHpgTuh$H4!h_}NuxPYFPAgMzqdKv
zs5DE-n&oCf)?3P5=d0%1l~feDE51SYUe~#(nIB^87s>QU>PF+FVqDBCIml^c^8K6t
zxTQi9m-BR$n3FsZHw1K}h5d8#+S*ZLC7a!I{*fU=<o%T#MMCZ`W%9;PGU&#+#+j9p
z#;=|W9hEYaPp7t@)T*LlJ=H6CJO6@_MDOC!?2J4JB6d{xywUxQh8cGQ24<{Kw_sw*
zsdhswi4plP+RHB<u}e|USFe}awth_r3RR`VkI<C>!hgPqI1O#WhdH;&S<ja$3N{!O
zkQq9;JA}3G_qB=rq(g$bCHHWD#SHJrCOJXm=Z_9NNLn&fOD#+Jjr}CmMsYlM1Tu%H
zY2Vw;t#_#sW9&LaZW4+l0FD~q;D34+mA&R3a`qxY=og<Azy0yBdaW8RDf_3i<^MP5
z(SeLWP#Lc5<7oe{rXl4%Ai>`9bjC9O6it6z1lzp2k3+Zl)TTz^vHxh~+hjs}o@u={
ze*EjV>`*`h`wkc)#7P{x*{%PFlm64I|0LzLE|S@RJ@73$UT0SYNoM3Js~BcsYxJeI
z0Qs+3%|EaI`V*6c7fgYZRURG@+~c{x!oK?4qDv?hSU*PkSE+^7;TEtE%AJXf$Y-Ko
zp=v@-ny;$<zpMKDnt|?e;r1V)9=&AT%QJm5q~Q_c&jCH2h4)dTqfg|M{QNY2xZ_g3
zq!9kHf%w}A6cY9BkUiArGvFpHkY`K&?u~)<D5TwjOzAwBix^cSy|3YhXxHkZQ51B?
z@?mR#06I#X<{Y!vZhCl70|`vje}Cs+5s0ewNEys+p?&Uy9fx*9Cer1G29I;K=st8{
zFzLhl;lZm>U+>5N2F|}fwfZV4FhsKmn50hV<V`}WFbC=9T;0>kX$xI=2Z$1#Af!k7
z^@s(v7GNs|mhaANS3eBPLs0wrgMWFz-^v67FVGuxLi_PD^lfrZJAeKF!(-BnYeNu@
zH<L{(LVsms#dHy_J%z{E0bM^cdVROKgI&+JdA00>e9CWM*EjOc54Zov-zb8WlCJdJ
zTI;)DRt~7kkv=&;24m<s<|E^2fR|_pGwHHn_;uB8gH>j3cwKsr^GFBCTP?t38ez9m
zzg`elY(4=OQ*Sr<jjQqF=l`(rKArFae%w*QEC?75_X$cQmW6WQYM}Y|F~ocg+KQd4
zixY>tWZv18^pobFH#I_xaFMCbJ^LdYM|^t&W_BK7gI^=U-1e)r{e7tyo|7`wM^w*8
zH2J|9{nRFYABPqp8_XW6`P{jo2N`@^?aXubeSYba4Z44O0X!w3hXDsaz{oFiQs}%g
z&{u3kzn0d&T>Z#O@~8Hy3Fa*3#4%jN-%(Pym}PLMD;;=CrXA7l)c4@lKUC%Ux6S))
zGZvBpBRnV=8WccxHi5QMuFy!7;e>Z@II@%@EsNg5QXaMj<r-t^r3}68DPT3y2JI|_
z4PXJOBt9P45l%+p{5un5;0tTFd?5RKQT}qN%aDRV!(OxbxrqwnX{XG3n3>_8^PY_R
zQqHw2&`m6&&`^#L=CxS_1>N(l<*m)9YY3MRqx!^K$_4eAX}7!!)yv;fqqdQ5(d_im
z7hv6hCil&;=bl@e)!2CmN_o)G+?<iRD3CPA3sO{zMQ@f+n6jj({s7XONEeG<@c96m
z1Ro=`vn{#{8g+dtUnhKW^P1gAP2J_WJbzy?*H5BIMSz&%J+ykwO+&KPZ9!xqIws8j
z&M&#w|13JaSe-(fM3uC-ZCC9Yg(GOU^QrfjyWisfe2<CZcQ;E4-A+LZ{FueW+C};r
z)Ybdj#Cf0J7I$aUh39O(p$Y?r7MSmq{)FrQ5GA|>$U*GM>F1iwNXkxO<g8N17UT3%
z6lOfBfKzBqZvBo+C-h1_fGX?hfS}suC_5$*A;dgk5?ghvk#+~i-w!aqEZRt{?EBLG
z=emCUDe%(v?9=x|fF}Y|CZED%Ws?g-W`-|8EHZM^rAuQHvH5h6q-k{CRH_@;fEQES
z()mj$e;*hDM4v<l&XmO(;bbIW`Y?S7R@D-e(p)lTz}k9@m6L9ONkOlJ&g24nFmb(x
zgHw~31KQdS=w_PSA*Xkk$k7p}g8_7Bo3l<?bQ*zkL_UPCYr!YA3f_mfZI$AHrR&~K
zwdm3P+$4Y*8KGkI_RmX2c7)U_#Lndjn@ZjvWRzM6XB#^K>bR>gt|}i!ns*9a|Ipti
zL%Gym2h69*Xvf|g_MED*H`!-LYr!){sY)Y2L7$3QZV{Q8r`QEYX@@U8_cW1r)r~F6
z+MCcme80lpG*Bmc0$QTBRjW`vUw?UfSKjb)U%GZ{3XsVqJhdaCyt4fQu}9ZEM+F2R
zO1EZU2I<o!s8>6X`Asn8Z+i9Bnk?nZ-M=}njPAXtxJ7od%>>#w(;J?5qi)|q2P$o+
zeU7=V#9OTORI9a)X8jM5{pN25wA%8m^e^R_1y6K1L1YgjwL?hzhmtfpu_$hLwadut
zy(~>V=Qk*x4I3rs=}&n(!wQL7ljGi|8?kf%lofO*wBFm50f14j2h_@HBDi$ejJSiX
z%M^&_^O0VA|5F#A)h6gAnKLiAxd97#{m?18B^VbGW)x1En)0;a=_xBc`dKCj4ipZE
zfdbcP@({T{tk6DeA6Ptez&3u&BsYS2!LPIa1v>)Ku5h&kNU}m#>-N(>#9BA&=X+-t
zSq39#2MQ~gvB;4<1{@Nwb+|EXtHEhan6L!Ngf2`@vJ~_9&8n6fN4*@Nub1<rWqU8j
zoV1ReA0Nd6y{hGDpg4846cQI+-7R1HaxSq`_9+~O7w`XhRA*B01|O?jvj9^uIcQ&J
zLtlwx^m>vX=h&ar-;L;U#*ZcgtB1`0f2cGwZ(*=TK}^W_L4pPC%4yKmSpXM@IDT06
zp*6;$4{Q$*x}EOqG@Py3Ac;I`=j@H$2K)ejuIgk%LO$|vbz`xEjvyBonBE_gl0OTk
z6vjSf_7fWIt_!e*?Mdo@&{*Wct({X%D~!ufL>&O@9sBkN2sdLo0^7l*TcjmFGEa~1
zjqA*_8LCM%Om<8<L08hcKc<Km5}p~CE5Lbt4@VkV{sfRqrYu=d4<SFCa>3vIqhNF8
zXMp>MFa%LfScmlDzSmf)GpOAV+b4**P&{&h-+8w%7!uVUGBnb=@rF)A@VsA&dJ2|(
zehusuj{iA{(Z-=D=yEW=EifOUaLTG^>=^yFMG~=m9xqme=VX-nQaVK&AE}gcoSEpI
z0_3?Y$kV&Q`{bho4vm$mXa_@q=6cTT_4-qNAKuXGPnIQ(__#c9VOzY03&eVTMA$PT
zoF6zD=~^2jqrl`jQ6LAAa8hs;yb!e;?I(RYMxa>xP4*(yi4sU)L3yRos_y14x*ht(
zS+X_HL$6tDzOhPS%rykXYtj%kHlC>Wcy;ALqgDvHfn`@-eR>8QL66O6OSx1|&%HiU
zE4VLF-U+&`k8v62QS(jOZuD*Emdk<VHwn8v7mle9G%BYDK5J0z=XsH5)i+J~EbF+t
z+D!qM-KynW;uziM-0}gbadYPkgJA`Hn5ozw!Jse?+=6Tbly+H~G;N&DS~5QHyEsuI
zb@eqRUs(tf?<tCvg6Q(fSx3pI)!44lc)M)E$*l(tc!zg(*UQZo&DI73Bz4}&FJfCp
z5CCdWa~16D?Fk=mMQ_^4i>30xAy8he6fBFAVK;SeEctw%Gi>ZZY!F8Dxi9Ix@jHZ;
zym4kiY%1xkO&80;p?$6p)ef`bU+<ycqM+hdcvnItn<AIU-8iE9-U(1b2jDYxf>NU=
zEXLzf;*V#}FS1D{ORp1S_rENK@lK1v$ZsPcwD{@FLrB)0wNlK~Grfv{%&x%Axo%Ir
zkVd<mJs-txD5!_84A3cY$`S`>2(E2KP-Yjy+|MbnBD!HHEwS{$ur2e-S^Cp074OI^
zpJCZGiBS|bl&lindwj**SMBmo3re=Qs*`*GI}B|vQk0JS%eB;L@(4(%+L7c*gZ)~v
z%Y+LMLfOU2-Ca}nB~;_Al<*$nAQA4-3hC4`G@9-%Y&L629&j;Dv@4q}G^{^$?fnZs
zk(7n3{9cz-#u1D-xBH_);z+_1<!qpa7QJbdRxUsJTiQA7K1v^i0t?0+Gv1~H+Y-4n
z1`Yh72@S+y6Bxs4?NtuG7ac&+jK1R?2)NX<9;ZRSB{+(T=8gy^8f~tB(IxMM)?G)e
z^er83r9KR%qRziUD}V!Ba2|;*fqq$$)elc_ci)wCWwACc38oSwQjJc;F`k@<L-+uf
z?Qq=<X-(FhEy6*_<U|GY)Em6^y{B%yNRuyf`_e5O6wxjmL;eBr<M=91EI?nCAE{*o
zwM(3B_tuL)mRd5efC5~U6Pp|u3<4|gEF1LB1Rh;4vFI3`F6gs*o`@Zp_}BFK+doue
zy-rJKPQ8C5!oL_qkSy4d*&5~#`bMSf=iW8|XWV^IS%sac2TgQ=-n{|)2>nd!XVGBU
zmN0T<VKu1i!FBWZoH-z7;yr~c>V)?d_6CtN+^vPqrB1K@)Fs~Jvv!SIvE)ZMRz?*d
zf_5Dh#Rb%TWgjN2uAZdwPI^PCkMd>z&B_gw_)DR%$0sSkfZQYH3n-|HuRk6W6LUQb
z{|HCT;X8jFHLQO32_M2lX~!WsiGj?vape6n)85y1f+KPfs1`9C!2<49zsuKgeq4*w
z0Aw}0DLQ=RQT-|*hZJiCp{t*CL$jSedhbA=zu-k~>M~DU<lo!>NeFs)%Z6~ZluWSt
z2#H@00h@;moqcefGkOvZ)khah1~Y$iZOA4~P=V55b=~H5F9hfti&%~>ZxqGwJyFbs
z-=Y#;hc$1ahxaZNv)y#wzL8ys{YtAieC9HcwU@vNq!TFQmti(z65~V>@I2a9S}^IY
z9VV=Mcjz4XDbgkAUH)6cDrO1kJ<zsHKtZ689mT!VC>ZMgw8tYQe_sdaE54RPcX#t{
zP|1PdW2(eq>X6*3$DD!da<t?1kDx__FJKABzF(T*j-Qfve;qHN?Yv@f>L+P-Mfs`0
z7<La%-J%@VDs(V}vM%^<3T8dmhnz>sc1VjZAy9<zMl!aNg8Frx6UP605o;82b5m{*
z5c@oEx9I?18$)F2+7MUSqK&4y^7D~=%mTs%nl${v?UnzP>j6e)4MNEXmrKxWsfQ4A
z1<0NVL0pap@~Er8%l379XUPvQiE)Q8yq))X7xyumiL=!FG&e*9kem485nF6f3?%g`
zi+AYR)jtK&vJfP8iZSga9rq$^yNYZ<of+Uy8^bW?!b^!S65Avpt`P-?z)0uG^;-I$
zp0IHC_Lg}YKqZL0IWC5k9Egn!B-!UQ2%5uWtZtWq@tOyFQEPF$bqdIs+3+BWd!yhP
zJO_o=2SgfM;f>OGW*~zQn>AvkysCNQOpxl}5|h!RredDOWUy&S=`zAu`^!+!7d^yC
z)TiHlucnHtXa&_}Cq!f&swOBBF2<a8o{X|>xY0anJ1f2n#d4i^xdQPk(vN=d72`pu
zR}tnnAoaQgZaYmSl48RiBz|55+U#+!@birh`8^Jirji>}JAQ6z_(N}X1N?lBcV!v+
zD24OAL9xakMZ~e8%6SlWEn83KcN+lP+urL8io<?4U8&&;QUri_Z3!&qIsu*N5k<)-
zxqZIBhgr16f_~%dm|5_jZJ}T}*7X%&ff%gxRHz;d+zxZ9#ohigAF!YIrTsot>gW39
z9(kTy9{H)+DugJQ18nKKe22AA9kw8GJ=aF<>l(j!Fm~HjXbPo6d?!e3fUtg&rE=l2
zR*BObcIF+W+}#(DHw|hZkxdG0ZEYu9TBhD^kwoS`B}Y9^&9d)*vu5jayL4>c9$f-v
zQ5TGY)Sb<OBHsb}Fmm2ct~^9S=C(wa%S+%o1k#Yf$~r8yfDXrwQf_3{@Lx*U55SMq
zQN@rnTRQ^@RCn8RkRcQImb>6Mx>}&Mk`9Er0VTtR^7YTP)1{DpZiHA=O+LJMV_za5
zl|@TeP5xSE=MM#jY)ho<$CzBZX-`f%w;l1~<kuohvHCvYTWUF`q`3AoYq!68pD@&_
zy8W3T``}VaZOVrKw*nYov-2S^N_4;rk4R<$@VkLfi6$C5lZz-pkV39Y?$t?|P_P{=
zlG$3RlI*?_^hj~cG`P$GW{NjP&NGt$R`i6C<ZFEJI(!}(OD<&H|H4i;OM5~bv=?Kd
zvStn%@_)8Eg9eSzQ4cfOrJ*6Gld|+S*{@afhO?+TMOCU?+Saan`4&#j+RGHIx4x3g
z{$IqY{z6*C;+ob2Hc?C9p;Fu*@1kMWT|4@*xeOT#+L-#$Lle!fHzzJ^-jckx;}aaW
zj`JX7d2qsThgYW5x)?_Z-TYsnFAz_Pu>0X~ODv{@^ZSD1L>|)3vWt3!qou|^IK5{$
zCL%6}O+G$?&iKVm5(j-A*>Ug7QmYS7+##ovZysnW(vMKCRQ@}Xeuv=#r%(&TSOA!a
zG4fLkx*WKaPx}zf{39I0JYPB<yrV4Jfy~Tda}TK!o$+Cd#wHK-qCBD##|URvgzH9j
zlT^O0J5bJM_Ek9>Si4<d{}+HNrhr_gFj|w7-ej(7a~Clr&|wH3Z%r}2b_ZgsX&<-V
z^+gp?_JP5MFRSLw9zUzSg|ksXW8(#b{`~kSu*%Zeqtj}D$L_FGacyY|ak5xKD6JrS
zv;+{z!O&><?URu}3!00uFa-6MBLjTr6kxvAgI64V^GXOfOyop6eY|gZLWy}Keiu!e
zHTC6aDCA8);N8A_mZ8khO8_xys@UCOq;r|?Y4pccn`k(Fbe1`Xyuaov*~K?m);(b2
zusPKH5h+Eml_U9#eFY&S6qg$JQXdmVY}hz2W*dD9b9s+QMAP-ld&faK1O#^9w0Zt<
z_5#zv$|LrTSx6?paxFJn{gD~dZAgVXkOIh2i7#5xvy5<57b#f9<H)R*8P^QikKV78
zxYk{eWiFkh;m&ZpHy|4QwW<X%|2ol9)OJ|0xe&qP!IMMrbL=>48R)SrUEce1$txgz
z&|;q+C>lGU1x<gTR@zhnNixYLltI<%caZ%L-3%6goaExp;4GE+I3GugiRRRtJ^qdc
zJR!H_@t1jA{dNsNqs~zeBvs3e64@<ZHnfsEM_{6NCdA4@a~ST_oCb;s?Wlz62{5K{
zY}d@W)_7#Xz`di)y?BjvkKZZjpPPz@FG<btENn{89K+H|T?d)_CuUV)DT3oZ25v+o
zJl*5teHR|F?acigt6o)WwLT1o3pd_&tfvYLJBNkZ*A5%AG&_S2&u;oCol=)vNa^bQ
zUJ)Ew2M*eBm5d(344>R1lHfj0HWR|J9{gAcKmT09g#6R4qTa;PEvtr-t7d**SHD!^
zPH?h(D;vNPJ(<-S`5BgzUDs|XAH=P{Fz1w4-dONDU9Qs%Yq^-L7ICA<)qu?zi9ji+
zwuSeJk|PmF+McVrCOYb#L{?@!Q;*=XiOSLA-nYtPpj%*{-rGXnK;L@SUR9TNCo%{e
z0f!zHjqA8nyMd8xH&@CNZ@g$ZHw5+P$lNARdkpG;>*Dy(aI3E}RT;TZ-nGV;SSkxo
z@YpI?giUJCZjNX)NaKroXYErcUEVL<l@}BPAA<Z0(jx7QfF1XskXqA4FT>1x0TkcH
zjn5<RtdK!n6Zqs8u`D&Yii@ASMz37-lG@V6=;luj5$2fePLiKUJw9ax7|JC0qBvA&
zY)}Sq4Z)$|cz1L8SrMT+9^_n!6FU312ibctD^#`2@M$#KAICpvpyL9&i4a}bV*@fv
zz>53;sCUoYleAw*%8ZI`Zf$u+SC^;mR9TFXVlAbZ#nh(`*j+WoH90SU4uaF5^p>wr
z+y=NsYqwusyF;&cFaM%%?M9~bTtmj)DHqAdIz15jA1562^kp-?C9n$wy3FYHo_B0~
ztwO8Gue?R2Mth<qT;2^QMFdFrl<^-+G#vO#{^}zqC7lmJq+`#i?*2{Hq>(i8j~i=!
zTMp?hEu0vtKlr_4d^s4Rbo;hE-q3-W%X#`bQ2=`|?nMYJi|XSl=qGgr0o&KApA<!Y
z&Obhf^_#f_^r2-O^-%p1V7OZ?<S`8Cr-OYFjQr8PY5Drz-W#qCtL`r`i+rtGPx!DI
zN+Q4zr9(|DWX7YD#}9~mjDl0#6loYlD*F+QSd9w#DS9sGMhK!*7kP+-gxsgv%;RAu
zG0usp<yPs*wulkW5|E`Lqp-)ev#UJj)ZAW9g_2%e)0{KC)Z(jJdR7kQrGN@T>;emX
z3c+~50%};|G<oLgpOlx)3W-Wxrmnwe+M-ENenHHfh3IE_m{`>r>jjo!05~0I=og4%
zFgCbxT!3D1x61VTI7x(h&&%-YCY`+wb$dy-^V+`7xG(<|hWUggSv0_MOVTZ#!@kIn
z=h1S8T(a5yf=ldtm70}A@JVR}aX-%3ZBMmx?00(ykc)D>F%w=18-1&pu06zJN#}-9
zRq@KRPWgZ+1exX2lY3of#Mk<7QFXiEFZ*%1Na551-hz*MVeehgq5Aipm|h;dwSaaB
z#LX^6m=kYwvDc>(ajbAal}eWSNQRBaubNAuE_UUbkN7|5J&$MPlDCMn%aZ>iHJ~nN
zpT=5Ss^&Y3lwJZynM{IuSQ;oREhgFv_r!T5_cDvxS(ggG6P-AbuOTjigVgk@ylHB0
z#<&QfPq!p)f=S?7U{?d#ZMyA?tf(_q#ZyB0dcVG}fea+2l4==m;ZUg)>}-24?9%s<
z{~>-@>-qyJZPb1m{&bs3pKsBKlvLjHnE;;rGM9c?_tf4V1s<<g2?h7H8^3(4x`uth
zTPjl_ElD&?GyH;%Rd<K}D#H<pqT?2mAitVsaSL9>N~>Hv{vx9DW7UI}+|7O4wQ=iO
z!CC%zz0gJyOl~K}J&5wChFU+LPF#7aW^(1D+1gfy#&<r;4+L3Dd;Xw0eVIypA&}x6
z$D4H0GAIY{=cYo{kf8paLp+o8?YMY~Ui_*qdqD~>k6^<u$U@ZTAKYZnkpwonr6!8M
z_10tW7X#1?cP@A%!uqvb*?TnBrxa=Gg3(B~eJa^yo6<=>(j+*Xrg_F2L(i+t)(5=W
zUs_su8$0vTi7FMKs5oq{gpAn&@5?^!;z_<{6Hu6P$)q;rER8n4vWT1GpgGC#2Sz5O
z6`Eok1L%}X)W9bVgxuARaKk;I1&#$6G&Zo!`dX-w30+A`RX`!ZPjK2;`vGZYktQvz
z29GU3DTyyKU1E-D(k36#3Xh`x8L~i^l5Xc|=B(Z{rGt*KhR9z&VQ3PP#R7yQXS!Ym
zdf13cgSyE$yA1eI2>+!3eEQRdI!w9}(ZY!1$N7vJD2b{XB)8l`Su`pn{j6eH+`v>&
zMO_@Px&fKt6h!MB#B~YP9z@zISt4ZKRtMJcf}z^yYH91R)>d$8IDk#m5s?s=JsfD4
zrVDH`KyTTG6PF!2!s>T}u&oyg_s5f|+@jN9az0ckvtQDq<Py{ouA$R;;C;chE%|0v
z<yF<rUTd`ot&_!YnklXwPfqI%2iG5RtB~1}nN~tfN=k-$4ad%jP&T*N%V#gLhg~Xm
zuyC{>FGxxLMSfN-PU^Dt%<&*(ZuhvUHyzJV^Ow<>{{`*vcmZymu%@;82k~RlTjos1
znO;jb8GL4|+}iOs<^VM7)~KU+>0(Pp;~rcGSs~YpB=l2nFL|#C1(49{P|2Z01@9HR
z@NyUvTr5+L(;+@ry41?0oQsWx1}HLI0Mhw}`lF|ed<F63K%Il5d14%7h&=h_O?VDe
zhHtqZo>wi<77|6v!pf8d!^;p)N)rXr6hcniU~R3PN%G4mo)&F}@ghCRH`9F^ZXjpu
zmy!x$s{8vEyIY(RAoRyQcL%Gm9^u&Rxvj&0N;t|_;WE{|J|fAFQf>xm1AyV@O*Q}W
z4EO=|l;Wa3U+;Qb$GT95lvEl0XiY+8Hrp>#^3-1)p#$Ka6$192%JYwMwr){LjFK9e
zN}O-;hjRWDUI~$A8~Ih<#8NjU;aYuB6!e|D=s0Cv&dUmIn#&HJ<Y*<ZKHzgHWnlwX
zk1ONhT1m>$qpcUpxVPryIQJzG{8*l27F*=R&kW+7a6JfDhZDS-9<Q#^T<^$!gZgt2
zKiLD;2Nb7k4)+ReYTZ|~mte+7*DvhD7vo~{p_g-kG;>UxYwepA!jG5LhLD#$^k#$v
zG6IG-<Yvqk8Xb+>o7VP{lU`)+pSh^-^EW#696Gkk(`vv+Uu%||-;AHXCg#3ewV|&`
zp-=HQSR8oOOVGTnVA~}#s@M%|%PpS64=Qt7*mTy<o^iUkfqr9dBU8#fh~mk8%EG12
zP~OP8^?JN@<N9Ml<((F`!nh($Xh=*S16s$!Vr9;jNDRT4KV{U7J(|DKmS8fD_z{c_
zU;h?ezn433H6p5Lrr7($vNkp9>M7E<JtK`1K<`;9_L}&n`n^sn{|sEq8a=Pm5N>MI
zn{FY>%WRRZ|E;c(8}mt(q*Uy)c>Vg(gdz9GeWC26B1-7C4VH;MlyqIxQY60YYr)l_
z5ewBn7xQ?C<mP#MW`!LUwLvZi6IWv=f4IBfzhj^UiZ<sy<?uPrcX`1{20Ig^(W{&O
zi&khiE$^@^dxpO?md__i9b#8&b|!Z~q<a60wN}fJN@NZu73DzH*ahx#!4HU!6+|AR
z>?GGd&e%#W)*349GN@F)^1IdpI`9H1dH-!p&FW46M6h<tg5K59Ck=I1_MTTnyLqmP
zzpOQ=Uo##cJmuCYuud4sD(~C45nsMG^q<}<{XFEyooF`HsOlh@`T(Z_<(K2=Pm(E#
zRMax>SSuC!v2w9Dr!RWWd~sI7y<E112=T;?Dr0{B?Ht&XDf|4)H2>i~N{OOqGv}mP
zJ(EX`C6Z~(Q!WSkQe9p({6f$l5&B3*dH_vbmcKr*o;_PSF(QbYTefoQ<(|jn59mv-
zdo<SCaluWd`|BqE3pA_v=T5Tgv<Y+4(X%aNCtl%ZD-J7dRAnqrtUD&|G`cO7w#HGS
zIA3J7A>d}U<|^D66E-k-``x1<={oRe?E>{yw%yH6FwWKjfo>Y`Ll4Zk`Z1k-@47Vk
zw#obf_E^P%R>z@?^3MCMscZ#uP4#@Wd}9|^?tWh(KV0qCzmr<pH|rJdl)Eq?=(jvq
zfo474B(Q#8A`e;OJH51)ABT+T;pQe@)vk+5E-qUE>9=aG%S@u^(=N)GqmB#U4mt_j
zB?oHA0#WuVTd2v>!I-PjzOH2kT8Z`}Cobis?K!~rI@%nZZ@DsE0C`Iq>xQE?hXhOl
z0QDL6xQ{roAv!YvGan@mGB-p6W5)z6i=X%07>U-{N_e6U;9&?sbQ|MOapn7U1wPmw
zca~?BWux&!sP=Hxi-(Y#1l-Fx0Xd6LJ8yuL8OoqX#Uq?Fz(WtS)kAjV6{dbIV4PZf
zW@0EHX(pnbO~J(=Wf_4ubxUcFW4GM^Bsp=&r<e(5$RMnC^AE{tpIQJ_D@m<Irh!}x
zi3kTQv(sab3x5m(TRuC30*l?CJx~R*KufiS>6k*EMQchhJD*;ub}sg*WQcJJ)l15s
zP?YZv<dXpjYyVv6Xt{aH@;v#~RhH`#nKUtXM>crZ`L?3jNyq5!l_kZMuML_PPV2%p
z6l}HGn(H%E%2hnN$^<e>z|pvMWf0T=a<DH}^#<!v016;>NE&hHb`{UQq<E5G+$#AI
zq@a;ap@^Fq;+xr3V*KEwcENjO><uKx4syuU6+|Ekof&@muqXtlK#VT8wa(GyfI}5Q
z?5_WpS5%T8z(TUy6Mal6;!{I3kQ=&6oS#R#P8UAXCIWT=<T-OdfvpMG4s&{kLse3^
z0jP>u{tDDMLW>QG#N#(pi^iPbK+U>SVSl^;AXParFylB}OuYEK5~+iU7mkrLrHp<@
zi4pz>!h~~pWH`PC3WzCa&5j;w7F3Ek-Qlsd;h3)i=J7o@IB>+tbvLsfSUt@aNgH(5
z&=|-<>h6yxmqVs6R|FtI4TvC<-bL~qsV^*HQTB{mN5hh}0407VIUT2V@#RPeEd>@I
zqpMh-{;Vng9?L~8N=dT>TW@P7<8!}!9<$Y$H*i_SNpIr#KigQs>43Y0r^?z;7HPPL
zu1)ia3v8)3`^&dBtmvaK)Xik?U(&fx7mi$qdrb*rpg<~_4lp)XtP_l)II?Ru2hYVa
zH|I6*^Y6~0Q^brl#`{?GmGvy%#ad?r(5#VjO)Xz>BDib`0JG<2((hgY-@OC!@z^(y
z;<m*#z2JD^0K;aw*ps3@wh=V(-mwruB#$UfLiRHS1cF?k4|GDg2j+sJdEUNrz8R5V
zB6)39zr;Ih{6NYKzez(5LT=xvdYjQMVp%Y-!xeyB#DSAbssLyR`5WNuGe|szxZH^o
z`{W3&f=k9LSDR<fUfnE0#PNA!FeouKdmNvo0O`q$cT83Y*ir^JsD{{JW0xDyC(}v8
zH@j16fp<CNF;do$qT&>32!1ojgc^Aj#+lP|Oc(vX@9^&%<*z3o<?!du@&}rw>yAo>
z?zAr+=AJHjS}svu=V{_ACA;ff-=+I*%UNipS8qI*n`cEOGuHHEM&_PEFZm)I{_XKI
zprF4|!G%h1NzH@>O7vz>PzOf*Q8KW6^maiIQ|Lv#NAU&^<HQ+NKqp@e<8*W~6i^kF
zevBhaDq}u*IIDUf`-olGre4tk63<IWrWxCu^aN+6g5s?TU}fE9084Y(GE!?$M-R|+
zt}sAHpB9DCq!hb&a}*F_0=8D$%Rg$UmD19kXwBs;NSRL_NpXqbIGOH!6U@u*1+!x+
zQ7bLC)THaI)l?K%U$@#U8f`dIZ`1JALUHDA7uVQY$}caxnc(6+etI0m&<n<+WCY6~
z*oReSK;-a_AUE=765$)RnWEv6Pvx9|P1}jn)E#oMtI@2$q1fFC`xnZBoQGoRlf4@l
zg|1t#y%8(#3;4~d@6dfg=3vmuuc0a@&gV{DrIHJ0Age+xtoplB3#D|MEHTR?{<(D-
z%>r$u#G$uSp_+_FGKIi<NP|q?VSTQuIJOn+d(t4QA##vIhQ6`{=`|Qix%D^2nnhg*
zhE(B=ZW^f`oC<bhN)Mpj-gfl!*@_y((B?&y%l<@c%Jwlc`xpR~#T4-t@T4**Zp+T3
z4yA;8JC0vD?zXs&Ra@0q>{TRI#{-v$7@9(w!$E#GMJ~yoV94IT0!9|$>Sbo(E~i)H
z`ac0Md=+LTe10$qfbnyhR87aL<o+qg(^HqM7TUF9vzmH1+|z0T51!SzsiiS~fWfM;
zOL*aIId@M`5#>~BO!9a~5kL#?HHMk&>sP7f!Q`gDjot5h+{gtRp5IXH0{u{KJXI<<
zT)mH^i$2RlyyMjB3h3-MY!b6JtltWUj=FNMy5`ugZ2FfiZ<KqDdgg)nuUYfVpyYV`
z<xm$LWct_i;4Pii=|4h2l^{%qKZDz*yv--|+G$0+c{Iy*+VYik+htao#e#=i<k*xX
zLzph6L#;ff+S;52LPoAT=~PWJGxQV1F2_@@otDRI;M7vI{O*q_fKRnfX1k|~DMJ~r
zdS@Oqdx#^WF!fgFJ(k26-{+TK0xhNslmxv<kL&8?XDTi)$}aYJZ`erg*;1wv4?t4c
ze?8?o)TCyHUx_!YFKf+AZiwp2IZ2dwI!TD>aog8?A#GgNT5$!Z7<(t(71tF#%87GU
z8TKAsC-xYu%5!9DCMh#VBJNi}Z(M9>5yh+eDF>$vjn^l|+*&<H_BO}E<oyHg_*xXW
z!ZuYX#|XUD$k3Zof65WapbH1m#6EW6)SwK8tsBtf5Q6q<zD~vabG2ZyGa-aq)x~S$
z8hKm!KU>o+j<?8FbRb<=cTo2q%s<ig*}8On=0Yikg7$d72DmX=9sRRcsMoDzzN#x`
z=wGjO=cnx?tjW7nUM*5`YsSj;x!<Q-nVSeZ6u9^A3ys#CShz5@>8Hn<+5jgwma4X0
z&$S-PIF<wvT)#SrnBQ_Tx(^n9_bLJd;eByD^8le+v+K03shP?O?n`hv6+?6VDfj3j
zf|P#l<vO|G0PmPvcW!MP1gu1dK?7B<j-lO;TWtd(OHqGh<#-D(?KRz;YmdZQpmD%7
zA6UfVXNWktAcG+-FXda<iXUwi!;}Y}me#c|g|O&XSWd(k-r&eg<rT)ku(lcX<`nut
zU`Td5J+=VYp$%2aAN+9%jJkZC(-yd}0V*O<c1;(!qKW=VjNHASN9Wmb>6JpQVG%_;
zHY8fao<mo^F|u+!X4KhWy6((R#mD!oIs4H~s?OV~pF&L;QqN^9SHwGYRf+DXMZlu+
z_Vu!XnXKUrKF@b%<)hA?CzNvCol5oT^+Jw9noLGnkdp<O#hks3G~Z$or&ea{8lqcT
zT*XjHxnoUP*Nf&V8FhJPkXH1mKBrgd&{aZm6olZ2Ysc7tPKs+biT8+LS)8x`qw|d)
z{D75bU!^XEkyZ@mBo@5%>mp=v0o%4E%x4v#U`uE!#{=81j>U8RM!sLerFhvrj`iH7
zD{&JSRt<RkaI_~jklZX#V*>h3mWb^{BuDTBl4=Iv7PWD6hF-&ddz1a_OFb^yU2f-I
z#xP$ZX#$u+l)^n!2HNo!>hBo^+iWaoxIm&14ML<E-DMc%(~|-!hfe4^e;hV!6)Ev7
znfJ-R^0PMi@A}Rw>QJoXti*@G2`0UL9&$77K1m+#0Fia^1W0M@JYr)d+c(j;e8Z`f
zcu*y?q9Uzee>6s%i~fYxWgyY}Zy$VVuhxoqf#zYjt4HGm@Z}pzkzhdgb}?vSqO}=Q
zDvIIXOz3M@vA6V-ya*X*d36X`#oM*jWk;_!u!Lnpsv^|_HTuU7jyDsK91(SW!?AoO
zFSaVtJCi{(8(8REE1Ezes`l^@Qvw>ldZ*bXlskX%Xwd^yML(c@M@4WYLl=a|%SJnC
z1Jl&;z7xERr4sm=`!Q_z!OY)W_#~Q|TY#qY^s1{}4@R4{RJ?ERc`SOhm)w);-P)jO
zxIT;dc&MpsdHPe9ouZPm-0j&Aaf%p*Zn7d=4uIqukRzYeW_*ayLOgKsrL-dcE&h8R
z`1Agknx@-HW*?WqS7<-hA>^W8c9>cPy~?s1DCYw)Pqc?Y!#FS`8oCwJgq5y?oRE>~
zNHG@}$d&oAh<7e7ArnRTPv0a=XuMOyJDmjalY?=r-p{}0du9|UO-jCvuyRvnCDTLK
z>0;VcjznADz($x{zct0{A~wUGa*txI39N~W!LgM{%y{Q0ZRW1&nybJ0#G6vtq;sSq
zZ>L|&Z|A#!UiH}R86cQp?BVP*9_kZHs2La<w?D8+bUs-dd7(XIf>L1{fBS}fA^JD_
z+3%(c{!5H$N1{4*yVvf0=j+9lMLTv^j#z*F8gfLb5q8e0Aw1))tLNm1(s>1+(KNNW
zg0&x#g@UtX?31_ue5M34cv%NlE$b=NZvrOn@aOq=8;YVGlM9gvTwgy^L>v9?x$UmY
zS3~<QgQMz)bTtRUp2hDG=I?!hARuVDUFXQ&zv|m?JA|>I+1z<>U3Wg=NxfSBj^M9;
zpw*8^7hcp!lnZ&#cZ@hnEB*N1?-0uQTiXl`5=s1YfBCOJ{9g3@_MHY-V@}Hb*2ok-
z#Y+Iu+I;s^|KAMw`vSNrHM|SRE~hX3w_&U)Oo0gBA>i;+bM=3KAg?+ac%gG1(>Ep9
z|NQHZe{4d7dS=hH$-k6!%5=$E>&KrTLa7ryyxfE)w#+)8m_$<plw`rtWl|yZbG!cA
zok7Q=KAS9%h_L+ipp8_#)>JsHmSbF^EV`ce`IZYycF1d-2<mG%O}w|U_c~)n4neC<
zeqSBEm0<0^2qwG)DBjcjBOsD$__HA8s;TCHfpmXXv;Mru1bOnwpVt*~o0-^27ha!M
z_h{B(LtgM=@5%QiZfdD|C9x+ztR%H^W2%WnT&FB#fv*!LE>wN^671X67P~w|Up{j_
zTUozz#{@A=t)_-4y02HS><#(IJKJiZ6F)40?~4ZcJH9i(<dHpYv-{ij$u4{$IkBEk
zf3=TWvn!CFQ)>cEmxii1-<A8W)lI7TvxCauVE1}R&l=Sjfv|0Og|b!YM(va<)dy!b
z+UFp~Dfn{TV+>36<1_kaMcTw}8#A))=l0|H%dS@2Yb#Z|NocCqWKi>ZZoX&tNAE}O
z6D%|$b<BP>9ld{$rB9L7rne}}Pi;wTiexMEFP~zcSt?wf5Y)K7;;1o~`zG-++s|yN
zZ@;m6H;ApnpVjbwdqCB)q+7{qo$@Tf@2+O_jJfD5>*w~gPS<GTyK`=I93pBCIZCH=
zye+r1tu5=FHF?aLtO;~0$M@G?lq_0)DY9_AzE<|fg}i}(vmFgoBZXai{DS{Cg_M*K
zUBObuW#cvU(a8#~#lyL$2`!Cn{U2Ux<f%&JUvJhY7$0W5ebskgor%~jf$Y4{-q3^l
zuKu-_`nR4tvRbR-me;Dv7kXWvP^zEX<?VZ!giadenRm{hg7O0$@3F*ZvNS<jnaiu1
z_v3bQp!d;kKZjQ!8$+W@L$}-;rVq?e@{2tOZ-tTIp76rO?&av6ulPq?|9Ki;f6Bga
zlbS#BvdD>VOVRlZI&4{eUY|%sT0>T@Pcx=or9CwHQkHJAXdiAev1N$advEw$=f{(-
zX*a%n<XVW@RN#r@zjnv_3$N+Fgmfu~ozw<beK@MVkw(!0J9qCqQ)6(4qGR@Gq(${Y
zkb35LC*y-t#nkhUkI_vf&edA9WfUtO=BL+dtGS9YHdaXq7kbb1-0i`lIj*&Avg37`
zc5ZzH?!*;)dHUxT4AB?<Z8}Z1)=d%K=lg?Rebd$jhHfuv=Nu`TZ+NNSY^PwWt-MDT
zt3e@amY1PcS>&%{#D8lx`zj%>E%gfOQlYz5#MGK+ZnuPX(VH4t&dD~-ox>lx3taUh
zES$Xl34Z_YC!=7gXSbwlQ*Pa0`nH?=jl9mNY-sUtm22_HT`ei(&Luj{GAAbo@^kC0
zRBT$z8|07D{4xkQ>!C#@c9$=`d*a+8G{CCsw2~Xc3NqMXzM8kgU-EY`|8+NgP#;lY
z<9FNe`4T?GHDmwtbpQHe>}7IQ<-E(inndznZ_K~n=H<pIbuZk?ikbOW;QS9E1U`}4
zU|-!@4eqzPMX;;2Lha<8pGuD({FmkN_YI^~Bso*(?W{jPg{yxm*+<E8I?QTKrRraT
z>tB~asUJH!z<S75?&~-~ki0IvDBm=;H)~h64FtHf8|g--Udku-fEdrTZD@!d?EB+^
zSY8_gdRR`Km3%j?XWjPgx+b9i%0@U7>$z*@?7)9SCTAdw!!?<PVFcg;0%8Y3qWsKf
zT=U^(@pSevKSsH{+6)ytr9QWLzi22sG=Od7cmNp-gkU#_&xJ{leukgNzr)5~V|~mE
zs|#HN%xte*XMnYj(1_oGVCUdk8IT|>q2JX-c`-DUz6HAeD1Q*~C^Xk|m#@~`LFSX#
z)Y?xW{SA22B_OIHLva%Omw<s{J+Zh7RZ%vet(O2~Oo#fS4d$nToJ}WUaCn3sh<I7R
zukC>0Y<mlLI|~5Dij45OSV@DVBl^2&Ycxwweuy5@qn%u<ZT-~~rgietVZ1+PjLaja
zpg-yRkc$Z{_Q6Q?Rfhj*KmuEliN(P6%7*zcA4Eo?21z9>cy4?=m#R~kz4iqP5=4*$
zRNPba_e@J=-8|^F-v?{&Twov<&(4A;WE)5O(sYkGtNX$uq~y>BIj7&PNB)RuH*{!M
zlyp7_8Q0LJsy_3EVMomZE__A0))gpdK%ZCx-s>cAdLE{2o)&CD8nuUNIW*F)F%%LK
zCt64Akc=AP>L3GsdJtk}2f)HC9c-m+0KW0)78BJZU?CV7-Hs>fK6@r>14C6sK7vR}
z6d6Nf4?Io;b#|NB9<Tq7auU&Fyu_ih5x(RGFpn%5{digzQ@6^12-|rlli^N^eQOGC
zKD8SpE}Nq|HKE)yvU=nDi!=n&yRwZRjA_#~rFepj&~akH9F}E+Ei$I3Y_x12N6=^P
z=KIsdOYP@1dZ?J61Bc4eE+eEFHmcVobwTz;I#>J69sDT<CS+Eht9EaOy)TXZ)pG)`
znN7Omv_Ycv!JcNNfYPUf@Ck9wT^4qly?ly3?o0`EQHmagk>|qnKs84Gs}DK3Q)lHR
z$tP*!5UTK7b5<0<>ciZo2s;y84m--dALo+Kxvk(A0m?4vfzgeYYnvNu#b~98+y<*<
z#13!~88yS{J|1d5fK-StRr94sLtmcv%W(rTQuj55#W65JwIk_4n*Mn$xtv(nPmkmd
zxtcMed>H%)n?SB>y%WxGKRlWJatTn9ns1jES?X@-N`JX{=V93x18pM0{SCIn?b1YL
zbIgoqlmpV%pzA&g#0H87blcY!T^8Dxfe6$E6ju5hPx@eP*m%vzcogDdL!q(ph0cgW
zanJIF39hmg0~08CxWivw-cStVsW6(ExzCbY-b-V1!LE-L@E7`+@r{JWbcT%-59Hqe
zCVGCPIR0c;{;c`d>2Nv7;v0EiWi0Ak)J`)l)KJ!lhGBULj9y7n3V2MP^9VD2BKs$b
zQ+^!lRgzm{-ir0X&R`&3yf>Wl)}to_OFok86)4XLPj#h%q)xD&86Z7-=P^PIWqdYT
z8`cmb-h~Qd0Ji+xSZqo98KFL;Fea@-W@0P?Qj<pUO4grg?9_$%<j2Y0EZ`_`iTLQD
zOAlyi1iIL<%{$LA>pzRq<J7`6S1aDJd%HcXQ|}6Ksqy?-aZPGOs96xGp0~&QQ8>9O
z0!OcI0zxV?+|jZb;kr<^Hf<|JzN<Y$|LN7z>1GhYUH{yitf>2L1zm#098V5ZZI5-u
z00eQ$05bssgCSDIj<J=_Ef_h^gK7hn(EDS=>(gNBKX3+@k6ut{f0n4Kxhy*p5-yu^
z_fp9k(KU55IY4w75%14hp8owIR2@%R$Y4-&?n-3MgRk0Pz_+y_kW+@!s8wh`iG7{w
zEqCWuS@-C;>ODeieQ22YP!NVGU%o1ZJ)wE@<=kLZano~AA6d(kFPU=zp6l_9kCGdo
ziaxdK^V}+RP2tOCb({6#6ia>d0JQ7NkqOQVM-6eEI3>KIpv@crppF?E+^9R`Bby6J
zlHu}09KxlrlzPmLHgvLeEP+c{@swadqHHq9dW(HBHZ{UO)x4=Bf+IL}@LjanDI2GH
zX+q&~dscyrqzKt3tBJ-40o;|aH^wZ|yYVT)4ZdQ6sC2JPA&yOOSvIu@C)iQ9Q{!N~
ze}?&EcRr;ncv+tmfppT#;S;5CiGOC5;T`*oV;>h%Nvy=4ymV2V`TXBr0C^|IY}X9u
zzso>=2_OWDkrqm@C7$69X2pF-a;O(<XFBxkg%VzRd8&(^T`<+}Bg(z8)`yDK67kL!
zBYKPaxh!<8WG9k~7z)<ENlq*jdsTs#AE-1VAEV7C>J&DiygKC$@1<L~6RDSaJEapE
z`o@4j-CwwHENd9GXNJ{-sGiX&*S^nE;x(xMO^t3q5Y*k7Y|X9lKtgswXkalSLtV*h
z5ZKZz9ayilGy1{tICF@oM!MN5>shbn%{lJ1etAV=zT&hQvuX@B6xqniN!%NbjD^>|
zm)e*t@GTMhm%Zy%ax!q@V4~A1%qwLm)Wplvo$@gj2(R(sc!3Qhs0AZ}+4#-4{0Gb0
zczwagDtH6InS__=AfPO$r$cjCufw?S?(@ngv4z+^+EoG}A)OmD(f-EuG%$>HwrFF=
zw15LSd@zz@6fB}94%X&M9cHELHY<~7wX5vrv419em}8+u1?;E}M{=m*&Wjn>1XYi=
zK`XRqk%KqY`3zN3YleQ`6mbn^b_JfL#Lt^IVCo|e)JlonPJcx<TSZA$<w8_T7<iOD
z;2!ssGfZPl8`W4u&+s;tM?3z^zh&fqrCiRMXqDSxkU-op#trg*DLhDLKq#32AFM$O
z2HQe!ZomFW#-M}Ie9qYbdJAVq4_}Rf(Rj#IC}PWGhIBaA@5Dm<Dz;_;!axo(&xkLb
zoFCVK9l8cCvM;M|yi_T2oS7y)kGflw$KN1)xI}bd9+~HXh%`?n4S`9yQA7sjV48oD
zdZEX(q9;1|eybqZcZ)m7Qitu^MZ}TBtv-uYpO-enCe$>TQ7YewVff-)0Q{4L&$$e(
z1QFii9qol&`=bdSDGL)9O`?s*%dcyq@SXwWXWpfISwK2i?-RsvFl|=wv^KUK?@FXr
zH+E!o{<N3gGBqlrlf9z4=bX}V)w`!Ds#@)7i9AvN&Qw5dSztcu^SOKB_s+-frF$&?
z<<k>OjQ*-%@A0zHK~vg(a2Yn(qLj7ah-%TfU)Dm99a@~~YQN*pkemD&PhRBqR^4y4
z`Mes+AVLx&DJlyBq<9q?=k&%HNaV7i%>h;?^@qH!8Qt2hLMvsKlPr6x0n*@&YxJlr
zu<({JnwiJ|*z!KPN#8Egvx_PN=HN7y200TEo8he`hzbB2KvGwtHFaiUyIWvnuaIbn
zY_*x5%0@B}Re{s}Xnw6w4)huWXB6Shi4Pazr3wJnw3OU3hl70yhC&n+if^pPL_C=<
z0SEQS*X}LiQNlM25)`wDc<6ll+{WLadO`mC-K0ZvoOZicd8=}LuH_L&gW#Kc0#Xz#
zGlJ3u_*C%c1V3_@S}Vs3Wt4oDKUMV!Ih#f9gdx+|K{sY|`0!!Q>@W9M5eC+&s)U#I
z3oy#@@JZYu&BIde%~9bTDybVoq0CCQT4p);;qryUCa*>s1&=2@jA6uH$(HZGyT;h7
z@@^wb@K9?&^26R^z2<(OTdLnfOZQmM8jF=@$Zzv-xd<scxBVVdPub>^EnZ66>@IJ!
zHNKJ+GL%ZqFV>5O+|OqIn9$DQdo8DfBP7+2DuNpLlkBytRU#tCep$c$Q|&n8q@EcR
z+|gefd3)L{ayG#KfJges+?hHzHD#fPL9OouNmUQi369|915=Dr<wH`=aqjs|n(;M|
z+35A(W4(Xim}c04R9Z79#+ct;+fKA<AWGm2U-!$5jd>%MT%{GcD!9IRr^CDyK4R7h
zl58(dH}#R|{MM%Erj#Bv`gI+JqnE@l&yFA9L8)^9DV(W5YKh+^Ow`pBq_@MI2e{so
z{nsnOdd5KZxYPft5&te7zkeZTY52|D-Kf<czRgcB`ub${Lb16MrSc!&Pzucrzj^ph
zu@vinzVeXNy#vqscm2m=*!c<N73chnX5lXpmp3{Sh>PCV2Xy}U^*fmczD}b$CsmuG
zk?vCcc~Tn+blq$wdSs3C-=nF1EBPWoScmKDK*OJJw~ZoN^z}oJXd32cQP-7^+fx45
ztv;^}x6qX1+oXiwJU_1}WI60IZumDW<oiRpKtXMAOzF+te|E&Le+s05<skB`PUJst
zwJAKj1j2{knqVPc-R2Bj3tN!Le-0BnauRN;03G9Rd>OtjBPnHMIo#$O`OS^_x_7-2
z0QGp1XmIwwZg=%AxRxl@VWwZ-lYiE6V9vIKSDXHx9QNx){q-|M4#Kt2)I|MkUH(7!
z_3=LRYsCoPJ-<g-01sf>zLVGXOt|g$C;BhnRjLUd-~~+9!C$ZBf8PG-wv^XSUSMQc
zApY3UcM>Ib0A=SoB!8A0pvdi60y@;aVs}fT7I^1Obr<rVDt=M;AK$ZD&`XDc7d)R_
zCXjIhI=SP44?u+ZuBQn2)60SOS^MCVs}OD&V&Ie3YS{tIALBoE?6!VK&!sb(r>PZ&
zQIehj-urd1H8WKfF==1|%N$vwaBmIWW&O?1q1Ajb|6Ic_f3iNZ>y!39!Xrcn_S_`K
zW0iUaI{aPfKpgKnIKfvO3%y*2m%G@E9F|}8s$3aDJOGbnwn#s9U%CjinUO<P85-#k
zf-neHd8X-T_CvORxzm3?ex?hgGPY|5e}OOvCRI#)xS#i9V54tY0HUgA-+cm;_z-cF
zV-UJNswu+)VnK6yTA(KM0C)d1sQwZzIZkF(bpn_5P}dumxV^E6G8*A#A+xs4Y4Q=F
z8_{kGJb$JTooCmYpCPj$cqT0YhpSM@V|`8z0Wxwey4rHwfXfa;ov$Du0xns#0+mjF
ziBaGhwMaYS?*@cSA=9QKks`K<t%OVM4byG)2zsJoj`-Y8n1Qx3Dayuo>@-`n-D42(
zHUuXEtuqb5QJ^p|gr)Hu4BF(DhW;zUI$wxYrGCv^=SPX?yAoem05xy=225>BB<i?M
z<s!VbQ-5Mey1{m7yeP>glYGDp@q^H{Ym@<L4LALE81eKjN3m))fSd<$&08)4zDgd<
zszd;zDIg!_fU2w`SX0jwkvEBb0?&dg<ZN`uIVQ2Jkn4w^-#Pv+HFGYvUC*|vB@Z!p
z@?mkQ9^X-6P-3{gm;rNb9hp-Vc$(C`ObQ6)kSTlXI&>Jf!FV;eSE>maN9BWff)f_o
zk-^6I{3ekRB9!<=Gn>HhhwcY@4$1fmx5K1gEs$39IIN%fIpY7g%h4yOnOX0C&paCT
zLgrC3WN@-J*Cu;B;f$CcIaZiJJ&pKHNk@}5SYt+$Ef}`P(>w)l5k_I_SoT0<?{qJD
zbit$QL`K$l*CK{6&{0R`UwhbhR}H-KDc**O=cZHbg@lf4at#JxP<5EVFi)=076$~h
zm{0)(??kELaU-mCvO}}dsSYRtt{?^;u2`)U5A$%+Iwz%r1ftT&3H`DX#y132%qg6$
znHlW}!h6~RMe070I+*n#neR9J0RfOE5!WK9uO+i%{%eDLf}pU6_s$Ij)lgMEe2k7k
z14sjabp};lz^k=#l`g2$_Y;no4aTmgJ?;SEwQL?p!}B<KQ>_<#If>S_IBy}f`S|^U
zoodqK;84<iuL?@v%|P7%km7@Uj=-@uRZ7jvOxFKKwe%A$G)?fk*3ow^i{pjj0vXBj
zbsW`T$3vrZ)K2hEjQfI;h8ejqE=AM*BzQOI*B}0mIO(j6Za-TGqKd*VY+yI`Nmf$N
zwqDQ&jnFVpBJ)~}qDd75gKzq^3fQQf)bSQ-bI^uBBb09j-e1JmsWl}WqZB?~9(|y1
z@2Te`@D&7zFNO8EOr%@-*FI!=#mf0SfSk`AvEFmlF0?T&KVBa{Oo@A|8{7ns+Hnf8
z<OP?+q>j7v{}G2i9YvBFexUv$T>CdESb_nNNV^Z}HjOIYc?6T=?>}r>7>Jgyt2Be)
zd+Sn~JB^@4ysEmF5x6Wj_vnzs$zECgA_yE*#;?k`olQpm&(xk=>;O#581yDWx-$rd
zOv&u-56)g67Wf?|wKOd?@YY)!GoB{Kr-b+Y$F010ERgMtVzBT=^V3b*<v6HIEfEYH
zsJuO32xErOz5lPhuYQOs`~OxJ6hXxRQIHZ9L<yw?l+;1#Mj9ogyBid-2!n2sE|nfi
zL8VK&Wod?z8W<Snd0%(GpIuj1pFd#z36+_9&$;KG^Nv>_9)(Tmy)UmntG!l_l>0&I
zM5jcxNhf_`^2J_;GSJ+cPp<z^xL5owRG@nxdmUSwqi@vdWo7M0=*-SB;DaVmmWj}M
zLqk-1rh}7Ox!TSHBzhqz>1m0O(=1mYTjw?T!1Vz@E0do<u!TX-ChqRhMNr<&V%=W-
zmPL^hJt`41(Wuawbx8W0?5)jQ9crhG#t;5HBk(O_gz+_AIe_pnM}|Nx^Clvq*{{8<
zJ_HnMtNquSeoIeLu!VQlD(+f&*QKXWXzx}oigiD<rSzZ^M1dNbJOxf4{ovB6s$L?%
z&YQ6m3w+S%GdC`SjX0j;Nev<enxUF`LM&k-u?)({gW91{)Z9bo!P(oydUuU3pt?3o
z0OhT7AMBoP_rta^Nu)^<MJ7?5ZPOaO5{27n5xZkCby&Xm6Pm3Bx)tpFcB+YKs4Ooq
zX`eqX7}VTW=}lPKUnlsBh{;YhL4k{n(;O3RJUag8iH?yfLbmRSNKh2}j51}bRlXmt
z+h6WpbY}0WY>giHI3vf=R!o$a&blo$Nvw3Q2d1c)9JP87l=$Q&*&!-nT#D8!qlP2S
zx|Opw^t>nRkpm852T5EJ7pZ(hD7!f@rY^=v<Z=FVor&(Gz8^$U{l6^BVx-$G$AYu#
zjR)1OBa2vx6wU=GgxVx2U^>zbfMuEoDAOBI&6)#IuBMgqy+41-pKB=<(vDh<bZ@&}
z2<|(*m1J;F593;PfLrhRvwh58wiI>-UQ|8P50Z<;Z%SzV-QX2wKr>1I{XF==X;HhI
z=<)l;-TY^IIWnGGLbK@EV9eYvK6CMkDD%l`_N_h<`3c4TyWS3si{_Vu`48pU6#sUq
zWtfOKVq<f=&HblO(wB0lxXjR=Uu-OlA*m32E_ci&{LB*bYm_W{zs~&!<NG#JUwRHv
zbR3$_;d_mpe~g**yeq{IW4ymYav#ySLy!Y07u{+8)o<=#I=%4oR~Y`cR+;GPvWoT8
zpJcm@8~PA?6}o)6B?R`G!WCrbe}SV*q7g~P_5+k0+C32FnLs~DKJSu{9(3JPIcmPb
zd@jBqrql<an2GynV~!&~zLVd{pL6I4Zr5KbJ1zKrpu`^ZDf!qXC1jxAJi<?^^R>xd
zt4H+sZKEFc(a?`mB~d#fSksMP$Q<rQ)D6-W{vtlv;d>mJK_(NqpQ_3tvs<?ZvdGEz
zYQJ1C5=a(F++_NX=lR`V83iEo8jI=qMMoU6$ZL>A1|$gV`{}z6Avq}d-j9qqto7qQ
z-2cVw(2?5@W0^R>lln^-)EF%OXZE+w{`5^kRt^)4<+$Gj&o5^u2G+lwoQ3~ick|<)
z1Wv+OBwAyB`JOyI3|VCJgY56-_aE;fV*rvxl18=v>Q#Xy1Zzj&HPx@Cdn^RTvR}-e
z=2x==(#Hq5#~ip^gqJ4SokZoAY-o8L1L>CMFZBbQqY!Ji9EYFR_KqwQY-kQmBgAL-
z%rtMTRmslB*z?c5Vd!3He6wu-6<z4NLIO&y`UpD$j`?%=eHz~?T~jLf9%M%KK$2kL
z)@acWBCtSM%7Y$rBmL>>P0QXlr|gD6ijAef+iH~;ZI2MT5RE{{E{3L5%l>#%iAWw!
zbn#NVS)qHkJMv#Cv_AU%YL<K8r?s0{lv>uSBhY)^?6h;YT5}W1y-7lQaD_RyFgVQW
zwFbtyCuMMVmfeH=as({nNLzAouBt=b9G726lYGIcp=kc{=jLShrMG(uZqf56k+)+i
zgI4FF=H_D#t6S%Z@T8lt4@H_wg;A`TN4F`zz6|ppl1gG#_63FPKQDt3hy=uAy@+NQ
zBxphBTBcbLb7vS(3&^QjUv^*1KXmHF_N%(-{kFp2JQT(~zKA6<<;PW^z(e9$c5>~0
zWgWD{O%R1$r0L&s^-Iy?N<>0x-afQY;l4%^DsY|l_6UuC1nyF5ArO9`*Dqd`G^wUn
zO{WDXIufB;wE;0;7BnNtb0@ya?!P_A8sg4;9=n@hLK{=QsW_hHS@22hn$g;IF0wc4
z4S9BReA<2aFL<*QKIK@%xf5(Wim5AI<#)Jpkp@UpzHT=Qmt9saG?^cquP(`1#;Cu_
zacrP#X6iwTZMDycaK_Wn=++5IuYou#QaB$Ea<+xA-;HU;Bl5?Y;NFdh{t`!&I8k3b
z|M&H4sG^VP<#Klg(Ft8ZpY5OA=?kb{EofL}!RkPWDU-hRZ6wH~`3@YZ?Riy}HE;R)
z#M&2uKxRqR2P%PFWiyYA)|RFvuZD@NRBLYD>MYdnxOuQN<tmjBGjD6u!RJRko!d^A
zPCD~iEap4%-E87BSA6~Q@=%G@qDSdvZu9cFy(sq~=(iT6seGcdem8M>?fqj%KIdgC
zEG~$zb9OeVzI3tx098ZpYAeIi`-O#<sWa6Ji+MTJ2ktfFKB!p@n-|e(4L0v3F=Gz1
zD!hHCEqb4yC5O502RSm-GgQ$^vw%mPu~vm;unrw@Dj@>hm15m<bCN&HgugI{Mxb#>
zpYr$C1kO=4s{*ZlmEd#o3w6gjrFwgoqmI9MATqoVt@6g(tEle?@&3zqmIsf=EUdcH
z&Xs?N&T@*pwHANaT&q{#!J>FyTw&M8bHiqV4dJi6V{e=-W~eOpOxb?JY=i&6V`s0x
zbt}&?BXLbWg)r0IV9(zZxvDgOb-iqGCX`!mq<eU|l3uSpj%>cJCt=0n(Zgg51)Jao
z%1!o{cx<q_tdVK73hPaNdgZ2}I6~&?zMR)qHkL>Okui6VN&YBM*=|(_Q1E;9t0Zy9
zgYULG2oW>u!~!lv77#B06fwo=J45)ZHBxnkFi4AZ-n}LwZ%3gNIRKy^IE8>wW)TX-
zrs?y^lF2x8K(O1^bX=46tX54nAg5w8B;$Y-?M6|KN!yFAM2X#J!71K7dvtmW$EA^@
zEkFzE2-6HC4i%?m_v7<Ue=_|?J*tHDv&dOQRzP@jmK#ay5b~sF*dFzmHamiACM?={
z^4PY)uKOPm`&ag^FObz6KTDN)T>y0UmaD)baKP}mA!0@xGEjB1U%5Gefpm8$R^IdC
zWQ;xN;F+B-YESzF#Mv&SF5y=Wi??KZb9sha6FMX^%%JSGB<;M{vtn-%;wUW)dUxFn
zp7YE24!*h--tv|gG}&m64Lj_HBC`m%Ti*oTi9*E8k8?Uho~ACNB?v+e$3euD9AS>8
z)BwFo2m{&H4PXTg+#W%s`{q_kZo~^Y4)Z)+ajx8q^#n?9;ps(0f*HYJSqb5vwtzE1
zHi$<wOPt<bwlie@W0J<CeTS9OF16y@Ci&h7<~F`jzjH8>Gj%O>HZ$*z$n4q`H|(09
z-dq@?i$|8Sj{6zXa(Z&Vyxo2w?SaC33vuU2d*dQX&tGd^lU#GPZp$rP?c?KkZoX!v
z5T%0g^M2JSY!Ghwy2h_{IgD|N<_Pf%3XjT<Ui&7ZJeHojIbq(1THQ?(Dcrwq+gj9(
z?kZ}y)B0td&{VY0Z7DCHb|CLE@9jHuv+mksW!u-?Cd+Owu|*fzh7aOoZ8!oG_D1F0
z>}ZK*-f8`y+qnN7-5JNvk|fE76saGChS{I_32<V!_-ZEF-+4UWohy9WE`#9?rX#rT
zc424SKB5+UH=TLLR;G>p=l75t?8*(;EoM@D()z`=-s1G3qTv0DiU-If4>dez))b)=
zT7M*6six{(I{8k(Q{YzMXSxgCNpxjw<D3F4Wg^2V#7u=zelq^OX6$UCuSED7Dw8Y*
zuP%b-JXw}c)jNco;>p;)+r<A7O>8=a9c0M))76RAz~ppb7(>WR)I4lkD%0_bNhlKU
z=P$Q3F1W8*V0UWOELuWhy4ImAA31TQEhc;ffpL|NJ(ZqCJh$FWA`*bb>915ar>iT4
ziSIQGXUHR+eh{3zNAbb_+k-})biGB2ta9r%vuB(Vmorqa(83kCnaufymlf4y`=A`R
zpogNT>YBEH+J~5~i#HO0D=Ms40D@KicW~$UT^2vrPQE!KR(os^aYwEauGAjUg1vhV
zTS+L_8>6RM1h0tLoJ%=JrnsZU#pVbjyBT_bGM){i;>d3gSMeNvAt9p^Z;jjAohr|O
z>3N+*?r?aOx9zrK6Lkh7&z6SD<R@z5@*>@a&0KGMCIss(p7&HPV*25Q(;*emf4c)a
zuI){StFqWw8fWeX@h$7C+D3_7%Y^L(LQD}G&Bhw^+l!6rp0}=UE`9}cggBFU(W1k4
z<8BBY-IJ~|`#J8pw@vwKG!@6&EQZG^T3$xx?wG85R`^lw?*54m%Z|CVPU-#_X{{bX
z2K1beK816Z!R8$S$`&a)qm9;J%m9^_gW7M-S$FV3c_rmq#YPf-j6CIh36}e){e+J`
zmQ!&*!Aq&^qrp0r7nHm~GpQG~6qq?>aLQh;34f6QwfEtC0!yZ{cyT{Vmd#G%Bz?ot
zdVM)*|JQ=IU##`kTdGa@AA7<ue7kbkXEdWf<?{_P8y)hh8tffcQHnK+iP&>g$Gy9S
zwMv(Z6xyYZ6r8^t-E+@8=(T~$Hb0k_;8EWUJ{!9OKD)58Sbgu|!W?e~l95-MFSc87
zj_OiA#~#<?C;W_?UrXX8Bn{Aa{JnVh4;`Lqq4)pz;m$d)NnLCl>8|X)=LNnxTv86W
zQ<A0I`5A{+!jazp*kNC%#HRu@JJTuN3BSz(;ON=(q$khVE^mUfX>v&h?3ZX)y%jNe
zz@&iiz^rh>Oo5-Ae>Co+4I=8AmDl_R)QbB;gF4+jY5B@id{j;uQ(53rtdD*R9`h|b
zm(b=5*<D_Ssxn(VQhIV!Poh-aCn=j4UiBWdx!VHW9LTxXrF|2H`KKGwa04&N_(xJ&
zoN2PtoZgX8_keK!LYzDp*j>Ko9Z1XHOcH^+Fb#+|YpDIaHhq5!g#bbajwgDJrK9*V
zPPKO%iaeU(PMP&criWjhO%qj(*XvyQaDzASsmiGn{^>NU8KBvA0vj=u3)Ru$mePt_
zA*j3zr6&|zM!=d@*95JWEW^6z4?U*og8z`Q*pOh9_m4RErbF>$JaN)g$FAKYiS<6Z
zG{m0SY@v3{M<mVO>zZK>5{I%;Yq68|$t(-+B9wBIPV-2;l8$|2m02Lhn(Aa_ChBB;
zpe#^b;i$#R^87F=y*RL{(r<L1@R{WNnYWCMDx00V)5Kg-4nDOEXtJ*{(@b=6X{lW{
zY~CO=Tj=)<hYIZ@y4)U<D7JY^RVrd5{;*lJxNfM6CH3=S*`9}#g}CI0D6jeescbVn
z9cBN|H~8~qHX8cdj2`t7cx58TN+o6-v-Z_b;=1@)nKCb+*_bvR%oaDKxPEt>?)n_9
zELNvW9<*ws@Cl3N4A;<!J$oa?2b}3tCsec50X=HhbYXtu0k0DM;G>I`9Ol|}tEo3^
z2z_ejMhg30nO9y;*XNyTPJXAIX_*mbx8U3Lj#P#QiL3R9rFM<q^*~?^yD`xd^&J7~
zdWZOMcjBbTp&0M_WJwfflS*NWvzdyPVx0c1tU^N@N@nV~R8-(|kzo}-*76jJ7DRn-
z^HugzzF8yhv$&(*h(JN(ItGC-kN8vfnWn~0phwU4+?ABtMoeFmn5y+w8cl|I1(jq^
zDN-o`&{n94iLxwxI<FG}<<N+whsd8&U%lFCqui64!kKDD`2xi`6LHKEZAIcykv})n
z`A+|C!l@Z^l<=dB<2k6OAUk7?JDzbyc4b3Z);FmSnjaVs9zSJf?oLWKvoTXQS?tw#
zXV9Hm;A>yQX=h9;bin_fvZPwWz3s~WOpS!fq7_H3ZRC2;m)xCu=kYKl(IK6ApZc8K
zo+b2d`xCgXbEG}SyO&XBadi>w1u|KBsf^qMnw8uwbJkw2HfTewmDdy6Jso|)Hw@eT
zHW=mUgopcfkMut$kEXLLt`?a5)X^3)=oiAtJoh*%*`WEsG0(?S=AUqkelkU|&uK2m
z?IUW`5IdvY?Z>#DoIq^(l0?kn4x@`)2Z1D7Y1_}v;=o1YLXs!eFFi{I$2mP5pYCyE
zcK?EC`_>8(jZm~jWnLZk>sWc$=zTF$CH?8<+Y)p28SguTM=J44!wz`M>wUMO|5X53
zR!*fb*15hh-BW^+c9J*0&FmQ`i66e)rMvwYG+Q0yS2d)SJ&s!~w_CrD9#v9yPcsz?
zRa}*g&)uTFioc-xyW)D<(`>SfNH<eCy#pxht=3NyB|RUg%K9c&JdR4sjpj?<64F!i
zI?}nJ`muX=np<pJiek>l*A@&&2VlgNLW#NtQV_%(GgUxU|I%@!FvLjMbFx0uZsj4z
zvAp-Ox$1$>t*3a-#6Ep3Oxwsi-CtDs(!*Txlp%K?ia3d%%7<?c$`axWudMs>+}v(F
zO|Nf!D%9z%4^7TKe%E-I#7L$lC5V1iQfR=w@J#%LnNNXSE4!P<YpCy(T<eSqXS)?^
zp8PoK9OYx&B^RA&9uXSes5Al#$<55Z)OVK>G}_R+lCE|NYpnHuQQEy`{9#037xMaK
z6M-L;|K>!R+zX0UwmM}*?@KP!56`<Q@scoMVJu>Zsm`tVkZJuMkvDvD2-WLmd;II@
z{#TW#H6Rl1X`f`5ojjPi@rtu-zFSY3?U8@@bP1=yjC2et7dzR0tr4+~_qQhdymFYX
z*>o8CZp8vzr2uN%UjR+OYa1%;i%GPD^~9AEjgg~;t*$E?T#9;mqj_l)A6Is!u<b)!
z&iA;*x;R3c0}+<BS59WNQN5Z3dJQZ?PuRcKOqTpb=Y!twolrf_WgCh=)Oh>iY1TQk
zu{0F9NvVe02ExTkS0gf<Rwo-Q-a4CGcq;67!rhB4G&X-FtMGe)yMnmW?9xiZ(A8mI
zHa33R{HAyJTL{#TX*?W0qMs|JJxGmsEd1QGV`_ZV%ZW+1bjB#_mV&tI@L*rkr;J3W
z;>p>;{HLDfX3==ldNVlbgR}S5cgyKiGCSPskxwO{`>l>wUTUgmVo7cGjx;v4<Mi5#
zijMozR+SKAeck;MuS&&SgjvqX?1^|4jlp(dZ4*x|)dG@er`|FBiq<EWX|!H!6JEO-
zm0otCkkKfuc6+P|+sj6kU+ewmF*J4W%p2p-xxQTW;#cU_hCG>ZW2{v$w;BH%Y6O|%
zJ3w_5L~YJ`CRxA7rCfMrmKx`lp_NL}>|HTQuYRN^+~zWG0p-(Smfo5RMoJYvFP4N5
zT<Y|llivcUE`A~w+-=W2vm8<1AiVhYH#O*WDSx2#q;JosWphOX7@qnf;udl+j!EKP
zv6MiYvK^1rKo0=rjiSt#gM{X7d^HVIKVMI6j%AKtumagcu$M~_if>NmjJOwFpJb*h
zBg=A#BRFG+QUm3#3~QR+G#hSR_o>7HZIfw9H9oVBT1$8xd%tMpTl5aIH3c5y{<wkj
zx}DM&oTG=8?R*IIgrmoFGP=KFRek-KLQ0v>-#M`S#MFGQz?Ifg_5e>ohEiXbc3Yp+
z%b=jLnJG4>n_Sq$xj}0R{HreE4FOX2JB|dQB;RPvt80lD2jyeA1U()--1Qp=@8qra
z`cre^mhM^3Tr>7k2O9k)ZygDIt+#%3WKzga;A{Y)tam=*)u+&>I>(8fQ#&}!Cto&~
zOc%*IG*^AeVOrfmMncF{ysB=D_1CYc2@WGRV(~i|^dKtdOS%T8eanJuV(GDS#fkF|
zYmbm;F^?NV6~*?QNnOqDty@P1is;`tW>}jUl=5<s*VlLz*k$U_6mPSWYD*?Jk4L5v
zqG}vWW{yXrE72dt(HbL1+>T-6Qmt~a&Ci#kHJkMJ%lGHCtnKp54$;&sygMPCj1*Q~
z6-0+|sy^w~?`Nu~-unL5)Z+c3Ee!Diz<BgB=!ggGr^_-A=Qy8xx-Fm*$t|r1XIu`m
z$T=*(zDx1anuNt{`}p?xwzaHpvE_DBj6=7hPAJAZvXQ(Cuez@KPBA2%OF@sOa~r}m
z`;o-3vyC0Mxfynt(KZ=OS6?8MOd-0vBdIycr}PnB<cYEl^T0zL8yq0{h~1FuwB^Ae
zdQ|6AajekQj%HEnH!(~V=8QXZHwT<&ZJBviH9gz6p+DAyl?)clrQlMXP#a0td{J?F
zS)(JK#bbVIa>NpRXKt}Q%S?HbyR?RJWZy0kL9LjxV;fe|Hd9i#l*e5iA14I~);E2a
zRzuP-*u00yDap1+<D91S>C0YPimk6HD$wU!_1@|dAU#1*#J(TJld~7K-}uApu3h$O
zUKMuH_zK$(!$g%w=`Ib}n`N}N+zEl`%x*f4<zsrDMcYuq;o)7(r~65k)x-9n;!s7?
z80Wrx{rp+~eP<)2>h5V>z{k_vt(QIf{Mxa>V?!HU@#a@jNRm9ebvz%R;raT&dQT;Y
zE`qvALr!%mMKO*si^A)}qtxfLA~Da{wToMuN?%aC`xd1A`Pz}iohd|O3_*1gN$gat
zxI(8nO=<@|iwLFb&72e>GxpKjb-d+gM8Vf;Ui?yML}yxyi!3vTH^Ae~+g@Cal2yr`
zMD!IPEz@$jYY-Kvq&L;Ka_oYd_tWW2zmBY}a~YU6kC#wvxI89Z@ER9y5-Dy(QqIOs
zTjBg*&ERY0Q<;e7YCMCMgGX974%-4{JG988gREEd3Vi{`)+m;ovpwD%Y3~_roOs_D
z%pWd187CTjb2&@%zze=yl@k%>_R;LUWer&>i-G7&%}L$Vi`+o$JxJ6`cZ>eu{T~=g
zAa!vPq}8y@WSp~C`s_+aFv-+hO)~V>@8J72>k@X&Pns8&JjtAiuCMcQ*BveEkj4ER
z5g8IBnsYaTEXst`F#IiqLM0NJdu<&w`ey}MYQ8edzip2Ft%P4I=qtg(*N8T-KS^w-
z>a&AeeM8`Dh4shX0yvTpOrA{p>tA6SNDTv^YVVY0C-Y6-{=Z}SuRE$m0B<SNJwI=X
z!Ux|-z@!PO{1S&tYKTA^+kau`h&+Z~1VTrbar`jyO8wy0{`YSe5Zs`t;Lq$(zJ3Kz
zwxG?mUp45f);wI{U;8wX0Lp9Rp%eOXd+o0e{)1He?>Ffy1Mo}Zs35vuz~@96g`h!`
zClPA!%S)#Kwvk)5Cg@)W@#lYp&_O4s_kaBB|IONWbIRBbzZjWfAo+{wK2W>g_eHO*
z!k^Rl_6gf75W#0&{ZwN0<4>|OBH-D^)w4|R8&|bNcYnPy*;7$S*2zDO+pzz51UAHE
zR{|p3$^n>rJTxK3BFN7E!jHfIuOVGS`eoPdum1QO|9avfNl1ILzNzlJN%+SjWPAe4
z{{++b8m)h=fv-P_1_2Rwf|Z};-$>B^cOl;^aODSgZv_A23%>iS02>S?X&`3ruU7vd
zq$PXk7P4LbHNYSIG?oTK`Tw89DN@bKo7KAz5#K^>TPJ!UEx|^ypRZm!Sp+EsB+N#H
z$OBx-Cf>V`V_ceJ1o#X-K7KrF*V8{gRNfCQm)n5Dxj1W(><k=Ubi=N_M?;2AU(eP8
zIet$7qL>yoWf-IiuyX$2r2Tjb$X<%J4OC=+dfivsALUfJrn#Jxj@!56J-gNxhU1eG
zGyU2Tel6lPi;zi`@QsZqfHUR;k;2Hhn`hGlItP3}hs8kA&(KwkPRLI5AGQ2{&MD;$
z1j$y3n>kCZ&j$ce#1P@|X_;3D=xAS|cr(yPG@xKOhgf>ebY_;WLdubcxVwNiP<Hhm
zmK)DL1`gVVO5lMWD>E)lySo8&l#Ib+!wzG-tETtpIT0|QW}a*%t%3Sa4**gu!8x}8
zN=to+&miDd3!qr92}BKT8<)>-cXrnRK1p+=${$hWL*yrgm@YbJ9myO<*wCTuT3rw}
zUo2{XyBy@5D#$_fhB&sOg+0-TT>za{H+1iYOXeIK5uZX~#5R-tS)#ZcNemhERV}8%
za<z(@Q@|e+PI0v7#&|fN_qK;~EYQFz*g<7He;E8kvOqQwFp{c8Es$85qvZ;q5!VB9
z(gVwjoI2L&O34G;ONgCAf%UMk-LQjRzIOKs=H7VQkH?M(7mDbXRh&K9<=G~TxMu(*
ztu8V%7lch$N`FC-QxGK~Be~iBZU9|~=-jF0XqzIIl>jAn1W@he&F;!=s_Eu(>=1_N
ze5I(^1Tb8Ua?97E$ZNOkE?0o`69=&;w1l*MQWj;xQ#=vQEz;zf_Bac@U4WxqeuDu`
zxQS*22G=J-*pNrsI8<QT>YwSA1iWeu&{4B!O%U^X;*L;C%K>s_8a92k%q!C(M_fiv
z5DQqp0wim7Tba69?v5=4(bhfy1%giet@$nBfjb7Xwa{20RYEXCYEXH>TPD}-(RP)(
z#1ZU;6A|#*!z1i7K_izPyke^>yG8+TH|62r<)7k~EzEZ5u@zEuB0owMW2VO|aCW^M
zu@pqOyv(ZAo6|JFt)8!aUBFRZah7!+$heqieqA<tAiGHA>|Iqei9`?~>cl)`I?OHq
z#!VCTIszD~)jq;zs$O_wQsEv#?a3|87T&iUU2lMK4iHT_YE~qrqTJP$qthRFpkpf-
zAhWNa{9dvH5%}t=^!7GyP4GqBgn2$GC7mn?^pg)&?@W^}2-kJ1yKLqjnBV~oSJ@;Q
zs`@jO(kXkc`;J3Nf09TPJR%g{rY7(R-hV7?T;?TdO^wGP?YfZ{s0TCX4vN5zj@oJj
zEQd6<N~cqzPmCK<DY3nM-T;Y6Y$w1~XW_}`A+n5i>j;J#Jh|pjX1d<^)zi*8k5FZ7
zi=9*IfgP7HS$QWmryevXGw=r1s`zL@Z;x8dY%IgCi-y;%m_ICNa&iyS0W-MwVO})7
z^66aZ5H<gR%^lh&g238#X85?<-ZIXs&vc~v%ePgHzYe57eoFA!L)n~-Q4C2=Xb!l|
z=AO}wFdB81><za^D7<Y>De=<e0>ISDA)ydaH$T~`Y^oZnp}Ip8jMw?eP)w;rT)d$f
zP1j0)e|UDFgt9M`L#HoPN7jkpf|twpMoP^0B|>95r{n@rGPw>JQVkh8ZqvzD`KHhg
z)ZWle?qqv}0nY~xwNv`5NsEfi(&Op&8E4J~cIV3_sqhM}B7EXt8m0^b#KAOq9?ePf
zF497}aDgTg)3Ay=R2J>G^yb^-;2+224qrd^5Ob!9?sxYEp_bio?H!a)YXIT+z>Mrm
zhezv#E^*~nnsn2#V^%bY=_v==`9q&}ZiUi#M)Xcdr<^YJF7smP(@Vs>O&H6VDD0@M
zMF@(*>!0rwmzr`&6~G>ZDr_@R<82B!mU&fAdIdA(NqHa2okUWhcUG5e5ZA`QYlzjE
ztO(nlm?vS86&T@9KR-Q!_WEjHzo(X?IgTQj66*m~U{D^i)`9!tdKc6%9UeW?)&UeV
zTPDJlWe|bPPcMx(;7_Q>sfoo@$qe&6v<Cp=wo#bKM@*53qT8f!ilaIIWU8M;)5tNp
zTNw)#8_Ur9{J?3q>^kEw)o6Ux9XxSoyY<IL5s^K1&HVev?Z5>yCnmQZo8e)BkPb0h
z&usMY7YGrDJ+YI&|2*D?>fl&?OauY;iR%b%{fS+o<{~sBN?q9lNHD6#Ye?ROa30i1
z5+@bKu9fhz9?RTd<CPqX5wM>H@!4E*QP{%FU~6(ZB?mlmYXnS_zLiF?Q-04xq)Pko
zATj}7H-&f6s7uEA>1A0`SwWyn7HX{OUB#|j2};wZV3Oy!83a9#riEj|l~O|)l-U!n
zI!t6jtp~v>S}32wL<HR15T7(!&)#x(=i7^jB!OZk0`iSEP+7ia_B_L5f2yfr7EYzy
z%~9P=Z8;<(y)4u3X5ix(+N}6L`L0drJTz*}GtqJJ;CW`+#WJ%A+vq2Y7IGvM^sPSJ
z8ZQLC#M%46LA6Q3(?zmjeF$f->Afp6%N3T3ST-lm^dpgyPL+?k_Iwy}4X6b)WLuqd
z95TtB>b_2Q@-S@^@c32UjX+<~^QGJSt&Qcu<ttQ77i`fIPKwt(R99Pvt8Wzq`*9iv
zQe^l{E$ATVY9K8Lb{UtTW$YuU*)=;r$D;4tbPZT|&LSLK-AQOW66s_eaYCR+?Bv_J
z-7jrNZ$!WOK`2+t=c|3}fq=osz1ZOMUKJAFj#1RgBR#;>7!Uz5p$?H4R#Er!5iCl{
z##F?}4mQsaT>)mN?IN=t0CC6}OW(FtTfQ;Fzzc|PBmRd9Hz!;t<1lh<0K|3HZ4ydX
zyi3Ns8Z2IMO8L#oY+j3#r;2E*4=;L};ex@cR(~uoC9LdMWeExDiQ@jX^JIFCv1IzY
z_tA{yY(ACdu*E=}HZ?J&4Y=Y`4xOS2bcZXY*$l%A2U(hO*sPt=t*>nsgKg{hyaz|T
zWn#d!s$VDBl(+8_fz_nbajIf#6RK|qvh?`}+;%my1!pFxd-lJwO~O1IKCL)hjbHqu
zb4qz-C*IWw!8~&&-pyS|{9Ku<L3LxQ7-wBHAw5)JuD;GAu%tacM8&f`&gotEX?erE
z{?i@fMSWbJLJm@R--T`5Xi6%7p?6z7_z19w9#a}-PCqikxd&A!gr&)XqJ-xewl=5f
zZ1wvYmHZ#fG_i7v&H}2j3M6~*v22`tgPCw-ax|b*IOC^1OKsly71!)7HI-ZO-oh{N
zaj!1ivvs~j@_l?A@`0%Gl#7PP=av1bu3QGZ{^}58Xc~q>BdG;s8MA=c%kj3O9^!=(
z1`%u$iacX9@|^#U9o*U1uZXF1f{`q6lT6!1BFt7&q!P>wUs%JzpO1)+;+bX2^%1rQ
zPIdkZ^ry|Ey4?~(cm`Hvx0joRS_+Ai#H*PMU7}s^YWFh^s1R&kTI0@6krzQ2+PkV#
zv%kghOgN&W6IiUGpVmfXCK!y$n{i=l)6CT^uN|Qrz%6!hBI^gQjO{70zug{e{bpH~
zpdYGR3VwyM!(-|qNfMHt%6ixv$-d>b>pg;2Zl3B2c&N3#6!3&LysQXv93(LAF=;mT
zX8~trTaoQPo)bDrTV&$x_qQP4?6-XvZf!z3)u4;J5WUS2o;JOpkFbaOtxDP3QX(}M
zGG(?#83;Ds0gWAEK|Zlt;d^QM%^Zle*~7nAM{vE)s4m|4nCQ4;hvIqXFC#`PQlVMx
z@?}SI9n{L^lETmCKcd#ZR}|Q3O%e|2hlNWXPfI(d6cvf$53H~Ni1*6x7T!7#d_~yb
zyeB{VTjS!J#pQt+_hO2#+7?TGJ{8ZCo{r#NNSCEt7<qPD)-H56<?L~ALHfeyXjG{x
ztd=yRI&n!&df{sgQ!l73T&iNPR4!1G2AfGyBWK?$Ogo4Ec6lPg;1jVT4LctY5wIjj
znwmVC1tyEhcGAq{){|?dq;L*d>_tsw63CwLh|71||Nejly^1?U5jdg#HgitJ?6U4M
z740oL7TtIUUC#{`i?l;CY)v_wjZ+QcWPLmf`P*gP)DbT#T_^_`nntocSDX)f_MX`~
zl>y)dA^yO-ov$fp??uZvdg)B2r=MEn4JfSNfmzr~b0*E5Q+keJp+()Z<Qi74la7a>
zxDas(Sy!1B?hb!jvHm-G|ErsKc=uO?ygXEb6ADH}Wl(H4TmgM?$MFZNS5JG2$yh>4
zXH_|MVY7{;W7ueggpJ^QanN8@V>9!3#n4&YrZ0-fY!I*@h}Y%(rEPNE*JWF-4*U9a
zyN8n`DJs`PY9OwUn12+NBTw*dEpe<I6)@2vY<Cvo2=`KUkXAYu1ZtMK=U@xjf>@7s
zY~u(@U@||um5`q)^(AxW{!lyG8LY)+1#Zk($7(Hb<LPD_KNGq^Vk#)B+Z_Yz-d0!8
z$w5PVPRMJ^1xx6!l}luqE-{tb?cdC{J9c(cNm+c#14r=PE=?gEncn_@E459dz4U|f
z+b7boM+dlNgI)h%)Qavr)XM5cLdvG-rO6dwb8%}aJpEHN8NY{eNTTaDkOk?1uQQ6M
zmj|WqkQ)D(r1fGneGKhK+2osLz$&9;D(^21k(H5K_TprimX&Sd6SgxZC0;5Oz<mR1
z%V2szj^Y8IjK^sc+G-El76)3$w5euS=KA@YUQ_m+2~l#@QPsNNsq(bDg^6zAVw<NM
zh>6Q4>A*I9w}Ypp5cM&`5RKYVFT0r@2u`6osi=b>`|*|%ZR)OZ#wYZ(E=CvOj#!oG
zo;|6e;5z8oT_Q1PTSLc@-&s(va%$3X8$tl|4CRIH^2Hjp9h*`Ls#WSni}<#+iWhgg
z&R8h*q<Xz~li$E^B{gR+XAlI#&p8eT3**wrdmIB-?=Wh19zncHH-VHmc)6`y5jZq8
z+7Gs`Fr`#Ul{1Wa14!ZqC?pKn5AKdt7A7n0aOU+7?9<(uijw)b{E2r4pQhMkwzM@&
z*q)55!L1fm;+sm$20>~C!>8CuQ4XtQN_QQb%O+={<^R5o$=D66-JSLn9W|`8pyjQ%
zdTLkXdbeGxfP);b=abLdn+w5N-Gs_*dY37$sY(W%weJuM8jB7G4xim}fteniWR0@&
z@C&UIMc85Y7LpY*Jnz0c^O9~0(s*yR{<LXflfK>Mxs-Qj2%|p;cNsN&tLm(3o&Kx|
zgsc*gk-%FqO0<sz)n;j=K(Dhi1?7?6Q8Xc^X7i#|#$HsCpG2OFmy#yqc@fcGkr~<k
z)9#o2DfkB+o{=;2C@C@BMGa1GaS|`9n3v-cQVvWq5VlhL)kgeLzUeQEo2fFVZ;+L$
zu<3ZJ*d*CVTLPJHzDF=<!oX`LJyo0WFy^A>k%f!XtJj%c;1XV4l@*I5I!RIuP+o_f
zDdLPesZy`c9;Femd)d#|#Todxqg+uxO=*pWir;m~uqd5Ka?oH<OXnFIhlxsZ)I?2J
z?WI*o4CR$GJxU4V(N!g&jNi*cU4$~q7#=ksRwUcGu-zW7P0CgTg^W^5s*9)FDW@`4
z7lwy*ikg#`*4zl|2dhT?xTKnf&x$-%Owy-HFv`Dhw~D(2gQFU%{|rvYPNyb4FJ^p}
zIW<8zNbK~WY(=-teHvg@jy0byjeLp9QO8QjGUYWV+9ywb4o-GYAjq2v_usHDPjPO+
zpXZrTTi6q;<*DYA<0HQ-N>_Ap{ld}o>F6PeZ9*{HbnYs%@<Miw)^-%FE><@V%?}93
zN1KX1=>)G!kVVXUz8nqELJe$rO_y`7Zg+Y!tax>;YA<aLZw|Wrq2TvTLURErBQkOD
zeT9OHGGa&&89Dw8*;CZ2Yv%`2ys)wE>5Pg@FT}a@PIT=y8kuw4TOiF@-qCa_`=Ij3
z0q)+>bdL-_QIc~NF`43Qv3eL4Gqof_hYDJmxk^P&m6-&;p;oi!d_fDMDkX)^C`+4g
zS0hbIv3o|dQxH(zn;gYXbV6<&iTzxw>Sd!ZyIDf#I~+GcuD#3cW7uBY&HqrPMOAGD
zte<R>_B)odtscwm++XiDGsN1X=-oki$$F@)H?ZqjD5}}?eY}*N8F4((X@*@h>og;&
z?x|j;Co`>S(lb9Ln*lp8#(jYDxl>@L3Wwg#!up4}3vb+F)6Qh6#H&mcLb+*vd&s7G
zpA~;-34U<FYtruqVMytL`XEc-nl_-nX-!iDRf%|+WfNcLs3+-C9nF-nEK@3hXhD}O
zXf+8N$8a7~{&Y_HM8KjgC22-kj(6^+<AeE<;T%gY$*lShGx!7s|5loGR*I6e=^GXP
z1VWlX7nK=~pvHQ)+kEhBd9Z_C$IAAao`ZrYW>OAo<XRwWJor02!(rm`qSaG7yy>!)
zb0sH}e!%rOc91pdNnr2)v25N*iY9$jVOxeW8h>cPitO^?jE$1rs{;WCqEflg8%9y>
zTxtzdUmW(5oSo+NKSLvs3X!w2himth%?*QlMWrCOGl$q)E}LguNw2yXXs5y&ndTq-
zOgEmA&+O$4kfL?&Cn*(@wNN&uufPixzIS&x*i*?kxD^eBmv>&f$iT>Ue0f~4;0fx(
znUkHYS9n7SE3&>;Wv;*RqS<woU0!~wAS0r}v60FZZg}0BoOxc<oO;mDjBPR_L`JMY
z{6e6(imN_}5gC6w#<|RkHG=l&<1!Dyqu0|$S=W*J)8JOf>$U4G=2yA=)Y#qV>u%IM
zC^~m6z-1FRzJ2ry%sI!_QLkY$*A>iS;dV)xV{YdPfq!se3L8=7=-+6z&rj*?YfZIc
z|KV_&x-7*PWb;2L4ZR(KDmQ%&<DcGMAtXd(Av|xSnW89I9Bwc?Jag%jN1z!^Vp@vg
zlQvoA1j>YT!*rAjs^~F2ryJo$uBx4i*u(fzC1zUur8}<+<*g%$4hB}Ku%?chJ&!|O
z!5s{mo}<+bPm_-dMwsF`9#hcp1Nfhnl{1Nm8IAwUWVQqO)2-w~>1N>8fb<nhC&_N%
zwF9lhW;iXA6a(43XCzB;t0Pz+y|AIA`b0AZop3M8^;1HGgoWD|^E>TH41_NUk3Qxe
zs1?y;Qx!uG<&kmmTMf9>mW52OLJclS5`>cy^X3EQ3sChR&8A&9TKPQoy$*UZ^v3Y`
zr+z)m*7@HdKip)=(`8DWFA&$~y=-<R8Jh1@J~NeP$Y$`~B2|+nl#dzJgpL<2exVG@
zpn!bW-tf!zUgDW2u|JYdA%=cH*}gw&6}8MnQMAiQ?GVTql2xRk5gyA;{DY(yn;xYd
zyul`$k&w{edz<0YGPue{`|&hgO;x-}6FJ==XEyqnej()W`x^;Q3(UyGRmdDyrrORI
zN?EnNx>>DllcFG>Y}`rNXPAF#=GlbD^Krmt$0l?7XV_&dbxmEPlen3JVq{b4WPNu-
z76V0)nR-VvIr#zvXk&Ao`4aC!@`T7N4Y4oA&;5<fh`4fzTGQkPSdW%?mhSF9s}KcZ
z0zz`A$?%SXG}D*axNUgJO1rniK}Dw={A9Zz`&X~x+0tY_3YCV1iA$=-)chZqr4lcn
z&8QPw4xiEVQ0NvUWyDX3EKKt4$1h<O79NEu8eJXdbDUA3{%q!ufeOJXmXTdsrSIl*
zt2B48bJLBQRD7411K+;je9DH(=l08KFBZFN4wpzCP9qPfMk_Z#hxw_H!_?=BDL6{j
z?MiTjhsVEKrMRD!^lxAj%2s-dyX7;aP9|XVQs9DTJG$C&xn?PtrXcfR0+fKuH(z}C
zq~EN900sZiO$j;XyY5(b!JcRBPwJR&^`T-YD!0$(+DP5>A)@oY0|W(U-#+kHuy9n8
z+;`8p)x!rVqDPN{&w@xk$YTf|+GSSym|lK!YQXHvM2d=@3Th3otUUf9!lI9<gzrhq
zqwk>bN=K6v{ULq}j_y~q->(Zw3W{2h<i`6oj%tR;#KTqtTTElq^|VPE*EB8-&+e@_
zvLFXpGTNkQXGMk7jq3%mRi{Zlc<G`-_o#`cVsOq1c33DtIVJt>ko8PXu+B2`Q_?~i
zzR)!8YSZl!wg~AC1|eL`7hUs}7g8=6Co`*1dTyQ8xuViod8P?SX|>-{d0j@Z(ZX%V
zAI>CIS^FDK#=7T-+&%j)lbY;f2alk#Z1?1(mIJwXC1pmYN3M9m`FETATl7jMY@?F&
zuJ1!rI?K|+we24CYu!xn)7A;VaYG%<p*;VY_@&jWiFn{A89~vq{*}RrfGZ1ntIXx@
zx)+Og*A*_7P>OSE=GU%V-4&Rh1HB%@mo`XXdEYWrv@5L(Np?wk-8juE5e-a2C2L2g
z_hFBOxy>iF>|45fMX;NaB3~UGeYBDcsNDFWbz^y`0^7E^Nb`Mj>HaAN)^$nrV+!m0
zjwi$ZI9qJ)lAEZ+qn3;$+Znna`3W4y?h*?Y_qBO@5aZFO%bY;-GRzs|u99jV4T*G_
z2UaLWB)87kL``VNTy`&v-sBdvshhIp?q^v@y$}oKziTd<Bz(|p;0j%4SIg>Q>Ni)(
zs;X0aXL5yM2^UB?lpY_&(jLCKin)MGYkLKHZf?Bj^x!wE_(xvZbDkoOO#$u<)sw^U
zX1&}pbtw@^_0tyVHg_psQx>USxN}99jMI^D>)74k*rDYto5h;@jxFs%&Tbe={h4jt
z!JH9G)mv&w9=yYuL(*-sn`T!sIVHeG;q1VR;Ph^?PF}%cpu$<*wac=+@x2zCtGp<o
z;*gcw90A{+EBzPqxVw_@UK4fySjBID3PyhBBHm*7J;0XK2}!e-3VbGHJ4qX%`&ZhQ
zMB|@%Foq^Qdq>#!7ub+Ml)9!12w3?_j=xkqFX`T|i-{N!dixF6pf=w}3dgY@71$DS
zzM4+roe^-?_Hc2t*MHX+KVAYmt>k?9Wc}Z|n6*kfn<O(CLOHrf8?Pki=B<n!|Gr8`
zhR~IL(XrZpQi8v32ql~fFRwirSRlUq&uae;Uk`SLi+b3&=3nT6`H1=gZS$N>(R1=&
zFmxHc0X{IXuqnClw|oEYy0DU2ZD5cj^I>*k-|br8ZenBBfE3yCBuxFPZ%hKT&AhjR
zN*tu$zbJpd1K%wKg;BY{Q2s5X>$@s^!dqxqA1T(VC;36t_V>FEsYEoZvG^qH-~aX7
zVSL@1DKElUh@7Q=<~{NCHkOLuL2g%gul&1F$k##o5&?%;<FnNn>bu|d<-fTX(QO1M
zGK>u#`o*JG_zbWP@&Wd7zwhSbo6O@t?JzvR|MB*HFP&5XDIaj5R;QmisPk`3<^6i1
zg!y!DLSvm84~zWAl0UA&T1$k88iL(yFX#%9Eg9KaeslBx8=Asf5=7^Ff{aRkW?01j
z4HcQ-lR|0%SEuG*5|mw~zST!J1buXKg=<+x0z&iLyP!w1X$j^v0a+S<C`c`bj7MrD
zjDoT&o)221jkEO5@maG51J4YB6|_-49;P)Lc{}d9y@M-8_E0V`<=BTZYL|f0+5>4P
zb1wcFNC&szunX1z<6eFAqtxy1)61A5niKjg7B=9o^j^<Rr|#F_#(D#R0R#QjL9844
zgyv8^D+0vn`&k#%5w;uALe4ozqZiupVNY~Mtunbd&TbyXUg>@HJMcP+pcAhN9lF6b
z7=kA)B-eH6K!`;&$1&i{hxBs&qwegc;2Y#5Y1RbWTvuv8fC*gsREmHSLKOzkj^K;E
z`Bj_)f`eII=c(3r_dv-N5g@`tar?n+&94OeUXa+GdarVHtyO}eqyicRAN@mNK=w?L
zN5G@9i86#PoaW6{XF<-gW(v>8<0m&k67)vo1*6%!hvi-YFn5UZ7MsH*kj)%?nT4h%
z<LN|d(4eq&5ApHwkJBo&cn!4TK4@5<2v9$I`A>Q8Sm?f34T7S&KGL5?w7{*(SJg7r
zbK^ibqrtxp5z6gH?SK2Ln-?c4Idn@7{2Bung`iq$@%gQ9;{3}?onr}PJv2NfpO2VO
zCZqO)iP9H75SP)Sc^(Bml(Dfczdv~5samxHjTgH_jYmh=v%qf+(PY4UN|rW^o?;=J
z^jPo8yDd*WcGWtmn=LP6IR_-GDA6+mA0AQ5w@X@rFSMZg8?_{9`T35zwd63>&ij(t
z5NZ6Mmbf9}bSUVE>Fa%0+j{H6LsM+A?6?im!qTenDCta7tPVWgX>zT=(4uNLJ-<~9
z`LRxl0*K@KE(33)f3>Nc6dwh?WbUi+gsmE>P&O*fXG<#GC#$Cv^Uw@P#RuW0s_hap
zj_oVRcE`@If!uXT>q<suj^Nmhe{}`<b2W=1v&Lqqf-tTTReq?mPUr@BL)*#xPsOT`
za_9>bLTs+SzbkkL;@_#m+EZk$R}_r`mTN+NEZfPBB+aq|%FAM2kWxIELp?q^BK5M+
zdU$AV(mUN^)@SE$1JWStJC&-GNrtcT)P8--A0bvdJqw;0*zQ3nvdl+2hXHS2Vy?)V
zZplL!D{c|alO%Y%JJZfgN7U@x(!3s*a^Tba$2Z(*iYGW*$^7pcot%@qTWfHW_3D$<
z7yF(a;;dCxJTx9yW7uWja`W1r?11O$5~!0MCM{S^Y;QjyraJN%_p&)o+p*bmn6SA`
zAXE}2(L<i4IheKnfZS+XZ2+2-F4dpitVpbOkMmfn+t#s-4sKeP5CPv%uM(i^P8;}r
z1bgzFfIOkuSJmrZ=%ZjApb1?didEFoaa<$>n}RIm(QtRJ=wx^9hUH;En{0xf{d~)N
zDP~ch9XpALNe?i7{{vU}+avaaJt4WbO+PgnZ$aMSeys!yvDd1|Ik#riPcKR{x<WZ+
z<&@mvDdbt;FZbr2-)UUcHd_*LN+C~sMw^{UQ~cvO>!``RcmtyPS#p71dZ?Dt^BFVL
z?51}~XgR6<#;|V8U=C49-#H<&z0neOnZ>&7%g19aWBwxYO%;vhz%F^Uz`g-H$BK_#
zS3s(68C+=-58|po9|0ca&~2q5uu*8Y-r$X%4)7ALTgovdr{<Wgf%gVI2fyt3pa+m7
z#S6=kHm)Ypsa1XFc%v8Bpf6}uH0Y!SyqJZ1{ho#99QS<ea34GB4yaKi8W}%H89vl#
z_Ty>!W1=Pw^_*lfepoX5rU4O3Z`;0D&}iaUc8=Q(#H$-sZ+qi`LOSKn%>h1amZfur
z?VEhY>D~E_yJS9xZC2Z5;y=Exoc%2_?DFw=c+)HPS`LMeYqDsC1<S(A=h|S=bT@Wm
zzAh};v}nMtVGVm&ZmMVv6pD}K9kCy^R&HqAk9{L=s2P?i%ZRv>$`g#bj5W=q7Q=_*
z7KGP&4EmwUI9LI4NnYOT{NYVD-WR<9)q&@EXQUbSp-H9{AXQFz=Q`a1dWL1>!&1wE
zrIkiz0G-nf!Zz%Mh2)%NuNIOcH<8_7KVDbl82(X>VS~Ab6=>rAbj6$|Kd;;hOJ(>?
z_wUdd9=I*%1w?6f?`6|HYxly++1l^vTe*1Vj2_rAQF`GwhX@iNdXzS~NLQ6Ya+Yos
zTqDWgnQwHxvvDiN0=nFm6z5s=2nCo~yg)vf1ZEpm){k&Xe@rpj7^rLIk*+Xa8$ZCf
zKmPpj8op}tYTJm!sLu`qLEua$jN#tAF@aAvFzL-(20<ljI7Y39yX`=eZ}0?`u(Vu}
ztTFHWW}kF7tbmI4q9yl3F~4}=>)sFfx)0NitTtXd9!Bp84BsvsEg1A-x8nfSWQ!}`
zvoT>7iH~#wh#fZBFfYbp+X_9MqA_d-#p|_WPeHZMn1VZxdcv?FtNC1Tw2@_ZvXRrM
z1jS_@e0Z{X`vuH}hN9C~=roOUjMXMC64TA&yUt6aQv$;u(^ayZ-eBKDi+JUJ$@Zdu
zbT>xgKn$bc+!IOq>6$N<NTRJr@ABCfAJHORi3n4S*2EnC!8`qb4{zQ7ZR4u2x2=1%
zw&AWZNYDquRq>b(yW~9_!ywZp{Or6tPmZO~eDP=>qW*j*ztN=eY5JbS0mmL_u<@~P
zicOU6zr51AjYs^A<EbJ(&qHN)N^As_3YH$_ww!B%a{>+a7GCV!jP1tc*8po#8;0l3
z%QZA+F+SGQctd;G>Fv(lD|jLJf|;=44LBQCeQXgq%GBT?gW$_(M;xQ{ILHa)u}hB_
z2RA~ysh}JR4wevbcviNaYj6kj+sb7Dc&rQa8}NX!!|_J8?fV7BLc%nXA{|}l3c3qn
zTxG-FfO>OljVzZBFtQKmjp}`*@~b7h=X|%!TvEh=IXrx6&e@$ejW?PKJEp9gE;iCX
zqt><&YY={_q3IN^<1{Tc{L0Wwn7d_6C~sj5949_C3u3auj)nHhb9?W(benwF;WEVg
zVh+kf3kAle-H$lXCg}MQ!@8%Z*rn@FAH~C+_k$0Ho4#O2#fOf@I!9B`JCGxkb;OCD
zXTLcLf`ff60WAyE%j?eX4@$0hiXL7wjvSbkj~utnW4Wz){Llr&Vizx%CwzG8^hvpf
zxG>v#`WT7Qk$bd#urGE4U~H7$cz?^OlTAaZ64LrnP92Jp`#1#-{bX@OFf9h8Yxvve
zmI{u38OHjbtHi-eQaBqKq2XPr-k|$L1LqiRS!jx^{gs++sP9-tgho;?x5IAHUa@!f
zRm|K<^<fr5WRz*K{^nf&tK*pWbH~C#yuqmySmm464d?1tEj1qU`kEQL!V(L@tlI9O
z15`uxT5dZ28ewJm6Iz3Q4PgrAap$Sb8Pdjl+|-g2eunX|T5FXtxn#BHc?)Q{&~tG@
zyy?*(@NXxWsE;U<Z{50$$K{xo$%xw@y*D0=Vq#djqvr}_X>M)ndOjJK=Ptdla~P~d
zx`&|f7<TNg#u5)V4?oHssK<SPM(6`0pU&I-DfjN?1FqJUcJ1!KQOCwfp*J0K;3(XA
zgj07Qc-gfDCu|RsQE;xQ6b?wIR<YgL3pK7H|9)R@cOANxcF}4SGvXm!bBTMq;dW52
zeT7CqL}YSAuRp-sW*TaZA9S8GirQgo8Lma=T-z6u3l27%s?qq1zs2?5N5H*85Yl!}
z81VJw_2zO**I1p4zj>gUufaYEZ=!eQ-*@T7XremDkCuN;O5+#DW`4{8`^V7I6lq51
zPOL}n^VChew+~P2Dg2W$Oq>a^u^sr>UA^HE<Z8SX-f~=T(j(`9{Uh6*(bXGjT9yTM
z-Y9<>J^??X9|jnIZbn&2Z;h#M<s{uHI{1@C$*6Dz64aN>&&B?IWTHNA3B-3JP(=TJ
z(-7?>!>=TxCC>lscqb)2ANbQRA(q-hdS2Qw;MUJZcHqD*n%{nUndgTN+zOl7|KUgR
z*Z=L+jEwJjcK!4+tf!!+(n<G_>3<*j!4IPMP51uvG73^K!5Ko75<i<@p9AejfA*9_
z6P`oyM8%o)-oM6`$h|S8od3Zs{&iu|Gdr1#)8`fT{`4V;%NYFiksn;oSBXfxQE4#o
z=)Xj`f84^|h>t(`?B6c@--7w^8vbv={L32tZ^8VxVE(p$z<KlE4)dc!<G&;6UyiT;
z7R-<1o&Ofhe+%aS&fNck-XCqLK0E#kdjEd({%s%mZ^8VxVE(oo{!6QWyc~8C5lCV^
XFQ}tF?2Fq0f39DZyOJZW@Av-z2)27+


From f677371e6454767a1d4c3f506ab13aca008c4a46 Mon Sep 17 00:00:00 2001
From: Amr Saber <amr.m.saber.mail@gmail.com>
Date: Tue, 28 Mar 2023 16:40:51 +0100
Subject: [PATCH 005/346] fix: dev docker images base (#387)

### Feature or Bug-fix
- Bug-fix

### Detail
The latest version of dev docker images for FE and BE no-longer has
`amazon-linux-extras`, this update changes the based of the docker image
to use tag `2` (which is consistent with the rest of the images) instead
of `latest` (which is a bad practice anyway -- see 2.4
[here](https://sysdig.com/blog/dockerfile-best-practices))


By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.
---
 backend/docker/dev/Dockerfile  | 2 +-
 frontend/docker/dev/Dockerfile | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/backend/docker/dev/Dockerfile b/backend/docker/dev/Dockerfile
index cf819b399..486c42c0f 100644
--- a/backend/docker/dev/Dockerfile
+++ b/backend/docker/dev/Dockerfile
@@ -1,4 +1,4 @@
-FROM public.ecr.aws/amazonlinux/amazonlinux:latest
+FROM public.ecr.aws/amazonlinux/amazonlinux:2
 
 ARG NODE_VERSION=16
 ARG NVM_VERSION=v0.37.2
diff --git a/frontend/docker/dev/Dockerfile b/frontend/docker/dev/Dockerfile
index e39a321d0..aa29c376c 100644
--- a/frontend/docker/dev/Dockerfile
+++ b/frontend/docker/dev/Dockerfile
@@ -1,4 +1,4 @@
-FROM public.ecr.aws/amazonlinux/amazonlinux:latest
+FROM public.ecr.aws/amazonlinux/amazonlinux:2
 
 ARG NODE_VERSION=16
 ARG NGINX_VERSION=1.12

From e01e01412f05233dda6be20f730550fd3bc1620f Mon Sep 17 00:00:00 2001
From: dlpzx <71252798+dlpzx@users.noreply.github.com>
Date: Thu, 30 Mar 2023 11:44:50 +0200
Subject: [PATCH 006/346] Added missing groupUri from get credentials (#391)

### Feature or Bugfix
- Bugfix

### Detail
- Get credentials access token was missing groupUri input variable, as a
result all users appeared as Unauthorized

### Relates
- #389

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.
---
 .../Environment/generateEnvironmentAccessToken.js | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/frontend/src/api/Environment/generateEnvironmentAccessToken.js b/frontend/src/api/Environment/generateEnvironmentAccessToken.js
index 61cf5ed71..06b8f6912 100644
--- a/frontend/src/api/Environment/generateEnvironmentAccessToken.js
+++ b/frontend/src/api/Environment/generateEnvironmentAccessToken.js
@@ -1,12 +1,19 @@
 import { gql } from 'apollo-boost';
 
-const generateEnvironmentAccessToken = ({ environmentUri }) => ({
+const generateEnvironmentAccessToken = ({ environmentUri, groupUri }) => ({
   variables: {
-    environmentUri
+    environmentUri,
+    groupUri
   },
   query: gql`
-    query GenerateEnvironmentAccessToken($environmentUri: String) {
-      generateEnvironmentAccessToken(environmentUri: $environmentUri)
+    query GenerateEnvironmentAccessToken(
+      $environmentUri: String!
+      $groupUri: String
+    ) {
+      generateEnvironmentAccessToken(
+        environmentUri: $environmentUri
+        groupUri: $groupUri
+      )
     }
   `
 });

From 9057116265f4c6e422318fc8e627a6ebe5cdfea5 Mon Sep 17 00:00:00 2001
From: dlpzx <71252798+dlpzx@users.noreply.github.com>
Date: Thu, 30 Mar 2023 13:47:36 +0200
Subject: [PATCH 007/346] 388 race condition occurs when adding folder to
 shared items in shares and errors out (#392)

### Feature or Bugfix
- Bugfix

### Detail
- The creation of S3 access points is asynchronous and can take more
than 5 seconds to complete. When the share managers tries attaching the
policy to the access points it fails in certain cases. This PR replaces
the waiting time of 5 seconds for a while loop that checks that the
access points has been created and if not it waits for 30s

### Relates
- #388

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.
---
 .../data_sharing/share_managers/s3_share_manager.py    | 10 +++++++++-
 tests/tasks/test_s3_share_manager.py                   |  5 +++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/backend/dataall/tasks/data_sharing/share_managers/s3_share_manager.py b/backend/dataall/tasks/data_sharing/share_managers/s3_share_manager.py
index 7c70b2d6e..1323770a4 100644
--- a/backend/dataall/tasks/data_sharing/share_managers/s3_share_manager.py
+++ b/backend/dataall/tasks/data_sharing/share_managers/s3_share_manager.py
@@ -12,6 +12,8 @@
 from ....utils.alarm_service import AlarmService
 
 logger = logging.getLogger(__name__)
+ACCESS_POINT_CREATION_TIME = 30
+ACCESS_POINT_CREATION_RETRIES = 5
 
 
 class S3ShareManager:
@@ -196,7 +198,13 @@ def manage_access_point_and_policy(self):
             )
             access_point_arn = S3.create_bucket_access_point(self.source_account_id, self.source_environment.region, self.bucket_name, self.access_point_name)
             # Access point creation is slow
-            time.sleep(5)
+            retries = 1
+            while not S3.get_bucket_access_point_arn(self.source_account_id, self.source_environment.region, self.access_point_name) and retries < ACCESS_POINT_CREATION_RETRIES:
+                logger.info(
+                    'Waiting 30s for access point creation to complete..'
+                )
+                time.sleep(ACCESS_POINT_CREATION_TIME)
+                retries += 1
         existing_policy = S3.get_access_point_policy(self.source_account_id, self.source_environment.region, self.access_point_name)
         # requester will use this role to access resources
         target_requester_id = SessionHelper.get_role_id(self.target_account_id, self.target_requester_IAMRoleName)
diff --git a/tests/tasks/test_s3_share_manager.py b/tests/tasks/test_s3_share_manager.py
index f534e29af..53c7f426b 100644
--- a/tests/tasks/test_s3_share_manager.py
+++ b/tests/tasks/test_s3_share_manager.py
@@ -657,6 +657,11 @@ def test_manage_access_point_and_policy_1(
         return_value="new-access-point-arn",
     )
 
+    mocker.patch(
+        "dataall.aws.handlers.s3.S3.get_bucket_access_point_arn",
+        return_value="new-access-point-arn"
+    )
+
     mocker.patch(
         "dataall.aws.handlers.s3.S3.get_access_point_policy",
         return_value=None,

From d191b26a60e595f0e64a4bfcdfe1d295d528c47d Mon Sep 17 00:00:00 2001
From: dlpzx <71252798+dlpzx@users.noreply.github.com>
Date: Tue, 4 Apr 2023 08:29:24 +0200
Subject: [PATCH 008/346] hotfix: Revert PR on custom url quicksight embedding
 sessions (#403)

### Feature or Bugfix
- Bugfix

### Detail
In PR #380 domains that are not custom domains are not taken into
account. Reverting changes back and will continue that feature on the
side.

### Relates
- #400

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.
---
 .../dataall/api/Objects/Dashboard/resolvers.py   |  7 -------
 backend/dataall/aws/handlers/quicksight.py       | 16 +++++++---------
 deploy/pivot_role/pivotRole.yaml                 |  2 +-
 documentation/userguide/docs/environments.md     |  9 +++++++++
 4 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/backend/dataall/api/Objects/Dashboard/resolvers.py b/backend/dataall/api/Objects/Dashboard/resolvers.py
index a44800502..799354207 100644
--- a/backend/dataall/api/Objects/Dashboard/resolvers.py
+++ b/backend/dataall/api/Objects/Dashboard/resolvers.py
@@ -7,12 +7,6 @@
 from ....db import permissions, models
 from ....db.api import ResourcePolicy, Glossary, Vote
 from ....searchproxy import indexers
-from ....utils import Parameter
-
-param_store = Parameter()
-ENVNAME = os.getenv("envname", "local")
-DOMAIN_NAME = param_store.get_parameter(env=ENVNAME, path="frontend/custom_domain_name") if ENVNAME not in ["local", "dkrcompose"] else None
-DOMAIN_URL = f"https://{DOMAIN_NAME}" if DOMAIN_NAME else "http://localhost:8080"
 
 
 def get_quicksight_reader_url(context, source, dashboardUri: str = None):
@@ -39,7 +33,6 @@ def get_quicksight_reader_url(context, source, dashboardUri: str = None):
                 region=env.region,
                 UserName=context.username,
                 DashboardId=dash.DashboardId,
-                domain_name=DOMAIN_URL,
             )
         else:
             shared_groups = db.api.Dashboard.query_all_user_groups_shareddashboard(
diff --git a/backend/dataall/aws/handlers/quicksight.py b/backend/dataall/aws/handlers/quicksight.py
index 54ca9ad5e..c468296de 100644
--- a/backend/dataall/aws/handlers/quicksight.py
+++ b/backend/dataall/aws/handlers/quicksight.py
@@ -234,7 +234,9 @@ def register_user_in_group(AwsAccountId, UserName, GroupName, UserRole='READER')
         return Quicksight.describe_user(AwsAccountId, UserName)
 
     @staticmethod
-    def get_reader_session(AwsAccountId, region, UserName, UserRole="READER", DashboardId=None, domain_name: str = None):
+    def get_reader_session(
+        AwsAccountId, region, UserName, UserRole='READER', DashboardId=None
+    ):
 
         client = Quicksight.get_quicksight_client(AwsAccountId, region)
         user = Quicksight.describe_user(AwsAccountId, UserName)
@@ -243,16 +245,12 @@ def get_reader_session(AwsAccountId, region, UserName, UserRole="READER", Dashbo
                 AwsAccountId=AwsAccountId, UserName=UserName, GroupName=DEFAULT_GROUP_NAME, UserRole=UserRole
             )
 
-        response = client.generate_embed_url_for_registered_user(
+        response = client.get_dashboard_embed_url(
             AwsAccountId=AwsAccountId,
+            DashboardId=DashboardId,
+            IdentityType='QUICKSIGHT',
             SessionLifetimeInMinutes=120,
-            UserArn=user.get("Arn"),
-            ExperienceConfiguration={
-                "Dashboard": {
-                    "InitialDashboardId": DashboardId,
-                },
-            },
-            AllowedDomains=[domain_name],
+            UserArn=user.get('Arn'),
         )
         return response.get('EmbedUrl')
 
diff --git a/deploy/pivot_role/pivotRole.yaml b/deploy/pivot_role/pivotRole.yaml
index 3dc29385e..601d30f70 100644
--- a/deploy/pivot_role/pivotRole.yaml
+++ b/deploy/pivot_role/pivotRole.yaml
@@ -593,7 +593,7 @@ Resources:
               - "quicksight:DescribeDashboard"
               - "quicksight:DescribeUser"
               - "quicksight:SearchDashboards"
-              - "quicksight:GenerateEmbedUrlForRegisteredUser"
+              - "quicksight:GetDashboardEmbedUrl"
               - "quicksight:GenerateEmbedUrlForAnonymousUser"
               - "quicksight:UpdateUser"
               - "quicksight:ListUserGroups"
diff --git a/documentation/userguide/docs/environments.md b/documentation/userguide/docs/environments.md
index 9c18cbe44..9aabe13b6 100644
--- a/documentation/userguide/docs/environments.md
+++ b/documentation/userguide/docs/environments.md
@@ -77,6 +77,15 @@ Enterprise option as show below:
 
 ![quicksight](pictures/environments/boot_qs_2.png#zoom#shadow)
 
+After you've successfully subscribed to QuickSight, we need to trust <span style="color:grey">*data.all*</span> domain on QuickSight
+to enable Dashboard Embedding on <span style="color:grey">*data.all*</span> UI. To do that go to:
+
+1. Manage QuickSight
+2. Domains and Embedding
+3. Put <span style="color:grey">*data.all*</span> domain and check include subdomains
+4. Save
+
+![quicksight_domain](pictures/environments/boot_qs_3.png#zoom#shadow)
 
 ## :material-new-box: **Link an environment**
 ### Necessary permissions

From a17f12ac5a2b83bc6de2a8bd91a8b6a80e97706b Mon Sep 17 00:00:00 2001
From: Noah Paige <69586985+noah-paige@users.noreply.github.com>
Date: Tue, 4 Apr 2023 02:31:53 -0400
Subject: [PATCH 009/346] 401 shared dbs worksheet list (#402)

### Feature or Bugfix
- Bugfix

### Detail
- Fix Worksheet View to only show shares to a environment-team specific
to the team's IAM role (not consumption role)

### Relates
- [#401 ]

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.
---
 backend/dataall/api/Objects/Environment/input_types.py | 2 +-
 backend/dataall/db/api/environment.py                  | 8 ++++++--
 frontend/src/views/Worksheets/WorksheetView.js         | 2 +-
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/backend/dataall/api/Objects/Environment/input_types.py b/backend/dataall/api/Objects/Environment/input_types.py
index 0b87eec63..d47cf8f22 100644
--- a/backend/dataall/api/Objects/Environment/input_types.py
+++ b/backend/dataall/api/Objects/Environment/input_types.py
@@ -98,7 +98,7 @@ class EnvironmentSortField(GraphQLEnumMapper):
         gql.Argument('term', gql.String),
         gql.Argument('page', gql.Integer),
         gql.Argument('pageSize', gql.Integer),
-        gql.Argument('uniqueDatasets', gql.Boolean)
+        gql.Argument('uniqueShares', gql.Boolean)
     ],
 )
 
diff --git a/backend/dataall/db/api/environment.py b/backend/dataall/db/api/environment.py
index e41386024..1d8c0e68e 100644
--- a/backend/dataall/db/api/environment.py
+++ b/backend/dataall/db/api/environment.py
@@ -19,6 +19,8 @@
     ShareableType,
     EnvironmentType,
     EnvironmentPermission,
+    PrincipalType
+
 )
 from ..models.Permission import PermissionType
 from ..paginator import Page, paginate
@@ -871,6 +873,7 @@ def paginated_shared_with_environment_datasets(
                 models.Environment.name.label('environmentName'),
                 models.ShareObject.created.label('created'),
                 models.ShareObject.principalId.label('principalId'),
+                models.ShareObject.principalType.label('principalType'),
                 models.ShareObjectItem.itemType.label('itemType'),
                 models.ShareObjectItem.GlueDatabaseName.label('GlueDatabaseName'),
                 models.ShareObjectItem.GlueTableName.label('GlueTableName'),
@@ -941,8 +944,9 @@ def paginated_shared_with_environment_datasets(
                 or_(*[models.ShareObjectItem.itemType == t for t in itemTypes])
             )
 
-        if data.get("uniqueDatasets", False):
-            q = q.distinct(models.ShareObject.datasetUri)
+        if data.get("uniqueShares", False):
+            q = q.filter(models.ShareObject.principalType != PrincipalType.ConsumptionRole.value)
+            q = q.distinct(models.ShareObject.shareUri)
 
         if data.get('term'):
             term = data.get('term')
diff --git a/frontend/src/views/Worksheets/WorksheetView.js b/frontend/src/views/Worksheets/WorksheetView.js
index 52f1c6121..c5e2a2ab8 100644
--- a/frontend/src/views/Worksheets/WorksheetView.js
+++ b/frontend/src/views/Worksheets/WorksheetView.js
@@ -161,7 +161,7 @@ const WorksheetView = () => {
             page: 1,
             pageSize: 10000,
             term: '',
-            uniqueDatasets: true,
+            uniqueShares: true,
             itemTypes: 'DatasetTable'
           }
         })

From 6460986883637b2024615fa8ed5a64c07f3eafc0 Mon Sep 17 00:00:00 2001
From: dlpzx <71252798+dlpzx@users.noreply.github.com>
Date: Tue, 4 Apr 2023 18:38:04 +0200
Subject: [PATCH 010/346] Fix sharing update (#404)

### Feature or Bugfix
- Bugfix

### Detail
When we import a dataset stack, if the S3 location was already
registered data.all does not create a storage location. The issue is
that for datasets where data.all needs to create a storage location:
1. the first time that it creates the stack it detects that there is no
storage location and it creates the corresponding CFN resource
2. the first time that it UPDATES the stack it detects the storage
location from 1. and it deletes the CFN resource
3. the next time that it UPDATES the stack it does not detect any
storage location (it was deleted in 2.) and it creates the CFN resource
again.

To fix this behavior, in V1.5 we will use Lambda custom resource to
check the storage location and avoid CFN resources. But for previous
versions, this PR includes:
- in the method that checks the existence of an storage location, we
filter by the roleArn of the location. If the roleArn is the
`dataallPivotRole` then we assume that it was created by the dataset,
which means that `existing_storage_location = False`

I tested locally but with actual stacks being created. No additional
policies are needed

### Relates

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.
---
 backend/dataall/aws/handlers/lakeformation.py | 8 +++++---
 backend/dataall/cdkproxy/stacks/dataset.py    | 1 +
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/backend/dataall/aws/handlers/lakeformation.py b/backend/dataall/aws/handlers/lakeformation.py
index 703b117f7..03234c939 100644
--- a/backend/dataall/aws/handlers/lakeformation.py
+++ b/backend/dataall/aws/handlers/lakeformation.py
@@ -13,7 +13,7 @@ def __init__(self):
         pass
 
     @staticmethod
-    def describe_resource(resource_arn, accountid, region):
+    def describe_resource(resource_arn, role_arn, accountid, region):
         """
         Describes a LF data location
         """
@@ -23,8 +23,10 @@ def describe_resource(resource_arn, accountid, region):
 
             response = lf_client.describe_resource(ResourceArn=resource_arn)
 
-            log.info(f'LF data location already registered: {response}')
-
+            log.info(f'LF data location already registered: {response}, checking if data.all registered it ...')
+            if response['ResourceInfo']['RoleArn'] == role_arn:
+                log.info('The existing data location was created as part of the dataset stack. There was no pre-existing data location.')
+                return False
             return response['ResourceInfo']
 
         except ClientError as e:
diff --git a/backend/dataall/cdkproxy/stacks/dataset.py b/backend/dataall/cdkproxy/stacks/dataset.py
index 4ee53beb1..cd5fbb4c7 100644
--- a/backend/dataall/cdkproxy/stacks/dataset.py
+++ b/backend/dataall/cdkproxy/stacks/dataset.py
@@ -417,6 +417,7 @@ def __init__(self, scope, id, target_uri: str = None, **kwargs):
 
         existing_location = LakeFormation.describe_resource(
             resource_arn=f'arn:aws:s3:::{dataset.S3BucketName}',
+            role_arn=f'arn:aws:iam::{env.AwsAccountId}:role/{pivot_role_name}',
             accountid=env.AwsAccountId,
             region=env.region
         )

From 3a5e0dedb94b9f83a3fd9331061fd927422d13f8 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 11 Apr 2023 11:50:38 +0200
Subject: [PATCH 011/346] Initialization of dataset module

---
 backend/dataall/modules/datasets/__init__.py   | 18 ++++++++++++++++++
 .../dataall/modules/datasets/api/__init__.py   |  1 +
 2 files changed, 19 insertions(+)
 create mode 100644 backend/dataall/modules/datasets/__init__.py
 create mode 100644 backend/dataall/modules/datasets/api/__init__.py

diff --git a/backend/dataall/modules/datasets/__init__.py b/backend/dataall/modules/datasets/__init__.py
new file mode 100644
index 000000000..67298a06e
--- /dev/null
+++ b/backend/dataall/modules/datasets/__init__.py
@@ -0,0 +1,18 @@
+"""Contains the code related to datasets"""
+import logging
+from dataall.modules.loader import ModuleInterface, ImportMode
+
+log = logging.getLogger(__name__)
+
+
+class DatasetApiModuleInterface(ModuleInterface):
+    """Implements ModuleInterface for notebook GraphQl lambda"""
+
+    @classmethod
+    def is_supported(cls, modes):
+        return ImportMode.API in modes
+
+    def __init__(self):
+        import dataall.modules.datasets.api
+        log.info("API of datasets has been imported")
+
diff --git a/backend/dataall/modules/datasets/api/__init__.py b/backend/dataall/modules/datasets/api/__init__.py
new file mode 100644
index 000000000..13cf9331d
--- /dev/null
+++ b/backend/dataall/modules/datasets/api/__init__.py
@@ -0,0 +1 @@
+"""The GraphQL schema of datasets and related functionality"""

From a50a02f39b05d64d1e6bc410afe956a66eeb5602 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 11 Apr 2023 11:55:30 +0200
Subject: [PATCH 012/346] Refactoring of datasets

Moved dataset table column to modules
---
 backend/dataall/api/Objects/DatasetTable/schema.py     |  2 +-
 backend/dataall/api/Objects/__init__.py                |  1 -
 .../datasets/api}/DatasetTableColumn/__init__.py       |  2 +-
 .../datasets/api}/DatasetTableColumn/input_types.py    |  2 +-
 .../datasets/api}/DatasetTableColumn/mutations.py      |  7 +++++--
 .../datasets/api}/DatasetTableColumn/queries.py        |  4 ++--
 .../datasets/api}/DatasetTableColumn/resolvers.py      | 10 +++++-----
 .../datasets/api}/DatasetTableColumn/schema.py         |  4 ++--
 backend/dataall/modules/datasets/api/__init__.py       |  5 +++++
 9 files changed, 22 insertions(+), 15 deletions(-)
 rename backend/dataall/{api/Objects => modules/datasets/api}/DatasetTableColumn/__init__.py (70%)
 rename backend/dataall/{api/Objects => modules/datasets/api}/DatasetTableColumn/input_types.py (94%)
 rename backend/dataall/{api/Objects => modules/datasets/api}/DatasetTableColumn/mutations.py (78%)
 rename backend/dataall/{api/Objects => modules/datasets/api}/DatasetTableColumn/queries.py (74%)
 rename backend/dataall/{api/Objects => modules/datasets/api}/DatasetTableColumn/resolvers.py (94%)
 rename backend/dataall/{api/Objects => modules/datasets/api}/DatasetTableColumn/schema.py (93%)

diff --git a/backend/dataall/api/Objects/DatasetTable/schema.py b/backend/dataall/api/Objects/DatasetTable/schema.py
index dc1cffcb4..0436c0f2e 100644
--- a/backend/dataall/api/Objects/DatasetTable/schema.py
+++ b/backend/dataall/api/Objects/DatasetTable/schema.py
@@ -1,4 +1,4 @@
-from ..DatasetTableColumn.resolvers import list_table_columns
+from dataall.modules.datasets.api.DatasetTableColumn.resolvers import list_table_columns
 from ... import gql
 from .resolvers import *
 from ...constants import GraphQLEnumMapper
diff --git a/backend/dataall/api/Objects/__init__.py b/backend/dataall/api/Objects/__init__.py
index 060f2ba6e..43d5e0833 100644
--- a/backend/dataall/api/Objects/__init__.py
+++ b/backend/dataall/api/Objects/__init__.py
@@ -18,7 +18,6 @@
     Environment,
     Activity,
     DatasetTable,
-    DatasetTableColumn,
     Dataset,
     Group,
     Principal,
diff --git a/backend/dataall/api/Objects/DatasetTableColumn/__init__.py b/backend/dataall/modules/datasets/api/DatasetTableColumn/__init__.py
similarity index 70%
rename from backend/dataall/api/Objects/DatasetTableColumn/__init__.py
rename to backend/dataall/modules/datasets/api/DatasetTableColumn/__init__.py
index dfa46b264..691b10331 100644
--- a/backend/dataall/api/Objects/DatasetTableColumn/__init__.py
+++ b/backend/dataall/modules/datasets/api/DatasetTableColumn/__init__.py
@@ -1,4 +1,4 @@
-from . import (
+from dataall.modules.datasets.api.DatasetTableColumn import (
     input_types,
     mutations,
     queries,
diff --git a/backend/dataall/api/Objects/DatasetTableColumn/input_types.py b/backend/dataall/modules/datasets/api/DatasetTableColumn/input_types.py
similarity index 94%
rename from backend/dataall/api/Objects/DatasetTableColumn/input_types.py
rename to backend/dataall/modules/datasets/api/DatasetTableColumn/input_types.py
index 24fbbdbca..745e7f271 100644
--- a/backend/dataall/api/Objects/DatasetTableColumn/input_types.py
+++ b/backend/dataall/modules/datasets/api/DatasetTableColumn/input_types.py
@@ -1,4 +1,4 @@
-from ... import gql
+from dataall.api import gql
 
 DatasetTableColumnFilter = gql.InputType(
     name='DatasetTableColumnFilter',
diff --git a/backend/dataall/api/Objects/DatasetTableColumn/mutations.py b/backend/dataall/modules/datasets/api/DatasetTableColumn/mutations.py
similarity index 78%
rename from backend/dataall/api/Objects/DatasetTableColumn/mutations.py
rename to backend/dataall/modules/datasets/api/DatasetTableColumn/mutations.py
index 012d83ea7..f7b682e3d 100644
--- a/backend/dataall/api/Objects/DatasetTableColumn/mutations.py
+++ b/backend/dataall/modules/datasets/api/DatasetTableColumn/mutations.py
@@ -1,5 +1,8 @@
-from ... import gql
-from .resolvers import *
+from dataall.api import gql
+from dataall.modules.datasets.api.DatasetTableColumn.resolvers import (
+    sync_table_columns,
+    update_table_column
+)
 
 syncDatasetTableColumns = gql.MutationField(
     name='syncDatasetTableColumns',
diff --git a/backend/dataall/api/Objects/DatasetTableColumn/queries.py b/backend/dataall/modules/datasets/api/DatasetTableColumn/queries.py
similarity index 74%
rename from backend/dataall/api/Objects/DatasetTableColumn/queries.py
rename to backend/dataall/modules/datasets/api/DatasetTableColumn/queries.py
index 4f5f05646..0a08e37b6 100644
--- a/backend/dataall/api/Objects/DatasetTableColumn/queries.py
+++ b/backend/dataall/modules/datasets/api/DatasetTableColumn/queries.py
@@ -1,5 +1,5 @@
-from ... import gql
-from .resolvers import *
+from dataall.api import gql
+from dataall.modules.datasets.api.DatasetTableColumn.resolvers import list_table_columns
 
 listDatasetTableColumns = gql.QueryField(
     name='listDatasetTableColumns',
diff --git a/backend/dataall/api/Objects/DatasetTableColumn/resolvers.py b/backend/dataall/modules/datasets/api/DatasetTableColumn/resolvers.py
similarity index 94%
rename from backend/dataall/api/Objects/DatasetTableColumn/resolvers.py
rename to backend/dataall/modules/datasets/api/DatasetTableColumn/resolvers.py
index 88bf2c728..a7a1bf5f4 100644
--- a/backend/dataall/api/Objects/DatasetTableColumn/resolvers.py
+++ b/backend/dataall/modules/datasets/api/DatasetTableColumn/resolvers.py
@@ -1,10 +1,10 @@
 from sqlalchemy import or_
 
-from .... import db
-from ....api.context import Context
-from ....aws.handlers.service_handlers import Worker
-from ....db import paginate, permissions, models
-from ....db.api import ResourcePolicy
+from dataall import db
+from dataall.api.context import Context
+from dataall.aws.handlers.service_handlers import Worker
+from dataall.db import paginate, permissions, models
+from dataall.db.api import ResourcePolicy
 
 
 def list_table_columns(
diff --git a/backend/dataall/api/Objects/DatasetTableColumn/schema.py b/backend/dataall/modules/datasets/api/DatasetTableColumn/schema.py
similarity index 93%
rename from backend/dataall/api/Objects/DatasetTableColumn/schema.py
rename to backend/dataall/modules/datasets/api/DatasetTableColumn/schema.py
index d571fc9a6..8772e99b7 100644
--- a/backend/dataall/api/Objects/DatasetTableColumn/schema.py
+++ b/backend/dataall/modules/datasets/api/DatasetTableColumn/schema.py
@@ -1,5 +1,5 @@
-from ... import gql
-from .resolvers import *
+from dataall.api import gql
+from dataall.modules.datasets.api.DatasetTableColumn.resolvers import resolve_terms
 
 
 DatasetTableColumn = gql.ObjectType(
diff --git a/backend/dataall/modules/datasets/api/__init__.py b/backend/dataall/modules/datasets/api/__init__.py
index 13cf9331d..f79e9a30c 100644
--- a/backend/dataall/modules/datasets/api/__init__.py
+++ b/backend/dataall/modules/datasets/api/__init__.py
@@ -1 +1,6 @@
 """The GraphQL schema of datasets and related functionality"""
+from dataall.modules.datasets.api import (
+    DatasetTableColumn
+)
+
+__all__ = ["DatasetTableColumn"]

From be1498689d48aa63aae3eba763635f8af800148b Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 11 Apr 2023 12:09:05 +0200
Subject: [PATCH 013/346] Refactoring of datasets

Renamed table column to the python's convention format
---
 backend/dataall/api/Objects/DatasetTable/schema.py            | 2 +-
 backend/dataall/modules/datasets/api/__init__.py              | 4 ++--
 .../api/{DatasetTableColumn => table_column}/__init__.py      | 2 +-
 .../api/{DatasetTableColumn => table_column}/input_types.py   | 0
 .../api/{DatasetTableColumn => table_column}/mutations.py     | 2 +-
 .../api/{DatasetTableColumn => table_column}/queries.py       | 2 +-
 .../api/{DatasetTableColumn => table_column}/resolvers.py     | 0
 .../api/{DatasetTableColumn => table_column}/schema.py        | 2 +-
 8 files changed, 7 insertions(+), 7 deletions(-)
 rename backend/dataall/modules/datasets/api/{DatasetTableColumn => table_column}/__init__.py (70%)
 rename backend/dataall/modules/datasets/api/{DatasetTableColumn => table_column}/input_types.py (100%)
 rename backend/dataall/modules/datasets/api/{DatasetTableColumn => table_column}/mutations.py (89%)
 rename backend/dataall/modules/datasets/api/{DatasetTableColumn => table_column}/queries.py (80%)
 rename backend/dataall/modules/datasets/api/{DatasetTableColumn => table_column}/resolvers.py (100%)
 rename backend/dataall/modules/datasets/api/{DatasetTableColumn => table_column}/schema.py (95%)

diff --git a/backend/dataall/api/Objects/DatasetTable/schema.py b/backend/dataall/api/Objects/DatasetTable/schema.py
index 0436c0f2e..74d413818 100644
--- a/backend/dataall/api/Objects/DatasetTable/schema.py
+++ b/backend/dataall/api/Objects/DatasetTable/schema.py
@@ -1,4 +1,4 @@
-from dataall.modules.datasets.api.DatasetTableColumn.resolvers import list_table_columns
+from dataall.modules.datasets.api.table_column.resolvers import list_table_columns
 from ... import gql
 from .resolvers import *
 from ...constants import GraphQLEnumMapper
diff --git a/backend/dataall/modules/datasets/api/__init__.py b/backend/dataall/modules/datasets/api/__init__.py
index f79e9a30c..538df0734 100644
--- a/backend/dataall/modules/datasets/api/__init__.py
+++ b/backend/dataall/modules/datasets/api/__init__.py
@@ -1,6 +1,6 @@
 """The GraphQL schema of datasets and related functionality"""
 from dataall.modules.datasets.api import (
-    DatasetTableColumn
+    table_column
 )
 
-__all__ = ["DatasetTableColumn"]
+__all__ = ["table_column"]
diff --git a/backend/dataall/modules/datasets/api/DatasetTableColumn/__init__.py b/backend/dataall/modules/datasets/api/table_column/__init__.py
similarity index 70%
rename from backend/dataall/modules/datasets/api/DatasetTableColumn/__init__.py
rename to backend/dataall/modules/datasets/api/table_column/__init__.py
index 691b10331..070301f58 100644
--- a/backend/dataall/modules/datasets/api/DatasetTableColumn/__init__.py
+++ b/backend/dataall/modules/datasets/api/table_column/__init__.py
@@ -1,4 +1,4 @@
-from dataall.modules.datasets.api.DatasetTableColumn import (
+from dataall.modules.datasets.api.table_column import (
     input_types,
     mutations,
     queries,
diff --git a/backend/dataall/modules/datasets/api/DatasetTableColumn/input_types.py b/backend/dataall/modules/datasets/api/table_column/input_types.py
similarity index 100%
rename from backend/dataall/modules/datasets/api/DatasetTableColumn/input_types.py
rename to backend/dataall/modules/datasets/api/table_column/input_types.py
diff --git a/backend/dataall/modules/datasets/api/DatasetTableColumn/mutations.py b/backend/dataall/modules/datasets/api/table_column/mutations.py
similarity index 89%
rename from backend/dataall/modules/datasets/api/DatasetTableColumn/mutations.py
rename to backend/dataall/modules/datasets/api/table_column/mutations.py
index f7b682e3d..0fc5a7d87 100644
--- a/backend/dataall/modules/datasets/api/DatasetTableColumn/mutations.py
+++ b/backend/dataall/modules/datasets/api/table_column/mutations.py
@@ -1,5 +1,5 @@
 from dataall.api import gql
-from dataall.modules.datasets.api.DatasetTableColumn.resolvers import (
+from dataall.modules.datasets.api.table_column.resolvers import (
     sync_table_columns,
     update_table_column
 )
diff --git a/backend/dataall/modules/datasets/api/DatasetTableColumn/queries.py b/backend/dataall/modules/datasets/api/table_column/queries.py
similarity index 80%
rename from backend/dataall/modules/datasets/api/DatasetTableColumn/queries.py
rename to backend/dataall/modules/datasets/api/table_column/queries.py
index 0a08e37b6..2c29e94b7 100644
--- a/backend/dataall/modules/datasets/api/DatasetTableColumn/queries.py
+++ b/backend/dataall/modules/datasets/api/table_column/queries.py
@@ -1,5 +1,5 @@
 from dataall.api import gql
-from dataall.modules.datasets.api.DatasetTableColumn.resolvers import list_table_columns
+from dataall.modules.datasets.api.table_column.resolvers import list_table_columns
 
 listDatasetTableColumns = gql.QueryField(
     name='listDatasetTableColumns',
diff --git a/backend/dataall/modules/datasets/api/DatasetTableColumn/resolvers.py b/backend/dataall/modules/datasets/api/table_column/resolvers.py
similarity index 100%
rename from backend/dataall/modules/datasets/api/DatasetTableColumn/resolvers.py
rename to backend/dataall/modules/datasets/api/table_column/resolvers.py
diff --git a/backend/dataall/modules/datasets/api/DatasetTableColumn/schema.py b/backend/dataall/modules/datasets/api/table_column/schema.py
similarity index 95%
rename from backend/dataall/modules/datasets/api/DatasetTableColumn/schema.py
rename to backend/dataall/modules/datasets/api/table_column/schema.py
index 8772e99b7..9730b70b9 100644
--- a/backend/dataall/modules/datasets/api/DatasetTableColumn/schema.py
+++ b/backend/dataall/modules/datasets/api/table_column/schema.py
@@ -1,5 +1,5 @@
 from dataall.api import gql
-from dataall.modules.datasets.api.DatasetTableColumn.resolvers import resolve_terms
+from dataall.modules.datasets.api.table_column.resolvers import resolve_terms
 
 
 DatasetTableColumn = gql.ObjectType(

From 06f82ad80386f53780af735571f3b7eb66497594 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 11 Apr 2023 12:16:34 +0200
Subject: [PATCH 014/346] Refactoring of datasets

Added dataset module to config.json
---
 config.json | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/config.json b/config.json
index e0a9d85d0..4aed5ef87 100644
--- a/config.json
+++ b/config.json
@@ -2,6 +2,9 @@
     "modules": {
         "notebooks": {
             "active": true
+        },
+        "datasets": {
+            "active": true
         }
     }
 }
\ No newline at end of file

From 38145ae637a2084c1bb198a1fa76a395bd1c39b5 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 11 Apr 2023 12:32:00 +0200
Subject: [PATCH 015/346] Fixed leftover in loader

---
 backend/dataall/modules/loader.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/dataall/modules/loader.py b/backend/dataall/modules/loader.py
index 95aa2083a..aa4a656d4 100644
--- a/backend/dataall/modules/loader.py
+++ b/backend/dataall/modules/loader.py
@@ -57,7 +57,7 @@ def load_modules(modes: List[ImportMode]) -> None:
             log.info(f"Module {name} is not active. Skipping...")
             continue
 
-        if active.lower() == "true" and not _import_module(name):
+        if not _import_module(name):
             raise ValueError(f"Couldn't find module {name} under modules directory")
 
         log.info(f"Module {name} is loaded")

From f0e146aa2bf5cfb2156a369f9690adb9cfda9c09 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 11 Apr 2023 13:56:04 +0200
Subject: [PATCH 016/346] Dataset refactoring

Moved database table service
---
 .../api/Objects/DatasetProfiling/resolvers.py |  3 ++-
 .../api/Objects/DatasetTable/resolvers.py     | 25 ++++++++++---------
 backend/dataall/aws/handlers/glue.py          |  5 ++--
 backend/dataall/aws/handlers/redshift.py      |  3 ++-
 backend/dataall/db/api/__init__.py            |  1 -
 .../datasets/api/table_column/resolvers.py    |  7 +++---
 .../modules/datasets/services/__init__.py     |  1 +
 .../datasets/services}/dataset_table.py       |  9 +++----
 .../subscriptions/subscription_service.py     |  5 ++--
 backend/dataall/tasks/tables_syncer.py        |  3 ++-
 tests/api/test_dataset_table.py               |  5 ++--
 11 files changed, 36 insertions(+), 31 deletions(-)
 create mode 100644 backend/dataall/modules/datasets/services/__init__.py
 rename backend/dataall/{db/api => modules/datasets/services}/dataset_table.py (98%)

diff --git a/backend/dataall/api/Objects/DatasetProfiling/resolvers.py b/backend/dataall/api/Objects/DatasetProfiling/resolvers.py
index 678a8cba6..c391a1a8c 100644
--- a/backend/dataall/api/Objects/DatasetProfiling/resolvers.py
+++ b/backend/dataall/api/Objects/DatasetProfiling/resolvers.py
@@ -6,6 +6,7 @@
 from ....aws.handlers.sts import SessionHelper
 from ....db import api, permissions, models
 from ....db.api import ResourcePolicy
+from dataall.modules.datasets.services.dataset_table import DatasetTable
 
 log = logging.getLogger(__name__)
 
@@ -97,7 +98,7 @@ def get_last_table_profiling_run(context: Context, source, tableUri=None):
 
         if run:
             if not run.results:
-                table = api.DatasetTable.get_dataset_table_by_uri(session, tableUri)
+                table = DatasetTable.get_dataset_table_by_uri(session, tableUri)
                 dataset = api.Dataset.get_dataset_by_uri(session, table.datasetUri)
                 environment = api.Environment.get_environment_by_uri(
                     session, dataset.environmentUri
diff --git a/backend/dataall/api/Objects/DatasetTable/resolvers.py b/backend/dataall/api/Objects/DatasetTable/resolvers.py
index 9ea811411..854b99de9 100644
--- a/backend/dataall/api/Objects/DatasetTable/resolvers.py
+++ b/backend/dataall/api/Objects/DatasetTable/resolvers.py
@@ -13,13 +13,14 @@
 from ....db.api import ResourcePolicy, Glossary
 from ....searchproxy import indexers
 from ....utils import json_utils
+from dataall.modules.datasets.services.dataset_table import DatasetTable
 
 log = logging.getLogger(__name__)
 
 
 def create_table(context, source, datasetUri: str = None, input: dict = None):
     with context.engine.scoped_session() as session:
-        table = db.api.DatasetTable.create_dataset_table(
+        table = DatasetTable.create_dataset_table(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -37,7 +38,7 @@ def list_dataset_tables(context, source, filter: dict = None):
     if not filter:
         filter = {}
     with context.engine.scoped_session() as session:
-        return db.api.DatasetTable.list_dataset_tables(
+        return DatasetTable.list_dataset_tables(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -49,8 +50,8 @@ def list_dataset_tables(context, source, filter: dict = None):
 
 def get_table(context, source: models.Dataset, tableUri: str = None):
     with context.engine.scoped_session() as session:
-        table = db.api.DatasetTable.get_dataset_table_by_uri(session, tableUri)
-        return db.api.DatasetTable.get_dataset_table(
+        table = DatasetTable.get_dataset_table_by_uri(session, tableUri)
+        return DatasetTable.get_dataset_table(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -64,14 +65,14 @@ def get_table(context, source: models.Dataset, tableUri: str = None):
 
 def update_table(context, source, tableUri: str = None, input: dict = None):
     with context.engine.scoped_session() as session:
-        table = db.api.DatasetTable.get_dataset_table_by_uri(session, tableUri)
+        table = DatasetTable.get_dataset_table_by_uri(session, tableUri)
 
         dataset = db.api.Dataset.get_dataset_by_uri(session, table.datasetUri)
 
         input['table'] = table
         input['tableUri'] = table.tableUri
 
-        db.api.DatasetTable.update_dataset_table(
+        DatasetTable.update_dataset_table(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -85,8 +86,8 @@ def update_table(context, source, tableUri: str = None, input: dict = None):
 
 def delete_table(context, source, tableUri: str = None):
     with context.engine.scoped_session() as session:
-        table = db.api.DatasetTable.get_dataset_table_by_uri(session, tableUri)
-        db.api.DatasetTable.delete_dataset_table(
+        table = DatasetTable.get_dataset_table_by_uri(session, tableUri)
+        DatasetTable.delete_dataset_table(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -102,7 +103,7 @@ def delete_table(context, source, tableUri: str = None):
 
 def preview(context, source, tableUri: str = None):
     with context.engine.scoped_session() as session:
-        table: models.DatasetTable = db.api.DatasetTable.get_dataset_table_by_uri(
+        table: models.DatasetTable = DatasetTable.get_dataset_table_by_uri(
             session, tableUri
         )
         dataset = db.api.Dataset.get_dataset_by_uri(session, table.datasetUri)
@@ -157,7 +158,7 @@ def get_glue_table_properties(context: Context, source: models.DatasetTable, **k
     if not source:
         return None
     with context.engine.scoped_session() as session:
-        table: models.DatasetTable = db.api.DatasetTable.get_dataset_table_by_uri(
+        table: models.DatasetTable = DatasetTable.get_dataset_table_by_uri(
             session, source.tableUri
         )
         return json_utils.to_string(table.GlueTableProperties).replace('\\', ' ')
@@ -186,7 +187,7 @@ def resolve_glossary_terms(context: Context, source: models.DatasetTable, **kwar
 
 def publish_table_update(context: Context, source, tableUri: str = None):
     with context.engine.scoped_session() as session:
-        table: models.DatasetTable = db.api.DatasetTable.get_dataset_table_by_uri(
+        table: models.DatasetTable = DatasetTable.get_dataset_table_by_uri(
             session, tableUri
         )
         ResourcePolicy.check_user_resource_permission(
@@ -235,7 +236,7 @@ def resolve_redshift_copy_location(
 
 def list_shared_tables_by_env_dataset(context: Context, source, datasetUri: str, envUri: str, filter: dict = None):
     with context.engine.scoped_session() as session:
-        return db.api.DatasetTable.get_dataset_tables_shared_with_env(
+        return DatasetTable.get_dataset_tables_shared_with_env(
             session,
             envUri,
             datasetUri
diff --git a/backend/dataall/aws/handlers/glue.py b/backend/dataall/aws/handlers/glue.py
index ebeb1fca6..468268640 100644
--- a/backend/dataall/aws/handlers/glue.py
+++ b/backend/dataall/aws/handlers/glue.py
@@ -6,6 +6,7 @@
 from .sts import SessionHelper
 from ... import db
 from ...db import models
+from dataall.modules.datasets.services.dataset_table import DatasetTable
 
 log = logging.getLogger('aws:glue')
 
@@ -84,7 +85,7 @@ def list_tables(engine, task: models.Task):
             tables = Glue.list_glue_database_tables(
                 accountid, dataset.GlueDatabaseName, region
             )
-            db.api.DatasetTable.sync(session, dataset.datasetUri, glue_tables=tables)
+            DatasetTable.sync(session, dataset.datasetUri, glue_tables=tables)
             return tables
 
     @staticmethod
@@ -642,7 +643,7 @@ def get_table_columns(engine, task: models.Task):
                     f'//{dataset_table.name} due to: '
                     f'{e}'
                 )
-            db.api.DatasetTable.sync_table_columns(
+            DatasetTable.sync_table_columns(
                 session, dataset_table, glue_table['Table']
             )
         return True
diff --git a/backend/dataall/aws/handlers/redshift.py b/backend/dataall/aws/handlers/redshift.py
index a6a02f9e7..a1f479417 100644
--- a/backend/dataall/aws/handlers/redshift.py
+++ b/backend/dataall/aws/handlers/redshift.py
@@ -9,6 +9,7 @@
 from .sts import SessionHelper
 from ... import db
 from ...db import models
+from dataall.modules.datasets.services.dataset_table import DatasetTable
 
 log = logging.getLogger(__name__)
 
@@ -446,7 +447,7 @@ def copy_data(engine, task: models.Task):
                 session, task.payload['datasetUri']
             )
 
-            table: models.DatasetTable = db.api.DatasetTable.get_dataset_table_by_uri(
+            table: models.DatasetTable = DatasetTable.get_dataset_table_by_uri(
                 session, task.payload['tableUri']
             )
 
diff --git a/backend/dataall/db/api/__init__.py b/backend/dataall/db/api/__init__.py
index 01647c81b..19138f7d7 100644
--- a/backend/dataall/db/api/__init__.py
+++ b/backend/dataall/db/api/__init__.py
@@ -14,7 +14,6 @@
 from .dataset import Dataset
 from .dataset_location import DatasetStorageLocation
 from .dataset_profiling_run import DatasetProfilingRun
-from .dataset_table import DatasetTable
 from .notification import Notification
 from .redshift_cluster import RedshiftCluster
 from .vpc import Vpc
diff --git a/backend/dataall/modules/datasets/api/table_column/resolvers.py b/backend/dataall/modules/datasets/api/table_column/resolvers.py
index a7a1bf5f4..8d977403a 100644
--- a/backend/dataall/modules/datasets/api/table_column/resolvers.py
+++ b/backend/dataall/modules/datasets/api/table_column/resolvers.py
@@ -5,6 +5,7 @@
 from dataall.aws.handlers.service_handlers import Worker
 from dataall.db import paginate, permissions, models
 from dataall.db.api import ResourcePolicy
+from dataall.modules.datasets.services.dataset_table import DatasetTable
 
 
 def list_table_columns(
@@ -19,7 +20,7 @@ def list_table_columns(
         filter = {}
     with context.engine.scoped_session() as session:
         if not source:
-            source = db.api.DatasetTable.get_dataset_table_by_uri(session, tableUri)
+            source = DatasetTable.get_dataset_table_by_uri(session, tableUri)
         q = (
             session.query(models.DatasetTableColumn)
             .filter(
@@ -44,7 +45,7 @@ def list_table_columns(
 
 def sync_table_columns(context: Context, source, tableUri: str = None):
     with context.engine.scoped_session() as session:
-        table: models.DatasetTable = db.api.DatasetTable.get_dataset_table_by_uri(
+        table: models.DatasetTable = DatasetTable.get_dataset_table_by_uri(
             session, tableUri
         )
         ResourcePolicy.check_user_resource_permission(
@@ -79,7 +80,7 @@ def update_table_column(
         ).get(columnUri)
         if not column:
             raise db.exceptions.ObjectNotFound('Column', columnUri)
-        table: models.DatasetTable = db.api.DatasetTable.get_dataset_table_by_uri(
+        table: models.DatasetTable = DatasetTable.get_dataset_table_by_uri(
             session, column.tableUri
         )
         ResourcePolicy.check_user_resource_permission(
diff --git a/backend/dataall/modules/datasets/services/__init__.py b/backend/dataall/modules/datasets/services/__init__.py
new file mode 100644
index 000000000..03ef29863
--- /dev/null
+++ b/backend/dataall/modules/datasets/services/__init__.py
@@ -0,0 +1 @@
+"""Contains business logic for datasets"""
diff --git a/backend/dataall/db/api/dataset_table.py b/backend/dataall/modules/datasets/services/dataset_table.py
similarity index 98%
rename from backend/dataall/db/api/dataset_table.py
rename to backend/dataall/modules/datasets/services/dataset_table.py
index 77ee515e3..7c46120c1 100644
--- a/backend/dataall/db/api/dataset_table.py
+++ b/backend/dataall/modules/datasets/services/dataset_table.py
@@ -1,12 +1,11 @@
 import logging
-from typing import List
 
 from sqlalchemy.sql import and_
 
-from .. import models, api, permissions, exceptions, paginate
-from . import has_tenant_perm, has_resource_perm, Glossary, ResourcePolicy, Environment
-from ..models import Dataset
-from ...utils import json_utils
+from dataall.db import models, api, permissions, exceptions, paginate
+from dataall.db.api import has_tenant_perm, has_resource_perm, Glossary, ResourcePolicy, Environment
+from dataall.db.models import Dataset
+from dataall.utils import json_utils
 
 logger = logging.getLogger(__name__)
 
diff --git a/backend/dataall/tasks/subscriptions/subscription_service.py b/backend/dataall/tasks/subscriptions/subscription_service.py
index 52aeb4e40..7b2a6d461 100644
--- a/backend/dataall/tasks/subscriptions/subscription_service.py
+++ b/backend/dataall/tasks/subscriptions/subscription_service.py
@@ -14,6 +14,7 @@
 from ...db import models
 from ...tasks.subscriptions import poll_queues
 from ...utils import json_utils
+from dataall.modules.datasets.services.dataset_table import DatasetTable
 
 root = logging.getLogger()
 root.setLevel(logging.INFO)
@@ -64,7 +65,7 @@ def notify_consumers(engine, messages):
     @staticmethod
     def publish_table_update_message(engine, message):
         with engine.scoped_session() as session:
-            table: models.DatasetTable = db.api.DatasetTable.get_table_by_s3_prefix(
+            table: models.DatasetTable = DatasetTable.get_table_by_s3_prefix(
                 session,
                 message.get('prefix'),
                 message.get('accountid'),
@@ -135,7 +136,7 @@ def publish_location_update_message(session, message):
     @staticmethod
     def store_dataquality_results(session, message):
 
-        table: models.DatasetTable = db.api.DatasetTable.get_table_by_s3_prefix(
+        table: models.DatasetTable = DatasetTable.get_table_by_s3_prefix(
             session,
             message.get('prefix'),
             message.get('accountid'),
diff --git a/backend/dataall/tasks/tables_syncer.py b/backend/dataall/tasks/tables_syncer.py
index 04bafdfa5..5e6e8d48e 100644
--- a/backend/dataall/tasks/tables_syncer.py
+++ b/backend/dataall/tasks/tables_syncer.py
@@ -13,6 +13,7 @@
     connect,
 )
 from ..utils.alarm_service import AlarmService
+from dataall.modules.datasets.services.dataset_table import DatasetTable
 
 root = logging.getLogger()
 root.setLevel(logging.INFO)
@@ -63,7 +64,7 @@ def sync_tables(engine, es=None):
                         f'Found {len(tables)} tables on Glue database {dataset.GlueDatabaseName}'
                     )
 
-                    db.api.DatasetTable.sync(
+                    DatasetTable.sync(
                         session, dataset.datasetUri, glue_tables=tables
                     )
 
diff --git a/tests/api/test_dataset_table.py b/tests/api/test_dataset_table.py
index 6c30e77ea..af27529d5 100644
--- a/tests/api/test_dataset_table.py
+++ b/tests/api/test_dataset_table.py
@@ -3,6 +3,7 @@
 import pytest
 
 import dataall
+from dataall.modules.datasets.services.dataset_table import DatasetTable
 
 
 @pytest.fixture(scope='module', autouse=True)
@@ -289,9 +290,7 @@ def test_sync_tables_and_columns(client, table, dataset1, db):
             },
         ]
 
-        assert dataall.db.api.DatasetTable.sync(
-            session, dataset1.datasetUri, glue_tables
-        )
+        assert DatasetTable.sync(session, dataset1.datasetUri, glue_tables)
         new_table: dataall.db.models.DatasetTable = (
             session.query(dataall.db.models.DatasetTable)
             .filter(dataall.db.models.DatasetTable.name == 'new_table')

From b039163449245ef6c079f3c277ce52e2a5cda579 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 11 Apr 2023 14:02:44 +0200
Subject: [PATCH 017/346] Dataset refactoring

Renamed DatasetTable to DatasetTableService to avoid collisions with models.DatasetTable
---
 .../api/Objects/DatasetProfiling/resolvers.py |  4 +--
 .../api/Objects/DatasetTable/resolvers.py     | 26 +++++++++----------
 backend/dataall/aws/handlers/glue.py          |  6 ++---
 backend/dataall/aws/handlers/redshift.py      |  4 +--
 .../datasets/api/table_column/resolvers.py    |  8 +++---
 .../datasets/services/dataset_table.py        | 16 ++++++------
 .../subscriptions/subscription_service.py     |  6 ++---
 backend/dataall/tasks/tables_syncer.py        |  4 +--
 tests/api/test_dataset_table.py               |  4 +--
 9 files changed, 39 insertions(+), 39 deletions(-)

diff --git a/backend/dataall/api/Objects/DatasetProfiling/resolvers.py b/backend/dataall/api/Objects/DatasetProfiling/resolvers.py
index c391a1a8c..4b4684019 100644
--- a/backend/dataall/api/Objects/DatasetProfiling/resolvers.py
+++ b/backend/dataall/api/Objects/DatasetProfiling/resolvers.py
@@ -6,7 +6,7 @@
 from ....aws.handlers.sts import SessionHelper
 from ....db import api, permissions, models
 from ....db.api import ResourcePolicy
-from dataall.modules.datasets.services.dataset_table import DatasetTable
+from dataall.modules.datasets.services.dataset_table import DatasetTableService
 
 log = logging.getLogger(__name__)
 
@@ -98,7 +98,7 @@ def get_last_table_profiling_run(context: Context, source, tableUri=None):
 
         if run:
             if not run.results:
-                table = DatasetTable.get_dataset_table_by_uri(session, tableUri)
+                table = DatasetTableService.get_dataset_table_by_uri(session, tableUri)
                 dataset = api.Dataset.get_dataset_by_uri(session, table.datasetUri)
                 environment = api.Environment.get_environment_by_uri(
                     session, dataset.environmentUri
diff --git a/backend/dataall/api/Objects/DatasetTable/resolvers.py b/backend/dataall/api/Objects/DatasetTable/resolvers.py
index 854b99de9..3e2b833e3 100644
--- a/backend/dataall/api/Objects/DatasetTable/resolvers.py
+++ b/backend/dataall/api/Objects/DatasetTable/resolvers.py
@@ -13,14 +13,14 @@
 from ....db.api import ResourcePolicy, Glossary
 from ....searchproxy import indexers
 from ....utils import json_utils
-from dataall.modules.datasets.services.dataset_table import DatasetTable
+from dataall.modules.datasets.services.dataset_table import DatasetTableService
 
 log = logging.getLogger(__name__)
 
 
 def create_table(context, source, datasetUri: str = None, input: dict = None):
     with context.engine.scoped_session() as session:
-        table = DatasetTable.create_dataset_table(
+        table = DatasetTableService.create_dataset_table(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -38,7 +38,7 @@ def list_dataset_tables(context, source, filter: dict = None):
     if not filter:
         filter = {}
     with context.engine.scoped_session() as session:
-        return DatasetTable.list_dataset_tables(
+        return DatasetTableService.list_dataset_tables(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -50,8 +50,8 @@ def list_dataset_tables(context, source, filter: dict = None):
 
 def get_table(context, source: models.Dataset, tableUri: str = None):
     with context.engine.scoped_session() as session:
-        table = DatasetTable.get_dataset_table_by_uri(session, tableUri)
-        return DatasetTable.get_dataset_table(
+        table = DatasetTableService.get_dataset_table_by_uri(session, tableUri)
+        return DatasetTableService.get_dataset_table(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -65,14 +65,14 @@ def get_table(context, source: models.Dataset, tableUri: str = None):
 
 def update_table(context, source, tableUri: str = None, input: dict = None):
     with context.engine.scoped_session() as session:
-        table = DatasetTable.get_dataset_table_by_uri(session, tableUri)
+        table = DatasetTableService.get_dataset_table_by_uri(session, tableUri)
 
         dataset = db.api.Dataset.get_dataset_by_uri(session, table.datasetUri)
 
         input['table'] = table
         input['tableUri'] = table.tableUri
 
-        DatasetTable.update_dataset_table(
+        DatasetTableService.update_dataset_table(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -86,8 +86,8 @@ def update_table(context, source, tableUri: str = None, input: dict = None):
 
 def delete_table(context, source, tableUri: str = None):
     with context.engine.scoped_session() as session:
-        table = DatasetTable.get_dataset_table_by_uri(session, tableUri)
-        DatasetTable.delete_dataset_table(
+        table = DatasetTableService.get_dataset_table_by_uri(session, tableUri)
+        DatasetTableService.delete_dataset_table(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -103,7 +103,7 @@ def delete_table(context, source, tableUri: str = None):
 
 def preview(context, source, tableUri: str = None):
     with context.engine.scoped_session() as session:
-        table: models.DatasetTable = DatasetTable.get_dataset_table_by_uri(
+        table: models.DatasetTable = DatasetTableService.get_dataset_table_by_uri(
             session, tableUri
         )
         dataset = db.api.Dataset.get_dataset_by_uri(session, table.datasetUri)
@@ -158,7 +158,7 @@ def get_glue_table_properties(context: Context, source: models.DatasetTable, **k
     if not source:
         return None
     with context.engine.scoped_session() as session:
-        table: models.DatasetTable = DatasetTable.get_dataset_table_by_uri(
+        table: models.DatasetTable = DatasetTableService.get_dataset_table_by_uri(
             session, source.tableUri
         )
         return json_utils.to_string(table.GlueTableProperties).replace('\\', ' ')
@@ -187,7 +187,7 @@ def resolve_glossary_terms(context: Context, source: models.DatasetTable, **kwar
 
 def publish_table_update(context: Context, source, tableUri: str = None):
     with context.engine.scoped_session() as session:
-        table: models.DatasetTable = DatasetTable.get_dataset_table_by_uri(
+        table: models.DatasetTable = DatasetTableService.get_dataset_table_by_uri(
             session, tableUri
         )
         ResourcePolicy.check_user_resource_permission(
@@ -236,7 +236,7 @@ def resolve_redshift_copy_location(
 
 def list_shared_tables_by_env_dataset(context: Context, source, datasetUri: str, envUri: str, filter: dict = None):
     with context.engine.scoped_session() as session:
-        return DatasetTable.get_dataset_tables_shared_with_env(
+        return DatasetTableService.get_dataset_tables_shared_with_env(
             session,
             envUri,
             datasetUri
diff --git a/backend/dataall/aws/handlers/glue.py b/backend/dataall/aws/handlers/glue.py
index 468268640..88f68fc84 100644
--- a/backend/dataall/aws/handlers/glue.py
+++ b/backend/dataall/aws/handlers/glue.py
@@ -6,7 +6,7 @@
 from .sts import SessionHelper
 from ... import db
 from ...db import models
-from dataall.modules.datasets.services.dataset_table import DatasetTable
+from dataall.modules.datasets.services.dataset_table import DatasetTableService
 
 log = logging.getLogger('aws:glue')
 
@@ -85,7 +85,7 @@ def list_tables(engine, task: models.Task):
             tables = Glue.list_glue_database_tables(
                 accountid, dataset.GlueDatabaseName, region
             )
-            DatasetTable.sync(session, dataset.datasetUri, glue_tables=tables)
+            DatasetTableService.sync(session, dataset.datasetUri, glue_tables=tables)
             return tables
 
     @staticmethod
@@ -643,7 +643,7 @@ def get_table_columns(engine, task: models.Task):
                     f'//{dataset_table.name} due to: '
                     f'{e}'
                 )
-            DatasetTable.sync_table_columns(
+            DatasetTableService.sync_table_columns(
                 session, dataset_table, glue_table['Table']
             )
         return True
diff --git a/backend/dataall/aws/handlers/redshift.py b/backend/dataall/aws/handlers/redshift.py
index a1f479417..4d2591520 100644
--- a/backend/dataall/aws/handlers/redshift.py
+++ b/backend/dataall/aws/handlers/redshift.py
@@ -9,7 +9,7 @@
 from .sts import SessionHelper
 from ... import db
 from ...db import models
-from dataall.modules.datasets.services.dataset_table import DatasetTable
+from dataall.modules.datasets.services.dataset_table import DatasetTableService
 
 log = logging.getLogger(__name__)
 
@@ -447,7 +447,7 @@ def copy_data(engine, task: models.Task):
                 session, task.payload['datasetUri']
             )
 
-            table: models.DatasetTable = DatasetTable.get_dataset_table_by_uri(
+            table: models.DatasetTable = DatasetTableService.get_dataset_table_by_uri(
                 session, task.payload['tableUri']
             )
 
diff --git a/backend/dataall/modules/datasets/api/table_column/resolvers.py b/backend/dataall/modules/datasets/api/table_column/resolvers.py
index 8d977403a..e5e7fd60c 100644
--- a/backend/dataall/modules/datasets/api/table_column/resolvers.py
+++ b/backend/dataall/modules/datasets/api/table_column/resolvers.py
@@ -5,7 +5,7 @@
 from dataall.aws.handlers.service_handlers import Worker
 from dataall.db import paginate, permissions, models
 from dataall.db.api import ResourcePolicy
-from dataall.modules.datasets.services.dataset_table import DatasetTable
+from dataall.modules.datasets.services.dataset_table import DatasetTableService
 
 
 def list_table_columns(
@@ -20,7 +20,7 @@ def list_table_columns(
         filter = {}
     with context.engine.scoped_session() as session:
         if not source:
-            source = DatasetTable.get_dataset_table_by_uri(session, tableUri)
+            source = DatasetTableService.get_dataset_table_by_uri(session, tableUri)
         q = (
             session.query(models.DatasetTableColumn)
             .filter(
@@ -45,7 +45,7 @@ def list_table_columns(
 
 def sync_table_columns(context: Context, source, tableUri: str = None):
     with context.engine.scoped_session() as session:
-        table: models.DatasetTable = DatasetTable.get_dataset_table_by_uri(
+        table: models.DatasetTable = DatasetTableService.get_dataset_table_by_uri(
             session, tableUri
         )
         ResourcePolicy.check_user_resource_permission(
@@ -80,7 +80,7 @@ def update_table_column(
         ).get(columnUri)
         if not column:
             raise db.exceptions.ObjectNotFound('Column', columnUri)
-        table: models.DatasetTable = DatasetTable.get_dataset_table_by_uri(
+        table: models.DatasetTable = DatasetTableService.get_dataset_table_by_uri(
             session, column.tableUri
         )
         ResourcePolicy.check_user_resource_permission(
diff --git a/backend/dataall/modules/datasets/services/dataset_table.py b/backend/dataall/modules/datasets/services/dataset_table.py
index 7c46120c1..eeeb99f1d 100644
--- a/backend/dataall/modules/datasets/services/dataset_table.py
+++ b/backend/dataall/modules/datasets/services/dataset_table.py
@@ -10,7 +10,7 @@
 logger = logging.getLogger(__name__)
 
 
-class DatasetTable:
+class DatasetTableService:
     @staticmethod
     @has_tenant_perm(permissions.MANAGE_DATASETS)
     @has_resource_perm(permissions.CREATE_DATASET_TABLE)
@@ -107,7 +107,7 @@ def get_dataset_table(
         data: dict = None,
         check_perm: bool = False,
     ) -> models.DatasetTable:
-        return DatasetTable.get_dataset_table_by_uri(session, data['tableUri'])
+        return DatasetTableService.get_dataset_table_by_uri(session, data['tableUri'])
 
     @staticmethod
     @has_tenant_perm(permissions.MANAGE_DATASETS)
@@ -122,7 +122,7 @@ def update_dataset_table(
     ):
         table = data.get(
             'table',
-            DatasetTable.get_dataset_table_by_uri(session, data['tableUri']),
+            DatasetTableService.get_dataset_table_by_uri(session, data['tableUri']),
         )
 
         for k in [attr for attr in data.keys() if attr != 'term']:
@@ -146,7 +146,7 @@ def delete_dataset_table(
         data: dict = None,
         check_perm: bool = False,
     ):
-        table = DatasetTable.get_dataset_table_by_uri(session, data['tableUri'])
+        table = DatasetTableService.get_dataset_table_by_uri(session, data['tableUri'])
         share_item_shared_states = api.ShareItemSM.get_share_item_shared_states()
         share_item = (
             session.query(models.ShareObjectItem)
@@ -210,7 +210,7 @@ def get_dataset_tables_shared_with_env(
     ):
         return [
             {"tableUri": t.tableUri, "GlueTableName": t.GlueTableName}
-            for t in DatasetTable.query_dataset_tables_shared_with_env(
+            for t in DatasetTableService.query_dataset_tables_shared_with_env(
                 session, environment_uri, dataset_uri
             )
         ]
@@ -235,7 +235,7 @@ def sync(session, datasetUri, glue_tables=None):
             existing_table_names = [e.GlueTableName for e in existing_tables]
             existing_dataset_tables_map = {t.GlueTableName: t for t in existing_tables}
 
-            DatasetTable.update_existing_tables_status(existing_tables, glue_tables)
+            DatasetTableService.update_existing_tables_status(existing_tables, glue_tables)
             logger.info(
                 f'existing_tables={glue_tables}'
             )
@@ -284,7 +284,7 @@ def sync(session, datasetUri, glue_tables=None):
                         table.get('Parameters', {})
                     )
 
-                DatasetTable.sync_table_columns(session, updated_table, table)
+                DatasetTableService.sync_table_columns(session, updated_table, table)
 
         return True
 
@@ -300,7 +300,7 @@ def update_existing_tables_status(existing_tables, glue_tables):
     @staticmethod
     def sync_table_columns(session, dataset_table, glue_table):
 
-        DatasetTable.delete_all_table_columns(session, dataset_table)
+        DatasetTableService.delete_all_table_columns(session, dataset_table)
 
         columns = [
             {**item, **{'columnType': 'column'}}
diff --git a/backend/dataall/tasks/subscriptions/subscription_service.py b/backend/dataall/tasks/subscriptions/subscription_service.py
index 7b2a6d461..bf7eded35 100644
--- a/backend/dataall/tasks/subscriptions/subscription_service.py
+++ b/backend/dataall/tasks/subscriptions/subscription_service.py
@@ -14,7 +14,7 @@
 from ...db import models
 from ...tasks.subscriptions import poll_queues
 from ...utils import json_utils
-from dataall.modules.datasets.services.dataset_table import DatasetTable
+from dataall.modules.datasets.services.dataset_table import DatasetTableService
 
 root = logging.getLogger()
 root.setLevel(logging.INFO)
@@ -65,7 +65,7 @@ def notify_consumers(engine, messages):
     @staticmethod
     def publish_table_update_message(engine, message):
         with engine.scoped_session() as session:
-            table: models.DatasetTable = DatasetTable.get_table_by_s3_prefix(
+            table: models.DatasetTable = DatasetTableService.get_table_by_s3_prefix(
                 session,
                 message.get('prefix'),
                 message.get('accountid'),
@@ -136,7 +136,7 @@ def publish_location_update_message(session, message):
     @staticmethod
     def store_dataquality_results(session, message):
 
-        table: models.DatasetTable = DatasetTable.get_table_by_s3_prefix(
+        table: models.DatasetTable = DatasetTableService.get_table_by_s3_prefix(
             session,
             message.get('prefix'),
             message.get('accountid'),
diff --git a/backend/dataall/tasks/tables_syncer.py b/backend/dataall/tasks/tables_syncer.py
index 5e6e8d48e..7d2781ccf 100644
--- a/backend/dataall/tasks/tables_syncer.py
+++ b/backend/dataall/tasks/tables_syncer.py
@@ -13,7 +13,7 @@
     connect,
 )
 from ..utils.alarm_service import AlarmService
-from dataall.modules.datasets.services.dataset_table import DatasetTable
+from dataall.modules.datasets.services.dataset_table import DatasetTableService
 
 root = logging.getLogger()
 root.setLevel(logging.INFO)
@@ -64,7 +64,7 @@ def sync_tables(engine, es=None):
                         f'Found {len(tables)} tables on Glue database {dataset.GlueDatabaseName}'
                     )
 
-                    DatasetTable.sync(
+                    DatasetTableService.sync(
                         session, dataset.datasetUri, glue_tables=tables
                     )
 
diff --git a/tests/api/test_dataset_table.py b/tests/api/test_dataset_table.py
index af27529d5..82548252b 100644
--- a/tests/api/test_dataset_table.py
+++ b/tests/api/test_dataset_table.py
@@ -3,7 +3,7 @@
 import pytest
 
 import dataall
-from dataall.modules.datasets.services.dataset_table import DatasetTable
+from dataall.modules.datasets.services.dataset_table import DatasetTableService
 
 
 @pytest.fixture(scope='module', autouse=True)
@@ -290,7 +290,7 @@ def test_sync_tables_and_columns(client, table, dataset1, db):
             },
         ]
 
-        assert DatasetTable.sync(session, dataset1.datasetUri, glue_tables)
+        assert DatasetTableService.sync(session, dataset1.datasetUri, glue_tables)
         new_table: dataall.db.models.DatasetTable = (
             session.query(dataall.db.models.DatasetTable)
             .filter(dataall.db.models.DatasetTable.name == 'new_table')

From b7922ed51c674e210c66a0bd298dae099c9eface Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 11 Apr 2023 14:19:02 +0200
Subject: [PATCH 018/346] Dataset refactoring

Moved DatasetTableColumn to modules
---
 backend/dataall/api/Objects/Feed/resolvers.py |  5 ++--
 .../dataall/api/Objects/Glossary/resolvers.py |  5 ++--
 backend/dataall/aws/handlers/glue.py          |  5 ++--
 backend/dataall/db/api/glossary.py            | 11 +++----
 backend/dataall/db/models/__init__.py         |  1 -
 .../datasets/api/table_column/resolvers.py    | 21 +++++++-------
 .../dataall/modules/datasets/db/__init__.py   |  1 +
 .../datasets/db/table_column_model.py}        |  4 +--
 .../datasets/services/dataset_table.py        |  9 +++---
 tests/api/test_dataset_table.py               | 29 ++++++++++---------
 tests/api/test_glossary.py                    |  5 ++--
 11 files changed, 52 insertions(+), 44 deletions(-)
 create mode 100644 backend/dataall/modules/datasets/db/__init__.py
 rename backend/dataall/{db/models/DatasetTableColumn.py => modules/datasets/db/table_column_model.py} (91%)

diff --git a/backend/dataall/api/Objects/Feed/resolvers.py b/backend/dataall/api/Objects/Feed/resolvers.py
index a6c0535de..cbde23f0d 100644
--- a/backend/dataall/api/Objects/Feed/resolvers.py
+++ b/backend/dataall/api/Objects/Feed/resolvers.py
@@ -2,6 +2,7 @@
 
 from ....api.context import Context
 from ....db import paginate, models
+from dataall.modules.datasets.db.table_column_model import DatasetTableColumn
 
 
 class Feed:
@@ -19,7 +20,7 @@ def targetType(self):
 
 
 def resolve_feed_target_type(obj, *_):
-    if isinstance(obj, models.DatasetTableColumn):
+    if isinstance(obj, DatasetTableColumn):
         return 'DatasetTableColumn'
     elif isinstance(obj, models.Worksheet):
         return 'Worksheet'
@@ -44,7 +45,7 @@ def resolve_target(context: Context, source: Feed, **kwargs):
         model = {
             'Dataset': models.Dataset,
             'DatasetTable': models.DatasetTable,
-            'DatasetTableColumn': models.DatasetTableColumn,
+            'DatasetTableColumn': DatasetTableColumn,
             'DatasetStorageLocation': models.DatasetStorageLocation,
             'Dashboard': models.Dashboard,
             'DataPipeline': models.DataPipeline,
diff --git a/backend/dataall/api/Objects/Glossary/resolvers.py b/backend/dataall/api/Objects/Glossary/resolvers.py
index 801bd27dc..847f16ac6 100644
--- a/backend/dataall/api/Objects/Glossary/resolvers.py
+++ b/backend/dataall/api/Objects/Glossary/resolvers.py
@@ -11,6 +11,7 @@
 from ....api.constants import (
     GlossaryRole
 )
+from dataall.modules.datasets.db.table_column_model import DatasetTableColumn
 
 
 def resolve_glossary_node(obj: models.GlossaryNode, *_):
@@ -322,7 +323,7 @@ def get_link(context: Context, source, linkUri: str = None):
 
 
 def target_union_resolver(obj, *_):
-    if isinstance(obj, models.DatasetTableColumn):
+    if isinstance(obj, DatasetTableColumn):
         return 'DatasetTableColumn'
     elif isinstance(obj, models.DatasetTable):
         return 'DatasetTable'
@@ -341,7 +342,7 @@ def resolve_link_target(context, source, **kwargs):
         model = {
             'Dataset': models.Dataset,
             'DatasetTable': models.DatasetTable,
-            'Column': models.DatasetTableColumn,
+            'Column': DatasetTableColumn,
             'DatasetStorageLocation': models.DatasetStorageLocation,
             'Dashboard': models.Dashboard,
         }[source.targetType]
diff --git a/backend/dataall/aws/handlers/glue.py b/backend/dataall/aws/handlers/glue.py
index 88f68fc84..ca00a81f5 100644
--- a/backend/dataall/aws/handlers/glue.py
+++ b/backend/dataall/aws/handlers/glue.py
@@ -7,6 +7,7 @@
 from ... import db
 from ...db import models
 from dataall.modules.datasets.services.dataset_table import DatasetTableService
+from dataall.modules.datasets.db.table_column_model import DatasetTableColumn
 
 log = logging.getLogger('aws:glue')
 
@@ -525,8 +526,8 @@ def _update_existing_crawler(glue, accountid, crawler_name, targets, database):
     @Worker.handler('glue.table.update_column')
     def update_table_columns(engine, task: models.Task):
         with engine.scoped_session() as session:
-            column: models.DatasetTableColumn = session.query(
-                models.DatasetTableColumn
+            column: DatasetTableColumn = session.query(
+                DatasetTableColumn
             ).get(task.targetUri)
             table: models.DatasetTable = session.query(models.DatasetTable).get(
                 column.tableUri
diff --git a/backend/dataall/db/api/glossary.py b/backend/dataall/db/api/glossary.py
index 1616141c8..c6313e007 100644
--- a/backend/dataall/db/api/glossary.py
+++ b/backend/dataall/db/api/glossary.py
@@ -9,6 +9,7 @@
     has_tenant_perm,
 )
 from ..models.Glossary import GlossaryNodeStatus
+from dataall.modules.datasets.db.table_column_model import DatasetTableColumn
 
 logger = logging.getLogger(__name__)
 
@@ -133,7 +134,7 @@ def link_term(session, username, groups, uri, data=None, check_perm=None):
         elif targetType == 'Folder':
             target = session.query(models.DatasetStorageLocation).get(targetUri)
         elif targetType == 'Column':
-            target = session.query(models.DatasetTableColumn).get(targetUri)
+            target = session.query(DatasetTableColumn).get(targetUri)
         elif targetType == 'Dashboard':
             target = session.query(models.Dashboard).get(targetUri)
         else:
@@ -361,11 +362,11 @@ def list_term_associations(
             models.DatasetTable.description.label('description'),
         )
         columns = session.query(
-            models.DatasetTableColumn.columnUri.label('targetUri'),
+            DatasetTableColumn.columnUri.label('targetUri'),
             literal('column').label('targetType'),
-            models.DatasetTableColumn.label.label('label'),
-            models.DatasetTableColumn.name.label('name'),
-            models.DatasetTableColumn.description.label('description'),
+            DatasetTableColumn.label.label('label'),
+            DatasetTableColumn.name.label('name'),
+            DatasetTableColumn.description.label('description'),
         )
         folders = session.query(
             models.DatasetStorageLocation.locationUri.label('targetUri'),
diff --git a/backend/dataall/db/models/__init__.py b/backend/dataall/db/models/__init__.py
index 1ce567c87..1ab4134b3 100644
--- a/backend/dataall/db/models/__init__.py
+++ b/backend/dataall/db/models/__init__.py
@@ -9,7 +9,6 @@
 from .DatasetQualityRule import DatasetQualityRule
 from .DatasetStorageLocation import DatasetStorageLocation
 from .DatasetTable import DatasetTable
-from .DatasetTableColumn import DatasetTableColumn
 from .DatasetTableProfilingJob import DatasetTableProfilingJob
 from .Environment import Environment
 from .EnvironmentGroup import EnvironmentGroup
diff --git a/backend/dataall/modules/datasets/api/table_column/resolvers.py b/backend/dataall/modules/datasets/api/table_column/resolvers.py
index e5e7fd60c..b958f2f7a 100644
--- a/backend/dataall/modules/datasets/api/table_column/resolvers.py
+++ b/backend/dataall/modules/datasets/api/table_column/resolvers.py
@@ -6,6 +6,7 @@
 from dataall.db import paginate, permissions, models
 from dataall.db.api import ResourcePolicy
 from dataall.modules.datasets.services.dataset_table import DatasetTableService
+from dataall.modules.datasets.db.table_column_model import DatasetTableColumn
 
 
 def list_table_columns(
@@ -22,21 +23,21 @@ def list_table_columns(
         if not source:
             source = DatasetTableService.get_dataset_table_by_uri(session, tableUri)
         q = (
-            session.query(models.DatasetTableColumn)
+            session.query(DatasetTableColumn)
             .filter(
-                models.DatasetTableColumn.tableUri == tableUri,
-                models.DatasetTableColumn.deleted.is_(None),
+                DatasetTableColumn.tableUri == tableUri,
+                DatasetTableColumn.deleted.is_(None),
             )
-            .order_by(models.DatasetTableColumn.columnType.asc())
+            .order_by(DatasetTableColumn.columnType.asc())
         )
         term = filter.get('term')
         if term:
             q = q.filter(
                 or_(
-                    models.DatasetTableColumn.label.ilike('%' + term + '%'),
-                    models.DatasetTableColumn.description.ilike('%' + term + '%'),
+                    DatasetTableColumn.label.ilike('%' + term + '%'),
+                    DatasetTableColumn.description.ilike('%' + term + '%'),
                 )
-            ).order_by(models.DatasetTableColumn.columnType.asc())
+            ).order_by(DatasetTableColumn.columnType.asc())
 
     return paginate(
         q, page=filter.get('page', 1), page_size=filter.get('pageSize', 65)
@@ -61,7 +62,7 @@ def sync_table_columns(context: Context, source, tableUri: str = None):
     return list_table_columns(context, source=table, tableUri=tableUri)
 
 
-def resolve_terms(context, source: models.DatasetTableColumn, **kwargs):
+def resolve_terms(context, source: DatasetTableColumn, **kwargs):
     if not source:
         return None
     with context.engine.scoped_session() as session:
@@ -75,8 +76,8 @@ def update_table_column(
     context: Context, source, columnUri: str = None, input: dict = None
 ):
     with context.engine.scoped_session() as session:
-        column: models.DatasetTableColumn = session.query(
-            models.DatasetTableColumn
+        column: DatasetTableColumn = session.query(
+            DatasetTableColumn
         ).get(columnUri)
         if not column:
             raise db.exceptions.ObjectNotFound('Column', columnUri)
diff --git a/backend/dataall/modules/datasets/db/__init__.py b/backend/dataall/modules/datasets/db/__init__.py
new file mode 100644
index 000000000..104b49a42
--- /dev/null
+++ b/backend/dataall/modules/datasets/db/__init__.py
@@ -0,0 +1 @@
+"""Database logic for datasets"""
diff --git a/backend/dataall/db/models/DatasetTableColumn.py b/backend/dataall/modules/datasets/db/table_column_model.py
similarity index 91%
rename from backend/dataall/db/models/DatasetTableColumn.py
rename to backend/dataall/modules/datasets/db/table_column_model.py
index f4fe1f7d6..4d3d7e009 100644
--- a/backend/dataall/db/models/DatasetTableColumn.py
+++ b/backend/dataall/modules/datasets/db/table_column_model.py
@@ -1,7 +1,7 @@
 from sqlalchemy import Column, String
 
-from .. import Base
-from .. import Resource, utils
+from dataall.db import Base
+from dataall.db import Resource, utils
 
 
 class DatasetTableColumn(Resource, Base):
diff --git a/backend/dataall/modules/datasets/services/dataset_table.py b/backend/dataall/modules/datasets/services/dataset_table.py
index eeeb99f1d..873cbe01e 100644
--- a/backend/dataall/modules/datasets/services/dataset_table.py
+++ b/backend/dataall/modules/datasets/services/dataset_table.py
@@ -6,6 +6,7 @@
 from dataall.db.api import has_tenant_perm, has_resource_perm, Glossary, ResourcePolicy, Environment
 from dataall.db.models import Dataset
 from dataall.utils import json_utils
+from dataall.modules.datasets.db.table_column_model import DatasetTableColumn
 
 logger = logging.getLogger(__name__)
 
@@ -315,7 +316,7 @@ def sync_table_columns(session, dataset_table, glue_table):
         logger.debug(f'Found partitions {partitions} for table {dataset_table}')
 
         for col in columns + partitions:
-            table_col = models.DatasetTableColumn(
+            table_col = DatasetTableColumn(
                 name=col['Name'],
                 description=col.get('Comment', 'No description provided'),
                 label=col['Name'],
@@ -333,11 +334,11 @@ def sync_table_columns(session, dataset_table, glue_table):
 
     @staticmethod
     def delete_all_table_columns(session, dataset_table):
-        session.query(models.DatasetTableColumn).filter(
+        session.query(DatasetTableColumn).filter(
             and_(
-                models.DatasetTableColumn.GlueDatabaseName
+                DatasetTableColumn.GlueDatabaseName
                 == dataset_table.GlueDatabaseName,
-                models.DatasetTableColumn.GlueTableName == dataset_table.GlueTableName,
+                DatasetTableColumn.GlueTableName == dataset_table.GlueTableName,
             )
         ).delete()
         session.commit()
diff --git a/tests/api/test_dataset_table.py b/tests/api/test_dataset_table.py
index 82548252b..a2fcb2add 100644
--- a/tests/api/test_dataset_table.py
+++ b/tests/api/test_dataset_table.py
@@ -4,6 +4,7 @@
 
 import dataall
 from dataall.modules.datasets.services.dataset_table import DatasetTableService
+from dataall.modules.datasets.db.table_column_model import DatasetTableColumn
 
 
 @pytest.fixture(scope='module', autouse=True)
@@ -112,7 +113,7 @@ def test_add_columns(table, dataset1, db):
             .filter(dataall.db.models.DatasetTable.name == 'table1')
             .first()
         )
-        table_col = dataall.db.models.DatasetTableColumn(
+        table_col = DatasetTableColumn(
             name='col1',
             description='None',
             label='col1',
@@ -186,8 +187,8 @@ def test_update_dataset_table_column(client, table, dataset1, db):
             .first()
         )
         column = (
-            session.query(dataall.db.models.DatasetTableColumn)
-            .filter(dataall.db.models.DatasetTableColumn.tableUri == table.tableUri)
+            session.query(DatasetTableColumn)
+            .filter(DatasetTableColumn.tableUri == table.tableUri)
             .first()
         )
         response = client.query(
@@ -208,7 +209,7 @@ def test_update_dataset_table_column(client, table, dataset1, db):
             response.data.updateDatasetTableColumn.description == 'My new description'
         )
 
-        column = session.query(dataall.db.models.DatasetTableColumn).get(
+        column = session.query(DatasetTableColumn).get(
             column.columnUri
         )
         assert column.description == 'My new description'
@@ -235,8 +236,8 @@ def test_sync_tables_and_columns(client, table, dataset1, db):
             .first()
         )
         column = (
-            session.query(dataall.db.models.DatasetTableColumn)
-            .filter(dataall.db.models.DatasetTableColumn.tableUri == table.tableUri)
+            session.query(DatasetTableColumn)
+            .filter(DatasetTableColumn.tableUri == table.tableUri)
             .first()
         )
         glue_tables = [
@@ -298,10 +299,10 @@ def test_sync_tables_and_columns(client, table, dataset1, db):
         )
         assert new_table
         assert new_table.GlueTableName == 'new_table'
-        columns: [dataall.db.models.DatasetTableColumn] = (
-            session.query(dataall.db.models.DatasetTableColumn)
-            .filter(dataall.db.models.DatasetTableColumn.tableUri == new_table.tableUri)
-            .order_by(dataall.db.models.DatasetTableColumn.columnType.asc())
+        columns: [DatasetTableColumn] = (
+            session.query(DatasetTableColumn)
+            .filter(DatasetTableColumn.tableUri == new_table.tableUri)
+            .order_by(DatasetTableColumn.columnType.asc())
             .all()
         )
         assert len(columns) == 2
@@ -315,10 +316,10 @@ def test_sync_tables_and_columns(client, table, dataset1, db):
         )
         assert existing_table
         assert existing_table.GlueTableName == 'table1'
-        columns: [dataall.db.models.DatasetTableColumn] = (
-            session.query(dataall.db.models.DatasetTableColumn)
-            .filter(dataall.db.models.DatasetTableColumn.tableUri == new_table.tableUri)
-            .order_by(dataall.db.models.DatasetTableColumn.columnType.asc())
+        columns: [DatasetTableColumn] = (
+            session.query(DatasetTableColumn)
+            .filter(DatasetTableColumn.tableUri == new_table.tableUri)
+            .order_by(DatasetTableColumn.columnType.asc())
             .all()
         )
         assert len(columns) == 2
diff --git a/tests/api/test_glossary.py b/tests/api/test_glossary.py
index 157c6cd2c..8276dca8c 100644
--- a/tests/api/test_glossary.py
+++ b/tests/api/test_glossary.py
@@ -1,5 +1,6 @@
 from typing import List
 from dataall.db import models
+from dataall.modules.datasets.db.table_column_model import DatasetTableColumn
 import pytest
 
 
@@ -48,11 +49,11 @@ def _table(db, _dataset) -> models.DatasetTable:
 
 
 @pytest.fixture(scope='module', autouse=True)
-def _columns(db, _dataset, _table) -> List[models.DatasetTableColumn]:
+def _columns(db, _dataset, _table) -> List[DatasetTableColumn]:
     with db.scoped_session() as session:
         cols = []
         for i in range(0, 10):
-            c = models.DatasetTableColumn(
+            c = DatasetTableColumn(
                 datasetUri=_dataset.datasetUri,
                 tableUri=_table.tableUri,
                 label=f'c{i+1}',

From 1771bcaa4fc590eda8ca01537e544b2e1f5fa317 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 11 Apr 2023 14:28:27 +0200
Subject: [PATCH 019/346] Notebooks doesn't require tasks

---
 backend/dataall/modules/notebooks/tasks/__init__.py | 1 -
 1 file changed, 1 deletion(-)
 delete mode 100644 backend/dataall/modules/notebooks/tasks/__init__.py

diff --git a/backend/dataall/modules/notebooks/tasks/__init__.py b/backend/dataall/modules/notebooks/tasks/__init__.py
deleted file mode 100644
index 7da194e3b..000000000
--- a/backend/dataall/modules/notebooks/tasks/__init__.py
+++ /dev/null
@@ -1 +0,0 @@
-"""Currently notebooks don't have tasks, but this module needed for correct loading"""

From 3d1603f21806bbaa099d70f9af072c5f2d40a5e4 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 11 Apr 2023 14:31:07 +0200
Subject: [PATCH 020/346] Renamed tasks to handlers

Currently, only async handlers require dedicated loading. Long-running tasks (scheduled tasks) might not need to have a dedicated loading mode
---
 backend/aws_handler.py            | 2 +-
 backend/dataall/modules/loader.py | 8 ++++----
 backend/local_graphql_server.py   | 2 +-
 tests/conftest.py                 | 2 +-
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/backend/aws_handler.py b/backend/aws_handler.py
index 872c8f433..ec5382b6f 100644
--- a/backend/aws_handler.py
+++ b/backend/aws_handler.py
@@ -14,7 +14,7 @@
 
 engine = get_engine(envname=ENVNAME)
 
-load_modules(modes=[ImportMode.TASKS])
+load_modules(modes=[ImportMode.HANDLERS])
 
 
 def handler(event, context=None):
diff --git a/backend/dataall/modules/loader.py b/backend/dataall/modules/loader.py
index aa4a656d4..9fa3c69bf 100644
--- a/backend/dataall/modules/loader.py
+++ b/backend/dataall/modules/loader.py
@@ -2,7 +2,7 @@
 import importlib
 import logging
 from abc import ABC, abstractmethod
-from enum import Enum
+from enum import Enum, auto
 from typing import List
 
 from dataall.core.config import config
@@ -19,9 +19,9 @@ class ImportMode(Enum):
     of functionality to be loaded, there should be different loading modes
     """
 
-    API = "api"
-    CDK = "cdk"
-    TASKS = "tasks"
+    API = auto()
+    CDK = auto()
+    HANDLERS = auto()
 
 
 class ModuleInterface(ABC):
diff --git a/backend/local_graphql_server.py b/backend/local_graphql_server.py
index 3783ba0a3..44f79a087 100644
--- a/backend/local_graphql_server.py
+++ b/backend/local_graphql_server.py
@@ -30,7 +30,7 @@
 es = connect(envname=ENVNAME)
 logger.info('Connected')
 # create_schema_and_tables(engine, envname=ENVNAME)
-load_modules(modes=[ImportMode.API, ImportMode.TASKS])
+load_modules(modes=[ImportMode.API, ImportMode.HANDLERS])
 Base.metadata.create_all(engine.engine)
 CDKPROXY_URL = (
     'http://cdkproxy:2805' if ENVNAME == 'dkrcompose' else 'http://localhost:2805'
diff --git a/tests/conftest.py b/tests/conftest.py
index a67d6bd41..2767a66a3 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -3,7 +3,7 @@
 import dataall
 from dataall.modules.loader import load_modules, ImportMode
 
-load_modules(modes=[ImportMode.TASKS, ImportMode.API, ImportMode.CDK])
+load_modules(modes=[ImportMode.HANDLERS, ImportMode.API, ImportMode.CDK])
 ENVNAME = os.environ.get('envname', 'pytest')
 
 

From fb6b515103927e80f96d8248ddb95568a08b7f7c Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 11 Apr 2023 16:00:18 +0200
Subject: [PATCH 021/346] Dataset refactoring

Extracted code from glue to glue_column_handler
Added handlers importing for datasets
---
 backend/dataall/aws/handlers/glue.py          |  99 ---------------
 backend/dataall/db/api/redshift_cluster.py    |   6 +-
 backend/dataall/modules/datasets/__init__.py  |  15 ++-
 .../modules/datasets/handlers/__init__.py     |   8 ++
 .../datasets/handlers/glue_column_handler.py  | 113 ++++++++++++++++++
 5 files changed, 138 insertions(+), 103 deletions(-)
 create mode 100644 backend/dataall/modules/datasets/handlers/__init__.py
 create mode 100644 backend/dataall/modules/datasets/handlers/glue_column_handler.py

diff --git a/backend/dataall/aws/handlers/glue.py b/backend/dataall/aws/handlers/glue.py
index ca00a81f5..4bfda7ce3 100644
--- a/backend/dataall/aws/handlers/glue.py
+++ b/backend/dataall/aws/handlers/glue.py
@@ -7,7 +7,6 @@
 from ... import db
 from ...db import models
 from dataall.modules.datasets.services.dataset_table import DatasetTableService
-from dataall.modules.datasets.db.table_column_model import DatasetTableColumn
 
 log = logging.getLogger('aws:glue')
 
@@ -522,104 +521,6 @@ def _update_existing_crawler(glue, accountid, crawler_name, targets, database):
             else:
                 raise e
 
-    @staticmethod
-    @Worker.handler('glue.table.update_column')
-    def update_table_columns(engine, task: models.Task):
-        with engine.scoped_session() as session:
-            column: DatasetTableColumn = session.query(
-                DatasetTableColumn
-            ).get(task.targetUri)
-            table: models.DatasetTable = session.query(models.DatasetTable).get(
-                column.tableUri
-            )
-            try:
-                aws_session = SessionHelper.remote_session(table.AWSAccountId)
-
-                Glue.grant_pivot_role_all_table_permissions(aws_session, table)
-
-                glue_client = aws_session.client('glue', region_name=table.region)
-
-                original_table = glue_client.get_table(
-                    CatalogId=table.AWSAccountId,
-                    DatabaseName=table.GlueDatabaseName,
-                    Name=table.name,
-                )
-                updated_table = {
-                    k: v
-                    for k, v in original_table['Table'].items()
-                    if k
-                    not in [
-                        'CatalogId',
-                        'VersionId',
-                        'DatabaseName',
-                        'CreateTime',
-                        'UpdateTime',
-                        'CreatedBy',
-                        'IsRegisteredWithLakeFormation',
-                    ]
-                }
-                all_columns = updated_table.get('StorageDescriptor', {}).get(
-                    'Columns', []
-                ) + updated_table.get('PartitionKeys', [])
-                for col in all_columns:
-                    if col['Name'] == column.name:
-                        col['Comment'] = column.description
-                        log.info(
-                            f'Found column {column.name} adding description {column.description}'
-                        )
-                        response = glue_client.update_table(
-                            DatabaseName=table.GlueDatabaseName,
-                            TableInput=updated_table,
-                        )
-                        log.info(
-                            f'Column {column.name} updated successfully: {response}'
-                        )
-                return True
-
-            except ClientError as e:
-                log.error(
-                    f'Failed to update table column {column.name} description: {e}'
-                )
-                raise e
-
-    @staticmethod
-    def grant_pivot_role_all_table_permissions(aws_session, table):
-        """
-        Pivot role needs to have all permissions
-        for tables managed inside dataall
-        :param aws_session:
-        :param table:
-        :return:
-        """
-        try:
-            lf_client = aws_session.client('lakeformation', region_name=table.region)
-            grant_dict = dict(
-                Principal={
-                    'DataLakePrincipalIdentifier': SessionHelper.get_delegation_role_arn(
-                        table.AWSAccountId
-                    )
-                },
-                Resource={
-                    'Table': {
-                        'DatabaseName': table.GlueDatabaseName,
-                        'Name': table.name,
-                    }
-                },
-                Permissions=['SELECT', 'ALTER', 'DROP', 'INSERT'],
-            )
-            response = lf_client.grant_permissions(**grant_dict)
-            log.error(
-                f'Successfully granted pivot role all table '
-                f'aws://{table.AWSAccountId}/{table.GlueDatabaseName}/{table.name} '
-                f'access: {response}'
-            )
-        except ClientError as e:
-            log.error(
-                f'Failed to grant pivot role all table '
-                f'aws://{table.AWSAccountId}/{table.GlueDatabaseName}/{table.name} '
-                f'access: {e}'
-            )
-            raise e
 
     @staticmethod
     @Worker.handler('glue.table.columns')
diff --git a/backend/dataall/db/api/redshift_cluster.py b/backend/dataall/db/api/redshift_cluster.py
index 91e687d2b..4167a555a 100644
--- a/backend/dataall/db/api/redshift_cluster.py
+++ b/backend/dataall/db/api/redshift_cluster.py
@@ -3,13 +3,13 @@
 from sqlalchemy import and_, or_, literal
 
 from .. import models, api, exceptions, paginate, permissions
-from . import has_resource_perm, ResourcePolicy, DatasetTable, Environment, Dataset
-from ..models.Enums import ShareItemStatus
+from . import has_resource_perm, ResourcePolicy, Environment, Dataset
 from ...utils.naming_convention import (
     NamingConventionService,
     NamingConventionPattern,
 )
 from ...utils.slugify import slugify
+from dataall.modules.datasets.services.dataset_table import DatasetTableService
 
 log = logging.getLogger(__name__)
 
@@ -495,7 +495,7 @@ def enable_copy_table(
         session, username, groups, uri, data=None, check_perm=True
     ) -> models.RedshiftClusterDatasetTable:
         cluster = RedshiftCluster.get_redshift_cluster_by_uri(session, uri)
-        table = DatasetTable.get_dataset_table_by_uri(session, data['tableUri'])
+        table = DatasetTableService.get_dataset_table_by_uri(session, data['tableUri'])
         table = models.RedshiftClusterDatasetTable(
             clusterUri=uri,
             datasetUri=data['datasetUri'],
diff --git a/backend/dataall/modules/datasets/__init__.py b/backend/dataall/modules/datasets/__init__.py
index 67298a06e..cd52bc207 100644
--- a/backend/dataall/modules/datasets/__init__.py
+++ b/backend/dataall/modules/datasets/__init__.py
@@ -1,12 +1,14 @@
 """Contains the code related to datasets"""
 import logging
+from typing import List
+
 from dataall.modules.loader import ModuleInterface, ImportMode
 
 log = logging.getLogger(__name__)
 
 
 class DatasetApiModuleInterface(ModuleInterface):
-    """Implements ModuleInterface for notebook GraphQl lambda"""
+    """Implements ModuleInterface for dataset GraphQl lambda"""
 
     @classmethod
     def is_supported(cls, modes):
@@ -16,3 +18,14 @@ def __init__(self):
         import dataall.modules.datasets.api
         log.info("API of datasets has been imported")
 
+
+class DatasetAsyncHandlersModuleInterface(ModuleInterface):
+    """Implements ModuleInterface for dataset async lambda"""
+
+    @classmethod
+    def is_supported(cls, modes: List[ImportMode]):
+        return ImportMode.HANDLERS in modes
+
+    def __init__(self):
+        import dataall.modules.datasets.handlers
+        log.info("Dataset handlers have been imported")
diff --git a/backend/dataall/modules/datasets/handlers/__init__.py b/backend/dataall/modules/datasets/handlers/__init__.py
new file mode 100644
index 000000000..7ed90c729
--- /dev/null
+++ b/backend/dataall/modules/datasets/handlers/__init__.py
@@ -0,0 +1,8 @@
+"""
+Contains code with the handlers that are need for async
+processing in a separate lambda function
+"""
+from dataall.modules.datasets.handlers import glue_column_handler
+
+__all__ = ["glue_column_handler"]
+
diff --git a/backend/dataall/modules/datasets/handlers/glue_column_handler.py b/backend/dataall/modules/datasets/handlers/glue_column_handler.py
new file mode 100644
index 000000000..e7f8d358b
--- /dev/null
+++ b/backend/dataall/modules/datasets/handlers/glue_column_handler.py
@@ -0,0 +1,113 @@
+import logging
+
+from botocore.exceptions import ClientError
+
+from dataall.aws.handlers.sts import SessionHelper
+from dataall.db import models
+from dataall.aws.handlers.service_handlers import Worker
+from dataall.modules.datasets.db.table_column_model import DatasetTableColumn
+
+log = logging.getLogger(__name__)
+
+
+class DatasetColumnGlueHandler:
+    """A handler for dataset table columns"""
+
+    @staticmethod
+    @Worker.handler('glue.table.update_column')
+    def update_table_columns(engine, task: models.Task):
+        with engine.scoped_session() as session:
+            column: DatasetTableColumn = session.query(
+                DatasetTableColumn
+            ).get(task.targetUri)
+            table: models.DatasetTable = session.query(models.DatasetTable).get(
+                column.tableUri
+            )
+            try:
+                aws_session = SessionHelper.remote_session(table.AWSAccountId)
+
+                DatasetColumnGlueHandler.grant_pivot_role_all_table_permissions(aws_session, table)
+
+                glue_client = aws_session.client('glue', region_name=table.region)
+
+                original_table = glue_client.get_table(
+                    CatalogId=table.AWSAccountId,
+                    DatabaseName=table.GlueDatabaseName,
+                    Name=table.name,
+                )
+                updated_table = {
+                    k: v
+                    for k, v in original_table['Table'].items()
+                    if k
+                       not in [
+                           'CatalogId',
+                           'VersionId',
+                           'DatabaseName',
+                           'CreateTime',
+                           'UpdateTime',
+                           'CreatedBy',
+                           'IsRegisteredWithLakeFormation',
+                       ]
+                }
+                all_columns = updated_table.get('StorageDescriptor', {}).get(
+                    'Columns', []
+                ) + updated_table.get('PartitionKeys', [])
+                for col in all_columns:
+                    if col['Name'] == column.name:
+                        col['Comment'] = column.description
+                        log.info(
+                            f'Found column {column.name} adding description {column.description}'
+                        )
+                        response = glue_client.update_table(
+                            DatabaseName=table.GlueDatabaseName,
+                            TableInput=updated_table,
+                        )
+                        log.info(
+                            f'Column {column.name} updated successfully: {response}'
+                        )
+                return True
+
+            except ClientError as e:
+                log.error(
+                    f'Failed to update table column {column.name} description: {e}'
+                )
+                raise e
+
+    @staticmethod
+    def grant_pivot_role_all_table_permissions(aws_session, table):
+        """
+        Pivot role needs to have all permissions
+        for tables managed inside dataall
+        :param aws_session:
+        :param table:
+        :return:
+        """
+        try:
+            lf_client = aws_session.client('lakeformation', region_name=table.region)
+            grant_dict = dict(
+                Principal={
+                    'DataLakePrincipalIdentifier': SessionHelper.get_delegation_role_arn(
+                        table.AWSAccountId
+                    )
+                },
+                Resource={
+                    'Table': {
+                        'DatabaseName': table.GlueDatabaseName,
+                        'Name': table.name,
+                    }
+                },
+                Permissions=['SELECT', 'ALTER', 'DROP', 'INSERT'],
+            )
+            response = lf_client.grant_permissions(**grant_dict)
+            log.error(
+                f'Successfully granted pivot role all table '
+                f'aws://{table.AWSAccountId}/{table.GlueDatabaseName}/{table.name} '
+                f'access: {response}'
+            )
+        except ClientError as e:
+            log.error(
+                f'Failed to grant pivot role all table '
+                f'aws://{table.AWSAccountId}/{table.GlueDatabaseName}/{table.name} '
+                f'access: {e}'
+            )
+            raise e

From e3596a553a42d42baddcb3d36bd2b71b60f101a2 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 11 Apr 2023 17:18:46 +0200
Subject: [PATCH 022/346] Dataset refactoring

Extracted the code for dataset table handler
---
 backend/dataall/aws/handlers/glue.py          | 15 ----------
 .../modules/datasets/handlers/__init__.py     |  7 +++--
 .../datasets/handlers/glue_table_handler.py   | 30 +++++++++++++++++++
 3 files changed, 35 insertions(+), 17 deletions(-)
 create mode 100644 backend/dataall/modules/datasets/handlers/glue_table_handler.py

diff --git a/backend/dataall/aws/handlers/glue.py b/backend/dataall/aws/handlers/glue.py
index 4bfda7ce3..cc8c5cfc7 100644
--- a/backend/dataall/aws/handlers/glue.py
+++ b/backend/dataall/aws/handlers/glue.py
@@ -73,21 +73,6 @@ def database_exists(**data):
             log.info(f'Database {database} does not exist on account {accountid}...')
             return False
 
-    @staticmethod
-    @Worker.handler(path='glue.dataset.database.tables')
-    def list_tables(engine, task: models.Task):
-        with engine.scoped_session() as session:
-            dataset: models.Dataset = db.api.Dataset.get_dataset_by_uri(
-                session, task.targetUri
-            )
-            accountid = dataset.AwsAccountId
-            region = dataset.region
-            tables = Glue.list_glue_database_tables(
-                accountid, dataset.GlueDatabaseName, region
-            )
-            DatasetTableService.sync(session, dataset.datasetUri, glue_tables=tables)
-            return tables
-
     @staticmethod
     def list_glue_database_tables(accountid, database, region):
         aws_session = SessionHelper.remote_session(accountid=accountid)
diff --git a/backend/dataall/modules/datasets/handlers/__init__.py b/backend/dataall/modules/datasets/handlers/__init__.py
index 7ed90c729..19bd47297 100644
--- a/backend/dataall/modules/datasets/handlers/__init__.py
+++ b/backend/dataall/modules/datasets/handlers/__init__.py
@@ -2,7 +2,10 @@
 Contains code with the handlers that are need for async
 processing in a separate lambda function
 """
-from dataall.modules.datasets.handlers import glue_column_handler
+from dataall.modules.datasets.handlers import (
+    glue_column_handler,
+    glue_table_handler
+)
 
-__all__ = ["glue_column_handler"]
+__all__ = ["glue_column_handler", "glue_table_handler"]
 
diff --git a/backend/dataall/modules/datasets/handlers/glue_table_handler.py b/backend/dataall/modules/datasets/handlers/glue_table_handler.py
new file mode 100644
index 000000000..9bb50c501
--- /dev/null
+++ b/backend/dataall/modules/datasets/handlers/glue_table_handler.py
@@ -0,0 +1,30 @@
+import logging
+
+from botocore.exceptions import ClientError
+
+from dataall.aws.handlers.glue import Glue
+from dataall.aws.handlers.service_handlers import Worker
+from dataall.db import models
+from dataall.db.api import Dataset
+from dataall.modules.datasets.services.dataset_table import DatasetTableService
+
+log = logging.getLogger(__name__)
+
+
+class DatasetColumnGlueHandler:
+    """A handler for dataset table"""
+
+    @staticmethod
+    @Worker.handler(path='glue.dataset.database.tables')
+    def list_tables(engine, task: models.Task):
+        with engine.scoped_session() as session:
+            dataset: models.Dataset = Dataset.get_dataset_by_uri(
+                session, task.targetUri
+            )
+            account_id = dataset.AwsAccountId
+            region = dataset.region
+            tables = Glue.list_glue_database_tables(
+                account_id, dataset.GlueDatabaseName, region
+            )
+            DatasetTableService.sync(session, dataset.datasetUri, glue_tables=tables)
+            return tables

From 3af2ecfb0f24342eea970b4f9fd4263dbb81fc2e Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 11 Apr 2023 17:28:46 +0200
Subject: [PATCH 023/346] Dataset refactoring

Extracted the long-running task for datasets
---
 .../dataall/modules/datasets/tasks/__init__.py |  1 +
 .../datasets}/tasks/tables_syncer.py           | 18 ++++++++----------
 backend/dataall/tasks/__init__.py              |  1 -
 deploy/stacks/container.py                     |  2 +-
 tests/tasks/test_tables_sync.py                |  4 ++--
 5 files changed, 12 insertions(+), 14 deletions(-)
 create mode 100644 backend/dataall/modules/datasets/tasks/__init__.py
 rename backend/dataall/{ => modules/datasets}/tasks/tables_syncer.py (92%)

diff --git a/backend/dataall/modules/datasets/tasks/__init__.py b/backend/dataall/modules/datasets/tasks/__init__.py
new file mode 100644
index 000000000..da597f309
--- /dev/null
+++ b/backend/dataall/modules/datasets/tasks/__init__.py
@@ -0,0 +1 @@
+"""Code of the long-running tasks that run in ECS"""
diff --git a/backend/dataall/tasks/tables_syncer.py b/backend/dataall/modules/datasets/tasks/tables_syncer.py
similarity index 92%
rename from backend/dataall/tasks/tables_syncer.py
rename to backend/dataall/modules/datasets/tasks/tables_syncer.py
index 7d2781ccf..27a870d60 100644
--- a/backend/dataall/tasks/tables_syncer.py
+++ b/backend/dataall/modules/datasets/tasks/tables_syncer.py
@@ -3,16 +3,14 @@
 import sys
 from operator import and_
 
-from .. import db
-from ..aws.handlers.glue import Glue
-from ..aws.handlers.sts import SessionHelper
-from ..db import get_engine
-from ..db import models
-from ..searchproxy import indexers
-from ..searchproxy.connect import (
-    connect,
-)
-from ..utils.alarm_service import AlarmService
+from dataall import db
+from dataall.aws.handlers.glue import Glue
+from dataall.aws.handlers.sts import SessionHelper
+from dataall.db import get_engine
+from dataall.db import models
+from dataall.searchproxy import indexers
+from dataall.searchproxy.connect import connect
+from dataall.utils.alarm_service import AlarmService
 from dataall.modules.datasets.services.dataset_table import DatasetTableService
 
 root = logging.getLogger()
diff --git a/backend/dataall/tasks/__init__.py b/backend/dataall/tasks/__init__.py
index 02ccaaa8b..89cb28e27 100644
--- a/backend/dataall/tasks/__init__.py
+++ b/backend/dataall/tasks/__init__.py
@@ -1,2 +1 @@
-from .tables_syncer import sync_tables
 from .catalog_indexer import index_objects
diff --git a/deploy/stacks/container.py b/deploy/stacks/container.py
index c313df82e..47fc3d114 100644
--- a/deploy/stacks/container.py
+++ b/deploy/stacks/container.py
@@ -94,7 +94,7 @@ def __init__(
 
         sync_tables_task = self.set_scheduled_task(
             cluster=cluster,
-            command=['python3.8', '-m', 'dataall.tasks.tables_syncer'],
+            command=['python3.8', '-m', 'dataall.modules.datasets.tasks.tables_syncer'],
             container_id=f'container',
             ecr_repository=ecr_repository,
             environment=self._create_env('INFO'),
diff --git a/tests/tasks/test_tables_sync.py b/tests/tasks/test_tables_sync.py
index 812dda1bd..d4e86b83f 100644
--- a/tests/tasks/test_tables_sync.py
+++ b/tests/tasks/test_tables_sync.py
@@ -147,14 +147,14 @@ def _test_tables_sync(db, org, env, sync_dataset, table, mocker):
         ],
     )
     mocker.patch(
-        'dataall.tasks.tables_syncer.is_assumable_pivot_role', return_value=True
+        'dataall.modules.datasets.tables_syncer.is_assumable_pivot_role', return_value=True
     )
     mocker.patch(
         'dataall.aws.handlers.glue.Glue.grant_principals_all_table_permissions',
         return_value=True,
     )
 
-    processed_tables = dataall.tasks.tables_syncer.sync_tables(engine=db)
+    processed_tables = dataall.modules.datasets.tasks.tables_syncer.sync_tables(engine=db)
     assert len(processed_tables) == 2
     with db.scoped_session() as session:
         saved_table: dataall.db.models.DatasetTable = (

From 1a063b2cbe020ba5ffe72587902f0872ed788db4 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 11 Apr 2023 18:34:12 +0200
Subject: [PATCH 024/346] Dataset refactoring

Extracted the subscription service into datasets
---
 .../datasets/tasks}/subscription_service.py      | 16 ++++++++--------
 backend/dataall/tasks/subscriptions/__init__.py  |  1 -
 deploy/stacks/container.py                       |  2 +-
 3 files changed, 9 insertions(+), 10 deletions(-)
 rename backend/dataall/{tasks/subscriptions => modules/datasets/tasks}/subscription_service.py (97%)

diff --git a/backend/dataall/tasks/subscriptions/subscription_service.py b/backend/dataall/modules/datasets/tasks/subscription_service.py
similarity index 97%
rename from backend/dataall/tasks/subscriptions/subscription_service.py
rename to backend/dataall/modules/datasets/tasks/subscription_service.py
index bf7eded35..8674f903a 100644
--- a/backend/dataall/tasks/subscriptions/subscription_service.py
+++ b/backend/dataall/modules/datasets/tasks/subscription_service.py
@@ -6,14 +6,14 @@
 from botocore.exceptions import ClientError
 from sqlalchemy import and_
 
-from ... import db
-from ...aws.handlers.service_handlers import Worker
-from ...aws.handlers.sts import SessionHelper
-from ...aws.handlers.sqs import SqsQueue
-from ...db import get_engine
-from ...db import models
-from ...tasks.subscriptions import poll_queues
-from ...utils import json_utils
+from dataall import db
+from dataall.aws.handlers.service_handlers import Worker
+from dataall.aws.handlers.sts import SessionHelper
+from dataall.aws.handlers.sqs import SqsQueue
+from dataall.db import get_engine
+from dataall.db import models
+from dataall.tasks.subscriptions import poll_queues
+from dataall.utils import json_utils
 from dataall.modules.datasets.services.dataset_table import DatasetTableService
 
 root = logging.getLogger()
diff --git a/backend/dataall/tasks/subscriptions/__init__.py b/backend/dataall/tasks/subscriptions/__init__.py
index f60ca5310..fa0214e42 100644
--- a/backend/dataall/tasks/subscriptions/__init__.py
+++ b/backend/dataall/tasks/subscriptions/__init__.py
@@ -1,2 +1 @@
 from .sqs_poller import poll_queues
-from .subscription_service import SubscriptionService
diff --git a/deploy/stacks/container.py b/deploy/stacks/container.py
index 47fc3d114..d3c761519 100644
--- a/deploy/stacks/container.py
+++ b/deploy/stacks/container.py
@@ -179,7 +179,7 @@ def __init__(
             command=[
                 'python3.8',
                 '-m',
-                'dataall.tasks.subscriptions.subscription_service',
+                'dataall.modules.datasets.tasks.subscription_service',
             ],
             container_id=f'container',
             ecr_repository=ecr_repository,

From b7337142064d4b14a1e247eae5ff412f7db81448 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 11 Apr 2023 18:39:54 +0200
Subject: [PATCH 025/346] Dataset refactoring

Extracted the handler to get table columns
---
 backend/dataall/aws/handlers/glue.py          | 30 -------------------
 .../datasets/handlers/glue_column_handler.py  | 29 ++++++++++++++++++
 2 files changed, 29 insertions(+), 30 deletions(-)

diff --git a/backend/dataall/aws/handlers/glue.py b/backend/dataall/aws/handlers/glue.py
index cc8c5cfc7..e05ce4c54 100644
--- a/backend/dataall/aws/handlers/glue.py
+++ b/backend/dataall/aws/handlers/glue.py
@@ -6,7 +6,6 @@
 from .sts import SessionHelper
 from ... import db
 from ...db import models
-from dataall.modules.datasets.services.dataset_table import DatasetTableService
 
 log = logging.getLogger('aws:glue')
 
@@ -506,35 +505,6 @@ def _update_existing_crawler(glue, accountid, crawler_name, targets, database):
             else:
                 raise e
 
-
-    @staticmethod
-    @Worker.handler('glue.table.columns')
-    def get_table_columns(engine, task: models.Task):
-        with engine.scoped_session() as session:
-            dataset_table: models.DatasetTable = session.query(models.DatasetTable).get(
-                task.targetUri
-            )
-            aws = SessionHelper.remote_session(dataset_table.AWSAccountId)
-            glue_client = aws.client('glue', region_name=dataset_table.region)
-            glue_table = {}
-            try:
-                glue_table = glue_client.get_table(
-                    CatalogId=dataset_table.AWSAccountId,
-                    DatabaseName=dataset_table.GlueDatabaseName,
-                    Name=dataset_table.name,
-                )
-            except glue_client.exceptions.ClientError as e:
-                log.error(
-                    f'Failed to get table aws://{dataset_table.AWSAccountId}'
-                    f'//{dataset_table.GlueDatabaseName}'
-                    f'//{dataset_table.name} due to: '
-                    f'{e}'
-                )
-            DatasetTableService.sync_table_columns(
-                session, dataset_table, glue_table['Table']
-            )
-        return True
-
     @staticmethod
     @Worker.handler(path='glue.job.runs')
     def get_job_runs(engine, task: models.Task):
diff --git a/backend/dataall/modules/datasets/handlers/glue_column_handler.py b/backend/dataall/modules/datasets/handlers/glue_column_handler.py
index e7f8d358b..02003eea2 100644
--- a/backend/dataall/modules/datasets/handlers/glue_column_handler.py
+++ b/backend/dataall/modules/datasets/handlers/glue_column_handler.py
@@ -6,6 +6,7 @@
 from dataall.db import models
 from dataall.aws.handlers.service_handlers import Worker
 from dataall.modules.datasets.db.table_column_model import DatasetTableColumn
+from dataall.modules.datasets.services.dataset_table import DatasetTableService
 
 log = logging.getLogger(__name__)
 
@@ -13,6 +14,34 @@
 class DatasetColumnGlueHandler:
     """A handler for dataset table columns"""
 
+    @staticmethod
+    @Worker.handler('glue.table.columns')
+    def get_table_columns(engine, task: models.Task):
+        with engine.scoped_session() as session:
+            dataset_table: models.DatasetTable = session.query(models.DatasetTable).get(
+                task.targetUri
+            )
+            aws = SessionHelper.remote_session(dataset_table.AWSAccountId)
+            glue_client = aws.client('glue', region_name=dataset_table.region)
+            glue_table = {}
+            try:
+                glue_table = glue_client.get_table(
+                    CatalogId=dataset_table.AWSAccountId,
+                    DatabaseName=dataset_table.GlueDatabaseName,
+                    Name=dataset_table.name,
+                )
+            except glue_client.exceptions.ClientError as e:
+                log.error(
+                    f'Failed to get table aws://{dataset_table.AWSAccountId}'
+                    f'//{dataset_table.GlueDatabaseName}'
+                    f'//{dataset_table.name} due to: '
+                    f'{e}'
+                )
+            DatasetTableService.sync_table_columns(
+                session, dataset_table, glue_table['Table']
+            )
+        return True
+
     @staticmethod
     @Worker.handler('glue.table.update_column')
     def update_table_columns(engine, task: models.Task):

From 2a4e2e09caf2e520118baa1ef22f1fb262541239 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 11 Apr 2023 19:06:39 +0200
Subject: [PATCH 026/346] Extracted feed registry

Needed for migration for modules
---
 backend/dataall/api/Objects/Feed/resolvers.py | 29 ++-------------
 backend/dataall/core/feed/__init__.py         |  1 +
 .../dataall/core/feed/services/__init__.py    |  1 +
 .../core/feed/services/feed_registry.py       | 36 +++++++++++++++++++
 backend/dataall/modules/datasets/__init__.py  |  3 ++
 5 files changed, 44 insertions(+), 26 deletions(-)
 create mode 100644 backend/dataall/core/feed/__init__.py
 create mode 100644 backend/dataall/core/feed/services/__init__.py
 create mode 100644 backend/dataall/core/feed/services/feed_registry.py

diff --git a/backend/dataall/api/Objects/Feed/resolvers.py b/backend/dataall/api/Objects/Feed/resolvers.py
index cbde23f0d..0fff09053 100644
--- a/backend/dataall/api/Objects/Feed/resolvers.py
+++ b/backend/dataall/api/Objects/Feed/resolvers.py
@@ -2,7 +2,7 @@
 
 from ....api.context import Context
 from ....db import paginate, models
-from dataall.modules.datasets.db.table_column_model import DatasetTableColumn
+from dataall.core.feed.services.feed_registry import FeedRegistry
 
 
 class Feed:
@@ -20,37 +20,14 @@ def targetType(self):
 
 
 def resolve_feed_target_type(obj, *_):
-    if isinstance(obj, DatasetTableColumn):
-        return 'DatasetTableColumn'
-    elif isinstance(obj, models.Worksheet):
-        return 'Worksheet'
-    elif isinstance(obj, models.DataPipeline):
-        return 'DataPipeline'
-    elif isinstance(obj, models.DatasetTable):
-        return 'DatasetTable'
-    elif isinstance(obj, models.Dataset):
-        return 'Dataset'
-    elif isinstance(obj, models.DatasetStorageLocation):
-        return 'DatasetStorageLocation'
-    elif isinstance(obj, models.Dashboard):
-        return 'Dashboard'
-    else:
-        return None
+    return FeedRegistry.find_by_model(obj)
 
 
 def resolve_target(context: Context, source: Feed, **kwargs):
     if not source:
         return None
     with context.engine.scoped_session() as session:
-        model = {
-            'Dataset': models.Dataset,
-            'DatasetTable': models.DatasetTable,
-            'DatasetTableColumn': DatasetTableColumn,
-            'DatasetStorageLocation': models.DatasetStorageLocation,
-            'Dashboard': models.Dashboard,
-            'DataPipeline': models.DataPipeline,
-            'Worksheet': models.Worksheet,
-        }[source.targetType]
+        model = FeedRegistry.find(source.targetType)
         target = session.query(model).get(source.targetUri)
     return target
 
diff --git a/backend/dataall/core/feed/__init__.py b/backend/dataall/core/feed/__init__.py
new file mode 100644
index 000000000..d06f5a78f
--- /dev/null
+++ b/backend/dataall/core/feed/__init__.py
@@ -0,0 +1 @@
+"""Contains all code related to feeds"""
diff --git a/backend/dataall/core/feed/services/__init__.py b/backend/dataall/core/feed/services/__init__.py
new file mode 100644
index 000000000..e87be7564
--- /dev/null
+++ b/backend/dataall/core/feed/services/__init__.py
@@ -0,0 +1 @@
+"""Contains business logic of feed"""
diff --git a/backend/dataall/core/feed/services/feed_registry.py b/backend/dataall/core/feed/services/feed_registry.py
new file mode 100644
index 000000000..7a382c057
--- /dev/null
+++ b/backend/dataall/core/feed/services/feed_registry.py
@@ -0,0 +1,36 @@
+from dataclasses import dataclass
+from typing import Dict, Type
+from dataall.db import Resource, models
+
+
+@dataclass
+class FeedDefinition:
+    target_type: str
+    model: Type[Resource]
+
+
+class FeedRegistry:
+    """Registers feeds for different models"""
+    _DEFINITION: Dict[str, FeedDefinition] = {}
+
+    @classmethod
+    def register(cls, feed: FeedDefinition):
+        cls._DEFINITION[feed.target_type] = feed
+
+    @classmethod
+    def find(cls, target_type: str):
+        return cls._DEFINITION[target_type]
+
+    @classmethod
+    def find_by_model(cls, obj: Resource):
+        for target_type, feed in cls._DEFINITION.items():
+            if isinstance(obj, feed.model):
+                return target_type
+        return None
+
+
+FeedRegistry.register(FeedDefinition("Worksheet", models.Worksheet))
+FeedRegistry.register(FeedDefinition("DataPipeline", models.DataPipeline))
+FeedRegistry.register(FeedDefinition("DatasetTable", models.DatasetTable))
+FeedRegistry.register(FeedDefinition("DatasetStorageLocation", models.DatasetStorageLocation))
+FeedRegistry.register(FeedDefinition("Dashboard", models.Dashboard))
diff --git a/backend/dataall/modules/datasets/__init__.py b/backend/dataall/modules/datasets/__init__.py
index cd52bc207..0de251fee 100644
--- a/backend/dataall/modules/datasets/__init__.py
+++ b/backend/dataall/modules/datasets/__init__.py
@@ -2,6 +2,8 @@
 import logging
 from typing import List
 
+from dataall.core.feed.services.feed_registry import FeedRegistry, FeedDefinition
+from dataall.modules.datasets.db.table_column_model import DatasetTableColumn
 from dataall.modules.loader import ModuleInterface, ImportMode
 
 log = logging.getLogger(__name__)
@@ -16,6 +18,7 @@ def is_supported(cls, modes):
 
     def __init__(self):
         import dataall.modules.datasets.api
+        FeedRegistry.register(FeedDefinition("DatasetTableColumn", DatasetTableColumn))
         log.info("API of datasets has been imported")
 
 

From c15d0902da9a10a846e2c1f0231f0f0fafc6c0f0 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 11 Apr 2023 19:30:07 +0200
Subject: [PATCH 027/346] Extracted feed and glossary registry and created a
 model registry

---
 backend/dataall/api/Objects/Feed/resolvers.py |  6 +--
 .../dataall/api/Objects/Glossary/resolvers.py | 23 ++-------
 backend/dataall/core/feed/__init__.py         |  1 -
 .../dataall/core/feed/services/__init__.py    |  1 -
 .../core/feed/services/feed_registry.py       | 36 --------------
 backend/dataall/core/utils/__init__.py        |  1 +
 backend/dataall/core/utils/model_registry.py  | 47 +++++++++++++++++++
 backend/dataall/modules/datasets/__init__.py  |  5 +-
 8 files changed, 57 insertions(+), 63 deletions(-)
 delete mode 100644 backend/dataall/core/feed/__init__.py
 delete mode 100644 backend/dataall/core/feed/services/__init__.py
 delete mode 100644 backend/dataall/core/feed/services/feed_registry.py
 create mode 100644 backend/dataall/core/utils/__init__.py
 create mode 100644 backend/dataall/core/utils/model_registry.py

diff --git a/backend/dataall/api/Objects/Feed/resolvers.py b/backend/dataall/api/Objects/Feed/resolvers.py
index 0fff09053..1f328b1ae 100644
--- a/backend/dataall/api/Objects/Feed/resolvers.py
+++ b/backend/dataall/api/Objects/Feed/resolvers.py
@@ -1,8 +1,8 @@
 from sqlalchemy import or_
 
-from ....api.context import Context
-from ....db import paginate, models
-from dataall.core.feed.services.feed_registry import FeedRegistry
+from dataall.api.context import Context
+from dataall.db import paginate, models
+from dataall.core.utils.model_registry import FeedRegistry
 
 
 class Feed:
diff --git a/backend/dataall/api/Objects/Glossary/resolvers.py b/backend/dataall/api/Objects/Glossary/resolvers.py
index 847f16ac6..c6f2634d0 100644
--- a/backend/dataall/api/Objects/Glossary/resolvers.py
+++ b/backend/dataall/api/Objects/Glossary/resolvers.py
@@ -4,6 +4,7 @@
 
 from .... import db
 from ....api.context import Context
+from ....core.utils.model_registry import GlossaryRegistry
 from ....db import paginate, exceptions, models
 from ....searchproxy import upsert_dataset
 from ....searchproxy import upsert_table
@@ -11,7 +12,6 @@
 from ....api.constants import (
     GlossaryRole
 )
-from dataall.modules.datasets.db.table_column_model import DatasetTableColumn
 
 
 def resolve_glossary_node(obj: models.GlossaryNode, *_):
@@ -323,29 +323,12 @@ def get_link(context: Context, source, linkUri: str = None):
 
 
 def target_union_resolver(obj, *_):
-    if isinstance(obj, DatasetTableColumn):
-        return 'DatasetTableColumn'
-    elif isinstance(obj, models.DatasetTable):
-        return 'DatasetTable'
-    elif isinstance(obj, models.Dataset):
-        return 'Dataset'
-    elif isinstance(obj, models.DatasetStorageLocation):
-        return 'DatasetStorageLocation'
-    elif isinstance(obj, models.Dashboard):
-        return 'Dashboard'
-    else:
-        return None
+    return GlossaryRegistry.find_by_model(obj)
 
 
 def resolve_link_target(context, source, **kwargs):
     with context.engine.scoped_session() as session:
-        model = {
-            'Dataset': models.Dataset,
-            'DatasetTable': models.DatasetTable,
-            'Column': DatasetTableColumn,
-            'DatasetStorageLocation': models.DatasetStorageLocation,
-            'Dashboard': models.Dashboard,
-        }[source.targetType]
+        model = GlossaryRegistry.find(source.targetUri)
         target = session.query(model).get(source.targetUri)
     return target
 
diff --git a/backend/dataall/core/feed/__init__.py b/backend/dataall/core/feed/__init__.py
deleted file mode 100644
index d06f5a78f..000000000
--- a/backend/dataall/core/feed/__init__.py
+++ /dev/null
@@ -1 +0,0 @@
-"""Contains all code related to feeds"""
diff --git a/backend/dataall/core/feed/services/__init__.py b/backend/dataall/core/feed/services/__init__.py
deleted file mode 100644
index e87be7564..000000000
--- a/backend/dataall/core/feed/services/__init__.py
+++ /dev/null
@@ -1 +0,0 @@
-"""Contains business logic of feed"""
diff --git a/backend/dataall/core/feed/services/feed_registry.py b/backend/dataall/core/feed/services/feed_registry.py
deleted file mode 100644
index 7a382c057..000000000
--- a/backend/dataall/core/feed/services/feed_registry.py
+++ /dev/null
@@ -1,36 +0,0 @@
-from dataclasses import dataclass
-from typing import Dict, Type
-from dataall.db import Resource, models
-
-
-@dataclass
-class FeedDefinition:
-    target_type: str
-    model: Type[Resource]
-
-
-class FeedRegistry:
-    """Registers feeds for different models"""
-    _DEFINITION: Dict[str, FeedDefinition] = {}
-
-    @classmethod
-    def register(cls, feed: FeedDefinition):
-        cls._DEFINITION[feed.target_type] = feed
-
-    @classmethod
-    def find(cls, target_type: str):
-        return cls._DEFINITION[target_type]
-
-    @classmethod
-    def find_by_model(cls, obj: Resource):
-        for target_type, feed in cls._DEFINITION.items():
-            if isinstance(obj, feed.model):
-                return target_type
-        return None
-
-
-FeedRegistry.register(FeedDefinition("Worksheet", models.Worksheet))
-FeedRegistry.register(FeedDefinition("DataPipeline", models.DataPipeline))
-FeedRegistry.register(FeedDefinition("DatasetTable", models.DatasetTable))
-FeedRegistry.register(FeedDefinition("DatasetStorageLocation", models.DatasetStorageLocation))
-FeedRegistry.register(FeedDefinition("Dashboard", models.Dashboard))
diff --git a/backend/dataall/core/utils/__init__.py b/backend/dataall/core/utils/__init__.py
new file mode 100644
index 000000000..02ed9cfb4
--- /dev/null
+++ b/backend/dataall/core/utils/__init__.py
@@ -0,0 +1 @@
+"""Utility functions and classes"""
diff --git a/backend/dataall/core/utils/model_registry.py b/backend/dataall/core/utils/model_registry.py
new file mode 100644
index 000000000..9a4c21952
--- /dev/null
+++ b/backend/dataall/core/utils/model_registry.py
@@ -0,0 +1,47 @@
+from dataclasses import dataclass
+from typing import Type, Dict
+
+from dataall.db import Resource, models
+
+
+@dataclass
+class ModelDefinition:
+    target_type: str
+    model: Type[Resource]
+
+
+class ModelRegistry:
+    """Registers models for different target types"""
+
+    def __init__(self):
+        self._definitions: Dict[str, ModelDefinition] = {}
+
+    def register(self, model: ModelDefinition):
+        self._definitions[model.target_type] = model
+
+    def find(self, target_type: str):
+        return self._definitions[target_type]
+
+    def find_by_model(self, obj: Resource):
+        for target_type, definition in self._definitions.items():
+            if isinstance(obj, definition.model):
+                return target_type
+        return None
+
+
+# TODO should migrate to a proper file after the modularization
+FeedRegistry = ModelRegistry()
+GlossaryRegistry = ModelRegistry()
+
+
+FeedRegistry.register(ModelDefinition("Worksheet", models.Worksheet))
+FeedRegistry.register(ModelDefinition("DataPipeline", models.DataPipeline))
+FeedRegistry.register(ModelDefinition("DatasetTable", models.DatasetTable))
+FeedRegistry.register(ModelDefinition("DatasetStorageLocation", models.DatasetStorageLocation))
+FeedRegistry.register(ModelDefinition("Dashboard", models.Dashboard))
+
+GlossaryRegistry.register(ModelDefinition("DatasetTable", models.DatasetTable))
+GlossaryRegistry.register(ModelDefinition("DatasetStorageLocation", models.DatasetStorageLocation))
+GlossaryRegistry.register(ModelDefinition("Dashboard", models.Dashboard))
+GlossaryRegistry.register(ModelDefinition("DatasetTable", models.DatasetTable))
+GlossaryRegistry.register(ModelDefinition("Dataset", models.Dataset))
diff --git a/backend/dataall/modules/datasets/__init__.py b/backend/dataall/modules/datasets/__init__.py
index 0de251fee..8f30bd897 100644
--- a/backend/dataall/modules/datasets/__init__.py
+++ b/backend/dataall/modules/datasets/__init__.py
@@ -2,7 +2,7 @@
 import logging
 from typing import List
 
-from dataall.core.feed.services.feed_registry import FeedRegistry, FeedDefinition
+from dataall.core.utils.model_registry import ModelDefinition, FeedRegistry, GlossaryRegistry
 from dataall.modules.datasets.db.table_column_model import DatasetTableColumn
 from dataall.modules.loader import ModuleInterface, ImportMode
 
@@ -18,7 +18,8 @@ def is_supported(cls, modes):
 
     def __init__(self):
         import dataall.modules.datasets.api
-        FeedRegistry.register(FeedDefinition("DatasetTableColumn", DatasetTableColumn))
+        FeedRegistry.register(ModelDefinition("DatasetTableColumn", DatasetTableColumn))
+        GlossaryRegistry.register(ModelDefinition("DatasetTableColumn", DatasetTableColumn))
         log.info("API of datasets has been imported")
 
 

From 052a2b1f33139dab09a8beb78d5a7cfb72387128 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 12 Apr 2023 11:12:56 +0200
Subject: [PATCH 028/346] Dataset refactoring

Fixed tests and added new for dataset module
---
 tests/core/test_config.py         | 6 +++++-
 tests/tasks/test_subscriptions.py | 4 ++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/tests/core/test_config.py b/tests/core/test_config.py
index 3222e4144..30f69f792 100644
--- a/tests/core/test_config.py
+++ b/tests/core/test_config.py
@@ -25,4 +25,8 @@ def test_default_config():
     assert "notebooks" in modules
     assert "active" in modules["notebooks"]
 
-    assert config.get_property("modules.notebooks.active") == "true"
+    assert "datasets" in modules
+    assert "active" in modules["datasets"]
+
+    assert config.get_property("modules.notebooks.active")
+    assert config.get_property("modules.datasets.active")
diff --git a/tests/tasks/test_subscriptions.py b/tests/tasks/test_subscriptions.py
index 25cd6178a..874b8ccab 100644
--- a/tests/tasks/test_subscriptions.py
+++ b/tests/tasks/test_subscriptions.py
@@ -134,10 +134,10 @@ def share(
 
 def test_subscriptions(org, env, otherenv, db, dataset, share, mocker):
     mocker.patch(
-        'dataall.tasks.subscriptions.subscription_service.SubscriptionService.sns_call',
+        'dataall.modules.datasets.tasks.subscription_service.SubscriptionService.sns_call',
         return_value=True,
     )
-    subscriber = dataall.tasks.subscriptions.subscription_service.SubscriptionService()
+    subscriber = dataall.modules.datasets.tasks.subscription_service.SubscriptionService()
     messages = [
         {
             'prefix': 's3://dataset/testtable/csv/',

From d9844834646aa7564104ef184ca95d41f0ecbbb2 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 12 Apr 2023 13:12:39 +0200
Subject: [PATCH 029/346] Fixed and unignored test_tables_sync

---
 tests/tasks/test_tables_sync.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/tests/tasks/test_tables_sync.py b/tests/tasks/test_tables_sync.py
index d4e86b83f..9d8282e65 100644
--- a/tests/tasks/test_tables_sync.py
+++ b/tests/tasks/test_tables_sync.py
@@ -92,7 +92,13 @@ def table(org, env, db, sync_dataset):
     yield table
 
 
-def _test_tables_sync(db, org, env, sync_dataset, table, mocker):
+@pytest.fixture(scope='module', autouse=True)
+def permissions(db):
+    with db.scoped_session() as session:
+        yield dataall.db.api.Permission.init_permissions(session)
+
+
+def test_tables_sync(db, org, env, sync_dataset, table, mocker):
     mocker.patch(
         'dataall.aws.handlers.glue.Glue.list_glue_database_tables',
         return_value=[
@@ -147,7 +153,7 @@ def _test_tables_sync(db, org, env, sync_dataset, table, mocker):
         ],
     )
     mocker.patch(
-        'dataall.modules.datasets.tables_syncer.is_assumable_pivot_role', return_value=True
+        'dataall.modules.datasets.tasks.tables_syncer.is_assumable_pivot_role', return_value=True
     )
     mocker.patch(
         'dataall.aws.handlers.glue.Glue.grant_principals_all_table_permissions',

From dc0c9350b242be12238c8ce37b0dc74a018ed36d Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 12 Apr 2023 14:10:09 +0200
Subject: [PATCH 030/346] Split model registry into feed and glossaries

Glossaries had different target types and had to be treated differently
---
 backend/dataall/api/Objects/Feed/resolvers.py |  2 +-
 .../dataall/api/Objects/Glossary/resolvers.py |  7 +--
 backend/dataall/core/feed/__init__.py         |  1 +
 .../dataall/core/feed/services/__init__.py    |  1 +
 .../dataall/core/feed/services/registry.py    | 36 ++++++++++++++
 backend/dataall/core/glossary/__init__.py     |  1 +
 .../core/glossary/services/__init__.py        |  1 +
 .../core/glossary/services/registry.py        | 38 +++++++++++++++
 backend/dataall/core/utils/model_registry.py  | 47 -------------------
 backend/dataall/db/api/glossary.py            | 28 ++++-------
 backend/dataall/modules/datasets/__init__.py  |  7 +--
 11 files changed, 97 insertions(+), 72 deletions(-)
 create mode 100644 backend/dataall/core/feed/__init__.py
 create mode 100644 backend/dataall/core/feed/services/__init__.py
 create mode 100644 backend/dataall/core/feed/services/registry.py
 create mode 100644 backend/dataall/core/glossary/__init__.py
 create mode 100644 backend/dataall/core/glossary/services/__init__.py
 create mode 100644 backend/dataall/core/glossary/services/registry.py
 delete mode 100644 backend/dataall/core/utils/model_registry.py

diff --git a/backend/dataall/api/Objects/Feed/resolvers.py b/backend/dataall/api/Objects/Feed/resolvers.py
index 1f328b1ae..598ec86e1 100644
--- a/backend/dataall/api/Objects/Feed/resolvers.py
+++ b/backend/dataall/api/Objects/Feed/resolvers.py
@@ -2,7 +2,7 @@
 
 from dataall.api.context import Context
 from dataall.db import paginate, models
-from dataall.core.utils.model_registry import FeedRegistry
+from dataall.core.feed.services.registry import FeedRegistry
 
 
 class Feed:
diff --git a/backend/dataall/api/Objects/Glossary/resolvers.py b/backend/dataall/api/Objects/Glossary/resolvers.py
index c6f2634d0..ae8501993 100644
--- a/backend/dataall/api/Objects/Glossary/resolvers.py
+++ b/backend/dataall/api/Objects/Glossary/resolvers.py
@@ -4,7 +4,6 @@
 
 from .... import db
 from ....api.context import Context
-from ....core.utils.model_registry import GlossaryRegistry
 from ....db import paginate, exceptions, models
 from ....searchproxy import upsert_dataset
 from ....searchproxy import upsert_table
@@ -13,6 +12,8 @@
     GlossaryRole
 )
 
+from dataall.core.glossary.services.registry import GlossaryRegistry
+
 
 def resolve_glossary_node(obj: models.GlossaryNode, *_):
     if obj.nodeType == 'G':
@@ -323,12 +324,12 @@ def get_link(context: Context, source, linkUri: str = None):
 
 
 def target_union_resolver(obj, *_):
-    return GlossaryRegistry.find_by_model(obj)
+    return GlossaryRegistry.find_object_type(obj)
 
 
 def resolve_link_target(context, source, **kwargs):
     with context.engine.scoped_session() as session:
-        model = GlossaryRegistry.find(source.targetUri)
+        model = GlossaryRegistry.find_model(source.targetUri)
         target = session.query(model).get(source.targetUri)
     return target
 
diff --git a/backend/dataall/core/feed/__init__.py b/backend/dataall/core/feed/__init__.py
new file mode 100644
index 000000000..39f751553
--- /dev/null
+++ b/backend/dataall/core/feed/__init__.py
@@ -0,0 +1 @@
+"""Contains logic related to feeds"""
diff --git a/backend/dataall/core/feed/services/__init__.py b/backend/dataall/core/feed/services/__init__.py
new file mode 100644
index 000000000..5b130b24b
--- /dev/null
+++ b/backend/dataall/core/feed/services/__init__.py
@@ -0,0 +1 @@
+"""Service layer of feeds"""
diff --git a/backend/dataall/core/feed/services/registry.py b/backend/dataall/core/feed/services/registry.py
new file mode 100644
index 000000000..a69bcdd37
--- /dev/null
+++ b/backend/dataall/core/feed/services/registry.py
@@ -0,0 +1,36 @@
+from dataclasses import dataclass
+from typing import Type, Dict
+
+from dataall.db import Resource, models
+
+
+@dataclass
+class FeedDefinition:
+    target_type: str
+    model: Type[Resource]
+
+
+class FeedRegistry:
+    """Registers models for different target types"""
+
+    def __init__(self):
+        self._definitions: Dict[str, FeedDefinition] = {}
+
+    def register(self, model: FeedDefinition):
+        self._definitions[model.target_type] = model
+
+    def find(self, target_type: str):
+        return self._definitions[target_type]
+
+    def find_by_model(self, obj: Resource):
+        for target_type, definition in self._definitions.items():
+            if isinstance(obj, definition.model):
+                return target_type
+        return None
+
+
+FeedRegistry.register(FeedDefinition("Worksheet", models.Worksheet))
+FeedRegistry.register(FeedDefinition("DataPipeline", models.DataPipeline))
+FeedRegistry.register(FeedDefinition("DatasetTable", models.DatasetTable))
+FeedRegistry.register(FeedDefinition("DatasetStorageLocation", models.DatasetStorageLocation))
+FeedRegistry.register(FeedDefinition("Dashboard", models.Dashboard))
diff --git a/backend/dataall/core/glossary/__init__.py b/backend/dataall/core/glossary/__init__.py
new file mode 100644
index 000000000..aa81c1e26
--- /dev/null
+++ b/backend/dataall/core/glossary/__init__.py
@@ -0,0 +1 @@
+"""Contains code related to glossaries"""
diff --git a/backend/dataall/core/glossary/services/__init__.py b/backend/dataall/core/glossary/services/__init__.py
new file mode 100644
index 000000000..9ed65d261
--- /dev/null
+++ b/backend/dataall/core/glossary/services/__init__.py
@@ -0,0 +1 @@
+"""Service layer of glossaries"""
diff --git a/backend/dataall/core/glossary/services/registry.py b/backend/dataall/core/glossary/services/registry.py
new file mode 100644
index 000000000..7484087c4
--- /dev/null
+++ b/backend/dataall/core/glossary/services/registry.py
@@ -0,0 +1,38 @@
+from dataclasses import dataclass
+from typing import Type, Dict, Optional
+
+from dataall.db import Resource, models
+
+
+@dataclass
+class GlossaryDefinition:
+    target_type: str
+    object_type: str
+    model: Type[Resource]
+
+
+class GlossaryRegistry:
+    _DEFINITIONS: Dict[str, GlossaryDefinition] = {}
+
+    @classmethod
+    def register(cls, glossary: GlossaryDefinition) -> None:
+        cls._DEFINITIONS[glossary.target_type] = glossary
+
+    @classmethod
+    def find_model(cls, target_type: str) -> Optional[Resource]:
+        definition = cls._DEFINITIONS[target_type]
+        return definition.model if definition is not None else None
+
+    @classmethod
+    def find_object_type(cls, model: Resource) -> Optional[str]:
+        for _, definition in cls._DEFINITIONS.items():
+            if isinstance(model, definition.model):
+                return definition.object_type
+        return None
+
+
+GlossaryRegistry.register(GlossaryDefinition("DatasetTable", "DatasetTable", models.DatasetTable))
+GlossaryRegistry.register(GlossaryDefinition("Folder", "DatasetStorageLocation", models.DatasetStorageLocation))
+GlossaryRegistry.register(GlossaryDefinition("Dashboard", "Dashboard", models.Dashboard))
+GlossaryRegistry.register(GlossaryDefinition("DatasetTable", "DatasetTable", models.DatasetTable))
+GlossaryRegistry.register(GlossaryDefinition("Dataset", "Dataset", models.Dataset))
diff --git a/backend/dataall/core/utils/model_registry.py b/backend/dataall/core/utils/model_registry.py
deleted file mode 100644
index 9a4c21952..000000000
--- a/backend/dataall/core/utils/model_registry.py
+++ /dev/null
@@ -1,47 +0,0 @@
-from dataclasses import dataclass
-from typing import Type, Dict
-
-from dataall.db import Resource, models
-
-
-@dataclass
-class ModelDefinition:
-    target_type: str
-    model: Type[Resource]
-
-
-class ModelRegistry:
-    """Registers models for different target types"""
-
-    def __init__(self):
-        self._definitions: Dict[str, ModelDefinition] = {}
-
-    def register(self, model: ModelDefinition):
-        self._definitions[model.target_type] = model
-
-    def find(self, target_type: str):
-        return self._definitions[target_type]
-
-    def find_by_model(self, obj: Resource):
-        for target_type, definition in self._definitions.items():
-            if isinstance(obj, definition.model):
-                return target_type
-        return None
-
-
-# TODO should migrate to a proper file after the modularization
-FeedRegistry = ModelRegistry()
-GlossaryRegistry = ModelRegistry()
-
-
-FeedRegistry.register(ModelDefinition("Worksheet", models.Worksheet))
-FeedRegistry.register(ModelDefinition("DataPipeline", models.DataPipeline))
-FeedRegistry.register(ModelDefinition("DatasetTable", models.DatasetTable))
-FeedRegistry.register(ModelDefinition("DatasetStorageLocation", models.DatasetStorageLocation))
-FeedRegistry.register(ModelDefinition("Dashboard", models.Dashboard))
-
-GlossaryRegistry.register(ModelDefinition("DatasetTable", models.DatasetTable))
-GlossaryRegistry.register(ModelDefinition("DatasetStorageLocation", models.DatasetStorageLocation))
-GlossaryRegistry.register(ModelDefinition("Dashboard", models.Dashboard))
-GlossaryRegistry.register(ModelDefinition("DatasetTable", models.DatasetTable))
-GlossaryRegistry.register(ModelDefinition("Dataset", models.Dataset))
diff --git a/backend/dataall/db/api/glossary.py b/backend/dataall/db/api/glossary.py
index c6313e007..3df8d34f7 100644
--- a/backend/dataall/db/api/glossary.py
+++ b/backend/dataall/db/api/glossary.py
@@ -4,12 +4,12 @@
 from sqlalchemy import asc, or_, and_, literal, case
 from sqlalchemy.orm import with_expression, aliased
 
-from .. import models, exceptions, permissions, paginate
+from .. import models, exceptions, permissions, paginate, Resource
 from .permission_checker import (
     has_tenant_perm,
 )
 from ..models.Glossary import GlossaryNodeStatus
-from dataall.modules.datasets.db.table_column_model import DatasetTableColumn
+from dataall.core.glossary.services.registry import GlossaryRegistry
 
 logger = logging.getLogger(__name__)
 
@@ -124,24 +124,16 @@ def link_term(session, username, groups, uri, data=None, check_perm=None):
                 'associations are allowed for Glossary terms only',
             )
 
-        targetUri: str = data['targetUri']
-        targetType: str = data['targetType']
-
-        if targetType == 'Dataset':
-            target = session.query(models.Dataset).get(targetUri)
-        elif targetType == 'DatasetTable':
-            target = session.query(models.DatasetTable).get(targetUri)
-        elif targetType == 'Folder':
-            target = session.query(models.DatasetStorageLocation).get(targetUri)
-        elif targetType == 'Column':
-            target = session.query(DatasetTableColumn).get(targetUri)
-        elif targetType == 'Dashboard':
-            target = session.query(models.Dashboard).get(targetUri)
-        else:
+        target_uri: str = data['targetUri']
+        target_type: str = data['targetType']
+
+        target_model: Resource = GlossaryRegistry.find_model(target_type)
+        if not target_model:
             raise exceptions.InvalidInput(
                 'NodeType', 'term.nodeType', 'association target type is invalid'
             )
 
+        target = session.query(target_model).get(target_uri)
         if not target:
             raise exceptions.ObjectNotFound('Association target', uri)
 
@@ -150,8 +142,8 @@ def link_term(session, username, groups, uri, data=None, check_perm=None):
             approvedByOwner=data.get('approvedByOwner', True),
             approvedBySteward=data.get('approvedBySteward', True),
             nodeUri=uri,
-            targetUri=targetUri,
-            targetType=targetType,
+            targetUri=target_uri,
+            targetType=target_type,
         )
         session.add(link)
         return link
diff --git a/backend/dataall/modules/datasets/__init__.py b/backend/dataall/modules/datasets/__init__.py
index 8f30bd897..306778f40 100644
--- a/backend/dataall/modules/datasets/__init__.py
+++ b/backend/dataall/modules/datasets/__init__.py
@@ -2,7 +2,8 @@
 import logging
 from typing import List
 
-from dataall.core.utils.model_registry import ModelDefinition, FeedRegistry, GlossaryRegistry
+from dataall.core.feed.services.registry import FeedRegistry, FeedDefinition
+from dataall.core.glossary.services.registry import GlossaryRegistry, GlossaryDefinition
 from dataall.modules.datasets.db.table_column_model import DatasetTableColumn
 from dataall.modules.loader import ModuleInterface, ImportMode
 
@@ -18,8 +19,8 @@ def is_supported(cls, modes):
 
     def __init__(self):
         import dataall.modules.datasets.api
-        FeedRegistry.register(ModelDefinition("DatasetTableColumn", DatasetTableColumn))
-        GlossaryRegistry.register(ModelDefinition("DatasetTableColumn", DatasetTableColumn))
+        FeedRegistry.register(FeedDefinition("DatasetTableColumn", DatasetTableColumn))
+        GlossaryRegistry.register(GlossaryDefinition("DatasetTableColumn", DatasetTableColumn))
         log.info("API of datasets has been imported")
 
 

From 727e3537cfc3b133aa45c0deafc9568b25280b3a Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 12 Apr 2023 15:40:08 +0200
Subject: [PATCH 031/346] Abstraction for glossaries

Created API for glossaries to use modularization
---
 .../core/glossary/services/registry.py        | 16 +++++-
 backend/dataall/db/api/environment.py         |  2 +-
 backend/dataall/db/api/glossary.py            | 57 +++++++------------
 backend/dataall/db/api/organization.py        |  1 -
 backend/dataall/db/models/Dashboard.py        |  3 +
 backend/dataall/db/models/Dataset.py          |  4 ++
 .../db/models/DatasetStorageLocation.py       |  3 +
 backend/dataall/db/models/DatasetTable.py     |  3 +
 .../modules/datasets/db/table_column_model.py |  3 +
 9 files changed, 50 insertions(+), 42 deletions(-)

diff --git a/backend/dataall/core/glossary/services/registry.py b/backend/dataall/core/glossary/services/registry.py
index 7484087c4..ee3f10d41 100644
--- a/backend/dataall/core/glossary/services/registry.py
+++ b/backend/dataall/core/glossary/services/registry.py
@@ -1,14 +1,22 @@
 from dataclasses import dataclass
-from typing import Type, Dict, Optional
+from typing import Type, Dict, Optional, Protocol, Union
 
 from dataall.db import Resource, models
 
 
+class Identifiable(Protocol):
+    def uri(self):
+        ...
+
+
 @dataclass
 class GlossaryDefinition:
     target_type: str
     object_type: str
-    model: Type[Resource]
+    model: Union[Type[Resource], Identifiable]  # should be an intersection, but python typing doesn't have one yet
+
+    def target_uri(self):
+        return self.model.uri()
 
 
 class GlossaryRegistry:
@@ -30,6 +38,10 @@ def find_object_type(cls, model: Resource) -> Optional[str]:
                 return definition.object_type
         return None
 
+    @classmethod
+    def definitions(cls):
+        return cls._DEFINITIONS.values()
+
 
 GlossaryRegistry.register(GlossaryDefinition("DatasetTable", "DatasetTable", models.DatasetTable))
 GlossaryRegistry.register(GlossaryDefinition("Folder", "DatasetStorageLocation", models.DatasetStorageLocation))
diff --git a/backend/dataall/db/api/environment.py b/backend/dataall/db/api/environment.py
index 4a436bf9a..19d5de342 100644
--- a/backend/dataall/db/api/environment.py
+++ b/backend/dataall/db/api/environment.py
@@ -21,7 +21,7 @@
     EnvironmentPermission,
 )
 from ..models.Permission import PermissionType
-from ..paginator import Page, paginate
+from ..paginator import paginate
 from dataall.core.environment.models import EnvironmentParameter
 from ...core.environment.db.repositories import EnvironmentParameterRepository
 from ...utils.naming_convention import (
diff --git a/backend/dataall/db/api/glossary.py b/backend/dataall/db/api/glossary.py
index 3df8d34f7..96c340f62 100644
--- a/backend/dataall/db/api/glossary.py
+++ b/backend/dataall/db/api/glossary.py
@@ -10,6 +10,7 @@
 )
 from ..models.Glossary import GlossaryNodeStatus
 from dataall.core.glossary.services.registry import GlossaryRegistry
+from ..paginator import Page
 
 logger = logging.getLogger(__name__)
 
@@ -339,46 +340,26 @@ def list_term_associations(
     ):
         source = data['source']
         filter = data['filter']
-        datasets = session.query(
-            models.Dataset.datasetUri.label('targetUri'),
-            literal('dataset').label('targetType'),
-            models.Dataset.label.label('label'),
-            models.Dataset.name.label('name'),
-            models.Dataset.description.label('description'),
-        )
-        tables = session.query(
-            models.DatasetTable.tableUri.label('targetUri'),
-            literal('table').label('targetType'),
-            models.DatasetTable.label.label('label'),
-            models.DatasetTable.name.label('name'),
-            models.DatasetTable.description.label('description'),
-        )
-        columns = session.query(
-            DatasetTableColumn.columnUri.label('targetUri'),
-            literal('column').label('targetType'),
-            DatasetTableColumn.label.label('label'),
-            DatasetTableColumn.name.label('name'),
-            DatasetTableColumn.description.label('description'),
-        )
-        folders = session.query(
-            models.DatasetStorageLocation.locationUri.label('targetUri'),
-            literal('folder').label('targetType'),
-            models.DatasetStorageLocation.label.label('label'),
-            models.DatasetStorageLocation.name.label('name'),
-            models.DatasetStorageLocation.description.label('description'),
-        )
 
-        dashboards = session.query(
-            models.Dashboard.dashboardUri.label('targetUri'),
-            literal('dashboard').label('targetType'),
-            models.Dashboard.label.label('label'),
-            models.Dashboard.name.label('name'),
-            models.Dashboard.description.label('description'),
-        )
+        query = None
+        for definition in GlossaryRegistry.definitions():
+            model = definition.model
+            subquery = session.query(
+                definition.target_uri().label('targetUri'),
+                literal(definition.target_type.lower()).label('targetType'),
+                model.label.label('label'),
+                model.name.label('name'),
+                model.description.label('description'),
+            )
+            if query:
+                query.union(subquery)
+            else:
+                query = subquery
 
-        linked_objects = datasets.union(tables, columns, folders, dashboards).subquery(
-            'linked_objects'
-        )
+        if query is None:
+            return Page([], 1, 1, 0)  # empty page. All modules are turned off
+
+        linked_objects = query.subquery('linked_objects')
 
         path = models.GlossaryNode.path
         q = (
diff --git a/backend/dataall/db/api/organization.py b/backend/dataall/db/api/organization.py
index 979dd1095..dd570eeae 100644
--- a/backend/dataall/db/api/organization.py
+++ b/backend/dataall/db/api/organization.py
@@ -8,7 +8,6 @@
 from . import has_tenant_perm, ResourcePolicy, has_resource_perm
 from ..models import OrganizationGroup
 from ..models.Enums import OrganisationUserRole
-from ..paginator import Page
 
 logger = logging.getLogger(__name__)
 
diff --git a/backend/dataall/db/models/Dashboard.py b/backend/dataall/db/models/Dashboard.py
index 1a24ef1cb..0b12ecd96 100644
--- a/backend/dataall/db/models/Dashboard.py
+++ b/backend/dataall/db/models/Dashboard.py
@@ -18,3 +18,6 @@ class Dashboard(Resource, Base):
     SamlGroupName = Column(String, nullable=False)
 
     userRoleForDashboard = query_expression()
+
+    def uri(self):
+        return self.dashboardUri
diff --git a/backend/dataall/db/models/Dataset.py b/backend/dataall/db/models/Dataset.py
index 71a95fe0e..451c7da7c 100644
--- a/backend/dataall/db/models/Dataset.py
+++ b/backend/dataall/db/models/Dataset.py
@@ -59,3 +59,7 @@ class Dataset(Resource, Base):
     importedKmsKey = Column(Boolean, default=False)
     importedAdminRole = Column(Boolean, default=False)
     imported = Column(Boolean, default=False)
+
+    def uri(self):
+        return self.datasetUri
+
diff --git a/backend/dataall/db/models/DatasetStorageLocation.py b/backend/dataall/db/models/DatasetStorageLocation.py
index 33b121438..e21ae6694 100644
--- a/backend/dataall/db/models/DatasetStorageLocation.py
+++ b/backend/dataall/db/models/DatasetStorageLocation.py
@@ -17,3 +17,6 @@ class DatasetStorageLocation(Resource, Base):
     userRoleForStorageLocation = query_expression()
     projectPermission = query_expression()
     environmentEndPoint = query_expression()
+
+    def uri(self):
+        return self.locationUri
diff --git a/backend/dataall/db/models/DatasetTable.py b/backend/dataall/db/models/DatasetTable.py
index a1b06b192..e97174167 100644
--- a/backend/dataall/db/models/DatasetTable.py
+++ b/backend/dataall/db/models/DatasetTable.py
@@ -27,3 +27,6 @@ class DatasetTable(Resource, Base):
     stage = Column(String, default='RAW')
     topics = Column(postgresql.ARRAY(String), nullable=True)
     confidentiality = Column(String, nullable=False, default='C1')
+
+    def uri(self):
+        return self.tableUri
diff --git a/backend/dataall/modules/datasets/db/table_column_model.py b/backend/dataall/modules/datasets/db/table_column_model.py
index 4d3d7e009..05bc26058 100644
--- a/backend/dataall/modules/datasets/db/table_column_model.py
+++ b/backend/dataall/modules/datasets/db/table_column_model.py
@@ -18,3 +18,6 @@ class DatasetTableColumn(Resource, Base):
     columnType = Column(
         String, default='column'
     )  # can be either "column" or "partition"
+
+    def uri(self):
+        return self.columnUri

From 49fbb415dbdfc27c20d90366a1cf3bcd41ebea0f Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 12 Apr 2023 15:47:09 +0200
Subject: [PATCH 032/346] Fixed leftovers

---
 .../dataall/core/feed/services/registry.py    | 19 ++++++++++---------
 backend/dataall/modules/datasets/__init__.py  |  2 +-
 2 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/backend/dataall/core/feed/services/registry.py b/backend/dataall/core/feed/services/registry.py
index a69bcdd37..07f2e77a1 100644
--- a/backend/dataall/core/feed/services/registry.py
+++ b/backend/dataall/core/feed/services/registry.py
@@ -12,18 +12,19 @@ class FeedDefinition:
 
 class FeedRegistry:
     """Registers models for different target types"""
+    _DEFINITIONS: Dict[str, FeedDefinition] = {}
 
-    def __init__(self):
-        self._definitions: Dict[str, FeedDefinition] = {}
+    @classmethod
+    def register(cls, model: FeedDefinition):
+        cls._DEFINITIONS[model.target_type] = model
 
-    def register(self, model: FeedDefinition):
-        self._definitions[model.target_type] = model
+    @classmethod
+    def find(cls, target_type: str):
+        return cls._DEFINITIONS[target_type]
 
-    def find(self, target_type: str):
-        return self._definitions[target_type]
-
-    def find_by_model(self, obj: Resource):
-        for target_type, definition in self._definitions.items():
+    @classmethod
+    def find_by_model(cls, obj: Resource):
+        for target_type, definition in cls._DEFINITIONS.items():
             if isinstance(obj, definition.model):
                 return target_type
         return None
diff --git a/backend/dataall/modules/datasets/__init__.py b/backend/dataall/modules/datasets/__init__.py
index 306778f40..5b7224a48 100644
--- a/backend/dataall/modules/datasets/__init__.py
+++ b/backend/dataall/modules/datasets/__init__.py
@@ -20,7 +20,7 @@ def is_supported(cls, modes):
     def __init__(self):
         import dataall.modules.datasets.api
         FeedRegistry.register(FeedDefinition("DatasetTableColumn", DatasetTableColumn))
-        GlossaryRegistry.register(GlossaryDefinition("DatasetTableColumn", DatasetTableColumn))
+        GlossaryRegistry.register(GlossaryDefinition("Column", "DatasetTableColumn", DatasetTableColumn))
         log.info("API of datasets has been imported")
 
 

From 7d029e73046990bae939f8ff5f6b6cfaa8a83d62 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 13 Apr 2023 10:07:11 +0200
Subject: [PATCH 033/346] Datasets refactoring

Added and fixed tests
---
 backend/dataall/core/feed/services/registry.py |  4 ++--
 tests/api/test_feed.py                         |  3 ++-
 tests/modules/datasets/__init__.py             |  0
 tests/modules/datasets/test_dataset_feed.py    | 11 +++++++++++
 4 files changed, 15 insertions(+), 3 deletions(-)
 create mode 100644 tests/modules/datasets/__init__.py
 create mode 100644 tests/modules/datasets/test_dataset_feed.py

diff --git a/backend/dataall/core/feed/services/registry.py b/backend/dataall/core/feed/services/registry.py
index 07f2e77a1..893f37f55 100644
--- a/backend/dataall/core/feed/services/registry.py
+++ b/backend/dataall/core/feed/services/registry.py
@@ -15,8 +15,8 @@ class FeedRegistry:
     _DEFINITIONS: Dict[str, FeedDefinition] = {}
 
     @classmethod
-    def register(cls, model: FeedDefinition):
-        cls._DEFINITIONS[model.target_type] = model
+    def register(cls, definition: FeedDefinition):
+        cls._DEFINITIONS[definition.target_type] = definition
 
     @classmethod
     def find(cls, target_type: str):
diff --git a/tests/api/test_feed.py b/tests/api/test_feed.py
index 11f7c4891..f1d8aaf7f 100644
--- a/tests/api/test_feed.py
+++ b/tests/api/test_feed.py
@@ -103,4 +103,5 @@ def test_get_target(client, worksheet):
         targetType='Worksheet',
         username='me',
     )
-    print(response)
+    assert response.data.getFeed.target.worksheetUri == worksheet.worksheetUri
+
diff --git a/tests/modules/datasets/__init__.py b/tests/modules/datasets/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/tests/modules/datasets/test_dataset_feed.py b/tests/modules/datasets/test_dataset_feed.py
new file mode 100644
index 000000000..52c97e990
--- /dev/null
+++ b/tests/modules/datasets/test_dataset_feed.py
@@ -0,0 +1,11 @@
+
+from dataall.core.feed.services.registry import FeedRegistry
+from dataall.modules.datasets.db.table_column_model import DatasetTableColumn
+
+
+def test_dataset_registered():
+    model = FeedRegistry.find("DatasetTableColumn")
+    assert model == DatasetTableColumn
+
+    model = DatasetTableColumn()
+    assert "DatasetTableColumn" == FeedRegistry.find_by_model(model)

From be527ebc26e50f989ca3f9a8e84814d3d316a913 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 13 Apr 2023 11:40:52 +0200
Subject: [PATCH 034/346] Added runtime type registration for Union GraphQL
 type

---
 backend/dataall/api/gql/graphql_union_type.py | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/backend/dataall/api/gql/graphql_union_type.py b/backend/dataall/api/gql/graphql_union_type.py
index a8fea7e2f..b67fe3c9a 100644
--- a/backend/dataall/api/gql/graphql_union_type.py
+++ b/backend/dataall/api/gql/graphql_union_type.py
@@ -1,19 +1,31 @@
+from abc import ABC
+
 from ._cache import cache_instances
 from .utils import get_named_type
 
 
+class UnionTypeRegistry(ABC):
+    """An abstract class that is used to provide union type in runtime"""
+
+    @classmethod
+    def types(cls):
+        raise NotImplementedError("Types method is not implemented")
+
+
 @cache_instances
 class Union:
     _register = {}
 
-    def __init__(self, name, types=[], resolver=lambda *_, **__: None):
+    def __init__(self, name, types=[], type_registry=None, resolver=lambda *_, **__: None):
         self.name = name
         self.types = types
+        self.type_registry = type_registry
         self.resolver = resolver
         Union._register[name] = self
 
     def gql(self, *args, **kwargs):
-        return f"union {self.name} = {'|'.join([get_named_type(t).name for t in self.types])}"
+        types = self.type_registry.types() if self.type_registry else self.types
+        return f"union {self.name} = {'|'.join([get_named_type(t).name for t in types])}"
 
 
 if __name__ == '__main__':

From 3daf2aab7da67320bab4474de2119a93c46840f8 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 13 Apr 2023 11:42:51 +0200
Subject: [PATCH 035/346] Changed Feed type registration mechanism

Moved FeedRegistry to gql since it's more appropriate place for this
Started using registry to provide types
Renaming and small fixes
---
 .../feed/services => api/Objects/Feed}/registry.py | 14 ++++++++++----
 backend/dataall/api/Objects/Feed/resolvers.py      |  6 +++---
 backend/dataall/api/Objects/Feed/schema.py         | 11 ++---------
 backend/dataall/core/feed/__init__.py              |  1 -
 backend/dataall/core/feed/services/__init__.py     |  1 -
 backend/dataall/modules/datasets/__init__.py       |  2 +-
 tests/modules/datasets/test_dataset_feed.py        |  6 +++---
 7 files changed, 19 insertions(+), 22 deletions(-)
 rename backend/dataall/{core/feed/services => api/Objects/Feed}/registry.py (72%)
 delete mode 100644 backend/dataall/core/feed/__init__.py
 delete mode 100644 backend/dataall/core/feed/services/__init__.py

diff --git a/backend/dataall/core/feed/services/registry.py b/backend/dataall/api/Objects/Feed/registry.py
similarity index 72%
rename from backend/dataall/core/feed/services/registry.py
rename to backend/dataall/api/Objects/Feed/registry.py
index 893f37f55..a119529ab 100644
--- a/backend/dataall/core/feed/services/registry.py
+++ b/backend/dataall/api/Objects/Feed/registry.py
@@ -1,6 +1,8 @@
 from dataclasses import dataclass
 from typing import Type, Dict
 
+from dataall.api import gql
+from dataall.api.gql.graphql_union_type import UnionTypeRegistry
 from dataall.db import Resource, models
 
 
@@ -10,7 +12,7 @@ class FeedDefinition:
     model: Type[Resource]
 
 
-class FeedRegistry:
+class FeedRegistry(UnionTypeRegistry):
     """Registers models for different target types"""
     _DEFINITIONS: Dict[str, FeedDefinition] = {}
 
@@ -19,16 +21,20 @@ def register(cls, definition: FeedDefinition):
         cls._DEFINITIONS[definition.target_type] = definition
 
     @classmethod
-    def find(cls, target_type: str):
-        return cls._DEFINITIONS[target_type]
+    def find_model(cls, target_type: str):
+        return cls._DEFINITIONS[target_type].model
 
     @classmethod
-    def find_by_model(cls, obj: Resource):
+    def find_target(cls, obj: Resource):
         for target_type, definition in cls._DEFINITIONS.items():
             if isinstance(obj, definition.model):
                 return target_type
         return None
 
+    @classmethod
+    def types(cls):
+        return [gql.Ref(target_type) for target_type in cls._DEFINITIONS.keys()]
+
 
 FeedRegistry.register(FeedDefinition("Worksheet", models.Worksheet))
 FeedRegistry.register(FeedDefinition("DataPipeline", models.DataPipeline))
diff --git a/backend/dataall/api/Objects/Feed/resolvers.py b/backend/dataall/api/Objects/Feed/resolvers.py
index 598ec86e1..08de0d6b7 100644
--- a/backend/dataall/api/Objects/Feed/resolvers.py
+++ b/backend/dataall/api/Objects/Feed/resolvers.py
@@ -2,7 +2,7 @@
 
 from dataall.api.context import Context
 from dataall.db import paginate, models
-from dataall.core.feed.services.registry import FeedRegistry
+from dataall.api.Objects.Feed.registry import FeedRegistry
 
 
 class Feed:
@@ -20,14 +20,14 @@ def targetType(self):
 
 
 def resolve_feed_target_type(obj, *_):
-    return FeedRegistry.find_by_model(obj)
+    return FeedRegistry.find_target(obj)
 
 
 def resolve_target(context: Context, source: Feed, **kwargs):
     if not source:
         return None
     with context.engine.scoped_session() as session:
-        model = FeedRegistry.find(source.targetType)
+        model = FeedRegistry.find_model(source.targetType)
         target = session.query(model).get(source.targetUri)
     return target
 
diff --git a/backend/dataall/api/Objects/Feed/schema.py b/backend/dataall/api/Objects/Feed/schema.py
index d58918716..42fea86ad 100644
--- a/backend/dataall/api/Objects/Feed/schema.py
+++ b/backend/dataall/api/Objects/Feed/schema.py
@@ -1,18 +1,11 @@
 from ... import gql
 from .resolvers import *
+from dataall.api.Objects.Feed.registry import FeedRegistry
 
 
 FeedTarget = gql.Union(
     name='FeedTarget',
-    types=[
-        gql.Ref('Dataset'),
-        gql.Ref('DatasetTable'),
-        gql.Ref('DatasetTableColumn'),
-        gql.Ref('DatasetStorageLocation'),
-        gql.Ref('DataPipeline'),
-        gql.Ref('Worksheet'),
-        gql.Ref('Dashboard'),
-    ],
+    type_registry=FeedRegistry,
     resolver=resolve_feed_target_type,
 )
 
diff --git a/backend/dataall/core/feed/__init__.py b/backend/dataall/core/feed/__init__.py
deleted file mode 100644
index 39f751553..000000000
--- a/backend/dataall/core/feed/__init__.py
+++ /dev/null
@@ -1 +0,0 @@
-"""Contains logic related to feeds"""
diff --git a/backend/dataall/core/feed/services/__init__.py b/backend/dataall/core/feed/services/__init__.py
deleted file mode 100644
index 5b130b24b..000000000
--- a/backend/dataall/core/feed/services/__init__.py
+++ /dev/null
@@ -1 +0,0 @@
-"""Service layer of feeds"""
diff --git a/backend/dataall/modules/datasets/__init__.py b/backend/dataall/modules/datasets/__init__.py
index 5b7224a48..6ba4a24e2 100644
--- a/backend/dataall/modules/datasets/__init__.py
+++ b/backend/dataall/modules/datasets/__init__.py
@@ -2,7 +2,7 @@
 import logging
 from typing import List
 
-from dataall.core.feed.services.registry import FeedRegistry, FeedDefinition
+from dataall.api.Objects.Feed.registry import FeedRegistry, FeedDefinition
 from dataall.core.glossary.services.registry import GlossaryRegistry, GlossaryDefinition
 from dataall.modules.datasets.db.table_column_model import DatasetTableColumn
 from dataall.modules.loader import ModuleInterface, ImportMode
diff --git a/tests/modules/datasets/test_dataset_feed.py b/tests/modules/datasets/test_dataset_feed.py
index 52c97e990..db5ff43e2 100644
--- a/tests/modules/datasets/test_dataset_feed.py
+++ b/tests/modules/datasets/test_dataset_feed.py
@@ -1,11 +1,11 @@
 
-from dataall.core.feed.services.registry import FeedRegistry
+from dataall.api.Objects.Feed.registry import FeedRegistry
 from dataall.modules.datasets.db.table_column_model import DatasetTableColumn
 
 
 def test_dataset_registered():
-    model = FeedRegistry.find("DatasetTableColumn")
+    model = FeedRegistry.find_model("DatasetTableColumn")
     assert model == DatasetTableColumn
 
     model = DatasetTableColumn()
-    assert "DatasetTableColumn" == FeedRegistry.find_by_model(model)
+    assert "DatasetTableColumn" == FeedRegistry.find_target(model)

From db3bfd3f51c0b7ea2ef39ab62f9176b99e5ebeb5 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 13 Apr 2023 11:43:56 +0200
Subject: [PATCH 036/346] Added TODO for future refactoring

Solve circular dependecy for redshift. It should go away after the migration of redshift
---
 backend/dataall/aws/handlers/redshift.py   | 1 +
 backend/dataall/db/api/redshift_cluster.py | 7 +++++--
 deploy/stacks/container.py                 | 2 ++
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/backend/dataall/aws/handlers/redshift.py b/backend/dataall/aws/handlers/redshift.py
index 4d2591520..c186d5df7 100644
--- a/backend/dataall/aws/handlers/redshift.py
+++ b/backend/dataall/aws/handlers/redshift.py
@@ -9,6 +9,7 @@
 from .sts import SessionHelper
 from ... import db
 from ...db import models
+# TODO should be migrated in the redshift module
 from dataall.modules.datasets.services.dataset_table import DatasetTableService
 
 log = logging.getLogger(__name__)
diff --git a/backend/dataall/db/api/redshift_cluster.py b/backend/dataall/db/api/redshift_cluster.py
index 4167a555a..8ca3088bf 100644
--- a/backend/dataall/db/api/redshift_cluster.py
+++ b/backend/dataall/db/api/redshift_cluster.py
@@ -9,7 +9,6 @@
     NamingConventionPattern,
 )
 from ...utils.slugify import slugify
-from dataall.modules.datasets.services.dataset_table import DatasetTableService
 
 log = logging.getLogger(__name__)
 
@@ -495,7 +494,11 @@ def enable_copy_table(
         session, username, groups, uri, data=None, check_perm=True
     ) -> models.RedshiftClusterDatasetTable:
         cluster = RedshiftCluster.get_redshift_cluster_by_uri(session, uri)
-        table = DatasetTableService.get_dataset_table_by_uri(session, data['tableUri'])
+
+        # TODO should be migrated in the redshift module
+        table = dataall.modules.datasets.services.dataset_table.DatasetTableService.get_dataset_table_by_uri(
+            session, data['tableUri']
+        )
         table = models.RedshiftClusterDatasetTable(
             clusterUri=uri,
             datasetUri=data['datasetUri'],
diff --git a/deploy/stacks/container.py b/deploy/stacks/container.py
index d3c761519..aa7be04df 100644
--- a/deploy/stacks/container.py
+++ b/deploy/stacks/container.py
@@ -92,6 +92,7 @@ def __init__(
             envname, resource_prefix, vpc, vpc_endpoints_sg
         )
 
+        # TODO introduce the ability to change the deployment depending on config.json file
         sync_tables_task = self.set_scheduled_task(
             cluster=cluster,
             command=['python3.8', '-m', 'dataall.modules.datasets.tasks.tables_syncer'],
@@ -174,6 +175,7 @@ def __init__(
             update_bucket_policies_task.task.security_groups
         )
 
+        # TODO introduce the ability to change the deployment depending on config.json file
         subscriptions_task = self.set_scheduled_task(
             cluster=cluster,
             command=[

From 13b6e92918b453c3fe6ad20be7ec2d8e74194315 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 13 Apr 2023 15:11:50 +0200
Subject: [PATCH 037/346] Added GlossaryRegistry for Union scheme

---
 .../dataall/api/Objects/Glossary/__init__.py  |  3 ++-
 .../Objects/Glossary}/registry.py             | 10 ++++++-
 .../dataall/api/Objects/Glossary/resolvers.py | 27 ++++++++++---------
 .../dataall/api/Objects/Glossary/schema.py    |  9 ++-----
 backend/dataall/core/glossary/__init__.py     |  1 -
 .../core/glossary/services/__init__.py        |  1 -
 backend/dataall/db/api/glossary.py            | 25 ++++++-----------
 backend/dataall/modules/datasets/__init__.py  |  2 +-
 tests/api/test_glossary.py                    | 20 +++++++-------
 9 files changed, 46 insertions(+), 52 deletions(-)
 rename backend/dataall/{core/glossary/services => api/Objects/Glossary}/registry.py (80%)
 delete mode 100644 backend/dataall/core/glossary/__init__.py
 delete mode 100644 backend/dataall/core/glossary/services/__init__.py

diff --git a/backend/dataall/api/Objects/Glossary/__init__.py b/backend/dataall/api/Objects/Glossary/__init__.py
index 0c4ec6166..30e86e17e 100644
--- a/backend/dataall/api/Objects/Glossary/__init__.py
+++ b/backend/dataall/api/Objects/Glossary/__init__.py
@@ -4,6 +4,7 @@
     mutations,
     resolvers,
     schema,
+    registry,
 )
 
-__all__ = ['resolvers', 'schema', 'input_types', 'queries', 'mutations']
+__all__ = ['registry', 'resolvers', 'schema', 'input_types', 'queries', 'mutations']
diff --git a/backend/dataall/core/glossary/services/registry.py b/backend/dataall/api/Objects/Glossary/registry.py
similarity index 80%
rename from backend/dataall/core/glossary/services/registry.py
rename to backend/dataall/api/Objects/Glossary/registry.py
index ee3f10d41..375f470e2 100644
--- a/backend/dataall/core/glossary/services/registry.py
+++ b/backend/dataall/api/Objects/Glossary/registry.py
@@ -1,6 +1,8 @@
 from dataclasses import dataclass
 from typing import Type, Dict, Optional, Protocol, Union
 
+from dataall.api import gql
+from dataall.api.gql.graphql_union_type import UnionTypeRegistry
 from dataall.db import Resource, models
 
 
@@ -11,6 +13,7 @@ def uri(self):
 
 @dataclass
 class GlossaryDefinition:
+    """Glossary's definition used for registration references of other modules"""
     target_type: str
     object_type: str
     model: Union[Type[Resource], Identifiable]  # should be an intersection, but python typing doesn't have one yet
@@ -19,7 +22,8 @@ def target_uri(self):
         return self.model.uri()
 
 
-class GlossaryRegistry:
+class GlossaryRegistry(UnionTypeRegistry):
+    """Registry of glossary definition and API to retrieve data"""
     _DEFINITIONS: Dict[str, GlossaryDefinition] = {}
 
     @classmethod
@@ -42,6 +46,10 @@ def find_object_type(cls, model: Resource) -> Optional[str]:
     def definitions(cls):
         return cls._DEFINITIONS.values()
 
+    @classmethod
+    def types(cls):
+        return [gql.Ref(definition.object_type) for definition in cls._DEFINITIONS.values()]
+
 
 GlossaryRegistry.register(GlossaryDefinition("DatasetTable", "DatasetTable", models.DatasetTable))
 GlossaryRegistry.register(GlossaryDefinition("Folder", "DatasetStorageLocation", models.DatasetStorageLocation))
diff --git a/backend/dataall/api/Objects/Glossary/resolvers.py b/backend/dataall/api/Objects/Glossary/resolvers.py
index ae8501993..15e77327f 100644
--- a/backend/dataall/api/Objects/Glossary/resolvers.py
+++ b/backend/dataall/api/Objects/Glossary/resolvers.py
@@ -2,6 +2,7 @@
 
 from sqlalchemy import and_, or_, asc
 
+from dataall.api.Objects.Glossary.registry import GlossaryRegistry
 from .... import db
 from ....api.context import Context
 from ....db import paginate, exceptions, models
@@ -12,8 +13,6 @@
     GlossaryRole
 )
 
-from dataall.core.glossary.services.registry import GlossaryRegistry
-
 
 def resolve_glossary_node(obj: models.GlossaryNode, *_):
     if obj.nodeType == 'G':
@@ -273,8 +272,6 @@ def request_link(
     with context.engine.scoped_session() as session:
         return db.api.Glossary.link_term(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=nodeUri,
             data={
                 'targetUri': targetUri,
@@ -282,7 +279,7 @@ def request_link(
                 'approvedByOwner': True,
                 'approvedBySteward': False,
             },
-            check_perm=True,
+            target_model=_target_model(targetType),
         )
 
 
@@ -296,8 +293,6 @@ def link_term(
     with context.engine.scoped_session() as session:
         return db.api.Glossary.link_term(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=nodeUri,
             data={
                 'targetUri': targetUri,
@@ -305,7 +300,7 @@ def link_term(
                 'approvedByOwner': True,
                 'approvedBySteward': True,
             },
-            check_perm=True,
+            target_model=_target_model(targetType),
         )
 
 
@@ -329,7 +324,7 @@ def target_union_resolver(obj, *_):
 
 def resolve_link_target(context, source, **kwargs):
     with context.engine.scoped_session() as session:
-        model = GlossaryRegistry.find_model(source.targetUri)
+        model = GlossaryRegistry.find_model(source.targetType)
         target = session.query(model).get(source.targetUri)
     return target
 
@@ -342,11 +337,8 @@ def resolve_term_associations(
     with context.engine.scoped_session() as session:
         return db.api.Glossary.list_term_associations(
             session=session,
-            username=context.username,
-            groups=context.groups,
-            uri=None,
             data={'source': source, 'filter': filter},
-            check_perm=True,
+            target_model_definitions=GlossaryRegistry.definitions()
         )
 
 
@@ -477,3 +469,12 @@ def reindex(context, linkUri):
         upsert_folder(session=session, es=context.es, locationUri=link.targetUri)
     elif isinstance(target, models.Dashboard):
         upsert_dashboard(session=session, es=context.es, dashboardUri=link.targetUri)
+
+
+def _target_model(target_type: str):
+    target_model = GlossaryRegistry.find_model(target_type)
+    if not target_model:
+        raise exceptions.InvalidInput(
+            'NodeType', 'term.nodeType', 'association target type is invalid'
+        )
+    return target_model
diff --git a/backend/dataall/api/Objects/Glossary/schema.py b/backend/dataall/api/Objects/Glossary/schema.py
index 36fd1b758..9b71ae4b1 100644
--- a/backend/dataall/api/Objects/Glossary/schema.py
+++ b/backend/dataall/api/Objects/Glossary/schema.py
@@ -1,6 +1,7 @@
 from ... import gql
 from .resolvers import *
 from ...constants import GlossaryRole
+from dataall.api.Objects.Glossary.registry import GlossaryRegistry
 
 GlossaryNode = gql.Union(
     name='GlossaryNode',
@@ -246,13 +247,7 @@
 
 GlossaryTermLinkTarget = gql.Union(
     name='GlossaryTermLinkTarget',
-    types=[
-        gql.Ref('Dataset'),
-        gql.Ref('DatasetTable'),
-        gql.Ref('DatasetStorageLocation'),
-        gql.Ref('DatasetTableColumn'),
-        gql.Ref('Dashboard'),
-    ],
+    type_registry=GlossaryRegistry,
     resolver=target_union_resolver,
 )
 
diff --git a/backend/dataall/core/glossary/__init__.py b/backend/dataall/core/glossary/__init__.py
deleted file mode 100644
index aa81c1e26..000000000
--- a/backend/dataall/core/glossary/__init__.py
+++ /dev/null
@@ -1 +0,0 @@
-"""Contains code related to glossaries"""
diff --git a/backend/dataall/core/glossary/services/__init__.py b/backend/dataall/core/glossary/services/__init__.py
deleted file mode 100644
index 9ed65d261..000000000
--- a/backend/dataall/core/glossary/services/__init__.py
+++ /dev/null
@@ -1 +0,0 @@
-"""Service layer of glossaries"""
diff --git a/backend/dataall/db/api/glossary.py b/backend/dataall/db/api/glossary.py
index 96c340f62..2dc97c62c 100644
--- a/backend/dataall/db/api/glossary.py
+++ b/backend/dataall/db/api/glossary.py
@@ -5,12 +5,11 @@
 from sqlalchemy.orm import with_expression, aliased
 
 from .. import models, exceptions, permissions, paginate, Resource
-from .permission_checker import (
-    has_tenant_perm,
-)
+from .permission_checker import has_tenant_perm
 from ..models.Glossary import GlossaryNodeStatus
-from dataall.core.glossary.services.registry import GlossaryRegistry
 from ..paginator import Page
+from dataall.core.permission_checker import has_tenant_permission
+from dataall.core.context import get_context
 
 logger = logging.getLogger(__name__)
 
@@ -113,8 +112,8 @@ def update_node(session, username, groups, uri, data=None, check_perm=None):
         return node
 
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_GLOSSARIES)
-    def link_term(session, username, groups, uri, data=None, check_perm=None):
+    @has_tenant_permission(permissions.MANAGE_GLOSSARIES)
+    def link_term(session, uri, target_model: Resource, data):
         term: models.GlossaryNode = session.query(models.GlossaryNode).get(uri)
         if not term:
             raise exceptions.ObjectNotFound('Node', uri)
@@ -128,18 +127,12 @@ def link_term(session, username, groups, uri, data=None, check_perm=None):
         target_uri: str = data['targetUri']
         target_type: str = data['targetType']
 
-        target_model: Resource = GlossaryRegistry.find_model(target_type)
-        if not target_model:
-            raise exceptions.InvalidInput(
-                'NodeType', 'term.nodeType', 'association target type is invalid'
-            )
-
         target = session.query(target_model).get(target_uri)
         if not target:
             raise exceptions.ObjectNotFound('Association target', uri)
 
         link = models.TermLink(
-            owner=username,
+            owner=get_context().username,
             approvedByOwner=data.get('approvedByOwner', True),
             approvedBySteward=data.get('approvedBySteward', True),
             nodeUri=uri,
@@ -335,14 +328,12 @@ def list_node_children(session, source, filter):
         ).to_dict()
 
     @staticmethod
-    def list_term_associations(
-        session, username, groups, uri, data=None, check_perm=None
-    ):
+    def list_term_associations(session, target_model_definitions, data=None):
         source = data['source']
         filter = data['filter']
 
         query = None
-        for definition in GlossaryRegistry.definitions():
+        for definition in target_model_definitions:
             model = definition.model
             subquery = session.query(
                 definition.target_uri().label('targetUri'),
diff --git a/backend/dataall/modules/datasets/__init__.py b/backend/dataall/modules/datasets/__init__.py
index 6ba4a24e2..de1963bd2 100644
--- a/backend/dataall/modules/datasets/__init__.py
+++ b/backend/dataall/modules/datasets/__init__.py
@@ -3,7 +3,7 @@
 from typing import List
 
 from dataall.api.Objects.Feed.registry import FeedRegistry, FeedDefinition
-from dataall.core.glossary.services.registry import GlossaryRegistry, GlossaryDefinition
+from dataall.api.Objects.Glossary.registry import GlossaryRegistry, GlossaryDefinition
 from dataall.modules.datasets.db.table_column_model import DatasetTableColumn
 from dataall.modules.loader import ModuleInterface, ImportMode
 
diff --git a/tests/api/test_glossary.py b/tests/api/test_glossary.py
index 8276dca8c..987ccc1a8 100644
--- a/tests/api/test_glossary.py
+++ b/tests/api/test_glossary.py
@@ -1,3 +1,4 @@
+from datetime import datetime
 from typing import List
 from dataall.db import models
 from dataall.modules.datasets.db.table_column_model import DatasetTableColumn
@@ -197,7 +198,6 @@ def test_list_glossaries(client):
         }
         """
     )
-    print(response)
     assert response.data.listGlossaries.count == 1
     assert response.data.listGlossaries.nodes[0].stats.categories == 2
 
@@ -246,7 +246,6 @@ def test_hierarchical_search(client):
         }
         """
     )
-    print(response)
     assert response.data.searchGlossary.count == 4
 
 
@@ -263,7 +262,6 @@ def test_get_glossary(client, g1):
         """,
         nodeUri=g1.nodeUri,
     )
-    print(r)
     assert r.data.getGlossary.nodeUri == g1.nodeUri
     assert r.data.getGlossary.label == g1.label
     assert r.data.getGlossary.readme == g1.readme
@@ -301,7 +299,6 @@ def test_get_term(client, t1):
         """,
         nodeUri=t1.nodeUri,
     )
-    print(r)
     assert r.data.getTerm.nodeUri == t1.nodeUri
     assert r.data.getTerm.label == t1.label
     assert r.data.getTerm.readme == t1.readme
@@ -552,7 +549,7 @@ def test_link_term(client, t1, _columns, group):
     print(r)
 
 
-def test_get_term_associations(t1, client):
+def test_get_term_associations(t1, db, client):
     r = client.query(
         """
         query GetTerm($nodeUri:String!){
@@ -579,10 +576,13 @@ def test_get_term_associations(t1, client):
         nodeUri=t1.nodeUri,
         username='alice',
     )
-    print(r)
+    assert r.data.getTerm.nodeUri == t1.nodeUri
+    assert r.data.getTerm.label == t1.label
+    assert r.data.getTerm.readme == t1.readme
 
 
-def test_delete_category(client, c1, group):
+def test_delete_category(client, db, c1, group):
+    now = datetime.now()
     r = client.query(
         """
         mutation DeleteCategory(
@@ -597,7 +597,9 @@ def test_delete_category(client, c1, group):
         username='alice',
         groups=[group.name],
     )
-    print(r)
+    with db.scoped_session() as session:
+        node = session.query(models.GlossaryNode).get(c1.nodeUri)
+        assert node.deleted >= now
 
 
 def test_list_glossaries_after_delete(client):
@@ -634,7 +636,6 @@ def test_list_glossaries_after_delete(client):
         }
         """
     )
-    print(response)
     assert response.data.listGlossaries.count == 1
     assert response.data.listGlossaries.nodes[0].stats.categories == 0
 
@@ -683,5 +684,4 @@ def test_hierarchical_search_after_delete(client):
         }
         """
     )
-    print(response)
     assert response.data.searchGlossary.count == 1

From 144dfea5a1026d665eda7e6384adc5781297c5ba Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 13 Apr 2023 15:15:08 +0200
Subject: [PATCH 038/346] Changed import in redshift module

---
 backend/dataall/db/api/redshift_cluster.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/backend/dataall/db/api/redshift_cluster.py b/backend/dataall/db/api/redshift_cluster.py
index 8ca3088bf..31b795225 100644
--- a/backend/dataall/db/api/redshift_cluster.py
+++ b/backend/dataall/db/api/redshift_cluster.py
@@ -495,8 +495,9 @@ def enable_copy_table(
     ) -> models.RedshiftClusterDatasetTable:
         cluster = RedshiftCluster.get_redshift_cluster_by_uri(session, uri)
 
-        # TODO should be migrated in the redshift module
-        table = dataall.modules.datasets.services.dataset_table.DatasetTableService.get_dataset_table_by_uri(
+        # TODO this dirty hack should be removed in the redshift module or after pipeline migration (circular import)
+        from dataall.modules.datasets.services.dataset_table import DatasetTableService
+        table = DatasetTableService.get_dataset_table_by_uri(
             session, data['tableUri']
         )
         table = models.RedshiftClusterDatasetTable(

From d43b9b31b661287e303cfad8fc958c7f511277d2 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 13 Apr 2023 15:18:04 +0200
Subject: [PATCH 039/346] No need for Utils yet

---
 backend/dataall/core/utils/__init__.py | 1 -
 1 file changed, 1 deletion(-)
 delete mode 100644 backend/dataall/core/utils/__init__.py

diff --git a/backend/dataall/core/utils/__init__.py b/backend/dataall/core/utils/__init__.py
deleted file mode 100644
index 02ed9cfb4..000000000
--- a/backend/dataall/core/utils/__init__.py
+++ /dev/null
@@ -1 +0,0 @@
-"""Utility functions and classes"""

From 39b244c9b2fc841405e53088a48f8c564850b505 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 13 Apr 2023 15:22:39 +0200
Subject: [PATCH 040/346] Fixed linting

---
 backend/dataall/db/models/Dataset.py          |  1 -
 .../modules/datasets/handlers/__init__.py     |  1 -
 .../datasets/handlers/glue_column_handler.py  | 19 +++++++++----------
 3 files changed, 9 insertions(+), 12 deletions(-)

diff --git a/backend/dataall/db/models/Dataset.py b/backend/dataall/db/models/Dataset.py
index 451c7da7c..fd65387b7 100644
--- a/backend/dataall/db/models/Dataset.py
+++ b/backend/dataall/db/models/Dataset.py
@@ -62,4 +62,3 @@ class Dataset(Resource, Base):
 
     def uri(self):
         return self.datasetUri
-
diff --git a/backend/dataall/modules/datasets/handlers/__init__.py b/backend/dataall/modules/datasets/handlers/__init__.py
index 19bd47297..a5d506712 100644
--- a/backend/dataall/modules/datasets/handlers/__init__.py
+++ b/backend/dataall/modules/datasets/handlers/__init__.py
@@ -8,4 +8,3 @@
 )
 
 __all__ = ["glue_column_handler", "glue_table_handler"]
-
diff --git a/backend/dataall/modules/datasets/handlers/glue_column_handler.py b/backend/dataall/modules/datasets/handlers/glue_column_handler.py
index 02003eea2..329b702b7 100644
--- a/backend/dataall/modules/datasets/handlers/glue_column_handler.py
+++ b/backend/dataall/modules/datasets/handlers/glue_column_handler.py
@@ -67,16 +67,15 @@ def update_table_columns(engine, task: models.Task):
                 updated_table = {
                     k: v
                     for k, v in original_table['Table'].items()
-                    if k
-                       not in [
-                           'CatalogId',
-                           'VersionId',
-                           'DatabaseName',
-                           'CreateTime',
-                           'UpdateTime',
-                           'CreatedBy',
-                           'IsRegisteredWithLakeFormation',
-                       ]
+                    if k not in [
+                        'CatalogId',
+                        'VersionId',
+                        'DatabaseName',
+                        'CreateTime',
+                        'UpdateTime',
+                        'CreatedBy',
+                        'IsRegisteredWithLakeFormation',
+                    ]
                 }
                 all_columns = updated_table.get('StorageDescriptor', {}).get(
                     'Columns', []

From cb3800a8aae649c8ff14d937440ea215e106db09 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 14 Apr 2023 15:24:26 +0200
Subject: [PATCH 041/346] Datasets refactoring

Moving datasets profiling to datasets modules
---
 backend/dataall/api/Objects/__init__.py                |  1 -
 .../datasets/api}/DatasetProfiling/__init__.py         |  0
 .../datasets/api}/DatasetProfiling/input_types.py      |  2 +-
 .../datasets/api}/DatasetProfiling/mutations.py        |  2 +-
 .../datasets/api}/DatasetProfiling/queries.py          |  2 +-
 .../datasets/api}/DatasetProfiling/resolvers.py        | 10 +++++-----
 .../datasets/api}/DatasetProfiling/schema.py           |  2 +-
 backend/dataall/modules/datasets/api/__init__.py       |  5 +++--
 8 files changed, 12 insertions(+), 12 deletions(-)
 rename backend/dataall/{api/Objects => modules/datasets/api}/DatasetProfiling/__init__.py (100%)
 rename backend/dataall/{api/Objects => modules/datasets/api}/DatasetProfiling/input_types.py (95%)
 rename backend/dataall/{api/Objects => modules/datasets/api}/DatasetProfiling/mutations.py (95%)
 rename backend/dataall/{api/Objects => modules/datasets/api}/DatasetProfiling/queries.py (97%)
 rename backend/dataall/{api/Objects => modules/datasets/api}/DatasetProfiling/resolvers.py (95%)
 rename backend/dataall/{api/Objects => modules/datasets/api}/DatasetProfiling/schema.py (98%)

diff --git a/backend/dataall/api/Objects/__init__.py b/backend/dataall/api/Objects/__init__.py
index 43d5e0833..80b91358a 100644
--- a/backend/dataall/api/Objects/__init__.py
+++ b/backend/dataall/api/Objects/__init__.py
@@ -29,7 +29,6 @@
     Test,
     SagemakerStudio,
     RedshiftCluster,
-    DatasetProfiling,
     Glossary,
     AthenaQueryResult,
     Worksheet,
diff --git a/backend/dataall/api/Objects/DatasetProfiling/__init__.py b/backend/dataall/modules/datasets/api/DatasetProfiling/__init__.py
similarity index 100%
rename from backend/dataall/api/Objects/DatasetProfiling/__init__.py
rename to backend/dataall/modules/datasets/api/DatasetProfiling/__init__.py
diff --git a/backend/dataall/api/Objects/DatasetProfiling/input_types.py b/backend/dataall/modules/datasets/api/DatasetProfiling/input_types.py
similarity index 95%
rename from backend/dataall/api/Objects/DatasetProfiling/input_types.py
rename to backend/dataall/modules/datasets/api/DatasetProfiling/input_types.py
index deb1739c5..e8e89fb16 100644
--- a/backend/dataall/api/Objects/DatasetProfiling/input_types.py
+++ b/backend/dataall/modules/datasets/api/DatasetProfiling/input_types.py
@@ -1,4 +1,4 @@
-from ... import gql
+from dataall.api import gql
 
 StartDatasetProfilingRunInput = gql.InputType(
     name='StartDatasetProfilingRunInput',
diff --git a/backend/dataall/api/Objects/DatasetProfiling/mutations.py b/backend/dataall/modules/datasets/api/DatasetProfiling/mutations.py
similarity index 95%
rename from backend/dataall/api/Objects/DatasetProfiling/mutations.py
rename to backend/dataall/modules/datasets/api/DatasetProfiling/mutations.py
index 5876c81a7..778526048 100644
--- a/backend/dataall/api/Objects/DatasetProfiling/mutations.py
+++ b/backend/dataall/modules/datasets/api/DatasetProfiling/mutations.py
@@ -1,4 +1,4 @@
-from ... import gql
+from dataall.api import gql
 from .resolvers import *
 
 startDatasetProfilingRun = gql.MutationField(
diff --git a/backend/dataall/api/Objects/DatasetProfiling/queries.py b/backend/dataall/modules/datasets/api/DatasetProfiling/queries.py
similarity index 97%
rename from backend/dataall/api/Objects/DatasetProfiling/queries.py
rename to backend/dataall/modules/datasets/api/DatasetProfiling/queries.py
index 9ab3eb2bb..2225e2117 100644
--- a/backend/dataall/api/Objects/DatasetProfiling/queries.py
+++ b/backend/dataall/modules/datasets/api/DatasetProfiling/queries.py
@@ -1,4 +1,4 @@
-from ... import gql
+from dataall.api import gql
 from .resolvers import *
 
 
diff --git a/backend/dataall/api/Objects/DatasetProfiling/resolvers.py b/backend/dataall/modules/datasets/api/DatasetProfiling/resolvers.py
similarity index 95%
rename from backend/dataall/api/Objects/DatasetProfiling/resolvers.py
rename to backend/dataall/modules/datasets/api/DatasetProfiling/resolvers.py
index 4b4684019..a84d0d82f 100644
--- a/backend/dataall/api/Objects/DatasetProfiling/resolvers.py
+++ b/backend/dataall/modules/datasets/api/DatasetProfiling/resolvers.py
@@ -1,11 +1,11 @@
 import json
 import logging
 
-from ....api.context import Context
-from ....aws.handlers.service_handlers import Worker
-from ....aws.handlers.sts import SessionHelper
-from ....db import api, permissions, models
-from ....db.api import ResourcePolicy
+from dataall.api.context import Context
+from dataall.aws.handlers.service_handlers import Worker
+from dataall.aws.handlers.sts import SessionHelper
+from dataall.db import api, permissions, models
+from dataall.db.api import ResourcePolicy
 from dataall.modules.datasets.services.dataset_table import DatasetTableService
 
 log = logging.getLogger(__name__)
diff --git a/backend/dataall/api/Objects/DatasetProfiling/schema.py b/backend/dataall/modules/datasets/api/DatasetProfiling/schema.py
similarity index 98%
rename from backend/dataall/api/Objects/DatasetProfiling/schema.py
rename to backend/dataall/modules/datasets/api/DatasetProfiling/schema.py
index f6fe9c575..f79022a51 100644
--- a/backend/dataall/api/Objects/DatasetProfiling/schema.py
+++ b/backend/dataall/modules/datasets/api/DatasetProfiling/schema.py
@@ -1,4 +1,4 @@
-from ... import gql
+from dataall.api import gql
 from .resolvers import (
     resolve_dataset,
     get_profiling_run_status,
diff --git a/backend/dataall/modules/datasets/api/__init__.py b/backend/dataall/modules/datasets/api/__init__.py
index 538df0734..00d4dd3b8 100644
--- a/backend/dataall/modules/datasets/api/__init__.py
+++ b/backend/dataall/modules/datasets/api/__init__.py
@@ -1,6 +1,7 @@
 """The GraphQL schema of datasets and related functionality"""
 from dataall.modules.datasets.api import (
-    table_column
+    table_column,
+    DatasetProfiling
 )
 
-__all__ = ["table_column"]
+__all__ = ["table_column", "DatasetProfiling"]

From dd8e597a2e0a301342f0fa4b406b9a37f9e445a2 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 14 Apr 2023 15:28:55 +0200
Subject: [PATCH 042/346] Datasets refactoring

Renaming profiling
---
 backend/dataall/modules/datasets/api/__init__.py           | 4 ++--
 .../api/{DatasetProfiling => profiling}/__init__.py        | 2 +-
 .../api/{DatasetProfiling => profiling}/input_types.py     | 0
 .../api/{DatasetProfiling => profiling}/mutations.py       | 5 ++++-
 .../api/{DatasetProfiling => profiling}/queries.py         | 7 ++++++-
 .../api/{DatasetProfiling => profiling}/resolvers.py       | 0
 .../datasets/api/{DatasetProfiling => profiling}/schema.py | 2 +-
 tests/api/test_dataset_profiling.py                        | 4 ++--
 8 files changed, 16 insertions(+), 8 deletions(-)
 rename backend/dataall/modules/datasets/api/{DatasetProfiling => profiling}/__init__.py (73%)
 rename backend/dataall/modules/datasets/api/{DatasetProfiling => profiling}/input_types.py (100%)
 rename backend/dataall/modules/datasets/api/{DatasetProfiling => profiling}/mutations.py (83%)
 rename backend/dataall/modules/datasets/api/{DatasetProfiling => profiling}/queries.py (86%)
 rename backend/dataall/modules/datasets/api/{DatasetProfiling => profiling}/resolvers.py (100%)
 rename backend/dataall/modules/datasets/api/{DatasetProfiling => profiling}/schema.py (96%)

diff --git a/backend/dataall/modules/datasets/api/__init__.py b/backend/dataall/modules/datasets/api/__init__.py
index 00d4dd3b8..6bb6f8ab0 100644
--- a/backend/dataall/modules/datasets/api/__init__.py
+++ b/backend/dataall/modules/datasets/api/__init__.py
@@ -1,7 +1,7 @@
 """The GraphQL schema of datasets and related functionality"""
 from dataall.modules.datasets.api import (
     table_column,
-    DatasetProfiling
+    profiling
 )
 
-__all__ = ["table_column", "DatasetProfiling"]
+__all__ = ["table_column", "profiling"]
diff --git a/backend/dataall/modules/datasets/api/DatasetProfiling/__init__.py b/backend/dataall/modules/datasets/api/profiling/__init__.py
similarity index 73%
rename from backend/dataall/modules/datasets/api/DatasetProfiling/__init__.py
rename to backend/dataall/modules/datasets/api/profiling/__init__.py
index dfa46b264..4c5b6c491 100644
--- a/backend/dataall/modules/datasets/api/DatasetProfiling/__init__.py
+++ b/backend/dataall/modules/datasets/api/profiling/__init__.py
@@ -1,4 +1,4 @@
-from . import (
+from dataall.modules.datasets.api.profiling import (
     input_types,
     mutations,
     queries,
diff --git a/backend/dataall/modules/datasets/api/DatasetProfiling/input_types.py b/backend/dataall/modules/datasets/api/profiling/input_types.py
similarity index 100%
rename from backend/dataall/modules/datasets/api/DatasetProfiling/input_types.py
rename to backend/dataall/modules/datasets/api/profiling/input_types.py
diff --git a/backend/dataall/modules/datasets/api/DatasetProfiling/mutations.py b/backend/dataall/modules/datasets/api/profiling/mutations.py
similarity index 83%
rename from backend/dataall/modules/datasets/api/DatasetProfiling/mutations.py
rename to backend/dataall/modules/datasets/api/profiling/mutations.py
index 778526048..e4bcd62cc 100644
--- a/backend/dataall/modules/datasets/api/DatasetProfiling/mutations.py
+++ b/backend/dataall/modules/datasets/api/profiling/mutations.py
@@ -1,5 +1,8 @@
 from dataall.api import gql
-from .resolvers import *
+from dataall.modules.datasets.api.profiling.resolvers import (
+    start_profiling_run,
+    update_profiling_run_results
+)
 
 startDatasetProfilingRun = gql.MutationField(
     name='startDatasetProfilingRun',
diff --git a/backend/dataall/modules/datasets/api/DatasetProfiling/queries.py b/backend/dataall/modules/datasets/api/profiling/queries.py
similarity index 86%
rename from backend/dataall/modules/datasets/api/DatasetProfiling/queries.py
rename to backend/dataall/modules/datasets/api/profiling/queries.py
index 2225e2117..8d2fbb25c 100644
--- a/backend/dataall/modules/datasets/api/DatasetProfiling/queries.py
+++ b/backend/dataall/modules/datasets/api/profiling/queries.py
@@ -1,5 +1,10 @@
 from dataall.api import gql
-from .resolvers import *
+from dataall.modules.datasets.api.profiling.resolvers import (
+    get_profiling_run,
+    list_profiling_runs,
+    list_table_profiling_runs,
+    get_last_table_profiling_run
+)
 
 
 getDatasetProfilingRun = gql.QueryField(
diff --git a/backend/dataall/modules/datasets/api/DatasetProfiling/resolvers.py b/backend/dataall/modules/datasets/api/profiling/resolvers.py
similarity index 100%
rename from backend/dataall/modules/datasets/api/DatasetProfiling/resolvers.py
rename to backend/dataall/modules/datasets/api/profiling/resolvers.py
diff --git a/backend/dataall/modules/datasets/api/DatasetProfiling/schema.py b/backend/dataall/modules/datasets/api/profiling/schema.py
similarity index 96%
rename from backend/dataall/modules/datasets/api/DatasetProfiling/schema.py
rename to backend/dataall/modules/datasets/api/profiling/schema.py
index f79022a51..6babb61b3 100644
--- a/backend/dataall/modules/datasets/api/DatasetProfiling/schema.py
+++ b/backend/dataall/modules/datasets/api/profiling/schema.py
@@ -1,5 +1,5 @@
 from dataall.api import gql
-from .resolvers import (
+from dataall.modules.datasets.api.profiling.resolvers import (
     resolve_dataset,
     get_profiling_run_status,
     get_profiling_results,
diff --git a/tests/api/test_dataset_profiling.py b/tests/api/test_dataset_profiling.py
index c5bed6d1e..ad410a610 100644
--- a/tests/api/test_dataset_profiling.py
+++ b/tests/api/test_dataset_profiling.py
@@ -129,7 +129,7 @@ def test_get_table_profiling_run(
     client, dataset1, env1, module_mocker, table, db, group
 ):
     module_mocker.patch(
-        'dataall.api.Objects.DatasetProfiling.resolvers.get_profiling_results_from_s3',
+        'dataall.modules.datasets.api.profiling.resolvers.get_profiling_results_from_s3',
         return_value='{"results": "yes"}',
     )
     runs = list_profiling_runs(client, dataset1, group)
@@ -169,7 +169,7 @@ def test_list_table_profiling_runs(
     client, dataset1, env1, module_mocker, table, db, group
 ):
     module_mocker.patch(
-        'dataall.api.Objects.DatasetProfiling.resolvers.get_profiling_results_from_s3',
+        'dataall.modules.datasets.api.profiling.resolvers.get_profiling_results_from_s3',
         return_value='{"results": "yes"}',
     )
     module_mocker.patch('requests.post', return_value=True)

From 8ca7bea0feec8594ce6ca43f5bdadfe8951d0406 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 14 Apr 2023 15:32:50 +0200
Subject: [PATCH 043/346] Datasets refactoring

Renaming table_column_model to models to easier import other models
---
 backend/dataall/modules/datasets/__init__.py                    | 2 +-
 backend/dataall/modules/datasets/api/table_column/resolvers.py  | 2 +-
 .../modules/datasets/db/{table_column_model.py => models.py}    | 0
 .../dataall/modules/datasets/handlers/glue_column_handler.py    | 2 +-
 backend/dataall/modules/datasets/services/dataset_table.py      | 2 +-
 tests/api/test_dataset_table.py                                 | 2 +-
 tests/api/test_glossary.py                                      | 2 +-
 tests/modules/datasets/test_dataset_feed.py                     | 2 +-
 8 files changed, 7 insertions(+), 7 deletions(-)
 rename backend/dataall/modules/datasets/db/{table_column_model.py => models.py} (100%)

diff --git a/backend/dataall/modules/datasets/__init__.py b/backend/dataall/modules/datasets/__init__.py
index de1963bd2..4620495fe 100644
--- a/backend/dataall/modules/datasets/__init__.py
+++ b/backend/dataall/modules/datasets/__init__.py
@@ -4,7 +4,7 @@
 
 from dataall.api.Objects.Feed.registry import FeedRegistry, FeedDefinition
 from dataall.api.Objects.Glossary.registry import GlossaryRegistry, GlossaryDefinition
-from dataall.modules.datasets.db.table_column_model import DatasetTableColumn
+from dataall.modules.datasets.db.models import DatasetTableColumn
 from dataall.modules.loader import ModuleInterface, ImportMode
 
 log = logging.getLogger(__name__)
diff --git a/backend/dataall/modules/datasets/api/table_column/resolvers.py b/backend/dataall/modules/datasets/api/table_column/resolvers.py
index b958f2f7a..8e78a042e 100644
--- a/backend/dataall/modules/datasets/api/table_column/resolvers.py
+++ b/backend/dataall/modules/datasets/api/table_column/resolvers.py
@@ -6,7 +6,7 @@
 from dataall.db import paginate, permissions, models
 from dataall.db.api import ResourcePolicy
 from dataall.modules.datasets.services.dataset_table import DatasetTableService
-from dataall.modules.datasets.db.table_column_model import DatasetTableColumn
+from dataall.modules.datasets.db.models import DatasetTableColumn
 
 
 def list_table_columns(
diff --git a/backend/dataall/modules/datasets/db/table_column_model.py b/backend/dataall/modules/datasets/db/models.py
similarity index 100%
rename from backend/dataall/modules/datasets/db/table_column_model.py
rename to backend/dataall/modules/datasets/db/models.py
diff --git a/backend/dataall/modules/datasets/handlers/glue_column_handler.py b/backend/dataall/modules/datasets/handlers/glue_column_handler.py
index 329b702b7..df43f9dbd 100644
--- a/backend/dataall/modules/datasets/handlers/glue_column_handler.py
+++ b/backend/dataall/modules/datasets/handlers/glue_column_handler.py
@@ -5,7 +5,7 @@
 from dataall.aws.handlers.sts import SessionHelper
 from dataall.db import models
 from dataall.aws.handlers.service_handlers import Worker
-from dataall.modules.datasets.db.table_column_model import DatasetTableColumn
+from dataall.modules.datasets.db.models import DatasetTableColumn
 from dataall.modules.datasets.services.dataset_table import DatasetTableService
 
 log = logging.getLogger(__name__)
diff --git a/backend/dataall/modules/datasets/services/dataset_table.py b/backend/dataall/modules/datasets/services/dataset_table.py
index 873cbe01e..cd02eadf5 100644
--- a/backend/dataall/modules/datasets/services/dataset_table.py
+++ b/backend/dataall/modules/datasets/services/dataset_table.py
@@ -6,7 +6,7 @@
 from dataall.db.api import has_tenant_perm, has_resource_perm, Glossary, ResourcePolicy, Environment
 from dataall.db.models import Dataset
 from dataall.utils import json_utils
-from dataall.modules.datasets.db.table_column_model import DatasetTableColumn
+from dataall.modules.datasets.db.models import DatasetTableColumn
 
 logger = logging.getLogger(__name__)
 
diff --git a/tests/api/test_dataset_table.py b/tests/api/test_dataset_table.py
index a2fcb2add..88140b68c 100644
--- a/tests/api/test_dataset_table.py
+++ b/tests/api/test_dataset_table.py
@@ -4,7 +4,7 @@
 
 import dataall
 from dataall.modules.datasets.services.dataset_table import DatasetTableService
-from dataall.modules.datasets.db.table_column_model import DatasetTableColumn
+from dataall.modules.datasets.db.models import DatasetTableColumn
 
 
 @pytest.fixture(scope='module', autouse=True)
diff --git a/tests/api/test_glossary.py b/tests/api/test_glossary.py
index 987ccc1a8..bb7f34516 100644
--- a/tests/api/test_glossary.py
+++ b/tests/api/test_glossary.py
@@ -1,7 +1,7 @@
 from datetime import datetime
 from typing import List
 from dataall.db import models
-from dataall.modules.datasets.db.table_column_model import DatasetTableColumn
+from dataall.modules.datasets.db.models import DatasetTableColumn
 import pytest
 
 
diff --git a/tests/modules/datasets/test_dataset_feed.py b/tests/modules/datasets/test_dataset_feed.py
index db5ff43e2..06ffdc8ed 100644
--- a/tests/modules/datasets/test_dataset_feed.py
+++ b/tests/modules/datasets/test_dataset_feed.py
@@ -1,6 +1,6 @@
 
 from dataall.api.Objects.Feed.registry import FeedRegistry
-from dataall.modules.datasets.db.table_column_model import DatasetTableColumn
+from dataall.modules.datasets.db.models import DatasetTableColumn
 
 
 def test_dataset_registered():

From e36ab3b0df34c9fa9c86de3f755dca6b547faa73 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 14 Apr 2023 15:42:42 +0200
Subject: [PATCH 044/346] Datasets refactoring

Moving DatasetProfilingRun model
---
 backend/dataall/aws/handlers/glue.py          |  5 +-
 .../dataall/db/api/dataset_profiling_run.py   | 47 ++++++++++---------
 .../dataall/db/models/DatasetProfilingRun.py  | 20 --------
 backend/dataall/db/models/__init__.py         |  1 -
 .../datasets/api/profiling/resolvers.py       |  9 ++--
 backend/dataall/modules/datasets/db/models.py | 21 +++++++--
 tests/api/test_dataset_profiling.py           |  5 +-
 7 files changed, 53 insertions(+), 55 deletions(-)
 delete mode 100644 backend/dataall/db/models/DatasetProfilingRun.py

diff --git a/backend/dataall/aws/handlers/glue.py b/backend/dataall/aws/handlers/glue.py
index e05ce4c54..a61afc3a1 100644
--- a/backend/dataall/aws/handlers/glue.py
+++ b/backend/dataall/aws/handlers/glue.py
@@ -6,6 +6,7 @@
 from .sts import SessionHelper
 from ... import db
 from ...db import models
+from dataall.modules.datasets.db.models import DatasetProfilingRun
 
 log = logging.getLogger('aws:glue')
 
@@ -526,7 +527,7 @@ def get_job_runs(engine, task: models.Task):
     @Worker.handler('glue.job.start_profiling_run')
     def start_profiling_run(engine, task: models.Task):
         with engine.scoped_session() as session:
-            profiling: models.DatasetProfilingRun = (
+            profiling: DatasetProfilingRun = (
                 db.api.DatasetProfilingRun.get_profiling_run(
                     session, profilingRunUri=task.targetUri
                 )
@@ -572,7 +573,7 @@ def run_job(**data):
     @Worker.handler('glue.job.profiling_run_status')
     def get_profiling_run(engine, task: models.Task):
         with engine.scoped_session() as session:
-            profiling: models.DatasetProfilingRun = (
+            profiling: DatasetProfilingRun = (
                 db.api.DatasetProfilingRun.get_profiling_run(
                     session, profilingRunUri=task.targetUri
                 )
diff --git a/backend/dataall/db/api/dataset_profiling_run.py b/backend/dataall/db/api/dataset_profiling_run.py
index f1552bc81..5e7024843 100644
--- a/backend/dataall/db/api/dataset_profiling_run.py
+++ b/backend/dataall/db/api/dataset_profiling_run.py
@@ -2,6 +2,7 @@
 
 from .. import paginate, models
 from ..exceptions import ObjectNotFound
+from dataall.modules.datasets.db.models import DatasetProfilingRun as DatasetProfilingRunModel
 
 
 class DatasetProfilingRun:
@@ -30,7 +31,7 @@ def start_profiling(
         if not environment:
             raise ObjectNotFound('Environment', dataset.environmentUri)
 
-        run = models.DatasetProfilingRun(
+        run = DatasetProfilingRunModel(
             datasetUri=dataset.datasetUri,
             status='RUNNING',
             AwsAccountId=environment.AwsAccountId,
@@ -72,14 +73,14 @@ def get_profiling_run(
         session, profilingRunUri=None, GlueJobRunId=None, GlueTableName=None
     ):
         if profilingRunUri:
-            run: models.DatasetProfilingRun = session.query(
-                models.DatasetProfilingRun
+            run: DatasetProfilingRunModel = session.query(
+                DatasetProfilingRunModel
             ).get(profilingRunUri)
         else:
-            run: models.DatasetProfilingRun = (
-                session.query(models.DatasetProfilingRun)
-                .filter(models.DatasetProfilingRun.GlueJobRunId == GlueJobRunId)
-                .filter(models.DatasetProfilingRun.GlueTableName == GlueTableName)
+            run: DatasetProfilingRunModel = (
+                session.query(DatasetProfilingRunModel)
+                .filter(DatasetProfilingRunModel.GlueJobRunId == GlueJobRunId)
+                .filter(DatasetProfilingRunModel.GlueTableName == GlueTableName)
                 .first()
             )
         return run
@@ -89,9 +90,9 @@ def list_profiling_runs(session, datasetUri, filter: dict = None):
         if not filter:
             filter = {}
         q = (
-            session.query(models.DatasetProfilingRun)
-            .filter(models.DatasetProfilingRun.datasetUri == datasetUri)
-            .order_by(models.DatasetProfilingRun.created.desc())
+            session.query(DatasetProfilingRunModel)
+            .filter(DatasetProfilingRunModel.datasetUri == datasetUri)
+            .order_by(DatasetProfilingRunModel.created.desc())
         )
         return paginate(
             q, page=filter.get('page', 1), page_size=filter.get('pageSize', 20)
@@ -102,19 +103,19 @@ def list_table_profiling_runs(session, tableUri, filter):
         if not filter:
             filter = {}
         q = (
-            session.query(models.DatasetProfilingRun)
+            session.query(DatasetProfilingRunModel)
             .join(
                 models.DatasetTable,
-                models.DatasetTable.datasetUri == models.DatasetProfilingRun.datasetUri,
+                models.DatasetTable.datasetUri == DatasetProfilingRunModel.datasetUri,
             )
             .filter(
                 and_(
                     models.DatasetTable.tableUri == tableUri,
                     models.DatasetTable.GlueTableName
-                    == models.DatasetProfilingRun.GlueTableName,
+                    == DatasetProfilingRunModel.GlueTableName,
                 )
             )
-            .order_by(models.DatasetProfilingRun.created.desc())
+            .order_by(DatasetProfilingRunModel.created.desc())
         )
         return paginate(
             q, page=filter.get('page', 1), page_size=filter.get('pageSize', 20)
@@ -123,34 +124,34 @@ def list_table_profiling_runs(session, tableUri, filter):
     @staticmethod
     def get_table_last_profiling_run(session, tableUri):
         return (
-            session.query(models.DatasetProfilingRun)
+            session.query(DatasetProfilingRunModel)
             .join(
                 models.DatasetTable,
-                models.DatasetTable.datasetUri == models.DatasetProfilingRun.datasetUri,
+                models.DatasetTable.datasetUri == DatasetProfilingRunModel.datasetUri,
             )
             .filter(models.DatasetTable.tableUri == tableUri)
             .filter(
                 models.DatasetTable.GlueTableName
-                == models.DatasetProfilingRun.GlueTableName
+                == DatasetProfilingRunModel.GlueTableName
             )
-            .order_by(models.DatasetProfilingRun.created.desc())
+            .order_by(DatasetProfilingRunModel.created.desc())
             .first()
         )
 
     @staticmethod
     def get_table_last_profiling_run_with_results(session, tableUri):
         return (
-            session.query(models.DatasetProfilingRun)
+            session.query(DatasetProfilingRunModel)
             .join(
                 models.DatasetTable,
-                models.DatasetTable.datasetUri == models.DatasetProfilingRun.datasetUri,
+                models.DatasetTable.datasetUri == DatasetProfilingRunModel.datasetUri,
             )
             .filter(models.DatasetTable.tableUri == tableUri)
             .filter(
                 models.DatasetTable.GlueTableName
-                == models.DatasetProfilingRun.GlueTableName
+                == DatasetProfilingRunModel.GlueTableName
             )
-            .filter(models.DatasetProfilingRun.results.isnot(None))
-            .order_by(models.DatasetProfilingRun.created.desc())
+            .filter(DatasetProfilingRunModel.results.isnot(None))
+            .order_by(DatasetProfilingRunModel.created.desc())
             .first()
         )
diff --git a/backend/dataall/db/models/DatasetProfilingRun.py b/backend/dataall/db/models/DatasetProfilingRun.py
deleted file mode 100644
index b4996db64..000000000
--- a/backend/dataall/db/models/DatasetProfilingRun.py
+++ /dev/null
@@ -1,20 +0,0 @@
-from sqlalchemy import Column, String
-from sqlalchemy.dialects.postgresql import JSON
-
-from .. import Base, Resource, utils
-
-
-class DatasetProfilingRun(Resource, Base):
-    __tablename__ = 'dataset_profiling_run'
-    profilingRunUri = Column(
-        String, primary_key=True, default=utils.uuid('profilingrun')
-    )
-    datasetUri = Column(String, nullable=False)
-    GlueJobName = Column(String)
-    GlueJobRunId = Column(String)
-    GlueTriggerSchedule = Column(String)
-    GlueTriggerName = Column(String)
-    GlueTableName = Column(String)
-    AwsAccountId = Column(String)
-    results = Column(JSON, default={})
-    status = Column(String, default='Created')
diff --git a/backend/dataall/db/models/__init__.py b/backend/dataall/db/models/__init__.py
index 1ab4134b3..f25e5f59b 100644
--- a/backend/dataall/db/models/__init__.py
+++ b/backend/dataall/db/models/__init__.py
@@ -5,7 +5,6 @@
 from .DashboardShare import DashboardShare
 from .DashboardShare import DashboardShareStatus
 from .Dataset import Dataset
-from .DatasetProfilingRun import DatasetProfilingRun
 from .DatasetQualityRule import DatasetQualityRule
 from .DatasetStorageLocation import DatasetStorageLocation
 from .DatasetTable import DatasetTable
diff --git a/backend/dataall/modules/datasets/api/profiling/resolvers.py b/backend/dataall/modules/datasets/api/profiling/resolvers.py
index a84d0d82f..05efbbab8 100644
--- a/backend/dataall/modules/datasets/api/profiling/resolvers.py
+++ b/backend/dataall/modules/datasets/api/profiling/resolvers.py
@@ -7,11 +7,12 @@
 from dataall.db import api, permissions, models
 from dataall.db.api import ResourcePolicy
 from dataall.modules.datasets.services.dataset_table import DatasetTableService
+from dataall.modules.datasets.db.models import DatasetProfilingRun
 
 log = logging.getLogger(__name__)
 
 
-def resolve_dataset(context, source: models.DatasetProfilingRun):
+def resolve_dataset(context, source: DatasetProfilingRun):
     if not source:
         return None
     with context.engine.scoped_session() as session:
@@ -49,7 +50,7 @@ def start_profiling_run(context: Context, source, input: dict = None):
     return run
 
 
-def get_profiling_run_status(context: Context, source: models.DatasetProfilingRun):
+def get_profiling_run_status(context: Context, source: DatasetProfilingRun):
     if not source:
         return None
     with context.engine.scoped_session() as session:
@@ -61,7 +62,7 @@ def get_profiling_run_status(context: Context, source: models.DatasetProfilingRu
     return source.status
 
 
-def get_profiling_results(context: Context, source: models.DatasetProfilingRun):
+def get_profiling_results(context: Context, source: DatasetProfilingRun):
     if not source or source.results == {}:
         return None
     else:
@@ -90,7 +91,7 @@ def get_profiling_run(context: Context, source, profilingRunUri=None):
 
 def get_last_table_profiling_run(context: Context, source, tableUri=None):
     with context.engine.scoped_session() as session:
-        run: models.DatasetProfilingRun = (
+        run: DatasetProfilingRun = (
             api.DatasetProfilingRun.get_table_last_profiling_run(
                 session=session, tableUri=tableUri
             )
diff --git a/backend/dataall/modules/datasets/db/models.py b/backend/dataall/modules/datasets/db/models.py
index 05bc26058..1ba60bea1 100644
--- a/backend/dataall/modules/datasets/db/models.py
+++ b/backend/dataall/modules/datasets/db/models.py
@@ -1,7 +1,6 @@
 from sqlalchemy import Column, String
-
-from dataall.db import Base
-from dataall.db import Resource, utils
+from sqlalchemy.dialects.postgresql import JSON
+from dataall.db import Base, Resource, utils
 
 
 class DatasetTableColumn(Resource, Base):
@@ -21,3 +20,19 @@ class DatasetTableColumn(Resource, Base):
 
     def uri(self):
         return self.columnUri
+
+
+class DatasetProfilingRun(Resource, Base):
+    __tablename__ = 'dataset_profiling_run'
+    profilingRunUri = Column(
+        String, primary_key=True, default=utils.uuid('profilingrun')
+    )
+    datasetUri = Column(String, nullable=False)
+    GlueJobName = Column(String)
+    GlueJobRunId = Column(String)
+    GlueTriggerSchedule = Column(String)
+    GlueTriggerName = Column(String)
+    GlueTableName = Column(String)
+    AwsAccountId = Column(String)
+    results = Column(JSON, default={})
+    status = Column(String, default='Created')
diff --git a/tests/api/test_dataset_profiling.py b/tests/api/test_dataset_profiling.py
index ad410a610..8d708e94d 100644
--- a/tests/api/test_dataset_profiling.py
+++ b/tests/api/test_dataset_profiling.py
@@ -2,6 +2,7 @@
 import pytest
 
 import dataall
+from dataall.modules.datasets.db.models import DatasetProfilingRun
 
 
 @pytest.fixture(scope='module', autouse=True)
@@ -39,7 +40,7 @@ def test_add_tables(table, dataset1, db):
 def update_runs(db, runs):
     with db.scoped_session() as session:
         for run in runs:
-            run = session.query(dataall.db.models.DatasetProfilingRun).get(
+            run = session.query(DatasetProfilingRun).get(
                 run['profilingRunUri']
             )
             run.status = 'SUCCEEDED'
@@ -70,7 +71,7 @@ def test_start_profiling(org1, env1, dataset1, client, module_mocker, db, user,
     profiling = response.data.startDatasetProfilingRun
     assert profiling.profilingRunUri
     with db.scoped_session() as session:
-        profiling = session.query(dataall.db.models.DatasetProfilingRun).get(
+        profiling = session.query(DatasetProfilingRun).get(
             profiling.profilingRunUri
         )
         profiling.GlueJobRunId = 'jr_111111111111'

From 31720c254c3286e7a30c049e7c6835b5d4602c64 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 14 Apr 2023 15:52:44 +0200
Subject: [PATCH 045/346] Datasets refactoring

Moving dataset profiling service and renaming it
---
 backend/dataall/aws/handlers/glue.py              |  7 ++++---
 backend/dataall/db/api/__init__.py                |  1 -
 .../modules/datasets/api/profiling/resolvers.py   | 15 ++++++++-------
 .../services/dataset_profiling_service.py}        |  8 ++++----
 .../datasets/tasks/subscription_service.py        |  3 ++-
 5 files changed, 18 insertions(+), 16 deletions(-)
 rename backend/dataall/{db/api/dataset_profiling_run.py => modules/datasets/services/dataset_profiling_service.py} (96%)

diff --git a/backend/dataall/aws/handlers/glue.py b/backend/dataall/aws/handlers/glue.py
index a61afc3a1..567ab6967 100644
--- a/backend/dataall/aws/handlers/glue.py
+++ b/backend/dataall/aws/handlers/glue.py
@@ -7,6 +7,7 @@
 from ... import db
 from ...db import models
 from dataall.modules.datasets.db.models import DatasetProfilingRun
+from dataall.modules.datasets.services.dataset_profiling_service import DatasetProfilingService
 
 log = logging.getLogger('aws:glue')
 
@@ -528,7 +529,7 @@ def get_job_runs(engine, task: models.Task):
     def start_profiling_run(engine, task: models.Task):
         with engine.scoped_session() as session:
             profiling: DatasetProfilingRun = (
-                db.api.DatasetProfilingRun.get_profiling_run(
+                DatasetProfilingService.get_profiling_run(
                     session, profilingRunUri=task.targetUri
                 )
             )
@@ -547,7 +548,7 @@ def start_profiling_run(engine, task: models.Task):
                     ),
                 }
             )
-            db.api.DatasetProfilingRun.update_run(
+            DatasetProfilingService.update_run(
                 session,
                 profilingRunUri=profiling.profilingRunUri,
                 GlueJobRunId=run['JobRunId'],
@@ -574,7 +575,7 @@ def run_job(**data):
     def get_profiling_run(engine, task: models.Task):
         with engine.scoped_session() as session:
             profiling: DatasetProfilingRun = (
-                db.api.DatasetProfilingRun.get_profiling_run(
+                DatasetProfilingService.get_profiling_run(
                     session, profilingRunUri=task.targetUri
                 )
             )
diff --git a/backend/dataall/db/api/__init__.py b/backend/dataall/db/api/__init__.py
index 19138f7d7..a5f11d2c7 100644
--- a/backend/dataall/db/api/__init__.py
+++ b/backend/dataall/db/api/__init__.py
@@ -13,7 +13,6 @@
 from .share_object import ShareObject, ShareObjectSM, ShareItemSM
 from .dataset import Dataset
 from .dataset_location import DatasetStorageLocation
-from .dataset_profiling_run import DatasetProfilingRun
 from .notification import Notification
 from .redshift_cluster import RedshiftCluster
 from .vpc import Vpc
diff --git a/backend/dataall/modules/datasets/api/profiling/resolvers.py b/backend/dataall/modules/datasets/api/profiling/resolvers.py
index 05efbbab8..62ff64942 100644
--- a/backend/dataall/modules/datasets/api/profiling/resolvers.py
+++ b/backend/dataall/modules/datasets/api/profiling/resolvers.py
@@ -7,6 +7,7 @@
 from dataall.db import api, permissions, models
 from dataall.db.api import ResourcePolicy
 from dataall.modules.datasets.services.dataset_table import DatasetTableService
+from dataall.modules.datasets.services.dataset_profiling_service import DatasetProfilingService
 from dataall.modules.datasets.db.models import DatasetProfilingRun
 
 log = logging.getLogger(__name__)
@@ -33,7 +34,7 @@ def start_profiling_run(context: Context, source, input: dict = None):
         )
         dataset = api.Dataset.get_dataset_by_uri(session, input['datasetUri'])
 
-        run = api.DatasetProfilingRun.start_profiling(
+        run = DatasetProfilingService.start_profiling(
             session=session,
             datasetUri=dataset.datasetUri,
             tableUri=input.get('tableUri'),
@@ -71,7 +72,7 @@ def get_profiling_results(context: Context, source: DatasetProfilingRun):
 
 def update_profiling_run_results(context: Context, source, profilingRunUri, results):
     with context.engine.scoped_session() as session:
-        run = api.DatasetProfilingRun.update_run(
+        run = DatasetProfilingService.update_run(
             session=session, profilingRunUri=profilingRunUri, results=results
         )
         return run
@@ -79,12 +80,12 @@ def update_profiling_run_results(context: Context, source, profilingRunUri, resu
 
 def list_profiling_runs(context: Context, source, datasetUri=None):
     with context.engine.scoped_session() as session:
-        return api.DatasetProfilingRun.list_profiling_runs(session, datasetUri)
+        return DatasetProfilingService.list_profiling_runs(session, datasetUri)
 
 
 def get_profiling_run(context: Context, source, profilingRunUri=None):
     with context.engine.scoped_session() as session:
-        return api.DatasetProfilingRun.get_profiling_run(
+        return DatasetProfilingService.get_profiling_run(
             session=session, profilingRunUri=profilingRunUri
         )
 
@@ -92,7 +93,7 @@ def get_profiling_run(context: Context, source, profilingRunUri=None):
 def get_last_table_profiling_run(context: Context, source, tableUri=None):
     with context.engine.scoped_session() as session:
         run: DatasetProfilingRun = (
-            api.DatasetProfilingRun.get_table_last_profiling_run(
+            DatasetProfilingService.get_table_last_profiling_run(
                 session=session, tableUri=tableUri
             )
         )
@@ -113,7 +114,7 @@ def get_last_table_profiling_run(context: Context, source, tableUri=None):
 
             if not run.results:
                 run_with_results = (
-                    api.DatasetProfilingRun.get_table_last_profiling_run_with_results(
+                    DatasetProfilingService.get_table_last_profiling_run_with_results(
                         session=session, tableUri=tableUri
                     )
                 )
@@ -144,6 +145,6 @@ def get_profiling_results_from_s3(environment, dataset, table, run):
 
 def list_table_profiling_runs(context: Context, source, tableUri=None):
     with context.engine.scoped_session() as session:
-        return api.DatasetProfilingRun.list_table_profiling_runs(
+        return DatasetProfilingService.list_table_profiling_runs(
             session=session, tableUri=tableUri, filter={}
         )
diff --git a/backend/dataall/db/api/dataset_profiling_run.py b/backend/dataall/modules/datasets/services/dataset_profiling_service.py
similarity index 96%
rename from backend/dataall/db/api/dataset_profiling_run.py
rename to backend/dataall/modules/datasets/services/dataset_profiling_service.py
index 5e7024843..915a52eda 100644
--- a/backend/dataall/db/api/dataset_profiling_run.py
+++ b/backend/dataall/modules/datasets/services/dataset_profiling_service.py
@@ -1,11 +1,11 @@
 from sqlalchemy import and_
 
-from .. import paginate, models
-from ..exceptions import ObjectNotFound
+from dataall.db import paginate, models
+from dataall.db.exceptions import ObjectNotFound
 from dataall.modules.datasets.db.models import DatasetProfilingRun as DatasetProfilingRunModel
 
 
-class DatasetProfilingRun:
+class DatasetProfilingService:
     def __init__(self):
         pass
 
@@ -56,7 +56,7 @@ def update_run(
         GlueJobRunState=None,
         results=None,
     ):
-        run = DatasetProfilingRun.get_profiling_run(
+        run = DatasetProfilingService.get_profiling_run(
             session, profilingRunUri=profilingRunUri, GlueJobRunId=GlueJobRunId
         )
         if GlueJobRunId:
diff --git a/backend/dataall/modules/datasets/tasks/subscription_service.py b/backend/dataall/modules/datasets/tasks/subscription_service.py
index 8674f903a..74f84d7c9 100644
--- a/backend/dataall/modules/datasets/tasks/subscription_service.py
+++ b/backend/dataall/modules/datasets/tasks/subscription_service.py
@@ -12,6 +12,7 @@
 from dataall.aws.handlers.sqs import SqsQueue
 from dataall.db import get_engine
 from dataall.db import models
+from dataall.modules.datasets.services.dataset_profiling_service import DatasetProfilingService
 from dataall.tasks.subscriptions import poll_queues
 from dataall.utils import json_utils
 from dataall.modules.datasets.services.dataset_table import DatasetTableService
@@ -143,7 +144,7 @@ def store_dataquality_results(session, message):
             message.get('region'),
         )
 
-        run = db.api.DatasetProfilingRun.start_profiling(
+        run = DatasetProfilingService.start_profiling(
             session=session,
             datasetUri=table.datasetUri,
             GlueTableName=table.GlueTableName,

From 8a907df924211b345b94c2a2fc3c1f166ecd5fbf Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 14 Apr 2023 15:59:51 +0200
Subject: [PATCH 046/346] Datasets refactoring

Extracted glue_profiling_handler
---
 backend/dataall/aws/handlers/glue.py          | 86 ----------------
 .../handlers/glue_profiling_handler.py        | 98 +++++++++++++++++++
 2 files changed, 98 insertions(+), 86 deletions(-)
 create mode 100644 backend/dataall/modules/datasets/handlers/glue_profiling_handler.py

diff --git a/backend/dataall/aws/handlers/glue.py b/backend/dataall/aws/handlers/glue.py
index 567ab6967..e76fd4e63 100644
--- a/backend/dataall/aws/handlers/glue.py
+++ b/backend/dataall/aws/handlers/glue.py
@@ -6,8 +6,6 @@
 from .sts import SessionHelper
 from ... import db
 from ...db import models
-from dataall.modules.datasets.db.models import DatasetProfilingRun
-from dataall.modules.datasets.services.dataset_profiling_service import DatasetProfilingService
 
 log = logging.getLogger('aws:glue')
 
@@ -524,90 +522,6 @@ def get_job_runs(engine, task: models.Task):
                 return []
             return response['JobRuns']
 
-    @staticmethod
-    @Worker.handler('glue.job.start_profiling_run')
-    def start_profiling_run(engine, task: models.Task):
-        with engine.scoped_session() as session:
-            profiling: DatasetProfilingRun = (
-                DatasetProfilingService.get_profiling_run(
-                    session, profilingRunUri=task.targetUri
-                )
-            )
-            dataset: models.Dataset = session.query(models.Dataset).get(
-                profiling.datasetUri
-            )
-            run = Glue.run_job(
-                **{
-                    'accountid': dataset.AwsAccountId,
-                    'name': dataset.GlueProfilingJobName,
-                    'region': dataset.region,
-                    'arguments': (
-                        {'--table': profiling.GlueTableName}
-                        if profiling.GlueTableName
-                        else {}
-                    ),
-                }
-            )
-            DatasetProfilingService.update_run(
-                session,
-                profilingRunUri=profiling.profilingRunUri,
-                GlueJobRunId=run['JobRunId'],
-            )
-            return run
-
-    @staticmethod
-    def run_job(**data):
-        accountid = data['accountid']
-        name = data['name']
-        try:
-            session = SessionHelper.remote_session(accountid=accountid)
-            client = session.client('glue', region_name=data.get('region', 'eu-west-1'))
-            response = client.start_job_run(
-                JobName=name, Arguments=data.get('arguments', {})
-            )
-            return response
-        except ClientError as e:
-            log.error(f'Failed to start profiling job {name} due to: {e}')
-            raise e
-
-    @staticmethod
-    @Worker.handler('glue.job.profiling_run_status')
-    def get_profiling_run(engine, task: models.Task):
-        with engine.scoped_session() as session:
-            profiling: DatasetProfilingRun = (
-                DatasetProfilingService.get_profiling_run(
-                    session, profilingRunUri=task.targetUri
-                )
-            )
-            dataset: models.Dataset = session.query(models.Dataset).get(
-                profiling.datasetUri
-            )
-            glue_run = Glue.get_job_run(
-                **{
-                    'accountid': dataset.AwsAccountId,
-                    'name': dataset.GlueProfilingJobName,
-                    'region': dataset.region,
-                    'run_id': profiling.GlueJobRunId,
-                }
-            )
-            profiling.status = glue_run['JobRun']['JobRunState']
-            session.commit()
-            return profiling.status
-
-    @staticmethod
-    def get_job_run(**data):
-        accountid = data['accountid']
-        name = data['name']
-        run_id = data['run_id']
-        try:
-            session = SessionHelper.remote_session(accountid=accountid)
-            client = session.client('glue', region_name=data.get('region', 'eu-west-1'))
-            response = client.get_job_run(JobName=name, RunId=run_id)
-            return response
-        except ClientError as e:
-            log.error(f'Failed to get job run {run_id} due to: {e}')
-            raise e
-
     @staticmethod
     def grant_principals_all_table_permissions(
         table: models.DatasetTable, principals: [str], client=None
diff --git a/backend/dataall/modules/datasets/handlers/glue_profiling_handler.py b/backend/dataall/modules/datasets/handlers/glue_profiling_handler.py
new file mode 100644
index 000000000..d15607733
--- /dev/null
+++ b/backend/dataall/modules/datasets/handlers/glue_profiling_handler.py
@@ -0,0 +1,98 @@
+import logging
+from botocore.exceptions import ClientError
+
+from dataall.aws.handlers.service_handlers import Worker
+from dataall.aws.handlers.sts import SessionHelper
+from dataall.db import models
+from dataall.modules.datasets.db.models import DatasetProfilingRun
+from dataall.modules.datasets.services.dataset_profiling_service import DatasetProfilingService
+
+log = logging.getLogger(__name__)
+
+
+class DatasetProfilingGlueHandler:
+    """A handler for dataset profiling"""
+
+    @staticmethod
+    @Worker.handler('glue.job.profiling_run_status')
+    def get_profiling_run(engine, task: models.Task):
+        with engine.scoped_session() as session:
+            profiling: DatasetProfilingRun = (
+                DatasetProfilingService.get_profiling_run(
+                    session, profilingRunUri=task.targetUri
+                )
+            )
+            dataset: models.Dataset = session.query(models.Dataset).get(
+                profiling.datasetUri
+            )
+            glue_run = DatasetProfilingGlueHandler.get_job_run(
+                **{
+                    'accountid': dataset.AwsAccountId,
+                    'name': dataset.GlueProfilingJobName,
+                    'region': dataset.region,
+                    'run_id': profiling.GlueJobRunId,
+                }
+            )
+            profiling.status = glue_run['JobRun']['JobRunState']
+            session.commit()
+            return profiling.status
+
+    @staticmethod
+    @Worker.handler('glue.job.start_profiling_run')
+    def start_profiling_run(engine, task: models.Task):
+        with engine.scoped_session() as session:
+            profiling: DatasetProfilingRun = (
+                DatasetProfilingService.get_profiling_run(
+                    session, profilingRunUri=task.targetUri
+                )
+            )
+            dataset: models.Dataset = session.query(models.Dataset).get(
+                profiling.datasetUri
+            )
+            run = DatasetProfilingGlueHandler.run_job(
+                **{
+                    'accountid': dataset.AwsAccountId,
+                    'name': dataset.GlueProfilingJobName,
+                    'region': dataset.region,
+                    'arguments': (
+                        {'--table': profiling.GlueTableName}
+                        if profiling.GlueTableName
+                        else {}
+                    ),
+                }
+            )
+            DatasetProfilingService.update_run(
+                session,
+                profilingRunUri=profiling.profilingRunUri,
+                GlueJobRunId=run['JobRunId'],
+            )
+            return run
+
+    @staticmethod
+    def get_job_run(**data):
+        accountid = data['accountid']
+        name = data['name']
+        run_id = data['run_id']
+        try:
+            session = SessionHelper.remote_session(accountid=accountid)
+            client = session.client('glue', region_name=data.get('region', 'eu-west-1'))
+            response = client.get_job_run(JobName=name, RunId=run_id)
+            return response
+        except ClientError as e:
+            log.error(f'Failed to get job run {run_id} due to: {e}')
+            raise e
+
+    @staticmethod
+    def run_job(**data):
+        accountid = data['accountid']
+        name = data['name']
+        try:
+            session = SessionHelper.remote_session(accountid=accountid)
+            client = session.client('glue', region_name=data.get('region', 'eu-west-1'))
+            response = client.start_job_run(
+                JobName=name, Arguments=data.get('arguments', {})
+            )
+            return response
+        except ClientError as e:
+            log.error(f'Failed to start profiling job {name} due to: {e}')
+            raise e

From 561da72a94c1eefe4547eede1a03582b2ee14f79 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 14 Apr 2023 16:08:24 +0200
Subject: [PATCH 047/346] Datasets refactoring

Deleted DatasetTableProfilingJob since could not find any usage of it
---
 .../db/models/DatasetTableProfilingJob.py      | 18 ------------------
 backend/dataall/db/models/__init__.py          |  1 -
 2 files changed, 19 deletions(-)
 delete mode 100644 backend/dataall/db/models/DatasetTableProfilingJob.py

diff --git a/backend/dataall/db/models/DatasetTableProfilingJob.py b/backend/dataall/db/models/DatasetTableProfilingJob.py
deleted file mode 100644
index ea0fedbf0..000000000
--- a/backend/dataall/db/models/DatasetTableProfilingJob.py
+++ /dev/null
@@ -1,18 +0,0 @@
-from sqlalchemy import Column, String
-from sqlalchemy.orm import query_expression
-
-from .. import Base
-from .. import Resource, utils
-
-
-class DatasetTableProfilingJob(Resource, Base):
-    __tablename__ = 'dataset_table_profiling_job'
-    tableUri = Column(String, nullable=False)
-    jobUri = Column(String, primary_key=True, default=utils.uuid('profilingjob'))
-    AWSAccountId = Column(String, nullable=False)
-    RunCommandId = Column(String, nullable=True)
-    GlueDatabaseName = Column(String, nullable=False)
-    GlueTableName = Column(String, nullable=False)
-    region = Column(String, default='eu-west-1')
-    status = Column(String, default='')
-    userRoleForJob = query_expression()
diff --git a/backend/dataall/db/models/__init__.py b/backend/dataall/db/models/__init__.py
index f25e5f59b..0af480d79 100644
--- a/backend/dataall/db/models/__init__.py
+++ b/backend/dataall/db/models/__init__.py
@@ -8,7 +8,6 @@
 from .DatasetQualityRule import DatasetQualityRule
 from .DatasetStorageLocation import DatasetStorageLocation
 from .DatasetTable import DatasetTable
-from .DatasetTableProfilingJob import DatasetTableProfilingJob
 from .Environment import Environment
 from .EnvironmentGroup import EnvironmentGroup
 from .FeedMessage import FeedMessage

From 73c8150a363b3eafc6715d658f97dc6449db2dbd Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 17 Apr 2023 10:29:51 +0200
Subject: [PATCH 048/346] Datasets refactoring

Moved dataset storage location into modules
---
 backend/dataall/api/Objects/__init__.py             |  1 -
 .../api}/DatasetStorageLocation/__init__.py         |  2 +-
 .../api}/DatasetStorageLocation/input_types.py      |  2 +-
 .../api}/DatasetStorageLocation/mutations.py        | 13 +++++++++----
 .../datasets/api}/DatasetStorageLocation/queries.py |  4 ++--
 .../api}/DatasetStorageLocation/resolvers.py        | 12 ++++++------
 .../datasets/api}/DatasetStorageLocation/schema.py  |  7 +++++--
 backend/dataall/modules/datasets/api/__init__.py    |  5 +++--
 8 files changed, 27 insertions(+), 19 deletions(-)
 rename backend/dataall/{api/Objects => modules/datasets/api}/DatasetStorageLocation/__init__.py (69%)
 rename backend/dataall/{api/Objects => modules/datasets/api}/DatasetStorageLocation/input_types.py (97%)
 rename backend/dataall/{api/Objects => modules/datasets/api}/DatasetStorageLocation/mutations.py (76%)
 rename backend/dataall/{api/Objects => modules/datasets/api}/DatasetStorageLocation/queries.py (66%)
 rename backend/dataall/{api/Objects => modules/datasets/api}/DatasetStorageLocation/resolvers.py (94%)
 rename backend/dataall/{api/Objects => modules/datasets/api}/DatasetStorageLocation/schema.py (95%)

diff --git a/backend/dataall/api/Objects/__init__.py b/backend/dataall/api/Objects/__init__.py
index 80b91358a..7c064fb1f 100644
--- a/backend/dataall/api/Objects/__init__.py
+++ b/backend/dataall/api/Objects/__init__.py
@@ -24,7 +24,6 @@
     Dashboard,
     ShareObject,
     Organization,
-    DatasetStorageLocation,
     Stack,
     Test,
     SagemakerStudio,
diff --git a/backend/dataall/api/Objects/DatasetStorageLocation/__init__.py b/backend/dataall/modules/datasets/api/DatasetStorageLocation/__init__.py
similarity index 69%
rename from backend/dataall/api/Objects/DatasetStorageLocation/__init__.py
rename to backend/dataall/modules/datasets/api/DatasetStorageLocation/__init__.py
index dfa46b264..e00ffe36f 100644
--- a/backend/dataall/api/Objects/DatasetStorageLocation/__init__.py
+++ b/backend/dataall/modules/datasets/api/DatasetStorageLocation/__init__.py
@@ -1,4 +1,4 @@
-from . import (
+from dataall.modules.datasets.api.DatasetStorageLocation import (
     input_types,
     mutations,
     queries,
diff --git a/backend/dataall/api/Objects/DatasetStorageLocation/input_types.py b/backend/dataall/modules/datasets/api/DatasetStorageLocation/input_types.py
similarity index 97%
rename from backend/dataall/api/Objects/DatasetStorageLocation/input_types.py
rename to backend/dataall/modules/datasets/api/DatasetStorageLocation/input_types.py
index f948bebad..4e4bf10e4 100644
--- a/backend/dataall/api/Objects/DatasetStorageLocation/input_types.py
+++ b/backend/dataall/modules/datasets/api/DatasetStorageLocation/input_types.py
@@ -1,4 +1,4 @@
-from ... import gql
+from dataall.api import gql
 
 NewDatasetStorageLocationInput = gql.InputType(
     name='NewDatasetStorageLocationInput',
diff --git a/backend/dataall/api/Objects/DatasetStorageLocation/mutations.py b/backend/dataall/modules/datasets/api/DatasetStorageLocation/mutations.py
similarity index 76%
rename from backend/dataall/api/Objects/DatasetStorageLocation/mutations.py
rename to backend/dataall/modules/datasets/api/DatasetStorageLocation/mutations.py
index 5b89cc6c1..10fc2ec40 100644
--- a/backend/dataall/api/Objects/DatasetStorageLocation/mutations.py
+++ b/backend/dataall/modules/datasets/api/DatasetStorageLocation/mutations.py
@@ -1,10 +1,15 @@
-from ... import gql
-from .input_types import (
+from dataall.api import gql
+from dataall.modules.datasets.api.DatasetStorageLocation.input_types import (
     ModifyDatasetFolderInput,
     NewDatasetStorageLocationInput,
 )
-from .resolvers import *
-from .schema import DatasetStorageLocation
+from dataall.modules.datasets.api.DatasetStorageLocation.resolvers import (
+    create_storage_location,
+    update_storage_location,
+    remove_storage_location,
+    publish_location_update
+)
+from dataall.modules.datasets.api.DatasetStorageLocation.schema import DatasetStorageLocation
 
 createDatasetStorageLocation = gql.MutationField(
     name='createDatasetStorageLocation',
diff --git a/backend/dataall/api/Objects/DatasetStorageLocation/queries.py b/backend/dataall/modules/datasets/api/DatasetStorageLocation/queries.py
similarity index 66%
rename from backend/dataall/api/Objects/DatasetStorageLocation/queries.py
rename to backend/dataall/modules/datasets/api/DatasetStorageLocation/queries.py
index 1baa5a7f9..447225cfd 100644
--- a/backend/dataall/api/Objects/DatasetStorageLocation/queries.py
+++ b/backend/dataall/modules/datasets/api/DatasetStorageLocation/queries.py
@@ -1,5 +1,5 @@
-from ... import gql
-from .resolvers import *
+from dataall.api import gql
+from dataall.modules.datasets.api.DatasetStorageLocation.resolvers import get_storage_location
 
 getDatasetStorageLocation = gql.QueryField(
     name='getDatasetStorageLocation',
diff --git a/backend/dataall/api/Objects/DatasetStorageLocation/resolvers.py b/backend/dataall/modules/datasets/api/DatasetStorageLocation/resolvers.py
similarity index 94%
rename from backend/dataall/api/Objects/DatasetStorageLocation/resolvers.py
rename to backend/dataall/modules/datasets/api/DatasetStorageLocation/resolvers.py
index 1a4171444..5f73c468c 100644
--- a/backend/dataall/api/Objects/DatasetStorageLocation/resolvers.py
+++ b/backend/dataall/modules/datasets/api/DatasetStorageLocation/resolvers.py
@@ -1,15 +1,15 @@
-from ....api.context import Context
-from ....aws.handlers.service_handlers import Worker
-from ....aws.handlers.s3 import S3
-from ....db import permissions, models
-from ....db.api import (
+from dataall.api.context import Context
+from dataall.aws.handlers.service_handlers import Worker
+from dataall.aws.handlers.s3 import S3
+from dataall.db import permissions, models
+from dataall.db.api import (
     ResourcePolicy,
     Glossary,
     DatasetStorageLocation,
     Dataset,
     Environment,
 )
-from ....searchproxy import indexers
+from dataall.searchproxy import indexers
 
 
 def create_storage_location(
diff --git a/backend/dataall/api/Objects/DatasetStorageLocation/schema.py b/backend/dataall/modules/datasets/api/DatasetStorageLocation/schema.py
similarity index 95%
rename from backend/dataall/api/Objects/DatasetStorageLocation/schema.py
rename to backend/dataall/modules/datasets/api/DatasetStorageLocation/schema.py
index d05309f0b..fab6c3bd1 100644
--- a/backend/dataall/api/Objects/DatasetStorageLocation/schema.py
+++ b/backend/dataall/modules/datasets/api/DatasetStorageLocation/schema.py
@@ -1,5 +1,8 @@
-from ... import gql
-from .resolvers import *
+from dataall.api import gql
+from dataall.modules.datasets.api.DatasetStorageLocation.resolvers import (
+    resolve_glossary_terms,
+    resolve_dataset
+)
 
 DatasetStorageLocation = gql.ObjectType(
     name='DatasetStorageLocation',
diff --git a/backend/dataall/modules/datasets/api/__init__.py b/backend/dataall/modules/datasets/api/__init__.py
index 6bb6f8ab0..4657365df 100644
--- a/backend/dataall/modules/datasets/api/__init__.py
+++ b/backend/dataall/modules/datasets/api/__init__.py
@@ -1,7 +1,8 @@
 """The GraphQL schema of datasets and related functionality"""
 from dataall.modules.datasets.api import (
     table_column,
-    profiling
+    profiling,
+    DatasetStorageLocation
 )
 
-__all__ = ["table_column", "profiling"]
+__all__ = ["table_column", "profiling", "DatasetStorageLocation"]

From 56a3610116ae136579ead39bf70ba962b7592f8a Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 17 Apr 2023 10:31:21 +0200
Subject: [PATCH 049/346] Datasets refactoring

Renamed dataset storage location
---
 backend/dataall/modules/datasets/api/__init__.py            | 4 ++--
 .../__init__.py                                             | 2 +-
 .../input_types.py                                          | 0
 .../mutations.py                                            | 6 +++---
 .../{DatasetStorageLocation => storage_location}/queries.py | 2 +-
 .../resolvers.py                                            | 0
 .../{DatasetStorageLocation => storage_location}/schema.py  | 2 +-
 7 files changed, 8 insertions(+), 8 deletions(-)
 rename backend/dataall/modules/datasets/api/{DatasetStorageLocation => storage_location}/__init__.py (69%)
 rename backend/dataall/modules/datasets/api/{DatasetStorageLocation => storage_location}/input_types.py (100%)
 rename backend/dataall/modules/datasets/api/{DatasetStorageLocation => storage_location}/mutations.py (84%)
 rename backend/dataall/modules/datasets/api/{DatasetStorageLocation => storage_location}/queries.py (74%)
 rename backend/dataall/modules/datasets/api/{DatasetStorageLocation => storage_location}/resolvers.py (100%)
 rename backend/dataall/modules/datasets/api/{DatasetStorageLocation => storage_location}/schema.py (97%)

diff --git a/backend/dataall/modules/datasets/api/__init__.py b/backend/dataall/modules/datasets/api/__init__.py
index 4657365df..4c279340e 100644
--- a/backend/dataall/modules/datasets/api/__init__.py
+++ b/backend/dataall/modules/datasets/api/__init__.py
@@ -2,7 +2,7 @@
 from dataall.modules.datasets.api import (
     table_column,
     profiling,
-    DatasetStorageLocation
+    storage_location
 )
 
-__all__ = ["table_column", "profiling", "DatasetStorageLocation"]
+__all__ = ["table_column", "profiling", "storage_location"]
diff --git a/backend/dataall/modules/datasets/api/DatasetStorageLocation/__init__.py b/backend/dataall/modules/datasets/api/storage_location/__init__.py
similarity index 69%
rename from backend/dataall/modules/datasets/api/DatasetStorageLocation/__init__.py
rename to backend/dataall/modules/datasets/api/storage_location/__init__.py
index e00ffe36f..e878410f5 100644
--- a/backend/dataall/modules/datasets/api/DatasetStorageLocation/__init__.py
+++ b/backend/dataall/modules/datasets/api/storage_location/__init__.py
@@ -1,4 +1,4 @@
-from dataall.modules.datasets.api.DatasetStorageLocation import (
+from dataall.modules.datasets.api.storage_location import (
     input_types,
     mutations,
     queries,
diff --git a/backend/dataall/modules/datasets/api/DatasetStorageLocation/input_types.py b/backend/dataall/modules/datasets/api/storage_location/input_types.py
similarity index 100%
rename from backend/dataall/modules/datasets/api/DatasetStorageLocation/input_types.py
rename to backend/dataall/modules/datasets/api/storage_location/input_types.py
diff --git a/backend/dataall/modules/datasets/api/DatasetStorageLocation/mutations.py b/backend/dataall/modules/datasets/api/storage_location/mutations.py
similarity index 84%
rename from backend/dataall/modules/datasets/api/DatasetStorageLocation/mutations.py
rename to backend/dataall/modules/datasets/api/storage_location/mutations.py
index 10fc2ec40..14aafddc7 100644
--- a/backend/dataall/modules/datasets/api/DatasetStorageLocation/mutations.py
+++ b/backend/dataall/modules/datasets/api/storage_location/mutations.py
@@ -1,15 +1,15 @@
 from dataall.api import gql
-from dataall.modules.datasets.api.DatasetStorageLocation.input_types import (
+from dataall.modules.datasets.api.storage_location.input_types import (
     ModifyDatasetFolderInput,
     NewDatasetStorageLocationInput,
 )
-from dataall.modules.datasets.api.DatasetStorageLocation.resolvers import (
+from dataall.modules.datasets.api.storage_location.resolvers import (
     create_storage_location,
     update_storage_location,
     remove_storage_location,
     publish_location_update
 )
-from dataall.modules.datasets.api.DatasetStorageLocation.schema import DatasetStorageLocation
+from dataall.modules.datasets.api.storage_location.schema import DatasetStorageLocation
 
 createDatasetStorageLocation = gql.MutationField(
     name='createDatasetStorageLocation',
diff --git a/backend/dataall/modules/datasets/api/DatasetStorageLocation/queries.py b/backend/dataall/modules/datasets/api/storage_location/queries.py
similarity index 74%
rename from backend/dataall/modules/datasets/api/DatasetStorageLocation/queries.py
rename to backend/dataall/modules/datasets/api/storage_location/queries.py
index 447225cfd..ea129a37d 100644
--- a/backend/dataall/modules/datasets/api/DatasetStorageLocation/queries.py
+++ b/backend/dataall/modules/datasets/api/storage_location/queries.py
@@ -1,5 +1,5 @@
 from dataall.api import gql
-from dataall.modules.datasets.api.DatasetStorageLocation.resolvers import get_storage_location
+from dataall.modules.datasets.api.storage_location.resolvers import get_storage_location
 
 getDatasetStorageLocation = gql.QueryField(
     name='getDatasetStorageLocation',
diff --git a/backend/dataall/modules/datasets/api/DatasetStorageLocation/resolvers.py b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
similarity index 100%
rename from backend/dataall/modules/datasets/api/DatasetStorageLocation/resolvers.py
rename to backend/dataall/modules/datasets/api/storage_location/resolvers.py
diff --git a/backend/dataall/modules/datasets/api/DatasetStorageLocation/schema.py b/backend/dataall/modules/datasets/api/storage_location/schema.py
similarity index 97%
rename from backend/dataall/modules/datasets/api/DatasetStorageLocation/schema.py
rename to backend/dataall/modules/datasets/api/storage_location/schema.py
index fab6c3bd1..c9853a22f 100644
--- a/backend/dataall/modules/datasets/api/DatasetStorageLocation/schema.py
+++ b/backend/dataall/modules/datasets/api/storage_location/schema.py
@@ -1,5 +1,5 @@
 from dataall.api import gql
-from dataall.modules.datasets.api.DatasetStorageLocation.resolvers import (
+from dataall.modules.datasets.api.storage_location.resolvers import (
     resolve_glossary_terms,
     resolve_dataset
 )

From 47a38ccbaea0b3368b3cd5003208067081ccd1a6 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 17 Apr 2023 10:37:27 +0200
Subject: [PATCH 050/346] Datasets refactoring

Returned the name to model after renaming the service
---
 .../services/dataset_profiling_service.py     | 48 +++++++++----------
 1 file changed, 24 insertions(+), 24 deletions(-)

diff --git a/backend/dataall/modules/datasets/services/dataset_profiling_service.py b/backend/dataall/modules/datasets/services/dataset_profiling_service.py
index 915a52eda..5b6ca8d41 100644
--- a/backend/dataall/modules/datasets/services/dataset_profiling_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_profiling_service.py
@@ -2,7 +2,7 @@
 
 from dataall.db import paginate, models
 from dataall.db.exceptions import ObjectNotFound
-from dataall.modules.datasets.db.models import DatasetProfilingRun as DatasetProfilingRunModel
+from dataall.modules.datasets.db.models import DatasetProfilingRun
 
 
 class DatasetProfilingService:
@@ -31,7 +31,7 @@ def start_profiling(
         if not environment:
             raise ObjectNotFound('Environment', dataset.environmentUri)
 
-        run = DatasetProfilingRunModel(
+        run = DatasetProfilingRun(
             datasetUri=dataset.datasetUri,
             status='RUNNING',
             AwsAccountId=environment.AwsAccountId,
@@ -73,14 +73,14 @@ def get_profiling_run(
         session, profilingRunUri=None, GlueJobRunId=None, GlueTableName=None
     ):
         if profilingRunUri:
-            run: DatasetProfilingRunModel = session.query(
-                DatasetProfilingRunModel
+            run: DatasetProfilingRun = session.query(
+                DatasetProfilingRun
             ).get(profilingRunUri)
         else:
-            run: DatasetProfilingRunModel = (
-                session.query(DatasetProfilingRunModel)
-                .filter(DatasetProfilingRunModel.GlueJobRunId == GlueJobRunId)
-                .filter(DatasetProfilingRunModel.GlueTableName == GlueTableName)
+            run: DatasetProfilingRun = (
+                session.query(DatasetProfilingRun)
+                .filter(DatasetProfilingRun.GlueJobRunId == GlueJobRunId)
+                .filter(DatasetProfilingRun.GlueTableName == GlueTableName)
                 .first()
             )
         return run
@@ -90,9 +90,9 @@ def list_profiling_runs(session, datasetUri, filter: dict = None):
         if not filter:
             filter = {}
         q = (
-            session.query(DatasetProfilingRunModel)
-            .filter(DatasetProfilingRunModel.datasetUri == datasetUri)
-            .order_by(DatasetProfilingRunModel.created.desc())
+            session.query(DatasetProfilingRun)
+            .filter(DatasetProfilingRun.datasetUri == datasetUri)
+            .order_by(DatasetProfilingRun.created.desc())
         )
         return paginate(
             q, page=filter.get('page', 1), page_size=filter.get('pageSize', 20)
@@ -103,19 +103,19 @@ def list_table_profiling_runs(session, tableUri, filter):
         if not filter:
             filter = {}
         q = (
-            session.query(DatasetProfilingRunModel)
+            session.query(DatasetProfilingRun)
             .join(
                 models.DatasetTable,
-                models.DatasetTable.datasetUri == DatasetProfilingRunModel.datasetUri,
+                models.DatasetTable.datasetUri == DatasetProfilingRun.datasetUri,
             )
             .filter(
                 and_(
                     models.DatasetTable.tableUri == tableUri,
                     models.DatasetTable.GlueTableName
-                    == DatasetProfilingRunModel.GlueTableName,
+                    == DatasetProfilingRun.GlueTableName,
                 )
             )
-            .order_by(DatasetProfilingRunModel.created.desc())
+            .order_by(DatasetProfilingRun.created.desc())
         )
         return paginate(
             q, page=filter.get('page', 1), page_size=filter.get('pageSize', 20)
@@ -124,34 +124,34 @@ def list_table_profiling_runs(session, tableUri, filter):
     @staticmethod
     def get_table_last_profiling_run(session, tableUri):
         return (
-            session.query(DatasetProfilingRunModel)
+            session.query(DatasetProfilingRun)
             .join(
                 models.DatasetTable,
-                models.DatasetTable.datasetUri == DatasetProfilingRunModel.datasetUri,
+                models.DatasetTable.datasetUri == DatasetProfilingRun.datasetUri,
             )
             .filter(models.DatasetTable.tableUri == tableUri)
             .filter(
                 models.DatasetTable.GlueTableName
-                == DatasetProfilingRunModel.GlueTableName
+                == DatasetProfilingRun.GlueTableName
             )
-            .order_by(DatasetProfilingRunModel.created.desc())
+            .order_by(DatasetProfilingRun.created.desc())
             .first()
         )
 
     @staticmethod
     def get_table_last_profiling_run_with_results(session, tableUri):
         return (
-            session.query(DatasetProfilingRunModel)
+            session.query(DatasetProfilingRun)
             .join(
                 models.DatasetTable,
-                models.DatasetTable.datasetUri == DatasetProfilingRunModel.datasetUri,
+                models.DatasetTable.datasetUri == DatasetProfilingRun.datasetUri,
             )
             .filter(models.DatasetTable.tableUri == tableUri)
             .filter(
                 models.DatasetTable.GlueTableName
-                == DatasetProfilingRunModel.GlueTableName
+                == DatasetProfilingRun.GlueTableName
             )
-            .filter(DatasetProfilingRunModel.results.isnot(None))
-            .order_by(DatasetProfilingRunModel.created.desc())
+            .filter(DatasetProfilingRun.results.isnot(None))
+            .order_by(DatasetProfilingRun.created.desc())
             .first()
         )

From dbb55179baefc20027578bf89747a82ce192ee13 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 17 Apr 2023 10:54:08 +0200
Subject: [PATCH 051/346] Datasets refactoring

Moved DatasetStorageLocation into modules
---
 backend/dataall/api/Objects/Feed/registry.py  |  1 -
 .../dataall/api/Objects/Glossary/registry.py  |  1 -
 .../dataall/api/Objects/Glossary/resolvers.py |  4 +-
 .../api/Objects/ShareObject/resolvers.py      |  3 +-
 backend/dataall/cdkproxy/stacks/dataset.py    | 15 ++++----
 backend/dataall/db/api/dataset.py             | 21 ++++++-----
 backend/dataall/db/api/dataset_location.py    | 37 ++++++++++---------
 backend/dataall/db/api/environment.py         | 20 +++++-----
 backend/dataall/db/api/share_object.py        | 23 ++++++------
 .../db/models/DatasetStorageLocation.py       | 22 -----------
 backend/dataall/db/models/__init__.py         |  1 -
 backend/dataall/modules/datasets/__init__.py  |  7 +++-
 .../api/storage_location/resolvers.py         |  5 ++-
 backend/dataall/modules/datasets/db/models.py | 22 ++++++++++-
 .../datasets/tasks/subscription_service.py    |  3 +-
 backend/dataall/searchproxy/indexers.py       | 31 ++++++++--------
 .../dataall/tasks/bucket_policy_updater.py    | 15 ++++----
 .../share_managers/s3_share_manager.py        |  3 +-
 .../share_processors/s3_process_share.py      |  7 ++--
 backend/dataall/utils/alarm_service.py        |  5 ++-
 tests/api/conftest.py                         |  5 ++-
 tests/api/test_dataset.py                     |  3 +-
 tests/searchproxy/test_indexers.py            |  3 +-
 tests/tasks/conftest.py                       |  9 ++---
 tests/tasks/test_s3_share_manager.py          | 37 ++++++++++---------
 25 files changed, 161 insertions(+), 142 deletions(-)
 delete mode 100644 backend/dataall/db/models/DatasetStorageLocation.py

diff --git a/backend/dataall/api/Objects/Feed/registry.py b/backend/dataall/api/Objects/Feed/registry.py
index a119529ab..6a01a488a 100644
--- a/backend/dataall/api/Objects/Feed/registry.py
+++ b/backend/dataall/api/Objects/Feed/registry.py
@@ -39,5 +39,4 @@ def types(cls):
 FeedRegistry.register(FeedDefinition("Worksheet", models.Worksheet))
 FeedRegistry.register(FeedDefinition("DataPipeline", models.DataPipeline))
 FeedRegistry.register(FeedDefinition("DatasetTable", models.DatasetTable))
-FeedRegistry.register(FeedDefinition("DatasetStorageLocation", models.DatasetStorageLocation))
 FeedRegistry.register(FeedDefinition("Dashboard", models.Dashboard))
diff --git a/backend/dataall/api/Objects/Glossary/registry.py b/backend/dataall/api/Objects/Glossary/registry.py
index 375f470e2..7c42e4f4c 100644
--- a/backend/dataall/api/Objects/Glossary/registry.py
+++ b/backend/dataall/api/Objects/Glossary/registry.py
@@ -52,7 +52,6 @@ def types(cls):
 
 
 GlossaryRegistry.register(GlossaryDefinition("DatasetTable", "DatasetTable", models.DatasetTable))
-GlossaryRegistry.register(GlossaryDefinition("Folder", "DatasetStorageLocation", models.DatasetStorageLocation))
 GlossaryRegistry.register(GlossaryDefinition("Dashboard", "Dashboard", models.Dashboard))
 GlossaryRegistry.register(GlossaryDefinition("DatasetTable", "DatasetTable", models.DatasetTable))
 GlossaryRegistry.register(GlossaryDefinition("Dataset", "Dataset", models.Dataset))
diff --git a/backend/dataall/api/Objects/Glossary/resolvers.py b/backend/dataall/api/Objects/Glossary/resolvers.py
index 15e77327f..959578600 100644
--- a/backend/dataall/api/Objects/Glossary/resolvers.py
+++ b/backend/dataall/api/Objects/Glossary/resolvers.py
@@ -13,6 +13,8 @@
     GlossaryRole
 )
 
+from dataall.modules.datasets.db.models import DatasetStorageLocation
+
 
 def resolve_glossary_node(obj: models.GlossaryNode, *_):
     if obj.nodeType == 'G':
@@ -465,7 +467,7 @@ def reindex(context, linkUri):
         upsert_dataset(session=session, es=context.es, datasetUri=link.targetUri)
     elif isinstance(target, models.DatasetTable):
         upsert_table(session=session, es=context.es, tableUri=link.targetUri)
-    elif isinstance(target, models.DatasetStorageLocation):
+    elif isinstance(target, DatasetStorageLocation):
         upsert_folder(session=session, es=context.es, locationUri=link.targetUri)
     elif isinstance(target, models.Dashboard):
         upsert_dashboard(session=session, es=context.es, dashboardUri=link.targetUri)
diff --git a/backend/dataall/api/Objects/ShareObject/resolvers.py b/backend/dataall/api/Objects/ShareObject/resolvers.py
index 6bbb64bf4..16e4e1353 100644
--- a/backend/dataall/api/Objects/ShareObject/resolvers.py
+++ b/backend/dataall/api/Objects/ShareObject/resolvers.py
@@ -7,6 +7,7 @@
 from ....api.context import Context
 from ....aws.handlers.service_handlers import Worker
 from ....db import models
+from dataall.modules.datasets.db.models import DatasetStorageLocation
 
 log = logging.getLogger(__name__)
 
@@ -266,7 +267,7 @@ def resolve_dataset(context: Context, source: models.ShareObject, **kwargs):
 def union_resolver(object, *_):
     if isinstance(object, models.DatasetTable):
         return 'DatasetTable'
-    elif isinstance(object, models.DatasetStorageLocation):
+    elif isinstance(object, DatasetStorageLocation):
         return 'DatasetStorageLocation'
 
 
diff --git a/backend/dataall/cdkproxy/stacks/dataset.py b/backend/dataall/cdkproxy/stacks/dataset.py
index 133b5f928..852cba66b 100644
--- a/backend/dataall/cdkproxy/stacks/dataset.py
+++ b/backend/dataall/cdkproxy/stacks/dataset.py
@@ -28,6 +28,7 @@
 from ...db.api import Environment
 from ...utils.cdk_nag_utils import CDKNagUtil
 from ...utils.runtime_stacks_tagging import TagsUtil
+from dataall.modules.datasets.db.models import DatasetStorageLocation
 
 logger = logging.getLogger(__name__)
 
@@ -110,14 +111,14 @@ def get_shared_tables(self) -> typing.List[models.ShareObjectItem]:
             logger.info(f'found {len(tables)} shared tables')
         return tables
 
-    def get_shared_folders(self) -> typing.List[models.DatasetStorageLocation]:
+    def get_shared_folders(self) -> typing.List[DatasetStorageLocation]:
         engine = self.get_engine()
         with engine.scoped_session() as session:
             locations = (
                 session.query(
-                    models.DatasetStorageLocation.locationUri.label('locationUri'),
-                    models.DatasetStorageLocation.S3BucketName.label('S3BucketName'),
-                    models.DatasetStorageLocation.S3Prefix.label('S3Prefix'),
+                    DatasetStorageLocation.locationUri.label('locationUri'),
+                    DatasetStorageLocation.S3BucketName.label('S3BucketName'),
+                    DatasetStorageLocation.S3Prefix.label('S3Prefix'),
                     models.Environment.AwsAccountId.label('AwsAccountId'),
                     models.Environment.region.label('region'),
                 )
@@ -125,7 +126,7 @@ def get_shared_folders(self) -> typing.List[models.DatasetStorageLocation]:
                     models.ShareObjectItem,
                     and_(
                         models.ShareObjectItem.itemUri
-                        == models.DatasetStorageLocation.locationUri
+                        == DatasetStorageLocation.locationUri
                     ),
                 )
                 .join(
@@ -139,8 +140,8 @@ def get_shared_folders(self) -> typing.List[models.DatasetStorageLocation]:
                 )
                 .filter(
                     and_(
-                        models.DatasetStorageLocation.datasetUri == self.target_uri,
-                        models.DatasetStorageLocation.deleted.is_(None),
+                        DatasetStorageLocation.datasetUri == self.target_uri,
+                        DatasetStorageLocation.deleted.is_(None),
                         models.ShareObjectItem.status.in_(self.shared_states)
                     )
                 )
diff --git a/backend/dataall/db/api/dataset.py b/backend/dataall/db/api/dataset.py
index 8fdbb72b7..f78d92eae 100644
--- a/backend/dataall/db/api/dataset.py
+++ b/backend/dataall/db/api/dataset.py
@@ -20,6 +20,7 @@
     NamingConventionService,
     NamingConventionPattern,
 )
+from dataall.modules.datasets.db.models import DatasetStorageLocation
 
 logger = logging.getLogger(__name__)
 
@@ -266,17 +267,17 @@ def paginated_user_datasets(
     def paginated_dataset_locations(
         session, username, groups, uri, data=None, check_perm=None
     ) -> dict:
-        query = session.query(models.DatasetStorageLocation).filter(
-            models.DatasetStorageLocation.datasetUri == uri
+        query = session.query(DatasetStorageLocation).filter(
+            DatasetStorageLocation.datasetUri == uri
         )
         if data and data.get('term'):
             query = query.filter(
                 or_(
                     *[
-                        models.DatasetStorageLocation.name.ilike(
+                        DatasetStorageLocation.name.ilike(
                             '%' + data.get('term') + '%'
                         ),
-                        models.DatasetStorageLocation.S3Prefix.ilike(
+                        DatasetStorageLocation.S3Prefix.ilike(
                             '%' + data.get('term') + '%'
                         ),
                     ]
@@ -489,8 +490,8 @@ def get_dataset_tables(session, dataset_uri):
     def get_dataset_folders(session, dataset_uri):
         """return the dataset folders"""
         return (
-            session.query(models.DatasetStorageLocation)
-            .filter(models.DatasetStorageLocation.datasetUri == dataset_uri)
+            session.query(DatasetStorageLocation)
+            .filter(DatasetStorageLocation.datasetUri == dataset_uri)
             .all()
         )
 
@@ -634,10 +635,10 @@ def _delete_dataset_tables(session, dataset_uri) -> bool:
     @staticmethod
     def _delete_dataset_locations(session, dataset_uri) -> bool:
         locations = (
-            session.query(models.DatasetStorageLocation)
+            session.query(DatasetStorageLocation)
             .filter(
                 and_(
-                    models.DatasetStorageLocation.datasetUri == dataset_uri,
+                    DatasetStorageLocation.datasetUri == dataset_uri,
                 )
             )
             .all()
@@ -675,7 +676,7 @@ def count_dataset_tables(session, dataset_uri):
     @staticmethod
     def count_dataset_locations(session, dataset_uri):
         return (
-            session.query(models.DatasetStorageLocation)
-            .filter(models.DatasetStorageLocation.datasetUri == dataset_uri)
+            session.query(DatasetStorageLocation)
+            .filter(DatasetStorageLocation.datasetUri == dataset_uri)
             .count()
         )
diff --git a/backend/dataall/db/api/dataset_location.py b/backend/dataall/db/api/dataset_location.py
index ef9f085f3..e19f1dfb0 100644
--- a/backend/dataall/db/api/dataset_location.py
+++ b/backend/dataall/db/api/dataset_location.py
@@ -6,6 +6,7 @@
 from . import has_tenant_perm, has_resource_perm, Glossary
 from .. import models, api, paginate, permissions, exceptions
 from .dataset import Dataset
+from dataall.modules.datasets.db.models import DatasetStorageLocation as DatasetStorageLocationModel
 
 logger = logging.getLogger(__name__)
 
@@ -21,14 +22,14 @@ def create_dataset_location(
         uri: str,
         data: dict = None,
         check_perm: bool = False,
-    ) -> models.DatasetStorageLocation:
+    ) -> DatasetStorageLocationModel:
         dataset = Dataset.get_dataset_by_uri(session, uri)
         exists = (
-            session.query(models.DatasetStorageLocation)
+            session.query(DatasetStorageLocationModel)
             .filter(
                 and_(
-                    models.DatasetStorageLocation.datasetUri == dataset.datasetUri,
-                    models.DatasetStorageLocation.S3Prefix == data['prefix'],
+                    DatasetStorageLocationModel.datasetUri == dataset.datasetUri,
+                    DatasetStorageLocationModel.S3Prefix == data['prefix'],
                 )
             )
             .count()
@@ -40,7 +41,7 @@ def create_dataset_location(
                 message=f'Folder: {data["prefix"]} already exist on dataset {uri}',
             )
 
-        location = models.DatasetStorageLocation(
+        location = DatasetStorageLocationModel(
             datasetUri=dataset.datasetUri,
             label=data.get('label'),
             description=data.get('description', 'No description provided'),
@@ -77,14 +78,14 @@ def list_dataset_locations(
         check_perm: bool = False,
     ) -> dict:
         query = (
-            session.query(models.DatasetStorageLocation)
-            .filter(models.DatasetStorageLocation.datasetUri == uri)
-            .order_by(models.DatasetStorageLocation.created.desc())
+            session.query(DatasetStorageLocationModel)
+            .filter(DatasetStorageLocationModel.datasetUri == uri)
+            .order_by(DatasetStorageLocationModel.created.desc())
         )
         if data.get('term'):
             term = data.get('term')
             query = query.filter(
-                models.DatasetStorageLocation.label.ilike('%' + term + '%')
+                DatasetStorageLocationModel.label.ilike('%' + term + '%')
             )
         return paginate(
             query, page=data.get('page', 1), page_size=data.get('pageSize', 10)
@@ -100,7 +101,7 @@ def get_dataset_location(
         uri: str,
         data: dict = None,
         check_perm: bool = False,
-    ) -> models.DatasetStorageLocation:
+    ) -> DatasetStorageLocationModel:
         return DatasetStorageLocation.get_location_by_uri(session, data['locationUri'])
 
     @staticmethod
@@ -113,7 +114,7 @@ def update_dataset_location(
         uri: str,
         data: dict = None,
         check_perm: bool = False,
-    ) -> models.DatasetStorageLocation:
+    ) -> DatasetStorageLocationModel:
 
         location = data.get(
             'location',
@@ -176,9 +177,9 @@ def delete_dataset_location(
         return True
 
     @staticmethod
-    def get_location_by_uri(session, location_uri) -> models.DatasetStorageLocation:
+    def get_location_by_uri(session, location_uri) -> DatasetStorageLocationModel:
         location: DatasetStorageLocation = session.query(
-            models.DatasetStorageLocation
+            DatasetStorageLocationModel
         ).get(location_uri)
         if not location:
             raise exceptions.ObjectNotFound('Folder', location_uri)
@@ -186,13 +187,13 @@ def get_location_by_uri(session, location_uri) -> models.DatasetStorageLocation:
 
     @staticmethod
     def get_location_by_s3_prefix(session, s3_prefix, accountid, region):
-        location: models.DatasetStorageLocation = (
-            session.query(models.DatasetStorageLocation)
+        location: DatasetStorageLocationModel = (
+            session.query(DatasetStorageLocationModel)
             .filter(
                 and_(
-                    models.DatasetStorageLocation.S3Prefix.startswith(s3_prefix),
-                    models.DatasetStorageLocation.AWSAccountId == accountid,
-                    models.DatasetStorageLocation.region == region,
+                    DatasetStorageLocationModel.S3Prefix.startswith(s3_prefix),
+                    DatasetStorageLocationModel.AWSAccountId == accountid,
+                    DatasetStorageLocationModel.region == region,
                 )
             )
             .first()
diff --git a/backend/dataall/db/api/environment.py b/backend/dataall/db/api/environment.py
index 19d5de342..ac3777e5d 100644
--- a/backend/dataall/db/api/environment.py
+++ b/backend/dataall/db/api/environment.py
@@ -29,6 +29,8 @@
     NamingConventionPattern,
 )
 
+from dataall.modules.datasets.db.models import DatasetStorageLocation
+
 log = logging.getLogger(__name__)
 
 
@@ -905,7 +907,7 @@ def paginated_shared_with_environment_datasets(
                         (
                             models.ShareObjectItem.itemType
                             == ShareableType.StorageLocation.value,
-                            func.concat(models.DatasetStorageLocation.name),
+                            func.concat(DatasetStorageLocation.name),
                         ),
                     ],
                     else_='XXX XXXX',
@@ -933,9 +935,9 @@ def paginated_shared_with_environment_datasets(
                 models.ShareObjectItem.itemUri == models.DatasetTable.tableUri,
             )
             .outerjoin(
-                models.DatasetStorageLocation,
+                DatasetStorageLocation,
                 models.ShareObjectItem.itemUri
-                == models.DatasetStorageLocation.locationUri,
+                == DatasetStorageLocation.locationUri,
             )
             .filter(
                 and_(
@@ -1001,7 +1003,7 @@ def paginated_shared_with_environment_group_datasets(
                         (
                             models.ShareObjectItem.itemType
                             == ShareableType.StorageLocation.value,
-                            func.concat(models.DatasetStorageLocation.name),
+                            func.concat(DatasetStorageLocation.name),
                         ),
                     ],
                     else_='XXX XXXX',
@@ -1029,9 +1031,9 @@ def paginated_shared_with_environment_group_datasets(
                 models.ShareObjectItem.itemUri == models.DatasetTable.tableUri,
             )
             .outerjoin(
-                models.DatasetStorageLocation,
+                DatasetStorageLocation,
                 models.ShareObjectItem.itemUri
-                == models.DatasetStorageLocation.locationUri,
+                == DatasetStorageLocation.locationUri,
             )
             .filter(
                 and_(
@@ -1122,7 +1124,7 @@ def paginated_environment_data_items(
                         (
                             models.ShareObjectItem.itemType
                             == ShareableType.StorageLocation.value,
-                            func.concat(models.DatasetStorageLocation.name),
+                            func.concat(DatasetStorageLocation.name),
                         ),
                     ],
                     else_='XXX XXXX',
@@ -1150,9 +1152,9 @@ def paginated_environment_data_items(
                 models.ShareObjectItem.itemUri == models.DatasetTable.tableUri,
             )
             .outerjoin(
-                models.DatasetStorageLocation,
+                DatasetStorageLocation,
                 models.ShareObjectItem.itemUri
-                == models.DatasetStorageLocation.locationUri,
+                == DatasetStorageLocation.locationUri,
             )
             .filter(
                 and_(
diff --git a/backend/dataall/db/api/share_object.py b/backend/dataall/db/api/share_object.py
index ff1c426d7..bd0215190 100644
--- a/backend/dataall/db/api/share_object.py
+++ b/backend/dataall/db/api/share_object.py
@@ -10,6 +10,7 @@
 from .. import api, utils
 from .. import models, exceptions, permissions, paginate
 from ..models.Enums import ShareObjectStatus, ShareItemStatus, ShareObjectActions, ShareItemActions, ShareableType, PrincipalType
+from dataall.modules.datasets.db.models import DatasetStorageLocation
 
 logger = logging.getLogger(__name__)
 
@@ -419,7 +420,7 @@ def create_share_object(
             item = None
             if itemType:
                 if itemType == ShareableType.StorageLocation.value:
-                    item = session.query(models.DatasetStorageLocation).get(itemUri)
+                    item = session.query(DatasetStorageLocation).get(itemUri)
                 if itemType == ShareableType.Table.value:
                     item = session.query(models.DatasetTable).get(itemUri)
 
@@ -718,7 +719,7 @@ def get_share_item(
         if share_item.itemType == ShareableType.Table.value:
             return session.query(models.DatasetTable).get(share_item.itemUri)
         if share_item.itemType == ShareableType.StorageLocation:
-            return session.Query(models.DatasetStorageLocation).get(share_item.itemUri)
+            return session.Query(DatasetStorageLocation).get(share_item.itemUri)
 
     @staticmethod
     def get_share_by_uri(session, uri):
@@ -771,7 +772,7 @@ def add_share_object_item(
                 )
 
         elif itemType == ShareableType.StorageLocation.value:
-            item = session.query(models.DatasetStorageLocation).get(itemUri)
+            item = session.query(DatasetStorageLocation).get(itemUri)
 
         if not item:
             raise exceptions.ObjectNotFound('ShareObjectItem', itemUri)
@@ -971,10 +972,10 @@ def list_shareable_items(
         # marking the folder as part of the shareObject
         locations = (
             session.query(
-                models.DatasetStorageLocation.locationUri.label('itemUri'),
+                DatasetStorageLocation.locationUri.label('itemUri'),
                 func.coalesce('DatasetStorageLocation').label('itemType'),
-                models.DatasetStorageLocation.S3Prefix.label('itemName'),
-                models.DatasetStorageLocation.description.label('description'),
+                DatasetStorageLocation.S3Prefix.label('itemName'),
+                DatasetStorageLocation.description.label('description'),
                 models.ShareObjectItem.shareItemUri.label('shareItemUri'),
                 models.ShareObjectItem.status.label('status'),
                 case(
@@ -986,11 +987,11 @@ def list_shareable_items(
                 models.ShareObjectItem,
                 and_(
                     models.ShareObjectItem.shareUri == share.shareUri,
-                    models.DatasetStorageLocation.locationUri
+                    DatasetStorageLocation.locationUri
                     == models.ShareObjectItem.itemUri,
                 ),
             )
-            .filter(models.DatasetStorageLocation.datasetUri == datasetUri)
+            .filter(DatasetStorageLocation.datasetUri == datasetUri)
         )
         if data:
             if data.get("isRevokable"):
@@ -1162,7 +1163,7 @@ def find_share_item_by_table(
     def find_share_item_by_folder(
         session,
         share: models.ShareObject,
-        folder: models.DatasetStorageLocation,
+        folder: DatasetStorageLocation,
     ) -> models.ShareObjectItem:
         share_item: models.ShareObjectItem = (
             session.query(models.ShareObjectItem)
@@ -1268,10 +1269,10 @@ def get_share_data_items(session, share_uri, status):
         )
 
         folders = (
-            session.query(models.DatasetStorageLocation)
+            session.query(DatasetStorageLocation)
             .join(
                 models.ShareObjectItem,
-                models.ShareObjectItem.itemUri == models.DatasetStorageLocation.locationUri,
+                models.ShareObjectItem.itemUri == DatasetStorageLocation.locationUri,
             )
             .join(
                 models.ShareObject,
diff --git a/backend/dataall/db/models/DatasetStorageLocation.py b/backend/dataall/db/models/DatasetStorageLocation.py
deleted file mode 100644
index e21ae6694..000000000
--- a/backend/dataall/db/models/DatasetStorageLocation.py
+++ /dev/null
@@ -1,22 +0,0 @@
-from sqlalchemy import Boolean, Column, String
-from sqlalchemy.orm import query_expression
-
-from .. import Base, Resource, utils
-
-
-class DatasetStorageLocation(Resource, Base):
-    __tablename__ = 'dataset_storage_location'
-    datasetUri = Column(String, nullable=False)
-    locationUri = Column(String, primary_key=True, default=utils.uuid('location'))
-    AWSAccountId = Column(String, nullable=False)
-    S3BucketName = Column(String, nullable=False)
-    S3Prefix = Column(String, nullable=False)
-    S3AccessPoint = Column(String, nullable=True)
-    region = Column(String, default='eu-west-1')
-    locationCreated = Column(Boolean, default=False)
-    userRoleForStorageLocation = query_expression()
-    projectPermission = query_expression()
-    environmentEndPoint = query_expression()
-
-    def uri(self):
-        return self.locationUri
diff --git a/backend/dataall/db/models/__init__.py b/backend/dataall/db/models/__init__.py
index 0af480d79..c288527cf 100644
--- a/backend/dataall/db/models/__init__.py
+++ b/backend/dataall/db/models/__init__.py
@@ -6,7 +6,6 @@
 from .DashboardShare import DashboardShareStatus
 from .Dataset import Dataset
 from .DatasetQualityRule import DatasetQualityRule
-from .DatasetStorageLocation import DatasetStorageLocation
 from .DatasetTable import DatasetTable
 from .Environment import Environment
 from .EnvironmentGroup import EnvironmentGroup
diff --git a/backend/dataall/modules/datasets/__init__.py b/backend/dataall/modules/datasets/__init__.py
index 4620495fe..842eba82b 100644
--- a/backend/dataall/modules/datasets/__init__.py
+++ b/backend/dataall/modules/datasets/__init__.py
@@ -4,7 +4,7 @@
 
 from dataall.api.Objects.Feed.registry import FeedRegistry, FeedDefinition
 from dataall.api.Objects.Glossary.registry import GlossaryRegistry, GlossaryDefinition
-from dataall.modules.datasets.db.models import DatasetTableColumn
+from dataall.modules.datasets.db.models import DatasetTableColumn, DatasetStorageLocation
 from dataall.modules.loader import ModuleInterface, ImportMode
 
 log = logging.getLogger(__name__)
@@ -19,8 +19,13 @@ def is_supported(cls, modes):
 
     def __init__(self):
         import dataall.modules.datasets.api
+
         FeedRegistry.register(FeedDefinition("DatasetTableColumn", DatasetTableColumn))
+        FeedRegistry.register(FeedDefinition("DatasetStorageLocation", DatasetStorageLocation))
+
         GlossaryRegistry.register(GlossaryDefinition("Column", "DatasetTableColumn", DatasetTableColumn))
+        GlossaryRegistry.register(GlossaryDefinition("Folder", "DatasetStorageLocation", DatasetStorageLocation))
+
         log.info("API of datasets has been imported")
 
 
diff --git a/backend/dataall/modules/datasets/api/storage_location/resolvers.py b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
index 5f73c468c..2eb18198c 100644
--- a/backend/dataall/modules/datasets/api/storage_location/resolvers.py
+++ b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
@@ -10,6 +10,7 @@
     Environment,
 )
 from dataall.searchproxy import indexers
+from dataall.modules.datasets.db.models import DatasetStorageLocation
 
 
 def create_storage_location(
@@ -92,7 +93,7 @@ def remove_storage_location(context, source, locationUri: str = None):
     return True
 
 
-def resolve_dataset(context, source: models.DatasetStorageLocation, **kwargs):
+def resolve_dataset(context, source: DatasetStorageLocation, **kwargs):
     if not source:
         return None
     with context.engine.scoped_session() as session:
@@ -129,7 +130,7 @@ def publish_location_update(context: Context, source, locationUri: str = None):
 
 
 def resolve_glossary_terms(
-    context: Context, source: models.DatasetStorageLocation, **kwargs
+    context: Context, source: DatasetStorageLocation, **kwargs
 ):
     if not source:
         return None
diff --git a/backend/dataall/modules/datasets/db/models.py b/backend/dataall/modules/datasets/db/models.py
index 1ba60bea1..2dfee26ec 100644
--- a/backend/dataall/modules/datasets/db/models.py
+++ b/backend/dataall/modules/datasets/db/models.py
@@ -1,5 +1,6 @@
-from sqlalchemy import Column, String
+from sqlalchemy import Boolean, Column, String
 from sqlalchemy.dialects.postgresql import JSON
+from sqlalchemy.orm import query_expression
 from dataall.db import Base, Resource, utils
 
 
@@ -36,3 +37,22 @@ class DatasetProfilingRun(Resource, Base):
     AwsAccountId = Column(String)
     results = Column(JSON, default={})
     status = Column(String, default='Created')
+
+
+class DatasetStorageLocation(Resource, Base):
+    __tablename__ = 'dataset_storage_location'
+    datasetUri = Column(String, nullable=False)
+    locationUri = Column(String, primary_key=True, default=utils.uuid('location'))
+    AWSAccountId = Column(String, nullable=False)
+    S3BucketName = Column(String, nullable=False)
+    S3Prefix = Column(String, nullable=False)
+    S3AccessPoint = Column(String, nullable=True)
+    region = Column(String, default='eu-west-1')
+    locationCreated = Column(Boolean, default=False)
+    userRoleForStorageLocation = query_expression()
+    projectPermission = query_expression()
+    environmentEndPoint = query_expression()
+
+    def uri(self):
+        return self.locationUri
+
diff --git a/backend/dataall/modules/datasets/tasks/subscription_service.py b/backend/dataall/modules/datasets/tasks/subscription_service.py
index 74f84d7c9..7df028914 100644
--- a/backend/dataall/modules/datasets/tasks/subscription_service.py
+++ b/backend/dataall/modules/datasets/tasks/subscription_service.py
@@ -16,6 +16,7 @@
 from dataall.tasks.subscriptions import poll_queues
 from dataall.utils import json_utils
 from dataall.modules.datasets.services.dataset_table import DatasetTableService
+from dataall.modules.datasets.db.models import DatasetStorageLocation
 
 root = logging.getLogger()
 root.setLevel(logging.INFO)
@@ -103,7 +104,7 @@ def publish_table_update_message(engine, message):
 
     @staticmethod
     def publish_location_update_message(session, message):
-        location: models.DatasetStorageLocation = (
+        location: DatasetStorageLocation = (
             db.api.DatasetStorageLocation.get_location_by_s3_prefix(
                 session,
                 message.get('prefix'),
diff --git a/backend/dataall/searchproxy/indexers.py b/backend/dataall/searchproxy/indexers.py
index 78886716d..7361c2150 100644
--- a/backend/dataall/searchproxy/indexers.py
+++ b/backend/dataall/searchproxy/indexers.py
@@ -6,6 +6,7 @@
 from .upsert import upsert
 from .. import db
 from ..db import models
+from dataall.modules.datasets.db.models import DatasetStorageLocation
 
 log = logging.getLogger(__name__)
 
@@ -184,14 +185,14 @@ def upsert_table(session, es, tableUri: str):
 def upsert_folder(session, es, locationUri: str):
     folder = (
         session.query(
-            models.DatasetStorageLocation.datasetUri.label('datasetUri'),
-            models.DatasetStorageLocation.locationUri.label('uri'),
-            models.DatasetStorageLocation.name.label('name'),
-            models.DatasetStorageLocation.owner.label('owner'),
-            models.DatasetStorageLocation.label.label('label'),
-            models.DatasetStorageLocation.description.label('description'),
-            models.DatasetStorageLocation.tags.label('tags'),
-            models.DatasetStorageLocation.region.label('region'),
+            DatasetStorageLocation.datasetUri.label('datasetUri'),
+            DatasetStorageLocation.locationUri.label('uri'),
+            DatasetStorageLocation.name.label('name'),
+            DatasetStorageLocation.owner.label('owner'),
+            DatasetStorageLocation.label.label('label'),
+            DatasetStorageLocation.description.label('description'),
+            DatasetStorageLocation.tags.label('tags'),
+            DatasetStorageLocation.region.label('region'),
             models.Organization.organizationUri.label('orgUri'),
             models.Organization.name.label('orgName'),
             models.Environment.environmentUri.label('envUri'),
@@ -200,13 +201,13 @@ def upsert_folder(session, es, locationUri: str):
             models.Dataset.S3BucketName.label('source'),
             models.Dataset.topics.label('topics'),
             models.Dataset.confidentiality.label('classification'),
-            models.DatasetStorageLocation.created,
-            models.DatasetStorageLocation.updated,
-            models.DatasetStorageLocation.deleted,
+            DatasetStorageLocation.created,
+            DatasetStorageLocation.updated,
+            DatasetStorageLocation.deleted,
         )
         .join(
             models.Dataset,
-            models.Dataset.datasetUri == models.DatasetStorageLocation.datasetUri,
+            models.Dataset.datasetUri == DatasetStorageLocation.datasetUri,
         )
         .join(
             models.Organization,
@@ -216,7 +217,7 @@ def upsert_folder(session, es, locationUri: str):
             models.Environment,
             models.Dataset.environmentUri == models.Environment.environmentUri,
         )
-        .filter(models.DatasetStorageLocation.locationUri == locationUri)
+        .filter(DatasetStorageLocation.locationUri == locationUri)
         .first()
     )
     if folder:
@@ -349,8 +350,8 @@ def remove_deleted_tables(session, es, datasetUri: str):
 
 def upsert_dataset_folders(session, es, datasetUri: str):
     folders = (
-        session.query(models.DatasetStorageLocation)
-        .filter(models.DatasetStorageLocation.datasetUri == datasetUri)
+        session.query(DatasetStorageLocation)
+        .filter(DatasetStorageLocation.datasetUri == datasetUri)
         .all()
     )
     for folder in folders:
diff --git a/backend/dataall/tasks/bucket_policy_updater.py b/backend/dataall/tasks/bucket_policy_updater.py
index 5b8f322be..9932f53ae 100644
--- a/backend/dataall/tasks/bucket_policy_updater.py
+++ b/backend/dataall/tasks/bucket_policy_updater.py
@@ -10,6 +10,7 @@
 from ..aws.handlers.sts import SessionHelper
 from ..db import get_engine
 from ..db import models, api
+from dataall.modules.datasets.db.models import DatasetStorageLocation
 
 root = logging.getLogger()
 root.setLevel(logging.INFO)
@@ -201,13 +202,13 @@ def get_shared_tables(self, dataset) -> typing.List[models.ShareObjectItem]:
             ).all()
         return tables
 
-    def get_shared_folders(self, dataset) -> typing.List[models.DatasetStorageLocation]:
+    def get_shared_folders(self, dataset) -> typing.List[DatasetStorageLocation]:
         with self.engine.scoped_session() as session:
             locations = (
                 session.query(
-                    models.DatasetStorageLocation.locationUri.label('locationUri'),
-                    models.DatasetStorageLocation.S3BucketName.label('S3BucketName'),
-                    models.DatasetStorageLocation.S3Prefix.label('S3Prefix'),
+                    DatasetStorageLocation.locationUri.label('locationUri'),
+                    DatasetStorageLocation.S3BucketName.label('S3BucketName'),
+                    DatasetStorageLocation.S3Prefix.label('S3Prefix'),
                     models.Environment.AwsAccountId.label('AwsAccountId'),
                     models.Environment.region.label('region'),
                 )
@@ -215,7 +216,7 @@ def get_shared_folders(self, dataset) -> typing.List[models.DatasetStorageLocati
                     models.ShareObjectItem,
                     and_(
                         models.ShareObjectItem.itemUri
-                        == models.DatasetStorageLocation.locationUri
+                        == DatasetStorageLocation.locationUri
                     ),
                 )
                 .join(
@@ -229,8 +230,8 @@ def get_shared_folders(self, dataset) -> typing.List[models.DatasetStorageLocati
                 )
                 .filter(
                     and_(
-                        models.DatasetStorageLocation.datasetUri == dataset.datasetUri,
-                        models.DatasetStorageLocation.deleted.is_(None),
+                        DatasetStorageLocation.datasetUri == dataset.datasetUri,
+                        DatasetStorageLocation.deleted.is_(None),
                         models.ShareObjectItem.status
                         == models.Enums.ShareObjectStatus.Approved.value,
                     )
diff --git a/backend/dataall/tasks/data_sharing/share_managers/s3_share_manager.py b/backend/dataall/tasks/data_sharing/share_managers/s3_share_manager.py
index 1323770a4..f0ea4e162 100644
--- a/backend/dataall/tasks/data_sharing/share_managers/s3_share_manager.py
+++ b/backend/dataall/tasks/data_sharing/share_managers/s3_share_manager.py
@@ -10,6 +10,7 @@
 from ....aws.handlers.iam import IAM
 
 from ....utils.alarm_service import AlarmService
+from dataall.modules.datasets.db.models import DatasetStorageLocation
 
 logger = logging.getLogger(__name__)
 ACCESS_POINT_CREATION_TIME = 30
@@ -22,7 +23,7 @@ def __init__(
         session,
         dataset: models.Dataset,
         share: models.ShareObject,
-        target_folder: models.DatasetStorageLocation,
+        target_folder: DatasetStorageLocation,
         source_environment: models.Environment,
         target_environment: models.Environment,
         source_env_group: models.EnvironmentGroup,
diff --git a/backend/dataall/tasks/data_sharing/share_processors/s3_process_share.py b/backend/dataall/tasks/data_sharing/share_processors/s3_process_share.py
index 6940d3392..96b608338 100644
--- a/backend/dataall/tasks/data_sharing/share_processors/s3_process_share.py
+++ b/backend/dataall/tasks/data_sharing/share_processors/s3_process_share.py
@@ -2,6 +2,7 @@
 
 from ....db import models, api
 from ..share_managers import S3ShareManager
+from dataall.modules.datasets.db.models import DatasetStorageLocation
 
 
 log = logging.getLogger(__name__)
@@ -13,7 +14,7 @@ def __init__(
         session,
         dataset: models.Dataset,
         share: models.ShareObject,
-        share_folder: models.DatasetStorageLocation,
+        share_folder: DatasetStorageLocation,
         source_environment: models.Environment,
         target_environment: models.Environment,
         source_env_group: models.EnvironmentGroup,
@@ -37,7 +38,7 @@ def process_approved_shares(
         session,
         dataset: models.Dataset,
         share: models.ShareObject,
-        share_folders: [models.DatasetStorageLocation],
+        share_folders: [DatasetStorageLocation],
         source_environment: models.Environment,
         target_environment: models.Environment,
         source_env_group: models.EnvironmentGroup,
@@ -104,7 +105,7 @@ def process_revoked_shares(
             session,
             dataset: models.Dataset,
             share: models.ShareObject,
-            revoke_folders: [models.DatasetStorageLocation],
+            revoke_folders: [DatasetStorageLocation],
             source_environment: models.Environment,
             target_environment: models.Environment,
             source_env_group: models.EnvironmentGroup,
diff --git a/backend/dataall/utils/alarm_service.py b/backend/dataall/utils/alarm_service.py
index 838029d3e..436d5a701 100644
--- a/backend/dataall/utils/alarm_service.py
+++ b/backend/dataall/utils/alarm_service.py
@@ -11,6 +11,7 @@
 
 from ..aws.handlers.sts import SessionHelper
 from ..db import models
+from dataall.modules.datasets.db.models import DatasetStorageLocation
 
 logger = logging.getLogger(__name__)
 
@@ -74,7 +75,7 @@ def trigger_table_sharing_failure_alarm(
 
     def trigger_folder_sharing_failure_alarm(
         self,
-        folder: models.DatasetStorageLocation,
+        folder: DatasetStorageLocation,
         share: models.ShareObject,
         target_environment: models.Environment,
     ):
@@ -101,7 +102,7 @@ def trigger_folder_sharing_failure_alarm(
 
     def trigger_revoke_folder_sharing_failure_alarm(
         self,
-        folder: models.DatasetStorageLocation,
+        folder: DatasetStorageLocation,
         share: models.ShareObject,
         target_environment: models.Environment,
     ):
diff --git a/tests/api/conftest.py b/tests/api/conftest.py
index 65dc6934b..8334f7700 100644
--- a/tests/api/conftest.py
+++ b/tests/api/conftest.py
@@ -1,6 +1,7 @@
 from .client import *
 from dataall.db import models
 from dataall.api import constants
+from dataall.modules.datasets.db.models import DatasetStorageLocation
 
 
 @pytest.fixture(scope='module', autouse=True)
@@ -521,12 +522,12 @@ def factory(
 def location(db):
     cache = {}
 
-    def factory(dataset: models.Dataset, name, username) -> models.DatasetStorageLocation:
+    def factory(dataset: models.Dataset, name, username) -> DatasetStorageLocation:
         key = f'{dataset.datasetUri}-{name}'
         if cache.get(key):
             return cache.get(key)
         with db.scoped_session() as session:
-            ds_location = models.DatasetStorageLocation(
+            ds_location = DatasetStorageLocation(
                 name=name,
                 label=name,
                 owner=username,
diff --git a/tests/api/test_dataset.py b/tests/api/test_dataset.py
index 057ff66a3..359a780b4 100644
--- a/tests/api/test_dataset.py
+++ b/tests/api/test_dataset.py
@@ -3,6 +3,7 @@
 import pytest
 
 import dataall
+from dataall.modules.datasets.db.models import DatasetStorageLocation
 
 
 @pytest.fixture(scope='module', autouse=True)
@@ -235,7 +236,7 @@ def test_add_locations(location, dataset1, db):
         location(dataset=dataset1, name=f'unstructured{i+1}', username=dataset1.owner)
 
     with db.scoped_session() as session:
-        nb = session.query(dataall.db.models.DatasetStorageLocation).count()
+        nb = session.query(DatasetStorageLocation).count()
     assert nb == 10
 
 
diff --git a/tests/searchproxy/test_indexers.py b/tests/searchproxy/test_indexers.py
index 478c8bf3c..fcdb18bb0 100644
--- a/tests/searchproxy/test_indexers.py
+++ b/tests/searchproxy/test_indexers.py
@@ -4,6 +4,7 @@
 
 import dataall
 from dataall.searchproxy import indexers
+from dataall.modules.datasets.db.models import DatasetStorageLocation
 
 
 @pytest.fixture(scope='module', autouse=True)
@@ -89,7 +90,7 @@ def table(org, env, db, dataset):
 @pytest.fixture(scope='module', autouse=True)
 def folder(org, env, db, dataset):
     with db.scoped_session() as session:
-        location = dataall.db.models.DatasetStorageLocation(
+        location = DatasetStorageLocation(
             datasetUri=dataset.datasetUri,
             AWSAccountId='12345678901',
             S3Prefix='S3prefix',
diff --git a/tests/tasks/conftest.py b/tests/tasks/conftest.py
index 826ae524f..7e6f0d71a 100644
--- a/tests/tasks/conftest.py
+++ b/tests/tasks/conftest.py
@@ -1,9 +1,8 @@
-import boto3
-import os
 import pytest
 
 from dataall.db import models
 from dataall.api import constants
+from dataall.modules.datasets.db.models import DatasetStorageLocation
 
 
 @pytest.fixture(scope="module")
@@ -128,10 +127,10 @@ def factory(
 
 @pytest.fixture(scope="module")
 def location(db):
-    def factory(dataset: models.Dataset, label: str) -> models.DatasetStorageLocation:
+    def factory(dataset: models.Dataset, label: str) -> DatasetStorageLocation:
 
         with db.scoped_session() as session:
-            ds_location = models.DatasetStorageLocation(
+            ds_location = DatasetStorageLocation(
                 name=label,
                 label=label,
                 owner=dataset.owner,
@@ -198,7 +197,7 @@ def factory(
 def share_item_folder(db):
     def factory(
         share: models.ShareObject,
-        location: models.DatasetStorageLocation,
+        location: DatasetStorageLocation,
     ) -> models.ShareObjectItem:
         with db.scoped_session() as session:
             share_item = models.ShareObjectItem(
diff --git a/tests/tasks/test_s3_share_manager.py b/tests/tasks/test_s3_share_manager.py
index 53c7f426b..2841be87e 100644
--- a/tests/tasks/test_s3_share_manager.py
+++ b/tests/tasks/test_s3_share_manager.py
@@ -7,6 +7,7 @@
 
 from dataall.tasks.data_sharing.share_managers.s3_share_manager import S3ShareManager
 from dataall.utils.alarm_service import AlarmService
+from dataall.modules.datasets.db.models import DatasetStorageLocation
 
 
 SOURCE_ENV_ACCOUNT = "111111111111"
@@ -68,7 +69,7 @@ def dataset1(dataset: Callable, org1: models.Organization, source_environment: m
 
 
 @pytest.fixture(scope="module")
-def location1(location: Callable, dataset1: models.Dataset) -> models.DatasetStorageLocation:
+def location1(location: Callable, dataset1: models.Dataset) -> DatasetStorageLocation:
     yield location(dataset1, "location1")
 
 
@@ -81,7 +82,7 @@ def share1(share: Callable, dataset1: models.Dataset,
 
 
 @pytest.fixture(scope="module")
-def share_item_folder1(share_item_folder: Callable, share1: models.ShareObject, location1: models.DatasetStorageLocation):
+def share_item_folder1(share_item_folder: Callable, share1: models.ShareObject, location1: DatasetStorageLocation):
     share_item_folder1 = share_item_folder(share1, location1)
     return share_item_folder1
 
@@ -383,7 +384,7 @@ def test_grant_target_role_access_policy_test_no_policy(
     db,
     share1: models.ShareObject,
     share_item_folder1: models.ShareObjectItem,
-    location1: models.DatasetStorageLocation,
+    location1: DatasetStorageLocation,
     source_environment: models.Environment,
     target_environment: models.Environment,
 ):
@@ -445,7 +446,7 @@ def test_update_dataset_bucket_key_policy_with_env_admin(
     db,
     share1: models.ShareObject,
     share_item_folder1: models.ShareObjectItem,
-    location1: models.DatasetStorageLocation,
+    location1: DatasetStorageLocation,
     source_environment: models.Environment,
     target_environment: models.Environment,
 ):
@@ -562,7 +563,7 @@ def test_update_dataset_bucket_key_policy_without_env_admin(
     db,
     share1: models.ShareObject,
     share_item_folder1: models.ShareObjectItem,
-    location1: models.DatasetStorageLocation,
+    location1: DatasetStorageLocation,
     source_environment: models.Environment,
     target_environment: models.Environment,
 ):
@@ -642,7 +643,7 @@ def test_manage_access_point_and_policy_1(
     db,
     share1: models.ShareObject,
     share_item_folder1: models.ShareObjectItem,
-    location1: models.DatasetStorageLocation,
+    location1: DatasetStorageLocation,
     source_environment: models.Environment,
     target_environment: models.Environment,
 ):
@@ -733,7 +734,7 @@ def test_manage_access_point_and_policy_2(
     db,
     share1: models.ShareObject,
     share_item_folder1: models.ShareObjectItem,
-    location1: models.DatasetStorageLocation,
+    location1: DatasetStorageLocation,
     source_environment: models.Environment,
     target_environment: models.Environment,
 ):
@@ -807,7 +808,7 @@ def test_manage_access_point_and_policy_3(
     db,
     share1: models.ShareObject,
     share_item_folder1: models.ShareObjectItem,
-    location1: models.DatasetStorageLocation,
+    location1: DatasetStorageLocation,
     source_environment: models.Environment,
     target_environment: models.Environment,
 ):
@@ -878,7 +879,7 @@ def test_delete_access_point_policy_with_env_admin_one_prefix(
     db,
     share1: models.ShareObject,
     share_item_folder1: models.ShareObjectItem,
-    location1: models.DatasetStorageLocation,
+    location1: DatasetStorageLocation,
     source_environment: models.Environment,
     target_environment: models.Environment,
 ):
@@ -950,7 +951,7 @@ def test_delete_access_point_policy_with_env_admin_multiple_prefix(
     db,
     share1: models.ShareObject,
     share_item_folder1: models.ShareObjectItem,
-    location1: models.DatasetStorageLocation,
+    location1: DatasetStorageLocation,
     source_environment: models.Environment,
     target_environment: models.Environment,
 ):
@@ -1017,7 +1018,7 @@ def test_dont_delete_access_point_with_policy(
     db,
     share1: models.ShareObject,
     share_item_folder1: models.ShareObjectItem,
-    location1: models.DatasetStorageLocation,
+    location1: DatasetStorageLocation,
     source_environment: models.Environment,
     target_environment: models.Environment,
 ):
@@ -1063,7 +1064,7 @@ def test_delete_access_point_without_policy(
     db,
     share1: models.ShareObject,
     share_item_folder1: models.ShareObjectItem,
-    location1: models.DatasetStorageLocation,
+    location1: DatasetStorageLocation,
     source_environment: models.Environment,
     target_environment: models.Environment,
 ):
@@ -1109,7 +1110,7 @@ def test_delete_target_role_access_policy_no_remaining_statement(
     db,
     share1: models.ShareObject,
     share_item_folder1: models.ShareObjectItem,
-    location1: models.DatasetStorageLocation,
+    location1: DatasetStorageLocation,
     source_environment: models.Environment,
     target_environment: models.Environment,
 ):
@@ -1174,7 +1175,7 @@ def test_delete_target_role_access_policy_with_remaining_statement(
     db,
     share1: models.ShareObject,
     share_item_folder1: models.ShareObjectItem,
-    location1: models.DatasetStorageLocation,
+    location1: DatasetStorageLocation,
     source_environment: models.Environment,
     target_environment: models.Environment,
 ):
@@ -1260,7 +1261,7 @@ def test_delete_dataset_bucket_key_policy_existing_policy_with_additional_target
     db,
     share1: models.ShareObject,
     share_item_folder1: models.ShareObjectItem,
-    location1: models.DatasetStorageLocation,
+    location1: DatasetStorageLocation,
     source_environment: models.Environment,
     target_environment: models.Environment,
 ):
@@ -1351,7 +1352,7 @@ def test_delete_dataset_bucket_key_policy_existing_policy_with_no_additional_tar
     db,
     share1: models.ShareObject,
     share_item_folder1: models.ShareObjectItem,
-    location1: models.DatasetStorageLocation,
+    location1: DatasetStorageLocation,
     source_environment: models.Environment,
     target_environment: models.Environment,
 ):
@@ -1424,7 +1425,7 @@ def test_handle_share_failure(
     db,
     share1: models.ShareObject,
     share_item_folder1: models.ShareObjectItem,
-    location1: models.DatasetStorageLocation,
+    location1: DatasetStorageLocation,
     source_environment: models.Environment,
     target_environment: models.Environment,
 ):
@@ -1459,7 +1460,7 @@ def test_handle_revoke_failure(
     db,
     share1: models.ShareObject,
     share_item_folder1: models.ShareObjectItem,
-    location1: models.DatasetStorageLocation,
+    location1: DatasetStorageLocation,
     source_environment: models.Environment,
     target_environment: models.Environment,
 ):

From b2566786250928b9328b2f4b89cfa725e34e5793 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 17 Apr 2023 11:48:11 +0200
Subject: [PATCH 052/346] Datasets refactoring

Moved DatasetStorageLocation into dataset services
---
 backend/dataall/aws/handlers/s3.py            |  3 +-
 backend/dataall/db/api/__init__.py            |  1 -
 .../api/storage_location/resolvers.py         | 20 +++----
 .../datasets/services}/dataset_location.py    | 52 +++++++++----------
 .../datasets/tasks/subscription_service.py    |  3 +-
 5 files changed, 40 insertions(+), 39 deletions(-)
 rename backend/dataall/{db/api => modules/datasets/services}/dataset_location.py (78%)

diff --git a/backend/dataall/aws/handlers/s3.py b/backend/dataall/aws/handlers/s3.py
index bcd0ad440..0be215ae3 100755
--- a/backend/dataall/aws/handlers/s3.py
+++ b/backend/dataall/aws/handlers/s3.py
@@ -4,6 +4,7 @@
 from ...db import models
 from .service_handlers import Worker
 from .sts import SessionHelper
+from dataall.modules.datasets.services.dataset_location import DatasetStorageLocationService
 
 log = logging.getLogger(__name__)
 
@@ -13,7 +14,7 @@ class S3:
     @Worker.handler(path='s3.prefix.create')
     def create_dataset_location(engine, task: models.Task):
         with engine.scoped_session() as session:
-            location = db.api.DatasetStorageLocation.get_location_by_uri(
+            location = DatasetStorageLocationService.get_location_by_uri(
                 session, task.targetUri
             )
             S3.create_bucket_prefix(location)
diff --git a/backend/dataall/db/api/__init__.py b/backend/dataall/db/api/__init__.py
index a5f11d2c7..7bf8e0a4b 100644
--- a/backend/dataall/db/api/__init__.py
+++ b/backend/dataall/db/api/__init__.py
@@ -12,7 +12,6 @@
 from .vote import Vote
 from .share_object import ShareObject, ShareObjectSM, ShareItemSM
 from .dataset import Dataset
-from .dataset_location import DatasetStorageLocation
 from .notification import Notification
 from .redshift_cluster import RedshiftCluster
 from .vpc import Vpc
diff --git a/backend/dataall/modules/datasets/api/storage_location/resolvers.py b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
index 2eb18198c..e66e767a9 100644
--- a/backend/dataall/modules/datasets/api/storage_location/resolvers.py
+++ b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
@@ -5,19 +5,19 @@
 from dataall.db.api import (
     ResourcePolicy,
     Glossary,
-    DatasetStorageLocation,
     Dataset,
     Environment,
 )
 from dataall.searchproxy import indexers
 from dataall.modules.datasets.db.models import DatasetStorageLocation
+from dataall.modules.datasets.services.dataset_location import DatasetStorageLocationService
 
 
 def create_storage_location(
     context, source, datasetUri: str = None, input: dict = None
 ):
     with context.engine.scoped_session() as session:
-        location = DatasetStorageLocation.create_dataset_location(
+        location = DatasetStorageLocationService.create_dataset_location(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -40,15 +40,15 @@ def list_dataset_locations(context, source, filter: dict = None):
     if not filter:
         filter = {}
     with context.engine.scoped_session() as session:
-        return DatasetStorageLocation.list_dataset_locations(
+        return DatasetStorageLocationService.list_dataset_locations(
             session=session, uri=source.datasetUri, data=filter, check_perm=True
         )
 
 
 def get_storage_location(context, source, locationUri=None):
     with context.engine.scoped_session() as session:
-        location = DatasetStorageLocation.get_location_by_uri(session, locationUri)
-        return DatasetStorageLocation.get_dataset_location(
+        location = DatasetStorageLocationService.get_location_by_uri(session, locationUri)
+        return DatasetStorageLocationService.get_dataset_location(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -62,10 +62,10 @@ def update_storage_location(
     context, source, locationUri: str = None, input: dict = None
 ):
     with context.engine.scoped_session() as session:
-        location = DatasetStorageLocation.get_location_by_uri(session, locationUri)
+        location = DatasetStorageLocationService.get_location_by_uri(session, locationUri)
         input['location'] = location
         input['locationUri'] = location.locationUri
-        DatasetStorageLocation.update_dataset_location(
+        DatasetStorageLocationService.update_dataset_location(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -80,8 +80,8 @@ def update_storage_location(
 
 def remove_storage_location(context, source, locationUri: str = None):
     with context.engine.scoped_session() as session:
-        location = DatasetStorageLocation.get_location_by_uri(session, locationUri)
-        DatasetStorageLocation.delete_dataset_location(
+        location = DatasetStorageLocationService.get_location_by_uri(session, locationUri)
+        DatasetStorageLocationService.delete_dataset_location(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -103,7 +103,7 @@ def resolve_dataset(context, source: DatasetStorageLocation, **kwargs):
 
 def publish_location_update(context: Context, source, locationUri: str = None):
     with context.engine.scoped_session() as session:
-        location = DatasetStorageLocation.get_location_by_uri(session, locationUri)
+        location = DatasetStorageLocationService.get_location_by_uri(session, locationUri)
         ResourcePolicy.check_user_resource_permission(
             session=session,
             username=context.username,
diff --git a/backend/dataall/db/api/dataset_location.py b/backend/dataall/modules/datasets/services/dataset_location.py
similarity index 78%
rename from backend/dataall/db/api/dataset_location.py
rename to backend/dataall/modules/datasets/services/dataset_location.py
index e19f1dfb0..640f0a037 100644
--- a/backend/dataall/db/api/dataset_location.py
+++ b/backend/dataall/modules/datasets/services/dataset_location.py
@@ -3,15 +3,15 @@
 
 from sqlalchemy import and_, or_
 
-from . import has_tenant_perm, has_resource_perm, Glossary
-from .. import models, api, paginate, permissions, exceptions
-from .dataset import Dataset
-from dataall.modules.datasets.db.models import DatasetStorageLocation as DatasetStorageLocationModel
+from dataall.db.api import has_tenant_perm, has_resource_perm, Glossary
+from dataall.db import models, api, paginate, permissions, exceptions
+from dataall.db.api.dataset import Dataset
+from dataall.modules.datasets.db.models import DatasetStorageLocation
 
 logger = logging.getLogger(__name__)
 
 
-class DatasetStorageLocation:
+class DatasetStorageLocationService:
     @staticmethod
     @has_tenant_perm(permissions.MANAGE_DATASETS)
     @has_resource_perm(permissions.CREATE_DATASET_FOLDER)
@@ -22,14 +22,14 @@ def create_dataset_location(
         uri: str,
         data: dict = None,
         check_perm: bool = False,
-    ) -> DatasetStorageLocationModel:
+    ) -> DatasetStorageLocation:
         dataset = Dataset.get_dataset_by_uri(session, uri)
         exists = (
-            session.query(DatasetStorageLocationModel)
+            session.query(DatasetStorageLocation)
             .filter(
                 and_(
-                    DatasetStorageLocationModel.datasetUri == dataset.datasetUri,
-                    DatasetStorageLocationModel.S3Prefix == data['prefix'],
+                    DatasetStorageLocation.datasetUri == dataset.datasetUri,
+                    DatasetStorageLocation.S3Prefix == data['prefix'],
                 )
             )
             .count()
@@ -41,7 +41,7 @@ def create_dataset_location(
                 message=f'Folder: {data["prefix"]} already exist on dataset {uri}',
             )
 
-        location = DatasetStorageLocationModel(
+        location = DatasetStorageLocation(
             datasetUri=dataset.datasetUri,
             label=data.get('label'),
             description=data.get('description', 'No description provided'),
@@ -78,14 +78,14 @@ def list_dataset_locations(
         check_perm: bool = False,
     ) -> dict:
         query = (
-            session.query(DatasetStorageLocationModel)
-            .filter(DatasetStorageLocationModel.datasetUri == uri)
-            .order_by(DatasetStorageLocationModel.created.desc())
+            session.query(DatasetStorageLocation)
+            .filter(DatasetStorageLocation.datasetUri == uri)
+            .order_by(DatasetStorageLocation.created.desc())
         )
         if data.get('term'):
             term = data.get('term')
             query = query.filter(
-                DatasetStorageLocationModel.label.ilike('%' + term + '%')
+                DatasetStorageLocation.label.ilike('%' + term + '%')
             )
         return paginate(
             query, page=data.get('page', 1), page_size=data.get('pageSize', 10)
@@ -101,8 +101,8 @@ def get_dataset_location(
         uri: str,
         data: dict = None,
         check_perm: bool = False,
-    ) -> DatasetStorageLocationModel:
-        return DatasetStorageLocation.get_location_by_uri(session, data['locationUri'])
+    ) -> DatasetStorageLocation:
+        return DatasetStorageLocationService.get_location_by_uri(session, data['locationUri'])
 
     @staticmethod
     @has_tenant_perm(permissions.MANAGE_DATASETS)
@@ -114,11 +114,11 @@ def update_dataset_location(
         uri: str,
         data: dict = None,
         check_perm: bool = False,
-    ) -> DatasetStorageLocationModel:
+    ) -> DatasetStorageLocation:
 
         location = data.get(
             'location',
-            DatasetStorageLocation.get_location_by_uri(session, data['locationUri']),
+            DatasetStorageLocationService.get_location_by_uri(session, data['locationUri']),
         )
 
         for k in data.keys():
@@ -145,7 +145,7 @@ def delete_dataset_location(
         data: dict = None,
         check_perm: bool = False,
     ):
-        location = DatasetStorageLocation.get_location_by_uri(
+        location = DatasetStorageLocationService.get_location_by_uri(
             session, data['locationUri']
         )
         share_item_shared_states = api.ShareItemSM.get_share_item_shared_states()
@@ -177,9 +177,9 @@ def delete_dataset_location(
         return True
 
     @staticmethod
-    def get_location_by_uri(session, location_uri) -> DatasetStorageLocationModel:
+    def get_location_by_uri(session, location_uri) -> DatasetStorageLocation:
         location: DatasetStorageLocation = session.query(
-            DatasetStorageLocationModel
+            DatasetStorageLocation
         ).get(location_uri)
         if not location:
             raise exceptions.ObjectNotFound('Folder', location_uri)
@@ -187,13 +187,13 @@ def get_location_by_uri(session, location_uri) -> DatasetStorageLocationModel:
 
     @staticmethod
     def get_location_by_s3_prefix(session, s3_prefix, accountid, region):
-        location: DatasetStorageLocationModel = (
-            session.query(DatasetStorageLocationModel)
+        location: DatasetStorageLocation = (
+            session.query(DatasetStorageLocation)
             .filter(
                 and_(
-                    DatasetStorageLocationModel.S3Prefix.startswith(s3_prefix),
-                    DatasetStorageLocationModel.AWSAccountId == accountid,
-                    DatasetStorageLocationModel.region == region,
+                    DatasetStorageLocation.S3Prefix.startswith(s3_prefix),
+                    DatasetStorageLocation.AWSAccountId == accountid,
+                    DatasetStorageLocation.region == region,
                 )
             )
             .first()
diff --git a/backend/dataall/modules/datasets/tasks/subscription_service.py b/backend/dataall/modules/datasets/tasks/subscription_service.py
index 7df028914..94339d0f7 100644
--- a/backend/dataall/modules/datasets/tasks/subscription_service.py
+++ b/backend/dataall/modules/datasets/tasks/subscription_service.py
@@ -16,6 +16,7 @@
 from dataall.tasks.subscriptions import poll_queues
 from dataall.utils import json_utils
 from dataall.modules.datasets.services.dataset_table import DatasetTableService
+from dataall.modules.datasets.services.dataset_location import DatasetStorageLocationService
 from dataall.modules.datasets.db.models import DatasetStorageLocation
 
 root = logging.getLogger()
@@ -105,7 +106,7 @@ def publish_table_update_message(engine, message):
     @staticmethod
     def publish_location_update_message(session, message):
         location: DatasetStorageLocation = (
-            db.api.DatasetStorageLocation.get_location_by_s3_prefix(
+            DatasetStorageLocationService.get_location_by_s3_prefix(
                 session,
                 message.get('prefix'),
                 message.get('accountid'),

From 66b5ddbf8093f4c58f6de46552064dff3db57bf0 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 17 Apr 2023 11:58:32 +0200
Subject: [PATCH 053/346] Datasets refactoring

Extracted s3_location_handler
---
 backend/dataall/aws/handlers/s3.py            | 35 --------------
 .../modules/datasets/handlers/__init__.py     |  6 ++-
 .../datasets/handlers/s3_location_handler.py  | 48 +++++++++++++++++++
 3 files changed, 52 insertions(+), 37 deletions(-)
 create mode 100644 backend/dataall/modules/datasets/handlers/s3_location_handler.py

diff --git a/backend/dataall/aws/handlers/s3.py b/backend/dataall/aws/handlers/s3.py
index 0be215ae3..2352ef791 100755
--- a/backend/dataall/aws/handlers/s3.py
+++ b/backend/dataall/aws/handlers/s3.py
@@ -1,51 +1,16 @@
 import logging
 
-from ... import db
-from ...db import models
-from .service_handlers import Worker
 from .sts import SessionHelper
-from dataall.modules.datasets.services.dataset_location import DatasetStorageLocationService
 
 log = logging.getLogger(__name__)
 
 
 class S3:
-    @staticmethod
-    @Worker.handler(path='s3.prefix.create')
-    def create_dataset_location(engine, task: models.Task):
-        with engine.scoped_session() as session:
-            location = DatasetStorageLocationService.get_location_by_uri(
-                session, task.targetUri
-            )
-            S3.create_bucket_prefix(location)
-            return location
-
     @staticmethod
     def client(account_id: str, region: str, client_type: str):
         session = SessionHelper.remote_session(accountid=account_id)
         return session.client(client_type, region_name=region)
 
-    @staticmethod
-    def create_bucket_prefix(location):
-        try:
-            accountid = location.AWSAccountId
-            region = location.region
-            s3cli = S3.client(account_id=accountid, region=region, client_type='s3')
-            response = s3cli.put_object(
-                Bucket=location.S3BucketName, Body='', Key=location.S3Prefix + '/'
-            )
-            log.info(
-                'Creating S3 Prefix `{}`({}) on AWS #{}'.format(
-                    location.S3BucketName, accountid, response
-                )
-            )
-            location.locationCreated = True
-        except Exception as e:
-            log.error(
-                f'Dataset storage location creation failed on S3 for dataset location {location.locationUri} : {e}'
-            )
-            raise e
-
     @staticmethod
     def create_bucket_policy(account_id: str, region: str, bucket_name: str, policy: str):
         try:
diff --git a/backend/dataall/modules/datasets/handlers/__init__.py b/backend/dataall/modules/datasets/handlers/__init__.py
index a5d506712..382f052a9 100644
--- a/backend/dataall/modules/datasets/handlers/__init__.py
+++ b/backend/dataall/modules/datasets/handlers/__init__.py
@@ -4,7 +4,9 @@
 """
 from dataall.modules.datasets.handlers import (
     glue_column_handler,
-    glue_table_handler
+    glue_table_handler,
+    glue_profiling_handler,
+    s3_location_handler
 )
 
-__all__ = ["glue_column_handler", "glue_table_handler"]
+__all__ = ["glue_column_handler", "glue_table_handler", "glue_profiling_handler", "s3_location_handler"]
diff --git a/backend/dataall/modules/datasets/handlers/s3_location_handler.py b/backend/dataall/modules/datasets/handlers/s3_location_handler.py
new file mode 100644
index 000000000..431a4cecd
--- /dev/null
+++ b/backend/dataall/modules/datasets/handlers/s3_location_handler.py
@@ -0,0 +1,48 @@
+import logging
+
+from dataall.aws.handlers.service_handlers import Worker
+from dataall.aws.handlers.sts import SessionHelper
+from dataall.db import models
+from dataall.modules.datasets.services.dataset_location import DatasetStorageLocationService
+
+log = logging.getLogger(__name__)
+
+
+class S3DatasetLocationHandler:
+    """Handles async requests related to s3 for dataset storage location"""
+
+    @staticmethod
+    def client(account_id: str, region: str, client_type: str):
+        session = SessionHelper.remote_session(accountid=account_id)
+        return session.client(client_type, region_name=region)
+
+    @staticmethod
+    @Worker.handler(path='s3.prefix.create')
+    def create_dataset_location(engine, task: models.Task):
+        with engine.scoped_session() as session:
+            location = DatasetStorageLocationService.get_location_by_uri(
+                session, task.targetUri
+            )
+            S3DatasetLocationHandler.create_bucket_prefix(location)
+            return location
+
+    @staticmethod
+    def create_bucket_prefix(location):
+        try:
+            account_id = location.AWSAccountId
+            region = location.region
+            s3cli = S3DatasetLocationHandler.client(account_id=account_id, region=region, client_type='s3')
+            response = s3cli.put_object(
+                Bucket=location.S3BucketName, Body='', Key=location.S3Prefix + '/'
+            )
+            log.info(
+                'Creating S3 Prefix `{}`({}) on AWS #{}'.format(
+                    location.S3BucketName, account_id, response
+                )
+            )
+            location.locationCreated = True
+        except Exception as e:
+            log.error(
+                f'Dataset storage location creation failed on S3 for dataset location {location.locationUri} : {e}'
+            )
+            raise e

From 352d82485aa4edbcfcaa972f3603ee2bdb0e0d96 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 17 Apr 2023 12:12:58 +0200
Subject: [PATCH 054/346] Datasets refactoring

Moved the dataset stack into modules
---
 backend/dataall/cdkproxy/stacks/__init__.py   |  2 --
 backend/dataall/modules/datasets/__init__.py  | 12 +++++++++++
 .../dataall/modules/datasets/cdk/__init__.py  |  3 +++
 .../datasets/cdk/dataset_stack.py}            | 20 +++++++++----------
 tests/cdkproxy/test_dataset_stack.py          |  8 ++++----
 5 files changed, 29 insertions(+), 16 deletions(-)
 create mode 100644 backend/dataall/modules/datasets/cdk/__init__.py
 rename backend/dataall/{cdkproxy/stacks/dataset.py => modules/datasets/cdk/dataset_stack.py} (97%)

diff --git a/backend/dataall/cdkproxy/stacks/__init__.py b/backend/dataall/cdkproxy/stacks/__init__.py
index 3857b30c0..fb4674754 100644
--- a/backend/dataall/cdkproxy/stacks/__init__.py
+++ b/backend/dataall/cdkproxy/stacks/__init__.py
@@ -1,4 +1,3 @@
-from .dataset import Dataset
 from .environment import EnvironmentSetup
 from .pipeline import PipelineStack
 from .manager import stack, instanciate_stack, StackManager
@@ -7,7 +6,6 @@
 
 __all__ = [
     'EnvironmentSetup',
-    'Dataset',
     'StackManager',
     'stack',
     'StackManager',
diff --git a/backend/dataall/modules/datasets/__init__.py b/backend/dataall/modules/datasets/__init__.py
index 842eba82b..f0bac92d2 100644
--- a/backend/dataall/modules/datasets/__init__.py
+++ b/backend/dataall/modules/datasets/__init__.py
@@ -39,3 +39,15 @@ def is_supported(cls, modes: List[ImportMode]):
     def __init__(self):
         import dataall.modules.datasets.handlers
         log.info("Dataset handlers have been imported")
+
+
+class DatasetCdkModuleInterface(ModuleInterface):
+    """Loads dataset cdk stacks """
+
+    @classmethod
+    def is_supported(cls, modes: List[ImportMode]):
+        return ImportMode.CDK in modes
+
+    def __init__(self):
+        import dataall.modules.datasets.cdk
+        log.info("Dataset stacks have been imported")
diff --git a/backend/dataall/modules/datasets/cdk/__init__.py b/backend/dataall/modules/datasets/cdk/__init__.py
new file mode 100644
index 000000000..5642d8a40
--- /dev/null
+++ b/backend/dataall/modules/datasets/cdk/__init__.py
@@ -0,0 +1,3 @@
+from dataall.modules.datasets.cdk import dataset_stack
+
+__all__ = ["dataset_stack"]
diff --git a/backend/dataall/cdkproxy/stacks/dataset.py b/backend/dataall/modules/datasets/cdk/dataset_stack.py
similarity index 97%
rename from backend/dataall/cdkproxy/stacks/dataset.py
rename to backend/dataall/modules/datasets/cdk/dataset_stack.py
index 852cba66b..e99b43b0c 100644
--- a/backend/dataall/cdkproxy/stacks/dataset.py
+++ b/backend/dataall/modules/datasets/cdk/dataset_stack.py
@@ -19,22 +19,22 @@
 from aws_cdk.aws_glue import CfnCrawler
 from sqlalchemy import and_, or_
 
-from .manager import stack
-from ... import db
-from ...aws.handlers.quicksight import Quicksight
-from ...aws.handlers.lakeformation import LakeFormation
-from ...aws.handlers.sts import SessionHelper
-from ...db import models
-from ...db.api import Environment
-from ...utils.cdk_nag_utils import CDKNagUtil
-from ...utils.runtime_stacks_tagging import TagsUtil
+from dataall.cdkproxy.stacks.manager import stack
+from dataall import db
+from dataall.aws.handlers.quicksight import Quicksight
+from dataall.aws.handlers.lakeformation import LakeFormation
+from dataall.aws.handlers.sts import SessionHelper
+from dataall.db import models
+from dataall.db.api import Environment
+from dataall.utils.cdk_nag_utils import CDKNagUtil
+from dataall.utils.runtime_stacks_tagging import TagsUtil
 from dataall.modules.datasets.db.models import DatasetStorageLocation
 
 logger = logging.getLogger(__name__)
 
 
 @stack(stack='dataset')
-class Dataset(Stack):
+class DatasetStack(Stack):
     module_name = __file__
 
     def get_engine(self) -> db.Engine:
diff --git a/tests/cdkproxy/test_dataset_stack.py b/tests/cdkproxy/test_dataset_stack.py
index 19a30d513..34f495056 100644
--- a/tests/cdkproxy/test_dataset_stack.py
+++ b/tests/cdkproxy/test_dataset_stack.py
@@ -3,14 +3,14 @@
 import pytest
 from aws_cdk import App
 
-from dataall.cdkproxy.stacks import Dataset
+from dataall.modules.datasets.cdk.dataset_stack import DatasetStack
 
 
 @pytest.fixture(scope='function', autouse=True)
 def patch_methods(mocker, db, dataset, env, org):
-    mocker.patch('dataall.cdkproxy.stacks.dataset.Dataset.get_engine', return_value=db)
+    mocker.patch('dataall.cdkproxy.stacks.dataset.DatasetStack.get_engine', return_value=db)
     mocker.patch(
-        'dataall.cdkproxy.stacks.dataset.Dataset.get_target', return_value=dataset
+        'dataall.cdkproxy.stacks.dataset.DatasetStack.get_target', return_value=dataset
     )
     mocker.patch(
         'dataall.aws.handlers.sts.SessionHelper.get_delegation_role_name',
@@ -41,7 +41,7 @@ def patch_methods(mocker, db, dataset, env, org):
 @pytest.fixture(scope='function', autouse=True)
 def template(dataset):
     app = App()
-    Dataset(app, 'Dataset', target_uri=dataset.datasetUri)
+    DatasetStack(app, 'Dataset', target_uri=dataset.datasetUri)
     return json.dumps(app.synth().get_stack_by_name('Dataset').template)
 
 

From 9934a9cf81a52ce95287965c12c25397dad329cd Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 17 Apr 2023 13:42:22 +0200
Subject: [PATCH 055/346] Datasets refactoring

Moved indexing into GlossaryRegistry
---
 .../dataall/api/Objects/Glossary/registry.py  | 39 +++++++++++++++----
 .../dataall/api/Objects/Glossary/resolvers.py | 16 +-------
 backend/dataall/modules/datasets/__init__.py  |  8 +++-
 3 files changed, 41 insertions(+), 22 deletions(-)

diff --git a/backend/dataall/api/Objects/Glossary/registry.py b/backend/dataall/api/Objects/Glossary/registry.py
index 7c42e4f4c..0f0cdb61f 100644
--- a/backend/dataall/api/Objects/Glossary/registry.py
+++ b/backend/dataall/api/Objects/Glossary/registry.py
@@ -1,9 +1,12 @@
-from dataclasses import dataclass
-from typing import Type, Dict, Optional, Protocol, Union
+from dataclasses import dataclass, field
+from typing import Type, Dict, Optional, Protocol, Union, Callable, Any
+
+from opensearchpy import OpenSearch
 
 from dataall.api import gql
 from dataall.api.gql.graphql_union_type import UnionTypeRegistry
 from dataall.db import Resource, models
+from dataall.searchproxy.indexers import upsert_dashboard, upsert_table, upsert_dataset
 
 
 class Identifiable(Protocol):
@@ -17,13 +20,14 @@ class GlossaryDefinition:
     target_type: str
     object_type: str
     model: Union[Type[Resource], Identifiable]  # should be an intersection, but python typing doesn't have one yet
+    reindexer: Callable[[Any, OpenSearch, str], None] = None # a callback to reindex glossaries in open search
 
     def target_uri(self):
         return self.model.uri()
 
 
 class GlossaryRegistry(UnionTypeRegistry):
-    """Registry of glossary definition and API to retrieve data"""
+    """Registry of glossary definition and API to retrieve and reindex data"""
     _DEFINITIONS: Dict[str, GlossaryDefinition] = {}
 
     @classmethod
@@ -50,8 +54,29 @@ def definitions(cls):
     def types(cls):
         return [gql.Ref(definition.object_type) for definition in cls._DEFINITIONS.values()]
 
+    @classmethod
+    def reindex(cls, session, es: OpenSearch, target_type: str, target_uri: str):
+        definition = cls._DEFINITIONS[target_type]
+        if definition.reindexer:
+            definition.reindexer(session, es, target_uri)
+
+
+GlossaryRegistry.register(GlossaryDefinition(
+    target_type="Dashboard",
+    object_type="Dashboard",
+    model=models.Dashboard,
+    reindexer=upsert_dashboard
+))
 
-GlossaryRegistry.register(GlossaryDefinition("DatasetTable", "DatasetTable", models.DatasetTable))
-GlossaryRegistry.register(GlossaryDefinition("Dashboard", "Dashboard", models.Dashboard))
-GlossaryRegistry.register(GlossaryDefinition("DatasetTable", "DatasetTable", models.DatasetTable))
-GlossaryRegistry.register(GlossaryDefinition("Dataset", "Dataset", models.Dataset))
+GlossaryRegistry.register(GlossaryDefinition(
+    target_type="DatasetTable",
+    object_type="DatasetTable",
+    model=models.DatasetTable,
+    reindexer=upsert_table
+))
+GlossaryRegistry.register(GlossaryDefinition(
+    target_type="Dataset",
+    object_type="Dataset",
+    model=models.Dataset,
+    reindexer=upsert_dataset
+))
diff --git a/backend/dataall/api/Objects/Glossary/resolvers.py b/backend/dataall/api/Objects/Glossary/resolvers.py
index 959578600..fdc4c3eea 100644
--- a/backend/dataall/api/Objects/Glossary/resolvers.py
+++ b/backend/dataall/api/Objects/Glossary/resolvers.py
@@ -6,15 +6,10 @@
 from .... import db
 from ....api.context import Context
 from ....db import paginate, exceptions, models
-from ....searchproxy import upsert_dataset
-from ....searchproxy import upsert_table
-from ....searchproxy.indexers import upsert_folder, upsert_dashboard
 from ....api.constants import (
     GlossaryRole
 )
 
-from dataall.modules.datasets.db.models import DatasetStorageLocation
-
 
 def resolve_glossary_node(obj: models.GlossaryNode, *_):
     if obj.nodeType == 'G':
@@ -462,15 +457,8 @@ def reindex(context, linkUri):
         link: models.TermLink = session.query(models.TermLink).get(linkUri)
         if not link:
             return
-    target = resolve_link_target(context, source=link)
-    if isinstance(target, models.Dataset):
-        upsert_dataset(session=session, es=context.es, datasetUri=link.targetUri)
-    elif isinstance(target, models.DatasetTable):
-        upsert_table(session=session, es=context.es, tableUri=link.targetUri)
-    elif isinstance(target, DatasetStorageLocation):
-        upsert_folder(session=session, es=context.es, locationUri=link.targetUri)
-    elif isinstance(target, models.Dashboard):
-        upsert_dashboard(session=session, es=context.es, dashboardUri=link.targetUri)
+
+    GlossaryRegistry.reindex(session, context.es, link.targetType, link.targetUri)
 
 
 def _target_model(target_type: str):
diff --git a/backend/dataall/modules/datasets/__init__.py b/backend/dataall/modules/datasets/__init__.py
index f0bac92d2..3e50f37fa 100644
--- a/backend/dataall/modules/datasets/__init__.py
+++ b/backend/dataall/modules/datasets/__init__.py
@@ -6,6 +6,7 @@
 from dataall.api.Objects.Glossary.registry import GlossaryRegistry, GlossaryDefinition
 from dataall.modules.datasets.db.models import DatasetTableColumn, DatasetStorageLocation
 from dataall.modules.loader import ModuleInterface, ImportMode
+from dataall.searchproxy.indexers import upsert_folder
 
 log = logging.getLogger(__name__)
 
@@ -24,7 +25,12 @@ def __init__(self):
         FeedRegistry.register(FeedDefinition("DatasetStorageLocation", DatasetStorageLocation))
 
         GlossaryRegistry.register(GlossaryDefinition("Column", "DatasetTableColumn", DatasetTableColumn))
-        GlossaryRegistry.register(GlossaryDefinition("Folder", "DatasetStorageLocation", DatasetStorageLocation))
+        GlossaryRegistry.register(GlossaryDefinition(
+            target_type="Folder",
+            object_type="DatasetStorageLocation",
+            model=DatasetStorageLocation,
+            reindexer=upsert_folder
+        ))
 
         log.info("API of datasets has been imported")
 

From 228c1753039667181edcd97af3a50a0915fd396e Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 18 Apr 2023 14:25:34 +0200
Subject: [PATCH 056/346] Datasets refactoring

Removed dead code
---
 backend/dataall/db/api/environment.py | 92 ---------------------------
 1 file changed, 92 deletions(-)

diff --git a/backend/dataall/db/api/environment.py b/backend/dataall/db/api/environment.py
index ac3777e5d..8642287db 100644
--- a/backend/dataall/db/api/environment.py
+++ b/backend/dataall/db/api/environment.py
@@ -1089,98 +1089,6 @@ def paginated_environment_networks(
             page_size=data.get('pageSize', 10),
         ).to_dict()
 
-    @staticmethod
-    @has_resource_perm(permissions.LIST_ENVIRONMENT_DATASETS)
-    def paginated_environment_data_items(
-        session, username, groups, uri, data=None, check_perm=None
-    ):
-        share_item_shared_states = api.ShareItemSM.get_share_item_shared_states()
-        q = (
-            session.query(
-                models.ShareObjectItem.shareUri.label('shareUri'),
-                models.Dataset.datasetUri.label('datasetUri'),
-                models.Dataset.name.label('datasetName'),
-                models.Dataset.description.label('datasetDescription'),
-                models.Environment.environmentUri.label('environmentUri'),
-                models.Environment.name.label('environmentName'),
-                models.ShareObject.created.label('created'),
-                models.ShareObjectItem.itemType.label('itemType'),
-                models.ShareObjectItem.GlueDatabaseName.label('GlueDatabaseName'),
-                models.ShareObjectItem.GlueTableName.label('GlueTableName'),
-                models.ShareObjectItem.S3AccessPointName.label('S3AccessPointName'),
-                models.Organization.organizationUri.label('organizationUri'),
-                models.Organization.name.label('organizationName'),
-                case(
-                    [
-                        (
-                            models.ShareObjectItem.itemType
-                            == ShareableType.Table.value,
-                            func.concat(
-                                models.DatasetTable.GlueDatabaseName,
-                                '.',
-                                models.DatasetTable.GlueTableName,
-                            ),
-                        ),
-                        (
-                            models.ShareObjectItem.itemType
-                            == ShareableType.StorageLocation.value,
-                            func.concat(DatasetStorageLocation.name),
-                        ),
-                    ],
-                    else_='XXX XXXX',
-                ).label('itemAccess'),
-            )
-            .join(
-                models.ShareObject,
-                models.ShareObject.shareUri == models.ShareObjectItem.shareUri,
-            )
-            .join(
-                models.Dataset,
-                models.ShareObject.datasetUri == models.Dataset.datasetUri,
-            )
-            .join(
-                models.Environment,
-                models.Environment.environmentUri == models.Dataset.environmentUri,
-            )
-            .join(
-                models.Organization,
-                models.Organization.organizationUri
-                == models.Environment.organizationUri,
-            )
-            .outerjoin(
-                models.DatasetTable,
-                models.ShareObjectItem.itemUri == models.DatasetTable.tableUri,
-            )
-            .outerjoin(
-                DatasetStorageLocation,
-                models.ShareObjectItem.itemUri
-                == DatasetStorageLocation.locationUri,
-            )
-            .filter(
-                and_(
-                    models.ShareObjectItem.status.in_(share_item_shared_states),
-                    models.ShareObject.environmentUri == uri,
-                )
-            )
-        )
-
-        if data.get('datasetUri'):
-            datasetUri = data.get('datasetUri')
-            q = q.filter(models.ShareObject.datasetUri == datasetUri)
-
-        if data.get('itemTypes', None):
-            itemTypes = data.get('itemTypes')
-            q = q.filter(
-                or_(*[models.ShareObjectItem.itemType == t for t in itemTypes])
-            )
-        if data.get('term'):
-            term = data.get('term')
-            q = q.filter(models.ShareObjectItem.itemName.ilike('%' + term + '%'))
-
-        return paginate(
-            query=q, page=data.get('page', 1), page_size=data.get('pageSize', 10)
-        ).to_dict()
-
     @staticmethod
     def validate_invite_params(data):
         if not data:

From 263d10cd4bb3b1c83b5392fd6ee0b0138e59977b Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 19 Apr 2023 10:08:11 +0200
Subject: [PATCH 057/346] Datasets refactoring

Extracted dataset share service
---
 .../api/Objects/Environment/resolvers.py      |   4 +-
 .../dataall/api/Objects/Group/resolvers.py    |   4 +-
 backend/dataall/db/api/environment.py         | 194 +----------------
 .../services/dataset_share_service.py         | 204 ++++++++++++++++++
 4 files changed, 211 insertions(+), 195 deletions(-)
 create mode 100644 backend/dataall/modules/datasets/services/dataset_share_service.py

diff --git a/backend/dataall/api/Objects/Environment/resolvers.py b/backend/dataall/api/Objects/Environment/resolvers.py
index 60af060a7..86f251f59 100644
--- a/backend/dataall/api/Objects/Environment/resolvers.py
+++ b/backend/dataall/api/Objects/Environment/resolvers.py
@@ -21,6 +21,8 @@
     NamingConventionPattern,
 )
 
+from dataall.modules.datasets.services.dataset_share_service import DatasetShareService
+
 log = logging.getLogger()
 
 
@@ -391,7 +393,7 @@ def list_shared_with_environment_data_items(
     if not filter:
         filter = {}
     with context.engine.scoped_session() as session:
-        return db.api.Environment.paginated_shared_with_environment_datasets(
+        return DatasetShareService.paginated_shared_with_environment_datasets(
             session=session,
             username=context.username,
             groups=context.groups,
diff --git a/backend/dataall/api/Objects/Group/resolvers.py b/backend/dataall/api/Objects/Group/resolvers.py
index 9192b6b59..11de0da1b 100644
--- a/backend/dataall/api/Objects/Group/resolvers.py
+++ b/backend/dataall/api/Objects/Group/resolvers.py
@@ -4,7 +4,7 @@
 from ....db import exceptions
 from ....db.models import Group
 from ....aws.handlers.cognito import Cognito
-
+from ....modules.datasets.services.dataset_share_service import DatasetShareService
 
 log = logging.getLogger()
 
@@ -66,7 +66,7 @@ def list_data_items_shared_with_env_group(
     if not filter:
         filter = {}
     with context.engine.scoped_session() as session:
-        return db.api.Environment.paginated_shared_with_environment_group_datasets(
+        return DatasetShareService.paginated_shared_with_environment_group_datasets(
             session=session,
             username=context.username,
             groups=context.groups,
diff --git a/backend/dataall/db/api/environment.py b/backend/dataall/db/api/environment.py
index 8642287db..d1c7a67fa 100644
--- a/backend/dataall/db/api/environment.py
+++ b/backend/dataall/db/api/environment.py
@@ -1,11 +1,11 @@
 import logging
 import re
 
-from sqlalchemy import or_, case, func
+from sqlalchemy import or_
 from sqlalchemy.orm import Query
 from sqlalchemy.sql import and_
 
-from .. import exceptions, permissions, models, api
+from .. import exceptions, permissions, models
 from . import (
     has_resource_perm,
     has_tenant_perm,
@@ -16,7 +16,6 @@
 from ..api.organization import Organization
 from ..models import EnvironmentGroup
 from ..models.Enums import (
-    ShareableType,
     EnvironmentType,
     EnvironmentPermission,
 )
@@ -29,8 +28,6 @@
     NamingConventionPattern,
 )
 
-from dataall.modules.datasets.db.models import DatasetStorageLocation
-
 log = logging.getLogger(__name__)
 
 
@@ -871,195 +868,8 @@ def paginated_environment_group_datasets(
             page_size=data.get('pageSize', 10),
         ).to_dict()
 
-    @staticmethod
-    @has_resource_perm(permissions.LIST_ENVIRONMENT_SHARED_WITH_OBJECTS)
-    def paginated_shared_with_environment_datasets(
-        session, username, groups, uri, data=None, check_perm=None
-    ) -> dict:
-        share_item_shared_states = api.ShareItemSM.get_share_item_shared_states()
-        q = (
-            session.query(
-                models.ShareObjectItem.shareUri.label('shareUri'),
-                models.Dataset.datasetUri.label('datasetUri'),
-                models.Dataset.name.label('datasetName'),
-                models.Dataset.description.label('datasetDescription'),
-                models.Environment.environmentUri.label('environmentUri'),
-                models.Environment.name.label('environmentName'),
-                models.ShareObject.created.label('created'),
-                models.ShareObject.principalId.label('principalId'),
-                models.ShareObjectItem.itemType.label('itemType'),
-                models.ShareObjectItem.GlueDatabaseName.label('GlueDatabaseName'),
-                models.ShareObjectItem.GlueTableName.label('GlueTableName'),
-                models.ShareObjectItem.S3AccessPointName.label('S3AccessPointName'),
-                models.Organization.organizationUri.label('organizationUri'),
-                models.Organization.name.label('organizationName'),
-                case(
-                    [
-                        (
-                            models.ShareObjectItem.itemType
-                            == ShareableType.Table.value,
-                            func.concat(
-                                models.DatasetTable.GlueDatabaseName,
-                                '.',
-                                models.DatasetTable.GlueTableName,
-                            ),
-                        ),
-                        (
-                            models.ShareObjectItem.itemType
-                            == ShareableType.StorageLocation.value,
-                            func.concat(DatasetStorageLocation.name),
-                        ),
-                    ],
-                    else_='XXX XXXX',
-                ).label('itemAccess'),
-            )
-            .join(
-                models.ShareObject,
-                models.ShareObject.shareUri == models.ShareObjectItem.shareUri,
-            )
-            .join(
-                models.Dataset,
-                models.ShareObject.datasetUri == models.Dataset.datasetUri,
-            )
-            .join(
-                models.Environment,
-                models.Environment.environmentUri == models.Dataset.environmentUri,
-            )
-            .join(
-                models.Organization,
-                models.Organization.organizationUri
-                == models.Environment.organizationUri,
-            )
-            .outerjoin(
-                models.DatasetTable,
-                models.ShareObjectItem.itemUri == models.DatasetTable.tableUri,
-            )
-            .outerjoin(
-                DatasetStorageLocation,
-                models.ShareObjectItem.itemUri
-                == DatasetStorageLocation.locationUri,
-            )
-            .filter(
-                and_(
-                    models.ShareObjectItem.status.in_(share_item_shared_states),
-                    models.ShareObject.environmentUri == uri,
-                )
-            )
-        )
-
-        if data.get('datasetUri'):
-            datasetUri = data.get('datasetUri')
-            q = q.filter(models.ShareObject.datasetUri == datasetUri)
-
-        if data.get('itemTypes', None):
-            itemTypes = data.get('itemTypes')
-            q = q.filter(
-                or_(*[models.ShareObjectItem.itemType == t for t in itemTypes])
-            )
-
-        if data.get("uniqueDatasets", False):
-            q = q.distinct(models.ShareObject.datasetUri)
-
-        if data.get('term'):
-            term = data.get('term')
-            q = q.filter(models.ShareObjectItem.itemName.ilike('%' + term + '%'))
-
-        return paginate(
-            query=q, page=data.get('page', 1), page_size=data.get('pageSize', 10)
-        ).to_dict()
-
-    @staticmethod
-    def paginated_shared_with_environment_group_datasets(
-        session, username, groups, envUri, groupUri, data=None, check_perm=None
-    ) -> dict:
-        share_item_shared_states = api.ShareItemSM.get_share_item_shared_states()
-        q = (
-            session.query(
-                models.ShareObjectItem.shareUri.label('shareUri'),
-                models.Dataset.datasetUri.label('datasetUri'),
-                models.Dataset.name.label('datasetName'),
-                models.Dataset.description.label('datasetDescription'),
-                models.Environment.environmentUri.label('environmentUri'),
-                models.Environment.name.label('environmentName'),
-                models.ShareObject.created.label('created'),
-                models.ShareObject.principalId.label('principalId'),
-                models.ShareObjectItem.itemType.label('itemType'),
-                models.ShareObjectItem.GlueDatabaseName.label('GlueDatabaseName'),
-                models.ShareObjectItem.GlueTableName.label('GlueTableName'),
-                models.ShareObjectItem.S3AccessPointName.label('S3AccessPointName'),
-                models.Organization.organizationUri.label('organizationUri'),
-                models.Organization.name.label('organizationName'),
-                case(
-                    [
-                        (
-                            models.ShareObjectItem.itemType
-                            == ShareableType.Table.value,
-                            func.concat(
-                                models.DatasetTable.GlueDatabaseName,
-                                '.',
-                                models.DatasetTable.GlueTableName,
-                            ),
-                        ),
-                        (
-                            models.ShareObjectItem.itemType
-                            == ShareableType.StorageLocation.value,
-                            func.concat(DatasetStorageLocation.name),
-                        ),
-                    ],
-                    else_='XXX XXXX',
-                ).label('itemAccess'),
-            )
-            .join(
-                models.ShareObject,
-                models.ShareObject.shareUri == models.ShareObjectItem.shareUri,
-            )
-            .join(
-                models.Dataset,
-                models.ShareObject.datasetUri == models.Dataset.datasetUri,
-            )
-            .join(
-                models.Environment,
-                models.Environment.environmentUri == models.Dataset.environmentUri,
-            )
-            .join(
-                models.Organization,
-                models.Organization.organizationUri
-                == models.Environment.organizationUri,
-            )
-            .outerjoin(
-                models.DatasetTable,
-                models.ShareObjectItem.itemUri == models.DatasetTable.tableUri,
-            )
-            .outerjoin(
-                DatasetStorageLocation,
-                models.ShareObjectItem.itemUri
-                == DatasetStorageLocation.locationUri,
-            )
-            .filter(
-                and_(
-                    models.ShareObjectItem.status.in_(share_item_shared_states),
-                    models.ShareObject.environmentUri == envUri,
-                    models.ShareObject.principalId == groupUri,
-                )
-            )
-        )
 
-        if data.get('datasetUri'):
-            datasetUri = data.get('datasetUri')
-            q = q.filter(models.ShareObject.datasetUri == datasetUri)
 
-        if data.get('itemTypes', None):
-            itemTypes = data.get('itemTypes')
-            q = q.filter(
-                or_(*[models.ShareObjectItem.itemType == t for t in itemTypes])
-            )
-        if data.get('term'):
-            term = data.get('term')
-            q = q.filter(models.ShareObjectItem.itemName.ilike('%' + term + '%'))
-
-        return paginate(
-            query=q, page=data.get('page', 1), page_size=data.get('pageSize', 10)
-        ).to_dict()
 
     @staticmethod
     def query_environment_networks(session, username, groups, uri, filter) -> Query:
diff --git a/backend/dataall/modules/datasets/services/dataset_share_service.py b/backend/dataall/modules/datasets/services/dataset_share_service.py
new file mode 100644
index 000000000..9ca84a1cf
--- /dev/null
+++ b/backend/dataall/modules/datasets/services/dataset_share_service.py
@@ -0,0 +1,204 @@
+import logging
+import re
+
+from sqlalchemy import or_, case, func
+from sqlalchemy.sql import and_
+
+from dataall.api.constants import ShareableType
+from dataall.db import models, permissions
+from dataall.db.api import has_resource_perm, ShareItemSM
+from dataall.db.paginator import paginate
+from dataall.modules.datasets.db.models import DatasetStorageLocation
+
+
+class DatasetShareService:
+
+    @staticmethod
+    @has_resource_perm(permissions.LIST_ENVIRONMENT_SHARED_WITH_OBJECTS)
+    def paginated_shared_with_environment_datasets(
+            session, username, groups, uri, data=None, check_perm=None
+    ) -> dict:
+        share_item_shared_states = ShareItemSM.get_share_item_shared_states()
+        q = (
+            session.query(
+                models.ShareObjectItem.shareUri.label('shareUri'),
+                models.Dataset.datasetUri.label('datasetUri'),
+                models.Dataset.name.label('datasetName'),
+                models.Dataset.description.label('datasetDescription'),
+                models.Environment.environmentUri.label('environmentUri'),
+                models.Environment.name.label('environmentName'),
+                models.ShareObject.created.label('created'),
+                models.ShareObject.principalId.label('principalId'),
+                models.ShareObjectItem.itemType.label('itemType'),
+                models.ShareObjectItem.GlueDatabaseName.label('GlueDatabaseName'),
+                models.ShareObjectItem.GlueTableName.label('GlueTableName'),
+                models.ShareObjectItem.S3AccessPointName.label('S3AccessPointName'),
+                models.Organization.organizationUri.label('organizationUri'),
+                models.Organization.name.label('organizationName'),
+                case(
+                    [
+                        (
+                            models.ShareObjectItem.itemType
+                            == ShareableType.Table.value,
+                            func.concat(
+                                models.DatasetTable.GlueDatabaseName,
+                                '.',
+                                models.DatasetTable.GlueTableName,
+                            ),
+                        ),
+                        (
+                            models.ShareObjectItem.itemType
+                            == ShareableType.StorageLocation.value,
+                            func.concat(DatasetStorageLocation.name),
+                        ),
+                    ],
+                    else_='XXX XXXX',
+                ).label('itemAccess'),
+            )
+            .join(
+                models.ShareObject,
+                models.ShareObject.shareUri == models.ShareObjectItem.shareUri,
+            )
+            .join(
+                models.Dataset,
+                models.ShareObject.datasetUri == models.Dataset.datasetUri,
+            )
+            .join(
+                models.Environment,
+                models.Environment.environmentUri == models.Dataset.environmentUri,
+            )
+            .join(
+                models.Organization,
+                models.Organization.organizationUri
+                == models.Environment.organizationUri,
+            )
+            .outerjoin(
+                models.DatasetTable,
+                models.ShareObjectItem.itemUri == models.DatasetTable.tableUri,
+            )
+            .outerjoin(
+                DatasetStorageLocation,
+                models.ShareObjectItem.itemUri
+                == DatasetStorageLocation.locationUri,
+            )
+            .filter(
+                and_(
+                    models.ShareObjectItem.status.in_(share_item_shared_states),
+                    models.ShareObject.environmentUri == uri,
+                )
+            )
+        )
+
+        if data.get('datasetUri'):
+            datasetUri = data.get('datasetUri')
+            q = q.filter(models.ShareObject.datasetUri == datasetUri)
+
+        if data.get('itemTypes', None):
+            itemTypes = data.get('itemTypes')
+            q = q.filter(
+                or_(*[models.ShareObjectItem.itemType == t for t in itemTypes])
+            )
+
+        if data.get("uniqueDatasets", False):
+            q = q.distinct(models.ShareObject.datasetUri)
+
+        if data.get('term'):
+            term = data.get('term')
+            q = q.filter(models.ShareObjectItem.itemName.ilike('%' + term + '%'))
+
+        return paginate(
+            query=q, page=data.get('page', 1), page_size=data.get('pageSize', 10)
+        ).to_dict()
+
+    @staticmethod
+    def paginated_shared_with_environment_group_datasets(
+            session, username, groups, envUri, groupUri, data=None, check_perm=None
+    ) -> dict:
+        share_item_shared_states = ShareItemSM.get_share_item_shared_states()
+        q = (
+            session.query(
+                models.ShareObjectItem.shareUri.label('shareUri'),
+                models.Dataset.datasetUri.label('datasetUri'),
+                models.Dataset.name.label('datasetName'),
+                models.Dataset.description.label('datasetDescription'),
+                models.Environment.environmentUri.label('environmentUri'),
+                models.Environment.name.label('environmentName'),
+                models.ShareObject.created.label('created'),
+                models.ShareObject.principalId.label('principalId'),
+                models.ShareObjectItem.itemType.label('itemType'),
+                models.ShareObjectItem.GlueDatabaseName.label('GlueDatabaseName'),
+                models.ShareObjectItem.GlueTableName.label('GlueTableName'),
+                models.ShareObjectItem.S3AccessPointName.label('S3AccessPointName'),
+                models.Organization.organizationUri.label('organizationUri'),
+                models.Organization.name.label('organizationName'),
+                case(
+                    [
+                        (
+                            models.ShareObjectItem.itemType
+                            == ShareableType.Table.value,
+                            func.concat(
+                                models.DatasetTable.GlueDatabaseName,
+                                '.',
+                                models.DatasetTable.GlueTableName,
+                            ),
+                        ),
+                        (
+                            models.ShareObjectItem.itemType
+                            == ShareableType.StorageLocation.value,
+                            func.concat(DatasetStorageLocation.name),
+                        ),
+                    ],
+                    else_='XXX XXXX',
+                ).label('itemAccess'),
+            )
+            .join(
+                models.ShareObject,
+                models.ShareObject.shareUri == models.ShareObjectItem.shareUri,
+            )
+            .join(
+                models.Dataset,
+                models.ShareObject.datasetUri == models.Dataset.datasetUri,
+            )
+            .join(
+                models.Environment,
+                models.Environment.environmentUri == models.Dataset.environmentUri,
+            )
+            .join(
+                models.Organization,
+                models.Organization.organizationUri
+                == models.Environment.organizationUri,
+            )
+            .outerjoin(
+                models.DatasetTable,
+                models.ShareObjectItem.itemUri == models.DatasetTable.tableUri,
+            )
+            .outerjoin(
+                DatasetStorageLocation,
+                models.ShareObjectItem.itemUri
+                == DatasetStorageLocation.locationUri,
+            )
+            .filter(
+                and_(
+                    models.ShareObjectItem.status.in_(share_item_shared_states),
+                    models.ShareObject.environmentUri == envUri,
+                    models.ShareObject.principalId == groupUri,
+                )
+            )
+        )
+
+        if data.get('datasetUri'):
+            datasetUri = data.get('datasetUri')
+            q = q.filter(models.ShareObject.datasetUri == datasetUri)
+
+        if data.get('itemTypes', None):
+            itemTypes = data.get('itemTypes')
+            q = q.filter(
+                or_(*[models.ShareObjectItem.itemType == t for t in itemTypes])
+            )
+        if data.get('term'):
+            term = data.get('term')
+            q = q.filter(models.ShareObjectItem.itemName.ilike('%' + term + '%'))
+
+        return paginate(
+            query=q, page=data.get('page', 1), page_size=data.get('pageSize', 10)
+        ).to_dict()

From 417e6e50fcd120c16bc8207c76a5733e7005ab04 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 19 Apr 2023 11:21:46 +0200
Subject: [PATCH 058/346] Datasets refactoring

Solved broken reference
---
 .../dataall/modules/datasets/api/storage_location/resolvers.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/backend/dataall/modules/datasets/api/storage_location/resolvers.py b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
index e66e767a9..32cfcfcac 100644
--- a/backend/dataall/modules/datasets/api/storage_location/resolvers.py
+++ b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
@@ -8,6 +8,7 @@
     Dataset,
     Environment,
 )
+from dataall.modules.datasets.handlers.s3_location_handler import S3DatasetLocationHandler
 from dataall.searchproxy import indexers
 from dataall.modules.datasets.db.models import DatasetStorageLocation
 from dataall.modules.datasets.services.dataset_location import DatasetStorageLocationService
@@ -26,7 +27,7 @@ def create_storage_location(
             check_perm=True,
         )
 
-        S3.create_bucket_prefix(location)
+        S3DatasetLocationHandler.create_bucket_prefix(location)
 
         indexers.upsert_folder(
             session=session, es=context.es, locationUri=location.locationUri

From 7aaff5b113182485b9b163a51c83f1234043c5a5 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 19 Apr 2023 16:30:09 +0200
Subject: [PATCH 059/346] Introduced Indexers

---
 .../api/Objects/Dashboard/resolvers.py        |   5 +-
 .../dataall/api/Objects/Dataset/resolvers.py  |  14 +-
 .../api/Objects/DatasetTable/resolvers.py     |   5 +-
 .../dataall/api/Objects/Glossary/registry.py  |  13 +-
 backend/dataall/api/Objects/Vote/resolvers.py |   7 +-
 backend/dataall/modules/datasets/__init__.py  |   4 +-
 .../api/storage_location/resolvers.py         |   7 +-
 backend/dataall/searchproxy/__init__.py       |   5 -
 backend/dataall/searchproxy/indexers.py       | 565 +++++++++---------
 backend/dataall/searchproxy/upsert.py         |  68 ++-
 backend/dataall/tasks/catalog_indexer.py      |   8 +-
 tests/api/conftest.py                         |   9 +-
 tests/searchproxy/test_indexers.py            |  15 +-
 tests/tasks/test_catalog_indexer.py           |   2 +-
 14 files changed, 380 insertions(+), 347 deletions(-)

diff --git a/backend/dataall/api/Objects/Dashboard/resolvers.py b/backend/dataall/api/Objects/Dashboard/resolvers.py
index 714b6c4b9..84a2a1bcc 100644
--- a/backend/dataall/api/Objects/Dashboard/resolvers.py
+++ b/backend/dataall/api/Objects/Dashboard/resolvers.py
@@ -8,6 +8,7 @@
 from ....db.api import ResourcePolicy, Glossary, Vote
 from ....searchproxy import indexers
 from ....utils import Parameter
+from dataall.searchproxy.indexers import DashboardIndexer
 
 param_store = Parameter()
 ENVNAME = os.getenv("envname", "local")
@@ -146,7 +147,7 @@ def import_dashboard(context: Context, source, input: dict = None):
             check_perm=True,
         )
 
-        indexers.upsert_dashboard(session, context.es, dashboard.dashboardUri)
+        DashboardIndexer.upsert(session, dashboard_uri=dashboard.dashboardUri)
 
     return dashboard
 
@@ -166,7 +167,7 @@ def update_dashboard(context, source, input: dict = None):
             check_perm=True,
         )
 
-        indexers.upsert_dashboard(session, context.es, dashboard.dashboardUri)
+        DashboardIndexer.upsert(session, dashboard_uri=dashboard.dashboardUri)
 
         return dashboard
 
diff --git a/backend/dataall/api/Objects/Dataset/resolvers.py b/backend/dataall/api/Objects/Dataset/resolvers.py
index a03b0647f..fcbc2d6f3 100644
--- a/backend/dataall/api/Objects/Dataset/resolvers.py
+++ b/backend/dataall/api/Objects/Dataset/resolvers.py
@@ -13,11 +13,11 @@
 from ....aws.handlers.glue import Glue
 from ....aws.handlers.service_handlers import Worker
 from ....aws.handlers.sts import SessionHelper
-from ....aws.handlers.sns import Sns
 from ....db import paginate, exceptions, permissions, models
 from ....db.api import Dataset, Environment, ShareObject, ResourcePolicy
 from ....db.api.organization import Organization
-from ....searchproxy import indexers
+from dataall.searchproxy import indexers
+from dataall.searchproxy.indexers import DatasetIndexer
 
 log = logging.getLogger(__name__)
 
@@ -34,8 +34,8 @@ def create_dataset(context: Context, source, input=None):
         )
         Dataset.create_dataset_stack(session, dataset)
 
-        indexers.upsert_dataset(
-            session=session, es=context.es, datasetUri=dataset.datasetUri
+        DatasetIndexer.upsert(
+            session=session, dataset_uri=dataset.datasetUri
         )
 
     stack_helper.deploy_dataset_stack(dataset)
@@ -72,8 +72,8 @@ def import_dataset(context: Context, source, input=None):
 
         Dataset.create_dataset_stack(session, dataset)
 
-        indexers.upsert_dataset(
-            session=session, es=context.es, datasetUri=dataset.datasetUri
+        DatasetIndexer.upsert(
+            session=session, dataset_uri=dataset.datasetUri
         )
 
     stack_helper.deploy_dataset_stack(dataset)
@@ -220,7 +220,7 @@ def update_dataset(context, source, datasetUri: str = None, input: dict = None):
             data=input,
             check_perm=True,
         )
-        indexers.upsert_dataset(session, context.es, datasetUri)
+        DatasetIndexer.upsert(session, dataset_uri=datasetUri)
 
     stack_helper.deploy_dataset_stack(updated_dataset)
 
diff --git a/backend/dataall/api/Objects/DatasetTable/resolvers.py b/backend/dataall/api/Objects/DatasetTable/resolvers.py
index 3e2b833e3..567985348 100644
--- a/backend/dataall/api/Objects/DatasetTable/resolvers.py
+++ b/backend/dataall/api/Objects/DatasetTable/resolvers.py
@@ -13,6 +13,7 @@
 from ....db.api import ResourcePolicy, Glossary
 from ....searchproxy import indexers
 from ....utils import json_utils
+from dataall.searchproxy.indexers import DatasetTableIndexer
 from dataall.modules.datasets.services.dataset_table import DatasetTableService
 
 log = logging.getLogger(__name__)
@@ -28,7 +29,7 @@ def create_table(context, source, datasetUri: str = None, input: dict = None):
             data=input,
             check_perm=True,
         )
-        indexers.upsert_table(session, context.es, table.tableUri)
+        DatasetTableIndexer.upsert(session, table_uri=table.tableUri)
     return table
 
 
@@ -80,7 +81,7 @@ def update_table(context, source, tableUri: str = None, input: dict = None):
             data=input,
             check_perm=True,
         )
-        indexers.upsert_table(session, context.es, table.tableUri)
+        DatasetTableIndexer.upsert(session, table_uri=table.tableUri)
     return table
 
 
diff --git a/backend/dataall/api/Objects/Glossary/registry.py b/backend/dataall/api/Objects/Glossary/registry.py
index 0f0cdb61f..cb82bf208 100644
--- a/backend/dataall/api/Objects/Glossary/registry.py
+++ b/backend/dataall/api/Objects/Glossary/registry.py
@@ -6,7 +6,8 @@
 from dataall.api import gql
 from dataall.api.gql.graphql_union_type import UnionTypeRegistry
 from dataall.db import Resource, models
-from dataall.searchproxy.indexers import upsert_dashboard, upsert_table, upsert_dataset
+from dataall.searchproxy.indexers import DashboardIndexer, DatasetTableIndexer, DatasetIndexer
+from dataall.searchproxy.upsert import BaseIndexer
 
 
 class Identifiable(Protocol):
@@ -20,7 +21,7 @@ class GlossaryDefinition:
     target_type: str
     object_type: str
     model: Union[Type[Resource], Identifiable]  # should be an intersection, but python typing doesn't have one yet
-    reindexer: Callable[[Any, OpenSearch, str], None] = None # a callback to reindex glossaries in open search
+    reindexer: Type[BaseIndexer] = None  # a callback to reindex glossaries in open search
 
     def target_uri(self):
         return self.model.uri()
@@ -58,25 +59,25 @@ def types(cls):
     def reindex(cls, session, es: OpenSearch, target_type: str, target_uri: str):
         definition = cls._DEFINITIONS[target_type]
         if definition.reindexer:
-            definition.reindexer(session, es, target_uri)
+            definition.reindexer.upsert(session, target_uri)
 
 
 GlossaryRegistry.register(GlossaryDefinition(
     target_type="Dashboard",
     object_type="Dashboard",
     model=models.Dashboard,
-    reindexer=upsert_dashboard
+    reindexer=DashboardIndexer
 ))
 
 GlossaryRegistry.register(GlossaryDefinition(
     target_type="DatasetTable",
     object_type="DatasetTable",
     model=models.DatasetTable,
-    reindexer=upsert_table
+    reindexer=DatasetTableIndexer
 ))
 GlossaryRegistry.register(GlossaryDefinition(
     target_type="Dataset",
     object_type="Dataset",
     model=models.Dataset,
-    reindexer=upsert_dataset
+    reindexer=DatasetIndexer
 ))
diff --git a/backend/dataall/api/Objects/Vote/resolvers.py b/backend/dataall/api/Objects/Vote/resolvers.py
index da41462cd..34dcd9f05 100644
--- a/backend/dataall/api/Objects/Vote/resolvers.py
+++ b/backend/dataall/api/Objects/Vote/resolvers.py
@@ -1,7 +1,6 @@
 from .... import db
 from ....api.context import Context
-from ....searchproxy.indexers import upsert_dashboard
-from ....searchproxy.indexers import upsert_dataset
+from dataall.searchproxy.indexers import DatasetIndexer, DashboardIndexer
 
 
 def count_upvotes(
@@ -34,9 +33,9 @@ def upvote(context: Context, source, input=None):
 
 def reindex(session, es, vote):
     if vote.targetType == 'dataset':
-        upsert_dataset(session=session, es=es, datasetUri=vote.targetUri)
+        DatasetIndexer.upsert(session=session, dataset_uri=vote.targetUri)
     elif vote.targetType == 'dashboard':
-        upsert_dashboard(session=session, es=es, dashboardUri=vote.targetUri)
+        DashboardIndexer.upsert(session=session, dashboard_uri=vote.targetUri)
 
 
 def get_vote(context: Context, source, targetUri: str = None, targetType: str = None):
diff --git a/backend/dataall/modules/datasets/__init__.py b/backend/dataall/modules/datasets/__init__.py
index 3e50f37fa..a2f600f68 100644
--- a/backend/dataall/modules/datasets/__init__.py
+++ b/backend/dataall/modules/datasets/__init__.py
@@ -6,7 +6,7 @@
 from dataall.api.Objects.Glossary.registry import GlossaryRegistry, GlossaryDefinition
 from dataall.modules.datasets.db.models import DatasetTableColumn, DatasetStorageLocation
 from dataall.modules.loader import ModuleInterface, ImportMode
-from dataall.searchproxy.indexers import upsert_folder
+from dataall.searchproxy.indexers import DatasetLocationIndexer
 
 log = logging.getLogger(__name__)
 
@@ -29,7 +29,7 @@ def __init__(self):
             target_type="Folder",
             object_type="DatasetStorageLocation",
             model=DatasetStorageLocation,
-            reindexer=upsert_folder
+            reindexer=DatasetLocationIndexer
         ))
 
         log.info("API of datasets has been imported")
diff --git a/backend/dataall/modules/datasets/api/storage_location/resolvers.py b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
index 32cfcfcac..4aebc1458 100644
--- a/backend/dataall/modules/datasets/api/storage_location/resolvers.py
+++ b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
@@ -12,6 +12,7 @@
 from dataall.searchproxy import indexers
 from dataall.modules.datasets.db.models import DatasetStorageLocation
 from dataall.modules.datasets.services.dataset_location import DatasetStorageLocationService
+from dataall.searchproxy.indexers import DatasetLocationIndexer
 
 
 def create_storage_location(
@@ -29,9 +30,7 @@ def create_storage_location(
 
         S3DatasetLocationHandler.create_bucket_prefix(location)
 
-        indexers.upsert_folder(
-            session=session, es=context.es, locationUri=location.locationUri
-        )
+        DatasetLocationIndexer.upsert(session=session, folder_uri=location.locationUri)
     return location
 
 
@@ -74,7 +73,7 @@ def update_storage_location(
             data=input,
             check_perm=True,
         )
-        indexers.upsert_folder(session, context.es, location.locationUri)
+        DatasetLocationIndexer.upsert(session, folder_uri=location.locationUri)
 
         return location
 
diff --git a/backend/dataall/searchproxy/__init__.py b/backend/dataall/searchproxy/__init__.py
index 1a69dac6c..8b648babe 100644
--- a/backend/dataall/searchproxy/__init__.py
+++ b/backend/dataall/searchproxy/__init__.py
@@ -1,15 +1,10 @@
 from .connect import connect
-from .indexers import upsert_dataset
-from .indexers import upsert_table
 from .indexers import upsert_dataset_tables
 from .search import run_query
-from .upsert import upsert
 
 __all__ = [
     'connect',
     'run_query',
     'upsert',
-    'upsert_dataset',
-    'upsert_table',
     'upsert_dataset_tables',
 ]
diff --git a/backend/dataall/searchproxy/indexers.py b/backend/dataall/searchproxy/indexers.py
index 7361c2150..34c1c3d17 100644
--- a/backend/dataall/searchproxy/indexers.py
+++ b/backend/dataall/searchproxy/indexers.py
@@ -1,319 +1,300 @@
 import logging
 
 from sqlalchemy import and_
-from sqlalchemy.orm import with_expression
 
-from .upsert import upsert
 from .. import db
 from ..db import models
+from dataall.searchproxy.upsert import BaseIndexer
 from dataall.modules.datasets.db.models import DatasetStorageLocation
 
 log = logging.getLogger(__name__)
 
 
-def get_target_glossary_terms(session, targetUri):
-    q = (
-        session.query(models.TermLink)
-        .options(
-            with_expression(models.TermLink.path, models.GlossaryNode.path),
-            with_expression(models.TermLink.label, models.GlossaryNode.label),
-            with_expression(models.TermLink.readme, models.GlossaryNode.readme),
+class DatasetIndexer(BaseIndexer):
+
+    @classmethod
+    def upsert(cls, session, dataset_uri: str):
+        dataset = (
+            session.query(
+                models.Dataset.datasetUri.label('datasetUri'),
+                models.Dataset.name.label('name'),
+                models.Dataset.owner.label('owner'),
+                models.Dataset.label.label('label'),
+                models.Dataset.description.label('description'),
+                models.Dataset.confidentiality.label('classification'),
+                models.Dataset.tags.label('tags'),
+                models.Dataset.topics.label('topics'),
+                models.Dataset.region.label('region'),
+                models.Organization.organizationUri.label('orgUri'),
+                models.Organization.name.label('orgName'),
+                models.Environment.environmentUri.label('envUri'),
+                models.Environment.name.label('envName'),
+                models.Dataset.SamlAdminGroupName.label('admins'),
+                models.Dataset.GlueDatabaseName.label('database'),
+                models.Dataset.S3BucketName.label('source'),
+                models.Dataset.created,
+                models.Dataset.updated,
+                models.Dataset.deleted,
+            )
+            .join(
+                models.Organization,
+                models.Dataset.organizationUri == models.Organization.organizationUri,
+            )
+            .join(
+                models.Environment,
+                models.Dataset.environmentUri == models.Environment.environmentUri,
+            )
+            .filter(models.Dataset.datasetUri == dataset_uri)
+            .first()
         )
-        .join(
-            models.GlossaryNode, models.GlossaryNode.nodeUri == models.TermLink.nodeUri
+        count_tables = db.api.Dataset.count_dataset_tables(session, dataset_uri)
+        count_folders = db.api.Dataset.count_dataset_locations(session, dataset_uri)
+        count_upvotes = db.api.Vote.count_upvotes(
+            session, None, None, dataset_uri, {'targetType': 'dataset'}
         )
-        .filter(
-            and_(
-                models.TermLink.targetUri == targetUri,
-                models.TermLink.approvedBySteward.is_(True),
+
+        if dataset:
+            glossary = BaseIndexer._get_target_glossary_terms(session, dataset_uri)
+            BaseIndexer._index(
+                doc_id=dataset_uri,
+                doc={
+                    'name': dataset.name,
+                    'owner': dataset.owner,
+                    'label': dataset.label,
+                    'admins': dataset.admins,
+                    'database': dataset.database,
+                    'source': dataset.source,
+                    'resourceKind': 'dataset',
+                    'description': dataset.description,
+                    'classification': dataset.classification,
+                    'tags': [t.replace('-', '') for t in dataset.tags or []],
+                    'topics': dataset.topics,
+                    'region': dataset.region.replace('-', ''),
+                    'environmentUri': dataset.envUri,
+                    'environmentName': dataset.envName,
+                    'organizationUri': dataset.orgUri,
+                    'organizationName': dataset.orgName,
+                    'created': dataset.created,
+                    'updated': dataset.updated,
+                    'deleted': dataset.deleted,
+                    'glossary': glossary,
+                    'tables': count_tables,
+                    'folders': count_folders,
+                    'upvotes': count_upvotes,
+                },
             )
-        )
-    )
-    return [t.path for t in q]
+        return dataset
 
 
-def upsert_dataset(session, es, datasetUri: str):
-    dataset = (
-        session.query(
-            models.Dataset.datasetUri.label('datasetUri'),
-            models.Dataset.name.label('name'),
-            models.Dataset.owner.label('owner'),
-            models.Dataset.label.label('label'),
-            models.Dataset.description.label('description'),
-            models.Dataset.confidentiality.label('classification'),
-            models.Dataset.tags.label('tags'),
-            models.Dataset.topics.label('topics'),
-            models.Dataset.region.label('region'),
-            models.Organization.organizationUri.label('orgUri'),
-            models.Organization.name.label('orgName'),
-            models.Environment.environmentUri.label('envUri'),
-            models.Environment.name.label('envName'),
-            models.Dataset.SamlAdminGroupName.label('admins'),
-            models.Dataset.GlueDatabaseName.label('database'),
-            models.Dataset.S3BucketName.label('source'),
-            models.Dataset.created,
-            models.Dataset.updated,
-            models.Dataset.deleted,
-        )
-        .join(
-            models.Organization,
-            models.Dataset.organizationUri == models.Organization.organizationUri,
-        )
-        .join(
-            models.Environment,
-            models.Dataset.environmentUri == models.Environment.environmentUri,
-        )
-        .filter(models.Dataset.datasetUri == datasetUri)
-        .first()
-    )
-    count_tables = db.api.Dataset.count_dataset_tables(session, datasetUri)
-    count_folders = db.api.Dataset.count_dataset_locations(session, datasetUri)
-    count_upvotes = db.api.Vote.count_upvotes(
-        session, None, None, datasetUri, {'targetType': 'dataset'}
-    )
+class DatasetTableIndexer(BaseIndexer):
 
-    if dataset:
-        glossary = get_target_glossary_terms(session, datasetUri)
-        upsert(
-            es=es,
-            index='dataall-index',
-            id=datasetUri,
-            doc={
-                'name': dataset.name,
-                'owner': dataset.owner,
-                'label': dataset.label,
-                'admins': dataset.admins,
-                'database': dataset.database,
-                'source': dataset.source,
-                'resourceKind': 'dataset',
-                'description': dataset.description,
-                'classification': dataset.classification,
-                'tags': [t.replace('-', '') for t in dataset.tags or []],
-                'topics': dataset.topics,
-                'region': dataset.region.replace('-', ''),
-                'environmentUri': dataset.envUri,
-                'environmentName': dataset.envName,
-                'organizationUri': dataset.orgUri,
-                'organizationName': dataset.orgName,
-                'created': dataset.created,
-                'updated': dataset.updated,
-                'deleted': dataset.deleted,
-                'glossary': glossary,
-                'tables': count_tables,
-                'folders': count_folders,
-                'upvotes': count_upvotes,
-            },
+    @classmethod
+    def upsert(cls, session, table_uri: str):
+        table = (
+            session.query(
+                models.DatasetTable.datasetUri.label('datasetUri'),
+                models.DatasetTable.tableUri.label('uri'),
+                models.DatasetTable.name.label('name'),
+                models.DatasetTable.owner.label('owner'),
+                models.DatasetTable.label.label('label'),
+                models.DatasetTable.description.label('description'),
+                models.Dataset.confidentiality.label('classification'),
+                models.DatasetTable.tags.label('tags'),
+                models.Dataset.topics.label('topics'),
+                models.Dataset.region.label('region'),
+                models.Organization.organizationUri.label('orgUri'),
+                models.Organization.name.label('orgName'),
+                models.Environment.environmentUri.label('envUri'),
+                models.Environment.name.label('envName'),
+                models.Dataset.SamlAdminGroupName.label('admins'),
+                models.Dataset.GlueDatabaseName.label('database'),
+                models.Dataset.S3BucketName.label('source'),
+                models.DatasetTable.created,
+                models.DatasetTable.updated,
+                models.DatasetTable.deleted,
+            )
+            .join(
+                models.Dataset,
+                models.Dataset.datasetUri == models.DatasetTable.datasetUri,
+            )
+            .join(
+                models.Organization,
+                models.Dataset.organizationUri == models.Organization.organizationUri,
+            )
+            .join(
+                models.Environment,
+                models.Dataset.environmentUri == models.Environment.environmentUri,
+            )
+            .filter(models.DatasetTable.tableUri == table_uri)
+            .first()
         )
-    return dataset
-
 
-def upsert_table(session, es, tableUri: str):
-    table = (
-        session.query(
-            models.DatasetTable.datasetUri.label('datasetUri'),
-            models.DatasetTable.tableUri.label('uri'),
-            models.DatasetTable.name.label('name'),
-            models.DatasetTable.owner.label('owner'),
-            models.DatasetTable.label.label('label'),
-            models.DatasetTable.description.label('description'),
-            models.Dataset.confidentiality.label('classification'),
-            models.DatasetTable.tags.label('tags'),
-            models.Dataset.topics.label('topics'),
-            models.Dataset.region.label('region'),
-            models.Organization.organizationUri.label('orgUri'),
-            models.Organization.name.label('orgName'),
-            models.Environment.environmentUri.label('envUri'),
-            models.Environment.name.label('envName'),
-            models.Dataset.SamlAdminGroupName.label('admins'),
-            models.Dataset.GlueDatabaseName.label('database'),
-            models.Dataset.S3BucketName.label('source'),
-            models.DatasetTable.created,
-            models.DatasetTable.updated,
-            models.DatasetTable.deleted,
-        )
-        .join(
-            models.Dataset,
-            models.Dataset.datasetUri == models.DatasetTable.datasetUri,
-        )
-        .join(
-            models.Organization,
-            models.Dataset.organizationUri == models.Organization.organizationUri,
-        )
-        .join(
-            models.Environment,
-            models.Dataset.environmentUri == models.Environment.environmentUri,
-        )
-        .filter(models.DatasetTable.tableUri == tableUri)
-        .first()
-    )
+        if table:
+            glossary = BaseIndexer._get_target_glossary_terms(session, table_uri)
+            tags = table.tags if table.tags else []
+            BaseIndexer._index(
+                doc_id=table_uri,
+                doc={
+                    'name': table.name,
+                    'admins': table.admins,
+                    'owner': table.owner,
+                    'label': table.label,
+                    'resourceKind': 'table',
+                    'description': table.description,
+                    'database': table.database,
+                    'source': table.source,
+                    'classification': table.classification,
+                    'tags': [t.replace('-', '') for t in tags or []],
+                    'topics': table.topics,
+                    'region': table.region.replace('-', ''),
+                    'datasetUri': table.datasetUri,
+                    'environmentUri': table.envUri,
+                    'environmentName': table.envName,
+                    'organizationUri': table.orgUri,
+                    'organizationName': table.orgName,
+                    'created': table.created,
+                    'updated': table.updated,
+                    'deleted': table.deleted,
+                    'glossary': glossary,
+                },
+            )
+            DatasetIndexer.upsert(session=session, dataset_uri=table.datasetUri)
+        return table
 
-    if table:
-        glossary = get_target_glossary_terms(session, tableUri)
-        tags = table.tags if table.tags else []
-        upsert(
-            es=es,
-            index='dataall-index',
-            id=tableUri,
-            doc={
-                'name': table.name,
-                'admins': table.admins,
-                'owner': table.owner,
-                'label': table.label,
-                'resourceKind': 'table',
-                'description': table.description,
-                'database': table.database,
-                'source': table.source,
-                'classification': table.classification,
-                'tags': [t.replace('-', '') for t in tags or []],
-                'topics': table.topics,
-                'region': table.region.replace('-', ''),
-                'datasetUri': table.datasetUri,
-                'environmentUri': table.envUri,
-                'environmentName': table.envName,
-                'organizationUri': table.orgUri,
-                'organizationName': table.orgName,
-                'created': table.created,
-                'updated': table.updated,
-                'deleted': table.deleted,
-                'glossary': glossary,
-            },
-        )
-        upsert_dataset(session, es, table.datasetUri)
-    return table
 
+class DatasetLocationIndexer(BaseIndexer):
 
-def upsert_folder(session, es, locationUri: str):
-    folder = (
-        session.query(
-            DatasetStorageLocation.datasetUri.label('datasetUri'),
-            DatasetStorageLocation.locationUri.label('uri'),
-            DatasetStorageLocation.name.label('name'),
-            DatasetStorageLocation.owner.label('owner'),
-            DatasetStorageLocation.label.label('label'),
-            DatasetStorageLocation.description.label('description'),
-            DatasetStorageLocation.tags.label('tags'),
-            DatasetStorageLocation.region.label('region'),
-            models.Organization.organizationUri.label('orgUri'),
-            models.Organization.name.label('orgName'),
-            models.Environment.environmentUri.label('envUri'),
-            models.Environment.name.label('envName'),
-            models.Dataset.SamlAdminGroupName.label('admins'),
-            models.Dataset.S3BucketName.label('source'),
-            models.Dataset.topics.label('topics'),
-            models.Dataset.confidentiality.label('classification'),
-            DatasetStorageLocation.created,
-            DatasetStorageLocation.updated,
-            DatasetStorageLocation.deleted,
-        )
-        .join(
-            models.Dataset,
-            models.Dataset.datasetUri == DatasetStorageLocation.datasetUri,
-        )
-        .join(
-            models.Organization,
-            models.Dataset.organizationUri == models.Organization.organizationUri,
-        )
-        .join(
-            models.Environment,
-            models.Dataset.environmentUri == models.Environment.environmentUri,
-        )
-        .filter(DatasetStorageLocation.locationUri == locationUri)
-        .first()
-    )
-    if folder:
-        glossary = get_target_glossary_terms(session, locationUri)
-        upsert(
-            es=es,
-            index='dataall-index',
-            id=locationUri,
-            doc={
-                'name': folder.name,
-                'admins': folder.admins,
-                'owner': folder.owner,
-                'label': folder.label,
-                'resourceKind': 'folder',
-                'description': folder.description,
-                'source': folder.source,
-                'classification': folder.classification,
-                'tags': [f.replace('-', '') for f in folder.tags or []],
-                'topics': folder.topics,
-                'region': folder.region.replace('-', ''),
-                'datasetUri': folder.datasetUri,
-                'environmentUri': folder.envUri,
-                'environmentName': folder.envName,
-                'organizationUri': folder.orgUri,
-                'organizationName': folder.orgName,
-                'created': folder.created,
-                'updated': folder.updated,
-                'deleted': folder.deleted,
-                'glossary': glossary,
-            },
+    @classmethod
+    def upsert(cls, session, folder_uri: str):
+        folder = (
+            session.query(
+                DatasetStorageLocation.datasetUri.label('datasetUri'),
+                DatasetStorageLocation.locationUri.label('uri'),
+                DatasetStorageLocation.name.label('name'),
+                DatasetStorageLocation.owner.label('owner'),
+                DatasetStorageLocation.label.label('label'),
+                DatasetStorageLocation.description.label('description'),
+                DatasetStorageLocation.tags.label('tags'),
+                DatasetStorageLocation.region.label('region'),
+                models.Organization.organizationUri.label('orgUri'),
+                models.Organization.name.label('orgName'),
+                models.Environment.environmentUri.label('envUri'),
+                models.Environment.name.label('envName'),
+                models.Dataset.SamlAdminGroupName.label('admins'),
+                models.Dataset.S3BucketName.label('source'),
+                models.Dataset.topics.label('topics'),
+                models.Dataset.confidentiality.label('classification'),
+                DatasetStorageLocation.created,
+                DatasetStorageLocation.updated,
+                DatasetStorageLocation.deleted,
+            )
+            .join(
+                models.Dataset,
+                models.Dataset.datasetUri == DatasetStorageLocation.datasetUri,
+            )
+            .join(
+                models.Organization,
+                models.Dataset.organizationUri == models.Organization.organizationUri,
+            )
+            .join(
+                models.Environment,
+                models.Dataset.environmentUri == models.Environment.environmentUri,
+            )
+            .filter(DatasetStorageLocation.locationUri == folder_uri)
+            .first()
         )
-        upsert_dataset(session, es, folder.datasetUri)
-    return folder
+        if folder:
+            glossary = BaseIndexer._get_target_glossary_terms(session, folder_uri)
+            BaseIndexer._index(
+                doc_id=folder_uri,
+                doc={
+                    'name': folder.name,
+                    'admins': folder.admins,
+                    'owner': folder.owner,
+                    'label': folder.label,
+                    'resourceKind': 'folder',
+                    'description': folder.description,
+                    'source': folder.source,
+                    'classification': folder.classification,
+                    'tags': [f.replace('-', '') for f in folder.tags or []],
+                    'topics': folder.topics,
+                    'region': folder.region.replace('-', ''),
+                    'datasetUri': folder.datasetUri,
+                    'environmentUri': folder.envUri,
+                    'environmentName': folder.envName,
+                    'organizationUri': folder.orgUri,
+                    'organizationName': folder.orgName,
+                    'created': folder.created,
+                    'updated': folder.updated,
+                    'deleted': folder.deleted,
+                    'glossary': glossary,
+                },
+            )
+            DatasetIndexer.upsert(session=session, dataset_uri=folder.datasetUri)
+        return folder
 
 
-def upsert_dashboard(session, es, dashboardUri: str):
-    dashboard = (
-        session.query(
-            models.Dashboard.dashboardUri.label('uri'),
-            models.Dashboard.name.label('name'),
-            models.Dashboard.owner.label('owner'),
-            models.Dashboard.label.label('label'),
-            models.Dashboard.description.label('description'),
-            models.Dashboard.tags.label('tags'),
-            models.Dashboard.region.label('region'),
-            models.Organization.organizationUri.label('orgUri'),
-            models.Organization.name.label('orgName'),
-            models.Environment.environmentUri.label('envUri'),
-            models.Environment.name.label('envName'),
-            models.Dashboard.SamlGroupName.label('admins'),
-            models.Dashboard.created,
-            models.Dashboard.updated,
-            models.Dashboard.deleted,
-        )
-        .join(
-            models.Organization,
-            models.Dashboard.organizationUri == models.Dashboard.organizationUri,
-        )
-        .join(
-            models.Environment,
-            models.Dashboard.environmentUri == models.Environment.environmentUri,
-        )
-        .filter(models.Dashboard.dashboardUri == dashboardUri)
-        .first()
-    )
-    if dashboard:
-        glossary = get_target_glossary_terms(session, dashboardUri)
-        count_upvotes = db.api.Vote.count_upvotes(
-            session, None, None, dashboardUri, {'targetType': 'dashboard'}
-        )
-        upsert(
-            es=es,
-            index='dataall-index',
-            id=dashboardUri,
-            doc={
-                'name': dashboard.name,
-                'admins': dashboard.admins,
-                'owner': dashboard.owner,
-                'label': dashboard.label,
-                'resourceKind': 'dashboard',
-                'description': dashboard.description,
-                'tags': [f.replace('-', '') for f in dashboard.tags or []],
-                'topics': [],
-                'region': dashboard.region.replace('-', ''),
-                'environmentUri': dashboard.envUri,
-                'environmentName': dashboard.envName,
-                'organizationUri': dashboard.orgUri,
-                'organizationName': dashboard.orgName,
-                'created': dashboard.created,
-                'updated': dashboard.updated,
-                'deleted': dashboard.deleted,
-                'glossary': glossary,
-                'upvotes': count_upvotes,
-            },
+class DashboardIndexer(BaseIndexer):
+    @classmethod
+    def upsert(cls, session, dashboard_uri: str):
+        dashboard = (
+            session.query(
+                models.Dashboard.dashboardUri.label('uri'),
+                models.Dashboard.name.label('name'),
+                models.Dashboard.owner.label('owner'),
+                models.Dashboard.label.label('label'),
+                models.Dashboard.description.label('description'),
+                models.Dashboard.tags.label('tags'),
+                models.Dashboard.region.label('region'),
+                models.Organization.organizationUri.label('orgUri'),
+                models.Organization.name.label('orgName'),
+                models.Environment.environmentUri.label('envUri'),
+                models.Environment.name.label('envName'),
+                models.Dashboard.SamlGroupName.label('admins'),
+                models.Dashboard.created,
+                models.Dashboard.updated,
+                models.Dashboard.deleted,
+            )
+            .join(
+                models.Organization,
+                models.Dashboard.organizationUri == models.Dashboard.organizationUri,
+            )
+            .join(
+                models.Environment,
+                models.Dashboard.environmentUri == models.Environment.environmentUri,
+            )
+            .filter(models.Dashboard.dashboardUri == dashboard_uri)
+            .first()
         )
-    return dashboard
+        if dashboard:
+            glossary = BaseIndexer._get_target_glossary_terms(session, dashboard_uri)
+            count_upvotes = db.api.Vote.count_upvotes(
+                session, None, None, dashboard_uri, {'targetType': 'dashboard'}
+            )
+            BaseIndexer._index(
+                doc_id=dashboard_uri,
+                doc={
+                    'name': dashboard.name,
+                    'admins': dashboard.admins,
+                    'owner': dashboard.owner,
+                    'label': dashboard.label,
+                    'resourceKind': 'dashboard',
+                    'description': dashboard.description,
+                    'tags': [f.replace('-', '') for f in dashboard.tags or []],
+                    'topics': [],
+                    'region': dashboard.region.replace('-', ''),
+                    'environmentUri': dashboard.envUri,
+                    'environmentName': dashboard.envName,
+                    'organizationUri': dashboard.orgUri,
+                    'organizationName': dashboard.orgName,
+                    'created': dashboard.created,
+                    'updated': dashboard.updated,
+                    'deleted': dashboard.deleted,
+                    'glossary': glossary,
+                    'upvotes': count_upvotes,
+                },
+            )
+        return dashboard
 
 
 def upsert_dataset_tables(session, es, datasetUri: str):
@@ -328,7 +309,7 @@ def upsert_dataset_tables(session, es, datasetUri: str):
         .all()
     )
     for table in tables:
-        upsert_table(session, es, table.tableUri)
+        DatasetTableIndexer.upsert(session=session, table_uri=table.tableUri)
     return tables
 
 
@@ -355,7 +336,7 @@ def upsert_dataset_folders(session, es, datasetUri: str):
         .all()
     )
     for folder in folders:
-        upsert_folder(session, es, folder.locationUri)
+        DatasetLocationIndexer.upsert(session=session, folder_uri=folder.locationUri)
     return folders
 
 
diff --git a/backend/dataall/searchproxy/upsert.py b/backend/dataall/searchproxy/upsert.py
index 0fd9735e5..9eb2e3125 100644
--- a/backend/dataall/searchproxy/upsert.py
+++ b/backend/dataall/searchproxy/upsert.py
@@ -1,15 +1,65 @@
 import logging
+import os
+from abc import ABC, abstractmethod
 from datetime import datetime
+from operator import and_
+
+from sqlalchemy.orm import with_expression
+
+from dataall.db import models
+from dataall.searchproxy import connect
 
 log = logging.getLogger(__name__)
 
 
-def upsert(es, index, id, doc):
-    doc['_indexed'] = datetime.now()
-    if es:
-        res = es.index(index=index, id=id, body=doc)
-        log.info(f'doc {doc} for id {id} indexed with response {res}')
-        return True
-    else:
-        log.error(f'ES config is missing doc {doc} for id {id} was not indexed')
-        return False
+class BaseIndexer(ABC):
+    """API to work with OpenSearch"""
+    _INDEX = 'dataall-index'
+    _es = None
+
+    @classmethod
+    def es(cls):
+        """Lazy creation of the OpenSearch connection"""
+        if cls._es is None:
+            cls._es = connect(envname=os.getenv('envname', 'local'))
+
+        return cls._es
+
+    @staticmethod
+    @abstractmethod
+    def upsert(session, target_id):
+        raise NotImplementedError("Method upsert is not implemented")
+
+    @classmethod
+    def _index(cls, doc_id, doc):
+        es = cls.es()
+        doc['_indexed'] = datetime.now()
+        if es:
+            res = es.index(index=BaseIndexer._INDEX, id=doc_id, body=doc)
+            log.info(f'doc {doc} for id {doc_id} indexed with response {res}')
+            return True
+        else:
+            log.error(f'ES config is missing doc {doc} for id {doc_id} was not indexed')
+            return False
+
+    @staticmethod
+    def _get_target_glossary_terms(session, target_uri):
+        q = (
+            session.query(models.TermLink)
+            .options(
+                with_expression(models.TermLink.path, models.GlossaryNode.path),
+                with_expression(models.TermLink.label, models.GlossaryNode.label),
+                with_expression(models.TermLink.readme, models.GlossaryNode.readme),
+            )
+            .join(
+                models.GlossaryNode, models.GlossaryNode.nodeUri == models.TermLink.nodeUri
+            )
+            .filter(
+                and_(
+                    models.TermLink.targetUri == target_uri,
+                    models.TermLink.approvedBySteward.is_(True),
+                )
+            )
+        )
+        return [t.path for t in q]
+
diff --git a/backend/dataall/tasks/catalog_indexer.py b/backend/dataall/tasks/catalog_indexer.py
index 2a53880c8..9c70ce9ca 100644
--- a/backend/dataall/tasks/catalog_indexer.py
+++ b/backend/dataall/tasks/catalog_indexer.py
@@ -5,7 +5,7 @@
 from .. import db
 from ..db import get_engine, exceptions
 from ..db import models
-from ..searchproxy import indexers
+from dataall.searchproxy.indexers import upsert_dataset_tables, upsert_dataset_folders, DashboardIndexer
 from ..searchproxy.connect import (
     connect,
 )
@@ -33,8 +33,8 @@ def index_objects(engine, es):
             log.info(f'Found {len(all_datasets)} datasets')
             dataset: models.Dataset
             for dataset in all_datasets:
-                tables = indexers.upsert_dataset_tables(session, es, dataset.datasetUri)
-                folders = indexers.upsert_dataset_folders(
+                tables = upsert_dataset_tables(session, es, dataset.datasetUri)
+                folders = upsert_dataset_folders(
                     session, es, dataset.datasetUri
                 )
                 indexed_objects_counter = (
@@ -45,7 +45,7 @@ def index_objects(engine, es):
             log.info(f'Found {len(all_dashboards)} dashboards')
             dashboard: models.Dashboard
             for dashboard in all_dashboards:
-                indexers.upsert_dashboard(session, es, dashboard.dashboardUri)
+                DashboardIndexer.upsert(session=session, dashboard_uri=dashboard.dashboardUri)
                 indexed_objects_counter = indexed_objects_counter + 1
 
             log.info(f'Successfully indexed {indexed_objects_counter} objects')
diff --git a/tests/api/conftest.py b/tests/api/conftest.py
index 8334f7700..4a160d818 100644
--- a/tests/api/conftest.py
+++ b/tests/api/conftest.py
@@ -1,3 +1,4 @@
+import dataall.searchproxy.indexers
 from .client import *
 from dataall.db import models
 from dataall.api import constants
@@ -29,10 +30,10 @@ def patch_es(module_mocker):
     module_mocker.patch('dataall.searchproxy.search', return_value={})
     module_mocker.patch('dataall.searchproxy.upsert', return_value={})
     module_mocker.patch('dataall.searchproxy.indexers.upsert_dataset_tables', return_value={})
-    module_mocker.patch('dataall.searchproxy.indexers.upsert_dataset', return_value={})
-    module_mocker.patch('dataall.searchproxy.indexers.upsert_table', return_value={})
-    module_mocker.patch('dataall.searchproxy.indexers.upsert_folder', return_value={})
-    module_mocker.patch('dataall.searchproxy.indexers.upsert_dashboard', return_value={})
+    module_mocker.patch('dataall.searchproxy.indexers.DatasetIndexer.upsert', return_value={})
+    module_mocker.patch('dataall.searchproxy.indexers.DatasetTableIndexer.upsert', return_value={})
+    module_mocker.patch('dataall.searchproxy.indexers.DatasetLocationIndexer.upsert', return_value={})
+    module_mocker.patch('dataall.searchproxy.indexers.DashboardIndexer.upsert', return_value={})
     module_mocker.patch('dataall.searchproxy.indexers.delete_doc', return_value={})
 
 
diff --git a/tests/searchproxy/test_indexers.py b/tests/searchproxy/test_indexers.py
index fcdb18bb0..b9c823957 100644
--- a/tests/searchproxy/test_indexers.py
+++ b/tests/searchproxy/test_indexers.py
@@ -5,6 +5,11 @@
 import dataall
 from dataall.searchproxy import indexers
 from dataall.modules.datasets.db.models import DatasetStorageLocation
+from dataall.searchproxy.indexers import (
+    DatasetIndexer,
+    DatasetTableIndexer,
+    DatasetLocationIndexer,
+)
 
 
 @pytest.fixture(scope='module', autouse=True)
@@ -124,8 +129,8 @@ def test_es_request():
 def test_upsert_dataset(db, dataset, env, mocker):
     mocker.patch('dataall.searchproxy.upsert', return_value={})
     with db.scoped_session() as session:
-        dataset_indexed = indexers.upsert_dataset(
-            session, es={}, datasetUri=dataset.datasetUri
+        dataset_indexed = DatasetIndexer.upsert(
+            session, dataset_uri=dataset.datasetUri
         )
         assert dataset_indexed.datasetUri == dataset.datasetUri
 
@@ -133,15 +138,15 @@ def test_upsert_dataset(db, dataset, env, mocker):
 def test_upsert_table(db, dataset, env, mocker, table):
     mocker.patch('dataall.searchproxy.upsert', return_value={})
     with db.scoped_session() as session:
-        table_indexed = indexers.upsert_table(session, es={}, tableUri=table.tableUri)
+        table_indexed = DatasetTableIndexer.upsert(session, table_uri=table.tableUri)
         assert table_indexed.uri == table.tableUri
 
 
 def test_upsert_folder(db, dataset, env, mocker, folder):
     mocker.patch('dataall.searchproxy.upsert', return_value={})
     with db.scoped_session() as session:
-        folder_indexed = indexers.upsert_folder(
-            session, es={}, locationUri=folder.locationUri
+        folder_indexed = DatasetLocationIndexer.upsert(
+            session=session, folder_uri=folder.locationUri
         )
         assert folder_indexed.uri == folder.locationUri
 
diff --git a/tests/tasks/test_catalog_indexer.py b/tests/tasks/test_catalog_indexer.py
index 77090b2d4..d6e73e4c6 100644
--- a/tests/tasks/test_catalog_indexer.py
+++ b/tests/tasks/test_catalog_indexer.py
@@ -86,7 +86,7 @@ def test_catalog_indexer(db, org, env, sync_dataset, table, mocker):
         'dataall.searchproxy.indexers.upsert_dataset_tables', return_value=[table]
     )
     mocker.patch(
-        'dataall.searchproxy.indexers.upsert_dataset', return_value=sync_dataset
+        'dataall.searchproxy.indexers.DatasetIndexer.upsert', return_value=sync_dataset
     )
     indexed_objects_counter = dataall.tasks.catalog_indexer.index_objects(
         engine=db, es=True

From 4e31b991e7b09137a31559e1e3abc77d7820d283 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 19 Apr 2023 16:41:48 +0200
Subject: [PATCH 060/346] Extracted upsert_dataset_folders into
 DatasetLocationIndexer and renamed it

---
 backend/dataall/searchproxy/indexers.py  | 22 +++++++++++-----------
 backend/dataall/tasks/catalog_indexer.py |  6 ++----
 2 files changed, 13 insertions(+), 15 deletions(-)

diff --git a/backend/dataall/searchproxy/indexers.py b/backend/dataall/searchproxy/indexers.py
index 34c1c3d17..a58d832eb 100644
--- a/backend/dataall/searchproxy/indexers.py
+++ b/backend/dataall/searchproxy/indexers.py
@@ -233,6 +233,17 @@ def upsert(cls, session, folder_uri: str):
             DatasetIndexer.upsert(session=session, dataset_uri=folder.datasetUri)
         return folder
 
+    @classmethod
+    def upsert_all(cls, session, dataset_uri: str):
+        folders = (
+            session.query(DatasetStorageLocation)
+            .filter(DatasetStorageLocation.datasetUri == dataset_uri)
+            .all()
+        )
+        for folder in folders:
+            DatasetLocationIndexer.upsert(session=session, folder_uri=folder.locationUri)
+        return folders
+
 
 class DashboardIndexer(BaseIndexer):
     @classmethod
@@ -329,17 +340,6 @@ def remove_deleted_tables(session, es, datasetUri: str):
     return tables
 
 
-def upsert_dataset_folders(session, es, datasetUri: str):
-    folders = (
-        session.query(DatasetStorageLocation)
-        .filter(DatasetStorageLocation.datasetUri == datasetUri)
-        .all()
-    )
-    for folder in folders:
-        DatasetLocationIndexer.upsert(session=session, folder_uri=folder.locationUri)
-    return folders
-
-
 def delete_doc(es, doc_id, index='dataall-index'):
     es.delete(index=index, id=doc_id, ignore=[400, 404])
     return True
diff --git a/backend/dataall/tasks/catalog_indexer.py b/backend/dataall/tasks/catalog_indexer.py
index 9c70ce9ca..b951e7e83 100644
--- a/backend/dataall/tasks/catalog_indexer.py
+++ b/backend/dataall/tasks/catalog_indexer.py
@@ -5,7 +5,7 @@
 from .. import db
 from ..db import get_engine, exceptions
 from ..db import models
-from dataall.searchproxy.indexers import upsert_dataset_tables, upsert_dataset_folders, DashboardIndexer
+from dataall.searchproxy.indexers import upsert_dataset_tables, DashboardIndexer, DatasetLocationIndexer
 from ..searchproxy.connect import (
     connect,
 )
@@ -34,9 +34,7 @@ def index_objects(engine, es):
             dataset: models.Dataset
             for dataset in all_datasets:
                 tables = upsert_dataset_tables(session, es, dataset.datasetUri)
-                folders = upsert_dataset_folders(
-                    session, es, dataset.datasetUri
-                )
+                folders = DatasetLocationIndexer.upsert_all(session, dataset_uri=dataset.datasetUri)
                 indexed_objects_counter = (
                     indexed_objects_counter + len(tables) + len(folders) + 1
                 )

From b7728125afdce3a3e42d75f96593b3aeae55665e Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 19 Apr 2023 16:51:39 +0200
Subject: [PATCH 061/346] Moved DatasetLocationIndexer into the dataset module

---
 backend/dataall/modules/datasets/__init__.py  |  2 +-
 .../api/storage_location/resolvers.py         |  3 +-
 .../modules/datasets/indexers/__init__.py     |  1 +
 .../datasets/indexers/location_indexer.py     | 89 +++++++++++++++++++
 backend/dataall/searchproxy/indexers.py       | 84 -----------------
 backend/dataall/tasks/catalog_indexer.py      |  3 +-
 tests/api/conftest.py                         |  5 +-
 tests/searchproxy/test_indexers.py            |  2 +-
 8 files changed, 99 insertions(+), 90 deletions(-)
 create mode 100644 backend/dataall/modules/datasets/indexers/__init__.py
 create mode 100644 backend/dataall/modules/datasets/indexers/location_indexer.py

diff --git a/backend/dataall/modules/datasets/__init__.py b/backend/dataall/modules/datasets/__init__.py
index a2f600f68..b976764ce 100644
--- a/backend/dataall/modules/datasets/__init__.py
+++ b/backend/dataall/modules/datasets/__init__.py
@@ -5,8 +5,8 @@
 from dataall.api.Objects.Feed.registry import FeedRegistry, FeedDefinition
 from dataall.api.Objects.Glossary.registry import GlossaryRegistry, GlossaryDefinition
 from dataall.modules.datasets.db.models import DatasetTableColumn, DatasetStorageLocation
+from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
 from dataall.modules.loader import ModuleInterface, ImportMode
-from dataall.searchproxy.indexers import DatasetLocationIndexer
 
 log = logging.getLogger(__name__)
 
diff --git a/backend/dataall/modules/datasets/api/storage_location/resolvers.py b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
index 4aebc1458..1b6dcdb92 100644
--- a/backend/dataall/modules/datasets/api/storage_location/resolvers.py
+++ b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
@@ -1,6 +1,5 @@
 from dataall.api.context import Context
 from dataall.aws.handlers.service_handlers import Worker
-from dataall.aws.handlers.s3 import S3
 from dataall.db import permissions, models
 from dataall.db.api import (
     ResourcePolicy,
@@ -9,10 +8,10 @@
     Environment,
 )
 from dataall.modules.datasets.handlers.s3_location_handler import S3DatasetLocationHandler
+from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
 from dataall.searchproxy import indexers
 from dataall.modules.datasets.db.models import DatasetStorageLocation
 from dataall.modules.datasets.services.dataset_location import DatasetStorageLocationService
-from dataall.searchproxy.indexers import DatasetLocationIndexer
 
 
 def create_storage_location(
diff --git a/backend/dataall/modules/datasets/indexers/__init__.py b/backend/dataall/modules/datasets/indexers/__init__.py
new file mode 100644
index 000000000..faf66363b
--- /dev/null
+++ b/backend/dataall/modules/datasets/indexers/__init__.py
@@ -0,0 +1 @@
+"""Contains dataset related indexers for OpenSearch"""
diff --git a/backend/dataall/modules/datasets/indexers/location_indexer.py b/backend/dataall/modules/datasets/indexers/location_indexer.py
new file mode 100644
index 000000000..9a3147e12
--- /dev/null
+++ b/backend/dataall/modules/datasets/indexers/location_indexer.py
@@ -0,0 +1,89 @@
+"""Indexes DatasetStorageLocation in OpenSearch"""
+from dataall.modules.datasets.db.models import DatasetStorageLocation
+
+from dataall.db import models
+from dataall.searchproxy.indexers import DatasetIndexer
+from dataall.searchproxy.upsert import BaseIndexer
+
+
+class DatasetLocationIndexer(BaseIndexer):
+
+    @classmethod
+    def upsert(cls, session, folder_uri: str):
+        folder = (
+            session.query(
+                DatasetStorageLocation.datasetUri.label('datasetUri'),
+                DatasetStorageLocation.locationUri.label('uri'),
+                DatasetStorageLocation.name.label('name'),
+                DatasetStorageLocation.owner.label('owner'),
+                DatasetStorageLocation.label.label('label'),
+                DatasetStorageLocation.description.label('description'),
+                DatasetStorageLocation.tags.label('tags'),
+                DatasetStorageLocation.region.label('region'),
+                models.Organization.organizationUri.label('orgUri'),
+                models.Organization.name.label('orgName'),
+                models.Environment.environmentUri.label('envUri'),
+                models.Environment.name.label('envName'),
+                models.Dataset.SamlAdminGroupName.label('admins'),
+                models.Dataset.S3BucketName.label('source'),
+                models.Dataset.topics.label('topics'),
+                models.Dataset.confidentiality.label('classification'),
+                DatasetStorageLocation.created,
+                DatasetStorageLocation.updated,
+                DatasetStorageLocation.deleted,
+            )
+            .join(
+                models.Dataset,
+                models.Dataset.datasetUri == DatasetStorageLocation.datasetUri,
+            )
+            .join(
+                models.Organization,
+                models.Dataset.organizationUri == models.Organization.organizationUri,
+            )
+            .join(
+                models.Environment,
+                models.Dataset.environmentUri == models.Environment.environmentUri,
+            )
+            .filter(DatasetStorageLocation.locationUri == folder_uri)
+            .first()
+        )
+        if folder:
+            glossary = BaseIndexer._get_target_glossary_terms(session, folder_uri)
+            BaseIndexer._index(
+                doc_id=folder_uri,
+                doc={
+                    'name': folder.name,
+                    'admins': folder.admins,
+                    'owner': folder.owner,
+                    'label': folder.label,
+                    'resourceKind': 'folder',
+                    'description': folder.description,
+                    'source': folder.source,
+                    'classification': folder.classification,
+                    'tags': [f.replace('-', '') for f in folder.tags or []],
+                    'topics': folder.topics,
+                    'region': folder.region.replace('-', ''),
+                    'datasetUri': folder.datasetUri,
+                    'environmentUri': folder.envUri,
+                    'environmentName': folder.envName,
+                    'organizationUri': folder.orgUri,
+                    'organizationName': folder.orgName,
+                    'created': folder.created,
+                    'updated': folder.updated,
+                    'deleted': folder.deleted,
+                    'glossary': glossary,
+                },
+            )
+            DatasetIndexer.upsert(session=session, dataset_uri=folder.datasetUri)
+        return folder
+
+    @classmethod
+    def upsert_all(cls, session, dataset_uri: str):
+        folders = (
+            session.query(DatasetStorageLocation)
+            .filter(DatasetStorageLocation.datasetUri == dataset_uri)
+            .all()
+        )
+        for folder in folders:
+            DatasetLocationIndexer.upsert(session=session, folder_uri=folder.locationUri)
+        return folders
diff --git a/backend/dataall/searchproxy/indexers.py b/backend/dataall/searchproxy/indexers.py
index a58d832eb..601945509 100644
--- a/backend/dataall/searchproxy/indexers.py
+++ b/backend/dataall/searchproxy/indexers.py
@@ -5,7 +5,6 @@
 from .. import db
 from ..db import models
 from dataall.searchproxy.upsert import BaseIndexer
-from dataall.modules.datasets.db.models import DatasetStorageLocation
 
 log = logging.getLogger(__name__)
 
@@ -162,89 +161,6 @@ def upsert(cls, session, table_uri: str):
         return table
 
 
-class DatasetLocationIndexer(BaseIndexer):
-
-    @classmethod
-    def upsert(cls, session, folder_uri: str):
-        folder = (
-            session.query(
-                DatasetStorageLocation.datasetUri.label('datasetUri'),
-                DatasetStorageLocation.locationUri.label('uri'),
-                DatasetStorageLocation.name.label('name'),
-                DatasetStorageLocation.owner.label('owner'),
-                DatasetStorageLocation.label.label('label'),
-                DatasetStorageLocation.description.label('description'),
-                DatasetStorageLocation.tags.label('tags'),
-                DatasetStorageLocation.region.label('region'),
-                models.Organization.organizationUri.label('orgUri'),
-                models.Organization.name.label('orgName'),
-                models.Environment.environmentUri.label('envUri'),
-                models.Environment.name.label('envName'),
-                models.Dataset.SamlAdminGroupName.label('admins'),
-                models.Dataset.S3BucketName.label('source'),
-                models.Dataset.topics.label('topics'),
-                models.Dataset.confidentiality.label('classification'),
-                DatasetStorageLocation.created,
-                DatasetStorageLocation.updated,
-                DatasetStorageLocation.deleted,
-            )
-            .join(
-                models.Dataset,
-                models.Dataset.datasetUri == DatasetStorageLocation.datasetUri,
-            )
-            .join(
-                models.Organization,
-                models.Dataset.organizationUri == models.Organization.organizationUri,
-            )
-            .join(
-                models.Environment,
-                models.Dataset.environmentUri == models.Environment.environmentUri,
-            )
-            .filter(DatasetStorageLocation.locationUri == folder_uri)
-            .first()
-        )
-        if folder:
-            glossary = BaseIndexer._get_target_glossary_terms(session, folder_uri)
-            BaseIndexer._index(
-                doc_id=folder_uri,
-                doc={
-                    'name': folder.name,
-                    'admins': folder.admins,
-                    'owner': folder.owner,
-                    'label': folder.label,
-                    'resourceKind': 'folder',
-                    'description': folder.description,
-                    'source': folder.source,
-                    'classification': folder.classification,
-                    'tags': [f.replace('-', '') for f in folder.tags or []],
-                    'topics': folder.topics,
-                    'region': folder.region.replace('-', ''),
-                    'datasetUri': folder.datasetUri,
-                    'environmentUri': folder.envUri,
-                    'environmentName': folder.envName,
-                    'organizationUri': folder.orgUri,
-                    'organizationName': folder.orgName,
-                    'created': folder.created,
-                    'updated': folder.updated,
-                    'deleted': folder.deleted,
-                    'glossary': glossary,
-                },
-            )
-            DatasetIndexer.upsert(session=session, dataset_uri=folder.datasetUri)
-        return folder
-
-    @classmethod
-    def upsert_all(cls, session, dataset_uri: str):
-        folders = (
-            session.query(DatasetStorageLocation)
-            .filter(DatasetStorageLocation.datasetUri == dataset_uri)
-            .all()
-        )
-        for folder in folders:
-            DatasetLocationIndexer.upsert(session=session, folder_uri=folder.locationUri)
-        return folders
-
-
 class DashboardIndexer(BaseIndexer):
     @classmethod
     def upsert(cls, session, dashboard_uri: str):
diff --git a/backend/dataall/tasks/catalog_indexer.py b/backend/dataall/tasks/catalog_indexer.py
index b951e7e83..e3d80458e 100644
--- a/backend/dataall/tasks/catalog_indexer.py
+++ b/backend/dataall/tasks/catalog_indexer.py
@@ -2,10 +2,11 @@
 import os
 import sys
 
+from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
 from .. import db
 from ..db import get_engine, exceptions
 from ..db import models
-from dataall.searchproxy.indexers import upsert_dataset_tables, DashboardIndexer, DatasetLocationIndexer
+from dataall.searchproxy.indexers import upsert_dataset_tables, DashboardIndexer
 from ..searchproxy.connect import (
     connect,
 )
diff --git a/tests/api/conftest.py b/tests/api/conftest.py
index 4a160d818..f61ad46ef 100644
--- a/tests/api/conftest.py
+++ b/tests/api/conftest.py
@@ -32,7 +32,10 @@ def patch_es(module_mocker):
     module_mocker.patch('dataall.searchproxy.indexers.upsert_dataset_tables', return_value={})
     module_mocker.patch('dataall.searchproxy.indexers.DatasetIndexer.upsert', return_value={})
     module_mocker.patch('dataall.searchproxy.indexers.DatasetTableIndexer.upsert', return_value={})
-    module_mocker.patch('dataall.searchproxy.indexers.DatasetLocationIndexer.upsert', return_value={})
+    module_mocker.patch(
+        'dataall.modules.datasets.indexers.location_indexer.DatasetLocationIndexer.upsert',
+        return_value={}
+    )
     module_mocker.patch('dataall.searchproxy.indexers.DashboardIndexer.upsert', return_value={})
     module_mocker.patch('dataall.searchproxy.indexers.delete_doc', return_value={})
 
diff --git a/tests/searchproxy/test_indexers.py b/tests/searchproxy/test_indexers.py
index b9c823957..eda5a7dd7 100644
--- a/tests/searchproxy/test_indexers.py
+++ b/tests/searchproxy/test_indexers.py
@@ -3,12 +3,12 @@
 import pytest
 
 import dataall
+from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
 from dataall.searchproxy import indexers
 from dataall.modules.datasets.db.models import DatasetStorageLocation
 from dataall.searchproxy.indexers import (
     DatasetIndexer,
     DatasetTableIndexer,
-    DatasetLocationIndexer,
 )
 
 

From cd798e2c5537f546a3f8a7fcac3f4e07358ddb4c Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 20 Apr 2023 10:26:46 +0200
Subject: [PATCH 062/346] Moved DatasetStorageLocation methods to the service

---
 .../dataall/api/Objects/Dataset/resolvers.py  |  7 ++-
 backend/dataall/db/api/dataset.py             | 60 +------------------
 .../datasets/services/dataset_location.py     | 57 ++++++++++++++++++
 backend/dataall/searchproxy/indexers.py       |  3 +-
 4 files changed, 65 insertions(+), 62 deletions(-)

diff --git a/backend/dataall/api/Objects/Dataset/resolvers.py b/backend/dataall/api/Objects/Dataset/resolvers.py
index fcbc2d6f3..63b9a47b4 100644
--- a/backend/dataall/api/Objects/Dataset/resolvers.py
+++ b/backend/dataall/api/Objects/Dataset/resolvers.py
@@ -18,6 +18,7 @@
 from ....db.api.organization import Organization
 from dataall.searchproxy import indexers
 from dataall.searchproxy.indexers import DatasetIndexer
+from ....modules.datasets.services.dataset_location import DatasetStorageLocationService
 
 log = logging.getLogger(__name__)
 
@@ -160,7 +161,7 @@ def list_locations(context, source: models.Dataset, filter: dict = None):
     if not filter:
         filter = {'page': 1, 'pageSize': 5}
     with context.engine.scoped_session() as session:
-        return Dataset.paginated_dataset_locations(
+        return DatasetStorageLocationService.paginated_dataset_locations(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -232,7 +233,7 @@ def get_dataset_statistics(context: Context, source: models.Dataset, **kwargs):
         return None
     with context.engine.scoped_session() as session:
         count_tables = db.api.Dataset.count_dataset_tables(session, source.datasetUri)
-        count_locations = db.api.Dataset.count_dataset_locations(
+        count_locations = DatasetStorageLocationService.count_dataset_locations(
             session, source.datasetUri
         )
         count_upvotes = db.api.Vote.count_upvotes(
@@ -557,7 +558,7 @@ def delete_dataset(
         for uri in tables:
             indexers.delete_doc(es=context.es, doc_id=uri)
 
-        folders = [f.locationUri for f in Dataset.get_dataset_folders(session, datasetUri)]
+        folders = [f.locationUri for f in DatasetStorageLocationService.get_dataset_folders(session, datasetUri)]
         for uri in folders:
             indexers.delete_doc(es=context.es, doc_id=uri)
 
diff --git a/backend/dataall/db/api/dataset.py b/backend/dataall/db/api/dataset.py
index f78d92eae..27b5f59d0 100644
--- a/backend/dataall/db/api/dataset.py
+++ b/backend/dataall/db/api/dataset.py
@@ -16,11 +16,11 @@
 from . import Organization
 from .. import models, api, exceptions, permissions, paginate
 from ..models.Enums import Language, ConfidentialityClassification
+from ...modules.datasets.services.dataset_location import DatasetStorageLocationService
 from ...utils.naming_convention import (
     NamingConventionService,
     NamingConventionPattern,
 )
-from dataall.modules.datasets.db.models import DatasetStorageLocation
 
 logger = logging.getLogger(__name__)
 
@@ -263,30 +263,6 @@ def paginated_user_datasets(
             page_size=data.get('pageSize', 10),
         ).to_dict()
 
-    @staticmethod
-    def paginated_dataset_locations(
-        session, username, groups, uri, data=None, check_perm=None
-    ) -> dict:
-        query = session.query(DatasetStorageLocation).filter(
-            DatasetStorageLocation.datasetUri == uri
-        )
-        if data and data.get('term'):
-            query = query.filter(
-                or_(
-                    *[
-                        DatasetStorageLocation.name.ilike(
-                            '%' + data.get('term') + '%'
-                        ),
-                        DatasetStorageLocation.S3Prefix.ilike(
-                            '%' + data.get('term') + '%'
-                        ),
-                    ]
-                )
-            )
-        return paginate(
-            query=query, page_size=data.get('pageSize', 10), page=data.get('page', 1)
-        ).to_dict()
-
     @staticmethod
     def paginated_dataset_tables(
         session, username, groups, uri, data=None, check_perm=None
@@ -486,15 +462,6 @@ def get_dataset_tables(session, dataset_uri):
             .all()
         )
 
-    @staticmethod
-    def get_dataset_folders(session, dataset_uri):
-        """return the dataset folders"""
-        return (
-            session.query(DatasetStorageLocation)
-            .filter(DatasetStorageLocation.datasetUri == dataset_uri)
-            .all()
-        )
-
     @staticmethod
     def query_dataset_shares(session, dataset_uri) -> Query:
         return session.query(models.ShareObject).filter(
@@ -549,7 +516,7 @@ def delete_dataset(
         Dataset._delete_dataset_shares_with_no_shared_items(session, uri)
         Dataset._delete_dataset_term_links(session, uri)
         Dataset._delete_dataset_tables(session, dataset.datasetUri)
-        Dataset._delete_dataset_locations(session, dataset.datasetUri)
+        DatasetStorageLocationService.delete_dataset_locations(session, dataset.datasetUri)
         KeyValueTag.delete_key_value_tags(session, dataset.datasetUri, 'dataset')
         Vote.delete_votes(session, dataset.datasetUri, 'dataset')
         session.delete(dataset)
@@ -632,21 +599,6 @@ def _delete_dataset_tables(session, dataset_uri) -> bool:
             table.deleted = datetime.now()
         return tables
 
-    @staticmethod
-    def _delete_dataset_locations(session, dataset_uri) -> bool:
-        locations = (
-            session.query(DatasetStorageLocation)
-            .filter(
-                and_(
-                    DatasetStorageLocation.datasetUri == dataset_uri,
-                )
-            )
-            .all()
-        )
-        for location in locations:
-            session.delete(location)
-        return True
-
     @staticmethod
     def list_all_datasets(session) -> [models.Dataset]:
         return session.query(models.Dataset).all()
@@ -672,11 +624,3 @@ def count_dataset_tables(session, dataset_uri):
             .filter(models.DatasetTable.datasetUri == dataset_uri)
             .count()
         )
-
-    @staticmethod
-    def count_dataset_locations(session, dataset_uri):
-        return (
-            session.query(DatasetStorageLocation)
-            .filter(DatasetStorageLocation.datasetUri == dataset_uri)
-            .count()
-        )
diff --git a/backend/dataall/modules/datasets/services/dataset_location.py b/backend/dataall/modules/datasets/services/dataset_location.py
index 640f0a037..4d82ec2d3 100644
--- a/backend/dataall/modules/datasets/services/dataset_location.py
+++ b/backend/dataall/modules/datasets/services/dataset_location.py
@@ -203,3 +203,60 @@ def get_location_by_s3_prefix(session, s3_prefix, accountid, region):
         else:
             logging.info(f'Found location {location.locationUri}|{location.S3Prefix}')
             return location
+
+    @staticmethod
+    def count_dataset_locations(session, dataset_uri):
+        return (
+            session.query(DatasetStorageLocation)
+            .filter(DatasetStorageLocation.datasetUri == dataset_uri)
+            .count()
+        )
+
+    @staticmethod
+    def delete_dataset_locations(session, dataset_uri) -> bool:
+        locations = (
+            session.query(DatasetStorageLocation)
+            .filter(
+                and_(
+                    DatasetStorageLocation.datasetUri == dataset_uri,
+                )
+            )
+            .all()
+        )
+        for location in locations:
+            session.delete(location)
+        return True
+
+    @staticmethod
+    def get_dataset_folders(session, dataset_uri):
+        """return the dataset folders"""
+        return (
+            session.query(DatasetStorageLocation)
+            .filter(DatasetStorageLocation.datasetUri == dataset_uri)
+            .all()
+        )
+
+    @staticmethod
+    def paginated_dataset_locations(
+            session, username, groups, uri, data=None, check_perm=None
+    ) -> dict:
+        query = session.query(DatasetStorageLocation).filter(
+            DatasetStorageLocation.datasetUri == uri
+        )
+        if data and data.get('term'):
+            query = query.filter(
+                or_(
+                    *[
+                        DatasetStorageLocation.name.ilike(
+                            '%' + data.get('term') + '%'
+                        ),
+                        DatasetStorageLocation.S3Prefix.ilike(
+                            '%' + data.get('term') + '%'
+                        ),
+                    ]
+                )
+            )
+        return paginate(
+            query=query, page_size=data.get('pageSize', 10), page=data.get('page', 1)
+        ).to_dict()
+
diff --git a/backend/dataall/searchproxy/indexers.py b/backend/dataall/searchproxy/indexers.py
index 601945509..f157deae2 100644
--- a/backend/dataall/searchproxy/indexers.py
+++ b/backend/dataall/searchproxy/indexers.py
@@ -5,6 +5,7 @@
 from .. import db
 from ..db import models
 from dataall.searchproxy.upsert import BaseIndexer
+from dataall.modules.datasets.services.dataset_location import DatasetStorageLocationService
 
 log = logging.getLogger(__name__)
 
@@ -47,7 +48,7 @@ def upsert(cls, session, dataset_uri: str):
             .first()
         )
         count_tables = db.api.Dataset.count_dataset_tables(session, dataset_uri)
-        count_folders = db.api.Dataset.count_dataset_locations(session, dataset_uri)
+        count_folders = DatasetStorageLocationService.count_dataset_locations(session, dataset_uri)
         count_upvotes = db.api.Vote.count_upvotes(
             session, None, None, dataset_uri, {'targetType': 'dataset'}
         )

From b0e6a62a9449edfd908066bdfe5fb17b2e4ffbb2 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 20 Apr 2023 10:27:14 +0200
Subject: [PATCH 063/346] Renamed the service

---
 .../dataall/api/Objects/Dataset/resolvers.py  |  8 ++++----
 backend/dataall/db/api/dataset.py             |  4 ++--
 .../api/storage_location/resolvers.py         | 20 +++++++++----------
 .../datasets/handlers/s3_location_handler.py  |  4 ++--
 .../datasets/services/dataset_location.py     |  8 ++++----
 .../datasets/tasks/subscription_service.py    |  4 ++--
 backend/dataall/searchproxy/indexers.py       |  4 ++--
 7 files changed, 26 insertions(+), 26 deletions(-)

diff --git a/backend/dataall/api/Objects/Dataset/resolvers.py b/backend/dataall/api/Objects/Dataset/resolvers.py
index 63b9a47b4..1b522cd94 100644
--- a/backend/dataall/api/Objects/Dataset/resolvers.py
+++ b/backend/dataall/api/Objects/Dataset/resolvers.py
@@ -18,7 +18,7 @@
 from ....db.api.organization import Organization
 from dataall.searchproxy import indexers
 from dataall.searchproxy.indexers import DatasetIndexer
-from ....modules.datasets.services.dataset_location import DatasetStorageLocationService
+from ....modules.datasets.services.dataset_location import DatasetLocationService
 
 log = logging.getLogger(__name__)
 
@@ -161,7 +161,7 @@ def list_locations(context, source: models.Dataset, filter: dict = None):
     if not filter:
         filter = {'page': 1, 'pageSize': 5}
     with context.engine.scoped_session() as session:
-        return DatasetStorageLocationService.paginated_dataset_locations(
+        return DatasetLocationService.paginated_dataset_locations(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -233,7 +233,7 @@ def get_dataset_statistics(context: Context, source: models.Dataset, **kwargs):
         return None
     with context.engine.scoped_session() as session:
         count_tables = db.api.Dataset.count_dataset_tables(session, source.datasetUri)
-        count_locations = DatasetStorageLocationService.count_dataset_locations(
+        count_locations = DatasetLocationService.count_dataset_locations(
             session, source.datasetUri
         )
         count_upvotes = db.api.Vote.count_upvotes(
@@ -558,7 +558,7 @@ def delete_dataset(
         for uri in tables:
             indexers.delete_doc(es=context.es, doc_id=uri)
 
-        folders = [f.locationUri for f in DatasetStorageLocationService.get_dataset_folders(session, datasetUri)]
+        folders = [f.locationUri for f in DatasetLocationService.get_dataset_folders(session, datasetUri)]
         for uri in folders:
             indexers.delete_doc(es=context.es, doc_id=uri)
 
diff --git a/backend/dataall/db/api/dataset.py b/backend/dataall/db/api/dataset.py
index 27b5f59d0..c9f2bd581 100644
--- a/backend/dataall/db/api/dataset.py
+++ b/backend/dataall/db/api/dataset.py
@@ -16,7 +16,7 @@
 from . import Organization
 from .. import models, api, exceptions, permissions, paginate
 from ..models.Enums import Language, ConfidentialityClassification
-from ...modules.datasets.services.dataset_location import DatasetStorageLocationService
+from ...modules.datasets.services.dataset_location import DatasetLocationService
 from ...utils.naming_convention import (
     NamingConventionService,
     NamingConventionPattern,
@@ -516,7 +516,7 @@ def delete_dataset(
         Dataset._delete_dataset_shares_with_no_shared_items(session, uri)
         Dataset._delete_dataset_term_links(session, uri)
         Dataset._delete_dataset_tables(session, dataset.datasetUri)
-        DatasetStorageLocationService.delete_dataset_locations(session, dataset.datasetUri)
+        DatasetLocationService.delete_dataset_locations(session, dataset.datasetUri)
         KeyValueTag.delete_key_value_tags(session, dataset.datasetUri, 'dataset')
         Vote.delete_votes(session, dataset.datasetUri, 'dataset')
         session.delete(dataset)
diff --git a/backend/dataall/modules/datasets/api/storage_location/resolvers.py b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
index 1b6dcdb92..09cf4b14a 100644
--- a/backend/dataall/modules/datasets/api/storage_location/resolvers.py
+++ b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
@@ -11,14 +11,14 @@
 from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
 from dataall.searchproxy import indexers
 from dataall.modules.datasets.db.models import DatasetStorageLocation
-from dataall.modules.datasets.services.dataset_location import DatasetStorageLocationService
+from dataall.modules.datasets.services.dataset_location import DatasetLocationService
 
 
 def create_storage_location(
     context, source, datasetUri: str = None, input: dict = None
 ):
     with context.engine.scoped_session() as session:
-        location = DatasetStorageLocationService.create_dataset_location(
+        location = DatasetLocationService.create_dataset_location(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -39,15 +39,15 @@ def list_dataset_locations(context, source, filter: dict = None):
     if not filter:
         filter = {}
     with context.engine.scoped_session() as session:
-        return DatasetStorageLocationService.list_dataset_locations(
+        return DatasetLocationService.list_dataset_locations(
             session=session, uri=source.datasetUri, data=filter, check_perm=True
         )
 
 
 def get_storage_location(context, source, locationUri=None):
     with context.engine.scoped_session() as session:
-        location = DatasetStorageLocationService.get_location_by_uri(session, locationUri)
-        return DatasetStorageLocationService.get_dataset_location(
+        location = DatasetLocationService.get_location_by_uri(session, locationUri)
+        return DatasetLocationService.get_dataset_location(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -61,10 +61,10 @@ def update_storage_location(
     context, source, locationUri: str = None, input: dict = None
 ):
     with context.engine.scoped_session() as session:
-        location = DatasetStorageLocationService.get_location_by_uri(session, locationUri)
+        location = DatasetLocationService.get_location_by_uri(session, locationUri)
         input['location'] = location
         input['locationUri'] = location.locationUri
-        DatasetStorageLocationService.update_dataset_location(
+        DatasetLocationService.update_dataset_location(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -79,8 +79,8 @@ def update_storage_location(
 
 def remove_storage_location(context, source, locationUri: str = None):
     with context.engine.scoped_session() as session:
-        location = DatasetStorageLocationService.get_location_by_uri(session, locationUri)
-        DatasetStorageLocationService.delete_dataset_location(
+        location = DatasetLocationService.get_location_by_uri(session, locationUri)
+        DatasetLocationService.delete_dataset_location(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -102,7 +102,7 @@ def resolve_dataset(context, source: DatasetStorageLocation, **kwargs):
 
 def publish_location_update(context: Context, source, locationUri: str = None):
     with context.engine.scoped_session() as session:
-        location = DatasetStorageLocationService.get_location_by_uri(session, locationUri)
+        location = DatasetLocationService.get_location_by_uri(session, locationUri)
         ResourcePolicy.check_user_resource_permission(
             session=session,
             username=context.username,
diff --git a/backend/dataall/modules/datasets/handlers/s3_location_handler.py b/backend/dataall/modules/datasets/handlers/s3_location_handler.py
index 431a4cecd..ba8cf6eda 100644
--- a/backend/dataall/modules/datasets/handlers/s3_location_handler.py
+++ b/backend/dataall/modules/datasets/handlers/s3_location_handler.py
@@ -3,7 +3,7 @@
 from dataall.aws.handlers.service_handlers import Worker
 from dataall.aws.handlers.sts import SessionHelper
 from dataall.db import models
-from dataall.modules.datasets.services.dataset_location import DatasetStorageLocationService
+from dataall.modules.datasets.services.dataset_location import DatasetLocationService
 
 log = logging.getLogger(__name__)
 
@@ -20,7 +20,7 @@ def client(account_id: str, region: str, client_type: str):
     @Worker.handler(path='s3.prefix.create')
     def create_dataset_location(engine, task: models.Task):
         with engine.scoped_session() as session:
-            location = DatasetStorageLocationService.get_location_by_uri(
+            location = DatasetLocationService.get_location_by_uri(
                 session, task.targetUri
             )
             S3DatasetLocationHandler.create_bucket_prefix(location)
diff --git a/backend/dataall/modules/datasets/services/dataset_location.py b/backend/dataall/modules/datasets/services/dataset_location.py
index 4d82ec2d3..d0e8f0936 100644
--- a/backend/dataall/modules/datasets/services/dataset_location.py
+++ b/backend/dataall/modules/datasets/services/dataset_location.py
@@ -11,7 +11,7 @@
 logger = logging.getLogger(__name__)
 
 
-class DatasetStorageLocationService:
+class DatasetLocationService:
     @staticmethod
     @has_tenant_perm(permissions.MANAGE_DATASETS)
     @has_resource_perm(permissions.CREATE_DATASET_FOLDER)
@@ -102,7 +102,7 @@ def get_dataset_location(
         data: dict = None,
         check_perm: bool = False,
     ) -> DatasetStorageLocation:
-        return DatasetStorageLocationService.get_location_by_uri(session, data['locationUri'])
+        return DatasetLocationService.get_location_by_uri(session, data['locationUri'])
 
     @staticmethod
     @has_tenant_perm(permissions.MANAGE_DATASETS)
@@ -118,7 +118,7 @@ def update_dataset_location(
 
         location = data.get(
             'location',
-            DatasetStorageLocationService.get_location_by_uri(session, data['locationUri']),
+            DatasetLocationService.get_location_by_uri(session, data['locationUri']),
         )
 
         for k in data.keys():
@@ -145,7 +145,7 @@ def delete_dataset_location(
         data: dict = None,
         check_perm: bool = False,
     ):
-        location = DatasetStorageLocationService.get_location_by_uri(
+        location = DatasetLocationService.get_location_by_uri(
             session, data['locationUri']
         )
         share_item_shared_states = api.ShareItemSM.get_share_item_shared_states()
diff --git a/backend/dataall/modules/datasets/tasks/subscription_service.py b/backend/dataall/modules/datasets/tasks/subscription_service.py
index 94339d0f7..901865812 100644
--- a/backend/dataall/modules/datasets/tasks/subscription_service.py
+++ b/backend/dataall/modules/datasets/tasks/subscription_service.py
@@ -16,7 +16,7 @@
 from dataall.tasks.subscriptions import poll_queues
 from dataall.utils import json_utils
 from dataall.modules.datasets.services.dataset_table import DatasetTableService
-from dataall.modules.datasets.services.dataset_location import DatasetStorageLocationService
+from dataall.modules.datasets.services.dataset_location import DatasetLocationService
 from dataall.modules.datasets.db.models import DatasetStorageLocation
 
 root = logging.getLogger()
@@ -106,7 +106,7 @@ def publish_table_update_message(engine, message):
     @staticmethod
     def publish_location_update_message(session, message):
         location: DatasetStorageLocation = (
-            DatasetStorageLocationService.get_location_by_s3_prefix(
+            DatasetLocationService.get_location_by_s3_prefix(
                 session,
                 message.get('prefix'),
                 message.get('accountid'),
diff --git a/backend/dataall/searchproxy/indexers.py b/backend/dataall/searchproxy/indexers.py
index f157deae2..12d1da90d 100644
--- a/backend/dataall/searchproxy/indexers.py
+++ b/backend/dataall/searchproxy/indexers.py
@@ -5,7 +5,7 @@
 from .. import db
 from ..db import models
 from dataall.searchproxy.upsert import BaseIndexer
-from dataall.modules.datasets.services.dataset_location import DatasetStorageLocationService
+from dataall.modules.datasets.services.dataset_location import DatasetLocationService
 
 log = logging.getLogger(__name__)
 
@@ -48,7 +48,7 @@ def upsert(cls, session, dataset_uri: str):
             .first()
         )
         count_tables = db.api.Dataset.count_dataset_tables(session, dataset_uri)
-        count_folders = DatasetStorageLocationService.count_dataset_locations(session, dataset_uri)
+        count_folders = DatasetLocationService.count_dataset_locations(session, dataset_uri)
         count_upvotes = db.api.Vote.count_upvotes(
             session, None, None, dataset_uri, {'targetType': 'dataset'}
         )

From 27c6d79559460090732a3f27f756f87d58a9e177 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 20 Apr 2023 10:39:04 +0200
Subject: [PATCH 064/346] Moved DatasetIndexer to modules

---
 .../dataall/api/Objects/Dataset/resolvers.py  |  4 +-
 .../dataall/api/Objects/Glossary/registry.py  | 10 +--
 backend/dataall/api/Objects/Vote/resolvers.py |  3 +-
 backend/dataall/modules/datasets/__init__.py  |  9 ++
 .../datasets/indexers/dataset_indexer.py      | 82 +++++++++++++++++++
 .../datasets/indexers/location_indexer.py     |  2 +-
 backend/dataall/searchproxy/indexers.py       | 78 +-----------------
 tests/api/conftest.py                         |  2 +-
 .../modules/notebooks/test_notebook_stack.py  |  2 +-
 .../notebooks/test_sagemaker_notebook.py      |  1 -
 tests/searchproxy/test_indexers.py            |  6 +-
 tests/tasks/test_catalog_indexer.py           |  2 +-
 12 files changed, 104 insertions(+), 97 deletions(-)
 create mode 100644 backend/dataall/modules/datasets/indexers/dataset_indexer.py

diff --git a/backend/dataall/api/Objects/Dataset/resolvers.py b/backend/dataall/api/Objects/Dataset/resolvers.py
index 1b522cd94..2acdfa1fc 100644
--- a/backend/dataall/api/Objects/Dataset/resolvers.py
+++ b/backend/dataall/api/Objects/Dataset/resolvers.py
@@ -17,8 +17,8 @@
 from ....db.api import Dataset, Environment, ShareObject, ResourcePolicy
 from ....db.api.organization import Organization
 from dataall.searchproxy import indexers
-from dataall.searchproxy.indexers import DatasetIndexer
-from ....modules.datasets.services.dataset_location import DatasetLocationService
+from dataall.modules.datasets.services.dataset_location import DatasetLocationService
+from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
 
 log = logging.getLogger(__name__)
 
diff --git a/backend/dataall/api/Objects/Glossary/registry.py b/backend/dataall/api/Objects/Glossary/registry.py
index cb82bf208..147f97a0e 100644
--- a/backend/dataall/api/Objects/Glossary/registry.py
+++ b/backend/dataall/api/Objects/Glossary/registry.py
@@ -6,7 +6,7 @@
 from dataall.api import gql
 from dataall.api.gql.graphql_union_type import UnionTypeRegistry
 from dataall.db import Resource, models
-from dataall.searchproxy.indexers import DashboardIndexer, DatasetTableIndexer, DatasetIndexer
+from dataall.searchproxy.indexers import DashboardIndexer, DatasetTableIndexer
 from dataall.searchproxy.upsert import BaseIndexer
 
 
@@ -74,10 +74,4 @@ def reindex(cls, session, es: OpenSearch, target_type: str, target_uri: str):
     object_type="DatasetTable",
     model=models.DatasetTable,
     reindexer=DatasetTableIndexer
-))
-GlossaryRegistry.register(GlossaryDefinition(
-    target_type="Dataset",
-    object_type="Dataset",
-    model=models.Dataset,
-    reindexer=DatasetIndexer
-))
+))
\ No newline at end of file
diff --git a/backend/dataall/api/Objects/Vote/resolvers.py b/backend/dataall/api/Objects/Vote/resolvers.py
index 34dcd9f05..42f5c20f5 100644
--- a/backend/dataall/api/Objects/Vote/resolvers.py
+++ b/backend/dataall/api/Objects/Vote/resolvers.py
@@ -1,6 +1,7 @@
 from .... import db
 from ....api.context import Context
-from dataall.searchproxy.indexers import DatasetIndexer, DashboardIndexer
+from dataall.searchproxy.indexers import DashboardIndexer
+from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
 
 
 def count_upvotes(
diff --git a/backend/dataall/modules/datasets/__init__.py b/backend/dataall/modules/datasets/__init__.py
index b976764ce..03cd58cdc 100644
--- a/backend/dataall/modules/datasets/__init__.py
+++ b/backend/dataall/modules/datasets/__init__.py
@@ -4,7 +4,9 @@
 
 from dataall.api.Objects.Feed.registry import FeedRegistry, FeedDefinition
 from dataall.api.Objects.Glossary.registry import GlossaryRegistry, GlossaryDefinition
+from dataall.db import models
 from dataall.modules.datasets.db.models import DatasetTableColumn, DatasetStorageLocation
+from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
 from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
 from dataall.modules.loader import ModuleInterface, ImportMode
 
@@ -32,6 +34,13 @@ def __init__(self):
             reindexer=DatasetLocationIndexer
         ))
 
+        GlossaryRegistry.register(GlossaryDefinition(
+            target_type="Dataset",
+            object_type="Dataset",
+            model=models.Dataset,
+            reindexer=DatasetIndexer
+        ))
+
         log.info("API of datasets has been imported")
 
 
diff --git a/backend/dataall/modules/datasets/indexers/dataset_indexer.py b/backend/dataall/modules/datasets/indexers/dataset_indexer.py
new file mode 100644
index 000000000..8cb0b7873
--- /dev/null
+++ b/backend/dataall/modules/datasets/indexers/dataset_indexer.py
@@ -0,0 +1,82 @@
+"""Indexes Datasets in OpenSearch"""
+
+from dataall import db
+from dataall.db import models
+from dataall.modules.datasets.services.dataset_location import DatasetLocationService
+from dataall.searchproxy.upsert import BaseIndexer
+
+
+class DatasetIndexer(BaseIndexer):
+
+    @classmethod
+    def upsert(cls, session, dataset_uri: str):
+        dataset = (
+            session.query(
+                models.Dataset.datasetUri.label('datasetUri'),
+                models.Dataset.name.label('name'),
+                models.Dataset.owner.label('owner'),
+                models.Dataset.label.label('label'),
+                models.Dataset.description.label('description'),
+                models.Dataset.confidentiality.label('classification'),
+                models.Dataset.tags.label('tags'),
+                models.Dataset.topics.label('topics'),
+                models.Dataset.region.label('region'),
+                models.Organization.organizationUri.label('orgUri'),
+                models.Organization.name.label('orgName'),
+                models.Environment.environmentUri.label('envUri'),
+                models.Environment.name.label('envName'),
+                models.Dataset.SamlAdminGroupName.label('admins'),
+                models.Dataset.GlueDatabaseName.label('database'),
+                models.Dataset.S3BucketName.label('source'),
+                models.Dataset.created,
+                models.Dataset.updated,
+                models.Dataset.deleted,
+            )
+            .join(
+                models.Organization,
+                models.Dataset.organizationUri == models.Organization.organizationUri,
+            )
+            .join(
+                models.Environment,
+                models.Dataset.environmentUri == models.Environment.environmentUri,
+            )
+            .filter(models.Dataset.datasetUri == dataset_uri)
+            .first()
+        )
+        count_tables = db.api.Dataset.count_dataset_tables(session, dataset_uri)
+        count_folders = DatasetLocationService.count_dataset_locations(session, dataset_uri)
+        count_upvotes = db.api.Vote.count_upvotes(
+            session, None, None, dataset_uri, {'targetType': 'dataset'}
+        )
+
+        if dataset:
+            glossary = BaseIndexer._get_target_glossary_terms(session, dataset_uri)
+            BaseIndexer._index(
+                doc_id=dataset_uri,
+                doc={
+                    'name': dataset.name,
+                    'owner': dataset.owner,
+                    'label': dataset.label,
+                    'admins': dataset.admins,
+                    'database': dataset.database,
+                    'source': dataset.source,
+                    'resourceKind': 'dataset',
+                    'description': dataset.description,
+                    'classification': dataset.classification,
+                    'tags': [t.replace('-', '') for t in dataset.tags or []],
+                    'topics': dataset.topics,
+                    'region': dataset.region.replace('-', ''),
+                    'environmentUri': dataset.envUri,
+                    'environmentName': dataset.envName,
+                    'organizationUri': dataset.orgUri,
+                    'organizationName': dataset.orgName,
+                    'created': dataset.created,
+                    'updated': dataset.updated,
+                    'deleted': dataset.deleted,
+                    'glossary': glossary,
+                    'tables': count_tables,
+                    'folders': count_folders,
+                    'upvotes': count_upvotes,
+                },
+            )
+        return dataset
diff --git a/backend/dataall/modules/datasets/indexers/location_indexer.py b/backend/dataall/modules/datasets/indexers/location_indexer.py
index 9a3147e12..72495b51c 100644
--- a/backend/dataall/modules/datasets/indexers/location_indexer.py
+++ b/backend/dataall/modules/datasets/indexers/location_indexer.py
@@ -2,7 +2,7 @@
 from dataall.modules.datasets.db.models import DatasetStorageLocation
 
 from dataall.db import models
-from dataall.searchproxy.indexers import DatasetIndexer
+from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
 from dataall.searchproxy.upsert import BaseIndexer
 
 
diff --git a/backend/dataall/searchproxy/indexers.py b/backend/dataall/searchproxy/indexers.py
index 12d1da90d..fa91cb4eb 100644
--- a/backend/dataall/searchproxy/indexers.py
+++ b/backend/dataall/searchproxy/indexers.py
@@ -5,87 +5,11 @@
 from .. import db
 from ..db import models
 from dataall.searchproxy.upsert import BaseIndexer
-from dataall.modules.datasets.services.dataset_location import DatasetLocationService
+from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
 
 log = logging.getLogger(__name__)
 
 
-class DatasetIndexer(BaseIndexer):
-
-    @classmethod
-    def upsert(cls, session, dataset_uri: str):
-        dataset = (
-            session.query(
-                models.Dataset.datasetUri.label('datasetUri'),
-                models.Dataset.name.label('name'),
-                models.Dataset.owner.label('owner'),
-                models.Dataset.label.label('label'),
-                models.Dataset.description.label('description'),
-                models.Dataset.confidentiality.label('classification'),
-                models.Dataset.tags.label('tags'),
-                models.Dataset.topics.label('topics'),
-                models.Dataset.region.label('region'),
-                models.Organization.organizationUri.label('orgUri'),
-                models.Organization.name.label('orgName'),
-                models.Environment.environmentUri.label('envUri'),
-                models.Environment.name.label('envName'),
-                models.Dataset.SamlAdminGroupName.label('admins'),
-                models.Dataset.GlueDatabaseName.label('database'),
-                models.Dataset.S3BucketName.label('source'),
-                models.Dataset.created,
-                models.Dataset.updated,
-                models.Dataset.deleted,
-            )
-            .join(
-                models.Organization,
-                models.Dataset.organizationUri == models.Organization.organizationUri,
-            )
-            .join(
-                models.Environment,
-                models.Dataset.environmentUri == models.Environment.environmentUri,
-            )
-            .filter(models.Dataset.datasetUri == dataset_uri)
-            .first()
-        )
-        count_tables = db.api.Dataset.count_dataset_tables(session, dataset_uri)
-        count_folders = DatasetLocationService.count_dataset_locations(session, dataset_uri)
-        count_upvotes = db.api.Vote.count_upvotes(
-            session, None, None, dataset_uri, {'targetType': 'dataset'}
-        )
-
-        if dataset:
-            glossary = BaseIndexer._get_target_glossary_terms(session, dataset_uri)
-            BaseIndexer._index(
-                doc_id=dataset_uri,
-                doc={
-                    'name': dataset.name,
-                    'owner': dataset.owner,
-                    'label': dataset.label,
-                    'admins': dataset.admins,
-                    'database': dataset.database,
-                    'source': dataset.source,
-                    'resourceKind': 'dataset',
-                    'description': dataset.description,
-                    'classification': dataset.classification,
-                    'tags': [t.replace('-', '') for t in dataset.tags or []],
-                    'topics': dataset.topics,
-                    'region': dataset.region.replace('-', ''),
-                    'environmentUri': dataset.envUri,
-                    'environmentName': dataset.envName,
-                    'organizationUri': dataset.orgUri,
-                    'organizationName': dataset.orgName,
-                    'created': dataset.created,
-                    'updated': dataset.updated,
-                    'deleted': dataset.deleted,
-                    'glossary': glossary,
-                    'tables': count_tables,
-                    'folders': count_folders,
-                    'upvotes': count_upvotes,
-                },
-            )
-        return dataset
-
-
 class DatasetTableIndexer(BaseIndexer):
 
     @classmethod
diff --git a/tests/api/conftest.py b/tests/api/conftest.py
index f61ad46ef..9eb50e050 100644
--- a/tests/api/conftest.py
+++ b/tests/api/conftest.py
@@ -30,7 +30,7 @@ def patch_es(module_mocker):
     module_mocker.patch('dataall.searchproxy.search', return_value={})
     module_mocker.patch('dataall.searchproxy.upsert', return_value={})
     module_mocker.patch('dataall.searchproxy.indexers.upsert_dataset_tables', return_value={})
-    module_mocker.patch('dataall.searchproxy.indexers.DatasetIndexer.upsert', return_value={})
+    module_mocker.patch('dataall.modules.datasets.indexers.dataset_indexer.DatasetIndexer.upsert', return_value={})
     module_mocker.patch('dataall.searchproxy.indexers.DatasetTableIndexer.upsert', return_value={})
     module_mocker.patch(
         'dataall.modules.datasets.indexers.location_indexer.DatasetLocationIndexer.upsert',
diff --git a/tests/modules/notebooks/test_notebook_stack.py b/tests/modules/notebooks/test_notebook_stack.py
index fc65e9af4..1c41c46c6 100644
--- a/tests/modules/notebooks/test_notebook_stack.py
+++ b/tests/modules/notebooks/test_notebook_stack.py
@@ -15,4 +15,4 @@ def test_notebook_stack(client, sgm_notebook, group):
         username="alice",
         groups=[group.name],
     )
-    assert response.data.updateStack.targetUri == sgm_notebook.notebookUri
\ No newline at end of file
+    assert response.data.updateStack.targetUri == sgm_notebook.notebookUri
diff --git a/tests/modules/notebooks/test_sagemaker_notebook.py b/tests/modules/notebooks/test_sagemaker_notebook.py
index 5fd4e4d16..8b2aa9792 100644
--- a/tests/modules/notebooks/test_sagemaker_notebook.py
+++ b/tests/modules/notebooks/test_sagemaker_notebook.py
@@ -12,7 +12,6 @@ def get_notebook_instance_status(self):
         return "INSERVICE"
 
 
-
 @pytest.fixture(scope='module')
 def org1(org, user, group, tenant):
     org1 = org('testorg', user.userName, group.name)
diff --git a/tests/searchproxy/test_indexers.py b/tests/searchproxy/test_indexers.py
index eda5a7dd7..ffc0370c1 100644
--- a/tests/searchproxy/test_indexers.py
+++ b/tests/searchproxy/test_indexers.py
@@ -6,10 +6,8 @@
 from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
 from dataall.searchproxy import indexers
 from dataall.modules.datasets.db.models import DatasetStorageLocation
-from dataall.searchproxy.indexers import (
-    DatasetIndexer,
-    DatasetTableIndexer,
-)
+from dataall.searchproxy.indexers import DatasetTableIndexer
+from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
 
 
 @pytest.fixture(scope='module', autouse=True)
diff --git a/tests/tasks/test_catalog_indexer.py b/tests/tasks/test_catalog_indexer.py
index d6e73e4c6..f8901933b 100644
--- a/tests/tasks/test_catalog_indexer.py
+++ b/tests/tasks/test_catalog_indexer.py
@@ -86,7 +86,7 @@ def test_catalog_indexer(db, org, env, sync_dataset, table, mocker):
         'dataall.searchproxy.indexers.upsert_dataset_tables', return_value=[table]
     )
     mocker.patch(
-        'dataall.searchproxy.indexers.DatasetIndexer.upsert', return_value=sync_dataset
+        'dataall.modules.datasets.indexers.dataset_indexer.DatasetIndexer.upsert', return_value=sync_dataset
     )
     indexed_objects_counter = dataall.tasks.catalog_indexer.index_objects(
         engine=db, es=True

From 0e730ac3945b53f4ee3cedaf2cd819d34e8d80b6 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 20 Apr 2023 10:50:08 +0200
Subject: [PATCH 065/346] Created a dataset repository.

There is a few of circular imports. It's a first attempt to solve it
---
 backend/dataall/db/api/dataset.py                   |  6 ++----
 .../modules/datasets/db/dataset_repository.py       | 13 +++++++++++++
 .../modules/datasets/services/dataset_location.py   |  4 ++--
 3 files changed, 17 insertions(+), 6 deletions(-)
 create mode 100644 backend/dataall/modules/datasets/db/dataset_repository.py

diff --git a/backend/dataall/db/api/dataset.py b/backend/dataall/db/api/dataset.py
index c9f2bd581..3c2c8de10 100644
--- a/backend/dataall/db/api/dataset.py
+++ b/backend/dataall/db/api/dataset.py
@@ -16,6 +16,7 @@
 from . import Organization
 from .. import models, api, exceptions, permissions, paginate
 from ..models.Enums import Language, ConfidentialityClassification
+from ...modules.datasets.db.dataset_repository import DatasetRepository
 from ...modules.datasets.services.dataset_location import DatasetLocationService
 from ...utils.naming_convention import (
     NamingConventionService,
@@ -210,10 +211,7 @@ def get_dataset(
 
     @staticmethod
     def get_dataset_by_uri(session, dataset_uri) -> models.Dataset:
-        dataset: Dataset = session.query(models.Dataset).get(dataset_uri)
-        if not dataset:
-            raise exceptions.ObjectNotFound('Dataset', dataset_uri)
-        return dataset
+        return DatasetRepository.get_dataset_by_uri(session, dataset_uri)
 
     @staticmethod
     def query_user_datasets(session, username, groups, filter) -> Query:
diff --git a/backend/dataall/modules/datasets/db/dataset_repository.py b/backend/dataall/modules/datasets/db/dataset_repository.py
new file mode 100644
index 000000000..d58c3a7a1
--- /dev/null
+++ b/backend/dataall/modules/datasets/db/dataset_repository.py
@@ -0,0 +1,13 @@
+from dataall.db import exceptions
+from dataall.db.models import Dataset
+
+
+class DatasetRepository:
+    """DAO layer for Datasets"""
+
+    @staticmethod
+    def get_dataset_by_uri(session, dataset_uri) -> Dataset:
+        dataset: Dataset = session.query(Dataset).get(dataset_uri)
+        if not dataset:
+            raise exceptions.ObjectNotFound('Dataset', dataset_uri)
+        return dataset
diff --git a/backend/dataall/modules/datasets/services/dataset_location.py b/backend/dataall/modules/datasets/services/dataset_location.py
index d0e8f0936..f1d8b5eaf 100644
--- a/backend/dataall/modules/datasets/services/dataset_location.py
+++ b/backend/dataall/modules/datasets/services/dataset_location.py
@@ -5,7 +5,7 @@
 
 from dataall.db.api import has_tenant_perm, has_resource_perm, Glossary
 from dataall.db import models, api, paginate, permissions, exceptions
-from dataall.db.api.dataset import Dataset
+from dataall.modules.datasets.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets.db.models import DatasetStorageLocation
 
 logger = logging.getLogger(__name__)
@@ -23,7 +23,7 @@ def create_dataset_location(
         data: dict = None,
         check_perm: bool = False,
     ) -> DatasetStorageLocation:
-        dataset = Dataset.get_dataset_by_uri(session, uri)
+        dataset = DatasetRepository.get_dataset_by_uri(session, uri)
         exists = (
             session.query(DatasetStorageLocation)
             .filter(

From 9ac79644614a6f9bf2fb5b9d003abc07dc07569f Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 20 Apr 2023 11:04:38 +0200
Subject: [PATCH 066/346] Moved DatasetTableIndexer

---
 .../dataall/api/Objects/Dataset/resolvers.py  |  5 +-
 .../api/Objects/DatasetTable/resolvers.py     |  2 +-
 .../datasets/indexers/table_indexer.py        | 98 +++++++++++++++++++
 .../modules/datasets/tasks/tables_syncer.py   |  3 +-
 backend/dataall/searchproxy/__init__.py       |  2 -
 backend/dataall/searchproxy/indexers.py       | 93 ------------------
 backend/dataall/tasks/catalog_indexer.py      |  5 +-
 tests/api/conftest.py                         |  5 +-
 tests/searchproxy/test_indexers.py            |  6 +-
 tests/tasks/test_catalog_indexer.py           |  3 +-
 10 files changed, 116 insertions(+), 106 deletions(-)
 create mode 100644 backend/dataall/modules/datasets/indexers/table_indexer.py

diff --git a/backend/dataall/api/Objects/Dataset/resolvers.py b/backend/dataall/api/Objects/Dataset/resolvers.py
index 2acdfa1fc..79e306c9e 100644
--- a/backend/dataall/api/Objects/Dataset/resolvers.py
+++ b/backend/dataall/api/Objects/Dataset/resolvers.py
@@ -19,6 +19,7 @@
 from dataall.searchproxy import indexers
 from dataall.modules.datasets.services.dataset_location import DatasetLocationService
 from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
+from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
 
 log = logging.getLogger(__name__)
 
@@ -324,8 +325,8 @@ def sync_tables(context: Context, source, datasetUri: str = None):
         session.add(task)
     Worker.process(engine=context.engine, task_ids=[task.taskUri], save_response=False)
     with context.engine.scoped_session() as session:
-        indexers.upsert_dataset_tables(
-            session=session, es=context.es, datasetUri=dataset.datasetUri
+        DatasetTableIndexer.upsert_all(
+            session=session, dataset_uri=dataset.datasetUri
         )
         indexers.remove_deleted_tables(
             session=session, es=context.es, datasetUri=dataset.datasetUri
diff --git a/backend/dataall/api/Objects/DatasetTable/resolvers.py b/backend/dataall/api/Objects/DatasetTable/resolvers.py
index 567985348..7df3d8cba 100644
--- a/backend/dataall/api/Objects/DatasetTable/resolvers.py
+++ b/backend/dataall/api/Objects/DatasetTable/resolvers.py
@@ -13,7 +13,7 @@
 from ....db.api import ResourcePolicy, Glossary
 from ....searchproxy import indexers
 from ....utils import json_utils
-from dataall.searchproxy.indexers import DatasetTableIndexer
+from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
 from dataall.modules.datasets.services.dataset_table import DatasetTableService
 
 log = logging.getLogger(__name__)
diff --git a/backend/dataall/modules/datasets/indexers/table_indexer.py b/backend/dataall/modules/datasets/indexers/table_indexer.py
new file mode 100644
index 000000000..1eab70a87
--- /dev/null
+++ b/backend/dataall/modules/datasets/indexers/table_indexer.py
@@ -0,0 +1,98 @@
+"""Indexes DatasetTable in OpenSearch"""
+from operator import and_
+
+from dataall.db import models
+from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
+from dataall.searchproxy.upsert import BaseIndexer
+
+
+class DatasetTableIndexer(BaseIndexer):
+
+    @classmethod
+    def upsert(cls, session, table_uri: str):
+        table = (
+            session.query(
+                models.DatasetTable.datasetUri.label('datasetUri'),
+                models.DatasetTable.tableUri.label('uri'),
+                models.DatasetTable.name.label('name'),
+                models.DatasetTable.owner.label('owner'),
+                models.DatasetTable.label.label('label'),
+                models.DatasetTable.description.label('description'),
+                models.Dataset.confidentiality.label('classification'),
+                models.DatasetTable.tags.label('tags'),
+                models.Dataset.topics.label('topics'),
+                models.Dataset.region.label('region'),
+                models.Organization.organizationUri.label('orgUri'),
+                models.Organization.name.label('orgName'),
+                models.Environment.environmentUri.label('envUri'),
+                models.Environment.name.label('envName'),
+                models.Dataset.SamlAdminGroupName.label('admins'),
+                models.Dataset.GlueDatabaseName.label('database'),
+                models.Dataset.S3BucketName.label('source'),
+                models.DatasetTable.created,
+                models.DatasetTable.updated,
+                models.DatasetTable.deleted,
+            )
+            .join(
+                models.Dataset,
+                models.Dataset.datasetUri == models.DatasetTable.datasetUri,
+            )
+            .join(
+                models.Organization,
+                models.Dataset.organizationUri == models.Organization.organizationUri,
+            )
+            .join(
+                models.Environment,
+                models.Dataset.environmentUri == models.Environment.environmentUri,
+            )
+            .filter(models.DatasetTable.tableUri == table_uri)
+            .first()
+        )
+
+        if table:
+            glossary = BaseIndexer._get_target_glossary_terms(session, table_uri)
+            tags = table.tags if table.tags else []
+            BaseIndexer._index(
+                doc_id=table_uri,
+                doc={
+                    'name': table.name,
+                    'admins': table.admins,
+                    'owner': table.owner,
+                    'label': table.label,
+                    'resourceKind': 'table',
+                    'description': table.description,
+                    'database': table.database,
+                    'source': table.source,
+                    'classification': table.classification,
+                    'tags': [t.replace('-', '') for t in tags or []],
+                    'topics': table.topics,
+                    'region': table.region.replace('-', ''),
+                    'datasetUri': table.datasetUri,
+                    'environmentUri': table.envUri,
+                    'environmentName': table.envName,
+                    'organizationUri': table.orgUri,
+                    'organizationName': table.orgName,
+                    'created': table.created,
+                    'updated': table.updated,
+                    'deleted': table.deleted,
+                    'glossary': glossary,
+                },
+            )
+            DatasetIndexer.upsert(session=session, dataset_uri=table.datasetUri)
+        return table
+
+    @classmethod
+    def upsert_all(cls, session, dataset_uri: str):
+        tables = (
+            session.query(models.DatasetTable)
+            .filter(
+                and_(
+                    models.DatasetTable.datasetUri == dataset_uri,
+                    models.DatasetTable.LastGlueTableStatus != 'Deleted',
+                )
+            )
+            .all()
+        )
+        for table in tables:
+            DatasetTableIndexer.upsert(session=session, table_uri=table.tableUri)
+        return tables
diff --git a/backend/dataall/modules/datasets/tasks/tables_syncer.py b/backend/dataall/modules/datasets/tasks/tables_syncer.py
index 27a870d60..7ae104cc9 100644
--- a/backend/dataall/modules/datasets/tasks/tables_syncer.py
+++ b/backend/dataall/modules/datasets/tasks/tables_syncer.py
@@ -8,6 +8,7 @@
 from dataall.aws.handlers.sts import SessionHelper
 from dataall.db import get_engine
 from dataall.db import models
+from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
 from dataall.searchproxy import indexers
 from dataall.searchproxy.connect import connect
 from dataall.utils.alarm_service import AlarmService
@@ -87,7 +88,7 @@ def sync_tables(engine, es=None):
                     processed_tables.extend(tables)
 
                     if es:
-                        indexers.upsert_dataset_tables(session, es, dataset.datasetUri)
+                        DatasetTableIndexer.upsert_all(session, dataset_uri=dataset.datasetUri)
             except Exception as e:
                 log.error(
                     f'Failed to sync tables for dataset '
diff --git a/backend/dataall/searchproxy/__init__.py b/backend/dataall/searchproxy/__init__.py
index 8b648babe..78493adb6 100644
--- a/backend/dataall/searchproxy/__init__.py
+++ b/backend/dataall/searchproxy/__init__.py
@@ -1,10 +1,8 @@
 from .connect import connect
-from .indexers import upsert_dataset_tables
 from .search import run_query
 
 __all__ = [
     'connect',
     'run_query',
     'upsert',
-    'upsert_dataset_tables',
 ]
diff --git a/backend/dataall/searchproxy/indexers.py b/backend/dataall/searchproxy/indexers.py
index fa91cb4eb..13ba44eea 100644
--- a/backend/dataall/searchproxy/indexers.py
+++ b/backend/dataall/searchproxy/indexers.py
@@ -5,87 +5,10 @@
 from .. import db
 from ..db import models
 from dataall.searchproxy.upsert import BaseIndexer
-from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
 
 log = logging.getLogger(__name__)
 
 
-class DatasetTableIndexer(BaseIndexer):
-
-    @classmethod
-    def upsert(cls, session, table_uri: str):
-        table = (
-            session.query(
-                models.DatasetTable.datasetUri.label('datasetUri'),
-                models.DatasetTable.tableUri.label('uri'),
-                models.DatasetTable.name.label('name'),
-                models.DatasetTable.owner.label('owner'),
-                models.DatasetTable.label.label('label'),
-                models.DatasetTable.description.label('description'),
-                models.Dataset.confidentiality.label('classification'),
-                models.DatasetTable.tags.label('tags'),
-                models.Dataset.topics.label('topics'),
-                models.Dataset.region.label('region'),
-                models.Organization.organizationUri.label('orgUri'),
-                models.Organization.name.label('orgName'),
-                models.Environment.environmentUri.label('envUri'),
-                models.Environment.name.label('envName'),
-                models.Dataset.SamlAdminGroupName.label('admins'),
-                models.Dataset.GlueDatabaseName.label('database'),
-                models.Dataset.S3BucketName.label('source'),
-                models.DatasetTable.created,
-                models.DatasetTable.updated,
-                models.DatasetTable.deleted,
-            )
-            .join(
-                models.Dataset,
-                models.Dataset.datasetUri == models.DatasetTable.datasetUri,
-            )
-            .join(
-                models.Organization,
-                models.Dataset.organizationUri == models.Organization.organizationUri,
-            )
-            .join(
-                models.Environment,
-                models.Dataset.environmentUri == models.Environment.environmentUri,
-            )
-            .filter(models.DatasetTable.tableUri == table_uri)
-            .first()
-        )
-
-        if table:
-            glossary = BaseIndexer._get_target_glossary_terms(session, table_uri)
-            tags = table.tags if table.tags else []
-            BaseIndexer._index(
-                doc_id=table_uri,
-                doc={
-                    'name': table.name,
-                    'admins': table.admins,
-                    'owner': table.owner,
-                    'label': table.label,
-                    'resourceKind': 'table',
-                    'description': table.description,
-                    'database': table.database,
-                    'source': table.source,
-                    'classification': table.classification,
-                    'tags': [t.replace('-', '') for t in tags or []],
-                    'topics': table.topics,
-                    'region': table.region.replace('-', ''),
-                    'datasetUri': table.datasetUri,
-                    'environmentUri': table.envUri,
-                    'environmentName': table.envName,
-                    'organizationUri': table.orgUri,
-                    'organizationName': table.orgName,
-                    'created': table.created,
-                    'updated': table.updated,
-                    'deleted': table.deleted,
-                    'glossary': glossary,
-                },
-            )
-            DatasetIndexer.upsert(session=session, dataset_uri=table.datasetUri)
-        return table
-
-
 class DashboardIndexer(BaseIndexer):
     @classmethod
     def upsert(cls, session, dashboard_uri: str):
@@ -149,22 +72,6 @@ def upsert(cls, session, dashboard_uri: str):
         return dashboard
 
 
-def upsert_dataset_tables(session, es, datasetUri: str):
-    tables = (
-        session.query(models.DatasetTable)
-        .filter(
-            and_(
-                models.DatasetTable.datasetUri == datasetUri,
-                models.DatasetTable.LastGlueTableStatus != 'Deleted',
-            )
-        )
-        .all()
-    )
-    for table in tables:
-        DatasetTableIndexer.upsert(session=session, table_uri=table.tableUri)
-    return tables
-
-
 def remove_deleted_tables(session, es, datasetUri: str):
     tables = (
         session.query(models.DatasetTable)
diff --git a/backend/dataall/tasks/catalog_indexer.py b/backend/dataall/tasks/catalog_indexer.py
index e3d80458e..5d32800c7 100644
--- a/backend/dataall/tasks/catalog_indexer.py
+++ b/backend/dataall/tasks/catalog_indexer.py
@@ -3,10 +3,11 @@
 import sys
 
 from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
+from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
 from .. import db
 from ..db import get_engine, exceptions
 from ..db import models
-from dataall.searchproxy.indexers import upsert_dataset_tables, DashboardIndexer
+from dataall.searchproxy.indexers import DashboardIndexer
 from ..searchproxy.connect import (
     connect,
 )
@@ -34,7 +35,7 @@ def index_objects(engine, es):
             log.info(f'Found {len(all_datasets)} datasets')
             dataset: models.Dataset
             for dataset in all_datasets:
-                tables = upsert_dataset_tables(session, es, dataset.datasetUri)
+                tables = DatasetTableIndexer.upsert_all(session, dataset.datasetUri)
                 folders = DatasetLocationIndexer.upsert_all(session, dataset_uri=dataset.datasetUri)
                 indexed_objects_counter = (
                     indexed_objects_counter + len(tables) + len(folders) + 1
diff --git a/tests/api/conftest.py b/tests/api/conftest.py
index 9eb50e050..619559b5c 100644
--- a/tests/api/conftest.py
+++ b/tests/api/conftest.py
@@ -29,7 +29,10 @@ def patch_es(module_mocker):
     module_mocker.patch('dataall.searchproxy.connect', return_value={})
     module_mocker.patch('dataall.searchproxy.search', return_value={})
     module_mocker.patch('dataall.searchproxy.upsert', return_value={})
-    module_mocker.patch('dataall.searchproxy.indexers.upsert_dataset_tables', return_value={})
+    module_mocker.patch(
+        'dataall.modules.datasets.indexers.table_indexer.DatasetTableIndexer.indexers.upsert_all',
+        return_value={}
+    )
     module_mocker.patch('dataall.modules.datasets.indexers.dataset_indexer.DatasetIndexer.upsert', return_value={})
     module_mocker.patch('dataall.searchproxy.indexers.DatasetTableIndexer.upsert', return_value={})
     module_mocker.patch(
diff --git a/tests/searchproxy/test_indexers.py b/tests/searchproxy/test_indexers.py
index ffc0370c1..fd31506f1 100644
--- a/tests/searchproxy/test_indexers.py
+++ b/tests/searchproxy/test_indexers.py
@@ -4,9 +4,9 @@
 
 import dataall
 from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
+from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
 from dataall.searchproxy import indexers
 from dataall.modules.datasets.db.models import DatasetStorageLocation
-from dataall.searchproxy.indexers import DatasetTableIndexer
 from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
 
 
@@ -152,7 +152,7 @@ def test_upsert_folder(db, dataset, env, mocker, folder):
 def test_upsert_tables(db, dataset, env, mocker, folder):
     mocker.patch('dataall.searchproxy.upsert', return_value={})
     with db.scoped_session() as session:
-        tables = indexers.upsert_dataset_tables(
-            session, es={}, datasetUri=dataset.datasetUri
+        tables = DatasetTableIndexer.upsert_all(
+            session, dataset_uri=dataset.datasetUri
         )
         assert len(tables) == 1
diff --git a/tests/tasks/test_catalog_indexer.py b/tests/tasks/test_catalog_indexer.py
index f8901933b..31b0f14d4 100644
--- a/tests/tasks/test_catalog_indexer.py
+++ b/tests/tasks/test_catalog_indexer.py
@@ -83,7 +83,8 @@ def table(org, env, db, sync_dataset):
 
 def test_catalog_indexer(db, org, env, sync_dataset, table, mocker):
     mocker.patch(
-        'dataall.searchproxy.indexers.upsert_dataset_tables', return_value=[table]
+        'dataall.modules.datasets.indexers.table_indexer.DatasetTableIndexer.upsert_all',
+        return_value=[table]
     )
     mocker.patch(
         'dataall.modules.datasets.indexers.dataset_indexer.DatasetIndexer.upsert', return_value=sync_dataset

From a1825ba4797bdaf8468868d675aa3bcc54193688 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 20 Apr 2023 11:42:15 +0200
Subject: [PATCH 067/346] Fixed test mocking

---
 tests/api/conftest.py                | 4 ++--
 tests/api/test_dataset_location.py   | 3 ++-
 tests/cdkproxy/test_dataset_stack.py | 4 ++--
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/tests/api/conftest.py b/tests/api/conftest.py
index 619559b5c..f959be417 100644
--- a/tests/api/conftest.py
+++ b/tests/api/conftest.py
@@ -30,11 +30,11 @@ def patch_es(module_mocker):
     module_mocker.patch('dataall.searchproxy.search', return_value={})
     module_mocker.patch('dataall.searchproxy.upsert', return_value={})
     module_mocker.patch(
-        'dataall.modules.datasets.indexers.table_indexer.DatasetTableIndexer.indexers.upsert_all',
+        'dataall.modules.datasets.indexers.table_indexer.DatasetTableIndexer.upsert_all',
         return_value={}
     )
     module_mocker.patch('dataall.modules.datasets.indexers.dataset_indexer.DatasetIndexer.upsert', return_value={})
-    module_mocker.patch('dataall.searchproxy.indexers.DatasetTableIndexer.upsert', return_value={})
+    module_mocker.patch('dataall.modules.datasets.indexers.table_indexer.DatasetTableIndexer.upsert', return_value={})
     module_mocker.patch(
         'dataall.modules.datasets.indexers.location_indexer.DatasetLocationIndexer.upsert',
         return_value={}
diff --git a/tests/api/test_dataset_location.py b/tests/api/test_dataset_location.py
index 128d21bbb..2977a8baf 100644
--- a/tests/api/test_dataset_location.py
+++ b/tests/api/test_dataset_location.py
@@ -71,7 +71,8 @@ def test_get_dataset(client, dataset1, env1, user, group):
 
 def test_create_location(client, dataset1, env1, user, group, patch_es, module_mocker):
     module_mocker.patch(
-        'dataall.aws.handlers.s3.S3.create_bucket_prefix', return_value=True
+        'dataall.modules.datasets.handlers.s3_location_handler.S3DatasetLocationHandler.create_bucket_prefix',
+        return_value=True
     )
     response = client.query(
         """
diff --git a/tests/cdkproxy/test_dataset_stack.py b/tests/cdkproxy/test_dataset_stack.py
index 34f495056..a9a84fc4e 100644
--- a/tests/cdkproxy/test_dataset_stack.py
+++ b/tests/cdkproxy/test_dataset_stack.py
@@ -8,9 +8,9 @@
 
 @pytest.fixture(scope='function', autouse=True)
 def patch_methods(mocker, db, dataset, env, org):
-    mocker.patch('dataall.cdkproxy.stacks.dataset.DatasetStack.get_engine', return_value=db)
+    mocker.patch('dataall.modules.datasets.cdk.dataset_stack.DatasetStack.get_engine', return_value=db)
     mocker.patch(
-        'dataall.cdkproxy.stacks.dataset.DatasetStack.get_target', return_value=dataset
+        'dataall.modules.datasets.cdk.dataset_stack.DatasetStack.get_target', return_value=dataset
     )
     mocker.patch(
         'dataall.aws.handlers.sts.SessionHelper.get_delegation_role_name',

From d2954853f5f4d894b219d79a5f5e876e84afb669 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 20 Apr 2023 11:43:01 +0200
Subject: [PATCH 068/346] Fixed circular import while half of the module is not
 migrate

---
 backend/dataall/api/Objects/Glossary/registry.py |  9 +--------
 backend/dataall/modules/datasets/__init__.py     | 13 +++++++++++--
 2 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/backend/dataall/api/Objects/Glossary/registry.py b/backend/dataall/api/Objects/Glossary/registry.py
index 147f97a0e..36fea6cf0 100644
--- a/backend/dataall/api/Objects/Glossary/registry.py
+++ b/backend/dataall/api/Objects/Glossary/registry.py
@@ -6,7 +6,7 @@
 from dataall.api import gql
 from dataall.api.gql.graphql_union_type import UnionTypeRegistry
 from dataall.db import Resource, models
-from dataall.searchproxy.indexers import DashboardIndexer, DatasetTableIndexer
+from dataall.searchproxy.indexers import DashboardIndexer
 from dataall.searchproxy.upsert import BaseIndexer
 
 
@@ -67,11 +67,4 @@ def reindex(cls, session, es: OpenSearch, target_type: str, target_uri: str):
     object_type="Dashboard",
     model=models.Dashboard,
     reindexer=DashboardIndexer
-))
-
-GlossaryRegistry.register(GlossaryDefinition(
-    target_type="DatasetTable",
-    object_type="DatasetTable",
-    model=models.DatasetTable,
-    reindexer=DatasetTableIndexer
 ))
\ No newline at end of file
diff --git a/backend/dataall/modules/datasets/__init__.py b/backend/dataall/modules/datasets/__init__.py
index 03cd58cdc..e02a9d9bf 100644
--- a/backend/dataall/modules/datasets/__init__.py
+++ b/backend/dataall/modules/datasets/__init__.py
@@ -2,12 +2,11 @@
 import logging
 from typing import List
 
-from dataall.api.Objects.Feed.registry import FeedRegistry, FeedDefinition
-from dataall.api.Objects.Glossary.registry import GlossaryRegistry, GlossaryDefinition
 from dataall.db import models
 from dataall.modules.datasets.db.models import DatasetTableColumn, DatasetStorageLocation
 from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
 from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
+from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
 from dataall.modules.loader import ModuleInterface, ImportMode
 
 log = logging.getLogger(__name__)
@@ -21,6 +20,9 @@ def is_supported(cls, modes):
         return ImportMode.API in modes
 
     def __init__(self):
+        from dataall.api.Objects.Feed.registry import FeedRegistry, FeedDefinition
+        from dataall.api.Objects.Glossary.registry import GlossaryRegistry, GlossaryDefinition
+
         import dataall.modules.datasets.api
 
         FeedRegistry.register(FeedDefinition("DatasetTableColumn", DatasetTableColumn))
@@ -41,6 +43,13 @@ def __init__(self):
             reindexer=DatasetIndexer
         ))
 
+        GlossaryRegistry.register(GlossaryDefinition(
+            target_type="DatasetTable",
+            object_type="DatasetTable",
+            model=models.DatasetTable,
+            reindexer=DatasetTableIndexer
+        ))
+
         log.info("API of datasets has been imported")
 
 

From 005a5e7201f1e5218dd5d8c4039fdcd593cde772 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 20 Apr 2023 14:23:31 +0200
Subject: [PATCH 069/346] Removed not used alarms

---
 .../share_managers/s3_share_manager.py        | 12 +---
 backend/dataall/utils/alarm_service.py        | 55 ---------------
 tests/tasks/test_s3_share_manager.py          | 70 -------------------
 3 files changed, 2 insertions(+), 135 deletions(-)

diff --git a/backend/dataall/tasks/data_sharing/share_managers/s3_share_manager.py b/backend/dataall/tasks/data_sharing/share_managers/s3_share_manager.py
index f0ea4e162..30c72a60e 100644
--- a/backend/dataall/tasks/data_sharing/share_managers/s3_share_manager.py
+++ b/backend/dataall/tasks/data_sharing/share_managers/s3_share_manager.py
@@ -398,7 +398,7 @@ def delete_dataset_bucket_key_policy(
                 json.dumps(policy)
             )
 
-    def handle_share_failure(self, error: Exception) -> bool:
+    def handle_share_failure(self, error: Exception) -> None:
         """
         Handles share failure by raising an alarm to alarmsTopic
         Returns
@@ -411,12 +411,8 @@ def handle_share_failure(self, error: Exception) -> bool:
             f'with target account {self.target_environment.AwsAccountId}/{self.target_environment.region} '
             f'due to: {error}'
         )
-        AlarmService().trigger_folder_sharing_failure_alarm(
-            self.target_folder, self.share, self.target_environment
-        )
-        return True
 
-    def handle_revoke_failure(self, error: Exception) -> bool:
+    def handle_revoke_failure(self, error: Exception) -> None:
         """
         Handles share failure by raising an alarm to alarmsTopic
         Returns
@@ -429,7 +425,3 @@ def handle_revoke_failure(self, error: Exception) -> bool:
             f'with target account {self.target_environment.AwsAccountId}/{self.target_environment.region} '
             f'due to: {error}'
         )
-        AlarmService().trigger_revoke_folder_sharing_failure_alarm(
-            self.target_folder, self.share, self.target_environment
-        )
-        return True
diff --git a/backend/dataall/utils/alarm_service.py b/backend/dataall/utils/alarm_service.py
index 436d5a701..b414e1ed0 100644
--- a/backend/dataall/utils/alarm_service.py
+++ b/backend/dataall/utils/alarm_service.py
@@ -11,7 +11,6 @@
 
 from ..aws.handlers.sts import SessionHelper
 from ..db import models
-from dataall.modules.datasets.db.models import DatasetStorageLocation
 
 logger = logging.getLogger(__name__)
 
@@ -73,60 +72,6 @@ def trigger_table_sharing_failure_alarm(
 """
         return self.publish_message_to_alarms_topic(subject, message)
 
-    def trigger_folder_sharing_failure_alarm(
-        self,
-        folder: DatasetStorageLocation,
-        share: models.ShareObject,
-        target_environment: models.Environment,
-    ):
-        logger.info('Triggering share failure alarm...')
-        subject = (
-            f'ALARM: DATAALL Folder {folder.S3Prefix} Sharing Failure Notification'
-        )
-        message = f"""
-You are receiving this email because your DATAALL {self.envname} environment in the {self.region} region has entered the ALARM state, because it failed to share the folder {folder.S3Prefix} with S3 Access Point.
-Alarm Details:
-    - State Change:               	OK -> ALARM
-    - Reason for State Change:      S3 Folder sharing failure
-    - Timestamp:                              {datetime.now()}
-    Share Source
-    - Dataset URI:                   {share.datasetUri}
-    - AWS Account:                   {folder.AWSAccountId}
-    - Region:                            {folder.region}
-    - S3 Bucket:                     {folder.S3BucketName}
-    - S3 Folder:                     {folder.S3Prefix}
-    Share Target
-    - AWS Account:                {target_environment.AwsAccountId}
-    - Region:                            {target_environment.region}
-"""
-
-    def trigger_revoke_folder_sharing_failure_alarm(
-        self,
-        folder: DatasetStorageLocation,
-        share: models.ShareObject,
-        target_environment: models.Environment,
-    ):
-        logger.info('Triggering share failure alarm...')
-        subject = (
-            f'ALARM: DATAALL Folder {folder.S3Prefix} Sharing Revoke Failure Notification'
-        )
-        message = f"""
-You are receiving this email because your DATAALL {self.envname} environment in the {self.region} region has entered the ALARM state, because it failed to share the folder {folder.S3Prefix} with S3 Access Point.
-Alarm Details:
-    - State Change:               	OK -> ALARM
-    - Reason for State Change:      S3 Folder sharing Revoke failure
-    - Timestamp:                              {datetime.now()}
-    Share Source
-    - Dataset URI:                   {share.datasetUri}
-    - AWS Account:                   {folder.AWSAccountId}
-    - Region:                            {folder.region}
-    - S3 Bucket:                     {folder.S3BucketName}
-    - S3 Folder:                     {folder.S3Prefix}
-    Share Target
-    - AWS Account:                {target_environment.AwsAccountId}
-    - Region:                            {target_environment.region}
-"""
-
     def trigger_revoke_table_sharing_failure_alarm(
         self,
         table: models.DatasetTable,
diff --git a/tests/tasks/test_s3_share_manager.py b/tests/tasks/test_s3_share_manager.py
index 2841be87e..14f61fefd 100644
--- a/tests/tasks/test_s3_share_manager.py
+++ b/tests/tasks/test_s3_share_manager.py
@@ -1415,73 +1415,3 @@ def test_delete_dataset_bucket_key_policy_existing_policy_with_no_additional_tar
         # Then
         kms_put_key_policy_mock.assert_called()
         kms_put_key_policy_mock.assert_called_with(source_environment.AwsAccountId, 'eu-central-1', kms_get_key_mock.return_value, "default", json.dumps(remaining_policy))
-
-
-def test_handle_share_failure(
-    mocker,
-    source_environment_group: models.EnvironmentGroup,
-    target_environment_group: models.EnvironmentGroup,
-    dataset1: models.Dataset,
-    db,
-    share1: models.ShareObject,
-    share_item_folder1: models.ShareObjectItem,
-    location1: DatasetStorageLocation,
-    source_environment: models.Environment,
-    target_environment: models.Environment,
-):
-    # Given
-    alarm_service_mock = mocker.patch.object(AlarmService, "trigger_folder_sharing_failure_alarm")
-
-    with db.scoped_session() as session:
-        manager = S3ShareManager(
-            session,
-            dataset1,
-            share1,
-            location1,
-            source_environment,
-            target_environment,
-            source_environment_group,
-            target_environment_group,
-        )
-
-        error = Exception
-        # When
-        manager.handle_share_failure(error)
-
-        # Then
-        alarm_service_mock.assert_called()
-
-
-def test_handle_revoke_failure(
-    mocker,
-    source_environment_group: models.EnvironmentGroup,
-    target_environment_group: models.EnvironmentGroup,
-    dataset1: models.Dataset,
-    db,
-    share1: models.ShareObject,
-    share_item_folder1: models.ShareObjectItem,
-    location1: DatasetStorageLocation,
-    source_environment: models.Environment,
-    target_environment: models.Environment,
-):
-    # Given
-    alarm_service_mock = mocker.patch.object(AlarmService, "trigger_revoke_folder_sharing_failure_alarm")
-
-    with db.scoped_session() as session:
-        manager = S3ShareManager(
-            session,
-            dataset1,
-            share1,
-            location1,
-            source_environment,
-            target_environment,
-            source_environment_group,
-            target_environment_group,
-        )
-
-        error = Exception
-        # When
-        manager.handle_revoke_failure(error)
-
-        # Then
-        alarm_service_mock.assert_called()

From 0fd7c02f4498e1ab6a22610f64448411e84e7ecc Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 21 Apr 2023 10:19:15 +0200
Subject: [PATCH 070/346] Moved dataset table GraphQL api in modules

---
 backend/dataall/api/Objects/__init__.py        |  1 -
 .../dataall/modules/datasets/api/__init__.py   |  5 +++--
 .../datasets/api/table}/__init__.py            |  2 +-
 .../datasets/api/table}/input_types.py         |  4 ++--
 .../datasets/api/table}/mutations.py           | 11 ++++++++---
 .../datasets/api/table}/queries.py             | 12 ++++++++----
 .../datasets/api/table}/resolvers.py           | 18 +++++++++---------
 .../datasets/api/table}/schema.py              | 12 +++++++++---
 8 files changed, 40 insertions(+), 25 deletions(-)
 rename backend/dataall/{api/Objects/DatasetTable => modules/datasets/api/table}/__init__.py (75%)
 rename backend/dataall/{api/Objects/DatasetTable => modules/datasets/api/table}/input_types.py (93%)
 rename backend/dataall/{api/Objects/DatasetTable => modules/datasets/api/table}/mutations.py (82%)
 rename backend/dataall/{api/Objects/DatasetTable => modules/datasets/api/table}/queries.py (81%)
 rename backend/dataall/{api/Objects/DatasetTable => modules/datasets/api/table}/resolvers.py (95%)
 rename backend/dataall/{api/Objects/DatasetTable => modules/datasets/api/table}/schema.py (94%)

diff --git a/backend/dataall/api/Objects/__init__.py b/backend/dataall/api/Objects/__init__.py
index 7c064fb1f..5cc73fbdf 100644
--- a/backend/dataall/api/Objects/__init__.py
+++ b/backend/dataall/api/Objects/__init__.py
@@ -17,7 +17,6 @@
     DataPipeline,
     Environment,
     Activity,
-    DatasetTable,
     Dataset,
     Group,
     Principal,
diff --git a/backend/dataall/modules/datasets/api/__init__.py b/backend/dataall/modules/datasets/api/__init__.py
index 4c279340e..7fe2d06a1 100644
--- a/backend/dataall/modules/datasets/api/__init__.py
+++ b/backend/dataall/modules/datasets/api/__init__.py
@@ -2,7 +2,8 @@
 from dataall.modules.datasets.api import (
     table_column,
     profiling,
-    storage_location
+    storage_location,
+    table
 )
 
-__all__ = ["table_column", "profiling", "storage_location"]
+__all__ = ["table_column", "profiling", "storage_location", "table"]
diff --git a/backend/dataall/api/Objects/DatasetTable/__init__.py b/backend/dataall/modules/datasets/api/table/__init__.py
similarity index 75%
rename from backend/dataall/api/Objects/DatasetTable/__init__.py
rename to backend/dataall/modules/datasets/api/table/__init__.py
index dfa46b264..3aaba05cf 100644
--- a/backend/dataall/api/Objects/DatasetTable/__init__.py
+++ b/backend/dataall/modules/datasets/api/table/__init__.py
@@ -1,4 +1,4 @@
-from . import (
+from dataall.modules.datasets.api.table import (
     input_types,
     mutations,
     queries,
diff --git a/backend/dataall/api/Objects/DatasetTable/input_types.py b/backend/dataall/modules/datasets/api/table/input_types.py
similarity index 93%
rename from backend/dataall/api/Objects/DatasetTable/input_types.py
rename to backend/dataall/modules/datasets/api/table/input_types.py
index a5bd07998..2e6649515 100644
--- a/backend/dataall/api/Objects/DatasetTable/input_types.py
+++ b/backend/dataall/modules/datasets/api/table/input_types.py
@@ -1,5 +1,5 @@
-from ... import gql
-from ....api.constants import SortDirection, GraphQLEnumMapper
+from dataall.api import gql
+from dataall.api.constants import SortDirection, GraphQLEnumMapper
 
 
 NewDatasetTableInput = gql.InputType(
diff --git a/backend/dataall/api/Objects/DatasetTable/mutations.py b/backend/dataall/modules/datasets/api/table/mutations.py
similarity index 82%
rename from backend/dataall/api/Objects/DatasetTable/mutations.py
rename to backend/dataall/modules/datasets/api/table/mutations.py
index 532605cff..7a26a6c15 100644
--- a/backend/dataall/api/Objects/DatasetTable/mutations.py
+++ b/backend/dataall/modules/datasets/api/table/mutations.py
@@ -1,9 +1,14 @@
-from ... import gql
-from .input_types import (
+from dataall.api import gql
+from dataall.modules.datasets.api.table.input_types import (
     ModifyDatasetTableInput,
     NewDatasetTableInput,
 )
-from .resolvers import *
+from dataall.modules.datasets.api.table.resolvers import (
+    create_table,
+    update_table,
+    delete_table,
+    publish_table_update
+)
 
 createDatasetTable = gql.MutationField(
     name='createDatasetTable',
diff --git a/backend/dataall/api/Objects/DatasetTable/queries.py b/backend/dataall/modules/datasets/api/table/queries.py
similarity index 81%
rename from backend/dataall/api/Objects/DatasetTable/queries.py
rename to backend/dataall/modules/datasets/api/table/queries.py
index 8f7809e62..a6d8d48cf 100644
--- a/backend/dataall/api/Objects/DatasetTable/queries.py
+++ b/backend/dataall/modules/datasets/api/table/queries.py
@@ -1,7 +1,11 @@
-from ... import gql
-from .input_types import DatasetTableFilter
-from .resolvers import *
-from .schema import (
+from dataall.api import gql
+from dataall.modules.datasets.api.table.input_types import DatasetTableFilter
+from dataall.modules.datasets.api.table.resolvers import (
+    get_table,
+    list_shared_tables_by_env_dataset,
+    preview
+)
+from dataall.modules.datasets.api.table.schema import (
     DatasetTable,
     DatasetTableSearchResult,
 )
diff --git a/backend/dataall/api/Objects/DatasetTable/resolvers.py b/backend/dataall/modules/datasets/api/table/resolvers.py
similarity index 95%
rename from backend/dataall/api/Objects/DatasetTable/resolvers.py
rename to backend/dataall/modules/datasets/api/table/resolvers.py
index 7df3d8cba..f4d7f4ea1 100644
--- a/backend/dataall/api/Objects/DatasetTable/resolvers.py
+++ b/backend/dataall/modules/datasets/api/table/resolvers.py
@@ -4,15 +4,15 @@
 from botocore.exceptions import ClientError
 from pyathena import connect
 
-from .... import db
-from ..Dataset.resolvers import get_dataset
-from ....api.context import Context
-from ....aws.handlers.service_handlers import Worker
-from ....aws.handlers.sts import SessionHelper
-from ....db import permissions, models
-from ....db.api import ResourcePolicy, Glossary
-from ....searchproxy import indexers
-from ....utils import json_utils
+from dataall import db
+from dataall.api.Objects.Dataset.resolvers import get_dataset
+from dataall.api.context import Context
+from dataall.aws.handlers.service_handlers import Worker
+from dataall.aws.handlers.sts import SessionHelper
+from dataall.db import permissions, models
+from dataall.db.api import ResourcePolicy, Glossary
+from dataall.searchproxy import indexers
+from dataall.utils import json_utils
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
 from dataall.modules.datasets.services.dataset_table import DatasetTableService
 
diff --git a/backend/dataall/api/Objects/DatasetTable/schema.py b/backend/dataall/modules/datasets/api/table/schema.py
similarity index 94%
rename from backend/dataall/api/Objects/DatasetTable/schema.py
rename to backend/dataall/modules/datasets/api/table/schema.py
index 74d413818..666bf7e35 100644
--- a/backend/dataall/api/Objects/DatasetTable/schema.py
+++ b/backend/dataall/modules/datasets/api/table/schema.py
@@ -1,7 +1,13 @@
 from dataall.modules.datasets.api.table_column.resolvers import list_table_columns
-from ... import gql
-from .resolvers import *
-from ...constants import GraphQLEnumMapper
+from dataall.api import gql
+from dataall.modules.datasets.api.table.resolvers import (
+    resolve_dataset,
+    get_glue_table_properties,
+    resolve_redshift_copy_location,
+    resolve_glossary_terms,
+    resolve_redshift_copy_schema
+)
+from dataall.api.constants import GraphQLEnumMapper
 
 TablePermission = gql.ObjectType(
     name='TablePermission',

From 7030c8226c6a741078ee6f0cb9c8e217be406fc4 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 21 Apr 2023 10:53:55 +0200
Subject: [PATCH 071/346] Moved DatasetTable model to modules

---
 backend/dataall/api/Objects/Feed/registry.py  |  1 -
 .../api/Objects/ShareObject/resolvers.py      |  4 +-
 backend/dataall/aws/handlers/glue.py          |  3 +-
 backend/dataall/aws/handlers/redshift.py      |  3 +-
 backend/dataall/db/api/dataset.py             | 33 ++++++------
 backend/dataall/db/api/redshift_cluster.py    | 25 +++++-----
 backend/dataall/db/api/share_object.py        | 26 +++++-----
 backend/dataall/db/models/DatasetTable.py     | 32 ------------
 backend/dataall/db/models/__init__.py         |  1 -
 backend/dataall/modules/datasets/__init__.py  |  5 +-
 .../modules/datasets/api/table/resolvers.py   | 17 ++++---
 .../datasets/api/table_column/resolvers.py    |  8 +--
 .../modules/datasets/cdk/dataset_stack.py     | 16 +++---
 backend/dataall/modules/datasets/db/models.py | 31 +++++++++++-
 .../datasets/handlers/glue_column_handler.py  | 12 ++---
 .../datasets/indexers/table_indexer.py        | 31 ++++++------
 .../services/dataset_profiling_service.py     | 28 +++++------
 .../services/dataset_share_service.py         | 18 +++----
 .../datasets/services/dataset_table.py        | 50 +++++++++----------
 .../datasets/tasks/subscription_service.py    | 10 ++--
 .../modules/datasets/tasks/tables_syncer.py   |  5 +-
 backend/dataall/searchproxy/indexers.py       |  7 +--
 .../dataall/tasks/bucket_policy_updater.py    | 20 ++++----
 .../share_managers/lf_share_manager.py        | 23 +++++----
 .../lf_process_cross_account_share.py         |  5 +-
 .../lf_process_same_account_share.py          |  7 +--
 backend/dataall/utils/alarm_service.py        |  5 +-
 ...215e_backfill_dataset_table_permissions.py |  5 +-
 tests/api/conftest.py                         |  8 +--
 tests/api/test_dataset.py                     |  4 +-
 tests/api/test_dataset_profiling.py           | 12 ++---
 tests/api/test_dataset_table.py               | 34 ++++++-------
 tests/api/test_glossary.py                    |  6 +--
 tests/api/test_share.py                       | 11 ++--
 tests/cdkproxy/conftest.py                    |  5 +-
 tests/searchproxy/test_indexers.py            |  4 +-
 tests/tasks/conftest.py                       |  8 +--
 tests/tasks/test_catalog_indexer.py           |  3 +-
 tests/tasks/test_lf_share_manager.py          | 35 ++++++-------
 tests/tasks/test_policies.py                  |  3 +-
 tests/tasks/test_subscriptions.py             |  3 +-
 tests/tasks/test_tables_sync.py               |  9 ++--
 42 files changed, 292 insertions(+), 284 deletions(-)
 delete mode 100644 backend/dataall/db/models/DatasetTable.py

diff --git a/backend/dataall/api/Objects/Feed/registry.py b/backend/dataall/api/Objects/Feed/registry.py
index 6a01a488a..4fedd252a 100644
--- a/backend/dataall/api/Objects/Feed/registry.py
+++ b/backend/dataall/api/Objects/Feed/registry.py
@@ -38,5 +38,4 @@ def types(cls):
 
 FeedRegistry.register(FeedDefinition("Worksheet", models.Worksheet))
 FeedRegistry.register(FeedDefinition("DataPipeline", models.DataPipeline))
-FeedRegistry.register(FeedDefinition("DatasetTable", models.DatasetTable))
 FeedRegistry.register(FeedDefinition("Dashboard", models.Dashboard))
diff --git a/backend/dataall/api/Objects/ShareObject/resolvers.py b/backend/dataall/api/Objects/ShareObject/resolvers.py
index 16e4e1353..49f20fc17 100644
--- a/backend/dataall/api/Objects/ShareObject/resolvers.py
+++ b/backend/dataall/api/Objects/ShareObject/resolvers.py
@@ -7,7 +7,7 @@
 from ....api.context import Context
 from ....aws.handlers.service_handlers import Worker
 from ....db import models
-from dataall.modules.datasets.db.models import DatasetStorageLocation
+from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable
 
 log = logging.getLogger(__name__)
 
@@ -265,7 +265,7 @@ def resolve_dataset(context: Context, source: models.ShareObject, **kwargs):
 
 
 def union_resolver(object, *_):
-    if isinstance(object, models.DatasetTable):
+    if isinstance(object, DatasetTable):
         return 'DatasetTable'
     elif isinstance(object, DatasetStorageLocation):
         return 'DatasetStorageLocation'
diff --git a/backend/dataall/aws/handlers/glue.py b/backend/dataall/aws/handlers/glue.py
index e76fd4e63..c2a7ecf21 100644
--- a/backend/dataall/aws/handlers/glue.py
+++ b/backend/dataall/aws/handlers/glue.py
@@ -6,6 +6,7 @@
 from .sts import SessionHelper
 from ... import db
 from ...db import models
+from dataall.modules.datasets.db.models import DatasetTable
 
 log = logging.getLogger('aws:glue')
 
@@ -524,7 +525,7 @@ def get_job_runs(engine, task: models.Task):
 
     @staticmethod
     def grant_principals_all_table_permissions(
-        table: models.DatasetTable, principals: [str], client=None
+        table: DatasetTable, principals: [str], client=None
     ):
         """
         Update the table permissions on Lake Formation
diff --git a/backend/dataall/aws/handlers/redshift.py b/backend/dataall/aws/handlers/redshift.py
index c186d5df7..1fe6c738c 100644
--- a/backend/dataall/aws/handlers/redshift.py
+++ b/backend/dataall/aws/handlers/redshift.py
@@ -11,6 +11,7 @@
 from ...db import models
 # TODO should be migrated in the redshift module
 from dataall.modules.datasets.services.dataset_table import DatasetTableService
+from dataall.modules.datasets.db.models import DatasetTable
 
 log = logging.getLogger(__name__)
 
@@ -448,7 +449,7 @@ def copy_data(engine, task: models.Task):
                 session, task.payload['datasetUri']
             )
 
-            table: models.DatasetTable = DatasetTableService.get_dataset_table_by_uri(
+            table: DatasetTable = DatasetTableService.get_dataset_table_by_uri(
                 session, task.payload['tableUri']
             )
 
diff --git a/backend/dataall/db/api/dataset.py b/backend/dataall/db/api/dataset.py
index 3c2c8de10..d328dddb5 100644
--- a/backend/dataall/db/api/dataset.py
+++ b/backend/dataall/db/api/dataset.py
@@ -16,9 +16,10 @@
 from . import Organization
 from .. import models, api, exceptions, permissions, paginate
 from ..models.Enums import Language, ConfidentialityClassification
-from ...modules.datasets.db.dataset_repository import DatasetRepository
-from ...modules.datasets.services.dataset_location import DatasetLocationService
-from ...utils.naming_convention import (
+from dataall.modules.datasets.db.dataset_repository import DatasetRepository
+from dataall.modules.datasets.db.models import DatasetTable
+from dataall.modules.datasets.services.dataset_location import DatasetLocationService
+from dataall.utils.naming_convention import (
     NamingConventionService,
     NamingConventionPattern,
 )
@@ -266,21 +267,21 @@ def paginated_dataset_tables(
         session, username, groups, uri, data=None, check_perm=None
     ) -> dict:
         query = (
-            session.query(models.DatasetTable)
+            session.query(DatasetTable)
             .filter(
                 and_(
-                    models.DatasetTable.datasetUri == uri,
-                    models.DatasetTable.LastGlueTableStatus != 'Deleted',
+                    DatasetTable.datasetUri == uri,
+                    DatasetTable.LastGlueTableStatus != 'Deleted',
                 )
             )
-            .order_by(models.DatasetTable.created.desc())
+            .order_by(DatasetTable.created.desc())
         )
         if data and data.get('term'):
             query = query.filter(
                 or_(
                     *[
-                        models.DatasetTable.name.ilike('%' + data.get('term') + '%'),
-                        models.DatasetTable.GlueTableName.ilike(
+                        DatasetTable.name.ilike('%' + data.get('term') + '%'),
+                        DatasetTable.GlueTableName.ilike(
                             '%' + data.get('term') + '%'
                         ),
                     ]
@@ -379,7 +380,7 @@ def transfer_stewardship_to_new_stewards(session, dataset, new_stewards):
                 group=new_stewards,
                 permissions=permissions.DATASET_TABLE_READ,
                 resource_uri=tableUri,
-                resource_type=models.DatasetTable.__name__,
+                resource_type=DatasetTable.__name__,
             )
 
         dataset_shares = (
@@ -455,8 +456,8 @@ def update_glue_database_status(session, dataset_uri):
     def get_dataset_tables(session, dataset_uri):
         """return the dataset tables"""
         return (
-            session.query(models.DatasetTable)
-            .filter(models.DatasetTable.datasetUri == dataset_uri)
+            session.query(DatasetTable)
+            .filter(DatasetTable.datasetUri == dataset_uri)
             .all()
         )
 
@@ -585,10 +586,10 @@ def _delete_dataset_term_links(session, uri):
     @staticmethod
     def _delete_dataset_tables(session, dataset_uri) -> bool:
         tables = (
-            session.query(models.DatasetTable)
+            session.query(DatasetTable)
             .filter(
                 and_(
-                    models.DatasetTable.datasetUri == dataset_uri,
+                    DatasetTable.datasetUri == dataset_uri,
                 )
             )
             .all()
@@ -618,7 +619,7 @@ def get_dataset_by_bucket_name(session, bucket) -> [models.Dataset]:
     @staticmethod
     def count_dataset_tables(session, dataset_uri):
         return (
-            session.query(models.DatasetTable)
-            .filter(models.DatasetTable.datasetUri == dataset_uri)
+            session.query(DatasetTable)
+            .filter(DatasetTable.datasetUri == dataset_uri)
             .count()
         )
diff --git a/backend/dataall/db/api/redshift_cluster.py b/backend/dataall/db/api/redshift_cluster.py
index 31b795225..de5799180 100644
--- a/backend/dataall/db/api/redshift_cluster.py
+++ b/backend/dataall/db/api/redshift_cluster.py
@@ -4,11 +4,12 @@
 
 from .. import models, api, exceptions, paginate, permissions
 from . import has_resource_perm, ResourcePolicy, Environment, Dataset
-from ...utils.naming_convention import (
+from dataall.modules.datasets.db.models import DatasetTable
+from dataall.utils.naming_convention import (
     NamingConventionService,
     NamingConventionPattern,
 )
-from ...utils.slugify import slugify
+from dataall.utils.slugify import slugify
 
 log = logging.getLogger(__name__)
 
@@ -334,13 +335,13 @@ def list_available_cluster_tables(
         )
         created = (
             session.query(
-                models.DatasetTable.datasetUri.label('datasetUri'),
-                models.DatasetTable.tableUri.label('tableUri'),
+                DatasetTable.datasetUri.label('datasetUri'),
+                DatasetTable.tableUri.label('tableUri'),
                 models.RedshiftCluster.clusterUri.label('clusterUri'),
             )
             .join(
                 models.Dataset,
-                models.DatasetTable.datasetUri == models.Dataset.datasetUri,
+                DatasetTable.datasetUri == models.Dataset.datasetUri,
             )
             .filter(
                 and_(
@@ -354,8 +355,8 @@ def list_available_cluster_tables(
                 )
             )
             .group_by(
-                models.DatasetTable.datasetUri,
-                models.DatasetTable.tableUri,
+                DatasetTable.datasetUri,
+                DatasetTable.tableUri,
                 models.RedshiftCluster.clusterUri,
             )
         )
@@ -363,10 +364,10 @@ def list_available_cluster_tables(
             'all_group_tables_sub_query'
         )
         query = (
-            session.query(models.DatasetTable)
+            session.query(DatasetTable)
             .join(
                 all_group_tables_sub_query,
-                all_group_tables_sub_query.c.tableUri == models.DatasetTable.tableUri,
+                all_group_tables_sub_query.c.tableUri == DatasetTable.tableUri,
             )
             .filter(
                 models.RedshiftCluster.clusterUri == cluster.clusterUri,
@@ -541,18 +542,18 @@ def list_copy_enabled_tables(
         session, username, groups, uri, data=None, check_perm=True
     ) -> [models.RedshiftClusterDatasetTable]:
         q = (
-            session.query(models.DatasetTable)
+            session.query(DatasetTable)
             .join(
                 models.RedshiftClusterDatasetTable,
                 models.RedshiftClusterDatasetTable.tableUri
-                == models.DatasetTable.tableUri,
+                == DatasetTable.tableUri,
             )
             .filter(models.RedshiftClusterDatasetTable.clusterUri == uri)
         )
         if data.get('term'):
             term = data.get('term')
             q = q.filter(
-                models.DatasetTable.label.ilike('%' + term + '%'),
+                DatasetTable.label.ilike('%' + term + '%'),
             )
         return paginate(
             q, page=data.get('page', 1), page_size=data.get('pageSize', 20)
diff --git a/backend/dataall/db/api/share_object.py b/backend/dataall/db/api/share_object.py
index bd0215190..4fddda5e9 100644
--- a/backend/dataall/db/api/share_object.py
+++ b/backend/dataall/db/api/share_object.py
@@ -10,7 +10,7 @@
 from .. import api, utils
 from .. import models, exceptions, permissions, paginate
 from ..models.Enums import ShareObjectStatus, ShareItemStatus, ShareObjectActions, ShareItemActions, ShareableType, PrincipalType
-from dataall.modules.datasets.db.models import DatasetStorageLocation
+from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable
 
 logger = logging.getLogger(__name__)
 
@@ -422,7 +422,7 @@ def create_share_object(
                 if itemType == ShareableType.StorageLocation.value:
                     item = session.query(DatasetStorageLocation).get(itemUri)
                 if itemType == ShareableType.Table.value:
-                    item = session.query(models.DatasetTable).get(itemUri)
+                    item = session.query(DatasetTable).get(itemUri)
 
             share_item = (
                 session.query(models.ShareObjectItem)
@@ -605,7 +605,7 @@ def approve_share_object(
                 group=share.principalId,
                 permissions=permissions.DATASET_TABLE_READ,
                 resource_uri=table.itemUri,
-                resource_type=models.DatasetTable.__name__,
+                resource_type=DatasetTable.__name__,
             )
 
         api.Notification.notify_share_object_approval(session, username, dataset, share)
@@ -717,7 +717,7 @@ def get_share_item(
             ShareObject.get_share_item_by_uri(session, data['shareItemUri']),
         )
         if share_item.itemType == ShareableType.Table.value:
-            return session.query(models.DatasetTable).get(share_item.itemUri)
+            return session.query(DatasetTable).get(share_item.itemUri)
         if share_item.itemType == ShareableType.StorageLocation:
             return session.Query(DatasetStorageLocation).get(share_item.itemUri)
 
@@ -762,7 +762,7 @@ def add_share_object_item(
         Share_SM.update_state(session, share, new_share_state)
 
         if itemType == ShareableType.Table.value:
-            item: models.DatasetTable = session.query(models.DatasetTable).get(itemUri)
+            item: DatasetTable = session.query(DatasetTable).get(itemUri)
             if item and item.region != target_environment.region:
                 raise exceptions.UnauthorizedOperation(
                     action=permissions.ADD_ITEM,
@@ -944,10 +944,10 @@ def list_shareable_items(
         # marking the table as part of the shareObject
         tables = (
             session.query(
-                models.DatasetTable.tableUri.label('itemUri'),
+                DatasetTable.tableUri.label('itemUri'),
                 func.coalesce('DatasetTable').label('itemType'),
-                models.DatasetTable.GlueTableName.label('itemName'),
-                models.DatasetTable.description.label('description'),
+                DatasetTable.GlueTableName.label('itemName'),
+                DatasetTable.description.label('description'),
                 models.ShareObjectItem.shareItemUri.label('shareItemUri'),
                 models.ShareObjectItem.status.label('status'),
                 case(
@@ -959,10 +959,10 @@ def list_shareable_items(
                 models.ShareObjectItem,
                 and_(
                     models.ShareObjectItem.shareUri == share.shareUri,
-                    models.DatasetTable.tableUri == models.ShareObjectItem.itemUri,
+                    DatasetTable.tableUri == models.ShareObjectItem.itemUri,
                 ),
             )
-            .filter(models.DatasetTable.datasetUri == datasetUri)
+            .filter(DatasetTable.datasetUri == datasetUri)
         )
         if data:
             if data.get("isRevokable"):
@@ -1145,7 +1145,7 @@ def update_share_item_status_batch(
     def find_share_item_by_table(
         session,
         share: models.ShareObject,
-        table: models.DatasetTable,
+        table: DatasetTable,
     ) -> models.ShareObjectItem:
         share_item: models.ShareObjectItem = (
             session.query(models.ShareObjectItem)
@@ -1247,10 +1247,10 @@ def get_share_data_items(session, share_uri, status):
             raise exceptions.ObjectNotFound('Share', share_uri)
 
         tables = (
-            session.query(models.DatasetTable)
+            session.query(DatasetTable)
             .join(
                 models.ShareObjectItem,
-                models.ShareObjectItem.itemUri == models.DatasetTable.tableUri,
+                models.ShareObjectItem.itemUri == DatasetTable.tableUri,
             )
             .join(
                 models.ShareObject,
diff --git a/backend/dataall/db/models/DatasetTable.py b/backend/dataall/db/models/DatasetTable.py
deleted file mode 100644
index e97174167..000000000
--- a/backend/dataall/db/models/DatasetTable.py
+++ /dev/null
@@ -1,32 +0,0 @@
-from sqlalchemy import Column, String, Text
-from sqlalchemy.dialects import postgresql
-from sqlalchemy.orm import query_expression
-
-from .. import Base
-from .. import Resource, utils
-
-
-class DatasetTable(Resource, Base):
-    __tablename__ = 'dataset_table'
-    datasetUri = Column(String, nullable=False)
-    tableUri = Column(String, primary_key=True, default=utils.uuid('table'))
-    AWSAccountId = Column(String, nullable=False)
-    S3BucketName = Column(String, nullable=False)
-    S3Prefix = Column(String, nullable=False)
-    GlueDatabaseName = Column(String, nullable=False)
-    GlueTableName = Column(String, nullable=False)
-    GlueTableConfig = Column(Text)
-    GlueTableProperties = Column(postgresql.JSON, default={})
-    LastGlueTableStatus = Column(String, default='InSync')
-    region = Column(String, default='eu-west-1')
-    # LastGeneratedPreviewDate= Column(DateTime, default=None)
-    confidentiality = Column(String, nullable=True)
-    userRoleForTable = query_expression()
-    projectPermission = query_expression()
-    redshiftClusterPermission = query_expression()
-    stage = Column(String, default='RAW')
-    topics = Column(postgresql.ARRAY(String), nullable=True)
-    confidentiality = Column(String, nullable=False, default='C1')
-
-    def uri(self):
-        return self.tableUri
diff --git a/backend/dataall/db/models/__init__.py b/backend/dataall/db/models/__init__.py
index c288527cf..123547f8c 100644
--- a/backend/dataall/db/models/__init__.py
+++ b/backend/dataall/db/models/__init__.py
@@ -6,7 +6,6 @@
 from .DashboardShare import DashboardShareStatus
 from .Dataset import Dataset
 from .DatasetQualityRule import DatasetQualityRule
-from .DatasetTable import DatasetTable
 from .Environment import Environment
 from .EnvironmentGroup import EnvironmentGroup
 from .FeedMessage import FeedMessage
diff --git a/backend/dataall/modules/datasets/__init__.py b/backend/dataall/modules/datasets/__init__.py
index e02a9d9bf..4f8964016 100644
--- a/backend/dataall/modules/datasets/__init__.py
+++ b/backend/dataall/modules/datasets/__init__.py
@@ -3,7 +3,7 @@
 from typing import List
 
 from dataall.db import models
-from dataall.modules.datasets.db.models import DatasetTableColumn, DatasetStorageLocation
+from dataall.modules.datasets.db.models import DatasetTableColumn, DatasetStorageLocation, DatasetTable
 from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
 from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
@@ -27,6 +27,7 @@ def __init__(self):
 
         FeedRegistry.register(FeedDefinition("DatasetTableColumn", DatasetTableColumn))
         FeedRegistry.register(FeedDefinition("DatasetStorageLocation", DatasetStorageLocation))
+        FeedRegistry.register(FeedDefinition("DatasetTable", DatasetTable))
 
         GlossaryRegistry.register(GlossaryDefinition("Column", "DatasetTableColumn", DatasetTableColumn))
         GlossaryRegistry.register(GlossaryDefinition(
@@ -46,7 +47,7 @@ def __init__(self):
         GlossaryRegistry.register(GlossaryDefinition(
             target_type="DatasetTable",
             object_type="DatasetTable",
-            model=models.DatasetTable,
+            model=DatasetTable,
             reindexer=DatasetTableIndexer
         ))
 
diff --git a/backend/dataall/modules/datasets/api/table/resolvers.py b/backend/dataall/modules/datasets/api/table/resolvers.py
index f4d7f4ea1..ea16cae79 100644
--- a/backend/dataall/modules/datasets/api/table/resolvers.py
+++ b/backend/dataall/modules/datasets/api/table/resolvers.py
@@ -11,6 +11,7 @@
 from dataall.aws.handlers.sts import SessionHelper
 from dataall.db import permissions, models
 from dataall.db.api import ResourcePolicy, Glossary
+from dataall.modules.datasets.db.models import DatasetTable
 from dataall.searchproxy import indexers
 from dataall.utils import json_utils
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
@@ -104,7 +105,7 @@ def delete_table(context, source, tableUri: str = None):
 
 def preview(context, source, tableUri: str = None):
     with context.engine.scoped_session() as session:
-        table: models.DatasetTable = DatasetTableService.get_dataset_table_by_uri(
+        table: DatasetTable = DatasetTableService.get_dataset_table_by_uri(
             session, tableUri
         )
         dataset = db.api.Dataset.get_dataset_by_uri(session, table.datasetUri)
@@ -155,17 +156,17 @@ def preview(context, source, tableUri: str = None):
     return {'rows': rows, 'fields': fields}
 
 
-def get_glue_table_properties(context: Context, source: models.DatasetTable, **kwargs):
+def get_glue_table_properties(context: Context, source: DatasetTable, **kwargs):
     if not source:
         return None
     with context.engine.scoped_session() as session:
-        table: models.DatasetTable = DatasetTableService.get_dataset_table_by_uri(
+        table: DatasetTable = DatasetTableService.get_dataset_table_by_uri(
             session, source.tableUri
         )
         return json_utils.to_string(table.GlueTableProperties).replace('\\', ' ')
 
 
-def resolve_dataset(context, source: models.DatasetTable, **kwargs):
+def resolve_dataset(context, source: DatasetTable, **kwargs):
     if not source:
         return None
     with context.engine.scoped_session() as session:
@@ -177,7 +178,7 @@ def resolve_dataset(context, source: models.DatasetTable, **kwargs):
     return dataset_with_role
 
 
-def resolve_glossary_terms(context: Context, source: models.DatasetTable, **kwargs):
+def resolve_glossary_terms(context: Context, source: DatasetTable, **kwargs):
     if not source:
         return None
     with context.engine.scoped_session() as session:
@@ -188,7 +189,7 @@ def resolve_glossary_terms(context: Context, source: models.DatasetTable, **kwar
 
 def publish_table_update(context: Context, source, tableUri: str = None):
     with context.engine.scoped_session() as session:
-        table: models.DatasetTable = DatasetTableService.get_dataset_table_by_uri(
+        table: DatasetTable = DatasetTableService.get_dataset_table_by_uri(
             session, tableUri
         )
         ResourcePolicy.check_user_resource_permission(
@@ -217,7 +218,7 @@ def publish_table_update(context: Context, source, tableUri: str = None):
     return True
 
 
-def resolve_redshift_copy_schema(context, source: models.DatasetTable, clusterUri: str):
+def resolve_redshift_copy_schema(context, source: DatasetTable, clusterUri: str):
     if not source:
         return None
     with context.engine.scoped_session() as session:
@@ -227,7 +228,7 @@ def resolve_redshift_copy_schema(context, source: models.DatasetTable, clusterUr
 
 
 def resolve_redshift_copy_location(
-    context, source: models.DatasetTable, clusterUri: str
+    context, source: DatasetTable, clusterUri: str
 ):
     with context.engine.scoped_session() as session:
         return db.api.RedshiftCluster.get_cluster_dataset_table(
diff --git a/backend/dataall/modules/datasets/api/table_column/resolvers.py b/backend/dataall/modules/datasets/api/table_column/resolvers.py
index 8e78a042e..b27a99dd3 100644
--- a/backend/dataall/modules/datasets/api/table_column/resolvers.py
+++ b/backend/dataall/modules/datasets/api/table_column/resolvers.py
@@ -6,12 +6,12 @@
 from dataall.db import paginate, permissions, models
 from dataall.db.api import ResourcePolicy
 from dataall.modules.datasets.services.dataset_table import DatasetTableService
-from dataall.modules.datasets.db.models import DatasetTableColumn
+from dataall.modules.datasets.db.models import DatasetTableColumn, DatasetTable
 
 
 def list_table_columns(
     context: Context,
-    source: models.DatasetTable,
+    source: DatasetTable,
     tableUri: str = None,
     filter: dict = None,
 ):
@@ -46,7 +46,7 @@ def list_table_columns(
 
 def sync_table_columns(context: Context, source, tableUri: str = None):
     with context.engine.scoped_session() as session:
-        table: models.DatasetTable = DatasetTableService.get_dataset_table_by_uri(
+        table: DatasetTable = DatasetTableService.get_dataset_table_by_uri(
             session, tableUri
         )
         ResourcePolicy.check_user_resource_permission(
@@ -81,7 +81,7 @@ def update_table_column(
         ).get(columnUri)
         if not column:
             raise db.exceptions.ObjectNotFound('Column', columnUri)
-        table: models.DatasetTable = DatasetTableService.get_dataset_table_by_uri(
+        table: DatasetTable = DatasetTableService.get_dataset_table_by_uri(
             session, column.tableUri
         )
         ResourcePolicy.check_user_resource_permission(
diff --git a/backend/dataall/modules/datasets/cdk/dataset_stack.py b/backend/dataall/modules/datasets/cdk/dataset_stack.py
index e99b43b0c..517b32893 100644
--- a/backend/dataall/modules/datasets/cdk/dataset_stack.py
+++ b/backend/dataall/modules/datasets/cdk/dataset_stack.py
@@ -28,7 +28,7 @@
 from dataall.db.api import Environment
 from dataall.utils.cdk_nag_utils import CDKNagUtil
 from dataall.utils.runtime_stacks_tagging import TagsUtil
-from dataall.modules.datasets.db.models import DatasetStorageLocation
+from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable
 
 logger = logging.getLogger(__name__)
 
@@ -77,17 +77,17 @@ def get_shared_tables(self) -> typing.List[models.ShareObjectItem]:
         with engine.scoped_session() as session:
             tables = (
                 session.query(
-                    models.DatasetTable.GlueDatabaseName.label('GlueDatabaseName'),
-                    models.DatasetTable.GlueTableName.label('GlueTableName'),
-                    models.DatasetTable.AWSAccountId.label('SourceAwsAccountId'),
-                    models.DatasetTable.region.label('SourceRegion'),
+                    DatasetTable.GlueDatabaseName.label('GlueDatabaseName'),
+                    DatasetTable.GlueTableName.label('GlueTableName'),
+                    DatasetTable.AWSAccountId.label('SourceAwsAccountId'),
+                    DatasetTable.region.label('SourceRegion'),
                     models.Environment.AwsAccountId.label('TargetAwsAccountId'),
                     models.Environment.region.label('TargetRegion'),
                 )
                 .join(
                     models.ShareObjectItem,
                     and_(
-                        models.ShareObjectItem.itemUri == models.DatasetTable.tableUri
+                        models.ShareObjectItem.itemUri == DatasetTable.tableUri
                     ),
                 )
                 .join(
@@ -101,8 +101,8 @@ def get_shared_tables(self) -> typing.List[models.ShareObjectItem]:
                 )
                 .filter(
                     and_(
-                        models.DatasetTable.datasetUri == self.target_uri,
-                        models.DatasetTable.deleted.is_(None),
+                        DatasetTable.datasetUri == self.target_uri,
+                        DatasetTable.deleted.is_(None),
                         models.ShareObjectItem.status.in_(self.shared_states)
                     )
                 )
diff --git a/backend/dataall/modules/datasets/db/models.py b/backend/dataall/modules/datasets/db/models.py
index 2dfee26ec..a25978bef 100644
--- a/backend/dataall/modules/datasets/db/models.py
+++ b/backend/dataall/modules/datasets/db/models.py
@@ -1,5 +1,5 @@
-from sqlalchemy import Boolean, Column, String
-from sqlalchemy.dialects.postgresql import JSON
+from sqlalchemy import Boolean, Column, String, Text
+from sqlalchemy.dialects.postgresql import JSON, ARRAY
 from sqlalchemy.orm import query_expression
 from dataall.db import Base, Resource, utils
 
@@ -56,3 +56,30 @@ class DatasetStorageLocation(Resource, Base):
     def uri(self):
         return self.locationUri
 
+
+class DatasetTable(Resource, Base):
+    __tablename__ = 'dataset_table'
+    datasetUri = Column(String, nullable=False)
+    tableUri = Column(String, primary_key=True, default=utils.uuid('table'))
+    AWSAccountId = Column(String, nullable=False)
+    S3BucketName = Column(String, nullable=False)
+    S3Prefix = Column(String, nullable=False)
+    GlueDatabaseName = Column(String, nullable=False)
+    GlueTableName = Column(String, nullable=False)
+    GlueTableConfig = Column(Text)
+    GlueTableProperties = Column(JSON, default={})
+    LastGlueTableStatus = Column(String, default='InSync')
+    region = Column(String, default='eu-west-1')
+    # LastGeneratedPreviewDate= Column(DateTime, default=None)
+    confidentiality = Column(String, nullable=True)
+    userRoleForTable = query_expression()
+    projectPermission = query_expression()
+    redshiftClusterPermission = query_expression()
+    stage = Column(String, default='RAW')
+    topics = Column(ARRAY(String), nullable=True)
+    confidentiality = Column(String, nullable=False, default='C1')
+
+    def uri(self):
+        return self.tableUri
+
+
diff --git a/backend/dataall/modules/datasets/handlers/glue_column_handler.py b/backend/dataall/modules/datasets/handlers/glue_column_handler.py
index df43f9dbd..f41784959 100644
--- a/backend/dataall/modules/datasets/handlers/glue_column_handler.py
+++ b/backend/dataall/modules/datasets/handlers/glue_column_handler.py
@@ -5,7 +5,7 @@
 from dataall.aws.handlers.sts import SessionHelper
 from dataall.db import models
 from dataall.aws.handlers.service_handlers import Worker
-from dataall.modules.datasets.db.models import DatasetTableColumn
+from dataall.modules.datasets.db.models import DatasetTableColumn, DatasetTable
 from dataall.modules.datasets.services.dataset_table import DatasetTableService
 
 log = logging.getLogger(__name__)
@@ -18,7 +18,7 @@ class DatasetColumnGlueHandler:
     @Worker.handler('glue.table.columns')
     def get_table_columns(engine, task: models.Task):
         with engine.scoped_session() as session:
-            dataset_table: models.DatasetTable = session.query(models.DatasetTable).get(
+            dataset_table: DatasetTable = session.query(DatasetTable).get(
                 task.targetUri
             )
             aws = SessionHelper.remote_session(dataset_table.AWSAccountId)
@@ -46,12 +46,8 @@ def get_table_columns(engine, task: models.Task):
     @Worker.handler('glue.table.update_column')
     def update_table_columns(engine, task: models.Task):
         with engine.scoped_session() as session:
-            column: DatasetTableColumn = session.query(
-                DatasetTableColumn
-            ).get(task.targetUri)
-            table: models.DatasetTable = session.query(models.DatasetTable).get(
-                column.tableUri
-            )
+            column: DatasetTableColumn = session.query(DatasetTableColumn).get(task.targetUri)
+            table: DatasetTable = session.query(DatasetTable).get(column.tableUri)
             try:
                 aws_session = SessionHelper.remote_session(table.AWSAccountId)
 
diff --git a/backend/dataall/modules/datasets/indexers/table_indexer.py b/backend/dataall/modules/datasets/indexers/table_indexer.py
index 1eab70a87..4c96eea6d 100644
--- a/backend/dataall/modules/datasets/indexers/table_indexer.py
+++ b/backend/dataall/modules/datasets/indexers/table_indexer.py
@@ -2,6 +2,7 @@
 from operator import and_
 
 from dataall.db import models
+from dataall.modules.datasets.db.models import DatasetTable
 from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
 from dataall.searchproxy.upsert import BaseIndexer
 
@@ -12,14 +13,14 @@ class DatasetTableIndexer(BaseIndexer):
     def upsert(cls, session, table_uri: str):
         table = (
             session.query(
-                models.DatasetTable.datasetUri.label('datasetUri'),
-                models.DatasetTable.tableUri.label('uri'),
-                models.DatasetTable.name.label('name'),
-                models.DatasetTable.owner.label('owner'),
-                models.DatasetTable.label.label('label'),
-                models.DatasetTable.description.label('description'),
+                DatasetTable.datasetUri.label('datasetUri'),
+                DatasetTable.tableUri.label('uri'),
+                DatasetTable.name.label('name'),
+                DatasetTable.owner.label('owner'),
+                DatasetTable.label.label('label'),
+                DatasetTable.description.label('description'),
                 models.Dataset.confidentiality.label('classification'),
-                models.DatasetTable.tags.label('tags'),
+                DatasetTable.tags.label('tags'),
                 models.Dataset.topics.label('topics'),
                 models.Dataset.region.label('region'),
                 models.Organization.organizationUri.label('orgUri'),
@@ -29,13 +30,13 @@ def upsert(cls, session, table_uri: str):
                 models.Dataset.SamlAdminGroupName.label('admins'),
                 models.Dataset.GlueDatabaseName.label('database'),
                 models.Dataset.S3BucketName.label('source'),
-                models.DatasetTable.created,
-                models.DatasetTable.updated,
-                models.DatasetTable.deleted,
+                DatasetTable.created,
+                DatasetTable.updated,
+                DatasetTable.deleted,
             )
             .join(
                 models.Dataset,
-                models.Dataset.datasetUri == models.DatasetTable.datasetUri,
+                models.Dataset.datasetUri == DatasetTable.datasetUri,
             )
             .join(
                 models.Organization,
@@ -45,7 +46,7 @@ def upsert(cls, session, table_uri: str):
                 models.Environment,
                 models.Dataset.environmentUri == models.Environment.environmentUri,
             )
-            .filter(models.DatasetTable.tableUri == table_uri)
+            .filter(DatasetTable.tableUri == table_uri)
             .first()
         )
 
@@ -84,11 +85,11 @@ def upsert(cls, session, table_uri: str):
     @classmethod
     def upsert_all(cls, session, dataset_uri: str):
         tables = (
-            session.query(models.DatasetTable)
+            session.query(DatasetTable)
             .filter(
                 and_(
-                    models.DatasetTable.datasetUri == dataset_uri,
-                    models.DatasetTable.LastGlueTableStatus != 'Deleted',
+                    DatasetTable.datasetUri == dataset_uri,
+                    DatasetTable.LastGlueTableStatus != 'Deleted',
                 )
             )
             .all()
diff --git a/backend/dataall/modules/datasets/services/dataset_profiling_service.py b/backend/dataall/modules/datasets/services/dataset_profiling_service.py
index 5b6ca8d41..01bc3dc57 100644
--- a/backend/dataall/modules/datasets/services/dataset_profiling_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_profiling_service.py
@@ -2,7 +2,7 @@
 
 from dataall.db import paginate, models
 from dataall.db.exceptions import ObjectNotFound
-from dataall.modules.datasets.db.models import DatasetProfilingRun
+from dataall.modules.datasets.db.models import DatasetProfilingRun, DatasetTable
 
 
 class DatasetProfilingService:
@@ -18,7 +18,7 @@ def start_profiling(
             raise ObjectNotFound('Dataset', datasetUri)
 
         if tableUri and not GlueTableName:
-            table: models.DatasetTable = session.query(models.DatasetTable).get(
+            table: DatasetTable = session.query(DatasetTable).get(
                 tableUri
             )
             if not table:
@@ -105,13 +105,13 @@ def list_table_profiling_runs(session, tableUri, filter):
         q = (
             session.query(DatasetProfilingRun)
             .join(
-                models.DatasetTable,
-                models.DatasetTable.datasetUri == DatasetProfilingRun.datasetUri,
+                DatasetTable,
+                DatasetTable.datasetUri == DatasetProfilingRun.datasetUri,
             )
             .filter(
                 and_(
-                    models.DatasetTable.tableUri == tableUri,
-                    models.DatasetTable.GlueTableName
+                    DatasetTable.tableUri == tableUri,
+                    DatasetTable.GlueTableName
                     == DatasetProfilingRun.GlueTableName,
                 )
             )
@@ -126,12 +126,12 @@ def get_table_last_profiling_run(session, tableUri):
         return (
             session.query(DatasetProfilingRun)
             .join(
-                models.DatasetTable,
-                models.DatasetTable.datasetUri == DatasetProfilingRun.datasetUri,
+                DatasetTable,
+                DatasetTable.datasetUri == DatasetProfilingRun.datasetUri,
             )
-            .filter(models.DatasetTable.tableUri == tableUri)
+            .filter(DatasetTable.tableUri == tableUri)
             .filter(
-                models.DatasetTable.GlueTableName
+                DatasetTable.GlueTableName
                 == DatasetProfilingRun.GlueTableName
             )
             .order_by(DatasetProfilingRun.created.desc())
@@ -143,12 +143,12 @@ def get_table_last_profiling_run_with_results(session, tableUri):
         return (
             session.query(DatasetProfilingRun)
             .join(
-                models.DatasetTable,
-                models.DatasetTable.datasetUri == DatasetProfilingRun.datasetUri,
+                DatasetTable,
+                DatasetTable.datasetUri == DatasetProfilingRun.datasetUri,
             )
-            .filter(models.DatasetTable.tableUri == tableUri)
+            .filter(DatasetTable.tableUri == tableUri)
             .filter(
-                models.DatasetTable.GlueTableName
+                DatasetTable.GlueTableName
                 == DatasetProfilingRun.GlueTableName
             )
             .filter(DatasetProfilingRun.results.isnot(None))
diff --git a/backend/dataall/modules/datasets/services/dataset_share_service.py b/backend/dataall/modules/datasets/services/dataset_share_service.py
index 9ca84a1cf..3503e86fe 100644
--- a/backend/dataall/modules/datasets/services/dataset_share_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_share_service.py
@@ -8,7 +8,7 @@
 from dataall.db import models, permissions
 from dataall.db.api import has_resource_perm, ShareItemSM
 from dataall.db.paginator import paginate
-from dataall.modules.datasets.db.models import DatasetStorageLocation
+from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable
 
 
 class DatasetShareService:
@@ -41,9 +41,9 @@ def paginated_shared_with_environment_datasets(
                             models.ShareObjectItem.itemType
                             == ShareableType.Table.value,
                             func.concat(
-                                models.DatasetTable.GlueDatabaseName,
+                                DatasetTable.GlueDatabaseName,
                                 '.',
-                                models.DatasetTable.GlueTableName,
+                                DatasetTable.GlueTableName,
                             ),
                         ),
                         (
@@ -73,8 +73,8 @@ def paginated_shared_with_environment_datasets(
                 == models.Environment.organizationUri,
             )
             .outerjoin(
-                models.DatasetTable,
-                models.ShareObjectItem.itemUri == models.DatasetTable.tableUri,
+                DatasetTable,
+                models.ShareObjectItem.itemUri == DatasetTable.tableUri,
             )
             .outerjoin(
                 DatasetStorageLocation,
@@ -137,9 +137,9 @@ def paginated_shared_with_environment_group_datasets(
                             models.ShareObjectItem.itemType
                             == ShareableType.Table.value,
                             func.concat(
-                                models.DatasetTable.GlueDatabaseName,
+                                DatasetTable.GlueDatabaseName,
                                 '.',
-                                models.DatasetTable.GlueTableName,
+                                DatasetTable.GlueTableName,
                             ),
                         ),
                         (
@@ -169,8 +169,8 @@ def paginated_shared_with_environment_group_datasets(
                 == models.Environment.organizationUri,
             )
             .outerjoin(
-                models.DatasetTable,
-                models.ShareObjectItem.itemUri == models.DatasetTable.tableUri,
+                DatasetTable,
+                models.ShareObjectItem.itemUri == DatasetTable.tableUri,
             )
             .outerjoin(
                 DatasetStorageLocation,
diff --git a/backend/dataall/modules/datasets/services/dataset_table.py b/backend/dataall/modules/datasets/services/dataset_table.py
index cd02eadf5..7776aa2ef 100644
--- a/backend/dataall/modules/datasets/services/dataset_table.py
+++ b/backend/dataall/modules/datasets/services/dataset_table.py
@@ -6,7 +6,7 @@
 from dataall.db.api import has_tenant_perm, has_resource_perm, Glossary, ResourcePolicy, Environment
 from dataall.db.models import Dataset
 from dataall.utils import json_utils
-from dataall.modules.datasets.db.models import DatasetTableColumn
+from dataall.modules.datasets.db.models import DatasetTableColumn, DatasetTable
 
 logger = logging.getLogger(__name__)
 
@@ -22,14 +22,14 @@ def create_dataset_table(
         uri: str,
         data: dict = None,
         check_perm: bool = False,
-    ) -> models.DatasetTable:
+    ) -> DatasetTable:
         dataset = api.Dataset.get_dataset_by_uri(session, uri)
         exists = (
-            session.query(models.DatasetTable)
+            session.query(DatasetTable)
             .filter(
                 and_(
-                    models.DatasetTable.datasetUri == uri,
-                    models.DatasetTable.GlueTableName == data['name'],
+                    DatasetTable.datasetUri == uri,
+                    DatasetTable.GlueTableName == data['name'],
                 )
             )
             .count()
@@ -41,7 +41,7 @@ def create_dataset_table(
                 message=f'table: {data["name"]} already exist on dataset {uri}',
             )
 
-        table = models.DatasetTable(
+        table = DatasetTable(
             datasetUri=uri,
             label=data['name'],
             name=data['name'],
@@ -72,7 +72,7 @@ def create_dataset_table(
                 group=group,
                 permissions=permissions.DATASET_TABLE_READ,
                 resource_uri=table.tableUri,
-                resource_type=models.DatasetTable.__name__,
+                resource_type=DatasetTable.__name__,
             )
         return table
 
@@ -87,13 +87,13 @@ def list_dataset_tables(
         check_perm: bool = False,
     ) -> dict:
         query = (
-            session.query(models.DatasetTable)
-            .filter(models.DatasetTable.datasetUri == uri)
-            .order_by(models.DatasetTable.created.desc())
+            session.query(DatasetTable)
+            .filter(DatasetTable.datasetUri == uri)
+            .order_by(DatasetTable.created.desc())
         )
         if data.get('term'):
             term = data.get('term')
-            query = query.filter(models.DatasetTable.label.ilike('%' + term + '%'))
+            query = query.filter(DatasetTable.label.ilike('%' + term + '%'))
         return paginate(
             query, page=data.get('page', 1), page_size=data.get('pageSize', 10)
         ).to_dict()
@@ -107,7 +107,7 @@ def get_dataset_table(
         uri: str,
         data: dict = None,
         check_perm: bool = False,
-    ) -> models.DatasetTable:
+    ) -> DatasetTable:
         return DatasetTableService.get_dataset_table_by_uri(session, data['tableUri'])
 
     @staticmethod
@@ -183,10 +183,10 @@ def query_dataset_tables_shared_with_env(
         """
         share_item_shared_states = api.ShareItemSM.get_share_item_shared_states()
         env_tables_shared = (
-            session.query(models.DatasetTable)  # all tables
+            session.query(DatasetTable)  # all tables
             .join(
                 models.ShareObjectItem,  # found in ShareObjectItem
-                models.ShareObjectItem.itemUri == models.DatasetTable.tableUri,
+                models.ShareObjectItem.itemUri == DatasetTable.tableUri,
             )
             .join(
                 models.ShareObject,  # jump to share object
@@ -218,7 +218,7 @@ def get_dataset_tables_shared_with_env(
 
     @staticmethod
     def get_dataset_table_by_uri(session, table_uri):
-        table: models.DatasetTable = session.query(models.DatasetTable).get(table_uri)
+        table: DatasetTable = session.query(DatasetTable).get(table_uri)
         if not table:
             raise exceptions.ObjectNotFound('DatasetTable', table_uri)
         return table
@@ -229,8 +229,8 @@ def sync(session, datasetUri, glue_tables=None):
         dataset: Dataset = session.query(Dataset).get(datasetUri)
         if dataset:
             existing_tables = (
-                session.query(models.DatasetTable)
-                .filter(models.DatasetTable.datasetUri == datasetUri)
+                session.query(DatasetTable)
+                .filter(DatasetTable.datasetUri == datasetUri)
                 .all()
             )
             existing_table_names = [e.GlueTableName for e in existing_tables]
@@ -245,7 +245,7 @@ def sync(session, datasetUri, glue_tables=None):
                     logger.info(
                         f'Storing new table: {table} for dataset db {dataset.GlueDatabaseName}'
                     )
-                    updated_table = models.DatasetTable(
+                    updated_table = DatasetTable(
                         datasetUri=dataset.datasetUri,
                         label=table['Name'],
                         name=table['Name'],
@@ -272,13 +272,13 @@ def sync(session, datasetUri, glue_tables=None):
                             group=group,
                             permissions=permissions.DATASET_TABLE_READ,
                             resource_uri=updated_table.tableUri,
-                            resource_type=models.DatasetTable.__name__,
+                            resource_type=DatasetTable.__name__,
                         )
                 else:
                     logger.info(
                         f'Updating table: {table} for dataset db {dataset.GlueDatabaseName}'
                     )
-                    updated_table: models.DatasetTable = (
+                    updated_table: DatasetTable = (
                         existing_dataset_tables_map.get(table['Name'])
                     )
                     updated_table.GlueTableProperties = json_utils.to_json(
@@ -345,13 +345,13 @@ def delete_all_table_columns(session, dataset_table):
 
     @staticmethod
     def get_table_by_s3_prefix(session, s3_prefix, accountid, region):
-        table: models.DatasetTable = (
-            session.query(models.DatasetTable)
+        table: DatasetTable = (
+            session.query(DatasetTable)
             .filter(
                 and_(
-                    models.DatasetTable.S3Prefix.startswith(s3_prefix),
-                    models.DatasetTable.AWSAccountId == accountid,
-                    models.DatasetTable.region == region,
+                    DatasetTable.S3Prefix.startswith(s3_prefix),
+                    DatasetTable.AWSAccountId == accountid,
+                    DatasetTable.region == region,
                 )
             )
             .first()
diff --git a/backend/dataall/modules/datasets/tasks/subscription_service.py b/backend/dataall/modules/datasets/tasks/subscription_service.py
index 901865812..ae1c522e0 100644
--- a/backend/dataall/modules/datasets/tasks/subscription_service.py
+++ b/backend/dataall/modules/datasets/tasks/subscription_service.py
@@ -17,7 +17,7 @@
 from dataall.utils import json_utils
 from dataall.modules.datasets.services.dataset_table import DatasetTableService
 from dataall.modules.datasets.services.dataset_location import DatasetLocationService
-from dataall.modules.datasets.db.models import DatasetStorageLocation
+from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable
 
 root = logging.getLogger()
 root.setLevel(logging.INFO)
@@ -68,7 +68,7 @@ def notify_consumers(engine, messages):
     @staticmethod
     def publish_table_update_message(engine, message):
         with engine.scoped_session() as session:
-            table: models.DatasetTable = DatasetTableService.get_table_by_s3_prefix(
+            table: DatasetTable = DatasetTableService.get_table_by_s3_prefix(
                 session,
                 message.get('prefix'),
                 message.get('accountid'),
@@ -139,7 +139,7 @@ def publish_location_update_message(session, message):
     @staticmethod
     def store_dataquality_results(session, message):
 
-        table: models.DatasetTable = DatasetTableService.get_table_by_s3_prefix(
+        table: DatasetTable = DatasetTableService.get_table_by_s3_prefix(
             session,
             message.get('prefix'),
             message.get('accountid'),
@@ -207,7 +207,7 @@ def set_columns_type(quality_results, message):
 
     @staticmethod
     def publish_sns_message(
-        engine, message, dataset, share_items, prefix, table: models.DatasetTable = None
+        engine, message, dataset, share_items, prefix, table: DatasetTable = None
     ):
         with engine.scoped_session() as session:
             for item in share_items:
@@ -290,7 +290,7 @@ def redshift_copy(
         message,
         dataset: models.Dataset,
         environment: models.Environment,
-        table: models.DatasetTable,
+        table: DatasetTable,
     ):
         log.info(
             f'Redshift copy starting '
diff --git a/backend/dataall/modules/datasets/tasks/tables_syncer.py b/backend/dataall/modules/datasets/tasks/tables_syncer.py
index 7ae104cc9..0974df585 100644
--- a/backend/dataall/modules/datasets/tasks/tables_syncer.py
+++ b/backend/dataall/modules/datasets/tasks/tables_syncer.py
@@ -8,6 +8,7 @@
 from dataall.aws.handlers.sts import SessionHelper
 from dataall.db import get_engine
 from dataall.db import models
+from dataall.modules.datasets.db.models import DatasetTable
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
 from dataall.searchproxy import indexers
 from dataall.searchproxy.connect import connect
@@ -68,8 +69,8 @@ def sync_tables(engine, es=None):
                     )
 
                     tables = (
-                        session.query(models.DatasetTable)
-                        .filter(models.DatasetTable.datasetUri == dataset.datasetUri)
+                        session.query(DatasetTable)
+                        .filter(DatasetTable.datasetUri == dataset.datasetUri)
                         .all()
                     )
 
diff --git a/backend/dataall/searchproxy/indexers.py b/backend/dataall/searchproxy/indexers.py
index 13ba44eea..9140cf3aa 100644
--- a/backend/dataall/searchproxy/indexers.py
+++ b/backend/dataall/searchproxy/indexers.py
@@ -5,6 +5,7 @@
 from .. import db
 from ..db import models
 from dataall.searchproxy.upsert import BaseIndexer
+from dataall.modules.datasets.db.models import DatasetTable
 
 log = logging.getLogger(__name__)
 
@@ -74,11 +75,11 @@ def upsert(cls, session, dashboard_uri: str):
 
 def remove_deleted_tables(session, es, datasetUri: str):
     tables = (
-        session.query(models.DatasetTable)
+        session.query(DatasetTable)
         .filter(
             and_(
-                models.DatasetTable.datasetUri == datasetUri,
-                models.DatasetTable.LastGlueTableStatus == 'Deleted',
+                DatasetTable.datasetUri == datasetUri,
+                DatasetTable.LastGlueTableStatus == 'Deleted',
             )
         )
         .all()
diff --git a/backend/dataall/tasks/bucket_policy_updater.py b/backend/dataall/tasks/bucket_policy_updater.py
index 9932f53ae..6cb4c51ea 100644
--- a/backend/dataall/tasks/bucket_policy_updater.py
+++ b/backend/dataall/tasks/bucket_policy_updater.py
@@ -9,8 +9,8 @@
 
 from ..aws.handlers.sts import SessionHelper
 from ..db import get_engine
-from ..db import models, api
-from dataall.modules.datasets.db.models import DatasetStorageLocation
+from ..db import models
+from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable
 
 root = logging.getLogger()
 root.setLevel(logging.INFO)
@@ -168,18 +168,18 @@ def get_shared_tables(self, dataset) -> typing.List[models.ShareObjectItem]:
         with self.engine.scoped_session() as session:
             tables = (
                 session.query(
-                    models.DatasetTable.GlueDatabaseName.label('GlueDatabaseName'),
-                    models.DatasetTable.GlueTableName.label('GlueTableName'),
-                    models.DatasetTable.S3Prefix.label('S3Prefix'),
-                    models.DatasetTable.AWSAccountId.label('SourceAwsAccountId'),
-                    models.DatasetTable.region.label('SourceRegion'),
+                    DatasetTable.GlueDatabaseName.label('GlueDatabaseName'),
+                    DatasetTable.GlueTableName.label('GlueTableName'),
+                    DatasetTable.S3Prefix.label('S3Prefix'),
+                    DatasetTable.AWSAccountId.label('SourceAwsAccountId'),
+                    DatasetTable.region.label('SourceRegion'),
                     models.Environment.AwsAccountId.label('TargetAwsAccountId'),
                     models.Environment.region.label('TargetRegion'),
                 )
                 .join(
                     models.ShareObjectItem,
                     and_(
-                        models.ShareObjectItem.itemUri == models.DatasetTable.tableUri
+                        models.ShareObjectItem.itemUri == DatasetTable.tableUri
                     ),
                 )
                 .join(
@@ -193,8 +193,8 @@ def get_shared_tables(self, dataset) -> typing.List[models.ShareObjectItem]:
                 )
                 .filter(
                     and_(
-                        models.DatasetTable.datasetUri == dataset.datasetUri,
-                        models.DatasetTable.deleted.is_(None),
+                        DatasetTable.datasetUri == dataset.datasetUri,
+                        DatasetTable.deleted.is_(None),
                         models.ShareObjectItem.status
                         == models.Enums.ShareObjectStatus.Approved.value,
                     )
diff --git a/backend/dataall/tasks/data_sharing/share_managers/lf_share_manager.py b/backend/dataall/tasks/data_sharing/share_managers/lf_share_manager.py
index b74e34e93..2b7eaf20a 100644
--- a/backend/dataall/tasks/data_sharing/share_managers/lf_share_manager.py
+++ b/backend/dataall/tasks/data_sharing/share_managers/lf_share_manager.py
@@ -11,7 +11,8 @@
 from ....aws.handlers.sts import SessionHelper
 from ....aws.handlers.ram import Ram
 from ....db import api, exceptions, models
-from ....utils.alarm_service import AlarmService
+from dataall.modules.datasets.db.models import DatasetTable
+from dataall.utils.alarm_service import AlarmService
 
 logger = logging.getLogger(__name__)
 
@@ -22,8 +23,8 @@ def __init__(
         session,
         dataset: models.Dataset,
         share: models.ShareObject,
-        shared_tables: [models.DatasetTable],
-        revoked_tables: [models.DatasetTable],
+        shared_tables: [DatasetTable],
+        revoked_tables: [DatasetTable],
         source_environment: models.Environment,
         target_environment: models.Environment,
         env_group: models.EnvironmentGroup,
@@ -82,7 +83,7 @@ def build_shared_db_name(self) -> str:
         """
         return (self.dataset.GlueDatabaseName + '_shared_' + self.share.shareUri)[:254]
 
-    def build_share_data(self, table: models.DatasetTable) -> dict:
+    def build_share_data(self, table: DatasetTable) -> dict:
         """
         Build aws dict for boto3 operations on Glue and LF from share data
         Parameters
@@ -110,7 +111,7 @@ def build_share_data(self, table: models.DatasetTable) -> dict:
         return data
 
     def check_share_item_exists_on_glue_catalog(
-        self, share_item: models.ShareObjectItem, table: models.DatasetTable
+        self, share_item: models.ShareObjectItem, table: DatasetTable
     ) -> None:
         """
         Checks if a table in the share request
@@ -271,12 +272,12 @@ def create_resource_link(cls, **data) -> dict:
             )
             raise e
 
-    def revoke_table_resource_link_access(self, table: models.DatasetTable, principals: [str]):
+    def revoke_table_resource_link_access(self, table: DatasetTable, principals: [str]):
         """
         Revokes access to glue table resource link
         Parameters
         ----------
-        table : models.DatasetTable
+        table : DatasetTable
         principals: List of strings. IAM role arn and Quicksight groups
 
         Returns
@@ -332,7 +333,7 @@ def revoke_source_table_access(self, table, principals: [str]):
         Revokes access to the source glue table
         Parameters
         ----------
-        table : models.DatasetTable
+        table : DatasetTable
 
         Returns
         -------
@@ -366,7 +367,7 @@ def revoke_source_table_access(self, table, principals: [str]):
         )
         return True
 
-    def delete_resource_link_table(self, table: models.DatasetTable):
+    def delete_resource_link_table(self, table: DatasetTable):
         logger.info(f'Deleting shared table {table.GlueTableName}')
 
         if not Glue.table_exists(
@@ -502,7 +503,7 @@ def delete_ram_resource_shares(self, resource_arn: str) -> [dict]:
 
     def handle_share_failure(
         self,
-        table: models.DatasetTable,
+        table: DatasetTable,
         share_item: models.ShareObjectItem,
         error: Exception,
     ) -> bool:
@@ -532,7 +533,7 @@ def handle_share_failure(
 
     def handle_revoke_failure(
             self,
-            table: models.DatasetTable,
+            table: DatasetTable,
             share_item: models.ShareObjectItem,
             error: Exception,
     ) -> bool:
diff --git a/backend/dataall/tasks/data_sharing/share_processors/lf_process_cross_account_share.py b/backend/dataall/tasks/data_sharing/share_processors/lf_process_cross_account_share.py
index ffdf7d487..dfceec978 100644
--- a/backend/dataall/tasks/data_sharing/share_processors/lf_process_cross_account_share.py
+++ b/backend/dataall/tasks/data_sharing/share_processors/lf_process_cross_account_share.py
@@ -4,6 +4,7 @@
 from ..share_managers import LFShareManager
 from ....aws.handlers.ram import Ram
 from ....db import models, api
+from dataall.modules.datasets.db.models import DatasetTable
 
 log = logging.getLogger(__name__)
 
@@ -14,8 +15,8 @@ def __init__(
         session,
         dataset: models.Dataset,
         share: models.ShareObject,
-        shared_tables: [models.DatasetTable],
-        revoked_tables: [models.DatasetTable],
+        shared_tables: [DatasetTable],
+        revoked_tables: [DatasetTable],
         source_environment: models.Environment,
         target_environment: models.Environment,
         env_group: models.EnvironmentGroup,
diff --git a/backend/dataall/tasks/data_sharing/share_processors/lf_process_same_account_share.py b/backend/dataall/tasks/data_sharing/share_processors/lf_process_same_account_share.py
index 4b5ad4096..3ea939b4f 100644
--- a/backend/dataall/tasks/data_sharing/share_processors/lf_process_same_account_share.py
+++ b/backend/dataall/tasks/data_sharing/share_processors/lf_process_same_account_share.py
@@ -1,7 +1,8 @@
 import logging
 
 from ..share_managers import LFShareManager
-from ....db import models, api
+from dataall.db import models, api
+from dataall.modules.datasets.db.models import DatasetTable
 
 log = logging.getLogger(__name__)
 
@@ -12,8 +13,8 @@ def __init__(
         session,
         dataset: models.Dataset,
         share: models.ShareObject,
-        shared_tables: [models.DatasetTable],
-        revoked_tables: [models.DatasetTable],
+        shared_tables: [DatasetTable],
+        revoked_tables: [DatasetTable],
         source_environment: models.Environment,
         target_environment: models.Environment,
         env_group: models.EnvironmentGroup,
diff --git a/backend/dataall/utils/alarm_service.py b/backend/dataall/utils/alarm_service.py
index b414e1ed0..a1d0a6d5b 100644
--- a/backend/dataall/utils/alarm_service.py
+++ b/backend/dataall/utils/alarm_service.py
@@ -11,6 +11,7 @@
 
 from ..aws.handlers.sts import SessionHelper
 from ..db import models
+from dataall.modules.datasets.db.models import DatasetTable
 
 logger = logging.getLogger(__name__)
 
@@ -42,7 +43,7 @@ def trigger_stack_deployment_failure_alarm(self, stack: models.Stack):
 
     def trigger_table_sharing_failure_alarm(
         self,
-        table: models.DatasetTable,
+        table: DatasetTable,
         share: models.ShareObject,
         target_environment: models.Environment,
     ):
@@ -74,7 +75,7 @@ def trigger_table_sharing_failure_alarm(
 
     def trigger_revoke_table_sharing_failure_alarm(
         self,
-        table: models.DatasetTable,
+        table: DatasetTable,
         share: models.ShareObject,
         target_environment: models.Environment,
     ):
diff --git a/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py b/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py
index d75e7d6cc..32ca6abe0 100644
--- a/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py
+++ b/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py
@@ -6,7 +6,6 @@
 
 """
 from alembic import op
-import sqlalchemy as sa
 from sqlalchemy import orm, Column, String, Text, DateTime, and_
 from sqlalchemy.orm import query_expression
 from sqlalchemy.dialects import postgresql
@@ -95,7 +94,7 @@ def upgrade():
                     resource_uri=table.tableUri,
                     group=group,
                     permissions=permissions.DATASET_TABLE_READ,
-                    resource_type=models.DatasetTable.__name__,
+                    resource_type=DatasetTable.__name__,
                 )
         print('dataset table permissions updated successfully for owners/stewards')
     except Exception as e:
@@ -120,7 +119,7 @@ def upgrade():
                 group=share.principalId,
                 permissions=permissions.DATASET_TABLE_READ,
                 resource_uri=shared_table.itemUri,
-                resource_type=models.DatasetTable.__name__,
+                resource_type=DatasetTable.__name__,
             )
         print('dataset table permissions updated for all shared tables')
     except Exception as e:
diff --git a/tests/api/conftest.py b/tests/api/conftest.py
index f959be417..aff658520 100644
--- a/tests/api/conftest.py
+++ b/tests/api/conftest.py
@@ -2,7 +2,7 @@
 from .client import *
 from dataall.db import models
 from dataall.api import constants
-from dataall.modules.datasets.db.models import DatasetStorageLocation
+from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable
 
 
 @pytest.fixture(scope='module', autouse=True)
@@ -506,7 +506,7 @@ def factory(
 def share_item(db):
     def factory(
             share: models.ShareObject,
-            table: models.DatasetTable,
+            table: DatasetTable,
             status: str
     ) -> models.ShareObjectItem:
         with db.scoped_session() as session:
@@ -554,12 +554,12 @@ def factory(dataset: models.Dataset, name, username) -> DatasetStorageLocation:
 def table(db):
     cache = {}
 
-    def factory(dataset: models.Dataset, name, username) -> models.DatasetTable:
+    def factory(dataset: models.Dataset, name, username) -> DatasetTable:
         key = f'{dataset.datasetUri}-{name}'
         if cache.get(key):
             return cache.get(key)
         with db.scoped_session() as session:
-            table = models.DatasetTable(
+            table = DatasetTable(
                 name=name,
                 label=name,
                 owner=username,
diff --git a/tests/api/test_dataset.py b/tests/api/test_dataset.py
index 359a780b4..9dc5d37f5 100644
--- a/tests/api/test_dataset.py
+++ b/tests/api/test_dataset.py
@@ -3,7 +3,7 @@
 import pytest
 
 import dataall
-from dataall.modules.datasets.db.models import DatasetStorageLocation
+from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable
 
 
 @pytest.fixture(scope='module', autouse=True)
@@ -227,7 +227,7 @@ def test_add_tables(table, dataset1, db):
         table(dataset=dataset1, name=f'table{i+1}', username=dataset1.owner)
 
     with db.scoped_session() as session:
-        nb = session.query(dataall.db.models.DatasetTable).count()
+        nb = session.query(DatasetTable).count()
     assert nb == 10
 
 
diff --git a/tests/api/test_dataset_profiling.py b/tests/api/test_dataset_profiling.py
index 8d708e94d..8f7b1bc84 100644
--- a/tests/api/test_dataset_profiling.py
+++ b/tests/api/test_dataset_profiling.py
@@ -2,7 +2,7 @@
 import pytest
 
 import dataall
-from dataall.modules.datasets.db.models import DatasetProfilingRun
+from dataall.modules.datasets.db.models import DatasetProfilingRun, DatasetTable
 
 
 @pytest.fixture(scope='module', autouse=True)
@@ -33,7 +33,7 @@ def test_add_tables(table, dataset1, db):
         table(dataset=dataset1, name=f'table{i+1}', username=dataset1.owner)
 
     with db.scoped_session() as session:
-        nb = session.query(dataall.db.models.DatasetTable).count()
+        nb = session.query(DatasetTable).count()
     assert nb == 10
 
 
@@ -141,8 +141,8 @@ def test_get_table_profiling_run(
     table = table(dataset=dataset1, name='table1', username=dataset1.owner)
     with db.scoped_session() as session:
         table = (
-            session.query(dataall.db.models.DatasetTable)
-            .filter(dataall.db.models.DatasetTable.GlueTableName == 'table1')
+            session.query(DatasetTable)
+            .filter(DatasetTable.GlueTableName == 'table1')
             .first()
         )
     response = client.query(
@@ -178,8 +178,8 @@ def test_list_table_profiling_runs(
     table1000 = table(dataset=dataset1, name='table1000', username=dataset1.owner)
     with db.scoped_session() as session:
         table = (
-            session.query(dataall.db.models.DatasetTable)
-            .filter(dataall.db.models.DatasetTable.GlueTableName == 'table1')
+            session.query(DatasetTable)
+            .filter(DatasetTable.GlueTableName == 'table1')
             .first()
         )
     module_mocker.patch(
diff --git a/tests/api/test_dataset_table.py b/tests/api/test_dataset_table.py
index 88140b68c..7ed3732a4 100644
--- a/tests/api/test_dataset_table.py
+++ b/tests/api/test_dataset_table.py
@@ -4,7 +4,7 @@
 
 import dataall
 from dataall.modules.datasets.services.dataset_table import DatasetTableService
-from dataall.modules.datasets.db.models import DatasetTableColumn
+from dataall.modules.datasets.db.models import DatasetTableColumn, DatasetTable
 
 
 @pytest.fixture(scope='module', autouse=True)
@@ -76,7 +76,7 @@ def test_add_tables(table, dataset1, db):
         table(dataset=dataset1, name=f'table{i+1}', username=dataset1.owner)
 
     with db.scoped_session() as session:
-        nb = session.query(dataall.db.models.DatasetTable).count()
+        nb = session.query(DatasetTable).count()
     assert nb == 10
 
 
@@ -109,8 +109,8 @@ def test_update_table(client, env1, table, dataset1, db, user, group):
 def test_add_columns(table, dataset1, db):
     with db.scoped_session() as session:
         table = (
-            session.query(dataall.db.models.DatasetTable)
-            .filter(dataall.db.models.DatasetTable.name == 'table1')
+            session.query(DatasetTable)
+            .filter(DatasetTable.name == 'table1')
             .first()
         )
         table_col = DatasetTableColumn(
@@ -182,8 +182,8 @@ def test_list_dataset_tables(client, dataset1):
 def test_update_dataset_table_column(client, table, dataset1, db):
     with db.scoped_session() as session:
         table = (
-            session.query(dataall.db.models.DatasetTable)
-            .filter(dataall.db.models.DatasetTable.name == 'table1')
+            session.query(DatasetTable)
+            .filter(DatasetTable.name == 'table1')
             .first()
         )
         column = (
@@ -231,8 +231,8 @@ def test_update_dataset_table_column(client, table, dataset1, db):
 def test_sync_tables_and_columns(client, table, dataset1, db):
     with db.scoped_session() as session:
         table = (
-            session.query(dataall.db.models.DatasetTable)
-            .filter(dataall.db.models.DatasetTable.name == 'table1')
+            session.query(DatasetTable)
+            .filter(DatasetTable.name == 'table1')
             .first()
         )
         column = (
@@ -292,9 +292,9 @@ def test_sync_tables_and_columns(client, table, dataset1, db):
         ]
 
         assert DatasetTableService.sync(session, dataset1.datasetUri, glue_tables)
-        new_table: dataall.db.models.DatasetTable = (
-            session.query(dataall.db.models.DatasetTable)
-            .filter(dataall.db.models.DatasetTable.name == 'new_table')
+        new_table: DatasetTable = (
+            session.query(DatasetTable)
+            .filter(DatasetTable.name == 'new_table')
             .first()
         )
         assert new_table
@@ -309,9 +309,9 @@ def test_sync_tables_and_columns(client, table, dataset1, db):
         assert columns[0].columnType == 'column'
         assert columns[1].columnType == 'partition_0'
 
-        existing_table: dataall.db.models.DatasetTable = (
-            session.query(dataall.db.models.DatasetTable)
-            .filter(dataall.db.models.DatasetTable.name == 'table1')
+        existing_table: DatasetTable = (
+            session.query(DatasetTable)
+            .filter(DatasetTable.name == 'table1')
             .first()
         )
         assert existing_table
@@ -326,9 +326,9 @@ def test_sync_tables_and_columns(client, table, dataset1, db):
         assert columns[0].columnType == 'column'
         assert columns[1].columnType == 'partition_0'
 
-        deleted_table: dataall.db.models.DatasetTable = (
-            session.query(dataall.db.models.DatasetTable)
-            .filter(dataall.db.models.DatasetTable.name == 'table2')
+        deleted_table: DatasetTable = (
+            session.query(DatasetTable)
+            .filter(DatasetTable.name == 'table2')
             .first()
         )
         assert deleted_table.LastGlueTableStatus == 'Deleted'
diff --git a/tests/api/test_glossary.py b/tests/api/test_glossary.py
index bb7f34516..1aa15ce73 100644
--- a/tests/api/test_glossary.py
+++ b/tests/api/test_glossary.py
@@ -1,7 +1,7 @@
 from datetime import datetime
 from typing import List
 from dataall.db import models
-from dataall.modules.datasets.db.models import DatasetTableColumn
+from dataall.modules.datasets.db.models import DatasetTableColumn, DatasetTable
 import pytest
 
 
@@ -32,9 +32,9 @@ def _dataset(db, _env, _org, group, user, dataset) -> models.Dataset:
 
 
 @pytest.fixture(scope='module', autouse=True)
-def _table(db, _dataset) -> models.DatasetTable:
+def _table(db, _dataset) -> DatasetTable:
     with db.scoped_session() as session:
-        t = models.DatasetTable(
+        t = DatasetTable(
             datasetUri=_dataset.datasetUri,
             label='table',
             AWSAccountId=_dataset.AwsAccountId,
diff --git a/tests/api/test_share.py b/tests/api/test_share.py
index 58309aa01..d951a15f8 100644
--- a/tests/api/test_share.py
+++ b/tests/api/test_share.py
@@ -3,6 +3,7 @@
 import pytest
 
 import dataall
+from dataall.modules.datasets.db.models import DatasetTable
 
 
 def random_table_name():
@@ -64,7 +65,7 @@ def tables1(table: typing.Callable, dataset1: dataall.db.models.Dataset):
 
 @pytest.fixture(scope="module", autouse=True)
 def table1(table: typing.Callable, dataset1: dataall.db.models.Dataset,
-           user: dataall.db.models.User) -> dataall.db.models.DatasetTable:
+           user: dataall.db.models.User) -> DatasetTable:
     yield table(
         dataset=dataset1,
         name="table1",
@@ -112,7 +113,7 @@ def tables2(table, dataset2):
 
 @pytest.fixture(scope="module", autouse=True)
 def table2(table: typing.Callable, dataset2: dataall.db.models.Dataset,
-           user2: dataall.db.models.User) -> dataall.db.models.DatasetTable:
+           user2: dataall.db.models.User) -> DatasetTable:
     yield table(
         dataset=dataset2,
         name="table2",
@@ -195,7 +196,7 @@ def share1_draft(
 def share1_item_pa(
         share_item: typing.Callable,
         share1_draft: dataall.db.models.ShareObject,
-        table1: dataall.db.models.DatasetTable
+        table1: DatasetTable
 ) -> dataall.db.models.ShareObjectItem:
     # Cleaned up with share1_draft
     yield share_item(
@@ -270,7 +271,7 @@ def share2_submitted(
 def share2_item_pa(
         share_item: typing.Callable,
         share2_submitted: dataall.db.models.ShareObject,
-        table1: dataall.db.models.DatasetTable
+        table1: DatasetTable
 ) -> dataall.db.models.ShareObjectItem:
     # Cleaned up with share2
     yield share_item(
@@ -345,7 +346,7 @@ def share3_processed(
 def share3_item_shared(
         share_item: typing.Callable,
         share3_processed: dataall.db.models.ShareObject,
-        table1: dataall.db.models.DatasetTable
+        table1:DatasetTable
 ) -> dataall.db.models.ShareObjectItem:
     # Cleaned up with share3
     yield share_item(
diff --git a/tests/cdkproxy/conftest.py b/tests/cdkproxy/conftest.py
index c83d0028b..c223f4a37 100644
--- a/tests/cdkproxy/conftest.py
+++ b/tests/cdkproxy/conftest.py
@@ -1,6 +1,7 @@
 import pytest
 
 from dataall.db import models, api
+from dataall.modules.datasets.db.models import DatasetTable
 
 
 @pytest.fixture(scope='module', autouse=True)
@@ -121,9 +122,9 @@ def dataset(db, env: models.Environment) -> models.Dataset:
 
 
 @pytest.fixture(scope='module', autouse=True)
-def table(db, dataset: models.Dataset) -> models.DatasetTable:
+def table(db, dataset: models.Dataset) -> DatasetTable:
     with db.scoped_session() as session:
-        table = models.DatasetTable(
+        table = DatasetTable(
             label='thistable',
             owner='me',
             datasetUri=dataset.datasetUri,
diff --git a/tests/searchproxy/test_indexers.py b/tests/searchproxy/test_indexers.py
index fd31506f1..4fad9e6d2 100644
--- a/tests/searchproxy/test_indexers.py
+++ b/tests/searchproxy/test_indexers.py
@@ -6,7 +6,7 @@
 from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
 from dataall.searchproxy import indexers
-from dataall.modules.datasets.db.models import DatasetStorageLocation
+from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable
 from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
 
 
@@ -74,7 +74,7 @@ def dataset(org, env, db):
 @pytest.fixture(scope='module', autouse=True)
 def table(org, env, db, dataset):
     with db.scoped_session() as session:
-        table = dataall.db.models.DatasetTable(
+        table = DatasetTable(
             datasetUri=dataset.datasetUri,
             AWSAccountId='12345678901',
             S3Prefix='S3prefix',
diff --git a/tests/tasks/conftest.py b/tests/tasks/conftest.py
index 7e6f0d71a..267d3ef73 100644
--- a/tests/tasks/conftest.py
+++ b/tests/tasks/conftest.py
@@ -2,7 +2,7 @@
 
 from dataall.db import models
 from dataall.api import constants
-from dataall.modules.datasets.db.models import DatasetStorageLocation
+from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable
 
 
 @pytest.fixture(scope="module")
@@ -148,10 +148,10 @@ def factory(dataset: models.Dataset, label: str) -> DatasetStorageLocation:
 
 @pytest.fixture(scope='module')
 def table(db):
-    def factory(dataset: models.Dataset, label: str) -> models.DatasetTable:
+    def factory(dataset: models.Dataset, label: str) -> DatasetTable:
 
         with db.scoped_session() as session:
-            table = models.DatasetTable(
+            table = DatasetTable(
                 name=label,
                 label=label,
                 owner=dataset.owner,
@@ -218,7 +218,7 @@ def factory(
 def share_item_table(db):
     def factory(
         share: models.ShareObject,
-        table: models.DatasetTable,
+        table: DatasetTable,
         status: str,
     ) -> models.ShareObjectItem:
         with db.scoped_session() as session:
diff --git a/tests/tasks/test_catalog_indexer.py b/tests/tasks/test_catalog_indexer.py
index 31b0f14d4..8da53e3d2 100644
--- a/tests/tasks/test_catalog_indexer.py
+++ b/tests/tasks/test_catalog_indexer.py
@@ -1,5 +1,6 @@
 import pytest
 import dataall
+from dataall.modules.datasets.db.models import DatasetTable
 
 
 @pytest.fixture(scope='module', autouse=True)
@@ -65,7 +66,7 @@ def sync_dataset(org, env, db):
 @pytest.fixture(scope='module', autouse=True)
 def table(org, env, db, sync_dataset):
     with db.scoped_session() as session:
-        table = dataall.db.models.DatasetTable(
+        table = DatasetTable(
             datasetUri=sync_dataset.datasetUri,
             AWSAccountId='12345678901',
             S3Prefix='S3prefix',
diff --git a/tests/tasks/test_lf_share_manager.py b/tests/tasks/test_lf_share_manager.py
index bee190258..1ff99ba43 100644
--- a/tests/tasks/test_lf_share_manager.py
+++ b/tests/tasks/test_lf_share_manager.py
@@ -10,6 +10,7 @@
 
 from dataall.db import models
 from dataall.api import constants
+from dataall.modules.datasets.db.models import DatasetTable
 
 from dataall.tasks.data_sharing.share_processors.lf_process_cross_account_share import ProcessLFCrossAccountShare
 from dataall.tasks.data_sharing.share_processors.lf_process_same_account_share import ProcessLFSameAccountShare
@@ -94,7 +95,7 @@ def dataset1(dataset: Callable, org1: models.Organization, source_environment: m
 
 
 @pytest.fixture(scope="module")
-def table1(table: Callable, dataset1: models.Dataset) -> models.DatasetTable:
+def table1(table: Callable, dataset1: models.Dataset) -> DatasetTable:
     yield table(
         dataset=dataset1,
         label="table1"
@@ -102,7 +103,7 @@ def table1(table: Callable, dataset1: models.Dataset) -> models.DatasetTable:
 
 
 @pytest.fixture(scope="module")
-def table2(table: Callable, dataset1: models.Dataset) -> models.DatasetTable:
+def table2(table: Callable, dataset1: models.Dataset) -> DatasetTable:
     yield table(
         dataset=dataset1,
         label="table2"
@@ -133,7 +134,7 @@ def share_cross_account(
 
 @pytest.fixture(scope="module")
 def share_item_same_account(share_item_table: Callable, share_same_account: models.ShareObject,
-                            table1: models.DatasetTable) -> models.ShareObjectItem:
+                            table1: DatasetTable) -> models.ShareObjectItem:
     yield share_item_table(
         share=share_same_account,
         table=table1,
@@ -142,7 +143,7 @@ def share_item_same_account(share_item_table: Callable, share_same_account: mode
 
 @pytest.fixture(scope="module")
 def revoke_item_same_account(share_item_table: Callable, share_same_account: models.ShareObject,
-                             table2: models.DatasetTable) -> models.ShareObjectItem:
+                             table2: DatasetTable) -> models.ShareObjectItem:
     yield share_item_table(
         share=share_same_account,
         table=table2,
@@ -151,7 +152,7 @@ def revoke_item_same_account(share_item_table: Callable, share_same_account: mod
 
 @pytest.fixture(scope="module")
 def share_item_cross_account(share_item_table: Callable, share_cross_account: models.ShareObject,
-                             table1: models.DatasetTable) -> models.ShareObjectItem:
+                             table1: DatasetTable) -> models.ShareObjectItem:
     yield share_item_table(
         share=share_cross_account,
         table=table1,
@@ -160,7 +161,7 @@ def share_item_cross_account(share_item_table: Callable, share_cross_account: mo
 
 @pytest.fixture(scope="module")
 def revoke_item_cross_account(share_item_table: Callable, share_cross_account: models.ShareObject,
-                              table2: models.DatasetTable) -> models.ShareObjectItem:
+                              table2: DatasetTable) -> models.ShareObjectItem:
     yield share_item_table(
         share=share_cross_account,
         table=table2,
@@ -294,7 +295,7 @@ def test_check_share_item_exists_on_glue_catalog(
         db,
         processor_same_account: ProcessLFSameAccountShare,
         processor_cross_account: ProcessLFCrossAccountShare,
-        table1: models.DatasetTable,
+        table1: DatasetTable,
         share_item_same_account: models.ShareObjectItem,
         share_item_cross_account: models.ShareObjectItem,
         mocker,
@@ -332,7 +333,7 @@ def test_build_share_data(
         source_environment: models.Environment,
         target_environment: models.Environment,
         dataset1: models.Dataset,
-        table1: models.DatasetTable,
+        table1: DatasetTable,
 ):
     data_same_account = {
         'source': {
@@ -380,7 +381,7 @@ def test_create_resource_link(
         source_environment: models.Environment,
         target_environment: models.Environment,
         dataset1: models.Dataset,
-        table1: models.DatasetTable,
+        table1: DatasetTable,
         mocker,
 ):
     sts_mock = mocker.patch(
@@ -463,7 +464,7 @@ def test_revoke_table_resource_link_access(
         source_environment: models.Environment,
         target_environment: models.Environment,
         dataset1: models.Dataset,
-        table2: models.DatasetTable,
+        table2: DatasetTable,
         mocker,
 ):
     glue_mock = mocker.patch(
@@ -511,7 +512,7 @@ def test_revoke_source_table_access(
         source_environment: models.Environment,
         target_environment: models.Environment,
         dataset1: models.Dataset,
-        table2: models.DatasetTable,
+        table2: DatasetTable,
         mocker,
 ):
     glue_mock = mocker.patch(
@@ -554,7 +555,7 @@ def test_delete_resource_link_table(
         source_environment: models.Environment,
         target_environment: models.Environment,
         dataset1: models.Dataset,
-        table2: models.DatasetTable,
+        table2: DatasetTable,
         mocker,
 ):
     glue_mock = mocker.patch(
@@ -596,7 +597,7 @@ def test_delete_shared_database(
         source_environment: models.Environment,
         target_environment: models.Environment,
         dataset1: models.Dataset,
-        table1: models.DatasetTable,
+        table1: DatasetTable,
         mocker,
 ):
     glue_mock = mocker.patch(
@@ -625,8 +626,8 @@ def test_revoke_external_account_access_on_source_account(
         source_environment: models.Environment,
         target_environment: models.Environment,
         dataset1: models.Dataset,
-        table1: models.DatasetTable,
-        table2: models.DatasetTable,
+        table1: DatasetTable,
+        table2: DatasetTable,
         mocker,
 ):
     lf_mock = mocker.patch(
@@ -649,7 +650,7 @@ def test_handle_share_failure(
         processor_cross_account: ProcessLFCrossAccountShare,
         share_item_same_account: models.ShareObjectItem,
         share_item_cross_account: models.ShareObjectItem,
-        table1: models.DatasetTable,
+        table1: DatasetTable,
         mocker,
 ):
 
@@ -678,7 +679,7 @@ def test_handle_revoke_failure(
         processor_cross_account: ProcessLFCrossAccountShare,
         revoke_item_same_account: models.ShareObjectItem,
         revoke_item_cross_account: models.ShareObjectItem,
-        table1: models.DatasetTable,
+        table1: DatasetTable,
         mocker,
 ):
     # Given
diff --git a/tests/tasks/test_policies.py b/tests/tasks/test_policies.py
index d51cc2ac7..ca8c259c6 100644
--- a/tests/tasks/test_policies.py
+++ b/tests/tasks/test_policies.py
@@ -1,4 +1,5 @@
 from dataall.api.constants import OrganisationUserRole
+from dataall.modules.datasets.db.models import DatasetTable
 from dataall.tasks.bucket_policy_updater import BucketPoliciesUpdater
 import pytest
 import dataall
@@ -68,7 +69,7 @@ def sync_dataset(org, env, db):
 @pytest.fixture(scope='module', autouse=True)
 def table(org, env, db, sync_dataset):
     with db.scoped_session() as session:
-        table = dataall.db.models.DatasetTable(
+        table = DatasetTable(
             datasetUri=sync_dataset.datasetUri,
             AWSAccountId='12345678901',
             S3Prefix='S3prefix',
diff --git a/tests/tasks/test_subscriptions.py b/tests/tasks/test_subscriptions.py
index 874b8ccab..61c70d174 100644
--- a/tests/tasks/test_subscriptions.py
+++ b/tests/tasks/test_subscriptions.py
@@ -2,6 +2,7 @@
 
 import dataall
 from dataall.api.constants import OrganisationUserRole
+from dataall.modules.datasets.db.models import DatasetTable
 
 
 @pytest.fixture(scope='module')
@@ -93,7 +94,7 @@ def share(
 ):
     with db.scoped_session() as session:
 
-        table = dataall.db.models.DatasetTable(
+        table = DatasetTable(
             label='foo',
             name='foo',
             owner='alice',
diff --git a/tests/tasks/test_tables_sync.py b/tests/tasks/test_tables_sync.py
index 9d8282e65..ff6f8271e 100644
--- a/tests/tasks/test_tables_sync.py
+++ b/tests/tasks/test_tables_sync.py
@@ -1,6 +1,7 @@
 import pytest
 import dataall
 from dataall.api.constants import OrganisationUserRole
+from dataall.modules.datasets.db.models import DatasetTable
 
 
 @pytest.fixture(scope='module', autouse=True)
@@ -76,7 +77,7 @@ def sync_dataset(org, env, db):
 @pytest.fixture(scope='module', autouse=True)
 def table(org, env, db, sync_dataset):
     with db.scoped_session() as session:
-        table = dataall.db.models.DatasetTable(
+        table = DatasetTable(
             datasetUri=sync_dataset.datasetUri,
             AWSAccountId='12345678901',
             S3Prefix='S3prefix',
@@ -163,9 +164,9 @@ def test_tables_sync(db, org, env, sync_dataset, table, mocker):
     processed_tables = dataall.modules.datasets.tasks.tables_syncer.sync_tables(engine=db)
     assert len(processed_tables) == 2
     with db.scoped_session() as session:
-        saved_table: dataall.db.models.DatasetTable = (
-            session.query(dataall.db.models.DatasetTable)
-            .filter(dataall.db.models.DatasetTable.GlueTableName == 'table1')
+        saved_table: DatasetTable = (
+            session.query(DatasetTable)
+            .filter(DatasetTable.GlueTableName == 'table1')
             .first()
         )
         assert saved_table

From ba45ca50bc422df343aea81749ab010b91743a71 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 21 Apr 2023 11:18:49 +0200
Subject: [PATCH 072/346] Moved delete_doc to BaseIndexer

---
 .../api/Objects/Dashboard/resolvers.py        |  2 +-
 .../dataall/api/Objects/Dataset/resolvers.py  | 10 ++++----
 .../api/storage_location/resolvers.py         |  2 +-
 .../modules/datasets/api/table/resolvers.py   |  2 +-
 .../datasets/indexers/table_indexer.py        | 16 +++++++++++++
 backend/dataall/searchproxy/indexers.py       | 24 -------------------
 backend/dataall/searchproxy/upsert.py         |  6 +++++
 tests/api/conftest.py                         |  2 +-
 8 files changed, 30 insertions(+), 34 deletions(-)

diff --git a/backend/dataall/api/Objects/Dashboard/resolvers.py b/backend/dataall/api/Objects/Dashboard/resolvers.py
index 84a2a1bcc..94372f5d1 100644
--- a/backend/dataall/api/Objects/Dashboard/resolvers.py
+++ b/backend/dataall/api/Objects/Dashboard/resolvers.py
@@ -311,7 +311,7 @@ def delete_dashboard(context: Context, source, dashboardUri: str = None):
             data=None,
             check_perm=True,
         )
-        indexers.delete_doc(es=context.es, doc_id=dashboardUri)
+        DashboardIndexer.delete_doc(doc_id=dashboardUri)
         return True
 
 
diff --git a/backend/dataall/api/Objects/Dataset/resolvers.py b/backend/dataall/api/Objects/Dataset/resolvers.py
index 79e306c9e..c17deef76 100644
--- a/backend/dataall/api/Objects/Dataset/resolvers.py
+++ b/backend/dataall/api/Objects/Dataset/resolvers.py
@@ -328,9 +328,7 @@ def sync_tables(context: Context, source, datasetUri: str = None):
         DatasetTableIndexer.upsert_all(
             session=session, dataset_uri=dataset.datasetUri
         )
-        indexers.remove_deleted_tables(
-            session=session, es=context.es, datasetUri=dataset.datasetUri
-        )
+        DatasetTableIndexer.remove_all_deleted(session=session, dataset_uri=dataset.datasetUri)
         return Dataset.paginated_dataset_tables(
             session=session,
             username=context.username,
@@ -557,13 +555,13 @@ def delete_dataset(
 
         tables = [t.tableUri for t in Dataset.get_dataset_tables(session, datasetUri)]
         for uri in tables:
-            indexers.delete_doc(es=context.es, doc_id=uri)
+            DatasetIndexer.delete_doc(doc_id=uri)
 
         folders = [f.locationUri for f in DatasetLocationService.get_dataset_folders(session, datasetUri)]
         for uri in folders:
-            indexers.delete_doc(es=context.es, doc_id=uri)
+            DatasetIndexer.delete_doc(doc_id=uri)
 
-        indexers.delete_doc(es=context.es, doc_id=datasetUri)
+        DatasetIndexer.delete_doc(doc_id=datasetUri)
 
         Dataset.delete_dataset(
             session=session,
diff --git a/backend/dataall/modules/datasets/api/storage_location/resolvers.py b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
index 09cf4b14a..6f8d82e43 100644
--- a/backend/dataall/modules/datasets/api/storage_location/resolvers.py
+++ b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
@@ -88,7 +88,7 @@ def remove_storage_location(context, source, locationUri: str = None):
             data={'locationUri': location.locationUri},
             check_perm=True,
         )
-        indexers.delete_doc(es=context.es, doc_id=location.locationUri)
+        DatasetLocationIndexer.delete_doc(doc_id=location.locationUri)
     return True
 
 
diff --git a/backend/dataall/modules/datasets/api/table/resolvers.py b/backend/dataall/modules/datasets/api/table/resolvers.py
index ea16cae79..ce884bcbe 100644
--- a/backend/dataall/modules/datasets/api/table/resolvers.py
+++ b/backend/dataall/modules/datasets/api/table/resolvers.py
@@ -99,7 +99,7 @@ def delete_table(context, source, tableUri: str = None):
             },
             check_perm=True,
         )
-    indexers.delete_doc(es=context.es, doc_id=tableUri)
+    DatasetTableIndexer.delete_doc(doc_id=tableUri)
     return True
 
 
diff --git a/backend/dataall/modules/datasets/indexers/table_indexer.py b/backend/dataall/modules/datasets/indexers/table_indexer.py
index 4c96eea6d..2fe9451e1 100644
--- a/backend/dataall/modules/datasets/indexers/table_indexer.py
+++ b/backend/dataall/modules/datasets/indexers/table_indexer.py
@@ -97,3 +97,19 @@ def upsert_all(cls, session, dataset_uri: str):
         for table in tables:
             DatasetTableIndexer.upsert(session=session, table_uri=table.tableUri)
         return tables
+
+    @classmethod
+    def remove_all_deleted(cls, session, dataset_uri: str):
+        tables = (
+            session.query(DatasetTable)
+            .filter(
+                and_(
+                    DatasetTable.datasetUri == dataset_uri,
+                    DatasetTable.LastGlueTableStatus == 'Deleted',
+                )
+            )
+            .all()
+        )
+        for table in tables:
+            cls.delete_doc(doc_id=table.tableUri)
+        return tables
diff --git a/backend/dataall/searchproxy/indexers.py b/backend/dataall/searchproxy/indexers.py
index 9140cf3aa..eba878fa2 100644
--- a/backend/dataall/searchproxy/indexers.py
+++ b/backend/dataall/searchproxy/indexers.py
@@ -1,11 +1,8 @@
 import logging
 
-from sqlalchemy import and_
-
 from .. import db
 from ..db import models
 from dataall.searchproxy.upsert import BaseIndexer
-from dataall.modules.datasets.db.models import DatasetTable
 
 log = logging.getLogger(__name__)
 
@@ -71,24 +68,3 @@ def upsert(cls, session, dashboard_uri: str):
                 },
             )
         return dashboard
-
-
-def remove_deleted_tables(session, es, datasetUri: str):
-    tables = (
-        session.query(DatasetTable)
-        .filter(
-            and_(
-                DatasetTable.datasetUri == datasetUri,
-                DatasetTable.LastGlueTableStatus == 'Deleted',
-            )
-        )
-        .all()
-    )
-    for table in tables:
-        delete_doc(es, doc_id=table.tableUri)
-    return tables
-
-
-def delete_doc(es, doc_id, index='dataall-index'):
-    es.delete(index=index, id=doc_id, ignore=[400, 404])
-    return True
diff --git a/backend/dataall/searchproxy/upsert.py b/backend/dataall/searchproxy/upsert.py
index 9eb2e3125..a787032dd 100644
--- a/backend/dataall/searchproxy/upsert.py
+++ b/backend/dataall/searchproxy/upsert.py
@@ -30,6 +30,12 @@ def es(cls):
     def upsert(session, target_id):
         raise NotImplementedError("Method upsert is not implemented")
 
+    @classmethod
+    def delete_doc(cls, doc_id):
+        es = cls.es()
+        es.delete(index=cls._INDEX, id=doc_id, ignore=[400, 404])
+        return True
+
     @classmethod
     def _index(cls, doc_id, doc):
         es = cls.es()
diff --git a/tests/api/conftest.py b/tests/api/conftest.py
index aff658520..37fef4f10 100644
--- a/tests/api/conftest.py
+++ b/tests/api/conftest.py
@@ -40,7 +40,7 @@ def patch_es(module_mocker):
         return_value={}
     )
     module_mocker.patch('dataall.searchproxy.indexers.DashboardIndexer.upsert', return_value={})
-    module_mocker.patch('dataall.searchproxy.indexers.delete_doc', return_value={})
+    module_mocker.patch('dataall.searchproxy.upsert.BaseIndexer.delete_doc', return_value={})
 
 
 @pytest.fixture(scope='module', autouse=True)

From dc8ff72a817e4403cd3cb1481908228a7709efaa Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 21 Apr 2023 11:28:38 +0200
Subject: [PATCH 073/346] Lazy creation of connection to OpenSearch

---
 backend/api_handler.py                          |  6 +-----
 .../dataall/api/Objects/Glossary/registry.py    |  8 +++-----
 .../dataall/api/Objects/Glossary/resolvers.py   |  2 +-
 backend/dataall/api/Objects/Vote/resolvers.py   |  4 ++--
 backend/dataall/api/context.py                  |  2 --
 backend/dataall/core/context.py                 |  2 --
 .../modules/datasets/tasks/tables_syncer.py     | 10 +++-------
 backend/dataall/tasks/catalog_indexer.py        | 17 ++++-------------
 backend/local_graphql_server.py                 |  3 +--
 9 files changed, 15 insertions(+), 39 deletions(-)

diff --git a/backend/api_handler.py b/backend/api_handler.py
index 890235347..714e107b2 100644
--- a/backend/api_handler.py
+++ b/backend/api_handler.py
@@ -15,7 +15,6 @@
 from dataall.core.context import set_context, dispose_context, RequestContext
 from dataall.db import init_permissions, get_engine, api, permissions
 from dataall.modules.loader import load_modules, ImportMode
-from dataall.searchproxy import connect
 
 logger = logging.getLogger()
 logger.setLevel(os.environ.get('LOG_LEVEL', 'INFO'))
@@ -30,7 +29,6 @@
 TYPE_DEFS = gql(SCHEMA.gql(with_directives=False))
 ENVNAME = os.getenv('envname', 'local')
 ENGINE = get_engine(envname=ENVNAME)
-ES = connect(envname=ENVNAME)
 Worker.queue = SqsQueue.send
 
 init_permissions(ENGINE)
@@ -99,7 +97,6 @@ def handler(event, context):
 
     log.info('Lambda Event %s', event)
     log.debug('Env name %s', ENVNAME)
-    log.debug('ElasticSearch %s', ES)
     log.debug('Engine %s', ENGINE.engine.url)
 
     if event['httpMethod'] == 'OPTIONS':
@@ -137,11 +134,10 @@ def handler(event, context):
             print(f'Error managing groups due to: {e}')
             groups = []
 
-        set_context(RequestContext(ENGINE, username, groups, ES))
+        set_context(RequestContext(ENGINE, username, groups))
 
         app_context = {
             'engine': ENGINE,
-            'es': ES,
             'username': username,
             'groups': groups,
             'schema': SCHEMA,
diff --git a/backend/dataall/api/Objects/Glossary/registry.py b/backend/dataall/api/Objects/Glossary/registry.py
index 36fea6cf0..ef006a777 100644
--- a/backend/dataall/api/Objects/Glossary/registry.py
+++ b/backend/dataall/api/Objects/Glossary/registry.py
@@ -1,7 +1,5 @@
-from dataclasses import dataclass, field
-from typing import Type, Dict, Optional, Protocol, Union, Callable, Any
-
-from opensearchpy import OpenSearch
+from dataclasses import dataclass
+from typing import Type, Dict, Optional, Protocol, Union
 
 from dataall.api import gql
 from dataall.api.gql.graphql_union_type import UnionTypeRegistry
@@ -56,7 +54,7 @@ def types(cls):
         return [gql.Ref(definition.object_type) for definition in cls._DEFINITIONS.values()]
 
     @classmethod
-    def reindex(cls, session, es: OpenSearch, target_type: str, target_uri: str):
+    def reindex(cls, session, target_type: str, target_uri: str):
         definition = cls._DEFINITIONS[target_type]
         if definition.reindexer:
             definition.reindexer.upsert(session, target_uri)
diff --git a/backend/dataall/api/Objects/Glossary/resolvers.py b/backend/dataall/api/Objects/Glossary/resolvers.py
index fdc4c3eea..42fae88ce 100644
--- a/backend/dataall/api/Objects/Glossary/resolvers.py
+++ b/backend/dataall/api/Objects/Glossary/resolvers.py
@@ -458,7 +458,7 @@ def reindex(context, linkUri):
         if not link:
             return
 
-    GlossaryRegistry.reindex(session, context.es, link.targetType, link.targetUri)
+    GlossaryRegistry.reindex(session, link.targetType, link.targetUri)
 
 
 def _target_model(target_type: str):
diff --git a/backend/dataall/api/Objects/Vote/resolvers.py b/backend/dataall/api/Objects/Vote/resolvers.py
index 42f5c20f5..d9f739872 100644
--- a/backend/dataall/api/Objects/Vote/resolvers.py
+++ b/backend/dataall/api/Objects/Vote/resolvers.py
@@ -28,11 +28,11 @@ def upvote(context: Context, source, input=None):
             data=input,
             check_perm=True,
         )
-        reindex(session, context.es, vote)
+        reindex(session, vote)
         return vote
 
 
-def reindex(session, es, vote):
+def reindex(session, vote):
     if vote.targetType == 'dataset':
         DatasetIndexer.upsert(session=session, dataset_uri=vote.targetUri)
     elif vote.targetType == 'dashboard':
diff --git a/backend/dataall/api/context.py b/backend/dataall/api/context.py
index a210dc0a1..238627a81 100644
--- a/backend/dataall/api/context.py
+++ b/backend/dataall/api/context.py
@@ -2,11 +2,9 @@ class Context:
     def __init__(
         self,
         engine=None,
-        es=None,
         username=None,
         groups=None,
     ):
         self.engine = engine
-        self.es = es
         self.username = username
         self.groups = groups
diff --git a/backend/dataall/core/context.py b/backend/dataall/core/context.py
index dcf594896..a6cc2d4ba 100644
--- a/backend/dataall/core/context.py
+++ b/backend/dataall/core/context.py
@@ -12,7 +12,6 @@
 
 from dataall.db.connection import Engine
 from threading import local
-import opensearchpy
 
 
 _request_storage = local()
@@ -24,7 +23,6 @@ class RequestContext:
     db_engine: Engine
     username: str
     groups: List[str]
-    es_engine: opensearchpy.OpenSearch
 
 
 def get_context() -> RequestContext:
diff --git a/backend/dataall/modules/datasets/tasks/tables_syncer.py b/backend/dataall/modules/datasets/tasks/tables_syncer.py
index 0974df585..4ed22425e 100644
--- a/backend/dataall/modules/datasets/tasks/tables_syncer.py
+++ b/backend/dataall/modules/datasets/tasks/tables_syncer.py
@@ -10,8 +10,6 @@
 from dataall.db import models
 from dataall.modules.datasets.db.models import DatasetTable
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
-from dataall.searchproxy import indexers
-from dataall.searchproxy.connect import connect
 from dataall.utils.alarm_service import AlarmService
 from dataall.modules.datasets.services.dataset_table import DatasetTableService
 
@@ -22,7 +20,7 @@
 log = logging.getLogger(__name__)
 
 
-def sync_tables(engine, es=None):
+def sync_tables(engine):
     with engine.scoped_session() as session:
         processed_tables = []
         all_datasets: [models.Dataset] = db.api.Dataset.list_all_active_datasets(
@@ -88,8 +86,7 @@ def sync_tables(engine, es=None):
 
                     processed_tables.extend(tables)
 
-                    if es:
-                        DatasetTableIndexer.upsert_all(session, dataset_uri=dataset.datasetUri)
+                    DatasetTableIndexer.upsert_all(session, dataset_uri=dataset.datasetUri)
             except Exception as e:
                 log.error(
                     f'Failed to sync tables for dataset '
@@ -113,5 +110,4 @@ def is_assumable_pivot_role(env: models.Environment):
 if __name__ == '__main__':
     ENVNAME = os.environ.get('envname', 'local')
     ENGINE = get_engine(envname=ENVNAME)
-    ES = connect(envname=ENVNAME)
-    sync_tables(engine=ENGINE, es=ES)
+    sync_tables(engine=ENGINE)
diff --git a/backend/dataall/tasks/catalog_indexer.py b/backend/dataall/tasks/catalog_indexer.py
index 5d32800c7..945bdd214 100644
--- a/backend/dataall/tasks/catalog_indexer.py
+++ b/backend/dataall/tasks/catalog_indexer.py
@@ -5,13 +5,9 @@
 from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
 from .. import db
-from ..db import get_engine, exceptions
-from ..db import models
+from dataall.db import get_engine, models
 from dataall.searchproxy.indexers import DashboardIndexer
-from ..searchproxy.connect import (
-    connect,
-)
-from ..utils.alarm_service import AlarmService
+from dataall.utils.alarm_service import AlarmService
 
 root = logging.getLogger()
 root.setLevel(logging.INFO)
@@ -20,12 +16,8 @@
 log = logging.getLogger(__name__)
 
 
-def index_objects(engine, es):
+def index_objects(engine):
     try:
-        if not es:
-            raise exceptions.AWSResourceNotFound(
-                action='CATALOG_INDEXER_TASK', message='ES configuration not found'
-            )
         indexed_objects_counter = 0
         with engine.scoped_session() as session:
 
@@ -58,5 +50,4 @@ def index_objects(engine, es):
 if __name__ == '__main__':
     ENVNAME = os.environ.get('envname', 'local')
     ENGINE = get_engine(envname=ENVNAME)
-    ES = connect(envname=ENVNAME)
-    index_objects(engine=ENGINE, es=ES)
+    index_objects(engine=ENGINE)
diff --git a/backend/local_graphql_server.py b/backend/local_graphql_server.py
index 44f79a087..98e99cd73 100644
--- a/backend/local_graphql_server.py
+++ b/backend/local_graphql_server.py
@@ -86,12 +86,11 @@ def request_context(headers, mock=False):
                 tenant_name='dataall',
             )
 
-    set_context(RequestContext(engine, username, groups, es))
+    set_context(RequestContext(engine, username, groups))
 
     # TODO: remove when the migration to a new RequestContext API is complete. Used only for backward compatibility
     context = Context(
         engine=engine,
-        es=es,
         schema=schema,
         username=username,
         groups=groups,

From c99ed58a07e5c0c599bb6de1587d0ccd3aadc4e7 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 21 Apr 2023 16:50:52 +0200
Subject: [PATCH 074/346] Moved dataset GraphQL API to modules

---
 backend/dataall/api/Objects/__init__.py       |  1 -
 .../dataall/modules/datasets/api/__init__.py  |  5 +++--
 .../datasets/api/dataset}/__init__.py         |  2 +-
 .../datasets/api/dataset}/input_types.py      |  4 ++--
 .../datasets/api/dataset}/mutations.py        | 16 +++++++++++---
 .../datasets/api/dataset}/queries.py          | 16 ++++++++++----
 .../datasets/api/dataset}/resolvers.py        | 21 +++++++++----------
 .../datasets/api/dataset}/schema.py           | 18 +++++++++++++---
 .../modules/datasets/api/table/resolvers.py   |  3 +--
 9 files changed, 57 insertions(+), 29 deletions(-)
 rename backend/dataall/{api/Objects/Dataset => modules/datasets/api/dataset}/__init__.py (74%)
 rename backend/dataall/{api/Objects/Dataset => modules/datasets/api/dataset}/input_types.py (97%)
 rename backend/dataall/{api/Objects/Dataset => modules/datasets/api/dataset}/mutations.py (86%)
 rename backend/dataall/{api/Objects/Dataset => modules/datasets/api/dataset}/queries.py (83%)
 rename backend/dataall/{api/Objects/Dataset => modules/datasets/api/dataset}/resolvers.py (97%)
 rename backend/dataall/{api/Objects/Dataset => modules/datasets/api/dataset}/schema.py (93%)

diff --git a/backend/dataall/api/Objects/__init__.py b/backend/dataall/api/Objects/__init__.py
index 5cc73fbdf..38d8bfe21 100644
--- a/backend/dataall/api/Objects/__init__.py
+++ b/backend/dataall/api/Objects/__init__.py
@@ -17,7 +17,6 @@
     DataPipeline,
     Environment,
     Activity,
-    Dataset,
     Group,
     Principal,
     Dashboard,
diff --git a/backend/dataall/modules/datasets/api/__init__.py b/backend/dataall/modules/datasets/api/__init__.py
index 7fe2d06a1..cd34a2ac4 100644
--- a/backend/dataall/modules/datasets/api/__init__.py
+++ b/backend/dataall/modules/datasets/api/__init__.py
@@ -3,7 +3,8 @@
     table_column,
     profiling,
     storage_location,
-    table
+    table,
+    dataset
 )
 
-__all__ = ["table_column", "profiling", "storage_location", "table"]
+__all__ = ["table_column", "profiling", "storage_location", "table", "dataset"]
diff --git a/backend/dataall/api/Objects/Dataset/__init__.py b/backend/dataall/modules/datasets/api/dataset/__init__.py
similarity index 74%
rename from backend/dataall/api/Objects/Dataset/__init__.py
rename to backend/dataall/modules/datasets/api/dataset/__init__.py
index dfa46b264..d286e1a7d 100644
--- a/backend/dataall/api/Objects/Dataset/__init__.py
+++ b/backend/dataall/modules/datasets/api/dataset/__init__.py
@@ -1,4 +1,4 @@
-from . import (
+from dataall.modules.datasets.api.dataset import (
     input_types,
     mutations,
     queries,
diff --git a/backend/dataall/api/Objects/Dataset/input_types.py b/backend/dataall/modules/datasets/api/dataset/input_types.py
similarity index 97%
rename from backend/dataall/api/Objects/Dataset/input_types.py
rename to backend/dataall/modules/datasets/api/dataset/input_types.py
index 16609814d..373dc3834 100644
--- a/backend/dataall/api/Objects/Dataset/input_types.py
+++ b/backend/dataall/modules/datasets/api/dataset/input_types.py
@@ -1,5 +1,5 @@
-from ... import gql
-from ....api.constants import GraphQLEnumMapper, SortDirection
+from dataall.api import gql
+from dataall.api.constants import GraphQLEnumMapper, SortDirection
 
 
 class DatasetSortField(GraphQLEnumMapper):
diff --git a/backend/dataall/api/Objects/Dataset/mutations.py b/backend/dataall/modules/datasets/api/dataset/mutations.py
similarity index 86%
rename from backend/dataall/api/Objects/Dataset/mutations.py
rename to backend/dataall/modules/datasets/api/dataset/mutations.py
index cc26c219c..a006797ce 100644
--- a/backend/dataall/api/Objects/Dataset/mutations.py
+++ b/backend/dataall/modules/datasets/api/dataset/mutations.py
@@ -1,10 +1,20 @@
-from ... import gql
-from .input_types import (
+from dataall.api import gql
+from dataall.modules.datasets.api.dataset.input_types import (
     ModifyDatasetInput,
     NewDatasetInput,
     ImportDatasetInput,
 )
-from .resolvers import *
+from dataall.modules.datasets.api.dataset.resolvers import (
+    create_dataset,
+    update_dataset,
+    sync_tables,
+    generate_dataset_access_token,
+    save_dataset_summary,
+    delete_dataset,
+    import_dataset,
+    publish_dataset_update,
+    start_crawler
+)
 
 createDataset = gql.MutationField(
     name='createDataset',
diff --git a/backend/dataall/api/Objects/Dataset/queries.py b/backend/dataall/modules/datasets/api/dataset/queries.py
similarity index 83%
rename from backend/dataall/api/Objects/Dataset/queries.py
rename to backend/dataall/modules/datasets/api/dataset/queries.py
index c71408a1c..d48a78e90 100644
--- a/backend/dataall/api/Objects/Dataset/queries.py
+++ b/backend/dataall/modules/datasets/api/dataset/queries.py
@@ -1,7 +1,15 @@
-from ... import gql
-from .input_types import DatasetFilter
-from .resolvers import *
-from .schema import DatasetSearchResult
+from dataall.api import gql
+from dataall.modules.datasets.api.dataset.input_types import DatasetFilter
+from dataall.modules.datasets.api.dataset.resolvers import (
+    get_dataset,
+    list_datasets,
+    get_dataset_assume_role_url,
+    get_dataset_etl_credentials,
+    get_dataset_summary,
+    get_file_upload_presigned_url,
+    list_dataset_share_objects
+)
+from dataall.modules.datasets.api.dataset.schema import DatasetSearchResult
 
 getDataset = gql.QueryField(
     name='getDataset',
diff --git a/backend/dataall/api/Objects/Dataset/resolvers.py b/backend/dataall/modules/datasets/api/dataset/resolvers.py
similarity index 97%
rename from backend/dataall/api/Objects/Dataset/resolvers.py
rename to backend/dataall/modules/datasets/api/dataset/resolvers.py
index c17deef76..d41163a1b 100644
--- a/backend/dataall/api/Objects/Dataset/resolvers.py
+++ b/backend/dataall/modules/datasets/api/dataset/resolvers.py
@@ -4,19 +4,18 @@
 from botocore.config import Config
 from botocore.exceptions import ClientError
 
-from ..Stack import stack_helper
-from .... import db
-from ....api.constants import (
+from dataall.api.Objects.Stack import stack_helper
+from dataall import db
+from dataall.api.constants import (
     DatasetRole,
 )
-from ....api.context import Context
-from ....aws.handlers.glue import Glue
-from ....aws.handlers.service_handlers import Worker
-from ....aws.handlers.sts import SessionHelper
-from ....db import paginate, exceptions, permissions, models
-from ....db.api import Dataset, Environment, ShareObject, ResourcePolicy
-from ....db.api.organization import Organization
-from dataall.searchproxy import indexers
+from dataall.api.context import Context
+from dataall.aws.handlers.glue import Glue
+from dataall.aws.handlers.service_handlers import Worker
+from dataall.aws.handlers.sts import SessionHelper
+from dataall.db import paginate, exceptions, permissions, models
+from dataall.db.api import Dataset, Environment, ShareObject, ResourcePolicy
+from dataall.db.api.organization import Organization
 from dataall.modules.datasets.services.dataset_location import DatasetLocationService
 from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
diff --git a/backend/dataall/api/Objects/Dataset/schema.py b/backend/dataall/modules/datasets/api/dataset/schema.py
similarity index 93%
rename from backend/dataall/api/Objects/Dataset/schema.py
rename to backend/dataall/modules/datasets/api/dataset/schema.py
index bede581a6..766537e46 100644
--- a/backend/dataall/api/Objects/Dataset/schema.py
+++ b/backend/dataall/modules/datasets/api/dataset/schema.py
@@ -1,6 +1,18 @@
-from ... import gql
-from .resolvers import *
-from ...constants import DatasetRole, EnvironmentPermission
+from dataall.api import gql
+from dataall.modules.datasets.api.dataset.resolvers import (
+    get_dataset_environment,
+    get_dataset_organization,
+    get_dataset_owners_group,
+    get_dataset_stewards_group,
+    list_tables,
+    list_locations,
+    resolve_user_role,
+    get_dataset_statistics,
+    list_dataset_share_objects,
+    get_dataset_glossary_terms,
+    resolve_redshift_copy_enabled
+)
+from dataall.api.constants import DatasetRole, EnvironmentPermission
 
 DatasetStatistics = gql.ObjectType(
     name='DatasetStatistics',
diff --git a/backend/dataall/modules/datasets/api/table/resolvers.py b/backend/dataall/modules/datasets/api/table/resolvers.py
index ce884bcbe..50878ec44 100644
--- a/backend/dataall/modules/datasets/api/table/resolvers.py
+++ b/backend/dataall/modules/datasets/api/table/resolvers.py
@@ -5,14 +5,13 @@
 from pyathena import connect
 
 from dataall import db
-from dataall.api.Objects.Dataset.resolvers import get_dataset
+from dataall.modules.datasets.api.dataset.resolvers import get_dataset
 from dataall.api.context import Context
 from dataall.aws.handlers.service_handlers import Worker
 from dataall.aws.handlers.sts import SessionHelper
 from dataall.db import permissions, models
 from dataall.db.api import ResourcePolicy, Glossary
 from dataall.modules.datasets.db.models import DatasetTable
-from dataall.searchproxy import indexers
 from dataall.utils import json_utils
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
 from dataall.modules.datasets.services.dataset_table import DatasetTableService

From 9ddbaf33a56bd29659d27f50c74212417e9084e8 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 24 Apr 2023 10:56:13 +0200
Subject: [PATCH 075/346] Migrated DatasetService

---
 .../api/Objects/ShareObject/resolvers.py      |  9 +--
 backend/dataall/api/Objects/__init__.py       |  1 -
 backend/dataall/aws/handlers/glue.py          |  5 +-
 backend/dataall/aws/handlers/redshift.py      |  5 +-
 backend/dataall/aws/handlers/sns.py           |  3 +-
 backend/dataall/cdkproxy/stacks/pipeline.py   |  5 +-
 backend/dataall/db/api/__init__.py            |  1 -
 backend/dataall/db/api/redshift_cluster.py    |  5 +-
 backend/dataall/db/api/share_object.py        | 11 ++--
 .../modules/datasets/api/dataset/resolvers.py | 55 ++++++++++---------
 .../modules/datasets/api/dataset/schema.py    |  3 +-
 .../datasets/api/profiling/resolvers.py       |  7 ++-
 .../api/storage_location/resolvers.py         |  5 +-
 .../modules/datasets/api/table/resolvers.py   |  7 ++-
 .../datasets/handlers/glue_table_handler.py   |  4 +-
 .../datasets/indexers/dataset_indexer.py      |  3 +-
 .../datasets/services/dataset_service.py}     | 44 +++++++--------
 .../datasets/services/dataset_table.py        |  3 +-
 .../modules/datasets/tasks/tables_syncer.py   |  3 +-
 backend/dataall/tasks/catalog_indexer.py      |  4 +-
 backend/dataall/tasks/stacks_updater.py       |  3 +-
 ...215e_backfill_dataset_table_permissions.py |  4 +-
 tests/api/client.py                           |  5 +-
 tests/api/test_dataset.py                     |  3 +-
 tests/api/test_redshift_cluster.py            |  3 +-
 tests/db/test_permission.py                   |  3 +-
 tests/tasks/test_catalog_indexer.py           |  2 +-
 27 files changed, 110 insertions(+), 96 deletions(-)
 rename backend/dataall/{db/api/dataset.py => modules/datasets/services/dataset_service.py} (93%)

diff --git a/backend/dataall/api/Objects/ShareObject/resolvers.py b/backend/dataall/api/Objects/ShareObject/resolvers.py
index 49f20fc17..4455b0019 100644
--- a/backend/dataall/api/Objects/ShareObject/resolvers.py
+++ b/backend/dataall/api/Objects/ShareObject/resolvers.py
@@ -8,6 +8,7 @@
 from ....aws.handlers.service_handlers import Worker
 from ....db import models
 from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable
+from dataall.modules.datasets.services.dataset_service import DatasetService
 
 log = logging.getLogger(__name__)
 
@@ -32,7 +33,7 @@ def create_share_object(
 ):
 
     with context.engine.scoped_session() as session:
-        dataset: models.Dataset = db.api.Dataset.get_dataset_by_uri(session, datasetUri)
+        dataset: models.Dataset = DatasetService.get_dataset_by_uri(session, datasetUri)
         environment: models.Environment = db.api.Environment.get_environment_by_uri(
             session, input['environmentUri']
         )
@@ -222,7 +223,7 @@ def resolve_user_role(context: Context, source: models.ShareObject, **kwargs):
     if not source:
         return None
     with context.engine.scoped_session() as session:
-        dataset: models.Dataset = db.api.Dataset.get_dataset_by_uri(session, source.datasetUri)
+        dataset: models.Dataset = DatasetService.get_dataset_by_uri(session, source.datasetUri)
         if dataset and dataset.stewards in context.groups:
             return ShareObjectPermission.Approvers.value
         if (
@@ -250,7 +251,7 @@ def resolve_dataset(context: Context, source: models.ShareObject, **kwargs):
     if not source:
         return None
     with context.engine.scoped_session() as session:
-        ds: models.Dataset = db.api.Dataset.get_dataset_by_uri(session, source.datasetUri)
+        ds: models.Dataset = DatasetService.get_dataset_by_uri(session, source.datasetUri)
         if ds:
             env: models.Environment = db.api.Environment.get_environment_by_uri(session, ds.environmentUri)
             return {
@@ -292,7 +293,7 @@ def resolve_consumption_data(context: Context, source: models.ShareObject, **kwa
     if not source:
         return None
     with context.engine.scoped_session() as session:
-        ds: models.Dataset = db.api.Dataset.get_dataset_by_uri(session, source.datasetUri)
+        ds: models.Dataset = DatasetService.get_dataset_by_uri(session, source.datasetUri)
         if ds:
             S3AccessPointName = utils.slugify(
                 source.datasetUri + '-' + source.principalId,
diff --git a/backend/dataall/api/Objects/__init__.py b/backend/dataall/api/Objects/__init__.py
index 38d8bfe21..94a2ed2ba 100644
--- a/backend/dataall/api/Objects/__init__.py
+++ b/backend/dataall/api/Objects/__init__.py
@@ -82,7 +82,6 @@ def adapted(obj, info, **kwargs):
         response = resolver(
             context=Namespace(
                 engine=info.context['engine'],
-                es=info.context['es'],
                 username=info.context['username'],
                 groups=info.context['groups'],
                 schema=info.context['schema'],
diff --git a/backend/dataall/aws/handlers/glue.py b/backend/dataall/aws/handlers/glue.py
index c2a7ecf21..c965db520 100644
--- a/backend/dataall/aws/handlers/glue.py
+++ b/backend/dataall/aws/handlers/glue.py
@@ -7,6 +7,7 @@
 from ... import db
 from ...db import models
 from dataall.modules.datasets.db.models import DatasetTable
+from dataall.modules.datasets.services.dataset_service import DatasetService
 
 log = logging.getLogger('aws:glue')
 
@@ -374,7 +375,7 @@ def batch_delete_tables(**data):
     @Worker.handler(path='glue.dataset.crawler.create')
     def create_crawler(engine, task: models.Task):
         with engine.scoped_session() as session:
-            dataset: models.Dataset = db.api.Dataset.get_dataset_by_uri(
+            dataset: models.Dataset = DatasetService.get_dataset_by_uri(
                 session, task.targetUri
             )
             location = task.payload.get('location')
@@ -434,7 +435,7 @@ def get_glue_crawler(data):
     @Worker.handler(path='glue.crawler.start')
     def start_crawler(engine, task: models.Task):
         with engine.scoped_session() as session:
-            dataset: models.Dataset = db.api.Dataset.get_dataset_by_uri(
+            dataset: models.Dataset = DatasetService.get_dataset_by_uri(
                 session, task.targetUri
             )
             location = task.payload.get('location')
diff --git a/backend/dataall/aws/handlers/redshift.py b/backend/dataall/aws/handlers/redshift.py
index 1fe6c738c..7558302a7 100644
--- a/backend/dataall/aws/handlers/redshift.py
+++ b/backend/dataall/aws/handlers/redshift.py
@@ -12,6 +12,7 @@
 # TODO should be migrated in the redshift module
 from dataall.modules.datasets.services.dataset_table import DatasetTableService
 from dataall.modules.datasets.db.models import DatasetTable
+from dataall.modules.datasets.services.dataset_service import DatasetService
 
 log = logging.getLogger(__name__)
 
@@ -371,7 +372,7 @@ def get_cluster_catalog_databases(session, task):
             Redshift.set_cluster_secrets(secretsmanager, cluster)
             catalog_databases = []
             for d in cluster_datasets:
-                dataset = db.api.Dataset.get_dataset_by_uri(session, d.datasetUri)
+                dataset = DatasetService.get_dataset_by_uri(session, d.datasetUri)
                 if dataset.environmentUri != cluster.environmentUri:
                     catalog_databases.append(f'{dataset.GlueDatabaseName}shared')
                 else:
@@ -445,7 +446,7 @@ def copy_data(engine, task: models.Task):
                 task.targetUri
             )
 
-            dataset: models.Dataset = db.api.Dataset.get_dataset_by_uri(
+            dataset: models.Dataset = DatasetService.get_dataset_by_uri(
                 session, task.payload['datasetUri']
             )
 
diff --git a/backend/dataall/aws/handlers/sns.py b/backend/dataall/aws/handlers/sns.py
index 3f7c87ba9..0dcd72414 100644
--- a/backend/dataall/aws/handlers/sns.py
+++ b/backend/dataall/aws/handlers/sns.py
@@ -7,6 +7,7 @@
 from .sts import SessionHelper
 from ... import db
 from ...db import models
+from dataall.modules.datasets.services.dataset_service import DatasetService
 
 logger = logging.getLogger(__name__)
 
@@ -19,7 +20,7 @@ def __init__(self):
     @Worker.handler(path='sns.dataset.publish_update')
     def publish_update(engine, task: models.Task):
         with engine.scoped_session() as session:
-            dataset = db.api.Dataset.get_dataset_by_uri(session, task.targetUri)
+            dataset = DatasetService.get_dataset_by_uri(session, task.targetUri)
             environment = db.api.Environment.get_environment_by_uri(
                 session, dataset.environmentUri
             )
diff --git a/backend/dataall/cdkproxy/stacks/pipeline.py b/backend/dataall/cdkproxy/stacks/pipeline.py
index 616151a4e..eac36500a 100644
--- a/backend/dataall/cdkproxy/stacks/pipeline.py
+++ b/backend/dataall/cdkproxy/stacks/pipeline.py
@@ -20,9 +20,10 @@
 from ...aws.handlers.sts import SessionHelper
 from ... import db
 from ...db import models
-from ...db.api import Environment, Pipeline, Dataset
+from ...db.api import Environment, Pipeline
 from ...utils.cdk_nag_utils import CDKNagUtil
 from ...utils.runtime_stacks_tagging import TagsUtil
+from dataall.modules.datasets.services.dataset_service import DatasetService
 
 logger = logging.getLogger(__name__)
 
@@ -83,7 +84,7 @@ def get_env_team(self, pipeline: models.DataPipeline) -> models.EnvironmentGroup
     def get_dataset(self, dataset_uri) -> models.Dataset:
         engine = self.get_engine()
         with engine.scoped_session() as session:
-            ds = Dataset.get_dataset_by_uri(
+            ds = DatasetService.get_dataset_by_uri(
                 session, dataset_uri
             )
         return ds
diff --git a/backend/dataall/db/api/__init__.py b/backend/dataall/db/api/__init__.py
index 7bf8e0a4b..ed19787aa 100644
--- a/backend/dataall/db/api/__init__.py
+++ b/backend/dataall/db/api/__init__.py
@@ -11,7 +11,6 @@
 from .glossary import Glossary
 from .vote import Vote
 from .share_object import ShareObject, ShareObjectSM, ShareItemSM
-from .dataset import Dataset
 from .notification import Notification
 from .redshift_cluster import RedshiftCluster
 from .vpc import Vpc
diff --git a/backend/dataall/db/api/redshift_cluster.py b/backend/dataall/db/api/redshift_cluster.py
index de5799180..1a20929fe 100644
--- a/backend/dataall/db/api/redshift_cluster.py
+++ b/backend/dataall/db/api/redshift_cluster.py
@@ -3,13 +3,14 @@
 from sqlalchemy import and_, or_, literal
 
 from .. import models, api, exceptions, paginate, permissions
-from . import has_resource_perm, ResourcePolicy, Environment, Dataset
+from . import has_resource_perm, ResourcePolicy, Environment
 from dataall.modules.datasets.db.models import DatasetTable
 from dataall.utils.naming_convention import (
     NamingConventionService,
     NamingConventionPattern,
 )
 from dataall.utils.slugify import slugify
+from dataall.modules.datasets.services.dataset_service import DatasetService
 
 log = logging.getLogger(__name__)
 
@@ -394,7 +395,7 @@ def add_dataset(session, username, groups, uri, data=None, check_perm=True):
                 message=f'Cluster {cluster.name} is not on available state ({cluster.status})',
             )
 
-        dataset = Dataset.get_dataset_by_uri(session, dataset_uri=data['datasetUri'])
+        dataset = DatasetService.get_dataset_by_uri(session, dataset_uri=data['datasetUri'])
 
         exists = session.query(models.RedshiftClusterDataset).get(
             (uri, data['datasetUri'])
diff --git a/backend/dataall/db/api/share_object.py b/backend/dataall/db/api/share_object.py
index 4fddda5e9..79ace3c15 100644
--- a/backend/dataall/db/api/share_object.py
+++ b/backend/dataall/db/api/share_object.py
@@ -11,6 +11,7 @@
 from .. import models, exceptions, permissions, paginate
 from ..models.Enums import ShareObjectStatus, ShareItemStatus, ShareObjectActions, ShareItemActions, ShareableType, PrincipalType
 from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable
+from dataall.modules.datasets.services.dataset_service import DatasetService
 
 logger = logging.getLogger(__name__)
 
@@ -346,7 +347,7 @@ def create_share_object(
         itemType = data.get('itemType')
 
         dataset: models.Dataset = data.get(
-            'dataset', api.Dataset.get_dataset_by_uri(session, datasetUri)
+            'dataset', DatasetService.get_dataset_by_uri(session, datasetUri)
         )
         environment: models.Environment = data.get(
             'environment',
@@ -539,7 +540,7 @@ def submit_share_object(
         check_perm: bool = False,
     ) -> models.ShareObject:
         share = ShareObject.get_share_by_uri(session, uri)
-        dataset = api.Dataset.get_dataset_by_uri(session, share.datasetUri)
+        dataset = DatasetService.get_dataset_by_uri(session, share.datasetUri)
         share_items_states = ShareObject.get_share_items_states(session, uri)
 
         valid_states = [ShareItemStatus.PendingApproval.value]
@@ -577,7 +578,7 @@ def approve_share_object(
         check_perm: bool = False,
     ) -> models.ShareObject:
         share = ShareObject.get_share_by_uri(session, uri)
-        dataset = api.Dataset.get_dataset_by_uri(session, share.datasetUri)
+        dataset = DatasetService.get_dataset_by_uri(session, share.datasetUri)
         share_items_states = ShareObject.get_share_items_states(session, uri)
 
         Share_SM = ShareObjectSM(share.status)
@@ -623,7 +624,7 @@ def reject_share_object(
     ) -> models.ShareObject:
 
         share = ShareObject.get_share_by_uri(session, uri)
-        dataset = api.Dataset.get_dataset_by_uri(session, share.datasetUri)
+        dataset = DatasetService.get_dataset_by_uri(session, share.datasetUri)
         share_items_states = ShareObject.get_share_items_states(session, uri)
 
         Share_SM = ShareObjectSM(share.status)
@@ -656,7 +657,7 @@ def revoke_items_share_object(
     ) -> models.ShareObject:
 
         share = ShareObject.get_share_by_uri(session, uri)
-        dataset = api.Dataset.get_dataset_by_uri(session, share.datasetUri)
+        dataset = DatasetService.get_dataset_by_uri(session, share.datasetUri)
         revoked_items_states = ShareObject.get_share_items_states(session, uri, data.get("revokedItemUris"))
         revoked_items = [ShareObject.get_share_item_by_uri(session, uri) for uri in data.get("revokedItemUris")]
 
diff --git a/backend/dataall/modules/datasets/api/dataset/resolvers.py b/backend/dataall/modules/datasets/api/dataset/resolvers.py
index d41163a1b..1dabe9c57 100644
--- a/backend/dataall/modules/datasets/api/dataset/resolvers.py
+++ b/backend/dataall/modules/datasets/api/dataset/resolvers.py
@@ -14,9 +14,10 @@
 from dataall.aws.handlers.service_handlers import Worker
 from dataall.aws.handlers.sts import SessionHelper
 from dataall.db import paginate, exceptions, permissions, models
-from dataall.db.api import Dataset, Environment, ShareObject, ResourcePolicy
+from dataall.db.api import Environment, ShareObject, ResourcePolicy
 from dataall.db.api.organization import Organization
 from dataall.modules.datasets.services.dataset_location import DatasetLocationService
+from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
 
@@ -25,7 +26,7 @@
 
 def create_dataset(context: Context, source, input=None):
     with context.engine.scoped_session() as session:
-        dataset = Dataset.create_dataset(
+        dataset = DatasetService.create_dataset(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -33,7 +34,7 @@ def create_dataset(context: Context, source, input=None):
             data=input,
             check_perm=True,
         )
-        Dataset.create_dataset_stack(session, dataset)
+        DatasetService.create_dataset_stack(session, dataset)
 
         DatasetIndexer.upsert(
             session=session, dataset_uri=dataset.datasetUri
@@ -57,7 +58,7 @@ def import_dataset(context: Context, source, input=None):
         raise exceptions.RequiredParameter('group')
 
     with context.engine.scoped_session() as session:
-        dataset = Dataset.create_dataset(
+        dataset = DatasetService.create_dataset(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -71,7 +72,7 @@ def import_dataset(context: Context, source, input=None):
         dataset.importedKmsKey = True if input.get('KmsKeyId') else False
         dataset.importedAdminRole = True if input.get('adminRoleName') else False
 
-        Dataset.create_dataset_stack(session, dataset)
+        DatasetService.create_dataset_stack(session, dataset)
 
         DatasetIndexer.upsert(
             session=session, dataset_uri=dataset.datasetUri
@@ -86,7 +87,7 @@ def import_dataset(context: Context, source, input=None):
 
 def get_dataset(context, source, datasetUri=None):
     with context.engine.scoped_session() as session:
-        dataset = Dataset.get_dataset(
+        dataset = DatasetService.get_dataset(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -124,7 +125,7 @@ def get_file_upload_presigned_url(
     context, source, datasetUri: str = None, input: dict = None
 ):
     with context.engine.scoped_session() as session:
-        dataset = Dataset.get_dataset_by_uri(session, datasetUri)
+        dataset = DatasetService.get_dataset_by_uri(session, datasetUri)
 
     s3_client = SessionHelper.remote_session(dataset.AwsAccountId).client(
         's3',
@@ -150,7 +151,7 @@ def list_datasets(context: Context, source, filter: dict = None):
     if not filter:
         filter = {'page': 1, 'pageSize': 5}
     with context.engine.scoped_session() as session:
-        return Dataset.paginated_user_datasets(
+        return DatasetService.paginated_user_datasets(
             session, context.username, context.groups, uri=None, data=filter
         )
 
@@ -176,7 +177,7 @@ def list_tables(context, source: models.Dataset, filter: dict = None):
     if not filter:
         filter = {'page': 1, 'pageSize': 5}
     with context.engine.scoped_session() as session:
-        return Dataset.paginated_dataset_tables(
+        return DatasetService.paginated_dataset_tables(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -213,7 +214,7 @@ def get_dataset_stewards_group(context, source: models.Dataset, **kwargs):
 
 def update_dataset(context, source, datasetUri: str = None, input: dict = None):
     with context.engine.scoped_session() as session:
-        updated_dataset = Dataset.update_dataset(
+        updated_dataset = DatasetService.update_dataset(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -232,7 +233,7 @@ def get_dataset_statistics(context: Context, source: models.Dataset, **kwargs):
     if not source:
         return None
     with context.engine.scoped_session() as session:
-        count_tables = db.api.Dataset.count_dataset_tables(session, source.datasetUri)
+        count_tables = DatasetService.count_dataset_tables(session, source.datasetUri)
         count_locations = DatasetLocationService.count_dataset_locations(
             session, source.datasetUri
         )
@@ -272,7 +273,7 @@ def get_dataset_assume_role_url(context: Context, source, datasetUri: str = None
             resource_uri=datasetUri,
             permission_name=permissions.CREDENTIALS_DATASET,
         )
-        dataset = Dataset.get_dataset_by_uri(session, datasetUri)
+        dataset = DatasetService.get_dataset_by_uri(session, datasetUri)
         if dataset.SamlAdminGroupName not in context.groups:
             share = ShareObject.get_share_by_dataset_attributes(
                 session=session,
@@ -315,7 +316,7 @@ def sync_tables(context: Context, source, datasetUri: str = None):
             resource_uri=datasetUri,
             permission_name=permissions.SYNC_DATASET,
         )
-        dataset = Dataset.get_dataset_by_uri(session, datasetUri)
+        dataset = DatasetService.get_dataset_by_uri(session, datasetUri)
 
         task = models.Task(
             action='glue.dataset.database.tables',
@@ -328,7 +329,7 @@ def sync_tables(context: Context, source, datasetUri: str = None):
             session=session, dataset_uri=dataset.datasetUri
         )
         DatasetTableIndexer.remove_all_deleted(session=session, dataset_uri=dataset.datasetUri)
-        return Dataset.paginated_dataset_tables(
+        return DatasetService.paginated_dataset_tables(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -348,7 +349,7 @@ def start_crawler(context: Context, source, datasetUri: str, input: dict = None)
             permission_name=permissions.CRAWL_DATASET,
         )
 
-        dataset = Dataset.get_dataset_by_uri(session, datasetUri)
+        dataset = DatasetService.get_dataset_by_uri(session, datasetUri)
 
         location = (
             f's3://{dataset.S3BucketName}/{input.get("prefix")}'
@@ -393,7 +394,7 @@ def list_dataset_share_objects(context, source, filter: dict = None):
     if not filter:
         filter = {'page': 1, 'pageSize': 5}
     with context.engine.scoped_session() as session:
-        return Dataset.paginated_dataset_shares(
+        return DatasetService.paginated_dataset_shares(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -412,7 +413,7 @@ def generate_dataset_access_token(context, source, datasetUri: str = None):
             resource_uri=datasetUri,
             permission_name=permissions.CREDENTIALS_DATASET,
         )
-        dataset = Dataset.get_dataset_by_uri(session, datasetUri)
+        dataset = DatasetService.get_dataset_by_uri(session, datasetUri)
 
     pivot_session = SessionHelper.remote_session(dataset.AwsAccountId)
     aws_session = SessionHelper.get_session(
@@ -430,7 +431,7 @@ def generate_dataset_access_token(context, source, datasetUri: str = None):
 
 def get_dataset_summary(context, source, datasetUri: str = None):
     with context.engine.scoped_session() as session:
-        dataset = Dataset.get_dataset_by_uri(session, datasetUri)
+        dataset = DatasetService.get_dataset_by_uri(session, datasetUri)
         environment = Environment.get_environment_by_uri(
             session, dataset.environmentUri
         )
@@ -468,7 +469,7 @@ def save_dataset_summary(
             resource_uri=datasetUri,
             permission_name=permissions.SUMMARY_DATASET,
         )
-        dataset = Dataset.get_dataset_by_uri(session, datasetUri)
+        dataset = DatasetService.get_dataset_by_uri(session, datasetUri)
         environment = Environment.get_environment_by_uri(
             session, dataset.environmentUri
         )
@@ -506,7 +507,7 @@ def get_crawler(context, source, datasetUri: str = None, name: str = None):
             resource_uri=datasetUri,
             permission_name=permissions.CRAWL_DATASET,
         )
-        dataset = Dataset.get_dataset_by_uri(session, datasetUri)
+        dataset = DatasetService.get_dataset_by_uri(session, datasetUri)
 
     aws_session = SessionHelper.remote_session(dataset.AwsAccountId)
     client = aws_session.client('glue', region_name=dataset.region)
@@ -531,18 +532,18 @@ def delete_dataset(
             resource_uri=datasetUri,
             permission_name=permissions.DELETE_DATASET,
         )
-        dataset: models.Dataset = db.api.Dataset.get_dataset_by_uri(session, datasetUri)
-        env: models.Environment = db.api.Environment.get_environment_by_uri(
+        dataset: models.Dataset = DatasetService.get_dataset_by_uri(session, datasetUri)
+        env: models.Environment = Environment.get_environment_by_uri(
             session, dataset.environmentUri
         )
-        shares = db.api.Dataset.list_dataset_shares_with_existing_shared_items(session, datasetUri)
+        shares = DatasetService.list_dataset_shares_with_existing_shared_items(session, datasetUri)
         if shares:
             raise exceptions.UnauthorizedOperation(
                 action=permissions.DELETE_DATASET,
                 message=f'Dataset {dataset.name} is shared with other teams. '
                 'Revoke all dataset shares before deletion.',
             )
-        redshift_datasets = db.api.Dataset.list_dataset_redshift_clusters(
+        redshift_datasets = DatasetService.list_dataset_redshift_clusters(
             session, datasetUri
         )
         if redshift_datasets:
@@ -552,7 +553,7 @@ def delete_dataset(
                 'Remove clusters associations first.',
             )
 
-        tables = [t.tableUri for t in Dataset.get_dataset_tables(session, datasetUri)]
+        tables = [t.tableUri for t in DatasetService.get_dataset_tables(session, datasetUri)]
         for uri in tables:
             DatasetIndexer.delete_doc(doc_id=uri)
 
@@ -562,7 +563,7 @@ def delete_dataset(
 
         DatasetIndexer.delete_doc(doc_id=datasetUri)
 
-        Dataset.delete_dataset(
+        DatasetService.delete_dataset(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -608,7 +609,7 @@ def publish_dataset_update(
             resource_uri=datasetUri,
             permission_name=permissions.SUBSCRIPTIONS_DATASET,
         )
-        dataset = Dataset.get_dataset_by_uri(session, datasetUri)
+        dataset = DatasetService.get_dataset_by_uri(session, datasetUri)
         env = db.api.Environment.get_environment_by_uri(session, dataset.environmentUri)
         if not env.subscriptionsEnabled or not env.subscriptionsProducersTopicName:
             raise Exception(
diff --git a/backend/dataall/modules/datasets/api/dataset/schema.py b/backend/dataall/modules/datasets/api/dataset/schema.py
index 766537e46..4786df52a 100644
--- a/backend/dataall/modules/datasets/api/dataset/schema.py
+++ b/backend/dataall/modules/datasets/api/dataset/schema.py
@@ -10,7 +10,8 @@
     get_dataset_statistics,
     list_dataset_share_objects,
     get_dataset_glossary_terms,
-    resolve_redshift_copy_enabled
+    resolve_redshift_copy_enabled,
+    get_dataset_stack
 )
 from dataall.api.constants import DatasetRole, EnvironmentPermission
 
diff --git a/backend/dataall/modules/datasets/api/profiling/resolvers.py b/backend/dataall/modules/datasets/api/profiling/resolvers.py
index 62ff64942..d1eeaf3c9 100644
--- a/backend/dataall/modules/datasets/api/profiling/resolvers.py
+++ b/backend/dataall/modules/datasets/api/profiling/resolvers.py
@@ -6,6 +6,7 @@
 from dataall.aws.handlers.sts import SessionHelper
 from dataall.db import api, permissions, models
 from dataall.db.api import ResourcePolicy
+from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.modules.datasets.services.dataset_table import DatasetTableService
 from dataall.modules.datasets.services.dataset_profiling_service import DatasetProfilingService
 from dataall.modules.datasets.db.models import DatasetProfilingRun
@@ -17,7 +18,7 @@ def resolve_dataset(context, source: DatasetProfilingRun):
     if not source:
         return None
     with context.engine.scoped_session() as session:
-        return api.Dataset.get_dataset_by_uri(
+        return DatasetService.get_dataset_by_uri(
             session=session, dataset_uri=source.datasetUri
         )
 
@@ -32,7 +33,7 @@ def start_profiling_run(context: Context, source, input: dict = None):
             resource_uri=input['datasetUri'],
             permission_name=permissions.PROFILE_DATASET_TABLE,
         )
-        dataset = api.Dataset.get_dataset_by_uri(session, input['datasetUri'])
+        dataset = DatasetService.get_dataset_by_uri(session, input['datasetUri'])
 
         run = DatasetProfilingService.start_profiling(
             session=session,
@@ -101,7 +102,7 @@ def get_last_table_profiling_run(context: Context, source, tableUri=None):
         if run:
             if not run.results:
                 table = DatasetTableService.get_dataset_table_by_uri(session, tableUri)
-                dataset = api.Dataset.get_dataset_by_uri(session, table.datasetUri)
+                dataset = DatasetService.get_dataset_by_uri(session, table.datasetUri)
                 environment = api.Environment.get_environment_by_uri(
                     session, dataset.environmentUri
                 )
diff --git a/backend/dataall/modules/datasets/api/storage_location/resolvers.py b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
index 6f8d82e43..ef06bbba6 100644
--- a/backend/dataall/modules/datasets/api/storage_location/resolvers.py
+++ b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
@@ -4,14 +4,13 @@
 from dataall.db.api import (
     ResourcePolicy,
     Glossary,
-    Dataset,
     Environment,
 )
 from dataall.modules.datasets.handlers.s3_location_handler import S3DatasetLocationHandler
 from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
-from dataall.searchproxy import indexers
 from dataall.modules.datasets.db.models import DatasetStorageLocation
 from dataall.modules.datasets.services.dataset_location import DatasetLocationService
+from dataall.modules.datasets.services.dataset_service import DatasetService
 
 
 def create_storage_location(
@@ -110,7 +109,7 @@ def publish_location_update(context: Context, source, locationUri: str = None):
             resource_uri=location.datasetUri,
             permission_name=permissions.UPDATE_DATASET_FOLDER,
         )
-        dataset = Dataset.get_dataset_by_uri(session, location.datasetUri)
+        dataset = DatasetService.get_dataset_by_uri(session, location.datasetUri)
         env = Environment.get_environment_by_uri(session, dataset.environmentUri)
         if not env.subscriptionsEnabled or not env.subscriptionsProducersTopicName:
             raise Exception(
diff --git a/backend/dataall/modules/datasets/api/table/resolvers.py b/backend/dataall/modules/datasets/api/table/resolvers.py
index 50878ec44..329828b0d 100644
--- a/backend/dataall/modules/datasets/api/table/resolvers.py
+++ b/backend/dataall/modules/datasets/api/table/resolvers.py
@@ -12,6 +12,7 @@
 from dataall.db import permissions, models
 from dataall.db.api import ResourcePolicy, Glossary
 from dataall.modules.datasets.db.models import DatasetTable
+from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.utils import json_utils
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
 from dataall.modules.datasets.services.dataset_table import DatasetTableService
@@ -68,7 +69,7 @@ def update_table(context, source, tableUri: str = None, input: dict = None):
     with context.engine.scoped_session() as session:
         table = DatasetTableService.get_dataset_table_by_uri(session, tableUri)
 
-        dataset = db.api.Dataset.get_dataset_by_uri(session, table.datasetUri)
+        dataset = DatasetService.get_dataset_by_uri(session, table.datasetUri)
 
         input['table'] = table
         input['tableUri'] = table.tableUri
@@ -107,7 +108,7 @@ def preview(context, source, tableUri: str = None):
         table: DatasetTable = DatasetTableService.get_dataset_table_by_uri(
             session, tableUri
         )
-        dataset = db.api.Dataset.get_dataset_by_uri(session, table.datasetUri)
+        dataset = DatasetService.get_dataset_by_uri(session, table.datasetUri)
         if (
             dataset.confidentiality
             != models.ConfidentialityClassification.Unclassified.value
@@ -198,7 +199,7 @@ def publish_table_update(context: Context, source, tableUri: str = None):
             resource_uri=table.datasetUri,
             permission_name=permissions.UPDATE_DATASET_TABLE,
         )
-        dataset = db.api.Dataset.get_dataset_by_uri(session, table.datasetUri)
+        dataset = DatasetService.get_dataset_by_uri(session, table.datasetUri)
         env = db.api.Environment.get_environment_by_uri(session, dataset.environmentUri)
         if not env.subscriptionsEnabled or not env.subscriptionsProducersTopicName:
             raise Exception(
diff --git a/backend/dataall/modules/datasets/handlers/glue_table_handler.py b/backend/dataall/modules/datasets/handlers/glue_table_handler.py
index 9bb50c501..d2218884b 100644
--- a/backend/dataall/modules/datasets/handlers/glue_table_handler.py
+++ b/backend/dataall/modules/datasets/handlers/glue_table_handler.py
@@ -5,7 +5,7 @@
 from dataall.aws.handlers.glue import Glue
 from dataall.aws.handlers.service_handlers import Worker
 from dataall.db import models
-from dataall.db.api import Dataset
+from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.modules.datasets.services.dataset_table import DatasetTableService
 
 log = logging.getLogger(__name__)
@@ -18,7 +18,7 @@ class DatasetColumnGlueHandler:
     @Worker.handler(path='glue.dataset.database.tables')
     def list_tables(engine, task: models.Task):
         with engine.scoped_session() as session:
-            dataset: models.Dataset = Dataset.get_dataset_by_uri(
+            dataset: models.Dataset = DatasetService.get_dataset_by_uri(
                 session, task.targetUri
             )
             account_id = dataset.AwsAccountId
diff --git a/backend/dataall/modules/datasets/indexers/dataset_indexer.py b/backend/dataall/modules/datasets/indexers/dataset_indexer.py
index 8cb0b7873..665e2a9c4 100644
--- a/backend/dataall/modules/datasets/indexers/dataset_indexer.py
+++ b/backend/dataall/modules/datasets/indexers/dataset_indexer.py
@@ -3,6 +3,7 @@
 from dataall import db
 from dataall.db import models
 from dataall.modules.datasets.services.dataset_location import DatasetLocationService
+from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.searchproxy.upsert import BaseIndexer
 
 
@@ -43,7 +44,7 @@ def upsert(cls, session, dataset_uri: str):
             .filter(models.Dataset.datasetUri == dataset_uri)
             .first()
         )
-        count_tables = db.api.Dataset.count_dataset_tables(session, dataset_uri)
+        count_tables = DatasetService.count_dataset_tables(session, dataset_uri)
         count_folders = DatasetLocationService.count_dataset_locations(session, dataset_uri)
         count_upvotes = db.api.Vote.count_upvotes(
             session, None, None, dataset_uri, {'targetType': 'dataset'}
diff --git a/backend/dataall/db/api/dataset.py b/backend/dataall/modules/datasets/services/dataset_service.py
similarity index 93%
rename from backend/dataall/db/api/dataset.py
rename to backend/dataall/modules/datasets/services/dataset_service.py
index d328dddb5..c513c574b 100644
--- a/backend/dataall/db/api/dataset.py
+++ b/backend/dataall/modules/datasets/services/dataset_service.py
@@ -4,7 +4,7 @@
 from sqlalchemy import and_, or_
 from sqlalchemy.orm import Query
 
-from . import (
+from dataall.db.api import (
     Environment,
     has_tenant_perm,
     has_resource_perm,
@@ -13,9 +13,9 @@
     Vote,
     Stack,
 )
-from . import Organization
-from .. import models, api, exceptions, permissions, paginate
-from ..models.Enums import Language, ConfidentialityClassification
+from dataall.db.api import Organization
+from dataall.db import models, api, exceptions, permissions, paginate
+from dataall.db.models.Enums import Language, ConfidentialityClassification
 from dataall.modules.datasets.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets.db.models import DatasetTable
 from dataall.modules.datasets.services.dataset_location import DatasetLocationService
@@ -27,7 +27,7 @@
 logger = logging.getLogger(__name__)
 
 
-class Dataset:
+class DatasetService:
     @staticmethod
     @has_tenant_perm(permissions.MANAGE_DATASETS)
     @has_resource_perm(permissions.CREATE_DATASET)
@@ -96,7 +96,7 @@ def create_dataset(
         session.add(dataset)
         session.commit()
 
-        Dataset._set_dataset_aws_resources(dataset, data, environment)
+        DatasetService._set_dataset_aws_resources(dataset, data, environment)
 
         activity = models.Activity(
             action='dataset:create',
@@ -208,7 +208,7 @@ def get_dataset(
         data: dict = None,
         check_perm: bool = False,
     ) -> models.Dataset:
-        return Dataset.get_dataset_by_uri(session, uri)
+        return DatasetService.get_dataset_by_uri(session, uri)
 
     @staticmethod
     def get_dataset_by_uri(session, dataset_uri) -> models.Dataset:
@@ -257,7 +257,7 @@ def paginated_user_datasets(
         session, username, groups, uri, data=None, check_perm=None
     ) -> dict:
         return paginate(
-            query=Dataset.query_user_datasets(session, username, groups, data),
+            query=DatasetService.query_user_datasets(session, username, groups, data),
             page=data.get('page', 1),
             page_size=data.get('pageSize', 10),
         ).to_dict()
@@ -297,19 +297,19 @@ def paginated_dataset_tables(
     def update_dataset(
         session, username, groups, uri, data=None, check_perm=None
     ) -> models.Dataset:
-        dataset: models.Dataset = Dataset.get_dataset_by_uri(session, uri)
+        dataset: models.Dataset = DatasetService.get_dataset_by_uri(session, uri)
         if data and isinstance(data, dict):
             for k in data.keys():
                 if k != 'stewards':
                     setattr(dataset, k, data.get(k))
             if data.get('stewards') and data.get('stewards') != dataset.stewards:
                 if data.get('stewards') != dataset.SamlAdminGroupName:
-                    Dataset.transfer_stewardship_to_new_stewards(
+                    DatasetService.transfer_stewardship_to_new_stewards(
                         session, dataset, data['stewards']
                     )
                     dataset.stewards = data['stewards']
                 else:
-                    Dataset.transfer_stewardship_to_owners(session, dataset)
+                    DatasetService.transfer_stewardship_to_owners(session, dataset)
                     dataset.stewards = dataset.SamlAdminGroupName
 
             ResourcePolicy.attach_resource_policy(
@@ -319,7 +319,7 @@ def update_dataset(
                 resource_uri=dataset.datasetUri,
                 resource_type=models.Dataset.__name__,
             )
-            Dataset.update_dataset_glossary_terms(session, username, uri, data)
+            DatasetService.update_dataset_glossary_terms(session, username, uri, data)
             activity = models.Activity(
                 action='dataset:update',
                 label='dataset:update',
@@ -367,7 +367,7 @@ def transfer_stewardship_to_new_stewards(session, dataset, new_stewards):
             resource_type=models.Dataset.__name__,
         )
 
-        dataset_tables = [t.tableUri for t in Dataset.get_dataset_tables(session, dataset.datasetUri)]
+        dataset_tables = [t.tableUri for t in DatasetService.get_dataset_tables(session, dataset.datasetUri)]
         for tableUri in dataset_tables:
             if dataset.stewards != env.SamlGroupName:
                 ResourcePolicy.delete_resource_policy(
@@ -440,7 +440,7 @@ def update_bucket_status(session, dataset_uri):
         """
         helper method to update the dataset bucket status
         """
-        dataset = Dataset.get_dataset_by_uri(session, dataset_uri)
+        dataset = DatasetService.get_dataset_by_uri(session, dataset_uri)
         dataset.bucketCreated = True
         return dataset
 
@@ -449,7 +449,7 @@ def update_glue_database_status(session, dataset_uri):
         """
         helper method to update the dataset db status
         """
-        dataset = Dataset.get_dataset_by_uri(session, dataset_uri)
+        dataset = DatasetService.get_dataset_by_uri(session, dataset_uri)
         dataset.glueDatabaseCreated = True
 
     @staticmethod
@@ -474,7 +474,7 @@ def query_dataset_shares(session, dataset_uri) -> Query:
     def paginated_dataset_shares(
         session, username, groups, uri, data=None, check_perm=None
     ) -> [models.ShareObject]:
-        query = Dataset.query_dataset_shares(session, uri)
+        query = DatasetService.query_dataset_shares(session, uri)
         return paginate(
             query=query, page=data.get('page', 1), page_size=data.get('pageSize', 5)
         ).to_dict()
@@ -482,7 +482,7 @@ def paginated_dataset_shares(
     @staticmethod
     def list_dataset_shares(session, dataset_uri) -> [models.ShareObject]:
         """return the dataset shares"""
-        query = Dataset.query_dataset_shares(session, dataset_uri)
+        query = DatasetService.query_dataset_shares(session, dataset_uri)
         return query.all()
 
     @staticmethod
@@ -511,10 +511,10 @@ def list_dataset_redshift_clusters(
     def delete_dataset(
         session, username, groups, uri, data=None, check_perm=None
     ) -> bool:
-        dataset = Dataset.get_dataset_by_uri(session, uri)
-        Dataset._delete_dataset_shares_with_no_shared_items(session, uri)
-        Dataset._delete_dataset_term_links(session, uri)
-        Dataset._delete_dataset_tables(session, dataset.datasetUri)
+        dataset = DatasetService.get_dataset_by_uri(session, uri)
+        DatasetService._delete_dataset_shares_with_no_shared_items(session, uri)
+        DatasetService._delete_dataset_term_links(session, uri)
+        DatasetService._delete_dataset_tables(session, dataset.datasetUri)
         DatasetLocationService.delete_dataset_locations(session, dataset.datasetUri)
         KeyValueTag.delete_key_value_tags(session, dataset.datasetUri, 'dataset')
         Vote.delete_votes(session, dataset.datasetUri, 'dataset')
@@ -555,7 +555,7 @@ def _delete_dataset_shares_with_no_shared_items(session, dataset_uri):
 
     @staticmethod
     def _delete_dataset_term_links(session, uri):
-        tables = [t.tableUri for t in Dataset.get_dataset_tables(session, uri)]
+        tables = [t.tableUri for t in DatasetService.get_dataset_tables(session, uri)]
         for tableUri in tables:
             term_links = (
                 session.query(models.TermLink)
diff --git a/backend/dataall/modules/datasets/services/dataset_table.py b/backend/dataall/modules/datasets/services/dataset_table.py
index 7776aa2ef..0c4a72172 100644
--- a/backend/dataall/modules/datasets/services/dataset_table.py
+++ b/backend/dataall/modules/datasets/services/dataset_table.py
@@ -5,6 +5,7 @@
 from dataall.db import models, api, permissions, exceptions, paginate
 from dataall.db.api import has_tenant_perm, has_resource_perm, Glossary, ResourcePolicy, Environment
 from dataall.db.models import Dataset
+from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.utils import json_utils
 from dataall.modules.datasets.db.models import DatasetTableColumn, DatasetTable
 
@@ -23,7 +24,7 @@ def create_dataset_table(
         data: dict = None,
         check_perm: bool = False,
     ) -> DatasetTable:
-        dataset = api.Dataset.get_dataset_by_uri(session, uri)
+        dataset = DatasetService.get_dataset_by_uri(session, uri)
         exists = (
             session.query(DatasetTable)
             .filter(
diff --git a/backend/dataall/modules/datasets/tasks/tables_syncer.py b/backend/dataall/modules/datasets/tasks/tables_syncer.py
index 4ed22425e..a503ac8f5 100644
--- a/backend/dataall/modules/datasets/tasks/tables_syncer.py
+++ b/backend/dataall/modules/datasets/tasks/tables_syncer.py
@@ -10,6 +10,7 @@
 from dataall.db import models
 from dataall.modules.datasets.db.models import DatasetTable
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
+from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.utils.alarm_service import AlarmService
 from dataall.modules.datasets.services.dataset_table import DatasetTableService
 
@@ -23,7 +24,7 @@
 def sync_tables(engine):
     with engine.scoped_session() as session:
         processed_tables = []
-        all_datasets: [models.Dataset] = db.api.Dataset.list_all_active_datasets(
+        all_datasets: [models.Dataset] = DatasetService.list_all_active_datasets(
             session
         )
         log.info(f'Found {len(all_datasets)} datasets for tables sync')
diff --git a/backend/dataall/tasks/catalog_indexer.py b/backend/dataall/tasks/catalog_indexer.py
index 945bdd214..7bea9d965 100644
--- a/backend/dataall/tasks/catalog_indexer.py
+++ b/backend/dataall/tasks/catalog_indexer.py
@@ -4,7 +4,7 @@
 
 from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
-from .. import db
+from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.db import get_engine, models
 from dataall.searchproxy.indexers import DashboardIndexer
 from dataall.utils.alarm_service import AlarmService
@@ -21,7 +21,7 @@ def index_objects(engine):
         indexed_objects_counter = 0
         with engine.scoped_session() as session:
 
-            all_datasets: [models.Dataset] = db.api.Dataset.list_all_active_datasets(
+            all_datasets: [models.Dataset] = DatasetService.list_all_active_datasets(
                 session
             )
             log.info(f'Found {len(all_datasets)} datasets')
diff --git a/backend/dataall/tasks/stacks_updater.py b/backend/dataall/tasks/stacks_updater.py
index 03bfd1005..f4908b8a1 100644
--- a/backend/dataall/tasks/stacks_updater.py
+++ b/backend/dataall/tasks/stacks_updater.py
@@ -2,6 +2,7 @@
 import os
 import sys
 
+from dataall.modules.datasets.services.dataset_service import DatasetService
 from .. import db
 from ..db import models
 from ..aws.handlers.ecs import Ecs
@@ -18,7 +19,7 @@
 def update_stacks(engine, envname):
     with engine.scoped_session() as session:
 
-        all_datasets: [models.Dataset] = db.api.Dataset.list_all_active_datasets(
+        all_datasets: [models.Dataset] = DatasetService.list_all_active_datasets(
             session
         )
         all_environments: [
diff --git a/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py b/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py
index 32ca6abe0..6845c2484 100644
--- a/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py
+++ b/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py
@@ -13,7 +13,7 @@
 from dataall.db import api, models, permissions, utils, Resource
 from datetime import datetime
 from dataall.db.models.Enums import ShareObjectStatus, ShareableType
-
+from dataall.modules.datasets.services.dataset_service import DatasetService
 
 # revision identifiers, used by Alembic.
 revision = 'd05f9a5b215e'
@@ -84,7 +84,7 @@ def upgrade():
         print('Back-filling dataset table permissions for owners/stewards...')
         dataset_tables: [DatasetTable] = session.query(DatasetTable).filter(DatasetTable.deleted.is_(None)).all()
         for table in dataset_tables:
-            dataset = api.Dataset.get_dataset_by_uri(session, table.datasetUri)
+            dataset = DatasetService.get_dataset_by_uri(session, table.datasetUri)
             env = api.Environment.get_environment_by_uri(session, dataset.environmentUri)
 
             groups = set([dataset.SamlAdminGroupName, env.SamlGroupName, dataset.stewards if dataset.stewards is not None else dataset.SamlAdminGroupName])
diff --git a/tests/api/client.py b/tests/api/client.py
index f54c45d66..36c6bd8e8 100644
--- a/tests/api/client.py
+++ b/tests/api/client.py
@@ -33,7 +33,7 @@ def query(
 
 
 @pytest.fixture(scope='module', autouse=True)
-def app(db, es):
+def app(db):
     app = Flask('tests')
     schema = dataall.api.get_executable_schema()
 
@@ -63,7 +63,7 @@ def graphql_server():
         username = request.headers.get('Username', 'anonym')
         groups = json.loads(request.headers.get('Groups', '[]'))
 
-        set_context(RequestContext(db, username, groups, es))
+        set_context(RequestContext(db, username, groups))
 
         success, result = graphql_sync(
             schema,
@@ -73,7 +73,6 @@ def graphql_server():
                 'engine': db,
                 'username': username,
                 'groups': groups,
-                'es': es,
             },
             debug=app.debug,
         )
diff --git a/tests/api/test_dataset.py b/tests/api/test_dataset.py
index 9dc5d37f5..8aac00702 100644
--- a/tests/api/test_dataset.py
+++ b/tests/api/test_dataset.py
@@ -4,6 +4,7 @@
 
 import dataall
 from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable
+from dataall.modules.datasets.services.dataset_service import DatasetService
 
 
 @pytest.fixture(scope='module', autouse=True)
@@ -490,7 +491,7 @@ def test_get_dataset_by_prefix(db, env1, org1):
         )
         session.add(dataset)
         session.commit()
-        dataset_found: dataall.db.models.Dataset = dataall.db.api.Dataset.get_dataset_by_bucket_name(
+        dataset_found: dataall.db.models.Dataset = DatasetService.get_dataset_by_bucket_name(
             session,
             bucket='s3a://insite-data-lake-raw-alpha-eu-west-1/booker/volume_constraints/insite_version=1/volume_constraints.delta'.split(
                 '//'
diff --git a/tests/api/test_redshift_cluster.py b/tests/api/test_redshift_cluster.py
index c9a8fac73..9fc1d9d06 100644
--- a/tests/api/test_redshift_cluster.py
+++ b/tests/api/test_redshift_cluster.py
@@ -4,6 +4,7 @@
 import pytest
 import dataall
 from dataall.api.constants import RedshiftClusterRole
+from dataall.modules.datasets.services.dataset_service import DatasetService
 
 
 @pytest.fixture(scope='module', autouse=True)
@@ -41,7 +42,7 @@ def dataset1(db, user, env1, org1, dataset, group, group3) -> dataall.db.models.
             IAMDatasetAdminRoleArn=f'arn:aws:iam::123456789012:role/dataset',
             stewards=group3.name,
         )
-        dataset = dataall.db.api.Dataset.create_dataset(
+        dataset = DatasetService.create_dataset(
             session=session,
             username=user.userName,
             groups=[group.name],
diff --git a/tests/db/test_permission.py b/tests/db/test_permission.py
index 148cd3051..289f59f0b 100644
--- a/tests/db/test_permission.py
+++ b/tests/db/test_permission.py
@@ -4,6 +4,7 @@
 from dataall.api.constants import OrganisationUserRole
 from dataall.db import exceptions
 from dataall.db.models.Permission import PermissionType
+from dataall.modules.datasets.services.dataset_service import DatasetService
 
 
 @pytest.fixture(scope='module')
@@ -257,7 +258,7 @@ def test_create_dataset(db, env, user, group, group_user, dataset, permissions,
             IAMDatasetAdminUserArn=f'arn:aws:iam::123456789012:user/dataset',
             IAMDatasetAdminRoleArn=f'arn:aws:iam::123456789012:role/dataset',
         )
-        dataset = dataall.db.api.Dataset.create_dataset(
+        dataset = DatasetService.create_dataset(
             session=session,
             username=user.userName,
             groups=[group.name],
diff --git a/tests/tasks/test_catalog_indexer.py b/tests/tasks/test_catalog_indexer.py
index 8da53e3d2..3944aed8b 100644
--- a/tests/tasks/test_catalog_indexer.py
+++ b/tests/tasks/test_catalog_indexer.py
@@ -91,6 +91,6 @@ def test_catalog_indexer(db, org, env, sync_dataset, table, mocker):
         'dataall.modules.datasets.indexers.dataset_indexer.DatasetIndexer.upsert', return_value=sync_dataset
     )
     indexed_objects_counter = dataall.tasks.catalog_indexer.index_objects(
-        engine=db, es=True
+        engine=db
     )
     assert indexed_objects_counter == 2

From ad845e74ca343ff7fa07e854b9ee629747ffb10d Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 24 Apr 2023 10:58:00 +0200
Subject: [PATCH 076/346] Removed unused dataset method

---
 backend/dataall/cdkproxy/stacks/pipeline.py | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/backend/dataall/cdkproxy/stacks/pipeline.py b/backend/dataall/cdkproxy/stacks/pipeline.py
index eac36500a..f40b80576 100644
--- a/backend/dataall/cdkproxy/stacks/pipeline.py
+++ b/backend/dataall/cdkproxy/stacks/pipeline.py
@@ -23,7 +23,6 @@
 from ...db.api import Environment, Pipeline
 from ...utils.cdk_nag_utils import CDKNagUtil
 from ...utils.runtime_stacks_tagging import TagsUtil
-from dataall.modules.datasets.services.dataset_service import DatasetService
 
 logger = logging.getLogger(__name__)
 
@@ -81,14 +80,6 @@ def get_env_team(self, pipeline: models.DataPipeline) -> models.EnvironmentGroup
             )
         return env
 
-    def get_dataset(self, dataset_uri) -> models.Dataset:
-        engine = self.get_engine()
-        with engine.scoped_session() as session:
-            ds = DatasetService.get_dataset_by_uri(
-                session, dataset_uri
-            )
-        return ds
-
     def __init__(self, scope, id, target_uri: str = None, **kwargs):
         kwargs.setdefault("tags", {}).update({"utility": "dataall-data-pipeline"})
         super().__init__(

From 32be3ee2032c3df9a47ab788ef223ef3f9a94440 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 24 Apr 2023 16:30:07 +0200
Subject: [PATCH 077/346] DatasetQualityRule is not used

---
 backend/dataall/db/models/DatasetQualityRule.py | 13 -------------
 backend/dataall/db/models/__init__.py           |  1 -
 2 files changed, 14 deletions(-)
 delete mode 100644 backend/dataall/db/models/DatasetQualityRule.py

diff --git a/backend/dataall/db/models/DatasetQualityRule.py b/backend/dataall/db/models/DatasetQualityRule.py
deleted file mode 100644
index d5befa805..000000000
--- a/backend/dataall/db/models/DatasetQualityRule.py
+++ /dev/null
@@ -1,13 +0,0 @@
-from sqlalchemy import Column, String
-from sqlalchemy.dialects.postgresql import JSON
-
-from .. import Base, Resource, utils
-
-
-class DatasetQualityRule(Resource, Base):
-    __tablename__ = 'dataset_quality_rule'
-    datasetUri = Column(String, nullable=False)
-    ruleUri = Column(String, primary_key=True, default=utils.uuid('dqlrule'))
-    query = Column(String, nullable=False)
-    status = Column(String, nullable=False, default='Created')
-    logs = Column(JSON, default={})
diff --git a/backend/dataall/db/models/__init__.py b/backend/dataall/db/models/__init__.py
index 123547f8c..068e5e495 100644
--- a/backend/dataall/db/models/__init__.py
+++ b/backend/dataall/db/models/__init__.py
@@ -5,7 +5,6 @@
 from .DashboardShare import DashboardShare
 from .DashboardShare import DashboardShareStatus
 from .Dataset import Dataset
-from .DatasetQualityRule import DatasetQualityRule
 from .Environment import Environment
 from .EnvironmentGroup import EnvironmentGroup
 from .FeedMessage import FeedMessage

From f95566c305f9ab903c35372cc6352abb3aff049f Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 24 Apr 2023 16:57:32 +0200
Subject: [PATCH 078/346] Moved the Dataset models to modules

---
 .../api/Objects/ShareObject/resolvers.py      | 12 ++--
 .../dataall/api/Objects/Stack/stack_helper.py |  3 +-
 backend/dataall/aws/handlers/glue.py          |  7 +-
 backend/dataall/aws/handlers/redshift.py      |  4 +-
 .../dataall/cdkproxy/stacks/environment.py    |  9 +--
 .../cdkproxy/stacks/policies/data_policy.py   |  5 +-
 backend/dataall/db/api/environment.py         | 47 +++++++-------
 backend/dataall/db/api/notification.py        |  9 +--
 backend/dataall/db/api/redshift_cluster.py    | 53 ++++++++-------
 backend/dataall/db/api/share_object.py        | 18 +++---
 backend/dataall/db/models/Dataset.py          | 64 -------------------
 backend/dataall/db/models/__init__.py         |  1 -
 backend/dataall/modules/datasets/__init__.py  |  5 +-
 .../modules/datasets/api/dataset/resolvers.py | 25 ++++----
 .../api/storage_location/resolvers.py         |  4 +-
 .../modules/datasets/api/table/resolvers.py   |  4 +-
 .../modules/datasets/cdk/dataset_stack.py     | 12 ++--
 backend/dataall/modules/datasets/db/models.py | 61 +++++++++++++++++-
 .../handlers/glue_profiling_handler.py        |  6 +-
 .../datasets/handlers/glue_table_handler.py   |  5 +-
 .../datasets/indexers/dataset_indexer.py      | 37 +++++------
 .../datasets/indexers/location_indexer.py     | 18 +++---
 .../datasets/indexers/table_indexer.py        | 22 +++----
 .../services/dataset_profiling_service.py     |  4 +-
 .../datasets/services/dataset_service.py      | 56 ++++++++--------
 .../services/dataset_share_service.py         | 26 ++++----
 .../datasets/tasks/subscription_service.py    |  8 +--
 .../modules/datasets/tasks/tables_syncer.py   |  6 +-
 .../dataall/tasks/bucket_policy_updater.py    |  8 +--
 backend/dataall/tasks/catalog_indexer.py      |  5 +-
 .../share_managers/lf_share_manager.py        |  8 +--
 .../share_managers/s3_share_manager.py        | 10 +--
 .../lf_process_cross_account_share.py         |  4 +-
 .../lf_process_same_account_share.py          |  4 +-
 .../share_processors/s3_process_share.py      | 11 ++--
 backend/dataall/tasks/stacks_updater.py       |  5 +-
 backend/dataall/utils/alarm_service.py        |  4 +-
 tests/api/conftest.py                         | 16 ++---
 tests/api/test_dashboards.py                  |  3 +-
 tests/api/test_dataset.py                     | 12 ++--
 tests/api/test_dataset_location.py            |  3 +-
 tests/api/test_dataset_profiling.py           |  4 +-
 tests/api/test_dataset_table.py               |  4 +-
 tests/api/test_environment.py                 |  3 +-
 tests/api/test_glossary.py                    |  4 +-
 tests/api/test_keyvaluetag.py                 |  3 +-
 tests/api/test_redshift_cluster.py            |  5 +-
 tests/api/test_share.py                       | 20 +++---
 tests/api/test_vote.py                        |  3 +-
 tests/cdkproxy/conftest.py                    | 10 +--
 tests/db/test_permission.py                   |  5 +-
 tests/searchproxy/test_indexers.py            |  4 +-
 tests/tasks/conftest.py                       | 12 ++--
 tests/tasks/test_catalog_indexer.py           |  2 +-
 tests/tasks/test_lf_share_manager.py          | 30 ++++-----
 tests/tasks/test_policies.py                  |  4 +-
 tests/tasks/test_s3_share_manager.py          | 35 +++++-----
 tests/tasks/test_stacks_updater.py            |  3 +-
 tests/tasks/test_subscriptions.py             |  6 +-
 tests/tasks/test_tables_sync.py               |  4 +-
 60 files changed, 395 insertions(+), 390 deletions(-)
 delete mode 100644 backend/dataall/db/models/Dataset.py

diff --git a/backend/dataall/api/Objects/ShareObject/resolvers.py b/backend/dataall/api/Objects/ShareObject/resolvers.py
index 4455b0019..f2e58fa14 100644
--- a/backend/dataall/api/Objects/ShareObject/resolvers.py
+++ b/backend/dataall/api/Objects/ShareObject/resolvers.py
@@ -7,7 +7,7 @@
 from ....api.context import Context
 from ....aws.handlers.service_handlers import Worker
 from ....db import models
-from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable
+from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable, Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
 
 log = logging.getLogger(__name__)
@@ -20,7 +20,7 @@ def get_share_object_dataset(context, source, **kwargs):
         share: models.ShareObject = session.query(models.ShareObject).get(
             source.shareUri
         )
-        return session.query(models.Dataset).get(share.datasetUri)
+        return session.query(Dataset).get(share.datasetUri)
 
 
 def create_share_object(
@@ -33,7 +33,7 @@ def create_share_object(
 ):
 
     with context.engine.scoped_session() as session:
-        dataset: models.Dataset = DatasetService.get_dataset_by_uri(session, datasetUri)
+        dataset: Dataset = DatasetService.get_dataset_by_uri(session, datasetUri)
         environment: models.Environment = db.api.Environment.get_environment_by_uri(
             session, input['environmentUri']
         )
@@ -223,7 +223,7 @@ def resolve_user_role(context: Context, source: models.ShareObject, **kwargs):
     if not source:
         return None
     with context.engine.scoped_session() as session:
-        dataset: models.Dataset = DatasetService.get_dataset_by_uri(session, source.datasetUri)
+        dataset: Dataset = DatasetService.get_dataset_by_uri(session, source.datasetUri)
         if dataset and dataset.stewards in context.groups:
             return ShareObjectPermission.Approvers.value
         if (
@@ -251,7 +251,7 @@ def resolve_dataset(context: Context, source: models.ShareObject, **kwargs):
     if not source:
         return None
     with context.engine.scoped_session() as session:
-        ds: models.Dataset = DatasetService.get_dataset_by_uri(session, source.datasetUri)
+        ds: Dataset = DatasetService.get_dataset_by_uri(session, source.datasetUri)
         if ds:
             env: models.Environment = db.api.Environment.get_environment_by_uri(session, ds.environmentUri)
             return {
@@ -293,7 +293,7 @@ def resolve_consumption_data(context: Context, source: models.ShareObject, **kwa
     if not source:
         return None
     with context.engine.scoped_session() as session:
-        ds: models.Dataset = DatasetService.get_dataset_by_uri(session, source.datasetUri)
+        ds: Dataset = DatasetService.get_dataset_by_uri(session, source.datasetUri)
         if ds:
             S3AccessPointName = utils.slugify(
                 source.datasetUri + '-' + source.principalId,
diff --git a/backend/dataall/api/Objects/Stack/stack_helper.py b/backend/dataall/api/Objects/Stack/stack_helper.py
index 659dd2ab0..5ffffb790 100644
--- a/backend/dataall/api/Objects/Stack/stack_helper.py
+++ b/backend/dataall/api/Objects/Stack/stack_helper.py
@@ -11,6 +11,7 @@
 
 from dataall.core.config import config
 from dataall.core.context import get_context
+from dataall.modules.datasets.db.models import Dataset
 
 
 def get_stack_with_cfn_resources(targetUri: str, environmentUri: str):
@@ -84,7 +85,7 @@ def deploy_stack(targetUri):
         return stack
 
 
-def deploy_dataset_stack(dataset: models.Dataset):
+def deploy_dataset_stack(dataset: Dataset):
     """
     Each dataset stack deployment triggers environment stack update
     to rebuild teams IAM roles data access policies
diff --git a/backend/dataall/aws/handlers/glue.py b/backend/dataall/aws/handlers/glue.py
index c965db520..ba4d2a37c 100644
--- a/backend/dataall/aws/handlers/glue.py
+++ b/backend/dataall/aws/handlers/glue.py
@@ -4,9 +4,8 @@
 
 from .service_handlers import Worker
 from .sts import SessionHelper
-from ... import db
 from ...db import models
-from dataall.modules.datasets.db.models import DatasetTable
+from dataall.modules.datasets.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
 
 log = logging.getLogger('aws:glue')
@@ -375,7 +374,7 @@ def batch_delete_tables(**data):
     @Worker.handler(path='glue.dataset.crawler.create')
     def create_crawler(engine, task: models.Task):
         with engine.scoped_session() as session:
-            dataset: models.Dataset = DatasetService.get_dataset_by_uri(
+            dataset: Dataset = DatasetService.get_dataset_by_uri(
                 session, task.targetUri
             )
             location = task.payload.get('location')
@@ -435,7 +434,7 @@ def get_glue_crawler(data):
     @Worker.handler(path='glue.crawler.start')
     def start_crawler(engine, task: models.Task):
         with engine.scoped_session() as session:
-            dataset: models.Dataset = DatasetService.get_dataset_by_uri(
+            dataset: Dataset = DatasetService.get_dataset_by_uri(
                 session, task.targetUri
             )
             location = task.payload.get('location')
diff --git a/backend/dataall/aws/handlers/redshift.py b/backend/dataall/aws/handlers/redshift.py
index 7558302a7..f606b9a79 100644
--- a/backend/dataall/aws/handlers/redshift.py
+++ b/backend/dataall/aws/handlers/redshift.py
@@ -11,7 +11,7 @@
 from ...db import models
 # TODO should be migrated in the redshift module
 from dataall.modules.datasets.services.dataset_table import DatasetTableService
-from dataall.modules.datasets.db.models import DatasetTable
+from dataall.modules.datasets.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
 
 log = logging.getLogger(__name__)
@@ -446,7 +446,7 @@ def copy_data(engine, task: models.Task):
                 task.targetUri
             )
 
-            dataset: models.Dataset = DatasetService.get_dataset_by_uri(
+            dataset: Dataset = DatasetService.get_dataset_by_uri(
                 session, task.payload['datasetUri']
             )
 
diff --git a/backend/dataall/cdkproxy/stacks/environment.py b/backend/dataall/cdkproxy/stacks/environment.py
index 55bccca0e..8c9440933 100644
--- a/backend/dataall/cdkproxy/stacks/environment.py
+++ b/backend/dataall/cdkproxy/stacks/environment.py
@@ -40,6 +40,7 @@
 from ...db import models
 from ...utils.cdk_nag_utils import CDKNagUtil
 from ...utils.runtime_stacks_tagging import TagsUtil
+from dataall.modules.datasets.db.models import Dataset
 
 logger = logging.getLogger(__name__)
 
@@ -130,7 +131,7 @@ def get_environment_admins_group(
     @staticmethod
     def get_environment_group_datasets(
         engine, environment: models.Environment, group: str
-    ) -> [models.Dataset]:
+    ) -> [Dataset]:
         with engine.scoped_session() as session:
             return db.api.Environment.list_group_datasets(
                 session,
@@ -144,12 +145,12 @@ def get_environment_group_datasets(
     @staticmethod
     def get_all_environment_datasets(
         engine, environment: models.Environment
-    ) -> [models.Dataset]:
+    ) -> [Dataset]:
         with engine.scoped_session() as session:
             return (
-                session.query(models.Dataset)
+                session.query(Dataset)
                 .filter(
-                    models.Dataset.environmentUri == environment.environmentUri,
+                    Dataset.environmentUri == environment.environmentUri,
                 )
                 .all()
             )
diff --git a/backend/dataall/cdkproxy/stacks/policies/data_policy.py b/backend/dataall/cdkproxy/stacks/policies/data_policy.py
index be926b4ce..b5842afea 100644
--- a/backend/dataall/cdkproxy/stacks/policies/data_policy.py
+++ b/backend/dataall/cdkproxy/stacks/policies/data_policy.py
@@ -4,6 +4,7 @@
 from aws_cdk import aws_iam as iam
 
 from ....db import models
+from dataall.modules.datasets.db.models import Dataset
 
 logger = logging.getLogger()
 
@@ -21,7 +22,7 @@ def __init__(
         resource_prefix,
         environment: models.Environment,
         team: models.EnvironmentGroup,
-        datasets: [models.Dataset],
+        datasets: [Dataset],
     ):
         self.stack = stack
         self.id = id
@@ -147,7 +148,7 @@ def set_allowed_s3_buckets_statements(self, statements):
             f'arn:aws:s3:::{self.environment.EnvironmentDefaultBucketName}/*',
         ]
         if self.datasets:
-            dataset: models.Dataset
+            dataset: Dataset
             for dataset in self.datasets:
                 allowed_buckets.append(f'arn:aws:s3:::{dataset.S3BucketName}/*')
                 allowed_buckets.append(f'arn:aws:s3:::{dataset.S3BucketName}')
diff --git a/backend/dataall/db/api/environment.py b/backend/dataall/db/api/environment.py
index d1c7a67fa..a26650368 100644
--- a/backend/dataall/db/api/environment.py
+++ b/backend/dataall/db/api/environment.py
@@ -22,8 +22,9 @@
 from ..models.Permission import PermissionType
 from ..paginator import paginate
 from dataall.core.environment.models import EnvironmentParameter
-from ...core.environment.db.repositories import EnvironmentParameterRepository
-from ...utils.naming_convention import (
+from dataall.core.environment.db.repositories import EnvironmentParameterRepository
+from dataall.modules.datasets.db.models import Dataset
+from dataall.utils.naming_convention import (
     NamingConventionService,
     NamingConventionPattern,
 )
@@ -356,8 +357,8 @@ def remove_group(session, username, groups, uri, data=None, check_perm=None):
         group_env_objects_count = (
             session.query(models.Environment)
             .outerjoin(
-                models.Dataset,
-                models.Dataset.environmentUri == models.Environment.environmentUri,
+                Dataset,
+                Dataset.environmentUri == models.Environment.environmentUri,
             )
             .outerjoin(
                 models.SagemakerStudioUserProfile,
@@ -387,7 +388,7 @@ def remove_group(session, username, groups, uri, data=None, check_perm=None):
                     models.Environment.environmentUri == environment.environmentUri,
                     or_(
                         models.RedshiftCluster.SamlGroupName == group,
-                        models.Dataset.SamlAdminGroupName == group,
+                        Dataset.SamlAdminGroupName == group,
                         models.SagemakerStudioUserProfile.SamlAdminGroupName == group,
                         models.DataPipeline.SamlGroupName == group,
                         models.Dashboard.SamlGroupName == group,
@@ -804,41 +805,41 @@ def find_consumption_roles_by_IAMArn(
 
     @staticmethod
     def query_environment_datasets(session, username, groups, uri, filter) -> Query:
-        query = session.query(models.Dataset).filter(
+        query = session.query(Dataset).filter(
             and_(
-                models.Dataset.environmentUri == uri,
-                models.Dataset.deleted.is_(None),
+                Dataset.environmentUri == uri,
+                Dataset.deleted.is_(None),
             )
         )
         if filter and filter.get('term'):
             term = filter['term']
             query = query.filter(
                 or_(
-                    models.Dataset.label.ilike('%' + term + '%'),
-                    models.Dataset.description.ilike('%' + term + '%'),
-                    models.Dataset.tags.contains(f'{{{term}}}'),
-                    models.Dataset.region.ilike('%' + term + '%'),
+                    Dataset.label.ilike('%' + term + '%'),
+                    Dataset.description.ilike('%' + term + '%'),
+                    Dataset.tags.contains(f'{{{term}}}'),
+                    Dataset.region.ilike('%' + term + '%'),
                 )
             )
         return query
 
     @staticmethod
     def query_environment_group_datasets(session, username, groups, envUri, groupUri, filter) -> Query:
-        query = session.query(models.Dataset).filter(
+        query = session.query(Dataset).filter(
             and_(
-                models.Dataset.environmentUri == envUri,
-                models.Dataset.SamlAdminGroupName == groupUri,
-                models.Dataset.deleted.is_(None),
+                Dataset.environmentUri == envUri,
+                Dataset.SamlAdminGroupName == groupUri,
+                Dataset.deleted.is_(None),
             )
         )
         if filter and filter.get('term'):
             term = filter['term']
             query = query.filter(
                 or_(
-                    models.Dataset.label.ilike('%' + term + '%'),
-                    models.Dataset.description.ilike('%' + term + '%'),
-                    models.Dataset.tags.contains(f'{{{term}}}'),
-                    models.Dataset.region.ilike('%' + term + '%'),
+                    Dataset.label.ilike('%' + term + '%'),
+                    Dataset.description.ilike('%' + term + '%'),
+                    Dataset.tags.contains(f'{{{term}}}'),
+                    Dataset.region.ilike('%' + term + '%'),
                 )
             )
         return query
@@ -1026,11 +1027,11 @@ def list_group_datasets(session, username, groups, uri, data=None, check_perm=No
             raise exceptions.RequiredParameter('groupUri')
 
         return (
-            session.query(models.Dataset)
+            session.query(Dataset)
             .filter(
                 and_(
-                    models.Dataset.environmentUri == uri,
-                    models.Dataset.SamlAdminGroupName == data['groupUri'],
+                    Dataset.environmentUri == uri,
+                    Dataset.SamlAdminGroupName == data['groupUri'],
                 )
             )
             .all()
diff --git a/backend/dataall/db/api/notification.py b/backend/dataall/db/api/notification.py
index 9f6a72158..1447892d3 100644
--- a/backend/dataall/db/api/notification.py
+++ b/backend/dataall/db/api/notification.py
@@ -4,6 +4,7 @@
 
 from .. import models
 from ...db import paginate
+from dataall.modules.datasets.db.models import Dataset
 
 
 class Notification:
@@ -12,7 +13,7 @@ def __init__(self):
 
     @staticmethod
     def notify_share_object_submission(
-        session, username: str, dataset: models.Dataset, share: models.ShareObject
+        session, username: str, dataset: Dataset, share: models.ShareObject
     ):
         notifications = []
         # stewards = Notification.get_dataset_stewards(session, dataset)
@@ -38,7 +39,7 @@ def get_dataset_stewards(session, dataset):
 
     @staticmethod
     def notify_share_object_approval(
-        session, username: str, dataset: models.Dataset, share: models.ShareObject
+        session, username: str, dataset: Dataset, share: models.ShareObject
     ):
         notifications = []
         targeted_users = Notification.get_share_object_targeted_users(
@@ -59,7 +60,7 @@ def notify_share_object_approval(
 
     @staticmethod
     def notify_share_object_rejection(
-        session, username: str, dataset: models.Dataset, share: models.ShareObject
+        session, username: str, dataset: Dataset, share: models.ShareObject
     ):
         notifications = []
         targeted_users = Notification.get_share_object_targeted_users(
@@ -80,7 +81,7 @@ def notify_share_object_rejection(
 
     @staticmethod
     def notify_new_data_available_from_owners(
-        session, dataset: models.Dataset, share: models.ShareObject, s3_prefix
+        session, dataset: Dataset, share: models.ShareObject, s3_prefix
     ):
         notifications = []
         targeted_users = Notification.get_share_object_targeted_users(
diff --git a/backend/dataall/db/api/redshift_cluster.py b/backend/dataall/db/api/redshift_cluster.py
index 1a20929fe..ca7a69515 100644
--- a/backend/dataall/db/api/redshift_cluster.py
+++ b/backend/dataall/db/api/redshift_cluster.py
@@ -4,7 +4,7 @@
 
 from .. import models, api, exceptions, paginate, permissions
 from . import has_resource_perm, ResourcePolicy, Environment
-from dataall.modules.datasets.db.models import DatasetTable
+from dataall.modules.datasets.db.models import DatasetTable, Dataset
 from dataall.utils.naming_convention import (
     NamingConventionService,
     NamingConventionPattern,
@@ -123,7 +123,7 @@ def create_redshift_cluster(
                 group=environment.SamlGroupName,
                 permissions=permissions.REDSHIFT_CLUSTER_ALL,
                 resource_uri=redshift_cluster.clusterUri,
-                resource_type=models.Dataset.__name__,
+                resource_type=Dataset.__name__,
             )
         return redshift_cluster
 
@@ -211,36 +211,35 @@ def list_available_datasets(
         )
         created = (
             session.query(
-                models.Dataset.datasetUri.label('datasetUri'),
+                Dataset.datasetUri.label('datasetUri'),
                 models.RedshiftCluster.clusterUri.label('clusterUri'),
             )
             .filter(
                 and_(
                     or_(
-                        models.Dataset.owner == username,
-                        models.Dataset.SamlAdminGroupName.in_(groups),
+                        Dataset.owner == username,
+                        Dataset.SamlAdminGroupName.in_(groups),
                     ),
-                    models.RedshiftCluster.clusterUri == cluster.clusterUri,
-                    models.Dataset.environmentUri
+                    RedshiftCluster.clusterUri == cluster.clusterUri,
+                    Dataset.environmentUri
                     == models.RedshiftCluster.environmentUri,
                 )
             )
-            .group_by(models.Dataset.datasetUri, models.RedshiftCluster.clusterUri)
+            .group_by(Dataset.datasetUri, models.RedshiftCluster.clusterUri)
         )
         all_group_datasets_sub_query = shared.union(created).subquery(
             'all_group_datasets_sub_query'
         )
         query = (
-            session.query(models.Dataset)
+            session.query(Dataset)
             .join(
                 all_group_datasets_sub_query,
-                models.Dataset.datasetUri == all_group_datasets_sub_query.c.datasetUri,
+                Dataset.datasetUri == all_group_datasets_sub_query.c.datasetUri,
             )
             .outerjoin(
                 models.RedshiftClusterDataset,
                 and_(
-                    models.RedshiftClusterDataset.datasetUri
-                    == models.Dataset.datasetUri,
+                    models.RedshiftClusterDataset.datasetUri == Dataset.datasetUri,
                     models.RedshiftClusterDataset.clusterUri == cluster.clusterUri,
                 ),
             )
@@ -248,7 +247,7 @@ def list_available_datasets(
                 and_(
                     all_group_datasets_sub_query.c.clusterUri == cluster.clusterUri,
                     models.RedshiftClusterDataset.datasetUri.is_(None),
-                    models.Dataset.deleted.is_(None),
+                    Dataset.deleted.is_(None),
                 )
             )
         )
@@ -256,9 +255,9 @@ def list_available_datasets(
             term = data.get('term')
             query = query.filter(
                 or_(
-                    models.Dataset.label.ilike('%' + term + '%'),
-                    models.Dataset.tags.any(term),
-                    models.Dataset.topics.any(term),
+                    Dataset.label.ilike('%' + term + '%'),
+                    Dataset.tags.any(term),
+                    Dataset.topics.any(term),
                 )
             )
         return paginate(
@@ -271,10 +270,10 @@ def list_cluster_datasets(
         session, username, groups, uri: str, data: dict = None, check_perm=None
     ):
         query = (
-            session.query(models.Dataset)
+            session.query(Dataset)
             .join(
                 models.RedshiftClusterDataset,
-                models.Dataset.datasetUri == models.RedshiftClusterDataset.datasetUri,
+                Dataset.datasetUri == models.RedshiftClusterDataset.datasetUri,
             )
             .filter(
                 models.RedshiftClusterDataset.clusterUri == uri,
@@ -284,9 +283,9 @@ def list_cluster_datasets(
             term = data.get('term')
             query = query.filter(
                 or_(
-                    models.Dataset.label.ilike('%' + term + '%'),
-                    models.Dataset.tags.any(term),
-                    models.Dataset.topics.any(term),
+                    Dataset.label.ilike('%' + term + '%'),
+                    Dataset.tags.any(term),
+                    Dataset.topics.any(term),
                 )
             )
         return paginate(
@@ -341,17 +340,17 @@ def list_available_cluster_tables(
                 models.RedshiftCluster.clusterUri.label('clusterUri'),
             )
             .join(
-                models.Dataset,
-                DatasetTable.datasetUri == models.Dataset.datasetUri,
+                Dataset,
+                DatasetTable.datasetUri == Dataset.datasetUri,
             )
             .filter(
                 and_(
                     or_(
-                        models.Dataset.owner == username,
-                        models.Dataset.SamlAdminGroupName.in_(groups),
+                        Dataset.owner == username,
+                        Dataset.SamlAdminGroupName.in_(groups),
                     ),
                     models.RedshiftCluster.clusterUri == cluster.clusterUri,
-                    models.Dataset.environmentUri
+                    Dataset.environmentUri
                     == models.RedshiftCluster.environmentUri,
                 )
             )
@@ -433,7 +432,7 @@ def remove_dataset_from_cluster(
         )
         if exists:
             session.delete(exists)
-            dataset = session.query(models.Dataset).get(data['datasetUri'])
+            dataset = session.query(Dataset).get(data['datasetUri'])
             if not dataset:
                 raise exceptions.ObjectNotFound('Dataset', data['datasetUri'])
 
diff --git a/backend/dataall/db/api/share_object.py b/backend/dataall/db/api/share_object.py
index 79ace3c15..d353c7825 100644
--- a/backend/dataall/db/api/share_object.py
+++ b/backend/dataall/db/api/share_object.py
@@ -10,7 +10,7 @@
 from .. import api, utils
 from .. import models, exceptions, permissions, paginate
 from ..models.Enums import ShareObjectStatus, ShareItemStatus, ShareObjectActions, ShareItemActions, ShareableType, PrincipalType
-from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable
+from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable, Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
 
 logger = logging.getLogger(__name__)
@@ -346,7 +346,7 @@ def create_share_object(
         itemUri = data.get('itemUri')
         itemType = data.get('itemType')
 
-        dataset: models.Dataset = data.get(
+        dataset: Dataset = data.get(
             'dataset', DatasetService.get_dataset_by_uri(session, datasetUri)
         )
         environment: models.Environment = data.get(
@@ -753,7 +753,7 @@ def add_share_object_item(
         itemUri = data.get('itemUri')
         item = None
         share: models.ShareObject = session.query(models.ShareObject).get(uri)
-        dataset: models.Dataset = session.query(models.Dataset).get(share.datasetUri)
+        dataset: Dataset = session.query(Dataset).get(share.datasetUri)
         target_environment: models.Environment = session.query(models.Environment).get(
             share.environmentUri
         )
@@ -1023,16 +1023,16 @@ def list_user_received_share_requests(
         query = (
             session.query(models.ShareObject)
             .join(
-                models.Dataset,
-                models.Dataset.datasetUri == models.ShareObject.datasetUri,
+                Dataset,
+                Dataset.datasetUri == models.ShareObject.datasetUri,
             )
             .filter(
                 or_(
-                    models.Dataset.businessOwnerEmail == username,
-                    models.Dataset.businessOwnerDelegationEmails.contains(
+                    Dataset.businessOwnerEmail == username,
+                    Dataset.businessOwnerDelegationEmails.contains(
                         f'{{{username}}}'
                     ),
-                    models.Dataset.stewards.in_(groups),
+                    Dataset.stewards.in_(groups),
                 )
             )
         )
@@ -1184,7 +1184,7 @@ def get_share_data(session, share_uri):
         if not share:
             raise exceptions.ObjectNotFound('Share', share_uri)
 
-        dataset: models.Dataset = session.query(models.Dataset).get(share.datasetUri)
+        dataset: Dataset = session.query(Dataset).get(share.datasetUri)
         if not dataset:
             raise exceptions.ObjectNotFound('Dataset', share.datasetUri)
 
diff --git a/backend/dataall/db/models/Dataset.py b/backend/dataall/db/models/Dataset.py
deleted file mode 100644
index fd65387b7..000000000
--- a/backend/dataall/db/models/Dataset.py
+++ /dev/null
@@ -1,64 +0,0 @@
-from sqlalchemy import Boolean, Column, String, ForeignKey
-from sqlalchemy.dialects import postgresql
-from sqlalchemy.orm import query_expression
-
-from .. import Base, Resource, utils
-
-
-class Dataset(Resource, Base):
-    __tablename__ = 'dataset'
-    environmentUri = Column(String, ForeignKey("environment.environmentUri"), nullable=False)
-    organizationUri = Column(String, nullable=False)
-    datasetUri = Column(String, primary_key=True, default=utils.uuid('dataset'))
-    region = Column(String, default='eu-west-1')
-    AwsAccountId = Column(String, nullable=False)
-    S3BucketName = Column(String, nullable=False)
-    GlueDatabaseName = Column(String, nullable=False)
-    GlueCrawlerName = Column(String)
-    GlueCrawlerSchedule = Column(String)
-    GlueProfilingJobName = Column(String)
-    GlueProfilingTriggerSchedule = Column(String)
-    GlueProfilingTriggerName = Column(String)
-    GlueDataQualityJobName = Column(String)
-    GlueDataQualitySchedule = Column(String)
-    GlueDataQualityTriggerName = Column(String)
-    IAMDatasetAdminRoleArn = Column(String, nullable=False)
-    IAMDatasetAdminUserArn = Column(String, nullable=False)
-    KmsAlias = Column(String, nullable=False)
-    userRoleForDataset = query_expression()
-    userRoleInEnvironment = query_expression()
-    isPublishedInEnvironment = query_expression()
-    projectPermission = query_expression()
-    language = Column(String, nullable=False, default='English')
-    topics = Column(postgresql.ARRAY(String), nullable=True)
-    confidentiality = Column(String, nullable=False, default='Unclassified')
-    tags = Column(postgresql.ARRAY(String))
-    inProject = query_expression()
-
-    bucketCreated = Column(Boolean, default=False)
-    glueDatabaseCreated = Column(Boolean, default=False)
-    iamAdminRoleCreated = Column(Boolean, default=False)
-    iamAdminUserCreated = Column(Boolean, default=False)
-    kmsAliasCreated = Column(Boolean, default=False)
-    lakeformationLocationCreated = Column(Boolean, default=False)
-    bucketPolicyCreated = Column(Boolean, default=False)
-
-    # bookmarked = Column(Integer, default=0)
-    # upvotes=Column(Integer, default=0)
-
-    businessOwnerEmail = Column(String, nullable=True)
-    businessOwnerDelegationEmails = Column(postgresql.ARRAY(String), nullable=True)
-    stewards = Column(String, nullable=True)
-
-    SamlAdminGroupName = Column(String, nullable=True)
-
-    redshiftClusterPermission = query_expression()
-
-    importedS3Bucket = Column(Boolean, default=False)
-    importedGlueDatabase = Column(Boolean, default=False)
-    importedKmsKey = Column(Boolean, default=False)
-    importedAdminRole = Column(Boolean, default=False)
-    imported = Column(Boolean, default=False)
-
-    def uri(self):
-        return self.datasetUri
diff --git a/backend/dataall/db/models/__init__.py b/backend/dataall/db/models/__init__.py
index 068e5e495..fff02245e 100644
--- a/backend/dataall/db/models/__init__.py
+++ b/backend/dataall/db/models/__init__.py
@@ -4,7 +4,6 @@
 from .Dashboard import Dashboard
 from .DashboardShare import DashboardShare
 from .DashboardShare import DashboardShareStatus
-from .Dataset import Dataset
 from .Environment import Environment
 from .EnvironmentGroup import EnvironmentGroup
 from .FeedMessage import FeedMessage
diff --git a/backend/dataall/modules/datasets/__init__.py b/backend/dataall/modules/datasets/__init__.py
index 4f8964016..1ac36b783 100644
--- a/backend/dataall/modules/datasets/__init__.py
+++ b/backend/dataall/modules/datasets/__init__.py
@@ -2,8 +2,7 @@
 import logging
 from typing import List
 
-from dataall.db import models
-from dataall.modules.datasets.db.models import DatasetTableColumn, DatasetStorageLocation, DatasetTable
+from dataall.modules.datasets.db.models import DatasetTableColumn, DatasetStorageLocation, DatasetTable, Dataset
 from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
 from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
@@ -40,7 +39,7 @@ def __init__(self):
         GlossaryRegistry.register(GlossaryDefinition(
             target_type="Dataset",
             object_type="Dataset",
-            model=models.Dataset,
+            model=Dataset,
             reindexer=DatasetIndexer
         ))
 
diff --git a/backend/dataall/modules/datasets/api/dataset/resolvers.py b/backend/dataall/modules/datasets/api/dataset/resolvers.py
index 1dabe9c57..29b5fdc43 100644
--- a/backend/dataall/modules/datasets/api/dataset/resolvers.py
+++ b/backend/dataall/modules/datasets/api/dataset/resolvers.py
@@ -16,6 +16,7 @@
 from dataall.db import paginate, exceptions, permissions, models
 from dataall.db.api import Environment, ShareObject, ResourcePolicy
 from dataall.db.api.organization import Organization
+from dataall.modules.datasets import Dataset
 from dataall.modules.datasets.services.dataset_location import DatasetLocationService
 from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
@@ -98,7 +99,7 @@ def get_dataset(context, source, datasetUri=None):
         return dataset
 
 
-def resolve_user_role(context: Context, source: models.Dataset, **kwargs):
+def resolve_user_role(context: Context, source: Dataset, **kwargs):
     if not source:
         return None
     if source.owner == context.username:
@@ -156,7 +157,7 @@ def list_datasets(context: Context, source, filter: dict = None):
         )
 
 
-def list_locations(context, source: models.Dataset, filter: dict = None):
+def list_locations(context, source: Dataset, filter: dict = None):
     if not source:
         return None
     if not filter:
@@ -171,7 +172,7 @@ def list_locations(context, source: models.Dataset, filter: dict = None):
         )
 
 
-def list_tables(context, source: models.Dataset, filter: dict = None):
+def list_tables(context, source: Dataset, filter: dict = None):
     if not source:
         return None
     if not filter:
@@ -186,27 +187,27 @@ def list_tables(context, source: models.Dataset, filter: dict = None):
         )
 
 
-def get_dataset_organization(context, source: models.Dataset, **kwargs):
+def get_dataset_organization(context, source: Dataset, **kwargs):
     if not source:
         return None
     with context.engine.scoped_session() as session:
         return Organization.get_organization_by_uri(session, source.organizationUri)
 
 
-def get_dataset_environment(context, source: models.Dataset, **kwargs):
+def get_dataset_environment(context, source: Dataset, **kwargs):
     if not source:
         return None
     with context.engine.scoped_session() as session:
         return Environment.get_environment_by_uri(session, source.environmentUri)
 
 
-def get_dataset_owners_group(context, source: models.Dataset, **kwargs):
+def get_dataset_owners_group(context, source: Dataset, **kwargs):
     if not source:
         return None
     return source.SamlAdminGroupName
 
 
-def get_dataset_stewards_group(context, source: models.Dataset, **kwargs):
+def get_dataset_stewards_group(context, source: Dataset, **kwargs):
     if not source:
         return None
     return source.stewards
@@ -229,7 +230,7 @@ def update_dataset(context, source, datasetUri: str = None, input: dict = None):
     return updated_dataset
 
 
-def get_dataset_statistics(context: Context, source: models.Dataset, **kwargs):
+def get_dataset_statistics(context: Context, source: Dataset, **kwargs):
     if not source:
         return None
     with context.engine.scoped_session() as session:
@@ -489,7 +490,7 @@ def save_dataset_summary(
     return True
 
 
-def get_dataset_stack(context: Context, source: models.Dataset, **kwargs):
+def get_dataset_stack(context: Context, source: Dataset, **kwargs):
     if not source:
         return None
     return stack_helper.get_stack_with_cfn_resources(
@@ -532,7 +533,7 @@ def delete_dataset(
             resource_uri=datasetUri,
             permission_name=permissions.DELETE_DATASET,
         )
-        dataset: models.Dataset = DatasetService.get_dataset_by_uri(session, datasetUri)
+        dataset: Dataset = DatasetService.get_dataset_by_uri(session, datasetUri)
         env: models.Environment = Environment.get_environment_by_uri(
             session, dataset.environmentUri
         )
@@ -583,7 +584,7 @@ def delete_dataset(
     return True
 
 
-def get_dataset_glossary_terms(context: Context, source: models.Dataset, **kwargs):
+def get_dataset_glossary_terms(context: Context, source: Dataset, **kwargs):
     if not source:
         return None
     with context.engine.scoped_session() as session:
@@ -631,7 +632,7 @@ def publish_dataset_update(
     return True
 
 
-def resolve_redshift_copy_enabled(context, source: models.Dataset, clusterUri: str):
+def resolve_redshift_copy_enabled(context, source: Dataset, clusterUri: str):
     if not source:
         return None
     with context.engine.scoped_session() as session:
diff --git a/backend/dataall/modules/datasets/api/storage_location/resolvers.py b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
index ef06bbba6..634e1239a 100644
--- a/backend/dataall/modules/datasets/api/storage_location/resolvers.py
+++ b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
@@ -8,7 +8,7 @@
 )
 from dataall.modules.datasets.handlers.s3_location_handler import S3DatasetLocationHandler
 from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
-from dataall.modules.datasets.db.models import DatasetStorageLocation
+from dataall.modules.datasets.db.models import DatasetStorageLocation, Dataset
 from dataall.modules.datasets.services.dataset_location import DatasetLocationService
 from dataall.modules.datasets.services.dataset_service import DatasetService
 
@@ -95,7 +95,7 @@ def resolve_dataset(context, source: DatasetStorageLocation, **kwargs):
     if not source:
         return None
     with context.engine.scoped_session() as session:
-        d = session.query(models.Dataset).get(source.datasetUri)
+        d = session.query(Dataset).get(source.datasetUri)
     return d
 
 
diff --git a/backend/dataall/modules/datasets/api/table/resolvers.py b/backend/dataall/modules/datasets/api/table/resolvers.py
index 329828b0d..a45cee61e 100644
--- a/backend/dataall/modules/datasets/api/table/resolvers.py
+++ b/backend/dataall/modules/datasets/api/table/resolvers.py
@@ -11,7 +11,7 @@
 from dataall.aws.handlers.sts import SessionHelper
 from dataall.db import permissions, models
 from dataall.db.api import ResourcePolicy, Glossary
-from dataall.modules.datasets.db.models import DatasetTable
+from dataall.modules.datasets.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.utils import json_utils
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
@@ -50,7 +50,7 @@ def list_dataset_tables(context, source, filter: dict = None):
         )
 
 
-def get_table(context, source: models.Dataset, tableUri: str = None):
+def get_table(context, source: Dataset, tableUri: str = None):
     with context.engine.scoped_session() as session:
         table = DatasetTableService.get_dataset_table_by_uri(session, tableUri)
         return DatasetTableService.get_dataset_table(
diff --git a/backend/dataall/modules/datasets/cdk/dataset_stack.py b/backend/dataall/modules/datasets/cdk/dataset_stack.py
index 517b32893..86204097c 100644
--- a/backend/dataall/modules/datasets/cdk/dataset_stack.py
+++ b/backend/dataall/modules/datasets/cdk/dataset_stack.py
@@ -28,7 +28,7 @@
 from dataall.db.api import Environment
 from dataall.utils.cdk_nag_utils import CDKNagUtil
 from dataall.utils.runtime_stacks_tagging import TagsUtil
-from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable
+from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable, Dataset
 
 logger = logging.getLogger(__name__)
 
@@ -56,18 +56,18 @@ def get_env_group(self, dataset) -> models.EnvironmentGroup:
             )
         return env
 
-    def get_target_with_uri(self, target_uri) -> models.Dataset:
+    def get_target_with_uri(self, target_uri) -> Dataset:
         engine = self.get_engine()
         with engine.scoped_session() as session:
-            dataset = session.query(models.Dataset).get(target_uri)
+            dataset = session.query(Dataset).get(target_uri)
             if not dataset:
                 raise Exception('ObjectNotFound')
         return dataset
 
-    def get_target(self) -> models.Dataset:
+    def get_target(self) -> Dataset:
         engine = self.get_engine()
         with engine.scoped_session() as session:
-            dataset = session.query(models.Dataset).get(self.target_uri)
+            dataset = session.query(Dataset).get(self.target_uri)
             if not dataset:
                 raise Exception('ObjectNotFound')
         return dataset
@@ -539,6 +539,6 @@ def __init__(self, scope, id, target_uri: str = None, **kwargs):
 
         Tags.of(self).add('Classification', dataset.confidentiality)
 
-        TagsUtil.add_tags(stack=self, model=models.Dataset, target_type="dataset")
+        TagsUtil.add_tags(stack=self, model=Dataset, target_type="dataset")
 
         CDKNagUtil.check_rules(self)
diff --git a/backend/dataall/modules/datasets/db/models.py b/backend/dataall/modules/datasets/db/models.py
index a25978bef..df15c19a4 100644
--- a/backend/dataall/modules/datasets/db/models.py
+++ b/backend/dataall/modules/datasets/db/models.py
@@ -1,4 +1,4 @@
-from sqlalchemy import Boolean, Column, String, Text
+from sqlalchemy import Boolean, Column, String, Text, ForeignKey
 from sqlalchemy.dialects.postgresql import JSON, ARRAY
 from sqlalchemy.orm import query_expression
 from dataall.db import Base, Resource, utils
@@ -83,3 +83,62 @@ def uri(self):
         return self.tableUri
 
 
+class Dataset(Resource, Base):
+    __tablename__ = 'dataset'
+    environmentUri = Column(String, ForeignKey("environment.environmentUri"), nullable=False)
+    organizationUri = Column(String, nullable=False)
+    datasetUri = Column(String, primary_key=True, default=utils.uuid('dataset'))
+    region = Column(String, default='eu-west-1')
+    AwsAccountId = Column(String, nullable=False)
+    S3BucketName = Column(String, nullable=False)
+    GlueDatabaseName = Column(String, nullable=False)
+    GlueCrawlerName = Column(String)
+    GlueCrawlerSchedule = Column(String)
+    GlueProfilingJobName = Column(String)
+    GlueProfilingTriggerSchedule = Column(String)
+    GlueProfilingTriggerName = Column(String)
+    GlueDataQualityJobName = Column(String)
+    GlueDataQualitySchedule = Column(String)
+    GlueDataQualityTriggerName = Column(String)
+    IAMDatasetAdminRoleArn = Column(String, nullable=False)
+    IAMDatasetAdminUserArn = Column(String, nullable=False)
+    KmsAlias = Column(String, nullable=False)
+    userRoleForDataset = query_expression()
+    userRoleInEnvironment = query_expression()
+    isPublishedInEnvironment = query_expression()
+    projectPermission = query_expression()
+    language = Column(String, nullable=False, default='English')
+    topics = Column(ARRAY(String), nullable=True)
+    confidentiality = Column(String, nullable=False, default='Unclassified')
+    tags = Column(ARRAY(String))
+    inProject = query_expression()
+
+    bucketCreated = Column(Boolean, default=False)
+    glueDatabaseCreated = Column(Boolean, default=False)
+    iamAdminRoleCreated = Column(Boolean, default=False)
+    iamAdminUserCreated = Column(Boolean, default=False)
+    kmsAliasCreated = Column(Boolean, default=False)
+    lakeformationLocationCreated = Column(Boolean, default=False)
+    bucketPolicyCreated = Column(Boolean, default=False)
+
+    # bookmarked = Column(Integer, default=0)
+    # upvotes=Column(Integer, default=0)
+
+    businessOwnerEmail = Column(String, nullable=True)
+    businessOwnerDelegationEmails = Column(ARRAY(String), nullable=True)
+    stewards = Column(String, nullable=True)
+
+    SamlAdminGroupName = Column(String, nullable=True)
+
+    redshiftClusterPermission = query_expression()
+
+    importedS3Bucket = Column(Boolean, default=False)
+    importedGlueDatabase = Column(Boolean, default=False)
+    importedKmsKey = Column(Boolean, default=False)
+    importedAdminRole = Column(Boolean, default=False)
+    imported = Column(Boolean, default=False)
+
+    def uri(self):
+        return self.datasetUri
+
+
diff --git a/backend/dataall/modules/datasets/handlers/glue_profiling_handler.py b/backend/dataall/modules/datasets/handlers/glue_profiling_handler.py
index d15607733..1809313a8 100644
--- a/backend/dataall/modules/datasets/handlers/glue_profiling_handler.py
+++ b/backend/dataall/modules/datasets/handlers/glue_profiling_handler.py
@@ -4,7 +4,7 @@
 from dataall.aws.handlers.service_handlers import Worker
 from dataall.aws.handlers.sts import SessionHelper
 from dataall.db import models
-from dataall.modules.datasets.db.models import DatasetProfilingRun
+from dataall.modules.datasets.db.models import DatasetProfilingRun, Dataset
 from dataall.modules.datasets.services.dataset_profiling_service import DatasetProfilingService
 
 log = logging.getLogger(__name__)
@@ -22,7 +22,7 @@ def get_profiling_run(engine, task: models.Task):
                     session, profilingRunUri=task.targetUri
                 )
             )
-            dataset: models.Dataset = session.query(models.Dataset).get(
+            dataset: Dataset = session.query(Dataset).get(
                 profiling.datasetUri
             )
             glue_run = DatasetProfilingGlueHandler.get_job_run(
@@ -46,7 +46,7 @@ def start_profiling_run(engine, task: models.Task):
                     session, profilingRunUri=task.targetUri
                 )
             )
-            dataset: models.Dataset = session.query(models.Dataset).get(
+            dataset: Dataset = session.query(Dataset).get(
                 profiling.datasetUri
             )
             run = DatasetProfilingGlueHandler.run_job(
diff --git a/backend/dataall/modules/datasets/handlers/glue_table_handler.py b/backend/dataall/modules/datasets/handlers/glue_table_handler.py
index d2218884b..029d5cf49 100644
--- a/backend/dataall/modules/datasets/handlers/glue_table_handler.py
+++ b/backend/dataall/modules/datasets/handlers/glue_table_handler.py
@@ -1,10 +1,9 @@
 import logging
 
-from botocore.exceptions import ClientError
-
 from dataall.aws.handlers.glue import Glue
 from dataall.aws.handlers.service_handlers import Worker
 from dataall.db import models
+from dataall.modules.datasets.db.models import Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.modules.datasets.services.dataset_table import DatasetTableService
 
@@ -18,7 +17,7 @@ class DatasetColumnGlueHandler:
     @Worker.handler(path='glue.dataset.database.tables')
     def list_tables(engine, task: models.Task):
         with engine.scoped_session() as session:
-            dataset: models.Dataset = DatasetService.get_dataset_by_uri(
+            dataset: Dataset = DatasetService.get_dataset_by_uri(
                 session, task.targetUri
             )
             account_id = dataset.AwsAccountId
diff --git a/backend/dataall/modules/datasets/indexers/dataset_indexer.py b/backend/dataall/modules/datasets/indexers/dataset_indexer.py
index 665e2a9c4..ba3754ee2 100644
--- a/backend/dataall/modules/datasets/indexers/dataset_indexer.py
+++ b/backend/dataall/modules/datasets/indexers/dataset_indexer.py
@@ -2,6 +2,7 @@
 
 from dataall import db
 from dataall.db import models
+from dataall.modules.datasets import Dataset
 from dataall.modules.datasets.services.dataset_location import DatasetLocationService
 from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.searchproxy.upsert import BaseIndexer
@@ -13,35 +14,35 @@ class DatasetIndexer(BaseIndexer):
     def upsert(cls, session, dataset_uri: str):
         dataset = (
             session.query(
-                models.Dataset.datasetUri.label('datasetUri'),
-                models.Dataset.name.label('name'),
-                models.Dataset.owner.label('owner'),
-                models.Dataset.label.label('label'),
-                models.Dataset.description.label('description'),
-                models.Dataset.confidentiality.label('classification'),
-                models.Dataset.tags.label('tags'),
-                models.Dataset.topics.label('topics'),
-                models.Dataset.region.label('region'),
+                Dataset.datasetUri.label('datasetUri'),
+                Dataset.name.label('name'),
+                Dataset.owner.label('owner'),
+                Dataset.label.label('label'),
+                Dataset.description.label('description'),
+                Dataset.confidentiality.label('classification'),
+                Dataset.tags.label('tags'),
+                Dataset.topics.label('topics'),
+                Dataset.region.label('region'),
                 models.Organization.organizationUri.label('orgUri'),
                 models.Organization.name.label('orgName'),
                 models.Environment.environmentUri.label('envUri'),
                 models.Environment.name.label('envName'),
-                models.Dataset.SamlAdminGroupName.label('admins'),
-                models.Dataset.GlueDatabaseName.label('database'),
-                models.Dataset.S3BucketName.label('source'),
-                models.Dataset.created,
-                models.Dataset.updated,
-                models.Dataset.deleted,
+                Dataset.SamlAdminGroupName.label('admins'),
+                Dataset.GlueDatabaseName.label('database'),
+                Dataset.S3BucketName.label('source'),
+                Dataset.created,
+                Dataset.updated,
+                Dataset.deleted,
             )
             .join(
                 models.Organization,
-                models.Dataset.organizationUri == models.Organization.organizationUri,
+                Dataset.organizationUri == models.Organization.organizationUri,
             )
             .join(
                 models.Environment,
-                models.Dataset.environmentUri == models.Environment.environmentUri,
+                Dataset.environmentUri == models.Environment.environmentUri,
             )
-            .filter(models.Dataset.datasetUri == dataset_uri)
+            .filter(Dataset.datasetUri == dataset_uri)
             .first()
         )
         count_tables = DatasetService.count_dataset_tables(session, dataset_uri)
diff --git a/backend/dataall/modules/datasets/indexers/location_indexer.py b/backend/dataall/modules/datasets/indexers/location_indexer.py
index 72495b51c..fdeb83c90 100644
--- a/backend/dataall/modules/datasets/indexers/location_indexer.py
+++ b/backend/dataall/modules/datasets/indexers/location_indexer.py
@@ -1,5 +1,5 @@
 """Indexes DatasetStorageLocation in OpenSearch"""
-from dataall.modules.datasets.db.models import DatasetStorageLocation
+from dataall.modules.datasets.db.models import DatasetStorageLocation, Dataset
 
 from dataall.db import models
 from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
@@ -24,25 +24,25 @@ def upsert(cls, session, folder_uri: str):
                 models.Organization.name.label('orgName'),
                 models.Environment.environmentUri.label('envUri'),
                 models.Environment.name.label('envName'),
-                models.Dataset.SamlAdminGroupName.label('admins'),
-                models.Dataset.S3BucketName.label('source'),
-                models.Dataset.topics.label('topics'),
-                models.Dataset.confidentiality.label('classification'),
+                Dataset.SamlAdminGroupName.label('admins'),
+                Dataset.S3BucketName.label('source'),
+                Dataset.topics.label('topics'),
+                Dataset.confidentiality.label('classification'),
                 DatasetStorageLocation.created,
                 DatasetStorageLocation.updated,
                 DatasetStorageLocation.deleted,
             )
             .join(
-                models.Dataset,
-                models.Dataset.datasetUri == DatasetStorageLocation.datasetUri,
+                Dataset,
+                Dataset.datasetUri == DatasetStorageLocation.datasetUri,
             )
             .join(
                 models.Organization,
-                models.Dataset.organizationUri == models.Organization.organizationUri,
+                Dataset.organizationUri == models.Organization.organizationUri,
             )
             .join(
                 models.Environment,
-                models.Dataset.environmentUri == models.Environment.environmentUri,
+                Dataset.environmentUri == models.Environment.environmentUri,
             )
             .filter(DatasetStorageLocation.locationUri == folder_uri)
             .first()
diff --git a/backend/dataall/modules/datasets/indexers/table_indexer.py b/backend/dataall/modules/datasets/indexers/table_indexer.py
index 2fe9451e1..dcaa1b4e9 100644
--- a/backend/dataall/modules/datasets/indexers/table_indexer.py
+++ b/backend/dataall/modules/datasets/indexers/table_indexer.py
@@ -2,7 +2,7 @@
 from operator import and_
 
 from dataall.db import models
-from dataall.modules.datasets.db.models import DatasetTable
+from dataall.modules.datasets.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
 from dataall.searchproxy.upsert import BaseIndexer
 
@@ -19,32 +19,32 @@ def upsert(cls, session, table_uri: str):
                 DatasetTable.owner.label('owner'),
                 DatasetTable.label.label('label'),
                 DatasetTable.description.label('description'),
-                models.Dataset.confidentiality.label('classification'),
+                Dataset.confidentiality.label('classification'),
                 DatasetTable.tags.label('tags'),
-                models.Dataset.topics.label('topics'),
-                models.Dataset.region.label('region'),
+                Dataset.topics.label('topics'),
+                Dataset.region.label('region'),
                 models.Organization.organizationUri.label('orgUri'),
                 models.Organization.name.label('orgName'),
                 models.Environment.environmentUri.label('envUri'),
                 models.Environment.name.label('envName'),
-                models.Dataset.SamlAdminGroupName.label('admins'),
-                models.Dataset.GlueDatabaseName.label('database'),
-                models.Dataset.S3BucketName.label('source'),
+                Dataset.SamlAdminGroupName.label('admins'),
+                Dataset.GlueDatabaseName.label('database'),
+                Dataset.S3BucketName.label('source'),
                 DatasetTable.created,
                 DatasetTable.updated,
                 DatasetTable.deleted,
             )
             .join(
-                models.Dataset,
-                models.Dataset.datasetUri == DatasetTable.datasetUri,
+                Dataset,
+                Dataset.datasetUri == DatasetTable.datasetUri,
             )
             .join(
                 models.Organization,
-                models.Dataset.organizationUri == models.Organization.organizationUri,
+                Dataset.organizationUri == models.Organization.organizationUri,
             )
             .join(
                 models.Environment,
-                models.Dataset.environmentUri == models.Environment.environmentUri,
+                Dataset.environmentUri == models.Environment.environmentUri,
             )
             .filter(DatasetTable.tableUri == table_uri)
             .first()
diff --git a/backend/dataall/modules/datasets/services/dataset_profiling_service.py b/backend/dataall/modules/datasets/services/dataset_profiling_service.py
index 01bc3dc57..ce679ccd4 100644
--- a/backend/dataall/modules/datasets/services/dataset_profiling_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_profiling_service.py
@@ -2,7 +2,7 @@
 
 from dataall.db import paginate, models
 from dataall.db.exceptions import ObjectNotFound
-from dataall.modules.datasets.db.models import DatasetProfilingRun, DatasetTable
+from dataall.modules.datasets.db.models import DatasetProfilingRun, DatasetTable, Dataset
 
 
 class DatasetProfilingService:
@@ -13,7 +13,7 @@ def __init__(self):
     def start_profiling(
         session, datasetUri, tableUri=None, GlueTableName=None, GlueJobRunId=None
     ):
-        dataset: models.Dataset = session.query(models.Dataset).get(datasetUri)
+        dataset: Dataset = session.query(Dataset).get(datasetUri)
         if not dataset:
             raise ObjectNotFound('Dataset', datasetUri)
 
diff --git a/backend/dataall/modules/datasets/services/dataset_service.py b/backend/dataall/modules/datasets/services/dataset_service.py
index c513c574b..f28d1b637 100644
--- a/backend/dataall/modules/datasets/services/dataset_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_service.py
@@ -17,7 +17,7 @@
 from dataall.db import models, api, exceptions, permissions, paginate
 from dataall.db.models.Enums import Language, ConfidentialityClassification
 from dataall.modules.datasets.db.dataset_repository import DatasetRepository
-from dataall.modules.datasets.db.models import DatasetTable
+from dataall.modules.datasets.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.services.dataset_location import DatasetLocationService
 from dataall.utils.naming_convention import (
     NamingConventionService,
@@ -38,7 +38,7 @@ def create_dataset(
         uri: str,
         data: dict = None,
         check_perm: bool = False,
-    ) -> models.Dataset:
+    ) -> Dataset:
         if not uri:
             raise exceptions.RequiredParameter('environmentUri')
         if not data:
@@ -67,7 +67,7 @@ def create_dataset(
             session, environment.organizationUri
         )
 
-        dataset = models.Dataset(
+        dataset = Dataset(
             label=data.get('label'),
             owner=username,
             description=data.get('description', 'No description provided'),
@@ -113,7 +113,7 @@ def create_dataset(
             group=data['SamlAdminGroupName'],
             permissions=permissions.DATASET_ALL,
             resource_uri=dataset.datasetUri,
-            resource_type=models.Dataset.__name__,
+            resource_type=Dataset.__name__,
         )
         if dataset.stewards and dataset.stewards != dataset.SamlAdminGroupName:
             ResourcePolicy.attach_resource_policy(
@@ -121,7 +121,7 @@ def create_dataset(
                 group=dataset.stewards,
                 permissions=permissions.DATASET_READ,
                 resource_uri=dataset.datasetUri,
-                resource_type=models.Dataset.__name__,
+                resource_type=Dataset.__name__,
             )
         if environment.SamlGroupName != dataset.SamlAdminGroupName:
             ResourcePolicy.attach_resource_policy(
@@ -129,12 +129,12 @@ def create_dataset(
                 group=environment.SamlGroupName,
                 permissions=permissions.DATASET_ALL,
                 resource_uri=dataset.datasetUri,
-                resource_type=models.Dataset.__name__,
+                resource_type=Dataset.__name__,
             )
         return dataset
 
     @staticmethod
-    def _set_dataset_aws_resources(dataset: models.Dataset, data, environment):
+    def _set_dataset_aws_resources(dataset: Dataset, data, environment):
 
         bucket_name = NamingConventionService(
             target_uri=dataset.datasetUri,
@@ -183,7 +183,7 @@ def _set_dataset_aws_resources(dataset: models.Dataset, data, environment):
         return dataset
 
     @staticmethod
-    def create_dataset_stack(session, dataset: models.Dataset) -> models.Stack:
+    def create_dataset_stack(session, dataset: Dataset) -> models.Stack:
         return Stack.create_stack(
             session=session,
             environment_uri=dataset.environmentUri,
@@ -207,21 +207,21 @@ def get_dataset(
         uri: str,
         data: dict = None,
         check_perm: bool = False,
-    ) -> models.Dataset:
+    ) -> Dataset:
         return DatasetService.get_dataset_by_uri(session, uri)
 
     @staticmethod
-    def get_dataset_by_uri(session, dataset_uri) -> models.Dataset:
+    def get_dataset_by_uri(session, dataset_uri) -> Dataset:
         return DatasetRepository.get_dataset_by_uri(session, dataset_uri)
 
     @staticmethod
     def query_user_datasets(session, username, groups, filter) -> Query:
         share_item_shared_states = api.ShareItemSM.get_share_item_shared_states()
         query = (
-            session.query(models.Dataset)
+            session.query(Dataset)
             .outerjoin(
                 models.ShareObject,
-                models.ShareObject.datasetUri == models.Dataset.datasetUri,
+                models.ShareObject.datasetUri == Dataset.datasetUri,
             )
             .outerjoin(
                 models.ShareObjectItem,
@@ -229,9 +229,9 @@ def query_user_datasets(session, username, groups, filter) -> Query:
             )
             .filter(
                 or_(
-                    models.Dataset.owner == username,
-                    models.Dataset.SamlAdminGroupName.in_(groups),
-                    models.Dataset.stewards.in_(groups),
+                    Dataset.owner == username,
+                    Dataset.SamlAdminGroupName.in_(groups),
+                    Dataset.stewards.in_(groups),
                     and_(
                         models.ShareObject.principalId.in_(groups),
                         models.ShareObjectItem.status.in_(share_item_shared_states),
@@ -246,8 +246,8 @@ def query_user_datasets(session, username, groups, filter) -> Query:
         if filter and filter.get('term'):
             query = query.filter(
                 or_(
-                    models.Dataset.description.ilike(filter.get('term') + '%%'),
-                    models.Dataset.label.ilike(filter.get('term') + '%%'),
+                    Dataset.description.ilike(filter.get('term') + '%%'),
+                    Dataset.label.ilike(filter.get('term') + '%%'),
                 )
             )
         return query
@@ -296,8 +296,8 @@ def paginated_dataset_tables(
     @has_resource_perm(permissions.UPDATE_DATASET)
     def update_dataset(
         session, username, groups, uri, data=None, check_perm=None
-    ) -> models.Dataset:
-        dataset: models.Dataset = DatasetService.get_dataset_by_uri(session, uri)
+    ) -> Dataset:
+        dataset: Dataset = DatasetService.get_dataset_by_uri(session, uri)
         if data and isinstance(data, dict):
             for k in data.keys():
                 if k != 'stewards':
@@ -317,7 +317,7 @@ def update_dataset(
                 group=dataset.SamlAdminGroupName,
                 permissions=permissions.DATASET_ALL,
                 resource_uri=dataset.datasetUri,
-                resource_type=models.Dataset.__name__,
+                resource_type=Dataset.__name__,
             )
             DatasetService.update_dataset_glossary_terms(session, username, uri, data)
             activity = models.Activity(
@@ -364,7 +364,7 @@ def transfer_stewardship_to_new_stewards(session, dataset, new_stewards):
             group=new_stewards,
             permissions=permissions.DATASET_READ,
             resource_uri=dataset.datasetUri,
-            resource_type=models.Dataset.__name__,
+            resource_type=Dataset.__name__,
         )
 
         dataset_tables = [t.tableUri for t in DatasetService.get_dataset_tables(session, dataset.datasetUri)]
@@ -599,20 +599,20 @@ def _delete_dataset_tables(session, dataset_uri) -> bool:
         return tables
 
     @staticmethod
-    def list_all_datasets(session) -> [models.Dataset]:
-        return session.query(models.Dataset).all()
+    def list_all_datasets(session) -> [Dataset]:
+        return session.query(Dataset).all()
 
     @staticmethod
-    def list_all_active_datasets(session) -> [models.Dataset]:
+    def list_all_active_datasets(session) -> [Dataset]:
         return (
-            session.query(models.Dataset).filter(models.Dataset.deleted.is_(None)).all()
+            session.query(Dataset).filter(Dataset.deleted.is_(None)).all()
         )
 
     @staticmethod
-    def get_dataset_by_bucket_name(session, bucket) -> [models.Dataset]:
+    def get_dataset_by_bucket_name(session, bucket) -> [Dataset]:
         return (
-            session.query(models.Dataset)
-            .filter(models.Dataset.S3BucketName == bucket)
+            session.query(Dataset)
+            .filter(Dataset.S3BucketName == bucket)
             .first()
         )
 
diff --git a/backend/dataall/modules/datasets/services/dataset_share_service.py b/backend/dataall/modules/datasets/services/dataset_share_service.py
index 3503e86fe..74e64c951 100644
--- a/backend/dataall/modules/datasets/services/dataset_share_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_share_service.py
@@ -8,7 +8,7 @@
 from dataall.db import models, permissions
 from dataall.db.api import has_resource_perm, ShareItemSM
 from dataall.db.paginator import paginate
-from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable
+from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable, Dataset
 
 
 class DatasetShareService:
@@ -22,9 +22,9 @@ def paginated_shared_with_environment_datasets(
         q = (
             session.query(
                 models.ShareObjectItem.shareUri.label('shareUri'),
-                models.Dataset.datasetUri.label('datasetUri'),
-                models.Dataset.name.label('datasetName'),
-                models.Dataset.description.label('datasetDescription'),
+                Dataset.datasetUri.label('datasetUri'),
+                Dataset.name.label('datasetName'),
+                Dataset.description.label('datasetDescription'),
                 models.Environment.environmentUri.label('environmentUri'),
                 models.Environment.name.label('environmentName'),
                 models.ShareObject.created.label('created'),
@@ -60,12 +60,12 @@ def paginated_shared_with_environment_datasets(
                 models.ShareObject.shareUri == models.ShareObjectItem.shareUri,
             )
             .join(
-                models.Dataset,
-                models.ShareObject.datasetUri == models.Dataset.datasetUri,
+                Dataset,
+                models.ShareObject.datasetUri == Dataset.datasetUri,
             )
             .join(
                 models.Environment,
-                models.Environment.environmentUri == models.Dataset.environmentUri,
+                models.Environment.environmentUri == Dataset.environmentUri,
             )
             .join(
                 models.Organization,
@@ -118,9 +118,9 @@ def paginated_shared_with_environment_group_datasets(
         q = (
             session.query(
                 models.ShareObjectItem.shareUri.label('shareUri'),
-                models.Dataset.datasetUri.label('datasetUri'),
-                models.Dataset.name.label('datasetName'),
-                models.Dataset.description.label('datasetDescription'),
+                Dataset.datasetUri.label('datasetUri'),
+                Dataset.name.label('datasetName'),
+                Dataset.description.label('datasetDescription'),
                 models.Environment.environmentUri.label('environmentUri'),
                 models.Environment.name.label('environmentName'),
                 models.ShareObject.created.label('created'),
@@ -156,12 +156,12 @@ def paginated_shared_with_environment_group_datasets(
                 models.ShareObject.shareUri == models.ShareObjectItem.shareUri,
             )
             .join(
-                models.Dataset,
-                models.ShareObject.datasetUri == models.Dataset.datasetUri,
+                Dataset,
+                models.ShareObject.datasetUri == Dataset.datasetUri,
             )
             .join(
                 models.Environment,
-                models.Environment.environmentUri == models.Dataset.environmentUri,
+                models.Environment.environmentUri == Dataset.environmentUri,
             )
             .join(
                 models.Organization,
diff --git a/backend/dataall/modules/datasets/tasks/subscription_service.py b/backend/dataall/modules/datasets/tasks/subscription_service.py
index ae1c522e0..ec2eec459 100644
--- a/backend/dataall/modules/datasets/tasks/subscription_service.py
+++ b/backend/dataall/modules/datasets/tasks/subscription_service.py
@@ -17,7 +17,7 @@
 from dataall.utils import json_utils
 from dataall.modules.datasets.services.dataset_table import DatasetTableService
 from dataall.modules.datasets.services.dataset_location import DatasetLocationService
-from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable
+from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable, Dataset
 
 root = logging.getLogger()
 root.setLevel(logging.INFO)
@@ -81,7 +81,7 @@ def publish_table_update_message(engine, message):
                     f'Found table {table.tableUri}|{table.GlueTableName}|{table.S3Prefix}'
                 )
 
-                dataset: models.Dataset = session.query(models.Dataset).get(
+                dataset: Dataset = session.query(Dataset).get(
                     table.datasetUri
                 )
                 log.info(
@@ -119,7 +119,7 @@ def publish_location_update_message(session, message):
         else:
             log.info(f'Found location {location.locationUri}|{location.S3Prefix}')
 
-            dataset: models.Dataset = session.query(models.Dataset).get(
+            dataset: Dataset = session.query(Dataset).get(
                 location.datasetUri
             )
             log.info(
@@ -288,7 +288,7 @@ def sns_call(message, environment):
     def redshift_copy(
         engine,
         message,
-        dataset: models.Dataset,
+        dataset: Dataset,
         environment: models.Environment,
         table: DatasetTable,
     ):
diff --git a/backend/dataall/modules/datasets/tasks/tables_syncer.py b/backend/dataall/modules/datasets/tasks/tables_syncer.py
index a503ac8f5..f662de632 100644
--- a/backend/dataall/modules/datasets/tasks/tables_syncer.py
+++ b/backend/dataall/modules/datasets/tasks/tables_syncer.py
@@ -8,7 +8,7 @@
 from dataall.aws.handlers.sts import SessionHelper
 from dataall.db import get_engine
 from dataall.db import models
-from dataall.modules.datasets.db.models import DatasetTable
+from dataall.modules.datasets.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
 from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.utils.alarm_service import AlarmService
@@ -24,11 +24,11 @@
 def sync_tables(engine):
     with engine.scoped_session() as session:
         processed_tables = []
-        all_datasets: [models.Dataset] = DatasetService.list_all_active_datasets(
+        all_datasets: [Dataset] = DatasetService.list_all_active_datasets(
             session
         )
         log.info(f'Found {len(all_datasets)} datasets for tables sync')
-        dataset: models.Dataset
+        dataset: Dataset
         for dataset in all_datasets:
             log.info(
                 f'Synchronizing dataset {dataset.name}|{dataset.datasetUri} tables'
diff --git a/backend/dataall/tasks/bucket_policy_updater.py b/backend/dataall/tasks/bucket_policy_updater.py
index 6cb4c51ea..12844aae8 100644
--- a/backend/dataall/tasks/bucket_policy_updater.py
+++ b/backend/dataall/tasks/bucket_policy_updater.py
@@ -10,7 +10,7 @@
 from ..aws.handlers.sts import SessionHelper
 from ..db import get_engine
 from ..db import models
-from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable
+from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable, Dataset
 
 root = logging.getLogger()
 root.setLevel(logging.INFO)
@@ -28,11 +28,11 @@ def __init__(self, engine, event=None):
     def sync_imported_datasets_bucket_policies(self):
         with self.engine.scoped_session() as session:
             imported_datasets = (
-                session.query(models.Dataset)
+                session.query(Dataset)
                 .filter(
                     and_(
-                        models.Dataset.imported == True,
-                        models.Dataset.deleted.is_(None),
+                        Dataset.imported == True,
+                        Dataset.deleted.is_(None),
                     )
                 )
                 .all()
diff --git a/backend/dataall/tasks/catalog_indexer.py b/backend/dataall/tasks/catalog_indexer.py
index 7bea9d965..60d9df792 100644
--- a/backend/dataall/tasks/catalog_indexer.py
+++ b/backend/dataall/tasks/catalog_indexer.py
@@ -2,6 +2,7 @@
 import os
 import sys
 
+from dataall.modules.datasets.db.models import Dataset
 from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
 from dataall.modules.datasets.services.dataset_service import DatasetService
@@ -21,11 +22,11 @@ def index_objects(engine):
         indexed_objects_counter = 0
         with engine.scoped_session() as session:
 
-            all_datasets: [models.Dataset] = DatasetService.list_all_active_datasets(
+            all_datasets: [Dataset] = DatasetService.list_all_active_datasets(
                 session
             )
             log.info(f'Found {len(all_datasets)} datasets')
-            dataset: models.Dataset
+            dataset: Dataset
             for dataset in all_datasets:
                 tables = DatasetTableIndexer.upsert_all(session, dataset.datasetUri)
                 folders = DatasetLocationIndexer.upsert_all(session, dataset_uri=dataset.datasetUri)
diff --git a/backend/dataall/tasks/data_sharing/share_managers/lf_share_manager.py b/backend/dataall/tasks/data_sharing/share_managers/lf_share_manager.py
index 2b7eaf20a..997dc830f 100644
--- a/backend/dataall/tasks/data_sharing/share_managers/lf_share_manager.py
+++ b/backend/dataall/tasks/data_sharing/share_managers/lf_share_manager.py
@@ -11,7 +11,7 @@
 from ....aws.handlers.sts import SessionHelper
 from ....aws.handlers.ram import Ram
 from ....db import api, exceptions, models
-from dataall.modules.datasets.db.models import DatasetTable
+from dataall.modules.datasets.db.models import DatasetTable, Dataset
 from dataall.utils.alarm_service import AlarmService
 
 logger = logging.getLogger(__name__)
@@ -21,7 +21,7 @@ class LFShareManager:
     def __init__(
         self,
         session,
-        dataset: models.Dataset,
+        dataset: Dataset,
         share: models.ShareObject,
         shared_tables: [DatasetTable],
         revoked_tables: [DatasetTable],
@@ -74,7 +74,7 @@ def build_shared_db_name(self) -> str:
         Unique per share Uri.
         Parameters
         ----------
-        dataset : models.Dataset
+        dataset : Dataset
         share : models.ShareObject
 
         Returns
@@ -155,7 +155,7 @@ def grant_pivot_role_all_database_permissions(self) -> bool:
     def create_shared_database(
         cls,
         target_environment: models.Environment,
-        dataset: models.Dataset,
+        dataset: Dataset,
         shared_db_name: str,
         principals: [str],
     ) -> dict:
diff --git a/backend/dataall/tasks/data_sharing/share_managers/s3_share_manager.py b/backend/dataall/tasks/data_sharing/share_managers/s3_share_manager.py
index 30c72a60e..c7e614dbe 100644
--- a/backend/dataall/tasks/data_sharing/share_managers/s3_share_manager.py
+++ b/backend/dataall/tasks/data_sharing/share_managers/s3_share_manager.py
@@ -10,7 +10,7 @@
 from ....aws.handlers.iam import IAM
 
 from ....utils.alarm_service import AlarmService
-from dataall.modules.datasets.db.models import DatasetStorageLocation
+from dataall.modules.datasets.db.models import DatasetStorageLocation, Dataset
 
 logger = logging.getLogger(__name__)
 ACCESS_POINT_CREATION_TIME = 30
@@ -21,7 +21,7 @@ class S3ShareManager:
     def __init__(
         self,
         session,
-        dataset: models.Dataset,
+        dataset: Dataset,
         share: models.ShareObject,
         target_folder: DatasetStorageLocation,
         source_environment: models.Environment,
@@ -325,7 +325,7 @@ def delete_access_point_policy(self):
     @staticmethod
     def delete_access_point(
             share: models.ShareObject,
-            dataset: models.Dataset,
+            dataset: Dataset,
     ):
         access_point_name = S3ShareManager.build_access_point_name(share)
         logger.info(
@@ -342,7 +342,7 @@ def delete_access_point(
     @staticmethod
     def delete_target_role_access_policy(
             share: models.ShareObject,
-            dataset: models.Dataset,
+            dataset: Dataset,
             target_environment: models.Environment,
     ):
         logger.info(
@@ -377,7 +377,7 @@ def delete_target_role_access_policy(
     @staticmethod
     def delete_dataset_bucket_key_policy(
             share: models.ShareObject,
-            dataset: models.Dataset,
+            dataset: Dataset,
             target_environment: models.Environment,
     ):
         logger.info(
diff --git a/backend/dataall/tasks/data_sharing/share_processors/lf_process_cross_account_share.py b/backend/dataall/tasks/data_sharing/share_processors/lf_process_cross_account_share.py
index dfceec978..94eb786ec 100644
--- a/backend/dataall/tasks/data_sharing/share_processors/lf_process_cross_account_share.py
+++ b/backend/dataall/tasks/data_sharing/share_processors/lf_process_cross_account_share.py
@@ -4,7 +4,7 @@
 from ..share_managers import LFShareManager
 from ....aws.handlers.ram import Ram
 from ....db import models, api
-from dataall.modules.datasets.db.models import DatasetTable
+from dataall.modules.datasets.db.models import DatasetTable, Dataset
 
 log = logging.getLogger(__name__)
 
@@ -13,7 +13,7 @@ class ProcessLFCrossAccountShare(LFShareManager):
     def __init__(
         self,
         session,
-        dataset: models.Dataset,
+        dataset: Dataset,
         share: models.ShareObject,
         shared_tables: [DatasetTable],
         revoked_tables: [DatasetTable],
diff --git a/backend/dataall/tasks/data_sharing/share_processors/lf_process_same_account_share.py b/backend/dataall/tasks/data_sharing/share_processors/lf_process_same_account_share.py
index 3ea939b4f..c2afa4b23 100644
--- a/backend/dataall/tasks/data_sharing/share_processors/lf_process_same_account_share.py
+++ b/backend/dataall/tasks/data_sharing/share_processors/lf_process_same_account_share.py
@@ -2,7 +2,7 @@
 
 from ..share_managers import LFShareManager
 from dataall.db import models, api
-from dataall.modules.datasets.db.models import DatasetTable
+from dataall.modules.datasets.db.models import DatasetTable, Dataset
 
 log = logging.getLogger(__name__)
 
@@ -11,7 +11,7 @@ class ProcessLFSameAccountShare(LFShareManager):
     def __init__(
         self,
         session,
-        dataset: models.Dataset,
+        dataset: Dataset,
         share: models.ShareObject,
         shared_tables: [DatasetTable],
         revoked_tables: [DatasetTable],
diff --git a/backend/dataall/tasks/data_sharing/share_processors/s3_process_share.py b/backend/dataall/tasks/data_sharing/share_processors/s3_process_share.py
index 96b608338..13175c2d1 100644
--- a/backend/dataall/tasks/data_sharing/share_processors/s3_process_share.py
+++ b/backend/dataall/tasks/data_sharing/share_processors/s3_process_share.py
@@ -2,8 +2,7 @@
 
 from ....db import models, api
 from ..share_managers import S3ShareManager
-from dataall.modules.datasets.db.models import DatasetStorageLocation
-
+from dataall.modules.datasets.db.models import DatasetStorageLocation, Dataset
 
 log = logging.getLogger(__name__)
 
@@ -12,7 +11,7 @@ class ProcessS3Share(S3ShareManager):
     def __init__(
         self,
         session,
-        dataset: models.Dataset,
+        dataset: Dataset,
         share: models.ShareObject,
         share_folder: DatasetStorageLocation,
         source_environment: models.Environment,
@@ -36,7 +35,7 @@ def __init__(
     def process_approved_shares(
         cls,
         session,
-        dataset: models.Dataset,
+        dataset: Dataset,
         share: models.ShareObject,
         share_folders: [DatasetStorageLocation],
         source_environment: models.Environment,
@@ -103,7 +102,7 @@ def process_approved_shares(
     def process_revoked_shares(
             cls,
             session,
-            dataset: models.Dataset,
+            dataset: Dataset,
             share: models.ShareObject,
             revoke_folders: [DatasetStorageLocation],
             source_environment: models.Environment,
@@ -164,7 +163,7 @@ def process_revoked_shares(
 
     @staticmethod
     def clean_up_share(
-            dataset: models.Dataset,
+            dataset: Dataset,
             share: models.ShareObject,
             target_environment: models.Environment
     ):
diff --git a/backend/dataall/tasks/stacks_updater.py b/backend/dataall/tasks/stacks_updater.py
index f4908b8a1..fba4060ea 100644
--- a/backend/dataall/tasks/stacks_updater.py
+++ b/backend/dataall/tasks/stacks_updater.py
@@ -2,6 +2,7 @@
 import os
 import sys
 
+from dataall.modules.datasets.db.models import Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
 from .. import db
 from ..db import models
@@ -19,7 +20,7 @@
 def update_stacks(engine, envname):
     with engine.scoped_session() as session:
 
-        all_datasets: [models.Dataset] = DatasetService.list_all_active_datasets(
+        all_datasets: [Dataset] = DatasetService.list_all_active_datasets(
             session
         )
         all_environments: [
@@ -31,7 +32,7 @@ def update_stacks(engine, envname):
             update_stack(session, envname, environment.environmentUri)
 
         log.info(f'Found {len(all_datasets)} datasets')
-        dataset: models.Dataset
+        dataset: Dataset
         for dataset in all_datasets:
             update_stack(session, envname, dataset.datasetUri)
 
diff --git a/backend/dataall/utils/alarm_service.py b/backend/dataall/utils/alarm_service.py
index a1d0a6d5b..661eb852b 100644
--- a/backend/dataall/utils/alarm_service.py
+++ b/backend/dataall/utils/alarm_service.py
@@ -11,7 +11,7 @@
 
 from ..aws.handlers.sts import SessionHelper
 from ..db import models
-from dataall.modules.datasets.db.models import DatasetTable
+from dataall.modules.datasets.db.models import DatasetTable, Dataset
 
 logger = logging.getLogger(__name__)
 
@@ -116,7 +116,7 @@ def trigger_catalog_indexing_failure_alarm(self, error: str):
 """
         return self.publish_message_to_alarms_topic(subject, message)
 
-    def trigger_dataset_sync_failure_alarm(self, dataset: models.Dataset, error: str):
+    def trigger_dataset_sync_failure_alarm(self, dataset: Dataset, error: str):
         logger.info(f'Triggering dataset {dataset.name} tables sync failure alarm...')
         subject = (
             f'ALARM: DATAALL Dataset {dataset.name} Tables Sync Failure Notification'
diff --git a/tests/api/conftest.py b/tests/api/conftest.py
index 37fef4f10..598a3a763 100644
--- a/tests/api/conftest.py
+++ b/tests/api/conftest.py
@@ -2,7 +2,7 @@
 from .client import *
 from dataall.db import models
 from dataall.api import constants
-from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable
+from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable, Dataset
 
 
 @pytest.fixture(scope='module', autouse=True)
@@ -190,7 +190,7 @@ def factory(
         name: str,
         owner: str,
         group: str,
-    ) -> models.Dataset:
+    ) -> Dataset:
         key = f'{org.organizationUri}-{env.environmentUri}-{name}-{group}'
         if cache.get(key):
             print('found in cache ', cache[key])
@@ -390,9 +390,9 @@ def factory(
         organization: models.Organization,
         environment: models.Environment,
         label: str,
-    ) -> models.Dataset:
+    ) -> Dataset:
         with db.scoped_session() as session:
-            dataset = models.Dataset(
+            dataset = Dataset(
                 organizationUri=organization.organizationUri,
                 environmentUri=environment.environmentUri,
                 label=label,
@@ -448,7 +448,7 @@ def factory(
 @pytest.fixture(scope="module")
 def share(db):
     def factory(
-            dataset: models.Dataset,
+            dataset: Dataset,
             environment: models.Environment,
             env_group: models.EnvironmentGroup,
             owner: str,
@@ -529,7 +529,7 @@ def factory(
 def location(db):
     cache = {}
 
-    def factory(dataset: models.Dataset, name, username) -> DatasetStorageLocation:
+    def factory(dataset: Dataset, name, username) -> DatasetStorageLocation:
         key = f'{dataset.datasetUri}-{name}'
         if cache.get(key):
             return cache.get(key)
@@ -554,7 +554,7 @@ def factory(dataset: models.Dataset, name, username) -> DatasetStorageLocation:
 def table(db):
     cache = {}
 
-    def factory(dataset: models.Dataset, name, username) -> DatasetTable:
+    def factory(dataset: Dataset, name, username) -> DatasetTable:
         key = f'{dataset.datasetUri}-{name}'
         if cache.get(key):
             return cache.get(key)
@@ -626,7 +626,7 @@ def env_fixture(env, org_fixture, user, group, tenant, module_mocker):
 
 
 @pytest.fixture(scope='module')
-def dataset_fixture(env_fixture, org_fixture, dataset, group) -> dataall.db.models.Dataset:
+def dataset_fixture(env_fixture, org_fixture, dataset, group) -> Dataset:
     yield dataset(
         org=org_fixture,
         env=env_fixture,
diff --git a/tests/api/test_dashboards.py b/tests/api/test_dashboards.py
index 8e83e3d54..b82d3f314 100644
--- a/tests/api/test_dashboards.py
+++ b/tests/api/test_dashboards.py
@@ -2,6 +2,7 @@
 import pytest
 
 import dataall
+from dataall.modules.datasets.db.models import Dataset
 
 
 @pytest.fixture(scope='module', autouse=True)
@@ -25,7 +26,7 @@ def dataset1(
     org1: dataall.db.models.Organization,
     env1: dataall.db.models.Environment,
     dataset: typing.Callable,
-) -> dataall.db.models.Dataset:
+) -> Dataset:
     yield dataset(
         org=org1, env=env1, name='dataset1', owner=env1.owner, group='dataset1admins'
     )
diff --git a/tests/api/test_dataset.py b/tests/api/test_dataset.py
index 8aac00702..73b5dd161 100644
--- a/tests/api/test_dataset.py
+++ b/tests/api/test_dataset.py
@@ -3,7 +3,7 @@
 import pytest
 
 import dataall
-from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable
+from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable, Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
 
 
@@ -24,7 +24,7 @@ def env1(env, org1, user, group, tenant, module_mocker):
 
 
 @pytest.fixture(scope='module')
-def dataset1(env1, org1, dataset, group) -> dataall.db.models.Dataset:
+def dataset1(env1, org1, dataset, group) -> Dataset:
     yield dataset(
         org=org1, env=env1, name='dataset1', owner=env1.owner, group=group.name
     )
@@ -52,7 +52,7 @@ def dataset1(
     env1: dataall.db.models.Environment,
     dataset: typing.Callable,
     group,
-) -> dataall.db.models.Dataset:
+) -> Dataset:
     d = dataset(org=org1, env=env1, name='dataset1', owner=env1.owner, group=group.name)
     print(d)
     yield d
@@ -364,7 +364,7 @@ def test_dataset_in_environment(client, env1, dataset1, group):
 
 def test_delete_dataset(client, dataset, env1, org1, db, module_mocker, group, user):
     with db.scoped_session() as session:
-        session.query(dataall.db.models.Dataset).delete()
+        session.query(Dataset).delete()
         session.commit()
     deleted_dataset = dataset(
         org=org1, env=env1, name='dataset1', owner=user.userName, group=group.name
@@ -470,7 +470,7 @@ def test_import_dataset(org1, env1, dataset1, client, group):
 
 def test_get_dataset_by_prefix(db, env1, org1):
     with db.scoped_session() as session:
-        dataset = dataall.db.models.Dataset(
+        dataset = Dataset(
             label='thisdataset',
             environmentUri=env1.environmentUri,
             organizationUri=org1.organizationUri,
@@ -491,7 +491,7 @@ def test_get_dataset_by_prefix(db, env1, org1):
         )
         session.add(dataset)
         session.commit()
-        dataset_found: dataall.db.models.Dataset = DatasetService.get_dataset_by_bucket_name(
+        dataset_found: Dataset = DatasetService.get_dataset_by_bucket_name(
             session,
             bucket='s3a://insite-data-lake-raw-alpha-eu-west-1/booker/volume_constraints/insite_version=1/volume_constraints.delta'.split(
                 '//'
diff --git a/tests/api/test_dataset_location.py b/tests/api/test_dataset_location.py
index 2977a8baf..50aafe9a3 100644
--- a/tests/api/test_dataset_location.py
+++ b/tests/api/test_dataset_location.py
@@ -3,6 +3,7 @@
 import pytest
 
 import dataall
+from dataall.modules.datasets.db.models import Dataset
 
 
 @pytest.fixture(scope='module', autouse=True)
@@ -22,7 +23,7 @@ def env1(env, org1, user, group, tenant, module_mocker):
 
 
 @pytest.fixture(scope='module')
-def dataset1(env1, org1, dataset, group) -> dataall.db.models.Dataset:
+def dataset1(env1, org1, dataset, group) -> Dataset:
     yield dataset(
         org=org1, env=env1, name='dataset1', owner=env1.owner, group=group.name
     )
diff --git a/tests/api/test_dataset_profiling.py b/tests/api/test_dataset_profiling.py
index 8f7b1bc84..124c90386 100644
--- a/tests/api/test_dataset_profiling.py
+++ b/tests/api/test_dataset_profiling.py
@@ -2,7 +2,7 @@
 import pytest
 
 import dataall
-from dataall.modules.datasets.db.models import DatasetProfilingRun, DatasetTable
+from dataall.modules.datasets.db.models import DatasetProfilingRun, DatasetTable, Dataset
 
 
 @pytest.fixture(scope='module', autouse=True)
@@ -22,7 +22,7 @@ def env1(env, org1, user, group, tenant, module_mocker):
 
 
 @pytest.fixture(scope='module')
-def dataset1(env1, org1, dataset, group, user) -> dataall.db.models.Dataset:
+def dataset1(env1, org1, dataset, group, user) -> Dataset:
     yield dataset(
         org=org1, env=env1, name='dataset1', owner=user.userName, group=group.name
     )
diff --git a/tests/api/test_dataset_table.py b/tests/api/test_dataset_table.py
index 7ed3732a4..e226e4546 100644
--- a/tests/api/test_dataset_table.py
+++ b/tests/api/test_dataset_table.py
@@ -4,7 +4,7 @@
 
 import dataall
 from dataall.modules.datasets.services.dataset_table import DatasetTableService
-from dataall.modules.datasets.db.models import DatasetTableColumn, DatasetTable
+from dataall.modules.datasets.db.models import DatasetTableColumn, DatasetTable, Dataset
 
 
 @pytest.fixture(scope='module', autouse=True)
@@ -24,7 +24,7 @@ def env1(env, org1, user, group, tenant, module_mocker):
 
 
 @pytest.fixture(scope='module')
-def dataset1(env1, org1, dataset, group) -> dataall.db.models.Dataset:
+def dataset1(env1, org1, dataset, group) -> Dataset:
     yield dataset(
         org=org1, env=env1, name='dataset1', owner=env1.owner, group=group.name
     )
diff --git a/tests/api/test_environment.py b/tests/api/test_environment.py
index a84535d41..774797108 100644
--- a/tests/api/test_environment.py
+++ b/tests/api/test_environment.py
@@ -2,6 +2,7 @@
 
 import dataall
 from dataall.db import permissions
+from dataall.modules.datasets.db.models import Dataset
 
 
 @pytest.fixture(scope='module', autouse=True)
@@ -599,7 +600,7 @@ def test_group_invitation(db, client, env1, org1, group2, user, group3, group, d
 
     assert 'EnvironmentResourcesFound' in response.errors[0].message
     with db.scoped_session() as session:
-        dataset = session.query(dataall.db.models.Dataset).get(dataset.datasetUri)
+        dataset = session.query(Dataset).get(dataset.datasetUri)
         session.delete(dataset)
         session.commit()
 
diff --git a/tests/api/test_glossary.py b/tests/api/test_glossary.py
index 1aa15ce73..13bfbcb58 100644
--- a/tests/api/test_glossary.py
+++ b/tests/api/test_glossary.py
@@ -1,7 +1,7 @@
 from datetime import datetime
 from typing import List
 from dataall.db import models
-from dataall.modules.datasets.db.models import DatasetTableColumn, DatasetTable
+from dataall.modules.datasets.db.models import DatasetTableColumn, DatasetTable, Dataset
 import pytest
 
 
@@ -24,7 +24,7 @@ def _env(
 
 
 @pytest.fixture(scope='module', autouse=True)
-def _dataset(db, _env, _org, group, user, dataset) -> models.Dataset:
+def _dataset(db, _env, _org, group, user, dataset) -> Dataset:
     with db.scoped_session() as session:
         yield dataset(
             org=_org, env=_env, name='dataset1', owner=user.userName, group=group.name
diff --git a/tests/api/test_keyvaluetag.py b/tests/api/test_keyvaluetag.py
index 8d546cb3f..fd96d9bc1 100644
--- a/tests/api/test_keyvaluetag.py
+++ b/tests/api/test_keyvaluetag.py
@@ -5,6 +5,7 @@
 import pytest
 
 from dataall.db import exceptions
+from dataall.modules.datasets.db.models import Dataset
 
 
 @pytest.fixture(scope='module')
@@ -26,7 +27,7 @@ def env1(
 
 
 @pytest.fixture(scope='module', autouse=True)
-def dataset1(db, env1, org1, group, user, dataset) -> models.Dataset:
+def dataset1(db, env1, org1, group, user, dataset) -> Dataset:
     with db.scoped_session() as session:
         yield dataset(
             org=org1, env=env1, name='dataset1', owner=user.userName, group=group.name
diff --git a/tests/api/test_redshift_cluster.py b/tests/api/test_redshift_cluster.py
index 9fc1d9d06..fe235ecd0 100644
--- a/tests/api/test_redshift_cluster.py
+++ b/tests/api/test_redshift_cluster.py
@@ -4,6 +4,7 @@
 import pytest
 import dataall
 from dataall.api.constants import RedshiftClusterRole
+from dataall.modules.datasets.db.models import Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
 
 
@@ -24,7 +25,7 @@ def env1(env, org1, user, group, tenant, module_mocker):
 
 
 @pytest.fixture(scope='module')
-def dataset1(db, user, env1, org1, dataset, group, group3) -> dataall.db.models.Dataset:
+def dataset1(db, user, env1, org1, dataset, group, group3) -> Dataset:
     with db.scoped_session() as session:
         data = dict(
             label='label',
@@ -71,7 +72,7 @@ def env2(
 
 
 @pytest.fixture(scope='module')
-def dataset2(env2, org2, dataset, group2, user2) -> dataall.db.models.Dataset:
+def dataset2(env2, org2, dataset, group2, user2) -> Dataset:
     yield dataset(
         org=org2,
         env=env2,
diff --git a/tests/api/test_share.py b/tests/api/test_share.py
index d951a15f8..c87e8255a 100644
--- a/tests/api/test_share.py
+++ b/tests/api/test_share.py
@@ -3,7 +3,7 @@
 import pytest
 
 import dataall
-from dataall.modules.datasets.db.models import DatasetTable
+from dataall.modules.datasets.db.models import DatasetTable, Dataset
 
 
 def random_table_name():
@@ -49,7 +49,7 @@ def env1group(environment_group: typing.Callable, env1, user, group
 
 @pytest.fixture(scope='module')
 def dataset1(dataset_model: typing.Callable, org1: dataall.db.models.Organization, env1: dataall.db.models.Environment
-             ) -> dataall.db.models.Dataset:
+             ) -> Dataset:
     yield dataset_model(
         organization=org1,
         environment=env1,
@@ -58,13 +58,13 @@ def dataset1(dataset_model: typing.Callable, org1: dataall.db.models.Organizatio
 
 
 @pytest.fixture(scope='module')
-def tables1(table: typing.Callable, dataset1: dataall.db.models.Dataset):
+def tables1(table: typing.Callable, dataset1: Dataset):
     for i in range(1, 100):
         table(dataset1, name=random_table_name(), username=dataset1.owner)
 
 
 @pytest.fixture(scope="module", autouse=True)
-def table1(table: typing.Callable, dataset1: dataall.db.models.Dataset,
+def table1(table: typing.Callable, dataset1: Dataset,
            user: dataall.db.models.User) -> DatasetTable:
     yield table(
         dataset=dataset1,
@@ -97,7 +97,7 @@ def env2(
 @pytest.fixture(scope='module')
 def dataset2(
         dataset_model: typing.Callable, org2: dataall.db.models.Organization, env2: dataall.db.models.Environment
-) -> dataall.db.models.Dataset:
+) -> Dataset:
     yield dataset_model(
         organization=org2,
         environment=env2,
@@ -112,7 +112,7 @@ def tables2(table, dataset2):
 
 
 @pytest.fixture(scope="module", autouse=True)
-def table2(table: typing.Callable, dataset2: dataall.db.models.Dataset,
+def table2(table: typing.Callable, dataset2: Dataset,
            user2: dataall.db.models.User) -> DatasetTable:
     yield table(
         dataset=dataset2,
@@ -136,7 +136,7 @@ def share1_draft(
         user2,
         group2,
         share: typing.Callable,
-        dataset1: dataall.db.models.Dataset,
+        dataset1: Dataset,
         env2: dataall.db.models.Environment,
         env2group: dataall.db.models.EnvironmentGroup,
 ) -> dataall.db.models.ShareObject:
@@ -213,7 +213,7 @@ def share2_submitted(
         user2,
         group2,
         share: typing.Callable,
-        dataset1: dataall.db.models.Dataset,
+        dataset1: Dataset,
         env2: dataall.db.models.Environment,
         env2group: dataall.db.models.EnvironmentGroup,
 ) -> dataall.db.models.ShareObject:
@@ -288,7 +288,7 @@ def share3_processed(
         user2,
         group2,
         share: typing.Callable,
-        dataset1: dataall.db.models.Dataset,
+        dataset1: Dataset,
         env2: dataall.db.models.Environment,
         env2group: dataall.db.models.EnvironmentGroup,
 ) -> dataall.db.models.ShareObject:
@@ -360,7 +360,7 @@ def share3_item_shared(
 def share4_draft(
         user2,
         share: typing.Callable,
-        dataset1: dataall.db.models.Dataset,
+        dataset1: Dataset,
         env2: dataall.db.models.Environment,
         env2group: dataall.db.models.EnvironmentGroup,
 ) -> dataall.db.models.ShareObject:
diff --git a/tests/api/test_vote.py b/tests/api/test_vote.py
index fd05557cc..4701c5609 100644
--- a/tests/api/test_vote.py
+++ b/tests/api/test_vote.py
@@ -1,6 +1,7 @@
 import pytest
 
 from dataall.db import models
+from dataall.modules.datasets.db.models import Dataset
 
 
 @pytest.fixture(scope='module')
@@ -22,7 +23,7 @@ def env1(
 
 
 @pytest.fixture(scope='module', autouse=True)
-def dataset1(db, env1, org1, group, user, dataset) -> models.Dataset:
+def dataset1(db, env1, org1, group, user, dataset) -> Dataset:
     with db.scoped_session() as session:
         yield dataset(
             org=org1, env=env1, name='dataset1', owner=user.userName, group=group.name
diff --git a/tests/cdkproxy/conftest.py b/tests/cdkproxy/conftest.py
index c223f4a37..d1810bfef 100644
--- a/tests/cdkproxy/conftest.py
+++ b/tests/cdkproxy/conftest.py
@@ -1,7 +1,7 @@
 import pytest
 
 from dataall.db import models, api
-from dataall.modules.datasets.db.models import DatasetTable
+from dataall.modules.datasets.db.models import DatasetTable, Dataset
 
 
 @pytest.fixture(scope='module', autouse=True)
@@ -70,7 +70,7 @@ def another_group(db, env):
             environmentAthenaWorkGroup='workgroup',
         )
         session.add(env_group)
-        dataset = models.Dataset(
+        dataset = Dataset(
             label='thisdataset',
             environmentUri=env.environmentUri,
             organizationUri=env.organizationUri,
@@ -95,9 +95,9 @@ def another_group(db, env):
 
 
 @pytest.fixture(scope='module', autouse=True)
-def dataset(db, env: models.Environment) -> models.Dataset:
+def dataset(db, env: models.Environment) -> Dataset:
     with db.scoped_session() as session:
-        dataset = models.Dataset(
+        dataset = Dataset(
             label='thisdataset',
             environmentUri=env.environmentUri,
             organizationUri=env.organizationUri,
@@ -122,7 +122,7 @@ def dataset(db, env: models.Environment) -> models.Dataset:
 
 
 @pytest.fixture(scope='module', autouse=True)
-def table(db, dataset: models.Dataset) -> DatasetTable:
+def table(db, dataset: Dataset) -> DatasetTable:
     with db.scoped_session() as session:
         table = DatasetTable(
             label='thistable',
diff --git a/tests/db/test_permission.py b/tests/db/test_permission.py
index 289f59f0b..d40402836 100644
--- a/tests/db/test_permission.py
+++ b/tests/db/test_permission.py
@@ -4,6 +4,7 @@
 from dataall.api.constants import OrganisationUserRole
 from dataall.db import exceptions
 from dataall.db.models.Permission import PermissionType
+from dataall.modules.datasets.db.models import Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
 
 
@@ -116,7 +117,7 @@ def env(org, db, group):
 @pytest.fixture(scope='module', autouse=True)
 def dataset(org, env, db, group):
     with db.scoped_session() as session:
-        dataset = dataall.db.models.Dataset(
+        dataset = Dataset(
             organizationUri=org.organizationUri,
             environmentUri=env.environmentUri,
             label='label',
@@ -145,7 +146,7 @@ def test_attach_resource_policy(db, user, group, group_user, dataset, permission
             group=group.name,
             permissions=dataall.db.permissions.DATASET_WRITE,
             resource_uri=dataset.datasetUri,
-            resource_type=dataall.db.models.Dataset.__name__,
+            resource_type=Dataset.__name__,
         )
         assert dataall.db.api.ResourcePolicy.check_user_resource_permission(
             session=session,
diff --git a/tests/searchproxy/test_indexers.py b/tests/searchproxy/test_indexers.py
index 4fad9e6d2..9d91bcd9d 100644
--- a/tests/searchproxy/test_indexers.py
+++ b/tests/searchproxy/test_indexers.py
@@ -6,7 +6,7 @@
 from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
 from dataall.searchproxy import indexers
-from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable
+from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable, Dataset
 from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
 
 
@@ -49,7 +49,7 @@ def env(org, db):
 @pytest.fixture(scope='module', autouse=True)
 def dataset(org, env, db):
     with db.scoped_session() as session:
-        dataset = dataall.db.models.Dataset(
+        dataset = Dataset(
             organizationUri=org.organizationUri,
             environmentUri=env.environmentUri,
             label='label',
diff --git a/tests/tasks/conftest.py b/tests/tasks/conftest.py
index 267d3ef73..0ff919894 100644
--- a/tests/tasks/conftest.py
+++ b/tests/tasks/conftest.py
@@ -2,7 +2,7 @@
 
 from dataall.db import models
 from dataall.api import constants
-from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable
+from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable, Dataset
 
 
 @pytest.fixture(scope="module")
@@ -100,9 +100,9 @@ def factory(
         organization: models.Organization,
         environment: models.Environment,
         label: str,
-    ) -> models.Dataset:
+    ) -> Dataset:
         with db.scoped_session() as session:
-            dataset = models.Dataset(
+            dataset = Dataset(
                 organizationUri=organization.organizationUri,
                 environmentUri=environment.environmentUri,
                 label=label,
@@ -127,7 +127,7 @@ def factory(
 
 @pytest.fixture(scope="module")
 def location(db):
-    def factory(dataset: models.Dataset, label: str) -> DatasetStorageLocation:
+    def factory(dataset: Dataset, label: str) -> DatasetStorageLocation:
 
         with db.scoped_session() as session:
             ds_location = DatasetStorageLocation(
@@ -148,7 +148,7 @@ def factory(dataset: models.Dataset, label: str) -> DatasetStorageLocation:
 
 @pytest.fixture(scope='module')
 def table(db):
-    def factory(dataset: models.Dataset, label: str) -> DatasetTable:
+    def factory(dataset: Dataset, label: str) -> DatasetTable:
 
         with db.scoped_session() as session:
             table = DatasetTable(
@@ -172,7 +172,7 @@ def factory(dataset: models.Dataset, label: str) -> DatasetTable:
 @pytest.fixture(scope="module")
 def share(db):
     def factory(
-        dataset: models.Dataset,
+        dataset: Dataset,
         environment: models.Environment,
         env_group: models.EnvironmentGroup
     ) -> models.ShareObject:
diff --git a/tests/tasks/test_catalog_indexer.py b/tests/tasks/test_catalog_indexer.py
index 3944aed8b..32c8873e3 100644
--- a/tests/tasks/test_catalog_indexer.py
+++ b/tests/tasks/test_catalog_indexer.py
@@ -42,7 +42,7 @@ def env(org, db):
 @pytest.fixture(scope='module', autouse=True)
 def sync_dataset(org, env, db):
     with db.scoped_session() as session:
-        dataset = dataall.db.models.Dataset(
+        dataset = Dataset(
             organizationUri=org.organizationUri,
             environmentUri=env.environmentUri,
             label='label',
diff --git a/tests/tasks/test_lf_share_manager.py b/tests/tasks/test_lf_share_manager.py
index 1ff99ba43..89373d96e 100644
--- a/tests/tasks/test_lf_share_manager.py
+++ b/tests/tasks/test_lf_share_manager.py
@@ -10,7 +10,7 @@
 
 from dataall.db import models
 from dataall.api import constants
-from dataall.modules.datasets.db.models import DatasetTable
+from dataall.modules.datasets.db.models import DatasetTable, Dataset
 
 from dataall.tasks.data_sharing.share_processors.lf_process_cross_account_share import ProcessLFCrossAccountShare
 from dataall.tasks.data_sharing.share_processors.lf_process_same_account_share import ProcessLFSameAccountShare
@@ -86,7 +86,7 @@ def target_environment_group(environment_group: Callable, target_environment: mo
 
 
 @pytest.fixture(scope="module")
-def dataset1(dataset: Callable, org1: models.Organization, source_environment: models.Environment) -> models.Dataset:
+def dataset1(dataset: Callable, org1: models.Organization, source_environment: models.Environment) -> Dataset:
     yield dataset(
         organization=org1,
         environment=source_environment,
@@ -95,7 +95,7 @@ def dataset1(dataset: Callable, org1: models.Organization, source_environment: m
 
 
 @pytest.fixture(scope="module")
-def table1(table: Callable, dataset1: models.Dataset) -> DatasetTable:
+def table1(table: Callable, dataset1: Dataset) -> DatasetTable:
     yield table(
         dataset=dataset1,
         label="table1"
@@ -103,7 +103,7 @@ def table1(table: Callable, dataset1: models.Dataset) -> DatasetTable:
 
 
 @pytest.fixture(scope="module")
-def table2(table: Callable, dataset1: models.Dataset) -> DatasetTable:
+def table2(table: Callable, dataset1: Dataset) -> DatasetTable:
     yield table(
         dataset=dataset1,
         label="table2"
@@ -112,7 +112,7 @@ def table2(table: Callable, dataset1: models.Dataset) -> DatasetTable:
 
 @pytest.fixture(scope="module")
 def share_same_account(
-        share: Callable, dataset1: models.Dataset, source_environment: models.Environment,
+        share: Callable, dataset1: Dataset, source_environment: models.Environment,
         source_environment_group_requesters: models.EnvironmentGroup) -> models.ShareObject:
     yield share(
         dataset=dataset1,
@@ -123,7 +123,7 @@ def share_same_account(
 
 @pytest.fixture(scope="module")
 def share_cross_account(
-        share: Callable, dataset1: models.Dataset, target_environment: models.Environment,
+        share: Callable, dataset1: Dataset, target_environment: models.Environment,
         target_environment_group: models.EnvironmentGroup) -> models.ShareObject:
     yield share(
         dataset=dataset1,
@@ -209,7 +209,7 @@ def test_init(processor_same_account, processor_cross_account):
 def test_build_shared_db_name(
         processor_same_account: ProcessLFSameAccountShare,
         processor_cross_account: ProcessLFCrossAccountShare,
-        dataset1: models.Dataset,
+        dataset1: Dataset,
         share_same_account: models.ShareObject,
         share_cross_account: models.ShareObject,
 ):
@@ -241,7 +241,7 @@ def test_create_shared_database(
         share_cross_account: models.ShareObject,
         source_environment: models.Environment,
         target_environment: models.Environment,
-        dataset1: models.Dataset,
+        dataset1: Dataset,
         mocker,
 ):
     create_db_mock = mocker.patch(
@@ -332,7 +332,7 @@ def test_build_share_data(
         share_cross_account: models.ShareObject,
         source_environment: models.Environment,
         target_environment: models.Environment,
-        dataset1: models.Dataset,
+        dataset1: Dataset,
         table1: DatasetTable,
 ):
     data_same_account = {
@@ -380,7 +380,7 @@ def test_create_resource_link(
         share_cross_account: models.ShareObject,
         source_environment: models.Environment,
         target_environment: models.Environment,
-        dataset1: models.Dataset,
+        dataset1: Dataset,
         table1: DatasetTable,
         mocker,
 ):
@@ -463,7 +463,7 @@ def test_revoke_table_resource_link_access(
         share_cross_account: models.ShareObject,
         source_environment: models.Environment,
         target_environment: models.Environment,
-        dataset1: models.Dataset,
+        dataset1: Dataset,
         table2: DatasetTable,
         mocker,
 ):
@@ -511,7 +511,7 @@ def test_revoke_source_table_access(
         share_cross_account: models.ShareObject,
         source_environment: models.Environment,
         target_environment: models.Environment,
-        dataset1: models.Dataset,
+        dataset1: Dataset,
         table2: DatasetTable,
         mocker,
 ):
@@ -554,7 +554,7 @@ def test_delete_resource_link_table(
         share_cross_account: models.ShareObject,
         source_environment: models.Environment,
         target_environment: models.Environment,
-        dataset1: models.Dataset,
+        dataset1: Dataset,
         table2: DatasetTable,
         mocker,
 ):
@@ -596,7 +596,7 @@ def test_delete_shared_database(
         share_cross_account: models.ShareObject,
         source_environment: models.Environment,
         target_environment: models.Environment,
-        dataset1: models.Dataset,
+        dataset1: Dataset,
         table1: DatasetTable,
         mocker,
 ):
@@ -625,7 +625,7 @@ def test_revoke_external_account_access_on_source_account(
         share_cross_account: models.ShareObject,
         source_environment: models.Environment,
         target_environment: models.Environment,
-        dataset1: models.Dataset,
+        dataset1: Dataset,
         table1: DatasetTable,
         table2: DatasetTable,
         mocker,
diff --git a/tests/tasks/test_policies.py b/tests/tasks/test_policies.py
index ca8c259c6..c1018b35f 100644
--- a/tests/tasks/test_policies.py
+++ b/tests/tasks/test_policies.py
@@ -1,5 +1,5 @@
 from dataall.api.constants import OrganisationUserRole
-from dataall.modules.datasets.db.models import DatasetTable
+from dataall.modules.datasets.db.models import DatasetTable, Dataset
 from dataall.tasks.bucket_policy_updater import BucketPoliciesUpdater
 import pytest
 import dataall
@@ -44,7 +44,7 @@ def env(org, db):
 @pytest.fixture(scope='module', autouse=True)
 def sync_dataset(org, env, db):
     with db.scoped_session() as session:
-        dataset = dataall.db.models.Dataset(
+        dataset = Dataset(
             organizationUri=org.organizationUri,
             environmentUri=env.environmentUri,
             label='label',
diff --git a/tests/tasks/test_s3_share_manager.py b/tests/tasks/test_s3_share_manager.py
index 14f61fefd..549ed8afb 100644
--- a/tests/tasks/test_s3_share_manager.py
+++ b/tests/tasks/test_s3_share_manager.py
@@ -7,8 +7,7 @@
 
 from dataall.tasks.data_sharing.share_managers.s3_share_manager import S3ShareManager
 from dataall.utils.alarm_service import AlarmService
-from dataall.modules.datasets.db.models import DatasetStorageLocation
-
+from dataall.modules.datasets.db.models import DatasetStorageLocation, Dataset
 
 SOURCE_ENV_ACCOUNT = "111111111111"
 SOURCE_ENV_ROLE_NAME = "dataall-ProducerEnvironment-i6v1v1c2"
@@ -69,12 +68,12 @@ def dataset1(dataset: Callable, org1: models.Organization, source_environment: m
 
 
 @pytest.fixture(scope="module")
-def location1(location: Callable, dataset1: models.Dataset) -> DatasetStorageLocation:
+def location1(location: Callable, dataset1: Dataset) -> DatasetStorageLocation:
     yield location(dataset1, "location1")
 
 
 @pytest.fixture(scope="module")
-def share1(share: Callable, dataset1: models.Dataset, 
+def share1(share: Callable, dataset1: Dataset,
            target_environment: models.Environment,
            target_environment_group: models.EnvironmentGroup) -> models.ShareObject:
     share1 = share(dataset1, target_environment, target_environment_group)
@@ -380,7 +379,7 @@ def test_grant_target_role_access_policy_test_no_policy(
     mocker,
     source_environment_group: models.EnvironmentGroup,
     target_environment_group: models.EnvironmentGroup,
-    dataset1: models.Dataset,
+    dataset1: Dataset,
     db,
     share1: models.ShareObject,
     share_item_folder1: models.ShareObjectItem,
@@ -442,7 +441,7 @@ def test_update_dataset_bucket_key_policy_with_env_admin(
     mocker,
     source_environment_group: models.EnvironmentGroup,
     target_environment_group: models.EnvironmentGroup,
-    dataset1: models.Dataset,
+    dataset1: Dataset,
     db,
     share1: models.ShareObject,
     share_item_folder1: models.ShareObjectItem,
@@ -559,7 +558,7 @@ def test_update_dataset_bucket_key_policy_without_env_admin(
     mocker,
     source_environment_group: models.EnvironmentGroup,
     target_environment_group: models.EnvironmentGroup,
-    dataset1: models.Dataset,
+    dataset1: Dataset,
     db,
     share1: models.ShareObject,
     share_item_folder1: models.ShareObjectItem,
@@ -639,7 +638,7 @@ def test_manage_access_point_and_policy_1(
     mocker,
     source_environment_group: models.EnvironmentGroup,
     target_environment_group: models.EnvironmentGroup,
-    dataset1: models.Dataset,
+    dataset1: Dataset,
     db,
     share1: models.ShareObject,
     share_item_folder1: models.ShareObjectItem,
@@ -730,7 +729,7 @@ def test_manage_access_point_and_policy_2(
     mocker,
     source_environment_group: models.EnvironmentGroup,
     target_environment_group: models.EnvironmentGroup,
-    dataset1: models.Dataset,
+    dataset1: Dataset,
     db,
     share1: models.ShareObject,
     share_item_folder1: models.ShareObjectItem,
@@ -804,7 +803,7 @@ def test_manage_access_point_and_policy_3(
     mocker,
     source_environment_group: models.EnvironmentGroup,
     target_environment_group: models.EnvironmentGroup,
-    dataset1: models.Dataset,
+    dataset1: Dataset,
     db,
     share1: models.ShareObject,
     share_item_folder1: models.ShareObjectItem,
@@ -875,7 +874,7 @@ def test_delete_access_point_policy_with_env_admin_one_prefix(
     mocker,
     source_environment_group: models.EnvironmentGroup,
     target_environment_group: models.EnvironmentGroup,
-    dataset1: models.Dataset,
+    dataset1: Dataset,
     db,
     share1: models.ShareObject,
     share_item_folder1: models.ShareObjectItem,
@@ -947,7 +946,7 @@ def test_delete_access_point_policy_with_env_admin_multiple_prefix(
     mocker,
     source_environment_group: models.EnvironmentGroup,
     target_environment_group: models.EnvironmentGroup,
-    dataset1: models.Dataset,
+    dataset1: Dataset,
     db,
     share1: models.ShareObject,
     share_item_folder1: models.ShareObjectItem,
@@ -1014,7 +1013,7 @@ def test_dont_delete_access_point_with_policy(
     mocker,
     source_environment_group: models.EnvironmentGroup,
     target_environment_group: models.EnvironmentGroup,
-    dataset1: models.Dataset,
+    dataset1: Dataset,
     db,
     share1: models.ShareObject,
     share_item_folder1: models.ShareObjectItem,
@@ -1060,7 +1059,7 @@ def test_delete_access_point_without_policy(
     mocker,
     source_environment_group: models.EnvironmentGroup,
     target_environment_group: models.EnvironmentGroup,
-    dataset1: models.Dataset,
+    dataset1: Dataset,
     db,
     share1: models.ShareObject,
     share_item_folder1: models.ShareObjectItem,
@@ -1106,7 +1105,7 @@ def test_delete_target_role_access_policy_no_remaining_statement(
     mocker,
     source_environment_group: models.EnvironmentGroup,
     target_environment_group: models.EnvironmentGroup,
-    dataset1: models.Dataset,
+    dataset1: Dataset,
     db,
     share1: models.ShareObject,
     share_item_folder1: models.ShareObjectItem,
@@ -1171,7 +1170,7 @@ def test_delete_target_role_access_policy_with_remaining_statement(
     mocker,
     source_environment_group: models.EnvironmentGroup,
     target_environment_group: models.EnvironmentGroup,
-    dataset1: models.Dataset,
+    dataset1: Dataset,
     db,
     share1: models.ShareObject,
     share_item_folder1: models.ShareObjectItem,
@@ -1257,7 +1256,7 @@ def test_delete_dataset_bucket_key_policy_existing_policy_with_additional_target
     mocker,
     source_environment_group: models.EnvironmentGroup,
     target_environment_group: models.EnvironmentGroup,
-    dataset1: models.Dataset,
+    dataset1: Dataset,
     db,
     share1: models.ShareObject,
     share_item_folder1: models.ShareObjectItem,
@@ -1348,7 +1347,7 @@ def test_delete_dataset_bucket_key_policy_existing_policy_with_no_additional_tar
     mocker,
     source_environment_group: models.EnvironmentGroup,
     target_environment_group: models.EnvironmentGroup,
-    dataset1: models.Dataset,
+    dataset1: Dataset,
     db,
     share1: models.ShareObject,
     share_item_folder1: models.ShareObjectItem,
diff --git a/tests/tasks/test_stacks_updater.py b/tests/tasks/test_stacks_updater.py
index 1bc63c3c3..5bd095a91 100644
--- a/tests/tasks/test_stacks_updater.py
+++ b/tests/tasks/test_stacks_updater.py
@@ -1,6 +1,7 @@
 import pytest
 import dataall
 from dataall.api.constants import OrganisationUserRole
+from dataall.modules.datasets.db.models import Dataset
 
 
 @pytest.fixture(scope='module', autouse=True)
@@ -42,7 +43,7 @@ def env(org, db):
 @pytest.fixture(scope='module', autouse=True)
 def sync_dataset(org, env, db):
     with db.scoped_session() as session:
-        dataset = dataall.db.models.Dataset(
+        dataset = Dataset(
             organizationUri=org.organizationUri,
             environmentUri=env.environmentUri,
             label='label',
diff --git a/tests/tasks/test_subscriptions.py b/tests/tasks/test_subscriptions.py
index 61c70d174..11c255db2 100644
--- a/tests/tasks/test_subscriptions.py
+++ b/tests/tasks/test_subscriptions.py
@@ -2,7 +2,7 @@
 
 import dataall
 from dataall.api.constants import OrganisationUserRole
-from dataall.modules.datasets.db.models import DatasetTable
+from dataall.modules.datasets.db.models import DatasetTable, Dataset
 
 
 @pytest.fixture(scope='module')
@@ -65,7 +65,7 @@ def otherenv(org, db):
 @pytest.fixture(scope='module')
 def dataset(org, env, db):
     with db.scoped_session() as session:
-        dataset = dataall.db.models.Dataset(
+        dataset = Dataset(
             organizationUri=org.organizationUri,
             environmentUri=env.environmentUri,
             label='label',
@@ -88,7 +88,7 @@ def dataset(org, env, db):
 
 @pytest.fixture(scope='module')
 def share(
-    dataset: dataall.db.models.Dataset,
+    dataset: Dataset,
     db: dataall.db.Engine,
     otherenv: dataall.db.models.Environment,
 ):
diff --git a/tests/tasks/test_tables_sync.py b/tests/tasks/test_tables_sync.py
index ff6f8271e..5d0322f94 100644
--- a/tests/tasks/test_tables_sync.py
+++ b/tests/tasks/test_tables_sync.py
@@ -1,7 +1,7 @@
 import pytest
 import dataall
 from dataall.api.constants import OrganisationUserRole
-from dataall.modules.datasets.db.models import DatasetTable
+from dataall.modules.datasets.db.models import DatasetTable, Dataset
 
 
 @pytest.fixture(scope='module', autouse=True)
@@ -44,7 +44,7 @@ def env(org, db):
 @pytest.fixture(scope='module', autouse=True)
 def sync_dataset(org, env, db):
     with db.scoped_session() as session:
-        dataset = dataall.db.models.Dataset(
+        dataset = Dataset(
             organizationUri=org.organizationUri,
             environmentUri=env.environmentUri,
             label='label',

From d05196f057bdc3ab2fad5edd6e47dd6a6ade5198 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 24 Apr 2023 17:27:53 +0200
Subject: [PATCH 079/346] Moved a part of the code from deploying dataset stack

---
 backend/dataall/api/Objects/Stack/stack_helper.py | 11 -----------
 .../modules/datasets/api/dataset/resolvers.py     | 15 ++++++++++++---
 2 files changed, 12 insertions(+), 14 deletions(-)

diff --git a/backend/dataall/api/Objects/Stack/stack_helper.py b/backend/dataall/api/Objects/Stack/stack_helper.py
index 5ffffb790..780dc30cf 100644
--- a/backend/dataall/api/Objects/Stack/stack_helper.py
+++ b/backend/dataall/api/Objects/Stack/stack_helper.py
@@ -3,7 +3,6 @@
 import requests
 
 from .... import db
-from ....api.context import Context
 from ....aws.handlers.service_handlers import Worker
 from ....aws.handlers.ecs import Ecs
 from ....db import models
@@ -11,7 +10,6 @@
 
 from dataall.core.config import config
 from dataall.core.context import get_context
-from dataall.modules.datasets.db.models import Dataset
 
 
 def get_stack_with_cfn_resources(targetUri: str, environmentUri: str):
@@ -85,15 +83,6 @@ def deploy_stack(targetUri):
         return stack
 
 
-def deploy_dataset_stack(dataset: Dataset):
-    """
-    Each dataset stack deployment triggers environment stack update
-    to rebuild teams IAM roles data access policies
-    """
-    deploy_stack(dataset.datasetUri)
-    deploy_stack(dataset.environmentUri)
-
-
 def delete_stack(
     target_uri, accountid, cdk_role_arn, region
 ):
diff --git a/backend/dataall/modules/datasets/api/dataset/resolvers.py b/backend/dataall/modules/datasets/api/dataset/resolvers.py
index 29b5fdc43..87523deab 100644
--- a/backend/dataall/modules/datasets/api/dataset/resolvers.py
+++ b/backend/dataall/modules/datasets/api/dataset/resolvers.py
@@ -41,7 +41,7 @@ def create_dataset(context: Context, source, input=None):
             session=session, dataset_uri=dataset.datasetUri
         )
 
-    stack_helper.deploy_dataset_stack(dataset)
+    _deploy_dataset_stack(dataset)
 
     dataset.userRoleForDataset = DatasetRole.Creator.value
 
@@ -79,7 +79,7 @@ def import_dataset(context: Context, source, input=None):
             session=session, dataset_uri=dataset.datasetUri
         )
 
-    stack_helper.deploy_dataset_stack(dataset)
+    _deploy_dataset_stack(dataset)
 
     dataset.userRoleForDataset = DatasetRole.Creator.value
 
@@ -225,7 +225,7 @@ def update_dataset(context, source, datasetUri: str = None, input: dict = None):
         )
         DatasetIndexer.upsert(session, dataset_uri=datasetUri)
 
-    stack_helper.deploy_dataset_stack(updated_dataset)
+    _deploy_dataset_stack(updated_dataset)
 
     return updated_dataset
 
@@ -639,3 +639,12 @@ def resolve_redshift_copy_enabled(context, source: Dataset, clusterUri: str):
         return db.api.RedshiftCluster.get_cluster_dataset(
             session, clusterUri, source.datasetUri
         ).datasetCopyEnabled
+
+
+def _deploy_dataset_stack(dataset: Dataset):
+    """
+    Each dataset stack deployment triggers environment stack update
+    to rebuild teams IAM roles data access policies
+    """
+    stack_helper.deploy_stack(dataset.datasetUri)
+    stack_helper.deploy_stack(dataset.environmentUri)

From 8b2accb622e4dae7aa82b0b3f25ed86c5a3406ee Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 25 Apr 2023 11:10:02 +0200
Subject: [PATCH 080/346] Moved a SNS dataset handler

---
 .../datasets/handlers/sns_dataset_handler.py}          | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)
 rename backend/dataall/{aws/handlers/sns.py => modules/datasets/handlers/sns_dataset_handler.py} (90%)

diff --git a/backend/dataall/aws/handlers/sns.py b/backend/dataall/modules/datasets/handlers/sns_dataset_handler.py
similarity index 90%
rename from backend/dataall/aws/handlers/sns.py
rename to backend/dataall/modules/datasets/handlers/sns_dataset_handler.py
index 0dcd72414..006c4023d 100644
--- a/backend/dataall/aws/handlers/sns.py
+++ b/backend/dataall/modules/datasets/handlers/sns_dataset_handler.py
@@ -3,16 +3,16 @@
 
 from botocore.exceptions import ClientError
 
-from .service_handlers import Worker
-from .sts import SessionHelper
-from ... import db
-from ...db import models
+from dataall.aws.handlers.service_handlers import Worker
+from dataall.aws.handlers.sts import SessionHelper
+from dataall import db
+from dataall.db import models
 from dataall.modules.datasets.services.dataset_service import DatasetService
 
 logger = logging.getLogger(__name__)
 
 
-class Sns:
+class SnsDatasetHandler:
     def __init__(self):
         pass
 

From 2cd19d2377e3c3041ccc0a50a31cf0ff831a6042 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 25 Apr 2023 11:57:41 +0200
Subject: [PATCH 081/346] Moved a method from Glue client to LF client

---
 .../modules/datasets/aws/glue_table_client.py |  2 +-
 .../modules/datasets/aws/lf_table_client.py   | 41 +++++++++++++++++--
 .../datasets/handlers/glue_column_handler.py  |  6 +--
 .../modules/datasets/tasks/tables_syncer.py   |  4 +-
 4 files changed, 44 insertions(+), 9 deletions(-)

diff --git a/backend/dataall/modules/datasets/aws/glue_table_client.py b/backend/dataall/modules/datasets/aws/glue_table_client.py
index 78f3e4485..2b0f1c5c4 100644
--- a/backend/dataall/modules/datasets/aws/glue_table_client.py
+++ b/backend/dataall/modules/datasets/aws/glue_table_client.py
@@ -2,7 +2,7 @@
 
 from botocore.exceptions import ClientError
 
-from dataall.db.models import DatasetTable
+from dataall.modules.datasets.db.models import DatasetTable
 
 log = logging.getLogger(__name__)
 
diff --git a/backend/dataall/modules/datasets/aws/lf_table_client.py b/backend/dataall/modules/datasets/aws/lf_table_client.py
index f978e0e73..239d4b194 100644
--- a/backend/dataall/modules/datasets/aws/lf_table_client.py
+++ b/backend/dataall/modules/datasets/aws/lf_table_client.py
@@ -2,7 +2,7 @@
 from botocore.exceptions import ClientError
 
 from dataall.aws.handlers.sts import SessionHelper
-from dataall.db.models import DatasetTable
+from dataall.modules.datasets.db.models import DatasetTable
 
 log = logging.getLogger(__name__)
 
@@ -10,8 +10,10 @@
 class LakeFormationTableClient:
     """Requests to AWS LakeFormation"""
 
-    def __init__(self, aws_session, table: DatasetTable):
-        self._client = aws_session.client('lakeformation', region_name=table.reg)
+    def __init__(self, table: DatasetTable, aws_session=None):
+        if not aws_session:
+            aws_session = SessionHelper.remote_session(table.AWSAccountId)
+        self._client = aws_session.client('lakeformation', region_name=table.region)
         self._table = table
 
     def grant_pivot_role_all_table_permissions(self):
@@ -51,3 +53,36 @@ def grant_pivot_role_all_table_permissions(self):
                 f'access: {e}'
             )
             raise e
+
+    def grant_principals_all_table_permissions(self, principals: [str]):
+        """
+        Update the table permissions on Lake Formation
+        for tables managed by data.all
+        :param principals:
+        :return:
+        """
+        table = self._table
+        for principal in principals:
+            try:
+                grant_dict = dict(
+                    Principal={'DataLakePrincipalIdentifier': principal},
+                    Resource={
+                        'Table': {
+                            'DatabaseName': table.GlueDatabaseName,
+                            'Name': table.name,
+                        }
+                    },
+                    Permissions=['ALL'],
+                )
+                response = self._table.grant_permissions(**grant_dict)
+                log.error(
+                    f'Successfully granted principals {principals} all permissions on table '
+                    f'aws://{table.AWSAccountId}/{table.GlueDatabaseName}/{table.name} '
+                    f'access: {response}'
+                )
+            except ClientError as e:
+                log.error(
+                    f'Failed to grant admin roles {principals} all permissions on table '
+                    f'aws://{table.AWSAccountId}/{table.GlueDatabaseName}/{table.name} '
+                    f'access: {e}'
+                )
diff --git a/backend/dataall/modules/datasets/handlers/glue_column_handler.py b/backend/dataall/modules/datasets/handlers/glue_column_handler.py
index c8a5cb848..59dca4528 100644
--- a/backend/dataall/modules/datasets/handlers/glue_column_handler.py
+++ b/backend/dataall/modules/datasets/handlers/glue_column_handler.py
@@ -18,7 +18,7 @@ class DatasetColumnGlueHandler:
     @Worker.handler('glue.table.columns')
     def get_table_columns(engine, task: models.Task):
         with engine.scoped_session() as session:
-            dataset_table: models.DatasetTable = session.query(models.DatasetTable).get(
+            dataset_table: DatasetTable = session.query(DatasetTable).get(
                 task.targetUri
             )
             aws = SessionHelper.remote_session(dataset_table.AWSAccountId)
@@ -34,11 +34,11 @@ def get_table_columns(engine, task: models.Task):
     def update_table_columns(engine, task: models.Task):
         with engine.scoped_session() as session:
             column: DatasetTableColumn = session.query(DatasetTableColumn).get(task.targetUri)
-            table: DatasetTable = session.query(models.DatasetTable).get(column.tableUri)
+            table: DatasetTable = session.query(DatasetTable).get(column.tableUri)
 
             aws_session = SessionHelper.remote_session(table.AWSAccountId)
 
-            LakeFormationTableClient(aws_session, table).grant_pivot_role_all_table_permissions()
+            LakeFormationTableClient(table, aws_session).grant_pivot_role_all_table_permissions()
             glue_client = GlueTableClient(aws_session, table)
             original_table = glue_client.get_table()
             updated_table = {
diff --git a/backend/dataall/modules/datasets/tasks/tables_syncer.py b/backend/dataall/modules/datasets/tasks/tables_syncer.py
index f382d65a4..c17951916 100644
--- a/backend/dataall/modules/datasets/tasks/tables_syncer.py
+++ b/backend/dataall/modules/datasets/tasks/tables_syncer.py
@@ -8,6 +8,7 @@
 from dataall.aws.handlers.sts import SessionHelper
 from dataall.db import get_engine
 from dataall.db import models
+from dataall.modules.datasets.aws.lf_table_client import LakeFormationTableClient
 from dataall.modules.datasets.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
 from dataall.modules.datasets.services.dataset_service import DatasetService
@@ -76,8 +77,7 @@ def sync_tables(engine):
                     log.info('Updating tables permissions on Lake Formation...')
 
                     for table in tables:
-                        Glue.grant_principals_all_table_permissions(
-                            table,
+                        LakeFormationTableClient(table).grant_principals_all_table_permissions(
                             principals=[
                                 SessionHelper.get_delegation_role_arn(env.AwsAccountId),
                                 env.EnvironmentDefaultIAMRoleArn,

From 741238d8f68ea8a09440661c3fd3379b4208bd96 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 25 Apr 2023 12:06:20 +0200
Subject: [PATCH 082/346] Extracted the common part of the code

---
 .../modules/datasets/aws/lf_table_client.py   | 60 +++++++------------
 1 file changed, 21 insertions(+), 39 deletions(-)

diff --git a/backend/dataall/modules/datasets/aws/lf_table_client.py b/backend/dataall/modules/datasets/aws/lf_table_client.py
index 239d4b194..8caff5073 100644
--- a/backend/dataall/modules/datasets/aws/lf_table_client.py
+++ b/backend/dataall/modules/datasets/aws/lf_table_client.py
@@ -24,21 +24,36 @@ def grant_pivot_role_all_table_permissions(self):
         :param table:
         :return:
         """
+        table = self._table
+        principal = SessionHelper.get_delegation_role_arn(table.AWSAccountId)
+        self._grant_permissions_to_table(principal, ['SELECT', 'ALTER', 'DROP', 'INSERT'])
+
+    def grant_principals_all_table_permissions(self, principals: [str]):
+        """
+        Update the table permissions on Lake Formation
+        for tables managed by data.all
+        :param principals:
+        :return:
+        """
+
+        for principal in principals:
+            try:
+                self._grant_permissions_to_table(principal, ['ALL'])
+            except ClientError:
+                pass  # ignore the error to continue with other requests
+
+    def _grant_permissions_to_table(self, principal, permissions):
         table = self._table
         try:
             grant_dict = dict(
-                Principal={
-                    'DataLakePrincipalIdentifier': SessionHelper.get_delegation_role_arn(
-                        table.AWSAccountId
-                    )
-                },
+                Principal={'DataLakePrincipalIdentifier': principal},
                 Resource={
                     'Table': {
                         'DatabaseName': table.GlueDatabaseName,
                         'Name': table.name,
                     }
                 },
-                Permissions=['SELECT', 'ALTER', 'DROP', 'INSERT'],
+                Permissions=permissions,
             )
             response = self._client.grant_permissions(**grant_dict)
             log.error(
@@ -53,36 +68,3 @@ def grant_pivot_role_all_table_permissions(self):
                 f'access: {e}'
             )
             raise e
-
-    def grant_principals_all_table_permissions(self, principals: [str]):
-        """
-        Update the table permissions on Lake Formation
-        for tables managed by data.all
-        :param principals:
-        :return:
-        """
-        table = self._table
-        for principal in principals:
-            try:
-                grant_dict = dict(
-                    Principal={'DataLakePrincipalIdentifier': principal},
-                    Resource={
-                        'Table': {
-                            'DatabaseName': table.GlueDatabaseName,
-                            'Name': table.name,
-                        }
-                    },
-                    Permissions=['ALL'],
-                )
-                response = self._table.grant_permissions(**grant_dict)
-                log.error(
-                    f'Successfully granted principals {principals} all permissions on table '
-                    f'aws://{table.AWSAccountId}/{table.GlueDatabaseName}/{table.name} '
-                    f'access: {response}'
-                )
-            except ClientError as e:
-                log.error(
-                    f'Failed to grant admin roles {principals} all permissions on table '
-                    f'aws://{table.AWSAccountId}/{table.GlueDatabaseName}/{table.name} '
-                    f'access: {e}'
-                )

From 81e764693111cd1389e115c854dd60223946079c Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 25 Apr 2023 12:25:53 +0200
Subject: [PATCH 083/346] Extracted dataset part from Glue

---
 backend/dataall/aws/handlers/glue.py          | 179 ------------------
 .../datasets/handlers/glue_dataset_handler.py | 149 +++++++++++++++
 2 files changed, 149 insertions(+), 179 deletions(-)
 create mode 100644 backend/dataall/modules/datasets/handlers/glue_dataset_handler.py

diff --git a/backend/dataall/aws/handlers/glue.py b/backend/dataall/aws/handlers/glue.py
index ba4d2a37c..bbfffff8b 100644
--- a/backend/dataall/aws/handlers/glue.py
+++ b/backend/dataall/aws/handlers/glue.py
@@ -5,8 +5,6 @@
 from .service_handlers import Worker
 from .sts import SessionHelper
 from ...db import models
-from dataall.modules.datasets.db.models import DatasetTable, Dataset
-from dataall.modules.datasets.services.dataset_service import DatasetService
 
 log = logging.getLogger('aws:glue')
 
@@ -370,142 +368,6 @@ def batch_delete_tables(**data):
             )
             raise e
 
-    @staticmethod
-    @Worker.handler(path='glue.dataset.crawler.create')
-    def create_crawler(engine, task: models.Task):
-        with engine.scoped_session() as session:
-            dataset: Dataset = DatasetService.get_dataset_by_uri(
-                session, task.targetUri
-            )
-            location = task.payload.get('location')
-            Glue.create_glue_crawler(
-                **{
-                    'crawler_name': f'{dataset.GlueDatabaseName}-{location}'[:52],
-                    'region': dataset.region,
-                    'accountid': dataset.AwsAccountId,
-                    'database': dataset.GlueDatabaseName,
-                    'location': location or f's3://{dataset.S3BucketName}',
-                }
-            )
-
-    @staticmethod
-    def create_glue_crawler(**data):
-        try:
-            accountid = data['accountid']
-            database = data.get('database')
-            session = SessionHelper.remote_session(accountid=accountid)
-            glue = session.client('glue', region_name=data.get('region', 'eu-west-1'))
-            crawler_name = data.get('crawler_name')
-            targets = {'S3Targets': [{'Path': data.get('location')}]}
-            crawler = Glue._get_crawler(glue, crawler_name)
-            if crawler:
-                Glue._update_existing_crawler(
-                    glue, accountid, crawler_name, targets, database
-                )
-            else:
-                crawler = glue.create_crawler(
-                    Name=crawler_name,
-                    Role=SessionHelper.get_delegation_role_arn(accountid=accountid),
-                    DatabaseName=database,
-                    Targets=targets,
-                    Tags=data.get('tags', {'Application': 'dataall'}),
-                )
-
-            glue.start_crawler(Name=crawler_name)
-            log.info('Crawler %s started ', crawler_name)
-            return crawler
-        except ClientError as e:
-            log.error('Failed to create Crawler due to %s', e)
-
-    @staticmethod
-    def get_glue_crawler(data):
-        try:
-            accountid = data['accountid']
-            session = SessionHelper.remote_session(accountid=accountid)
-            glue = session.client('glue', region_name=data.get('region', 'eu-west-1'))
-            crawler_name = data.get('crawler_name')
-            crawler = Glue._get_crawler(glue, crawler_name)
-            return crawler
-        except ClientError as e:
-            log.error('Failed to find Crawler due to %s', e)
-            raise e
-
-    @staticmethod
-    @Worker.handler(path='glue.crawler.start')
-    def start_crawler(engine, task: models.Task):
-        with engine.scoped_session() as session:
-            dataset: Dataset = DatasetService.get_dataset_by_uri(
-                session, task.targetUri
-            )
-            location = task.payload.get('location')
-            return Glue.start_glue_crawler(
-                {
-                    'crawler_name': dataset.GlueCrawlerName,
-                    'region': dataset.region,
-                    'accountid': dataset.AwsAccountId,
-                    'database': dataset.GlueDatabaseName,
-                    'location': location,
-                }
-            )
-
-    @staticmethod
-    def start_glue_crawler(data):
-        try:
-            accountid = data['accountid']
-            crawler_name = data['crawler_name']
-            database = data['database']
-            targets = {'S3Targets': [{'Path': data.get('location')}]}
-            session = SessionHelper.remote_session(accountid=accountid)
-            glue = session.client('glue', region_name=data.get('region', 'eu-west-1'))
-            if data.get('location'):
-                Glue._update_existing_crawler(
-                    glue, accountid, crawler_name, targets, database
-                )
-            crawler = Glue._get_crawler(glue, crawler_name)
-            glue.start_crawler(Name=crawler_name)
-            log.info('Crawler %s started ', crawler_name)
-            return crawler
-        except ClientError as e:
-            log.error('Failed to start Crawler due to %s', e)
-            raise e
-
-    @staticmethod
-    def _get_crawler(glue, crawler_name):
-        crawler = None
-        try:
-            crawler = glue.get_crawler(Name=crawler_name)
-        except ClientError as e:
-            if e.response['Error']['Code'] == 'EntityNotFoundException':
-                log.debug(f'Crawler does not exists {crawler_name} %s', e)
-            else:
-                raise e
-        return crawler.get('Crawler') if crawler else None
-
-    @staticmethod
-    def _update_existing_crawler(glue, accountid, crawler_name, targets, database):
-        try:
-            glue.stop_crawler(Name=crawler_name)
-        except ClientError as e:
-            if (
-                e.response['Error']['Code'] == 'CrawlerStoppingException'
-                or e.response['Error']['Code'] == 'CrawlerNotRunningException'
-            ):
-                log.error('Failed to stop crawler %s', e)
-        try:
-            glue.update_crawler(
-                Name=crawler_name,
-                Role=SessionHelper.get_delegation_role_arn(accountid=accountid),
-                DatabaseName=database,
-                Targets=targets,
-            )
-            log.info('Crawler %s updated ', crawler_name)
-        except ClientError as e:
-            log.debug('Failed to stop and update crawler %s', e)
-            if e.response['Error']['Code'] != 'CrawlerRunningException':
-                log.error('Failed to update crawler %s', e)
-            else:
-                raise e
-
     @staticmethod
     @Worker.handler(path='glue.job.runs')
     def get_job_runs(engine, task: models.Task):
@@ -522,44 +384,3 @@ def get_job_runs(engine, task: models.Task):
                 log.warning(f'Could not retrieve pipeline runs , {str(e)}')
                 return []
             return response['JobRuns']
-
-    @staticmethod
-    def grant_principals_all_table_permissions(
-        table: DatasetTable, principals: [str], client=None
-    ):
-        """
-        Update the table permissions on Lake Formation
-        for tables managed by data.all
-        :param principals:
-        :param table:
-        :param client:
-        :return:
-        """
-        if not client:
-            client = SessionHelper.remote_session(table.AWSAccountId).client(
-                'lakeformation', region_name=table.region
-            )
-        for principal in principals:
-            try:
-                grant_dict = dict(
-                    Principal={'DataLakePrincipalIdentifier': principal},
-                    Resource={
-                        'Table': {
-                            'DatabaseName': table.GlueDatabaseName,
-                            'Name': table.name,
-                        }
-                    },
-                    Permissions=['ALL'],
-                )
-                response = client.grant_permissions(**grant_dict)
-                log.error(
-                    f'Successfully granted principals {principals} all permissions on table '
-                    f'aws://{table.AWSAccountId}/{table.GlueDatabaseName}/{table.name} '
-                    f'access: {response}'
-                )
-            except ClientError as e:
-                log.error(
-                    f'Failed to grant admin roles {principals} all permissions on table '
-                    f'aws://{table.AWSAccountId}/{table.GlueDatabaseName}/{table.name} '
-                    f'access: {e}'
-                )
diff --git a/backend/dataall/modules/datasets/handlers/glue_dataset_handler.py b/backend/dataall/modules/datasets/handlers/glue_dataset_handler.py
new file mode 100644
index 000000000..9eb27afaa
--- /dev/null
+++ b/backend/dataall/modules/datasets/handlers/glue_dataset_handler.py
@@ -0,0 +1,149 @@
+import logging
+
+from botocore.exceptions import ClientError
+
+from dataall.aws.handlers.service_handlers import Worker
+from dataall.aws.handlers.sts import SessionHelper
+from dataall.db import models
+from dataall.modules.datasets.db.models import Dataset
+from dataall.modules.datasets.services.dataset_service import DatasetService
+
+log = logging.getLogger(__name__)
+
+
+class GlueDatasetHandler:
+    @staticmethod
+    @Worker.handler(path='glue.dataset.crawler.create')
+    def create_crawler(engine, task: models.Task):
+        with engine.scoped_session() as session:
+            dataset: Dataset = DatasetService.get_dataset_by_uri(
+                session, task.targetUri
+            )
+            location = task.payload.get('location')
+            GlueDatasetHandler.create_glue_crawler(
+                **{
+                    'crawler_name': f'{dataset.GlueDatabaseName}-{location}'[:52],
+                    'region': dataset.region,
+                    'accountid': dataset.AwsAccountId,
+                    'database': dataset.GlueDatabaseName,
+                    'location': location or f's3://{dataset.S3BucketName}',
+                }
+            )
+
+    @staticmethod
+    @Worker.handler(path='glue.crawler.start')
+    def start_crawler(engine, task: models.Task):
+        with engine.scoped_session() as session:
+            dataset: Dataset = DatasetService.get_dataset_by_uri(
+                session, task.targetUri
+            )
+            location = task.payload.get('location')
+            return GlueDatasetHandler.start_glue_crawler(
+                {
+                    'crawler_name': dataset.GlueCrawlerName,
+                    'region': dataset.region,
+                    'accountid': dataset.AwsAccountId,
+                    'database': dataset.GlueDatabaseName,
+                    'location': location,
+                }
+            )
+
+    @staticmethod
+    def create_glue_crawler(**data):
+        try:
+            accountid = data['accountid']
+            database = data.get('database')
+            session = SessionHelper.remote_session(accountid=accountid)
+            glue = session.client('glue', region_name=data.get('region', 'eu-west-1'))
+            crawler_name = data.get('crawler_name')
+            targets = {'S3Targets': [{'Path': data.get('location')}]}
+            crawler = GlueDatasetHandler._get_crawler(glue, crawler_name)
+            if crawler:
+                GlueDatasetHandler._update_existing_crawler(
+                    glue, accountid, crawler_name, targets, database
+                )
+            else:
+                crawler = glue.create_crawler(
+                    Name=crawler_name,
+                    Role=SessionHelper.get_delegation_role_arn(accountid=accountid),
+                    DatabaseName=database,
+                    Targets=targets,
+                    Tags=data.get('tags', {'Application': 'dataall'}),
+                )
+
+            glue.start_crawler(Name=crawler_name)
+            log.info('Crawler %s started ', crawler_name)
+            return crawler
+        except ClientError as e:
+            log.error('Failed to create Crawler due to %s', e)
+
+    @staticmethod
+    def start_glue_crawler(data):
+        try:
+            accountid = data['accountid']
+            crawler_name = data['crawler_name']
+            database = data['database']
+            targets = {'S3Targets': [{'Path': data.get('location')}]}
+            session = SessionHelper.remote_session(accountid=accountid)
+            glue = session.client('glue', region_name=data.get('region', 'eu-west-1'))
+            if data.get('location'):
+                GlueDatasetHandler._update_existing_crawler(
+                    glue, accountid, crawler_name, targets, database
+                )
+            crawler = GlueDatasetHandler._get_crawler(glue, crawler_name)
+            glue.start_crawler(Name=crawler_name)
+            log.info('Crawler %s started ', crawler_name)
+            return crawler
+        except ClientError as e:
+            log.error('Failed to start Crawler due to %s', e)
+            raise e
+
+    @staticmethod
+    def _update_existing_crawler(glue, accountid, crawler_name, targets, database):
+        try:
+            glue.stop_crawler(Name=crawler_name)
+        except ClientError as e:
+            if (
+                    e.response['Error']['Code'] == 'CrawlerStoppingException'
+                    or e.response['Error']['Code'] == 'CrawlerNotRunningException'
+            ):
+                log.error('Failed to stop crawler %s', e)
+        try:
+            glue.update_crawler(
+                Name=crawler_name,
+                Role=SessionHelper.get_delegation_role_arn(accountid=accountid),
+                DatabaseName=database,
+                Targets=targets,
+            )
+            log.info('Crawler %s updated ', crawler_name)
+        except ClientError as e:
+            log.debug('Failed to stop and update crawler %s', e)
+            if e.response['Error']['Code'] != 'CrawlerRunningException':
+                log.error('Failed to update crawler %s', e)
+            else:
+                raise e
+
+    @staticmethod
+    def get_glue_crawler(data):
+        try:
+            accountid = data['accountid']
+            session = SessionHelper.remote_session(accountid=accountid)
+            glue = session.client('glue', region_name=data.get('region', 'eu-west-1'))
+            crawler_name = data.get('crawler_name')
+            crawler = GlueDatasetHandler._get_crawler(glue, crawler_name)
+            return crawler
+        except ClientError as e:
+            log.error('Failed to find Crawler due to %s', e)
+            raise e
+
+    @staticmethod
+    def _get_crawler(glue, crawler_name):
+        crawler = None
+        try:
+            crawler = glue.get_crawler(Name=crawler_name)
+        except ClientError as e:
+            if e.response['Error']['Code'] == 'EntityNotFoundException':
+                log.debug(f'Crawler does not exists {crawler_name} %s', e)
+            else:
+                raise e
+        return crawler.get('Crawler') if crawler else None
\ No newline at end of file

From f5752e991fc880f42a396ee5f493994d625d47bf Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 25 Apr 2023 12:50:50 +0200
Subject: [PATCH 084/346] glue.dataset.crawler.create action doesn't exist

---
 .../datasets/handlers/glue_dataset_handler.py | 46 -------------------
 1 file changed, 46 deletions(-)

diff --git a/backend/dataall/modules/datasets/handlers/glue_dataset_handler.py b/backend/dataall/modules/datasets/handlers/glue_dataset_handler.py
index 9eb27afaa..e243aab39 100644
--- a/backend/dataall/modules/datasets/handlers/glue_dataset_handler.py
+++ b/backend/dataall/modules/datasets/handlers/glue_dataset_handler.py
@@ -12,23 +12,6 @@
 
 
 class GlueDatasetHandler:
-    @staticmethod
-    @Worker.handler(path='glue.dataset.crawler.create')
-    def create_crawler(engine, task: models.Task):
-        with engine.scoped_session() as session:
-            dataset: Dataset = DatasetService.get_dataset_by_uri(
-                session, task.targetUri
-            )
-            location = task.payload.get('location')
-            GlueDatasetHandler.create_glue_crawler(
-                **{
-                    'crawler_name': f'{dataset.GlueDatabaseName}-{location}'[:52],
-                    'region': dataset.region,
-                    'accountid': dataset.AwsAccountId,
-                    'database': dataset.GlueDatabaseName,
-                    'location': location or f's3://{dataset.S3BucketName}',
-                }
-            )
 
     @staticmethod
     @Worker.handler(path='glue.crawler.start')
@@ -48,35 +31,6 @@ def start_crawler(engine, task: models.Task):
                 }
             )
 
-    @staticmethod
-    def create_glue_crawler(**data):
-        try:
-            accountid = data['accountid']
-            database = data.get('database')
-            session = SessionHelper.remote_session(accountid=accountid)
-            glue = session.client('glue', region_name=data.get('region', 'eu-west-1'))
-            crawler_name = data.get('crawler_name')
-            targets = {'S3Targets': [{'Path': data.get('location')}]}
-            crawler = GlueDatasetHandler._get_crawler(glue, crawler_name)
-            if crawler:
-                GlueDatasetHandler._update_existing_crawler(
-                    glue, accountid, crawler_name, targets, database
-                )
-            else:
-                crawler = glue.create_crawler(
-                    Name=crawler_name,
-                    Role=SessionHelper.get_delegation_role_arn(accountid=accountid),
-                    DatabaseName=database,
-                    Targets=targets,
-                    Tags=data.get('tags', {'Application': 'dataall'}),
-                )
-
-            glue.start_crawler(Name=crawler_name)
-            log.info('Crawler %s started ', crawler_name)
-            return crawler
-        except ClientError as e:
-            log.error('Failed to create Crawler due to %s', e)
-
     @staticmethod
     def start_glue_crawler(data):
         try:

From ce0c4e0e0e9d5f4db2c2907dbdf2b11ea65a097e Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 25 Apr 2023 13:04:41 +0200
Subject: [PATCH 085/346] Refactored dataset handlers

---
 .../modules/datasets/api/dataset/resolvers.py |  9 +-
 .../datasets/aws/glue_dataset_client.py       | 67 +++++++++++++++
 .../datasets/handlers/glue_dataset_handler.py | 86 ++-----------------
 tests/api/test_dataset.py                     |  2 +-
 4 files changed, 76 insertions(+), 88 deletions(-)
 create mode 100644 backend/dataall/modules/datasets/aws/glue_dataset_client.py

diff --git a/backend/dataall/modules/datasets/api/dataset/resolvers.py b/backend/dataall/modules/datasets/api/dataset/resolvers.py
index 87523deab..2938cd17f 100644
--- a/backend/dataall/modules/datasets/api/dataset/resolvers.py
+++ b/backend/dataall/modules/datasets/api/dataset/resolvers.py
@@ -17,6 +17,7 @@
 from dataall.db.api import Environment, ShareObject, ResourcePolicy
 from dataall.db.api.organization import Organization
 from dataall.modules.datasets import Dataset
+from dataall.modules.datasets.aws.glue_dataset_client import DatasetCrawler
 from dataall.modules.datasets.services.dataset_location import DatasetLocationService
 from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
@@ -358,13 +359,7 @@ def start_crawler(context: Context, source, datasetUri: str, input: dict = None)
             else f's3://{dataset.S3BucketName}'
         )
 
-        crawler = Glue.get_glue_crawler(
-            {
-                'crawler_name': dataset.GlueCrawlerName,
-                'region': dataset.region,
-                'accountid': dataset.AwsAccountId,
-            }
-        )
+        crawler = DatasetCrawler(dataset).get_crawler()
         if not crawler:
             raise exceptions.AWSResourceNotFound(
                 action=permissions.CRAWL_DATASET,
diff --git a/backend/dataall/modules/datasets/aws/glue_dataset_client.py b/backend/dataall/modules/datasets/aws/glue_dataset_client.py
new file mode 100644
index 000000000..2f29abc41
--- /dev/null
+++ b/backend/dataall/modules/datasets/aws/glue_dataset_client.py
@@ -0,0 +1,67 @@
+import logging
+from botocore.exceptions import ClientError
+
+from dataall.aws.handlers.sts import SessionHelper
+from dataall.modules.datasets.db.models import Dataset
+
+log = logging.getLogger(__name__)
+
+
+class DatasetCrawler:
+    def __init__(self, dataset: Dataset):
+        session = SessionHelper.remote_session(accountid=dataset.AwsAccountId)
+        region = dataset.region if dataset.region else 'eu-west-1'
+        self._client = session.client('glue', region_name=region)
+        self._dataset = dataset
+
+    def get_crawler(self):
+        crawler = None
+        crawler_name = self._dataset.GlueCrawlerName
+
+        try:
+            crawler = self._client.get_crawler(Name=crawler_name)
+        except ClientError as e:
+            if e.response['Error']['Code'] == 'EntityNotFoundException':
+                log.debug(f'Crawler does not exists {crawler_name} %s', e)
+            else:
+                raise e
+        return crawler.get('Crawler') if crawler else None
+
+    def start_crawler(self):
+        crawler_name = self._dataset.GlueCrawlerName
+        try:
+            crawler = self.get_crawler()
+            self._client.start_crawler(Name=crawler_name)
+            log.info('Crawler %s started ', crawler_name)
+            return crawler
+        except ClientError as e:
+            log.error('Failed to start Crawler due to %s', e)
+            raise e
+
+    def update_crawler(self, targets):
+        dataset = self._dataset
+        crawler_name = dataset.GlueCrawlerName
+        try:
+            self._client.stop_crawler(Name=crawler_name)
+        except ClientError as e:
+            if (
+                    e.response['Error']['Code'] == 'CrawlerStoppingException'
+                    or e.response['Error']['Code'] == 'CrawlerNotRunningException'
+            ):
+                log.error('Failed to stop crawler %s', e)
+        try:
+            self._client.update_crawler(
+                Name=crawler_name,
+                Role=SessionHelper.get_delegation_role_arn(accountid=dataset.AwsAccountId),
+                DatabaseName=dataset.GlueDatabaseName,
+                Targets=targets,
+            )
+            log.info('Crawler %s updated ', crawler_name)
+        except ClientError as e:
+            log.debug('Failed to stop and update crawler %s', e)
+            if e.response['Error']['Code'] != 'CrawlerRunningException':
+                log.error('Failed to update crawler %s', e)
+            else:
+                raise e
+
+
diff --git a/backend/dataall/modules/datasets/handlers/glue_dataset_handler.py b/backend/dataall/modules/datasets/handlers/glue_dataset_handler.py
index e243aab39..ff360a2f1 100644
--- a/backend/dataall/modules/datasets/handlers/glue_dataset_handler.py
+++ b/backend/dataall/modules/datasets/handlers/glue_dataset_handler.py
@@ -5,6 +5,7 @@
 from dataall.aws.handlers.service_handlers import Worker
 from dataall.aws.handlers.sts import SessionHelper
 from dataall.db import models
+from dataall.modules.datasets.aws.glue_dataset_client import DatasetCrawler
 from dataall.modules.datasets.db.models import Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
 
@@ -21,83 +22,8 @@ def start_crawler(engine, task: models.Task):
                 session, task.targetUri
             )
             location = task.payload.get('location')
-            return GlueDatasetHandler.start_glue_crawler(
-                {
-                    'crawler_name': dataset.GlueCrawlerName,
-                    'region': dataset.region,
-                    'accountid': dataset.AwsAccountId,
-                    'database': dataset.GlueDatabaseName,
-                    'location': location,
-                }
-            )
-
-    @staticmethod
-    def start_glue_crawler(data):
-        try:
-            accountid = data['accountid']
-            crawler_name = data['crawler_name']
-            database = data['database']
-            targets = {'S3Targets': [{'Path': data.get('location')}]}
-            session = SessionHelper.remote_session(accountid=accountid)
-            glue = session.client('glue', region_name=data.get('region', 'eu-west-1'))
-            if data.get('location'):
-                GlueDatasetHandler._update_existing_crawler(
-                    glue, accountid, crawler_name, targets, database
-                )
-            crawler = GlueDatasetHandler._get_crawler(glue, crawler_name)
-            glue.start_crawler(Name=crawler_name)
-            log.info('Crawler %s started ', crawler_name)
-            return crawler
-        except ClientError as e:
-            log.error('Failed to start Crawler due to %s', e)
-            raise e
-
-    @staticmethod
-    def _update_existing_crawler(glue, accountid, crawler_name, targets, database):
-        try:
-            glue.stop_crawler(Name=crawler_name)
-        except ClientError as e:
-            if (
-                    e.response['Error']['Code'] == 'CrawlerStoppingException'
-                    or e.response['Error']['Code'] == 'CrawlerNotRunningException'
-            ):
-                log.error('Failed to stop crawler %s', e)
-        try:
-            glue.update_crawler(
-                Name=crawler_name,
-                Role=SessionHelper.get_delegation_role_arn(accountid=accountid),
-                DatabaseName=database,
-                Targets=targets,
-            )
-            log.info('Crawler %s updated ', crawler_name)
-        except ClientError as e:
-            log.debug('Failed to stop and update crawler %s', e)
-            if e.response['Error']['Code'] != 'CrawlerRunningException':
-                log.error('Failed to update crawler %s', e)
-            else:
-                raise e
-
-    @staticmethod
-    def get_glue_crawler(data):
-        try:
-            accountid = data['accountid']
-            session = SessionHelper.remote_session(accountid=accountid)
-            glue = session.client('glue', region_name=data.get('region', 'eu-west-1'))
-            crawler_name = data.get('crawler_name')
-            crawler = GlueDatasetHandler._get_crawler(glue, crawler_name)
-            return crawler
-        except ClientError as e:
-            log.error('Failed to find Crawler due to %s', e)
-            raise e
-
-    @staticmethod
-    def _get_crawler(glue, crawler_name):
-        crawler = None
-        try:
-            crawler = glue.get_crawler(Name=crawler_name)
-        except ClientError as e:
-            if e.response['Error']['Code'] == 'EntityNotFoundException':
-                log.debug(f'Crawler does not exists {crawler_name} %s', e)
-            else:
-                raise e
-        return crawler.get('Crawler') if crawler else None
\ No newline at end of file
+            targets = {'S3Targets': [{'Path': location}]}
+            crawler = DatasetCrawler(dataset)
+            if location:
+                crawler.update_crawler(targets)
+            return crawler.start_crawler()
\ No newline at end of file
diff --git a/tests/api/test_dataset.py b/tests/api/test_dataset.py
index 73b5dd161..ee2d6047e 100644
--- a/tests/api/test_dataset.py
+++ b/tests/api/test_dataset.py
@@ -180,7 +180,7 @@ def test_update_dataset(dataset1, client, patch_es, group, group2):
 
 def test_start_crawler(org1, env1, dataset1, client, group, module_mocker):
     module_mocker.patch(
-        'dataall.aws.handlers.glue.Glue.get_glue_crawler',
+        'dataall.modules.datasets.aws.glue_dataset_client.DatasetCrawler.get_crawler',
         return_value={'crawler_name': dataset1.GlueCrawlerName},
     )
     mutation = """

From 219553f5b9e5b23ad4d5c1971e1787fea50db9cd Mon Sep 17 00:00:00 2001
From: dlpzx <71252798+dlpzx@users.noreply.github.com>
Date: Tue, 25 Apr 2023 13:37:22 +0200
Subject: [PATCH 086/346] V1.5.0 Features (#409)

### Feature or Bugfix
- V1.5.0 Features. Check each PR for a complete description of the
feature.

### Detail
- #292
- #355
- #337
- #427
- #431

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.

---------

Co-authored-by: kukushking <kukushkin.anton@gmail.com>
Co-authored-by: Dariusz Osiennik <osiend@amazon.com>
Co-authored-by: Noah Paige <69586985+noah-paige@users.noreply.github.com>
Co-authored-by: Dennis Goldner <107395339+degoldner@users.noreply.github.com>
---
 UserGuide.pdf                                 | Bin 10707270 -> 10692972 bytes
 .../dataall/api/Objects/Dataset/resolvers.py  |  19 +
 .../api/Objects/Environment/resolvers.py      |  46 +-
 .../dataall/aws/handlers/cloudformation.py    |  20 +-
 backend/dataall/aws/handlers/ec2.py           |  26 +
 backend/dataall/aws/handlers/ecs.py           |  34 +-
 backend/dataall/aws/handlers/glue.py          |   1 -
 backend/dataall/aws/handlers/iam.py           |  12 +-
 backend/dataall/aws/handlers/lakeformation.py |  17 +-
 .../dataall/aws/handlers/parameter_store.py   |   6 +-
 backend/dataall/aws/handlers/quicksight.py    |  43 +-
 backend/dataall/aws/handlers/sagemaker.py     |   4 +-
 .../dataall/aws/handlers/sagemaker_studio.py  |   9 +-
 .../dataall/aws/handlers/service_handlers.py  |   1 -
 backend/dataall/aws/handlers/stepfunction.py  |   2 +-
 backend/dataall/aws/handlers/sts.py           | 104 +-
 .../__init__.py                               |   1 +
 .../datalakelocationcustomresource/index.py   |  89 ++
 .../gluedatabasecustomresource/index.py       |  65 +-
 .../__init__.py                               |   1 +
 .../index.py                                  | 118 +++
 .../lakeformationdefaultsettings/index.py     |  86 +-
 backend/dataall/cdkproxy/cdk_cli_wrapper.py   |  61 +-
 backend/dataall/cdkproxy/stacks/dataset.py    | 205 ++--
 .../dataall/cdkproxy/stacks/environment.py    | 459 ++++-----
 backend/dataall/cdkproxy/stacks/pivot_role.py | 890 ++++++++++++++++++
 .../cdkproxy/stacks/sagemakerstudio.py        | 179 +++-
 backend/dataall/db/api/__init__.py            |   2 +-
 backend/dataall/db/api/dataset.py             |   2 +-
 backend/dataall/db/api/redshift_cluster.py    |   1 -
 backend/dataall/searchproxy/connect.py        |  12 +-
 .../share_managers/lf_share_manager.py        |  11 +-
 backend/dataall/tasks/stacks_updater.py       |  35 +-
 deploy/configs/frontend_config.py             |   8 +-
 deploy/pivot_role/pivotRole.yaml              |  29 +-
 deploy/pivot_role/pivotRoleCDK/README.md      |   8 -
 deploy/pivot_role/pivotRoleCDK/app.py         |  25 -
 .../pivotRoleCDK/dataall_base_infra.py        | 846 -----------------
 deploy/requirements.txt                       |   4 +-
 deploy/stacks/backend_stack.py                | 104 +-
 deploy/stacks/backend_stage.py                |   8 +-
 deploy/stacks/container.py                    |  95 +-
 deploy/stacks/lambda_api.py                   |  85 +-
 deploy/stacks/monitoring.py                   | 225 +++--
 deploy/stacks/opensearch.py                   |  10 +-
 deploy/stacks/opensearch_serverless.py        | 198 ++++
 deploy/stacks/param_store_stack.py            |   8 +
 deploy/stacks/pipeline.py                     | 122 ++-
 deploy/stacks/secrets_stack.py                |   7 +-
 deploy/stacks/vpc.py                          |  59 +-
 documentation/userguide/docs/environments.md  |  81 +-
 documentation/userguide/docs/mlstudio.md      |  23 +-
 .../Environments/EnvironmentCreateForm.js     | 114 +--
 template_cdk.json                             |   7 +-
 tests/api/conftest.py                         |  17 +-
 tests/api/test_dashboards.py                  |   3 +
 tests/api/test_datapipelines.py               |  12 +-
 tests/api/test_dataset.py                     |   8 +-
 tests/api/test_dataset_location.py            |   6 +-
 tests/api/test_dataset_profiling.py           |   6 +-
 tests/api/test_dataset_table.py               |   6 +-
 tests/api/test_environment.py                 |   6 +-
 tests/api/test_glossary.py                    |   6 +-
 tests/api/test_group.py                       |   6 +-
 tests/api/test_keyvaluetag.py                 |   6 +-
 tests/api/test_organization.py                |  16 +-
 tests/api/test_redshift_cluster.py            |   9 +-
 tests/api/test_sagemaker_notebook.py          |   4 -
 tests/api/test_sagemaker_studio.py            |   4 -
 tests/api/test_vote.py                        |   6 +-
 tests/api/test_vpc.py                         |   6 +-
 tests/cdkproxy/test_dataset_stack.py          |   3 +-
 tests/cdkproxy/test_environment_stack.py      |  16 +-
 73 files changed, 2834 insertions(+), 1939 deletions(-)
 create mode 100644 backend/dataall/aws/handlers/ec2.py
 create mode 100644 backend/dataall/cdkproxy/assets/datalakelocationcustomresource/__init__.py
 create mode 100644 backend/dataall/cdkproxy/assets/datalakelocationcustomresource/index.py
 create mode 100644 backend/dataall/cdkproxy/assets/gluedatabasecustomresource_nodelete/__init__.py
 create mode 100644 backend/dataall/cdkproxy/assets/gluedatabasecustomresource_nodelete/index.py
 create mode 100644 backend/dataall/cdkproxy/stacks/pivot_role.py
 delete mode 100644 deploy/pivot_role/pivotRoleCDK/README.md
 delete mode 100644 deploy/pivot_role/pivotRoleCDK/app.py
 delete mode 100644 deploy/pivot_role/pivotRoleCDK/dataall_base_infra.py
 create mode 100644 deploy/stacks/opensearch_serverless.py

diff --git a/UserGuide.pdf b/UserGuide.pdf
index 1839ba944f505cede04903d96cd16d663a9c9ca9..2992ef52e216c628d3c2d22f7d3a8e1fd067dc63 100644
GIT binary patch
delta 659008
zcmc$H30%$D`~RS1FH4(BslkYH_a!ZsWG_oew5dcT?b`c{ZEPvrp#^1ar6x-$EgDoP
z4RwV!CY6d7SJM7}&iUM%n9X;V-~apizI^6$&U2pgEbsH2bI)_mr@WsJi@$jsEPmuL
z!BC;7tWlvdS;8lWe6lFQCtdht3ZKGywy>T}Bg@%BK5QW$wvdh^q~i$bI6^*LHf~2F
zC?o-mLK4s@BqJJyWJIHINkS@B_!QPth4oZnJxy3oBL$|>$c|_<QV<$l*biOU51r&g
z(C9)&bRi)_NXQTpGK3v6gmerc9aBih6w)z;9SSW+V+qSy!uBko#w?-0Y%DNu)X>p{
zu!bX4fg@CbBPtiR;0o)x!g{W-N0BYLBpsbX($Og-9i2kb(J3T9y3mw#s<2**DkKov
zk}k9*U1&?X(3W%>$-rXNoP{o4+dWk{bY9+23vrevRg=y8ZrH{lEZ&}BAz~~|Hj5`C
z#t>&QG^re(kr-Q?OVy+?c!$L1iPNZ>3>NPfvAM!pDRC>_&MDHv*(C95aXAUCnJODq
zsBBcsQ<)>hdni73D2>V+KU`WF6VX{TWLpcB@0P7uZMukIHV3x=v4Ms<lu1FPLiU!!
z<;a3>d8dZ!hNbk0L03$cCXK>tAI{}HqDc>@vDlhy3U8^zoFOz`uDq-mU6VrL{V1_?
z2tDj*fta*7m!`>K@;*wa;O1eJHZieLEGC_fA!`w)_w5i(agdls{fzyA5t^7ilS|j6
zGkA|jsFBq)8dsCT<VlS*z}-m?r!uITR2t8H<PI^8CX>#4GcsL_Mbo75;zwx@1JQV|
zN6i!CA`xbf-X$Tl0FOF$67SyVcyTIClgr_Gk7-3_r}Lb~h74hcz044kfp<`H(zxlL
zy_<~F9Kz<U9xE-*<Z7}Qyr^*+yrW}52s%@fOXt;%V?Z^sG=-+gX0WKFjw;{TZSvgY
zvDwpuG&Sj*;cOaRlgi*ZN@@+|P{M{(imCDnBvrAR;%q8t#S@dF@Ji{@yroi_VQxdk
zr6p(-x+a6k;PIr?alvppo36>F@SaMkB7ct}S#lUO8m~f1ZiE%}6BdTExNJ=(muEbF
zCUl2{40Egy8_PR8UY&gZmN$0dC|>t?W%RmwluTG=rPvsr?gaU;M}=b2BN(7Dl>=3t
z6Tag~4WEXoA52gJ0cChO;*#(_Z3rhUw^K|yY*sliHkl~PYn>r8ipF37Kqwp#d-X&a
z-noerNYNQ=nkIw7E1noe+L}5^PLir&Yv-h4<Kp7!;px7~l~+AUVHA_e(4?@LpgPY@
zc9JYj!`{VR!+FzouT9%DTpf0}cxt%2Y}<@TN7Cq2O)i52TF#f3rqMCw_RZcJn`~{-
zi1X0c<n5ucZIjbxRO7tK)4^rChR0_29S*jeNhXA}q6Cww$)Uh-J0dTm#K0`<HhFBd
zaoOZ<=b_=@W#eJ%?qIW7!_$T5EUht|!DVPNsXS#_ISP}MY@3FMr<a|Bi-z6iZJRwe
zYk;(y>^8Z2YIttl3}yD4yta92>~OW68TL!Dm;x{WkFt2ya<aS|(vkq5wi(i+7@!D~
z!DTbB&hkiXp$;0Z?jY-CH!lYd2hYvCHd)1yEDC^+LjxEbm6zrj$|&=O$;ymkQYe5>
z79BJJv+-JFBzSQ$lZ3vcvNfqx3WqmURt9RMMMIUv(PSW9=tJnd+{u%MvuJEhI-BP#
zt4$X0exgG>k)1!_Fy1UV%@K4K0za3^+ax!e_mUzFU4scZY!-`yyS^o-G?Yz2$dHj>
zX>wUCDwpRfE6uwlCo$S{^Co8x3{qCuSph^BI(QpKlCC_17biQ0r!agnbU2O|BTrGH
zGw3kD87$GD+P2AtIyiPoi<1Lt>|`z(8zkryt|ko(U_03YD<D0b1H%f$s+ep}Y9v8r
zK-8d8c*Y7w*fzu2AUsfHE108q8F3Cvlf&XM71x1lz$V|aSTGLg6c}P;5GAFs-L@GJ
z>54RgIFAD#u!cwuUU{LoR2YDT0xnYe4hqnSmr-VG(l~6kNG0cOBz8!(AhZsOMcGOy
zxU3!}Edg2qK-oOWDU&B}*Ki&HoU6Nwy~DQ6NC;@ka}$&1a48Ty0UAPKKk*lWbJO7V
zUN9CuHJ&tr%3wlJg!mXWW$I^P@c9%L4tq=vggFjxma-xad*AZ5DXYMLLC4}?MLLrg
ztBm61cx7-6!YHp*dFF{qG1)N;O%9d8rlT3uB1~%T5Y^$xa1<Ong;P(EiaJu447F4`
z@3smTWI*9XoDND+c(PMx2nhiHpsv|e1rkES2`Y3dV<?M;IY6X=|Eiukn<N0IpgCo_
zDus7mNqRVw%hBY(C{djS^cbdqZ=k=S`t27CrFmo2CSj(dU|z!$leU@$Fp=RAYFa|?
zW~-fo_AnD!erqBI6A_n}_N}2fhoVWL@<vTtAPx|OnPv4fEgnTiY$%J%J34Kpu<866
z(!;R>*kLa+#AL}~CO@4DdII$D=yRElEQ|&xmBWU}!AqD<6>7x<B-42FXQ=a3W(*e+
zLEO}2vY}94IHcJWJkgz*v07BXgh`Ul8}pqeZ~6=w-m34khH|N-6_}c^7>M~!dk8md
z>JV`?p7ZpvyoobahO%L$pe!v0=wR{;XMPKA`6O+~%<oXw^3uZ@bg%-GXEalqS3i@&
zdo)s71)#1;W74R2X$1=qkIlAT?hc;5!ck1Yiol{}Jn!=CkvxC(Nw^?PDpyQwI1D)s
zm&@x{SLOYpE+tf%To`q$)A9Q#ghvLOOXD(tPMT*kYqGGM3PF|%@sx?nf0`wY%4NjS
z*yr+I%+e6DgFpuU_-?i;`A&x!6JpV3(YtVwb#AtrupYuAEInS#mLuPVz?-Ns1Fy+o
zjiX6n@Juvxhj2(3QeoWkk~DON(gBwULa;93@FX;6VFDR3iYCkiD>XSVk5XG;4Z=a}
z&uGpTE`0#T94@b3^IQB5cKRHjR&zKoG0P~yT7<@?(?kKvbCb=s%^q_wt|$~7P?XT(
z=F>V*NP(AuG$9FzJz2`^Ves1mqi+L+H57mg(-SOrV4h|2E`xS>2?#4f4x86QzK&wT
zijU3Wa2Tv()JZ&B>I7l4QFIOrG#Z=1rJ;%hstRsRrNcUx%B!VLA3_D-$cUqN4sQl+
zI$kG)In|1d<GIpgQN+Ou+FSGyygr(&1gQ}Xn~L|E#t=5=zy!kKap<Z8lK(`P;~k*m
zWrqyUdb%X<7JUL#k_%l3CTs?;g{~l6`AXnP1mZy(eG*TbAq&MgQj4KT&2wRB@I0o<
z@~%SoMNhQwkz)RCTMMQNkjRADcYyq7nfhy0w6#agvE8IX0b^0%f1`ADN6py;K4*NY
zVKP3|P({U55#>M$MU#r?C}D2t=Oz+!9P~|>ELgY_{d8fHKg33f%BXA>6q3Kn1`27g
zG=)O^6YEnUoy~?q{Cf)uHK<%Bj3)*Fi9(~Xs7wl%0@e6u9I9rq=u9>TVm5<dau^&2
z7v7;B|Ga~GnEp8&SQK!$G$x12rZTw<6(;$k4{CuMhsA*(d2A?Svl$d79co4LaDgfO
zLf`@q8VE$;!jC{$1)^WD(3Z}iP?=Ovi3>}A76b(X8ZyaW;84w=(ip%SxG}-XTowm3
z0!4(4HK<eui_PXzDX_TWaHv#RSE?|{ADz&cN##&k6fOtaAt7KL2$dqSV4eWzf;C`W
z&*reX(29wEo)TCr27^oCGN4Nq9U={f1G+)A$Xrx9jl!lf7&I^h{DS0y;!rD+3OI9t
zAC1dpvO!~z3;HGZ2tX(en84{w4huS@Koo=ZH2j1GLZM1bf(6E;QR!UZOkuO=6l5-P
zM*+14C&AL61~haA_#N!XB)1umv7jB7NvE;6R2GxUqR~NSa_<56OJz_vU~CSZNnycS
z6#IePl7MOsmBOIFa*P4}L(pZ?*zm&_5F>IEhyY6=WMvkZk^vBaT9FeqpoYq3LvxUh
z2FgQhh3Ze{qOie?918G-Uy5v`Et4ZMmj?0=i^*UEKIl{?L8CB{!2q8mLYQ1G1G?mb
zwsb0s%VptOkzlZw0p5UL<$zy0n*wjpGoX`ftHFRJCY1$~D-(tepo;}UF}WhaKyKI=
z0Pk_=fB-I_lgT2WUL+cDq@vNnrof7r1`dPa2>*(hgT4S6P@TpB<1jeLWaN4lAzOn=
z=Kvt-PzQa}K{%Kw!MMWK95xjO9fbvur2tS^EL_V{AxOyqm}s;yICNN$v%qvT1~e84
z1|S0TGPq0@ppOYC<}jdZ>VRa(y<k+3kII6{gF$0Kt;l2`CX6;f7=V|_0&Q6!7nqIg
zn9u-4C@@Zu-KiW3gAU;U>IZBFNI+Jh!w)ki_zVO?%|(&{x{>JMX83hUhnN99!=NO2
zb176Rl>@&$p$jV56Mkqztw=5nnCqET0u)2*VPL?dA;~~-p)+ZqD##6(hAldvpdx#N
zYQk!O4-6RwlLBLo2^gef?jpfh0B<&EONZbBIA#E?3fN!R7`($`vEio<ouES$LqU!W
z)dQkIXkxHAEG7khgK@!YR2UgB0!3YenP5=CXk^148!T7=%1}KZ83T6m*c>iI4K73@
z*qdR4UIU>WmR4*I6Hp9-(KrO46#04}$ZJ3=8n~0e#=jw9_(CjU4TO6@E(_L3947oa
zfLO|g;RUrK$-o#)828`?(3!;m$Adox!afrM5F384aF{T%Kr<FZRsx2JP%S71Q9xga
zz%U=c;Nq%)2?msgs0|~B&4nQb?IG5J*aKl-18~3q$)FL8Do~sXArywWs5NYSKr4`n
zOGm!~Szth@9>Bi_Oej>q3q&~xcMxhA5OI)vq_bh;2)qfw3=9WQfKd*j4FrCGH6Q@|
zzyO<az%vL(1Cbvr%|R0x9cC&Rx-eD%2`KdA$WLg11JQH`{(>-yO$I#=#C{eGIu1k}
z7#}d`IUpazgn`%(7NLP7U_t>fp$Q8?^i%8y1i_F6?htHf$e<7o!0E!SVFIJk2`~gq
zXG{<Rc2OZviwuT1LIkH$*&LXaVEv5DJrMgfsNf<hL|>RZ=xF4F0iarBFPN7h=tFpg
zDmLsDz>h%{h$<r9Fe)Jc!jwj%5-^>?_yYKW2SkF=K`0a_zzKASa6k;TBFR7}7-}#o
z0HqvI76Lfbiog%kAO%7d2OthsVSx0gRwS1OSOWeJ9tMAc2o#wAL9Kz{50GSnp_vf(
zVc>wl!N&k9p<EEPP$*-9<`Al3)<aE2VrjrU$bu;z)CG`3kf$MEe2V>mXb>3&09XW8
z5#TLU%^`%mA-KR23V47yVQ@hYTooV^Sp)_Y#4><5NB~g>Pzbdmxd6OiN-!rtjm7|b
z(E$4pRE3Q-V6_7Q7A7@V{XjJh*#!K9t6}|zmJbj?*l4EZpr`;4gFz~64FejsRnYVg
z3c)%6G*kf{MYVuT;0pi1oJE1@7)%YZR#*$u5B!p#;Ds0$1|RIZgOtKb4T$t~rY(So
z0qZkZ*PvM(W+_oM2i94zB?%)IO_mf`WuT5lVrjrE1Epx(Fd$gLAc8G*Sf~hFlWSTw
zl7<F9%dec9M9guez>BbVSCE8EPmG%5N>hPJi)`o$Ohkdy6~qyRMOUzxD9X8l?L|S$
z6=V{{AXn&2w32iM?}_4rD_D!oBC|cv8>9eWL<+kDQ-Rk-FVMMYgt>y9VC0EvpnK5(
za7DfsA=(ugMFdb+unw#QMQyk$91(zAX|T|QSwmO_$mEC|><SYiS~B8r<O*pA2&|$P
zh6+byQCCPrz=B>>!-5x)4gd&<P@)<RybLe^5kwXwTw(S@>uIth2!gQi7rlT816G8M
z9nOFmVa|gUpok1a5Cu+G=mh2oQ4NSNU`CkfV3NW$=tt7pt()u|wr>eL9D5G!kZxJX
zAviSjqX>41VFPiL&#Ap@mM<5hj>+yYeLq`Hu=V65{Z;SJ{5oIGVwLu##GA6FtNQiA
z9|qIaMi_3TcShE=F(*B$JrZzL-+JBk3pbwa3;q6#d~cIZkbH03<>XM6Q5)z^2bl9|
zYKg1weLuoXanjCH`m1W{o!0N|_@&uNdX+wtIILfIBwpr0(QX@Fu?1(tMC*#cy_aW9
zUQ={#k4iY*?fqDH{*T`_?;csOs&Ht~#-HOKw$koTuu}4g5S+GqlhbSVa;VqVOW#pG
z?D66EYnAP#w@>PGY`Zo0j=X`ZjiO%Df-5fr&DU<4v2ride(4MSLtEc`c=`H$^ShUR
zwV7V!tv*C>cvPUg%@k(sqZ6CX&RMqm#9><}J(rAeayebZRkz^lT;GG0Caqg)8Dn!_
zZadiZ>ZhCjW#KzVZ%JLZA#r++Pio4j=fNBD_m44_89(D{>8R<A=O-pguA{Cwk^M|?
z^})%+?sT)MMlavkJFXnJY1Vh;lf14>nrJ+2e8^jiTj`XgdgHwMq+g$Figh{W;u#*3
z6}G94K9RR%Q7iZb|5_bz%$=;Fq-hSvEZD`d1=OA6GP>(?=BY~T5*uF{cTZ-?vR}?<
zoh({<{F^l`k_D-Y_q=T}sC$0&V$!-DUMBXZZvJX{sMVvQ@a;z}|6aHF{+`MW{T?k%
zvE4yQ9{p`$IX$h_#Clze{5Aa@6O@D6f;wB8h@Af3eQtpnQMNZ9Do6L01XVZn_V`@x
zi1o5aT`d{X*6=iceUfs2KGFM9ueX)xKT}QU)RbJGT^87TBdPpD!}@4}uKp#xM!o);
zoZeQK{%b)Sf_hx~izWNb^<E1?-w{b!LH$9BO&@BsKB!xlg!Vp=>=ra|t88NS_4mAd
zSwu(@A2myA`Wvc^Bl>jO>$So<ioFuv)c1NE?wVM2vrjkSb<0oPw3Mc9*^e(JKe{v)
zr+s{RvG3>iAN$`+>Xla4q;^zyRd<G!L~os|t5J5nxjeMLHB7nhEz#rM-%a!t_dE4U
z_uba(ZzcM!&8|@<bi<;9bejrv>#yo`q$<}F8OiMzd;5HQ-h1>m*Xy<fZVa=XoA1{+
zOER!l?xTNDr*Hq;<k=tnLwG^OeMUsDcX_{l&OYLy+Y8ga@lLn(8v4UpcJwsV=WOgx
zR_=dU-QSwib2~YzyhGp++^zf2Z+rBESdWd-y|-@@eXXr;_vr<MHMDi4_nyp&jXM0`
zN)^%ape3izb^G3Jw$FxL8O<%Gt8AHS`>gr<iUoOBDemzVZc0w`jGMEQ)Kt{HtCP{c
zIr-93$2Z0%?mN1%c1pYY=>7L~qBMT=Ppt5`d3(qWlV;!Mm)}&Vr#-y(@*8dSj>)E+
zZ$j^9C5?}oqt)iz@ota1@^Sw%51NX4n%@%6H$>Apzv%W+i_dHb4Y!rtXKi8JCYb$F
z?$Yw(=0?@@A2T)6!n?Xh7G~`CZFZGQkd(O^qNcddtMab76Gy5kAu_FY)M6V86G3Wd
zYoQsNpJ`!~;JdcSR_AfbQ)2-q)pItBZ*H|T-)3!*|MlcsWB8fT%e7<{GF$j#CZ3NB
zjodJSfJbBefz?Iz?iXxR66-vyN>ZMh2z)IX*1t(eulwFukQC_@vYgqH(3w%}IeQ#G
zz-6PB%s$8L(78&77BZ`gqeAYUjf_r-sV|0yU>P&9f#1q_oU*E{Jgm#`z_YvNi?w7L
z{rQJMmeP+Oy2=gn7o2uUen#bAdXnZ+evAm&>sOtvv_(tCF{pc;nvIRIAnvM*b!lH?
zAqaG~FRkT4q~p3_6&-FDBl$xTFNOk}p&jR+8(5bP>#)@;Nm(_qA~Z4@v?*4fMNR0`
z{$PBy>qU_6a*oVNcsiSsPkuZTD*d8dXS3RKBM*h(XK(fsV*;rAW_u@?1-cR+7^k*3
z?(X)8ZSY*HtbKxcI2Kr}zUqTnq*OS}t1OjpD%D+6)VMp}FJ`>gTIEYGX+?2}Xrc#b
zx!Y^+(U{Vefvs`5)09TH=bn$;4t!hVemEMkx668^t-~5%5Zb%sd}EC6`s7oLMCgt1
zayaz^AKGw27?<IFuVTD?d+x%CW?%^47+>f^J84=`BJ|<**1;0BZ(1gR_C6I(k*4hS
z+?uMA%#3)+DeZf~FcM9)8Hm=pml=zjM&Z{N>DzGA;){KHR1<-jsZ_)IILRloxIjyE
zy)Zk?M$%?XFhY#in_k4kO+Pzah~!H&#YfhGct8E{oRJLTF}Gbrj4y3c#r-hTajDn4
zm4e1q%9kdtiZtEVWt~NNoT&xEL>#T-pVeKz2xN(qjH*A4-h3=U?tNV^e3jJrm*9=?
zCSP3~ER`B}*9U^iK-<B?w7P0Vi3<Z;1Cpj8T8-tH`)OJU;+|X!c37pH`GkpSHiR;g
z$F=7=Ws#N63doF!4<92<E!#&e%U=-KnxJQayi~@)G>LC7KwpHUWp{QAD4N_$@(UsP
zX??)_G8Qbyy<8i<GT3ol+KOOD-5MH5XlYsz1Kl}RVzJAVI^sdjjG6_gs^d6TJNXn7
zNv-1+i=>^QX#!ej-MNfp4!f}ql<k<%k+6^m{3$PbE+R~Jy9$IY8cFLA;oV9^n0CV)
z5$-SNTLiXF@sBk1ZqN0<)7zM&>(k<vlaVM{<zJE93=~s35^r|B2*g$ECBfjP%9)|{
zhD@N?LQ=>h3Tum<pfuDa->|CWOC)Z*K;YM=1L2PAlrQB2mY{_<*<vDYu~Grxz?W#5
z(TqCxv&ZcNPDD<hu$HOkgei+B<KD04A;H#%(Qt!k4cs7hIv$YpUxT3A00WYKe>c+S
zSq+pC$^jp+EYY@01<?GXBG&6ktu<D*J{Xg75vg*(Lz2=7d;*l_`4J#=KoTx=`q>Z{
zR^aBkMz|xdrGPo;$v26S+{~A7G7jzLXLVUqfyPw1RN*)XN+e2JJ^=Z>u75YZ*|bSq
zy$-}kiK}zIxu7WjTx8k}D;*hr=H1@Ll!UtR9f|n~k&7#mrzAR7)daP#H}N<vy|##a
zfq0ARV<JPL35y?ar`K`ih`XoUayIDc7e>_aZR6_b&8Cu-Bd?je<@mj>J6C(K8w!cK
zxy`1bXCqsn)ee4um4hWb%vWmiGZX8;<e?T!Jzz2Cl2KUm+hzIZu<#p-M}Z1{#>$tL
z3sPbt6D4K9RrzPJu!cxj$CYPoehq5pm<YhqHO56=n@>CHnh0)`Sj@@47})_`0ss77
z$H3Jq2+$_XQ5UFhkP2LmEY`X@-GCVlJyaxgg8ggO6`2B6nqxLl`4|hNI}%}#_o^4c
z<Aq;-Z{u0r8&yCZCz%9hk80fA1meU3)_#uhZ8uh~I00c`ZJ_JMB#qL51j+4y8K7a>
z#NtZg2}r}2NCUJOL1g}^B-0OQ%6oC_*%pplDgbjRRKq0B;6vb64)zBFJou4;xRrzH
zW4m7L0Q|@6-Z)Lt1MpE503TI>3*&Xy$F`zSa>Ih80H6~<;uRl;`|$_;K;9@)qI!r2
z@w%K7_$_||=CU4BTw;-OUBX;K+5s^@n0mB%Czmgg@4emBL|L&q-O41;^_9Xpq?HQR
zDnth>;CI~$#ipY!8$j>HM79(3so0r{lzP>T$hG(vk!cj$$1H{M8xqijxWCIv4C{JP
zz)rSo+^trf<rgm*0>GKmo;y`S6=pWG7BuY@bdc3KP~F_w$6p@kTHKL*zaBvwNCTBR
zHQ%mWQGtm3vx)XK$`t~l7x9g1vC1ly=m0Cii*5)5Qv_mD)pw(&I@N=C>VXwDj(?%8
zdpTM>Treg2iF4`QyP+F<%PnIIn*?GVN<PsqYD)sM`}>-R&g0$ho;7q@-zxp_<K6Ec
z-Fz5L^gG>pKd0T>WJ_^PU=<N!)O{tIuX^EDPj~-2<-Yoyes8_hp;x2yi1t~1eH%;a
zy7ji~nD#F8SyN7v>ipVXH}lR}i?+2$b-bM0x3B+WPOmc2-_om;W_4l_Tl0xkQt7eo
z*yw1Zra+}D29A!^?X8!uKi^{4Un{7|?|NC>eR%Da%kA{02^XS@iFnx$vBcZ#;@Sx1
zKEb|yX$>zsZ>|W<F}hgYqvLm<FIQ#MVw90{?V(h#;@+*LBMaK&4Z<hS8uo6IyS8au
zt)<>!FZqpe7soyPWujK8yYgP`2NN9A6Dyp9b@*#)pXhh(*$}1fy)DBx;;6d!shUyO
zwN09{x9%-ia{Q+9^9|HBwarF4F7kv~SVD)Km&xgH^&3$+-f{L83BP90CZ9c(kuj$(
zGikjMKj3mxWTRPPUDMN0W23BP2G@U_#=p9*sKe4U<v@I7qD4hYR6^&oW)1#TlcLad
ziU%GowbyxaH2i${LJL)j>1o%n>ysU=qim|!KSanoQCm(P-5DR*q?mru&w!tq<w9hL
z#W*IJzMc#debdq%7yLdXr1$NLGB!G`)ZtjD#=mM><gZj}Tx`iyHd%Ek)-kE6na=kx
zF1pgPMrSbus+p&cm7RCYK2g84UC~5fGHfxTIhJf(Y{snaK4$p9t1)cLC567BFj<rz
zH!N&2W9s>xRHGKho=*xZiBIn%E{2~^>X<;+jpxPk1RJti;;!aJHpbU^myTF9%*i^T
zZe@`Mh2Q7s{@h7!><Yg2lP1G<<6)O#8@1Nx@P~vp%9uijRUQ5-+l?i)KWx!~Qn655
z#pMaH886(-JE9unSw5vtz4QGN>iinEosGKO_2R6z%K{xf{}4CTGpLG4kbLr>m$N{}
z>)!i@8~LXn7H@<_Rd$*VjK`le+d@5qo?P=Om|+A1Qaj9Rd3}9XnoWqu;dbr2+D2M>
zE_{h%ujFSmY7MXS6mUzBj4EF@R+m~ft1w335jgrlWc!;DE86GZ+u6`#zPo1D1*Le1
zH(M+ix*KhhOf%(EqKL(+`?im;j_Eohwp#=GY}HPyT>+hy9xeqPy3TB`s<hP!-TvMj
zT+%+j@&X4GlxSM^Ap<?V=uf~_y6YuujOyzz1F@DFE<V2yM2pp3xRABNCZuC*C6>&R
z`NBLUsy?tr{d9C%<8HsJua-bRMCmTw)6q^B{KJ0shyGqL?V`V}^9{4wh&s=(*4C@e
zXv~UcB5UMDYeYrEbm?`Du+cFQr0cfzm<P5VdwaC;(Z0~vAqQN?u9@+`=ELLySQ%Iq
zFEMQgOD5)}sFkjjeRJ2`C?iSvkS?WGx*TC4d4+U%(^`u&4aC^GTiSOO)hx<GVHvY#
zm<<vl>xnB5^ztdA9Di8Mv=7W^iik{VX`;o1tIt3-n$m6qC{X_Ke#FD#_7#1`wjU#t
z+7`Fx-qiGY-02I`LSn@%iyC0)JvOqTM;lyxV6#!#$Man;EXIPiP4_NpydqmnCZ2|P
z22JU@a6xP41*e|Xfj>pPbJEg-rd~5Wa6xNQ&d)#rE1=kzGseYjLBoGJiaU#)ehdp^
z7NTKMQ&y4~UVp<@r#LoN^YUY6ki~{c9;V$(SMW1U@{v0)DZf`lt}kAn=6P5zK~lGd
zvlwYgC!%IxNsF@qYS2rx#azK1<D&fapon?brSGzOWy7JFndwc`+^f;zF|#jD_v35L
zyMTw>Sj+njlXH@64*H((34*m3uP6%3R=+N6`3ind>G9R56TvBeExqNp);CVjv#42q
z>lftlY1XAfDoaMKBZlT(37L!DU%!pIw)^<^s}H+_sU}cPWE@;Rcl}7Y<;+6Q!*hn5
z*PIuEs#AjN4RLi=9~(uS_T#8_VI%Q8ciFA=<5pfrG3lateAH@YbUrVsZJPD$vMUz_
zSH*%eRJ9&6v&DihYHi2TG^bp23K&VqJ+QD{kgz2=QaRAa$|j+%Ua_HP_7Gc(6LchN
z+|E}^>$i-QYkC)q`mwdh2bWKvJh`s<2*saFXEh}HC9j>wQCF92EgpB84b9t7#C>Z$
z&DwZw7Vh!-xNTTEr)x`*=<lC6q1Rs$RiOvs*81Xv@Aw`jMfGk-9=WFWs;74fEtpm<
z61T)-9J8wwH~`q{mX*VHa;v=^OUA7O{<l|V<b{2|Iys3M6&?MSSJl1}F;3N*nkNu=
z$OyJIOtu=Dx6bH}XV8i7SLgU)DK7WT!De6YeF62e(V`HUg$TZE@CK`<P>fYecmaR_
z#kXf*tG#{t5SxE;E)Oa0*r?<nu`zVgc_U>2SI=Z^Fn9G$Yc%3IB6j>Vfs)WL8+X2=
zX~!kNQL!IZidi_vL1NaB^D*^0h`HSI(<~fE9BvR;7_Z|uW08+iEKQMO)W$Vf)?mMb
z7oB?iUYE!{fWSC`(wO0g75zc+HcU+B3m0SJ4;cX{JYJgd5(Wm~YT9#5{6kMJA_{we
z{CPfUWDC~Py!!;=l;@?4#XLeN$id9xQh7`XVD9zSlN2Y$|1sFvz=E{o58GXrAt-uX
zeuu05y*e-ylglDdhi}TeE+}0R3$`${g1KPI18j%JyV;nQzs3Ne?U(u&q#^V*usHVB
zq^#zIKM76_46JOiF@bp&i2P}BM@il=Flu)swt8QA34*TU15=V&8D@4<`zC1Eqv(yy
z;P(3A9W*2(cZOhx)t$tnO40qbjgB|940orvapiS1jG41ALJW$AEXLy|Zc0C?_o8bT
zktXLY_h9R!<k;+hDbSCD5n<^QgDM+6jBtO(tC1!(M=D{C)Acd0!Q+HaH$auEdta<T
z!zTZ-_w0!fZoS%$08w0M#d3sG!%BOFru0McJJtAV#8e{QKBDpHk(?(7bopvi3I5x*
z1CMlan(%-s?c98zzP`R!r9lS`s8ZjT2kW;4QdW)~;vnIlt!%9I!SgTyPrphGuc(Jk
zxcB5}AW!ZX_WZ<Liy9b6*Z2{$pPZMR>ra{{<HczN)kfdci%vvOQ?GU8+a+_KHVGt3
zDzMsS`)1*hqTI9uiTkkL_i<;ZH04AfNT2+DO2rl}y_}(W89EJ<`=u%CX1X8n-CGRN
z!YX>vof)U2tsqwElrZ~dS(mPbKxZ|?wgL>+KifL^=)>ab3Z~v(t=B8e)`pixNe<2P
zCSK|-yXE7eQxcrgGi!t#Z++`&Wx=9bzv$)6+LU>8xYwjmmz<`w33(q&uDt1A-(RV>
zQRcx%n+>O|`g-4$eV8NtI=Wkr=xa$`q_B`}e|Sy<vn0AylK6>QReY-7%dco(e$I7j
z&vlpRCTCj}8--!x%jNbz%~P?vLX}E6ymP<v7(#y=s@Q$xUf#Srtl_GuqKXCf3cKaY
z<qDtXS?95a(^IKOBDRgO-)2j(6_wAkzd{X9Ih-5pEG!=uaZf}nEVr93BK{*L#J|Et
z#Xj|KibDL`3Vnq>HiJw{{D-#v3Q_EcKljj`LM-1WH>=Q}4Z;MJ?<}+%WJ2U-8gCFL
z5QYj?{4o;(koC{GkWA(m4u<E~i9-C_3VpRcq-lvkxc&biiU*O3oi%8n)@{RMc97Ew
zpJD&)j}Q&?-4R#ue-0LS3yu|E1340LcY4%spQ(`|vR!Py>Dl*8F5`GZder1YeJ0Mq
zEj{7Mth~0eXL8Cpv!2Q2&*25OJ*X!d%l2gl5uMN5rYYBi6;C%PSLmnNE@Th0NcI!t
zK5f0N96a`-L;G!kcf^$b59#&Ef!%&vZHJ9lP}u+U>AX96!>966cJ4nsR)5<z6&qZ>
zXGPv{LY2jmN)c5^(G(O4pFXwD%Nq_SJi?*8&~6*W)^@l2Ksk+<k{f(@to=4oc>!=C
ziG}4VbosAmLI}D49WK<X|6CLThU-7)@)b;^=mRDkY+B+!wC&fJmiQevtJvehPi}^Z
zZ4f3<x!v@^a)UxgB7z5D0x&eso`wMQr%VhL6o`Kew?8oKVEO*U#l-&r+StLc|4J3V
zwA22G&zTTkWvDN?e2ukBzG_$!e?GYH6n+(#KW8Ew+xt6B9?oApy=R<lP1;Mn!l#_~
zJK8LXEr$pT+nTw0b%`l%eO`Ha`7K?SQ&R3dd8&I-J~_}WC}qx*>MgdJg?d4$T9$`w
zdp@-IzYT2~9h)CkEU#3Z!hQck`G<tLMEpprm33KL1vt&zEKD=|cAm^xTx^wf{=L^j
z{$=-tH8WLj9_dh8p<gPOe@>RI+IYx|;HIK1b6cvZzVUV)tHqFOt{11OLYCPpa1Ugb
z*By4*v-MqEe(|cL;h|b*ozI#VDKVX@Uw)HmyLjv_c&yEDuiCq0{|_OTlSbYi;$vl4
z#{5~ZNG*RyPR&?V^^U4g*KZiEr480&C9L_k&c3zg3{4y!^452exIJW=qs)kiqoHZr
zwtVNyzqOkF>V%_Zb#8O|?M>^MuEyP3KfA#*xRLsD-le7{DNR$(1ZbO*wR<{kGRMHe
zI5rY$+p1h|2Rly5KM`^_CNh84VaoZ)4ril$o47iyeX+LGsv%t#OQ?`!ran&bu_&s^
zqJ~9uXN~;0B;Urg$m?<#5pp*vvbbp(dSxDqiS*_NWU=+2L2~zs{9jiUb);Ujb&IR(
zzEP6GF&6Z`X;`nA(CJ%kZEwKTt3U3zt|al{T%2ugdQMjweLX8MJp>Y=9SI7~kojwS
z+n#nhWUp3rb~gJQ@Jw@Fn!g|`*}e}*nK^;}veOEQxVjV_AnoNx)Go<i(CZSGdP0t$
znZv$B2SuD91ub*KDQa}E-;1D3mpD)^)PH&Y0t?r$ACAcJ1E%;VbY`_C#p@{^S{dk?
zQ*}|Ap3tean9Mor7~yA9`7+2(x0vcJGJqWO36$%*q31u@5R$jO=_Q0G%HDdVOM&@x
zeP%C?G=g&5^pfwP_(@zKN`r*9uTVpY+1r~VS3_lu;BaX{u=h-ln3*UO``|bu1`@N2
znUyF5uzIW-%H>ApJ-&eWb{{o><n1a$eU$fX_nEv7wdXv(hU)Tf7J@`X>o58z!o54a
zaIX2%gWEWvn}40mA1BQ!N_@WlRDKqjiEh?GS>H2?hyN<qoaBAaCkkabt|qB~ca$%g
zx}$9MeCH5I*ehR})y7C}9DVl<%D+LL_;)kS&oyIhA$fdTAE&t;-GLTJU!BCc)fs1S
zcGhnbWFs?2Z_V0#BwQd}4q4|a@%O$UdgjRlC!CVjPPRoREN+7A;40<P6IzOgAO~Hw
zg-kl@Iam@X>rBV_>f-w2X%XCM5}G)t``ixo@1tRgNv|i7iC#aHGnTY$B6Hc!<x3z#
zW9fAQ4mCh}*>n|7FUygngR{(koMa|Y*81zS%r$=1Hx7<QdGtywn01!>6Xf^yJEu{;
zIO>KmPAsP-Ksws;*9{<R)$)o&=wdR_jOeoRipae32BqTe;hQQh6Hw=W=mFvwdc)%Q
znKgw`btWU#@80Q65IZh_ET_q?Wsq!CpMNp@hSl*i?p2WfT()W^B$PTj4nM6)Ut1Ji
zz5j6crzVgj{Je?kOhC;9<AVnfk>6-7^pcR3kN889k`NIuYH^71MKAR{l+}f_AP57w
zDzdX_ai_dy@{nX*PlFk#uugX^oWm&I|EX)>2JO8dwJmDNMM-6{A5k~8D2aUh%sKzK
z$C>K$7bz1@jv%hgr0outNc-+hCIxYlx{&Z(wu&1KDYj{GlOUZr!T4c4R)92&4J4G8
zt@7>N<vDvwrRNo7Ea|M(5r|X9SdCBW-ql82-5Uhc78Hq0KypYl+=r@Ei4GPbZ#?!L
z?&@kwe4Pmsa{KD@Yd3`4u)4hX4&*f3s*ZRHA9>hr53vcr3De??y+c2lz$yKc!xlwT
zk0XJ~-esyvKv=@!cg>4HP1B!DLv5FgT|o#Ob-u-nN-uV<Ut7eNID`qArFVrM8n9f#
zu@Ypmv~#i8Pu>|#i+0_=-uww1q`T6eK%!P;wWP?cX~qJ`DSvXxqx>zTqj5umgcU!T
zbjP(Hk;tTp9K}AdJ{Rh=413Zb67lwMZdgZY&vhOIJna4Z*PREqk?=uhb-Y+Bz68PZ
z4<dO8Fh(N{PT17@+crb~v%X%z1KUuC`X!LhNvbTzjH*taj986w;?On~L*(^`dTiEI
zNZC(|du@9aS?XdqM9&GvNhuf}&gx_t>e$^x0f{6XC}&P!eFPW4qz84cP%DR>pBsPZ
zURq*;WJpUzasniN#{v(=d}OlwOj7K^AUF#pu{hfSwNd?U5Zv&nO*Hf(u}tD|79401
zVQ&!@Wo84e$AgQQS!alp$~a>wN+F9z-0OuCK8dU<4*7mi2IY{Q4@`vQvgxX4g5JdB
zGglx(Y&Cx~B$~5#-A4xrq>bM{8-aqqg>q+<9RE~{RiOBBNFaBOQb$?mt7qH+%W10L
zPgH&AA3$tKYYW;|H#;ssw(mArWcc&*M$bB(JzjN%jZiO%?wYG-aK9z-aKK_iUya>u
zk(ZToYLb7|KQZUZy*a!i?m^?%ohZI?ue+sbONxH~k9O{-ma0E0l6cVme36HK!TVOl
z@#l&kzrS7L9iiNBup=@%roLjfb>QI<n=Ys=kZag4WuQf<ij7~qhw^y*)L>8j5o$`~
ze_pb9kIJv8N_EfCkO4~lnEgj?dFn5*)>8eJqBMR&I8^10pSrW*v*MqF)fNmb`K)-4
z{Ng=gF`pHWpofeYxq>Vvgyd58ikPXW92FOG2Ko{ehr4|y0xG7|d?vylNVcnR((m#o
zgv$Km4*qx5vE~GL;p<dC5~2D(+V*QqOMG(0-?r^vt1e~tNAMv&bKYNbLLeNBpFh*_
z6p2%jYkwC~gxZ3y(|f-C!2!_zS*QOaW{Cla|0~1kPb4c?@!7aUqZrIh{0Er&Um!*N
z!Fc^0B#1@K959y1r(fs0KQS#)5TG#rSL1!v<Hx@%Z&luG{rdLAGB+KjOz+#V!Dh1y
z^y&`nOli)!{j;ln0lT{0bo|urdXA*Ltkufkj_7*X@?XQx={9e*-0F~${k%{@@UtXA
znUfbjB`W8^`;TdLdviX#6=W2R*578SVj~zj{-o@l6?NjOtT|FCzB~7$a>7!I79qR;
zY395;qKf$i+bk)zf?e__WecBXTIbb?(|EqQ!9}C(2g(b83!OD5JVjKlLXQv;ljX2+
z_*G1Zf6C=f;Xe|EAQk=h6#7$rV2Az-s}TR8ZU0mhp@WD&baVJK?E6n{wwpc}6HtC6
zqHqu<04uQPHwY7ep`j7?{(=eduW*^OKVmRE{|8Zs0g(So3Vnq>y9Sw-AcxR@V%x6}
zWhn8N9{T&X{T<Uv3Eo-=LUcc7`wnSUwzqu!nCP!++SZorWEoJOAHbXwlJhY0<3|f(
zv!yvpL#yN0&SPF~`X#@93>adzuvMZ2g*S~5CqJJ)xHD6&y9H%-^PM-S*pxtQliC0D
znu;AwLn_5#=l+!t+fezgBloV&yAuO3PgK6Zz63BYQ~30nbzY1(L1$?kiC6(R-axSx
zRRE4P!c!b_gI5a60mqmch=t{L(?!IH%im{$#-B)*-{S&%@uDtC5&vaT2od*xMIoEd
zZ2Noqd}&&u<X=|kEA_ckh`kn047eGlutAOhH$#LRgbCzk8gCFLkmCwgkX-&g6XL75
zz`XGvi30f#5y<}?g+L#XZNJ7UgvjRqfo;FWw1mUIYTIzD+KHZ}xh)ipAcel$D-JER
zy>ucx=kmM?LapRil;m)LBuC6$l;m)rUQ_;9Pt4)U<mg{L7rCf+?d~U5j?bTr?9clC
z9Zq933ey<ecPNc9E$gPhtFF}9Y2kTQl*Xvk*Dt-0cTRS)YU64zhihaOLkndwybVwm
zW3vX%VqD&ZvlwgkY#sH~ar@|6#}RS72Qv5hV^(>zD2=;C%pF>~N@m=xxkJobly>gf
z`pwhEuGxy;cf<!;sA*f3_N8?zF{M_gcLePjcBam1P7zb_dy^uolNqjJ>zMs-eJ>8N
zH*PzB)!f=}?Ba6yWtRLNr>OEZMNM<<bi6rZ5+jMzj1X5vAYEPG?WzLL6b+Qci0pq_
zbyiXyiV4{p@%GGqYSl@r@YO|L%T}Pfay8N%c<D}s{DrX~NV8#muy=T1*uuiNI@@5+
z**`eyR-LqqNUv6KhudgyTcZqLmg~$+!f!R35`0aI%KX(Pz^2=u-I?nsva~lQ1Rj<k
zKvv@o*tqw~%1RmrJLKi%VNH;X2u#j+bRuN$<Z4Tz98wg5w@v<Q<>(2%<tJeOz1y)*
z7f1!=Y2FYN9H*4?LiRqlI&Fs1AN@OK+QF5+Zhrv>$a4(fa^23G#u2yTB%1TP>xP3|
zH`0Ji+<WE_0$u$}iH)p2^dj=s?Ubi*3!uqD1?68n_SmMtHG(n$`OLUWhkFJ=Cadg#
zWDD&3!cDoWu`l7KTt)QUmH4LId4KYzoT7s+x~NubI1HsNthm2(VXmz+#@;UPrV5uR
z`4J@}Y?s;st&efZO4v}J!l&S*fy3;T32^Z(McKg^_|?vUWQ^{5*?fofh<nYF64XMm
z#YS45yf9a_s1)wmz*V{%Cw`N}K=<d8aS9>SA769(&Po+udLs(q_6A5v6p^*{_|->q
zW29+Xlf}o=ThI-@OSAUljK}d)i2tgM75HtLHogOAahyz@jE+5u?oh=#;)KOyM|>~O
zvE(GW`!{wX=AL+uygkQrA#bvM|2UHuynF=Frn&oiwozf{GJ8lJw9r0g!UeUe%a5*;
zm*L8&$bj`;_!^y~tzyXCRm$2ebbReCGa4sC1oAlNP%k)GT6k(gJLun7v%=8%ILfwU
zo`7vgNC#{vV<bCrHx%Mac|MoPdw18J;Tj&H>%%wGLgq-coDV>gw6rDD95pNOwZ2sH
zHs0HAxQVHp`GI7o^#u3a^t2>1Av6l@BBI2?U*D6142J#}84Ti!6b64mH(Zf3!I_LQ
zGLvBmnT#hNJz`<svxT{xydlSL^r>Pu{kk0`IX0Rnp+v@=w+VJfZQ$zOG8vSjn0DwC
zx*2zD5lTMXQ$^d#c1H!UM`?0p2_!W#a$F8hDL(B;^!3DSh27kNHgLn~vo_;L{t7#$
zv+@46%%k#L{PGsA^GrL0k^>@IKZ06>UbxXH)dJVykT9ao)XiR9T8=i~WgabF58J&U
zK?lCSW>7&4bWL(g@Q1y3Vbg+6MY#6(c|Y|Yi1ql&V%RLdr`q*m58@i{<^{Xc(5gx@
zWPw3oYdY$<pcC%HsheFuo9wgQ(XBX<l9N0xf(!-z$%K{+5xV^wGeo|>Dh~Fgf%AkD
zh%;#~n<&IS{k@swS^I%9%-kdvvV~7}lPX$FAcg**!_Q2p!?rPh02}JqIQ*I{?rU@x
z4IaVR6{kKKG@fW4<fJlpNDT><->=&;6InE=*7xEldt(8%_4}8QpaX3#FGt!OjS2fC
zY6e5uDIp!-kprcF$Us_?P9xD^ZUSk@X@_2?wqk_T8G2_ekx73-{Kk`Iei$lPvjUTe
zZ%;U8n+V_{naI;!-#x$_FvduyC3Tr#-U~w^lOeSDn!_reF!KJ<Qmk{~66~fVjml9m
zx;HL^e+VJ@Iio$W7jJjesr(aY^b`6}KJ3!fO<$s*EcKJ23QWRg!p*_zlXmF#p<ea3
z3P{$*10ws2oH;&FZawBBsM=Z>j4t#62Cfs82qgMxs*u=$R~`JOyy-MHtT{IJVU#aA
zv~?|{6hs(Ed=6JM!I-<BkqX0A<7127w;gDhB3H>bUy*GA_um5QgG|s>xAn(opBqWT
zu1q1N{xA#j;GB0WQ5(Wd=Mx%)p7Kf{(Tp-(GLJ0c2N9?uQI<#=VKb7Jf?zi7P^oyk
z9|{nQvk7v1gHFop!v`cD->?Mh^0ukK+hMs4T$aneQUEvK0*TE>QF`LODoRfrU-SX2
zmOT4h@l2H5ZSMNmekZOjpucg}p*JY&A%n6W(VLG#k}F4g$f+l;RW&6UV*~fpN|?R6
z*{VGKkh%M~<i@}pXE*Ks31)U(Yl-^&(mNVZd9J`oKDdn5+p1JODJ0O$amU6<Z`)$r
zE*TQFocABw?kYUedTZER&^@K7ZIq6Odj9*?Xg%$K6_Ul(oBetea<+CwMs2t%c+Wh(
z`>0{9^{cMP`?*VE-BsMZ)g{zU<Nv0(2d=EOzOa@n<@P&e5o@?ZOX3xGHW-K8TH^1&
z7QYp8j;j%r)Az@R8`h2}Y-b)<gO}W3vJ#VesxP+II=)*z)?F;-vtkK4G+FUk@i_Za
zB&R{es0UF8!s2i@%u`fMATE^i4J{s@730zx5SElcL_N=b*}v260Dt214y^NpM*39z
zwFdG2%o<4Y-!qb3%;!oGVEcd2=|A=YA#^|Tf`|8C`Cw<^kAK6*1IGSjR0KJ!Hh~cN
zsr+k={de^~GI$`MZi)XE-hZY#)|?nH`B$n=TRYGKk6Yxp-wu?oh7|FijqE>A{fi+?
zpqTXcLdT#EBxuz!?wrh*-WS|^SUrmm$oMs#k79YHel(TRuuoCx51(`HZbtvOXFta)
zRtJ<>U353sYsoj#E1UO@IMw0R^S(=(Nb7rlH}|Pt|Jtg%G`N@YAUXfT-J*{r@0q>|
z{fy4ZUF{!gyH7o;j0<~^l^Ikd;eA_@aAl`%@$>1@6x38_DD*u~OAg+_mP)y~bARPn
z{WsgCXz6hJxpLl}=HaTie15^J?J73j!^Ynfl~28T6ZSwV$J)QyPO<ggEq_y?U`6wA
z`VMw@%1vRp3OyYTG*?>ZiOP2tz7i1&%V|6j@!w!Vh`9eX7b*Hp5iu#ENR){4A{F4U
zE-C8b0a6j)kO8girejqL72kp)#Aj-ApNlj-5>YY8ETHK;d-p+R0Zj+``VHd&bM221
z35IO@TPA{QHwlpvB!P9E!<UQ;OPb+`^<Wc6#8$!~WKxNNzW%1bgitc%VCvPuz5L&x
zfj~z6!UiD9=L-LxD1V3sp&`GDi3*+gZ{aNh>>rwz_&*zIB2hj!E%6`P7MoV3&h&tU
zQdDc8_pldwg_Uv9m+m=O1Z_<CSnKj?dq6#rAK=A?%ts|;K61R+sojT6+5%E$heWqT
z2L)BNR~hj<&#pRLuA1-GccQROK<{0bx}d81T0q&WxU;XgmOJa`to{BzUae~PwC-!6
z>GZ91eej;C<6W=9shrMcM5<mH?OUCt|7z^4)v7XTjR#y*WK{1vRppg$7{5Bb-JDPw
zvN}CF?Dqb+3ig;o<BxaSZ<=~8-q!#8Pjai%T_(t=sdoe<X8|cw?1y2khKep@WK<_}
zQrY5&_6KX~Irr)@vki=!vy@+cv-N4*+T6+GZY6A5crq6@3CAjwpZs20&ZK9$wRl}A
zB}VMhtqPke@e#D9xutlE@Q1^WgvDacxWpe0r&z*AwcyzXv<A$ak?RY$K9zGBy3X2I
z;Nz0I$$%MZyPVt}G=S|vm!UHBg@|gW@4k9(`MdCGpgcI$99LJ9H4~k29wI#Bd^&9K
z5$6!$5og^&N1Tb@KjUov>5Oxd@QicDpPz9)`{|5xU9a$rbJ(}AZTZC!=PTq9=S1NV
zX9AsZo(E@~tyh|$4{`14c5{JkpwZ21q$a?3wQP-;IkJ_^wteJ&;LV?G4478+Bft{M
z70LA@@zZO$1AMTmHz5`dPc|33qn}|NTa0cuz%N`q??`mk`Mjq5&uDuww04OAihX8#
zPhJJZldp&3Z*ZkVIq1W-p3{vLbhND(kbPisM4P7FL&ilo+zhwj!_h7w-xF;+E@r|e
zERarK&O@Yc7Ed;Tqs5(4Xy@w5-7gP07r-HB@{Dtv@Qkz5{V%o$3AB&*#r|NN_#*s8
zuL#)tg3n*|MUtP{D#ov^=BdD<?54GLG1}?*?1NfeXHxU9B*%U5Mqq|I97Ki<Mp;Aj
z!7I2gj5}wR;!VR+doFCd5xJA6KSp2iTE~Mg8v*T%YP`3mH3YT`L8sC18LS!$-KMv@
z?wm?4JyFMR(~K^j3uTpSEI$957T(l5!zz8beoT9=Ko@`Ks<<1rG-1aun%wx)O}<f7
zIFss%3rl6@;{Kh|@d@Z;FMMb^^9lLgtqm<$45xAfv<aGU)e~97G;0^yoXyNzf;ar~
zV9OPDWu4*IKkP9+@4(-@dW+8{zwo+5o`g<;eT9)FcPsE)*poA`<=l7z{@G%VzM<80
zkSH$&7MDRI{1Gi(FY}g@>)g(w&t`SQsn5q3owk~leSXTBFJW@JW5U-RbFQ<lxcvDk
z=TrEU^Szm9gX`6g0weS>r$CQJblTY+pLXWfX2M3w@l$B?sJZ3jPx-L(sFyPm?W(NB
zdx<ma17W-C)sJY0$Yq%{+L&7V?FG;i+Aro+hfP;MWrU1o_K77vKz+*n$;B10SrPkM
z4Gx{Fb1#N>ui(uIS0w^M;0&sWxlk_n>XnK6!RBbN!K+Dus}`bmr8hEQ;|_XhkuaHh
z9zKEvn>F0pfM$`j%M7{E=n!fw-j!N=5F88jUZdgmh3D;i@D-zDYu_7e#uCU}gS{0)
zyx$Vb`z2h0xLAB*1arBtglwOrr35EW-4AA#Bii`o=WsuT*|CwP=nGO{0Vgh)!2SNk
zxwg=Si-8s#07VZ{Z#ZW!k|g0KCPxNyzkeNVOM>!<+qvQ}q~MQEgs<g+-SYe%<djK)
z;n+;(O<3d$;z$b8H5WCD@*^GLV;AWBs$u+D%|Y6tZQhv~WpE_+*ji5oKis=V>`lvW
zW6hh;9;48Cq<x)qkSs!fCmh&8EN51u4_*NaOfV_X)BcnEq}xr=XRpA7Q<uY55{3te
zU?BC0byr*rwkmul4e>5Jv0WU(Bs$G5q$cfcUM@4J&DQT{Kx`n^Z-M<(kw=8~htFM!
z<oPjCbM50yzif8x6!`E|Q1(nV(!6vcI&Lj;H#R_5YYOI5mz5GB&kw*rb-Ibcv^@}Z
z7{S)?sVnfRE)B*U7=;AMq{(PU)$maa+Ncv+%9K|d`7QCVHvxTh>L+#XqKS6MB<8lH
zSZ_=L<gTwyt^+{V>?8sGN!9d5W3)Lt^Df%#J$3Hp8aPfYbov^7)YZ`txNIOAhBnO@
zVxt?|(P!&I0{Vr+%l#mstAaMxg(5wU#*ltqcC_X33C2;_zpMQbZ{N+t+jna}puM`-
zH((Vj?xN^JM_~7~qTQ_p;tkrqGsK6MPoYE0dJks8Wrm<xLpe&nX6DCwDRdPSO1j_o
ze%T*g`(v9!dQ!)*Gau?pu2>TM?x6C?NB8;nEEhZ8VAOY7`Qpl_839&?zAN#O<m{TJ
z^8qWnIoE03s%NyVUh&krR80eu>yQ7S`z--qO}(egzu42-V-b^|;}zb+)H!XRoWRqQ
za(gGCYS=gL&OPNlEAA=p=X4GmKZ8*D^_8Ulsh;@-Klbe0FC-#_RE77H3pt&;<!2C-
znpcwcr+Q#3rYAR;rxy;a=!SjPdH0kHfYrZF^iTV{^UowF{%igI*qm5$Vvy0RLT%+6
zo(GY}78zRL`A&kicEAUyI3kv(cO>H2VAm9CpZ<-<>Ka~2+Qon~4F;Tw9Ew}YpB6fo
zz?@;zq|e$OdJ=jXdKnfm6MA~|na982Hox%HXAr4t7IrwO*c)I+pC)oL22}c7k~zj2
zfx(trSot5p>o3gDA^v}0evnYGKl8tjv44p9!H_5Zi!nV&zc1ALjpW2{VEexYnsAqv
zNN?-gElc`7I)9Yp%}P>V8(qTbJO1jRnP!1r;~{f6V!ZID@W*<(L9jDNm|H#OWcLYr
zY&MuzFR$kiC)ym!tw!6YYLFkTb{3w$({_o0j|`aiIc}spP8C;k#t+q04LOJMT}KBV
zQYp^4OUh+}uZbQz3+y(E#W)|jb<KHvc&f(Gl2mazek`(no;qShxy(*zFOMIp6lWkM
zFfDv%Wl$4DYn_)ms0pH_*p`z`21vtGM4gC83!jQQ5t70gzdx6U0D<6?+W*?@OEvzs
z7DOr>YWq8C(0G5R)o+{uXA}o{<8Q0+*IK~$G?4QLTv%b{jGRLZMvDh={Yz^U_VRy&
zg$~otG4xNQCVtoWg&+8X5rJiYmi>H?0vK2ZRz3q@6hZxJ;B^H1!HE2V+h;%~uowRx
z1b*Yp-}(~HIsP^Nf7|T;Zafmd6CnQO@wl@vnKnwR`GxmWnVhlxn^N~SPd5Ga<<F^i
z=MZY;1f1M!OmueZ@k+hBuO-2SkrbWZS5jQ_OW>TcHXh?pbpLj~Uem^w{+>l?J_?Uy
z#m@)52@33M{}3?lmQQ+<(}+B8e(>AJO4X62x^ePBA9qKtPM)u)O~9A%UHD^&x8*Z}
z66N==FPeA9ak%O_`iO|qG5VM6Rcx5U#^Z8A#cmB<DkXB~e!j3`_Yt!q>paKd^mX*`
zl*rs*{usOI%-!;d@`dX~<wt;v{Uv*ft*CsS{TdN5Sw1XcsfhT`nGpYw%l-)dKN5w&
zivEiV{h2<y!+&F1;y<+QpNS%J5b;NDre4Lq|K#R^6@xJW<tp^}L6`tH?<~A9s7r()
z8t<=|!0PmGa@jZ-k$)Qo#9%IiU=VQ?<7%*UTQKQhs6WI*WU$(&E+Y$wjQdBng>sR=
z#J@0x1{r;@ba;UNl_<#ngVZL6`ER)V4sicIZmBt=7_YbOX-Sm-2F~a@8f0Zum#=o3
z-L=x{oMBm$AZ;~0yW@Ozf_%NzMf(7O1tGnsjrq~0cS4X`Kq}Qz@M~CCyIx?Q-%0uU
z{1;=~lH=QAt6ALlA59HX^V`}xl%sR{w~YRFgHry6+rKn52K=Pe(<+g;&~~*jC`L!4
zOm0M~mQ)IV=YIG`g8nuyDVmwm{-=%e?yQqg#TD}l?7UQL5{Hf7C@P<Nm7g1Yd7S+=
zFN$sAZuyN$1uND`&{MU-Q$*z|bTg&Gr;XNmqH>t~M8v{!8c#$#z=RM{3%UP2E?+Q_
zqHp|KQHXzAp)W-FD}4ws7xh1~?bnC`-w4C*{9_Ld=3-+%m>ArDB;wK_OaK%3NZTMx
z0CPxV55ffUvfcDSOb7&`BisQme4QKs!@n}@SK5{M8=zGj4Ew)U5o`EIc7ku@iVPV3
z?9UAKr(6b@{EoHX@0~N)g<qJCz`A_ZQ2m0-|1ih~y!+drL6A`cvbbg=loDI#UJ9xH
zp`VhtFilVzZq<J<;qFHTGo_rG#h0V|JImH9DZ>X#*X?V5{Jg&{(V<PyTT)ycn@m;g
zsFw?ASt1+OtmLP0DyLK>$+FdQW9Lgf!pEoMwsJPy*X@4aSyX*KHlpfdr&dT~Nb1>{
z6OLLGbQ=(As*P5*kDR2&Ur)|(+#r{3-0X8x1#Wj(wW}`DuMMiIQ9bA0u`!Ga30zzL
zkBjyX-*ed@V^vb!ZmpJWXUz{wFeji7R+Y>za)QV0-1e&3OZMCEzN}gK^AMltHvGXV
zUha;ZwIf6ytdcFAwF7;y%KXeUOU_Utv2NE}-@u{hs>eiYYr~?I=&A=(wlps7Vq}?j
zpC9~bq;*B&{LSd9N0IpX4f7$5Tepk6>H*IzfeI~hw1Gu;Oe9klK3F9?=z~>FJ3f7|
zs@ME+id@U7?&iag-p!Y5SU-jzkl9g8BRq0C8mBa%KZvAx5B{<e`twNrE^aPAnsaw-
zzGrxG#xD*Xzkb8{K4OK(%=nE~jh+1;%&c9LSK4<STy@;8({l6jd#=<YBZn7fpKNVv
zuzZtI$K=L1Re2Q&d<_oBTL>~Add?YVA-L|`V5yi<*L34?7RR%wEGyRE?R8{Jef=$>
z5S|_}PEXFJjr;Xz^IpTOz%2b09SicS`XU!+$ZB;wakzHT|LkrTtNzrItY7Y><wV!t
z4S&RRDW6q2y7%YFMa7<TJU_lIzglc<P^O(aw{o-+(KPn~aC(?yvBS*9v#48O&ZTG6
z1%?2jSo4*wL(kJ)^`fHvDd(MZlQf9R(WiIa+_v-1Ym^Kw>&eu$yzP5K_T<CdK;4_u
z>^+MFiZ3m<X-RbWR^z9)PH%*qg`j=?xq{b<6)k1Qlg#R01hqJDDm}+FcN~u?Sy}(0
z%`djivxMuD8N!I(t|bv#c6@j#6hk`Lvj|>0A`I}WW=U{H1EHv`8|7_auYHq8Ul|YG
z+GavNxIt0-$=Q>Lb;`J4kb7JbzAy4Hw|$rT;e?Y9=f{t3uzam(u55I>F~)=Z`%1vM
z=2^Pxc@LZs-m(~Fgh7Zx$XBvY?`|@MBrmY7gKH1a;zku*+VC7VrEF0Y<bdnX7$3yF
zgmH0k62374)gACHD3HAKIizqKWFMCKf}^-TN$^LOQ11kMGzWN=?qc%}y`McqjCbSx
zG>hGkifwyy;QBMT^YL*Dq(zIPK4wA&Hfr<Z0J!DxT2Z^6`k2`S5A>&mJXSq;<vQnw
zhq(eRNa%Wwiz-83pYmwUTnx8JpfpI)$=;9~kPOM%)4Mltj+IR&&ZysPi1Zrw&{+XJ
z46|~VgOi(#RsmQf>e2V9;DNqR1xB+)ncMmo6&>Cg_NRAyM3a?maGm29E+-T|-2|0>
zdm-t3*2C3tY^0pURl^4e2sc(BCc%)p^>9@}e+CKOq&wnmb@i+cj)N~$S%sH@8Gqs4
z=zGPpzHUfNxrgp$+*dP$wB3C*ZZe#?uRS^&4$zDKy<`R7a`OGQNf!Q85D{eQS7Dk_
z7aAP~R~@vEp?sY7F+n6`4MXkF=ct7L>Ni7@UBuw^jJuF$T6`r0{=f}9P;ycD?>S{1
z0uqQI!o#^1S0CnfD|IBkTY~;-j_BWq?Q5nN!Q1<08O$TRX+_y3k5)*uiMkSYd)o3-
z(W}f*0FJ18QkPR5a7_UC#H~d&uXUs$Sruw`IFW!0ML=2SYc$i&b6getDWKY;r#j%G
z$$$jiAxM4n^(FW>0!i_1>o*OS6@IK&nC$&-IJa<L?NNyhDIuvIB=FuXiK!Z{YJOE@
zCem2x*(h^6<-nw8*y_Zb1Ca7VPSCLsY%D{$TkT_=kgfF!)CZ4DDfU>1{;&}|;LqlO
zm*7tp4M@}E3E4i8XaX<DCknfokR@%5)G93N{V0Qi6q4y&M<9H33z!E1;S|ebx$wtz
z+NTnv*RmMOEr3KtbBqGBg%-Fo@&*4J(S*J-6{>F(49Rp5H|c%p|0C|J1FG7Zz6BHz
z1Su(zkQV7iI;26mLqHG^X^`B6lpsilgwje$2}lV@Nl8mcNDGQ|9{Bb?fS2dSbG`Su
z_x=9ai?i3PS+izl?XwT_n_0miFDNt*ehLK>n+T5VHoFIRmm_`I%a`c9nUx)M|HWHy
zs@uRY_YdO$a8GOBaE6qZx+MmNoKN)Shz0j9xY}^4bCltup!h8~;cN`)xnAD#>Z9q8
zGzh<rzW&9%t_B|}fZk%`!3}25oNzt1!q;PW0U$@phi7S|%$dQnG?G)m@>QV2ql2N!
zA9BLQocE}QyA5j>dkd&mxJBYej=UfWOkn{v{uS;muFi{a>$bxu=7syF_*1x_9PP9C
zMM9_xry4Ljc0e%x3w|s%az(y*k)N4HDF3Cs&Hl8DT9PlN&?`{!P=FWY52a~<OIc!v
z_DeXKHmEe`Rk&S`7Ixxf;8{hGp1?E>&^1+{G>wy;7YHfnsy&z_2e~)^_jD-fh_uyJ
z1Xcq*-bi+Kez=t@GZ_0mc{+r@05h9hsO*8T{ixUb{`>o1roxwYcKVwsht}3|!X%64
z<}}E{Ovr3&cOOu>qWeN$8C#B1y&%ug(*#{z1)dM6pdc>+fIwo$Q?N4PcG=arjhVDn
zaZ;#*vU?=ty_yHCaMU)hHuNw^vge=`m@IRx_5AjPKeO%uRUdQ8O83pCu<rpS;kA-N
z(=~t&ZlHTIvl1q-EgNO*QMMkiXJ$@zm`|`XxIWVxo%P6${4*WO)lhgt!T8=gFpVUT
z2WkMQ6_E-)O#sqi^`w!s^MDB#Kbn>jIu!O$5YPRiVPibq4^n%}1)uH*smXg&|AY-d
zhw_i`p+jL6_&eeN|IV_0YE@XhX(Yh^iI)FZ9Pl^X52OB>wIF%_X>kF#(OO7;2yyIS
ze<lk=_7jftry>JC$LAjs=eKNt-|nlw=g5E4kAa`I=+Y%HD@F;^lw?LYQ-U|nHp(}?
z`p52mw|?|kDAtJbC6a`Ck>c@>=+~)WlE1l0a>5HZVRkeM8vMi@J`4Hmp2`{~$G&LP
zRM@1Dd}evG^`O8qSOCh*<Pj6W{(hNql=0!Y=cy9BHJ$_G61)eC1ta@y2Bj0*-Jf|%
zY;|x)4}kuu?eL{?!2@k(G@xf*vv$#X%Uw6_n_<bt!?m`6vdzf@Kx??U)`PRuVDI44
z!Ga-+GA1(R47|DO#6n1q;u~&v(qI+()=BXahD4n--ct4~h$@&j4d2(H%JC9<gVaPf
zpoWrV#_((=NyuA}G~^1@V8_{=kQz3f9sxkKEXJpYK(uj%r-wk?+drO6a?JgL>C(w0
z$K1i}jFU<JP#$l&|CAZ{J3{}1G6R1{=zmaV;NMX61(SrIH6L)wJAOtLf96kr)ij{}
zPyFfUh5iR+22S?N-`fNKv&_KX-MD{M(SM+40KTjLm(7h7KOT*K&F4EhW)oQh5aaut
z^=s+!VkMY_ur@wrxc}ao8f9ubmL$YFWy2Y>X)nN$6^O%c4yzp(WDL2h3*5D>7N~D0
zn5ri`Fw$Kr_9zEpHdmIL{D7}}gZ4yV1-x?bj0~_$6cegByum881y9QWt4Qf$^@KnT
zxzQ9N_GO5WJpD3Q?5-R<B?Bz{#1sb-%CSQYc$5Gb^4DcCo<fW_g&H5CAA|r~$Eg7j
zrAfl60T5*i$LRqe=O>^fM-v=#ChrY7p5U0Xa3;~8Na7QBA1(>-izxqJBmsU;DZi1#
z=*_>S6X3s_=Qoo4iFH^%{Y7g6|BN|*>sWs-`8x;DuYez(_zyYOUz7xZ`}Uu^I9Bh;
z9{On)|0zj;f5EXt<hcKA+yAf*a6<V<j`eOoU*%S-Z^~tYGl%9)jl0br<Jv|=$SY+)
zr0oiNZFETRngKf#^a@Bsuo!7|xUFCFAz)*FK&9eI00r69@+wOzQ21?-i%e@a7?`{W
ztT3+|EH=Q3OTvIdnbiWo<M0d9AtLr3_yDUFes^$=q66Ms-2`ia0^WfzbkPKOBfexn
zZUiTM=y2#mv<E(4Y7LtX&arPYKQV_lafKit6NYXI687#x4U6#!p>XETDSD95TW$@k
z2no^y@BtttV*Ko>0T5@lj*|(FIh!P$OmNJ(h2vy`KavEi_k{nk$iI=~7g0_q{~byG
zKqtVdHHye>9VzAiP!a&Li?HeNDKQ`;{)wttKm9fOKXww}l+k}<n;%~CzbNG0e|1;j
zFZ%2MBFXQ$D*$bvUv|!)`|CfVlV2nO{%Gg?fxn)z`#<8Yz_BRcV@~@P!b5}a%m;)A
z;Nzn@k$6qtxSLD{du!Kn|LJ~k%D#HaLF4}5esBT!B6rZZeOo<*tT7na-`?A59zRTf
z@SFf|Su$qFNO!xzAS8J2F4?z~43GW2!O;KuCI|d;uW~=0>3{Y}|K%O=i8=7=S2=d8
zU%eszIa~M_`QQ8=|1tkhysQ3JlFYySrF`<<dGgu`&i`As|H>P1d&%#8)&H0GpMUSA
z^VB;h@H@W={)R#V7k=$WKlzj3^!v|Gy)gZr691a-k!PNwhrj>)E#LcRoCNy*JN3%`
z8%cicum6j?2JYx(J&Qo8HPqc_-OnN-Anq#g06faJjWIsg9z1SpRP@YIocg>w7y>=w
zDs7){wA8faY98*C#rhX<S{!bFT<Lz(GT?V$lP{+CsQpkUvK$ksy4-^7!0hn*-X<9G
zSReyxJP*DDX$9=C={bASeoCvw52!6n;zH&o;wT?A3pNo`*DR~=xw5i3R){r|Q@$Am
zVATgvY^iM?_!S}Zc3YP1Uh{Tg8`@8><xxix7V2j#gf+(>ytb)GxHur^?sxfn2#Td4
zI`>38W@a+JxOhX|YyC>_u6t|O1|ui=n^9R~RFJ8qhdi=)tlPrv3*uwM7fKq@ohS0@
z3@fSe&fe5;U%UZAMKBabh?sW3n?Q#v7$MwZ_xhw!j$w^~ycow@@A1Hrg>dmYD)(oQ
z;9ddIw|6?ebsssf*wX3@a|vn}5;zG%o}(Berdg6&M#+ZcyGVUQ1+U|q4$S`fE<y$i
z`XOc?`ajdLyn*V1g7<blAeDGmBnLQ#IWRlvt+~p_d~3|N6r7XWG6DuU3%XhL*77Zr
zU8U&35iUt^w1?%$5!%DmBNl{AI4;9)>Ik7?hUD+)7dsm|%;!Zqr@K8@u{J2c2EiSL
zWwo;qaHHCh7=(+=PmB!Keg$C(t9h(8ii5dn*5j`=z##wLz&+1Qx91JkvE~pGLv!2%
zKuVjk_Auk^ss6B2Cd&-1X3%%WyPI>_GG8GiUyE4Y&;j{dfaiB?klq$zjW?QsPIYq-
zJmc)m?A*CkV&;bGk05?Sr7h#_e8SxB00;$Gt6H{U=1TIdBt4V^<&B_uAJSO|^VEYt
z2j8}m{UM--r-3;ih@!wCEpR4Q1VI)7q;uy(B58^#Q0BbNOq+`NBR{NB0|S=n5V+#K
zp467;+{7-F#GmBbY@2Ql!87jW5fXv}X^P(Q%f1BbUP1_v8VGFxLN(yfj0sjS(HI)A
z0m2p_<OYZ|06`@)%An%xZK~lVKJ9H_mdCwdT07X=H3)(ltOVQMZU8|*H=9kh&(YkG
zP?68MXIxcq{6@h$IDSL7K<21rPP_@>Bo<}CQ*}T&;CcMLyxEL45VT^D1q610Yv!AV
zOQ$>TeuS~G7KY;^2Fbvqt3u6`a{E1vIwgg{T>l67jS$3R1-KVE3#Gr$P4I?=Ly#8U
zBQ(b_O@JFKg!q86>_Nl_m?8^eJmv&ItO$6wjB4?1V#KySoO!9O0;D?k4mimg><GXy
zeuNR(0o4VLIL3o?Zs_rWkRD%q*m)Uf3<+iAjX`|?MGnll2Z<~}Pz;1zu^WS9NN#*n
z1yLq0%^4t=<3aUjb+E5W-!>1V)GsL40AU}4+x8g{<fVGb6zY3ju6<=|&9|yt2ka|g
zWP&g%mSAB{aWI+;hKHr#zziuneK#-zm<ozgA723~-U29<IRXMwY|Wu$HhW}P9&CG?
zgDLnRBM>n`9g#Q)re_DiK@um|h-MHk5DrIYgo_JZ1H;?m5snbN0h|wv>mOfnU`t>M
zF^)8Tac0oFd6ZrVsc<aGu{`-eEE^<VYFQarpb;FVYX%v53q%>5Oa);Lf~XePAN_J`
z&I82loJ@Zt#B@~`#5~n33F;BIehD5h7DQ#K`{{_#RfXR42mk^u2LgbALV-XO9BH5v
zLV*033qpWMtv-MwKzJYo2#z!y0U|@yJp~~^en=1c4UTl?7z&60`Hv+>93eoi29baW
z5KzZ(0LazT01)y20Du6#M+gvK2mu1pLkN%)Y2XNulMiqN$cbL72|xr0bwqn?G7I<^
z*@3UXbt)E`F@703B8w`#9u5G3@E_qOr|}=)91#BF*!)z$kuMwpK*GhtAOHv`E(8Dp
z1%&`0;3p7!adLGB!~Z`tpC9A|qCXbk=Zqa|Cbg^rgg*RAB?nB9w$}ZjN{}ZS^kjux
zD;F?;`<AOt23%cGnNDzUJEH(vroD~ZFAjwx&;Zty45G4!s&pO;6U1=<2NrF7Vu5=Z
z+@MEhorTJDo=8!lpPBBm;ZFJtEIqKX|G<k2J~ML&<S@XIBOYB-xzWJ-m*B8@ifQn1
z3%3Xy0Rjpi2Nf}mfFnSHs9fDZ1PEj;_*&rzkZ?Ex<V3AU2oQ0cYI6_(0&XtoxG(Ti
zDFgsfJPiN=ju0T>a0Cd*A3}hD0_4U%3+m>a3s9$yn9p-RarT!e$pr94&hDy%IsTw)
z@Iu>ATrmR#9i3R{Dx{#GKJc)|6JfO4!6WIwEp%>UPX<EFOwU0gf%_d~4s={NwUb|h
zFr1BByQAZjLK%#86hgJTfmCjuo*UTGn;;y7G6I5wNKy@f*bc#~L1PW%5KKkSx+9rT
z&;D0b7sIE)%Cpv2g&BAg2e-dgV^mkq5QI->eNO=w8P=TI%txw36@Q2egs1P}?35`}
zPs4UA#8=~xjopwdKmdsIQ0SUuzA<dh7KSAm_4Nt=>K0wt-48B8uN4)Yjsl#Ldp3vH
zzfO%$r)^s94u28tGb{29mvLfIZpFNLZ3xWczY?PQCwHV|0jIN>5m&rlm`EC48^VqQ
zhfn?Z^SB30{XQb%6^uNg1e14<{tWH<LH=Xp6g!*~G`yYX=+D`0xs!?hlN|uf{H@F6
z$K4Z2_SlDhOmZaI+1UfR--y?Z3ZuI5#Jn~1t!fb^OY{<|9Q6%Edw}Lfob4~4Rp8xV
z34<GmM}MAB#@PZtMfL9y0Z8#NM?(K18CX%_KbE7?3YIDSmxusRXMbnDU#tA@$_V_u
z=|MaGU7ZMLf*$fi*#KOxKj|$0f*SzGqWrFN{(8QD!B>DEn)q98@Y8lM(f;*fj#do(
zhpYb;I|xGvl6>xc{vm|#DW=-<1|z%v#Z9S)A?Dp6pl($M#=<zZ$NUjr!O49uH*RTr
zC8c0xYI&Tj0uu%!o+G84iX1we0D!di=9Pn$+QZGoH(%y}t&6Zr7@>~j2F+<h?yUg$
z&$d;vx%GfrcPMPSbMY{t#<WsGcLyw%awz-`-jJuyfJIdfkg(@Y8dUSs{ScX`_UV3*
z+V@HFp<&YwSWN{uZV!bsXTY)@2fjpeC(RR(k7?pbKSXY#eYzi{1|8ybKS=#o*#PkA
zeuhur!oML7@b4_^NQrSLT0T+IZ?yybpJ@4yl?<F%``GsXj+Xye$-rr&{#HFdp&j3!
z(DEO%0e-mr&-maU^Z83`PAM5U-eLd3*7{?kpRzevg>_EoCzkcUY56zWF{%kZlP|i@
ze+YmNPnwL}DJkp5HwO$d^n<nZhhX5fzc%i0dzT1^JtPzo4_EY_KA?ytA-nqMY~%(&
zov2D|V)+8gW4|`_u3Z5TU(n398-cbGP@69LE$<j&(h~{D8wBXRd#Q?gRl$$^GrYm-
zQKkswx#Sb5a?(5mN=_3%bQA)Y>O)k(V`xtrA30e+u+TIryTVCB-m847AEIsn+5FNE
zQL{0gj6de~`)ojj?rFNe#RseRw77pw9N?7LKfA2<?9+>dj|!1F(ap))|CERo)N^|_
zaKwt80j`D9%P)rO__WskF42+Qe%~O#UotFQ)BLsH6~<HCu015m0#A{>b~Zi+?Y3#o
zZ&Y$G8trz|3oO$_cw?e{?O}Z0X}5u|tQb%`;RCUIV*X>msc}d1oSyC%z95-MW(Fk3
zasThLF>*cKe<C%=27LaUi1{;opk@36;{3t}_`_vUWWv>ZYPx?zJHQX?`~%DSLoNTY
zl7atX^uV2izAD*^wNKD?jJFkw+43t6a$@2RDHzgVk%#rx8{<-b?y%ficJ|k?$c2M^
zZ-nf~cbB)qN}4aOeP-nrd>m3si)38=u76b(NsF6hIN)$+rors^M|(}oaDm6+?g797
z0+5k>!`Yw)3Hve#K=!VaB06aTKfX0gzi{E^`;$gEoe0EKB2lv30pY<HK&Ym7T?hu$
zV8^k6@L*&RuKd=p3ErT}{UBvAK0N{=jVnAF0UQm1Xxl%&Jv9X6e!=wK$t1_zk=eOU
zCOIbcCA$2l@_=}~KcoRp`27{3|3R67KT_g<6Z#*N8GtnWPbeCht>Z0f``T2T^X|bY
z+%bNb`D^cK!@_-GB<t8=fL}c3wc=?ffxFeclp{}S-!cD<oNGs1PkYVW5!Vyng3Q!;
z#PqZSCLS?8GB|KrH1ggbg8vOy{##xFfcxbyxbknk^naB3NdN!p_WQ3gga3c{#RGn*
z0(!ihHrdhR<+NRoNRN%*vY)SW>-<9l78VfRQhXs~5$35b2-Zzeyi8cTs?++G=YSe%
zYQzk-T*4Z<81S5eVXD@|LLA-Lpmq{~(QzCWY$zN(9hrgcHYl}iK+C)~v!HU!s+aP<
zm@zeY@Z%h9SRlV1_PJcbZkNsV94sY$m&;v+fq_iUz@j4K)i<MIjZEM*ORq7IX-isz
zA~oo?+j})I=$m4535?mUxqJ!%X)$ajk@<V;Rq{l|8|pX3a|pYE8NrTgHytVziymR?
zeJdrKM811V6L>g2iCo1=cQ=RN+glyq`pvUBh-nO-K5E{)oKp0fm*QmGi>riZVHZrc
zF5Pbc3HY2sZOF!m@tWLf8XiBeyhW(^>KYhrrPXW<LH1jLMq840`LcmomCc12ZiNd8
z&6H4<JIE1ezo55<n~T=YzAYF`1!lE_6#(?XTPysx+S)hxtK8Dv3KtUwElc3BU0$;{
z1eN(Nk0TZmob}e+Nwtl@)cOMUPr+h??p8W)2m<nV`10Xt{l_ugy`4H1FvWf^5e%x$
z=c$~;bcue%bb;Rnb-ympA+UjxjBJ8&I<xVF{*y%hiQh@&e{+<`|LjyEe~-mcB0t%~
zqeOmq9{>6;dHja@y{^Z3{B1PA?<MkMLQ&q0yJ=t|zpnAh|C-1T=JAtyfqDFGQNNSN
z55`S@mB?=_)RPScd868%fC2BijRbBCDC9cD(^CS4enZX92ZP~eF<dR9<cxmk<VP@3
zy)_QrvTjA@7c&3`_D5l14=|}7j3d`TRomCJFq7ety*bx&P$0c-gO(Qx<%(FjgQnmu
z*AIddm+M2vI)bUc`aF-J^wPmt=v>DnU(0N$oV)!kok@5xfZJE$VPMA=uu?lnT(ff&
zI~@m4cI0yaF!P0=Wc#kqnmGsW62qQArQ5HEc7X>dP7N`2K*icS>+DG>q1c7}aTHe%
zbIS<K|1W@!cbuDWIZCYWas$s}1n(|OzA>GR>f4fm66>=u9N_8vN8#GU<s)`Gf=7|w
zEikMMfWhzkBT`VHC4adG3TG$&U)2DxfsS|t>}~Xq*0CG82G5Wlv(17c%r}_Sz?Cmv
z0_(TWO>8`}gksySjnz=KfTk1%NF9q;xS{ozHuirhPa#`s`~(G`t!yixs59k#4eFTd
zrr`N+@8BWccM)sDV06$39vwWnx?HiX1+EoBA=x)VLc#*y81&YfFWx#u=h6X2-8A9h
zw&Uy7craNRM;0EplU+}n0^?TKwVI(g^>uh`^7z`_brlR$fvo3}pin&wig{AQW5dVS
zIam5fFw8{_xK;+kd9*viYeIlo-~TybkwU>Qx9rB6LB}|m{z!<<Jt!tg?YapbgNP%$
zPJ<4HEj5dp`WfMbYgMgyY<wuoV8sC(+0H#EEPWz@2N=A22OO)Xu^p1arOL~J`M$vQ
zRXE+Q2vh_<W_|@K6@Ie3cJRo*AZnFmbnJYs6GcKHSEE+laZG5<;+^-PQMs|=VC)st
zz+Q6xPM#$cn>A{62Q?1f`+^YVz?_T{6k2YeEdaKiM=J#V;ACk73t%bslMl0tr^I%(
z&W5CkFWAFo0qd8HLkz{O&%%|t27?nS?}8!7LX*gsWwbzdWeFH<Gzuc6IPwMEg%<=t
z)N9qy+E11aLIB=H><EH8|74Z%mZ_h5I1S#+LWqJGc<?c1-irCiq({qwU-N6h2<$tY
zY7sCJc|w=#3mxcqJP4S#ih&Em3LcjLu7|yBoi47k?kiYa;$(G4R-AneRzf(I2*(@-
zFSM~(2_5Ko%;`vocBt0-i3RPe<-ijfcKC0(y@P$(SrN8^d!Yg0DFNXn6+r!vfQNO0
z!(2#ZOu_FUxGhHWA+4u2$G}&0-x(U*J)#Fj)IqaCMeSqSSK#U#R)sWpymNG$p%Wcr
z=H*9^mIXdhz)yMjz3eQmh_0+VwqTKfDcY`_FJR`rw^|TDoj?xf9}1nH3GT?01rYZW
zy8i*vTB+i1mbZ}y1>a@y?cqjCmXZHu14}?=!g(<bcW<b02e>2Qn_&R`%NG1wr={zM
z0lS}Gh6@eAT{EZ;iq~I{-*cPJDxu~FBg$ljCSc;fpiygbih;+w2mvT|Obu3x=$E|S
z?M9pqLRHEa^M-NLEIWTiMG->+Rus@XYcn)i)nvVFHUE{VHjrA#?~tR=WFB_7We*z^
zDiJt%eL#GOTbK?5;6FV*VY=5`<a}2&Ul<6c3AS!t)VLAKzDwbXv<Aa=uTkaOpJa{>
zwYNS(3A<%9)MhfLd=rLkYAp!Ai^de!g*T$w8A#X~d|0+8jqeln)BPYBdAbH)oNb0L
z(T@iFhj}!nsqTVd(~rhP`!oSajufwcx*wz#&Q$vqpTEln_)|VcuK%Vuz>j7BbIT&n
z{Gr}sW&g2ufFIWQH?{o7N(R7X{}p-vo4BUVKP(kreC<kmd5^bTjswe-3<`U`1B<;n
zy!W&!I$t_~1><E<*z$VnLKvU{b?sVkgPe9S-W+&uOUV(RV|HM}TK!|#(dg6D9g&gu
z!sR&O4wC(f4FFAFc{KO22)`wQXnqm#&*o~^|KU?7TWRQM3E%=n<O+^7vg;QHtp|XA
zI^n*gcCyh<6cAtiV*$UC{GSmVEGd!i@TXb==lUm<{fo#V?OR#1SMF}R02$zEV)B_h
z-#7*D2JMhV&<_jkFz>6sbXck-S1plg9_-q!?kR+Qm3(gOG3(*k$76DjKO<D~(*qAy
zma)UR=4Mj{H+S7`uESLgMwyZ;eP#oPpZ8Y=!#bO7J@*R+4|kmNHk&00rgyrwn$0|k
zDRxV154V#JHdhK^Bg+Q|`vCvp_V(h=ct=>*hE2hE1!c<N;o8h|+S|(;S5~$TGXRmi
zkq3ud$%o5R<Ib>8JN)H#^Ln34lgpbe_oklm%o;Qw#MXYP;HswaTpn3F46U8#JKU`u
z2X?m0_V?{|g${UMhdI4p>+;y`bU#@0IM@=hG4_O|pw~WGpXx1pokO>GsLia#BtT4V
z@bzM?umKsti;#A=y_Iu&Q~tFEwUy;>&K;7O2x2nE*6pX_mQEp*N&xIE99(FEf@t;*
zc6V-Dp*={P(UA=!DZ{Q=E{H2eP`X}o{`%}Qx>u=hQHJcM#anK346`CiouA$Z$R)VQ
zBru0Q6>DoE<ThGlkx?y*cy6eLBcX%}b)7l1M~kx`BX;BgYWD1!<NHYt8@UsLx3@74
zJS!q&v<mz<Q3~ShFcSeGO`8i|=t0~WCfd@iUnk1~DxIAVYtX;u#kSksPZBtTTF3EV
z%HaVL=Hy(N!E$nn*GfadVRhw%aNDho=4<x~N|0^OEX18l%j0veQAu{W;zv;?#91a^
z{b^nFTkRfZBb8OTiN9o{+>;T>##_u23QWq@HMy;ASn?mUxApp-04<bMW=(f*>!w|*
zkT1ol9~>zmaINi?vFS`y_aep>@iWF0m{ZH?pT480e>3ma${qjdi;H|R-ee*VE<O&O
z-prbPon7`+zXhf*8P#vU?l+P)wLMeNtEANsqD&&7=tu=g;|Q0=neW=2xJac#t1Gn3
z<GGXtDsfY*n821nRW<I%w~s=wyS`)$IKpga5fB=#jCt0$9rWg;06Q~oy5FstotKw+
zwGXqug_UbQEF}p?z2j(j=RvBOVmZH{FF-n0lN@G!B@$865w<;E>k0eZ|CFz0x>%`1
z@O^9K#a^xh)Q_lmkrO2OWHbDP4#p2mO<^xwfI0K0y_7)uR4<px&<C{E0l@RJN7$K~
zZBm}d9=wr3Szla}po?CS`aWlk)4m!U!kS~P^|41rp4~V|_B~ry&}K06o#4>oY4USf
z&g)&#@?9RT$Zd}1fQ-k>43B$ayJ25@i@y^X?&L7FG1o3FN}3Jnxtf02t0<t;m_Jk<
zXZX77Noy<)>@~*=uM33FUG>1^S~YL)qZwuyofB7x-hE{(U_>U3^7a0ck-nO#QX0G5
z)+CthG}BZ?AFaVXM4J$H><hl{<&yi`9`T7z;NYoSRy^Vx)n2G}7@d6BgXf5>I9hZw
zKSh;4L1y+W?)w|9Zms#>=O?q9)3V#-*f{%XjO%XAY5|u8dsR~IFU!kQKM3ht<Fc>K
z3!%(PP)I?IoSop>J^z?rLdVQ7&{On^U$v0YD1Jgn+8W|STYZa{hL;y21wzpUZClnE
zzpYo-Ns{nu*cQ?G5dE}=m2PziD|^XjoKt9iU$pL(_mT<ktg2@j5~KVbhm8cmi(T6R
zRBaXSb-ZYSvPDGkdu|I}EWUb(W2g%L7wd`;9D25*-RE{amnd5!#*hN;H=E<&oc$^y
zgVoaEGtPYJjO?NR$MVI3LbD5xBmrRk0>9zB#EVjUsjY98<*KR?qkAr?c`p-8WhECA
zb<P)<O&w4h@i(|hMbzWC0JU=cM(<f>1XukpUeDJ;1|A%&e##*LcAsCT$07@hfB8^%
zz|FvZ$YGMRAw3oaGgqvJ?$(zlqY8dA0lP%wZU+T-ZnaK+UlkHy&7Zz|LtOfm-0=2F
zt7wz~!aR)PW#kgQXw;-45#KC@#h5Aegn%41kC5n>7Z=&$Yw4#u#rh~YU`Qy&FKi|$
zi+DIOo6>;0e9xY-ztl<Xx~b|Lb|XzuL9CtAG?wnh1Hk#=o9`aocGPHMJqAlb(^_2N
zf?4a?(q)~|(MzVN^wBL#CioS`Pf>8%n8ayuR)hj!#sSjU4zXA*x?jZ1D&<;}o(<8k
zN+hDWe3X7IUfiC&iGltWl_vV(9fYb{vX6nULgs;3V2K0kQPaWdXoMi{;Kyb;y0G*y
zy3y$NeW!JdjdMNML;Bdxmfk#^6FOKQ1gc!*&lpC3Hnkz&x&FMosI}UqHH#qZeqdk)
z`C5}qf8{({n#^ux!%!zXLX)~#n`gKRaZMU&#1);EaX)Uaa7(PZq)P7$opp@oRA-)M
z20WE}h6_jw_w@CW?eJ49OuC7`vO;HVOfwr(r+=3!vB1z^mn@xLAew{nJhQz#vBgAl
zY3P-FTTjVyw9Li6j7sf|=RBeg2C~=7`1{i_GNYfmdN{Xu^UdNEIVl2-oTg(k0}DVj
zkwFBjy=P>is!>9|N;T?x=_NkeY2v6Ee@q(IN**95jIrfnBaHPPJ1^B|v~dJ)zV)EV
z?7hU%r{0XbD@qCrE&I>jYQIe8mE&U*vd<=Iq#KJblWmd(JXno|S=Ghnl#B?K-aZiK
zwy7t4o`KFnj(eeH^v*RC(-_ql6#`4UeR{8(XfMyT)6gtu!7ioAW-9kx5r|BUcge5N
zZJN>tyo;$mI7sh)%{nV%_<pV~@($bD6yy4XX4U0|oACxU#6@TK1e$2qikp|>KIwN9
zZYG)9B_bC^w0?N)7EwX$0Ze9KDFm-Y?dJKtAo{`~vAu+h_9;HeOqD&I42Lh+t<o`C
zj=KHh1@68jC2cCpo7x8s=fX=LZ5;SW(P|lBVFSHIl4BZ`8S}3qYEm-qgt=(vX*e++
zkl*pSBtPeNt+%J^(b>(zGOA+bgM=-v(z-|YEOt%a;9Jv8O}Lt1B1Bi-#;5H@A{H6E
zI)8JO3OldrdvFV<{IkiIiYU7Yune}kCtritd`2j4UkEZF6fwN~g1h)YlTPXb>1v^S
z($j$ZfD%%Wo>TxaYDNjJuCyFlY+#W%MvuG%EccW8oAYl=>>i0(w+VhqR2%9*x~D!w
zO^2-fPAO4LIQr&DbJP&)piV)twIUHC2Rpu4zh;L3iRBySfm-gN_HWIEYRLn$pGak*
z(eeFW(_&(o%1)Nxy3*nv(wV<Q>VBGzE59qelM8%qkfU=Tx0jiGW2=}R);;NS>FN2x
zb@@j~{R8omj&8<{0cM{IIPQ1l;B5qxg@`;*iJa|ez|9cl%W<bbPyBZF>iWQinTC&7
zd(#;1;D7U1%X_l;kS(5}u?`boQrady`3-x6d6N0X7cb41?{Fg%jNRJqX=48tq8JRD
z39jA$4(wV#d@*w_5#f`nS<JaUE9aOVH=Frp4CxR4a;WI!u1cogAJM%>>f%`0PC9EQ
z!S9NG8zIa7fsP@HGV|O{{sr*M;$yB@NaS^MRGDzfo3@_%77v&781{yXXm1LrF^nRA
zuh%k7CqR77__+4KoRO(vMe~l|cb&AUYbmqdX~o0<b;|OT*z)6ti_{ohjTYg1uDN$w
zEmn~;2K0xm>t0`N+kKK9seiWz;{pRNhplw21^uE#PiE{{kNT4Ijx<~4T{&XC=PUZN
z)Kro6mocjKw%C}L%euIwOl}ZLeWp`jH_x*RGtw9J;9O%9Wtj_~3hO8NR-v5R;%D-v
zR{R=H10b3@*%7Lw&xrN*#{Nv(-b9S0;Kw(bjN4{JJm<~U>Au`8$Yrj<9df;rAW))Y
zfQ0#~QaO$rc^-4b%LT)cYQu(yd2=d5pVZ|7&+KEH_vfv{WuL7z$kgNEbSok?;444R
z=SuWY#omt?zHH*6YMG8+tQ3B)k$^=&qiEnMyQ(YjK8nS7!~9A$byua<`6l|zbiX?k
zOG2}%=Ry&0(TtyWL6TsjA$dQ`mG|CSI-F0*llD;w>lb{#)?3|#6rC@ck#)a6B6^(D
zWUVv3@FHX)hS#{^Nm!wr{+%ei`)8iX3FC=S<0=iuD12A;JaFa1tvTb{R5ZIVACiaD
z^l$)&qzzDCIU9K|NsOpr^*oY1`D<Q}iD6GlM!TT#^!G~FWzK!Gw`g9d|7d~&vvu%y
z<H+nic%NUn5VCp$O&Y7F22aw~hlsRBewB{TS8kqR;X*#6f3K)QAD)K2ciFk~3D|Q!
zvNXFz^}A!%?symYN?D_ln_4CX10qCiO~>D~NW_!?lf569*unyc_A4@OQztqWaq296
z8ncl;FIP$=KpczCdnYmU^`()DVSmL(4|1FczdtTYW|#j|p;ud|<{}F#9Ip@i%KmU&
zi~k9i$rm*jCw62840dEOvkYeT!%fL|xMXQ&H#5ii+0<^i(o7>;7(WK#6;?F@r3>Oa
zN!cAu*#HGU$N1nGeTALwGc}H`;jZud`s2Dj%zWDOXVrUDZ{5=s8@QX`%RR}E4MW+z
zq^dfe_GWTC)uW>R_7iRNtPYVhiK=%W1q1~oi>PgrQHk>Hv$NvOR9`Aha7|LU2VFiK
z`dsNif5r4>+;dsK+iiRylJ7q+5nX#LeJvQVE+C;8!w|C<JvMKD7RbBLi4oh~f`A)K
ztBkOL$iop!s)B$I9Q_P%7dmqr(;w*u8lw1Xk{hgcaaX?X7O`C&IV5{wTHJE==~8m?
z6=_Vv^F8+?Kbfc%k{VnZV#FjlsKNT4GU($%me?P#wpV%4Igz(vQn4!SP2eZ%iSd9N
zGjZrQ`P@(w%$NNxqR{f=`pBMpEW?@>{rTJX#fDE8ooh$sfv(DDaZ{r%&RC){rsA*0
z<eUQ=*0%;zmi3d*P6ea@m2MA%W?#HF$eMJq3VDL^oZr5lIP2o_vV&orxRKPFO8-4s
zdrma-!%1}VNdAUP#r$lhv~R>rE^OnB=EQ&Lc#2V>C629r-4mOaYMrk0ws>b=LHX5=
zC<Y=?bDA{OuNZ(v&v|4~w70Ajs;;xQXMFN2h(}3UI^JGl5wt`-D5^{I5y{j0u9=YX
z(v%SYX^xVVTSMAse`(S^x*>n_8@*dLtsNBO7wR>7QyNxd9o0)?LhKhVt4o7|U5~4q
zwZQ8cd-c-qj&5^}m3jd8xR+X-x67q_4cE*)EfOwqai>iKoBnE)jB8ArR>gc(JIJ|w
zi}7kK<++;F9g1qj3?2P+>D9OUy$RNOUZeMO_tbTCu`3f8-b%ygkD1NN)VgiYE_2`7
z#o-wd#ikYW-1phVm`DPRb_zN9uLd>Mk>r<YSqG}=Vw<9P5Pi{5-4DKR!alVv*X$fL
zlhyja-Pm0D24ra@2HSv1f)nc*_9Ua38a?P)nWXl8Fw*=`=63+5wL#dNGr7e1;$5eM
z0)yIv)u-HdJToMV?+Sfk-OolAFzrL)2%F`_kSuOUrs!|NaBE7#crh?HdAGr=9riuG
zmo<ObVC*I%q7=Jj_{2orJ^e;IbCG`2cT|aYWaw_|=>m;|hr63O+~ZHw&IYD0)4I|M
z(wcV(l?DJ#5i(zpW>}2Ag$){gL%OdYs9|55oZoBTyXL~5*pOwp{oIj=Hq^YA#Kv4T
zo;lRle)2)DE``9{Y@ysPy*Tln?E%5E&?QnztE~ksy?M!Dj@8ROFs9b}{wl@VVDT`)
ze!Dmm!w7&xqH2p!{|XYW$XkoIQcZ3)^h&$to2KVpjyuM)hLT38+T2X<lN3-|?YFIe
ztdCMK=}8ei7)d11S=LM;M*KeNHQfVVtUzYOP!)lQ##_=K1;Z^`MI#Fx#JH|CahT;$
zg?qTB$ge%KOX_`KE>afdq#ro+(4S@sqx>yV(5kd2FhCu-vsqaS+v`{~VpFD7o0GU=
zQzxf=%lH<f65{1z^gN;q7v6L$jBDpUh$Y;7Xx^s~H;@=4Y^(GjPj=^^$(4s`_T6VB
zB_FkzR?)?xY%L)xv%)#g@iMgUi+4EKa5Mbvybs<z`<fDn#-)5W?^>8h`jB!m?8?hz
z%XZ^=fC<pxeSu(qW)CUaUL0+nK3K#m8$W~*?;TFRf_<I^BgxXE@AE}wJx?dF{VaNT
z#LK&FQ-ZDMUtaI=T360eNb+c&bL_8G3*l&D(Nqlvc6=<+v5B!<fVxYp;`U?OhAr35
zg_yY9ShDeEeKX9;9?T=2wxQnVF<L+uj!(SUQf&oz-5sG6iWu|`+I^~mJ4(u=@v162
zCP+ESRf!4RC{~0W9bqtA?OkV*3I$!4z}<}Jfz`cJW+mlI^qQVh@v&GcJ{naSxs9tm
zVY7o<X{6#kNu+|QM1{-wW(o~1O(lL5LShQdY33Zltv*zCov{)~c<Dh30cT#YwD2<S
zUieZ0XwZ0(;o}s^i1n7-39Fr9e@3@B?bdw3hS7DJ;RZ3j$#rrs@DM%+Wy>k*L74@*
z!hoo$>&ZQ0Z1(ykOOt7&4Eb?$o*&s0Y0bRcvYB`<r?h`)@(IKtU0r(7!&u%K9p2W<
z`^u2!ahdvhZw2h_mn*i;mrR+ad(oPlzR^E4Lj!L4<LUHaMzY8aD7<6LB0;)+(LV}J
zg~O)ri930~IXPqxGyQkuF>gm5l2W$BolHi#+$r=34~*zI<OxM9RN|~$lH?*PSb6(z
zN8Ng@g)g5{cTsBV3!T9A^R{+0nH-YmC@t#B@dnN_=SAP#iA$r&P<l<nhF%l-oYGhz
zH=OM=z)D}G;B1}Rf%jHilr+-G&?)#KB|Cj(uDX%MT&dg&ucso`yn4Q5?hrDU+8wjK
zI5{I_Y}I8R`fLWFw7&b66AZ|K?}uBLZ=QET{*0HEB)v@(gk*$*u5Q`=-q`z5DTB)D
z`JRdk-u}Ki%|0<Atxn(b*)4FQ-pDxOuD!S(nE+sQXt^`?3^X@-CUL~wHC9cqHzOLJ
z$!HX;W0#AGq0=wI9GaHr9r~t8_)^vh`=WT`y-Dsto4~`i9d(oljjHeHtJjTg*Rfgp
zDh40)#{#guMS$t^9kyf-f8X%>^jus4kIo3&{tNL)DbGW@FEN?dv)Lw6qSD+L?Adz&
zTdM|&?uI_elf$Vk|H8q}Jv6kgLE6R@K8ITob`?>_Bq^7^O)VwHp=?-{y0A^ESe8i(
zy{s28kDPI9prhP1+|#3o<Tg)ND9Q6#YSXYe1{PQ)>@M)0=b7yMc?mb`l1&lK4p=Fw
zUfBG=pbbYSg91S%gB9mg-MmQ1wTXGB3O{yWZT9Qz^xmuP{vo8Znk+jnv@1jut<y|Y
zms%_F2;=Yi+2T>#R_RkzOYHgchw-e5@8`dqkw|mDv|vtjqY=zu9C+klr6hERwOplG
zd&&CctBPzn52{Zy6oTcoZ8*{Pb50u0jW%6bT7_SD$8Jg4p3S>KP`vYz=$14GQ<+Ow
zJfQX{mdfkCC(~wk0$o6mH$V4T%~Thvuy@*Se%G>dUkzN560#o1Vr+dK9`&JyJIzA2
zBe=u3PcYPqTeG+So<n(Gn1oT>%WgD@QePM1T$<1}OKAsI3h64kH~RN-1ypu@aNmrq
zs81InMf=7fC}`dgo+&~8FiE}}!HIc4sJ#-{)0`J5$R>Dv%PwCWE9%~8MD6=A$)^!r
z(c>?)Y&9&WsV~3em}}71@5;0n?<i$d$kDuGl?}}IA-V;KvCxQXt$rqO8*0Pkur4vy
zMr_$@zkA?-#9^?8qw;w#4WYpN9QswlSC<5?_^l0hmOlWhJpzlICyb^z&}Bj`xF;4Q
z0n+`<Tk-7Q(g{q1lZU19{p!8hZ%>6kdAwke;!k@kfv?xkvjgjp?Ne4?RmYT8A0o4F
zq^K6X?O5Gp);U4pk!t1|1dnVQ$J}dQ(p_EDQtvHFL>)Y~TIlFmQyLD(zeKN|^+byC
z>XgwVbvN2PV)5cFn~v0`!ZjXUKTHN~u6CgNL0w6)C?lSot$W>-QiSQ5GcJv|chTn2
z+1f*m1}-VBfA!(ZKQ~8x_Q?X*<H;3Ddi&+vw-T4tV%;jvAa*vsPqFD>Zm(SxJbN`r
zrk?*kWuH>Gs)GjQ6peU3*B~*GfX1fUj$QLkc%uSZ<}{<p>{|JXARfI|Gxq!tg7eoB
zfbwND>80nNSf?L8^Hb}3_)^U~3SVK6XIOCIbFNA6u!VDFBvS+X<w}J&98ru4Z$i34
zbZrsODL!*fE^J74P9x3bbLuMAMN`Nc94oOKt29dzuAuk-<SiLH-F91VBY~Ziq3gor
zx(w$wKBoaQFZwXC@d4pSC*NdzBNM>gu@&HcfNXgY>7Kkm?zVF7h(4u@iL5iagjK*p
z#o9|%$XVg465sTKqKGs@L-)AP*kwF(yLwJfo9kOtLZNs}FjdmFUUU;*fU&DF0W2pn
zKz8ywVkm7(a_~*f;j}w22K55BP9wj$Ag7gYpOG3#-*Ux;#mUoZbUz?o*JF%ZFn9L=
zBtCnJyrfsJU+N>%V5no*!@F}}rqdPbJ1~Z9nr^Gg6#F#WJ?^$66D-ZWQ+CIsT^_%m
zs!L>M2PGPJnp9cjzH?GyXK{^u5olDN+7I@(@9Ju9EZ!@={_>?Nvo&?EmHiM!7t8a@
zcN(Hs`B&_2TD^^JTElh{t7&jQq!jP$1nzfy7dI`Qd-Gaxhu$icy!crr!BgJ)@J6mi
zne(2q^aM)5F{4lAUfWjjrsSL(y>!17Ho)a=j;t7s&Onr25;}tKGBt<4)+@%#v1>#@
znI!%$8tEY~kZ*kO-jAp1m0W$QWmpQv(0Sp2f`igCeU)eq0LQffgWg?L)!bUyz6|jH
z14&6=9PInW<O?D!uhjNTaG1=q)nqFU&k<}_T#~=xk~i*yQE!r@UNBWX_l5EdBAc`o
zK}xC3ik#~{@wxc!^MoVA6`Z}2+FcK?^z1vBQE0yTz(LR~l9~26o{O*yF93}}QQrP@
zrQA*NzUVbxPuQ#&r<_ZD&I?^OkM_4>fL(S*vXJSkWnbQPd)}zB>wa6XA#d)+Ty4vI
zDw5iX4<6Hpn(@22PEXB^m1ugTqJsj1uBr5gyzj#`FI(BqVg&Sck}Y_+Y*-pL?bX(3
zRS!x+yDYBEbH~<kve0^j=Iy+fo}Im#w;>!zkTBxeYK>0yb#$h!@&;<IYgU1D6YxP`
z<)hmnnk-%7C^HXzbV+6MhJtD5>Rn!%$CrQv;xkN6H?|T#=(f^SQd97a1&vlBPLJR|
z=|RmYRT;3Pf8c?LvqqtO)~(7br!zog^+l%2&gMJa5ShW3f?d(}oNQa7@6-B+Df%r!
z>TV8SA0iUJul;z+-}`Ipki~#yHvuEiL~j;SFPtyslvP=!?DC{HTuHV|;$SC>c0t*!
z(yHRN%xtD{AR9jHbE|{_^Q}^ad50LnUJh^dn-9wzdvdN#J6*4ST6=N5^_kz|FzIZh
zMU{e(i?oO=%x69+=T4O6C5JqwJo?Gk*F4fJ0?fXAIT+B6THkCqN2rhBU)H-82uv0{
zFuAhHyn<qev~SJ$@RpQTir--?x#jk_=w?LCz7}gq@E+s6QifM3&D)9WI#cnJW0`Mj
z9(aelPg6yYyN`1}r+gV!F#DO{3~D%8AT3?XT+*s6hJ4(oWGj<RWu{ekMAMSny<X&2
ztR7=_yJDVg!#k^FS>ph(y%F26QwCJV9?k@ech)WupDX<)zq`k3LAt^8e(q&epBsM4
z<3|>f6ZT3<gWb%}5jpWj>rBRbx9CO;vg;&^)fX5-i?y;C77=@8T&OQ1)1g0-9Xreo
zrC`3hW>SJzFttfetK^lK%WNIV+`eQ-Bfft#uav2cP45~rVeUhfUGldbzU!qVzN0y9
zQa<rUXp+Lu%9%$V`Y;EInb+=+&0REeh5uYG8@!D$f=I%_#LLUg#>-C5&B4UN%>(_#
z#>U3P$;-jQ8!KXhKpabY6#*@F)dYbX;9+6;kC0mj7;?K@fnBqxF<<3X;V$ImjoHLB
z!1}}&m$uTo5aluda2t;o_aT{7_$LYcArog=Y?g4AH1%+K^-GH@g&%PwF_)bY4_p}I
zw(7Jzs@!k53)#$G2+;VV<RRUWGO@fT!aM5|-bw0fI_x&t(0v~0dN`qsphRz4qC9%#
z(4BYRb$g3qY}v;s)PC-h5-NQ>cAYD(TcEM~;ZE~pbFtz6b~Avf5qCG?WmS^@UMZ_6
zso%8RBFEP<U(D-q?=Dc(Di?XlQuQj)!3N2^I_wm~+it!Vi;yMGwCX`&ss6-0U6bf7
zGvTPKud00b<RQ&<K!!SQosYu@XVp@||D2c|C)#svADR1c5ihKCdT!651imaW5k(se
zlxZorq{R|EZGk6hEv{D2c3WlSb#_DNMJzR)Iv@Li92r$n&%BnZCpk)})!1qb9}-G4
zC&$<?G7&p4etBk3o<yPiii(?=;4&LBAxE}fh@WmNq2bUI-N%6Fd|t=^+Y9B9O*_mR
zLWaDL&$mA!zpQkAr<4MniaX83mGY&xmxa8=2)^UT9fVZvat{43H^IrQT1Z+u=;Fr$
z(U?#$6Ng_*TygUB%2p7@-KxTleqzADW`^9_Pxo-_(HD#<zS6H)j(t1WsiMf}3MI&L
zEd>}_lodqOy_c1MB#aRB!Y;3Xq-9)3QRbj_BCm_jY7gD9BF@DZc2utR$N5|qo{_0<
zURf(^2&;A9-#%!dJ##IkAb?pB{4w66NZW8WH|V@5J%zU(u1@=_nde(Jj=Qk!oheQH
z<+t03xOvyZJzNA|9K0G1qv7aEi-~sYyGv>uKvI=B79`El36NV5bgybid7An>L&Wmw
z_F}lBof&qxJEE8(7<H$|i?`H&XjZYsd_lz^ODKP$_vZO$VR5@eNNYmjo&?W4l6K#%
z+*%O=kY&&Eo2clk*58O1E}r0{l`1I<Cr88zj`G$irVc78r3z<9LeJ~+ds>rsan9)x
zy|6#iy^f?3yi&k$&Qidfp*L+-G)+Q_!<<QF{GD~&vZZ>{#I<slWEaPxDpP$7gR<t8
zp7KE#ImKD4?IiWE_A7Jl$xRBzcZ+t}$&6xD^l9`z7)7}Id=GGqn+wsQjiN2(UR55m
z?G#_LKa4L^w_Z4ydttzNan+8#>QeBPcA-VX=X;@@t5s3}KvC4WnDmw6vHkGZhBKaT
zH~UOH43g2r`hBqc?m8e#giMK!I;x9XUT?y^twUK@#kF*+iR1C@3@4S#_tm4W8&gT>
znhL_~SP6pdKDii}P2ywP-#3vI*nRPsSjM@|e5B%RB0sa%)1`?#Bs+&xSkr_t8vboe
z38Cu4HUpu9V&LIbN5OMZse0YXZXpe`Jr0+1R9=_9(I<>=Fv2`fh%9gI$Ia#>LWXlD
ztW2<qbC*Zxj7MKly6)zxRF$E>T&RvZR@*Ik|BKjdcl>;-{h8(Enma>QYXzmZ9DMYu
zLR{4-=ssSwd4nHzhALEyE{1f#A~>bvi48Z?WQ+^y8P7-{fRsr(Wl)rxDp8HM1UJ(z
zJJGHP;H%5$N1eQ0Ubv#KKryNN{Wcm3y1V9wGc)fK=iHduKKN2Fn5$aRGEB+RS&Xo!
zez{{UB+OzPGIz;}0*IwKfB#u|NHVfiGkNNSebG~F{pfaA1_^cEtJqNtPAx@~U!Jn*
zS7iph63z1@1p?N)P(!bF;?u=>@}<7vwgX7KFj(HnD1Er~emeUMuVN~)mK!>6>C=>3
zA)H}%%o;6vtnHs~p%Y%WAFCAcCqu#4H|A?xl&h{dD~=ReVw=h;QqnDgTIMrf{nYEi
zw$6oMkITvUQfC_w&docyjMETniwNJz{X~ZxlPogfVEq^{^7jkAd`ph8?Sh2lg9%rH
zZ&)meA6RY0zV#AgMfQ&hp&8KS#N%nhYA1p*Jfo;*6Dc>V<F3+~R$z!&%U5cD5oVT9
zEPK~$uG~!>uZoo(Bw8kpCzo!4fwvS0+uLHEq8dj`BrVqrW<wX`n>f?_?)sDF8cxLC
zqH~?xv`dM10OW4LQtTo8{pa~Q+Ye-;>jqv&-Vt-z@I={Kc}MEpX-syto)Z;$FB1<>
zMo8Of{(Q=le*3AjiS7xx7Z9FlBeprx1<O?5Cmemd^G?I)?EQ9w{44%N+pPC9YSH;V
z(yz1D+7+AJMN6&AF1bp;={8$|SZ323ZJ}TGs+aw#`sGJ})c6}5PUg`pj@vIj1BRU3
z!u%am-HEKu__oBA9pCeHtP_z4e6+8lC}_{~;u#>$cIr~z;Lzl=uX@=v;B7=gRfNxo
zJF}ADJY(stNX*1YWwaQHe|RuSRtwvdJ(nUUevV3K(GbsDG%02+``kS;MZKGeE=0w(
z8dWp7=bR=O0bi|GHO2QtOiJz*x^qwTkqRf+$DmyB4$E`R8)ZN1#BJD4z4v7%UHCQ{
zOR%#D@#Wm}+Bq9OAIl$7TQjHTc@0rq*F(q^yY7h;#d-BhLsJ`*!&yU2TV3>~j8~XW
zJ@`K1tN2@8gnjyfdzAW?VZtv<cptWSB?qXytk922*Srj*p1<mIHi>4Tdl+`DhoaI$
zPL^YW3G1Rnep17YV($w9DAEr+C|)ef;k>O#W=ENzc<-JQeT#v({*jm<q9wY1$^6Y;
zeEIwlkxs%_p83;w)TG5ZHME}vKDR#9j+w5S4aN0Zi9A1r#fcd)<<i7x>FwyOxrWHq
z`zr5S0OybxC4e`+;IlYSK_`GQHX3SpMUxZLWimK&R(IlRR)2-mLriySRMfd|ctdv2
z__!$&$QiZw<iCj_ikI0)zE5AZ+_`Vl?j%c#8nJd(;yt}u$cJ$Yt!Iq<5j{C|r4_8%
zM)Zb*#f%;KSw+$IlUw1`q?Tt`T`9#smfY35PM7@bgTM=*h%*+A@vEOy(MYjRnDRnU
z81r3C!hi*DY30pNcW63FE)nw$usgNMp^p%L{6KlHY}n;q7GaLNJDp~&<0F@MEB1`C
zGOVr~xylT<q2GvNyft2ZyQ9fRI?m4T>0eSZeks>4?<vx!3x&m~zBm|Ez4Ts@69k`>
z^%W7HMSZ`nxd4>L)=59ljZ$okjx1Dh=eS%me7l@cdkJ4`KB!asaY^1XXJ`q-(i7pN
zrniC}&zC=&6U)6cy6kzttYoY9wbIyY3i%##wlxV7sqF)mHc?qT?wz6U$<eTH+ukuN
z{9>s4PkhO<@GiXlN=M%-K;UOoUDBKUI3j?F?xC#y<GE*+U~C-GOy%tSS2yg>7z&w{
zEU3lRmQ9jd<ZDY;*c%i_cl2D&0XZ%GiR9^5#&yf_-7mo2tbKm*Ubcb#W~0J$vaQjT
zeeV2%Cu^lS8<7e|sN(kqaUA__XCy6}YT;O?rB>b-wv6HUj(9I67(`7-a%q^=7R<jr
zBP@kTG8bfr?FD>$n;pO5bS8f^QkE?iC7S(9|Jz;BQklHyvN;>gDPcJ|?pxlm0ip9W
z?9^E>=|&XOiPgNw_bj1f5vtd;l;^AF2ynLW^p~^sMt7#`DBqXr^EA~3Z&D@BUcWZT
z|Eh-NfpYEeQ*^|R&UC9YWI2q_=&{PKZRySKy)to+XC?FiOz-DN$tIKO+*sw@mWoN5
z8=wk*-uAh0*RP$^ZZU~3-A(-Cu4lsdc<*vO#&+gop|e)Z^UV2%mLzcrK*Xgy3LyB*
zg#iOJdk#Yi5!=?vCakaoqs(V1aTU8=coSo0raN3tb-GsW75A#wG-l2PUv|j|^SN=c
zz1g5_Lu=N46>m+&=+ZOe+xDXO;>D^xcbTOD<n5z(>3wSiegqPBCLR`6E;crDR(2L9
z7It<XPF`|uc2*{KUN9;pf{buE*4h?9`7#R=7dHnBNXEm$#LCLS%gRB{#lgeG#?8X>
zgNh&)(++`;gqxd*lY@%`q~&H|Vq@WC<KQCa<l<yv<zQ!vz0HF_66<A$pmc?UiGz)u
zorR5@larH)3!ILXiyWMRiG_`Yl_hq?9Z@M3%NB_t*1{e^fav%(oFxwj7b`0#IXe$8
z6BldjTYH3;02dqYf4<}skKDgfwgPi+6hy)5m~=!%MaiD(3spvPOzpex!%uQW#~ks7
z_osjZ&j4pTXP5gp52c<sNn^HFblH@%*zQ&%?gpR{rWW6n-&1_rb-6Qlb{&`e%}qj2
zF(8Gzhi$Rsm8sn$dU0WHEn(!he(4GTeZ0D|-3^bOS1y%1##3`TwDB{esYz!Z8WJap
ze5Ej4tu^rc#6N;C)mw1*X|(sIZO*Rcr49{k-#Fo`y~x+C_RP~r?D@!h9e|}b@?XEH
zo9~W$O5EkL2hnsW^&!n8=jzj+*_sDZJls$+>^~!Bcw6$bhIc(a85O3CH=Wx{3&2_O
z((v%7yq@*07d<WMsCe9gXeLq-_7*q$`CeIi1zo$!Zz1K$E0?AkLxe6PB5B+UvmL;w
zaC<GYkkTzh$NqSJ!Mb~(kG{l7;4zY6!vlobkiK}&%$YVHRsD?iRz&y1wUNi<W18U|
z^Dntd^RLMSBM#vyl%;TWc|O>fs&odJTWRhua|;>RV^-$Xj9DPpYb!K8qB3~Z6E>fx
zO*U!gcCJ>gjC%@Zh4-pq=)hCfJB_jblX`yGT~3n8hHwf5l-VVJO6P|D(YxZ4Hk~${
zrQ^s0p7xi;<(U{C5nu5A!dhTajLqreoNS00oS?&y6xkBaU`P2lTjM6nsxhxJ5N#Mp
zghmr3);bqgT~*<7@I}5+Zp^B*a*UW<-Zp_DEu9@v&7}DZ0?x7_RWU4)SBpI7A?8h{
zAxXVgVH^z}qxj!l(L<y4tx!o}3S^|wLhc+!6FwgPx`fMV9Xkoavm|O!><d$O)Vq5)
zrsa&^P-Ls1=FRu#%y-n*0xPp>fSQuTj-PUgk*o4EG(|_U!}9fV+Bp8#Yy98ivTQGp
zAoyn;=n+SrSC7=v%PQT(ZaVaH#vbfkyyIS9DLd6c{QOWbZ?R`=%T};TsEMeDo`_eB
zm&iF(vh%E4sgCq&<gl4uqc&?R|L2R*1Vqir2fbTa_q?er5?~VK5gg;JHo%!EBkfcY
z`g&J9Cv3l~XkBl%9&dyH>ybo|R-{A9qeGP|sVFgw(TTxUbhn<Lb3RWo4h(*8q^gPI
z_2H-yB9d-x9apw+j7j9vbEgZ9YIsD06=jN{q>LS!V5d<@j7lfo_^L(80!7*9*|c=o
zP>bDJGJEiAw4vk{W^QZuTOS~%7WV(xdgmZdf~H+`$2;D!ZQHhO+cP^he#0Hxwr$(C
zZQH){zTY`F&WU^f=#K7)?Ci>}?yRcLC!c(|l-usS^iSKR5||t)AzgZ&?y}~{vtwq=
z67qRc{w9-%9f@jDMtkRTPS(f#PH-lBDNK!qHd1#kf4CmvWqP=r(|s?A{^Gf4*1Nj&
zwlhnIjNW5fukHBCs(w?fjrNLR6xA`F%?hmdm-Q0VW@F#J-Qt^eQ_`nzoaY7j6$$H|
zv+?i-8%nR{r}Eu>leiqTIBwrK>=I*j>zB)&d%b@FF;EXzvYJjloGEuj8|yr+sbzrB
zVZI19UpE(P!D5nfq?oht>5(07r~w5>Mx(=HM+%z=fyGS~Yc9Z=EER~p<8AKMEsf&R
zS{>?*tzl{=M4h7%=noL}99aX%wJ?;^@==K=m&F2!D2U}9gw-bt?k~;(U0?6v)#XSi
z4F&SI({y?;pk*(>TFxY7n8A2l{{I+}fli1aJ)(v-l7qdq_<kiym9G&{sr4yUM}&{8
z$`V%c@#bKx8n>zEVRaWNzIWXwhq8#>t1nEfm~)0PrA03~2{Ojx{JH~7K^o`b5>0ap
zc)+G5FsN55?<>N+eB{b?&EPfj@^wQ{{UjbuRP9kMcZ#OV@rHeGvAwOiwf-R!S;&oW
zUCPwoG_a<k*o-qqF2SZe10fJ{C-B^|{VPPEPG#tw;GcgmB~MvMdXuU$@_DwN439-a
zMUAYkrEdc=j=>2xB|Q#E)+oH@#`Xf@UIG|sW};D^XG2R<HaVIGf{bYyk#t!M2=a7#
zt-0~-;q@)k&c-;V`?`$Mcnn)~=LYk!J4$kGDjRq=s=t4O8l2yNR)M+NLoQcn`l9To
z?!0w9tIrw`HgQLNVfw*^G$O$et<MU|@G=H7oC)&hlQ?r^q7edK*)0^L6K1%~5>qVE
z7+JE<(CL)MQKM3s8}S7XP$XDj(?~EVX<N(%ghkV_BV2NIHQRt~CC3w1O)@1N`x8Dz
zWtP->EYeT&yMIZ*@1AcT=AIgi^}Dv+?bI^yTKhhK^YAcQ1}50+Nr2=y#Bb4D+LG-S
zLuq8`&)56<(~SX+S@!w_nm`qTtWu@u3)T1ya6*?S-anpXknY!qVNrD}UDm2plAbWj
zF=>~FeD1R~<AYBD3oW_b+o5XJ{WwZWHF8Ux;E90tJD<wesJtK)nEXmBIBDpSTpyp`
zG{dXAlE|)sgaB^6)5r1T>#fgxj;S&bm8*KHn|+S6em}t2%ZuP%9Ot|F6qq_*ixs+|
z-7hOoprwATkN{V*e2#t3nA;II7Du3MmqVZ3mr`-)VRESWc6AxIK}`k2gp)DeS&C8R
z_#IpxM1JyC4w^&kMlv46-*{BSY<;-<@++=cUpx=`OB3)J(}!RsalgGap#DXV6JZRo
zwz3o?FiZn>Sx{&_qu?^{A5GwkwH=8^tqKt(j%G26T`IlBXE`1CM!YMpVlAskg8!be
zy>=WmR*&~Ts}v6YWi@@ftrGlY@%>bBBi~rOB9Iy@iYLPvmaTe8VnV)#Ui^q1DMYrb
zO425@E3KF*Syf{0x<7B%nh_GPmShBx`BWDtuS^D@nnNWE*r8MSL<3oRHI8?Dc=gFw
zK&7mi=wYq|&UQRuhYo*QsO4nHAWT~o;B|)Fq87`U_Gt%>LxCazD{SnWp&l+q1L($K
zsK8;Y4RDIBzL%YtoSz<T@mG`!sf`3Vy}+K;JD;-v13-xAS}3qUi>LhMYE~Sn7;p@z
zXxjlhX`4n*>^8Fn3t-Wy6stvocCwQukDu_{pASbx(c6x6vtmIL{%6QmPU;LScd!vt
z9ZqXjiP)X~v!qN)OtLCFmX>)yT@wqkJ%*bLX`$sss>wT(4zmjpvBr6ET6gnM6!*z*
zy+!}D8H~gUYqES$VsW@4e$}7AWVV@7b-4k)F3-~eIBLJ$>1Ei{8Yo0LO8oOdD}y46
z?|~fC4?ZNy0)DZ4VsT7iQ#q2bsU2x@By>7*nz$z$Hmy$eF=X$ckq95lTH_)AJ=U!`
zoB*EJ9SCL-$Ljqx<Ii2zQ;$WEdcWgMR3l7|u-69lI4eh1Am_0(qfUOe_8FRd`%VlP
zZl^pKQE|@lf#?P}NJezY?pK7T1Tj979G*QPo{6(`Go^`@U$CJZycpQKEXP`25;r+7
zI)0q*KxYIY3z(dH0V}sf+b5NrkO>#QlbeNxxpOMN$=N2AtQeJ`i>A_*NHJjOIMC1w
zyfdpixvCfI$MTJl#lAI+0={?v7EERog8fW<KFpW3<TU#+3Z@qFGHLXV#A%Q9dii*L
zy0&19HR8jRBz*u5ai+KV(~o^W472In;1~0cXc}u7nbUf%Al0|HE|UBDF~zV3NhM0#
zUxNlW&H1jeQ!~S8BZ+VK-#{S>l)L`}*^2f7dIGSr{9hB!PIW2Uebzr+?>~Q)`BN~u
zAVGmK3r?!gc-+oePiQ@AGTjt%)_)*e@J`~l3~_}kkp62mB(eRwZ2j&~TshY$bJ@$}
z9q?0US2s3~4ZyoFGh_-8xN{HxeB`JO1Al;9>tHku&nH61Gtj~@Vc>~~08uKis`sy!
zHoeczuyY;xJ|OmMPGO3mUj5Ec<dwne=j!rv9H^77uXfHk(SFs-bLPtBp_~g~bp*kf
zEthRo&JcZYdYhN((Hh!*BwFW>FPvU$s}2Z+8O~EKEc;;M6y`oR3+a%OX+$lc#FXF4
zA5O(=M6KJgD?ez&H5QR}z*0Vc{L9%dV2RW<u_08-+P?#32vVXjeGvGKuElIf$Z~W-
z2-E2CiTZ5K^s8`MnG?~qzow!?s=ptmJgR|dl7{kykepnf<ru?zv61xsuL<|oFQEj;
zO~Pw+8;6Ss!e?m_63?3&hTop$T+^Qe-8{9uTY+LAe)$9C{DRRa18mJt*PFGmiL3Ew
z@2jUVeWGj~xNF)HZ}J_PwfD#!zIL#-rSif&+$LWg*2v{0!)k408%et5M2f6A!NXd0
zoawB0N2qNHSKu-7rJHcc)>x6=Z)|b>b6++`vTd^U;Ei(DVvu{ttLJUaV)t>>_hP!@
z*j#+)(17Z$6FZ810lY>ePVyBqO}vjlUU6WFAKRl_7p<Tozdp+}L+Z^g*M8@(SJBnE
zfDwwW_paspk^Nik$<tpvvHMkDfd3i;wv|oE0$d&(1J4;bI+V;Mz;hDIIQ5&PFi+iz
z<|I^k*|izZNB4WkYlY?H7IXRhLT(XoX;-a{7q$)8#tT8@1|Tqi8)8mCUdF(A_Ok%4
z|A(!8fI8Zto>EHa;euK8%;x<E{SQSZ7pI|IEo;@vVIm2-Ffn`tv|~!hA3Si8j}{Y+
z9!sf;$oaHlpioWn%Mu@SGNN*seAUP`#<OLUd?~w$VxlGoRy+pW9*iO{;lM2qi$W&w
zjQN8^v%6Si0f1nA-kZ5JmGtj)wK&UIb78*9<>qU)$q>8c^YpBT-@2*3lDP$UeFGTv
z?E8APq|}qj!`g9!TnLSRWOW}m=fTr>*Xh(_PnJILNFGjXJm9&7@tR70V9H#UD6miV
zkf~4M9}{~p)RXGkY3`=kpNLI|-Vr+5^${Mf_5<*YzX3UMqd}`V1zXJGJ;YW^^v%<=
zE^Heh<GLjCr$o?J5oS>CB+&I0n*B#rK@0KTGP0J19(}5Qi;r2OLoY=UJ(PL=RJ*)Q
zHxo>6%%ICq1v|;{of<5vNT#LCf_SL1BpH(Hmeaa%$KsNbvydvk#{z=QnH8VI*cELd
zkR3}|;sHyN`Ci7QcLG#g;JWYuHVmBR!w#@g`9h=jFbNW~H>9ZQNR~hj6R1jO55OJ2
zkr;XSa3+cw5nmi^^O4O=W&)bMcYDyn4uGMaR;78ycLueerRRf8t7>=}4DSIB7ki*c
zVmg$aNYxh5yWzLl3iXPL?0DAJ^I{%dUk~HM(|~m6aLcvcf^&RzvlJz$q9??{bVk0?
z{UQO%<ix>;tr0M>t;x-r2rbh^=vt=9^9!(vJa<1{&VQ%3QwhbTFLYZZ>A^DX>6q(B
zZFJ)csO~(BNcA#XnuYa0{Qad)l91nrxR!<Zi$eD^vB3BqGlvu0Bx<m%T4N2jBfKd*
zR{)bO)w!h6+Ps3yG}18ztR^vyej>(juEyyxiu$5@`{5ghj^X9%V~T2U<My0*>g$sr
zF@}50+@s0DjuUalYjhksIqP|6m)^4FwG>At+*JJNUoub2XNBqnk6P&;-jdaZGS>e}
zVmVrOKM@`=1xh{?88mIZ^L#|uVS3Z1ViZImzz|LQvDXMvbEecB)6`1{;<j2oY;`l#
zMG3p4xgEr?_^Le2e3WYg<`;s_;YzWJkEGf+d^18)^sossArZ+p;0=oz*n!lh4DRvZ
z5&B{N$G7tY0X+g3>Dm7;=YEN^9(CAs`RNsu4I*6r4u%dhgD;XM1HydTlumlmAJHD)
zlp@hC;rr!7p@Alu6y-hTmM+Cs&(vfRMo1AxNHS)C6qF5*@lhLxV3j%Rkd`fLE0=&S
zvfKSjfhTZTujhI_o_>IRFfuEHcuv!F6JVS|5}`nwBmX<E;Ln2eb~i^Suea;nV<ggm
zyk$iy`hEuaQG*Juzs%S1yR97E6?*P`GhYU7PHrK^M?UckQksb}ViohEyaIwKNbDh;
z9i@W4$Uhd0C46<sihTabhOW|(w;e%D?qlkaD49(UfdX45=>$fSG_E3<3*d*E2f&{V
z?o9T~f^K>`r|ql^_UwY<b-v!ttRp1tluX?IMUoN4;9|hN#2fT4Q_vgu<y*I3c=}-Y
z3$ksoyJos49^4vvas0kx9|t>$Kv&D~5o9UD@zR#Z1fW$^e>6dtxoiE${`gU@lyOq6
zkneJC@Z>6P=bZC4ET)UalKUw(c>oTC#~;+s9;7f3P*rSjnHIfubMnn;69eZ)3@9F@
z1@Q8}$mPI@68dIPk0tx_!G-3$2b`6!3jbQ<2&g`c_6gmK>+{>w6WARWFwDU2;+-X}
zG6i}<x)s;PrBU7rYq!9ZeSbEf^VNV@zrk~N1a1TR%wM@zN<J8|LUEPf1OPMo`VkP{
zCyS7r(!aNjX33AmKmw@JVCbkxGfd{oi|50)KThYX`8;94_ZRz5)3JV`Gy^hqJGlcS
z{7_<L?@{NEv%T&X)w=0YUN$Q`TEVb}B6I1f)O%@|fVarmJcy2Wu{^23SFY%O5dFGa
zQEk}ib3)ce7#$pOtRiBz%m6HdcG0DMm#Gnco0GJEKn*Y8+77^uXaTAH=WFBLUaz-k
z-BfL)6P3P4L3g@-3yQuznifJt8?G^Qu&_QOzyUYVq>8DBydBTe)~(OZzm~Q(`U=1*
z{l$z*>QJ!}_1<X>Ls<@Bmb(ce90zu4dGI43+k;!hX!wM~HtuM9@Bv|n*c12A+WyOs
zK0*=N{U>bNOv_`p<9t3(k7#tU*dY5^g9x6nj}v>M^T61k6s<^J<<Rj3+-iRP99!M1
zy}2>;%j)tqiA4?A4&F^xG-qoA<(rlp>U)94iq>}_o{RXM4|xT(%SP9Ro7xr;T4$gu
z!Rp_%F3?(S@cks6&j6d66_ajn=Q(P4I+M_XBzqPMXxdDuF1BY`;6!}VYrmghi?kmq
zm?r*-)W^>FNl%ttv+0es!sCq2Z-~L)Kre%Q*er@vDWefbP@E$Ip!c`kRjFp-G5EMZ
z@KR7k5UAx>bIdb~JdD6?C4Op=1yG{}B>99Y$`GN_+I_L2WdNFMFOF<9bb`MaFyJ@c
zsPUtjeo+e<WX_#JXYn_}Yklvn8%Aq$f8ZWEHPTmlknZpG1N&`iL{yj}Fko<6H_UWl
z884aVf+okj88TKXdgOnJp?P6$XA9HUBogQborIA_TbJ+W=7%mJTaT(v-wTl_vA0Mo
zpggqrUTqb*(g0rf3yMG^H1W!BWJ+1QaV(wRyb6P-ldU_of8_$9Gxlbz>C)0mo30Qg
zLpNER(4pmcOsmu0+-65Hpm3Lt3XCA<(}`f~mE7JYjiE`IN3kk6yD|E#{J@oo0z!iZ
z$>@qnVvtfrWVAv5S+H(Q@a}}?=07ti5wVIy*cllTzysDW{LuxG27SPcdaFWp*ZM`A
zS}9ZrJ`hSx&;^S~%|eZp2%JlY^Oc4Bf>&fknBpS9w~2pThCjX=)LZYMzTGUv5UkuU
zeY8D!Ij0z&FKI#f{@h|@H;J=W0`mY16#uCHQ7hn7gG{6TQ3e|`;7NjF{Sn%~$KExc
z032(q6hJS!nd)uVxd&-dC!xbqz=#GjLnMX0tWWYD!KU<sj@k7eOELQ{{;L3is#5Cd
zRg}aLlP)0!?`v<YSDh19Gqz6q%=RkAzjB1lS}2%~BlcoyRjO6tLjFRJep}0*Sr7Sf
zxM9Wh3(6O<qG-t5e54H^&po3i(q4}9W^5Gau>jt>#)02PiPq-o?IYLHY*ny~J=gfM
z{D1y7nHM{1q^`_k$s&<}(sb6Efz1ptaG-7KY6Mm?U^}l>S9BP?ySngLS6Z5>ePfdc
zBSo$(Ss5kz`Yyl@B>9P%Wir$3@to^g5ah<)n0Hc50%bl{WL>B?p!uWFz_r9l&*y~|
zJp$TpI%XE?c{UXY(WKNPi5rGC=G)}OW;>>mE!ybrwQ?p0sWcnhhwE*~5{8(pUJfri
zYCI=2!E>W>F*RoVpkB-xq&0@ORiW}Cl>BXf4(?z)jXyeNg!sNhAF~hu?SClSYuIS_
z^>F&EBaQz4)-Xs@Sd-yBQB$PHqrv=!00_z;35liq?#y1pA4pPv+^1)a^YX|f*Ep8V
ziM(`P+${g{jotyl)&|CS%>&7R4eTE`ndi{8@j7nK0{M+}n>n`p@pOzh;O{D3L9fW;
ziPzZM0A*PHyLEy60CU+LZ|(C<h^v^z&thTa{8`}^J9)37bwUl|qEPn~A@W(h8Nf|k
z1*x>uGqEsYc1SQ<KXEc5O%f;b4C7^t_3<7#CE-{V_GJ;)$vE9fQ=sdG>KW?#v5W9E
znBR7Ibd;pkjcpNOC#!B*3gysx*!FFyhRug|*5(sc@>zzxTL4ReEkpD<ff+=!q&q=w
zgf*(CWf!3?d1bO9B<1&uu$U0+5}>E@j_CRrGd7MAr|OBl=%aQQT}HF_X|(OnW*n)$
zP!44ftq1SUPdzPCmu?grG#X?17t=$}>tnV!yZgft0}irqT5ZISKfy)4EQKlnMeL+7
zKOQSY9|eT2h@hB@(^0x9$!4uU<vGAjkZz0!iOXIZUyS{*R*-*qC2oR*81O**+`c78
zwjU4Qq8PF7VAs`i9;i`9@m#p$NL?8At4W1IT?AGC7>V-v{Ub>LKilru;gn5Yc>q!C
zU<VbNAbCz2k1`X1tK?<Y49spn%`hQQKCM3}wF!fS8ebK+d~d?l0w%PC>X_r@$(D+_
zP*ftg1{t*91QO!um}bAi1TdkM)Th+#yd(36W(q|O(dQE=X0h@PTD6F`eA7@{JpmHM
z&_vL%Z!9n@obge3jV5C|`Y_vt`W@8l1>Vp)uORzotsexBI{)Sq|CItlf-(D?e-mMU
zbA{dZnC$obJR~G^pl^K9Ablk<JFKH-VnkLx?bM)outcGEY-VbKHh_Vq5MfPn>V$<$
z+RdzFE0V%05M{!<6SdTBm)vfp<NEpmIrJgU3e}9Yj~I_kLLsMdd~DiwiFv<jV9Wq@
z<apR8HtM1IUC6T4*j<u%e<Yv1Ld;({kGX$Jd2G6o<xxWJtfVlhY@m}sVUrlgc^q4q
zC_%iCWL!9yxigq>62OCaBIR|<$To~r9Dz=H!I;%0kl9fjUpI2J2z8yrN79o$*A;mn
zr=xJ#0nM5LO^(rGEFF-lyv8$5A|yW5YK)0J=0;kzcTPxfk#R*^*EsdZ5*7GEvU!$!
zZEZY$e3{4t<p37N3WX$>gP)O5<PXe*6*t}Ty=Cjy<>?^a6~O1?cJg^!<{rKn?b~!7
z{@xYMKmsamDaooaNfqIoX&3AY*VJpMCBeH>)R|uc@{m`~eJ}2}ZoH3uVq~r_3cp0f
zXO=#!L9KBMg>2CFFQ<ivlJ<_N#RJIw<vV6`FB-@hBXZ_Ev8_YrDpEO3bQ*16vjx_|
z-V&xwqU$?OH9&l^KE0Je0=<e7;(<^klg{GL)d+16vNXAZjI@;V;bC~?hMHki)FocE
zorQ3}(Yc3B@gc=3bk?_cYYKj^6brt57d^@hgA!#{s9%QbPbdc!o1m&u!sOU%*tbJ|
z!nnjnsa-q`(wmm|&DVuf?S75zcNn@Ny<uGBF(}op1JL?YDxu`YX{(f({#=R<UXea9
zt%xvK4gS@GF>0dZrfF|MG|XAa4cnACF{=rO2s0XBIM-xS38P{<yf0L=4+2YUHZA-8
zH#qeS7|*zfzT6ujBDL(MVdBYV>t{9@#5*Ew;PP&WUazuiv3j}Q!DCtm?H!Za_rIG2
zs9SG#_nc5hd&6f6TD=T6m{9#OpxO5RDW#P5fx%P~T9z86h(W33rIymPu%*v`Op8ec
zw7Fl}*)N(w3FZHDyCG?n|E>D})r`)hQoH`Y?EJfZbjhHkb7C~1{9h9R|FzLOy?I#L
zITxN$X$-LjK=ohq3Z*HkYI5#|qzQT>RpnUyP=LF(qzzQx34he>TBQEiGHW=&`tW$M
zXCLx^He58EYkg+9K75$Kw3+T7gBD6w(q`8r77eP6klr*cD_zQF7y6L3ikqg(JF9I2
z;H3f9o2K37Z78);BDoX0J29`vwB~Ecc!PEfL+`lR9DQZ;Ku$RXq-xPGxWy}~IW^6;
z4Q35N_Au0IF-lxZhjFj*L|<f0n|nGqk8?W1igyaPh&^15DYLkQRyU}5n|y6quq9Y5
zr->^aM9Xw#RqRqSYkQDtL0len)IF9Tumw|)9ygGtYL9|$5xwCAFa6k5xXo~{Zo8~J
z-8{FsAs9G_o!rL;%kN)G68<jaqtuk*a&p<;6aDBKgjdXPa~2@jc%hgUAa>du`k6T1
zDVhIyj8-%EyTK~c0osA|)}9oCYJ;mF_kekXHM;jBBEgl$&yLor*`ewjuRMba@Nq5A
zVc*WngLcGWJU18U7)+WgRZ&p%Pd!v2?;b&P2A_Bzo?lcV@zkiA*EOwW$oGlYpJ@zu
z^!4VlweQW*jLZDkUwnu<?&aH!+Nr>`gy8ylYDis(v$aa^+~u`GVajHuGJOsYdbp3T
zIDHm}s#UxF-EC3&%PUdTrFKyc(ArM3k#3blTW6j57OdIC;&VFYc1MQWw-N8~hBt%$
z@WauDZ41wwZ8rwNv9wA>qPK`CfUPuh?L0(5S<NV`zyXz6aXTvTSEVcj8K`ND-MR0N
zNndat?zzKvBG0gPqWxJQk<)7havpr*UWdMN#J#@)181$`f5r&b473P<x_d<!({>>P
zab8u%GRIeosKnN6PW#ZwzQac>a@Jer{zR>SJ;^R<?!|Jhw6|*eU`q`-66L^H;6Pv^
zBnq0zS!jb6dpF)V-=(@K(xaZC7Tojj$8bHzS9g@|TM%rV*})4JTp)T?;6-)ifCl?y
z&x_|6N1sw8TO?XQT=G2N;BR!aF)k)e)~n(0o0a_G=ZzH~1?AYbBE^Dp>uLmA)DbnH
zGpJe%3VSQ}Eoo_cMU}j&qk6qV)o_$;ntOw-92n|U!O~3BZO#HxXALTgh_gRy4U2T}
z87HP*;+Cu2`jr}FpF=v#RT<Hy)GZ5MDJJ9IpecUO^|!(Chn)#PkvmY|cQe&ILsjC|
z^;N#Jsfu?cRxtPt{XJFK^&CF4tmgtO^r}O`X?tjnw2e&i<NF$T-~?=KOWzN?HngR%
zE`)~H0$Q2=xWT_C>i730{aWLxG@Xn8sGG`&DKXUmar4+f_u1Y&50${R*|crWU;yeZ
zx4ReeSN*}9hmAfi{RV$@fx&0AX>ChP|J82tuobgJL{-Q*&#j&ksabL^1qo8KQxXt0
z5FQgNEh{TK2OGl=8iJjc?LW8(W_%__W?Dv87B)79<XLbajN~b!9}vfVG7$IwA<oRf
zM$19Z!ob1y|1a*J0>q8WM9a*|$jZQh|AXA1{SjqlW5fSBr=|Y^S~GC`AIkrv0#N{1
zIT)D!@82doR?!DdvD@!z6UV=bUVVOr1MLme)C>4J?hUkpJ{uI7kp&A?+q(d7Y<E+J
zMH7lho@Hrx;#8oWt0a@xsaH@gNhP%G-yAamecx-+UkB8`U448#^oKH;v45axG4t(R
z+U{J#ll@O(Ga7(-ehV7!D&t1_H!aGqL_<-k!OhL+YuWA0F23D+TJj@y*R4%R0um-d
zb=#VtmVQ3Iul<MD0R4|Eyl-xv{{K)MMbF=Ku!@dw<+ALPidSE4W&bC!+4%R%oUaNP
zTj!q_*KT0uQ6@pA()|JIJ)FIP0yEqrbY{cOb@rGcet@OvtKhiTtn`bTeHSQKAqO<!
z@5?j}#G68pbC@d+ikrVtP&2HUf7D>t{<)h~ULLVqSf^4(0x<-AZ&uQ&D(R?G`g24C
z-_UjOK#mKWv`nAL89`OXJ{Qn0ZF|3eJ-lXjeckJQzoFPoH%}LLckgO*Z=|z5|Fb_<
z{ypY6?F^uYx=!)rX+<)1ZE5?K{#f2@wmnX9hm^wW*yAzP>-2sfT;5imIB;hTV|cc7
zIJWQzmb(u01ZviAMGjtM8<H@KKt;V?JymkVet@y{9*@8+p60f$=z{?P@PK=S^?G4H
zy4m)nds4|iz$~kl>lZFVBbb6r#-_(1ht$+ynE@nM$NnA`A5KuGsi_|b0M%ixUS0ye
zZkxBgWL9K^Y=OywQmB_n@w;N#vmvo%NZHA3v^~JrSDh+}?3)-sQ2L4Wjl81Q@V+13
zyS?w5@=S5(X6UPYAinqhOpnvAiS}K>fI*3e;R~(g0~<#7pAIwkGdp%vF=?4b(tqF_
zY63`<$x&e4zdCwY9wxJu@X87=7!!lSV&kTrCtfOai)?DD$^7G`Y_tcfx%Yq5`t%aT
zP1$gtb9M;nT+THUj@ywsx}K&^Q2atW<!~oaL-|`*3TtbT#PK(`zthR~%Ah;(pLl3!
zgm*PRYOnRKqIwNyLE{{G^qUM1wN5EBvJT*Hd~l&Pe^Lo`zSas!Q~mHD0xR%&fG#>i
zz56bgfZHq*=O0k$PVe?3Hi?^i{f-4!-Q$;w)<h6Ub_sJb0qP)apX4T=Q=xx9EMO44
zM~UoRl^y7zpH+w$>y7tbi7a$NvyVk#l}LrAkhp6U$f|tt6r*EA%7w-bN^>U@PtyPh
z<dWKd7=;<JI82quCvavjY|nmvlVm+5uJi!-q_qS!$~)!#WR^*fUL^n4G0z`@ww)-m
z)WUVM4gT{toaDwoDWI&Cb*y?1e|?+~L=q!87WJ7llj@8jMf)hJE*=oGZ&aptQPs`=
zYOUd(S6Y4q9vcszux<Lkr*gluUn>DZ8o1-YBw%*$>eEgnF-TkCmtbKHVqtiCI~fJY
zNr>H$|D~J+aP9sx`?!!r9i;1yj4FJF!BG8mv@`vZ!{4|8=|wMFq3ajDuVZ5+sin5Y
zIfsg!{wrm@{ZZr?UMCoYbAd2UZv!?vJnId<P{v`a_c{Tn!R+p0G<xthIQ$uKa%|TQ
z136_MqINB(=(|HJ4<AOMt0QYysonAKz1OtF_^$<lb=NjO>^!NEfo2=lCF1~rVE-Ie
z38)d0DgABCr-eCD53Tl^c@c!XKLYtW7y-p@GN`Qui$L)B;y#e>=P!;Nv$Wq2#E8hK
z#-|HRHs>`|DH97UHI#)qXW#(<B!;>=<{Niau%kOLMT}4+D0h~6R#;N#G6tx6Zt`(O
z%oEO-K}F6;HNQN=Qe$sf+Vd3fxL1GRQxFpr7TJt_-Pv8>i3CxIue;Q4#NS0^h|`H?
z_TI^UQzP-E`7yT98pjTA*O-BST)!dsw)(ceIZoU825yi-<%tDw8pi+t(%XpCI%Mpo
zKH}!}wYn78`6_+c4SN#h?ZxWvkDsLWFRnerH&27@jew{*K@cP@y1*H5mOPJUw^}P5
z$o2aJIDOVukoWnEsfOlP9Qr;okByAt>6FvV;Yb|=Q4qFEnhoeyP_4k{E%Qr(a?2|T
zWBnSY)6<B*XVcQIZLm;)+tbX`ua4V^gfc93yl7`~=r+^}{7E9C@2BwX&)rMC5S|V9
zPJg%MH+QoHd;tWmLbdz|LrBh7nn4TY(W!)i-j#=Q-j--3od-{#CnEBJ!KI}CB3D<Y
zUv>M{Md^1fV(2xqMu8ulUF=aKA>=E+dCy`$|LB;0)O)&l_x$7;1RY1#%kZ?lNIN*7
zp-N7hIdVYwIN*z_f{(!28u%UvKTe|zvvVAbmtDGt)Hu_THXZ59ao8%OTfP~-NgnI-
z+38BqX@~ij-)820sk$EYSFpXZx91;RObxLcxD;ChEpMdmnHJrzx|xP)tzIlmx9pkv
zk_xrs)$@OXH3H~oj8~TbY399C^+Puh<S{p?KP?)web66B>S(`P`pe}jm6OlOI+foB
zarm7ctS^iA+{O@u5)Yi;w|&ax+z*_WE};ZburSjx9A`<26q2xbGO?V75q{JT71nv!
zl5ds#&<wUe5PU?;O_8c2Q3T82R>C@>hUyw>J7Mix5d$11cx^SDhe>DQa`pHBY=PMq
ztNd~Rtp<6UO&Nx%;bFFWxJ5B%UGGIW6S24qJj=x-%`;lRFZI(x2cKBmaP<p7D-V?I
zJU{?C3)09z>4xHAyDznSaHy>iaIp&vlh-^(plH}}<z=~H%$5Qnt0yBul!QI?j$+8b
zd&`>B0RhN1{L!Zg0D<xBs8q<lWQ58Jpg#{ci7!n=+2MkI7|jJk_hHo~kMe_`Lv9N2
z=RcUggPw3}kzOeDdV5vtetk^V`}$`ss`O62F53K89QK)+9mcgFKuZK^m2R{o&=oFl
zop@7Y%yyL38R#@FWMYlP3Q27^WbC=M^BV}!<QzaeVqbXZ>zs(HV!@IcFRhhkesZy+
zGB<Y58fxq&p*ZyDesLmZZ7Y<eBf~gvAG1TvUS_#(1|Zm9B7XGPHkkiqwaoj5v7lCS
z&T#^hPFzzx=JMEb<rYV^%5bo1#u)AD)L-h@O5!dNKM`!6YB%jrDTCAPD!}A3JHxR|
zTnum;PThbY)rLd*_?(3GuYUC)5c79P$$f$%&FCffZ7S>c(McCTl3)G4^xmp8US}m#
zq$)~8Abbd^NO&4pI70&r%!rj^{H>E89hy-#f?@q5dpoiZUw5pOC7!Mnz=z}7=yw7B
z2OETyUiRu%U{MZIhEOR;%mD!^2uC)c%NGz%Ee#S<mASH?7uQ2($+|uxbmd;F$y*@`
z1CbvDAp-M(qa*t~h#hYEu#*JsWmPNN4X{?>+c5u5v6h>S$t8Pmt1#N{L*{O~byQHk
zq6?;#0$REqu|U74BNh4>C^&QXB$<H6k%G*NF*lZPOo*g%tg1h$OjO~2TGV*U`Qh74
z)Yr9Gp1y5y6Q{2DX=`0&wVt=;aY~#l=!|WjFCQo-ZCgXiB@6gXft|E5r}i3Ll>D`#
zl^yV`&s9#2ld`oZuR_bfLeov*HL%*w5J$GhD3N5vI0|&bo?5OM=T872Bf|s}y$*~^
z`gd`Y2|E;Zi$FJucCmv+kI9yC4L~xFAhVuIs-1$Z(RfFh(hiAFRc^_>h*5>2zY<$x
z0s4iFt9r4uW!2BdJtTt1N#C<EFLchut1yD?QX)O!l8dknA`ZRW7|NC{go;}vU!YqO
zbE}WI+{dxnPK}tv@C?>ABijEMJc`d*IVLSAk`?foV%_8+QQ%G`<til^4&b}fTuiDo
z+cSk{`*)0rYY>%!=eK+#0+(K~m(UTY^3O5B*wJe<##L{x%$h{U$N-0hsJfxah2z3Y
zxCL07rZ4D9H^(4lC<q{Zj;^aFXgv&Em1(5CHbME2svVZPx@TYmh``3BLcQkU>aXpY
zrLEDj%avV~B0{h2o(Yx01u%)##0|BW>VUM^610rAAv(4Nj<?ZEEWPcO*5?MooJ6vp
z8z663gG7raMD#jV6&Bq<_wdx`6l$?wy!u*M(xiadU*^X7jSuDT&h+@bBR@1h$m{@x
zr(0hHMf@JY?Bs{^0rU8KthA%Pc4RQGf`gsgm%L;#0Iqq%m5u3^3YaboN?v6nLY0g>
z)wu(1AiIm`ageaO5VMkn984XLFPvzrD<&*1D-(QfK`YDx&k1XB99wN(GhCzxYEQ%{
zUKl`DT6iur+1WI0^l&G)YFkh}n2c~Uq^lBHrJt-??W{RboKieyZlZO0!zt>2rL0g9
zbkAVp<$K%}!+blL0?=f^Eibx})cPQMCE4r9xJ|ZUesNcpySL>cnrh}U4)>g3m1!0+
z(G31ueqbGxxjCl_k<2~vz~=3|e@JT-!D`qdzuZ8#Sj*-;W<RxBMso*w!?qTv1|+@Z
z{e3aOFkMPxwMe!GAlO!#8(>O}V?oyvDa`MV*M+%a(pqWf0TP2XYNm>`8XG&-Cv*ol
zR2Qf=&JeGPG;rxO)}BON3=0lS^6K&rV0p>-=KkhQq)nZpMUQg2*3MQwuEF?rGyz!G
zDCSc*808T)&F-W#&UbS{A-ZKXEzm|oRF%bi;|K^z2TLrQ&30nxSqK2V<LzUf7}fa{
z>!h3fdF+Lg02zYhsf#|==tR^Y)jS-jqKAGIgo+-Levh*@^e{rBP}Y<4pJW#ghaR&!
z<Qo&epuoOj0E%8`xmSF~BkB)h+@$1+7{-^v;uxjTJrrXLrCh-j@KkW%h$M#8bDQT+
zr48=)0-I#CTovM<2ww0Cpqg@D=%o1ENu~#FH{&i5&<Q{ITGv6s)I9(nKWF7MLQTL5
z`BD+$WOe$9s?=q?u4GB(bs4&cp$_96;zRD|{R*5qp>S&J(9Ty2YAbQU+-p{7JZ7Gc
zTvMnoK!tE~KxRc#uP^Q>w~OY>1upJtXT^g=+n6+ANLe00StIb@p$o#Ra;mV4O4|V(
z$sSOf%t^?f`S4$Nacs(q0_QE&8*ziP(O0Ne=!_f7Pvx`1=9m1ct?8D@gAprlDSnNe
zVd+8X+6aP!*dzFAZlt6N%yFk(>Y#;IIVVm5b%9h32D^8Jj&xXJ`jLG6j%i>ZNKJ{2
z4QzgtS0O$j09{^Ca3d8MFm%0xh@e~wU@74$_bdUHJ@DFX1&4$BlS2C_vy+4&pZL?T
zJO}-mHJHg4m6KH2Vt>C(up9o99^>b-eg*wr*f)|L#zbhaW%u}A%FusKw2Xpn6l`GZ
zP1?}<mC<UV$Tj98195^UsUgx&jG6mso4m-oo4kSanYxstQ=zo0>05UlDi@r9BVtF)
zFr8%a&2qoOL|Pjz!Z^lXY*3*Jx1yv1_Wp6r`XUXCkkBJA<|n9C{AyB}nrK@E@|5wg
zKU|j}bb^9n6?ek7`HT|BLP3h)AeNIZb{Ndi1dUaizJj6JtagMc$g<3c7_sKn1fBKP
ztUQZm)bZf*H+YrSV>>CM3!BIQS<QTh_8lke1_JhW5l0#R5Y-A+pSMOhcvxhcguH6q
zPxhS*1r`2zCXexmP5TTrfl7^?GHCQA`{xWcFL%fYsGXy~y{e0yK`_J@g8#HV5h-3)
zEbMwEOvog9WE7mBq7Q$kg?ndlUX}H!PI$wi4>!xU5uS@*VMB}<Pye+5=t)Tsu^tQX
zsr2h%HDVmpSoT71(y^2CBGgE8p$8PTXg)!|^pZ3a%D<5G35Yq_neaoOEvzwCef&Dh
z)P0~0(((eL30z?F3jnf_4(VJ#s5BJ}`fr!Drpg8B$+|@)-;@P}|B~b=STgw^uSec7
zbv)NUe{mX;sAvT6NH*raEZz77LwAgW9%6DY4f*h|Y>ko`&G_e@S10o4R56N)Akn-K
ztN?mxRWMl7X%37#zwv5^9_fUnk@jOzAlylTJ+TU0w=g_HydZo>tT22kSTeZ|2;TT|
zXUveU)EOsMF!aANa9PgK7_le0KV9L(^3xTdOmpUdnpHm4T}3!}IeWv&5UO1$XGfil
zAg$Ey{XCo_fP}-2CfkX4pKnqD`ZQJmh!n&@x+mCG@$hnm0gQgC8}Gpl%oI0^CGe4#
z=u}xmei+?&CvLL@c1>eJX&byt!kK8G%k%*Dk<T3BFff&Z{Z#H3DK}rmhx??G95P!D
zRAlo{0ryim<)oaRXcb`ODa(&tAIESkNBTKF4}1D?@FeSUZ3w9|^HTJxf#eFnnd{Ti
zmQZ>@XbO*w{@QXT$rRlveqZZh>Xe@+EJUq4)tG6Ji*{guL7zk14o+F-?0d%X(`5gb
zNT;qeUy3F9ar@mHqE0noRR|MXXnsfeVJj>kPIL0T6oT7U(`_Yr#yT^>Tlvxiskzc_
zg$fQi$zp|C75mn&<BZ42OW*BZg?cVi=$P?fGGB?}{*uEe*6j-lN-;@1qYqPHPqJ;O
z9d~4*Up!p|{sP3RQ1S<g;PithF=8ggpz}8kYN!~eR=E<L`+)B@-tK?h4Kp8q58yvL
zm8MZUWOcjzS0F}|G(7x!(f}1i*wc<F_!+XB11zNO@;w9b$VRPY0DrI#Z*itwUf=ue
z3H=Yl#u}&+)Nu4D4Bjgk)4W@mkR9~Igs^WyDrJj7(LayWR8e9a;OT7R*W*N!1~Yfw
zRV?|MrAXeh2MKW>Rf5qoN1I1LFuUZI(KsF1{rRssAVO5-x|9wWMO_VNs0wzHi2iC;
z7)zg|JxPZoaOVt1W*V_k^F|Fb)<+RZ5&;33dP7e%+vPX>1{bIdGz#PMD=3httDHXe
ze5Ggy{FC@xi=4_71|lgIt?t$==5!v;$JOO@+3^S$Y)VUK55cP8#aInMbBu`&p{kUm
zRqBdjvHD1{IIkai)#^3rG0_5d03oid=B~N55>Yz#7n6bM&0fl2YfDzTShh)?#ig<o
zTBabRsvQAxu^v+BU((96@$xOT*+LNGw0c%==ZQ2r1Nq^~hSdzxSPk1$;K8~H2X8y!
zv#1szE|}OZZD2{n<G*=;ly{+s*;|vx6H?|$g}RR-r&#<!t!~RpnCptUH@9RNOUdJ#
z@n{CNxfsW^BB|`Tm3ph&NB(l}Mk`x4<7woqi_wfpX`_!30_hKvBKu3@apordmEve)
z*88@w-w=~g<xd?u=&sPfl=LVC8Rn3S=Ev}K>>SKB?G)N%z*NnE6!Je77)=kiAk-!Q
z*vZs_?D@W<g8`rCo6+0bncwbjAArS8zUghfMX95K56IBB-lV}zHuVTW-YEx}(%l1c
z-^Q0SiHsegoVl()9fE_>La48LL@Bx{3&8PfJt`mUlnly{9SjAK87V!gAZa66ILtnD
z;JJ|mk&o$7Qu+^orI;pqkpL4kf6O^lR;@pIV4An(GfbJXV0yCu0``96wD^Q1!if2S
zH8Z`MQ>Bg-0ww>i0cR=~dQPTOf)^6HY>eEZ!RIkzlMMXjH~NnG8uAm8*Ehjwz}<L{
zE&+>A>tr9kU;h)5i&ahY_S4Rx47_zPCg}GZCi~kPK-SCqw_cd^civbp;PCzqO$v4I
zGuR|xtb4y)%w;u%UN-U+HBpjauThVY;boR!Ly@6m98&f*Mn5&PVfPj6-~~~Ghn~AK
zUpb$oL)zn<bUg?|)bSTW(zFV`s2zoOABS_p7?yRBk?hvYhH#_tD>EIzolCmjP;*DZ
zzlTd{fUJ>=Elj1ZD#K}NanwJ#4(w{gc|*B<)_nV<e)J?7vuv}<U%9S*sM~@^XgTb+
zdv#3GtMe*xqdec4IoNV70;pU_OH83OOj!R&Z2avKS7YPfubfvkH|U!rr^kaAc$+rG
zWqY1_9`fEa!Sr@3{j2TD(t16CnCyPRa#BbE16+ZKI6Mk>bZT~l?qz$qYRrshGX2Tq
zF=vSNf3}@7;Fw+VnjKM)G-JwSxQrtm2qI$4Irq$r964n(;om_2vJa}0Gx3ex_;9n{
zG?DCt_NKtzpLdFGm4o%6DmH$cLHh4hayFKo2^pd|IKN}LzK?q-$57avVyc>=eOYUO
z8QB+)>M0s2G2MtPd(d_xjPAc&A(~OMsTU9i261X`Ez>s~NNzS2qD?=y$yO+vL2*cj
z<7AL5b7ycKCI_yk5rb>_rIAI@WwS-K<ef3cGd6@8^_esM>h*lPZ`81vak6LN{XPjS
zbM&+M&ecwZy)e8oG{)9}$v88w@lbofZaf{shtIC_MyUXZ70ssR#}U~H5}mIbSipS~
z8Nx(B@sX{m-_0b<6$zV|8|M(Y3e>31J(~pt^M@m(g$CJn<!XhzEg4q}u>ky$e+H0F
zUSlTBY&cxR_JF|76KHy!0}o<4X!G*t<$NYdzz6?bWWyL@tlS1N&NT$1L2?G*3lkB}
z$ftsgJNEu-P&&ihEuX6#z?31hW;*A%g&aFCw_e>9bff)lJ2YAK-5$1oMz4Iy;&Z@7
zi`%6X>{9`rK4J&072kt)@f#b&C5qylvt>66C=25(Kvw|Ak+O*=n;aXR6#ZIh8#GEl
z_0ovWSvWt{#m7(egYscxqPP!0hcH$6Gn)VMvGMdvLclWbg@3QQ;mnqTrmHU|QvJ`W
z2zbgy?zC!Q0<tzEh_aF|1MdUhHiQ^-4vX+K`N^Dj%nu6Po4B&0?MA%YI>-K?WR(8y
zU{BIF*t$n^5lYDk6mF=*z9u9$Kx<!vTOBAj?$qQEvm^}FzQ7&i83w?dBIAwZrauOX
z<ylI^$(=4tGZUs4ly&Mvi9X@;K`MXJBOJQ?pI6X@SHbT8{Qhb6Sn)R#(!p)q;OY!?
z6TfwXZZmq>;u#Y`A<PboBWv}n*u28x@72QMqn(4p&F)u9xEg?MpfWw>c5|u|O$kf>
zyO0N1t%RV4p6B==Ox=g}Da?9SOKpSV7A%z}a}$ckAO812HO%6mY@9?vks@jZTlqmY
zi@Gk9YIEA9v8gBr2@7$;JBf9c((4lip`GO~;nZAe79UExdd+xE$R(?{E*(U94AU`k
zvgMMADD1nvnJO&wianv5Awp%Kif|aj0uV073GW)?D?>hf6c&I8f6~0R)R7O_Dba?>
zq6*etw8xGRib`!(nX}5(lyn2fL}CK&mUc`1kmMxBBGbsQh_k4}LA&yfBwShK-a8*y
z<S^p*ZNm&X5WbR=DL?DnzA{iZKr77UYbr-1Qe$Nx9EjV6s-Q>zzR>GBB=(*^iw+fj
zrz;b5Wk5krX}0F0gq|hbl<HJYt6Wd74Sbb;P<|@oc4O?~SabRBg9o2laTH0z2@=Cn
z<66ZC+!!dRe%yaI$B$zF4-EOJ3g`jw6Jz_osf#YPHU3jA#3x&iVH$j6&-*8!hPcjw
z4H|+(B8qrmz_JDlT#+#{^(_`=jf=NxJiRLgM=g++diJ-jOnrFx?CeNP6u@`%kgeop
zKc$r)b?h4a4AG=Mc_PQ1|B3()5cuB0E6}M}?n}#83wMYDZ~+=NXfl`xLdg&F5)&qH
zyL~vl++WWAR5k0;CNZ2}#5xk7PIlUJX7onyUN3)hcX%8?bA8>X_cO^f$R>VQaSu4I
z2nx+ebbER4SjWy8!|_$|u}l^c1^0!C%(@OoS8wC!e(p_o|I~BoDmc~U!~6Q`K?iV`
z2FL5R)Fj0Ma5Ipjv@oJh;<51z96WvkS7~ls?V{<cENk0SepwEcQ}b3?f3w9}Ph*GI
zqc2YMryi9RKTSE;yc$<8MzkUNGF#l)?c2$#G7N_7rxKT(#AQ_|izQR!h_BVbY5uYW
z;wW@0-7lWOxgUj(UF}@L9cNW<L|IKb-#odvyJ(*SqF6|_TJY~x!Vji6DiiKE$d8^_
z*qR6LPmR8!_s^%{vpb8p^Dw~NBpK4_&`+KXTXLzEsEInXxSzK|(fj#64{ZV8uX>g+
zY6+?dgiCW|g}E=KS^eEg2B%HPdla_lREwr>)8B8ya@{X7nOURea(MUV-4<*2Z#wBt
z+B19rTs5JU;CQ?6nTh`t+L);Q!wAX|1YlR-HTB1mEdEag0H*TO!CezfS#C1O>?I4r
z$zlscDgsBe%8b~cL{y*Q>(`Eo#$is=51YAeVp#;p;gS7zPC!ArlkU-IrIAS5`GV<u
zM!;gk9a!QUylBvw3}@0}Z+w{78z>8TrZB+CuCuHx#K<!RdSRA&U4C*ql+&(o9NEhx
zn8&tQELP1$jjz2gon$$DPPO_9nftd41*5Mi5a(!w>AWD1*k@*WsiL6Xu=o~ws`r^w
zdNs-^H$)$)Bi%BuYJId-_Uo<Pr=#M`{!?3?`cf-)<nXqxylznaSZI)EWdnBqss$kF
z!=g`vA<+ziLRtWqBtYZpPN}N+?!vAnUSkm+RQA~11g_MzfqwbaD~sbPl_-M(!j&MS
zwW_$h4f@$Ef78zl_S;YXd_(fM<Pi>(bK7>p#>_0Mc-=ci^?ePwAXO{k;UHB=n9MPP
zZ~0@(OD!f|NP5~Gh+Ysp=XZc%R~!IiE`yxS6Y3~KOGtyCi_BPh@`+eNxKyZB7=xq}
zL6+n7mqeYEWo#0Yi)3KR24Q9|2db}>tg3{$p|xIQ-x$fs#=CBG_Q&pX_uE5!nOJOY
zhQ!+fg&KI8uA|;;DM;sOS~MLn^jr3df~xfj2GAo#l7!}nMTdUgaf27eDJvkQIDpvK
zAwS6-9>gUFGsnM~<}98P=s4nUmg)*BfUhcT5tVw9M8=Fgd3M3wx)dv6l_;aZ@;2K9
zOCHZXNh@(;hxmB;y%b-pS+x=xQ>N?!xXDT#zqNW|SYq%Iic)@4)#RWNk0vmSS{S2v
zT@il(W*ND?ttI{K%Yaw7sSXe|>Nx&}C2wO!20UaL(`v1<5y23e6@;dgTzPZ5Qi?9`
zDmvG&$=0EcP%7$H2*Zatj8<iosHt8@QydY^VqU{Bc(z)XWwUGD#Eut+F?^X^6!AH`
z`x)sKXvq-`CqNci6=CAm!u<vp(QC)g`MTIWV%>T~oOB!}Uy@G{oelWnQeAOO+?*-$
zcLn=&g(x2&3|!Lw^%^wdK=3jb2NL_ij2JK-mSv7Qw3m7e5(8$!VM`u<><7I`ZM?|}
z8&`xhH|OP3h`QzL0WRVDfru)gz8#y}qg*UxxO)lnq(I^>V2RKstJ26ccg<1t=!u=5
zr3V`gaf?Cr-u-C`wFQtAXbl73f;A&+B|e<RvCLnm<0C8*Rr?U8F{eI^i5RdH;1`B2
z!xV%rTd))W(TOrY&i;H7yVV+l|M#^bKc@=R`Rq!^r^$0=mi&UCO(-^EQ@BmX%AWwr
zHcm(7U=vBTCm8$S(&CLSBv*3R1;h>WhuJWfjpmEOjqES1egt5W^ePNC<ML=~=8<8a
zey4Di{crfS42jEglVnvKX@nW+-9aUSGWR_TyXuTt<yW1|A=^FKy)1YCne;T*_%Y?V
zT_lW^>vaw4<dR%}6m#!OhXk$4b_Z+4)lm>>U||KbEaVg+a50nn9IorB(vl4;!Q%5l
z0kWqm)&i$jq9Q=P;?D-%7S%cNoF1HDjE2<GY!H6O$oQ)6JM3a$S0q0VUW}|klnVlP
z<mODK0e6(58FOwsQC8%K${EIBsWFs@gTkDvv0XQ(j+AuAY)hiHh`Ysz$lsKTGV_vS
zn1MBeIe{u{g-+8eaV@(2jYjqeg%l%(HS4a2orpWgQ8d7Gj)u$!VXFOPDRK`K2!n5;
z9>UeSiiQ`%#5;12&*vx|?>o#G!#twYTHs?8%4w!isdkq=i@NaIj6L0kXQuGM5GYot
zC<@Nux`vdv<VJxZmMc6NqnapW&>TGH$!o!gE6Zg`hdg6UBYoU?V@WC{=O4kXCWGq0
zbpex-)kVOul`#|mT{oTP5kEmH=ky_UUSRdFP;MOjkfY9wLY($M3`|=jXIRI8)^&wV
zeiWgQqqeJ)$z+}v2ba5^P*6#LQv@f@PeM^fttiX^d_LS*fPt7qEqX3zTb$P|Wu}gq
zbt%amK8}!_Q1x7YL{4dLm*c~!=-6_J$b5>nPYqx;nA<c~wE}Y;o{tpcQ>hQpR)eC_
z(&zsn?Jc7sTb8X++}+(9cXx-z-QC^Y3wL*ScZbH^9U6COpmBG2?0vrPjeG9<`F_+G
zYh=}`%$PZ|R%K+w4E=J8^FL1Iluf^*bLXW{+0ATGjbeeK-cq;$-CuaKJod;scDC^u
zWwNgDx@kz|nu-?h=OTmHJtCM=2-3L0R%$W&;=={ErYYZwu$YaT6A(;HI5ll88)F(U
z?wEonx<no-y<tZ)L;yDdZjicA+dgx)-3Oc*?gx=eJP;*NpLA}yE{2=X6s?DPKC;RA
zmMoJ`n7m^zU*)lnTn=KsdbRq~_T(3sI4{>E8xF@ihaNXj$He_TQDQa5@esXE%uED4
z?jxzFr+d}VS0F7P%d@}~TuVeyaf7$YE`g@#DyLUl8uI6!9{`Mw+Dhwc>Pcg3v_Ag~
zy1j{%h}bNARCo2lktJWOK_ALL7RRxhitPDSsL=&Jv=%HQ2|dE_)*3(6(T<X(%r`=~
zIPw=9`1{kPo(fcGY;igZypL@`L_EdoFpNuNcggS6D~`o;rOF!CI#4Z7114;^J7-pv
zPyxrF3st-fd;mUaM3%tP&{uj!h@aFyWAvdMd7gj=u?Sw3FDjW_zTl(RUgajhPXG8_
z?P%@5+V-X5#EQ?6>!2D4^~|SnEs<UkTre^!3FVG29ByX9vd!~JSCP^@bvTnvIa`e7
z?3kmCZ~41nFfBN=N~axAM;q{}QLRu%Q=GYG(&C;nKmu@_3Tmu=BC5<TtTn@H=++fX
zXwbySEzXT^v@e>T3sV4K;Q?oqp5l$_#0P6*`Xxr_5Mvr4z)rG$jQA+9_TQI^dN@uA
zxa3vTIDb90Ljr<?+Z_a=ClNXPm#AeFQcap6yNX~~B8VFX7E+Aod6Kb4OHMFA9Hc6j
z&=4n80lCpkPPjjtJlh%kTub3`u-WH!6!ywh(Z7$$H=OJ!bzQe<sG_-<h3L4iT4J5b
zFHaT{8BSf?9`uR}pGfe#F;9Pc8;<<-93%8%m<YP0Y0)b_#MiYF2BVhLHy5S$a1epS
zv^!DtN=Ig8TXKKgH!J=-66vuko`tv^RYHDm4DelEjm53QSE!oYz96aj&~ZpOgY}*Y
zy-i~6aRo1VABZ^TR)=!2_x)M6+KiPnLq9U7(EqKb)h;Z;5E{XvMk@X}hps^20zM3-
zj#_T>J;9oZJu~4d4k4ikwR3Y-_l%?#R^?Zb;fBRt(_#9nq->U!jU$iD>raZS))%LV
z0PAzK#|geb9egKS(97M_99yRIk$%>;=HdaQpD{s}n7arR^jeUMu}Fx+6R8B{dSy*f
z5o{_B^`Qs|%X3k`4x)dv#S6GFCPU&!v!ZI_YjMlATBH@%v5=tSRTl&WvE5ViO+jVi
z{N>@%U{T_F-LvOnE308v*EIJ2^#^j@3E=jv>~vbY?G!83q(LB)(Y(gbueL(dhF<ox
z{pRCgnj;VOi}S#<=59;hAne4Up+vrM7zZ4~^9?=C#$zFWC{<FP=%Sno3FeE=3&b!y
zCs*(`_B}IPyj&a2!Sw65Z0Qx~rS{QoK|6Wl(btW9@7o4u-e42)+A+bIxENcA3!r%+
z3AZeL#4T&VZEMx`)sb<UIaPawf`xJg!_)4nkcvE~Gq^xl&XJwhT_j4hpX2%`b@fi9
zX7B6Z0pRQH{y}~8jw4L{Ykt&zMt_S{ie2SgbtW$}?8$2gQfi#LS+(P;4%BPW0Mg|o
zwula)V&1mg$dEsG<9=0gpmMJ?9k6E`hhGt&m;mRJoseGQ(xpTLNbwSPq|R6%gOzV~
zIrPtU<!+OK9Gbud-ju2>>|#A6;gC^NWnFRxZex_;vJf`7wRYx-IRRbS@x1+51L6k)
zZN~ssbbybmFUi;Tvm6i(bdwJ-j)cioHo(7PT!JCJHtf<NUbn`LCZb9U1+d}rl5HP3
zdI<9B@w7+bo@BT1>axh!z8qDm{X#`xAnwD}Z%RXSz$^3Csoski><PCG^t8229SP>p
z1+%v7E?dyPs&Hxc7QxEtv8mYpAr01{<i#|Twe6kE9EGvoye*OulNiWR^8|$cHX0E9
zaUfW$0b2U~=LG(3R46$u7La{dn-mZk>b1@P7ND-ODq;`;rna-yM3^7qez1nTAUhTl
z%2WLGWhi5;7-mAIW(-1tgIW$9Q$cKQj8owv!TWVSDNxH0=8oI&j%Bc(dCre``_&*N
zz(nzaff!n@P=Orj4Oj^x2G1a4RnU7naH>=GY)xzKo8*@}gdB912dIi;X0}`~z0~F!
z%JLZLb3*f(kr3y+cN8rAHrY!**CHvXqs4H}r`Pg0`%d%ZDI%wfAw48_pG#gnCB%E&
zifDCWvA&t|HTQN-(~Iznh40wVUcBvNUm<^F-gRF0UVPez28w=&QBzfM1kXp);8Up@
zx7B}jHI=1f<+4702mGZ5j8b#+&hU8=t5G@d!&h6oomF{L{d}|FacKgBo%xYcYuu7d
z+v#NDNk+vtkQ~K3F?)$ic@owi+qtlpCe8dt3YL-RbIL!Q`}apulrvg^XxW?X(O;j1
z*FCiLl^Z6=72e}HFBX1s^e4)SpZT>Soe&>UauZny*NUJ0u7KgJ&dWSzHGpj_K~P$|
zZc~_*R;b-3W-YQoU459N;YDZ7!k=8t84C1+8*zg+6Q83WX^#k~NGvtj((*4kZeKfA
z48TF>7eDCJV(JtIQaCSWIvQNem@+3bo^&Os2i0FU)%GrS@)UOm?9jEYmOM*RqD&Mk
zIF>wR)sMS*r2zWJ)7d&-7>d1P&lC*uucnm1EXN)`TyrGdCV}uwc=G6|jad&YVjr2K
zzg*Xye(ZmtEO2UfognD?T}Y*6DJc@{pd{%VgtOLYnW*WNCGPATT2+REcb}S8lW%ED
zUL8sbh}<PQZBlEAzz`l{PTbzSDR@#(443H*mO)+p&_Ph`!kA-+OI7_MB+fiE`;TJ+
zwe>qcn(M!{FNW1+qc%B_y5H2FyBH&-9)1WNh@|&j3L>Cp2LCuWTo@0=Yb0L#Leze>
z>b%HUvm2A^P}EM9t}OGKEwRGt_O0vlBMFFNs+jY5=Jp}%Qht1-!l2+dx~XZo0<Bye
z5;B!Jq!bUgR0&7ugKQQO9R&oRxW3<5dT_k+9lm7FRXpLif<g5&kws+F8BFaE=7nLp
z@4i33<n3+asj7d_?6&_pyi_9L+}%$E<(h|5(uownS+t36YM_nojvB{Jb==?zxZfzD
zyd5bBMi>brPxYra!<562em?Rtd*6o@%C`_Y=);hNC7k#8s2QqsQUL(r`b>xGUqW6Z
zC~^m>-(BDl7o6~x4l!R&k51>=*V+R(hTh)xK4#tox0P@Cd5SI6b8GuX__V$Z=ro!f
z0p=?zwiDk$#AG$Y?BurH@8><OT{Gi&c5cjXMI!jKXYuUbHJ{Fe71MmIfIJ(S^=`u=
z#NXRHZNJ=MtLK(|O#l}Q_MGikMXR!an76FG-`k=?noQzPrA=t_%E?3xi<BsXnMr49
zfUX`-9_K_R6gIhY7==2vT$a*FvVclCPHOx2I<^F3VLE;;0koYkoKciI#;4gors#Kt
zX*~>f-qt=LJ%Eb4C_Q1^GcQZ)&{anIW@W9xET(Lu&x~v-1%Py<Wa1ZFHclS>4~4a7
zK)7=AbFj#Rt)oOI6_<p;B0T=6h2#XSBE`^FaCQ?Hv|%C=)xMq3_TM8avUwR71n#ho
z3TLI{cw^PtIhOTWwC892D6+HPVkn$O{+`G-3w#qc2`Dp37i%-<w|k`AJcw~!0-B3I
zMDbVGxcLd;5&=;t4#?0p5f^0?E$OO82rGJdl3%5|%5o&D&%LZ=H81(O-utxi%-b*V
zZmq7h%f}=FmvKiv^qSeH)O7915UqG4qkX@<D$__^>Ey7y4c#q`JP*6qhtN;b<v-mi
z%k0-MU<62$%YH-LMk~mXHHH)-3ZFhay>JonOyxx$dH~GBg6`C=Ls=UOq)&nX%;Y(x
z)!B(fjxZfrHrR7xFlZADsrxR%JSAhDXlilSwadWmV`beKHEh;Z#|HeVQaI-iLES~W
zS<^<*6)OSGx)T=$oXca4Mh}UMI3bAwUM9_3h2n24@su}Ej|>y6f-rk~3a=f+`Oy0_
znbPH(JE$W*c7EkI^x}R&t+2a~`j=d%asOGJfR2AwCnNKJhvDN|$8EOWynVv>A{b;2
zas&*5z$>wK=L_bvGiDYNKAPyS54d@|`G0;OQ1Oc=x6{--;WUR|&Cn<vI&5bXn;Y&v
z-+^2Ul=*WV*C-A??_Im>PFcl%?T2fU_V|SW<RL9H9<(%AJcg5<ci#>A0Zc&jWNuR9
z&54N{dyAceS%ae@>Gs_wsm^ETKty1RyD^J~U~qfKi}GP<6b3%er+0hEn3<`S--p*e
zC2ZmSSTkKMTEF%Ng*^YbiiW!M+IOg4+T|yIa_AFhn#8J1Ib3Gr$n<Ue90)d>!3pXT
zu4X`Bmr3mpPlx*oJsOO@1k}abfXYx@{+-f2@DIq{)#{H%ZPx*cW<60u8yV-;Na)Yz
znoYPEye;V8w<N?68bN9S3vG!|bRRn}_X7hfyLPyq?Ck|o7|}x9+yDY=-W}xliuPhU
zH6FscX#+m0(<k(2p^{x*#%!rjBumOib02e^yt!eczs(Z(_#D031`tiu5h4P99pH@=
zb@2Qng&51eSM2azLbxc-=>tA(izANDV&B$2mc5&6{c2ROl7Mw>v;*;CY527u>R~mj
z=+*hz?-J;$`*e}C1FM{VxdZlMDw}5c)Yw-WUeT`C=heCSVt+ZrEp&k&BJQokArw-5
z?58W;Gn{+vT&49hfPBZTX4}nn&*lB>`nBgu<cz(j*lYpVE_*&~`|IV+Ue8zCw;U@0
zl7ANy@XLcYu$#xoVfWv1hTsyUL%KM|f!n)zgP!cyczMJ3^!!=((N}D{Wdj2EE(U*L
zou7?yjLV+5eT50WI6sD&$R&8E;b*VLaKN6RNMjaXpFseZrN`iURs&VL&k8$dGV*-~
zDyK1=Ii)uNKN~*mdX~kuS5GyMUo7z@+QYv<==ktpbh4HOer%&~fn|bhViUCPYoD+>
zXGi&L*}BL~!U)`h=c4PN#yaQPwV}aJ1sx}qfE_?hX=-!Q25W10ej1IK2fVV<<Ic(%
zYoc!c2nYtaWy40K20IUtJ^<U87rJ68z$#}@QXM3cRs2@D;Ck&WGT#Me>~0tX4{I>@
z_qPcUWp2Nxa(|9riam!mhMug@qbZzS`<%d`Kh2c#dP#ry!dnh-GknzkmQwWYn)i%b
z99}1{wvz({moNXyjxih|m1Sg9RmxmIxA5vr)(Zga(X_J2-?Y=84%qYDWdF4~bYwce
zfC$h;ZxlkR69%he;TbK>Qy&pEX++5wM@_kKAPYt&S3q1uS))$4q@EW&wAVK#p-$!q
zkRk8aM2^GpKPXNP*PA#E1|yGYBEk)&1xc)K6+48dh^#PC2SK0o^(?&x(M?gD&>OJ)
zlSKn?XQ%9$(z|zb;yH$MUhiP1NyP|+rq@-aRSfovq4-T<WKXKd*Rk<OH$xNz)_(2I
zR?NUPXdGGo#yvD$1cg0@z}+J&q}|O+UM!lvjfLVoF%TTHapLutqd7vem2Ua0N|{F6
z5Hq5s9lMsk1BAOfS~*5v&JsZ}n4u5%eEB^f-XkUyk86mE^RQ;8*w@kK$DD@-PEpNe
zUe?oSN)BhW&Xl+<2YiH3_ym_coUmQJW2!`SV#jb=7L59@i3zr%G2(8m0DY1fcnCMg
zq_lKRBQva0>>p*EI@`#<60xYybk|ZM{8H1YNk!SK!YzzU8i=J`sINvM3RD;1QE~7A
zx~3+hxO_iX2~LY99J*(>&@FFKP>(b!J<>)NWmRn3Fl#dEo2J6*i{aCy#FvVL+Yqy!
z&O_xG=UA_hX0sV>-Knx9e0hYXU$K2ZCkU3!z`UQZWtaC6hdvDk-YdJUb@u(H*QN$$
zoK>#D+21#hIc6o@cl=wkLfof3GJR<QASEmr!jAWA2^_$aVx}J`$8RB#_>R*uHnPtn
zFxwp|{sYd0PV>p!kU>p!fyKYO;aTkK=aHX75qZadU*mukbJbKgDY}qmR-aG=jvmnA
zjhcxt`fF#`+j+J>eVy3aHGRyeOzG6=t^7(S)9UvzkixLFG#X2+yA!!Ls%E7JkYDw7
z_I?)_P(Mt4PQFw(J5A_`Y8&e2_)K*k6Oy8gc8IlvYXM?Xhll_w`VC}gL{`o3>*emy
z8vEO{n$DOGyR%Ho01=^C!@yOq8pDIySm_4(JC%-+U9~iRM5R3tkq{vek=h3+3R~I&
znyK91-D0l^dj!-^kn$BOk3X&&;4J!y|NVj8J`f<lX*Lk#9<d6Z=<+xs^=CAy-W6iN
z`Vi7kW3vyXjG-_CZh4;N)LYQRZ%)JDV&@;g(j#ni<@vNpCV^S9VK6aG7OepdjM{T`
z?CYnp%4Rb4m>9DC(G%0$=G~a-E+$rsv>J7bfr0xa>P$1JAuSw8A<X1}+wvM1WN-Ya
z2=z7&c6evI7Rloil9J!s;X#>uWz_JpNd>s5a$yv8bFKGCfC!BdL8KIvg_%V%zNytD
zgL(e!&o(c1n8Dr#$2h>3p!JIg?G_1S*|=nN%!ELW@p5hvgk8EM|3O#Tj9()nOiQ3P
zy-;iZ`T`M^_e^_o73~h-<Pvw@Te<cD(_YH3Kh||d5Vx-H^#Yyu`X>@rOQpliRkqqh
z!G_xAFiQY^7eB(^QZzoD@F%NNjq(cRZE5fyH}mRCF)r5SGfRj$9ja_w9Ojh@9jd~m
z+U~BU;$_-5&Y`*V5Mu4#Rs*%WGi>N)9ooR<Z97|B;pi=lRP*})Ey|xyB{N6OQ&38o
zhs#B_OLbIjV+yyvW>+(0KbNg0;7=sas&Rt1bJk&s_$sr0_|Pj}_o<UU)SE{+imUSP
zproI`V7BU5|G>#Ph=ue<r~ZLTWlEifoukv#X~JI%ns^lpy+z)Zm!lAy(!BP4{vW)M
zx}Tg(VLFXG>7t?sP}7qQq4#8;ohR0^FZexi1$e$3ReuttnIC!BQq&v)ha}dOIPJPl
z%Bo1dp?hJ0_{q7d4H(CO5jq_~_}gMb56=-8(rD03vpK-z2OR#es|GzaWgNnBnn&Hs
zReEvfr-Vr0RkIYO2N!6A$FuO)@yr1mZ(A*8L&0adTTbB?5J|rjGFj2KukQU*O76ms
z@Na#{gRHwNl?m6nrUR~I2q*E;M|J0%EJhWr*3li-VtW~cOs*pA9KMt$v?@#Qg+6$`
zK3F<xcKfxVuWPX^GwH0GGQ#M>*Kew?!HH(MzgACOEHtR6#S@~dqA8Xm-PJPIw7M5~
zfR-cu<x~+TK=jwSzrV_A@A}n&51Zy*o%pRZj-*@Oq{$i!jn10A^kigqj|P5EVX)(p
zm(YTiCNjKLaHzsc@LB^(I^ZgnRa(@X@q@-+6z0@O^qY3lazib(j1<vs;<Zh05>5-<
z?Tvfpb%7WK25_x^)S+(8@QRKwq$OHPZ+|V<JuL?VCNatC+e38r=Bhu<9P{Ew5?_P0
zmG0lUHLN&YO2~J3bXpanfVmz!yb6+qiZjE@3rlg1-wQ+0M9q~Y&Z#PM_9TrUVtyq{
zSEC|RvY}>TN0h`fWSVEKAmQD0dakW>g}QbqWYwt;iAznbca^7KkPPS2oY3Xyg~7(*
z%Wd`n6m1=q+KS?fP2_Qzfg>{fp*0R=b|a~dlfvxKf>M7=k{6pGG=DXk6oPQ2$zaKZ
zEMOL!yIdFzj0oDQC+{*fwV{FtGY5p1Q5Nt)BTX`g#p2|sD*T#uxibVAe~xH7%q_r0
ztcJn7d7&m1K!^8!8C{$e=zY6)#1bIX`<z4o<c-F4=9{E=iuvX4uN=CzLxmW=2o57>
z&@W>4P?VOX_WR2Ozsd1i%oL~TT>qYfTj0VxdBv888T_R_Yu>DXxUQ4cXz=1D9Ke#~
z!h-)=T-qE<1*sO&$>rmwrU^H!9wAH5zsvy<h%D)mo*r+7t_2pQ^9h=<!s7^IYG>k{
zwmb%mm<Bln?3gC-7Z?_pIZY@Q#4xSE4iq)b{{xheiiMu-J3E(!jfj<l>sub3i;a<q
zh?$A&yLu4^3(L0zIy?KfB0D<^BU4&KAP8@&3os?Avx}>Vr9GXUy^E=ly}h+FouQox
zou!?Nsgs?l3!R~{v8i*KP#_2fFk9N5PBL*?A0HSLfRXLLqX$~lrQ<f);l3p*pLGmc
zipwFv;e04jh*opS@$)UB2+SyWgb*d`$G;$@x@p(WYTUET;NpH{?B9`!9Y8s4<-a!w
z4dZpO92_lPbNb(69HvoXB;CJKJ{<_^y%@B(8#7KYl7`Kb(umHHMTt(}kN~a^R>Jn$
z_U@3L-UKH=JswF5mnV!IY)HXlZ(d&=+xdzDZw}h_r~@0zy|`3b!<$u$ja4j?B=EZ;
ztxZToAXyqLhnB)ce!@k9hSMJ`_6wKf=~aob;w7CqY_6x{tzXD7ooWcq%7@#3wT_(-
zF@j<C;X?5Byd>(Rh$P>mUjTeno{ty(^TT!EcV)BKA+hOhvAard$Ve{z0AGKe<<R(b
z!vqk4UO@~LFM$m9HApC(fF*JR;U_)mwzwBZ+%07?*e~2o<EZ5GUWR}DGV^k#_de)+
zd#8^@{rEM87*eJ^??ka8=aU{d;7{59SV$HHKunl)2?`s)h8;zeRRUzXt6`<JAMtIT
zL?$<XR+FpZrd^rT(9K%km3B9OB=C=aVAiRBy#9jT;2t^=lSh@Mq)&i@muoWYPZ4+0
zBFuC*_jZY(w%t&BkZpB{(pxy~YCO{VbKLlq=!-LY=k+k!LOi4-BA<!5<+W2i-#ph_
zdrE68e)Ovew5)ezaSIUTM7GRhGQowiNW!!ak%%+L>Zbt#WAQUyMRr(=Wj&>M<LSGE
z@aRpgDe24j>Yzy%2z+^jBnY94#PxYTJd=yJk|gtx7IIf=M=fxA4AchK4{p<bYoGR1
zb2c?-noCp8t0zB(*t{z0toBQqwO>_&b$#B6iZt60zF&UQVOju8D+HS(w?c-;V(ugT
zT~HgK3ZGp+NXq4L%hN83UdUOl!&>DHI>Z3HKOh;u@~=t?Q@018Zl?&;gf#ZUrY<ik
zc<N$)44aftog&&K<_<XtB2KpUYiyNQC~m~Q_CCNf%o}$)p19e$A>bpPVE>sRu7}nN
za>L@O-`(xxfqVq0o%W%uOiRp}GAl9LSTT%2k#|2XXM#<F%=QF6mJG0!Gf@Af20!`Y
zJC~L8vk0N$lXjYp>C;2)n^WB@3tL8P-q-nYd5G$%f>2|w_4DRuE+?6-J0l4H=HSdZ
zdD5BP4j(zi((BfPnIt&8bJ*$=<XQbv{FE=Mn*q&MNliYWnz*(_Q-E+{9fa24!RCbG
z0x?O2-Bzg58fvJ|z<6;h<(|K%2{$s_rCDW>iD1cjk0<qv$#-E*Bc-^I7yCX$s*zu!
ze4pW`T`re3nU)$qpE%7t9GS-IC7RA9MltQQJf(SD54(PPSZ&@JYA*p=3*pHulg+Uj
z&Ra-B9g7O1;OYMCEEb*eEp48;)7%(l1)3C9_(;(<dn*vMER#<1&>OGZ*|lgtPRfA*
z-8&P>KQ08cw15gwbx<ZYmNdhEe!&9$(1=spfFS`K9RFQlp+!yBeu)vO`&j)jTE%^Y
zrFC?H8l_xfE*Aqs70q$gt`i+nknT(0=zJCT>L*eSks|w<2k+H%)(zxi{uB1!I7XZV
zEZ(QAt1V+la?Uv#?Q=G#C#Ag6*g)v{wcWR|P%#A~LIpSyjfFVT5hmndz~^aC=cS*E
zrBApCh+zC2sg^aKI0L<=LEdFq*riVl#A}%TmRf*#xtBL<tzZYtDL8xwoa7;VU|jHc
zL0Arx{0J+yv@x7G31!;n^DIG$`mAXJ$S5uTV;O{*P}V#bMGUOPN5#zx#~-K!RZ;md
z#i5Nk{r4%Y7_N!n6hDb*z)m$cSP{P!#B6ElqE7o%SP<JGlh%oP<jw2iTUM2|Y1g`&
zJ_e8|C<BD~Tquwhg|Hf9{39opMd|4D<LWPh{9gpyT|mc|;ME8IZcIeD!pM$ODDx~5
zfA5+;|8QLk#GJT2uh-EZvvB|JQVT_<OGuoboF$}By~>Q%dI+5m281<`9ktZ34Y#%M
zt=3~zW1SI!MJ9lOWh1oUDCxj;nD~p;v21(U<44Hbtqfw9wh`(wV?yOE)W${EL&Ml2
zux(IC=us#};-}tJ==%OzFdw}+_4ZRIj65oThC%g1XlmZ_g5e0ud^IK&!q)dK4XJaI
zm?iFwwvXzyJ(c%(0=zvdd>Hj_uwo7Ck67Jv-R?X)6}dHH750ah)3_@*imAsJ4|OPl
z!LI9Ch6Pc!!h2JVoryoV8ul4y)hpU6H>!P1Fj=cN;HZ8ngZWJeeFAof_Qp}ZHpUO<
zu#GAw55nTqIVLA9nb%M=+D6xMBOY8n***oDL|VnGpZmh@0SL#hcDKp*%lGFI?u?4<
zrS3fZqx;>}`FFx|a<9tJbkDV#M2QStxTueADIA?%oO84#zFKV)MFJPgHMoW<7Yl4s
zzpOn+N5sSQ+(lD3P^O?NF!IZA=W4v3<V>7<o~#Ti@6zgky!-hX6lzfNYU^n-7mA6z
zuKW7DmKQ|Q33HJ-^ZD>;ql*<m`x<o)E+~aR5q^SMtEKh=GisCc{AcaFtO3KN=^++D
zr5U^ci+w+g|6N0dRbs?x4$~k|04|pQC6J-J^X-{K_Ur96%7YF5W3S}jfG7mgOb@eE
zF`rNO>d^K84xZgCcl%XTEE>sj=rFuhWDOR<kk)w=6M6@4&YzITi9$ip(}T1J(1ZQ+
zv0u%v+XHxh?#p1|eb@dm7xpk~Kln5Xd6cdl?ef@c0VwUp^yA{%%RthpoGV9T(W1JP
z6ZpR2aW5>)qe~mjIh*H7PFP|*TBDjnQ8;^lC2ohW%L^?!ujlP_kISXmHKn)OfZWy6
zDQy{+d}_T!B@^0qsjx_R(%n!uSQWWdFrB6M+F-Kc13crtQ@bX-Z}=~_V<CbLK1{6M
zC|LO}KtUhL@4>!+%w5=;YN{|;qnM?v?z8FD3b*L@u0c-}2H@pV$e}cOn)F%hMT7US
z%PiOW`1h&q$w5}{`^}a84p`I<pTPS8+p*K0&f9ej7sus$2$U_k5Br~U{X9%^3}WHy
z_PG<#@D)XF$>G?g*B!U!RlmQZvc}QX4`mXWfG<z4C$k|V2C%07ZIhd<Z<&eT8#|y;
z%K8llx&To}&6;hSqze4C_}E`)8=$rDzWjQ{vzlt4n%y6)agu<)(!Dz-GKuqUiw%Sf
z{yowSeCtJd^?Yq7>~Z;o+OJvyKY3@Nz5j}2)lBO|+TOJPj+MSGkjrx>?87*$3ov$l
z1!U>XNK+&#onKg-B?veC8Z}Lb(es9|&`DJ7V{Q;5yKV0s+^|df@c>je6s~>Y#fv!F
zc~5Khj&a2_^u#DrfQ25(+I-u{Wp?qL2-Fupw;C~aeb{W%K84T(9lvI>(t3^-hQD>M
zxu*5>D>OnTR*{HS_ek(WK@+|Z?EY3K5J0-oQ0BYP^tZkwuH3pTiozi5vY0QWbd6mV
zd=JECN+?75wgN`N;A|qRpNjd#=fiFIvKvwNJgkSoYi6OFe-w*(ldFaHTWn-{BH0{W
ziD3$;9gRJ^ujE??gV0%?&n}Fn&#r15!zE#GZ0H&{_E>CGoLGui`diLdGN%jj0FeD&
z%^XrvymL_V2*9C9O4QnRgc-ZZ4XABBYT%#?xhRe|B99%k=-RZ}@uQaTjI_Xbww_)L
zxnwzB%_K#-D^c)>J^Da9nj`{z*yZJ=7^<!hof`E4A8T=ER}W4xP|hkB&M*arMU*>D
zOeQVKjJs}oei5&jXIr$Iux2~K0BADQ7H}Xt6PH;S28XN*syjc@JEs?=f<;>iyh&u7
zW0+^+m$!VzwnnhAmlzhPgS--Lpes)Tx?kcuW10*D_N!e$;1i+nY4t*n;IQ2|2w6xk
zT@0p&gDnLFd=W_qSpojjK2*~Rur^<h?)~iXqOmNOf60`jHDE?~N3AKf0G#n2$Oxeo
z&sR&IN;L(QSmFwnnD;_LeDE6SN#H<ZlEIG(uiy?s;iT=&xUcp3xe)X+w;=gsT*BUD
z?;!O=#z-3L(7p-^@}L-r5cL2Gc(6x_XK;fYgoxT0<i-ijg@517YVi*eB*#D)u=FPT
z0BL7LlqCY07L!#h!3HQM@0DO%0$-qu0gvJ<qtWq36cVYdgZnB-$it`p=>(1}ETK?D
z3zqIIK!iQ5*jw;%mr*RfCW{O-u%x&bBIaY$$h?ZBibTs5RireR{I^MVInjqhP_g-*
zEE49^S&4y7EX7PzF^Y0p0@k9As*=;rzffXN5)Hgyf&K&#B<y8X&$<(%fJVjl-L=j-
zysyT0*J=ND9sJ!jm^4oTBFt$;|H40Cn*80hFqbs<KTVd6sfV4&kt8L@3dzu04qFOn
z7N7o^x|ZTvg5I)<!;almKf(qepmt;xp{Oqc`6-LbAf)eful6S!?mrxaVu}7i6i^?Z
zi$g!{o>RpYHt-Y#P8Ha<Ab0YA2IX3dfDf~Sh@k*G^DmGR@<}aZI}h~i_|iLwn12lG
zHP%uKrC16n>7-c}K-Os@L1KAI%VV$cA_M=O#s8oKL0L)47xrJK8Ald|94q`|8sPuh
z_6=+E_l^H$8*t=biP-|mI!yxsb!8PxakL}V|JS%tSUxR}8DT`B65Tn-kozSA%N|^f
zllcW_3@<49i%@>r;<8ZbyR94HIJDfRIg$T4TbN$O*V!Qi|Jnrjp67pzf~UQ=IOT%n
zo5VD;5mC&40kwMkmlkYd=%escg%*2MO_X3M-!(DO7L<cZUhGUT#H8gj#EAc8<$oXq
zZK722n4pCTD9QPMN0cs>FraLv$oW5+!5mdsQZ`jsy>J$^%Le$D8&WA|#o*2AXyAC?
zFyQZT{f8U>XBOZURDOCPhzb3Vu13+sV84NZN_7+dKLff<{~jY3T8LAs%RfzvCUoQO
zplH7nazzyBIoZ;6{sW)O{|7$6|4;n>7km`7O=cB@TVT_K3Qbi1#rN;A<$v@2f6_gy
z5J?B{-+ccj1<3#6J6`0#|K>Y|VzT3ug|0vcbSAPGwsvL$#+;ran!_fO*!(~eC5-U@
zphP~UmKVzZ#tufl@c&{5_-8i1!TV=H{x9&vq<7#kmw_a*RxtnU|7mYda`-w-^)-&v
z<p>OO^CI<FS1fzN_u05?iPhU1?g0m*(sMo9%J76OmgKoaTh;8i>g!yW_wix3@3DAQ
zv~(|+_pI_=Kk}6HeHFno^m+O~phG}(1JIRjb$cGPJ*q#fYdjEN&=NglQq+^CVD1QR
z>Gz(gP;(O4*snI;Lw2r-uWbl>qMMw`hb1LI%h6)pAsonVInWY!t}uyvd3CZ)A{ceV
z_v>C8oVU2?&UktHvIj<pS)t3x6u?#mON!wiYAqRZKJth7VFktbK}WG3>Q+5E0IK`q
zrEynb5neh@pP_BW*xE$n5zKurR29pP8=%7L6`Q!I=NZjF8M1nvhh9jYzM|AXjCu89
z#Yr9Cmn>`^o{Ac9Ai*_QViw`~1KC+`mN9a%;B|3ZgjE~YzVZfk$>km*Lz;T~vOB8w
zP2Ibh2Iu9|JJQ&YMx;bkSxzui0b}6kQi6k848DlPCc7U88!*Iqyp}jCQzah4Uye!x
z{<g80ue9%HO&SApT$Y$+)p6qMJD+YB_Qq@G?T9RH>As$=6@>k?ccsqqRnA0jQ@&e)
zW90cVF*d?qvI(;7!=NK$88wWc*JU+6vzK`~a%Ae^9nrDPN`@a19lbVa00M8#s)|D?
z{#gSAua)=I6B^Y$Ds)?aI}N1BbN5G|^efc_BEO((#4z2UhgQuo-O<5%tJs|?uJL7g
zWMjS=E1zf~&Ww=p5E2CCJXqO`LpXW%=*6k5-9ly>1;L!-lJ|9GdQ=Xiw3_+KA|_0R
zN%SH(&OL!U6-BGMLX!^?K(ibit-W#A+2?)<ks3SdlFS(<DhREWy*wh5+~c%hg^ma8
zQcM(WsYsSr?;4>j+t<3^2#P1~`%K&#T&XTkvh&)f@=2KG#tFj%7^E{<Gz}`kukD-^
zKVP*Q@qqm*#~Ft80GMd)!nj!a`C-1Hca59_r(&9T3s22t24P(XKx02lu=U8{f=Zm}
z2p?-x4-Kh!QR4N=QhD*H@w>@90l-!g=Yvc+X6QE|hgcaaEq^K}M$YNNAO6f0J`mD-
z(=8<6!b!LSs)Uy*<c~{paD}gFf2A@Jw4B%^jFXwB9~n0I@V(2}&VyIq!`xdtSy`z~
z@3R8Dh;n<a^^XJs&_RSWTTlI)O}*On<B|PS`sjjhq)|pc`k`kggn#Az)ro^K9f0*}
z1-pzsy^+03Vim3T|D&esx+<{DeDtH;WrOS}<xq&t)3t$(fy-cT>?6I1D`ng~$0;i?
zLjzPRdtHBby6UqAb{HL&os)s4ude6y77^fex8igq+!>7r&<T|7g#|9R;S<<)Ck1DQ
zgqi&#H(@J{L$YkoBh5BCn!cs}9qq><&d|J5bV?W{<bY)d<M8D7MDv?q%X%=d_liwy
zOSY_P{NppR!g$F%wzGb~X_wn8&yM@}4pV8=ydY8oR*;j%=g5Cn4xKVsUkcrpe^VTN
z`ex;}q$EZN(BUA(d|(K5iHYE)I#)I~eC`K8cPZdQ6|dB1&?SQOvFqp~ei!Z_y4@r1
zu!!r8p+9k2NrY}tJ&McKKUXv9w;V6lA#4D-*eFupjI6}xjYrq+K9;oxB2!y~_3^Pr
z4)k2)$Loa}KW|if1>>U^W@_ORg*gYU!32V29i<otq{9{YX9)p6E#TX1+IISn@&G3z
zmV1usa)Z*7eE3*K1`Lu)O*>lehaf6A@s5nGo|!B3Tlm{P4LrGA0cRQASQhxP++IJP
z<GYSAaHd<7o3Pl>_JiRVG6Hk-8whVt_KW^Xw&{9Loy_A%^YrOXUXePvj!OJ48ZiFT
z4<MZgn9U%|;2+IfO`gh-okhWk`KxOlUps~NLYhu|X}=}8^I`||Vub6U-rvg7`2h_o
zPngE=H<f1F@(+X_38=Z7MJr5Q#OXq+`S8c6&E2He>#U1T=Ms*Y;K{tf?Y?VIdA9yD
z=nk>!R>Im&B$zq|i`lD#Si+~;n_;h78bhr)AWu_^z1R56LZ@%);-D{B2%Nm}rQ)H1
zOWb+vflEB?obzmotLu)I7W%IjT-!94f1<TB!kMR^JK=z95-P;YJ2|uFfbgg-gvM+#
z<|%>IT_$%61np?syTM$LIoa-p^PKdK=t~yxVKYRYT`GwGNwlF(%?xsA&D-Xly|+v^
z;Pvj{+g1N{6SjC%_8l1dP?kq8uvz>Aa$NiR!O_?J;5ksKBnB%hYmvg5H7N?2owjda
zl`c|R&Z$*`0SC48UFYg$)Ejr!Ut|Z=uH((uCuVXq0A|MK{g}P@s0aqTpxc3a>P4h5
z6l#e+yGXL$hec~B42z@!jC6SMPjE{P3<t#J!L7icw59le_Ui>F|N6Q({<BZ7I{Ox}
z<l^}6*tQG2jadA)@6sQ`ypZ+PZ{Um=WAKtW80E^ClBoB4=M5aT4RU8>f`H!Q+GH~q
zyR!=tq5V~!!34@g5~{>RHCnt+UexQjl|WCz?BA1nTbCcP|52}WVYs=Yd4BUN!*lMJ
zFi*?Rc+`8Y=iCE)@6D-!sE4D~B0G=D+B)ss1TO1)VI#R_a@?bkl$c2aA0V{D!N1<`
z2QOdr7<=BY?=BG_q(oW-<U|0r(eY97*`8J1ij$o=2(;-EaKJl=2C99asW4xENQs&r
zEPXV|ctm@O4YxI63qcCyTUum(w`K=O?Dm>|%sGA_Gv)w-@%#H?M4l<?+=Uy7&Qy4<
z>qb=ALktHj&X#Upw=Q2W8T9>bk7(l0&N{cA7&tNCa6k4TG9Bt<kfflY4{_d&O7#cO
zeM=7<T<@Na9wxVr>kfRpX5rlBfQ~kq>wFjug$O)Ms`&zdx~*+xZO^Q<f362EfhgFe
zJq!|^Pg(#3`7jjUjn>XF;SYUnlWap-XoBkLanU>_A0ZI0+=LmE!kV9{g*+#!6l8*h
zV;4^)1LiT(rT7qefVnB61f3?|biM6%fVJL;Yv<ObE`x9SFa^8SL4NMyFwv%hGjs>g
zr|67&VB_lmz4rq)jt3F8S%DG|Ck_JY@#2l)m7)O<z_w>BE<d{aL@xS9{T0{3Tlm95
zNO;c4^jWzfo}c_6Qxkhm#OOP^#=tFs2zMLCNrW>_)_F-1cngv!@u;jwpL@^HkcFg0
zz2gMd1zVEjC`tJ(V(y3MUH=YF#zDRRyaP3QVd&}#?)?gE1w?*}VMbKXXxB{S!Ro?P
zHctcAeK*U{qH>Es*!E*-3dB_iza9{Gd>>>*O75p@EdWKWy;v-7%vVJ_a-&>RuRvKz
z45{*#O-+tdE_kT)Wr8yevL(jbGL~6)sCL0Vj-ag-|LXPiCs<y_-Eo%*$(x_x#M(8H
z3`Ex2C=b0_aj{StA>%YJa@N=`4W<F!0IyBz`s{qk-hH7Hu-o(PpPD;`W+m?LmS7X$
zRI$x`s0>PPP{+kFlbi@I-Xn$vv^8PuCNj1g={GNQv~?s_LD!6!x!^S2kIbA@$tfro
zCk{oRP|%yPkVPOJ*)Ag|5?bW*sP~@F&w3gG?%hI8hBx1;ESGeS6R<bfS&rLBfXCEm
zW8ALrn%kDygGnyBhC2D%@<k&S{*`s?--qgkPVq^S%+Widc6pvlrmtHNzJxLlGaPWJ
z=?I||gU_F0rVuLdY8^yiWY7q#{USb5ZXNQ2YRE)X_7JJelA6|o?BqwxrBfz`<;>M9
z^_;}~umO+rmLOHTF1f*ljP{Mp0Ob%S&w(rE;WtF$XTya%j+;M2!5)Lv(y05ydQI_j
zOVIr%wkGXXN%Fx_9I}E5in)*!!qqrbNvQ(gp0E<6>AC}WtG<e1Q9O?CgW7~#Nw~7_
z;!)1C2OSV+pyjY8Wjexrv|Y_=I7dZ2CezBMa&*Kj0+^(Fh#4EGzSQEn0F9`9GB30|
z+fQwm(L%L6zO+PdsNiNY=Tkeh>dXlPrRo~B@w6(mZq~_t&uR|muoYS3(#|H}or6LI
z#`RD<n<=(mGCA`Bt4kr3&Jmj?1~cG0hvfM4bh3B>-s$=G&|Rt)Z+~v8gyCV#CI<L8
zYhQiyEGGwOtFGF;cy(5f0kAkE5HW_j$_heY^;Z#tKU%&$S}OsfAyJ(_4&z$YMg3&5
zSsE6HADA#DNyx+2+KHmbIEyNZ7Pt|muzQZ^3P})3PHLEA#w&k9Zi|ur7$|_%Y$HcA
zBy5~VOc<xUR$X$MA+r^8{(|I#&wMdBElkJkXq<2#B4oZB6kdYf1d!`8R7u{rk+W3T
zvi!9kDHx!fmw;z7N8Qb2H1~}SS&Sp|`BBeIG^;b*cxx=N!DS}@>}>sMl+~8OZ$Zil
z?c$>RjsuN>=a_xxshCT3`JOKUt|{5ZJm09H)2d@4sE72B4!`MI$oJwlc7QgFEs`b!
zYRbN%9AieW8fZwc3t$p-<E=8q`MqAb{<!zBByExZur%$5SWy<LV$@WTiBWZ%0Msi%
z8#EyS!GER#fmR}B9SP1A@E|amO_~3eLsOzTYGZ{hb%ET5W2DQJ`dz^@Wj0q#eE>RK
zO$u7Yh>E>955=PyJUT>tSY;rFfm{`To?e-BVUs};&Yzpn6u=A{J=(zlGtOe2jAYa>
zB>`R;ifWRLJQ0K^d~I<85|z<~gq<$YI0xGi_zXo}awkGCoF;_OX^v9mH$esD1zDg2
z<ZQyYlE17W1kdgfi*`tCG>m>ikFKu1s#P3odhuS%a&@iDoDvWiGEq8(J_f&R2$T)B
z6i4l(n(GiM0?4%=Z=V%BFUW8>Qe{y#?^T;^Fn|#t>~-OBwwGhhyBO=Q2LAPHiY-;!
z`p7L3+Dz5z`VVQTfbY$4+s<bK#+1{IJol*Yze1WiK$oTZ2#XBLHsXKwcmBd&GoP}Q
zP0PIbtLH=;|54eIqw;Vb<}_UYIs3X4_|!3*%syBL$e*5ioigt~XDG9snN@`MB%i5q
z!$z0^!An%%Fg4gBvBS}H&nVf=Y8kFA^^*P0nFc9n5bsn(*@gpx-6At%3>)`gqxmHI
zjg`rnYz0S0xJW&LHOfyp)j>*vGto;S-Lrz$J3^bXTYVri%Bz|RuBdG%GFMdU_mNiD
z<Nc5bu*n`COGFbOoh+NvhV8HOKYULnj&@Z^_!VJkMP;<}sHBNKvnCEr93j-L^n)DW
zqK(^T(&(!S-bLE*wEQWdcpaE!Hjq417;hgo6hggM4JV5-pPr5I<5o#7h_^42TB?MY
zHi_Ebr`sQkHb-hc(sM5-lEOKBH^r(()!J49a3+20KY5a$(PuV`wU%_L7yyMJhb(+>
z{KX2K3K6a+%qWM$n@gHD`{^qy@jLjC3oB+pPR<P>juyKpQxwbI%82*$=LZQLe<E6A
zWdNUu?RczNaa<<2yn|183U{6rv4%-X*n5}!&ZrdQz?^;&MW0{2I2I@k%OSWUX2lW+
zz-4={e@oJ)%=D51HIwsFmtdnL&$KHg?uWE7RiT@hj>wc{QSIDCEe1=HNz9n^pU_^v
z#FCp$Bg=mMZOI(_YHyC#nQiQQlm!@yl<Ja1Yn=<@WQD(0L*BfO=YCCa?o-5E>>qo;
z&9gj4Wj}@Mq_kVrI|2l&=9<Z|)JH!;0RmV$fcZ{4)WSKT{UWKPAHJuh5L+Hdw&#CI
z+1Xi_BX2zJ*f!qVY1x_UX-jrXR;FBSno+D3<CH}_MnNokl@5@!ZxpMcFvmN{Lz3Qf
zric2BjTD2^SLfl1MPUvqfcK5}mrwvorM=Jaep#xT?5MVt;?z+CxYu6HoDE<)0Mq_S
zD&Ats60>+ODjF(0`CcI>2y9KnpOkW1!B%GexyV-O3k?^BKldPbY2*a^zXcM(QX7(y
zV}_cnq1R8W=R`*3gLXi5Sg-*8uux&y6E$bypsb5w?YLbx&O3uNPcB2`6}Fy)M#=X*
zqbj{t<D6i2LbSPDamv2i<JL360P36?LM53M1Y>7%aQd}5;SNraawfQSwh+Ne6eQQ~
zp5Z|_u@04$yl=JL(eDgtDyDTyJf)P|0i@c+OuO?GHbO0eU$^t4`*jr8MO$Xtr$2*2
z7UF8<MHq#Yvs`sn52x$V(o69IZLsYjplBVRoCR`#;k979v=8K``yLiL0BSsNnJx9?
z(Rv<YxRT8a55bAeyiGE~_ho!rA?^ObYZ-ay;M=Zuw;C$<WvaQ+k(cMANs9CM(H_jy
z9nO&Q;$m$tpDHT%opb+O0(=P2uiVvyixXdQCCG2c*tQKpw2kYf_G-vL<l9o((Lu8}
z4TUWnoWSAhcZXXcy$%49G>}of@dvV$F<llEEUCOCWY=(N+h8^K$R`2yB7IL9p9%DE
zyBOz*-$Et}ZbT_m0~5ZGwLWeA;o<B@I!5ILvZwQZ^$65B=pKFvp>_9&Gt?<=SE6m(
z#vyc3nf+#RpxE=!wQZWL)5vJm+yYZJP$mcYj^r8=O{qxIQ!EA0CD?%=_HNuRt}}y`
zoW5cbEqL5JbcwtwHV*8>98$#;x6eM{!1n9XK9v4w?cvgl192o0#hnYgkl9mks%@T-
zyY}p_X44u+-qE0~97dXl5k<`oBvmTw`^qD7;^D%pWo}Q6cm3IXw!I{NbR3J+c?BEQ
zA_&L|Ib^JmQx64z5FEwFhl(T?l<c<dZlxtvex!>hpq6k&RNp5}IG0!(-!%ys&CGJ@
z@#}nPpl7{w&G~So>GBOl-(N`nJ`0o$(h|EP4Bsy3dsFaHb*Idp5G?&19p$Th9}+Av
z)B@6VIvYVElT)*<v`E{;>PWr0S?wh{n#y2<9L#pr$ovc7()tDE`R6pMJ!b^E$cu8=
zUb73Ebt+c)RL(m$(hz;9UhNHIP;dT7<-(!y(}^8AC<XG#IN4VLOC}x<Hi!=F=4D0E
z#YdMcm_;NyYPoF}YZkls4sQ97QMvVjU}LCOE=NgoM_22pWV&3aQD%%1!%%})bbMU-
zcj+-;`|B1kxsm6mgCKB~`$a)3K<L*6C9N3ew9qgc8^8gPbCU+-(ts1-{{2d#oE$7t
zv;+T53lgS5=kGPR#K|^f1vT19R~hv?P^DZFTI-Zl0Y?#)F{T_k-3Gj6&&!}RMtmta
z<qbjS#V!aL*>=J+2Y-<uE*&40s%wKFXZ;IoQxf3e0NV?1x^Cu*Dia`^!Tn7S67otJ
zu+3yk>Ef)u!K>Ey=2pBmi~PE|c1u!tGNRF@gPjrDkBR6*;I)QPeI9V&Se_L8yK!PM
zCuds;5_xhmb_%C^iG_A+Nt76-j7{z%X1(cda>(*9*3l@HA5^?<_3Lc!O<RjD9i=;l
zzXA56%6vi9e?w~atV*%3-6&Fzot<y6#2%}fs48Mm$bQj1S(}f0%9*Y+)Dykn<xCbq
z`|?Se`y#Q$r+g@K8&<R8Qk=-?K3pL@yB@pFPFaE?(sB;!PFjX33CrfS71vTouDemX
zvP$waO-7K}w!+CIv0nA5LNgGc#UPW776KX;CD*ZqIh{*7nI-Q8Io0JlFUVvolp{2M
z5%hjmZZ<2R)S(heE_5MGh2HZl%*Zc*5jHk2T8z-v#Dky)Q}hlu`sFvqp{Tv66Ocn6
zb5t349%)%LVWqd`w;yhV(c3twk?8Xyt)V6x=lRB%mRHxxv~ev=`W?(!(a&J|_p#z;
zR7A!<CEi(2eRVtFppez;Do9-nJz5c5k%G(%A265(_X-xb+YTW4h#BP6eF3MYfiM3j
z_eJ^z*y*2$I~Wjlrhh~3fZ5ZSsDK&LHva;{5wdX5b8s<pv9l7fGO^Hev2d`mau6{w
zv(dABSI=N){lB4hXld$az{()(%xMkdz?1+smj9JXqoW<S^?hK!QpY(9EOX}vi~-B)
zm^D%n!0C9#Dnu9?=dO&_DQ*jSvU7FKUrc$b!|rIa`dC|x%!P+wKK3$}uogS8^ApZb
zb3D9d#^M*xro26cRCM7rMY09Kz}fNjof}FhR$2Qz4@E?Cs%9I2WeR145>pT@kdg|F
zt<#-jaq@Kf@C=tCykJSA$vE1%Fnv+&1;yt0tLM$stIIt2($7<1OIW0V>Rnwjo`Q9<
zoJ_~EvY?P88iM!?|5~Lm6}_aI$`qbjI>HsLcx~Dqr=W*Z5n{&~!)4TM&`YSqUOJ=L
zREpJICW{s9ggExQ5a_173`(Vl$c#Wm4yjz|ai=8mXc6m-KuXk)rBaf1ZeHxdgQV*z
zxCB~0Pd+hJq>`x2c9nDoOgn_6t2U@7he2mj3>liu!5B$V1ab6VxWY|C*`}A7C#wYH
z^B&4o)P-VpYbb_Vj>40)s1=i>xy>ZZ0!tS%+(gqB14h3AZ&Z|lRYSV|4i58cJOij`
z^@^OVD4=HUi@jwh3I^IXPXZnuFalp0hnJf5Z?}zD+vO^sQBpzkIQs9Cn5adfP&s^0
zioUGbt0tjv*~!r6YnQ_x_s{a*@qcCZ`hmzj?Kyrufrb08`kk2a>YV*p4yUYFTzqe@
zXM})v?V}+8;>zvc^{fykG&3BUc2n^_+!w3Un8GM~j5Gfs>5EnChCbOG`VA)@tA?_P
z?CqJzrAb$eA08SP)ehRr{UjU@UW$RHJPuLz_op9<P8BnnAD%6HJeeryEAkMNb<HRk
zv%5U<UoRg?#{jXOgD$W>WHXFY3f8?EI6nh&W%e<^b-1orM{`5=gzG}5!tx>&b&`ka
zc0k?DGS=j?xgUu@3F_>Iir$KwFg|Tn<OkH1&yI=h&&$OoA>SQ!Y`(gLE~U1ML+kkY
zUQ|^#u6_Ko^(t#fXEtLb6l{gYknj=bH3~cC-?uIL?uq1=w3aG|%dCkg);@-0s?>z6
zmddjLnGO!~*hkynN(2QCfFQ5g*z_mE;b1mdo)WKvkIyiBfY&D)cAZ!xJJB|T@c~qD
zT=G0!-D=~e%@4mJ?2Bq*?bRxxrFp+fB9DC?(TFZ27H4D0z5j=;cZ%*L>bku<wr$&X
zI<{@wcJhyHI~^Mx+qP{R9sA^cp6|PO&o~!VS2adm)Ec$-o^!3=^dQ{pa)A-L)?R_{
zOr%05nYb1vnL<!wBFzB*=eCB|?|j@;TQiHJpCArU3o^X)IMRT+t9Mf6n(7Pz4M9`7
zt+eiiP#DpK0%oMIdU$IWT^J}98|MTy40XQd-ZK+BpGaF9vHPov7%L4KYdYg*QGhJ#
z|9M)rh!ZrKVwXXai4Q;4a*33hT5bB<J;A|V87ruSrGxM}VnMFC;CIg{BCdNRX1aFH
zmY4$oSHX<_Js#3dJCx}sJd$3(f!?34CFvKG$y+su!UAR!&?%6&^7_v`C@Ijh)9{1g
z7Y%s;LKaLPiAq(9#tQ_QuEB(5_X{`>dr6dk)X&O-dW*@J93+icsN+Iu9<+OlELG>!
zbcV+pt`HpYAeUn8`7RzH7)XsE3<l{z1PeIloHCfj671lnnEZl;=SOoOG{|}AD@rtW
zs6z%mTKYXX(LOzv792~~-)B81C9pjVu-IzYY9En<l7Dw&Z=`B{*hs8He>l$$spRUH
zQ*?*atc?wa4mJ{@vCCP-{>uiJjc6ZW6z<lRf;d!%EjO8JhZ}mygOV^xtK>kX%n7(f
zoB%Keu@-TyK9KJn43K-2xP%uuwH7K_B+3#KS6OomTM-*K)jVURu=5GCu1OBPTG4<v
z1-9*~*|_%fZY}%ck)$)DLsHp+op!y$jWD$Q?ww1Ey@1tsmtZg4u7Y`^mebT37M~;u
zu5Bs%xVoD*fZf|XKZj-ZOvCWUuK)!8?d6<K@v!4w<N`BNvlxO%KwO=&b1<n#w_;59
zr)2A|kXsy)@BTPmTL3Js<wx|Gvi^h4t&k}V;g%8Hw8&Ozcxo{#WxhFHvqE#{Et+oK
zk#WzadJ^Ea{u@>hifNb}zp*N;s5_n;#K%4Qck2Pu>5o?$F19BpQtc!XR6F3&Jy8H>
z6MV4GBoKyJ?1L<r<4nt6EErtI_)k9ZtU@>8pNMF6D>9ddz!@DG0er9>$Xx~M%AAu5
z-h2PZ2UvKZTEZ=$pae=^Zs1B^SDvu;>i}exgD<BO23~=5r?E&XG|sZ1x1F!-QT+iV
zdFms5Y84t@kEaMG`Kv)i$Ugw7K7;hKS|=zxSquhdX^F_<J;d^$*YUu*vwdPFU74yx
zdU|G;kQ)N9ASyr+q;ZDN2QciiW2Rx<=UKQR*YI~2yoDNk`Lsa5xtZd*sZC>a>5Ea$
z=Toe`=3q+lpe3B(vV$pdRn0j+Y`<V8g16Ku*@mhgnMV+tbkT0(B0qp!%t6;dguv&j
zkQE>8UXP|nzOxsMLdDt2?26&qu^`8a;I|2)D!lfs-19DBDG<>KuF+%15qQjxD-Lt4
z<qriTDl|$7Hc6tU<ro60!xT*`01}Te=>l^|pJ!<!;}4Bkrl_T~5w~X3(Gi~hpfxy|
z+qjgR1WN4T@L)VyxC>x!S{h(s8ofm{{fyo_<&tE%)ipGF_UpDHvy0yl6-TQx`HAmZ
zZsy$i6F+v+5?hUl*|3jI+?#u(NZ;w<w$QE5=i>yqa8z!<2=@@q({7#7?u49v9Q?QS
zQI2fVaQzOEOA>zdS9G2+H>f<ak@OUIdntB?R8Symjv^b-%`;$eAoy$@8M0G#Pxo}X
z6u*3sti^&dUrNj>rB(@{l_$lAqff!{fZM4_d=Zx%ea+vVY^7$C?Qq_HQA2f3VJ7UC
z<TksF6&#IEVEWA40wNe@Ax$I~{~1E*N4{AF`t?Y)@DAvlQA#x1$3GZEYmFlk_7X?+
zFcT4x;o$Jq^mssK9TSlgTS<ac*x-P<{#RW$ZlV`muNf3aAWeF}JIVZRNM6pNFt=nb
z|A}J<$#7m}5nB&0Q2KP(f)ol>@RE^_1#6VLRe_*R#>PVm?n$F3vhBl?2rzr~A@QBA
z40SJ~E$XMOh+jr3$s{~%%BUELrY(*2y&s{nx0B+#vOIv{G=c)dcx!s2`}p`gQyX~r
zI6Ya+f`;pW2(lC1--NW4MmdwlWs?XI8h+|b?V+sOOy0#>7K2gKf<Z}dVWzAeADnht
z+&>VbA2{5u$>g}c?hmsj3`}G3Yhh@KJ_Xg@DAhA5z&%s}1#EX*KA83O9g;N}&WFEc
z#pmCm_$xqKQn2B^A-`7Vl7bId;2sC0Y9g>dgShkZ&%GJM=heeY$7gNNcBgj(PiG$f
zciP{r_kpaWRg;N{jVwAuAZ4Oy$8R+823lgTpNm^-HW;{)#Y-$@mnh$+fmRA=s@Fxq
z1B08juuMirDJs`0IC_zopkRL&EWz<MaP)Mr8o(YFA<B;1`R6|$^=2JY>F1+569!tV
zoPgwoz)ysM5KF*3A1vQ3)(hCNZccILg)+r-aFezS+Q@{5$3T@s;h+$!{};yL^K^u8
zG2v&OeSEJ}vlpicL7X>C>1!hA1caD?h*chs!w637#5HOQ{NW;m!jjH28y_$Ukd?Lv
zw#tr8k|+Ix>#fUSj`0S(7oaamn0>~xKrrNCDa!qJ8yFUfsFcVI6*M>E)1#e!m7S$f
zLYOhwg0JjKKybJaw$k{TScL1jrySFcp}ih{c0fkfHJaw^?T{r5n(^#2=TA#45M)Bd
z<)PbnnvkP~$7)IHI1XjpOj{=a5SSBO_8Ba+$XaZIT(KC7uml~s`3Ip0j1_2K=!4i-
zZU8iWR2#-A7q_X76P^c3D3KOtPm8=ns_V)BDlrW=9y^F1ZOluevBcx#ljl1f9Am|R
zr8yG#{uNIf2Y%7cv1${}-^GL-HVxJu6O>37HSs_Z&9#KA8KAT#I@cKjm}@DJmC|`O
z9aK~3h#ZWosz-xhpdF2p(9y^vFTN6WWHPEp$FL{4BT05JnRFya#sJr1%Pc)B5#I-c
zf?4-TcU61qosS&aTRt%e*US7-_@2@z^!E+}KKMwq1m}HaNPB6P#hCjNS)uJ>Quv>}
zbU7?-VRrPKhFl`R%VHw{?25ze6E5YA!=B|dJW#-cAiBlhy?duQpxalZHVv9Pk_zm8
zm!~#3E5u$XE5zK95-DJz>(gcY6ZFZp`&x8phRi;FE-MSZ$nyJ%T8m03)t*J@uZU=c
z2qMF$APJQd1;<)OiExDoizywUI&Zo-!v6zm>Q3^v{s<M%lz;*Jr?y)EQ(Ni(Uu_v1
zvHb*5{=aIAXosuj+{PDXZvitmZjy(7RcO|4N0?b-Ys50&8#S=j?_?pM$wd!y7xJyZ
ztZ``8M<ZrGo@gEK_<OFNZ_dX&nF!H$6*8VilC~vsP0#!OVGgjv4}ADV<EbGTvW_jC
z>qLiT4H%UD&>97B9U^dk%D0;H=kO41eq1JbeR|A+S+MCHspl^xs5T>TZD3g;DO-Z;
zG32z<3YEz$69?PMxQg7gnC-CiC6~aGGhHOMO~$ezR8O#Rt^4vjf@`w|)Hc!x96@s`
zEF<>`&&UHo6aYXVHf+2c;zhYk$r1PDmrcFq`4ez><tlOtL^uUsJqV)D4(+IQ?;*U2
z^~SG9EWBt5sG7g+MI9!RkiE=}9hK<2Vh#8y`b)$OY10{4koTQ#r5S%)8gSuJ2b8>y
zP|Oc>?ti23JXKH!&1LwTc77qOL<h+KXNt?k$<)v`ZDSM&D(w&y7$r?11W4@XK#4>M
z;*i!0227KN+L?<8n9|z%0kXmYc6y9*K|F{fk|}}0z^qywoXQEZb^hl>c+KA37_!xW
zCj9;RRW!HabG4lt#M;uDlOU3SDyl@<<fZV^Is5XjO8h2>6JL%1ArIaPwemKN&@6`a
z1N}P>p0p6udJrx^{7LVfG5o1;c^r{DLTo}rDpY@)U>gtc<r;oZHcKfLktS$uELItG
z&n|RI<mdPLdVAD`zjS*KfR7_&O|T*`oHVy?!pdHq)1)DXB|yL(Hb7y~eGU_Cq2Gd`
zZTjBAFlfjMQYR4<q^19dH{TzP*Toqo=irO98lw`h1ew2UuhBEP{0WwN^<dH9Vw+HN
zkKIY$32Oz&jERp3|B1ug^e+e2-U6zeg8=)BaFGUvkymp-eEnBWt01g8Lejl`P4bf)
zwPFNfm*M*^P?qpQ*FlO2oKbF|5}@8y2fHPsQq`)cd<!iV45un-xPjB!uxMZ#k^)VG
zcgaTF9vY@6ly#pN&aawo<7nkVZb7kz+c9iX?eY4f))eNPYOopr7gQr+zch-0apPSQ
zl3*cNa{Su)#VbJVKT>M#qT!RZISYr!P`bllEEZQ)DjV4R_V9G~NA`^E$3MALF-bvp
z!9Gd}W*zaEa+@`V>?^4Oiu5+{0sM?_z<%go_Ls78D#iZk<(7Sb!r&!y0O|_O6buqb
zSfd2Q+5|^PJDC0ZN7>vtb~$${QS}TJ+)4ENR$_9wSaY3+N#nlEM=*JZxFG@!T;D*V
z6vBXQh#Zc*8b4aDXm?wfC~~{i2LYDIQ^$N>=ufVKRiRivjt|e<gUFOX-$7$%F8Oyv
zFiAM)Q)G)NQ^BgjC5#}b6oF<W^D?IntO*6+6Vo^;JL_P#Ju7A1=A`Y8F>8rYbv&gY
z!sZvuAY>0}*6!jD9vH>6mhudO8<gHydd6?WEC6K_H9~V*ZEv4kT@tAv1WZE3!%exA
z8uO33s;4gkaP8?QvgRgC8js*iN;v_xG@k@zk++GG=#_VTZgCGmi2``84#KzS0s1%K
zI~c4}5=k7d%FYj_!iU=e7YX^t2f$-Z&Lhs_8my2Fm@_NAxssTr#azXUZU6o8dO^_b
z36TbP_ISAi|Kswp;o$BKj`B3;;6Fvj*yZ{8_I~rd$e8g?vV-dgjfE6~Ib*!igeYdS
zinF(H9sYYBzB%mTuVD%giAl}K@ghFJKGWUwc40f4g=Xt${d(dGi<y&TPIvp|lfL==
z0LE9ZR15QL_iEI$Inm|(sdlH^>s_@}nPNA}P0WKh`y_010i|&nMyI6NOmy#uLHxRR
zWm_oVWa8~?(u-5<_y@^HkdcT!;cxs)CxoMWz#laS=i50>NQSEN8Zi7ITe|^(xx=c~
z$wM@AxLjl*@8zIccG8<F1PRuNZ>T6iY%|o;m&EaLxQ(PYyn($IgLo=FMY5|E(G@xS
z1p1&G5rN@+y36ei3k_klsu{~+G5`J+$0~IosctU?_K1VChy{M5SS)3_Kjwh!2CL#!
zU<At(Bbl7Xv}NFeCgMEmX`DL%(yLl3VfL-qefp%64){-kV3_*()A`Ygz1{abdtPx8
zwtOZ1{NBj$g6np!Xgo5v$b~wUK1FSX%Vx5La%j$_=K3b(3fXnA@!xG`j;XU}DGnbU
zRNWcN#V&O$yA>{%Od8qlvC-?oNrqLYlU&$&yO(##%ntmsMY`cBjCN)~Ib8mArYe#U
z^6}j0)ZELQ2AL31yts`miL?)CI-IZ~+&{Lf80X<cc{k_Z`DE^WYU3|~L+1*9rVyq&
z8z@<>W5JvB_e(;kB`94N%lqUr&czU#cKxZ%m6Kb>BVeZ1Teti^J)4cgmP1>wlfe4C
z>rNa>-@@WaJRdn=*V;mWlOrQU3|C*$D`VJFvAIZ9C_#o-Oo&QIE!v9^)hZtuE{8;|
z_s6f==Z7{w`FJcOdyVtRQmgxt!xWT?^~UDq6<o%@O}NM<D=jSyJzg7z)P^<xOoGVg
zhruG<%C4>@JchHwx)SWvjp0V#nY@Be-*aNwaC&c+LJ-kaHB=1&zkAqS;ShXnt(>>b
z7fTxPJgBQB6t;(`gO*1{oMCSGRlyN!V#EY13@z%gUz=if{Nvf9gBu|bP$Fjyt9yAX
z>UW>~B6S2iO4JUSmfK<;t5K*ZSu_VE;tQPzG21(zrjgqN>B8%N2MppIF0z9fvNY1i
zA(}9;MOVmGllGqi{w<C}rmDMFSQnj#nS&0OKrn^awrb*#zSPi+l{D+*=-xH5xeG-s
z5k(BS#z(MazA=^?so=YfuiTTkg}#lpeLTd267(E+S<FKgM9{;P2PS2Cq-o5hLo0-y
zD@*&SDTJ>}_AwF3dBcP^w=svpDtpJ&6bwAIo94;57R)~Yj_A}#`rG6(nyAmq{%%UP
zvB~vFN*c`!SRIL}M}JmDRj+N)Q(F`wi>?NMRhW7PdCWvDFS@Y>CV82g0OVxDR!B;_
zxHOKZA^C7~+PV74z~K(eM^Li`y_oh`)N8}t#jo@5VIZ(V5>B$NR6em3clCC8qJX7o
zRqB%%<JL+5lafuRO;K0KQ@Gis{+&_8)`J`3DS0?+{OsLkSX0b#{B*Z&TrOh@X^vJ$
zwWE^dnosN#z4+)a#0>1>roP$Qw`2Fq-c0-CWq4~INZPKe3$n)Swtrk;U4$Yt)GjHw
ztpLu^9Ke>{P)4j=#`OwH)C(-<6rvi?X3aqA_LoV3DUn_Km=;6kBnvDx_e}3`#qR>A
z`ktV)b2;#UP|5P|?0>2$^gBo7lC|`TO`P&b0fgBa3ZDR#4)&=lCKw)yuoKzOekVzJ
z!KC}NU>mhm-Odd%WSav#p-xn<K#?S-H0H?0l(ST+rYJ|Ekl9&-%6A&qDb83&?4(JC
zC$I>BN=OO#70>C(*5&VzxU0%fyW`_6zcArP$b~Kb>>~GDOrm(TeabHfV*M-q3_G_T
zKLyANTCS7k8KG^u<;4OGuGIEL{#4obb6Y^;qxhD})KuM(#D)VY8<2ZWYBI@PsVG$8
zT7RvQx!1I0r()1Y)xzawUme-LY4BWB_aYqtT7H6Bp5cji+VIBYkTGq#!iT}rI105x
zqnLZT2Du|TWid!gRZp5Ovf;rTEu)^LnEHLS+9aTGGHa>*1DrtqH?weOD}1=5E*CQg
z)K6>KcpHz*O1)vg)Y8h*m}7gh$qQ-L_{nCK$P28oMo6@quNb}Ml949{Kf~wLcD5#9
z?JuQQ2^$S0M!NIRv(BjQTV=|e0#9KQEe82qjv3j>N3tL5%OXq`qte%_wo2E!)1A8l
zC(<Y^`Z=b=5zUqA6622aUR6e}rp8^Kn$_}3EJX@)renPHS93%9sw9pfH%jo)l75R*
zdPWpLshXZc@?%sFW`r1KyQ}W>N`M3_1(#CKYQ&24OV-Z}ZPseYfDZlx0W`pC=D(Ii
zB?9pOZ%MHK$C3bMXHVP1|M4Wyz<{gMBuIc^(`+k6(b5D~pdkTltp9sn|4Q5Te>Rt2
z-91M95Os2k9sUDAvNnybihtzb;WGaaJe73+>0PV7`T!))pN7m^xS834*a5#A?7*uR
zNSyx|P$ub|U%Vh6BUA>{p4N-3JzQNpj%I8lza2&H5qo~fT{}5NrpwlbQ-^5E(*gH@
zB(RZRt??4ciI!w!Eer1}r3CW!@`l}yiJH^Z4JiJIGC>@2VMvT2dCxuBcGJBt4-;Vv
zB=n86DF9f;oYX~6$sgQStTZu83GYfQL}+MQUj=-sY27d8be0pYapvmZti-;~)u@7w
z;Uz(qtW4O+ld;}H8V=(K5IZ058LsmH51LjMB`Odt*_m$?*(MvsWQ^h#!Cm_s`QD6V
za{JweHw`$GWCOW_e}3&FWO`o*?<cii!N5DebN#xHbaJ`W5nfgtYk*3nK5S{|cq=_$
z<=!8-d}`-!ZfVaqUu=*Gl7?SH()#Z{9F5^ts`GDh`)rT!477$<O=BTH2o}--gZeKI
z*(dk5nn6CA7-$|{a`o8@TFvLko+g<Z_o|XBg!0Lja@N6IP6^e~GtHwu0lZn%-nin&
z3Yx_B5)aPx5H(aPAFV#}Hke1_&DS=p>v6g63EFh+!i{@5Jze*(yuXGqqQ<#FwFFXR
zu@Ph6=eItc+X0@C3+pUro%)ObJOf-A9n7PvbnS)|x+F{KQT9VyyiDSOBq8cPoh)=U
z)2L|^9MzDkIkqtRm8s$lr0UG$uxhA_5jw9+LYDNFj^&J5f{G4P4%p~Hu+>l|CH34n
zGXzV3&rxAL56^z);<cIP#X4U;x5@J)Vw~~6Hw4?(0>Z7NPwr@3i1sDGBupjLY`GGj
zg^DgCx3F8F;3gL;%`uqB>6Fsewj^GxyJ_-+80XO;T_3|=<ypSSGwnIA9!kzc(9-)<
zFCKOjcx7~J-UqP`&#$Yz@3((9kAo;w>(3PZ*Ub_#{#6HZ;eHWc3UmQFh$7D0xV(-m
ziTMqj1E&L(s;m)aT;ryIJ0SSNaqf}Uet9s}dDVPu_YJ3<MoPZ3WV;p~{v_p6DEGBr
zc2y5eYXT$}!j<9(eTtB@7nOHn58SC$Bq8g1J^d3d_ZF!sCl{coq9)g!Y+-KLq2;lQ
z?+m6$mCE|GhL_H!CVbx{Bdc$ays#!CXu^5%Xrt;dd?zYqP!U;x{H3JXbdGNwG+M$x
zxt2*IN`&MP$lp>Q_&>_mF7@vAB*qgkMhk2<=z_Kl9*$)ywj9L3h6?n2LsV&?{q4~6
zV6PNp)NlZ1;mgmGW8#`=scQ-qGE@h~(Al$$%oMTKIJ{lI%}AGmR%seWG17$TSM`$b
zshLMTXztl}7f}qrxjbQ}KVVIhe(hx>Xv0aB=4}9?&~3pPISA@q$Du7p5utBU;p>$0
zYfk%RU}_I)@U_77#oHl4BGAmqm3mfF1>M45_}k&*GUPbC#N`rfmUTo~irRVlZoj+H
zIa*+Vwv8rp!nySBAS+2V5GtPyQVJl{Zn7!xLzu3dw{QXAF{r6bB!?THpyX@Q!ZtA}
zc$jk=2{{5qNNdeu8*FBTXdRL)W|Rq!%IC|HR^5z}_Ek(E8Ku~g!_gLuD+|+mtqg@n
zgu3M#OP}iwluVa>G8JMO)K9)XUh%B|aHcV6I<abF+a=8o$()S$2zmtnhAR6F7+_a&
zlPVj5DU$)%4T#MO42Tb*OA;i*245=~0Gj%tP+XYi!BaUq>*cZ6&r3YrMec{KZP(-8
zW+61M!k+bknq8x%3W!1E3Ih*<gXEG@XgX3jCh94rBz)v<nTJK)Ji~l@ODY|<uDFqT
zjN;=w4lVAxSP(R`M)RCx{y18uZYh2VcjMcw+@%1|cJlPXFU~7oTDZ++a@hs<i>^Ts
zN!{r-9$D(8k!ioS1tLjf>3icT{Y35*sqL2LNH<KCK3^x@!+8;omae#i8ll8O)Jjs{
zWLE^KnRwDi(jjkm!iM;4O_bx4$$gTNOEMB)l|vgE8l+Gxnxj%vvXrsnszJ`&omh5g
z-D1F}-e3>)ra|3-n<5bGfyZf)!~G`$;Pq^2qM4}u)hdeJ`jCm^RC_LJBBml&^-(~G
zbR>>i3x*YDI)Hjf9!!@5!1Mifaq(<l`Z{oS+*7s}_Ijmi!)&8hoYx!<Wk1t~P&>1c
zlro$3bB$$SmMur1sWO5%+BnyH1)!Dw0<7g#@uTLfk3X5fsT?x=JgH#0FFeY6M`ZHP
ztcza!M+wb*K~&AfcAD#;7n5Oayl)TBXQ?>(GmzhZevig92yH)HxzJiCXh*vl614-7
zK3oAmM#mHsfk>4eo<W(8ePPNNBg0KPt?&Cf@#fTNe3(2qimSGe4xw9P>POH4c))Q^
zlrJ;Q78h)M!fA@mzDe%sS}4oFkP1~2f*}zcQL`B5!y6mWr_l1_%G0mP-q2~8@pbLS
zj7LFQ>B6F6gBdgL17hjdL`ZTb&&1;Gmva~i?h_VMcte@@t<(Ie@{4&3nRZ4+E#(0-
z5?6jjZhW;(qsSajly>ntGI~#dXzeV<t5Een)$`3$<uiE+aSD+z+p_>@-WYlsw?)z&
zpMr;q8D)9-^#!!b;^C)h2)}`Ht(C9`oEC3r?v4RhVDs%kT>H;_d0@_gVi8=V?XwYt
zM4S~^QGH5a5q(PeT?gGEj3~D0+mV~E+x;Q;K`e&^hdnvs)*u2&-Chqs$}^ir+o|7U
zu?>VT5$gDjU<dpg=3S0JY;zDlxUaE@xHuwn`TQyLXR21d{3+anwpS>>W`aQ8sCd5o
zWBx3L&~REToo=`SdeNNgP^#7+`7_ivJU(lAHPTe<bspiKJ(cbh{G+D%j&JSLgSC;_
za*Qb5V82rauvO_i{*563Sn#I=#-H>xS0JzIGS8GYFUgkgz#11f8E;@Z4hieD@~cK#
zEjvmQB);K$hrD*>lG>$<JM^95Hiu6o3r4BO814)l?nA4i;eS$`<UpwUV0C=j?4^vp
zzCIzkXR`B6)Q{v;f2%CX%AYk?x<*u$3vTe*GYKAiIJ|8VACM;iq6qU7E+C6s^BXW9
z^tKXHH9nkYVDi;jcW`MS@o+l}W+$<M)OYl75>5*ZLrX#%HpsCw&r!1dLCS8#yJ|~+
z*JxbOQJhGwDA2xx$BOp>J?b94kPtAHaW+`(3I}b7sG)`u<I;PjZAGjMF~T+Utnb<N
zlM`jvY*YMOZ0}EiwTG#0T4-$k4?z4X;EG=%OKf87g+iO256c>JSCM+C$dRY>Fc5)+
zGM#KcK(433dd?dCHE=wm-83>DamSz-@Q6%Q9Npp^Q@ulpMUgm*tFu(azSnx(%Y--Z
zyIChnGH#x`1XlwL<qr$-c=Ax7N13k|2-w~~iB_*LZ4d<bC{^N|T2NY?$KM`bou>cU
zLH;O?|D91`=SUN*1#(DRrvm;Vh>j7U{Rhgz%E`p^zfrIM6A(4#=y#((Hv?0aj^zn5
z_)DwmFLE)MNXFAR@&ltyk~I{IwX?eacQ;8rb8LHiX&SeI04{9DTO}{?!FYIC)t!0R
z@89<?`Z0bLO)0oDX(tP%Nm)`(FSRWiK4&dE`!}V^l**P+Qv5BPfFUhk+mro^!>%BI
z14!jaqE@G`y@9ihg=dO$eXaCJ=i=0c=U>YI=vGANJ~I6LUalX`=j5+Hw&F_TIOlj%
zzLLW~jivCX+j<uZ;%293N>@u#xtYNIwE7bEmM8-O?_i0RZ-czWxDj+2r*^)E@g-VL
zVu<D4Yn<|e*d0(AfWYtRji{mao?cV)-^G1fgPT)J^8AmEAk5s0@gTFkYmx_LF+r^0
z=GYzO>|r*)?SB?HpY}ND#J@LM`!n8n9oOmGx}TGX)3ISO`kz#0w{&2mQzwTk!A@W2
zJ)$&9B2$;nMahbQgrhPc%YQYMm3l<BR2Cbgwo#3AC0Bf~fc7x(iM%bp9KpPzsX7i0
z)85B4!|3A)n@W#6A8O^;`)Ja0za~)UQ*}twP-@|!8AK(2-*F3nr@%RbMiIz!e{4q7
zlc&Wd$(6%aT_j5TKbK9Ffy^P3TEr;GSQYDR@Ja?w)%y7X@<c4Bo*8{m$>5-tU~?Yb
zcI%!Q{qI0rfV1;fYj#)*7KwVaL@*=2`~I>Ehx$Q(#&y#(?$wM8V@R+ZSK2JIoD=b+
zC>gxT=on==np3C9dDUKn^_Zqms_;5#9NmG#Y>VDawCLQ{)<E3aJtyQkrZfjeF|kTU
zQ8Axns<4*}l`W0M*~dsTCbjE-$Zgs4ptf69GRkX0fO!>Y5>>2;>d+9AV<l4>!90R=
z@_4_%5YGpSp}}<K+PX5A05~~PQdU$w4I?1a=8QpF<Y3Z`P2?z>*O0Ji8!k~*PPuMa
znWCNaX+un32m%-8T8CPD5S(%3MF`MTr^CO(seVGjyK}-Dgq{%!zbP-&`uXw&5bfXk
zb|)A|02EPZC8&eoYqY~Ynvc|V;(~ilm32xmIt0?v4+OGRa5k(6HmzmAo}=KcF|+t%
z&%$LVYx^)wRu=JGh{(?2{_TkAP6w&Hw0|d&Cp#5Xfb{f@P#7*nnKvx=hA_~s1*qdh
zKEX@8=N7iXA4RmN;rXUP_zT<KI)PE#iFzo^0EBXqjfn1UXV9HO6g*K?xm(@FWQ62k
zYnU(%G|*$^^u^%{tWWfW;UA{ZrkAj6ZpK{{#==3P%AkE7P<|n#&11voqSg$Eb63dV
zWTf(X(-?8<0g#^I5<U-`anCcOyePCro88$A^^$Clu?Zwu!yqDS$hbTRFhi7lXteXH
zfZ{>tz|&CmXI9ogR3Nbq+77wH8l0x~YzfZxzcYt?DCgF<-BT8n-7XoblTrroRDqRE
z#<AW}rfg8!{`MRwSZrp^!@ueQY9+rLeglMH)vVN1^Nln}_F>`3-<9L>CJ;#bk%|6^
zazH!<r(?o1zV1i*H_2s3r|TKF<fy6_04`k$T#aC=V6C)0mOMI&e&)<&%^B&$NiEpu
zn7FFT3s0p}i<ye5CTfc;(t{18q;Dg7b=Y&r$T59{%HH6pdVip4AeE8yu<2N->Ip_J
z*;|({<2i#oA@GSV1PA4bb|zAZYi#K}5fF1=<lBq1?t@&K*CvHO;+UE*0jP!qKxHjZ
zu><<2M}wAfP0d{(FGf@~Aia6g?UIcf9mV&&tPG2SB!RCf>}x3EIK8iclmJ)15CToU
zZ%o8Q3Uy!`8IST!#6qj(v2Swv)vRt!VV()(IFsr*Bv~u`NkC`n*A}8x#4gXVn$0OR
z&EMtpx{ZQ$#d2`f*s&CS9?2;>0ES7y4FZ^Pc7`L>D<e;cf_C;N%P?o3&BpoI^Cypz
z3K<B{lkrS2^#!<83XLt-FvBIgg-mQUQcQcnFdc^+C=&&*)vyuvI#TfTiw@7h2`kfb
z>|R$YPYD#Gg?(q9(Pa&Sa0OzyX*rtv-&jL?O1z{h1-x)kK@-cl1k+hwfDlhDMV7Ct
zK@JXm?QCfhRkg<eLd<2h1Extz&3U@wWx~Q;zaY(AF4jUc4`f&+R#G8%O6y4uG?Q$5
zP?<N1?^5d26ZmlCC1(Xr;=*~mppn45PS21CKa5Lo0OLqXECpUxDtM~zd_vdxrECzV
zTH&xKJo|}8j>k~n(P~Wx;MRoKZCRAV5iRGWvppP6xjW)KhiaFSG_*#l{8eqn#Be)7
z)qEQSh9^$52}|XBi<AsKfu{z%`~-1IsgNq`*F=_#wtGy$o?pCM{d0X%rOkGR`FUrO
zhgn%og$nw{kGjvvG&tPZa0NVbt`aU&hvt^*R*)Og!o{$@=ApR_sK98j)Ij5m!4^<a
zeo~ZJS3MXRz6x$f;`f(K7MiO;rio!fr0xW#$LG=&hF))y!lZ0ayXJ<*MyC$lrS|G?
zO969j3b}wI<Q=22&=cKkl&%ya{u_Z}<*>dac_wP3Sm7gk$iTfRB46QD96>F0eT6Gr
zFYIl+7Av?ljg5l*lXz^$41TEF$$Z94Yn!fPeJ^XCVuZspK3-EMC8WC+qZ(`7Ze;Dt
zP&r7NgIP%?=`ajkAfJMlnu^7zOnr^SitcDr4?_!nRdrhSg>;N%%}fl_$3R*`l{e?P
z#!zq2UW;02C0IzQNLwmsY8XR>eTT`OxhjSmk+zL}V?$gB&{Q8uN51}@B%~7I9Lm#o
z`y+iW;=``wM#S3u>JeS5C3|VUt4ogRyrs5UOHadG<rZ9|D)W@U7a5fLRGSBf%P@?Y
zVgl&2(DuL5e%SpJA+=l-_ETmKtQclE^nWRV`z_fabA2ll#6(jFy8&Cclvp5B5fU?Q
zCSb9fs>ekK5W@(b)ANd=_^0#;I#$6pB2X3aEAqunk(YrC_f{!nq7&P-yxU^bZm|b5
z6l|@}HECa`4pyCZY|{WvZahKCgu}>&r9%6qcHx8cJ?uvA>!au82=43a6?JCk0b<%o
zIrsjmX`f&rQwNdl`yXC0asEio0aS+%UHW@msb9tu;3&9b<8|x)Y-#5EDy`>xsl^=N
z_k8ydwzA5~`*HViJ(ZGB_JyS#`Y5sE^Z9t=_iT*^bq*4|f-p<)Sfs)TCo`9Zey8_x
z>)$dP{tHZti3wK07s}=2j_7(va2)=6(2G@z7x!vBXJRhr!GjfH`!(an=RM7xVxDfN
z{%1D<sB)=|kS3@sMW=cf`En%(JRULhc;4TPn?xFpJ}kVD!j;avB=`{o7ri$Y_n|sN
zIkJ3aeZO3(+XD=nh91NJ%D)DX2JGBNk4(s@_0$AS@*Z^Q3gzBmuG058bq-2<W^X(@
zo_gc=7}Mw4GYy+|%SCzO|M|oJ)LEE3i_KjOI7cqG@`1d16c!otpBYjg#ZoHsR2$vq
zJEVhR4k1`L(F9(E-;R5i;AhkfN|tM9$+HY2YrK30c?M^x+C6el<%dsQ(xmaq5@$Iv
zpqkrgBKca<OzL;S^0iDO%g7<~)3^HM-?FaY6Q4j@hA4EbViO&?rtM5;_oM=6!sn3(
z5S)Y(sGv-_i~{Ly*pO^J>V`Yo#cB^Eo=(44aPMu;Tp8ooern(%-77|z>7K3-sKMZJ
z3*sWEPl}^soA0@l6ge_nymaLtrFLL;+0hWS@@d&IBH&So#h)S>4t1&be6Hw!eqG@_
zGUoFR2ET<-L2x4ED;X9EW^Hv_x#>><sx?t^O8qZ4yq0x)*mbN-zypxxBkydA3ffWy
zw=p}^^I92?tAw<1+?l5X&m?%h7ND2;Du#PRusBjVEu@Eu^$y+Bq;5Usj*h?~RS^FT
zVH&u>$Tw)x(7sYk`&{C6Fzb28)+bxK_ZweyO=a~>#0l&7SDEL?9i&^rGj$dLVgrT~
zTtQoyRzt*DS)ch;yAHScJKZP|pK}6T@#k*SA5~pm3sz`81@QhjB|npqu$8MpdN#lM
z2dGITj|}00h-I-Y*ID0d8=DGxyY2Nt4OR*MV<Y1d$|%RaWU9Hk-o4<k@BSFlc7@0d
z5>*$r;y0Ms1h%Y~4|89aKXv8;v=88;8FO)$sh6WFM~aUt=VZ!L6%`Hunk+VmZGV6N
z+UH|k1qtu?<UjaTAb%o3AOPh(MA-4WQsx7$_NSAB1*0LM@{<Z-2aGiN>!yjK&9`La
z-+JeiFe^(1>oN<NWbN4)c}_}t4^oT@L9hzigUcuhY52+4L;STO-ug;5ATZZEgJzO0
z8CoUVu3ChXMuiGX-_5p!lTO*7g0CH#$mL4_a)seD1Fz)oZZA6!InEVZ(|kq1`A3;t
ztgoXzmiUTIx>H|r^X#i-b}04tKOh%gaeibxnFIvjET2}a?B7!M`fv9Z+1|^La;G5M
zf2@Yf;-}Yq@+olTDIouy0VZCeOHkw62wid^uInG?Ak}B$p{3Ax67D^aP3oATeGjaU
zXt*QhY648}WaHoiGQ0)1cS<iE4h_2|l<|lCwuYoeJvbLXHmUxAstH$1V-n$eDpH}^
zT<?;5IGnV~e>iZ?9F-x^-|xcXUNd2?;BRpiapT3gNoYrgxsUHz0B#U&S_kI*`n_Ub
z(bwhEPaGPJ$B4xBapRg<^U;kWTe5U|moj5IGD@T-8{mx?NXWIe4#tBY?yz^eIJq>6
zpSl<ze04lqEqbL9K)ltWc7#1{AKAX-oN*zl{SmPI&-f)SFo2ACC9>hAz&V0$cu<<T
zAb-PZ5WGW|S9Gdm12hXopplz#tT=D{%2`Pp^(~R4E$2!nH<KG<ZtzfL_PK5AT`OF7
zT*tXdiOP-TvGi<MLgb=$`I$B*3G{ZvH|d2}ljkia&Ib-|`#EbJrNOn?E>?5|XtW>O
zv)KFLp{cUCe`W2AqJ`XD5X;WCwHcULL%HCI>7yfKL>0MN1DplXsaNc|)E`6TgGO%4
z+VUuWI!?%B)OFDBAB?WG59(|odKL=zoYx$auKl*R7=M7+tbG$~xReFf2CUg_Z6}v8
z+N+$kW}AIw_D_S)Mnx*gl_OX$0cQ9X_j<*GtftXKS*X_R>d^exGc6sjf0a4rw_MG2
z_S%!SdsEO407{<|7hPnAF1q;@goee#&&iw19a(4<Wggvh60IGeuj*y5`dIyV{A6oe
ze2I!<oQo!^srsCoI98;h4F~%Ru8t%Adr}n-yVg`UJ(eNdN@fc_<Cc6E($tI11+5-3
zgzW(1w?%mww#L%Ohl`U~1CxhWa>^z;zdrT_!F4+u0MjfLL{Z_qbukjT|JPGv-$_e_
z?i0;sr!^i(PQWNmGJMoyGse4_Ti|O^R`isIgEH+}jN))K)r%i$exXpFAcGkfxL<*L
zHc(qv@Km9G&a}VO#!#oPZR)>9f731Q48uA4JccfvXG^B&r`fa)9JHEKley2@wT-mP
ztH2N#z|4EY!Fqr40GmhO-j~*=UE24^cw^6^?rLC#3^aZ6Slt+PQh;j4lSVs?-k0UX
zw}y5J2gsd%zA$A1@y6p$`-@R?KLC5|_q@caubp+J%WBWK9^DS~ZJuK|oBUi;;xmD%
zG2@7!R?XCih7jNp#0K%NRL-%)*dRS_lO`<#fP}+a?r2#sR+QAduvZq=o6c{mlwyt0
z0<>~d?#(gr5Z0H+a*x<?&(-Nrs|mlJ62+n7WA33zJb%(Kc}O#kZKv|zuHE*a>4Uc{
zeAYc-<*ASCL3QD;R6lr51Q$*SubH71^cAVjh`+C|Eb?D_Z@m%QQ*gWUbQh~Ig)I<#
z01r`h3e_l?SUtBWstM2F4zzc&@n)muMTL4rkJ)Zrs)_D>x_Jg`6(70YWk39t6EL+C
zm={KEz3H7h)nmWO^Y@foW&RpRx^w$3bk<YIP=YivzMt7F8yEE<JeID@BkM96PXhAr
zhd?DNx&zp<*K#*}1TB0vF5b-AR4Ne!0DslV#=@ED-NSkB*kg;W&<1R$b;y#WsC|t#
zS2?oX*2!apBZCV+w~U*8m4pb4HXG8nN1S|%D19aQRN3mb-ir}}fV~fq_!3C?GF+m*
z7yG|s_D$GVZ|%F|^s?on*ybN>m7Xn{4g(H^lHE~cz}GJD<B854g-ctm9{z9}z>Zsj
z!&pvvI5aQCE>p0kIIE5O>)s{Gb!#XXBlMs9&<|cxDGN&CVUf87<N$(ye|h*u=dfCZ
zIqa|jG?hMU93!n|g?fGI%28a`9uG*5;EoLe6kPN|D={LOq)TsJQ|4wYK7hxWEc5l8
zBM$I75k}DcTi=hj>y039=C@uqpvM|>xvAy&MEUz7l);z9|7&*W!~M<7GR7Y3^adKV
z=$9_}uv}kE8Us5%%Zy%<UgUXR(Dzmp_rORQy&&~imR2tQNviCFsOe)2?X?#hF@h-p
z+xQ(@GWXEAbP<ZMhpu!{4|Ux{@LoR;O8<w#dQV=)f@2Gj!r>#J09>{1KN1-*2V+`-
zACNjQJJ)|DGHlKti7bZ_6c514!TP_|G0m+gTn^a(cI%xq&;t7F5y(OkyC3F*W|R4C
zLOT>B=JgW4^TzA>mVGYWZW589*G%orSnEF;Xg_J+4Q3y@fZtH)$}p90-7t4<@ZGe)
zO3wzc8zB6Ag?qyAz|j&}`VhvbaYzPPLBpX1063&X1y1OSVS5K#*Gty}^eqTbs<YgK
zjK44oaY+eum;H$Vzq_||2?Wpfu1dG~Tvghw^by9F=yfmV#T9m2rBMnBXlCiK9=w#A
zb+IUp%0lYZm@NC5tL)9<bNSFk@j2@*3|6g1;nAu+<$|H;t`hz|=BcAs#bWD-l={}C
z11#2azlWx&lLo_~0Hg7M)~x`w@NU^XRlp^EJ-0E;SnFOYx98o)#0kf5q{EH(tsC#^
z7{2tn-<U%CE|BTSV*R_PDPq-Iiq<^yXs1#O7cvP)?oZvF4ek$7s(CJ#Szk8FmILk2
zU7sfRoHwOsj@r^rv^_R)d0TtXPtF@kfa76m6pw!_7c2alY8#Br3J=x4S>Wf~oBOy+
z3|8kkjNRyVQlIO4-b1#|H=1&U*9j5>K?R_2Ax(-Lh-fh3!{0&LvmKXD1eoT;Hcvu}
zN!Y6}#BAGsoZy8uqOZX}zDt$dYm#dv*6qdsfK|N0&-mm4A!cPaJ-3hRWB1xEz&x9m
zo^j;WqeB@10NcVqKb|OKf2uQ<n2kBbh*MAO#O{BzW<5QnUS?}HciDk=R(1T#&4e2z
zK;M)(QrNE(O~rgp=^7_Y%n8qmxLyRWjq3pU#@+UEUC`opj1xoO->J5OBl0t794%~<
z`ItY|Vp7EN3+Y!_FGkZb(`Bbf04Bzh?vKZl6%Gc_6S=*4=aj@xR0MPUz0>lK!G@b}
zvc^JXepE)Ha({kR#!9f>$KXb~3?(p3>wdF&#Hz_Vupe;N#gO?xZ~dw>Ts|V?o!+LI
zh}{~coJqpg!`ATnEVIw%&k&)XPU0Qi0)0Ax6s#$osJ+EvP}JhieyjZ$;LPdm6{9(4
z+^ufml-8%Sm!Zr-G=>g#<1mCJ>KnkSHhg;0T3nmf_jhpb{O6z3(TeY^{q2?DA|Ncy
zt7y|mrIi@aXYtH}Zg1Mip_1*)3TBjVfULpOxdUdM%rqU4@Xwu8yqJ&nP!ro`sU#g#
zM{+FNbjy+Aa84s60eaaC;GM{Gz8!2;{FGiS`A(d33w1^rN-}u!Ps^|@J|_z7;_14`
zp`Sg{R0j5FONKY5!<}5G@$4iatvD<rW4nMMahnSALF%{P1}TT^J&-y>=gxJ`aOn5}
z*WKhmZ7x#P6#4go!8-nVi3hz+A89aidT^ErBa|aT30;~U^vF#c;KSBABTlrS*v%zq
zcuuIHN{b7ohhnTnCQ&T!;$L>8E=p;jwHLG)nEEXcP=ua%gD!%8dz$wGhJ#<XwvA4l
zbB+>fxH&}>*k4P8QaMC+=p>ucCOq$eMaHTqWK9<t9C(5Tb;~%!Y9M9!5XLKnR3ZFq
z4o{T8k$F_#+6XN}fG)hw+g^B;_=)$k=#=t>5dG>1zeuX(9Y3vAQTdZL>RbL-$pD$7
z1}ijAL2g#$yK1$@$iSmf*G?7IV>#W^02muk;_QiAHMxgS(!J@RB>%#>h$a$pu}S~W
zFEfPEsix{yvBmgktrh<$7>4Ry(I+8r-V}fiX#~ug!l0G~@SN`R{Hm7Y&|Pc6hVYYO
zy~5Cj^Q>Qt8&_-cGq2wba>~^O5gE*&Y;4UUK7UI)IGJ%L_zindy7jn&7%G1dCZ1u*
z<fPn#us}4KLcs>Y-uz9-`)~4a-#Bu#t;1n>MVx6TT0gKr76#0Qe~(zA5(g^^*Ksrt
z-SKe@2U}D`+uG0}m^Po?3kCG0o?4MQ*}7POpK9)tHi+tuvsC9^BvZI0dP!AB@A{Wh
z=S&{sl(6q0VoD6+D42kb7>hZG4a0&$ny8zQUI`R#C)KoJn;wu&gX=xQA9nxG|GFa_
zX^!5&8o(Ss^S(dk2oT4A!!Q1W+Gb<^znu~3I9v|+?&sQ5=U>(je!qgi*;hq7r%iJ>
z9oUEQz1A1nR)^Q8zekj)`6yFVRJU>`ZICzWO0!fGB_fOXmFDaCLV9K}Kg`KUmbnX$
zz8?IZ9mOLQQNMyYDj4?eq+gyLDPWo891EZ2kS*yN0Cx82WYLQB{*<7KN|07hdDrf>
z?gVb#U5<g6QZa1a!<-b6T(&8IpsUXv`JQXL*y!2M+B|o2ObhIa4>sg=>0-<s7Q=}7
z$=<pf_j#mJV3zQY8sZC~8ZW_zm7QN%WpHRB3xw%UJ{^SVySF+P3Xl$6Z}lP!4S)Kj
z2JHib0qF!V*r=OYiqfj1DJsjTPD?NaElO0<pa{q$Vr^vTX47M06+dAqU9d_4yGbEM
z2ouasb;y?K$yJF+2|KDL!aBt2U4&jVg$E)U7e^yDGzGNk<7~`N`pdz`X;eVYp}*f>
z!!pVmCz-(zZXfLRuQ*SKZx6+0#?^}>BZNv}0Y2l``dvF)A1@!JKbQ)5pZz7z=i^i*
zH~07!2vJOq(7*<*bbYg6K!KQi87Hst_gaq^6aJ12%B2lUH$fson92hoxO{9O#XrtV
zS%kb!JidfdLmYQV;_n01bYMuf1yn{^jR=#U_pySdzWy10_=l=s9PHe$Bu&=Jkr_A*
zK;bzv{wk80j%S&GN}GmWcY4~2!r0*lXmTD1PZ#0wDXuhf!Ea>K6F_)n9frk^Cw#nG
zXJAc(=0gjWOAcpz259Buq69iR=!bk7ehu=Q;H3AOJ`q9F#Ah~L?tEO80>1uzURb@U
z0AR7E%)dn7j`S^@ahthx`Q>u?rGoVV2Z<lAm7%{l1wrZe3R6`^3BRKN-?z_cGYKCQ
zr!k%}z!d%nMZq_B6tt{+rM&Xrr(E3>rFos6`j)i;XWkw+taA=H#l4Sq2i{lDi@Evy
zvX@~P{GaA$`{pnCmxKC#>LR(eb*OfB2z8@QA)CE42@^pMEf4|*$t-ZcBCV$YDRtPn
z5eI{*vv|#}CL_e{^fUeMxhWmQLJECb4{`>of876`{_XjYk-r-72oKwKA!GAq8)Ge@
z^9?RnQDk$p;+041DYp+Pc~F`7!MIi+_-?1UwGr?>^6|s%6P+zAahJU``MxH?2E;xn
zw`^V0LeJuudO4+X^eqq<f>T8SR-mOp%)vy!18uEt#5b_&fd8cIhX6T>fWYChvA9OB
zpJ^z~Iu+&*(z?wy-z=A#r|uUB4-+Q5#52{69=PH!PFoyLp+g|}W*6{+p9MU6%GQ%c
zCAOdb`G<*KeHZ+I`3|QR7pSswQP5|iIW0l(?9mAUCD*t5mxSnPb%SjK;CxH9n)|CD
z#HD@}KW%7YX+x`}n=K0V*RwL>vM9d|1D6r4NJEBhj7>IQ`1Z1I{VCW#x#FThuQh(I
z5B?9zq?8Be%nOP&v?o<GjK=)$&+k)7$^HPh;#|3;E>GP(j|5|BYYGoj**o%TLcEbt
z$I_NWzGS(Tts`V#?A~21z!}Y>XEf7%>`zwoE7>PI<e$iL1h`XfCZ0*vdI;2(%14lq
zTZ$(rvha*ViXqIRcjn<m%_pL3_{?p5)}V(Ss(5MW(zX<@ak3XeAol@K9a!mKr6Kiw
zt)WckQ}Eu(1MCBd!ydR_Zk*Gt4ot^hqkVyHn}OTS1>AK+{pklZ04@#S4X9%s(23Zx
z82We<*EL_l=S0f5Y%(0Ws)1kI=xYR-anPCMr{M;76$IK~(>zmuQU|$W>k=3tfR;&<
zYb(r0n))(L4qZvVp&vX~<J*Y~8IHB=QmjKdU-w3C0G_YF8Rfi``ZRMQ2O6eF!%JZl
z4Xl(sQIvW$TuFZr0Vz3#kxe$u+l^)cTVOS5HngNN+KDluaeU~0HF{+Pj)KCm2A>bw
zu%YUmmzGud;=ODLh>4I~8ERy@BOuE_dIrWuJKOlUhOtbAf=uID^!xq%P{;f741-&l
zpDcpCJK0KfNxJVNqCs$`g>*wfR-$`R!1z%?VfgY%?OrT#0Od<XIA)KC%9Yw|dNTQv
z#+vsWo=gqOJQc7?)MS&tr@MFN4>f1j!==QW)uZLQ*ye|H+IR}ef&x>N6G~NOzaUC^
zE=8P_hH|py1<iEDp0FuuM8pDMcq|di$LcEt+Q<e98f!q@n447DwwD(YE0kEeNXuMH
z8rqHL6>FE%0j2C-Uts0Gs?tC&J(8iL-9ONKpV(|e9RNU}`aoM4zurF4#s*w}`I4S_
zu9|grSg{ZI!f|ybn?XLW{P_@KoNjVu(q}Es>gmxslh`GG6ROd9s!%Sp8gF~rQQ1J?
z_Yz{>W9HJ^#OWajwNM}V$=K*%6P3#6QKM$Mg<%p{0NAbSfl_e~_o`sYF_}u{(Fx3z
z>1N(HJH;Baf%~WDseDQute1aM#>O@?(#u3OE{HgAk7Eu_CJO6lT<17KUzh%hZ`x{!
z9o!E6b@)a}3bg5#p$x@h*ZZ1gvfCj0i?z$slh^f4+@hdmgY+&j#x1peLpRag0AqG^
zaee<33_wJg?!BoZSwqMqqXG5Xn!AD!H1Qjl<uUAl@DsPs3+Wto^lzLaDqBo<p9veN
z&z^h~t1z5QDv(nsM(IZe&p^g(wzrxb1k_U%rXe~Zew_j5E(Dg4UU{@jLMhdK{8rE3
zCPl}lRBo$&*wk$DVA~2gSHjK7+^p`FTXs{39zYbg@}im%KD5>#pB!K5ey+JXZCwTm
zL}&Y&))9+~H^y0~CR!ql+e@Y_fCX&z(-{Yqo<T|lwrJ^ScP#5r8^f+zEwykswbLpf
ztIG1HxiS>l4)i<9|CI^C>1=in<XTim!M4R88`eJnjv}{xMAgMs&{KEVT1|UGD{v39
z0KisvT?;>9{ITu7Ti<w9(NaI;jl?`piC(OM^!uJwxfOd&Z46w(g7rSS7?70^eE>X}
zoqsQg0nrcCm{kk0k&zhb@PF8P=kQ*8t!uQlZQC|iZQHiZUsugl+qSuC+jduNyIpNh
zpS|DrJ9~fU{F^JuOlC%|JGnFG7^QPZqvpDGD9Js+)ONnVzr(N2s@-Msc!BfKOEnUX
zK>Sf?AfqTW2INCRCMo=z(~lNb79L|xmqDZ6lmPOpuCYZt)CRw-47|lH5gc5Go{%-m
ze;rP0DaDRTyWN>hNBWDZSBQ|hs80qY$MQ}=o2U>Xyv1pU>5zy!_kT-G{ybUmL#ogc
zk!TeKqZ`nk#a=@4TvAbZk&giDPIqtWvLT6~*w!;)bP`oqT9#X!BrM2@;|l+4UyA*Q
zV+9Zg>n=24WPAkwHf2gS-VvE~$Ph$~?)K;l^V}q$zLkWb{$d0DX&+sjht&h`_PWI2
zTVIL6WxeYMaE+4-5Ry5N9@zb%*g8hIn)X)UKE}?BjY?u{^254+ICyj@&70;DMd3S+
z%*u~@bHoL0v#v{%du#Ol3}4|4pW1#JQxhNo*XrdrwF9T%)sysT91m2sqNlInFe~bb
zdB?1p;jojQXW8hG+Ylb-fNsf^opE>5h*y*=FIW5*_0ef%@wXB~+TCO)cvd5Zs^@se
z&AzW=jv-N*of5v+@)wvCgbPtGS+PgU8d>xV^-pY>=>Sstw1zGdY47!4`_B_5Ix>JH
z)!DHO;7Lvp4Biy93mm4ZL_|7Od0~@ZeRG3{sB~5dA`JDTlx(-aQ_kIDz~q7@W-1lc
zC7a0=l5Tw#k33Q>DXwSGB(R`0!7X{1{yO+R#?mfJb4tIZP}YQ6rCK&`Mvrk__buh}
zDU!h`B=i=UVOZ8B3}`9P!xq)@h)n^vPE}gEePEhjPM{fR0Tj&+nX?Dzaw)(kzT`!w
z!J@wzH-<V+HAv^?$52p~0t)vXWXizWCEuFWJ`2bpFt~Wo8H##>>4ee|QK8oFm0|`8
z!H}?tLSi|fX3(HHt*PIVVh)cCMt1x=z8;JKZ=D^ljE(OzrHGhriB*5h{(eWx8^hN+
zQPfU_OGtQF08bQ9@heOc{)##j@rfNA8V`LVb*gWWSU&_=p^Q%O=PseQ6n}tWBjpL~
zFf5v#ohl2EZZ4p=YylClW_{Pg%9Gwh++WIDgE`s2(F!sb9pZ*3+0TNApW7D4MnGkC
z;3^d^=&T&ox?;gnR??Wce***9-|{X~#$jwfON{ISglgC}t6%^KCTCIW<R-?<6rzK}
z!HdB$(D6~skE-kBIo~|l3vVpovv7dP?XL{Hp7R#<k{6fBdBRDl?mSte@~57WUigHj
z35C3QZ<S{5mW3}dLMscp>_*{@KURfk*^_W<>O5+46Zf60E4s&0V+8=&=dT$#0IZZb
zU?cu0h{!CHuz8mXzLMowx%-p=)Rwc#iJL-?$uhPbx=AJ69ks(Ozj>?wp}Xil#@dz6
znFk``2;(-1(P;1vDW|q7GqhEeWWC_LUe0bZjoxAqvMGW27)+3`CWgk$<@Q8*=@Lc*
zJI9`vM1^l=DxcGzqaNTwO+%%t+FLSD@ME|pP@$^`M3H5S)Oo69uhqG`K%lQd&tpJZ
zj8KC?orZ%$t6VjDdC;h@Ur3yk>cG_iL{5oPX4bXKuwED%H}!+|9Aj9Lh=-$0Cmd}j
z$b=4!5RM4jD2ON(jZjy`SM&OaITG>FE4x&>?HrUxVOY$K#KIaDbBwE3-!FaYt9#-J
zwB<WIj^s0CbWD1mbAYQpg=P8)hRY@JPJqSOvstFn7Y@+4qqMYs<IW+>&(m(asQ#BG
zntYyRzZ#<e?L-6Q+E0DI0tKP{1@I}lruRE|{A6-0LEhjKaX7FP<zH99R2Zr6zkV_0
zpfaG$oUH%;5y-9jT_ooUj0a%l;`qN<o%QS-4qA}^Nv#ls<ig)E05bUr0iB_*n75*j
z%qAxI!r`>upZb&l^zn`_UBo2<uaQ8%uTAvy>duaX@Cp}(7<QMCVgbBUOZFEt8t+H=
zcKZF}!0Eme+&0V$4*Tek=R5shUp_0r7t3UiV@m)8Y9QS0g&9^6nskujc^^)7h~U@5
z$7$w5Y^mzD1ivS-?~Mg@GEP-A!)g)n%;|e6p?vN2A<?wpUtjNl$dZb)R!+rjP1+?b
zXl5?E=%r&sO4KmRkzt}+6Vep1P0jSf9bbs4DzhTapoVQwrqp$O3Bz%OK3>S~K=oRh
z4q?E|xG_*^?~2!J=$}tGLxn4XA&@hfyP5C&51fJw-hH*MCU<+t2XR$#FF*h1-G{eU
zhi%`_C7qj#j<5xT>)^O+#-l4^Nb0~AC2M+gwv`gz79UE!eA$aF<hQ%l`wq@h#+?{`
zoPNWQXB2IM%|D`b964q*Tp*R#y+8Xj^mqa1Z(1v)dN<m^>TUOTa{Cv4c9QXQ63-K?
zI`()ZgcjL+)<jflNz=!~Aq*wRkPZS_NnDu^Bnw2+kLiud7K!WGHGjHz4HRxjKt*l5
zW5gO$ln!?uP3K{$rXl_iG9+FE@Ylgem*w0INAIkZ>&2D^bMS&`a~lk?6%ak8Vj_L>
zo<oKj=f@Z2J88vCl5`zOtE>3WmI)CJnKe^D91eRB#<8hktwptXx|GYv2+?4sT055L
zF0*v1BJkuDOdW1o6TrGAr4^eak&sr+gTcIEJxX*{U<kvgRy#<I$Uvfk`b12u{!Z0A
zU4;-?x1b3<at6XtVIuGCur#z?yMF;7x=pYH_jiG<iZPhZ4DzpGqzK>kXt*aIfAtRG
zzPwUKr|iVKAQWuNqGYMRZc8mHlNF?K?Q^JL=3Hb3mLcg|mg}hWyxw1Tf4pT{OK%y_
zDGYPy7qxc;R5rm8Ynp%{B_ab~rJsx47t5Y()o+~^JHQ8A)f|hb`@`nUpZNpQ-#;Yt
zbIN6g@|r94cno-;7O6{><M6x=L!3-vyI&^=dpzIOE|uVk4N;>8G}#f$vu{9)>^{gE
zrR*uPT^$x(#(0TTUPqFBXsZ(-LUX~13hb5%zaAc29d`1B?tg0oyvVQb-gV{TwOZBn
z0-#615uLjBz;EN`-k{esV?+U#i54}lAJ1BtUI?i=kAV$Bh0;vfjW-}CIzG@Im}%C9
zNpTuJMj`>hjxgnCnR}&m>fA**e~>Mf{SxXxH`bVTaRDsm=}whtA9qY2bbi3KE*dRc
zY1bpRD@XR|W1m^;+}sikp(R1!qjh=#bVI))>Nx`7At1?^<5ct8!ps0eRn?U(Kh}Me
zJNzzt$MAKWWtSCi>oeovf5HdeodYakE8!3MtKtHlW29KuF~2fOW0Pojz_GO&6W)NL
z(7<mw7?dkKwL73F%dzM!NswYSs%M2un5^}0_awB_E@K`WjmTn!-)zY=D2;%)EGSPm
zImo(5$Rz)!@d&@JhT8yg3(v}!S}!B_3Q4>M=doR@E4;(*uiY-rV^_tOYJVOl7+qVR
z_4px2rPg6BUj!i99s<b>fINjJwYlpyIFo-WfQCzqMb_6rAR#XURS@(8s}{2dU>P_!
zoYxLKCBkhqp#(B&@**x5{ciTNepqAM^T$WYHIzgP)ny1LIiLd=$=e>$BL0^3w>Qf}
zhnV%@s8*sqm6R47cWd7%VKf<c&K{3Qz#FO3Q6^?BmM70Iv682km@iRmSl8_lbJN{W
zZ8Y_v5}TqvPb<+f6-@qMpnS?v7&FI}Oc^hE%6KnlNJ{Y2&An>EBGQ6)Yu_-~djea-
z?=n7-OB+WRuXq7uK{sZ!F&niLjW^nWSjU2LBrMbrqwrVVQR3Cfdg!0>iLRT4rEshI
z=_v}erqZFpvlByBixZ*nspJ$TdAO|fd=7jt_V|7+#2%l|l&*ZK@BO`h9MLnEc1SSw
zaHs5qn}z0~`o0{7QvINWP{J;MFf=x9Y-9;iZ@TP=su~2)UoqP_mW>-iAR7lP0ar*v
z$NkXsoNBfQq*HP#gguBN9;xp|K<%3Sp>?j_&^s85VFgzAsbhFbSwzdb?rg0(cgOT{
z-nVsR+740uIT-iIG+K=iYP0ppA~BfFY98)X1>-`7B8XC7V{8mQMwwA%W{OvSJWQmm
z)*|UOQ`--a6hbNMgni2k&&Hr*Pz8P%K4^bh*eyV!boAnUFhb^~*VQcpIf1)VJ1h+n
zBMl8W{1#ObyJ#|WB3|^*VN*}eMZl<rgwovp*7q8ehsD7BL0Uf`e7>#_76mCK*~9VN
zP+Uesfd&q4!CW7BKrf~?LcBbO{N|iKemgEsbXW>dK?@!4$U}@=wd%X`4U-JZ(_8X~
z(B%_n(%t@6;QH<|^|<3ZG3_$rj<t7>II!>TTNR7MUAvBNM{Swda3v`h7()dXV&Yqy
z>;LM4O|sLuE-A4-pNh<%%vfh=5GJ7&O%1>GXMyIS300)f;kRCu*ae`;(5rjnhf>uO
zGn&|+JNuJ?@6Ox!cI@(~<X^EONesQdrNq9ypqX>cp@>%M3nzwL*NOUXcg=X{P(>~Y
zgcno=w#r0S82?aGSN~_0@M6Rx)r=23<6(3UP^#PC8fM?qNIC9+hwb|HL=4LhlIkHs
zh*7`LfB0$-@XH^eC2W`_{SQOSnBJXt|I|zI_|}lBUkLoJH}Ipj&~NkyqOnEz^lM5%
zMVg{&lA3H4k(Z3plGC{sTCJ}lMo9kMx3JT{ontpz;CUI;Kn3?7w)mrrlM%-YnErRM
zzK8S(po>%!po;4M5Az(RN}W&4TB>nIibldpl7A%!yCWme$sDLFc<e<mhG+>B#E}0F
zWWIgSK&Ag4M;F<9xHTL0jSR<cf5wT`kB6Bmfze$D3s4!Cf=}FUh5loREb2cU+VX7(
z@I<VoTIUp}zy9w@z3D0-qtZ%lE224XdjDfA@xP4W{$nidzl`b3{Ij49RR8I%e`Xpx
zR`7pd`H%CzedH&LfiAZ0ez=Z^PsIE!+f}U<4G6<Y`TxKoMB-Z)_kUJ5v;gW~Nc60t
z|8wX2jUKLl(DSct5EAyUYPeL9Dgxit{^i!R0*wC!lrS2&c|rVT7(!f{FAjbNS5!SZ
zodXpNw|#bj=V1^PjL1I-1cY4D_5Q2h@8zO`8TiME-$nnJl2@v_6GjX97vlTf|LInz
zluG@TDDvNnWyA~ny$QZ?s{c+D>5Kr!KwS|DEyn%-0{xS&qR@A=kqRW)<6AE6e_+&D
z_6@<A|C!S_ECJu!>(N5#8*kr*{|Su$pECHF0-kk+kc}&ouKJ&}%L;xnnl>f)RDU6A
z8jkr6;N|_-^XKa;gKKhYheMC242d1uoxS!|*O`j%&FOM$NBpii&zbvI6gXNREi=!V
z*X-BY0aF0CP&GXDwl||a@L!$3ZJIPV9H($+?bqG<mt!xT-7kGyCj-j5`&xQ@TU}c9
zFKx4@4bD8C*6sPVa9cpoAVJETY`rSn2Yq`*)|*$h+*a&1j)b&Y_Pv>JuZ$0g3R%{v
zpuf|_U!mePV6uJci52zx1rX9g{E}l~>Q{99JQe@~k?@j~1te1*&A8*{(ovl31gt4e
zWu1n&qFYebjdZGAm~b8BB~BwdM|IjMf*e&CPv~oWK1!cg1t7BW#L_06?!eZnaxYfd
z?-cO+4ZzF0iFOUO7N6A?os%DE9=D|m3uQ~qTcidRINw5jCMQ0`kcP%viuIFn?dq0=
zvVQ;{Jvt)q+-|ZAXxELKL>^~2H4q_A4XoFxDK=Z4b4c<KEYMcj(n>}59HxG}kxYE2
zknmWvolZr`@evX_KV7$Y0#j;uQ`)fK&q>k5NEVvmZB8!25~N~K%XMPh(elON8H}G(
z$VxA;93mLRCRV{jolpJS?J|Obk4}DXk+%UlFfV^&i*Yk)WOQbL;IUFUnbL20+nUl}
zUPo0GXM&#12O6jd7T0KSt@xFR*5zj^E&c}TlFAUo$7j!pFRpTBjSs(#uJTFhlvYv@
zp%O82iMF@<*4%ldAX)bEx9nj$Q9wGB5gieKo&W5nGDxC~uuB)bv4+|rR1k+%;VTAc
zd>`2QP(`tR4EC|QKXj$V?qte?ui<b-^8@CNu0Xsxp0%S9p7M4#_7A{N;UNy?%d`&T
z5>m(1u%W`lVN3uTMRXGmxmF&oBg;VZ=86e<)N8hB-nMKOr8#TJk}@45VDr9bviT%R
zwIi;VIS@&1G5Aqej|2?|;A^9Y2;hL5BQZlJqQ^N>WkytN>j}v#B|2)iFRWou!_zmt
zDE5-S`BBZqA9n%v{v1Id0{DbkC_njkU3{j3GaF7ybmXKibo*^goxec#=Qe~z=L=Xo
zB$Kd{ZmG}z%KmbY{@KB;V|X^HHPV!U{y0jFR&+FW8F+BgF%~*}q0YjW3V8`YU!%vK
zz04U(E5OQPO_7go<d@jsKy3G2Oqu2v5R6~r1f~D$bp!W+@^o9KxxRB9i!-mZP7E=R
z{vj-~405<Oex!9AQ1LV+;4+)i%V^QOt5w2XYA2vl?IXTn-lmPPEGjov;6t%7d}Ef?
zM%_8+OT}`lsnwg5pM7}e9vKDb|0us)!?}`q|By1Y8P&1u8o+n4$r)W6;cK=<d_GpY
z??F2Ax^xj;Wyrp@8hDDhT*GUDeSb`MGCKL2p|Qy-pEP!?@-~j_by|x)dUD|P3h`Cq
z{+B;{x@SBaC#^P1fp81zRDp2S6^9*+_{)dqv{a<8c&wH?OPVWbpzBy%{)S!m2$f0$
zBkBaI|FYLq8m}Y~ZDv9E<W>0{s5^DLNHBSKA^&7pW+-SPDh*8fN1>@V(SyIY;P_C%
z&-+}r7sj<~g~fkgw3$Z>(EpJ)76svC|KDfVe<>XQi^G76mGi$sZnm^#V!toi-_NeI
zYrU4Q{y;GhwySll;t1!mb>T61-c1`VL0e$wcz4e#zL?Yv#aHP>^6u{9C~9;K1a$u2
z32{(=`4nGFz_MfNwIi%vU0-~O8dJbNy&}*0di-H~auIcB)}>39Oo!;A^M~a#02%4Z
z{akF$0y2Hva|;fH2-gSz!M4x!J1x|Lm>eoI+muBbQhf02%^3$l!tJb6*^=BZueM$x
zqq4g~@CQs~Wez2A^TObG-#1qz_m+7D2zG#NhL^Q{+rg8EK`)z3E=j8MLW@2Fg+*a9
zh+1D!tL4%pD}A~!`Hh42j;b;Mup1(-qB=aOtWwHKM`iuF%9gme={R;7lP6uDuAR5X
zONNiMLu-9Qy8{=xQ1ek)3ToD9wsuZ1UYN92pgOGzQ~dhyaC&pJF*5Q^RtL-Q;L82i
zl`L2wckmXBY|zn)`Z%f2wb+L=%wZDWZ@Q2(IQNr>pP!)H>#pW}Qmm;2z~oY3J`j`a
z?#zP3sQDWd97oU6tYj%&om6`^gS;-f<Wa8hV&mvf3f<#bsY+{ZEO;)f92}yl`lNEP
z$%POiaZ~S9DJXi~%_h1rVjHP0RS4|_CV|d^+HdnVoD;B>7b+peaAqVfI$2#wv-}8A
zE!p1&2-Ya}$z<NU{^LO)02pSiJjL5uTp+GNSoUsay&{ujMhe|oI1&Rvg(GoDoHme3
zS+H1nyuWaw6T7Jm1Sb!So}R%wJ-}arZ;s&@GHf=nG#{I7O<7iIO?QvY$$UPOktk3c
z!9gE5>IR>$h=TrKHFbNYO}<53w|%($7lok?7jYX*iUDas0{zk30NqnoJc~&?zE)bl
zP+%!KjbUhrkg2#z<JrGuqjUr23gDVr*2GDz$NL8UFK?F~LpioTovIc<9YcJe5s2kH
zF+ltoZ|D>d7blQ5T=O2;X7c6MZ?;=cS21dHT482#1dmGheOBbV_|pV(($dqT3^%py
z!-?fBk2DiT-}tXU0AD}()to%BMUigk1cHtJ&R%^K3yNt1Y3asWPCLQzE5=67C_U6@
zT38HoO}p4eJ!|R7#L3)g^IPc}MV)owO=+^7^`^6&lBSP+mE5LkTa4jtajywok93J9
zRvK3vu&i~mo&CYnGZ*Hu-W-Vyaa~;Rk4dy$Uh+9~e#Z=K0yNeo1c%%#)GGzRKp>4d
z?X^n=Ho>g#J4y-bbFa?4t`n`kHry3BYbjS?*D`ZLR`I<F1YwIM!lW&+f}#M;j4MLj
z6TmnVn~NnYZuW&2Fqy06ABAWWpXu~Y+THg$mTW8xpe}CV65JA{5hL}yKK|@8hh`QF
z;0kbQQpoH61dQ<eIQ(oLXBsu=MSlQbF6(cgzt^c-0b}Q~r8o>|2Y{wOu^U}J;l0&i
zJo-Raf%im;&^(V4QA)?6@okr!S|VR@6>XKrP*zD3CmTx<$D`DlbTeM(vp>6Z+UA?Z
zol6PT$Xg9_h0|GR9`uLQt>Ks#iC9^+w-cF3?(L3z0O)H|LHW1?F7k;JoP<eqV$X@W
zZ@dU*k9@+OWEg?FCS{2=RC8>)TT#thJOi#-^bxm=ii0_gje+X-LGNd?!I7pxau66<
zLav2DcoF-tr$ldh&IUoCEa=FvJo7fCz*1!7C7fZ95)%?CeE)X!zQ&|E!)7^XR{!bb
z8_NVf2fPzoQi?Er?5g!WAYpyY^uK1RWcVCWT+BKjZ*fVB6e@!l{(dea{CxO`bs&tF
z$c9xMm%NV-h@vZF3CeW=(L#Q0c>DdM1p8&s1Kk+T4%;#tnI)Ohg-`gRE~&q}7FZ5D
z0Di>0C|GIC-_LQC{CA5IVI`Q1C{g)2-7XD}J^-hyu4E@UI{z|L=m29}UJGPeyTVp-
z@RlpXhL<u)>%p#tfY%J&zp9ulvL=R4LJ@z5JV1{!I&UBU@5W?l#t!+oX*_~5N*-+X
zV8C`W{l^9Ey}|6uaRF&O%I<wc<9-C_B2zyOuw9Z9X_ho&jCE}q1tVz^?;l^?br$p;
z4FE>GO2bOKCQ4r`?cfB_BSovqJ7yGG9jg>JMwAX=p=X^o=t{#<HJmd(thMlcMeSue
zEGd;g`SzNHDl39m6P1cQwr#Wd(+fR8hs9quLe^P1HhXynt^KIuY@Um^YofWu452(T
z6h*}GS+)R!a^Qt!uM+hZq+>o68&O|_48U&_j1M|gw+r+15OCoO-(OPPb6J6VP03d#
z8H={0L!0_+5DAQZZDwyZ_$y)(sR5492<yKE)^6or0Ih;SUo&wR6J=dXpMQ0a5{_~Y
z2in92KPblvX1Co22sWaqzbWov&EE8#9>@6{qh&K8OvrO?6%Fw<b0zS3W9klg#{tA?
ziLO#0MU>sX6m4pgP(5<Ogf+30z_4+`fpYLFky7?a5(4o%<S)6jCdfal02B6`SDncG
zb|j!`I%HnW&nLmQ^H1RuuB}&0+4J1u?pVall1w`F)ln3pPHT*ep)kb{ZGdXU=VrzE
zI`zL#zL)R4fLXi5*~>Kj+nHi|bU<l`ju9eeaREQJ?Ly41lOH>yhpwf>UsIbG@R%^r
z`(a36#Kw9TGDtb3AL#7|a0m0LwSfhm9SXnD&X>0AHl3d@!<86rASxzptK$QgHrfuG
zkW%fki1yxFZt)vW9QMmhJa8H5po}r4he9=ri)OW%<%RRFB*iyJ7N{{FtN_9tKUk5}
zlASeXiH9qcNAMo<nG^<y2`VEZRB1bVCLUdQ(P8322siU*r5vHI;Sh()o|^3qm(sT`
z{jPFy@?4Md6zpi^kYH0l>z35E|0yKk%D|0OT0<yi`y;ZJ`LCj!z(c7d5Ra<R0=Q5X
z!-|^ot<7V0U&Od8TR<5M<k0MK+5F#nYmVaIdx7g8uhdO(bXD%#3}hoaZJL@R%>wmA
z;V&(P#-o(9O7ApSuxhtfAw%a4Pyx$k<d+nWu!CX(`Vku%1DaKl3bYLR$D{gY*&2KH
z$~{85P3AOC@77pR-%W;woC-0BhGV2R<<2m}qvYw9&s!=(0ri^bxl7|>PEgQ_dx~AI
ztz`y84Ej-_LTQB+@G8Z>VN}*r%qPKHIgMbb?RjM%BMhizjs7)?kk_i<%aKleqY8x&
zX(O1Ze+ED|X+dr;cytM+;&-M2qoTRljWcX)BtYx*&g>wOcBay!oK~@HrvYzL&y@Q(
zemUHU5BP5G*V^`C>0iatuj(g7Nha_LEjmgyLd+sLq}e0g!h?u0KLl(5p=`?c6Wd3>
z{1bTsSb6v%iPNCociq<wuTN@ibi>KB%5+>aECHhUuzcK055Z8=eL5MhUOjQ))fH}H
zrMBiyEg^}%Vnjor@Qj+ey|0s4?K(AyGiGWNpoPfJ@gxUHzdz_J46{U6LyIv5E=!eG
zC-&)z$B@MI^rl6h*a{f3P(3TRaeW`MnNTTf@MCD^j5v!>i-28Y^Yz|P#lCy|RW%{C
zx-X^tyamG6PgNHJg*pSu$MleHzp?V(o@86AQ2QQh#=x%dL~}*9Wkr7>FPqf{Pi{>E
zKu`RPlKL}QSUdqdQDW@#7<aghZMC`_zQpK$lWh9T_2O4h^Sadv<UY|pzeY=!QS-@h
z6pT5<|8ZNO`8dO)y)1#{T>}A3xI$>O<5;Z1Q|-V+c7qENn?@|lAV3Wdg9*fZ0=96F
zg1Rg?@WbteL4IHA6^;1*cUZDf2I@s7_s$3numkEep~M{|%7R7A%V=}DFb6#lJaQYS
zw&nWH?O!e7tLYVSqjX*+9k60k_CDX~>m41|7Vv)`uEVUppRB4+{`HFWZ^no3pvJi|
zLgEy7P$&Qs2iJcct}prYV#$8nU4PKNt@SRQzJp@H84ieNvEMmP<3MiQ4A@@(x-{hI
z<3@aaCnmowRMk`2>M+^q8=IbX#f(aziY$_hRC}`hbBqfMkgk)VW-oQ@_7(VWWRdv=
z@yQ;&B-ZhP|M%1J&TEXlJ!_hs4v>$gbH=^VplOo@nfELMx1H(xxly|CT>8al^sf7n
z5Hm)eTkU2a(NcnfJdksH>;Mq(dpE^&`Md|@<{0G(B>g=Ax)h0C&aP&ak;)eZeEPz;
zmDeK|_A;WbqI#Z%?CyNQjV5uh)CQZba4=$~Ca8d@1J6mcS=~n4U>HLG1@JobRGEJ?
za#+b3Q};I7+G#1M{?iuupSBC4cFwR>sz4NYGp>-YawTUC2C`DkZA+@?FJ|Bnz$7;n
znBci3XFs$X*a=o0`IhhxIMc0b5YT8-jMY`t{-i=*K=D2H-&j=$ks@hl$8gHJLB7hA
zu2+kJ2Jx5&f9-vYwF8QITF7@s&7$e_I2brWlRjQQju%?L?yj~N{Xg)rLZ4?!1qHB7
z1o=Y4B!rlUMy$J95k_M?DX+Gv4Q7uTJVstd1haQ~ct6hkSS9n+<_>IsIwz*=$;3QH
zyD-@q-@#*PHvADEo{G*yXK<{>VfuA^nHsV7JQonU%JH;uzXWif>i_Efrp(GD|81>8
zz#G_pf;)^|yc#-G#GyD;=?QTPbNP0NW>s!CMEgmVw+br88CKa@<R9{cUlWM0F<RP9
z>Xl=xeI}%@YiGbfnbmr|*Q_ZKgtmIR?(vcUiS!h(=`#~W9GP9by^!$ciDUYPX@!$|
zV08du-AGXyV+(+`q^W-S6IuGX*aYpWlqD5)DJPhVL#m6{<wJxZfMU0N34<g}DPKL9
zJgqMeK#plX{`wi^aq~`C>iF5(0#EBk5a<CP<$tB>kJin0aN~AKxwUaUo-t&~wCaC#
zcHHy6BKY^n=X6|;;KL0Zv4eslql?3-6+W($Q-1A|ejA{$@yX@nQNn!v*djPht9sqK
zR{Te%?Or;wwb;97YT<)5#Hsxxu;Vl_oWX#iaqvoh1LzLV1*%-?s$=KtDRt*VTZ#cI
z9?9|XtrWNt6<-;=2jkQp<soKBNu`Hy-qK`*{STNe;Pj(O;O0%FXT`C^sjhbUxfc=H
zOy==x^BrKbBN)>ipF=5D*u}97Y%%*DW%+Y!GGpiS-Qn|Qi`Qt%Te~+f=vSpy@9ymq
z;ceD2@6nFGmB7r3S9|)`<PNsr12YaGbSXkk3h<1z+=w@XwxIUD_rR)^E@YpL4XmRL
zVsw@BG7J!{r01(sc601AuMIa{xeyqRz2mabClugWF1uL-$32VP>KT1n+s<E&A2OPC
zcxTbKp$MPt#(^%}tm4m30065~Y=vZ>@J8nDh82dmkDM(@yyXLOa=qOxRKQW_25AHm
zVyF3IDj?uWe;_DU90E`js)4iXh{{9<NO3}B@D&lJBzpclO}zee<;z)7J7I{m*jgIi
ze+ArNU2iu(J+H60w|_l@ZucWP0!=oX$6ea^B+SGTggzsqS`&jCB+}-;gmtsuV(6R7
zL}=Lo?}pmtw6siYFVnxULD<u?A=t@D)PS`!behdAzcpQJ`zG`55=VjtK@kj1?#A%e
z8yP%T2$3L!LV1k=|4s323a{nCkjSFceF4}{IlhGMue3cb-mV$RfaYe2IAQ2{d%A)b
zj%E3Q!-5EVZD?)G#xfZ6Tn4t0c7_H?J3Bd|xl36dFpI#cVTbAB(z|H+l{#5oF2og1
zEZdPxH?`yrlca1vMRr~&T+gk9jR4^W1mUAy*hn+HB`Ch<ynXY<=;i7`7(VHtWdNiI
z8n%vDAHeUyE7e$}Js1)<6Kg`GIDZ{|H4*GrboiU`$NmVew5N_?-jvCp9Z1|Xp;ohN
z1K24f4cE~V!IPvbwjf*=()z`iqumbo9Dn+Ry`O)7d@X<W9!R(W1h+0f+chy0^MtwG
z0eW=N?<rT;%<wB)21{48n>(FFOaR~dq37T~I9v%{S-(IPiDyS&v>tx$S`%rGvzYgT
z#nFNeey*eN2yj$yvf=bkz)9mOHq5IA@PWl<fFh$nsTNsb6>*J=1ln}HhziLpJcJ56
z1&DVm39aVR<MK_2Xv$YPtBA-Y8Vg<aik@nbr3()_WUPvzWRC&~-k@;eUjSqWnSs2p
zljmzwhGS)*M6=JM;gcTFXAjZZs6o5>aa|sxj)$g`Vp8B3C50T$lCq+k8Ux^_cAbq4
z$r*$#z_2y_p~32ZhT%;Zq!<qu@sal|)R`y2nU5Z#QCn5l4KszXfpt#H#*svmSLG8&
zw5dwU%%kwn9kk&O@R^lk4+F-NEJL-_SK|9`VVL35DKM;lqMXW-VK9Sfv}CZ;#T{9k
zvBVvjBJT=Geb7}JL`>&nU5@(9N_F1JRDm9yLIv0bl&T>twkmA?vbtI9sKu4k7OBgg
zV8w8Wr8W##yWIREv)c&q)2v{z9^tM}f+Bpso9~tjB_($d<Vd1&=njBLqYgQ_uqIjT
z&Jfe=6g<!b+4O<Xzgu&QT~9-0dItqP1_{~lC&Jk*rAlW2rP{C{!aTYiGP`Imy-JdV
ze~RsuE{c~Z#Jk@;;tr&Vi*bdc3^PfY<0RkX1$%L+1RARxdYxY#ltY>>#EE)yaSjgt
znvTzh<vlbQDE+|8WD+n~(@Qqepf3glUVIJb+WE;B%+wM@lU~1^U>J{ZjZ!Xy-eE{7
zNtRtjrqA^ZcPnGb1hrHkMr+YGa04X_iyRm0>W^Xh1vkhV8bTiW==oE%BGL`+U`_Rm
z=qAN*)bl%uU{g6DJ#(C9F721uK%^HA%Fn<*5c+$1l!^;6ntA}H0;h(0k2?X<MGPn-
z>#(<IZl0heZ1VOi<(H#*Yzl3=m*g!BiPp-yXc}f6U!ZM4*twa~dPX3Z#58o|vOgA3
zxFX>DA7l5w%pl3y*ulmu*6`{u1M2s<NOI-kNy|-02P!niY$@ZDdwKC?@XtY@gHAAf
z6Gil7&Zf%nu~q>5B$hZB>39}rv+sLW5r|{=4GT0h6u?Zw>^I;)sU2_{6_{SY@{Bo)
zxaKj5*W$}Y2l1Fi?rHL3Kj&$HOEU2_OXLeKOxRSDVq_(iJ0P4Wl_^>JBr`LP5O67{
zvWvi++2l#CgMi?Tm6m&n<kETLg_{&RtM!4`i`Xid!Yu(ZMI-8+ChBwQT0~bI;G{q4
z*q8Ib2_&(>10WCtMtcxcg@2k4BTp7XLsYNvB2iJiQu``jcHw02$<-F-Q~7y^-<VjV
zj**jI68z4{vWZl5?kz-kvTQ0&SPk&_D2XbN_)S&j7~QkBCMj+En*`OiXXeko>+n!`
z7?35JZ+Sjo!{WxNbG>CK!JzfJOCU6PPN_PAKGF>|GE5+l`)$UQqfX(jy53X5e6W}i
zm(=+8n|RyYU{fFg_YPLBw23bws)!X+n}$k|6wpNx`(`XL+X5s*GGchT%ul_lzP#oM
z_+h1dEF^fh&J-M;0yw-dtI}7p=2`^J{ZJ{?rsOj~oTT;;;_U^T%jzwiT)Y72Icdm#
zdX{<-Ke8-|{R|#Mg~HvL=@9*;Do|qHMq`^sibh{mJ3G4nTt#?r>vHlt-o5(;Xu-ic
zee{Y2IKF+}xqorK@JI>yFEd<M(OMR7bjn|YWy)EgClyT-@h;pg=PjO_gxKeFnQe60
z#ce!*Mg)^i=)LUO-O)BUxg_J}<}9UwD&cDRCP;G@0=*_^s;3TT$w?V|DqOOZAaa>+
z(pWsYN)o#@_J+3ioLkRpa#9V+F4UMs&ymkbBt7Kv!FB`kE2gUOWY5xDz8Gs$<OsvA
z)reb7K2|%Il;XzurYa0ZhGbf@unTrB47qK9gkDm~o}hZa$yw<8AJx2rMm948tB0Rz
zp=^-S1lZ{!5A#iRxTA#_);uUUI7#SzA%~*q;w*~hnbbRf(kQJ!9<_qu^|MeSMk!#*
zvg1oaRT!(HvJNXdKj{XN4~w8QXrf3)wuh0zJuEBPHjors8l{7S=_NU^!He`dkxn-O
z^!8~<HjQfHho-pL<3CEu9EJ2oqtWkdG7M$>8OI`>xR}kOXoZn0O}uDK>&T`oBa}H}
z<$aMwXgUJH8DqeC8URp@->KQ8^nrTSZNa|MM_xUWaEX58v`Y7TV)cgDPBg4ivKX-v
z^-8ZCwvu$M7yyfXY&R`@zlM&T@nl%QJNH0Vz`OJ@L^1b3u~-2qPC#YvJ3H^rI^mIP
zyqP|@6z&2Vzg4M;(_H}p9wc#nR?lIbu&z1hK>G}#`Q&7l!sPWhC5cieK~p9kGMbV<
z#Ynx~`VDHa%n(AZS{H{9y$+O7lcn+>Ve)z<NqD3)=mnTkty4bMb!VFv(Ue9&&aXo2
z2<E!+08FArJBz-?tbV7IM#l(qQi>&Wr?uo4iy@{N-ZoohG}t4fNbWS;s-MDRD$u6l
zN%j!Tu!8YF%7X@$ePD`9YB)la6*@wcXP#3<LQ1!kiJlcS)?EQkZ~jsr{>Xnvwm42p
zbwYatr@MnYoh<<9?i%)A(*jF?8ou?1o7IAJAaxpa8@q7N3BbC|qP2;AO=S73SPk<?
zHccz9bO#F;7qD@uT&;^4CQhGv(jtsfkx;pwAbzwl{t;#%{Z+VUO*(e*mJ9uO7x}Y<
zo3pNlm<fVzO*Qw~&ZwJ>;L5Y?V}NR=M6-+wyiy(ysd;k+A8ZApT4EW%Cd}RDX9*8g
z#pB$)y(>A5k<Hf%yMmcWCOu+o+fWTT&dTlY*4H!b`Ut=0ByTGYJ_E+6c{77d<G##^
zI{O-n`;#D@mk8AvcbCiM!-<2hYc<AJFFp#Ij3)hJ=BxW;FF(x*F8@}-9Z7Tj>R#K$
zb8>u)fF?J8L(3x?1fxWNb~edoI_=M`#QB$OHJeS9ea8)%(pIlZX|hbQMZ_*y^<KX-
zJ9{H=bQs7+|CB=rt0!<33az3w0|HPw1zT)2!hr1y=ji+n`|O7XQXyeDBurz349W1(
z)fzNm^!DxX8nyaT6v*WVSG_fRZFjTk?M_E`i5_#S7YTlI43rW8FDMshBAsnln8-B#
zn;<gl2DNY=AELWL$P4`8+PbP;ivdf#+7r63_98!@H{uUMYiOn<x9;F222Vfo<xN3l
zJ_F*}8RAz``yeK<=n*26Dkc6Cq#CHib6lj0{WQiF4oW7HdbDE|kG>8o3V%&f_7BYJ
zW(j|a!I9<zlmU7`<%-6Iy9nB?)8pO{5_@vE&2y-jZws7)H7v~5_@s_8(HegphEMk(
zeM%7Bb?tU;!eO}?A2_(kpJ^mX!!uX|mR*<LXk;vCx;M4xQSrJiL&^|8h0|L<*OR^d
zN_rjUdh2Zr)kh=Ouz<gp1}4>g2Z|yM+a=nGZpQ|nE2#$nu_6e5OuilAUtewPCo>)^
zdB?g$(G|@_`#29-toz+&@NeJeMVnc*j@mNeXA9pcc(6*%A@^UG^avjgVFyoHCiXMz
z>*{CXgiy5A&CT%G0>(i@PNjl;R>%X77SyDEO_|98>-TBD2wR(~AL5+TVg#fINHHk0
z=<yFlr=M^EH2Fi3a%u*`;G6_CZ(*QBH_XP(7GEHu#zQ}3)b}iSM}eR{inj*-GICmn
zVDeW>g{_^h*p7N_5S@r+&q5ulBb4Y)Slt&f(qc4e%Vv<Wu+1^I;({uN$XGJ+<Oe1&
zHUAysbMZE0y^<=H*RxYD?@%!BNqE^%z_{A>BJXPh<o^8|XnOUPKX_s9el4>d*f4Vr
zAd*1zbB=Y`?w4zBs_4mT*w?%nFkwNAg+5Pc!sOYMUV#XqC|T6)q~$Q#rdkx9K0=7P
zYnd{;o;EU8)}{2#H*lYhPTjEuNn^_5z?a~!?36wIMSiGFh1uq9-$pay^*9dm7=2tr
z+dYj72=5qIi1F7{LD~<VNYCEzN|;rNefW_lSMa-Ra`fR1%{?zdPyyxYe5KS8tHvVF
z<p*Y?*OA-v+FD=CQ4%h+e1BuF#_tV{94A}u;N9L0WLh2GYRY1YGDPW!g>`+d?W&a(
zG(yQ|NW`L^1fs0O!@rAeD1qvTNSRthl!3YE0GA0I2}UN?8}$4gGMeXMWlxtQ4(rv;
z+#?w*wuQfi!CSP%Dq08FvB44GX$5=*c2H=+51f?>z?lbK=V$j4B&rtYk5Lv$P1|Y8
zv*&CRquV?e(>C&KrJvb|cmlEwrjVzEQylqhv0h^0uW`HR*eoLTo737hcs&KrmN7TC
zfWS|bd3Bl0$f`LTFuR=KPfM<mN|CQ~tAIk0hDGU{gb7r&jj0ow2#GC?DlIz+Kb2>|
zHEUbU;)qmIP7%DtV3YL`^bR85`kZ-k>0$#i$7MP(ib$!!`D2k|PKbGlgTxPeeodae
zm6g);DVnjR6B3zwVNX#XyYqMB<=W|SKqTiB-DZt4Lgg*d9a>{5I`V;J3>__D9E4Kw
zl+##s%ctdT64C9sK+f{VruWU$*>)*@R8UvTni^$`ufWR|?|B}7G#ItKOPlv_0pe-H
z1LubMWn0a5_EGXISfkV1FR+BHW1EMH3kyIPdvREMw3x3%qBOW3^!_#b6K+QsV8~J3
zY!8z9LE5g0tdSj9FO!i67`W(9z=vIrB(#AM2;rzCMK-CTMwinO53$H=I1#Vs>O)~!
z^9FOBlj$X~X~M<F0VhGvq@{MO4^{wUP%j{T#aQ=EHwCCqtIooPrCWjHPvQ@abfzq|
zswYth!=>LJL@9F_@ISLoUkzBTL8|^u3Jb!;lqxI<q6z#zgcsqCAk+Y6Hs=3U4`|jL
zv&Z8^>YCAb;0~a|(AoqtLih;^HZJumfQZ@IvY9OuQQq+T2MwABhY#*r14Q9z2%Ug>
z*B&hjgnTY;9suK~)_L@>(VOp^^WG$tJRpDQf}+zu?>aS+ZIX*TngEZb38M-ZP7|Ux
zq$o@oz!IYD%<AjM{o(X>eDID-nZCQJ$qEG3hsI@>>;N3}<@@2;j{oy^cOOs+3y&5y
zP6#hsOsqzrtYethAE#_xk|YY`pm;xzWn-d+yHUbyvFy~(LdR$x=kHAqBj^NG6J%6v
z;%K?RJ6Ocrr{lBu@{|~dR}}X{%B*PDHEf^*00^ozjs`Idbl}^|B~<9eUK>U3EN@+(
zQ|k>HXNHuX9gx7;|D1WgCh#X8j7?n#<DCX)*EsV9b&Zi+A^p%F4K6ZB%qceT{53Q1
zf%+}za(u!&<bSxPa#p#}6?y$vL%3nT*6iXK`0dF^78l^sGdo=sn_Un7e))nmLhW7x
zSmoHi?J29I&xP!sf$Ojt{u!>6p8aYn_;zf9qe2<o;<K|C2;bxWiI|3K5ROJ`W<y9g
z)1q*D*=El=Sy&Gb9hGLR3tB@x)fHQPURUz^blV%Vx(o3fS^G&qa9z9CHV2nn7r&pg
z>|?)GfZwC42|S!sW1uWpZ+72_h!$-E=+8s05%GTieBSx=ZmV6R0@cBZE%VMTtX!;U
zeIkZBn8darzb1Zw{gLasyD{lI(^x>Nk(;Lxf6g6KomoU^^P?5^=XI+@5r;MTn_of6
zkPN>X1Rc{UkH0=2NRX{}>e2ptbJSFPPf^Y1SempmA-TjaHR=8fk0p9Gpm>}f03XL$
z=&uJYUKyC}@ywLTe5b$}F%100Wi_*AYi&U0xPFj{o_S`@IggIr&9dR_8ty|uWgiZ>
zDz+Al>VpStb@ONu=?6!p7rJqFTU<!#AfL-(4`3UUbEb=KP?_ziMpHHF#C7jwxxbl0
zR-*sDV$+9I@aS*)<FO20qwfYP;E;KPAJ)YKBL#XWCVpCKf?lJ0yT8%Z!=hsRH;|lI
z^K8Z$e<i=zFjw^A&hBuhuR_e~DNc<hBwksF0)?oEpO1Pi%rXnk)71qQ*Ug$4R8VoJ
zZp;jFT!J1N`BAVN?wT9gZWsC;y;^mdsd{C(iPOlFSOk1$lATzeviNikz)u7t*r}m{
zvLv;>G?F=1h00ZIjDLcHc_vLv+@$c=D5e(Hg;B9zj!7S>X9WSmY9X4_3Keukse*#Z
zP0h^0elo(G9z30&s3t=i8X5Ibc)eDthio!^G1H`TenD}Z`vSHVx>Au>iVWEbwvlB!
z@mmDA&bdYFc4enmW4x6Qz{bE3-@wSSmAM>Qo5i<;Q)NE0l$%t#i<5qBu4XQ5Z9)AZ
zqOZAt(GA%GB>M^3Fu@uG89_WCF<-R<4;@%}u4IRZ{z$JXMJ<3^rju9ZFjiWz&{bQr
zi6z|4d7Q4AW^`qVd>#dvTN&L8?37)!D0p6cKpZ1N+~lrc_DbIx(B|yr{4rW236s5+
zHn1H^g8B6!-(*Xmu2kxQnG<ynFEvmvRm`Dw2eNFdbJvnrl-W(9=Nx%!O{?geb?zrs
z>=aQfm<zq%vQfw|1S&s$PT{5fY}?WFa7-!?qO)O!%Fp5NS)q?0U<qc4>Om`69p^fs
zE0Fv9C<|Jjr$dDlU^(@;-H?`=f^ytxHk{CRJId-{Mlyx27W#VeD1m<qe1vm2BEr22
zW+yZj)|YhUKO)(Nfq6-hkoN-oVIZn}#fGBmIQ}OODmziv_GM6%2pfrvCX}b9c&oTr
zT!WPWZ)U2zyE*8@_zs6s5vb{lm7L&I9cN+|gnAw*tEO5Q57c-ISxUMOvw_VCX%0J%
z3(*&tN#bG`AVvf}_wTnIM<0-&RPkRRx~ZwYAWW%@jv(5p$m!oA^DJEK-2eTqgS%mm
z*ZS!9kEmeU-fnh4olpjrU3Myun-QBBfjTWM718hH>@NvK?oK>sb9Zx28*E|HzU66b
z{pk;J1~@!`0r2NB8q;wnyET`<WsXOd*3>QKFH3^G^VXMZFG~7GeOMca+B9c`EJ8Xi
z2taR$XkL;mE%k4F0l(F*9ly<x*JT-V?$&7ppdU=|+g$kKy-5Co9}OMcK>GuXxgLmZ
zb8Tv$_)g&_Tm$5ev$@-s0j$(=!#8T*LhGl<B7Z`mi>puvI!d>uG6A129~(V?+`qY!
zzS<9UNu<vZzPP8Gw|fFNZdp@bG~|qa5(01pD<S{l9ueHu;^j`HiDckzr-PwF-COAi
zPDi;A%;N-n=g(A8ybN-4RHuJs1UHiV;LU4Cl>GJzVZhosv@o03X5gpXd~jkMx+EZn
zk@qS^;zXJ+4_FovQ$XbyK5o(#RZ>SANQvj$%pn|R2A}Fh>3MGTndt@1lh+;`$p=Vp
zQIxpJQui|j8ybuZX1{=h*1#~pNW^FYDS&W_zR)l~=Xb}VnfIBU^=Eik@j0M_8h+j1
zTun8M^GrqKt8qBuX5p!ESe9!FQP_?rs*hm@lYp|^j*NS^QQ{;ve~T(n6%<4#-A89F
z)m8ssQnAwr?Nm5(j!-kr5yJRIF%G!P{}m*8ov<#ISvM{~678Sn%($W7k~uj?UjE3j
zTB)*HyGuj{y<O|5@Aet+iytLZP+dx)h(xESlz)yuVmTM<)g4_U2fNx&&1v>N8hVd+
z#GQ`GN@yjdn1ESzjaRuUf<bTU*Jteogx`YR`o2(;*(T!VrM@8<#8uJL$ud9)i?L&t
zx%~q?N_sr*w!pRg!jeCI0F}XyZ04`DjS_)HRP^<6;3V7^%MOS`Ll7fzO>7M{iAv=d
z2Ep+y*;m-5^c9`UwusuD?X>D|7t!;DSeDQtPO*9`oO#-dK;BFyTjsJVB&sCCVJdnv
ziQTDKz}IeRtAq7&=*I65wmtwk7_JRvx2@BWr1SYD?yBfE?SZ7KU+lJou!4MUa1FO<
zJQw~H(*TP_Bh3-tQ5}+@WdW=x4>j=Ak)A5S(bjHBud5W&S>TxYj)96FaHQ6^(RoD)
zF_*cB{nsDk?36=hhyAz4Q~GT})$^OTIS=K5cGC_mi$ZaHBo4>2cYvT8guwSH0(nC%
z>m*`oNB2ap`xZ%VO5b0So&I6XHHzC{Y-ysf==FcVf5Da-yH<~b6{ZRQ^4=llLk>{%
zi9qQU)(z;>*1{rfa#aEgLpHHWc`Sl9EP-HH9Q`rnh2Eg3S;R}XFobi3DpOoeBuA5A
zL49g`Odi=D7my<}^8;Yu)uX2tZK@0^MQ%3V$C0O}bU~E1k~a5{X`prCW5f(_mbJ96
zejqq?)*UgswM%pERDC-EPfHl~X%_F-yh!rP@z6|Tfx=4)nhnJU?jN{mf`uV3LPP}n
z40jyjimV8MEL*Z_GD|pzUSw8ux^R-%4X<$-PHu+96NK5FrvZ3L6sGT)2Y=^WKCI5F
z?8ZW2%5tsr_2pOJu(e;T3c>mtUBc8p@U`6h;NPluw$9lZS=I2d*PwAghJ-4)gczxU
zZK<n94TF|Zj5S352(!j9aY3ktVj6%Z4PF|{ij(L<M+Yl_NTGC$6h5*q3;=vyZLHMx
zkaD0cOlQm=kpYC|oo^=ej0(TwkanYgsQ!@{OhzjRe3{j~nKE~O9_u-d<T?h^b3%y_
ze6Y7)j@O-f%=c!l79v*B0V$1HLZdeRT%|;zo<U1FNcrXwaZ%dUksdj5Di0?=l7NwV
z_JzNuV3hZ|z>a}u12&H#E5?5Fx`B18<4L$XzZzGH<OOUh1)j!d#NpBU_Q|-xA1QO7
z3K(uG57W17NyQ87w0Dz`#yt`>HPnSJY3+K?cWcSkBTmG`i4P>gbFx1cGsM_X#IP#Y
z&Shn$H&kM0;?yh#Q7R|cRq+l48J|w}(yT+wxY>_m$dIO(7Rgj!=xQACaIe5Ms$tvt
z=U6tQe*%1WgINy<=L=v&Mv}@QaDU|EQpe^bt?HB)WtbnK%Wi}GdX}kg<b2(P%bT1o
zRm@b#sW~Ap8h$`(<o+!#8KE3D?Qh|2DT8ixA~slG<VEe`CtAhWVLDFM7Fy+7^_dcA
zxInk=O~bR|aj9C%=54+l)Ag_)=`ox3`%Dtpd=en*X@)Nf)BQ1G0C?NwXAXYvYTvSP
z{k!aZTrDye7{jna*B$S}{UyFdKh+1-%_Q+Y#2Ge4PhZV0BG`fU8{BOkSKcneT*@BR
zr=Vrb%ycB<5K~0i!+ids!^iK$k=n;Jd)!58gNGAh0>|LIQ=wpW7CV?eI$;~CG)wl0
z_Y@H1AqG8liJ8`Vsd%9HY=hup&Z8A&T~s$JQF|VJ@@P4aL+?9vWou{Ukj{Z(rK>Xc
z*=E|pDfc#&s1gQGleUx>jOZ+?q3R`4tCJOX!96m#F|}bl<Pbv+$(^)`H);{tx!ste
ze!R)uB#l80t>w))=}Xi4<J5?8>qkNA`#vBl+;lCjOk*>y5{iRDq4KCEXh$=&(z|ZW
zjXvkME@N%nvhnY7#bzEWg^9YIqSMqPFllXbBK2X~m-x;Bp*h22EDF@+*FG-8ynT44
zA$}Ja=HOX1lD8{ceEJDXAQqhXCp=`F62c5x<DH9~nL*Nr9-?`~fs0Acp%~fNDiVN=
zV>=N-_v<sQ5xIGbIxjYhcy$uT!1GrGe#0${&h|~R5eU8bZ{Osrz0K+_0ygBt#uyL)
zGhId$h5>9;a$!_z|DNm0O>rI9)~Yu#ow~OiW602H$%u@RQ@bXB`v2kTEu-QHm#$GH
zxVw9BG7Jn3!QCaeLvRQXTqn4@3{D6h+}+(Bf(CaB5*+U2ocrDHzVEN@)$5V!n$@%R
zQ?+*$n=+*C--AdOLNwPwI77p%DwqSZ{23*Yv+`b9`g%mL81$2eMCWVRZo%4Wl2(ZK
zf&zZ*HS_&#&Ua!@bDM-Tpc!xmd5P)KUmOx7t;I}78i!Ca^AkK1_oh{M!Y`G`HRg8*
zt|mz8h>x1X16-3PSfVT+vZm4wIo+gVeq(CT($6nSFnF(L8vQM*CjbadT*TJXsO-uC
z_b#6tu`9sK%w6Ud8H{d(iqKl6$nh+Arg)kRaFwH6L$kV@f3WmlTN}w)h(P-@(^j)H
z&#%?7RW=mMj><u0R$9%t`eS&6cBKSA6%RQ>xerc8D{T;u>Ql7#^@?5x5`5ho%o8(%
z3csGK=y2JrwdmEQhHfiTu~Hr%kQs(Ha>)wja{<9~87)Cv9$pz6>b@l|@=G+0DvuZC
z;|BQW>`;-6x(B2&htdsW8jmQL>{annpzXT)JEcwpXB2;~y4|B#?71jep2~*O@l$(5
zvM&i|S**PM^RyvW8{NVB!%xVOZu{)04z*4(t>OuHpiK}oCnv9KlZD%D9yE4=(3v>w
z@E%Mh<flD(0-AJ}OR1!n?vtpw=*vDN_&LeF6{RnykVYC7%hwpJ4Rm;dv<r&;#F%#*
z3QI3`R*rqbH<p>4{)(iYSp>dqrzyigHAybhJwwn?X6&5{kKWrBmo5kD$i;VkpsS3^
z8V$$z%I%j_M{~$_yi^-g_i1d^Gnf68tq%-K-6U7{=o0<)dTt^t;$a%%U^!r9eJ@Yc
zQM_UP8tG}X4;a_$q!cESX3*rULGI~O8lWZ_SB7icvTpNb$?&~y>Z|JVzrS(jgVy+c
z*6zN1xc^gbQ5)Gw-}T3*RS_w#5BMV5Ks~BAn9Fu@^BMmbUO=b}aYDj8HGeGYc3bs`
z4J*-r#t)Y3s`e@L%&gg%U&X$P{zJBe@@`Ew$~P@se|wv(0vQ_$4NUv{E96H^E*uNf
zJoenLg_jrtqQPR(<HJaK-HgbD=`UDnNgcBPf!lC=-2W{L%Etu}8;7HY!281SVR7(-
zsDae#)ExX=|E`dav2Ye}d_0f<JXioT2PX)?#m&dZ#ZS${!w=x%<>cbzq~_q`1n}_j
z19`cqdANB2KpuWhh!`R)0c1J=P7$K!2lpP5{tXUD$pzr$;O5}xg^mINp!;zCn+xIu
zfH--1xp*MI7vc3Gl>TrW5c2>yAQLxqeIO492RAhjhzG#W!3Bg4=LB&BpaKd`9_S*R
zTmWtkAm9IQD~w>cP>6OQ9FT#J0|4UV;^T!*<^%$GKwNy#$^85PAQvYe2x=yf55NiH
zfcznbCH!Y4GlcFNoEt<V2)Zvn5CG(dhKfMYQCt8JH#g5eGr73{Ku#VmULI<0ehvUX
zHz(9*|L-d@LjVDAT#%$-I3P2}zdbnlp@vgK-2?#g^89lUCpQql$;ScW=BMW7<p%KZ
zg8r|A!k{rKXLeY2W)2_+fQyrhhZhJP!~x*t=l$m&P9PBKaUKpHE^2P5M?lb}|L4Y-
zkf%U6T}WvNv{7cZBRm}w2n4m7i;ss7M9mFd62!&*Zyl%^P;Y_wd3dO~`1qkF{NI;X
zgh2fk2I-H1!-Y5@z)~?le-Y?FZm1pqcmBUy4jx`kKHmTTd~!%9CoCE)GbA+@P6(nB
z0*65keF=X4e=Y-YLVe5u^%!&p5b70vp8vRv3{pi4iv-CCfy09M$H76*cEJC2wwusZ
zaHJc;>Acn+U+(_<H~$d<`JMf*a5}m$H+(j;KBPz^ew2d$2x6`^Z<FXI<#$P|rQ$*B
z8ip5@m5!eYW2VT0awVk;lg+>H-Pb=g&#`#Nh~)8+4DWc{`>(Z>nEmAmrBC{itT?K`
zB}W3zujngq8BKB#0Cf37&vq|9Lnr3$EVdLH2GKQIUP%&Hil&6G&yQp0XFW_E&sV?K
z;olLc?ckxDjQE%nnK#G>Bzla^#nz4*C8rlrY0p(ERW;u{+!>2b)L8x^&^cps*R4`V
zhph~pWuHOZ6R6N~LU~O+;APYT(@3kZJZ6Cjq?ClSi3OBIaugX;R&P)sHvSeRamq)h
z*jd^-tzy0vrSw&wNduyU-WJv;by6IrT6xV6{o+dgjC!KZeDF|dYXY}+yd1B3$mX?$
zt;g}|Wj=jeKNb6tbiK@H#WsKY-0vtX2dS#@K8bLD%1v!sUFY>kY-MJyGUu8$KuQ4{
zj0&^c2NCuSQjn)@f4|M<abMw^>9x}}C;Kqvs5RNCh_q2Fz2=x&cTzy;d&<=yWKCet
zL$kQTfgx|xGlAFJrnAvF$V7X2E5v2F6}ed<B^BTE_1%COr`6Y%ZW0nrDF(4%+n{L7
zuT)}ZkYPy$MlxQ{Z86h_zs^Wve)N)H56(3Z)nX|BpN27FJL<Ja)M@q-gY2P4l45(3
zK!He*MQRu`k$@0#NdKSi6COUTu3@-gaAJtw(foa|yKz0}g>*n_PkUdn0fuNQ`aW=3
zs+rYL^L&Gx_cq~#tDI1A-%U5Q?U9xIIx+pDad0<rdO5@Z5%+j_Nv0(=<g6E5_eSj2
z&Gy!}N%$LlX8jOF4zH0=a^xHP(+|MLoHd(gc~@*FzdEy8j{bw7!Tch(_VLOQ{JPb4
z7nI_nZxIyh)AZ-P!^b}&#*-L>25eS7F~v$>GD+|IQWsZM8r|}-x(cz{H+;9*4=kI`
zyqalO?zk~#TAP8h)mTAVo%NRB(D+PYT!fL{)h_VcZJVPE;R;=|bIRA|AME))se<&6
zsqe^DeVJCQa68{lJVe^tvfl@frs(v(#+bhJp{>o3{*>(TeoBNb=gSLx{DdA~l^wnP
zpc*Z{`SZRN@Tr02gQitD9fNm~sa_6IYisDrectq#?-xuVx01`s=M4K9um+@RxU9C#
zpOrr+^5Z85+}9yfM|}^oH#t?D*k9smRTI3LgEr0BW^+DiCf@1~(JV5-IsET~SQsh3
zOMr-(WRvbpc?-X*1g&7$il`aS_8Alntqo)uG8>N68>l;P=UIhP`#((`(tcL};utzv
zhPBlDzU0~|=gf?IpBKRQf|LB0EdS!!ZL_W#^e-SOWDw>GwF+`6ekmJxXMJ2hZzIw*
z(IFYeFE&~E6wSk1zaOg)+!Z7>tcTALF`teo@Y9@RsCC9J5Q`U`MZp!GGuciY-0u03
z?#ln_Oi%~&uBcIc6k-I~63=XKxJqDbxRzB^)T<xh7$eO@hs7w#0z2Ew(v1QGFQcTP
znc-&=c(aj0s|vKF%dePWXmz}@puPzK)O;y#(U^_#q>6nx-duZ4Ebcz3+{F0i&uZ^w
z`IVV<E!4vadG10t8U?kqKG7WB4#R}Af9ED3(W%+E$pJM8rdwR&@qH#}kL!t~kyXJb
z@mesg`_9UwO3w1q0k-*z{zimT;%#JUel?L+f<iq|TWp3tyGT^Bzv*`mn4CfuL)}V7
zy0vz<VN58_>l^vmQ>t)|`=QMFv%yd?Ggh7rGE<e**IDH&csv~X9fO>gfF=ZBi38;h
zkEpxUCbfqOf68oRFkTMJ{Co`j)lWvp3^`Q-4L#6~POt!q7dY>OA34j!`<95D^nvqZ
zuB366m&!{lU3}Yxw;SeX)cY{JG1@Pd6Sf#{Fv!o+F1dGu8>d^ER_gLOOk378*_9!o
znH7DS)x$=Z*S!qMob@O$O|WN;g{yjwPiLf5_C7bLPN*eMdO#viJEXAvS2n`07*mHc
z7fqDlLEf*wFTv8n0}K=jhX-l>^9|ZT(m}7Nu9I^s$=tTChdebR$V_v#L3MLtQ}%V=
zYa&N6t6&ld3C2WKvZ&bks-R>kRUT@ohpaq=WIt5dhdw7hZdLDJg7ywb*vU+cR|7m|
zf3Tpf(q<VfW7PVB73K=W^WRh#zFFtnDY|f<m~IZ?xqz`;eD5ACb5ll2EMOyd4iQ*b
zXqeS6kl@z0=RuCMpAHq>B!w;{7r)z#{{FD>k+@!b&(13;heB$}q}<CGZ#Q7t7+To8
zOJy;yfX0fl;R9cnI-jyQPt$5Lr8A#$?cd8@_m4SV7@SD1$~~aib;Ul*Fg{nuorw(w
ziw7_gzzPhR-X1*xt_T*8YypQbV;FSFyEo`Z>Lg50deK@Ia;iR^l3jv$s@f4sD{r_x
z>??N|WU9t<ezyk8U8uV6g|yk7UAin+l(}Oi5zal8Km{_@nA6j){!0tTa`}#JFUwxN
z*LO*Z8TTrJUjzf5qTnmo_PU=!+b9vGGv0i}TfuIA6%jrIh}Z9SQ%<F`9UF8w`96vq
z=7hO2d39E;37ru~>4b4UCo0b=G%oh}C%^Ujd}zLYm{>!V2rD;u;bkqGmg%t|aFGmZ
z^DIfBz?{2A?N7`tS~PKCn@Q}b{^OoB^a1UOY-GCDA*DkDF_|~or7@croW6DGzS;FF
z+n6~Fz#ugu31_?1tdj7f<{)NCilfg@P(4X3!oV(LhuDzySIyuXEQqoJQp5NT4+5VB
z=K>KqhDC+rheE$tI5Ws}78LrNQo=Gqa$R5%sh}te0L3ZL>c-Siq{hv`%gN144dUX3
z!c1-uCkLb^5Kbu76&4>7hXBV31z-QP1Caj|MCRoBU&ZkC^&JhGaQuH8JO7I^zrZ2G
zCH`{y!6ll_7nAuN>!cy2F@A0obGqwy+#NsBdF5`sEv#LQUJeaEFXl)(O<WqEunJU&
z`yuVFNB1Me#@V@h7Jna9vN%quev9UN;XcYi6z%GcnqhMhf|Z1q14ij7gi~d<tXE%C
zy7+zWzxL7^^<t<x?tI>!862NTf>X|06Oy)l@WS2})nVfMxYu`%7|dDv>P-65z#*;-
zH}D;I*+Y;*2N*#D*O?t)fizW(eIJ(_pfoFE&EWR4F5x2nT~f|+JU(2d3J+!h$EOLl
zsn+t4^zK}GFJ=!+S#Y-7%9O?FW_mOx1*>OhNH>JjHd<#|p%DXQM2bhq`GvPJx@nMn
zB^o@}T8+z{`3cSiF$(563L<Eleu#KiAVNBKAKu6qQseLa@WtcLi?&F+_bvJ2^_At_
zHT}W%ZAxc5XS85393sT0GDxjv5Z$h~B($uIahrW^?1aP02yAv3r0v_I`&qi9v-bIF
z6qQgCXrNyam|~PK|HRs$q!FeD{fdRd65d&g9QO_Vdd6N=4ST$OIU44b5OCK4{VVZ`
zbA~QM>0L$_CncVk;277>P+_(4_2g6S$idQ*vG1*!LsFoRMWCv@tRjts{nva3q3>~2
z3nu8XW7`xUuxg;r$khXu@!QQroMCE$+^RkA*UU~zd5s~L{3+8<K{X?@PDROQv-L7#
z=_9Lnjl@OMN>T48ZgabQ9=FQ?F+wnz;g3C4Q9SrZ(od{Fvcle_)JGjgxm>?WM~nHB
z%;y+j$J80K|9BqbcJ1b$7Ny`RPbNOMJd~G^v9fOnU>)Ssc}$9rslN-B*ILb#ED|`l
zqe+eD3TO4z86)XfMh%&vVlHQRNAvT!-Pw?8<{#|yI4DvaiOo9ECN!6r!9y9Puz2c)
zx2oa!H#0NFMm?Ha>N=jJvwAkk>{<|F*~Dcwhoo3*dYhgvhZ(UROpkwcVgBqV7a}Al
z7Rr@YgK>uAKb#%>z;V$bo}CC4i?Dwu2h%~x^K*f34Fta}gD&GCgu`$~PWVTf{BhUy
zSlo6Z@NW@XdK&QayU@l4%bzTT%g2gO5*k~)2l0Y5Ntcvmo&E0&klp^Q-~E2R+0H2U
zJeMc?l@oMEPl^8vofF-jN`J|D6lhWuq9)DG%nsHrE~Mc?>tgnf+-tI<%cxKt<CyOM
zRzh<oqMkQOtuw9MlW!b;dlOaF)$xj_>w5b)&|BTbX#pn=nWUdTL*e~r4wu|w`4l##
z{E)p$F3rWr`AWT?I&tz8o-~|KQ%2|2f~hYuKZYwfoVq?VhfNW8Skg<~Y&FcyIGnc;
zSXzS}E4=Nb^!oHMFELN+0c=^PZ9Z2xJ6s8_fTD>UW|;TubC=lUS+tTnQC%O^R!D^e
z0?x!~Bm==hA75n9&Z7svF>q=z?PG*dCx!d?U&(u;oRTc8jxH`XG{)9<#3i2h!E4S~
zb`|_+TPzBm2){R}Urb5M5Za9=3-J(yO(6m&@(9Zp8Th?}#bFUtKEMrsMAc|Hpc!PA
z*9u8aZE7<*zx~$ekE4C)K=09eFDF^(Rh1}E?S0ZrRJ}<boGs9%L(F;$<oDfvGxGbj
zB?nKu_nnh6e3&Cv2K&sVKD@Cay0U=i)HaN7ew*FYVGpSGIV^iODb^YE`uluyf1ec0
z){<0-^)*t6S~50|!(W`@a8ZaRK`1{-jlbG)=6JVULp(SY=gi^xC|Hj%TaCe&cHlO>
zb<)rCMXtN+FSV}XTW=qCCs=0HQNue}a(W=ENpE3_dV}&q17Nb+eoe=3Gth^bXD1-(
zDG*fcfdO`oI9ffJGVXYUUncxZFC7n_bf(JEo<)NgjAxoonCgJ~Ek8%FYH`O~%pcsw
z$5NTvaZHh}#!u?x(6t}YAW7I`B_6=~#m<)gxjkZ<B-Lq_s6K1TZ$2Jhp>&|QmXMje
z{V0)|PSuKhlPdOG7l5B?i1^X@z5p#kTey^M<7?!zR?amF=jD6>j}DItv-=nrmiq~S
zgHfe!c)K4P(r;S1tF*-Gx>O;}T-T$^SEk?rs9k}>*fz~UKM*2hg(yw(6Gr0}F<y6*
zXRRfJupLo%1{f73T_X-ubad6jPhLM;sLye5F<K#+a=){T@d(yb+dUZIt~dp3a_fW_
z@G_!e<d(gb9dr`EE$d+RQ!0UFTQ0tM2YuwyJBtjc8%bV>WEwPN_M?rf5uwAS;i?bx
zAr~*631)T<Dh>R!BZN(lO<#1sOBwv(S%vR=u#=Rv!li}`Bedk&fIVMsyiEHsLN<!m
z&j&GSTjOC{PTmcB6<H%f1l<F1LvriSEUi6_<61{V2Rq|@R-ROe6Ia1tuMI0@eVbI)
z-+5S{vth9&W}w~7md$tg$xR$b<{_?|A8AyH?cripK7g_a+|LthGF}hR=-{_8<ciDa
zSDY<c8Z^TRztC-nPvaI`j>4lg+OnD{ev5~D%5>YXQQG3TiWrLXh9zPM)vaiV^Vx;_
zNwWPLS?W@JGZOS6o2?lIOukjE$!U6o4~wy4VSP{~fd%psc;@M8;YDi>C!yca(~iVn
zxsPfVY#(zG4D&cbk@``p<VU6M>)X`-$u`9T@T;3+di;Se`hWt{g>csEs2;GpS)5DM
zSB2y3ERJ@Bi;zar<iCh-s$x#PZ03X8OV|3LR$af{^L6iFD#wo>EW#U}Y0ssqIXa6Q
zRA3Wgg6(2wks_GA@{M(I<u#`?W=_bym`AoNPR_ylG$BGY@_GW_r1j{*-Rc-8IlTC?
z=*2V5&_=wi_&In&g@x8dG3pBcHW|x86K_UKUrlizT_&qVv7mnlpDszhf5{aUwGxKj
z3Sd6ORziN~w9$J3mPbI{ZkcW~3(!cZt&+<gRQ|!n5+5e8EyenCo6hXcS79l-0_BHC
zTLH2Ssyo8|rTK|c>`gGDFi1w)41W1d9+y^!DFMxVZHR$}FilJDUmvugywmD^+37D~
zG}k}};Gp|^49?w&%O^%8VS3rv(Q8kX#Bb|!e9S=`%JKN%gDUT`F&#fQ^x72itp&jk
zw`7dbH~rT;m_L;Zf%V@c%u}`%W+3T_Er*Pnq$(!(S%l4$jIJxY9|THubCazOWyBr|
z^1o!HC!$;ehY`Kv=$&0R+RaoB-HTpxt@iFs4c3z4>dex2)epnIa*nQ)^T|Cuf&-#-
z#rJEP)2u|mlrd4d{<|~HY4i&JZW;EVj}OqHw_e}e2#GudSxM$0k9Id6qIR2q1U{rE
zA9b<@9QahPMIvOa#oi+7mpHRBSt`pqVBG*5V5WqKmz?lCReK58Ld-;`W7I==UXgD^
z`)M{;J?+^Ib-qE9p(7IkAx-ctYNC=Y*#Vj0wQORwnW7v!PnGF-%9qZ-I3ls_^zj#V
z@Lbt%$;QeMkJWjaOz~tlbfGz?R^*Q5y|-U!jZ*9H@TfV8NUF&+wCBdtkekWoQssFA
z!c<%yoDVpyIDcn}I#Pgk$9REPXehZ1Bl*gSt-h6azq$>g9YzUPbF%D91!IZjXcX1J
zePvVJ5x=*a@QApqv@Pt&b>e*fl34}Z>M#tra}SOWan2%_apP|{;QKnW?cmF}hM8W9
zwJmQM@N3m%JA20q3Hz)Hc$8UvY0qX<lRmhEd2&`kwT&Zp=h-;qhEenU5sB}jmyoOb
zt#h*wb1?Nv=J8jeX7V>5zdJv`-5)_ju-!u$CRB+(T$6tIJe35yd`3ph$G|uz-n*cq
zcONnR#-tu%vLaikqMW(F^~*7O`&gj=KGa*GklZR>@g!{)^RRM-;IuIBQh4}h;!gi}
zx6x{gKISfm_!8JAeF7PVq2uwElHzUSjqYK1w)MS~n_mIG*bX@Hw=8jVJB?h4;5gv(
z!g|)g<@heS;&BDphucOu(3h@?DtFBBHX{hTH`hl1!*4HMmi?Q!wePZLvZ=@C=uMPl
zbiLNU*B_Bw`Q2uDo#gn)BoQfVLN$$iKYbRBCyzpB%SgG?xB9xSfMVrsc(-yDWZwR6
zAr^$*MDiiLZ=^M+<OXqIUn_ef0^F^>n}tTWzU_XdeP``|-~jEKzS%^Q&ki5MyM7zG
z+D_Op%70V1L^hTsyA!3vls)CFZacTV9ryIx-{<Ld>FCnb<Btk+F;<xIMMx3pBidDq
z!i8m~=QP=GdLzOT9C{74J&ZMbmc0>yfEKIdYP@H)=2C;Jv#g3SJ2wH93Jpu@`kTR&
zH_QDR-6gx5!-ncS{^=9{F?}_6Zt4R&F%vV$k=B*!o*F+D$XPi`&V;@fe-1ORw}@f%
zXLjwcKgYSz?5^AT!8pDHCS>(scqIMn8;B_o9uHDn2-Qqy`NJy0@$*9hMB$xafsh2I
zcmHCqy#JFDIia^6N7jV%um4vreA>Q~EG7yvoL+(KF&CCHz$t?otJbU#!}mj$@XhZj
zr~8`u4fWX(%y_)_fRTr7C)rm%AE4c9JIpHz;V0yT_UyR0xiC4_uNiN_+vT+DRS!?5
z;_CR>G$Jx(_Q=@Vir8TMZ#=^>;iI~eO4p7TMZ9z1qJ9+|0vn|OOBnOypu->qd|>gE
zW0xX3*7uv|v9}^T*3qAjadq}_B?t~F&PG0#uBi3IEkZSlVQ3$C^la<rXKV?6SlaCu
zV_8Z2{Z%BJ9TxLNx@O32zLCghHd-9bM9vw-cTEwJc)sKdNH+(wsCo^3sW*ThswL2S
zcT#A!zmq&FJ@-+L_l;9(3hw|EAt!!X*vNPk9kD*H)gols7?zp=YayE>>ou&DW&tqV
zBpBqR2lbC;M%$(A%zKbXHCujAw^Ny0(w$rN%2E|8nTSi$mJEgGu@Q3>$iSx_jK7|5
zAi+e_Xz|>Q>1P37ILw=V3Di?4mOc9UVyt1LPHqT%%Vn*)e>(YmP(^>GZ-v(J;pgK~
z$+EEgF4!+#SIT(lJgQJ$Is`XdXaN(5m_|ie3;{o!Ux@hLhWb4?W%#dgFrR}nsEiEb
zclmf6ZY)0>ov?S_zdnK466626HyxyyhI3tT!z#gupF4w{=gs3Ja&qtZ4re@MeRvZG
zcc|oi1W!>URsnz7zm4Vm)oW>oGFp~+bT;e<=Bi#FCJw5)41}@?QyR)Ek~5Zq6pV)i
zB(<-+u4KG~Ka=_lJIq2>{I--F$gcp&-ic2<bI4RD)s@471SH81EPmTv%dxg~Qvyk+
zH*8#=9(BMuG4MV-gY36D_7(10Z7OJ0(Rht}mp!Ro$`5EEn2sbGe{519gA3Ql6V87g
zD*iIGn7JfylfEVKb1gRtEM|WGBm!~wJ2dO}@LO-T&#ofXml|AQ_{RFANc1Ai<O=I@
zqtN|kKz`f?!wjpDZPC_Q2kXGUU^(<@XTa$fY9lLH8XjS<Jqll2tLu4xwaVY~<>xAe
z3wp@9FiSWL`at*)KC#@wx@l8vIqN9K#n236-_qz3+29IMCalXL+@E=b+dpgCCj*|1
zz~eyS6sb+fW?59rqY)wD9o^D|4OaassBzbY;g<>RpUrlTwi6e>3x-+(GH%(ozd$eR
zEn;HuOQOV%C6#CZ-pv?HgtM$D<F7`vjc;h&fceUNe@tAz9Ey*G>$~{&%QXtJZk(>{
z@e#(aPY5P3RzM)_`?%pReGk`fJcpg4Mh8D=&6}Gsm$K1f{%Z8zp77ZB-Ns(*Yzmkg
z10L=hC8O){@I(36gR(e$u@dFQQ_wAUo{gx%>_o9)gC5K_pJ_YIoejLb7>eA{oztzq
zd>(_p;|o|ZXwTJA+xff@6P=rs^;sz~d9=uU%XCj#(d4N;a=>duc*91qXAiv#bgW!a
zN@^z6xeJmDe8U(r@BHY*j9&hxM%*x)H~Qz6UmvOBy|dbD3J()qw`+`-qQ@wgeVUXv
zIAmkGy+tS)V9zzeM)`F+syB8|`~9Hrg?tD$jI24cS*1xQY5-I5s7}=U<3TgrrIgA*
zx1i_qFV=4P*(BC(VnwXH2L#~9cDU$5!*ACTAI&MPavfo*R`dU$`wTWNdraLOhWtUV
zQud7$(a+#VcMx26b897_ZXIq*f`|8i0(*ZJ+^vCCSekB<!RXbVnOZN2$HH?ZHPFdy
zl@2MAS@;C}-o+qX{q_UHH_PBpaC9%hsp6PaMGT8;zK5pY*7bo-g|~#zjPaLKjZ?qS
z3RcT9qMR6oqTzFP#?D`**V;Ed{6z*Q&W)Sh=Q$>EW1c>20%;4)7?TNqhsB}*^kANf
zrZlmi!F3;$bqs-%2e;@tIpz$GvV}9!9uy$29kR3He#Iq+UxSJizlTg12H{9JHOpzK
zOS9L2tI?2XQ3P3(p-62)N)Q^c9Pv=WRYx*HegSD_N`2uhA-S5u`lHJcD7zH9IC;(J
zsjxnsZFfWc*NXOZ@6ImB`cm9<3|z$}#tP(3?M3tY;3S5J0Dk5d4Uw6W1zrN~YQCG%
z+hDLLHq%M)p0>bXhYpck4ChPO`Oe3}_F{ipb3rz~?4iKk3&aZLUqkzDmW4y9=O?z}
zNw_vK-Q!c{3*}Sq2SnUfmyQHfu%!e1E>io78t-%)-KQVUVXh6IO!<9Rz%=@p!gAk(
zY3l^r***w_G#<+%8Gf8@m8eqLu75ZBh;6uv7Sctzxe%Li^znS=(m8Fz>lZQGoVYyJ
zsco;TXDsDkY<Hi|hnmQ5061D=Dursx8)w+!in%&{-Ezi~LS@>Q08AsgoIqE}DYZC|
z)j}tw)!+150cRw?9OX)q7O+H^b!++3-{9Y!l5kAsLi_YrJC*3|Vd0vkA}X2d)LGh<
zvmAp`d`6>Z1nkD6%YNIw0AS8OUaVH?7uvfs(bkLxB`<!_L3UOG?YhQdfV5!$nvc@>
zk?~k^^Sb!D$I#Ps+up*w%N~ZovZebis@aR}PU6SP8|}Ap<1u?nU+{>|fcDQrvs{}!
zLImPyLkr)LP4O5sx5JW)vHK0PA@{+iowf0Mcj%X|%Gnvv?K3a@z%Ov+FL%E<h4es$
z3qkB2%@w*aH{(h-swnO%Z(9f_lB({<_IGa=qP3Nt)JKD5a(opEG+5b7<1kTj`sBa9
z>^3nsYc8|Y&}zaD$DJd>Ng1F5p4aj!rA4qH$<dL%%gBY-4Lq}eQkpO|HnBrK)vj(i
zR4TOjo0(*W|Aw7zmi_WyOhLl{!h@*p!%4#dIsStwAe#osw2=RlIOGKVFH}J?7W<z2
zD#tj%s^AabbK^V<3K#45Wq$M<0MHt1of{u5!;;%+^A1IjVzQdGj<bx6Yjr{M!HJLD
zQ6|_l`Q8im9uGYn`-g|6kT50{B6EAnJ%lDBOz0W0iwf~9Bu>kVSDH={3Mme0kYP%>
zz@77YI{6JZJB}ilzcIToZ93!hJemD2>AtD=io5nOAQR6WH06du?x=U~=PvqCh%!>Q
zsqEr&+Sz33lHF#vBw0l*X%7VZZEn%aSj(%bb9&@)en{F5UT21us8klvIAiL%0|Ap`
zv@fcrk;#QlEP>Zj2&bmA*c<Pu;pZYVz~_`ml9WStK~?5Pzv3@8uu3dHc6_=IzS3q8
z(S!3MhY5DUi^kg=lkBHCh)|aOUGbEoqIklp6eo;<*iQYG(cWIWpF{35b!5rZj7=U!
z2L{PHIBbMm4Fr4*z-qdGu>kIz*mJv8|8zi!6h<f2Jjc7Y@`zxmpjdv1dYECw0Y~B{
zaH0ty5?@e;L2_SD#+r=%qFCAmF+|p=ON5`T+S@w5jr=fDa{W1U^LRbg^>m&KVmQOv
z-~Xmn*bX@?7Au1>+6j*-qdWf&k%_f*i!~zS7;3<25k4?=dtW|d$v)u)3)wq*ueVe{
zf^N+~j4q>_)ASqsay&s)Cq$rE1r|%H-D7dvrsyJElKsTwONF;||4~Uh%KghZntcE$
zuN#49iGWySE6?W|*z=)s4;6E0pNMqUkJ5*UOF<f|_~es`l9v_3ibJ4R6YR;<Lv25}
zwaYkOY$!=L-o`&RgfP*fwP`PBpKvXz_G=OwTN1|z>r?|?+(T!#<r)ImAACS`=mDy5
z%j((Zjzs5=kz-7!oXtITDoH2WZkWBe8=Fj2D&W6c&h^mm!VqUEWIRzpbexcc;Ydcg
zRdmXxdA~iI)?y_MGe^Mb66Wa=4o3@Pi9wlww02Xh%3XSBN_b?HbZ}|#teKJ%am$rC
zD0RKVpkcsNr9b}OILR{(30(07Gp$|}$U*FjC6AOuyJjQq>`XGmrFC9sf!|~CAqTK&
zLMW?c|1?}1C;26-Y_MU8(i7Vm6rqa#+!BzSMO~FAr~o4kb`F*%w+pCtu6|M8iK*rp
zT(;r7F2JJn8-40vkT_1pi~Bs0LUky#HIG;_%8q7<!M`Og`g<Dm8~m9Kfj!h`#2;G2
z2_J#B`dxLMVy*+Q!;~wyfhMSLb=W|75-!YxZ2aB$%yWM<DqI<f$+$ty`X^R~AlfsE
zC>U#HnlBfGnjedh$DW7x?<i@b-0AB$S2`(qOnU7Ntu7*RzC4eU@{4ri%hq0Im(%vG
zI#gw94dYuCicZ~3se%n0YX(Bt_ADzcGI&xM-m771iqDx<y2zO-z;zS|QQD$X)NgS2
zUQ?@nZFSjV9NJmldsxfB=w>_2@`-nP3ij+FyYk-ivY{%!nbGRVJG2YNuff#HIHNco
z9w)Y>b@}UQpd-`>+ktrAO)LliO-aa2@&pOFKu8$~4Q7)i<G}dZJ5`xmWva}XA{>uv
znwf!GIu|liya=hi8n_MVoxFq%HGCyZ?L+eV9%Wt6kC{~)oh=qAJbU)^F%79<D-{-5
zgvvn)dB#QTqO3@TqMpY_Ydc#~1VcTbV?FDd_CO*wZO4%dRK+a`;p7J8y2IH@*Ouv3
z><YDSlSR>-nPAc^S*)?Wk$&`R2wQc<zz5`tA9d9-Rci>PDDhqZLL-kUVPQ9fJF`4b
zv&Z7B1b3xKNU}<;YszLO#b17m_+tjcd*+&y*`MGw49uT9c8usI8TK+nqTeR`%+B(|
zne_M6o03CN9IUJj^PIQQ{gkHu3J7>ExjS2)_tqXQe+Cm{j^NN<j^(C&!v4VtTcbnt
zUhn$;7~C-Q@h-IE53P8#w~X;BnYQWMXy;!Zj4?k4o(mGcGrr?zyTQ94<}OUI!@~rI
zWz-(Rta*7<zEo;?j}$?)@C!N8@X|a71GR5|#P$2(H)Il!9{o`w;X4JQ7)ToUBb*RJ
zKME$hMlLuT0O$)*<lD{Rows8$zyA(GHY(!KuX4M2E9^M?u##}sBiz=pZhE}BYTI$t
zw&LzDU-l^O^1ys{w!rZBF)QlqjKJQqV*o6N=rhML9|?o!6lUO<Qs--5Be^mv+4@++
zkniI}wTwx$N)b7lRpEZDZZ6tF7<vb1$2{bIl>;VZImoaKvJko!$nHC}kGSUf3Snjj
zyQqqpES`1@s*-(<=P4Z}cWvh<jz&QZVtKchRV%RDc>405$568B+#;#ZF(R1MpBcOr
zf!3g|TZId}?WK<DM{=OE#u$}a=ViXIN?m;9*F^u6$(B{imZAE~G_}}eX5~d0?|o5z
zj~LiGBScB&i;U~dOmT3dlzZy5Wt>{!`<7_X_J*Z{>d&E;v|^(zznJEy#aq0NTK>)H
zBpbL24WT$&q`*}npJ`%A4rfILzI^8klr+bgBbrjVN%Rly7QfWQTxN&jsN~5mPUkD%
zKdaz~YB*{aI<7t>`dt^vX^7SeTc4>o<^BKzrOtTIa|?N$&UxADxdBePsoFQ_aD#$&
z&S7?>Y)S_E2a57MhB<Y=Mw4%LVXh#$uc6q<nx1xQDB1Xvtj1s<;ZE1keXa^E*DR6d
zxTUe=@3i5?QP^vjxTs_QJ;Sr;k1xtb!WqkYsVf8x?Ym@jXQ){A=KG_C`B<S%Hg#aO
z>AHP6l`n=SuuPww5H&88qpO6Uu5Qn|bStHh6s#uND(Hb-scOf~3L4MJS*-)@g|Sjk
zpOV#&{`N+EYR~8{t7nyuYyc&Lj^SLwyOJXJMK|-+W?UCVNC}iqys-%8tGhR|T9IXE
zmoeCt5~9P$in<~qA9oXSOoX(~=~y)1#Srx^(&DJP`&aMT?z6#!d=I?cTjJ4$L97xm
zyOAa?=j;px?RFQ67$X=^HemIda9EnWi@56{!?I0ptF<dwV{}G5%(w&|h*M7?mk+$;
z{uz&r{4eb3Z-Dzhum|*C*rU|=A8jem|H>UhNo>$Y>YY<nX)Z8hiLw#6CZ~C_0lgjb
zr2*fWy{nttRlD8o7~iP&4o8-=mv39czKhoCT%gk@;2S@dq^VsWj9=z{lMcZi*=hD8
z&q1mfwt0nEjvLKh5`c4&sHJ9fugoPwXwtA{IK@cv!5@G)qWtfsxjNS{sKSa(^;B^1
zp-~iR^K#8eNvbujzUaAwy=y0b^JGd9Fv+>DDxs#x29vgAE6XfWezXE@g^We}ZL*~I
zI)iyGx?e3(QUj`59bo6RPqEOW*p|a#?fqQ3vyCZdiB7gJt&a6b9AoaATPTl7|6x1F
z_=N3W@W%b?#pm+Vf&z{cm84M-11xD)7-K`vMdP*z>iDmOGf#gqLJVI2ZoMq1lwaMx
zTt0;?5;nMpcBOWminQ-JZdx_*gM=#cqQyvlr+Op}&9<>$GsV$ADuGj7ndv&7#(lhH
zavx0Dx&qm2bB1Rk@BAt{vrlTr+A8H-e#E0>gTb>(r%e^NQd;R@9=(J}yPCph9vR>{
zhm_CqltsUuc&-I)*>PLV8h>+bxDK{BT3+3+Cv*5*z4CygmmnuNLt8~cI-6O)QChIN
zUZ0PS)q}|iJczUfein()_UcbMi*Ne!<1X0TReGkjN?ED3Z4dAejruhF<&oiLP@&Lh
z0Pj)Rep=Db=FU#G1C-LJONbU2xY4P5IIN2*#WfmL1@Gi!9~{{!ZuG}3{kY6qu-_>`
z`Md`|G)doRowj7mRWlVToY{ZcM6kJZSYr?{Fgk$C=4m|wgqUDf5qHR3L^D=f`&D$`
z4qv5W^}dhzp$$770u;s!*3v!6s!4q92D_TPWl}s!TGXVE=GpgBax*#EoV#P+h#EQ1
z4h`y0OVrmmG2_B>I9{c%+~Cbu{EDR(QOv2v_ZVLPBfgfU<GLD2jic|Cmay8{1~mO4
zCFqzmmuqGJ7)cozP=ldtwR(gt1&80#WEnDKan#PciRu|HRChV#QNFmH_~s1!0Csds
zV2k*eX4y}v*sI8y_O1nKE>VssV)dfsUx)FirrBFXlV9f_&vH<h(f-?DTu=CJHLheh
zG}M2EO!o_0o&Rv8<lkpbMfepMBl~V<S`%5+LA7vMBDgp4fw><tC=_kH--9|-ejzB9
z4k1&pSyXF2ruqb=<iAtD_BR1nAf?}m7?t<2(H-eI`ym*M!F&u@wxDW6-7GNp>FJNh
z&ZDL~$QJ%i_&fKC6}**$yGPv*o540IQo^W^&c%gTo4g&t0b7Er$#S~3A$mVE%Aqzu
ze$S5Wkxt$%tI1_SU(DfG<I=bCAlz#gBDZkkpjCrY;3Kmmewrwc;Q%o>dsDuT`s87c
z`Rg)z`)WQ)<F?g78^Ceg9zZzb+}Fg$hma;aw{91dUKeFr7FZ$Iw(gjBppD+aRgeD@
zwq{O*0`-Tx=H^%vVr%ZL>{Qja>~8;?xkpsN-_^Us>W2KBEl0Xym8oU^(U-sD?X12c
zw|Eb(@1;65RwYGW%71bKt8ZS76f<A+U+yHkvO@5#UJG*YzTl;v*xBr8OP~13W3YK7
zQ!VN#yo91<A<OBvlz+YaSe>_qk>XRjG`vPw;rOU2UMJ08s@}RWMyhvAQ<WR-aB<C^
z>~TJHP5h<%+Ej(5*EI?>a?px^fK-mY{1sKnr__Kkb`Dpdy}z{*9Nj)x{>33)Y$M`1
z{h-&V<5wxc05TF*OVYS;-26-a>95fpkB=3h3xeosL)-;u*po6l^PhD2^&d4@%@4ZP
zd|$lpuDHH*p&z{I5O>+<Dw}Db&86H66~84oY5Y`?>w2P25-#K^0CP8tkx^x_Q13|d
z3J9yv!OL}cGNi*n)SLHrjq#^PzGK9W8f%;3;_}?i%V5vS>2XT)8Dy0dUqpLsx@4Cv
zh3^qCG3`c%SaSK2I;Bf&yPG+C>=91i*Glkov`kz?RNmp+$KDgA0d)TS_wSyp7w+pn
zwh;<EG*k|uv4A&)gI=Lrcy?werx^sLql0*<IXOT8K7J^}8p^nalAd{aK~RD>l)23b
z;N%4IK&jrJVM!t2udw)VoIps8Has&JN<;sja#kqQh~hs?qnas1MHf#-YVz-)XpHh0
z^AUQ*9FNph74;#zTJGOoUobD~d{WzFWDvK%&m`0<eC5j`+2|y>>K^`cjenV|(Vca@
zSmNADc8)YzzJHI$Y#E{RO!{_?WRrfYrvvgHNOswLw(bFQzyRJ`%8%41Ca(UO3)`Bw
zbVk0dfQ*0rl1%{{Y(m=ZETGy=ES&34nPUjQvon<&MrO~%y&$Y*>Q~4ej`PlH<!jlR
zCoj`fdu(s~>8cbD`!X7U`)vXbziz?CJDs{Q&KqT-9#8Ly`i8Q?w0-t#C__)~pL>g<
zTf9#KB!ZS;m(a%E=L2nc<bA2L$l?#BZkl*p@D<T1I}7WVr+a&Q*N#T{hE-oen~1Xd
z+Jaj7s8KxBed2N7MV3iKoTuKi>xPZ>{T?bC>jX@4PE>@@8NOaZ9Knz0N^?@}7Y%tz
zO_G$m-Vw)o(n=iyD;^4!b*Wi$HW{hhHcs(HBk=NIpn1V3?1uK|)jM`0@LYZJUurdA
zX<xmXw47tGhH|KMV9#f7TVIwim0_=dN5fGxn=QQT)*g{eo7*jBgU^pA->rXAjnYk>
z81U@5?iZ@U7wYK;XqPLj6tt)0UK?Fy&1Ce`rKYzi+scH^4*q<Vg39^>WOm(@>}Ahj
z(}l;tl!vx{ODiRQ)z&J@UOt+Ta&V1t15yLU=}{f1xxS{k_8UwKx#91(%XO71_7QSD
zZksGIpB<vK`0k!Fj7=85>Q;sh-=q&@8zS*Whc_nmI_G(h@AGf$?Gj2$K1#$2+g)ux
zG*toK<f97{>l2>l3)Z<)k?ebd@Wu!i?Fsb3!-lw4NQ~YQTxdL2(}QdQcN3K0c2e|D
z6ES8R0Yiq<eBGM7UyQ$VY0Pf@ApFa2#z;rjU_YO#y3@GlOa|QfGiKJ*2L4VCD=*5$
z5naYjCrz`U;mAdq#VNUM^;Qqpj1+IQbLCL)Asx&9YPc1qg&bhU$~Wwsd$ktU(<@#D
zHo0r$O;#S09%HSjs85|1?w7_&2+*@`Fsh&SD;(*L1<?r+XR1-jy;luq_kjOC;F84f
z9wDjmJ?u~*`?gNX#(UbaL`IDX8<@TVCd85CCJ7(My)^w31f$Lw)GuN?k9g7hS;5nA
zm|g_?T(JmSTw0~udV>ll;TnJNUYoXUz}?Bc<H$ncv3P3BNHGL1C=E0YenUSC2zw7<
z1FCy+hZ{Pd5;!vvdt?ZvSzo&-u;B`Exg*t5f{BCBn_b_1i^MV(Xib!12xN4pC6*DT
z@BOV?IE>5;zq)#9jj<rlQWO15{o`c5Ro>0htA8BKRgJm>=5USxzlpDC<8<S_2WN&|
zlWIP=IypL;HUzc^HFL{funl4A_eHj4ep}$%ATTSVFV<!^e!btx9cFOKcK%Tf6$0%R
zIGMncYw)fomg>*$6-f=I%Fvf6#H~I7c;|MCp4K)#8c?12(37dRRoXvp)!wcq80t$j
z6-+6W<;;^U9_iQH1;rR0t~!)Wf;IREFy*4gLL0TlVy&)V;zP=VzphX@8`92JpUO-d
z##_T~p1-R?rD3lVM<{5ZdnRSc&MTvTT)X~=-V+pZ@#%8QMktVYKqmZ_NLW(b@qV`=
zR?<6yU|@dK?Jtel6HB4WqB-q@6r}XQN#QY_ZNO^O`;!;pgVhS@+5k<zJ9vM?-TKLL
z3tsQ)OSpsPj&=vec9O$r{mxXyk?c_LkJn<l8~%#Z5hK(epDf!`Z9aE(Y)*JhiB~aW
zH;ZzF+Gi7!v12~ASrk(~55OMan3>y6zgyvdH_y*Pvy_i3Z!x$u@#vZyZfDeSp;{Sb
z5vjt9gD`9z<v&f@C2mza5Ct~V&~n|Xpom%7eQ0x&at=~ni|nH0>tOVg;s5<PVswq!
zvT%bX-Ye%oyOe0(`84)~yYs*`gs%6RhsF+QiBn!`KKzF?Ej%fKrF$xqx(<-P4y|_`
zFua_v?`kz6=p2xT1~&M-7O7B<T`DL_=5ib<Z;{4{=(paYP##F6UIMnrcMpCPg52Zt
zFB+PuyDZQ%2=Q4E8*Ue)asWx?eBz#%wM!!P?jkC##|2o|QG{#UDrf!Way^Yh-E!0B
zeWF#$iFs@C4yli4K*qj$hTAKf5<i8>cK}J#$1^qD%=GY}G5p<6)fxg337S%_t{@J)
z5$>G8KJ*!LO89qdG2rIyu$`!h^yci9eu|DATIXwc3{dIEjDb0YvdFdswhwK%7$w{N
zsd=Bj8hZ=rOA-1@p6!?Lj-}!1Hk19J37%Y|M-9W$z$`UGMKQpQz3E4-s~YfW*vNlz
zZt||bYu$9+?PvwHcYu5=Fu>R3STz?S9u{-YTSmV^g%3Qx7=o2}ea|b4-j;Go@S25b
zyfsfIvxb`k0^eMEcZ&H;6T-d#-OiZuw^_ZLT_<OPyOl_qgg0$%0`r5i(ox)%SjFqt
zj<JQ;YaAAMR}09!5&U3SzGO(i-6-quH4%KJ!ZpFtUSUT;`D>vQ_O4*VoH{^OM|7Le
zHY+y3f<k;jT@I|uz#zF+HY6>vVaD;A8>&koGRYT7JkEfB`++bN85E4{7|VymH>2KM
zik8U>PI4bJDeJBy2od#Nu9F~ck!(hg>!0>gLb2SdwcXc~xAl=EWjWxY?sles0@$Bx
zm0(-k@qOdIqZNlSZK!#VMH7KnxX8tY8!`=d&_TwUp8=L2wXNPcfk9}_2C>$wZr6M_
z={ah`pWXN+IvMW(Z+267E|LDl(_7;BHPsif$puE|E&lt|#APMM<KjbY*gNCCnZZ)0
z0Ut_Q*NsP)s+(jxAjh#7yR5;1uT*aqzH@mnr`_S-B7{--eumkEcJBUqq7Oo-epSJZ
zKh`=<Bp$$eA)HF7EK}qkP<))R0es*^`HMmcDglEgT;zb40kN&GY)&9V#%LVUjz`y1
zJSj*zJx1`PB;y^x5@*}xTc)@w9%Ag>SdWwIhFCuiiIpb#kusc1^C0M?9Yyf<@9-*|
zi;q~{8QEuON;%7{Sq`ba#VT$n>y6kH8_v3Ho*A6_-Bc9LLLnH9SLxfXKQ;Q@#t+AD
zCjBg@dN>!ciO;UZ$z(daNts2;H0RDv$tP){vVt={rIeaDo0@xu*Ep4S6`YVYv*7`f
zgs)}3?>%Ubp(q5~8h??!c0_$KBR^fUF`{2If~BeM^rweibei?Tq=w|d9f+qwI;vVA
zHWZ9PR7dGQl4it_!<tp$)U+XR97=5P#bSz$oSmRb>j49+$W2qb?jYR)n4l<-7M^}+
zLc8n$tVnm|c6syzytTTdgA&d~Xy^zqt5bPjatn0tpWZ)kGs@`-$8~7No#&T5IVj~-
zWdt!y=2Po=A1uPV-bOcx$r@rZIwC7Zr-6gWc``ypSS;zjeK$!!wUHy+`y_nDT>Wde
z+k`)X5h?px!W9lI*Sg`#ewTLl1>y3{g!c0q{RXd(wZ!)qHK&AOw_v5rXoNVoN2O5q
zvP~Ec8Hy%6tu?csy_%~1JKcBE5)yg3J4x|O3zbBJ4ma}&EJKTjSc^E?J|P=`FhcNR
z%tu~stAY^MxGqQ4&k;^3*9+#y^K(b&#{Wlrdrjh>cuK(^&RdXjWwb^oH)x((>03s#
zQNg4a&*3I?!P8bZ;edro<YuMe*x8{&?3qEvOB!Hu|8=A5bq|d*D=ORqHFJQ=pyP34
zWsMX+;Eq<SBaD@PTORM2$N=mmo#Mc>vW~}pBC28K+y>mFL{LIW`e1E~t#iPBHF4t|
zkE6Wym#Y52bB)3Qw_67hQ^wNjNT8Ld|H&ipi@Rm<EK%6^s)j|fa?AIvwb^6JV^x1|
z*oFS2j4AuN&oCQDe?19IdHQIlzy61Us<tBm&8mNkezhfaeB@Wt_w->f&f}w2aetkN
z@!Qo{m<rX<(e>r2h<HqHaU7PJ2I7O=RZE<)=)#sS(%=q}z_)E+!oygyP1<hq-Y<P2
zGtP<hn?$tER+5l16jNu!^&FqA*sBmKv$i<|#7V^*0)Eegq*;L?a-9$W3xJppFBzc*
zz~z|6^cr!wFd3TgjS2->=j=(O0KiTA-$Ta0`2QDE;`=W>hXdjy4a*FM3Q7OxF@e<1
z5t>Kyd5e6Fu8$paRG5(sBZLh|(LrW&YQ;)ges`X1I1HG5c`3W9D=PL8$d+1>pq+_c
zb#F1ytSt61NxpwWzhouGrjfiD_w)n_p{skc{$Up*cbmOYcosrmL8Gd;`VuXjhE3f+
zBY_PAiS2_!1-GqkEnK>PzZJIKD!l25gONu;n?X>(2F|{<8HYxFMCO0J@^9{oxzf7*
z9Z+qdpx@*Q`|ekLp}Ll}Tr{>gBU$xPcPqRPBAZk=t__I_RjlmeXI6rKzV|add`&=<
z<O*f0URBvxtN`}cmvQeMHFp7O&Wmhq>9{GdU2iQS7MShqM@4T6j{t8V0red7U&eyT
zV@x!RMP8jLlcsQMGz<grx|76kN>W8N3FfTGP2U-{#SxZhEJsAu{Mq?H;Gj?SJOZ)Y
zb-8+pS1E`R+bo!G1522fP*>tiDF``O??a5+5lNhBbw1<wnt)rRtQzFJ!$1DrF)Q+G
ztpQu0EijEOGG2p2Tqh#0cEr1asR*55nVSGY77v^iM$;m-<IuD%r(O$eB??x%1J&I`
z!p&F5S#jpiC7uR;lk;MBez<C{%I2zk-GjKawoa~!ze3pF^V<9k<18dYPY7X~YfVc%
zxyl9(a^QN~;=+hRqqF1LuJbu7PxJdB4S6%hVc^ptRdds4cK6E5>)f7b_QW=uB&F<w
z@5drR(i)fVUXN~J)UD5c_W3ThQN|T9@p{1(!yo_V&bSfje7icRGNL(I^5_#`$N6;e
z%57wv-Sb)Px00)E<k7%E?%Vy&5=GLYpi7H{oyLa34fTH#f6@GGlfl_JxiwV~%hZ|?
zumvjNovxAjggfe~e?sm+y2Z-)nR`UemJDF>*V(Um|AfXi#;m^+k%WI?$|Uf$$ii}x
z>o1Rs9do;$f7s=r24mcD-uDzP;z|9Y49}b`eo%b`^d%1cG%vjvea<OZU*aYY{%yHd
zAG-;g*q_|BR!W_mvT;J}Ci-R>!KKk10VYpTV{{Fh#X4fj>7id`aJ?dx6YgVF_oJC2
za7SY%Xq+HwNBNzlV+~FtN{I9lo-wlCc4g7tR5C(~$GWaNk&87Mz95Sk8S;)bq2~D|
z0+P`wHWijJIT5Co`EDZd8?i5l`TybSETiJumUfMMAh^4`ySqEVCAhm=7EW-t;O-8=
z-Q9w_I|O&Q?6bdnzj5x5?qA(KdaN~9&8nJjJ?|!i_`_@F4QO}_dwdg-!j)2Ccak;&
z5C6~N=5+v5n9h-pqCsXMgrgtk8&0N3lET&ezQutIlku`NL8P%%&><H><rh;1$ivut
z@2vVt+xibi;+c}4PXwtuA_7EY3QY2%d9BMA-RG#iCBD4^fL#q+HKwI=gaUxQs=9|k
zh%XX(C*ldoF&P?r;$CiDEr8}5L@ltIaTPZ4KmaV&Q=iH|d<2z0y^(KriVQs|xrAU|
zT#`qyGKGCEx&%C$O`6?b5yXQJk3#fJTGPb?$WVRzE@YxzHKC^s^GjOU){&&2dr*A1
z5I;D7SW4|*y*|No**exY-RQ|5#90caaYpV(E>7A<y0&4<2fzE~v0kujAG9H`eHZQ%
zO94#cD~Rt=CBJG4T%AYtk&q^-rbr=c%ye;6C9hyH8_dS1$o%AWZlPpNMs{#!<h|1l
z3Tk7rD@2<6W4ga%$SEOr<PHA$wHK7dkyj20Dr^<l;2qo&D;=UgNkW(5%SEv(hW5gs
z&2Uf|!r}@uCef6~NCA~AEL}|j=X`bUZUDT!UWX5aEUPLgU%X<d2ReZCyc}c9{bl8E
zpxAC3H*|%xwtTr&i!Ue#Q@7l38F75@BzX9B2boBLW58#4_f%}q+5GG;op8z@L03L&
z0u{~fufoCrQ_qrAQTAv(xuwEaQl?Hn$i!$!uwCRw__g|2vy#(Wikx8u#d%om7c2nL
zV#Q+JxDqyEqh67eFf#+wjYBtjJd=?+8>U)0={TW{{wp3F^Uuoh4a~2C177nAnaZYR
z1>$3^a<-j9mG~19do(*EdMbhFq_`Oop47;>63#C?5Z){}5UtBDt9&(%ds0}YE`95R
z$V~~Y->G?LE!ZexIG&e|{A>F{E{}nvfNMvVwJ+heL(sUk(D!wLwN3!r+T%q!GxEgf
zQ!LzNDD1D+ye?T-6iCr%<Ck)R_q@Z@ZIWQln>JE=Z7yHCN2%Uw0pU8cl-J-S%dGk3
z?cJU-Ih$BoR8&-rBGTh;roT{+&$hPhb>5qQBjlsiZH!Wf0zbTHQ!4)2lRg2d5-RJ5
z$Mo9$dLj`Wm51LtkQ!6>JaO~b>f<zCGC5LsZG#_hXuZEIgj&3k%j&t5lGwnGvJ*Pc
z^<}GpP@4W|y=L$rQyi*w9&%dEXS-~MNvDl1TIA%`Fl(vjSAg`^9#WxCUMY<E^|w(?
zDS5OM%|bI!JeQ6uFt{B)^;HT;fy^jPbE+4z>};lLOVjSEjff<<Yq@rh_;d2s9p~af
z%`d4auWi3v7$F!^J;HH#_zJnaCq7DgWS?Sofh9mWc=-9lD4CgI(PvQbqg&serQwGY
zs~Yf3mOC?IjyS-b+N{3AAL`0d=IvW1pBMC8%fAFi>6o&qHf7?uRb~Nj{^tQ(A?sKd
z<_qU-))o{EO1Ignd2sfltF=W(7kl*c+AF13c=(momWQax6{cnI#H!)J<MTX`6fpO~
zX|$qF49>2p?kNU3_*ae6FfrqB9MpEVBF}PucOuZx;*N?Z6C+=~sYtcK-@G@XUBK6$
zKl^pL@kdOl8R+~`HxdRa=~YMG!8~9CPs1ypXcvdhwW`q`I#TUtsp87?2NexilnNDk
z)!kd>3+>g?Sb5Kxmhwp~yCcKyo3L(V32K-MWzb0UX%>Q*4{%Q!be5%c+~|8ItM{SC
zVS7#y$`$eY`l)L)kl;1A4;6qp*an^J1dHFlo!-R9N7$icXCndRS)nIk-6v!Xz$)u(
zC;g2OSnKrWCD=g1?4srE6l`A)DtazTIr|`fYo3d5OjuVWY+k24T{y1Rc0cx%?h+r<
z;tTonv!x*8i>wk0g$r+`UfWmWS|{EfqTn%t3Vp?-s(ay7zfnZeoNP&G3BlY9N^LWe
zV_QWd5ZK`K_j?5BJy?JF&JS=@+OhwUGha{szoslR%YT}(DIHUv3TIzNP%@hTZOgKK
zLOwW{xj48#K^Fhpmi;7KFmSW6GjTJe%s_!+|EDjTqPY%+m~yV0i2lzYC@jGKUs+eC
zim<FGGeYNs#w{J4?5`qeVZLFAW!q~ZF}@P6tDL&0kDm6<^Yf_lyf41hmR+|m@rfj@
z6T^bZu;XRPcm{%f6htLCF(F(|D_5h36g2_r(%ME7u@l2qYAi&({hcES@oCDt_w;L_
z)zd@Prb=S$K$IA@zY;wKe}Iww>H`x%(f#<2x}d<ObYA&&I9laCaR5dNr?6g_#thuF
z2RQ@jyMUi5m_$u@6?qmzG@0J(H}Pz)##v=P%q2LUFgyM<UH`ckJid?NQVO}fq&t2N
zx3Gvy^|B6IZTLcs%RiJ6mLiLKCEd0NfAWhpbMjyc&8c8?u~7#nA?XM&Fv@ili*-VW
zWW}z3cumcqVtow%EG3Z<8Mn@k9y#dLoftMQ(B&Vn!?tS$U?_rSk=FUQW=z=`X)W(l
z_7oB1>RVsy^BliQ4-~_bV#+WEZr)#sZE0>AJUf>R|C{}CZTy@4N`n5+fojjj=Yc9K
z8~1<P<WAr%N276HcXZ}uN%nI2=vXDOK^rA|8igP`TM&i^5L8068Qp&re&O{E%5+nA
zV~@ar&_j1yapWbzTXxuce8AoU6hNIPb@HQA6ho)}(;laswCL>LUVOZ~5!N>Az*xZR
zFdF4{c(>?b1_2nzzzR*YrAN-ME|Ef;LIJ|wn}3Oq1pm_@ANMnUe0eYkJv9IR`nU)n
zJv7hMeS5P;7pQK4a)c<vTGZ$Ae05RE^2CoL-irC6sqRn@=il`PHA6P#XCxxtE7!d$
z*&AexXn9NX-Pg5_G9hk${BLl|lc?xl&NzJ_JoB5JSH!iYWyMyA1Z~>bmKi$OrKMW5
z^tAtv@ZV-Du$8`&yB>9h?Voc+kTF2?Dbi{I&np#|W*@E!?4vO_Mu{ZsT7}3Kekmdy
zO);kK8Idc?le!A#Y1sEkr6=U~^>lD7sQKSn^VQmz$<VB*IZ?cwPc9zsV=-Ot_p7o1
zTO#K}sNf}6s5_;r`)s5RZAVHpZ&iD;p_roNWIZy2;?!355NGv4D!0G(MdlvA8RO?5
z-^I`(IxF+KxSkoQcJ`i$iA?eRobTE#Hurkylmx=K#KCO|^}_J+2+XzZ@2QNeV*$>q
zZaL;hCfu~SdjB4^m8QS8(W~@{C#Cnmq$CGb=E;%nCP&4dkG72()2-sX#F)kof21*i
zURrIBL}?$$C!3Lo9Ol;k7guD@@KcESnhk__b5v)&9O?XY{>SU8!N=8*qCGBV{*ZSL
z)t-l#;_;@3go5O_OCwU4%wz#u(&+WPLs80KSW%)PJ`ELd8iTj@8>DK0OidqfAcXPh
z%jUq6>~?)(aG)+k!2`;?Un6zZ4%t3*4+jr>brrwUOw1iUUSc$}jNw3<jcBKYiw0fo
zr`2`YUWIu-x^=)fTXvRO-%VMmE*?Atz5mV7w}^6CYkCoDmY<sCpYI)#i^+Rw*I9_1
zDrY|rAI=#<&AAqM4P;Z~5fKHn8GT}`O$csiB5L&g*qu5XrurL+CMLKJI{MZg!kXNQ
ze@yesC&_B1j}{+hSNmvPvAwU^f`T!@U`8`yd`%Q!In2PIgb*jzL+Q<9hoP~tg=O|3
zu7Z&$aQ$NVo?IglR94G^CXuG#&$~Op#y0L&S$C`u_N}*edV%)v%_keMY1fjDKvC(_
za6OmVCF#esXIdNRp6Xu{52z<G3+etQZRDiHo6r=W%B>|wAx`->X)Ixx4EI7!Zm{Rp
z#eg&wj8C@eVzo`A5@RAK1A3`?0c8#rk>dRRhEeeC>KWbf?6NG&T#sgO>4<cGAV{w`
zW`%-_8?VexU9$F<?4TrYiuN|*mU^r3^G%m2B=^t2nFp?>QkPCqR%^Kjgpy1`IbGGf
z`-1cSlBQ?O<XaUT`DOi$=F)z&cw$W#uO}1%)8C$Njn1iF8{~p)*NSP@o%N}*cY=S+
zLtIM?A~ct-R)SH(ADQ#g2Pn-o7shOu-~1)tR@xRgF-G*`rzmuRVw9*GM%aayw<uAB
z4TBl2;<Va`NuyEwL}%2oq<gaSb=Ws-oB)*-*vO57@SZ1A;dUaLvYF_pYdDo0k;-A-
z#@@0fGLOy2(<x{rENNa7T)be`@j&px=xjtk0|csV+(*eEosizMtt~w8G&7xk@rs=2
zTzjPHu}_JJ(N+N<Z;i@j#=d2%TX^wPX>1>?^6}eIVQz7+qiryO#1kSx&RXKKrz9Nx
zqaGrf{_)dNFYTR)WN#^P7h~<?Q;S|{B#pliWt`e4dGe&KT6Z*!Q}(*ySxIrXFd!V7
zGbk0>9Hx8@Hah(t+Fh8)>iZK$_zw!_CgtvwP2go`;Ncta*;aq8lyuK$PamDSEZy<$
z338c<FWrInCx+)ywbvQI1WR4$41`Cv(zA3!_5~*oSKL;+!u3!VZ8iR;6>gCK7?dS(
z#m^MXP!b%7<gb;MiJmP|x`XPG|A?lKo_!{T1`J>3J-QUK(8Pg?&=O}=?T{j}IJ>J}
zEm|H|!fgT;W9Y$`?HymEJz)oLWn#9g9TjwDs5|1QK<9gcmF51jwbAegs}xfHl{ltu
zr{Q0YqvG$0q2VtKrSbK1uIA+mr-phOY%r6^5j&>Npz#H#q%d$VxG?O$thk+!`F4D@
zB$R)6FhbMuHMQR4!p{4}v14C-pctpV@==c-OpFldR?Yv*u~c)X2Sawn<fiU_Awm=;
z$wkqKuN&gcm~DpHXpz%TMU{ag4$ep;<6dzhcV!(JFg=GQUP6pB*Rw0BVP>A6qhy5!
zv4I5{tdUQ|i;|CZ-G&AEd1tH|0FctRId-_1__4KhOt3Ez;fAm3;H4vB5EBLJR#_QT
zzV3iX;|^GqsFA}+3+4}Lj^qMTwT1D<{y^)4%H8f4{Gl*tZm20Te==BegN_XyzBX+q
z;`TTxj$VRETzZwFG?wYqTK#=ws)jNL*11c*-5K@Sbxf{rWg96$t>uri{Vn1zUjFu)
zO6PlX=;FaGyxVD%Y%THO8vICKV<gg9ywm~Ygwmq?>u;hJSh`7|W)TWbhtK<zuyr-Y
zJV89tF{7X*c;7|(ts<vqgI6N>7;O^st&{@kOPkzWEwzuj1`uRy$s#y4V#c)_kmAC2
z<+Q%m(-cZe@(mpIrpuTN_^DC4k0|6C_xMSj5=5O2eBt9LNSfhap8n{$L%9IUD$WJW
zD5&rhnH}W3=X)SM_>gC92GAsm`PEoW{Ph*2z}!nH)(TMTf_WP=VofANp;MUP8+J5u
zQ$n)fhWO-+^T=$Wp`*-06za#K@!7U97pnfsObub^mlX4=D?~l%Iq|isV6$V1!<-8V
zEGOVM^b1iselGrR(JA;>e+aAw?(PBA&Y1%FK&(B$L!VJt#`-IUmT_<PBoQ6cR$d@<
ziL0d>I}BVQl<-!RaKm4luO^a4Um*moz9te_eFa5~cXuHEs+DB6h_7S83<FmTHPiin
zpHAy{Np+fhEDx#U%z4EHB9V<zR`;eaB;s!3SM|jGM|)=AIlt;{L6CqEaB_|DZQ+<R
zn@CZap~!~JR3?oCf`?>$U7AUuRRw+=DrQ8u;=!4ogtA%ua&6Vu5=SMk5=RIwr@}y4
z24+CI{xq7t0Sh`<b=P7m$*YcZ`%moVGS{!96IR7eE)r3h#FjQ&yeERug7!;g)4w<s
z)C^dftZk_%hd3C?ebhi<*0U2mmS~D;Fj&>It(}4yhqjjtT3ei72{kvhM*h^ys_gqu
zGK*Q*I+vL73p4T#&SGY-JPH+J*mmoa@D7Hji;s*Nxl<Fn2>223i^Yrr_q=_KOs9yA
zLN|WsmPNC9P{ZWAx}Y)r7FH78cO*-NsR18CpDL6>OPh8iH!>hEZ{>#S_;M0J3pvJc
zawNrYRN?$aM#G$N8ZKnmskPOTL^OHKP$_#8YkQbn)xuu}nd)i0vel8?T-<<_yV{l<
zR|rY+F)puA013+PhvrU6jm@>6IV<}`jDFEvK7Wmkah*D05Nboi7whip9|8;`@G;>F
zip;Nv>VX!gs}%qysrJ|7<}k1ld~`n@*yv)JxshdOGszgqUBQyZn36<%0ks##%mGuo
zC>~t98~H5GH`IFlR+Ru2pLyrFG2g_MTIhBA7!+f~wNN(j*@M_M(9*W+z5-chH_ft>
zpE6NS`Q>g+yT{=|q>^p}7fzW_#$ezr#xjOr49s6u{ICJGAWp{KHcFO1GIT4Q2*Qfz
z)xCY?lgX~X$?KVi|Kfoc?LLb>l#L!j?;!WG{_O3S&ZpePHQu|Ta<79bhTqvc{19me
z!A6&%#QKhns6q%lPN8%~?G~Lz{bgvc2oTO-?MwOAsjboe0j76_PhVd3h-6R~qo-J!
z5o6;r`*IAxWJi^Z-KO1KP>7jNmwLF+JFNwk6n)$Fuv>FF*+;$U>>b0NHVBV2TJ(M&
zPH<Ri&+>+pj%+#UIyG9TENPA;Pg#vg8SXm%^bE8W&@k)pPoOQ3S_H3)LV=Ximzr*w
zieq$n$jnRE8YDBJYcM^2*d~c;bY_b;HsVCWh93vi-tYBlZ?LSpmV>PPA-Ym0vY$?3
zDNw3tMr5XOiDk1k*$U<)UfMs6X;)~E)*-y2djv@|U=wjuzV{)n6fhUIz0acX&1Im(
z{yfnkajs`vPT;;6>2=dK%Pu|dEX=bPcVV{vBO&g9ORdPTX?j|qbupYB@1x%q7O*EY
ze)ar0LJ`S7N;igm7h8=shb(|#^v2Jk_6Pne_V|9SK}#^=go#jvyJY#jaUz95v`Gr5
z7kx1vYrpNf$FOPb%$UZkHxt@<aD`!5%Ym!U{;=rlPYeVQ*3=V8f@`~O-}yF1<;!20
zFxa8-5ZHP7`3kSPxh;{$n(GP=@8985Y_ju#2ewJ)jNeWNae{a|``WL?qwz_-e~-P%
z<<H#vtbdV#>;705pDfD4rVuGl8tZb~J;=LC3gI!ge!c?wKMz@E7JH4_<PWV4Yu8Jz
z8*7$2zrV<6>b6*8eUAg^5xh2)dSSZM3qOR)aejuFv%G~w`-wl9F?B3>EPx1xkc6kG
z>i)e7mV{I4{u)RjJg~blu<jxGBv&StAe!5LV9KM+A0$kb>H%pVkuj_B4|TL6fYbq3
ze+vPJ)eOZT7EunYOLw@pZIo?`7NVZb-~(x;YsvTDa*zMue~b5j6;&xPho8lJBq}Ir
zip9n!@&8jHMFlW(GyQ)~&N$1TW-VvFou9;iO$=9fru$r}I1*cb9`@J<al!>udnF?2
zQ?id370$zzb!mKP`jg;uY#9>j_?^PwtldMfzcK%cqkecSuK$bspTz3u-?o13xGXST
zur`#xL|2{kzv+M+0%?wg0TSaa$;q4ELfbA(A3EVr{}o4_|G(N#z(=6{nBk$@<Kw{C
zT}UKM?TL(F2XFE#q{8z-5%_0q5!@GXZ^bniCh8D^O<aKbHqmx*JutQT;q`_$vX0lf
zS;dv&R(w0Jpfv~yok78WsPBQNV&@L}XpoN(fVIUAbbf4X@)=N`vaxc+qZ6fFub9_O
z0iIX4&utRwC7CrEyxXbMYud*hE^CfaqPis9xWmx1X^>f4R^8^J2Wv&1j%R*M{#`Ha
z3kBScb{?Vao!$4I{Jn|NQ>-{HnKGA28?l4EYd`zqYnc?~|6ahxP*kg$#PlhIm*cM>
zeg;ZlR+<nl6vWMZOwTF=-ZkDEjeXg9n|YQa%5Be}saE{y*EsLjH;_2WXzH%Ig@cZR
z59Fesc)B>W4G}h<5K)~HmV)OA4=^NUMQ9Od6ePzgvKKckNl_gGTT%X0g$Bc{{6Nix
zFiSp+)tRQKVjg>om!HlibN;`MNLQA5E?;AT-v&)QY|N4~JR%(F;_Q0EMSKm1c|}YL
z;#Hv(*Kwt*ZfD_TM~_l;p4R>f1qLy)th}uXm>I*Ie=80Wngt9dCg$Km5jS!J4elHA
zScGk=S>icdLLzK$$-ur0rcF859*(*nAdWHD!+UKe+zmwUjWX*yTqPkok`L&iapE2T
z;;UM<X=xFy<aQ)CWimgB_=pJ%lLsJ$#0(FOl&jM%PMUX673;Rh6PnlOCt3f3qy}k<
z?J<SI+}BRIsl00BJbFEC(ZgOB>|3#EWYS4H7eV+1T1X2Dc;BDQBlXAM^SU<9Ap|wz
zIg?WcgVTc3cX8x}%zt)(X_xGpjCY*?-po68s=f)lqqcLGKkGEVT{p(d*6vp&qb+(a
z8DfLs2f7_VDf;P+gAg~S|Eg|G@2b{OM+hsz1;<2eSZ=OKI1^LWc<(J*fd~!=+%%TA
zsJjtdHDu*L!RgUUfFc%isLsaY1mJUT(OSxdl``wq8WT#Yj^OYT_b5OY6oFj=sltrO
z%~i}t(*f13p9!H1#TpB7aFSbqFY_9{qg^yt6V6vf<P<1tc1T_MFh%q_VJR6RC27&1
zJ?S9s3X3VlJX2~ViV-t9u(L=0ow1caFVM7zogK#riEAL7{YpK9r5m3xaAU)8bm~4h
z#br&m-*O^`GfL)T9IFY-nyy|zG`Y1Pfc33Pu|{)!P?9Q^m<Hx~AgT76Vl1Bl7Eu9t
zXKzf9p#qaf3a*}rwq>q&`29G$wroRFx{1m%(+H}0(T-cD^_zVc!J@h(0Y_EoJj{E|
z%%ha9PK^H0?u6OX(LDR<%$pR1-hi7}c}!yE&yOD%+aQV^Uq#0D>2^#2J{^bkUyEQ(
zCIqH-e|L>e>ZYg@Z=H~Rl21S42P{zw(8fRQ(}+}kJ%R-1QGN~7xD~_{M2v^F5LgXr
z3`(unl~QE}8LX60d3{4&YfRy+OmUi*c#yKDLotw5U4VgNI{xT9tw2Gb{}xEJ)dZ6q
ziHj8oK3&GfN!Dlt#};`5a5*2rU^N)$G*teCUE3WQlVahX&ce<|ZMc@m0bhm%?fL?$
z`yB>9P+GAi4i}u&9(;s;MPWn5V%>#wzM!6LllTDk0ZlS}Gadu=tB%_7{Q|FT`<(4J
z&~_cN=+*et2m=3Tv6pLDmd1u111q7iHeCqS@2ok<HP}iCU)gh@09&XAqA~KNzaO=4
zG(#Nv`P}5f+kyQE-8Ys4UlrFrBzI`>!gh!cA>%#?<G)n?aMH?fL%_8tHG8+MY;ms#
z5FZC;6<O?Aoe1HSH$hxnx7KaQ4YE$Cj5MjqIKbxJxw#88P}i8S!JUd%a6>vI*h!++
ztuEA8a}Ng{r!rE1o{?=#OWe~n5l3CK=T3Xmu5zq-wWl{1SH5Q4S<sw-kz#hSfmaxf
zH&rC5Zo0+&!p7cgIeAD!n!%xV42|BR)=INs@@msukPsM|IHRMT(tuD}aYbDYY9ZTg
z6U=m!a<Qk#p}`)yM;~%d{02R`tUXD>_ABu32bsAgRrDU+AaHeE7&=q*8)j?#v1UZp
zbIhaF8&YX}X}V7L{W)+1GGgm)hwYd7yOZDV`n_xqAw)W~_GWIFrVBm}>Qhzr(6Q|M
zY=L!Ok4+@Pwz00DV?o4A&RlAo&dKbT6~;CuE_pwveRvw&HXU=ouy1(*zpD2UOgFN#
z^Y45!mfn*69za6!NB;){uDL<3Um57uSiMu;W))#fl4IYG$#73Tbp@AV0#)JN_sJGG
z8i6nCu19;M2KCS<;rV?@SH)awuVx}LG<hm)PKV@}K55A5SkzVl8LSn>5eY6+<9OFk
z<DralL4-Q{sRo6vSVi45Fr2!G<kfU^gg=I1W!8i&kWhk6b~rjDxw4rx$$Z~9an_X-
z{@uQt&p-ESdV4Tga2Do&#R~t3nrAXTLC$P!|DQ*X*1A0&``7=lL})X2uNIe7T#!mi
zsQkoa3NXGR4LOy@#tX&2e;B>CY^>gW(%h(|I_C7-cdvYwv!0gyv*z5vZ;jEJtnqQ?
zksj8Khp?>_vb&i*Vb>RL`P@*jdFZEa6_`!wH5W<$aaj8-8UAtT;l5XVxzKx<e!4m$
z6P=tfLL!2g+lrje0{8mxeV*1k^SgTQb9R>v&ntUn?{-lst(P(O_eZ3W#&ll6vTYaY
zgRjR)+aEroF`KN|HIWsxmy`2qT!6de3Yr$~Vq=16z`;K#K<Tme?Dx4El88kBDV+)6
zfFp-FGWY<n1JEg{HRbN}IiJeY5xEj(_o&w*tAA05LI)<QL<Zp$KI5ufzom0tZUT}N
zn`>@ex=svd>UwtU;Qqswxti2;IRylFtIq@sI{dBlwieNj69kP(QCWKBhj^<ET8#3`
ztb=C@vb>aeR$Uvazk<JfS)qaofoDpD4Pq9dJz)iWUaSG<dHv8qW!fsy0vFOCRlbV8
z^6ZVy&i5ki(EcjBj`Q2c`;DQ926!)`#+hn<!i2{vDsM~N<Ly!p?mJj<KCEn(jhoYR
zC<buZ*SOtBqKEGp01{v9;AQkMZ!CNLvY4l5#R_>_eWW4nz<#m{o#uW;p1{}H=kMSd
z1U3L=DvJ8h_t3`+Bb&x@8|*y%<srPb>Ez=Px3FXH)Z)<?6hib}B^R<5@?>r^iov|k
znYs25M~3=2gH5$%EoWJDDeK^bTRO7*c+%i>3|M)~-wrX~M2^B=+G!la@yAT_a9VUJ
zC9vBuuug-JRRRp&wY8!UEf)-QDe>6JRa61S1=!`utoG&nbbce>=mOojQKj=WR|#A0
z_`+4}hYUJjiOlJjqO5zm2Kr`xQYc%+T1(-!V!iEEXRqi6Gne<}XD>3l^U>9;b2o%v
zRK@Gg{d2qM?_H619Dl>&xd_mwXQYRfe6{)s<LR6WLS}3BRg^D8WP*ty5-W^g`RIUc
z*A}*8<WeA)&kSo@wlkC`x4+QQze&h%Zd*JqEUD8Zrq0;2ns^Xmmh1;oA=qnO=iZ<|
zZF+BNBhNf+>?AMxcO`}wE|EIXqpvv|x%xU!pVrNo{Yy7c*bK{d34~mkmrNUC9l}#p
z+NfT5m@jaVVUn8&ushoG3M)QP23kOmqQp|p^`Ce6BDueZYiR3C!G5vdK|U$<1b{=M
z`t1WgO;6A?j+lHGX{*UvH|V;mGP>RAZDbi1el@@A5lt(2Uxj1YFoTQ9(TsXxJR47q
zoHl0ZKxa6Q+J)L4FA_0iE4Wiqxr8fw?GlID(Ql`HI}wH-F{5Q)=?6VwEbf3SAvpqO
zBXiMZthfW8H%KMlH`N#QJcq7|Odry(bTM(1$Uh#!$F=dU1@+~|su<#}cbZdaj5<=w
znC2raQ99aFlSNvk@H)@-r`l59Agja7HM#f(Le3vd-F+t4<8BVxyLo7KfB#v$4#~@y
z=f*aYLZCBV1__z%2<M03L5~IG+(kgw))f3@A#`EU(vS-#E}B@TN4DHk28F;}x(Hj~
zo$}vTI+3U4eYv2xeA_@4As_;)`upmE7iF`pICQG2i$0Q?@{7*f*Q$zs(vcElWRo<6
z68LdXzT8%s0LQ_YvH815;vx8JK30c?lJVq3F17>lq!tvX3Krb4n-3tB0<rS?T~*6|
zKG}JgOJag5&E?$#@Auj&Vb|N!bJ>cM<;l&w`D1xGd8L_@``TnOUIFBO2iU~xAj!OO
zc||}3p&Oy#MK;0nc1zo%?Dr2oz6z9t;)m8}fshY4D?%n7m~k9e2+<6a$33n>&Rv8X
zRb)F3YK8a+sOzC-d14V;jp<#jn<Y>B?7oJyfh(8Y;{u~s=&>I14w(iyEg^BPq<eUJ
z_+T}C41B2;RxTk=D6!{s#Gr0-sASELFBoM=v;PV4pe!l1^Wd5(ek!1j;Gfn3{|0v^
zuKy11g_@trbB?c_ry57P-3Xz3e?jS7s8kA;euv6`A+wDQtgHwmSTUOWKyu+C5!c3O
z{7u?JtIV45bRg}No8ofm_wE7S`?6JWJk-^eq5u~f&v3wn%k&iXgE7;s7gBBVz6WNP
z|8bi4FPIRGJYgdSV9}6V^>M%Ed-Q(1<Ad4Ypu%(M1yTqhQbRxreS7tO-{|cOLi|$w
z;Yz8(Ryx`Q=`T%gmb4HEVv@8H>jq)1RhYzDPd)BsCZWYFyB$bI_qIQVT|j6jj{F7M
z4gb~}b@_8BFIt*hWa0Yf(}cl-)Hxkgltm`%p3%|f`&j2Mz^LC3wlm@<u;xw_yucyp
zpb;WfD>P`#*CM4Iv2-atWPiEg`}#;rypi3ih@?Uzm>LQSNp(oJAGSCeI436T4o%KR
z?Kb^oGzDWIlHO9KiE5DZ?z{8kl^g%bbfTM;%CGy>A~rR8?~7|;XNB~-+~VV=FA(nI
zmZTPkI;)Gefb6Bndh{{A*8IX;Rkru_cjL*M^B=1v=Y8jiQB*;Ol3(2<{F314=%q)s
zgF`IT5wl<3jN3?)*};#ELA1C0cz1RQFE<6=bb0dJ0x9TmcCE}RW_oDsU)3UKTxYgm
zoSz43nU6igVVP%U$n}32i)<Tbsp7O9;~tpD;|^W%15?EP<73w-)jecmnEFNd5pr4C
zL%F>XkU*ku2>*$f!fnM(tcCP@#hA0sy6|mOg#(?<q=0DV-ioyT-nRMgJErZQH))#`
zXIevC7UH?NNgL@~U#|RT1qKbWD3a;S5R+&xPtdOr2JD*!Lf_QJg_;~XKI~M9#Koe>
zc@B3B09n`bU<vJ8$F$Q+;A4NPc*yFG6Y{glhYmq4@d&O2`Gl&dL5n|kd);ZL(L1MQ
za;SUq>gQLXH9GYY=~bN1^(ESvZxBvJn5E&{ywu7}AKnd5F2}PHV>*0e8tcuf9~qq|
zNf|1G-P$4yA@X~bT6LqG@m>*7XbaN1$#9Pa%tnG7A{!mTGS<TiB{W|&W$GkQhL~ZE
z5f4q)tiDy$&zD(E>CJ#GtjLr%&R;VdYg)P=m9MzY6rIk&MNQKPmH!z0^XOD%_>FS}
zmv3VMdKT_a!-gJ}uKE|BmZ~IEcc!=4UX`|a_2XU4^-c!3gvfG~Y}17cz2BV^MNS(^
zz==L*H5R5`&i8%K3m%(6z0p3=8G587I-6oyThy+@M1H-Z(+c}WdrAW}(?nygq?N>E
z!SixwDrPuix}0jHyoM*_<W7c|J`2(9h2T|<wTH~m>YmykL{(;0SwCs9>oA5Xjn0pb
zPLu)`T(ZPhU|M}hCLiEGG{Eyg3to2$HGYRFjQd+L=qFrwngpUFtMtp7VmGKcb%3lV
zHZ*`|W_g@$7$IJtZ<QJ^d9<|n7v#F>V>v~Go{-;OWIE<7e3AN+^o2-C$Zwk~>Zz?A
zgzJ<1D04mP^q+_W#=@Fn2=y6qkcq$@Kf}*|EFV8zME+a+I<Kb{gVz%GquO9*3aWqG
z7eoZy`tm!}3gt4(*}6ZWHoH~VA3COu4<wt|kzII<`e?fmi>MssyA-;?xGTs&Nwacj
zX<&o;*`PtDKQ*8UY3LITLs$T#FbfnyzU1n@O96mjDv^j2&ts@ba1@|CaQjsaO-9-l
zhE0OYIuZft<JswPbsIo>dLhO}E<j-Bqbh84pm{oSg1?LXcs<PyCCo~UMf!N{>SKjn
z5sMP+nSH2qmJy_~4t9~2y!pG@LlLK|47G(CIN_(o==X7sR6yY)sg-NXJZ|2h$}A^|
zJThofzo3CjX(3mIp%2(~+7PDp07TxLf|#0cPN>_!r<y>&#1V5NiZJsOZVxvv>E>#C
z&OVgz{rbk><NYCfxG*~lsjEFj#rH?UC1GYPacZJmqVmd~T<4Bkwa*W>Q`%X+PSp>O
z$6G^#`jQbsY8-Cs`?*jg;Pq*DdYtcEx^~L@*K)J_K%u1gIxw@&G^=^6JKe)w?(@Fj
z_@JX0lg_S!wHwO*CdnAQny2?<lNWx=taG#7_3@fb2tZl)<`WYS?sGM5{MvJEsHJ&R
z*azrg3l#J&miN@rRqxDOkJc6zjw?Rj2EF+I+}|0%)m&HmZoJnC^ff2H)G6M1C8fNK
z3UYdCg^Vo%MsH_L0xRw^T?AF^xGM9F_w}>&V|RU7KJ<Y4iQDR^yWpZ*NmCcmqJMkw
zx${%YD823OQ-`IOS$e&qlK$0k?e8&P0&BtSQ}f1q*Mw6Q+t3GX+iUOinmNf1%(FHR
z!HdN0*K-IWvzOE}2|t64Y+Qq&e&_x4dUehcE<KHum^&~8FjB>o%sVhr;P}lLg@#(3
z)R72D0!PG3hMAXoV8LNc6|9%t__;L1)@DfqWAt&Rw-@P0?db&X*1R($Y+LNu#V9WF
zh0nakZ$1{s@?iTg5Ln-)%Vebuk?SEvHRc)3!?A8V3ybMO8<p96<j$yF@0n9wG!88K
zb+k@%@W>xk$-baS^2;fffDfKydpiFq{!zYYfDP8cIA?|aB261Yl(f{PiqxWw&FiR_
zJA={QZJVRF$~2pe?6IUuGh0SWvdB#C&<s@ON*6fXB}FJkI0}ODA!iN}shi0RiEMRW
z#~e(&)=c$Iq#b5xuO$A4ph{FZzM3?{P^K?iBCSOkQRB7RvGrvmz&c}3uIrfK|7T8j
z6*^F0b}eN*6N6fl{~|psu<DLLoaXUoK+9x4ci01(Hpd>A`oiks8aDI-G>x9#4WH46
zO4WvJrQPHY+r2lw!u?&CbSG=DTTrhmJJx8OCoi|;>)qe2+NBL^HD59q<!%;7+`UDp
z5#`;vu*Qn5OFJA-09ZVCadW(*G}P+7picm<zu}feAN~IAn!rm~l7-{x10AwL-+Z!;
z9c4msL;1?ueu`Uu4P5IUh@8U@EIS>t#h*>@rjgAlpbsW-d%<B<3l)N|PmCXTf`o$I
zsc?<@P3;zQz1QIdM?py9@iQSP$}70b<CAOq3*1Y5L#=<Zff@GY51tFvtJUi16flG8
z0|#WIof})N<BgVmY|o;WrTG_xjV5(6d&9)8JtAKS$h|y2d8f3@NeM56rCp{@AG?AQ
zQ?)T&18=xm4fcvN29~~~;>{9xw+;%2OQJGZ88Os5MCBHYYo82HD`L7PVWw{rCyCq9
zt^^4rNq=8X0Y1CUjs2f)eLr0+9e1<Df7J&E5Ivc|8~s3^tCUaIwbbaqlt5_?{nN&5
zYyB(ueF>+#H<ZgMrcKZFsTUPDVpkvk;dty48n-c)Vn!^=t_g*D_RS5c3;$@W*YdPM
z@>Q%E1&tE*0`1Po+M2%Pl}|Lvp{{|S04vL4<4E+p4cIlwi|zNHl}$;V*?J3cdjsLm
z<M+#k(GZbk-QL@22icsaK~|b(eE8zgbl87o$1eq;So!8lw+h~MllA;9e^|}D@duH>
zpbxzLs!}Y8;_z6a&pT7m-YNmOJiZzMU1>04mBMae%*|N`tx~+iN7$(8FKu-lt=Y$8
z#gD7q7yt<1A+-q;UA3K5n16sjoTUqApeSp3%|d<Akfyo0<EUv6{(`#x1@=e)-(KNZ
zy`^2j_^J2%<=TQW2J0rIsR8Tk3Z>oIio>uPS`LYpJwkALB*~><qFiAD>Zn%=-%fEr
zaS0_~O3%jPLceXPdE%M`>RHqkLNTmSL(%;gE;wJZtQ7qaG4!8;DL<b+)oF4AUMCvH
z8=wU(K|p<)OhUTJ4TIA*ooX81>mPd4Mv-{Apz9~gG5sg6r_<k_A=2#S{9SDM@-tAa
z^sL&ntPa7~ok`@@jY>F8u;XlyYw597EQ9S}oQq!j-b0f4n}RrS%@(Q!XY|tk7WMK|
zj5>VX@n)NivwQOvEVeAq6+kBg$qonUv2|AN<=q7wlX^)zMyeU8H*K4Hlu&cGsw{U#
zOqMOa9=<YB?E$PL)5a&l5ml`>HD0r_s8=>52U}quQCUNabsM|z+ETQG=oHgJ#Y<M{
zXF^*$eCflwBdHBb>HRF(?5%omO|EE{KS3HlxFE8EG`V69R+e(56>!QBm#f#c3wmWZ
zWjR=WN9E{Yb$*$wsipW<Mv9-v!qBnYFXJxRf1oGfSKlu)aRcX;rMmy=<)_(q&q=BK
zwiE9VUS>_UCZ7{b^fET!d)0o4-4J}!X6CG+k~}BzSkkDzsIoxDQH4$zu8VpW|5td~
zAsutsX}PfqoO!$`7MN@mknL-8yJaP_k-xMGaAT9K2{YRKkpSUK&All9-Hpps>rF)E
zz94S}%2E<lI8$Y0M8-?F5%f*?Rm|h-FSAj+DGQcH*GZxS1o{W#F<XSGEcdF1b%*Q-
z>3u6k`MfEe4m;7%AK?6X+~5NEeDZOkzrL3!hH!y|+WledUI!9U1KZY#Y?>{O50fKm
z(|^pU$Sb@-KA5T27N3-1<CNyv=yV<?Ty?PAf741GKu!Rx->DFkJaK!laQ}#b5(crl
z^eCeJRh~X#-5#YB4s#TRhWsiHM-+_)f=2~{;t!TXr~+~>jJQX|OfA=(w?k2~(JBpr
zX4&nq1=<&SM+6}AHQu`CgPk7p?gY%Tk=y>(Cll358ukCMep>{h;)BHhxU!rjl8vDk
zd2U{xl%X&bdC=CW2JG*#s2@a;h0`i97=PQ~$aF}6o>kL%_-jNJ8?i0K&@Wk%-!BaR
z2Wceuo~VUwU!;tPf-hhDVc{D|o)kj}cnj7>rDRy2sx<&S44|Er8hnZ4LKaoCPu5*&
z^J(^;dtqrQX?fR`%#dL#@0y3{Cpq6Ijdk>wk?>Xz(h^k`y32>pAX`|fyPCL)q|niM
zU^1kN4cZn$>6aYN>qp)wA&iGO7mmj|v<$(eT-yu0>rrsU%9BC~0hh)SP=SyNa;dv@
z&&D!V+ys!N5yW$>e|P>Q+cYyVigQaMd&AR7?^P(CT%95MePz&8*rdAC1`j;YX-Y^o
zqVvK%kUgpSuzTv*QdLLe{!YL%z{q#3_a<<BP&nt}R*3S!ey(+Pi;&;%P<}lV8=>bI
zjN4K#{;p0N+J+wZ?I|qRiEk0*m_*!EIz)lTFdv|7`I!y#&}+fJ9en_$vak@=iDkw%
zYrAMBOM~zr@~p<0%dPNKZNnMZFU9U5hs$$|dla|K>LAk~qZ(@1%Ub4YyH2iPF@Ndt
z{hxsO*N|TZFH8HS%^uBI@y#lagfyP*#VjHBTXJIMhB(8fKJy>j)Of61tKn6aN<A&Z
zTYzyxbMVNBXELnzJg&-3ev&|Ph189d{%cL9qM5X<wrWNU<$cHep=&_1hu5)4fMyns
z|F?uah@_L%Tx1%^;Ft~EP%e2<YVFJg)GDgpPnK^O{|f!|(J3fwcV>Zz$U-1K!c?&2
z@+?G{f_84h=5!TdPBRZAQ<VZJ9~9}=P~iJwRHecfRRvVt^N{({?YzQl%yQM;oz+b$
zta8<54VE(kbi=dz;WG`zQBOL5#IafPtG_EgM7Oh7@p=b@`*n#_Z-kzLV^3j4BD~7f
zl_<rz%nC{{{aiClyJ0r_Tu(t(S1YZdyFqR^V3QWZe<$H%VbH+du)g#V4E9BiB?1(D
zf*6M1J})8*S_ur-?oN=#sW8buF-Rb6DC>Fta!V{I-&5%3!c^p9LUAP|i%@JG=J_Oy
zFXlI`SO-&F@l#%X;fYXQ;tl(gXZUcK(T(V9kD`Y}es!gHiJS!`+*TwN!lfZR3UR-%
zpafb?=%=q1*^l01b=Y5LwnsS>K%Nj<H?}fGdtn$cvg+vUrZEW;e^f35T)Cdw!34^{
zUcq$x3rXIQo7hn^fB)ksEMH6w{N9nPmG7S(em(58c9Y^r9scLpgqv#anTafHpW~{t
z;Ppk%ydQnhHUe>YqWnKnM<eKb;9#;5rIjOJU==(!TYeW}-Frbr4YyGT1GF%dxi<Xx
z!`o<M%tBv_r11?_0*t^-8ZZ2`DtW(CS%)$qst?pGK(Z<zTu=noY-bb#Q`UOTkM~pJ
zqLs2HcTNvA+l#yyQJ}qI`o6tOm0|PQL>-P`UPDe<^`5pN9Yx<8$=ohkQK~&2tsc1H
z&+_?0A!4#OZ>G0sQ1!hyfc?oEsdHDn^W{TX`259+l~om+YW5O+yJ`z9udd+18>1`7
z!~XHAwUr`%!j&wDHnh%qy)#ReND9xXC0FmCs@e%SgsolgB}@EGFL`ZtdaLBvB(b7=
z-#8{=@lPdE+=R)}uMI7`Zwg9Hnqe0iU{AeI(Z;c5?g}c>d449u07tm4Ll{?lu{PfI
zL^C>NuD^YCr|okj&8E5)gA%ky<vb)Bt18>XJ~NeQ=>AZC%4qjf<(<EORyN;CATLYx
zeP2+e(F1-?v|-(~Nzz{{*lVpnU01pX6<dI>C-;#Y6q+k!>71_Iogga6&?jB;l<}#M
z9?Ow&@+d|g7O=*J05=7cYyD($N0rt~%xF@fT=CJ{nP60o(~x(fv$_0IJjP)K(x2-o
zs-iMfOw8ZqC+RVkKm~NzR%v0^OF`m;TD3MDI-zt6r!0?g!sp*$Bw43bH}_!EBmG9(
zr2pOyCrx6Uvf8zn+Ny#4nG}zwW^{dE)1+y31-_k)s~fZfjoxE)n5$Br_hnVCP@_Zc
zNAH+Zvkg6q^m?+KtTZ?|bUT#2QGX}pn#omg=X4}-C#QX4JM0WtGMwt{R;&Ex#=k9^
zTL_cnvMtyj{m+G?mVJDcfe_rrp091HLP5rV#z#W9ywBkJzajqtq2Ieq<J%9q<>ee;
z<02&b$}_D7Cjz3we(mGnrIqeBHEYb}+o62a`h7BcNe4IDIL)eV{`iDC67(hB4c{1!
zMmCXyXRa8nHCLM`B5LOKJ%_RTG#i39=eF=%tgZJc&L#q+8!O&Y)Z-S83|_m~TkN_8
zQXTIu8anC){<{03jz-u|k~VC_GcymMiGUpOGs9fRtnpBsXd|PAln;E+A#a*uB>dbI
zGS&=Sx6{R!T}dv_;d%m$e*k`bg8d*|yq_;S^5VqJ8n)a5=81zzBxaA}(XYtGq6qrW
zEK*`_KYPYv6`AEju|Nib_52(SF}IXe{J9|7?3!!fi)w<`4LRw~5HacB+5ycae9W%T
z?=5RA=&r#%b9m>geug>kRl(NITpNNx^=ccg)uI-T`E}kcCd^FjP&@}^C<R{9gyBuN
zUvmt*Y~bk*s`?))pIa|@;!O0m5O0V(fuC3o!qJcg^gYwYev@r{4(t>ax+m_+KOt_&
zVT)kv`@dQBIuiYNK=IS>)4+Q63IBGYEd|!%eZAT-HSZjZxf-A3$3$mo#w7la`3@!A
zqu;W$Nqb~Pml0ySwP{jkWb+a$@*W$FZgsye3=ybEnfv_v5iS$K!h{5;W8$#R49SW-
zQ-+lX9n%R<V;WskhLwo^`G{ZO9nojTaqljO5Xmnb?sE#X<tL9CEVg^c^&4DOD)WWg
zVX;T)$0YlrR@gao1Ua0B;fntnp^Xbq7~>tid>Z*ozxMTrVv1lNR!<u^UC=DRP4|qr
zK68$I6+D#M61?ZDUYDglTGf+jEzWH%pW8<EKSh3ZJ7^B-nQnNMgeWtrvOo+Ny4Q0S
zjheK3l_&6U0`p`$xvZe<8fU}F2<DwXf`q7Vcps0cT(>KKPBmx5eNc`#((H-|ji+vZ
zu)H}!qFA6?mo|cWSPjX|dOEmnjo$$i9WXROk_;J%JGMoiZ8~+YCAnGy;6#|*Rh2xx
zf7Zzaqf%-rgH-1UX`7ID0s9W^edmQ&9_O?6jlj_+uYTw5VvLOqYZr$=Mn{?YXeV@?
z?%*b`nN#1Te@m;!5&=`%hP%&D4^(#399`DB)-22qS)pC7{kZc*?b6vcFOS2U^rOTm
zq`O7y^)xfPA9pSYHYIOn+BF(Xn|b0d>;^1dYHUxh)^!I+kJfckUvTC|fpm<w;+%k3
zHkDG@C#EK*5h?mb*rqHtWp<U{LxF>`>yI~?31b(^YWs6Rw+2V=WrDwi0!23lm7k)B
z(d3?<JUZ0X?PM?tZ@PFs%&M*?y~wA~Z1mqAKMJO#Q?9^2$8b;(!2e^e_ldh=;rMs5
zY6AiM%RlaVWGVL0;Jqn^<>JK2O`y;KH_Ly|=L~4b+pjVqbi8Oh@)4C$h2=p&aHHY3
znw}Et)VSihNd*)w8RD+I0pI_mRFb*PLV%l*R?;hz5k5(cOv`jqb^{rp+ZmMBD-%-(
zrEvjD*XZPK`a8D)fMOJdFai4V0<K{O_@NFMB}l<6UrD17kl$Ev|CIZ*_G;DZb*&wn
zxK{$HBtztJ$|NO(dvQ2)U<E1iI|legk1JC&YAgJmBW$3+l?WtXI)52i?9xWb!j#g+
z%WxfjRYnu;ko;wqK;W$T_C%Kv%;9Hlpqqsuf<+_GL4gXfwJ)8|oiW$~mJ>!{?TWQ!
zPwD-EJA%3lpmLk~R=jn6R|iVn@S8k1;T@eD8w+1#hb{2dWQ82JrLCi*3z%YHY?^2)
zO|)WXox_Gx5{nPpX>bzyWj-A<kvee{nSP9HdwSC-?c14o#ommgWBeO)tA&V1(x*)b
zw{<4%>NV0DH)_)3VDM`Ayeo3`L()rZm5Ly?9@fVmNV&P9ImgBJLJ4O)HBOrB@@dv;
zKQ33J{S869<6r5Y@_NH3VTsV!EX`ubFj@;+f54ms{2rf(_J)LlBykAbbU*DIayP)d
zDf3*iNya*1<A;6-;I8K}9hB}-7I8)K6_bLM7m6iu6zPbU@rYQHRLq^`W<rLYTyr^q
z^Z?la*uq*4n?0dzIE;0(S;klM;}>LZP;{9iXmFxW9%|h#i5r&81*7e+SFSrxw5FK@
z<0Hor!YYRSz)5?NSn7><0^jA6J%@Q{?$2Kq3ftltPu&+vgIvEFNDCSMo?zML-epoN
zNq)!VgB0x-1(lVVIyG%f*O|`1CnS9NqD9LHaG9<QuZspl&da(N!&T<Scb=(Tp$LY=
zpwEx?IExpGF2K#T^g^C!3W>^a?|)gAokE|ViI_r{()P!{(0t(=;fvv(%n0*Y->YgY
z<I){0Nhv=JkB&}ny@co0B{=)h=IX5EK9t@~!wI^mp;;R#;GM;eaUV+RMk$K!oNMk5
z47nxjL7TG7Qnel5r4-@jx0cdmmYpy&9;FWA_#=w!uE<_Y+^x1f71Ok&5~rc{SEZ?~
zD#O|RxIl5}h1}bK&6O=teJwljiMuR*^bO2~Y4JlOIB7KrcMj{PZJF*sj*ZPVe!*C#
z7YL^1J_8}I6CT8Kk8|xp!oVq5I^*(Y%gV>Y$7MJPNHSpOeqR7#dG#FF)YI(<5&FWL
z&W)aFcIbx+ri=gmrkT&7M$GjJQ?Kgo^j`^wqX+!|AWT_4QFi~h!F-<aeVSk<e*uRD
z{#$gJq$V4I`#Jjf`B3Zr)TlF+4T%+97FpJj$w{0Qbz9Q%vKX`b5LEkNN)bcA5{SAw
zOX=(NMSI#k@R>A7fy|kN_l?CK3Quyn*eV0R%%l2r0>UjL|Imb$8%1~|Ss9PyF(-w%
zS&A5B^#Su{{*?oA3gG5~`feC;)De-I(4Xi3yZy5IVEZTH*{K0*dH#V_JFMOr!>&Ub
z1peR&OZXxa1UN<@tiosmRj7EH`sfx}pi}K)I;#xfg{d;w&@Y~bCO`IET9?X^QHYB3
z((AsdFP=onczk<wU-_JBVgRc;?Km3a{i)#Vp+I2=;sWK~3BXBLr9U>KID>yFkjL}+
ze&6v!i<;2v#ut8z5@Zw(_PP4yXX_uaKics}BzkLmGmNd``jhCAW9!|227kT0{c*{^
zy{SF@-lw|~;n>t;TaRA4eIh{roTPDLJ*<+le^I@v<$PN@CXq4QJlF$h?^!dj-?u#B
zI7Y2SzN(#7dH~^*&O;l>o77pB1BbKfDXK#Y9_shB0{5-s{J(b@9?unqu!8GiH*%3g
z;Dp!SYC<V*j+NT%B1_#=)39t;$|t;jHjvi4efQKB%~FUw>wZbBk6J0<?gpNbTVgFf
zg1s%xy)Le%#V=;DmtTIKR1{qQwRCxAt~r7sP59Ax>r7PCClUG1p=CivYbnoS<)j=D
z*x>-90U@dW@BxzZMv3#!5<>g55Blf4=F>d&Kg);pA2T89PeBlC3e8t=T;L}PwQ_f_
zPym{ICS@@$-KT4izBxXcg|^M}hY)p?nS^s3V_T!44yp3aHZi$Mi2B$I)LsNKn)6@8
z)xMa6(wWhOWR3V#zJl#cpDdiyBqWn|Yj7G9D8x!=b&wU!;|6tP?Q-9jo7xupce@=Q
z!isBc?|XVb=5QjeA}UZ@AK>G4qkSWA_WS`z&!;+3i?WYlAq?woAkd1f1>bzPU@8%U
zm7956tXREWum2YE{_=mgddKKWn{I13?%3?uw%xI9+qSdQv2EMv*tTukNykpU-1l?N
zH{R#`t#R!dRkin3d#yF+no|v=K9v|K%Pn2-oaibRmbozW+tMzVkNP4JFR&3=@nDe-
z8>L+@Y!x2W#I?+9nUNy5fsV66UhCLed*xIBQ_O%HT8Xd{?FVf`^Y{?#AYk5wB0q*u
z1ggObMd<>yUg;T4>co*3$@ha?^Ej>Nr{flbBg0D98+nijMl{r)o+qT6^>&Dcx}}F+
zPiDSoSWee5Zb7EYtdo_`o14w6PJ%9OHa*)$HUTRha~XneiX5Y-y#Ar|^(Zh_28iU-
zpOGesl&>wVzn`r{77i&xHUPdCuOd9OWtT@*Ud>gY;KWFzwZ?ror^DO)-di?eg$j6_
z#1C0NrCQ};QI4BN;xIzZQ0pm7O)I7qz_M_6T~ScMfH>JY%#Cg=0uQ;_{t}{`GJ(EL
zNRl;}MNo`8iE+GCXALn<yLj+sj+NBzd04pi@<r)}Ph*z7CO@FpVFFYSe3qucuLMo~
z38T^QVydw~EOU<E`cx+#9ex9s*vfPSMIOd3U)A1s1dek`u)SdoV@d5Ds#mh^=O2@g
z9yF5ehxk9S<``ukmu!&nhJ`S58*hy1YMGcs(a9Q_KaQbL=z!&1qgHa>;b^D@a_b>h
z$DU5psSAa&=ui{pPXY3``hu|OA=e|C#-MOMEb7VHSBO%Z1@hQ;Vdi7Q&OwY*u+bv%
zboh9Xqb#(wqeY=3oLN5FHoJVfsiTWS;I?eVf164HSAr9drtU$ih-EW}SP}OF>(vK!
z5?%7rSbN-^Hc#VUMM!@aM%v(cY^_ZW<Z)M*MMoAy2a?A^=K+h0+EG~Lh6VP#AZyF_
z3!Jg36;TUDJz2lt6p?_aVB*=Kiuiy-(sNEjP+HEd0qxn~m20mwP3N^EU-VAoGrU&3
z<yX6&h1u#=WAeOB##4i3Q&LIPPiQmeDpquu!Fxc(gOYmkg~uQF3)NXWP4R=lkwp=a
z^5`(~qmZqo;()X<42?qubYw2G$UGpbdI=3g-1=(u(0fugHzzgbZ5ZegCLsi?=c4S9
z4^nWfBk6P|4|Q~-qAdD3&heGl4?|r~5r+d*PX<NT$v#J45ysAOluILXVfsVEpyhEY
zPM#?p^^RyayH>)z)=kF5qKJ_W?=Ok9CdVe{pIsAHp8%A>g+8CVS07RmuRlVR+}(N;
z5#4DH{mEA*Ft{c*y6BONut!gcqpo!Ja^Vx>W5>ex^lqnDTVGYg7en2+xjJlP0HOn3
z{KQE>s_+juxdF#YkXR?$uzCMQQ(h1PP%Pit6&Qs2&KGq|c1+&Rld3EF0{X3E<uhI{
zGLy{?ST>NdCP~8@VwJs(!4&*HK7P$<Xe=H<7|pedeOEnlRX0DB+G=88yf)XfWf(sn
zu!~Pn{c3iXe{Z&wc5G1C6u#Gd$P|V?5MdDJ|M50y#{Z6j{}l-6;RX8^2>9>6$tv|t
zD{RjHFdbnOSmq){{q;}8%;|j`r^Q;5z3h`)a0+QpKfdgVs~YC2J6(`1jm%hoPBxqR
z!ryCdVG!uy33%YI81Q?a<8fD|Hgq5lTgNpu-+FvASK*CU9)Qt25%}(5b%D)|g3POk
z8dL#JUw2*YmtAf*JU=SbtsXZ(F$*C5?@&2&W3F@b+Q)e*HUS?s+@bjjDn86(9wZ?1
z1(-Xl1Z$sKAp+o%Lo5d&;H&7jf@8wnKBT5>W<aQKJA=P4F5yQRg~B@sp=ZzPCuC2<
zG^nA%J6`ug(za^`Y<`40I+qDAd&vJP(9Q!u>}SdOXJx0>GOdqIz}2hrnL~L2-v9jB
zyYWyRz!54(K9R$fZk*4QJzNf*sp2u{dVlIW(YJ;i3H&{)Ww_b>7I$V?Ic!|JGCh01
z-VPrLnOgpkPZwrMiWziJ3G*SF*wNkUac4kHb`8IoLS40M8=!`*m@A?KWYsIq_w8>s
zb2cS471)St!~S*Op5da$Lp?WPe=vUD{rUWU)AVZio(`|w=<f4lV~9^{?T>5lMR~&m
zGyP0~+C%JTmM5f|+aqU=rpCD?Ux`U)m-w6<jzudjV-7n2;Mx2ke`oQ;xO96%gqCl2
z>lPcc0RG|-MHFxD1gu7kpI_<WE&B#Yoo=OpIexdO(Ljl=o3F<<A>|}IpX{izJ`klh
z)#1zG&1`BP5zX5-cqid9=6|PPpLOTaawhYc)D2Tu!!Q4Gh!)|EtG+Jx5!WcGc@yh0
z0ifu`r99228RX$xRYrSn9{ZTPYvw%4bcDyy0VMG@-f<2*8HA!&X9iHLq%8mzC11P`
z@>3Z6Qkn4|j9s6n&3;)d9Q#9Be~T!hN2%cvSS1)4yCt2W?u{qp>88zR9%P4*5vlCv
z??o{ZS(g1|?ZHP-8^0TUEKU#v#lYdw@5LWD9P5*(q{Wow$w;>HGG;X_sFkWmY)`Uj
zO}>F|FOdP_#x=FF{)rq(fH=VU##`VAGG%OQ#Ska!I)(}R{b)`IXQ$`3xiygs)0R*l
zVhpo{%QAE^L*UT8Zmg>G^?YoR9}Ro-Y(WUpU*$h#Nx)XfA-jbFV@lloMrf&wSh1Gw
zngYUDq-{2EdR>6G*Vk7Y=Cna&Y8A^ujwsYWhh>;*ev@mBX)5E=$BqEci8gC)H26Ch
z=SMbtCSKjHH%Y0iqps7R<FXsBGekyu^u`ySr`k>6^;HYbYZNg0;VMCCn30b0j=eW<
z0}bY2>+z@qIAlhCV>Z<6Y#a3bqjI(TEb_Lp*}`K{u$$1*;;Wvny<l>NgqHe~&JYwi
zcKutUwD<m|C&rvu+V_B!_%;x(wOx+$cJkoqv_v^l$;PJ=1NYKn#Zy|T(Fw1Q^5vni
zD2$C_gVV<netzGrt%*(B8`1RUjR`RySu_|^F_cP9j9n<I&U>OpmTK?IEm+H>(AAE|
zNhcUNXl2dc>?>>tO1s<0zOsvZb+mb=PPbmb)7dbSQz~0Ext4%=^QM=N)K6}~T9^?y
zK2LM(0PVV5>(4BFDSb`OwDemg_{?{jq&i4dY@a$HKQV3gk0Rx<;2O3e>e#Y=KQf<n
z5exsaTJyU`_z1HuzG*p1TMRv(MNeJLUd)r<NS?8?G?!wC0i2f=cyLl(rayM*KF=nc
zeT?-b#vTF8#2di>N_U{9{4N7k2Vwpn*^Xb%-->md|HlSlQcWuYmmStOM~`tj$c1D)
z-kO7^VRSCOIT5rdkk1-nQ(jz??c+;+HT%Zo(RehN&pDX${6(~hZi(E=0leLA#@Fx{
zhLIxF`QiL+i=Prid-%Y;B42m?u>+w?`btG5WeXzlPy>}{2xK-ai6agm^w;t<fTo)U
zK<m*(<_MjupeB5cYZO1C0kZ53`25q+Cidez1d#kgNm=ExId@-%^qPt^Ux<zhG*1di
zn1r5UCQt~Ym`*x?p(VA)S|bOZETPM*3~kkcCa?ctZ2)=3z;!jj019)Nc~|Y*JktnB
zGXEzDL28uUCtYp1mohAX?T%IJz28H?UbyahM+R_-WN0eZ`{U@rnrrLx^)ADWKW*?h
z<nRN^57Doax5<TYO?hpodmZJ>z0Vb^tFu?h=a>egx%QrOS8;nC^X~bv`QhEQm0QbR
zzBlYCnT|T-1dQ?cv;<tq5pqnJ__KD0at4_F+$Kqei!<jrl!*gSNaUqKmPwl^X>tjL
zQ6i3o&sxVN*;df*gWD<n>AZ1~e84gWJY9-Zp0BeX%JxP#9>@;hlXZXcU05M@;oVA!
zAC0+_ysRjq@Pgl}nN^)we{m`Nky5ynOdcTFuKT0MgG7(S8nh4=l0-H?`Et@P{^Al2
zE$d=7EB<46d3zhM*?Bd3HK|+|eoSlNQ&-z$>`mAWuW=9C3$4MXcoDeAfk>=u7)U&u
zO{hmWFS?@L^VC>9)ro%;RBpDcasWXDh$}_yOduiokq<#wQDhjG8fG~-PWb|gH(*I@
zJ4dS`=1g)Hh#;KxS2RPxsAR=_TYO<QC$7|Zkqa8<Z)7?^0nO$oxii5(&*0u%eUv&7
zY%aQA3umcX>KWN5FK<o7e^D!pMw@RIywNCBH3Q+FpC(G2)2}~w#j^wGV@v>Sp>v{V
zA$FwqgzMRaEUJ!$^HoXX%7!&VC+1@BWr>NBB~jJhFHDQ>99~aMvnSjmO>>CNoSGIt
z@jf%^TLC*7!B(8B<Kw!9#g2^0<pOGt#3Q+4ui67m)SYsM6>Gnh{upC&)7bHrA$+bJ
zr%~#(v3n+u=)A7~?5wHX_bg$b=-4`YVAa?D)8q*pP%daJSj$9;^Q3CmjW5+cwF<2C
zY0U6yoR&qCaHrzZ%+5%h@B>x73R8jTuRU*7W3h(o+c@cDXSQvp%crQp;LbRG7S;M=
z0oVsyG%L9jJnYB8{C@di|M&;Xm}FN2qq`Sr)RIR5#G6_FS*8PDX(O1LPmrbh4Xf&p
z8OT6vLd0y$m8L^IyYR-6|3pWa)Zfw3`%h3AVAlUl{r)Kk{^R-v4Pg5()uc<!b32k|
zxUVk2pf|id7q2)kkkM}*c!?}ISsk48eEf?^8~L8)zSA#+#JLjz3o}>OW{ES9+THfF
z9Fp)t@$f`ZnRwrA%Gcol<gFiO23+1-omYkS6sP15C%TGvpdX!AktlSzuCCAoJzj_X
z2Z<Pf|8VsPFo`$s$4fScH~HNhI$%UOD6`xW6g6R#dp#q07f=C!7mue;2`J8w_v_6#
zvh)(mZg_JZ0xDk0^B^`lzZ|}6f>6IOEQoGrhFYziXy|@^Ujgen#@rx57LwE`?+}ty
z(cikn!6Of*X4J-)G~kp$zQyw)vRCx+fR#vz1;yM&pgfeMUV2a(7#{huX9B7LR_ERy
z9=}Vev+U4ZnkvDh1cC*g)nd3wgBY7uHrpR9B~Dha5*z#n9CYPka@?-3zh3*<5w_!y
zc=6l-?Fn-&oxj^Vd(9p6d%-Gr-GyWdp)E_k9KK{{x!paJnWGJSV=jU2t8edq1G06_
zGycq&7uI6QePm;2*=CE+ADeMM$uyi`Mc?t9z9`{UU?cEuer%TvzqyE5REQsEr{b_a
z^yhSc-RyQ*NSf8o-N(_Yt!$?E{fL7ouNo9b-lOqIB>Hd|%}x!@QENC!B{Nvk{T32m
znpM`wJT5+DqSsSMdcE%7<by;@1mts^geu6X;!d7e*u8IN3l=V*(k3o1S>8HvQ&Tu7
zEyt`%?UGQTA+%11<)>A_J)#wzHvmnjj&av7a;T-xv)TyN*7qft7^TSwE`nh7vwAx_
zvqc7R(uw#op)#*avcxz=7LA&);d)W+garg?AkF@!iXvvNH#;((@D9&i1Q<)}QjA=d
zAD2-*r=rOP=TmNB=J9|b1X9K$UFF->+crRIvTZJ?4KyiO>^9y`k?_AhetuS5<E7)5
z9rF&dph|iMd|T<T4C+VHwyZghr<OD(|8!e2zLCv!mdzTuJ=FWW-+#i_@YBr#MewTM
z05NcZt&9?AU8^g{ig%0x1#~af@j<AO2JJuG>90^Tv4HncT=RlF=hBGdi&a@(!Md@}
z3IY1hs+6>vgRqyx@zlyba>hJ^HPx*YZf`?zh{X8{la<QqQdWK0kJ_1G+nvUuHZ0sP
z`?wDrLKbHvq%@jWtmez_wdd-Ye8Tp;-F78<YqEl|%D{m<E5vAH02b<o>&HA2$&r35
z+o?S#>YWx<P02Uf$W3uzNs)iY3Y#v@Et2D(X)d=(Jv<B{oJ800@yY}RB^HaD%^ei8
z%O??eB+FwF%Zi0CSnS_}?B(c9d&&%v)(*D_8raDxI8!8j5V)fg>MUGG8nCKM_vB+s
z8?XY<g*`;E0dTy|fLoSKb18DzF<>#tma56l^+=qmcab$XyW5U?_k`@p5thc%YayyD
zJugX{NOV<7Xz7HKMEdl8lVM<Gx;4&L4v$or5m!NiAXUa+3J8~Tum@msuhrBliAlc?
z_#fa%tF&irkNLKJKMq3>^y(?ZH_Ni)7r56<#uB44zMKbi0IXBgR%^ZGY}zfs?B)h^
z?KQ4$UY7+tQ)!45{Pg>(xdu~aaWAy=uEP`_iW4j7tafzvYTjJCEm%iurbVN39S@eO
z3gMaFa<!4xm>?gLX%1nK60F0jPYVtFwiI${j{-|S?Hpnzkh;n<rpsjek2E<O)T!|>
z4%DfF*oKCE0PTr9MY6oy(OC(~ycuLlbHjP37E!WgaU))p<x(;NzxP5x_-FlLf?l-4
z@fscP#q<2Jf>o=UEjr=OWv(zug3?a!4LH&~JL6+87nJKXS!tuCLrSdOne0V{9Q_ww
zKKOZtI{Rbswd^Pfu(68mK3T;&4<YMy^z-xoA}nz{1GdpqkLO;cU?v2TYkL;XE!x}j
z4y8~1TwNCAmP_u(svA=mjlZOS=T;vBWq(qneNm*bH@+5ko~ThqB2oPQ7Ebc6tlD)(
zshmE(qdlZlDe&-o3=Vf||G60(s7$>Fb|R`EO9woro8t(dTt3Q!d-dVykSg2DP6wTc
zmP?5t577GA+44HC4~|qa=^!Z7j(wR>TKYQwTQ}0Nl=D-t1#PMgc)1s<XCnhTwX_1b
zNKE{npOX+zB_!dzDF>ytk+||&WFQxoX~WI(j1ak8e;8YCPa>GJ^2w~wrH<)=`62zB
zt$V_8(QwASwP<mfh)>E{O@Xr3w(mp9?*)Yhz&h5^wc3ZvQvE3oMv|rwU)Pm9Hmkx&
z-f(k4ntO^$v{SO=pktMyRjnNL-4Qe!E+}pWY{YvC*U`#ZMM6Al4(Sqila%rH%pqEc
z;X6oJj%zft>(5Sa?7k7drWxCbrRx3a(%bg(&yiGmlMQ#OVLJ8mTayRXU9~BUR>3n3
zz&S*>ONo#x#Kib+PI}r6%+`6bd)|d`2&%AuP|r9oih|{1IX(BRz`2d4-LU7js;h3_
zu;c2eC|z<^Wbgr)(&|g}9Ft;V9uV9ZMIWv8Le@GNPG-!gEQ2Fw0@s9Xm%FuNl8&8;
z@Y;N_aR0{0Tq+XWe6=xuR2+;VBej4gU}J7jhTK}}llliQ?emVO@1X^CzBMRGZH0L^
z$$r>2K9-G${T%hdGt926`<lDgMr@OXhM6)<E+kvN=s*oTB<}?m4<s}h-~83z=UR>Y
zIn(<aC5p`1Aw404EFQQLoKT*AY)pIJw{aSuEQeprfDoM!H4k0S4#{aV>vYW}fZJpZ
zN70((Xar*~w|Dys8o02U@nxj%M2#V(iS%dx%eRvM7hCfg&9|FWaKgjwsKg7~Q08dT
z(v+xDb}7U$NEGU)#kT)e>)s#?ZC!JoTXiVPJ}4f&u_1+&Icp8P$<*TRL@NYO23JmP
zEBJ8?H%3Ybx7vV21gI=jGXtFzK+g<k=1d!RDzl=$;@(^Ih$7;ZZfa4Xyy}Jvwy^1O
zk_%%%Ud@>ITzj@GpIAgFQtu6|U_s6d2VpO-XHrdbqr3^19`Koh{9c#9`_R7dK5-2|
zDxGP#G3|6BvI-RthADO<vP%4O^QWx8YPR9I)s3|P-b8j`cOvY2Q7k!t+BE*}RUv(^
zN@0L>@DH9Ci+_BW#_LfNuVz+he;SI5I}D+<D7r2BgU&U8^ZTTv<a~E2>b)yu18*z~
zM?AN}O51&>-~;M~et%ZER!`+maeeCnr-Zz}rFR_+s~gG318#f9;rECk6ZjXRtrys_
zyTKrrEQIi6<V4TV$n+drwZEEe#s}WhtiKGT#xK_y!QNV)E*`9>o_PD!;V5$Gucyy{
zc$_4<XMtE8TE9EE5Z+bfErQl)zlx`4cY>BAPrL02iUP+YkNPJ@W0=UK9qyzvs;j>3
z^7k?@BmE}=%scrf<@+Dpi1}aKC}k!k9}2+0{9obUq`FK54m)D!Q_YE!zKO~yHoA~u
z2G}+mO`yIbrd$WvA6fO|FQIHcO{xcHwsu$eY=h!<y_9lE#ZGdU`SP1iqIVG~sv*=4
zo#~w95Rr-<7QR8lHi~Auzh3In@`Rl5zA~z-n3Tn=^2);LaKDTa0rf*Ce|$gxyw|<A
z9y}6ap*6rWRtisyDcsJQz-Zn*-3=cOh9&Cqe|ByV%ELAK@KP=dw$Xk!?T;kI;$%6l
zY1OUfEpM*C8!<-)Ff37#MQJaMCr}n$XJ?39aU|sxJd_$>$<MY;gxTj6@nd#B?^D$_
z@zu_ba@8mi!JnUZ1IF|hC8)57zhad>cU=jqB5&4Fb)&`^g;mASe2i_Dw7@*x&Zlea
zd<Dmv-NxIks<50)tCp&98HW$eug~PLadi53)_i;D`}o#_Jn>r}AE!Dy^3Of9ZsxY&
zx!-)7>W`1k7p&R%X_L1cM?Uw6FJ&j6S`S}z8+h5fTRXGw0O_wt=`kzS&FZaLRX5`v
z=XOto7oI$0$MgU#yKOo<TjsL(VdIb!n&LpTw4KmpIhb-0#!92aXWqYs&am7(1%%G$
zBhJ5n9_rNc(xYUfUMW0v?v`S)g{7y^63H(Zh=_f&VdXxso_Xy{coqzY;8N2Kn{AOu
zxo*e1z_;F<0Q~!%PfUB5W&1aL7;AhNyp8QZLM+x7KON#rUM!$PY+tDgG00Vnf=}|U
zja$_1DUf<JF87V0O`pJ^Yu}P2W}2#MP-+3*58n;aH4wG+@C@N;3b_y})2;4EsS26F
zXPhh@8{<$n7AuEMLr;4?#gEb|Po>|eq!=;f<N?+hz>-rg!)Q)1g_aYIreNV{v9}Iu
z$yEJ^!H3CsztSy-F23-1Ke*uY%$$J^L1n!$1y}?tCe?A?gkI+_ec!}oRQU%nCu3P5
z)QVDE$V1%*cBG9!wrNK88&(^KFr%&rpl#f@PqiC9l^m@MPdc!assMYmaIr{$u!tsT
zFY84Tz$K1C0%xyJz@hH@FezEA?6+EB7AQ(JM5o6C$w$JUHk*5t^tU^#kphAzUc#f_
zAw08Rng4q2tbj3I+BYFm&wFkYU(F=zJ<|T&%6Y@O?o2@%7RQZwB5O$~@nzQp_c6Tg
z*61}kPg;HDLOLw-*BU@QzF4Pk(p!nvqiRqBsPIbe2_oZhCwZ9pm;FZc>tR-?bN8CQ
za3_=0C|BCp_0T9;sq`w7E+rTXgvr17tJ=i0N8#{KvUL$d5?)&gbY&kvPO>0!`H_1R
z>6$Oy^8Fk_8X{6qAx^a0cAB`{2VL<plW?zhy)Yvpc>TjeL}*``p+`uco1Rp3Sv=q~
z0q1MH;FsPFSnKU0r^3wW^noMU(GQXH4QV<v<ols3`#@z)_H$ib6si%{U4L!vj-<9o
z4s*i0goF5xxP!5l=!Sk;yun(Ns!n|8>{;1rD2#*jzl5|z`LTKZH(MjD9zP4l$560R
zx-=XQX<gP{UpZP2lDEb$-<Ods%d-JuP$COP8x7Y&9#03iT|d3{B2ZcvMd2w%Zp$d|
zsWEu6U*yXST*RrdCSN&z%jXatAXOgNf5aCM!CDfGA8u=_%{ml!Hm^jldqs9w7C)-@
zxmb@UKRmf^bi!a>bEfO#bl|5B77m7ipzu9Bb{#;yJS=|jM19>2;h|jJk>At3*rlv=
z2q00YYeHH78eH)+JL<n#W_@A$Ea9>bjFw+-Pv{c2r%ucO0ND(&D*tntqNGT$exnM}
z@EQ>RF;Zv#7f*Hg2Ti2_e7nf~*M*v;x^B6_favq2cGCK1EYg<Q-y}~)P-?4*CQ<P<
zw&g#CG{DJ;p;l8fsa8f~;jH=5i8z<0GQl;(VLv>pQ{j&C*G3lC%z;4m1*6r$Rp+~G
z7OBiEHZ&F2Woldjk#Q8{Q24CoWme;_vqLYyQ`y^U(G6-98IYl3=#Y5~;~zP^(z&<W
z6`jojh==EPZpr+3OLtI9J*8Jd6a9q~C&}?jBYQ|reZSdNnJHK2=oyZHBS?RdDr#nN
zJ35g#vgkA}<zom_!HiiCnRLXNA(Z0^{EQw5@N^ft_?rtHPnSFD1Qm2jV)XY!f^Ker
zGvwMD1I@0fr7Wrk%bMh$lLdkJ4WCc<`Y(c5gyE}k^qzYlx-mrRq6*TaHhf8_)0PG&
zfSz?(_8VS#&bE!cmbVfthicByRRaF9XDO%qt;Wzp@hiTSH21DV_eOE}Z@m!y;em%0
zo|<r@2^93ZJtnpXgXr3bb)5xFq{Bo&oS%t?%}tZC*az(^gOQRM`@~V#tE#aS#O8;;
zjiq`4@-;v`P1WT|1^23LJ>Wu*o}3d1!hS4Z+6%hU^Qr@3%@dtW^DSXTqSPM7tBy(K
zIu~v*NhR3e@v?o1E+Yl>FQ!+67Ot?KWg;Olmkn09OCP(&+p0HN`v6-h<#P~#SL1iZ
zQ(|pn^z&<VquiZG`g+MKI~I2F)a|BOE$1Y0R3}@gb_k?EExM;MlwQfW1Zl*34V4HM
zc^QPwO!|cZg&ATIut9+f8t+eFW6qyiTaX^0?aZ8>fRD$=N6+|zLS0d|syH~yLr13g
zzL^$6dgb0h+1C(QqG-;?2i`-#`CLhcps}xt1wBG9BB_}tbYSfvr8(P_M?Bg*n<j%j
z9uOL@g%oF4a1%E%dyTaJOxk<ndS6Vl%CF!$BvkzIT~Q_XiN2ev<UG#%>ZEll3K&W~
zDfh|#sH!liewV+{-US4Y%%Al8y68NGAwv%}GEy|njPVKl1dbra^c;d%PT2s89p*2D
zpcZXa6A^V_9JaAf1ccV}=>NPr$L!y)j*r(rIwUOrVss8EyV{BWp{B7g{2u{trEyDb
zM%c|a>JGYrIGWLTgH#c5LgN(syu>*XW*b2anY4p1!n*4MJhF%;^d>yMWaH5xNLh@N
z2u8B{@}T`)H4X@Is+|I2*~BiN<2y|81l3VZ!@~hnb5<%%!9ZzS63IT{+?zwOXVh#V
z?ixT+JV>d9@B}B+lHnX8CUz%J(70VH0bggZ7y?U(W|@9GX<;Q{gn{5G;UrBhDzP~{
zjJ5tJXfd3&0g#a6rc>B)pM)g-Cu@YO!$nd5^H#6!%&znG=njY|0KV%z&54wj!qh)V
zCDf|pbJMDEuJ%b@^A+z+8q?01H7LC_h7<5u9F}aHrojSDQVxc-cYw9w+tuCGe)A?B
zvpWtC)S0(+j{@H?-L`H9fVa#aX{|Z<I{_s42D1UDjh^kJ3dH8N&ooMN_Y{P&eSM{K
zloql6Y{0i|T~QN!{T4viF;Lsf_8b^8IIMTjyteb_>u1UOUx(M2HR8g#V7eR!B?+?5
z^Wd>h>i2dMCDn=RW&EQ9uMY&L-5Gj+liGd_|8*q~P`azR_J6-eV3z-Y2rU1C2o5RZ
zqTdBZ8E0VJ?|AaRG1f~>4Z96CMBn9_87IG)4g~$$Uvwlcx@Q9-GhjaI6<fJ}SxXY1
z{9J|Zu#^r6PlOb)IwRC@qpch`zCvkHs9kbc@3rwrR#~%-nO7kpzmW?lyai*<2wC)c
z9~dBoB9%5yW+jNKOqQa8HTp0QK>(qGh@?TerthBI-k4pmz8wz!n37Sf#73DYgPBcZ
zPx=L4z8^f=7nphb$9DaAV3YY{%i@^yNrv9WnaC!kajqTsg~YPpCWtT9g!96-Eyk}Q
z<hiC;N*8mwHW(Ls;S}RZj=HBtKCF4I^rSn;&ynL9V`t>O=7ssS$hJ{V)c_{cxa*%x
zatFau#q7a9O~RHWC0+fCvZi8KU7{;~6@&GGoJ`mJ7z*3xJj+fNE4qzj5=o6;3%z;u
zZE^SUczK^h3!HiIeQwB0+_XM4h0!TR8)GEI{Na*hr?8nk9GT`xt8D#+SwsKUq%MTY
z8cb{L@wiTpzwJxW1lf#s&ICAEuu=d#-Yd4P_f4mOs=8`|U5=f;zWDLht=C2P77Ih_
zyl3LG8V7PJF^&?t2KlW#_;$U2Y>rp34^C@);P-%2N^ZHY@2K_Fho-FYnPjXC3uK6}
zM7=UUv)(ybBKY`ZL_KkhY3%30<h*x0ZG}BG$FbA<#7|}GVHTKbWCQT3H=aV9TU3O_
zM+p^Jt~{SUFNZ6nP?M?3uT39yt7v?04dYH(z_tu#36dFLR#Wja%8Y9<+W#_DnVC;=
zZ_V#&EExryaSKP(=k8fcE(-&TFgv4IaGmx3q5gwSVD)F-NR>N3(6ydiFjZEBurb1*
zHm3#$Jzqg^=|d?rxC_9&;Hng2?1~wc*B&z@tuWM;b+<ONXs<dcywWF@Z$el*?=fq^
zxGVEsOCdH8o6?34`C%d$fE03&S^1T&hiVz&t5~J;^M)Pw!)2E92c9f5g?r4J;U3Q}
zYCW>v-Fp^Z5BeYA+*stE-dTw>3tfj@OOR>oEY-1!bAkGScqM>rY5?wh^cvF&7bpbq
z=I)YY1urBewEdW*or0&+0`{Mf0wB@hLm5yFys3qLAwBdCP(KSB<DLa`cYBgO0Y;${
z@0%2PpmaDlegE!)Sc>5kz>k)9a}JZpfHI@#3VfK7wm*lk9E&S+eU!fSDrWsLbQ7Em
zM@S4M2qi#A_bq_S_O?|z_GT0BdXsoa(<*QdJKXvBwPDLA3g0nTLPNI+U|Su8Ug^yA
zDw@Rs$v+`AAP5FcAc2sF<LYHa_UZk7s2Tnu#*$wSQsQOZYrzORF-D<rSLZgQkp>E;
z6X_mO0+>*C?H<&UKE?gd#U<Byv~)K8-X?GGAISV`zrp~#I@@P+$!N{_U^+~ht63-f
zzpZBnyNs_DIGAUlCHklC87NA_tBh6ELkUKf76f!)AGm0M1xd}64PSL~wT!UalK%*t
zY^-zC<}&4boN&XTZ6X>ZhIb%sB2T>!F{vU8Xp|tco~M*4*~k@dgSWX^$f!XN+--16
zR+eh;Ph$gS>v`Q+dA0N;CbBi3o={!aLz0!O;m8RRt<(<&)cLbYaAg$s?mKpAY)!4@
zWh*FFt_;ZUcgV#3P=y+++WLYs(I7o2_$d!VrJ7VdP97r6YIHk)d5FLHz|wIp8*KdG
z%sB<QYK=~bN|EU1H0PGj%OG-4#+``s5Fq8Tc!dG9OOnatk3c!Np>H*4|Eknrv%>gG
zh8_>}AY1`mOC@hF6J4LT=GeLF7-}EG66myJDFtfFsqAzSo0{lu@8AiPatuaIJRNxB
zLOwbUQQ;P^UZkXzgS*m$9&{gP9I@lYHM!{Lt&vLEQ-xQePzrnX1Jph9&R#X_<PM8$
zu`&-(kRVe<3M||z*hqDsRqiB@SdbW-=2i@9cW!)uO!^b5BPz8_gI_o+mNV4*I0DR8
zTZm2|e89kP$wu%2hUu`HP^>+I;UHgyzXUdHH4&+Zt1cE$Bu96gv$bFEWv%tt_tED3
zM+T7=K8_k8MCf9X@M~XRliejLGK@485$Oj2#SsO*I6TweVzQ`W;PhDYv(}2UBdcDK
z;nV>_?N2~;r}S&9xbF#(#HkZh6AmL@q6kAm4lFrY_Si20n<|H)s_s9jKWF0gBopIh
zX=P8bomH}42a#=JV*O}*c*ZmcBISRw0ev^;<}ps5R1-i3{<PPiIzP7eOpAWD05K>9
z;EszLttaf~)(CV-P*B|V`$C#H3i3t7*U;{!)KTY*pZr+QJo~APN4%9s`yld8otPYZ
z$mv7^v+X@5Guu-3clz)l@Su49@}7(2h5iOre0ssm@|8g|n(`-V#(T<;yZH3pdj7tZ
zusqSOtuAp6n^;dBg*%^&6`zQ}ZqHL3K(1bU%wlLRXz`6hA;kTJn=nBE02Yrg+heL<
zGdqWF{TNCpMzyuo1=4uW)iDpRSfKRC-^)F4fY=e>$n}vTVX~|t%i(a&Lv6<mx;|A2
zB(Cx&XRxEw-HA(0*0tV6UXqEn2x;xr2s2BNIoKYaR=d2qQXJo9mp55`LCd5FU=AA1
z+)FDRXKyJxs}o%uq35>U{at)#lHCrD0JPwC%jiuRChYA)`{4KSqf>rK21SiyU%c%Y
zAbmL*KiYfW`l4w|iHd>GAAub@yO<d>_8)DZv>$Sxn|jcn9R~5svHL6Je+(b=hd)z9
zlFl*h^Fp2@fJpsp@=fjAgQ{dl^?T8~(yM&F$2@h;(|>&Fri7}0{ZHtZ=K=RW{AHGZ
zQAme>n-Ws=i@vK+Z2u={_*N;xX8(u3Ji+-3HIC>32p!^9aQ>2V5Iv&lq}R1h;CJC*
z@fSYDLwervuKT(Wy$*325@{EI++2_T;S<h5x46Ecbnm?VYn|7I2Fl8qo`wS(#r*Z*
z_Wl$&3bN5(AtE70L1`gBb08WnLM}5vYG%E`^Q(hf_nXnTm4_plI<_Gu5F(t=ZQLC+
z=I!-)$z}v7Cb##i)e}K@dHE@Z_;VPRy*>hjpmF~0cyzpkcBI0=w3)G$H+hbP!u^|>
zVey`Wwe=qA$4>ob8Aq@+2a(g*H~p)Y-BsH<3QXiP_;5UJdwRg;#$U_1Rcsj`<`5O3
z?Qc92XFlpb_#?ZdPmG;TR6e3AY*cb3<Zyf<e7Hm-&IuNrl%bLl{et2OgrBs}(xdKq
z@OnpHKkNcTqldyGV0SVH933rsP@j?CI6`mp5=f>GsdBo6@Gh0y0}hXJWmneO+s*6k
zY}2du`O4twJgU)tV}3FlZsi2P@!QESUUrJPgY!<#ozHesz4^<grG4{}6r!IEO#S)x
zw&WV{vg>;bj^L%c-0LgFeYa&Zfy3q@o59n-DwM&q_mx1K8zRH&prpA5x^?k8G62&F
zJQRv&)qR$0ZQ`M6bDamHvVGtVhf1*0VM^{>L0O4czYGKuNSgw(_2UIF{H?A>87NLm
zhHP_5+1So=n)g|6n@((dpL(No3{4-w%bt{N;a+;qA=@Cubej+@rQv_ZwY@Yak-gd_
z6vi5y!7CczLEVz5-7tIfH}@Ca=0#C~1{ggYRA&k_a_2;=5ZZORrMJ1MkMa?@LO=p#
z>r)gVS0g85|Jh%h45>B1ds-%4_lSRoMdI7Hi1MP4FM8L$u~?pkj&lE^(CY%KbB5=L
zS1F8KB_aO9tT4WkyE)I~6aaVKHlR*!ee=U$L$4D_kqIPDo?URr7v5ei6%8$OH7WOL
zpz0z?+RZlk7dICFp6co98hZr6IT+aGeVfm|W;vUAtZ{bzP8kWH^0f^K`^w5}bZwy?
zWW!;@sCV+J^x&nuVnz$L%nlYU27Y1Dz4Vz$CL?bIo)e%JFg(sUCFYFcek8sHZRn=_
zgO6MBC;?i1TY)#$x3e!294VQ{WH{$2$g!YjYFQoaq6-~0wrcKDEq*3GjrhkWHh5dv
z4HbS?XNWjjE{_`EX$>#`{@gr%SR6^|mpvXM#{GPD;YocaZGj7kEd=a@GQlbl*EBSZ
z!QA=Dnk#=r1aACpM>U3rQyN^8cgMn1vc`}STvEFswVN=n3yk?as>rY@c2-JX_}+PQ
zgmw)g$>F}Mh81E4+-bvXq9L4Nhy|3fIs_9xWx3}(&Y2k?z1Bjfv<M{<`x-*m1H4AA
zjJkI$Yxd@_jfqQE3F!(r06}GSz5S+cBc~3FLYXy=6u)UJ5j0PL#!XM8#?A2DKva$W
zP&z6MUD?i`+Dh(K7q>FAq9B2I<;914g@)UtZ7#KJv`rHCQfVQ<Q7n%CTD|(3ZgOP4
zO1o@+V73X6(AG<>#+MT()=h3gC0yaam$d$OUs^h2Vf%-$p&<U>wiuFcDoQ6Zo$lGD
z4uJgyALxq{s1g=8nMH#C_Ha-GfBN>}%ogLIj)=A@DcoUTj<4v4@hBx`->=!_8uS{y
zE}u8gw&AFU+g!_pYJ>8tMWbI;YJYb#>0`L{d_zJ2nlSYUb3Iike2I)lKO=2$&Vz{A
zE9+zrh_r|Ges1Jdk6xR|)?jebHJD<OwQ8|?G~yXG7W`F85R);h+@Ebynm5R}oa7gC
zk@0wv5#6Ue4rRN7Yai*UBG&z+OFW*IbfaIN!?|tdz)Yrpz033?!&>elGM$Mep0>8u
zcLc9irsIroeYi!)!>b%Jv&wDZc&~_%$?OpkbJ5UfZOO^WMfW-L6f1Ihea9G*T??iY
z7D58)1yZDwfkiE}uH;&eR*20YV^zi}!3A+`j7#3$&U<O;|KCLMU+975U+BT%KfuGc
zSr;ULlb!Lu3T2nt-#SsvNZ*vRZ=ERN8$KWdKTNjD5lF;UrUQ<V{?aNJ<jO>Grr7Qr
zq71P(8QG_aXquJSrSr>b!iWd7h(Rj6ellqO7|i!+NzqCd(Qyl3CwI4Rvk&Mm!LTz@
z?{^&EZQMY@p>Gqn1CqEUCcrsaKaD}8Bd{=GXuP02b0@&Z-NW7M??V*IfV^d88s>f`
z#ZiMw7g)yo^qU@hj9lc*X$nFJx4F4R`8y`mLy=;noV0pA3-ioHMu77`838QOwwkfd
z2pWbk-~~K1>`Y#O1+J$dWgT4KzyDY;K=9YuWFIn`sX!3g06mBx4Il;_4%)V=Q~}K~
zXe?c@x`n_qLQ;ds{Z}N|VY2!OCpotAM;|;IgfftKZS1{09x;2@ersHDU+BmaTpF2U
zKj}Pnq_$-b!X_bAEn2Op)uuiU>XPt5U!ospf49ZQAAd<HdL>NY?9amp&>x$a*}<~~
zx8=%=3i@OE(yOO~8G!!%>zvQO`!U-+sqPML&u=J_tKNxn(cwVGLI!^{PxMR!zl5Xs
z^7fuXKa4zYtT(zexK>t+eYOi3#1_pe2Ndr4<6KE1i-!rumg)U1d%$VR4RSyC4DgcF
z3V)7w)Em5ZSe7#OaT=5rAqV3s${eG#6Q~0e6WJ0c9Q%su{Q*t!K6e+ZDRMa&qXXv!
zex^Ne_M?T1%KbeCiXLcZaX@2HfvVo>$1LT<*TFfki)^35oj-jYHQQ1Yh&qO)B*$xh
z2KO@=*b_Kblkj*J@xHCQ>G1+I6UhvMW05(Ax_2!5^gNp16?a*Ir>{=3ac~Wy8B^O~
zRhIf@9&j?*g#i>rxzqvGDVo_*rMRb#!FtcqUEw+FE3X|5S6UJ#LY?9;(<SM0u}gG0
z9z7sydv0Q;**FHO&gohft;{&uaK~XeVir~!0n$y$8nq(TBn6&_Av^hSG)9))B?5BC
z3RCi?vNkxJBakRSYNcwOVYdT&D%Qz_Xt#&FWu!?^l>n6shMKkI(rSybaU$8Pa&@*|
zgv*s;Y}Zn_@su?+x;|N(K_*}MV<w0j4#JD5@ODQL6v!5ev%bJZRxU}*mCroTyZBi|
zmD7Vl6v%0YNa(OY84xTx&|0KWJq}09m&O*YYS!9BYMVA$+G$}16RP1reH=2`AhY}j
z^2cPC9)Rh*@?L=;WOT<V6aS!As0d*pDq<UAlQ8iiRIy`dq@zZ{c)IpdZXJUJCp6Mo
zgRgn<$GGv|*}urJb!A%gfveY!X_y}UnUlByvKoDk_jSUTfB!;|y-K|DM+OR9Z*$}n
zez(H+)@L7qJ~0vv$b8mFkxJoae`X-eef{=N0|vZ@oV)Y&AhZY)F35Vu?waWywDG$)
zC=e2u_`)c(y8Wua_%p2z;op}S{)`N=j222uwcJtLH-`9|YNecudP6@Onviy6tQ<n;
zsi<nJBb)?Ee)TK~g?8SmY`%nvh^Bn4!?f&8{mO?WwKQJ-ClY%34{)Ez*MbhT=wA;S
zqnrRscW^Vq_L`RHvCf4e2rOgL92(4YH4xiKAx$Vb*}fG;rDp_}@eANxU62bFRYj%m
zwhNf~+}CgF_H^-A?>O`G2YY04cVI_SwPL4k*}YN`EGZoxr==(>iDtw!$8}jk4o*Et
zMQ$)OnWie>b$6QI=dJF~UP&rUWhP@_MI=BdmN?9hWs!=KmV-><5?MUlm)1forx3AT
z$!sJle0&{i`9^_TFW=P)r*y#Lun<*hfe#UWfdOP7BquXi{yNxihzi#iglZF4p95;B
zh`{r5=x9%S#SNnXE~JkOr?+?pDkz{1I*+Z;7%~5T@crt|4&eC-8<sY3BQvdK4F@=Z
zEmo9ip81i;RVUlpZ?y)Ni9IO*@ry$}$vA^TwtvPu>@{U6iS7gO-a>Jyo-_>NhefW`
zBHj+iOB{J3WZG+M>Hq~VsCFM8r=)!p&ixe4GhTJzB9=O=Ui*%r6zbpwdJ#u~yAK_s
zSM=pES6Lz@f6u9ElDjXBu*#AnRX>1KDi0luHood2;BuOV<ap;Q9(>>sANWdwqT86d
z5mgGAI-7udrm@&*&LZN`-x?`qI62`si?@?^N7c32;1S0kuXhsq-V*2*JR7%?X@#PL
z#t7aVJBnJMAxS#C>883~p*BYb%Z#%kYxvu=0nNE{2dQ4OQf~vJwI<f43LQYW;d%e=
zYQ!(ipl(P|pW`H1s?lTtOo?_Vm@c7pq;{R$Xe$7QG4n@mXa*9oI1#<5L9mEk0*XEX
zlssrNop4lWF(qiDFTgNZ{`saG?**J3jxh~Iy5C!fFgmU4RW6#_C%TMt!Y7Y%H$bOC
zL_L{3{*9EYdnWp19E9iJMBT&#*nur1w64e!Qc7?Yi+&G=oZzIPV$f%|gqTw1AYRkC
zi~2&4_7?3dau@Zs^BNjHPFseKHzvJ*fMz|i5=@}AW(14fva+<a;+XT>U?N<mOu>3a
zQ9e>Hs@<C&?z+&xS_8)JwF;EYUU`oO%ZlTo$GPG?I;sqzQEF%aU??3L8U<Abg^fal
zVRTm3AeG4<b1281+^^f3^ef;8FmTuTRiG~(Nse<Y$y2MYy~BWghEUVHDF@?tTgwbV
zD5@`KDaM~0#Ohpq4zLQwP)SPBvADzd?nC{lLAS0z=FMDc2usQn=rW1&f~8(JNr&Vf
zSW@VYV%lEa1l8F(fC$ooAXIotqpYwYX0bUtk_KsvleD~W8OC$&WgOCVWkPClSxbbA
z>+nUO{oZCx%VY!CV6F7RciX6^4|8J8s>k?8wkz6vQ%tnUm89Wv<8NNCJkB(#$6`$_
z;V@IlByeh<c$BGFXS%%mNB6%O+o+<IV;KtWv;;0NTQ3O~fRq}x&c$N#F}Hfov3Mtv
z#&W{I=v9ltPuEfolK!%hUf<wur^eL=v<j$Hu!iFV!$#`zOoZ#;J6O^JdpUm?)kt2N
z4QlDBAg`bPi|!DWeJ*jxuChfKFAipqtPwzh$VR#KDu7kmqO3aOFKtGC9Vqcl&Iu8Y
zx9MV;+2Z>(K%ocDtl;t%<0NF4HeLJjJURV9U087ke3ar;=z+kd?@-}*AHa7^_4T=?
zL=WKe@p;Jt;NbbBcbgA+xfHRE-&8p@xpDzrWu=gF3iryA7%>a!2VeYsu&9N<?79~Z
zsXOlLkTi+3l)Wptlj=GkF;Z-@m<V-_wGo!>oU+^s(BvVcbXZe2u#{1UOrmM7B;Pu8
zsYaKR#FSKIHa#!iiPL~Q^xV_YJ+{0_1i{ZE9e7kxQbn=(K<dqQ|NeZ~r3S#AkR^zh
z>;I2?^t3(8_UmzcTnTK@RZIVpno(F~49LGxVFr{xH|RT%g6T8RHB0FsV61ZluLIQj
zF~6PLf+DDQKhI+BF6Wl}2aO>5FDndSEB5C529p^4y0%y7e0a4JP1Wq*EHV4PC$ax$
zlAVyIe<p!LWk4lrh>OY)Ja`MYhHl;SKdH)~3Kz;2<1oDBy1l@F5TXyNaaBTF=z<=~
zrQ)Mq>6#XbE)i_kcm=kfB><G|JT5W>tK3-ZKKkG}@}O-@&LQ|kKuCZ$*90?GhReY;
zU*E;<m+jal`vPen=u)-#utplFcx$%!<b>eJfxFe;gYN9rVzQYm+m^>tvlqD&s%ay3
zIw*-dtj{jw{*}ougSONIH<CxoLATyMz6>pfD6&JAQTgAk0PNrR?8I1DDSQ&l%l+5?
z=QP%zJh=1A1Wq%AmC!c2eh&TlUiU`V^g5CZoa8oHI#cwosTN12AnjI4Bbfi)@%nD@
zYmnW3F~k3}(e?e}*P?&M{@+RdYYgx|Gym7%|1(w-w4TkuS)Xy{$OJ)zDHP@Sv8miZ
zin7!*eJ%NdJx6(2hWSIcxU%-xCKv1Sm+R8pk4wly$F5pSu|nK=*9@5J_pD*U#!2AM
zpJGn@jF&JpUXW%lR0U2Xn}-#;dGnEgh7*Xp&)2~qt>dEl&eJvnvp1#Rww!1qiAN7m
z$9LT69_RFzC7H{hO$n041fqi>)ovXbI(Or)dT#5Bn$<590=(f!M=hwnFp>_m>K!|O
zLks4&xG&C({tiDj9>u^bdTri1Ha}j-I<eu~4++<WlPWqW0=71~H|@oaZW&Dgxrdb=
zYe)4(8*BHj;}<n}*hS$J&Fst3x_#B}x=t4h-DRAv&*KkJf!=LfL|L%1$Ruib=I#|3
zxcU|{eAeflx`zjEx-acMsR(}<0(U!PXYAwS?L##3>pw+ja;=TBSS}ge+SYHY?edNO
zKIe0^5yi=oevtXLf}R%pw)O)6UIYe08jHu1r-VpZ3T*1=+m}@|K&zO>vgwzsewYkJ
zM(Ws-{jQHl8NEK;wnt3l&D8)c^5#AKOoX2pgweAVPDF<^6)qsJQ?we;T$f=dix$el
z!<^xF&18e&XEiH9b>9PK9JQINZ1WBfb0{ZGBcx3yu*S^sv<o!&`FjB7{?N#2SYk(w
z(O;7WhRJX_SfcXfi^=}&EWyePi+8W@{M9!|(_h529jDFFa=vgQNx>PQ1^`&2Goj0P
z##&4iB10oV%f6w&k-=0?s!QbKX``3<Xp=8+n7`A~pBvHLPfNaeI$ob&F|$(L^#Zqk
zcVDvp1kkC`=!|D4OnQJRo}^NithedwPNC6L=-aX`KaW$5>#8Onu>F)b0{x$v4pqn+
z4S1*|sb29%Fz0Jr$!Ra@!Q+d_F`<jX(ECcdNw$Ug{STDVv_Do-u#2toxUD28{bbx7
z=X?ay&o)KHn_<?3d37a*Mh&@Sv+bldY@U8`b?NF1ZW_RyH}V4#VMNX`ajgKcw{=YE
z;C-3A=kb(kzr3K<cIbZbJ>mOZcZBcscwxiqwhnZ2+sZbW%wePy9dx^8fIXQZvabSl
zCELWdA=9X3uQP8aL61L)Yx5^hspve3YVw&_+t26WCuMh@{;3}u(pZ^|<mx!xc@GXr
zemD4SW8g^lXR`}%`bP+gJ0O_aj*H`qR7rK9!QN+{P%nqm%4!TC5fv;BY*N;A-rY<m
zg*xrq)F9f_DyuPDT9PP^bnn%>2qBPB0k>|wRsko0`c)*aU-ijtzy4z*EU!X%Ls+Yg
zstfBXlo=7ORziU&Gq>Z*25}-kLMzLzS>Sb*9<@MN>^y>DTM<bw=w@4FIP!j*3}X6I
zmJG~Sr+3d&2NBU58?>rc?Qcf4{A`k+M#$F>NGZ*p{}gfkO}_ar@<$+|AT0k;5lGQ6
z1^u>tW@h<6**vz@cQ$|d_8I<yLr}Mcu=D3v0ICcwYAFhafYE)wr&CH3M@b`YE}*+m
zG?8O%_G0P~sKng6YduahUp&0<d8S;VZ~7SeQ@BDnlG2?!Ya4g#AJON&ZXUzgks7_;
zZ%7-8h@>PSCmxMW6b&$s`mg45?mXshB_oqG{uRPDt}oZldu$}6VlXCIQ3JXxDL!tr
zJj$o{^UdGA!oW=5cXxNcprfKSxjzisTqXB~4XCs0ClmKq`U&E6#Qkmf?Y2UjxQT0D
zn`VBd8S^K%p{`@j7UYJ1@zlY^^{~%_%8ZJDl6$&OZw&+<0A^|C!THIu=2pL(VFWdv
z_Vd^K2Ie~b`d+yORYH5}DSksOQ{uw<;wc&->uO;<#4jv;thi90UF9x(Mk`;!+0&Bf
z_q!<m2*{B<s}yX-HfGWP!l*%zj3}(|_t{FHQc0#JPps!lJ$-2JkKpg{ei>A&`K6`H
zkF&KQQ8p#!1#k-_Wcrzs$S4Wg2EX01oADgTX>l)_zQ0|(OpnkF$ZBK}-8F`UW=PQ$
zMoExDnIm8}xP-#Q6v93~Tah1zU_)<727=+&;d7qY3IWw5Pg<=hUi4VK=&UgcCru<s
zlz5S!AhDWIMaA2~O+=eJ4nl6)0Gl&$db`;%uTbez1$=}G4lxDFg{UI>+UCs$B&!q!
zd8bb{l#zJGjp^qp`EuaL+A>FAoIuio{N$yFM96dYH-KfnCm=DXL=$-Gn?Apx<K%BB
zlXVxO7L(5)<?=8Q$zqy~#;C^hA08>LX5Np)u*`nFip9#)`E3it`TW<}{}3HEl-bdm
zT-A>k5AeCgqAK(Cdr0c}<G5EAFlL6LbWG&_|Izi%(Um=0yKrpV>U3<|wmY_+j=AG>
zY}>ZYj&0kvaq~Oxx#v6Y9pl^oY>cWkQFDzwSJgA0X_bF$R(zX({X!D5wkqGo4pCST
zBZy<-q0s#{M%exJ+72O=9c`-9d$AUK%FUU!7wiahFq84NgUdfa1b=kAlRgKP=8bi$
zKc2ahPJYwFcf`eZxixo_G2zVjtDeYT+{6oYVD(<9Wd&fQf>AK%$GuyR*Y$qJuGjTi
zHbRWhjQo`6CA5~C3Z!Lt@qQxL(tUlVucQ4%U;<W3<+%Gh3N*8M{t^7Km1hex#e*O@
zTR0$bt*A%EWYRr2b_bo~!^?V%32|xAA#e`dYsFs7%jTtkZO3d*|1<Jk0lV9%joUvy
zApxYAU*fy%r5oGui-Ku4?eeRbK_Om=i-@AN(c`&9unF!$9LI>hX%tGuT?c4X%P_~r
zmF>Z{MR0w<?(qJ$O3q-gXkn2)^Je_sMA~*-&B%xb>gM`|{twhH8tW`#WL!_oJuf4G
z?vDysbJJ`qn3DNK=HQnyN@%kR=9{_KGGS2uM^!*Pil(3TGOpJG>DjW`gKG6I!?o&K
zhu(I1(YadDh+&HA=j(Z#$7Qy^XR!c}7swOBx{(!{hZ^vguNFpFI=TfCi-BQ!!7TtQ
zl}VlU1QZhtveippAnSGu2y}XFVsHCLz9PRD0VebAHHuitEA|+-c?u7hcMd~;@zm?%
z(jMU2rhJ+%#18tjZ^zTqsa+>Bckh<;$(Y0JoG5Z5{)>9(cJYVU8Bk`gFJA?hmeX*j
z4j1`;$9>db8gqbI5cLtt#Kh2D|IY}IDr6qdm1JR!xycfr%f&Qy{1=F2OS~eI%4RZm
zd>a<maie_Udp~y*xSb7xV`ZMn9{n{4&trhY>0zz5LC=Z#?#7Hi`kXynNlE9D{*U(!
z8#L8wdy})Is=taM?fFqyaUuFjOp0Qmx8=mclAvfnop7@;&3#GsA}q<IQ+PA1q1@3k
zg%jr+HmZ2@9Ttc-sI3V%@V{AQT6O3v{TzFXH0VbjgbVISvWO)&T{SP|AG4rOHmL!J
zmjuM+$#5k%)9y4u?2JXY@jBvb<}Dkbt{-e!%WPDOL$#h_ygEHyR2u;g7R_?mVxZ%3
z+SXPuYok0OT31M9C^;RiUA6Y&+Bx~ilE6S87JL4cf#V+9IRT)Fk$i(^4t@wtQQng+
z+gu1|4#4S8(!ZA#pE>#AxUCK|gLDCi?G?OjPx^BLE<c~sF?i(BD^uTiXeJJ~m1QCO
zJ(K+--Q^kx!W}9R^>Gz~hs{7SSR>(!P{$*nIjgQ~Vxf;H3U%t1&ERWT%mR!gsmc8v
z`G7`odX%!7d8cAwBPwt)&vM|DC*2?7IENaK&YcH~4Oi}9@=0<*duilT1AYQft4K^L
z{cwM}MtLXYK+a9@<<El4V<BfOE^X@@R0PD&9o_rj%JpYV*|t>ftZi3JXFl<bj0#Gw
z$EaI_n!!E6zy-0Z(?F|<7c*(uz~Ho3ko_UX_>)D?%*-S{9R%eT-1Dq|lryypl4glZ
zH@j$b!Vpp;^&Cb}i?C}Y?A-*ouZ-~v*UudyY3N8GcE83-7|Cm9hHfQ6H#fEA)BvL+
zw%XtUolb0kEIf~ca#$`?ni62c(lU`pIYFULzH^LfcSg9QK7e?&!9{_A2PTiB2#BQG
zEyZ{%uIn?;<8zSAuT%X&Ref1%o;c<eEX7zx<zFX~L+<Xkv^kcLqf7=!1TjVHaRq^g
zGzuAaLTTjNiwXtHgTSP2ETD|{{%jn0{uR~F%jg4H7JW1Ep?K2%U5lW|C}w5@hHGcC
z9%Y}cu;{+2PVgSL5fmQz48Ti{W_;e^q<k=nieg6Edj_;P;__g<O7A(dF(JvvWWt*l
zr|*%0HgQlqJG6(3U(x{Ry^hQ%$rPs-A#F`)M02#j@n9UZsXp0X4$vH=*n<791%bpk
zw874-Oi+@Jj&6kiIu6u#O-^HW5@;fg&Jkg|P!jKSi1xJo7*;jO+Jw^0q`g6)-_5}7
zb|)y0POX!<zD0$l73UFL=|@%PU#FYkWNR=;I%Ibp(+|hc*?0$#tFl!S1wT;ynf9K?
zH>K}-c|5z)>ooQddui_TtlxHSqFj@<2<4Nh*}Rv2pz<cxET*$03_Tuv)C-*dYmDSt
z?sn6v{quz@uJ@)+jj&Z}VL$eq8BBDa^SnY1H#MNJK$)?TjA3%@KH>*(&v=>j3l){Y
zYF|+qc;=u6NofyYU=D-_#t2NrgHkgkzajLo>L(b{pU1MW7Vs_5bJpR6XqYR?11qQP
zCV_8&v8R&^afL;`EbhhfF|Xh~ACDVWCl_<bUuzExO9<iLz6{TQ`MrJ%K#3qCrTOQ8
zR&aQ~RMURlv@KjC*r}y5v<UdIIZXKcg3ficpxx4Q;m#HY(4cp6l)o#jV2lpz*sg3%
zPA)MAr1Mr8e=H}yXgz>P(LREEkJPolDc%1%Pls0YO@y0$SX)S+{W(_cC#zdfqExq3
zpszv^V>ebR&jm2louq*8P<zn0qj;Uaq2O#+?2J7MBF@#?Cg_u4l?DK{CBna)y4Gl#
zXVQPxeZB|*YVOO<%$5SZdssv}j^Tw;c^=2<(IL%5!EmSbh!9&KdrLqHE3ohacj?AE
z(fJoWP4{aq#aVuF6;!oT@@Yl6s;y6s$1y1pU~VK{HengfP-Rc8Fm>tqS}><&Mx`+J
zf?9r60(_3L=hRxSZM~gyCVX+Mo#{C;>;kLhUI;M&Mb1jU+TG1i$reX~LTf`|QO|7q
z8U|+<ChzRp-YuLt0p;YH`8|5b5Ik3;OI@iq>2Y34KZ)<$Pl(Bo8R#gx1Z}`+`?PIf
zagd-#$vd-ta4xLo_l?R%T1;Q;xZ-P6w#bt|9|BGL>2CZT*1zU*v^=XQq_xB;s5q0+
z`10EUG^^!#sfS$AfOFGEWb1GriY2u-K?NUAP{Q#0D)z0xg%7!UlWy*jV8gFR(g9-@
zCqnA5PM|#QFmoH7KSE8A57`B=!>;>KcyX`~Rm|T|(mf#0P4+&UH_oD^yo!Bk3!1$X
zuUks=J^Jm93Po%FHvMTUw|ASS<l35_Z$KOlNT;k{dFiM!)wl5V;VxfEZwI#MEW1|m
z)yiwmf{tJN#jAv^tPCkyK%z{THuN__+!Z&qC${ZTV=#^BL{_}`ce0kMw>J&&ZgSGK
zx)S5DmjY$#$H*yZ6nu_@IuQ)hv8@#yO%A;5ghji<2k+q`ScR{6VSnR-EgKZKYgXX{
zfGy#+Z;`$_S$pQlw%)BSw2&LUN1?|Hy+Iy4@V;TEiz3*tPg%cC;OYbZCJ5O5`VZt^
zO!<^L{5Ux8ACzLmVFPx7WKUy42@uBAA~#6-iFWGr$E$w>aW}ekMq~VA48({yk(DAu
zG3jmxRWGBF=>si_y%O7KnAjeh^6InA0gERTP_k&q$R7%PiY)!22)U`YgpD<H^^&cc
zy4CWkZMyF-_jglIgg$ALgoyN?HuLv4?{jnvr1aIxQ*ZA-Jwu?SS#|iXJBRVu56b^C
z4@r+{vBVMe+5WyxhyZhJ{l*Qn`WKHr@V4nlpIn4jlYQd?nsoX^VKOG;{%SbXvLQC3
zMkga(>y^0I%nsbAMN+AE00Orp5!p(d@5)DWQ?UIY69>cf@9Hz+cX|Dtt3P4;>X-)p
zjf=4b4M-+40o6&4wF9N6W@6){V`gIFU|=C);$)^{WM=(tsYArX!9>T#$;QCR`u&lS
zj)jepgOfA4)*pl?$q5)Onbs7PHrd?%8-$CW3XJznal!e&q0|?eHddtK2%nqXdHj$~
zO)6!-7(g*EhX;3v<nY)=;t=<AxrYqsZ)~?eeN?Vavo0;xJdr?d+<0^>6Qz_&Rijyg
z6=%=TrwOYC-3T)l_U;*Y5R^E6oRB+=L!3OKcM?K6^?~PS;0Iu=dR`ki0k*+?RU|}2
z3|R7<_J-DWF0Kv!-02AH6gX{00!cxG_IjXl>PJ*ZcOz6s6YW2r74Jl0j7mQw&#~y?
zf?9%A2C)db;}JsOi!exHi*;qk*2bGDVSQX+7LcWbYEopv)hk}bz$xpx)iEBIJkUAn
zkMCO=m^_+vreME|)+JjM1I!sCfg93ShKHY+>riv!zGr(I<i|-#NQdpo*!<|IU!=2M
z*KY#BtuIL2opSSVFtkJ{6-jE)EdaRl`l3&RUaAt}%z5D($@|s%bogND0=^DI2m$Y5
zc}K6dZmz^XWgxvB7=*Y&h;x#4PxTo#8Pi?+7V$$veqE2bdAC*qQhzl(^yX_@J}w*_
zB->TBnYMf<SCH#1j`ghKcB`fAm7MjHkNA!5M{dJeu^=-pQw_O^efy-qY;CX<6>(;C
zfY;0HUv_O~XeQv5l7=q{5=%EW!*7_WMK-Pcweq5NIaXWlkrQ`60CCVJc<#1!+LPJ)
z!$JWx+?DiiZLdXu>%_*mj&`ri#S$yfJ#Gv>9k*yvy{@XUx;;(RtLIcFn%|4YIN9#I
zjUHP=MWe=#KYb{yl08=w7&{+qb~q=UEx$Le9z~nWipTEE*ftYAo$W9@j{owdQ!O1>
z`8sz==v66x*!3CmJ3lHfBxh}-6@Il9-HRZW$wFgMVyJQfHU&<TLak6%;mm~%&fx`?
zBh5E{40l|`;;@QyFQHf!Y%ob@y&EgO*76-!47KB^E3lPwp`4Prm{lBYRif`P+6fNj
zdp7Nc9+cPCA`5>-FHblqGsU6^*5Yjhf7~ksa%bH3wk_c4$RoxO$O4HdI4xtlcvP%I
z)2Hk;U)Hz*B2$Ju4JaN!Eab3+L8$_M41|u<_=pZwyJlkIR$FyM-OOe|&aOulV}|Fy
zx^szCK#qJcR82|~-PYcqX-mdPfal1L<ix`>krjrA_z|e%^9vM+Ad5>ya-HIfJJ}3b
z<RD%LI`5j5WOzrFb<gGOK{B!d-;W)MaFRwBprC32igl0g)9Q4egd3VT0voLJk#15H
z4xI#UG~A$uRdet;W2QvOl5S|lrbRjZto^fPL+B#w4E%EosK+tj$^#DW|00!>i3G(H
zo51OWcu#VngL$wyGg@m_uL<G)#7(pW)}T3`H%Gf*T#M#AMG2Mq3zwB&lv_A!;XHhl
z(j;9Dm@f#(Iw@|456{hEDJn6~qn7H8Y9juqvq{Yp^hzFf(I888ILsmmpEG|2ysiN4
zeVN-!UVY8Z-Cn6A)&}I0hO$<@u5y?*p|DCw|5cpCK4NyBh+oU2pel%mYC(I5ChYor
zNpC){;UgILU}D<=I^7khBI()goLN;ioSiiT07aeEA17?IDDS+FX2@C?AJ;FfWCf&)
zqa*@px$5RLZt|c_Rn&Wn^Maz}=4SX2G-!iU93x1K<%D)Z*_0+UjVh~p_A-Q<xYZeY
z4b=cj73~p!{i^Uduj6D}P2Z|v6OKmD&YmasTc8`(C!FJq)M;j%$Q*sR*wo}+AoxHB
zAj@dgulrqfeH|W^OFwp)JiUg4W;O!%Xef=kRZkz5*a~d6v_X4@zX_boo2z)PWm~g@
zyS8-^&Kzn3@cP;e)e~D!77XJs!Z6*PnKD;u6<k`bix;AA8-Byxg)ttQyKPMyTtsV#
z`u;T1itJkqj-8XDNYoO@%+eB`?em`m;EJWyW%i*`@g|eq$aQoECTQ}8YBgm__}BEN
zk`z|_2{ZN_o-ZQImm9|u>msCqI_UEs&wA;?BWK%?u>HZTd}+3C>Z%vfYQ8X~4AK$J
z%;+6Fv`iXi!z7<rq}FD%U;HHO&YrNg*l}Ic#kGP_Jr!$4AlKQuKnd9S2aF3y91rD9
z!HR`MbwouZ6T9qfIGk18y??5IKjIs!6}PKs9*r!Yc<IiL;(s_PaldQGf<oS8SDzM>
z6IF=W2U8+dmppNXMCBs&^4Hh4c3_k-_qw8Aiht+vNq@@sly}-(le+U7GO6FxusIOb
zjKzN`gPU;D7>$01pTeic8CeF1VN)442%k0Pg;8_))<75ro0c-OA5?k8>vJ$|3jVF^
zUO{#`E81d8J9!V*`rG!_h@0V5!i3edJ24s9D|hc+_V?D*7JCcPd#=$(kl+0W7j&f(
zyj|rl&m9fkm<~Hv%@(b4MG~j`09!j&&IdUj!)P95d)o)+x5vUAHH;Mix$fH8ew`ik
zBwI~8qzj>k2T#y9<4ES%=JQdIG%b))Ns4apO|`i0sc&)PRCb=l`rjs5S58TZbHA(t
z+BgWkQg7nFsFUz(R2wgOPpZSwcaj?WsTH9%Hj?lip?Wx5o_}!mHV0qO6}$CE383`y
zfT`@4W?Fu0n%};g<vNf7_VI9<RiwX*n^UmwY0jQvChL`??S<Mpm@H%#>ZnppG@g&F
z<6yt$dMbkeFsnLr`Ht}XV-l<d=aPxzIli$%?fdu)LJMLRot88AuWNf(-CI8I4074Q
zOWnCR{IY~uKZ}A#&^>vJ05yy^o=FYh;jmq(BU|d9ktA>J5gA}|xzPC~3~?w}P_-3L
zTs=oJ2oD9`D7u_C8*}JIfmVCbRv)QMB1b`w+fLRybB(U6$ap%cnx-c4w*?e2zXd{=
z6FNX{MS2gn_<_zIoMir$rhu@r{zD%73xt&=S#TVL7=@LMh=E9nh>4Z`-|rm%5RV%s
z<Nf~5LUa-HA(HLEfeDg(?Ldo@DSSXt{`pFrob3n<k(_G}ngPs_yh8v?PszYe_np=-
zFftOcF>%nbb24x+FcYybG14)AzZjT^*cjRA7#Z2Wn^g-Me<wQAejvQbNDiQA$!`vz
z#K|XrzJ+a!5TYkv6GA`(SpGMcQKz<a^f#AL*LN{{y<g&k4^RLf7#otc+!>rcsUQOL
z1^$m7F2Bq#M3KTcse-Umr6=>c@EezUN-07~?>vuj6f=S^ACwz@UD!i!d$sK9?o1zk
zheNn%KpcceJl`h@z=xl5NSk4H#c^83lirJi8?cj#q+Ld#5{6xg=6b~6mF2_t@zxOG
zD#$q0dUr_^m@xiFzf*%{!2RWIsJi${4{Yy9@5|F89JNw8v0IHHzL>>C>I@u}OtzH8
zEROr<h2iwAti~@B)x@6)hvSe0OTRa}1*BguH&tnRM1N;;D1*ie_a396>iY|OD!#k{
zEC9B~+L}%VVbV298GvW`+XbBbhV2%w=89+eDe~S_r6!SUWp6Fs{Y(R@JoLkNyrbv$
z=4_wm+oP7<qvkpOERN(~lg@vH(T>OvSoyk|Uxv(5b)09-?9QTFtBf#sjp(um=E|y_
zy{>Mpk}tX{uEKq0k+(mr7WH%i6SrrUW`I=gm2G!kTl{ML6zKrQ72CM(BzO8R9)7^3
zr!+(_NOV?QWxLPoncnB;funPB+>Fz(G~>$yYd3&1MT~MHAsTmxP}D@YhA49GPlVJ9
zx<Oc<^Ml$=MJ$$csMM{@Ugcliy3G94!2pV)k}=lZbUb6QDWe3SyI1GRlTPg=H9%hS
zA;jaHmx=ZJFZ&q5DzWZu`Lp}6wqKZE&mG7T6HYcH3(yt?BF0EG@v}p{CQ~khP$#KP
zLevgPjB-rKdwasR$|S3kV#0C}^Sya{+Qz>)5}#-W>^X!hFFzR(>E$`6TBawdS<u<X
zC1?}#l3c%1LXwM(_9MgYqd@<%-T^dEOQdP8{uw$o5JN$z(>tR=R_C{%Ep6%k6rCFD
zDb|8j@5VNAXGiqr_l%3OMkS`^`+jt_yV@i6I|+KhmK5EvGw;rYS1IbqO!bfkgY0I?
z{VR|2IGsmK!2<JMkeHiRy@ejww~ZcoRrtcS2b?o%d)D^2U&uwX#XcJp0OXwgqa|eZ
z$`|$#&R@Dc7ZG;FVn=Ax7l>_Bz#g%23wY_IWu=i($grgW_q8S_6N7G_7%1l!$=|c&
z1EIy99tTsJol-Nc%uqymP>rz;WFKA@cnE(Et&%6Sh)87>+*@H-4mRnq12`?Ok$eU%
z@c)XK&0rT$Zg>Qcruo}ju-_Ye>#3b~2Vowzm?ff&M0XL)M`K(ZB<;8fBs;SjZ%*Z*
zI?5}n%9uw<Uyh{#e4A8Mw&$@FCu{<mKv+x(mFOZ!h*me}U&vYQI>x!^gGaYc`d=5(
zy;^jt_~6iPktEVyh4)tfRw?<gW0Uq=UEs~3B}Vsu{aX1=8t>4epTEpey3NMI0zR-6
zqptdoWwf%YL+~of1-BWNFoK0T(~v>u4f@G_E}#qmsQ*$}f>qRVs<fyAL1yfKG`{$k
z#=%9tdr{@3QMU>IHQQnmx1@+`Rk@53EZIev5TkCcuaMI&C+*Z+zO)GGzjXDpEX(ID
zOcVNVUzL?cJ!V)^*%t+}*?;TCm{-bSk19;9usN&Zyzam%N-baZ?<JU?M4*{)2VFp`
z<SqTTzXiFuTatZUL20?ab<JQHFT<AwzF{X_RE?+ra+g+KaQJ65&$q<?L{ZwESQ(|J
zrxa_@e*!4^*cFt440DAp<zJST4i}_jY5Lv%%T$Z9e4dd1lAmns21*C`cL1!e^nTmv
z`)#_T`6%pRBJ02Or=0rF+D6fPH{51O6Z%WF=ODtYSoD6!i~UJ{<B|63|8k2oVI}X;
zY{-8!VmX4>el@?~Oy>J<hi=b`TTQjzyHm2K#^-%(asP8Ch5vIWbrhDKwg9J*Bpywp
z{kJF~<$_1N|MGV74|h-+0E+BMiin52vTB66RQtcC=TdIB>`Cj1yN?zk{wE~97q#Wy
zxuN*~RaH;i^Ltot;l^~xcjVar{||dpY^f<_bu|h$2Uyr@y?r*h(pk&WECNLJ*EI#7
z4E;^}=5G!cZJVQXMm`ql{Nc#8s$9-0dDB|U<tj5>ikwyo5jxWEO17K$A~$$O_uZYE
z&K$|NSf@@99kA${2mkO!rQ`dtUua%7A%M+RxldRvSOF|<;2S>n9E%?wIhF;PY}<R)
zT9MVdeVe4SO!WM$k^K)B=K*ONtDK@1V;v`d+Q?9K3=3x#5XDs9Ax-tWh^?U!>iV0b
z<|~^yoQqtz1V%1rO1RS!-xjp#xp;IU^hqQt8zQ{uDpANLd|pT~_gy%sB^$&L%(iSh
zz;vc5K?<u~PD)i<8{KaD=o^_=*EdCphNbFq3}Te4OpeGQ(-%&(tN_<|c|g#&u~yq!
z(l<#AU8mkob;!d}@xY{W!h3>D4})6*YH2;f5AU~Ga(z3_1MxgjanATS3RDHNOh=2p
zd`YrIxtU>@a2$!hF$=TlMj4Kh5O*hC_{@`sd8RVlAApd@R}eEG$fkYL-cXKXZy4;`
zZ%p12>E7ZbK+Qm)lmJkr2VI<oqTXUc#Eqn5Ln0o$+J_xxQLINV)Eu0!TKmebMz}$Q
zVm%9@ZN<_ZSCVG|)2o!Y;U=|sBuaWJJmyXna6zHuXDE>w$d(*8yR>nwe_%yK?k*_t
z{%pe}oY^;BXtO<8lb&xSN4~|N$UiC^gpw}d%(la1tDn~wssT1ItF%5AGU&C6eCthK
zyk69kg+3~6alG*`ux>XzY)zHq<}c&K>;3He=dFp(w-Vt4wRoTeSJq(&FQiLIJM21G
z)8Adx1(KHCa9PY>PR`q&i>38vq1tVHY=K|w;%UR5gSbwjep@>E@##v4Ui(sRW`_~N
zy&hxKd>1H1K?70_JVhMqz3jfaXtpAg3*p+UOf>os?FzQ<RN7uxvy%Wn93p;3?<Gls
z#~-PA@AZy1&!O(mau*Syhy;ZBI1IyX+4d0X9H0sm6(JdXRiUj$+eJ@&#&S|$64fW@
z4-&B$bPkW=mEWf@4k_{$Rr_|$vg7w#xNvN#jU_%Oy8~9m<4qvsM8NEdlfLw9<H6$E
z=|B-9L);s1yWK4F@!J=<$M*Uj`SV8%Xzmbb6&HTkztLT_$^FU}{>8sVSA1z7-b<Rw
zb0to`$UsM)x`^YI&O(d*M9@x;O^A&c@4)`4Ch{1{nHGawTR-i0d+1tDl(WrU$_>(#
zF7G{2I00B|y9XOOT<RcGq6(3!Y{`f@Q1s5M)!OmY?w}3#!WG>PGL(XNZe-N%MS;rJ
zOLpqA`uX}O2&(LKHP(7`yZPx&*?|iHWI)a>Q%_X{3o7my?$r{Mk0BX4w`QHp9E5uG
zJUI~MH=Q@-#1Kwe8$#<b3n|yDiiDvdbS#}6?E=t;WhQg&<=K$#<R>8dK6O@V2)kb)
zcn9iuhU1v)c@oqzp6Ivf3FoS_R6Z~Exg31VY_#2=bl?8?l_F7d%YB}fTC2ro(@@<u
z(;P_eY~E>)EnN=Df6|yCxXB%H@bsqYe72zLdAGlp>3Z%oaKIAic@}5Junc%*ODH50
zwjv*<4-dJuIs||xse8Q;E=7VTBTM?Ce)kmdlfnEq#Dn#JARfSM|3huU#LV`;K^_yD
z($V`($lv+(^h(b(O&2r`&YvBkNi5C^=3Wwn-zgUx4k+Vf>PO!-8`aM!g&5)+o$<?e
zF(P#mKB^T|YN2_OyH8Q}(7_^5Gu+IXeE58X1=ni3<cc&fr7yIf{Dcjde3}OvXps!W
z-#t!?0YrZaW=rNZ)$<$g=cWh|uMoa?>;Z(0*GjM3<RpcGg~$FTFlo<EN7)E^{BbdJ
z@?U&B26;RS?`QC@xK@&~7>@1-Bs2FX`gwoY{7%ZUe=U@$Rf}0XTy=qrw?>CbnNug;
z#2c+MG8R=pZE_C7l(>dwPDiT4K!Nkmz4ZHE0jg2f@Fk8Kr(-LcVb$7Ck3<_$a@FX?
zPELPSaP0+=_8TsnISaf~Rd~QQ-Wo?}*Q~1YSC^?)>PF6fkMNL<NxMPn=PL)@)zWY#
zwXVh1vKa(NF`jF|LTgmi-1W<}9xx?aWOg|I^D{}UFQw=%1U+nODOZ22(D+ULA~I?O
z@WZJyUil<A=EIHX^YzNLSL1BB9f>g|QB#W9`>opeVr7hUpyvwvmK_mNiKOf>;PNo9
zvEJM2n3Tr92vX*@{q4=J%M*4OQ9h)*BQ{P>{O-^kd?d$)v=W-Fnznh_K-z19Pl@o0
zi+7#S=Pd?L1FBEToFzsYG+82U8>Q6<U}){rhXTewcPe&<TX|((JriKXaBo?&LVwbG
zB&N&;OPLX-o>Uj_6x1;zV||E54%5Qj#Y-5M`V+`N36(P!1<q&i)2Szt>aPqH`B3s)
zFSL9k3?FcCnv`yf40h0jj2{6XGH*{YOXKL0DOPg%F0E=xGf(cEb~yuLeUB?RfIz2G
z%@+nSbLi0D<T<oZXg)TCG8|Y~d{cr6*1uAij2L{Ug6y%ik7}X{zGr7#5^|V$Fh|C4
z1WH3tY%}6zCMSNZQH?{HV3a0T?l;#uWlHUgZa$OSl~G_Lv^o|py}c-AfH9Z}Ori+#
z3&LhCO=6`aHikBBdLQ@Y@=xiXfL<5sbgH#GjI$J9OuvWxQ0*mh-5vEsEof}1pHB?_
zUbHyRm2I!JYC@VFC+x|>a{z^wp)Y;}(^ugzelCCtjahivr|wCo#BG_eu*ZtG>JcMB
z*ug;|Str3MJK*&rdaFA<L@8Rl{UUdKP7zU4u0Lr=F<dntgMrx`xXJGc(9qAf2>%wL
z*iHDLNNAfvj_{U3?9Xt{JYaeNzkL2su0K@HFu-<rBnsb}U$LlkypJBH*}RJfq5&FC
z!T}fG@cKE$@AdZBE>|v(75xF^75vcA7g5TbF$1@(<<9@hjQRa~=nCNF$v@SzzX-~B
z2ZlJ>9`Mq_%(c$?h>x2AST)K4KFYPB>~E4?H-rHstSNgBdn={Bd4WwR7ctXd{Tg)3
z81gkVRufuM%R;pZqN{JER6p3lL$4!`0(Xkw>iHnU^<Nxf7vE1%>P1vkn4~NZFrwr;
zv~UiZ@6}HU4I;=&UqkU;BA*#d{p<8g0};hZZ`oibW7HAZ0iE><5G}bc|H40$k~rMg
z!aH%o?ZF<Mc?$d3fY?o1_cOfI(`2sOpUqdSbzBIYF<j`cQkCO~98V_4QiV>zd*%%Z
z{v3vb#;muRtFkYdDRs%*?~Sr^nOd7W4(2>8uj)h03M<XAIZIkdj^lm;$3H4grgT`j
zENokY>#PttLZ*Mh025a1Ya4w?WqIhLYSGlf5;EFwtCGfYt0!v$<S}H`Pyq{~HtGu=
zN55+=lhAe55mnE+Gbn>7wiG%Xe)5@$z5X^VYKwvyy-NE%TciAd#+|#C(a#0>?&s9d
zZH>Ua{uRPmQLheW2JFKh;>^afx-@R^#Atm~qti`4Y_M1G-Jj(8t@O9^H^;4L+yFbN
z*R}tmXn`Iv$pXo~VEhs6QGyrXP^B7)a<Z*WF5y#Y^gyXe!;Xhosp9us%U`DlqUQln
zW_+_JM%AQrX(wV}@gEc=8^RXCg5)Uczte4=7GJ%d*Q$R+uQKLZ-IgpUn7Plt84$3J
za}R2a!+H-gJ^^Z`IGPBDPWJdbjwyAAxorh(g1b(G+y`lwj4|mtr&#v;Ozo>a6pe6f
zUe5bC^7EB@!E_!s`C=rh_{Z0DHaM$7SG1;owD;`KH#*;8v5Ws<730{d997e7F61k^
z`q5#9LJl5%8E|_vt7Rs4D#OBhxRol@?`dViGq|CVg8?|i94Y>aVrG^><kswzl9c<|
z<Gv-?SVX~kn}=~t(TtCX<jg47t>7(|FLkbrk)=^OdrDl?^^>Ml@eD({n(&mKIXkU1
zHLN*mPW&pmUWlpb=VZ7t<W%(o8X?Af%4M8yo&1X!M!g(0PK%F2n65SS$<ItnkG{Pn
zv<Hyh?tOr0nn1W}v5(cc=>f1MAND>|u@f`=Uisa<-&@iUNBj!-awr{wZ|7e_?iTx(
zF^Hc22`en1rFwCrCs2Jmm3;3BAUDE(7ohcrw>V)u=2EBN{vo0w@Mb7URa$#(FQJ-b
zIaoMCp!q%ML%Bm?lp#!!7QZX68l_MLmAbQn(Hj6L9VG&*h3O?ZGeXwigBbNCt#Q&?
zMUr9kMHR(XuV)}z2@W01!K25c{p!&hk<fgtWYK&S&BaxBBH9Y-MqJ0k>yD6|Gsm<D
zNcf{a5e%PR1*uKx4Y)OsE&IE_P=>DD{H=DM7ZlDoblVN~FRG&r?A*7iPF_(X7}?nQ
zezpLJ$q2J;j&Xm(i9BOoz43)@!xgRgY<;cn&>&}5;F?+RKCB4(rajGbCB7;c%4hCH
zaSoUy3cM+=SX~fAlmy<5Qq+_Cb;dkN>tS96;j$9wbku8g*Inu=HL2U93(YHx+~>*-
z4Yit22`BRU+~PhrIZtKRx)q=^#<0|V0R;n|jfmjF@Xc<pqoPfV7MUBbO6=Ycj!^K{
z2zQ;n=@bV}24g;aPoy&h3RqyN`y_X_7N_iQLtMYvyR$JkWxEgTI3BI^lCmjTQ(aV)
zFwX!GCND7Wcwry>LK+<{d?CARx%1UOa<eP+dYm7p%kgrq17BcS#b%}C1XH~uyr48;
zoD`*hHv0v_6^s@UXf|ZreVjjzA}iL<n8;}!cfCWEb?jM`J4SN+>F(-{wxd=Kdzs_9
z4MvK0`$QWgLfpUz9iNUf?}4G5B)m;4^l;Y(wZ54F0JHKe`XtX(eeY;Gc!K-_Wn%kx
z>l%raf8lBw8UA;bEbdwrZu5<fUhNdHOng7LKGZP0q#RO?+&Yfz45Y@5q#_>VH>|dM
z3tKm2zN+8{?jP8JzFHTvR>!^d;oNzWn>&#mKraQd(09Ss5PN$wH)TiSGkqkM?d;ys
z^OH+)=k<)gt29erV2+S>2Mj=n5*o)(6V|FB$;bW4<LUR)TGZx~A}oC&qK_hsfI7NP
z4T})%z5CPI<%uA4>-(#ZYjhw}>E{i^7W*QVI+_G>2DBQzoeNo*IVv;UJA<DyxV$>f
z`+?c8DWG`l;Lk<MJ_xnHD}ri}j2_Nepsi7%K;m}y!M$P3YdtB8ks?5gGNMT;NKgUd
z(BHDHLO&{~pInd?i`a&tBycRw7OqQm-uf4G1nLp==il&55ae8qjd&j`n{-8!pt?c#
z&JMSF&)12K4a_Y*aa0e7?zbUk$^{3ztP6)faI0d4jUdKLv#9Maq?^~1WcZ~|U)s9s
z7hOKFGVEXmg-<Y?$#MWN{Jcom5u$kg4;XYTFG8y|^{qh<HjGA$SjXlJU71lIJjDGv
zs!~1L@~cAi>!wJ`9YGjKMNU0K$o7$3aQe;ddpch|IV_Q|U@#%mwi+j_S5t68*9#Pr
zW}sd-wz%NguOS@(3^da^H4bnDnCI%Ws~VSs*9_9qv*9e_CNN--$-sz!64vtFR`^xb
z2QKhWw;@IpJuw5mS-V6u1KrgwN-Sg=os<51wU79_rCdSM*X{)V=Lc@>M~orGU5z2E
zRsQKw?5D)zc9=zm>+mVUT1f)htaRml#OYnP&(qx#JvWv2@-63^<z48S*DkyF+Qq{w
z>c0No2pc4sbr%4YFdBZL^&x8A%aA>LJ!gjb)_RsP-Gh1P12qvIjJeKbLtwQs{uqt(
z5w`*7EYe|w@AC6=@7GlK#UpU=VY-t@9CGo?>hi!EYT~g;iy%Am6BK_E<8v1Htl?)q
zqgrfY!p$@7)tI_}>MdONjQ<?_4zo!Fd@3d?mAvQm)FS{1OhICS@suc_A@rg%YU)uv
zLb4~P6odm(4Kf*?uC_8<{XSCy{icEDsT#JF#MJOkUBo_9wT&HA>jgVBYm@PS6IXet
zmtK@6b3skD--67eXWn#-*O&krvy^(L-a5>1NSGzgtEjyG<`Ncv>4nV4_y8Ivy7}18
zyz5k%e-B{orJ@W|%*1|2gjajK-F2toPW)0w@W}C?SW<$vxI+L9UQup7_@SFWWiB05
z?;s`~LP>3|gmhm0h=m&zs%9EZOwMTC6wjvXY-9^@iM13ZdD<Ra)$|86zHM^Zz*~)a
zW50k-OQsLlS&R+}L7m+Hc6B_C|KsMHZo|iC=r=%;DcI2d`_zCTiD@RFS6g4u2m!RB
zt#_Ped?#$}FwNxwT+cF>7ESM3M>!xHzuiXd&F-e}Ar-4nKXrixH+Kr;#iA`~yc#6k
zeW;>DGsNgV^~yfG`YP@{JxS4tS$z<mYmNuudD195`fOv2o0zrbQkPjc)D3TgWFwhJ
zMF)^88?lknlIP3CX<=CQyAKUdxcSId-&)n*Ld>_m#kSv&1tzi_;;d#=<`NYi<=`4J
zkUJM89#3vMXZ0BC9PU9~N(jeu9p0Y2;;w1O)}B6MzDd6n%^Qj78SdiU`Pd<*xF4DQ
zHP4TuR}fnh-^{#tI5(2NZ(>_ED+GA5zzl$vTBP>iEn`*L%v^MfCXIjMAJqbb$~S$l
z*PQDwZJRuH9v|L;aqLNhVpJH+0^*hDOBN*(lG_4f4oAvw?uum|RJD5GbA6vq&;Rv$
zMn9xq9;-uA<opRr3fhHzF!*Z3J&m|HU_Pa&rgJsnd!}RJb-bxPR;h{XBazxeEd$Vn
zm}l6OqQ_X(%;QUNrJjr*Xwmu9h6`1m?dE)$olFolax$3RU)fJrUAU5`Zo-YLQIz5+
z*7i+JY$W9|Pa_Y(sdm5JA36Miu_rv94eS3yT48}?D#7FkWj$u#NZVQTR(neLS9?m5
zn0^jZ1p)0y4Q0A2Y*8hW`fcCv5eZ;c1y&?_OmI*6vQL7{{sIlp{u#8dv1U=mz7Sr`
z!o&$lE(Dcg(Uvcg_YzB6T1L>9^2eU3eT2~BNnoKOX$d=%FfIVj!}uGH-B0IF#2Tp&
zW{6PMBNPRSYd53=$*f2KVISX)YDA^E;5eayC+qoqQe5#TwaGFOch_Q&3L6mSPyT$K
zbn<F%HHc$vlGE8nm$KB(5FF0>)QM)ent}u4Mr+GN>$z^#qgsqXm4XE~t2*3B+;nNh
zvX@xUuOta+(tjL@Lrw5AU)A7V%wPOe2F^Y*F))CsP2&K_WOH~sfF0rbkRXEOj&yKq
zJ5naA7r)j+crOTAPN8)5SP0<Y%M@*V-TM>ryAy$;ahm3mYdI-r(c`?oy_5wmzeY1y
z2=lK-&qexj!Z`V#UjuNtM!~}V8>iU;4;c?rYKpqHY8C;&kTUZ-(Kc!yx5uXFmf*j{
zkZ0KjgG>__n<76_Cd$TmD%i`HJqf2Pgv7_3Xg1Y%I_h-y;C)_Yah(9`D?v%Zy}nnV
zLWD?4ge7oL&j##p(#Q0!POy6i&nHX}WzM|`64JTr_g46|FkVDNFI9OMc*8{AGFL!V
zC+B%05i?}dac@Qf1}L<HII=|V_qdjE!0@6KFMng~4PeBz|LEqXmd@`mLlh9R{f>_0
z2q4KSY6lA9rSWcPCN2OFbLm59M+le=nu`*lXFw)s3@acfQX8_>8phBYOBB*uf}g6;
zD?!HeRKB2}s`|%012c;3R6HQW5t(N-a1?^VrV!HfsuV$lg()wzh0A`W1_}?!D8SXL
zV$rM$pwft4%^WAv;j2_=FuuA^Wn*WM9*N-<O_=7hjdz^zz}W$uWg>s)Lk&PYn3q0T
zDvhaO9Wned9R)Vx35^6I+^91(%dXMdenl-Ctf180F^@|xYJf7p5rVM$-SoHg*Mfu$
z^JY(oz6zXyn3&@ZOw41_X*pu%Pd-w$S-e!cG6XLuvlG2+F~V1&DsLG=4<Xj4TnA)*
zcJ4NqF|+xy!9oH+A`-B2cr39iSF=aX8veos-8os)1ww7`kdb4$j)@7I=TQ2=Ahu-l
z+v=J}yC7uqedENLtR&*nm6zK%w{KF}qUTb2WDYD^4P5>#q8vqrb=ym)U_C1bAN^^G
zZ4}bnrltn;EL(oNfPy5P6ILN3x^9fcrIlC0NAZHoE_ygXjgtV{-rIYf&8+yr-sA^w
zwU&p3rsU!vCGTkiItE!RV%)>d<h?udLR%qE^)+_U8P~Koc%TNw0$(vE4_>wwx<P1A
zVGIk-;mGG{_?1t~n^yMuT?mP-P9k=QDo7?8M=oG-Ii*X^V_l2OxQ*Sq-}N{Vx5<Qm
zWDUXd*`f;IhFO2<Tox;q?nz1S5|n=MTD7%L6ylEh@;Z%{7c+TUv636^ZgG^_KCd=q
zG*KD+IV8@BU4KIT@G@YyHviS*3-(?iQj7oRxA{^*5+Y`1v(2)tj!iocli|3OUcK!~
z^BFFtBOu#i8t+i@G=puOMr`rsF4f;f_WD;uk-;+{b;w4GFWgc+HIbGK-5j4R=-2GH
zr|epAb>$zj=Mu6p{!mKRUQ%YdPfk2I?$kN0y^QcI1f^mYpDgkPi+RUegkJ?z+2ViX
zBnox7@UGzLe258Mudcngw7FP&Uv}IANrcH2<ijof30|NbYhu*|7zk@2VHjqGdzC2s
zm5pZs*sIS*(?3u{{2ajZ!Jaw%H13+>jd~_=cQ1z6+9(h~TShiQ8PO|GTQ57K%ujK@
zyVIr1jdE8II&64e98!PjfPJZgVYXQ8OmI0TM6xkW`a!}MXG2zW-2$v-&ho1KIcsp0
zArS@#<_Er^zPhYMtcg`1(SX-m!m}~TRImzw2YexBjXHM4hs=>Y`HOI7LGaWZ7;aE;
zlfp>#1wt|cpQ|y@Qg=$7P2j?LnexO;bXfCiVb+0-IF*#i&=f=ckL`y9t8zYJ{*4%`
zCWoNeNxcwV_Ck*^d__A|V;v3rBAn<u0+=tCigLP4Ken#!UsIYzH}550H1D8Vwb~8<
zQr(aaCIj^GHENV%v1li<`vLcUYD}C=EjjwXYM0>T9rFCaZ@%kmu^D5Xbi=QEqk>i9
zlsls>j}*m1$w_?DLL2wT-VSArd%7bWyA4F8Avm*xQd;0`NQsQP?fL?}9ie+|{nmKz
zhz-^t<=Vm|8w>p49F$cW$1zSaWTmNqNw@FQbKR;mXTFcIou@6m?l&9Gt}Wh==*6+O
zJ-cWj<%<i>w+`9vsZJMuau^*S-&C`T^_^2}a=r8%jBrz=#({;oQ<D4)3FQNpI;#3X
z`Q!uaVP@e@-<|oDhGD+yC)7-S%e~PV{w)lZ1GP6I1vxu38+8a4(*O+%on;iv{<!H7
zng|b3eo$(A_dfmf<S*cBN+Y!Yd0ry<35@cuTEyg)Qc&z<{!?J+@5d+Be_$vE$<k%t
zM8oF<z@*6;$)K==tQ>UT&=MvlRw7m=W;zCDCT30+B32eQI#vc&1}4`34@nyh4#N0-
z6}DstF<^243p4Zo1EkgYzgyn_KuTV|Atexo%Qf|42xk=rLt+T^7x?78)*##=?;mKC
zd|@hzN>9VlKr5*hjU|S)T~u`{KjSogOt0_4`a_hxeot!UPc9)AXUkdFrS*18%w!CV
z*==7H$2Y`3XsSCtS}Fl19ge1w+Cv@5NYSJ?Eq?y2Kg!<9?&AEoLp#-?Cm&03ejIN_
zia*@sz^8cTe1Cu6JJ}QGtG$c<;^P$*c2s^CqAICwINTjiOiOv}8@UUKzl~o~#8P=*
zM;p^zw--Fv@&Yr=<I<KD64fUgzWBkgLk5Y}38Q3(;wb`GmIVh$cTVkQ@#PP5i**9Q
zQJ!@)!Hp<+Zl!FBpZW`rsj_K+CL=TMyIqH@B|nK{#1#Q*$UGu6o>O>z)$v}3u%N*v
zXvQGKuAs;md>WB0LpP{x?+&>DoVvG(+XZ^+`;1hgTQ1qJA5i6=o40#Zm2$8fB~5vi
zBLsk`bceKD4(0+7bzz>KQy4M^JPN&#+sUuXbhO3(dQdrI^7j`<*2Z=9dE2?a$?krB
zU9;nd%)Wj+x&Ht)diPNLrUyu=yw~MAOu5wzruJ|<aBvD58KeGOx?5W^8p-elzQ{E0
zG|uk!`53{pD>GKoA>9Z|puRw?8XiJs|FBgN*AsW1Z$SXyHW`K4E|V6Pwow)b%X+wc
zu7d?R9IGp`SAX3u6x($Pw7GZKf7v4oOr^%JI#Ra!`d}Eh3vuW2;_kz7g?7vE=(KpZ
z^mGp3?j)cRB+y49A%+f)J2wP)<X)n8g*(B2HpqG9%DlX^dHC~V)=W6PI`AQGp(jv+
zoA6|o4=e%5R#oU1r#hGkwbl^CBhBk7V)ZQPx5JOFw0vqe2Bgi>tf-Zrb&X-1m~Q^C
zU;=Xm<kGOzl|U>CsV2RKs3dODZAx5t*%DNo_eR?z@Qr}Pg3_aK`DSv0ftm#o&YTwY
zRV_&L_N1C^6S5l2xrU=<M5awSU*u?<<O-YgPo)6p+CyO6(DpjgLPnnu7d*Hgl-3=M
zIE7g>{uIPOEssk{lcj(o$72p>C(fN(fQ#s=aoEwEOw|?JKvsxlCAHkTiQ}`k#npN}
zvWa<5%H}FN#^B}A{4Jcm9T)x!RpAq$l~|vshM}otPMa6>7H@{6laZ{~wzg`+6lk6-
z{%{9i)}Rlb;YUwH(-2mm;DO8^H(=*V&Hw#;yF<FH5d@l@H`AYrWQM+vV0OKcQBBTa
z59uJt@hYQn_UGM`x6~e}uMfz_A+rba8Tc2G(8WGI)u*;uYnD8)jS`fE#-!mniuT+t
z*sEEdUk-UOj-SwO8%nLH(*|~R#W|@W_>v0XC=oYZ1a3f3ZIk7AB)-eTm8zapVHC5N
z;aQch()n14Pco#;rC8Jw2No+VQ3(n~Lr7g3l%j^QPMo(KFBgqOxK#~D9-cIMpRy`H
zJaKrIBEWKA8C}?w%MTYdhOLkNx(H(&2@tDM1&q{$qHk6j$H#su*<p{Z@}(7N^zs7W
zx4*^t`~=QFkY}V96}0`0f~NY39XRkqd?MBF-u@B$EX!l=sGlMjC|Z)vQw{L^8olNH
zB5U%KfIiJ-a8<9x*Iq_8j{B&=KOsQ4*x3<^{6y1U4^R91OjXfr7~XetGpZ{SH}Dp8
zWxr+;rg>=1IcEq5f61WVWqg#@MP&$pu%>YWy_ZxaoOxQSTFqWSwB15R+o~ENCwMOE
z52O@AE<Z}aX@-6a3?4@fY>0qhbpBVF=W!TeMD1RzsV__EExH6@ltXu&PYT>pAbnMa
z2`ttA9Q#1Hjk1@??jfi?5v!Q5u#M96Vhxj;t%de41trj;>EgaK_>F|W6}1Im{*OSC
zQN>}x5?l7fkt~(}S>B_eadd-H#or?W--BY~oc)6ik=fv6V9@U(rAaDJwy2OJ{JVN7
ze#$F+X5wJc{;^{zTINP$JjE>($t^O-sKSvnMmDj9{B!{xEK{ff!mp3Spd8Q+jQbxH
z@j0IPli8nVSz68$rM^RGSd<@twL_K9!;Dc2W{0tg{WZ=+(4N%C;S5VH2(DtG2i+KD
z2g14xL~>?w*&A$gw4R{%A(^~=A;vlA8@IfY0()T?!ln3Bn(7&bePXt(m67p;pLF1_
zoEo4RG6y8-^zD+V6`N@o1$GLhNnu#sQ{qrYkt2VJ-{Rvl+(S?^m4xE~p-8RVQ<i^n
z>t$-WM4}xFzKBIWATGZtc~c}|p(n|L*VP<P1Q2(C>%wBB1|4``(hAae_HrHj@*Sz^
z*njhOqA)}xHlV;{HZFQ%*$|6Bnqkx_+390JLMx#%27$L8;bDx&8Ds{*gpD0h8T=yN
zi7SoiU!GtP4NHbTo)%yL2ptnr%n7F!$v<MCQfp|+(6&qz$C#p>y=h~SMQ%U0OR%u5
zFVTjI4Os&6a<kO>dS?<H{?OVYF8`h0ixOUN*!GmCp!aFX$LFuekCK_Xlw`h??7Lrv
z*_(IxW7ZgQF3*&KiE2FM&&@P~)Zg-Z?}lMrtN%lrM)Ub}O3&vBaL6iUWQdoY_xJYP
zHGsRts^!YuYyiWT#7)0)W%SPWv0P@J0k39HG97O}zb7?gTGC0jZ3f4b$KZEtj3tGA
z3rHULrAUfG(&RX$x3!vS?CW!9I;c|7_px8s?fzDSgC{d<ZUDW3$!Pw-i{)fQ-iUov
z{<2|~l~d=G{PnpIfK7*DkNYs?GL6^Z=L_tv$pd(bp;?%)eAszb;tiY-JTP=1bv+a1
z**prgvyF|?Az1r64G^;6^HT}zRgK0ZJ}x)>K85eyeDaUgqz6q!8FI+f(sC{*SNR#_
zyL``Jw@F!7<6pXdv2gpApUo3h!Op=eiNB`jSRx!dGj-fg0I(OaD+^6<PA);GokZ=o
zX4w4w%3g_l{nl}E+3Q1~1tfUdnKv<59Eg%YAy6OI{o=zeeGXY3DWM|6kP1Hu07gtm
z#bxSz10$fBhz6<2(b*VKd|-oq2ndQ1zZqgDMSELi@90jBXB!#bP$XMqmYg_~%BQ-M
zO9LZ`oumV|0JWMT&sV|7pA00r-e~V%p@Cl$q2CQ9f_<F+u6_oaZ>(Ma0kyr@y`=Q(
z;M<4Z5NSX0)v}G-AR)Pg2+vzaEsF<*3-$*>1JZv<D2-J^IKA{n11N+1=x2h3^~*VH
z+%#h_%$>#Kwqr#Wc7UioOfrye$)HIhmrhd^3>f+f0;sv<ez0mh<Ih@tVP#{E!3c+Z
zqk9~+xrKMe1qz1grs|K&Dt#`=UF-0OKe-H?(*^e_R7~7MgH-1$hVjFT1>)oN2gie>
z1Kf~YcAYF(q+V+}p#tIKUO_m)8(1R~=30CVmcr_mc;plfaYkx&>Dy1g|EK=ms;D(P
zG2$#N0bFqKQFIM+>+$RIPl`KIy3<rb(3`~0Y6jcnXrR#{<dNtgivqatI{Xi%EP$QK
zDD7!H#S<Scpk>z!(KoY^)c!giR@%!dBj7M3QHx8udS<r&ji2-duvN{0rK8iK{oK58
zzQmB{M06KUVX{c~uU-t!ga~wNUTW3iX<?Tq0BDCP%PObI%Q4bR>}~2E{pm7G08bZ`
z>FbvfJ^A=26Ju*^+3_FUs{&DhjDx;-^#kK9cQmMIt{-G!Buz+sZh}WEk!Mq|K#ve)
z_424`K><-1G6`^re+9Q!B(&R}{iap2e7^sORw*ay4&svR0d_l&ajvKEn;B{0`eX;N
zD}^O+gA2bddy3g3`sRky((uhmgu}<Htql!a;#1<+F8Kk{;+Dg~E{W9Qs@&M(pgg&_
z8w^WzwV|TAj=(O8LbzYVprZLrg9M*VKyz{T*g_fiO2i(t^M55<WH%4V#?C{wQo<#x
zeKSJ!7l%l{b@1AT74Qwq8UX$yZ}sTHL7DV{(RTDVCw9BN@;|m?{L6Mvc2#tCDQUJ)
zR+6qYS=Rs9+AxJ{!nrp8)Gr!P;3xeLt<=t3f1&p#h1F_N7a<)EDZI8Oypj61UUV0C
zVj9bA4<Giio)-V{iA6U1DB!fI^eQBL$Z(mtYLD$<P<CN=P}V{t9G9-7<Nwh0mSK4`
z!P;POf(9qJ2X}{{!QI{6-Q^)@aDqF*-Q6unaCdiihrkYbcfaeL-E04(XL_o;tM0Du
zhnZC0<@Ar~30=lpnsrtnUxg7G0IYlJozqD~i4aYO&E5jwivmDzs(Ytznw%N<ru08Y
zbp58pddoDa4DmnA#-Bu&@sVdW$yR7}{s$&#ZubA6>B`DR#7B|Z^FIuHr-dqt4lQ8(
zAC>_9LL3?8{4Y51CujVglFi|I|DSpNrzYDkKC)Ct=@5?18(TOGevZBpOb%^%kMn|(
zE!QTh)Q3+Tv!MTJSae!WF|xz|G6I;+)F(jh|2PcL@&BI~HV1icPj-G<Nnd0dY6qqf
zebavs+FA;DN2L8{mH{7p6#&;}0rbp36JP=ea0$%4T0g)g@Buj=K<*!`fZRK*|3~is
zCB~rrf;wKux)_oa6`!E9JMvV+I}kFDEV=!)y_(t%XRtK<q%Ft1OD!-7FF%M4(WvbM
zQw3aj+TZCCicsBeYN{sX4Y>ji9zi3ZoQ$d<)`nbEJvB8{%Z#Lf@~iog1af*QJa>MK
zrCPSi4$WOFP8usE@s1~*RYUel9+~|g_hxo5#}gcpHd{T3+11DXnsuerbSX;b3K~nl
zR5_CKt-|lEb{c6J4Pk~#a$-iNWJb7EZu2~5$Dwg&2(?a7Y<mkUO03)@T%K1z+B$t9
zDwDK`r+WI>m8XeL-;<cbwVB}m>UOkmhfYl2=DhSm;i2CPNsx0^al{syJXij16Y$x0
z&pEBiCS<iuyjAfmHEh7p&2R2Z`^+WLDgVq<rzW2Zl{wJNZ2hDs4?V-?qWg2j=F`gT
zs+&=@fmR8+`NG;cqW!)0k$LMgXyeRH&S&K>^zG!(ahaY%h}rWRj;dNn;VGC2*z*%(
zk0b3(>BK3-I=f@qaL_nUNN`Y_H0KKXQkMaFct=+-hgCnWn&l(YeR})Xy(DXB7owb$
zH0}wV+n<|>w_>G@ZY%3CKZ&T>5Nabgzg@ddAHgqiq@6WPz%L~~^Lh<ng0u{Wa=aIB
zS8KwvPrTU2ggveD9qiFiPjwwCA}2;MFITJ3zisw28UJkC%(14bbW4QYZE0<!Q+7RB
zjo$!i*=eW7FBH(m(K}Ln8a1;$%t#D+%k!fPxIvw9b}N}un$V%{I7_bXOY4)A)8K$-
ze-z4`&5Y+hlHXZvHz*D^0(teuzS#hmm?6?JFpbs$f%??nok|OBV=B|2Zc!@>tMuSQ
z`Oo7WH%Fa>oRpyXSq2}I`u#ug%e%Gc<;(r;nX=2L=$r2tS>HZu`Q~ixrgPO<-b#NI
zjwh!xjf<#+qufH<LSR%CFBwGY?&q^Q1C<sodXgZ}mz}t{)^XzxqWFR2?^>{%VWsfV
zbS33RRlc<r9z_7@R0#4dt!1Ld7xad^{%qUewG^DxxD}*EaD8!N_Xx$m6prj_?0Ltr
zEpC>0DM3R_29qG53QjU{uD@%$_F*`#@3|3%YO`+ly3n`i-ur2D%usIAmx#CR0_k<J
zW|}oaQrs+lTQvxVu+yPMQ$yB{d9OHJOnzgsS$qI8sy4`P7YgYON>9KnNnsuz4ftBZ
zk@T|zLOtobFN6aSELg1uK?!1FV&?i^|8rfg_Q&>LW=XXRYXR2qK8#P${{;&UrU?89
z!0Qj&A&WsB<l4Ev4m$~AnU3cbnmMwdujieco6SS0fbWrW%u^a-;&izN&K`@3*<Gkn
zB2kz;!`*LpDGZ$0AW-w1D(1wi<mH7%n9wp?fzFd<l=W;wjyEd>AB;@#BSWdENv!G%
z@nW&y6dipYdE3_F*pIIHd-2g#RE9C|A2RNZF~t1tkg#WZH)_T@{45gBqZ2(e`C^$X
z^*X^vf(JZK4M`|4Al>L;YIO^-!L6ZY#!+ELS*j-);a+DBH#Sx(?N0=jqUUboT!cwv
zKpjK%8ZiDjhOPRhhK--DrAKBy;bzo)Uz|PMfbHA%p!_|coC8UrZa`Z-ZJ%^u^(|SI
z;D_FugCG^7Llu=DF=wEpvfUfKgTi(-5%eo%%=!s*4fisaCPQNJeQmDL#Ev#mrK|ka
zs_XOKDhAQ{S+E{`WOiC)>x#P!MfLb^X^`rNKT+prCwg7i#f?Vp*QHA~A$D%$J4#b)
zzr_X4a%EM$^Tn};yAx5gW445FO_w;Q`-AV&IXPj3aiL4S$&m=mQmf0b@vRF!4Wv#>
zTT1k77!VcG68zwmu<a5FB9^Y=mBFh>1A`Y8k0+-R2bUQf?$RXBhNqUiY9pkS`vyw(
zcQB~geKYNnLlshEh0iMH{3himNqcoOm_Rlje=jUbmoANA$<=2OlgP_OG3Qf-jh@#+
zjcVBISY^SMX5oSon1kCti;+PT8S=>;2g`(nHG@P*A+#_Sb4k>Kv<k}IJ#0Pcg#4C)
zLTd%oqs1Sevz~W{9cZOI?P5wyga&fPHo7{LWZX5-LvJ(45e(wSyd9NW2YG|qe{5B4
z-WuOmt3j{GBn{lVerT>WQj&{y`$~}H$@9HsK}c;JUjF*k+xqOzJG|!j%K6rPS!Ci~
z`<35jqqXwWy2!>8@7~9(xo-lOn^j~zygE<FqQ`MMJMoeP)}YsmyQ9@u7);R4nJjIf
zR)3?TV>P)g&VYh^*lrs7i3LThFThMQP{RN6@VY(QAR(yGt#Xnlc@)>ayx`tkEurP1
z;xJZZ`A0cRd@m8Nov0c@J^vG&r~BJyV|T1CH(UpxET*s`hmNqM-lSGG*naxT&t`mJ
zn~>)1EZpQt)={dd6khg$Mh~D|UL2P`>e`K}+_67g&p$(`L5u4Q?xq@FFwZpSxI;N&
zhOQfXx8bxk+@7h!#JImJeS1ENEQ}ImZIqY#a+IeHGhlw3MjwxuE!bzreUg{)2cC^#
zW<|cUEa4Rg@3`H$w|PmLgISuUigo(p`^TSua(_mNJ39Iv<rf}Tdp~=CxIV;ZAuO?M
zVx+M}>oMhcWp3_<*%356lwA)7k3i#3Xs#%siftlov#1tg4kW6VMDay_348cNWH!tI
za^a=hN=&v?F6*Cd0>$6{D7`*~+J|}!cPhp%#6#m1nanQiFJwx^<{Ye89#Qt|bN%oQ
z^(3nVakzyGjI;HgUjgGQSj~Umh>7j~#nf;neHVbR2j^f+s{R8;1!DexebmKUjKbx(
z($UM_|4;zrz|!|4!zDXzD?@{6u0nS7ipSzo|MCd3zND{_D9*oJK#IX067MT5QRi43
zy+eQfYIMO*^SOHNGu{30@@gwSxv0Ve!;QIb;9k;&M<ZG=c45<`*O$<`M2$v{5!8N4
ztPdb`e@ZGywr73<SN=2K^~cNpkA{?Nb0?qwZ_as`<!2D+rNPTrKky9n?Bo_0w552P
z^^;MTy6+)VLZZlVCG78V20%LRhX9_1Q&qHKiV694$s&LjX%K7w8Fre$4hwcWQT^AX
zMD%Un7?KOLDw+%_!*x>d#yEI8EYBa%X9MjUR+5Wiu->}QD<l3J_>nzSJ<jI6<}@TO
zzt0V%%+$D*z;Th^PUrPh^F)8b=}QWbe0c3E#h(sT`3`(%qE>M~HHl`)KYg8DUcEl=
zeB3O|>VQ7<a9R25DMqDrw!7L+GK0ODUNxh57=J-$xpeiU8=+Oy1nPfn1>G8gqEdFN
zZpYx3jP7p3vGlyJYYZtytbIhxj!O@*x$>1l53R3VX3BO)xI>-?KT8HqB(Urj7JL&S
z?XEM!s=b(X+Upx%|9ia4k-)O@;IgrOwz}F*I>H2fHz;pH2b(g`(>(yqn^oO<li~6D
z@YR343Tvp>IsH%LpPOZnH(^3QD9|-vgSFh(Z`_LYi+2*LZ(+T#Ufc%zXxzm|o0V&_
z3Y7jdR=&T8RYouLgh%Pw$l-r`&m-QzCiVM$5{ft<Zrisi4n#S}FRt9pIvzT}<}S7A
z%wKX{Y3#GUL`0(~-BC1nO#ZaMf=Ei_jv_?cC+`_@dR8Bxo@{vLqOS*j97ph<SDl>P
zkb^U6$gYRNi`%dSm>#5tQlQ-i>h~no<!U&89|npV54ME*er&s};;pShD1yyZrF`db
zM<~TAFk<4yRfa!_Zjcq7g<B$vlYZ{BLoL+sC)I#;gsc)?IA7HDpAGXqA~*jm{-feK
zA)oxDI_>;fzND6-S5I^r^c0#6C&4K)rI)u>(9B~qbgXZI?5s|9s!pHCx*v#%WOYgY
zchvp3L?tEDRMy%hw*KSsL5WLHqXaT|XB9nhHuZ~?^Uhz`n`>kIgD%aZ7MMPgVpiz#
zTxNO+f9z%JOD>mh7O)>m)pH`vF^2|?lu{w{&BXn-5r<3(ZFVM3K(f-*6la*%Vf&+^
z1$tTJY{Mh{5Bi=xFBBi`zwBu3DSPND1pRUgIvEW@tOG*FIONSqg63QxIEW3nSqe*k
zv!&`cS|}5Dxx_Ah6gEv|&S+RTg`^SJBio-xiEv}K|H~*(Y+a!m#ZK}tOY<X>IBJHN
z|I;Vx%NQRfYN?zUBhb!gx-|?&XqM8bWS1_NpfA^2D168m(+($mz2U+nzoB*nZ%}nb
zLX53oYN|CCgYm-fb5}y{%BB|y$Z%0k`l^raXb~)}r-jkm4ds!=^TNM+8Fy9b2qBWi
zPc6`pqyIg#IPj>iX=R^`J{goj`tmmBM4X1Tv6|d}mi>xa>;Y0|3CXKSi;EK0TS(D2
z3^s5pkRb9*Y(`wObn@yjP49W(-oDfIAFG=6S&>&y-HAXOP$1CqokP%K7D0f5*a`Nq
z9;;ezQprZ}nz(ujW^$d2jogdJwED46dTjC0qA6XbG%*<xS@U<DiKM!015Dr_jqvmu
z_Adtki5%03RM4QIRTgu@DK8wWg!nlox?)7Z7v~wg5Gpyl9P=Tig$D^K`U>s7pu=Pq
z^>K28j<NVDmSby%3UMk}GfPeFZU;AZ1oXu#1w)sU6IZO<?WQI&nt;GOvMbKXo(9I~
z<2XljE}6J;zRP2@e1gKzXzV?B=E-C!cKEGnBD*HIBs|c-2&#a_U(@qW<^JytF9;9D
z>Y4nHzb=@p)}EWpcgK0wIdG5XdqQ0=zl*W%YnVB!FjFOvihk7IcDLRLphjr&tTt4v
zU^fx$7aU0WaHySOpS-XAnFujXWvwE7-rJktc2K}pKIqSPmxC+}L1N+|{|Gc=<$XFy
zNAWtp=RG&jz0fDq{94o}7W%TbR@u2S3Y-S0KbrlMl_4hLYEU$+hUqPymTQ$g1KN58
z<yTcRg-k1y@^*K(k`OY{R*wkZt4p9uDys~)m8Y~r5zGrnFM|$|(I;|pE}?Inh#m5M
z2XOZ;9;+&kTD*AZ)1uICQZc?AF}Q2f!S&6N*ifm12&gfAE`4;dmdj|u{3|Rx3Phb{
zv20~Za2`d*n1?+icB)@+^GM6c367U?Pf4dBGE2)SW3nr^H9NBG3Wsr$w49x&SFqv_
zxT||=O^}Qko|9L9^E8s9cdx(|R+;rQT@#Bh6|be4oI9>mz##~sFDWCV#LDSw;n`5D
zaHyDoo<4xjQcEc(l`hx%1x%u@-pN)eh--KMbU><4Cv>t=e&T%gG$>8*`^0L?_AOVD
z$5MH)k?(DDz0>>I$Z3SI_Ny&I{g`?;9Se!cs&}l*unBwE?#k2G(ZUnwjz?^68!l<H
zv}lj7xK7Z=r;k-NVFL7Yh4pr127}@TA4e6ZKszq6iQLS52fqzw3-N`mnL^dfq8=Aw
z=DAXpxYH%>uZat}Yq{E4+UB}N3bkbE*G}V|zfIVS=OEaxIvUNsp2}K?rcW-3Bk+Tz
zqYb;msA+yWl(d6i=Pt@$BXmEgvD!%W%M4@X@W<^bM>j}pArZ)EK+(J`oygBF>@l#l
z0JSF^ZAjvPbDEgzq6owL`r1M=+@#}h<`9(s;AGpmN2Q1AI5v|k?=T%Mnzps`DUE6z
zrq?6Qd!%1_lKLtb&H+!gIdTjIqzx?lkQivWOxS<{>EBG%8Sj6V(i++P_%uA;`E(?u
zOm`opw&v+PCqAfAt7=%@5s`=wN+M1i1l777wcM@e#5{}%%aS_U`<?szW=e}}Do7Vs
z$I`R%;P=?3h3Y7VjI&IWk*Vwyoh=KXMM?6fq{|OzcOkk=57Q4NGJ-C~7~_0L0A*Vn
zW*-jQM9B_#omG>caFWOsC2iUVsE6~LQM5k|r@+_7W3VNBQ^3fE;)m2>{0a*~a*{$C
zTtYg_u98F1RQo;Qzg{D3|82ZDNbTr2ELlm|*Gy_=L|IdiHQ#<}NNx_*fhu%trH{L|
z=9|W|EoYZqK6LpdEY0uRCcfYF8O76%e<_OCbe1V$Q~vI9n||N#!Wqs0Bd{7ff3-+!
z%>NL+MqpkpZFweU(f%{pTgK@gbS{lS{-q^X@)ct~g*AjRa9a_hlZ~H{u|LU$uYB~S
zwXRQqY|f$D4jnpHpsE|(6$zmfjs8ItB~wfvZ;Kw1|5P8Mn<y2Dz6&G~=LyePX$qAP
z$b{k}4G~g=xgwC-+5<(tM1^5mOamtx__3YI7o&ysMw#=0A)6R>9zPu(6r+{unS{Yq
zx3#}7dLabZjdgSxmY`(hi?#m4jJh15$GH@r<z?C>sz*pRn`O8JOr1w8jt@EMYAJOZ
zT1{BXNln&iw0sP6k@gdBvYTh<xdePfcV6)^pOQ*&bFr}(YzM5Hp!ND0ne~r?s*2u=
zX<7f@Qh#`w&|ixSr<OH9)&BmhHF>DmNYcs|oq(ST6G3!~Cg)caL1wex^gpN^Oid_l
zDkKQvb2o+bti#gLu)j}H?}g<5P*qLE)>N{5q&qKG@Zv?HwC2x=&CQmC^5=vpskD*F
zUAC-yeQ1F0+i?1C=71_pz|`?EpHcpO4V2;*5vXuJ)g6e45`Ln`n~yN!q@*y`!&^~=
zzn347w6j@-v;46o;la4#4ib||Y3=IfpOP={p#h)a#L33!gww(Cq<%qn)HM)+xo^&M
z&3DtR{*L)#Xq&c~kf{XEFtd$8Q`rB~-%OWE6`ie1-n^Yv^#)Bk$l`@d=MI-2UHG96
z547Zq*C)otxc@aKjlg(=hYj~km`XdNRe5WmunxIbXfC8_eKNP6n$J|3<#4swyg6sf
zjSY*JO(#P%3NAz1&Wx^eQ**|vxz(|ENzP5xg^fby(Zk7N;lZquyd(Qoz0r+s>#+(u
zo~I+<56XJ+_4AG@(e2b;Bl*h7&GJB{DyYRyX4^gsA^bY}*qf3zbzir^;L^6Rw^!bP
zcR^ve9FakhvHLtkjg-jU+XNg~eYsdve(8S5J2aG#2+TJ+7gktAabITK&UFViHs^3M
zO(kgjFUf|gVCf!+5BvuOH>PD-?8_=3)N}-g>$?JRN3^;V;*}uio#*>Lg$H|&fquex
z5}`*{0c_UYoqRo6)RKBr?XO>nALxi-mxqEHw`aez3)XSM*mB~nr7+=LabOlO6$>+h
zlNea~sU%Z3p-@0p^spKperkHj9VS#u>WwQ>g`@C!7{dtE$aR~4$t5FHk*ImpepcU?
z6Allj>+}{)SUb)AfKp0pCXDR03W{4l&1KAIq*l6OYbTt@1REX8N^OOE)&5i9aG-!5
zyj_nvtpoeb#b#X2c~H3HSA1oF%VAH78qCZ<fm4a%KJ4}tPQk9qo`MF;WrYVbc*ak*
zd$t?wq|H_JZw#_g@ce8#`35G@7v)y*Jqge44ciGB=T7ZAp?6IDo;(YM)F2LWh}#4d
zs>lgd$NpvXcq(x|u@tl3SZrQhRkZR@C1o+T$J?kJnEszT(FEAznmG#0TA7CeYVIzp
z?Rz&$ji}!%*Y{TVHewjE;*A@8iu=Q!M{R6xf>B<o+Dka0ESwVd97}knete_pc<YEA
z5q=K-m9P_WV2?52Un}x5gaZ;C@K&wG-A2V=WC*DMqJ|S2f-5)>n&r*Xnsp>iCo3=X
z1W^bu{?18^iFD$$>3Oc|3D2uYFJNnE@6M$Yvr<IGYzIJnVr{MmD5ma`k{IN{$`vX?
z4cU4`r%&}Y&#IC_K8%VVs7X-OkSn8=LpUXqY|cT6tcOW|eH-7b>;w_KKKOLLG<&`B
z6W@dAJN4LP5@VAN*OiP9RyU8tO3<`98UD(vr}I~Q*8dp<fga+2^~@o1r&lEl`3LLp
zZ<xZ>G=nfA*fL7RD!3_<yI_boBW?g^qFq8^Yee5iWP+JL3^4*zZTJTI@po@2J&iX?
z*iv~WqC$qq?4LMKD>d;Ve#+jZf0tx_!!k~9uL#l<Rf9D>>v-WG6;TNL$M(}$H4A|Z
zhR4JL1W0kRb8v7Gv9kd@JdE$bQbbG~O!QpLNiCfau1TKr!0QYf8`u9n7<`(s8co{l
z(zkxAc2oO(^5Pl7oONR%oa{KM>??3G_-Z0|1RKnhJw@m3Z7@2&1hrJzCGRX_wBOHd
zVj0y%rHu@Eyt&O-Wf`WolOyphK|eZwCcUTk@OpE&8_$XL1)%C(Lm&hVj3)(*4`}Ct
zh7YrYjVSvPpJHsdG_BGLC!UQE*3w=swnKXFLkN*hpPQeI*eQ};^vj(F%&n-aH5Nkd
z&Ida2*7%llJsyVTLZX$OD~_%hU^)m5>!LJ!tM^ciydS(_Z`HRCMzmin6iyiW!b_cZ
z*WaKyI64EQ`j_-m!wHcl4P%XzDdGn}n%)3Yi+WtGYKpP6f2BzBhOH#kyiZ(UYw<=D
zqs8vrrRzGRTW$0h9NNlgHMWVORx_3DI@z`@6CV}YP<XCc;K#E>d7V!bO<FZ9Ly&G#
zhyu>@c^kI%Tpt<HhpZR{Q#Nd6)`07ka`Mjx01=i96*$A}<=iq^SC=<CMKI`>G^(A`
z9XLZhUZf4wGlh3Vq>~De;vJC*o>M(w0F&e=dy{qPEjY{EMs003+&2Nc0a1HEpf-F2
z$|PXCf>VTKZmX7KQVQ4mu7VP$8Y#<%_5JZUAN+~Hr-hlk<lo%hNDZDA0prA+Up9=s
z@`a#dq^L)aXYY{MTyQZ{Kf&P=WaZuqE^V;HpQHPN^9^WY<SzJ)|5<o{&ZSvteZdt}
zCf*0_on+k$K>*UMqUxqf3mk`vM)yVK!%`z}B=ZhttEubW_g|o~CiA8*YOne8p#9S;
zC@W&zo4T2Nn<XqOACWItOJVa1T8UsstX5cezZi`T9=o5eK`x{<HlszH=D|U3kDSG3
zzErH%gut2#jm<^M7&{z)(XU-ltX7QR@qrCs0HkV|7RY{QA$2zok&kCbZzDv057rK|
zj}8g{8|3$nnr<^WNTQ4F3BhA0)s?LY!8L4Bn~Tp>^6%H2Ocd`BBoJK$Y~bOtqBn9n
zPl&Eb;sU#CX;-u`j13v|r-fg$3!fk;ah*SPgokP2al@`-0E&F(Du?4g_$BlE103!F
z5$2>(*bp>+T?)3qCJcVyaC!p!!$?V8(y!kTM4*onB>)bR2)`}@kb0Deseqosh6Dk*
zx&&+i1BidcQeH00FBPE9Irv{)U_kQNP``mN!mq0DNIim!;<(<X4Ol^h&YwPU|Dih|
zVkHcy>oyx)qk8!ja1oxc;*ZqB(D5!LP}2j=4cj?GX>+lN20;lt28}&aHbdb%XJQKg
z9`FVF)5GNf(aI)9;|E3SPf~#SWqKHm?#>fX;*v`nPWt{IU)-HPfsco29T-}hCj*)%
zw_!X8)>l(0IKX3Z_P~pf2l8@@BWw22L6QQ%0E5c@{s7KTfNwm8+eb&MR}EGUKw&&K
zEj$FB#lqwV0u(x6X7U4i>d^{9be_P-Qnnn-4T#!QY$nFcSU@jq>dOrn*)OUQ2KwN`
z$^~HJ#uju47lY9m)g}MI%RM+mO=W9<O4v>e9mD<+*YE>?LrgOcI-qq-bE--d&{-yw
zsPcm#%-8Pf9Zctm+87ls68Z0lOn$)Fph4a`YO$S3!94?cE)st>YoSB{E>DW=Aruei
z2?(MDtKg1kTKpWKVU>u&f0D`Xh&rbHa{LCU6lIb?dUZhLR3>RF2;)Np=<tB|0}S1F
zLXfaX5|}@04d(<>!#{z*a9yGTFe&^JyFb)j43$cTP@tS+vO)G?THxFVXd}O@Cj_$$
zRh#$ykeE3lwi4fqwtq6sKhYZ@0b3MQqG0WTNhiAKok9of{2u9t^wguA$o`=H0}Rp^
zoE!G6{k@(4bCKgWFnq{+5eF#&7#|a6V4YWdPypQLCP7wt0jS#Lx7d!-Un+ia5&*$;
zJ1eiCP6#sUC`VEL3ZT6xfA1ssP8Dzms7b(!^{f8#Vs{s6G4u(+3mlc#l)kO%d_}TG
zK)fvCT}MVv0Cq&@Pnt6CGTj>*ebj(&=}$@kn1H<ltJ=K~Uv@PPc{T7s;k{CrC{~&M
zKwnA>^nM3{rNos3D9%#)PjNFrM|f`7v6_E9f6G$@G)MUP?w?L1(DJ}M3JZ0hvjZ9%
zt3*-e1kmLdUX7#RLkdecNPUCpmRI4*`GG`oF1wqR!nUvjK!Jjf(2NPp0h13Tp{j#a
z-KjFvkN*cW5)d~mU&&VD52S{=q9GI!XGUcJSVa9WV7mS-OQH+3Nx}X#8r#qVBBLw-
zqMU#TAC<@bA4sSR>V0%5_z}U3z{;qt*VxS><z7%61^^J|!4NiocU0yIg?F7k&*!{r
z@lC#Lh+oV(Mgs-C@tbo@pM@%*DF{gvGcrtzgnKZVD}gi&7zFd5RS_CL0VfmHEB~hy
z$p!VBH0;_K7df!J^#j!bPq6GS;Cx@}+bF<|Az#C`6fp9npkyTAsf?nAA4~#}P$S3_
zKv4(!!^u(r$cI*i?^@(l1^^N<9b?pDzw@~ILDK(ro+)PrU>At^oF{?nJw_V}xNo<s
zv802P5X|8K;O8Il^9XCV5(AM$u?2U3pmGn!P8Q=S2*DVUL(32JO?0b=f&tsBn&Af*
zeFXfxX#aQ7DKWs)QMttlRr=^Y;u{NO455%aGkyl(%?d=K0Nl9h=Y-%A$PU0XJD_g8
z^o2$8yNqO*7SQCm^q(x(F?u7JGh=h&rab$@i9mY~GPn40#1`hkhWN5Ku+C0G|E;qn
zRgA_i>i>3OMvwm-k$Hq#EPg`ph5f(c?!DU|>k97*{a6>-%|hc&&S?aGH@ZQATP1iX
z3Y6?z?-(hSsr(a>ll`wy037j$oXGo4GAffF?{wHWu!#e!T3S5+pNb~`hKqShf4_@)
z%K5LTd7p!B0Aa{%!?^Y#{x8mq390YP#n}n)&Ojtby3!`7-5v_41X9q@0nz*rpyi~X
zYLBP`yp*K%53oF$ZeXJaeySjVW$v-Hh+kcMHORufAZtF%GJZhhs<HcH3FWW#p@hrP
zXZ(>s>o6^5?&OTff4!trQNN{63i_69Vfy1(OUiTQL?B(op*I>k$7Gc_e*27XJ+Pt@
z^`kiI|K9(SzcTsN2*R)!R1Wc9bFu&a&||vY0p;AbnD5#tf^R$ctAurBfQd}6uKd(m
zOWe8RZTqNi%QkWyuY)Ju4)t@`=uZr`-M5Rg30G+ER9j*XClB1>i<98`ObnajiV(Lf
zWINDv<=e|Xzqj1>nh)>Gb1u`_BNZ=SA1S55*dz?7_q*BnmufzZ`-d5JL~E*`1c&0p
zhnx!y&aaQBc0o1w65gF!af^RtSIYN$*JdL?&34c0p^q54=e}m0>suW#m4_MA)40z7
zJxs@{n7GzpmK`%Vo_>S7dmZu4GUyrL(tIw27ZNh6o6vN5wK;usdvJec>hM@U!UH8;
z*4}~EGS>&38*nSoE>ADD`Qr0U7PZy5=D#k?gv&UW%k_Jvtv(Oe^LFCjrv9m9eqz+M
zYw6eb3K=gi*U#nSn<XV#mL18Kq>Pf&?&Ifwym~;lZmlP-CrY}Yeu^DaPqRv`SZFNr
zSkq*#ub6E+m{b{d^*Us|`*G?y<kHS|J97;(=h1bmjk;`&BkXm_Y}NH3I4!uxb+LIg
zdApV{s{W1Hg{V$8N7sRWXQ^&|aZS1s9G)~h(c=BNKx98cxMh)R6Fj6DqNmw_Y4zM#
zDws$S>x&New(Y}L-Id6N@a+To3o8ah9NqmnDTq03UvJA0SHsqiMKvQFfqCU&7dyuw
zq=gS#_7>|hwT!pnt<nL>Zco`TbJs4Nh(zw4=|X7cb3{u=VXr*Z_ZHN0QmM%T^Kw5v
z@%)lCI_LS7Nsl(N)H+au-{9K4jAZ}#M|hpDVVO#}RV)U|g|Z`U2903UvnG?f<XD&C
zSsdYV@h{lt!iwiF?CB-9+q~t=!uH{jpi_4pw<97HhKA{htinDvJ)PO4mX;|_XS70>
z^m{hbKT@0Sr3`bzY=Tx-K-LrAqdcj%`g@?XUn8(;t&~(8n8<Fn(q;%9H!F*FuKpt9
z@v^sCbYiNaBiMb8(2K82fAkT5rJzN%XGIv)4SQ@bx_>O!+meZ@)$S>E;pPK6eLm0B
zC)Zu_rEyO!G}L6?@@E?0BkVU?Eo6wdO>2C%;}K{joI70*lXwL`=43NZ4+!TpST*>X
zagVY*^cX}YgIXVUw1tl9>@dx026KjM^wVw)ALnwOwX9_Wq`GHAJg<l~eRVuXGMu_#
ztBuD^)c6cl(6oC>_;wS*54s20G!Eey9Pq6WdLi|i6eNa*j-3~}!sj~?e~L@q@VUSb
z-XnVG-Svl9bz4Qf%Gc6um~w_S(Rxs;Jqx@QGBlqUB^t;-jdnE(_kw*bskajF`6^#G
z-Av4rG*tfTPDfdA_1(<#ETjMVW~tixOIwM{>F)u=bq?Vl_=hLWCSfa}XV+FLk`+yC
zS%WS~t1WCx?I6fPhoR2-pIfw>KKS^%2u`LsNm^HH*8&z?jY|xOva7RSOtfkCB3*{+
z=2B1;)JnLDM=b>lemE8xrSngldtwac=R1C9J|`jo)sfGj7WFm+8n?a-RHPyiRcpZ^
z(8~x&4AZManBu&6Xj~hBAc&^-(Jtn!=FT*o)aKxc8@fmnhh4UUU(3FnD8E70cpaKo
z->rk0%gOop)naQp8Er*$(1I5ei?<L?tUb7rN;dK>LCmO}JAX){qDhgN7+;e)YM;Dz
zI*))nI~(CUG2u7;c0;^>=$PTL`MD)iH>68v(4(N^YevUVg0{p2$alP7MIW=3{7fy%
zXvs&6t(A5wnc(t1a0Ud=G*SgGwA|YQ@%r|g@wyIslY1c$L!R5v!^OFJ46(R4PLEq?
zer5u`NBTnP>!r|;TB#b3Y@#jO6OQ3qK7}F=-p~EKr}+$Vn`Kj+gzCcM2QS^{c2D|=
z-~%IDCxgY{QtXR;&}aaG+AOVV`SrrRLu|YLwxxl)9fc5CRKe^E#;dD$Q%WG3hwOIJ
z?Ku37^I=?&y7c90d<u|~taiiB1X<DTZ${9q+Gyg5=n4ZYx8gE)<SKoa6w6@R&x^!H
zIFrA(x~U^?LF)OxWXJlys%ljGdx6gK=On2*iTU_~B3_V~Ky8ITXJ_d*zs4M(4+KTI
z4p~_gd|fG6{iS)_q9Ei560LF4^}d5x8}1UXc)dX{qR>oaJN=;@0SUnrY*5CNA1=3h
zY0)J36*|pInu>z(%E&GM=SVPqRq@H)T91pG8=gy{?GU6#5>Z;^qzOl%2BXtLzo$J7
zJeQO5!0|QPGe{=LHyeFKMSF69z|mo5c6EG^3&_N@bUC!Je+CKS5DBP0l_hNL)-jkh
z@>(%gBdw2vULEqXvjNdIIc+hxHNP@;D{^cJNj&f7oidxb;jv)bcHdO2KOLZnFv!s%
zP-ZQ8ScUtnX!3wutyqn0y!;oR5~k+^z3vkwl2DoxL9sQXR?Az=GK;v8_NQQJ?Da~<
zrJ~mRS7#*iE{;CioCB*~8G2?sUT%vd4Ru({BW`D;^kcj?al&L2+x;$fXABkhK6W<c
z>nH^_r*>y{8G013C7CCzK1M%Isi;piei#3Wa^M`B%LK(>FRG8bF=&_d_ATj^Ntwwc
z%SV=<f?igh`i>r!ldzs9GefOIJ{l0RcXIJsHv`djZY@^Hum0Gbe=9lW5@W3zPE&AZ
zF>nJs9{z%mkrny)r9Db6WV}-2YO|%0U3?9U>)f#SEY}j-uuJqt!uu?e^oGNCxgzyO
z!~5?3!nYTlikp6(xW!?(bHlBaJqarHXmd1a0$H|(9PB?kk{Zk<5-cTE&eL&RVG#e-
za}C#>v6er*5x=`r=JJY47V=s^%+ny`LoQ6nz|AaMOUTM<vW?YAa2q$U%dg)noq}sb
zXefLwK2=_^y{Nmc-@m$>KsFmFjbIa1v#{q*8hdrgFRb9wxhxbt_(oZ}CCg7g3!DeB
z0~N|zwG?=3qK}_;D9^b}n(}8spFY&IjNC+q$0lsLdvIoL`!13`Ji}bv+oXAIUb~)V
zE#>aSsr7{u5JXkj`R>|bOE1f;(w@OH=pVs(F}keI1XxUZp(Qu8IM-g>+&8}*kD2^v
zU#(Bq_FZVo-x^*w8>r;rp;&8EU0AY}1f@c``X;S9t4S4c#v(cl6tq1Vm^AVVaeNsn
zjH^&f6Fhbvu@pIYhS*y@a<uBJmo;`d3@LxQi`I4ZS}twhKj!Vx?bp}-D-)8ie>3j#
z_gLl7R`2EubEaCBPJV6$hvwOBtDH=exf1MRVGrsEtr8lp)yds;w$-L`c<are2WXWq
zDlyBgxX|xp_+ke(PTEUIOkjCAaAS90*m!s0bxM-i=do}z6yc$XIyw+>EpqOZseZ47
z6=^zlYC4<74*Ad_h$f?QHKEqtr2t7S#mYLrFVN}mL{H80Xn8up=~Q_+&OvQ=-^^-c
zPASso@MQgPBEjwSv5vO0?p4uf9i)`@_iLYVIL&BQLmJ1je;IFGVQr$Low#X~jgsj?
zqDH6sfW;|FA6?qpL}nb$KsjFAkSC0ptG<5uqmC5@O<wIf{L<6F`ro@WJKuSeE$D~!
z1;xe9eyB_`F8V=QXC?hqZ?w;Srz=N$bYKOfGtMcot&lZi2KVgyhy~eLwjemcx=U<t
zFCQPiLq6Zuu_l|UKatPt1<zxc10*){GZs!?T=5n-=ADJF9Ll`5j_F5z7{ckMHo_tB
z+$>iR)ulg~6W%SE6x@~HR3?mTvNsq!SP%G~E^pz@XQa#|9n6u0ztk_Y+l}cNMql?Y
zIl_C;u&bX1b8eT1M~AQOGJxD@RhR!RQ#p@3gjKF+u2(?VIIU<L1ZywrWry-xWiRV|
zqjO%KChg}>Z8V<<*92LiT#_VKeC`})Yy84F*ATn7qOr70-V)_MlcCrPY&}aW<7Rq=
zce}tJ%gga6M<h?!%X+Woq+t2TW2tAe5i5;vS1<FOz7LlnA=7dpji9&f?OwS;LS5&S
zkFo16ZygArRHlaZ5Q8Q)h9?EW{yF3~86%z!2x3ZmxCRlO(~niok9WaZT=y;bq}n{0
zGT4K8&MY9~z(>wic;sx_=*yEz^@8@_w%TXs2+IW2)34H7=?M7i4WpUz*3W1-iOoYZ
zu%}F}Y52@S({oN{pU^CEo?mNdWMInh(+AE#V1k`SP5-5-A=&vaO^tTa$6W~KFKqOj
zY^=<T0Bt)fCp{xOkg<lD2skWD&&0_JoUkQg2QJwGUiTzHXfTZbSlhYhAq0|McLBoo
zwm)F_AZDijPY{+ZS>vTohoP^2b6=@Ac+ZE1TJbGjE_r~gogh!+55v-j;}`xIk~Fc~
z?$3APHTT^#H)GChX)aZ^im_t9vXEn6uSMa`1B9J;L0sNn{p>Lh^l+G3C89w&$H#&^
zoBk?D(cQ4y?KhhTd02`d|0&3KE=jhg?Mk_jEabPZzwdP>dcZi(qZFyh%McE1@Q9-?
z_viJH2nqB2wi(`dc+qk`sywEciyH|{ptBx4KL<c&vth#V*J(*LS?9=0l87E{>|VYO
zZ*IH2Jsfww-mzr2g7{vZkp#Y`kF5TID^7=q4VWL2D%_46SVIGqd&&u9Iq&1odl_aw
z|GvFQcDm1?hr+s8Sc`*qZ*goTf;btwdxVzleO-KFZt~kdyb*lecYoX7oc5XGv#PoC
z$ewu4@xF~ZB={^@<u`TjJT96pP>>xdTABd0Pa%<V`bC6>Bhwg(J(Krl?QnZ?FZj!Z
z&(*?qo%wJ-j{!fZaA~#cP}r>j_o3PEOL}|@4;7t%=vp;j#1afVe(Tw047$TrH|n2W
zDkFJvy64L*(A%^e$U?J#(EL@bMVzBN0=4km^r`OhnF}=Kbe(>_>x{h1wRfJ})(7K}
zG>~?Xf93WRxX=C;c$|lKDcyjQ|4Vp+fOnzk$6j9VYG@A#nKBgpD|$}N(smu$$DlED
zm2agK=qM`9(cM(Kq2H1;40l8trZ}yQrhEvD#ve06?s&tfyS34@Ofn`vc-W$?g_tB&
zeqr~~sBV+|nb!ioKa$#JFgxVlJnD(w$h|+#%x4vc__#_kB`vI($lTwaqE2!cdYS`<
z5Hzw=S{GXgGL|LX+ZOylojmeIQ#ylJE<MKdQC*wfO_gC>nXyzC2WyX-14y~r-+xPM
zMM+#a4JA5_S5fTlsV8&P7R%EpZftcw=p1@EKOJhxXAz}zsX`S05xbA3?nX90T_Ki#
zxH+|LufOgiI2|NJc#!%dQ(Pp6#P3Qj9W9|;N4+a^5Lt1~^}z^RY95{{OR6xWO?7cf
zi@sy~?(T5y_;dy<6rtouK1VmMCq=>?h2;**v^2dKON#PT)czqg6X_p94Q;`SMU^u>
z<e^_5U^6AbazrU>V7^4_AyLQt@Pqr%x5)sRB!tuICsw59QWp(13{D-SWO4Gy7{DXQ
zyU6Vp1o9G!W*=8%@<aibmKW6v%G`fZ<{Y)5baD0sEBqzBtAMY==xCnLFgCi8kd?&M
z<}l90E@3nDoE}zHIh=B(v@Na`;C6QqbnQSjFvR|8@+$6>p_6qvi<+y4yk3$tzIIXX
z!&81*5#&w;_c|2`3S8w%1mEjp$T^?SlffC;6zDcS;r===z0wJmWi(||k2`SdO3B^V
zG^Iy8Siw3oDBbwEX^cJbJn@sVJ;j%1giDjxiGGUagL3<J{@-FaJNpJ9=ILasg}*Tx
z@eF}zq7f3#%xzw~kNzG6)H{J9RyqE;C}Y@GbRGnuist!sPI#|E_T+iD@a}=0abj8q
z@gP0HpGO_6citQJg^*BA8vCa9cJg}~aH3*VZNVRx4y-1wBeI|in=xWbVSz^ee{ymA
zxmc&&`0U-c_f3%OR#+mW71OThGtJnQd`c{G{J<{KZh2!-RcWVopIYvCX$7M*zxeR4
zA32!fu=Mf(1(csfCK-<Wr8rvv<>vs96=r*iP10o_c5aBzpi@?wpeo*1<ohTB^95W-
zGnSY;bAGNOj|8UsGjH!*8JWqVDV5k8=CzUVfbgr~zHi-edmz6>O?2e8R*hY%!JisE
zucj)EGE;WEx6A5(gD2?9E8!8deYcC3dzk(P%QsTFerNZ}Zg;j~p%j-)$h*e^g%w$)
z%5qQ8z7=bzm-B>~VA@qtIw)y``ygg&Ff&^b(pgmQ2x*;$`G;KhIjFYK$9HMDuNBhF
zmd{e`JHfdX5*f!#8I%#Uso{Jv$%?u79YZ>n;B?4g9TeK5uH#3GP+vXRzNUmo`k|IU
z_`4pheF}}%)C{Hz=O1Y;1x%SzP)mqrW^~F%6@_{Jq^S*9(4&Tz|Hn|P1+RN{kL^NL
zp%qW3vXyL2X_Lg6W3a<BTkhrlzOuJ!<z|=97e{yTv%y#VW`cCe7P}hZjZ}!sR<T7Z
z38ob$R)!DUYpKGhtKc#I!zxSHOIW-n=k?x8RA7-Zw359NXFtAEQ<=rfgN8JVIbVV{
zQZI&}c!e^Gb2Iue;?13bCDOGK90r0jLnpXi!H_NXxIh_W#6b(Zv-DSe!oC?<FxW^6
zfcnl&+jT>?z}t|s-6gsFIMEf6ko39fYBh!l#b&5kS^nDMN;raCQ9SJ|OjWB?;Bsr!
zs)(O;19!r2QYg_{*Taz!6vt8ImdNaDLNq2#FJmC^G0mmSC-tT4)*}K1)&G*M&R<tM
zF{mr`fo-5&qhnFM$GDJBIxI4+L{O=En$#q`4v%ZPuoZ(Xmiy@!I#TW$$?lXbGAWG@
z$8!bQ-oAosdemPe*jKibg|>@=nF4Y}26c&WLZ@i==dM^~j&6!8keI~1CiYEtH|61<
zWkji9-eTx;8NJm;%tRMn+bIS_WoYd4ohHjp)lOI4)*C4)a{v3e&LQnJ)y}&ZIo(CH
ziH=Z@k?G6Cu=Nv|dR6dAr6Ug(kFWUjUeqxxD#+KbT|*#KRi{FRW}m=Q>L2Y%NA`2&
z(vL6K!3RX+z5QuZAPHLhnv-QE^12xWj`?7m#4Ghcg`Y}c2HiB+Ztye=tYJgc*&la;
zb-L+c3b$PY-MS;v3P!;j%VFDO?6yq<9d$c~%3Qg)R@_dnQFRq%4;WW$gF8#(;A1VJ
zhnVbC58YfGq4TPOQD2uyx6V&?N_sEP_cxAs!>^@U(*Y)RP;PrJ^Y&^+nnG*`_hGP3
z*TalvKOd~aTAHUfwXg^?QU0?@$<<L`L+B+XZTmNotuk}d3ysN<jkcBBC`o>8!R_W}
zR##P4FNB`B@&`tS)b`w-X#?(>bw)*hD%Kvz@*5^fhSbl=SfdCl)Vje@V7NAI=B8zB
zBV7r0s@WVUAe$kNRdxepjpc7%q}tZ8o2?BpuM>Xj5)f-;HbN4a0+MnLUeAP%JREn4
zCLi560k)j1)P+TuLa#Y22_``~-!|47sh1eegVeGsA)0fOTSt?^<}-A4^JP9$Nle8i
z#c~+K2Z!yc?22(wiOIUKgKC%HDQF3a>TF@~@UEadkdW)*FZFus8x!^<t?%=xSDy7U
zoI^F2;9bje-<OO%{%mcH4Ce2P3WBh%V_~(IljM1jey-EQ9S_#ETi{nWYX41DOCV)H
zHqxx}wTs8!4~*=DpE(JWV3I+W;z=3YoeFl}JLe5!j%kI!(i|Vy!Cy2?ba_6VgBo=a
zBD0dX1MM|A@u)i{cte8Y>_2@a=r~5wXq;A&uIB7P2pLeAK@GY`vO6Cii9!m(S3xUK
zau{1%^Qvxhoy}*(7OAAV$YyE0C%$t&8aC_;DpNtU%8!V%k)Oa~Tbowb$tt8Nv7-jb
zxZ*4}N5mN_P;T!8y^5_VMw`SB;f`yLS+zURfCSM6nkU`IbMe;A_wB;;{+wNwVB9*>
z(g>U>FpR@qUJDlcdwT}eTugsLS_<tO5gW?0$vr$eih5FZR)q}mZToWV`aLexcTeM&
z>aiv9m6eC2BH!0t_Cpo|Jdd$^$Ci06ND*|)n+*5GkNruTbGrn3nfg$Qw&iBTl~^ZI
zzd@@=Cp@|35Ht~j!>M?=oBa|r@nWlXnr(bwtHM!Xot@GqQ&mypiYW?WhjrPpSot_e
zY$EvR2%gDyqJPCi3?nX#@eMd5RxK4&0&&ykw|6v!>&tFASLRzAND9=mEq1UJ?<;2b
zR2g3-<6K$@MMLnvvnUH{#rN(h$&Dv&<%4F-asQqvj?dN}wB^6SmK&62J5?YTK*VB^
z`HWWhqNRPtY~&EiX?ONDR$ehPrHP&w`6_G3NK!HQ&>Z{C(Bd=+?G<UyV+j);H)wJ0
z@jGhFdfr7E*IQ!5jlE+M23rMIcD}WH$@A7}1%chZ>uJLD9Q%$PaVg)LAjb7C5nj;N
zXbZU=?Vb#3X_45Uc+FppJY!J#(x6^Wx6i-S4&}5iSibgF;^2e26Y$eD{szxs99<>K
zE{=g22tvmX++w{JhIe%GLuOBRhBkPH90pS0gfU<SBBds}J#*Tgx&6^*{NoMHcbGmd
z7TEY|+C^R1bjR`8U1;c)@ApyBm1Q)$l{PjiWIw2aKyIuto=s^dacnRb^63npPIcd#
z**F94aRG&ijPQD_O%{A%DNu_44F;u9!1TX&q5VC8T*w+4LK=)CDVr1=`yclZJTnL9
zf2puIxc+evfpc&sf!TvICh_b-z~M6edm&<H2VRpHIq6v#xfmJQi8vTp=mGX2{auL6
zB<sWXTvm_(V-fux1Oh%IJsS%bCm_zs!3c;ma<Os|F|lw02|?KbcB1N62<;@1c?ec;
z&VOfGD3hGuAW%S~Qo>9Koj|@T4fP~enK=IwA~fU1KM*LFzj_gosng#0lkZ&gMgkVv
zZt^8k_4vXFA}Gw$C=g0S9Ir}|8(lsHcB@`<@~~b{xgU%BqesR1NDvq2U@{bep^&7+
zQreS%U$%1GZ}91~GX(j6_z@-+!NizYru}t7ZOLZk1_}c7FxsevI{{l?81bEl?3_5I
zOK8!Qi5c(Y&^&sUpcLO9lkppfDjiJkFIcH+VELB=(6voQ306P7QQXov?X+9|Z+TWF
zp#lVja?<Nc)yvEV8-SpN<rn-W>vmdqf`Cn=dx%mLD&=0_#%FL0e^}ot1kC9B>)i};
z{<76+whtwiOgK_+U(&ehk=4!6ShMQb7f&oqTo1Tg2lmEIW>}&<qjZqJ@J$&h-sc-d
z;ItlAJ?}5p5@MdYK8Ue=5~`5$yhj#8tq02{^Rm8!3y?&O=;VOxH=cy+wYG-ZJf`IM
zs!iseyo%h}U&Zy$5r8CS)w2-lK=EA>%sxr=6#^;ATNFsZ$_fNc{jbxHv*{YqcwDYQ
z>(^>C*B`?6Iz9-2)v{VgXDv<qGC+Qjmz02jm}O^uee>fN?e7_s&eWWM_9Tl}{?qii
zt&Nv=|Ek}R5CO!m{z}y?`!5*kF=_ffF2#}cC4~-&aIcsD^7`-2b-a}`*Vh@wAdsSU
zG4f*KAI)vv$Tc}8ce|_J_0IQfWcS5B{A&CrMvi}w=eRjUw3I?ed-&=)L2t{4Azye>
zLOTDRAL8Qcv@E^tb=?a`%zd3<ZDzcG8m5{l?hj|sI(Ayexu1JQ*SQ|=?CtYf@4_{*
zVH|C(EHtkkWP*c_7NO&drrT1E1J$ak8`Jt%npl4?q{`P0!Tczv)SXZbm1%nXz**Nd
zeUe*i1kVe^LK%E7Y);+^#{4W7ekq~8Vd3!27-&MSjMb0nu35v<11=|pxZz-|a8b9E
z-e0SCQ3s6{2$eavv+8~apE(yhvXFzrm#WzRP!tutR&aSzYZ)0z3>*F%G?4xmo3LKG
zzacmqN{q>&f*Q@co_O!_MJu2dvp}B0-KzA~C_+7;bqty(_`?nx+fxY;cclY)+XMXT
z;7?xGr(>6+M$vSvgTiZofA(Zv!rZNs1-ytt!FA<P2x81_+E&fdpsgTwH#2FM4XnoG
z=))g7aKvlJe>@Z2)A9p#Z`<DRQKGE`4P<mlb*(0s{zAaD=lHAzJf|3_3i^0f5Cdhk
z;MYop`$d}Mtl$XBZsAAkVt<abJ;!q_q%O(Xo-vfm1QZ21Cvc*xaU-%zs%Lepgd{q!
z^+HG$h!dNz1`7^sg_^{q`0PegLU$4C&`7cjj_}zH<*ZEF9t(sY2F{Se3a_fNqkurc
zr)jdq2(}K6K(60IMin=s$VUjJD>)3Oqqy@u=dxJS#J@Fg0k-XzMIs2@gUE6Y#R#Y|
z7V+n`H?)Ls1c1S(=Ie)V9)u*v6eK`W5uOrgX6)99j)}h9l4m=1!ra-EXXC@p1;+Ko
zdcS_42T=e$5GOG9!=o~@(ZXKY7o|peD^oOucg!*A;+2?^D)K=?^!7ngVNn#}7-K?t
za4I7*)2OCw&`+sD>B_UE#W;dND@W!rh#2^nEJnn`xBaqYOsEA^S!7iGj-`xPFyzl`
zo^EYH#>y@@Ykj%)F3|9sY_K=mGO;X&8ick|F5cV)UjmI7L?$iIhD`|rv>H{-)Aj>X
zsl}jDqd0L!oIrOMoJ|)Tg2I+(;|yk_k;bDCZ~g#L0zF_1*ph^y0|{tCw2$ub%QD6d
z0T?^m{>z1bi6D{cPnZ(u?+?IaC20(TBNX94D&_+I5&ciivFD<}Tu{PSUd0M&`+3q`
zqc(SCMAr*{UI8)~c|HIZYZ@pI_vsQ=`xxf#)h;2N?Y>;g3rEZyL476zabOgqE7u6D
z9jrK1D36QV(0sjbU;A?{A;;jZh_bpM0nMAzVy>8Uc}x0R*!_7IR1CpcgFXT`6wH9{
zvMADb`IR(BfZ_q?r1M7C7ns$)lu$P1E!j&ZQAjo5_#xro&kMB8iOk{LR$#-lVFG6;
zN;R5<ztSI%lDNy^11cN%Bw}D_T&|#j!9JqpX>UNO7>Pg&5)c4|sY1?WQK}i~r}tTs
zV=o<qP`N%~5DA6G*7uKxXZ&SJ%RwW_N&r$ZYKBtCAs+7`GZrBL8kC2kMvBey`k~Zo
zt9y_PM2GRp*C#^!t5lbI$FpC;pK{V&IkG-pBowf>EWhNvYp{2Fabq0cClBTc1u#d`
zM>F1hVFnm2y8Dwn8>S>GIZi`Bay+#pE0_xDt89#zz^u0+=n@`Hd9*ND#D?RSWf?f>
zAnAL-@GfJ70enq-FO(H>z@(CifC;KH`3*@$7(o2XvZG2j;p5r=Mb%qI)zLI<qroM(
zyM*BG4uRnAZo%E%HZH+~ySoK<cP9|sgF|rlGvxlxyVmn(58Zo8rt0b%c6E0(R)Ke9
zvR@gP1LHg07ryUkvR~%>+);N>71;GPYXBe7{zM0`<4x`gct5TBS&_mPyi4x48-N|(
ze3BTyGLZkqr+>n_Y@j?KRp{$u03!MWOn@jr^dI254@JT$axDE=zdtfOHJ8q@zQgRV
zcO=y>;C8NmI1OZq|JQQoNCupQH|zu$jhzHrBs`>&nu0vykwNkfW0MpxuNLfQzg|dH
zt3s0Z#->W12nbz)-M~cjT|zev)g_?4Di(Q~Us-V2DI73TNI&fY`k*T@0B{ZtB7g(@
zW-tgmrO2EXrtEJwvNCAXA0#nhW&WvvSy5HL7G;*4)$%coC?=SHD#LQ5&lBl;bp=OJ
zixsawk%O2nm$7epx1)#(;ujSmB2-l?5R`;sUU-RCiNpgAf&m%;B47!t=;)ApcnMzJ
z36zJ3O4O2Eo(Q@kyJ_3^M_ZA(VVR0|fudj03V>0wOn1~~JzT8ThDn}=v)n<tL-B3^
zW!!&+rF8!Y*?RvGc7srMP!-uZqBQ^MwloEI8CHS^y4nHEn`b$$j6t3jR>mwZ3P23Y
zr{SHlAxr_V9h_5JA0;(lnNJDSQfvwg6a(*#lprc8Hk8xfwyUV`bfR+k016{e|Anb=
z6||eRu(Afj`cKFzQLw!44~U0~^zM{T8KU7KbIb$(1**s;S`fg?5LyE;GHV+a0N%<q
z>d(Vuxt2kUVQ8|#bFlhYJ8=pP!+F@`X+dQ*=}w}ngu!J4-xDHM@)a61;v9i6fk}<c
zDUoa0PXT)=QG!<^nI{sjz;37v<?&f1ire|U)nNP{2++!s5P)d<Rd^1k8BjW?jM<*?
z2-Nmdkiz;O(4h4I801=xXi~l_Fw!6u2*hrf?)UL4W&-K)^ADxiZs7k#ugEg^OFs@K
zp-~{FB=P-=CPL1DY0=6;#>D=+=*5Z)&)IVWZ~-nYVUM=Lb4tc{j6mEW?^jMRmmp*w
z(F8U)lqDHf{?qx{;lE4xyQQ9~|7o5O>*x|eaccSx=h6pRRKGr}(3|{g<+D;svB9b4
z*8!e*zf=Gokp5Xk_3KMwiZSC+8=R_iAq9YQyq^EqPZ~pc<cOpckVvuNs&2~wy0VlF
zf^L7qUK-Se!T~`To&o?NW5GvYs2@e^a(*+Nqi-wGYHQJ0tBWZ6mLwWpw5E_n4~F4(
zl4qG}EgdT^Hdk8*Af2TwgiQ3e8*ABM4CaoIT7V=Rpt>TvFEBD9%Py1wtL9st3|cGZ
zed9LzFZL~w?E=Ga>~mQjsB`R_OzdUN$j!vf3Is$cKeEC;4D<oz#1!s06pDo<?`+bH
z4v~EG!|pk-(L_!#lVOT!e8SW)UHXYwAXBSnt@s8m6!~dLA{3iZVq=-y{nO3)Ve%|;
z*V|av^HA68__Tlz@5>Fabn1}V+dC3{+Q3JZ<N2gYcPcJLOuTm=v=w)i-v#R5{}pE*
zB7V8@6#h#1(*G;YLC|z{YWf&79ydrTJjncW>ty31n>c?<p-r0XXFN-fSK|RQ2k}up
zzB}iw7uWp3`l(w<AKC6n9KN_$dn4qZ5Zc7%4&1KOV_tjq>t!Dg7~i37+(!!g#E=(n
zkD)SrF=y{ahgA_lkUp{C;+yyV^*-}Zli|`XHHYgXz1K|vf7JHd^V!>NarSG=_Wd%G
zV09R>YcwXm6Fi3?eI|HM^4tDxodq)0c-K&I$dL4k^;?S-V}ws<hL>%Vv|vl!N9m{K
z`IY1j(4HO9NldofiCk5hDf@LJ|LyPV2J)D4y3WtO!)qc$pm=>$+`lU?VyDLgWL;w2
z`t9%=w_yZ%_4T36;x0som%J7AQF}JMC%PF@elLHdJ2%Efmh;!9jIUZmeE`3VFWOu)
z)|j)RW340`*7y!(-f>Mb>pb%Io1DCr4v6Jjofbc+CBL;@1r=}ejqkraACplnaY5aF
zYv^SAcy*8kVj$A2bN9p?p(1<GEBGn;x%9fS{u#cYLf|HBaat>B`{80Pl68Xv|G037
z8-<Y(E+(Xo%?7RkGNZ<3c1C4^$g~<!FvR5kWW8TWO}$ZG*H`=4c(@j>kEAOq>KkHi
z+AJIv&Tso)!S-)qPkel}=Qo*T^7&_xPZwK+;^XJTp#5JG>Nf3HnUA+|kI&I@0*F($
z(HCL9!{}hCSIUUY&M^2m6T_hn-a5Fq7#q<<zou~b`|cyVt{9Nl{XP7HnE!-0VGl~+
zR6%d8*!y;?PO(*!EJxieJ8@e}D78-2y;`W}%Le!5sZ=Y>J~$oSdlvq3EX<R&=pvlj
zz-Z2N0`1)o?D3pgoe3{aI<4Or+}cf`_2v!gpWXjHURqvgxjN(l@s(V?SbvL}tGL~t
zTu?2SF=GX^Hc{h}n%<jTIEtVyvO&{zzrNWv`gtOG_`8aPN%2>*GilC4y}-%0^w8AX
z*h<~SftS6bv__&GCq(6BgC#~r3A6A@Nd7=7(6TH08c=e&sp3Q(cg5vXldo-VM&D9Y
zd8kJE{1U?n2h9C-_=-pNx|gy~CV1-ZYVPU98+&L*jK{P0qsv@n_(&S@hEUf-`)7uI
zBMlCXMcW1e!rH{M;xD%*G80t-_2OfW^vo-v`f|S(NANGFr<(+)I60S4s+YB`93ot-
zK~3mu^^H$sW-C{vc6P{OO;)<cEp4uOHpz7r{6Dw{&=@M)KwifWOj#W-9-U5c6Njo^
zVG~OOp2rtuE*I6AUUnNpSKiheVjFkO;zz#iQ&$mMoy1f1AWHd4=(O#xsg4$~*;Z|g
zoy!9<?DUCC$NIOK{kt}dCl?H7rXQ2HLA6gzr8;&z956|dt`8V{LzBq|w+I(~z{wJK
zg0J^OwqtS0*;#q&etUPelt{ze*Pyyg1-@yAiN;geA*lV2FeOk+cBk`7z@d*DJWC#}
zi6e<^NZK`|Q(alrD-gHTiP6<CJnogMb!4|Ugo!-6<F$)Ct&}Nt>qQ{FPpy;7AX>Dz
zsEMz|et|+88E;x}da?u6>)wr_%V_(H5WCepKFJk`ZUY~!Tb*vt^}ks>b~pQY*uJDq
zcCO&uDd^9_CfU`l*sriR?5wb&lbZdBWw^WlJ9OgP?%1xAQmz6K!@v6K=;Cnr6yd|3
zRe$BZ7~0l&)z+|#y~k~}!E)th0eai&8cykmISDtwY3_jO?++DxnF?mz(70S2)LE%S
z5+Hx<Ob_1x+Y(FHZd|swfA%FjTlHS6%`>do3kb;<II(>h%XHIzx_V}bymj8I>1fbH
z!y&M43Y<$<TR9!EtK6T><!^#n*>*jxBy5t29@CsBT9GA~)6;T$yPXGCvGIBF?sGV+
z%&K~MfhpFf-z*z#v_7~A5H2@e@DZ=v{c_`Xjcdg}Q|)_VJrQ3qf@Z)v2G!x&%Gy**
zw1{ken6^T+<2KV-bTjEmu0J|S^ZoKehiSnpLpDFVYS=FJOXzP@?Pd1oEL*!rU)ABY
zdSBgw<D~N}7EChLL)R7abx_S*yEXjd*k|pF_6?p5MqyC4-2rFkqPr-~35VHK{WvGS
zO97gutjv<CmlgemVFzRRS1WOv(A#Jgq>~l2Gq2UdoV#kuL|;DsQW1R0A&Qg5^(^-=
z*E&6~zuLS?-1Tk+j^-QU8#jxhN4D+iN{3VR#4jgy2zlf(R?g(5*C6~rwSHLr)}Yl+
zFQ9(A_>W;VE{|5J)#QO+`aW78KdkK6qXWg!DhIwZy1^P$Nq6v=R18d22e-JtE}VXv
zXj`lzI`M?gnMjI>sp6+Jg!hp5f<b$k#4hb}!8SP4O|aR}zp|a(9Y5Yw7lclJZj5Nr
zjpbCxup6qaz4C8ZUIB3kN3pK&6(4$MXqI;bk}Pm-8`y!0)*#@$=GOJZH%|;RSD;RL
zE7>2$j?Px3wH@ae_D`2rlnH-Lnk{)5KmA^x=4v{9JptAjyWifLEjzVg-j;QAL>KJ6
z57Fs&SKgdFxdVeC`PUu)X<RGuSz-f{*>d#jt>)O=G7*SFldQ42Lwo+nWQqQ5>M7qR
zxNDo|5miz5t*PSXu{^7&!-#dKb~bD(hQr6Z{-mS$7prqj-jZwPR%-}X-KAC%P9bJ>
z$6L;ZO7(u1lq|>00qxVv3-~wET=wAB<rt#d+0&36*O^ws%j0q^{Jw?qgfWCimOTYM
z{n?)o)Y>4YcCtcRdb?65!7R>sh*qEbUD3(o)4Q)}SJ4Xd*iv1nN%><RI7{e;2#?;<
zu|v~lt=cv8t=EWFg4FE~_mVq1{qP$)UIPWO85`wCgbW#=RxD#qG9d?3pFY;>D1B_x
zNv|0ruO1_^OkK1kZlJGq+j;V0uY|am_|%@3)C9@Z*BDB>yi(o7ttrr$Tp47zva+zq
zf^EuNZ^m*4ZLG=N$RK2qNTwE`yXgNxhqrlhRsIbo+F_&Tzx1lq8<1W_VgiHySKS@R
zt}z>ek$z<1V*4+>%EkUKy$baEp@T6dXTCtRC69waBK%kGJ?s^tFS!&2X#QJf!om7K
zdALj^S>R-Pgw8wlYdSjVv?2>3*I2mPl^v-6OOX=GJh}c$ksgZw*ptj|-}z-M%&{vG
z>+}ob<*3hwFaUnp9MvpzPcO}ukk&jdXCxVx*=%%x)`X<D+te63e7wZ>ZjWfSxcshx
zi7F3ddLu&Wry!|m3Hd<N7M0$KlC$C6)&Lfz;3Ww;Lu!Id9ho#rF&1~e86yrVc~y9U
zZOI{h9Gk#BpCkTx6j9<J{MxiQsM5hyD`T^ObtSX$l^RESJZ)e&%(y%o)PQ|vvcf~!
zzz5N~n4#v)+6=xr80N-RnA1%vD$EG0g98D2?4i-%Tc1jHQ+xjDD!&kxAUmS+gjc!0
zDv-dJ9y`$Aa56!xzBgoB=Vf@IB-S=;o;-cxj+W0)d8Z+;SJILm<>{Tq|MYFkHWU;q
z1Y3%9@|QTeVhK+~teNuZV^4`Xd>49vQH=@@_brJhyX;ytHWZQP9mIjdPephWTVtnW
zQzi%`a4yc|Z_p6x?|IVq5^+G*R2?|njFb6)eKVJ#SpK;QHF#rReY~#6MzWAb5(PZm
z2JLz8r-ATrpp#L0w{0)a8}Vgnv6&dF*BuuJ+~+$Mx8gZ7t+}IoCn@%|^r`R-c~+3;
zg!Wm!D1TQwZ--!ErN<vLaX#z6ZC!geuf{f3ebNzECE6$acOVDb7CY`@L$)*<y$L1W
zxBIoj^w|yht1Fwuc_qt^OeY4DE55uZk)5mOmy6I@vyDCaOwj%Qp%+i9v&)-J;*|QG
z&Sd_6C7a#1eYaws#;s(7(+NA`wAqe_Eh_0J&TN#u@@&$A1SeV6{xi8Oe>OKLW|Dku
zbd(LTgbd6AFi<H+s~?K3Nd1L_1d6S5FDgo}P0P;*2iPr+s~=E7_UU&8Bta{lN4wjx
zV$J-TRIppOy~D7;Cyx{+O7BVKXDHHD0UC@KD#*^LIBi%K=Uzf~RiF=54HB1UE1F31
zi<lwn4Z}SPe0tK?SpSEN9}8t9J*HL^_biV|m)7?nuAnsoDO|L#-7TKz&coqhtiqp|
zgEGW9dQvmOT6WT)$YPsp;8$aD3>hYM6oAhTD%6qG6#5oP1ZM3+DKSS<(<`>mAt{xb
z=&M2`-H{4XKRz-q@W~j4wahC)`qZL2A*vhxh)S`t(=`lRYI*#QFE(zgMjnz9_nddH
z9KHlvQTYCYmRWoh_?jEuteUBxpn+O(BrzqwFpo)YoLOc>%GJ<zsjVNysgCHopxiip
ztrC_e*sPUe3dx?F$ag`Z@eYJidZF<Wv3MNA)0B=sVkk~SCzwU3SKX(WAUtN|XFZ2}
zRMzMXK*<Yw^=FF$%dqO-SgyuFWYRKV5THX$PEV*lsQ8qW()^Y`^4W(baHaI_B-&)s
z2+XXDk{2-8<Ii!+0f>9O=0H!p2DJ@otWB0$9AJvYu1)09@eo_rLV76Te#qR;UX;2x
zFxXcNZzgRkDQ$RxVKFJRuj3m2Gf4r+dErFB-|U{4&pq~yl8Eml<C8`GAQaXrK1dL}
zKuRXT7yH0E=&wjQO!p+7`|tE&>o;`F{gIhS1H|4;Fx-BBpampuajKZ^4QzKld>6bY
z(Ne4JM`10W$-NIm&NGp<knVwT%BCR)Za6h90{Zq&bL$H?15*=>B@mdA9X|kkP%_JM
z0Rd=pWq*(bQeZ&;xTXNi`}@_<tW}?TV5C36D6DqF{30o;>&0LK1mWM4;Qjsq2&(I#
zeccR<{V8FS%IkPV1E{u${m#;7L`nNx=z5?PxCgs{+IBPWV9Y+8)RYWH0pJ&rDs2ON
z#z6o&;B)(J#%u+ehf>@47Z@-}hl5B>=c}c(5s2w9<9^^6R>?5+5ck2Lo)^^zlS21}
z11R&-z<Ta!=y6tG?gis;&Mgm!-3p8}P+Jye0S_Vg0-$CX3=)JuY&=O>2y7)?0@KDE
z+(Y{JsIlA|iH$!;jou#)#mP+B0fLxrO*k<G5T?VRif{M}t_T}cNFRdClC7&63a}8k
zD*%j!g&|}Su@z{-rVRC|4@Ofncm~+mZ5j^90!IL>g)A_vQ~9p3aTSLu8H@L{hCwsX
zY5sZW-3Ugc<(48p|J?{JFw8ezCT4t3a`m$e4|N1DWx1enGjQ;;3Om3T5xi83^|Aw0
z<7{6_f4@1NrxG=MF0`kSv>br!m{Mjb0;n~VR)&fzFie2|&bfT&0|1~zf-e^^#Pw3@
zfLAsv^2+g0r6~X(1>j>68@~pXq1GHh&W4tus(QytD<(9mcu#|yDByTc_okQet9!?`
z#J%^$wtOoSQ@Ie@6Qi;LmEMy$838%09q_M6z^0NJ4B#0z#Rgz1SrdU#$_q5)2Vk~3
zsBM57+uc;j%7Dw6ls1ikdEf{DPCk;n_lFM@QUM@ib56!=5;!Y5mrW}GTdZp#4Ny9(
zv*&$BuI-+Br_tCi0z47&3&5_y#6M(#NWAI)DRX~R_Bw9pkY0!Zn1keFd4Z(}CUHeD
z!56@5B5Ggf!T{<h)e1luEOx|iEN>JvHB~Z0OoSp%RS-qo28}Rz0~B#ZqKwkFMdmR@
zz+gS2Jt|Qpe*(|x%JCEdMKluu%l6h4{o@<0N&_HyZUhVjgoVI=Hm&gYc}K22RXJYV
zc3@pW@zGQ?a&NA}@}GMW0=zP@oqLj7J(ZVKO^BkFGE{B>jg^Bkv3^6(Kw?dch<y)r
zsK_KB00FKL1ju4?>jy4+G_h3KKMlbglfa;?`V|=rg8{;p0DMFvJD$i|L~IA@Jb{43
z;SfyA?bo?%LgLRgBU0J~#MdHt<jnmUz{xFULoj9*nsZ_8lWm3)HW;9Dp{jCP8wc;$
z<7L&T;R_)I^76;J?ZENxWq>##tYX=@Faly{tf+S`J877zWRBjkR(t<+U#NH=g==DJ
z@A3!()o;v{&ONe~K@vbO;Wt3f0$dr!cbrv)0-)+`pIAv&i3+1&DoF*R&Vd{dmHv|8
zepCgydfTgw7XmnrbWwa~g?mf`7~Z&IKRU+fT*&UfxKwQW&dH8R7I+QRd{zR2z&^dQ
zlr}iAF+q75DwM!57e^tzKQhnv9FV1mKXR=xU6~lheGU+zT-tC14giN3hIzz7l;97Z
z3k{ag*uZ(mGQ+Eq!2=h(cQ!i#Snn++w0C%J2F3v)fD`C_j{nE}A-zm+8^hpJLL;QW
z@B{L{JEa)j=^|NZ3E;nuL(RX(u?%gc<p2<Ybw;}C|HUfqrrdfcRj_|S*Z}8WYz)Hz
zhB+X)`5$wM)uMXxbD=-3|Mj(%3Bm~A*lJpS6u{xCDnpG64zQ4YZwQ3Et0EyIIu`~`
z{Fx#dz#f`1Fci9B$cDjo_$&KYhruv77g0ePh3_}wMEwJLL08_pJ!Y~2$ZiH+FTBSK
ze;&Xe0q{ks|3vu&0oafIM)YnklA%#4ZF>eLMb)U1tw4hEQanW<UctS`LF%4Z2niXO
z_aXhY3=D{q>lZp4_L}RLk;s$0^}GC2_ax20NVviRy(HmEx-75?EJ`dTG_raBO#E9W
z_WN8Y;IQm<^;}3#)8eBfVv62B3GKob(tR)<h^l0k_nYk#x^rPEM*yfXIL~`bcRs)e
zB6G~>se()eaU4JRdjQE6#H3JOhP^8+BM?bo6;SWdh_Tb$TJI+-c`M)BMNfKYF}naa
z$j7IZ?{h6@aTF%|NtcgP+6ID#4l(J&btiYSMY6cW<*N-JdRxXuJFm~}9P!)vz(Uvl
z&bl|~akg5CW}|l@Il=qV_53mGE*Se{WF{lvN#IT&l-9FdjcvUTHK>oI(`9gcakies
zaPq{w@+(HSk<!*sO6ReBh<O5Q^<v2f#JeH5E$H8JD>!8)m`rx-Jm7@nGWeLh?Y<kZ
zw$UX0R9U_Kd^ZK0hweKm{!Dz>_vRR>`gopUR?+mT7d^%JvNl<&|EE3b?zwiu_htVo
zy;@Gcle=Ss)<=Qe6pQ8d5yl(Tgk7!F#P`vpX|Kuas{VVZ=@jDR$>PKK2Z{?J5G`9h
z;gh4Mxmi&o>QHX7>-s0XCq-Mr$)~sdyJhiX)U}z%+N|*zfowL*tMb3ax0<jfiVhYX
zH}}(?5of#C)4sgfO))1;b^4y|$iK^tUTOt>Z+!VDeJGU#yMBJA7pi`2|Jj!JymO`H
zO^3wp?&}m6{6wZxqSjbTCbi;~0@7cI@2^mB{)5%cfZkLo^>de}9+~B$Z3=X?o1DF2
z@`s1tXZ7HY74tBhNBGArwNlLCvy2C)aF$z|fTHi)Y2lq_n-(>3V`A!9^+cV+Z^AYu
zUmIQOuEy#F{gtzXF1Kc-SE4nD-Q;+WoaYL6tz-EUTbn(H<aw_ct7GAZP|$7gCGyE#
zUDsVR!fz`hpTcLyjNr>F1{(bNH#2I%j{|@{KQ5JlGRlOf*AW(P62wAJ&kNebadxNt
zU1TvHePi67>$PW+kg1|}K3FJsKYkHroEfwQJS-B*43jbc-ACTwD<n7r>0w;q?E{M=
z9_Elwr<xeD*M|;$!|Dl;KnG@^r~0}y!hB3(l=#0EOhNk3+r9q!X$U7x-uoU`z2(W>
zMB^aEOabL~kG7>2jFrej#)urZE1~wJJ4XKGy{2MrVw9?(J?^FNgqy8`eAnNOC3tUl
z>l>$7R8DG$A9MMqs%vh=2Tuu4@5=ASoQ#_`Poo%*OIOo3PGgL;KpvJwHNPRej;(Fl
zMQ<Io(#|L^Z%ZGzjtlFaK6LO5syApNJFPr)+5L1n)fK<-_jvOF`4~nTJaokipQTuh
zf@D)ylr4S!Zp<!RYdyA)=RCwBYAQt+Q?n5hl+N!*y&*f5Bs~1|@UhIU>_fhel9R7&
zlB{p6jz7qK89Z(n0zF}9Y-<<)@)S7cqj9$p@wCj2A&qj)IpeRY98=L+S!lWb?aTjE
zIOJm6&au95cx_+smj9sg!^W3z?d>wi({M^&rsPQ8YUi1CK4nbg3ZktVBF5#RwKL;*
zK%F)Cp&rSBrNoSQm#>T2R|2WI>h2}+<tBL_qWbQ}6aJ^c9SFm~ck>UB|4aqBbv4;j
zGC69oD3z;8Kq9quy>@N@Ie_e6zoua9=KWfJ8m-ffO%*n+s9|8a6&$3lTCek(l@=^q
z)%a@ePJLg0wd>HKUn$2M!qle0=cZR@mfs^(w@)1LjvK`<A{=TTx%kvVtio=q{<4oO
zmR0!nkgd6@LFa2dnI3O7btOcJg_-H0xKHlk@&zesYTMmG7#DB94;{yE|AXDaseUfa
zO!)u5+~>b~!d(Bao-j94@~;eVpq}vmmOAgy(zL_pMDbmyUflm+%0-anM@oYIgGXLY
z7gBZ_#$p>1>IatGo8UBQ^3dNZD(L|2kF^barXfz=tY2}VC97$3^z{PI1-QyXFNXHM
zkp;5?HKV^TeNF2uyz7I`wC|xZ3(X0>CGy50a0es7oFT~rG2tn;ZtcJ9ZSPgfuAYIz
zQx;y?eo&CYft^op1`oM^e6YFlh7m^EcwO=)7eg<<bxgapGWvozkE)FZti2x+gF%%+
z3qb^BBj&@JxQhixfxN{GYx$Ss{VXQMTE6n6un4adp!|3Y8pvfx3P=zZ?0f9{yE=8S
z7~eYk6Qh70ga`6y0;5K;VIEZVV(WMK0pWLzgu{p6Cde_R|9m@Ed`B!<=cdn@U0tYh
zr|r|h4xZrjL*`V`!(M__%(jNL?(F23ew)|edL$CRC7PF)eOJS!r<D*Ste9mvv&L>i
z)b(KH(Qr=NOiLA3D~mbE-?vqZ%TaA%ceY94j?V`U^hn9yJLKFjyI<GVz1}E&G6qG7
zxUYPCya}8Abb|TJyt;P1{aflA#dHA*`N8>t>i6074Z-$KpM^gdaO5`vj%2M4v|<sv
z`}Ye&2V+xA{Kf1Xo?mN!V~SYZTxZOm8S3o0*rv_i&FXBS4#8JT1?~y$O$Do^Tt#m?
zWaCldfoNtUK#38}@qa5<Z`3?;VJQhi{Pa96KG7YHqpj3@8dbX>qh+rt|8us|K2F0d
zV<L&Tt6{XF9gQ;=H^@ql9`lXG$MyPia+-PK%^`O+HH~cT7iCdJRc__wz6s6A%_%0k
zz03oA4hCFM=G5Rg+JYK4;cU5WEv4@@wEL<`42XWouz6icl@wEh20o!-G$+PBs!h@g
z;}2!%_Znds^dcbtG%jaJMZ++qh$x9^<P;$-V}VuWFs$QA8aQ5WWK5v*_WN{DhkB&f
zd^~Tx@~Z*0_V<|@Q7c5su!Gb)tXFP?_^dI!JIL2=zF!<Sc!S`Z&e<1K(`emt=Z{+p
zcc5%rJDhejQ5E#@GFUr(3hD!t&FVvXC7&%-d-!P@%)3Z!^txcoqy-W^%0lB^y6qaA
zas$=PnpF&~+_rvS4gpMQ+DJ{y(r&lDM6sq`UINE}zf7yBxAAf_`01*7Mk)wK?m<v@
zIF(qiqQ!)I>?F$s$nb0(eg@IQ4mREylpt>AR8Cmf55G^j3=c}>vPav(k8oGr4Wpeb
z=;+w~$lq#;21=1RO9hbIe(iaTTwxD&hlc(JMpT;(vaG_zj}dN4A5$Zl2J2xR!^x^H
z`x}h>^QH}>PO{JL)KFc@rj(+o-co_ZRagop2O2f-)0!4JBJrEtHdTRo#0A%pwH~N)
zMEkGhZ&>hHE*{%^uGDF6M%oh|q~3s}RH-f4&noA$=JC~0(REk#4tY^(IF@?*+hHMi
z5ACfEJNc@e5^YgUSKiq%O|z`gGRiPF{6!&e-{eXs@x%jzGCa?F9}cjJby0_Bq^kvG
zUYy$4bG`(Goz)As^!xvj)e_W}LUaLPl0cdG2w(r+Y0G2AO0d)KaKGBa{3w+kxc#b;
zqXNTUSE=tlk7_T`j@{$yI0x>rQKc_21rbg8gL33?AH(_0h15y-CA~kxV%IrVJ*ho%
zwGFFo&P2Gc?=yatN!t!zgTyMMBgD{4z(lBLMG~)eoTX+_P!he%WB}$YVc!LaY~VtY
zJ6Cy!$njyB>`;uhp=;N=7~|e-r(N2{v3YL{Bu}?~<G)<-m$$lRF|T#~6Z|=kyR1_V
zQ({x$IR#{$0>38h7KBMWlLj)lOzVY+9c*#EBdIXQ)sy>>j+&A7$)aUIKMCAv=uPMV
z)L~z$WB(2~HPtt+W>#J6x)W-UFD~K;+{~YSkdh<RX#U_QE@!X`BE2_$^6Wm6Y7vFn
zZ(n`biq=V2NPc{jb!)P-v(@Wtv%x_&>a6@hB>O=`fy1ExGt*k?3zV0zT~UJ8T3swR
znO^TDU8%*{_v$v`d8_7|adIyiJ77M}^kA63^aYjO#Z*Q8NTA_WlJQ3lXbPsy^LX<5
zA*ZcdV2!`^m{+`@vmbdd9=!#zl&Eo@m~QxYt|6V7Tvo6Z#iDG9o*jg1?K-FcL5)Rd
z#Pp8Nt2T0o(bfv8(6|Fh%M>N6Qf{)J(o}5SLhXSiQ?tfHa*vLaPTqc-TKZ1MHr2zl
zav>8vbIB%(r`yT{X{-zq6n|Lmnlxv^-vmb6td6NXw>?61?03n)oXvN8b@MQq{ABIt
zV50%Nx1C}&EqZT99r*{N#_lhV-)2Yi<{cDgkXpbX&r}|T@eA}^19V@gM=fSFiw$zS
zZ`?Q{0?NJ3SZI5lkq#a7!em8n27L0wP+|KcK{A7eExXB>I$qD9h#xM+b?e9jg}9Lz
zv~ySde<t6=(fi95SDrm3-cAe*!zFjOjv%UeB;SM#Ue^W6x&$<TU*ylYG8zBy`_cY4
z_OeHQjeLgz{Zh90h$e!XZ97Tpo93ZPkH_|x@@stQ;!y^e8ev|mJkxW5*(r}!QnUJt
zA=QoXn1l9dqKptQ@{$vByLlueeM6D1hyY<ae7ATbFm5<wjT}EMcnt)PCq^(-nwS4x
z;oSeN*yaAWVi$r1sACA62tWnmU}gHBd4dz*NPyMmi;k|mY;30FJ1_*iVWQz)kITXC
zPjHvhv$u5M*A(Y_Z~hq6SegYQl55*FltO$s^5r5mNb|B~195#*_+W1y^eJ~enm+B%
zuJ_KH<G4s~Ghut5)_h^QvXMrau_K*taoA?pKN3gFxq~Pmli~fOnDZ0=oZdeT^)ZHm
zi2htLQ0;NKtrG^v{=h}8;B*M$8qD4R@q2q=MG}Kv?zZ4iWJ``>X3yI>#D??hLM+U{
zE-sn^k?2xH5Ww{Df0}~zOwd8Tj&XjW@DPI{VOpz;JB`JOXX=s#2P<<!Kr&%6Bf+?L
z%K(|*zk;9_8v|15bOUD^^q9WQv@eULe&imRykyZ>=qW>LG-fgrut#}vc+JiKGi#&L
z&yFQ2{RQ$PGQ}FHJmn3UvONzm!s{)uT>+vR%pv5$q@-B^#t`vq;<e$-kO=ei*{6|>
z4nf$-gxZoyyCW0KxQl2HM9<QgGq91BuIJ~zwrr5!&YgT{7r#A&&{D(RYPZpHA7crv
zx;_1t`p(pOIpc#J!Bs-_fOF>HJ&$;MG|$)lU3uIrhk|{=)cuUJ<L8CleM0}k$R`U*
z-F-MvD&q{!(PF<*M(DnmVQ;8&(Q)iPTQTRK+|fc1^hL@Q8_^*KF-7y{?3GUDtFQN)
zYdgqMOLYG;CY5NDv*6o<JjmxRiH;Ch1gPbkp-_V8fYTPt!v+13`ft%ZiTZcT@Tro+
z(YQqUg_sgjbZWs)7<}e=W-yHo$a(_?@D%mUoeGp+e31?qzEI7^Qq4%V!G>ROgmr(i
zmKduQ)+B$0xRc?=zFdVQO2MEh(1acQaM}lwRS?$q*VFQae}=aoOW+_}^@C_?jGV;5
zH_v69l-&%@w))7p%83(EkhJR~iFBeYsN7jjNF{kbNx<(UK=aheG{j6aE-16!Bql)Q
zk!%6kERZfhW$VL=;jKqXVqw<;&X6jihrj!>eFwU~7&<Gzq=1U*GT{8QJQzCSO*so<
z`0i0YRG3z0$#*dNL$`Gjr(y=7NJ-3X&>$a6B>gP1Ct%WkrH2e7fI#>c4pjmkM6j|^
z&bcK5h7mio6ftv12(cjo)+PDA4or*!(WrU9L~cJ09v5>6v|dXwPI&>=Zq(rPM8X*j
z{yxHLr<T!A_(&WNT~6psqnxxzQlC!Hstu%y5l2)`OyUR=!U*Z3j{hDd^WJEbpIRNs
z7`t-TN_d(?H<QkUFlKm8N<q6lOAqr8@pjUfJ~OV|JEeUTYJ}|GK58b^AU~N6u=rR>
z4R@)Q!^03-?a~+xCed)5AI>_VaI^L8D%5Yyzxj;ikyx~D>oZdOoX;{qKEYF<7Ya={
zQMD~$Rpb5d>#3)Q{D)34_(q6Z^o3)-T|Cm~1ifQrlPvPz!F!JDQ`(mmK7EKY?J0C<
zjJEiFB7FHEUi+b$3rqDZgh1W#98t}EpGOYMNoRE4HJX>q#2WSdu7Gb_$r2GP=<7q(
z9K;qsqq`KwWzZGW#wKO}OyCc05C=4mUUs5NHTmzfp%U`;%h*Ko;hPLe?x1K*9TYh#
z_%3h)CCWn{_aL!SlM**WXm*r?nZ+^xUh<s*v2YeQe`yMzf@2A0a5gS>AzB|yPmB9f
z`;_#)ph0K*iCi2v6E?$wX<_}0wq9Dn1uVT5N}TX_pKyzCq6=Idp<99wNtJV)@dsX5
z;9T;#%R{a*bUua39umo+InUS+rwRM1^f;lv#0W^Xd0P>Qnah?N@k-I+YoW6#7=~^d
z+XYa#?*S#%Df%h2aWfNt`U5LI?JWZk+i@TVG@?Rh#ARbIzsgP@Xy85}+1C46w?~Ra
zVo1rv_LjnNoR9MNNPGr0P@O5wHnMK9GH__M&sWbwM$Iz`C7rgyEn5a`w;$*!TeBT7
zDF6L>L?_rrif?x{`NAFVnB%07#Kx_RDt8OxXx5qu-cTv&sPzHEmvcz?r``o8JQ~)t
zIzw=9329}b*h4~1M)6@nrDHQW=aEU)uxmSY>Aa)y*Cq194LV>qlx9XUmY(CS>_vS&
zd*vVCw;|Mqt}fzH$kO7_xRG2ScTso!T12fcP^R;#MBvkyh}*W~;o3C8vV-VpN|oJ>
zL--^<)Tz#4*%c0Y{3nu&-&E>YxQP}HJv=6>bJ<-9_q5Lt&jI*QpuZ;YUr@O7YW3yt
z5PD(Hmvt;qR9107%seAyj|sUOHHiaR)~&kCmx3mQ>XsvgJd2S!5U5-9r^VD0_HaAK
z(q0y=b8@x}$8_>F>+nm|>mL(bn1*l%e(1^!gA@z)5giF*eE8r-gyc^>O&T{I3A|MT
zHfEhawS1Q8u1^&5*Qhj9)S*tsFu*`UpioP~^o8OwrtNV9*@MwZWs48_i1P>HK_keW
z$ius#L{`9goI(@bDbCVi<_E^C%S=n@2kYVa(h%&0-29wzweLav$P-hAqitTqIH|jp
z2*jxBRrE*^rHIQxo!ZpWRiBsLjLj_E1ctdWMwLnSwAsx!MymbK71dz!-&Cyv;Q6v@
z^=>FixR}O3E<oHkyE@1VLQF^@306k`ySYR{HE79~AYd7gKx`SH6ex5*-9yG!<N~L~
z<T`B_fFURQ(;xekdXT2n#3LV$gEg_Ox+^0dPX?v1%{G8hYmyz$Ihndshuh7|(plQX
z74&eWO4B%{uX{43+YS+bYuxvjJ<0g3n&>sO42Bd$67b;em#5n4aWif98lwqGk&A10
zZw?UxuPmL#ap@mV^0k(@_9}JGPHV_g-^-Pglh%oH`vS^D*v{Z1`H-!$%jP6~lQZkj
zsp!YAu8i#<{==6&iX1boQupPGU4zDT=^{90+C(GEaxf|v13W|9P5!h2193jfrOTB?
zqthpl+TyIx36(f0Hu&7Q@&*o<zUkOq!A_qfwS5|oyA6d?xEy+vr*x0$<NzZs_BWey
zW#<LS$rr58+~~2<KMdTgJ{&&=9pbjN+fHa{)Dq=YNtU@Vh@eCttbX5LcT(YOI5OYM
z+2>&z|NN*&?g{fqFt_FvbNa{dj|0SVbcSdesD1he)X1@Lvb51rjXRPYHVY?j;hNos
z@7*l#A7@fsKWl%XN(2EdKd0|dPUDwBxa%J6+o@Lvau;c2dL)+p2rAd@BA0VRzv>??
zoQKZi@%WsG)^R7HcVeh;zDptp+X^61;|S)9O?|N^T65@Ix+YXfC(X)57<6R)s){>h
z3hIru1U*?B$=wX07AJw^<kaik+KZC6GIK*BU7TeaS_5aj=&XWgFEVRHLak`->=;@O
zBCIuzFJ>3e8+Bffd0R~&yrn8Ub5n_kO;z*fJCHXkePr(V-Nv`R*@6jU%-`ow0dH2+
zsaUsj*am@^kjHO4ldE4K;@wlydqusMK(xfowwoajhvw`9RCJ$5ZGp|+G}ppQrJKh+
zUZ$CUyK@M7_G_RBp|F+>*5RuvbnxxB(n-ocX(g~WemrE`Eecd3;lf=lKf!`#VoR{h
z_wlKV#Y@}tLO3}k@-5e<#S&@?Vy-SU^Hy%Lwep!Epm#|%ZM~6kRIAXP`K4TM1Nxgl
zGRd1RO>QPmoO^{M9Md!Taqn?0)mX~xn)}`|!{L6_)kjpCGhGtXrd5Bm3AwVw)YmOH
zRi(ddWj|}yX|4aO=<h^C>Cn}t7;crjif-7I*%u$(&Zd@o8Qm4GU=T&|c@68iL>ZyJ
zD0?{(yJEQ0n5Je3EAH1aO3zE<B2Y^z?^haH6`|7Ep%%5f`4&f}f_6~@IbThhN13B<
z>eTonT;Ise%+vUVmE2;yr4AF)X~NgdXQJOsy1?<^qH8RAba_m(+?Pa7;IidtQF_&R
z2!2~)t&C+X6it(B&*x~mC?BV~!!K)C;t@8^c#VA|m)5J+l+eFm>{!iJ^a0rfCqpm7
z7}AuW_)qbwH70so$Xt`C+4dUv4Ga>kcO8ErN^}F2$f>npYL3b^8q21OaQ^Z5Tw6%w
z+N3q4{<2fS7-HD3L$;z?GlD<YbS)0WjM&ONR355*q|VThF5+h3nSHU!>JgQC+h#AD
zv9U#X=8id(ar}bDZ%qrM6A#Km3l!MAPs~~~$w5xK*c4b$tX9{eL5m=Ot~EAWTUV)X
zTceyQ+YNS3@oi@8%HKp#_%8H32~~_Og9qk;7W`H5fP8!1<s8<fDiTR)Dn~(FlaEGh
zQwhwIZ&GwCjhdfu^%G8^ziKLy2kIkD0#*j3%ttx!Dib0hasOZrEqf4}S`}jRxooT|
zD*dR3p8bz>p|9Uy5>Jl#vy?tg$~|Fi;7&eBU0b~@ZD7-VDV3|#8m@$*dU^fP?(@Jd
z?`=Jl6ouzl2&w4%h0iuH`HMtsa<{ca_u19Y@d6}oB5S72ndd0jyp2UIzJM<ly_=%Q
zAO7GyMZ0>&u3r`XP1|h%`Q#LNl<dl?Xdv=}_eO^?0-G(i6Vb(*dGqDy4R42#6A3U%
z!^lVQT65Uu3tsN&xa@N+z?`j6ola|8W4yBpsykFW$f|QvO&=5c!T6f&wFbKMV>h?J
zgQ`v^P8pXTmmL->G|*YB%BO#_;CTiG*BNQAEOXio*%hq$^rPK?G_J16t?vi)X7O<C
zUx%J;?3;Ya2G{u^b0dy@J(SX12Qo0Ob|sczxAm21Dv_UBl`Pu3GcejD;C(?PI}R65
zCw^5+Fpr6DU!+91d|34h3UqKkS|r))q~?Pi1^oHJi2jFCSj5%`UOV3qqmYx~E&Eo=
z2-fqn{^hsh8_#V&4d-lL+OsPj&stdgh=C|{@A%@+12yIRC0YdWH5w^>?MkkA_7TJ1
zT5O*8N00WUcfFr^n2SZdAqE0F%_(<k7d@&#Mr2eR9>%ZQ$A7ZE{El&Z0}EpN@Lx6k
zWGQAy#N<dONZDjm5@7ukcQR@!@SBr`iS>U=AWh&c*{*V&`*aCUfyp=xZ$aUFWP?F#
zmX||>wD|?29UcgN4CIZ84`Tl?|CaLFY20>a|Fkb4*++8t1b!eGL(+~s`G-lsHj6`v
zi|mlL@_=aO82`~@*_={`X>^G+=gV17XpcYk2PF$|OL_!L5dGTuVc*``UN(?34#1L=
z+F$#SlfZ-m{L+L%xOkc!n%E_T<@SEIyZRDDp>(oBdLj<wj7KH?VWWoyY?;Cg&{z@L
zw+*C;Kc*OMox4qi$u`2|8ysdvd53;ZVF9;Mf_3oe{iA>_EhLp&{q5~5<sB=Umy#Q}
zw9xXW`>Pd1kVI|+{a~|sj2b*EE<^!lf5eq#v(Ktd=gY~0ply|8T@!M;V0D3to6;Yu
zLWh-)IcDv}Q(3;^_{TQQ%g|t8e%?L5KFSME)0{M#S2Z34sh}m?@<`ySguy-sQJr$8
zWf331;DQmO&I)G29m6Hf516H7MXkNEuj&z_Fi#gtf<zqYKUCL+Ep&DHcw7~Qm#lqO
z%Oz+L`m;dw$Q)HZ?C^*fw=y1ONe~A<<LeZ3RX-@lMdLfpwf$IeDLFbGpKe~*5qrop
zXjg=KH+W~E%f9wmKL9h!Ctvp*+tUI${)wRF2Z2fTgePIDwW#fsMTV_pV1N#tOp?qX
zev^cpIp~XDG9Fy1@+3|qQBiI2gPwe*b&3n`9{ZhUNVm1iZ=m9-WyUSd%C)|Q2_aA_
z2_KUWLuyplCJ}p7V&55dS(;Hc^2@5_k65KD6$5G`8mq)#0s~8HL3-F&2b|<=r2<S&
zA6U1*ejz&5;H=FR1n&}5jQ9+uT8*!9g`&IFz=OmoI@k6~L$G8{y?-39nXyKWIjZ9d
zuVn8`Kh-N8m}Sl2EeSVnH=U=gKBs(a@;(+?+#Hwcj2e@b<DlLu@cWJ@m>Tdy4@Vr%
zj(cswXGi7kRCtB)KHlc>PigHz=dxjv)<?QuQC^Ot5&~Q-zV0cLCv8FKUPRkZVYBy1
zzWX476#K<P7~?utEec{<u*BrNp&ub9<H?v;4~gz+$=DCwGxu~^mK8sn<u6TEhraJ4
z*F148l`?)U_F``kBk8az?V8uk3UklQz!ijgTg2IpR&jE``h>e=vYoz{vC)WR`s^gG
zr$XR_^p~(!dPkIE&3Ms?4U6vk4FU}l41GB0USdPoLaMyn#=4mgI>yxU&5#><xKZsB
z)snR?ag@bGQ?8*n_jm!q?c?L)Lwb5rkDsML;`0I0GUU;zU#lab6?w`W=bgS2a^i7c
ztvjV5VQ34TvUJDXn0b_*kCFNY@a^R@|NXZU#PIe!gt{^cZw;S1%U%fQUaT<gFS(!|
zFFO>U4-qrO{o+mo%jqte>y@XP3x{P`NYijuUKM=&%+Pod>{W7{b<Vn@TAWLp35rTP
zD+0=eO82ijNV;E9s0fdzRpp|{U4A=|FK`-D!>l(gdb&to@%o`+DO$;=B>tQ%{lL~m
zTNs?Tq@;<ofl3fuFy9g?UZU*LfVB+jCBm@yE^9R;3llTjd5P)fPfML~C16C2fjM1L
zO<}%WEi@#T1-*fq0gZndKtz<Ab9p2c_Z1(sT@<M9;mY4GHAT%KOMmPov(GHgPti#E
zm<Qwl^|**nyq8g<>C6b9h>NbGT+7IU!Igx7dMTN*#P#)^+K<n!%D56pTG^lvbQhZu
zqiKP9oxT@i<?4)D%_*xOH;6kbEBVRL#%&^9{)g4=R4jS6J23OQ`ElZJ!FMztdv=Gt
z3TAAl(`w7)qeXgl%@LsTPPsF{yP<@*zd^?+6kl1Exy&<s2^^Oj-TIs+YKabi3a=i}
zol=AGU4lRO2EG1bA;*YPKJW~LM(}xZ^B1MU?p&fFOy#raD&qRi(!`dgr(BJNrRD~G
zGfq+CkWxSR#M3!C3^s0QNz>K*6kOF}<O1^<<Qd1`pz=sfl9qi?FiE|XJ8U`n4L7E3
z>9dq3^0j+7Lp<hXuD`sNm1=x@SO&$1BO!d+0(rUTW+6$;amzseJ~yD4X+lpQLiC04
z;=)|Q-@6<+jZ}!BzWgaA`8Wqw_X;T`3c9FILLGf@%lB5(HSxtg)D{vniF#9;1*BWT
zx|!6j)1&(RYn!rJy2#ZtPTysf#~vB{`TJDvQWBgBUMwKAC1;cs?XbZpp*U#y_f;nd
zx=rbM<f0;{ke-2UD#Sq`#8E;nsd97{L9Ns^D(9Xo%4b$j%YspZin)s7&avTDw4Q3$
z1imh)lnvkC=r@ik^{&p3@jun&-gJ0BFA0WiaBfHzTkQIU6CV7ApqxTdSj<)8N9FE;
zVmllIBQEdkzPpbcl21QU?Vg$V^_*l)<akB41OfkoW}?WYO?43tqTrAc=$BTJuMCw;
zF43B`4gikJdZ-m;^<TDJQzO%seIS(>ZRmRqUCKP3P4(^{M;hs6qC1sw+qL#`gbw-Y
z7*v0MdG@g^G0hNa`-FD6!~;j~HQn*e8CwrlPR@jCezfq}jPt9wtuk1CWoyXJO3jQe
z%xRrrCoyeZ&84^{Xm@z{Ubn%q*#Y|LMdL8y0GVAOdt9Df;b9v~%8Z#1Ro{!)J>-+x
zr=G(pu}_pYBY2iLrKR~gLfOta2%nO1FVM+0m(P^E+GdpP6!x1sj+?~Tl3X}#$9Bz4
zBb<UL2UhNP%Lp&?T?JmY5NGUVUtBWq2r4x4#tTUGc&6q5qOF`#c4eB*@k2)x+P=bA
zpJh7zxBOk5>;L_?0LJ#;v9;VB@6*h{IXfI2|C6L1&|I@y;Xnc10SDKDnYe$B;RE;g
z$0S@fUHsbUe8Ta!=i-mymp0P1H{`z(aWmmqCtS2l_|XO17XrRJJ_`OqS9eh7#Ev;(
zhUd16pmjdmdiauucy26YkNYH03_iX}n0Wwko^muS6%v>Pn7I)s)x1*JtP-g&IdtM_
zLO-2NP^3Iy-oN*QL8Ne47L!AFY^T0}ZIx@z_4!5igg<6f*`A#}-v(&_ZZ~%!GhS`q
zepCdFA%|G3ApNi_1!Dp1<CEQ@3^Pmy3j^<7{2DW_sRZg1j&AKEofF150x$*KU%O66
z@JjJSTfzEa947-57#tJuTuS<toKuOy^O!7GxH0`D*_1U7!O+@U$Lv;0eq8IK_sWc`
zllz25Ye$<{Bga`aR*>CTc_b<!e7*TQ56u~2&^e?!@A#C9OJtVJ{C7^lS^agJZrT*1
z<ALWeE}^X6@eiJOrvi3WzMfa7eW42kRBoXYb_-g4zQ<LdrV?jZ4l(Jp`Uvw`SXc2|
z?KXkDlUt}~0bqWao~-X)thTk`@6E)-7-v(R$zEsihN2y$+ZuQ1sl;EYD}F(F4V0$t
zc&?<%MmaKQbQHpSw(?`t75==U#0Fn68_#R4trXfGN-F<*j$GHPv6yPx4cOmY+&n{Q
zV~I}UovnSK``M&wIyA&LgJ*7<`dDuw5Bs5dpE##%_4%M<`hAALUSAoScplx~ugnp0
zhSqt%sAx*<k@LSlx8sXaVrrV;?3<zok7%w}ohzgQ`-sv{v{LByw!g2_S?LcNIZR=9
zme~nD#_p)|vWVn*xYo5>$~TZc?0i49G|KX-XEXT)iux`VG<wYiQ}e6+0JQ?SJXa|Y
zhfUL%<70>u(svR)T#reDqp0&+u9J^YiMNOZ50@uxO<lfkzPAIXo;>HBoV{D-yiSI0
z1++ln+3^}5{-@Kh)2L=$x9G#@>tBb*9tVG1@6!&hZJd0ZA7A<Ul;svXxVbQkuBhi1
zSB)GmL0a-Pym4l|mz{&Yo>@vYjLrletd%=Zl*&~M9*Bb(2^Qgkx0gdwmUdT(*;iT<
zfvUC>zbe-}DwfrEPxda158|(Quy}v&oH7}y-R$!%)fHYYU+SD_l@cp!mb-uz@qBys
zJPgR2|0{}1lPKTIQ(9Py@D#E)@a)4JIB6GG532VFPghbWb!hlI_d_Fj>nFIbzme9D
zr}-?(JDkXP7LI%74>MU);F$`0`#xM-^p-mV4PEojf>+LWVW|s^QK)dQdAIY;WiDOI
zIx8f&UcE8aP1r1B?zM`xS&DDCe)Qnj*Ur(FD4m`+mnX=ag4NCr$EAIb)Gir{hxJ?5
z2cQ<mCYqHB4in^>O4dAuc4X<#tUMZx4B?SZpVAohf+@;nS&sO)^($^a7oSq#@?@e+
z@mQApLW`)wtvf|aMf*<NF!pq6yZsHG$@ULDj{p%;771b0<<_))n=yZyHxI_vfx})S
zYZLmaH&rBF9&xl?THVfeuxkM)W9%I!Yb9u6yxO_{x*aMQfgXzGYA)O0{x5bj2P-eB
zCai<|jhnCbEcbqvU7W|7`>fU3)|*Y-wz_#7zJ9cp@tTd3P7^!)8uv@lVL8Xt3&l%+
z#(w?t3rGFRY3pg(%`a|`gAc5o5Fb7X?^6Z1rHRF4X$1pQ?fCTK6I#8Ev?jJE?irx?
zl@}d(OJ0h271{3*^Jm`*k>kjhbm#XP2ey9P=Ga&{fxC@4djGZ>G1l=aTW+ks|0{n$
zQ_aCb^m{8NxEL$3h^w(P+iG`c-VndKi8(Wo)IG~zghJgH|GSwiWeZhlEm@+T_O}Um
zOXWJ{w9+@npQRIVnjSq)zf1VJX~084s+%*Y*c}!=Zbnag7z+MeY?7jO!*SvMR&ksZ
zJ)?(NsQVO%5}j@M$U9_ZZ29%(Qh(Yz8Q4nT3dr$_@d~941Cd#mYsdC}nseBW-7&xM
zLMv0ozWPkB5AXSXv{7kn50|@_mltrPF-#vuSQT}Yn-Qy~AQxlUMkv=VtPs89B4}rN
zW$E)MzrTi?ourQ8h;@YY$H$!ZmhXXLIvza!Wo{5es=Fj%P>@?ebU+3{JKFRHE>x9>
z^6#|*&dr(Z&jhLQ-xeHT8dM!Pxs92Li|c=0DVf;1F)JK@*SdPApyV*gmGb<$yOB66
zCVqw@ED$ytBD)DGBWQ5y+`aiL>NjRAN-{7L90zU`NWgp2PZ16ilTqz$65c-9tyvW(
zQqp%pGN%`uWVTml-i*SqtlxlPvOt8cL(qP(si4y;hpn6gb-uk8dL6wUe(FS4^Qh#1
zBI?EwMIlfQ@)Ho)=yE;F7CL-A2CWI<n5fNeE1t)}$`EI$Cv|K6?Q+3U$)Ovsf4;L`
zqW=H5dZ+M8wl!Qhw%M_5+a24st&TCnj;)Su+qP}nPRBS|Yw!Pm&OTT3X4I^U@2MK2
zURI5>P*1+j^B~vvBG>;I-cr8K+aRL)-b`@vkP5q?E)wzm8&UE{ss->S9(*aRcobAB
zq!-(wg@DNbZInhh{X!z77Y|U8s5O~>t-wpv(E;c3km5=mU9#aP#uADkA1FrQnGig|
z`Xa*34`9z9`m|GEVW?41YXRgAAN}1_v`(Dl{-WLlWL<y@K^kja_@#DBZp~265ry`g
zH}T!tkB{Y$O~|<C+Zms&lM&H`xF?SqGZqOXP-6o?A{%3}qTqvJOW<>(*1j`@yfGJf
z=pBssd;IbU#~c5(^2?ae=uOBw`JWa<EcVGK4?WA>h>ncoqB&>NOy=qaG0h<fiYp55
zOh*#Fa8_!0b(0l>QM)B~M8IRrx{I;4B)r%PHo)dG<SnM#29RE1`>07<c9943iQ*wX
zmRAdKpG{q)QCvTO7Fa&Za1qzQ3Y=QPt!$glin%$UpfN*-p+&QvH`p*^bOMv~vKOhT
z(3~fS6m&A7BwZKeB*Ff@cLI{V@6s2R*XWQh;mI{pQq|fQq5iCg<sez?12+Skl_6I+
zFXwNVfQRMdW;8wK7m*_yMBa;in4tJr4*3H>IR0($PT0v%At6!dZN{1cQ;QDjRm^gM
zAU|Q64VQp_unl{}=1OL<4Q%~mg@fHj_DAV5Q!xM5&mc;Ot}1rki+>p#Ju<6<TQ009
z4_0Ysq{W*Tux58Ha8a}m{RYedN;P9cB>@jXQpl1Cr?uG%e(YguE@NulR-=Bq&=&@v
z7w~?49-fw$-PAbr59zJCxLHF81}1d}P69V0|B0}p;4H;&t&umG&Xw8gp}A<Gd!=20
zwB#_dN!ZIZ-l>xr6M%;C6XyVl))kuVwuPK$Z@u0`N~;QM+R9MUn~a1aqlue#*5Mu_
zUoB*z$U)>-DcDiAd<Uo1u}t9zu38JQY9qN+h-BsyZCW|lVp+J>bXsu9)$i6IudG=9
zLH$)rwX(fay+5{!L6%{oLt{B8+16$@oq6V={B9sp-m`3Huyvq=_cFUr&8UFzF`cfA
z7@L_kSO7dt$Hd;h@kp_pxUcJ>H&2#mRGDbx!fY{Ktdf^w(<&!gIFy>O4pyhO(OEzm
zme*@lzd;Ui9E#UHn8&X9EBqZ550g*L0Hc##`N38yyjth|W!A;iiZ3E<NAYUfsWuse
zPIQx&MhjaoRGf87@TZ`ADq1rClSa>3+~!xWv2x060|;75tH}2;md+kT`dekenIcpT
zY@cEw3WkufkpY4SU}5}U=<8Br(;Alp39#L5lnt89HYY*i-x{(be6CcYJU{cBKZC)Q
za>dT}_^X(tvLS7Az5SlcUtt9ADR*_&JLVxFXZf8U_!9<-I!FTlZPMpy#Zpx6p2k@Q
z;^meMfX^cxp2u?V778QchvXHI1JqC}187j=YEV=D`ZeEqjo-$aou^vB27U${sfdt=
zNbe|^y(ORBHqS=63GlqK)11vI>*AwSS7|GogH+h5lOk1_Qil5j=E=uwY}^#J3Tsv=
zykH~U{b6o2mu_4s5iNp%_aKexEI4?Pfl4GS?J?o~`UHIzI>Pib0=tpv8y@|l06<zx
zC^h}LEH=4YFGpyoTUtiTYA}S2izvto``OfOM1~3I;OTyklkIA|<j=6Qjaouz5X<`Q
zU#x}ijDM>Yxp@XQ^}E*iO^5R9qbJ?nfhCd!5N`>KIKI?8?j(!7&&V*p$;dHZCWpej
zJh(KI72_n5S{%XG6`31ZI}@Hg1z=yVx1o}MjvyGXzWKX&>(3C?e^&i@X5_ZS<RC<b
zv&VaRY!7%n+;fY2EVEKD^kLg3P}uFE+^3yO4)-vP%G%pOM!SX=2iadPZLsO0%Vy><
zXGyM@y*lG5kXF-NYW9_E#Dmg5mqzSx^{5khQ0l3h9pq9++p*2{+1Sh)1~e$XPTrY>
zsfTE$tfO^t!j@p%*OIZ5xir*+t^Fn%RS3B4Uu@a%>Q5ip=`wv{VzdWrBReT#4L6dV
zy2&(4dHtD1O{#I=0bin3@VJ*;kfk^QQ}fuPD;vW<Ew$xErxGOr9*_3SiGGAW6Kf$E
zakIo>LNh-|_Q;h(5npFF0tBK~ZA^{~UKhy(SujndcbM|Y4K!fce!)e;&NwK=Y;PSN
z(fi=!J9JlM`WQc5^52p6U2oTDMks#{4>o+q_-mqQGePIkk|UFA%Ah*Y6&1$Pqi}3{
zy{tbni^xO7^x~AY)DW$1_-?oFYrBf;ax^n}shIRZ!4G}Ax}xBn00HXIbAmcz7Y%jp
zO-A)UJS_L=IAM@WFBUvfT;cIlo|D`x{0YUj7%#3|5aa~yM4;Ct@_Ey9;F$ziPgHst
zs&GcCb~chgC4})uqj@o$>nmW^I%Cz3Um$KT@VjgP!In)cdWhiZC<y_+XZIJ=VmA}s
zB_VOx&9iz~`l%640K&9mFgJXZqT6ZT(PvIRt`<$3X|Z<uZxY~9eU+pF1F|3t;fFiK
za~JckCT1Zl0%F4WzrgT6j#yfleTVCp*Vze20_jB35O?0$8YV*0w5SVpmDPLMl4cC0
zRj~==di9=cd9{fc`gS@TOBEwHmbz*C7^+HK`Va5TVacx}069cTy+0#4VRuj4w|zhF
z?}RJ3+Zt_LP52miQq@xDb`_imla@rm3q0u3aq8SF7AjM$&<@j>ALpZe({We3`m_k;
zxMLWAR+536<Xu(#KEkO&7+-L4EgC^Hysi_0VfDeLf@6JlHtuKhbcp3}xyRl_dX7tU
zIpXJ7EnG)1065L%pNKYel^Ksob5qP|1c~6-J7j}FxX5ChrIU^C9BMPC)#uaM_F4F^
zlg@6h43L)|_YR4Fw6Ih5KK@ik>bB8M8fJgQ%}z5ly{H=Nh;4ZV_qLXJ6(>c(X+0QO
zJHH&*n!W!u((bmirDkBTT9>D%aP3R*#HvHTPT_&pVtRSVyR|C*K1aKvLcMTK@QoIR
z3{bkx&N`)obZ`o{VH<<)wsFCEj`uK8d;$07t&pbF>Vu*Eqg_)6VPX7_c#Vbezv4Bv
z|Ahtq@wkIBA$1<BAJG2dPB39cjm0krcu><sLPk`xxy_k-{pyu$+O)G}NL#h(+A`T1
zhx1@fkNsdpF2NWb?e=Y{6hRWRhIg#97?wWQ#sn{Lh`o>wD3H?Xhy_9ZZIR9dQv5^l
z{c4i0MPB`*@Fx=Br{e8TA|U0_F?6A>HM{*H2Cx&3Z97~4R|Uv%unxr0kXTLVQ0<XF
zAe7bv8VnPhe)Gt<F*~dvBo;#Zd(#vYiB+Ftc`(I~zYZ9<njrB!nlmD+dTxCnvbwah
zXq8=IrRI88KYc$Jx6TaKlSQf?=pI*1Do%==!HukaE)0_Z&g}6M;Cv(lC`>uuN~OJ9
z->wc8zRfj0U6OdM;@LlyT6sR~MT<7Vza^pLJOq|MJFXfPACHYYl5j)xeVM%;H~ThS
zzmO!MTG?0CKWZZL$P-94Uo>?Cq)=c|f{o<==y}GOfLXer$+(L-jEo|F!PocvYi|GL
zWNK&&W17;b4+fP|ruZE>kl_m~{m*>9X&#4vfB)rqIG9=g=a9XqtsjHa3J-WHzPSfh
zB#nE8q=jQW*`0f!y2N*~oq?=o=t`0GZ}$b{B#Ncw9?ZHAIdZJ)x-S=zh8O(2qp+%Y
zjQ8E9eBD=sz7DK!5%Agk=t}6rk`yQv|4YOMC|JJcap(ij&)kGWJL$YL1Y9R#N=d^1
z1Ve%VE?ED%HGQ&ty4J<L27&s=CQzNY)K_BA8OFE3|M_{les!q`-THMY(9R;uD#P}{
zU2tm=Ip+ng$7veX|FMh*@sCj;E}Nz<a|9hz?CSwEY;;HhNsWBaCXt79P=bMs4^Bz{
z(niBPNk*geS!6DDG+zh+V;$AhH5VS&s-_hZHqq+fnV*!b<Q^E#Y8GI{z+0))qg5_<
z+{2xqR`6USGL}xmtz{Lz(^%<}F_ILm2BZAXo$Ot}(1glM1Tfd3_8XaUXC1rh(VZ@6
z!EMc7SM|Fz)zC9gdIR#{dsIyij(<l6Z#ZC`MwR*f_Ey(o?gzN2@?>7;QDYkg@*7;n
zM8509N%jd>wJ>_-Q_pq5E{WN<Raq6^>#DGc!Tg$&)GZww(NRU+#$Z0~`~DNLe4y~s
zP#TrXUtJMp$;53cTiUAME2hy`6(yz*!eR59%OLK+YXr?Sa?iYv+e^+8F+%6c6#iY3
zN=o&;0+7#9rezQQ<4&Macv0?qiIh%oGqz5q>5rFIA`v1E9Wl@Rvil$$og3;3g~s_8
zHPypJb1G4Tf^M%3%P~1QOu~D!R|#ZuFz5jl<g(kh;p+Bg0O0GMq5J)3$-!;M+dE<5
z>t8=a$gz_(E=h;cz{fEm8>UVS=n#%G{kLI6z{g7_W{#!W_SDyW2;%h?Amb>+*dBw|
zMLQbuk3Cbdo%D$#OC8TqDaX*5$lTZPa07nO`|rOBN<b^K`18YmmLUyFacvpF$J$I{
z5Wk++vjw`cFLI$J^NL&d0g-As%c=b0?1EpT9b)j;Oixrk&|PrGQ~fl5n?VH%zR2&`
z01d8)pxc~NGXOFcIup+;)Zrn1%PLO919i(~k1oz(<*aG=2i74tXAHdfj$$ESUODf1
z&eRw5k8xZ)-T6PpP2#hs(#cqVbbK|aOoP)1ztT_l52(0{a4#eMMdjnBgrIf`DFU&s
zs95NHSF}^;5)fU;?zJr7@J(nm&qZEK0UQFB+m=imkwmG@)5e|{Jyl>I9&oN?oSVw?
zT{aA+ipE~9=i0vvee@)<yC`TUKy_s)2xfn!8S*pxnrz_+HMvcloRFwm<@Zw?(gJZK
zfHU$o>NY)lMdyNRVr-)Zk#?%me69<8yr%#@|0*BunfW425FOQ-%IM<^Nt`&H1GJoF
za#H9F+ii?tw(~6Y&#G+HHW}sh&${4k+#<1>pIlaQ_@J<8Q8F?D;jME7r8=AB+L;cE
z(K6peIb)TqVZn8-)ZK@g^jR7lP!}Yq-ZOH=B%k2wNZ01SgVZlAGt3#q4;`aNs~}p3
zxcV4>_lGFjAuyTch|Hz;{z-Hs0*v3Vu8vIzCJR^RKq6d<W|@%SUTF4W;Vd83xGoA6
z?Kj}6@qvR({HBBr_Atb@QOBy6xmp#TpbO9DSh+A0X4lsQ8*yF<+iv0Fq}MS%z%XBv
zEFS3AJpd0Jc1=B0^oZPRxl=h05GB7tlJQk$XG=GqvP1qVn$~pHWPG`u1NhGBkxVyr
z+a2}3tyyd=Xg&oTMqDJKHF$AaFf<ryt|eZMG{q>&bcosbX_;P$&nN3#<NQh{cf2^j
z$ye?hVC42p<K@;na4<q}$5Ztyl$@a|G>dzR5Q=nw44pl>dnFv|<1OMTqUi-m?4@s}
ze{K=|XRZ)y(YiOYA<RC2p1ELWSoY_+#p4FxPeDPU_8zY7>a+$be)BOVP)SX7wWA?M
zs02M;oEn>@J2@YB*5OnpvoUfG^A)a>-eXQ#%}jM07!&E)&WZ6HtdQU&J$2@_P{wGd
z3d&t&x?%7($|TAvY0dN!W%p2kMQb4RFMN>70CkBp{#85tG0SkkZ;0FgrK$LnAusr3
zEh4y8aTZ1g_}wOG_P_9d=P+DQ6h=mQQm<5i#MFsXTA6<gU^*P6aUl%pW#T9fHUkB=
zd;1zhigbF#ADX)kK*eicFsX-Fqk6I1dIB!4tIAjYb}*V_jU$qlW_bX8ID}%Z;RlMx
z>s#J9zKyU1@+=1cdRs}D1I?w)R)LsCii5x}ZJ)c4^3$o=1tY~$mLZuUwI%Gr*`tMl
zziaf6d=xMW^?!qNsEA^;_^f7)=mTe*T{Q)3$!$Y?q|MS{@Kwd6PQeC`^}G*GlqKrU
z8CcBi%Pjm@UwhD)vuR~D#AL&SoONpL-w}#etZUfjTCj%!Y&eGj9lu0-wgvZWXMs3_
zmtoJR-fs<lyFlA=wTugp(F_-B0+o99-6uwB3)r%1Dmw<0k6)q`v7%_E>`#9rYE%q8
zZ|E^<MCcw)m{}k0{&*N*7ho}P+c(Y7-IQQgje(_28!l^+h}C~Ns-r%vW!9a>ayK=Y
zotiw#Xk^L;v~wy1ew3drr)jUt^{fEVz|EPlTKs+Qe2eG}FAS=~P-AWD5Y}*%hUqwW
z5z{AF$8)y-vrvtjQ8QkRsNb{z89CpFbO&d~?$Iv{f^X~)Hs2bVZG;#jf7xq4UwUx2
zqBtlwZY1TLe3hA7&hn8m-oj3P@{T5!R-e&qFBK#L5EwBYa_^ioqr#XvVDEpfsGV+J
z63sc$J>wqsl-bY{bUwKk;#xb^1B2l`adFV{Uwqx2bFHozswI-uAl53~??2yWlg+q_
zCCAoXV+GzMd>9+=I`1b0H_A;E4lExlz%92g3x6n6xg^_S^VJp}9&%6}wNn2b_CBKl
zeyVW-m_01Q)qFPCwG5iZox2-vK%S!4FL@CIGmE!Hwwb>j)S?L}7J-W%PO+a&S<ei9
z;gZmyzZ@biNL)mPSk!E0*;eB0YN4cS+;aMr#^=;AgH30i>L}ebZ28z#vXYm6=G)ow
zV|vYOj{tdKW!P4VNRC^Go#-3bRF-hdf~P9@zCUqrh9^aoum4rD(z3AP^&1%`Bqbb@
z%53@d4t4Q`;Y|Q^YhV_I%}P1siT4x);kD*nj`4nJ#bYg(5bKk*+usKoH(MOy)_SR&
z2EEfOV-cEbrXh*RdZ#W%-28@flQW0WFA&O<<2IdoCK&8LRBfbzYZ+SyCMPIcV)zt*
zWL341B1w9Om!#uWB#2JZ{Cx1RZ4NlsZ$W)fuUJY%z&QM2bTHwsuH35a&fb<otjSwg
zvM++^08bFIUIPcKu9ex>m9+E-5X<M@j_1R^K+yV=aP<1)02`c@aDDRZp@&DSnn?Y)
zP|pG4n}oA_T8{e;&dQ}M!lQ7J)=o4)&9RY263|*6^0{`dzVprfvFBR4>H(gk<1te-
zg%?mAu6rL7_N+S{GEgqqa|@$-R_D7u?N8{noNm+p$|*nmsGgk39pY@31x7l;<T~o|
zujfBqS^8ah1l<vp0a5x8_S-kt$DLjq;J`1i-ikT53Cg6we|z6LiHJZY=*)E`)WFsB
zX_BSc3SNB!`3`%)x5z8P_1lXHIMNsZV8`H|hYFWT1y5VK=YE}()>@y>l(xL|CmLtd
zF&YS%ER}wPbp&6qOh|!A|9*l1v!%rO0;~OVxD~Aa&b*f}{DyS?N!kKsXJJnvQ2q|T
zPk^U|2(=Lk55P4UuSF#a*_^FnC<k)-{HMDuhB$q3lLdP<#iDb|lD~XpZ@4=A0$ChE
zfC21%+Pb$RJ7aP9{<uE{)O^a}8B>}Sk?D=^-It4Uc*CTiepr&_vh!ws7J52pM@cA8
zX~Lqgh3E6r{rT`FTcqTgd=U3|sy!coq{K`@elAN%6uo==w2i=U4Zc6T{psZ%5Pekj
z?Uzx|$00dTq@2#E89LoR4$N9H$z!B^X_ahZYqbO~{JO&n4Lfrfq>Tw*C453d2kiuV
zvP$->uMr9s#qARtyw3YAfqzO)-ng{Hp_O}ZOuo8&P=ubiWl6S6G7$k16_*2;V?ku$
zI8~#`y9t5`RLgm`A$sX=i<Z(h>xJRQQ@nFdp>=XvmXf^wrGiqSHo!~UWVkkU$9F}=
zo79)#&(+_(f7jnurqxbZaIGRbIxXvj3%p&vR^V1<MfC@b$zEHv?gn0kEse!6v8GND
zoy=G@D$R=74!qc{47)dV?%UH?QhSIJ+&$$)=QaW4?!ujSa7>?id{C7Xzjb~BUQc{v
zD^H>M3^5OV1R*R}q>N4`z%gnFrsOmaBXzCPsMlwPeBY!>2CH98U9B)-m=1GV&5sKN
zRgvIP?WIT%Rr&_SN-anNc)xkMxhrlK_<B9ZS!v<t#pB;{q{o+k{Vr+EVZe)AIOvGi
z<3x9YOX^=d4Ss&Q?dNF&_&Jm1s&7Ai9c{L&+ix#_Ch?>?GKgg^aEg0LG2aUwp2(Zv
zN&ht_uZz~h!XXy7tRv6@5jk>T4#5p9XDxgqGM$fE<<|p*KEfPWHZ21=j$wF}#$ZHx
z9+~xN7J==QMm*kKWeWg4Z$51sF-rsS4Ks4HZ!{OC*T6k?uRY{q0J#;8iffpA^o!8b
zbw$CiyPEQ)bn4^5-NFTr*+<(7Vp+<aZ`9(H1oKL7wUxt(6vuU3`T}4)a??$Z=;yCx
z`(#egil*cHO0V4c?3WwOQy*Cg-XNz3v&YWmUa=HorYUvwuYUo$nG16GG0f^u7IGr(
zWl4^#_=Z)^*|nK=dXDRR^Hf@-mi}8nu9Ijep|v+llNdjQq{w>jcjRrwXE#UsQn`D`
z08*%?GX`e<({JDjX)n-CapU09^=QGN_37N;Vp=|hn15@p2<9Z&9b*M6uLw4{*ks3?
z5ruzr0N|Y7BXI%a8Ey5k@x4tjxZ5;a(oHLxw2R$YCAiM=OI!&qCrkW_o=12W#H*Z(
zT3b{MW%q)AjbDBXsa2@y2<GjpMb^GXGBQ<53TRu_^U~_?9DxYjX=QQKUf*mQOx)OZ
zWA4At!z3SmnhbuHB>Y()d{g#dFZJQMhHdFUvRvpbBC7+u-D#*7%<Z81uLJY<j$Fa!
zgK})i2vZUH`(aO<By)WxyBMHXpYQn_2kwUHrC6|jl5XI=Gt)IR?;t=E`K5=T%UTs(
zp<-f<3NOT&WcKl<a3xQ0DRaI0C%)d2=Az_qy9qnp2>X!+m~u@xrtrmGS}KuzGyr6^
zr+WnI7t#P?@8c#o-!Buo<rSmL1D8A`L{5sWBjgy*wN|m^wSkP?JzK7|XfS0kfG&1W
z!mPXBguEL?jUK&!84MyQgzLqnO=PV{QoA@3+OCxAjEOaVk&ed+abX}Y^z@x093Apw
z7E<QE#fsBbYw+BL9Tu}dGX*4RUPExno(zXPBOCw~H34W3p)u-7P{C~2Zs{u5su}2h
zqrE!8Jzt1`3PT~FtlFh<mvX89H)W`MuA^1y&8H|NDFX~0Gn{Y4hrIWh$7`8yi>FAr
z3-+D?4TNn1&4a$A9;FXuejRMUP&I;=HP#?s+95Lj&);#@iu8gX%I8y;3W`MXRYJf0
z*MtC(Zz2BNndYrGMYu}nsi93SSeOhmBn5RHw<g3=FKcGEj4tVB@r@_J>P`IX9!UVJ
zK}429Fku#%ImXg)7EigJG*R^NRK0~o^a&iW`*!tM2<o$>dl&H2O0u-hy9Gm&LUUGz
zO&#`|3?Vvk0;d9^X`+Dpp#dh?NoU@g_ALO7-rov)f4H~RVu<HoV(kLyK5`re*_HHP
z=GoiPK6B2ZlHya<#4f6BKM`GlerNt^kgC4fkdS1C`DNk9W%0wu!wu%RLQh^#1dAwX
zc{3|fs0gtZor6(%wm2yKDp>{MGq4Hxu74ODQO7S_w9L$)L;m3nwVIb5)PVjzNYD-d
zlo+)IW;@(=o%@x(E7jomXxy<Plc3kik06BL;kLAXkFqtnQCL8cB6cH1YLvBqsX@qB
zTQR6V;*<5#7t*tzGx@2D>Rt@lyQVu|!cAq(V{{9AYbVTwn0lqmgchAB)~+G~AB!_f
z8I4=Q+wxJh`QuGp5v4)fPFx<|F8~uDX6@E~LWM=tLFu_B$<CRQzZYxL5EpGVH#_7_
z&rxDLx<ZCWvPfervdES2F*9qx?fWJXJ*Ae@O)qWS&x&OZho#>6ctHi^<cu-s0Sy<M
zH5S@?)VRX3_-SK33@r+<V*?qP<x&fj_D#;U#EC&&19BqZ>g@G9c*fw(?eGIkJk-u>
z85!fSRCb!<Yfwzsb1VvUyq<4wf8@)#{K%e7L}#nHr#|yVLomO@LrHJ;Qba9g+~+Il
zp{CB3A!^#>A@q8*#*%Ti27qvn`MG#qHL3N1`$injlq4<1++I<42OpGdb6Rbk-8m-F
zORoX9^w}yl7z?%&n%5yvxwHaY9VD%v+JTqG!ho&Sf;3Bezjbh`!M(c%&Ap_+^+vcs
zLyo9$%zPSu<5*b4*QDNqmsL|4_-Owarz9h0IlwhN<d@U``J2)Pl?W@;f8j-kTT2q&
zL8#}UJZ>4yz@7@c))?YQ(m;ZMCXv`rtKa0g2XCAb5|2O_aJ-;zC7}p-Kw3o0l2!A(
zJUl2+P#as_T--Uu0-iE;nj!1SjXql%k?Xgv1x=d9!HMnw<XViAKFxP1I2okz7Hm3e
zIOhlIRA}7(e(fibd9CM2!%GV(<Y2oabe_=(YD`)xk@Cbkz%nMDtA6r@m+qLV8BRSD
ztMkQAoJ5VhHFwZj(76Hh7R$RI4@YaZVg%TF@j2NY8HVm@kzV;+T1~9Ga`3n!+dFZi
zeIB9qIW_b!Xk+!rWHc33!8LN_d3V(W&eDl*@u7gFOw$P74Z`doS`?K!Cn5wJcXr@Z
zWL^`(!nrL)9HzI;)p-L+>F`fF&Lan)w?)qOqEc?QGZKB}ib4QziF?XBTHq}UpF;T~
z3m>keT&-u`(ZML98=7@9Hc1zOYwOic1=0()h+DpAcq?_+A`Es4)kf-kRZW-?lQP_R
zO35W#sUBKML`EpCGQW_<tDi%bBadw1Glq96J;fv;d-{?)>{*yigBz2iN%@rNc7Y@3
zNDhQcwY(n#l?FfrIsUL@bpaCGEX8RRl!Z&me~4;t<J&2_pf^2x<b-$|^x?y$In$|y
z*(vr`{umds9&MNvF3(R0w|q9~ANMo^0jvkATR6P36wp8ztQMv}j~P%`rpB7Za<6JU
zdiR_fU`O-lt<j$ncchLe)3l0{r6$_RRo*QwIOogD0s#C$&hj+gDG2j}<VjK~_~{G8
z`WEd)>ONU-4+VTzwb2Xi9n-gm;|#XaWa>Y5bX}R%@V-s76Q^BIY#zS%W-o@m>qT9C
zqgb(+Skivgru&dT;I`3x{_ZM(g_d{nT2|)hXNSO5K5}e-9sWJPKDVNX`Rp58vHYu5
zRY~7b7Y-=oU_iC)&X`R-f$>D=Zjf~>#G7}=g`>xGS(cL!H~5WcZhY{IqY_dIu}!XO
z?ls~)yi<ZLuQikylMK~r7wUd2som0*ku*F;xoZC=GiECa7nj+$++pE{5j&(vZQ~;<
zBD4pU&qd`*@j#$57uO-2H4AEt4S{_NIek6fau_f`ueR2TNk3>*(0yj6Cm`vy?=P6)
zR*hQzXF+b!MahiZBgW%52E|BLQ%kv<XE>cp1w=OCHg%%IW&E`fOT=!k`WGV@>HV1d
zAAR@n<&QL|pKX655J$vsCyfY7voENg99NXO>$Az_+K$uKwptjwLPBl0uaT+kJ@Q)~
zKidI;Q?fNK)@TPCKGL1W$&=V4hQJNi@SxFwCAP+t1L@8pI#RY+HorKBlCn6qf0qaD
zx0)_JqaAy`?8^h*mfzecNs;^WZ2e%1mSSo-_ibBY>NQd7bDXv=&gy_=t+v~fjp!K0
zW%7_pCG$-bvb&P2pL&t@u3InYD$O^fW2*rKb7Wz!XO%Yn1y!9^-q1^QjAp%~uH5BV
z_a=kkS+uOI;p#8dea)X_%Xs4m;)JCvk(1JrDf<{2;6K99PaKN0&&j;ovHL1~g<5bE
zH}G~dBex4lTCP6umDq{U(s^5i+EDF0LJmvI2)2XY#z?xrX{>+0YfXz&-|!e>7j6LN
zC>&=tmCZT#+1s(CRoLjtq}m~Aj!hSa%;@_Es-I}-e~PjaPt{4%oJr{E)xjdT@_M#z
zx`Y3?A;?T+-JYWi)Vd|&j?jzGE3ec58V27xcu1BZ*`d#QTZy`%MB%*I@a$q~lWlTE
z=OP$BxV0Rql~>!)@0f8}QV%;JcpwKjLR-N_?=$PuG+!av<Kmmd<fSKb1o1*Dq&bd>
ztGL^#4=Jj6rFSpce6lk-dLvhXN#y!`dN#sN#=RB=2eWxDS4`TIi{3ZFcomH3-$U#S
z_GdZh`1a`UfEvlj6xu&SD<x7`Q$QpfZT<>^7m^JJ-GggR@jCcR+2y$PXY5vhJN2CC
zN%^BKd0aJ+sBt%&h9m<&>0ZWbw}BJpsxM0XG6=Uk<!7`Ngc_nzc*w7MK~X?1CgXJf
z+ZV6~tUJYjm@WyU|BFuf|2y_zzPt1O4T1jt{B!^VHcW{%{bt1+z=82n)(ybyQ*_O~
zulnxLBT4Zv1e*e8N^ubTHrjChKS9HdYSPvlf^c1L>d!hWqY`NpwET%^Qg&3Zg^Bp=
zG4Om1WT#&tR;<`w7dFC9B~i;P#!(Na39MQ_=(c%wvJZL+5{(`9FROPQYsfvvQzR<L
z?_ScfhyC-yR*m6|U55(6sA7=gfomi>BuqL;>Kp;yZ3JBi-63@XX3Vo|fA*mKEO-xM
zz2p39H{=of2azN32tE-g*i~d3dHimz<~S0fVSHKDs`98-G{@+aMwF@&>c~yUmxhl6
z(L)jKo3y>b455ddd4k&OWZkbHtI%o}2Ia5)J75oRiC55=hi>m;ZWNnge?s8G4#k83
zR}cYU=%m_B*W!>na)ILFa94&Fn;BA;v$4*0S-rQlr5%Zzvqw^%TXrZRW$2LscOz*f
z6-$nikordyz9=!qKA2co+rRE>M*K2e6&?!P^t-mprpN&%FWQSfb8IEt2VuvTEjoW2
zeDaiCMnCh%8e7M_s{cIKJC`*Z8gaFx`$hsn%2S}_wt_UErz~Q5RRe;R+56B9YGZp~
z;=Z$pfM`OUr(&y}jQq(X-=GtO?2QXDs8&t*%EgOy*a^4+;S78B7w>z`_uR`ZE6T%f
zQBDMB?ng8oDB8svjhrnhhs_#5Xv&z@qqRpOX9sU9`|+rv;+ixIQ@`w-q!`ioTKfTZ
z9NxC~%c?lqUbxX6*>(PKJ;$adBw;b_vNdlqJmW#i$^8KhBN(k*#M%sf*s8{I#K$W9
zzv`^yhn{e7iQkSU%pyhyLOmpHck75GGR^Cks|zlFP7poeMj*AA8bFPhl91wCb4uV*
z*?Uw>X@|R5Zp~E}j_M%f!e&=>;{O4BX<MeB#WI~rrY+gMa2&)I7ix_+<7cb<&eF+7
zSQFQ_Ujq-E=#Z|=?yfKF__fDpO(l8e5}fDq>q@F{k-5M;u<MOEa>8s}RdJ#oh>XOi
zhu2dqc{Gm?79{#_EKqj`SpsQ+lseDD73Qm{Z2j!!NgKYP+_($Ey`{5YV?VeMYmj3C
zv$OKv3%A5|?r#y4G4x}o(?p{^0X!tUufn}AEnH<x;OY7NU@}%mS<rs4DdritgRD;Q
zl|A<lMD9Usm46;d)D#VeZ$VGzBIq~6$@E_anu$5Z@t-G*m67Rx7|uy8?HJ=`c;Bb$
z8)yH;@VpY(8patDOxxy@e$qe;+u0B-3IrG#Et}Ube<e35e*E?Jbz+{>38okXQN@F&
zIPTw_N7)=bU$7V|P_sPk0-qgk4fA8)mDe5v4@BF(JKOR+4`brYTbKE&>|jui*8n0)
zAlumB&~Vzk$2Wc7jSthOYF*DQaTPslg7<$lg}OPcAdjcVDcP>}*@CAZ@?Wc&?s?3r
zZ;m-7a+0=En1aBERI{9gQLaN|!E#T%u5d$4oT0s1!6mE7A1{L@bM{w_#B{iI=LX$>
z4O~myxv#?%atrzK-ygG06!I4V?*e#=kiUp7w!e7Z$}SYy|4crO?%CtJ<)G(T^E{h*
z!xdyqKWgBhLm2x%#_$dgcl$nl?mpSv?pr=RxoH*evfnU#k$p=4atEbt7VkQ`B>fye
zvUp>?iYqm)-E!V*Ef`NWzi+HIHu9;8mS%1cl~1ENtr560R~NYVer!Df_!Eq|C)fly
zW&RaN;bO(#YZp;L0_L3Iqk+G;Y2eO6pHGm}unNa0TYgk&%qTljxLR)mv1IbeZJxWg
z&0@9hG9Mdb@SyUzPsWqjztfVNyAJ_e5C~lH^Ey$+6QOgVaM@O}jUl@mKM7p(7S{&?
zImUO_WF$mf5I;%4)I^H`qB*z|w7~ge_^!x3RFHYqHbvy1e<Rf=Gm-e$okaXv;V2lk
z<P-UfKU`}Sl^ZJJrJUo>Pegc&w<Eef_eeeT`Rg>aTWSj+V6pQ~WBc0<5pRh`d=Yp@
zG&pYiqg?eD_}DZ(%ozO2;uugGZ{IU7X#a0lL+r7gIrx#4IRWHAfSOH2X3e47_UB`N
zh&^PJV7Nn>=E2Ver6`Rqxzh}m{Ag*c*!nQ%^vt+xk*Jf5##%G;J_OwZTinfX3M~`S
zn@AjRsxTtbpA(Y62dX=G4`O5b8u)1acf^ogKexppW6Be$#?LhZtmE6!ZfnmloT_CO
zn5?l_>R3Is3;Mf=0DNPIaJS?1oWW?AwS-|znP{%-8r4Wog&h*N8qI%fS}f+L>9EY$
z{uUiK#B4dN0VY+Rskx8>m?twc4k}KBVG59JgXSgs796U7B@45J*uyLq<EObXf1>dw
z$kH5|Q*RQdDa=(BV&oDIi$&Tsy=8<$Iv%OmQF&1B-?=MN114$|4&^3VBU5f>!c-E$
zJ@}E%OJn1PCGLWN30~Tgs4&BRHIXGWb*D^FFhfM!)nJ=#NSeAjU`z(^;2Xg_iC)29
z15Wa-KP5{CGQW{>^LRJHSQdnd*hk5YxbwK4eguPzJkhLziBefD^Na!zFY;C(0xE*?
z6cz+|+c&RRz->Y4)?ugdAI7-l*K;!CgtOqiH1#-2b5oj$OWecwAZ?Rv@scn3g7m(>
zss*5w&N?b=*pdirS01yfvfDmi!`*z|XlZjd-(~8`T3I!lt}6=2G;dxxm?VC;*9hdb
zA&>aR137`@UA8umy|7a4->9@Emp>j~xZi>_d7If103Fkjo-)6cGk8(_xWlOy-iw=X
z-LQ3$edmX8r1Nh^3H?Jdw#Tpl*)(G<-qTBn`udsLCe2Co%BX(n5}mcCBWBy`>ja#l
zzopvC7UsgI1)8p)EAY5oyu=P+V4(&&113YK9sAl@ct@VQWnwy&zIH!V<}2It+U&`5
z7i@2$0Y)p@^lJ?)ObJM$LkA}Nq~<+QLZ>^J9`T;r;$G)d1$v5%=o7&iz-aL5wX$w0
z&clbas&uwu$q+c<|KGzg)yCHBit&Ak6Z&$2tr*qiBc7WQ|I$74`0&|aWS?^S=M^cd
zb(tI2N9cXnLv>0Z&`RNAJF0L6u8B85GUxr=nx4asGuqphk%B8|<M?h6O;a7|BFQ*;
zz9(@A&^f1rP$ZT2U24$N*M76syEM6x1VTY1sj14p2rFu-wxU1<vxfoHhTWM_p=$_v
zpt3U-W>C8qDKww8ZaRHWWB}SCWt=(nb8_bKGY?BFf!Mwiwj4`aTSi{k2euYa?4SRE
zHoaJhayY&AUZKr^lZ)T=XBv0xZXhg|Hn(Vg6vKC>cDu!vn;JRMGWfe93(gqFZ6afO
z>JJ*!aG<FY`A!;pW;4oDNU7dLudX?Cy}Fiz>s@7~yufM_-Ts`X?!8^NI$x5BV4qjh
zm7jHS7p61}K+yZ!?tNq4N<;;)9&UV{W6|ZvcRJ9m(3mE<`76_@zI~Z$8`@rpBxWYf
zPzmqgKh-K!=&40#d<Q!{X|1xRrh_-!32px{RFP+t8eXNnO)T+bkLE^~yi~b0c2FU*
z=7V_UNKPdvy!FQ;W~=M#2odo5e0&HlU2R!i%BEHrC8)D#r-Xj0i2VkrO@o0+VJUuo
z_E4$hi|=a64n<`p#1u7$)%sB3DO(fBR9>iLh-h+m%cm=oouT7B7v!QZBlLdBx&buU
zI!#qXCPK1CT95eI8t=rb1n$~3H$ricgs_cSnL|1~blpbl*y)PujVj~e&<_f0>QZ0K
z*xCo#24@NuuxNCd=Vt>#x=LYD*dL9>EJdPjE1o<IWOx{Nh@CrT$za0aw2X_~dPnq*
zBSP<SEX`J!JUimWNW=hJG^g4ZE4~zTSsT7oe7`J88M_l*)3T)*N=MhAvS?1Hy(#Fn
z)<8L=#NMPs=q%lq`;)sO@>uN)4-f+^!OC^`KmP1hVI2Izb@Tv~nw;Dk>Ce;0uwK;+
z$7oDBH}tpgs+-<h2Qyl!3^^f|sZ-c@fxFKsuWnaeOZJw!AXzTKB0CDsx@4U>EptHE
z*B61tO;)0q^F3i)Wy@RkQcjMP^`Gt0oe^C9sA?JSBqn}~uRmS3h;Zh`?nfV_i*tx-
zns`Mhq>th{RTBe9ZDTW|DJ;}UgRiVwa4nr*KG2}=J;;UyyR;#8?ie~Yxw=6)comNL
zN1vBX<=C9Zy7GHee=bb^WU|{|W#`|{$LaCoz{48FWZ@9m@tkGt&f=lVN*JX?G;BtB
z&GI$MH&1l=y>oF_ST_W)&tP8jgTEZN{VKm!2!2UtNBj#oR{m_mBhxZZn4%}0ug5xF
zApW3Hdyq$%+ePO>eHus>T@bVHJ}=R=vhrWs24>%zAp)Hm*#qIOB-3Ej#<hB?lO#XB
z#Ivu|c_ZK4$KFCo`F!aT`AhPeV*_Mwh?rI#*o;5X<n`+kDf`Uc)A~V2|6=DMGuF&t
zeK_O`Bt!?q@#Wtm8VD21f7v;ve<f%sDem9w9A4@-DaXXl^uH>>OU=!Q?~vO6D6Wg=
zB}gp6h7ieu<GUW_0%wx>pEo$s=q(vWzvRWWd?u<m%-`sdU~c#BuPRv6>_5aH^N-G9
zo)L*C^M3F~zdiN$=cqcQ33v=#5OsI$UiTXW!px@b42Qym`R)DiL-S(?B!?|ghb)~j
z`g-$pVDZCQ`i823SAqs3_xv~{^mMWWi#&aOwrkn)pWAPj@At<{OD;=+JRFO!qCbU3
zYv~}xu5M`78y=WBXaDhLunw8<qXJ!Y@;f$>gC$N+hgwt#x9-$HC;bmRwV8P~6o%H_
ze(y3sUz7B_$MctszTZJ3Amz(MTb6$er2d&m^1c5ONJ}$IkJo*XpgkB@EO=;DVxO-1
z_N;lC!QR&>%pS3y0H>19^3omVuDZ#4ntp)i^NPYV&oIx>BgDtsbLx6tgYwDUJKOiR
z=P9`OpmJWTt3vYd^HLb&%!!jFD)q?z3)fyBUSO*(0bVToB8OH1z{u4kbl*2PS`0UY
zq2zDg;xK09@z;n=om5IQvGG+}!%BY(-P&YyA9~!ROSgPH!!BVtQ_{mj7_w7;M3MLO
zq5!8&vg)k#Ao%E%@aWZ7AR_ThQT;)VwYf7uR-eY}b0nWRtt-ndbC-J;dDnzLqoF4i
zn}0JxPaB<Tj!Q2Cu*8`U^NfTB>2~<=x||K@_E_WsHnr1yEhv=KYQ2KpNO~?|lGW5+
zv&j$m1FLF4?3lWqVO)$4zB<)1@g^D1>Z=C`_j$qp`M9$iga>CeNVb?>!#WTr>A|HP
zk725rL9+$tBH1%ux4fmOND@5ZYdvW;o=$@#CVT`sgi=%pKroWj|4C&u+EH-<FMtzg
zuJk@;tX7(T<1#bcN>BY>M_r6JP`7qe6I`>(EEBqg6d%@mqh=<P<fX`<Q_8Ujwn#ec
zVqi+)V7iriqPkx{(XW+mX?K>!l#%2!{0OHLx%<P>srr~uaY$Q(7=b{R!1nEgP)q>c
zDT8E~`v{2zpe_`$lS|eQ{Y$~*GzuQqnMmxCB*;7;!N|lIPaUE;&CHDKoZ#;hi2p==
z_dxE|o9#Fx$$NK&X|Q@Yna`i`*yA?6;F^KC3R2$Ri9fkUrj?=@rxhu=wM%Nf)v!iH
zf>TXY$9|n5<(D2T&vy&QRBK&QgT*IR6_^I|Ha<uw1CD<m=%mb>h(*y=TI=t^yV0Nm
zJ$8gyWykM-ATgR&I~$OGWSu6*anhcIVLM>sHOwhiE98$FKLzG^kq(N+Vqc5JK!+&o
zDycol(FmrM$npzq!n%OH@S`K5?gh|Vsp`w2q}zBYE(cLR!8*;hGmy(PSRMORDI<P2
z@XVHz1DGO35)3yAeF`p!gY7n9u9wx#H!JQQneHa~?Dc9i%D;u}y$w}o)S5`5jL>;-
zMRrA+jFTg5f0ksvd)olhhxX~?rR#U7p8jOMqo+@NJYA-)3vC{e^La48v1P2~drNl6
zU*KT(Dn)e!aMo;z?3&2g<ne)-G~_LMOjuQ$02gpV+&^n9$BUv{$b**Se2Ol|-rA>(
z5qOR^rz(_JC%yWAKbMH4LI5guP<gf&08*_K&kerBb8U3GT}hBoA2rpfrYkOB)VA|P
z>rR`MyHle``%V!1EIc?HT93d^W566Wc23e+b|1K%rj2<>5g70(D%Sp0X{Qq#GV$`@
zfHJCZ9T#0DN9%zN6vBujYmXrH<ypK+ZmQ)yAiDM$D0Nkj&MX2cpId{=6TeeUGks4k
zk(qfe^G>JV24k%mX48_XW-;ccMjZ}BE`-zj$;!y0dv6|o>3w-*rP*F(Mo*dyH4k@p
z5_R~pp`n&OJ*6be45WL?bO<xAks&NQfJ#&M^rj#P`)tNT$DiIEZ1+nK;1(4xszCR=
z78|L&5K(-fZ+G2!slu3+02o)DhU3AUUw_n!MuaWYA3F{uEzbK)1A045CyRBdc-|G)
zSMN8#tKrPxdrKR%Ykz!Hi4Oc_XrIpB_I+o(5`bU+T4VHG1GI$7y8Ml5!M_8%TI(?5
zf4?o~(pJsb0cDe836M%e4r{}4$T3lBIGy3B1{}5s7lV&)I<$l_3~QRaVRa6VmhzPo
zebUG25S$S66b<=RcNU;jq)<?&7crbbarZ`>yoWzY(odtii{6vZpk65>(<r_`JEYK;
z{<{_ZM<@cy!o-?F<OW6z&Hf+Yj)^115e(P>m?dSmoCh_f#|>;X1>5@@wu?mlhV4e&
z!8-oa4#xSv+f}CWw6w@S#ckCmni?`|4U+#Bx24|+{^Ygk4}(ma{Q53#YrA~e&$}G=
zl6@t6NqdMBPiLu1VfMF*oAA9qb43tBS+fXbkXr9zT5Y8yBm*DqVyvOIycLG|`6Ca@
zIB0+=@A)I4-PykCRXU6i5Sq6aChYf<%(@Kf&gCk5^CcYU<340vE01Z>&@5m<xkzNJ
z0xVH$><0_jUY-i58E?P~STseATo07iOv`h21ViG~x2hdKL+f<p>u3dr`__&xHK@mu
z7c{$j0whF9q0&$X#+nlCW3LnaoYAc^tn{uKNdRM>L>Hk-(8gE>;JZ-Arc8RM;4K_V
zW+W)^Blz&+a_?vjfz@WSADp;SW`s1e>&K<xK*2p0)^85-)dR}~<*O#uZGE@)$gYZ}
zCJh^=mAzZn2FLAcDy5S@lPAj$zs8myt=`22Xg3#cV&;&9t3+O>omBEm8e@Ylm)2Y$
z&@o`TQy|61DrLkXP$J1IWu2P$-+6kCDFlGWPJ77yo$EKI`fmn43)6o+U685&6#xMk
zS^jrqmpYR6xEvV&jLaEmb^}uoi4h<2kuxC>72FkNB6l%40C*3J^#04=!z8XkT&+{<
zAUPwDZlsJ@^WX`iD{7H08rQc9?ESdWU<=ax@9q2P&9Fa<Ip@1HNm}~C2ZHYxC*`mX
z<J_w8jEon9Hz$C5Hx)^T+Cn89s}jv^Sl}A*8u5#3;8<5-!tttu2Zo4@g;>LW56Us}
zTO#7>?uhc8qWiYJ3yguCj19>6ecZ?-j30bAp|NYQDi4XL!3Yg!_1S6JWbDiWYX$g%
z@A*0XtqPJ4S`FnP?Mn>uHT5U*^K_{Z3ludn6xrhl69z;MgF+@f=ryWDO~R{gMNLl9
zmUI@6xfhw_{QyqN@`%-$!Bf2t1jU9^0p1P#ofu(?T?pEXLsVg5@pH1<ZL)*at$yJ#
zTC9|A260aT-lji*F~^%OYQSLp7v2O`3ClZ=90Pg5o#Gg-tDp_Q!z;E2hhm()4ck5n
zOBIbAy#`SHe)~ATI~Zf{`+Bp>b`iE7(qFxt5fOsp<750McIrEU3;%#7Bb@K|+3wkq
z)cd*nTe99ZJP1OUwg7!88e8q7iF}LVJ>QW^kGEI)A5bv^gJ>Y&NcJPE4$+BQ;xrt?
zl+^xAWg^OHJ|Lz)Tr7OPg4~x_t763W@sfBQdwhVpW&7<e?|ZwS<dP=AA@lgglqRpy
z-bX*@N=sKG$-E@MbQI4i>q3gq8iG&a0?u-gCE|HtJA4ONV4*Ce<O^g@v+jK@=lNjc
zN!Sh)xux!RK9LixoY-HnP;lsM(|C@uE_UCRXAAgpkZ0OI>pW%G$AVqZMnUV${g+v-
zl-2;SD-xUjy38wXQz~%N;Xc*P7~W4vn^G2ua~3U;j~|!Q0v(=DW)0V4qAx$aXS2lC
zcCgpr+|}WqhQ#^8D0i#<^izg+ZatrIu8jfMuulPj1mS3XU`M=LPy2JY#fFuf)l)vE
zcpr@K<g_oED<u6J+|w@jH-jG37+gm3&cOiQkdcO@V-vf1kIMU%;tvV)J;{;fV0+&K
z%|Q?Vc-FPy57b^tw|v2pu>oFT?aF{8y|)S|5=mYLYq1l@(z>6-`87R=<NjK|&(nK;
zB7ry&K?d>$1xSu~m@u4x7cDapRi~+!M@~EikCyV~wT+*js2NyJ`7O<)o@(aC=dc1$
z4*GLgUHB?uU8#SN+^w{GcN<3t)?CmQcsBivo+LI~SZnaZ>&28U2P27_uoNZYMGnBS
zn0+@b4xWJHl|yQ;H7^o5i&v#85B;^w5lbf-SP>pprEkvPo_rzf6z9BABU$?KK17oq
zVqVB$8fe)1WCLTXZTVe$%=Y7FdzBDiKjITT($YJ%dAQZEf2!_pwEjenie4$OGs)S^
z)wocQW-(Dn3S~ugvvD6$rD>M5@urQ2em#=}jx3TCH1ueG@9Ij!u>KvE!l0>Ehq0pg
zU{JF9^>)Ym+fxz-I%*KBs`%kvU2OlLup*QpE!rVYLyaQs7)6T)7jc|0ifT2$a3cbM
z2$lIXtp0VWe8yy5P!v)4!#p@XxA@&&;A21KdW+=PC$B|2;LZ|}RCa)6D6T%UbhTxz
zJNolEboFXv6@SE>b5-OnN-XDEvMX*Q7ug~$%UO1d!@Vj8YXE7=g1ChwFv?0T!kUgr
z%_%dpRT~xyN}1re_g32qH9rgxGaV5_W4DH5rc10Q*&FF#MfkXUQ9qHU-L8m)ZrMvn
z)-30~qEu7aiPt30+zc~VJKDY;hj3xabrZ0z5{LAO?Yr6|kClNoCgt(b7;^=>l^LhE
z(P%i7#o0EkDuu83_bKwhS^*IyC7=WDp&yEzR~`F?^E7hSGQz}uLsSGn7Cz`t^!Vyi
zRuf!+rkQKeTEv*js+_k`M~)oFs~KMFlVSz_QUs@OlcJVvvA}K|W~8PCDvNfVV!*(+
zZQ7FFaL;t>Wii-J)=w*BtkvG&cAq#<F%5}rZT9$ackilOgB^fv-*wjKd?I`#BFpTg
z6p%or1nK%&b=LDEuY?d_1Vtl;r+~+V?hYKqGI0N+%m$ia?wMaY)A$Z+^{moR?%30;
zzBg3?#ypGXj8(qj61Hq03O%WcEcQ&o(92GxGYvK+08h($?_v5Rm7cO^u&)izS;$ch
z#wRm}1KL@%gFlDRopCiwo5TMIA3G3-1Ne6oortpQ$kKp`JNOZRpDc~hOAe^fB02k1
zI72IvD{5UaB|t1E_JmP%M*H}uc5Nby%Ti^so!TZoHxmg1<8ZJQC1*8$ZuRHiGiQ%z
znKM@c2Fv@DjjD!wUFX6YX%9k61x@RIv49c`qbG7mQps1`kJIt^mI)uOswuM(4Gt${
zJe)rMt5Tm4I@J__NAC}(6hqn#f##v^;|(iWPfZGeVYVriXUQ-^`X%GvdLU)%gPc8@
z2^P)KLQRa|#LpGwG=TH@K^GLvy}vz&znq#qVuYD5;l!~FDns^JGGR+^Sj99QBBgA{
zBO*+xVady5_!38cqHi*674qz~vHF**orZx7^I@!cm=&@E?r-_G_@&n!P_p%h!g7r{
zbj~cMOxOqdOdxKtPFJ^797UJqImS>We<`{$ht!d<oxWxv<YOR8VVXXJv#$szc8m1F
zbI3q`3yN&ne#UPXQ!R<T`u;#&CrEe0fUj7qI`U{_17z)=CiD6>ZrFqBz<aC3Q&A{P
zkzzJomoYyAZqF^pOeWAOI+%+Sxr-;+%Hr0;n7BKK>I47$AG+Q<km~6FA4jiiWbeH)
zGQyp9+e)^OO~^_%WnDyNl(JrtC`GcB2vIf}naSSCCJ7P0BfQ^leZIdxjC)__JkRqy
z$KyHf>z<d!CkJF_vdRe!r@LAcI=1sOosP%*e@K|u47B=?Pz_5Vrk`XlUgR=9HvBSo
zNCWzQ)16r7SaIp{ruQ>8`Thh}ldb%ajm&z?*g)L&^{XX}54G7g*l#Y}o$39<&$<&$
zKK#Vp43A~$YgKJYpnga3QZ*Z6z))uKI?^9+*%n&6syN<0e=I-R&|=){hz>!X;ph({
z%bcWdMuLXeZO7M~h_~}$U%nA^|Nh8BUQHDxg7B7D*3T-PN;4ko^3{P#6g=!0+^aX8
zG>C}}(=j6D8$bTc_HdutqAwp-3ixQd+^M7xC6CuWDfob!Usl3z{qFC(?StFBc3rpq
z>XL+@pR(ArpVzQO2(AY|+WEbizLemhlkqi5?)9e8ax|P;C*f|h=nh21LsBNKnCK%=
zKY2v{s^zAfR&sCgp!MRb-#;Ai0R!dXl8vD$n8AU|UC(v3LrQLZM@vpEM{Px(3A?ZQ
zbG#nkYrx4f-K?dcu%6y%l9m`W%-EwlZ0*)9^0uX=Y^5dpq{QP|l({+G))owTUm8z}
zQ6qMG`{5FfN_p+iC{5pT`F+WG^7x>EoLaVLRuxz0!gIf@VM-mw{EWO3iu0HvTe4|Q
zB7Q~?)+-L-s(bTj+oaEVys7Ie`n*=#wOTca&xj_R%UVU3z2XkoT7bQsA3jdRjq-)w
zbx2h~|FB$ne1k`+?(NdJWZ3j2KX%P;=d@K*T1lf7^VMjX=oHjm&K)JNIHDWaf19eZ
z=4MYZ2kA}S(1aZB@n;t%VhYnQeD6_FkpFUDW*#fx-GfG%Wz~&L{AxqVOuf}Tn}Zr|
zTE~mAEsLtj+G*BqnKDMRKAX#p=KW@@;$t~~ve{gvb`8_-T4zdN-g*9}&Q<4Ef+i0d
z36nCH<1Nr35BdTZT}I^IJ@_Qb!`FbE@NFS1GZB@!)na8t!hYj}NTa66*5_mr-^Xqf
z`t|XpZHhzk{mq|w_>YtdX%^f`xf+)ef0H>D@BSx~;q<IrTSL>VM8jui=M`oV%Hi|;
z_YLANkm>|RZq;hkOwIiYcx_ijo01XW!_ad4cm+%Nw<mv|2z7)Ir#32AJ=MU!RLyie
zwfR#k@lC%l!%8Ih+bqnm3I4`>6lPfS)9RytEzGb3Uel)w$1d%@A1@r+$rc-tfRBx9
z+ex74SEbl85sJT6J$0^tL+2!Yc-$FlV#N(5#fG<*620q#{(lhL=fDYp#nnsqylEB7
z-8(R1=N~Nli>C(%lR5@G9(dNFs^M6e5T^Pokm%~y_0M`k6ULJS@yr?#&qrM5&sv5i
zk;JcLK*;U54OwP1ltOTV!*30Lcan(l*ItDHzLgBVrVI+aKpjHYBN+7G&xnuXv1rME
zp0QzS7{yUc8<1j-`b?~_d@8W^lr+^fX%vkN(FA`(wOt{a=(2|O<_@2tS4{TR7<I4D
z4r$V_^OF;juXA|@=qb8=O{n@{OR;S$!1qP=`Q*m$g`e9BVcHDa<lZMvh2)uk9NvsU
z)=1ahJ0*AF#an!H=^M*<q*6&>#5o#)(5K(FnyRO}r>A1@L(*p{(&`d1R!Q`=NkyNA
zD_ggRB~B+No3lKd;>MpW551qBJNChzVw6kuDcQT}Ciu8g7>(@xCBy9uVeL***6xst
z_9sq%@bmWB{$sxLbB%fUoVUbq^0uq8@ST3fmzT^&;wonu@n$W5FkVuoFNw^=wkrKQ
zK8WmWZ>LPb!$rQu;dYo+suvc`;jg@hpFwOY33AJetdGqm`!_T-)^3j7AuQ0iqvmiW
zZ6b;B<f)xs&cpcCvB&b}zpf_6{9Msrp}EG<@$*!3?+5%z?>tA3N6C~<jR{_Yc&g6G
zlssMEf<YC7SLyh*f;<li(K=*QShcPA%MSuKe@LI-6p4}i#hh1L5^MF1xShZ(v>}_c
z$E2MqCyKAo|Lodw!u2aNk3)SI1_#Ueno-2zwj;#kK1aMGgcxqc8o<*PLedX2A6^Nf
zci0}vm7!7M66SsR@a1OB>krtAC!;21Ki_}m>Z9&9-p9+?j#rg=!RaQGAQWx+fT4go
zrp&_hmHIZ<Z&^II;ASB4J+dFXin+W@VYFTWdWcaR9Vve2t$0=O(epk0PZwjA-0${y
zZi^QhWT@S%5Lk>J@x0_L#y)<|mW4L))$Q}7CcnZ}G0JPbSFV#X>WJ!ltqS*#C5}kU
zJxgZwd$MVrFzSn+AEE#HQByHiD#I&+^hj(f8%<9J>6${kDv>7g*{Af=rVj^cxOo>A
zLVsB3ItV9y(>J0e4v+L$8m?xTQlqoFL9Uo9luIm>8~RNxR(+>Jc<A}Xy7}NEFWwSc
z-m<uAlDv9FNo+>J+}~dJ1%j;F7V=`^CAv<}N;LO4+I%qZ7G5A;xcVWMWLUpOp=W^V
z9*+~3H^WCn(L3w=N{`CXW^aNbl(2>PSIv4;MVBs2u~NL2;uI7mg}Q63a|j8}xzq*E
z;n!AsPH!#Q@^3Df4GoGCiFa#}>g0^Xvr1f6ds{&$<K$N@k>h;n4fjo_0INmC=Wly9
zjUA(Wp1&=Q>W#v;kz}m61j?$n1|7NP?{5FrD}<c=&-Xviuj~FKrL=bM;x<3GzDl4u
zj7_n3e<tj#y#Cx;*DDeG)oz{uKk@j;ihak(c+**9CF<UqZy0tAuEqJjot5vks81zD
z{9I$xw4eD2IVp}H??R8hFbsWhc}4J;B2Wu`PKKQD))y19EIjR;W2i04k*@8$f)cIg
zE3(nKbDoIAjY13~ihwxcx8(Dakr4BDSDrFl@KR#I8O&(kS=SDtGd<00y5XNh>dh|P
zlvv4H@w{{9b?QA1M`{zci;q$@I+CF^T?P!-@ZHiY%_GARVJk&k0*&NHL$!Y8-+sD@
zmf=vkFvD|#-X|4b8O?6^K>78caqt}9J)T%<l@X6;9yU)!-gJ1s(Uh_tZ$ddwmb<Fn
zU{qVQU3{z**cD@0bLv^xkKUk~Q<Zk%t#<qu3-3@Hic~-7mCw1c$RR8ub^4Y-N_$f1
z)r()UqeF@xrtz-28$CFy+Z-(%_VLN6nqBLk=F0J)dhJN$#ZY{RS&+DDBQl8Nmr{L@
zp01amw(Jv?uBGi~V=mFDUedxzg0W=cHkF^=J~UZLKier=T$*euav_j^2+4H*6<giw
zcY!e+d>B}R&hg#VT)CBS2oEX@#?D}Z9Vhy!So+WYbwq-7sMo=oGrw<qZW%mT93tuv
z=>qQicy%-^SF#XK_vRc~Y+<x}yo?O;MFlEMPd1A$-NK+f=V5j@l3y@Nr)s*CUwb_(
z;c5KK(VNX-imu6uuDSXp1DSH(_9h)Jw~OUwz?Vp>40KaD!yRZZMy5HR3tVW6ETHDp
zXBxlzM*k{4gf+>nyCDDbN}GXR$K4dEg00SJQjIMx3OOHHJnxu?sUUc+FvM(QxXs1v
z)V*r9ROb8PW3{TSz(Do8{2{_qsf*cPI**yTdjyR$2`^NAh|f1_z5P?$W?i<?)v)j~
zL9A+KS$fX&kfY@VHl}RT8ztIy^_9GV<h53QG4Yz$RDLJB?dbYM_{XCQWsRoAO7PZ#
zq?{t!@|faIPy8m`h3@{kud)Lx$w8kN{{%Dj(K8B2k6L7%BsOmNboAEQn)l;*Jz{50
z=N@k>oAV0A8ecSw*BJR#Wrg`JYA7kT!`^+S*6%Hca?elCMav5oBSyVrqfw7>ma4Rs
zIO#~Y%eeS?Qj0i(k339-bNXXit?pF_yBCOd2|aofp;s*U@uCjqhRd?a(=2w9c`Yih
zncMA6%4lh`lKqs|#h-n7xzvzlr$3c2o^V~8pXnMbx=N+>Lo4$E`_n*t(Stj2ZJMUf
z;|!i{nyrM>)pI^dc)ej{9igokMdw?t_~}k9LBVZ$;&-?56_ncpUn>!|jhy_{djECY
z%gSFJJl>xk%BA8BU8`Pn`j?-TRhHL|o%><imgQ}L<vsEO`%uY<p&-_<fGFw3iJORq
zOEJoKLMCoal`!4-%2=I>OPFh8z)}qOT(+*@cW~GC|5Q7mo-6#w85i+8<0t8&Fh#Li
z+@StjcDdCAwi&dzm_7}!t6vkl_;X=O<rmY$E~Q44m&m#&@Q<&Vbx2EIQoAbbbO()*
z@rZwS_4+q0#;3MFS$UZ9&GZ@7HXA07XOac739HLwr%Q-9(!0Ci3v#yupKg!_eRjRc
zaGPHXbxhblwl(95UTi7ViTO{7FGi0|B?a6Vk$U0kqc*dHCm69r9*^Xuz*47{2}E&|
zHEXM~AR6)=wy)xm#k|KgsRm++#w~E(*~+z1WCQP@Lcs(EQ?tS^=}ggOZ-4N88F~(@
zXGQBqp1SV$j`;GNmWf#wZCAX9{861N(ezF@&q<XpB05jp^KSA*6N^7yeAU3UNlBC$
zdL~G2@gebX(^+J;4ft5Su;Cd4uZc-@!s{G=Cra(Ajo}xRc-*bKb@`W1bmDkhO!Q8K
zz-cwPZO)NCTGJgW+z%p|FJ6q^vLX?-RjNC+tiupzdda0DE_8YH=3|){I+xllmp_a8
z;;|*&jnYvU%Lx~)gzhu(@zXb~NF6;FcGp#>$mv?}dTOP&?nut1DfRFD3llz0DD#>}
z%Nry$hzZXn>oUA-cv}08j8S)RT$A&KW{O8u<*uf8TCS(mhkE<SOuat$E<<NLGC-01
zNY0r1;7HzV7>@ATcU_Z<w5GnX7i4^0DtX@zsvC-G`2Dn1@4eYQe65Ct#CsbjRdj#$
zE#mYAX3tr=?(WO7JVx(RXKhBk=-!T2vI*XOE$#7xEY3|`2OrKD)j)5xjl7+I!LzrY
zkC#E1Ot(+kK+@dQF;?eXg8>K36lB!d-<;JOlLOsL;p}YEeu=vxG+`3*=&R)jl72ky
ztfqnSmK@y|mn8CR>+2mXw$AsDH0yJg3$9lOSl`j*oGG3)sgKhP47HN>82K7BilB*m
zkXjUIVduFaG>Xq}W1yjs6L}vysZDuDljtI|>ZgmUITR${UtaQF>!6V(^e6Oi85q4r
z{W{9@0r4}Lg6N~iKP8uGQ+EVkb+b6WV2XHKd_2;HrqG#oMuSU)H*A=0tW=)j&D}vI
zif+^JgfFMow%!os&D~Imr^+v!6ilSyok>k^dcsCqgNwXAi1#Hay>3%&U^q7$sKr;t
z_ecM-iBOah-Qv*;h}XSTiX^(};{53Q5sIe+a`Rv=e@2eEr%g9NL7lMb^-AG*V%?mb
zhS&o3Cvjld$7e&|<I^3&(h?k>ljnU%bRj!mz+8W)3mfOJ{#9{;F|XLm!!EH$;$Fxz
zy=H-edv_~Jg1zyHOg$ZGJN0h{jb1I?Furb78~SLNMXZriOy^o|VCv&`bb6cJ#Cv6J
z4uMPKUoUih(q2EQaf&x9((!?Dlbpe|ddH=Uj-mInGt-Ysjrf&3%JUeK>qv_a5{+pQ
z5}EH~RWCOtHmh5ox!Ugb$M1pD=SyM1Rko_kR0R$_R|>W49PlbLsn=AD@*<r~Rku0>
z&Nvx{Y~+i)N9M&FWE(*z0^nXE-ZIHdxa`_g{F@HMAFaZ)quP3mCx^(sQ?wfejm|cX
ze!Y3su9jFtG_CXoa~FXQbH@fIM7HYjySHx<7*$1Kgm1<>>IlQYsg4mAm)W@@yX}kD
z3QH35!OisR;+gp4W_f)oBV4DmooV8iCf_oOM^YtqFbc6$21wa{V3ylT&3)EwJ<IdX
z;LaDSnzL@C(eY#XMe~hu%4Zcyx*wJb(A=|Q$uJnUF%Y%F%kzCPdQ<UmRM?wG?`>Ay
zx>415bUh<qW1^-JV`P>pGPm()KDn`io|Ho?)d=(qQ9z}PXW3kNw=q<E(v@s{Hcd)w
zZRA8VVvM1jC%1=g_|{b+@t(?PNsVU9bFw0&cYR2L#3iYD<=_FIf`vC`&y|juMA#QU
z_|B_+{p&FM{7p@QQk|sF-`zUu8&8P$nm%dome-qIVKw~;en?7|HX?Ja=zf6TVn+B=
z&u5>i%eyJz4f?qXo&0o%?l+t*OHnRb=KjquZc9+3noE(DqUG8@v=CcfV*T}X$=X%^
zdpj4B^R~)lZbY2BJetImW=%2g_m!u2dyvYA_H6a*7xy1f+4%TG-}(4cm#auG=Falh
zS_dL}8+y|#+N*cl!es((M9<@z4e?a(=-)r8>?CI`PEx^F%Xm*}-7fCJ9?NT?7z`ks
z<yc#-hgb6Y@{#Ag0@BG|CSCAN#+%wE{$7e2C=9rIRgu{dU4ME)s0hC>@=B?|Kll&*
zy;S#1Ur&Zb&BP<@FQ*Xlc_9T0TMO3w$CE^Br7O1SP1ba6YCZAY4I9@LUm&xxkm~dc
z<;mbCgPV=`M=DM)XIr`Xc)#giiE4G8wCU`Yukc$9e;FgO<IzD;>Rmf|4W;e9eua&_
z@Ug_ytF6L!N#E|tHt}b6Y_J7n&iqMD*a~6XzI<V4MSo=F5$faOpAXkV@%;`mqX|bB
zXUeMwwysCEG(D=ys|d8z<KEzAO8<Q+3x=7WBcDZFeuSq<$VWbFGJNE~pJVnu;LBuG
zR+B|XSckqlJ>`uprxFRl)y-^9Ze6+5K@&Lx<;c^2Tz}<E$Bd$QTL__}N|hzoIlkT<
z(=4>t7cPxF;T9%7zI`*z;C`>2Rk5C}d9%s&jJ%Cx6TDS!peI?)vQeI3+1vhGqTd|(
z&lxwes*|Jf5m(Gj?1Dr~yYt@`b6=5bc8Vmu<2sqwa-y~KZb7TsrI2UC)bH%h`j<Cc
zW%eI=m~0@?LM|Y-MiqD#m37^HvE-rHTCUi=4^<_P+H!l>)TYGCJ#V+M(usa}{I!44
zhxJc16Uu(}ax^<v^@-4PVwd!lmsopA8!f6V<JD;MTu1Q_vev~f)UJFm3D}$;g;PHF
zm}`FC;hWp&nf+Xr7&aFWv>iGuDi9u=59u&DBNdMfDy&O%IBmaRJW_V_gsZJ$81y)A
z_N;{O$u!bO&3Ww=@;fu#Qs&#EWgc%V+{aScWa~5hMP4wGg~rW1SERBZ)N7XfwkY`K
zRxC_6Wx^11>F3!aEmOU!G@ve`KSkt7LsBDB5&AfJ$1yRz;MZ372Wk}IIqCTwjBx7X
z(?pA5h0Q7i%N8VO2GT6=na?D?p$y^$wPe8Qm^<xp9|aROB&Zt`#r`%t;Jex2#`wLX
zztH<fe}TWdM}J|Zqz~U1KW}=`nZKB}V%Fe0^`oY>BbUFANav5%+)-!Br{}x#(933G
z1S;CuJt@JOxz{>o5TnCTQx<Q4=~QQ$-OwxeTD>5=^(VM;C)>Kl$hPo3{`bZLET<Zo
zx^&z``#mW)J}||6A%wS1`1;TC7zHDIQ+AnDGhLk!^HMsE!Uf)plAYC+!8Pxl(v>y#
z<9DBRU3UM>GNpiene)RS-*;!NCuL#Cl;zpl=|5g;6!c=cX&=ZbN7+;@NZ);Lit>)6
z<Ml{gidaocR}f=BXOh7kmjiZ|r^>)>*YgtQ{_Di)o9ljS<G!kh=a*d9OFlXU<8?MD
zPHQf)4Z$hnzHS>*?`_-Pdfn74xe?{F9$X$ZzOg1;3cfhp{Nv_t(^GZ6o_<kxT<11P
zlpk49Kvo&Anbwc;H8r7cy%f@-U!=%W_v5rBu?(RN%@B&{QhlRUZ1~JXm^!6IO^@Zd
z@`mMgc>}A^4X$@LcRq@ZhO_Y{(Z}PBGA&rdxkG$+2xe4eI-fe3IOc||UZZ^|b}p~!
zq0a_cr@^_AGh9(0I_vM?2k=`(d8*;U$4ZDLzm)!jKWtAga#xsohE=W3wSBg8XbMYj
zb(PVv`dx^|ir%qDNmmqQJ$=(>`aov`ACtJ*bM=e}S~}l}NB2Z5@tD$yFVR|-_`=uS
zE$mdj&%{bA`hxBTQ^|57IL(anu;lE)3!yfYLY5tL!U?*Wf@!s`l5AA2in6J3ZlVS?
zowuM+{oSGw@<j~@3EXN_=)6Fe^`y(n`j)8r<pN{5hw-OI6EsTBgxAGJBqRLQ#;XxC
zuckSEl~Ahj^T@QQ*Dmz*@HH~xX&nj%qGRuI;ZC@@4pQfeoql+?PV&jQPQI}>X3F|R
zy|2w|)t?FV`o;4dr834BOuZ<%j_+Dki#tB%Ag=Z4#5snF(ql=*x;a6U=W@J!F4a<#
zQj?F<H3pak<hvsHw3jiy*EV{eK1W;sDsd3_nM2A>vY3C=H1mZ1=J;z?MHBqT3=tus
zm*LXtp*EG*K5YJ;<qlY1aVVNwJ{!Cu7|DK~@U(HI7^VuJ>XSksA(ukhx2fQ%tee86
zFcq_HXPP<LN!86EI7ai_luD;rnmYrEtS5+dT`DsY6?-Asu`F$IM?SxfYxMP6BNy!e
zm+d+grRnV^@s**Y5wa7m-do8m73o6$P3;pa!uRA)q;lR*erIc&2Is0tz~)aNF8ntM
z)>AH(Vb}*LGhS~;e|#ihae0@lO-}HTtn!`L!`A{{wJbeqgIDA!P?VG7WEG*0jCgNZ
zy(^;6(#_>syr`n!07=b$^&@@yMDw`hbXa;xIDNoQWc0Bwsh%N|ar_l+JeS0VWOE2y
zjx(<NoELgYp`%PV>oOo#VXa<j*EUm$&wj9J{75zYq0S^i@evE5(5;_Qh98jwRhL^`
z1hG@~bega16Bg#v$lg!Prkh!V+Y^1VbovZue<d)i1b=tz>v*qt{`a@gue2NSeA=zg
zW2;4~#M)lWuo{g~3K!gy?$x?9{@DDEHWW=$*8JMek&kluh*kRYaHA|Jk(HA&KLfAR
zV7HXgj)QaZeM>U14R>Ss3dAfsu8wv@O?4(svt3s2w9(tv-zc)Bkg&(QEjy{^S^xYb
z++uUQU65Th;Pki4?|!~%EXnMsyzQSuQKXmA_h!T1$!mm8CgW~}xcZ$PEfpsT?@Q>A
zrH?0U@9SS0Y&Aey@iMuzn4GMowMCiZS6ClZ^L`{GGb(5gr-l^7mERE2C%InA5*B30
zu)r1`p{97MxneA?a_>`IFdbFNQzl*VM6$R%f)c6_j!KSE4IKtIw)NF}`Y!}8F8Ib}
z&OLJuzLqX(@Iap?(?0TN|0g}EBeHrWGq#WaG*_fVc)$6$)9w&B9pILZ?S47m8HS%L
zNpVfdK$R1k;VbM<7G{+@r+xMA^!ZK|p&=bQ+~ogr&24z+e2L~6ChEF+3db?Y?f1}1
zYD}=6(EF-uC(>Mn?m5I`Zl`_J*0Gd1QSGuYWAk1p+&21dS~kvNsL{U*e4f=ruOW&w
ztGbmzMm%2I6`3E@Biy7&W{~C5HsFFEuDq|#@<F%R&P*cpXxdtqcrI6|hCS*7&sO;3
zv$tnt(OeBaev_)b5BuIGVu|d1HY=LrB@>5?#*FW+x80Dl>9+Sz@;VmnHgXq3&Uv~n
zwt+g9kxp;)=m(@$$TiY*4yzbQkCNEXGAsPD>3!8t3=0pNJPi|CF1N>=<(T!Z#J~B*
z*u9w6_iXl_$e>rDewu_`_X=V1rPUY5oRx_m^-0X4Z+g*OFE8$C?7?m&Rxo)dxA(Di
z_v$wt_vgqfzktd4a&kC=FF}9@Q^2Og^?tPFS6@%?9SznSw-QW)C|QP%ev#?;E^V%N
z#=c|vG1=*R-V}v~EPR#jt}d(zD0xc!UH&JMQ^AGWr%fLm%Y9?s7je=^cX;L0+h5*}
zKXUY6at2LMUdWzo_f2n0I{o-+o@9u7j{Yynh?;^gW}erbBV`JV#z-X$lplErnA|Fo
zv7WqpUvBHBfAG`q3gIC+h|fY5cPM(_yr4wzGp}NuHY%q2s;pHija38t2|XJLe-GdV
z-y6{7Y)&MGd&h`Ocz$=e%)iDn2yWcuy56R@)U?bJD8dq_)t%wj!dft}VH)U=DH#14
zYt`{|xnRX2ce$9aUKDlRdv+?)y+oUo`^>Y8h)_0mBE)2QoTtgWZ0q}1M>RqigjAe=
zsmBOA$l5it*knI-)o~ELhMSeN(kncISJhVfT3BG&ksX#^r#uuM;`Ceg^SMb<Tei@Z
zFJHD6iiRkQ=c{cwGfqN*K53%%_`45p6&xjJ<7bpAd{78(*%oRgNNk=b<H1m5JYjH-
zT8QNLXzV8Pd|Eh{c%Ea^*M23_nE|DGEF;dn?NQ1`kJMa-ou^Q!edbr~Knvr#SNP{G
zA}#bDjh{MBMis}@KHNxWv$X4K`7B3k^U2}!_&dy#2hNB$PC4Z%Uz&~YkB7)b_L|$S
zoeoFItUYn)YM*IKmks{WDR9T1X6w%_8jHye!&mWF3gwxu;cn%FV@-HnKF)?j%oapg
zzX~gSVG&`9rPH(S6i;Tgh8P6(!^w5=n(u?A-*RMi>OcQ+Grl*2xc%}7>!3_DOQ)zV
zVmsuUdf|mWisP)LmZzRR(7J^&FRQd7?sKSk+IBMgj9{|V{TLh8Rh@xpVng!p%yW%S
zT@Jc+nz;K@dQb@$jLzuQkhZQTdT?aE$~m&~^%cG}QG_JgOe8E-<II@0dYSEedVF2u
z7IB4E1^JEq<m|iWl|8f`1h8u%35}%Q6j|H}&%O7Yp6c#~tpajt!tP%62@>|LZVhX*
zPVDhd4AX|)9Jh~OVNld!uw3gXIPd#0N5e7J%jRR^djj!%6{9n-ZlJ?&tfaSsSXxH(
zE%%oN<aaoSz3;x&Ceuu6POm|aLwSw((&ffE?J{iNwFNF`PX4FtBj%rP^0!ykr7{oJ
z=8RO1c1<2DWX})!5OzCq>>Fh(fxF>Dh6Sf%R8NC<iW%$3ucp<`JgL2sodPAco=w~O
z7~A8_z}wC?dyI~|r+#R@#xU{P$J(OS29-ELeboh%+STd78$q8O8efXlhS@!;zJ=GQ
z$UM%WP?Q*=?bmRf_Hh$^IEg1-+4O_`1)<FAJ*$>l9HPeS_Ogmj8x&vK)M#6IHww>(
z4KQ4`KmX!kAaVK&E$L+5OIQW_$!4v3oy3@Cd8Ax-kP>0P%MoPPg(wWM=#6A=MGe{<
zmw5lH)P7%!UDJHC@*G#FS=&Ufzn<X2zf-cDyY$6iWv6rI_YYhw6T2EBAlyB<`i$H|
z^Sf)*gu_)jl_{aeY_5rl8BKU)Y1w3alABl7O!rr6U3~rH1>;)rJZ)#4CCl+<rh6BC
zQO?R4&r0}f&zl%_$DJ{55fM&*iCwc>U9o7Y6c>u9o%yLNA3xhi7ftG-$0`ht7R2+N
z4;DaCy-d5SN8<DO_Umdt4Yc|Qak?Yo`&71EW>T3@{-y)3xSx93Z_~A#qOF^zM?ZAe
zZ#-CWTYjWE=PIK%cQqAFUn561UiUs(%6RlM$tY+4H!mw|hq@)tV`k@jFHTF%22?*K
z^*Sp?G$qs+a;mdqz@=6+_;uA!7lGHm@Z+hep}CH;T<)Atn7H1NCDX9<@sGwhIpo|9
zq2x9fBfj^!4fm@d+)W|tjfLCGiTDRE28|0!>(7;c+w{Cgq^9D!_9WBy!t?5;d*dht
zPL$4U%0{632z1|@T#Y{TMUODkz2C9WofFC%;!AF6629wa$j6d&Z}+_MqT+tvz`Bk1
z$)Y^c^E1IL?%Rz~b(t%iTR6TUx9p=RU5W&&6L<xAaEGU=L*+8dJKLIpzBDG%91#Q0
zQRniFM>@$G4yd_FyO1YavLzO8TZ5#GjsCEd5Vv2H3wImg;d}IpEnb#DqzD{}Rk_GU
zIzN7v<7`uOorU9B<S~LbTE_H6sAA1q_>cNOe-6m%4OTyE5g)kU9Azv*PQBWF|31IB
ze{uR%h~aY8`Vqr9!sHyuVS>mTHSO9v&r2@HYh;e5izF$n)vQr@e*KQVpPPuns;g#@
zslPr#w)s2rL%o&thY$P%OFVJMB3-j4+DfUUX$aXGS+BpZqteQqYj6rcm56-$ENp=P
z?s*&A?Kq)c$k&GyR#%*yzbA0bkZmDKNnh79rCHlX9are&Bs6zwX)OFsk_H1EgbJ{b
z9GkFAW1u<{$TZS*J1NWK`DML6otr0Csmyg3&m&B;HA>Y;djG_}BzAF&6FoJ88DRI@
zn9B}rl6vBK%Z5SZYsPp^bIO`XIQ?@D{HX>TRa5b38va^)_5>9_r3)8xMfejrUfaHZ
z8}sy=aRBMDQx*M#;j*L#FG4QeHF|zSpdI$7NktJve@wJHIV*aKv>?H4gwiO9>M7Q`
zaHVswdGMlgt9-D~XF2D>zSHGo#pN7&&83D6^DGte4mHE$SLBq?+2qa?6N1AU!O8fe
z1xW$Pa9C#u;fG%ri;LwcUw3Z1)0>SP4H4(tY<E6;BQEd$^xLlt$QQcBLdO;;HT^3t
zYc(3HJna5#x1}BN^{Hmnhehu{_wlw=Cx3T~-ap&*G(JwI<r^w7!_fN3ttB&siy1k`
z>AKo7hl)5Xjmp_vnXb*0I^VpZ&|_BCmWAgGP}@9vK6FSdp!;l5TyPPm@>F)?hOql8
z#jV*8-RINkV=5=)Zhmj~`zqzHWb#<ZIlaTmOIxmARFpVDik7OtZ0tPkOW(8{!P{g{
z3)nm|pPdkmOXf*&jbV$(dR6*yN#*Pft*`!rrxL4&5&ZTEZEwA#vQ{`Bjp@+zxAo*e
z_|ZYb+h#p-4R^WN<Pf)PwH@v3aBdVU@?9<k%XV-461pCo8Bee2dgrxWLZU(R<LwQ{
zin?r1YK1yS2FpGpr)B+s=V+~WP9dz1UwXw@&|lS{a$a;{3YWGuIcgA}F&V4S`1JhE
zmyzVc$?n)h*7pgxXFI8hCC066oUO0=!9g)0uBk4}zUN6I-<3i$-Ya9b_?1L8d9%9B
zabtBFDo$&d&M#aw?REi>Jex-047cgh^HcgmPxRimRyZ@XJ>usQxRDHZat%n#J_*8C
zBI5*Z)0>pA`L1m+lL@}Gg4QkU=iPI~EXYPOEnB_Is3&~N{~*V?+o5pjXqzz~e-%7m
zMvK+yBt~Tlo5F}Gu{*!+9~(1^(zoF`-9ZvpSlXghN>RJwYaL9-7ZUTWHZApDu*xw?
zZlkXeUrv21k6QgTC`Z<rt@+;io@Iwr(kq;a0r`!HAs5|5#v^1NboX7oGox#62H#AR
zC@$un<UmCev1PoRNey=NG5=LOdHoAB62CL~)P?z7=GZfGWzRpX+EH&U+BA%PXJLm|
z^R?5Cea12V+^?#yd!e+aMU{`0{y4U}c<s|QO7-v86Xo^X*$d;PzZG%9x%I~#PJW0x
zowFuprdlR*++=)(L-}o)_m>|TMV#?x#?HyI=rUhjl4PqA+Mvn3-bq^_WF~$z^39??
z{>V9Pr5jdU3w|cz$1a5)>+fJsPIIXdsSC+uTtJL)!GX&Jbk|}xFZVn)+i3e)-|1%b
z{m*!P8THZ{EXPE8b<Nzas!~9eJTE!mHg$a5*6+^2GID`013N$a2Vw50)2v=^R3nzw
zFY0K^pIQB&q_}*klU0OC)j~B@$em54ZwpWNJ&=H@(FK{a^G55Tc~A$f@EMYU@>B)4
zT#w@q@sW3GCw@C0n;A41#;;6rS2Qt`Gp)XS^`7WBB2}c%DKjYp{cvDfz*C-w=gJoX
zq7y$NU0Vgxr<mDvUcECSdzIAQM<!85<<7&W@u5m_al7P1=VjlW?hl$|gdur<xMMtd
zMJpKUesdD>v3|v`Q{n7coXL;*tn<(e%T<jpK0Fzz|NHmFFOR5q2*cLueD)e$LZ#qd
z|ER=N1l*PdDgQkH6x`n<2^TbiUKd*OaI34^#5ii8h%sQ;9EJagU1a|Fh@?l6sQ9K!
z>6s2<|3{pQkiQD~OYk^jUICpu48owYm0P_+*P=2uX;QJW%%M7`FuF*2Yv*#~-M6iF
zH%qsFElmc|Jr~*{H?TIZn$}#}_`ySg(r|sQsX=Ei_GSTZ{YW5ETYN;B_ipq#E%)Dl
zHb!6G!Jl5=yhmT7<&Z6ds*}-fw$IvPoSWDQ*jXK&52f|_z50P#>bu>H$hNu_X^$3>
z`bWh@Zf+KVbKj+_q?!!W!xEJmG6YRjtv05Yi|-V3?`)6X(HuVS9aVhCd`LSJO8Y^~
zO;(STpB~u(Xg;%bdt)VFdz+2Cp5l~?nOXbIQ#%^%xHhW0#|G;2I-R#KSGG;)wx2S&
z=)AH~B6ga~^9df)d9q@DiF1{`&I$JY^R@G&SF$e4PQqhv+v{WoT`Z$X`CU4Q7MGjf
zN&`fi*`g{~!muh1bS+w%Yl`+Ei@zQ*bh7;Pqxhqu*Nh)fTeF(3>1}GO+emp?ALV5H
zP(Qdt)=~}Jn*{oEJL^AbS;?O;j6c>(ApLgT=A~#YCv7;|#@8!>-z)*;{|QHL%XX?~
zqhj`0w~ne_3+3<1z9P5&l|HI9Ll5V|z^t{1`*$Bq5vc^;sNv_8V4zi}d8}Z`W$G!H
z@A>Z5<J4RDw?*B(6>@S_99Dr*#NQz1Sqn4m;TR-qOUn(nkyhzPAqhGkRgI}$TqS>&
z_1)Af(e2SMCmHTi$?>6ZMP~W?5@yV5Pd+C*z+SgZE%MUF|CBR*$<-QR=jrAui@$G|
z1`gktH7xbEttEYPN#%R9%kx-@KP`XiT&ER#1jdAe{P1rqNkoP;-Jv*A-HEhdRv-K0
z9H*Jr;{BOeD!Wr70-1}Pd|#cs^RxZ+&XZD2*A2<2@o42zv811Cw_OL)HNP(gBiG2P
z+aiNp-@i%zk<mxaOh9{|XggNvO_hjct4_Jx#oZRp1BJjj4sXQen*uJ~v)wL4?O|x+
zUwuUB6gTkS$m#<biK?iye#hT`g$pd#YCz4SOLQVOtbHsr1xAxxYa`6eQZJ<WmLGlE
ztLmoSWajI^7s`0j@rThn|FdEbcqB8@2_D>9C7x8Pb_;TBiOWCrG`tCmp*<q=Lu0O&
z<z94^;b7a$U6+*6(S<21wYK2ktAR&(&diRKMtxng!)NP<9DUh)QaziTspBS_C<XmV
z`il+yZPWS5KQ1yF=bvx5F!WV#{9O2Fe!*azAeSCT1SC6SN&K5)i|<QZ5CchdSF1FY
z;nQ2e1&BLch>`(>qN<)kL(W@m)K|gvI<k?sv5ldD&j)k6zlqC#V@RdGckzY!gC7Rj
ziW1|RNUv9T8EpYl)2q)*#HCa8C(>v~82u>RLdAod9hXySFD^YQAWRPsms`~%P$v-O
z;HP!3$`;A#LuTFgV(t$}UU&ksq?sl@TDUqbmXV0L;IdY%iGqKqw4q0FLt3zhtDJTs
zo8fm|amz4Mmh&F20iyj6FO13>8^ji#;Nf*UrQc40=XN0!AZ^<jAv*Jsz$DIwP#3?x
zP?mz<7Om>~Y)dvvT=fpsC2NH!ZYISmy=@H~VzXUO^HeJN!g|vwxxlvFZr&d6IIms2
z+52c(cQ*O_^XtRz_P;ul?8{Pq`Nhg3Q_@2V7ax8mnH%}&XWco39n72O`&GnSoSyAJ
zaZA^P4nNbumdrZUvpm4nCgPMVGcw4o^KP)4J8Hc#$XD`e->*{1Dx6I@IOc@f;g`F4
zNdNbjCv^wAs)7=Nzulfr(uRbBL#z9K2RbVbqdO<#?J`|{MsY~FWunQ=#)G7T-rpfN
zix)C?>xgvjO%QuJr}b%IbCVDM+@tY<{td@Qk|z9eHu@H&_;53E6P1CyPT4D)w00xQ
z(P+v)%mWp#`i*mAz66V1O|mh0G^^O^*w0>ktv+l5d6AP@<njY)fijy1X*xPHZ9D=D
zHYxlp3cs7w6e32vFT5v6qWQ$^lonrQe?5&cj=ysG_Z2;5vG!iSKI5^Of(>w}=>UU7
zjZnV|UP^I8vXja~e-88dmtFg0;>-BxkrD-c!<MS^Z?<kE`M+OSScNU~=)34h+?C9{
z2~zz~xCDyC8$y>&`Xg%f+EZf!rWuh%kbdH?(JMQ-KO+c+i-{sJjRr1>;c8@|6`l_v
zj)=>`&{XYR^VqdHy&p0xDOY*Sb$|6W`${fn;Ctd;aGgogDJOGFf|FyAsx2DnR}JeY
z)IPVr^Q<`%=uyskUujC)I*Rp={<qnvu%Gma9QBjQ=4ho@&*-@O8<|(BTvJFX)!TUa
z9!=Y4M_}!L-9EQQ5c}<nMwKNbl=O$a@NOoqHb}N~;%0kpw%A1~S`<-AT39DZn}%;R
zlOsO1Kx-oYlx|J29mk+4GiN1u<QKzjHZzs$<tu5jb7m`58&5)#-n`zpUQqBB&E9tT
zM>*vM1NHo4llr$$Ri|GOVC&Z|V54)dU@$yi+)6EKB~Vyo+LG;^WT~KR>dpCh<+2z@
zm%hI5$-pr`v&0%AQ+q^=VBM2p=_;FM!J1=+__xyC{o6Vj*8~@gPl&8rW!32xRGBS%
z+uVC3-DqRPdi|YA#k+>=6KpBD-<RU8h8*NC*Sm4mJDoHS>yHfW{%)CK%bFqQ!eh@v
zwXtM-w01E(z%7|Jb$ak5LpXYg>Z*M9<jD^q#7>K^zE_3v2UpwapEn{quZa>xB?(J)
zfBk}gR3!0R?o`wbzV$mrR5zv`T+1&|=(S69CXeh-c6FncyG$tJNYGo$!`~f(x<@B<
zOng>VbMUKf&!BPdxzK2_Im1t@Yfj^Ai=tv`ontJvWFqn+5zO$UN!T;#=Yjn>`c@JR
z9Qk4IA6#&WwN)?q_KKSLes$#ymbd3*1flW1Q2fB3oF`|=oHE1JyaZ`xeEUf}L#8U@
z3tn_twe`R2C%D<BI@a7o-$MD!>Qc+4_R2J7<rqVOI&;^osZYqV-bl(Ly+YUl-<8j~
zBUwVnlQy==TRvQyCQD&^tS(OW!Lu%na<tCS(8${V`Hc1gp^|2yyHfwq&&5Q1yAB=V
z%<~O=!(7o_<$L~VEDU+355cL=G(l=l<wqNaN(x=7jFZ{egMtOjk2;FOytItRS}LhA
z*z;A-oNgQUpWaksRxkfbSmf&vmucWRYu`QX?sBqdvTMV3Iq6a+GT5Ny!mAO=DhGpK
zrJv_#pZ&mbS(4*!>x{%Tu<&V!b$O>8KS%Y70goDZ_WtsBJ1&J6eT^H)DW7?^Ezjoj
zuO-JaCw4l{XYeDx(#T?R-Y=wIBc#1}F=as5=MSHcO0ia=lVC03+_vxB^pKCyb<1&a
zhd>?sd#??;=h@ZkirkZcb5>8rnc1`wp0?_MPyE=RO2ZvtRjHn4%nG^vi&8gxZpI}(
z{VTpSI{)VF7lR!%CP7;XV|QM-3N?yS@F_LYq>#MOX-V_&bGM_f{!~PMg)tzeaAU5H
zMkGhywyb1u5KRy#($y1`<+@c6fBBt#Wy%S~Ww8w%QR@#bJGC>*a4(ncg}ldXY(4{o
z$A^|&O?nkH&)f`7?^2c$ymCR0>xt=wOnyxp{IZ*5!HHMt+Wk4!gHN$i?!s~J!4m>s
z#U;G6#A{!o<(2t#qxPX~7jsZ!x>yCnY{jQ-ZUMhO<<UQ<aZT^V*jkwia@J+Z@jok*
zzl>`Q&gX^RiF3=m$~WDi)HZ5kOl@q~Iw*&WD!9u1;E_N~ySuG4eWH6_7Uv>EMvzho
zbPrDucsBLn`&ypYv#;d*I5UemP_Rm;V8Olq_k|xHL3vAV99Cn2T4QQgI5O0)@KkfS
zg~ZjbFG)^6Bhs5@N8K9G;YjamFLq6C?a*7uH3@(#E~Rt4Ci$*K(TbiEAe?c!<Zsku
z53#%Sma>Jhb=SY8y2Cwj>xQCV3}#21d!iqI<7e)l%MB0jz<tzih1}aL5)}5|QqJ1u
zFJ$DRGyC7Dn(DnX>oQO?a6;c@mhX5N{@Tu0VaEBZporJK&Z|CyRQI{Je=h~U6eIRL
zf66PwShM1*Pgy&nQe=pVMp;+=`~21VxK)oUb=t$&McnUY2RXCz&N)8{@;dp|5^pKZ
z+u#*uS)+V|EfnmR_~J>e_|KyfPw`n&X#KbrriH89eBV#xn)oB^p)i#?dVR&}hO)Vz
zW(po=bWeQpg=D=p0OZ{qq)j`It>FrL3lW`<A)F7Kj>#C5QXQMKN6QGpJM|My{nV%Z
zceXW8zlcCQ)&($f=VK>B?GLwFQ?1JyZPs)*8GOX$?Zm<w$m?X7)dl?9Z`b##sz!o3
zXy<nAZI|!DoK=d>J2-Vv2mJ;Q3{WMA>E2Gcz$A}ntfM3QDA60HEnTF<_T|R2`u8u6
z9$k*FgvXcUT24$}yx~8wwRW26)AHWu{X}S~{Zm%ZFgTgg1)eQ~7-9KR=n}2W?swde
zN@!WS*<APF!AeWQ0q-F}xV{vUKuBW6!FQ%NOCdJ7zh_t;l~A&GbNArEV32#W)GYtL
zLhrrOu(`2&4f790n57&NfIZ6~DTEA49F2tw${-Hv{dM=}px~Brh(G>4bcPI#630qn
zFjy3fs)Crf_gC8I4}(5D4-LCiK>Tp(dq@S66qk~O7v4jxbQshj7QiHUqXKN|bUB1J
z`MW8MBzl)=)1wmSojt+6Q8*w1HybaW|15B@Q|un8y`5tB_qNA1_W#N*>H~Bf{#gzo
zNu|Yc7#t3RfpdExCUFezf5~8^4)b>)vVCDl!!#cOxA7Ga27yA0gGZ6JRsf0ZbFx23
z5-#5z#Qg!nkjjWl<D?|PNjkd{qupQXKw=myjH!gM@Y@g22~r><3=(-T^6&Wu|Is~=
zIoweR_?P+!oluhk(v$%-|5r-b10iAdc{vc$z99C6v~LdoVE_Z)uYtH=uPTTIo&>Z>
zCDGz&lnl^Hdj-TwC=KU*1eezV@33tpq{e+%tQgF`?d=O41>dR$8(*)4H0ZGZSO*4J
zYc<$wWEG?e`_(`+MBtsI8n7qoYDh`^un}Vqt9Jk5|8Ol)3kktl)sQCmVo+f%BnhKx
zAT?O34x*txYzLCCN*%Dmk2R1M_dnAA$6}=5js1}jY)}jK`i~0!87>WH)bA07;F(%T
zo%SEY!D3+L1~A}S9fbOS8#Y?<KRVmzd0%I^LoSTlC%h+Psl#0Df<i+B5F$@KB!@s_
z#KHL(7WEJttkDQ@6UxA3Ef6=1Zv^LUHrGR9F-RteNKyvCAH+t3+qZ>1%fO*w{3l2P
zCjSJ+IyOLZB+^K6BuW|uYk!4UiEt?R$tSRzxdsSFCJmqhiADqb*(rq>xpDh0eZc)8
z-Qgs6=`zCNO%QkdB6zZ4Vk4w|^uIcS+gicZsU~pnF4rgM94RnA8Jv{VUxZ=g!R^yJ
z&^+$H69Jq7+7Zowsn6d5-NsK43g8S518;wV*#7l2@HTS`7^>a`om7_u?EfE>kv>qy
zf%Ffyvu}KRVv_pThGgKZ7D$j5Eso;hIcuQHV`*je7q#L75G=4@GsLQf11N!(K_0?1
z0BHy05BaC${{H^6-$S~W#KIR_A$}T^IL~>7i#+F?oju$=+$>$-i!Bf@84iaPM@r$)
z$X(ZEA;L++{>{L5CtD!~X0$kuiI9@B8;_Iabx+G{Cc->g_Fm2&@W*CIkPMAMiOXQ6
zao{QLa}Xmh2KSGX;|@8wBnp1;8R9>MIUsr6#`|E`?tt*F5Y#LkZFs<PPL>|_&ewT#
zZQQ)<t!#MQoUhpkAC*wBarcM`WMn7Cp~R)ZQ%6z#5DT5;KX3uqr)-1J$FK*>C|J7N
zU2(Q_v))}q*Yk?Im7Dz)8y*j5*tHelELH|9jzghwFi#hNvIlJtHO)VKW8i0P5I+`o
zKu}$cN7uvC+TIz^Q?R*a<6*-C1Y~J#>EglTVQ0f*ZFAMq^O^^bzSeoT@iRDb1}h_u
z#Ytk2d$vg@`45%?jxE}OiEXq(az`<eK<yYA6d2q_i(o)v4w%_jyX2vuBYD`VF*qrh
zvlBQj??>Q_g`XiwQVbRYOdBf+YtKL|M=-z=LOLKce7X(dh#5sPlHrg*meNv^k}z)<
z#0*n(LNtU}ShN%HQ`-g!!zVi+iWqic7C3Mi_{zm<h)i1YaG;PpZ0G-O?!SfzpB@1o
z+u8|!eH?`laCkf5)V>p9I*LOg#U(+40P={SSrF|olK-6r+!X-Ng)YDl@N;_jcn8Ex
zh>59WV}RQT5lryYK8TFxfQJL~KRjOw3IExh|JU6sIzV{(JD*GvEhUbT0=tKo-$P7v
zlK+^mq!hf^1y~I1hUftTk-++$5CaGs4;vsx5=m)s?7r17^GN+;ga0g#hM_MY5!xj&
z-3cJJy%}O8#-gOeQ7D+J3*<IZ|Kv7c<pMARcG_M3*$TvHf&o4%gF#~ds{g+k&H?ls
zEVyqZQiqWA;MIX}{)r1XSi1+T#oG-r5=zA^A7>=P0>8##Wu&lw0RcWY0@1-lUjfj@
zbVDLUK$?{s5EF@{xQwJEN@h=XQvU~kV4tsms?ZmRIVOmUkyvUk?=<=XvCHqv`GDDd
zUH`>NENb7P{{}5A`Y>wl1}*AdK(_k}#Ii?rFLIIgKpbL+>`>+(J3I(~d%;i!1IP4&
zMBpaK<Nnf-l#vn#IF{K1u^*%=d$=wAk7}f(;GKSej;H#7Jea<M|6GX>K$}u%aV!$n
z{0eb^+^4J$xLER6i1Y77Qj8QvTm}iOn0E!FLn{3c9T;QWzc+>ymg@!b-K9bbq6<I@
zkR|^eIJY;DasV(|)(b45U>g{o6bdDdk^y;3Kg0@W_5pX5f)fWoBBS32amUaQ^X+;n
z9gG|NdqrswTv_ge_`!-mYmBfcV4g?%A8kn;ayMxl%rpdqe6Jr8C6Y$Q&=McprFjf2
z6fy*uMh!s6_TFcN9R>hj+d~jF5fBXN5O~2e3}B>f0FnShV8THNOZyK-fq~D50at#5
zkkBp}?W0Wa`$33HexHebvyeU%-(>#ru)`e7pkRd&z_IKQL>seooarbUixrnbBBgN$
zfFgY;6v-grt=;iOLjX{Ay^$1)lL2KB;COTbVx~P<`@mzQ;lxo;?qG%?5jcDV=<stt
z#7(<T@?a3y7xNepPxml@O)!cv<^l~BOxy&~(#iZ^BdQ()>)VY$JV($-uxcs9r1t;J
zF8-6AAMAKvJTm|5;@H1Q!hb71j1-(O3rzFMIM6uHD8#h82+$)VDF!Jng$2L`YcnF4
zBrr1n8%@CJ>4!@gng30iz#8zvIAHq06u_~%QHYrcjr<E27-?y7X|xnp1|F>j`GX7=
z_L%^3aG8T3SbYrQIT(l9O&4%d;QB7y!s`<dEeJJ7C&AdMvA;Z`55qbfKKXaZy-{FS
zIg>zF-s2E2*bA`1Mc}yK(G+m`I7G*_Z#f5=IFQZ0ufuZRfb#yb!!!YL?9Sg^C&ma#
z1shC2bpI+6F!=EsU@Ch8Bm}@OnPMyiDR(`97FL`3%aGX=xD28R8LS96{Oh~0<0KIH
z;uP?0EKKtq$m!!G#2WLEk}-xyg6hA~6C_M~Lf+FO7P&9uJ@iBVyAwF`JK){o8zdCd
zj%GZHlR<+LPFfnoa}X$5;Q0}-=;>*o<wMd2L&?xMNpWc@klE}8c1GU+EVM7A|Cr1k
z&?0g0+Vq}sPyAg8g#mp66b=Q-Z%Z-+BOP*|?f*`Pugw4{>}rGvjf$ycWg?RXF-jVQ
z1nl1_Jjj2*`@l%|R|KibELahUk&W>0e2}XE9|S=Twje_=(IF4x#;*Nk>`u5e4VK-7
zLSiYfMUb^Vn}%3V9@y%ESpOG2u&960<4}-6Ny2J#fH3<EK-68rFmf3J<qi(kocRmq
zy>np2Wbpsrs~Tvuj5rdvTL}Db9evPjz#<QYH!N!3srJL$zcP`A6XyTs24t`*(CDu0
zNpUh5agev6;r2$5vjOhm>1m*6&4t~EjO=<<+w7h_kf9|(Ne^&N8YXPoRr0}N2U<GV
z_@2l?i(p^@Y!uKqMhJX>l^Mc_1N6zA133ulaKPMM)ou~&8)S+Im}VZr{++={jKYHW
zgN7~Ufv`xHfIA>z)+I2md>)eDPmaidl>+ER0m1&Y9n?Rz14vgcfztEp0&wZw^yWa5
zLu3e6iM>aw9Mm}=P1^I9J^7&zlfnS=bYA`|KO~57yQlz~G$1dNmXhA}5N0C41Je%>
zZITxuED;6`q75TL2J}{>;e|zziaq`T!lWdey*os63F6vK2FO5%M;wWj!r<WLMG(wn
zR{oArT>)dJ!B#<#Wg@}g#L-efMT8^>X1IF=qNP4$Q)m=CwE{#PvkaXil#bD+WF(V9
zi6hZ6yRN${6mIlkoBTKNfunu`$5;6Q^uBA72OvVji$xzs>3=7JhS4fmc<2Y{r~LI2
zG)PUPWnk_Vpya;|vj4^jFc*Hk3Y6!!0tx(OlZhB9j*|qTEPoDSrb8dj6LyDR`32}w
z{sdhZ+~0_@-%phJ39-xVOJLsx(fcp=6o)$`o_~rqtTep+3uHOPKOv?Ax_gP;G@#3U
z$N~=9lm{jbDmUWaKuRyyKuj@M1*r+{Z{EQ~EG3SX20H<T4=c?9GkcDJmWCDA!9KpN
z0xOJM2ccviqiN`|=)({Uj*Ee7*FpQ~?l0)r-?8w=Ul0#$xbfF095%oufi*~U_YyN~
zy9OfF>fR-W-+*|<E?56+;)`n#oA_ZtVfH<5Pf-8#5kU$JYi$FnAASS+PU~RlU2>$7
zGDv_Cpxw5+z1=6FoZ1BDxw#H<DoJ4Fl#B?Vc1hsA8^BMSHvzL4SaKcES=a;|C2s)K
z23L0zdC)(UL`&m9!)DhmL9h2v5&&v}z1Mq^13nSC1tcf?8{+=E&{0N`J+zX9&B+kV
zbO&9;1N8vTsQ&;Nb^YE&*e$R&$elRpu?Nl5{~1@fJI-wrPzU1}NpRpf@6uQt>@om0
zesUY+wDiBhFXwGQ0|5wuboBo>Z92%B{=@ygO=1p(1?)eN2Sja4h~R=rb|5A(&=KR|
zIqzm;3CerR>pcG{`gvU3oUhvdrys#%%mY9;#uYI9zZ#)A)ZoN|(ja{YZ0!6WNE8%V
z0EEbpAc&x`QlJvq6Z<}A|B=W4CafT1i!(y-!}(hP{Ad0^<edM@kf*zi+kSWCKin{o
zp+Lhz3L^tNA2er};A#YdmQXsb4T0XHa(f#R-OWyp;-o=JAq}v450_v)Ld4$=t0y5?
zkbMVY0dgKGg_uE$48&T^9f%zO?J^;P9WEh3&{FNkvpws;!J<S60r=Anbb?3<6+_F-
z2mvl|akK~y`a_xKUJDU^LWBVQCJbCmgy08#FIFI$N>)Y^EC#gWKr2IQ24W+^Vqq>K
z1UIaH1i=7nbpip95F*&%GD3vtZtYLXi^cvEQxAH;dpu#KU`7Zql}L!--KD?RH{g*!
z?1R|<EgrG|eh6@wBEXk)2na`u=zt;#=$?t=K*#|_89n@z2ti6H6{iN6)<hua;eH|n
z``*gLC}}BB;K8&<5N!Wsomjx<I08_$ID$~v>ra5F2%<X%{s2bP?4#1Y9fPi_&kn?~
zE1X9=0Q@qDcZCB=NLT|x@a#<|l|t@)GVnKzfJYGjA6s7m6j!r^8)PB4ySqbx#a)BD
zYjD@#wgh*F#hoAt!3hxD-QC?i5D5A<zr1(vtyi@ab*MQ#Jw2`8EYpx70`L%ihG79L
z5QLWk3IGJ-!$Wo(LS+OVKnpep02rYmwbWl;0kUuJIDwE|_@ka+Mi@w#`vwhw2OGWx
z(1Q`+00PNV2sm&M56cQM8)G;C0eIyt03BQk4L}9|{xhZ>4np#euY%|1f*hPcd@e*f
zcwlz~00x*J27n1pM}Tmo1P>tm$C7dWe+3XHc=FHGaEJi3|2@`%%nL+>NbCY0zzC5q
zq`ZND2hn991Ze!r=l^%efuL;5e?|wt1yDmq|B1+unvWY2(;zMivPRth!Qml@9atX;
zVlHF|0IENh0>=)C`4Dq8M1ZK@84_fzONfxA5F-O{!QcMK=x;awH_idcWC#WS(aV4K
zjQhV5!GE9rR?`20p8nt*RmcE3us$My@o&1^e;>2uBLWEjIBq6%00|`XQbd6W8X5^e
z@y{R#cnE<RgpmM5&=4t1p#ZqSiAWGSe^~p=(jg9q<DdNee{sk^ax+JTyaD_(^It)R
ziyeYovO@~HKiL5I7!`ny^dEeK(J&#aMn;3|;yYvjEO-GKK>6oATm&Fwzaf<XM1p_$
zwtoS`e|_73(14syLL5&W8f0VsqT!ALk>+3AazYRpK29DkNG<y}k^iys{~^Ky)<*xA
z2s|o8WBytICj{YR=YXWE5O5b43o_Mz$2Q1{XV4*A{MXc(r~u->-U6d{LDGLnYriQ}
z$W9w!0MH?~O*>&gw3!kOVqAY|+COOzB$^Xo{F}`Dv(FHGtQre|jsN$~{);>PyLQOV
zVq-!`EujI3($*ku703#SylChELhOH0z`yeVp1*<<_!B0?Epmdh{=DOl4j_e0|0mW!
zP+JJt%K;We0uZ483qSrdBL^6W1rY@R<1a;rIAKUF2r0}Utv5Kq7z7YS|DOaB!tnT?
z7m_jlBL63M_=ARUf=4j`1Z4jb|95r&B;fxr$pxmyf@ohpHpHHJF#qrS?;v`}19rv)
z5TXBz4F1C$7dQe3GFJyCfDK~ye;_FY2qpnJzkCNVtv}pB%4aVe2uUC=#8v5F0Wkkm
zmk`@l{QsWu^8JH=0{^w3f7$%6obg}m<Ucmy5*Nb7H5TCgKjiuU$~Sp||9ylEIotV{
z;C}@Op8v#tz@)ekr5(eAh@ci55C|do2lv8-{gZ!!m2d$6jVMCSOa5C4At|aaK7^U7
zQCLK9BMyM}??MYA7Cu&vKN$j83<(k@A<>1G0HUk!aRHitId~j+$Z;Aw_aBt)PYrTH
z@F&27pZ|=(#sg^l69m}**dqHoNOndDphx_FNd=e<5n{aQgaDM}HE4M7CLZAZ-$)n_
zM71CY1EivaP$mB#_!DxGz<*|gyqw?xLI4Sv_znVv6yO6?|B%3i=Y=2-+>nE3$dvfB
z|C3|=4}rh6Nmv;C$q*t#|0xKxWJ>^0glIV=P{VU`|Ix#De+3Q>;QyeO|I5qYViguf
zv~V<cGPOm76cv9RgRl_-upp}T7i!NAfdwI%^Ix24|92_*FS-9D@W);JAtfmI|Grc3
ze^r8$<G)qnZ{Gr0idH{>6u=3QIV4Xa1dxGv*nyn?)t2zA72Zo<szpSQvvj#U&P*Uu
z{*<={OFqs={`=l%Q~gE*^W+d2ts3etI%8?%Zf{u%SkUD@e43QFXu}d;o1}1i%T+zA
zB7XYn8<*2teY(EpdvPcDdhs|p^)#N%aM9|pPLM-|U=pH&`X=`C_hpd9a1YzEK@|Er
za>>bq`1oNw+ciN*`jB(ZrB613#;{0~%29^1;X!Q3+Ir~qz~+MmdF?V!!Y@)!(?F?+
z;9t!w&!nY~;2UN6PevH^3%?|wJQ>}&4Lmz<pI%f<@9XED2%Mj>#AiqI>2SvbgdRCV
z_P>VJmTvmo_r`zwjZXn8A*NVoM?d=bt>ft4Wb**OOhjmxIIfVS4EI_kOim&<gtK86
zhDTgpNt#{+JE}J<*6HhaDsz|zB!TYngoDeKAYyT;pJE?A0x^|ijG|H|xfpNA;=Egf
zxY6bGw**NLT0Y&By~Jhrl(IZR;i=_`BecxiC#%G-BdxxU9cmYWM#_l>S*^jLZwY<H
z$c{s&<TMo4kZ(m)cp_40+jG(7b49r#_$PNf*@8AG?x^5gC%Qj54|UaHK10t%;Q3g7
zTFZBy3yITGmuF&>T6(<XMPtk7LB+HfoCzuxefAX_ck%f7YH|bm-Hnt;$VU9U$769o
zg)*rdwo~LAiM=NV;)u`tNUj(T+z}xNUVZm~<c&X<yjBLSCd5aeMpR6u8p>-#vs+@#
z=<V_~n_tmhU)e(9F}i<3e2t+j@TP!4MO$92NJO0{-X_}s_%PE!3<5BQ2I%o>cQ#{>
z_caj=KW?_5*szPqJHH%it2km`&z4(9s<6)AMINa6QD$3#Bs$z9a8A5>RiZJNrVpg=
zFi@YvGhct+zRn_@(zNzl31%YytRNfzjSir%*5Mw_kdg@|ROLAqlc29di;oj;Q)x%n
z>=EP^YsM-Gy`IW@FGBomzTGAG3!d|7!xx8Q?Orw9-kPKZb}dYJfN(Wz;+}4R`-zW%
zZmd^vdY79QL`s{d5|Sx4#DL{4=#F(u!cr7pI#F^_ocCFzRK#lXBF<<ZdS912%W$Y=
zab<B~X`)%yfRF9~uK8m#-aSKWDB4f7OEQZqT`Ap>&BGDGm)Bkwu0<Ik+b)iX{h3ab
z;Zikk&YwscI5>n2xFcc1*cN=ZOzLo{nWsqu9Pba+L1e$h$<RtYs01HI$^iZ%^YQAH
z`M~3-;p?ZT)(qw>M)fqsD&vgVaxTw7Q=7xv8n&Aw=VJ+c#bBd;)>TT$;?-7;SUByS
zGzIC)PKyt}c_u@}V_B6;bQ|}&k=R16r`n2)cZxm`(+}u`UhP7@n(YF$)F2Y?N5PEf
zU9^!14T`t|$Up<<n5<K4L&mfCQd1`M6&S73&{JIjQ)PHPw;HYh%hK_0%&bPdR*2z8
zf*BgMyz%SxWhSwDb)Q|P3j4VTZ!^QB7WpJf<}}7K)Jvu+EK}SXk8dk;XkKDTeja$*
z-}owHjh7+_W<e>1aWN4U)Do*0S>!Up=LrsKfew%HRu#^T%UH64f~n;5El8^woe>fR
zwM&ek6!wq=UGpzF6qgY9-vlEm<pSSxcwSALMz-X)IOy_GP<f7)+u6=eeEE8oR^|4M
zv5yCbz`PGmv)t8W>85#v&=+jAZ)b5`q7_?VXiRDItIL`%Kbh}cru1ZOZAhS|q(e#_
zJZM%`wS3AJ4SBenv3>{HA2>jsr_Yq9Z^%L7)QNPQEw5>pMcp8e9mQz&K6SpPHru|F
z-(jzI+m@?+RB=y>MT2F`IG<6kz0uNWD2a8g_8Wt_ZM58cakgQ5#rrP~Dca!Ci4uUk
zB0N2`gQ_*-Axo737|BD+X87Z<3+eoZKM20TWGu7j{fl&M$D^b9&pj~RRVvl<z$YN5
zbO*rZJlr~@`g4q$%_m(k+OFPBH<}d2*T7KSZ))KkWU>on$#hlpX=zFm8Ty9Q#$EQ^
zNuRkG$CmpmOmh?sHT98WfVA)D@$km8+1Rp+bW}bhoSZ(0CwRqbO|?~+dayTRFM@Ei
z{9FaBlf;un!Oay0h+o_+0E|yR38#J62ET(3uc*&(s6;k1(n)>;Hkyrnk4n13g2ivU
zqmY*DHIT0`_iQzG!aDgZc4+axzbPTm4)_g!u&bFiI;j;a80Whe&ZRXsJB(v7!msh&
zuu3mcUr#fzsx321mH&qi1?x&xP6^0<ju35v#d@0Y1b1u^^mB*9aO$a*xr>cSx`P(2
zE4w@dY0gxx+GYJ-VKTL@kj+|>j+vs^p0l*!5!^_&!34e|-7q3@)UM5{Th0XT_j!9q
zk7b%FYGMR@>}$#NmTxUx)Z=bKL8^r5ryVG48Mn<S3Q#?7wXLosKZ7AZGY0{Q_MOJX
zU`Wt$d!NW#iZye!3k|rOcDcSfDt~9ua6_BR3nXLFpQ<!m{x(d9^4QSgPFH`Ey_tZh
z_7?aU_&NVKaXQV;dm#n_KEk^=gV34XqvvHT$6*8KZm*M)Nq%|jN<t^&4uHJ0QJ0Xo
zgh590bqLI|_nUecEnSs2EI&aSSenpVPKEvTy}&i0>uVYVs}ZPJe0%i?vj&g6^T6@h
z^+s+#gXw7>QM!>d7ULfkr-AL%W~&8gk|LPRUp6S6VHfZfL+^hf?20-exekBqhXG5g
z2Xva=C$r4fdw+}`wz|&3o%hgKnP)6*j~5|g7&6qz6*2qfrgRil;xPuY4=pz{K&m2}
z%#bS@35`IIF58%XT*jiB*a;eVFN`Jqa$lVoemUkfK6p}HM{?2t?Zdv4IbJ>>5^s;w
zAWztTTn<;3$KBtCxDWL~iBD5$E>FTyZbNe1`w`Q%p=^&#ns&=rTIc#khV;cW`<F4A
zYf4e~B$}n*O;2=VwuCgu2*<aLlLO5sWy`Y*4EyK@`)dg2iN|wQ`BhgEq)<HwHS+d=
zB}nRY03nTUoK@%T57=bp3eUj`ffHN=TFe+zXD92LoNYsBY4M#G-;~3S(D40=!;a2t
zF|=`PMkYi=#*|R1Jcs7#CJ!5vt?35oZ0}UIvP_<;iogMGbbu!4TdjQY*%!t{`jOy5
zW`H&O;+@JMi6^UJ$+u0O84PGx?asvRj5^w3F5hwUqVkR@-_9+`s|sHQG~8umtk9yR
zJr<BLPz<O)B3r?I(&V=yDr_`+q|<3KP%^?ch?mojxel)tiq>ee#pSw?#v(r_IHI(~
zVS_0FX*=<y&?^J<S!aQHfXHKTR*#Q6s25<{W`5RcgZX<qTin5&K-sd=sJTp40Pm~u
zn?_>T-(U$1-uj0?0z7qiNmdobNm(%j_s(e^r~cvbK{fSWwE|n~Y@7O#&lB1DiTYp5
z=*hDzxbuwK#~JmjM_a0=TkOSDQw5#QF^96*>=r8NbHBHOBx=4AX#L85dgAj2&~W}f
z)zvIvYPqdDuwHSCdg$w0O12!$G&ax?PR`=iX6OxJ$j@V)MB_Ox$*gTf``+5}${Hbi
zmlTH8+oXzAYXIfox+R`oZWe~+`dd7^$#kRwwYdQ3J5pkm<HDC4bwO5Mr;AAQU`pZn
z>xjsN?dQ)X5V(upqPhE&VWQ8<-}|@4?(_&bY>fF%+haqw3_8swRwM65|4O7osQ3GJ
zzx!_Lq3n;;1gqDbB@)$J{yyfk>zo|$Amp@rFY~x+tDp&Q^Dov8s)Pngs(V!W&hv`e
zhW?!6WWR|gIz8k4Vh-Mt>LL1u>Qdu*D1XVnMU=Y{2cehew-y#&fB0a|G_bG`RGw08
z!}ktpFQxvQx|+?G%I&&|Vgf;@2EQ&w?=6GAVNIr8DX-<z+EqqAe<!W2Rd2qT16+k1
z{x85%TNmNrw&CSazGOL++Qf@tZN)r6Upeoom?#>gk}z++rPJM@r=V_|(I-ZcyuNAd
z)ErJLOVD|?jlJq#_Ym}i-llhnbtEJDo#-I(9i6jnEThP)O2UWcYhu5V*`(v?=4koP
zN-Vm9-|Jh<j|U@(WW=fprdwJIO`99k);Zyyez+}dcX#)V$c^-m-yc6O>kU0k>lvFB
zRW-VGi7P~(40xIgTidT+XltK2;c5G=+i0ZLd<0#|X&ZV=<$R312q`ah=GTPK7)p-D
zn-D<$&ZrortBJc&OEVre43)R4LaDE&(W=3I7ift4%1MB9-Ak{h%I@Oqx3^2F>z!eL
zKFiQ|eSO{6mpl}vXrAU@Q!t`pVDHSV+A!AdcEq8pT4S#(do<lAB{e56QU-v3Xeg{*
z2Ayiyt&PngReU(zc0uq~?RV{BxNhb+bCLkl+W~|hu>{MjeRB0~xs|4+m<$`_b5L-Q
zjtxdg-lu&%(2_~3?3VwmIm$Gd*UY?HQo+#-X8y>dxja9b^cDXxBqB>}_zC9cH)3J$
zvJ?QJ7?7K-O0eo<@(9<DCg)!<QLE?Qlt6xSGHmU~m(3-i8gJC&9zw(8rIz-JG4IEu
z<jIF$XtR}Q0DODi9WyD6Y<WV}p4eK8!yGnS#SDE(N!NW+$)%~xFCSnsX1-1@-}cot
zkjR_o0ANqjG?|CiWn^vjn0%lgvK10Fv^Bo!0`1~vRrHGWc)!4dG>i>Z=bEI;`9Q5M
zs(Xd}hBK?7)2T=w_inipus(A!2vV2otvVrPz@S#F6&n@mH8GS9o9is9%0xzQ*Uvws
zevw}9X4<W6X^yU_K`(|ym{Q+X5|7ZVRzx2ZY_P#PQlNEsyu*O=s5I`fs>?CWTCL&M
zSYPzRN7EPJaUajFbkIquD`ytbJ_I$1Bo%*T0y9(7Jc=-lLj}aX(>M$9m;4kpo%)fl
zU$I4TW!>vEa|QOran3J@h^!Tl4CM^Xg=YA>`ApX{%B%`^wc>5l?oQZmLk|U%!l`E0
zu_VRcA4h5rQkAK)npy!gG<%$fic-U2Qp@u}t=yp%4H4*;ufoig31j1oWn~~%d~bO0
zcoGYJI-k>3cA{aE_7Z(gc`jX50;@f5+2bmx!gmaIP22O+IbgYC#y|PcVk2>{5d2K^
zn6yHNH*zqcjoqW6J(|bHmfKoh*wx_YZ7d-rC9!e6_bm)jVV_msz@XJ@X|-A2LQ1N(
z<fC>I5fdZf8k3e6ArljkkQpd(T>Q9~{maW#-7EdH&E>TB^)^Ftw8h>}bDD1N-CIR-
zrL5IS8+t~)Z5`I{V-$8#72q)z9BFXZ;YdaFCD$WSKv`Kz=0dqU>B)9fg&sS!E;)2;
z{Ijq371>w?QEAE`#Ty*O4Co&4NEF?U8Fzwi&UML}d{l)N*97=(92XSC9HCE%N2%gY
z5g|0Kd|sK#th0JLuj9vrbfA4kQb!<6+CNV8v*RkKS(;e6esPw=VK1fdG`l=h?x@v%
zicFZvSW76JlJ4D1G~SpV-Pa=Yfy*k<KJruH{{06hZnBQ06TIC6GIYliI7)U8O?d%3
zJRBAy{_p0p?o&5Gg+m}5A6u9<YbiU;R0qux6_c}URUK{=;krGeqHk51iRzkFnN{>z
zLoUgsW5YSQS&BGpNmXCdg&n#W_XL+#4IF)JY|c+@3_Of7I!Odt(7q>kAPRs?;?g7(
z$QFvFkt+$&pMEMD8h)$*r|rpFnI9<UihRj?hiB+^KZuli&8G_rLB!&)6P6A~nhoKq
zLAM08d$EaU@8fLyiF_bdyZ7ZG`z`J4DhS$Db-qpt-P{$07luJEdmJMz+4&qxfysY|
zd+5sGalS$4iuTioqW-Z+XgE?k+n?7Zdszxq#OZ_&wU+R~Fm55vAPg-$!+miuwVTv}
z%xeMr5DnL|e*gpYtC(0{H3QN|6W7j2#43S$q9d4vdH73a2HOx%LlxyM75Kw~%vODN
z5F+9XwJg2M0Ib@MQ=nd&^W9tFt`Ccy<=0o=67MckFis}AKA?{Ti2(!X{1Wja5Au^h
zEyv7(rdyng7g~AI+zt-|IET&@$ID5wZkqv&0mPFb@lYfnn=SSI>8Z-Vk@v>12J8<E
zn-x<6Pzx~ufF`Y8_rN)Nr+PH!twYpeOyBZ+a3E7}l4g+=)HkBFP`Ali0%wXzcF~cl
zH{j?d@m|eIONLB7AK(Yl8$Cpp@6g<l-gOaL7(XOWG3<Q%o^07Wv_`973{c%X-t0p)
z?1>&ob<);=dKn8*q#=I{@tY{Co-t-AB%eY&bf?=CPw)ZUECZ}b)=(E|Oyd_Vxi%T`
z_n13dr>OJE7Z|NOa3&ekR`M?x6IV3L^uM}CG<@lMBE)Ya;DX5^O<W<(ufv&SPScUB
zk6Pq-!1zFy3AIR*#`|U=!tWbk_0xQ$H^r~C!0#VGgo07I@snP;<fPwX=z|LBV@(I+
z{mRH_dVRP3tueB3@<BrRHy@1nAdTG;ctpn|y9b4gO!2E4py%GjBm`m<4ssf82Tf%s
zOgpbdh&!*rHor|t5qE&@ld?79eX@R&gf%QkdA2e0B`lZJn)8jjzY1xP+9x!Tl>V)c
zwhR>npeiA1V}n-AV<Bgy$P~OHdtUy0qs=LnMjT$3s5XGGkf<hpm(aNE+vA7)w$6B~
z>_RNtZ1S-{9nA1~qkMMiVa61%0gD)D#FQjavBQht+TQy`lAR=PsRz<TeKB}{O8Bd*
zDXhs3Y(43~uzb#f)O>IOLQ21MWRx1MBmryyNKPvDw-g^-pmxDLohd^F47L|y)N~)+
zARaE)5^vWq{3$SzN35mE`VOWNmjB3Q9d^Q%WOh!H<Shq6Thh+8?0^G$xE2g$C`<`O
zO}z0<%tqsBa9U#U1HsHk@f*%hoK^HD_N^W=yY0raMy5gig4Q~_@{>LW_IOzOwEbM0
zppa$ucJ)H5CnsyS(Vs6Tx@97~E66g!6jhi<O$D#%j%T7YtgghE7Vlyo9gq*-OZrpy
z3%yLPTEC7#e!`nok%ZvMdD{2Mfj%{ttIudg_bNn#NZPK0=sH3nr6<Q`A%(>39mv-z
zQK428$ldtyd3<F!BJyL^<JID@!B2-EcC!t!^mbd@WGnJL+55-r5|-Rz_}G`%)6ftn
zpL~lP__@oCY3NfXLXbp33pdB+i}E13`SCpqK)su9^WyQ&hP>GAi3;r%A@yjJB8W-p
z$K}G#)MQLU!mG@^9H2Gscbk4(T&jv$d-GTIOC`giYL3j1i&_=A0WXQN*S<&42_IjJ
zjXcK7?_^`1-LKgm6qKe*l{5Ac55H@Sc}CMwE#7J^!^A1kKZwW@XI>LcA@pE|72&7#
z%+=?^c^IJWe2jb@gJMM|8zJF+t%HgEUWivM@O$m){D|K7v$GW22iA#}gt$65{&5H}
z+98s!DR?5jwdtuG!0PMpYh9KIL^o&QFp;Ea^v;H=EzoIbz5gQj`nEVW8PB3Bw4TS;
zA<cfe|Ld8$r=>&qlLvlLu+f`mjE2OG?1lj5sXMEo`?XnVdb<K{rRJ!O9GVfmyav)H
zQ3dXp7+Ua^C8-M!2g$7TXNg0!qADDEBr`>5J&@a5Y^e(9wyT{4;8#yUP<a1t#?xy3
zLhro5=X2Q1XO$KhRO>E(j&e{`NS^GE#i7%np?wBlSpGs{@#na&R!srlK>UXqo3_`5
z#7nb!q>ArPl{^m8$D5R4<A%5k@D7KN!^;#s4q_UDj6$fbtxnTh-^Nu28FY(1Z*|2F
z%)Qp&^)|n_uq`5K-_6|Bfd-<DoCUqQ7GA^fPIEMPY!-?Q$-8_mgA8xho*b)39?A!l
zm$~?I+Z<f|ru*&j7HzbDjoO4Rt!(OyxV<xu*Trz7$9j4%qf#qmCu9gWYvHyuThs;9
zhy-u9$rEh#?O>&}`okP<JD_#*>z_$?dKSBNl08UjuX|zWqXwWrKHD_`r|FvjxB1+!
zXF+&@BmknbbPuLU!9#%V37R+5N9LdB=09h5>Kc)jA;Urq3Jw9CbGu&S59I;?Hgvz8
ze7sI%jMl(qsWZ%b{2AH>ks|GMCR0864IvMOxSkr#1bJT3Ai%3vgpugWooUx>&g+;?
z^;uqTkkC63yiQQI&gF{EyZtjPQ?U_|e&}<p2mqKY3b0x!&b;ZE(;D~#C$1Zz=1r@u
zAa3VkP&l#Ri$KkXpBJWGK_YR08@AD!R}S1a+R1pL%)BpmHGx04>>j&x$esB}kzCD}
zR>*Pf9~GI=|7^gk6m$LyUh8JSxt3VJ&GRch(g)lZc@W#1A0l)Qf#^t$u>(PmeLCcj
z@j3z&xL<Khq3qJ}kvfINnVX&hQDIpSI34VNLF2I?kE*v@$TgPn0lSd;O}iRFF@SLU
z0MReul${}E)d8bOok(3sqR>-FFYj>eUlo~~G-CiKpB|n;n*g(#5075VZzgikkx;+A
zHQR}<0d39`a28B(vpZnflM{DD13>5q{bpT@>z$#KgK&!*vtli<*8*F92L;py7seuK
z(g$%3I4elrFxig-D=G0M8+Ujo1#2%=1LN>BVH<|Z%vmaQH(33c6Yf~kt5<FZ_st-|
z*q={C!mI>UO!&$>dyn7a<7=K13`{pru*^9XK=do#)(TrIO7OSUTb>+F#9#8tdV>8A
zNLxtxw$bwv20+W(uY~#uA`VxeSeCNCe@zx_FkQ|g@HlKHGYk9@!%FOX?J|4`Jrt&|
zl5XB^djZ|Wb;zBT1RIUL?ytQXT%o@7TD`HL9DgJeK^w%$gH`ZjRG}5dNvGQefgVE0
zwf)53{mRZ)V9uc1?)W(hdDeS(H6)gCukj%_;`O=o?bx9(5Qgg~UepAFYo8UuYt8|p
z&=YNe5D0FQP<6V74#h6tpp&z=6t!8@`*f*C4|0_?@)cjmWWcFSFMrK5<kNPzJ~a~9
zVKlfAjvB0b4ztk|vrA4$0vH74Lv`9?92A&z`nX}{OZDQWz}ia<BoePO)OQ(*v#rK*
z1fsg}4{c2Z8R3YspbV0eeQ1pMsX|;$N`hpKQ3F7MZY;blhAtB$%7<$U)I*>A#GQbc
zk4vYQZwYIj0R2wC*V~%!gHY`oJxO~puE5H&MC(t4^-#8xNM)6<Zu#7xLV)dvEZK{-
z8~mmth6w4J#5k_}-=D_K*o2KBV`6`jOB(jqv<TxEVYDWz8<$SDzGbJrq&%rro(HJS
zfEo`;QSlJ&kkBVBmz2tFdi_4tZ&>Aq@UtOL0Z;{dq_v8~{zNe^P@D3mFDw`xZ){ic
zA%_OWqw#NL&?h%QaAy9Zj_8l;<iA?PPTgT*ZZVrNhVS0AQ*Y~2o`+p$^{P5T5Bt8k
zi=cOQ#p)9MO`FfKYg2%7`3tHUW%n7*nJi@k&fypIbV3KoFyKi_v}TvI)&GX6)2Z)?
zZSs!P`W2;F+x}yoPC%Z_0o0~gC!6Fd)izrM1zN<im(1xS=<Vz|0Na+VYa_CWtV}5A
zeW;-Io9htFM1UW59?D+4c$I(PMi6uSHdzR!bu%7%d;qiz5(@%VTAj)Zz6!1i{uO(E
zBUlj1AAs!@Aa4I!taDAB@+OK#Ir29NY?1wS{o=I^{f2xl6e%n=wZAkoNP2d(u5*qj
z(6_gB@=jM3bTAR6CWy3y=q>i^px0<3no3wC4SpPeeb^dvPP`^%B!;c?8z+KD{N>w}
z;S;~f+#3U?ZGNcV_lH`YyNA(%<x|Q~;qNbCThS+bs)*L0nr!OPE|EL)t8FjEYP8XP
z5YmIV#SYzZ^Cy|0+hA9LkY>Vgo8<Mci0>Fo<$6u>L0EY67@|6CZ^kI~q)st0=8-y$
z*gNz_t8jjvz=o*i!%AaZTSa(%j<ABF4Q)bPq%PEygpB^tEBF;J@QW1oO#-Yf8?+;I
zK$56pCud($-5d38AE>t{fDhn^YNI#baM2$E5Z~5dUm{~nV2?~d6XX6pU8N~0WGYs6
z5ZVbKU*fAF%f3n5X1EjyD$E%5CIMwGLp@Zc{%@pvBx$x_O;}Sd@?P5)@yREPx3Ozu
zBKJt;n%!q_??e}Qa=-TtTw8Uo7q0J-Irsd=+0shmBqRy^oG`JpdXVy~uf*S`e1*Z?
zw>Y<Y77Oh2tmdS!jCN5xdy)3AqXrV^2PGtgZBMI+6MD$@z)U;q5RxQFV@>Nw5~9iN
zFxXJiD*nzfDxcw@cZVw(*U>qS5ul(c9*>#b3-L5KzU~x&MUeAT!`n4g!+ZC}-fQzL
z>DO<+>Gp_0jpH}Q<0+k40&f`3lUiml$_G+YeBdNKsGtXOLuO%UBrp;^Ujt`}FhG)*
zv=k*J!gQ?^%_Z$n<!sEiec{FJ=F-RVvX40uh54e|=<^K2C&>>~J8JL-7&hdybSTBe
zVsx!A3F6Zq@{|c-(}GCpPsmc>o~J*k5E2J^>JY-}bv5CsbpX>-;KGZ$>fJhzl2MzA
zVFJY_Ep${4L^0PfWK?pJ!bAlqltBuF*FMD*WUY@BQpFS<K<t#T?rD``(CV84H#tHN
z)Tl7$9s$;6n1?{c?yUeDURsm^s%dA!brYLnWkLj5sw<a|D6}Ot3E1{99??>*)A$Bx
zT|^3Rsdv7W0oNfHtpm?Ld5RP_0nf1%1<7M!$XvXFhYB1N2*X=KKKQCwLxY$TFJ-aB
zY$%x(C1E{fdOMl6rzOQR@d;CCgViRzhhdB;6=`~=Dd<{-)T)=9JKT7;lRtNje^^ma
zb9_Edwj)ae`3z-$VO?rGP3zb9F?zgR$S}_NVc#{u$#(p4efFxep2=r>;-N~f<Fhl9
z|J_s6U7DZ&?3|rm6(~zr%?ET;n;>uG*wo2YUAO8rh3NL9(fJ`|X6l;mfg5!9^bnni
ztDwg6^+o05OWNLrRBlsE#a@BCh%eq*y7287PN~S<Fxm*Bl8+r(54ONH+jd8$>)9H(
zmd?$f^&Li4)6O6rBPY#w$qVDw<8n3;fv>mvLlsEEZI65N+S<a}HiIB8=>Q%5hMx^=
zN*xw+stA_LLsy{>c-S<}%RJhZc_upSw>dW>`mqoKu@{vB{H+&1l6gSB$^J!&{Fc`h
zXLmSxzT2&d%3z0>jx_Do^UTpcHa}e-{dvcaH?Gf{IKO$m8x`IEzMS#<O_t)w`V!=B
zx1rY($f6%GR$75a6a%`oxWUjaIsf6^a6Vm^W|?a6*hTd?4sLxKexLcnQ6{_lLf}<U
z^E_#W)&F?xrJ~A%^v78Y)vJfnz%d)^2;IQx((}>;S$T!<^7C5TkBi0cX0P8KgFR3E
zOLli0Jl70=j;PLfej)QJfZWgJvS)SgFJjPWc3JBya$oLiG;#=vTx~AfFWq`Sa(F4g
zW}oE14)3izHmaT1<as=&d}n+b;4=Q0_IyRB?B{r4Vbk#}c_zfuB;xIFaS>a8+E=2i
z`0!NZB<QR0NSh=3dNXo<oakwsrP=7*WiYU|K*o0v=8L-W(e(EA`Ei}~q0vjuEa2!<
zKDT@z)+BB{raJ;?X)Aqz<UG~OzpXO%#cOb#>}TWSY;J%0XMH>%kWroXecO71jk+ET
zTm$o0)QYpHvN>V&c!F^3%;MD(w<C*(z}{KYdX!^vn67G(otc)N_OcR!<+-rRB<s;t
z+sI6~ZgvMJP>0gANWPMEvhDkR^SYrVTr1jqO_bub@^1y86#q#w1*WItd2?#+)jSm+
z+aN-#+7$z$$oFSg30#xeKswWBLJR%Xl8@yA_QDOLE9=t*WXDci7MVM>{26p5Lo(Se
zimgW9YHto_#>yKlmBZyuQp0D)#&t?d<}#eA!*}?LTF9CrzSMtPca+Z&%D(x<lyj`%
z)WS4PRQpf}VyLQ^+v2f_6{>;qOrBoDm~4Stqo`{WF0kRc&C02W=+jxjN%fMbF<1Ux
z@`J9BK&BV2;pzkZ+FYr^_r4nkn4W;|hBhigVbt@P#TM_(ZCnm#Nvp&tYM3Mn#QcF<
z?ywGutWwdMWao-RnEv0SgQsw&7x}-6edI`(mU$>-0hweh+g<7Vb2#Z(T1UY7lDz0F
z&f7KAOVvxKZmi}b3H&g4-j^QBFA+$eBoLT2>X<NpI|mCdgxlP|bhyB{mgXiWyc_3^
zb_k3$Im>6;Pr~0>?%zsKUqL^=qFz&#vQs0geH<NfYyIAptD(<av#()B>xgKpw%)a+
zWgJU`3;H7K*02x`%(Vo?H*b^^ACkpn616~z3{m>>Uwl7cARTJB&Mtn1B3B*->JnYJ
z1D4fWR5}+HR(SD0q9UK%vJfi!gTfh>QZzhKezy<>V~%~0_&&dZ;r@Fkz`bSuz!mNp
zLz&Ui<HT=S<uQ=6BG#6M<eRkYUB3GC>_wxmCWzFmn3fbl_sP8<3OsB<P+M-npf5c)
zV_0=H;@2~VTdA;NdpBgx(&DvP%I@aYQmE)Et6!nC<4KRr3L0ikY!J(9skf@8bsV{|
z&N9SsA3jm!7sxbsASjtepG*h##~4|TAQQpRN*TL)k>lbg+=kBWr=h;@J|$`Fcd%{l
z0CDnSBXHTME4C2^D{!4Uo}DK40ST&D@@2f9S)(QFY{q8~lNEg$`kdx{-OhZfv<oiX
ze)O<pP&j-XO;j+q-T5q<$43yu_-Hz863tQJs5pd!e#|ACo_UlmzfgE5J8dGXhJ|(_
z#2q|snToG5?vuPS|1E|Gz>E;dx_Ejl10vdnYWo^M&VQ)dlRbH4p@<sX$Rxyk1RU93
zhpJmMLnAajbI%=5Xe=peoLHSLwnG)598yrrIKL{b@81oaU&0_%SO|w>IZ_$Ty|Hnt
zQA+-?QeHzO#Bj;tpm)SWWF{6oo-7;k$@2%-;+b2BTdd*G`Mj|4@M6X!{aO!$E+~Bc
z<eJ8ZaA&Jb=x|21l>zKeZ+@$zzBZnwqFg3Wa^iR#>9u{-|E=r8D90?7i;W&uxr$vL
z7jf+mj)&qZk*{?>C<&FFRF?1&`{AG&8n}tMmWberj+{H{R(Q})QGU4Tr4H>!W$YN0
zaF{sE_`3HOc#X1uICe$Tqq&agCkCCx6W;zBcT_Ir#J(T_E;JDl2|SOV(;6@DekV9-
zbqKae6|m$kE?m2Hjh)7K_{u4Z4An7zc!WO-losd-?lQVuGRl&iFL5N1ORryxTn~`y
zKGpuM&zvihT+?$dH=sT>Ur<)tLxZqL>Do}L?to0RdzEgd!sPP4&_;VOn-~<wsDDCv
ztLN?I%$snm>T{}^B~~RD-lOO1JG^>kqyFnX=6Ys?k>y-?P~}lTvRswCdC;{6?b^jG
zKbE4bSv61j+dG+T;q(!hZ|26#rsZU_ZdTCaTh_h6^s5X9DEV6bFW_Pg7M893dLeQi
z{j)2t_--sMUyiorxZGSgD=W}&(m9!mSCUBsXL*cUIJE7LzO(7U=ax@fZgQU!<pnXd
zJ#%E~hSDwirF}c*bKm;vtt5XAt5(N4BLE7l_{@!Ot*6%rozG^j(Mq{anmR>g_{>C-
zD$8UXzRgPFPMw%KMyBqDf%7+vl{RyXrmt`4qJ_+9a~j2zjRBs)ngww$-HLs|DQspc
z1frC}&4zty(mLTz52HFys9V5u7`>?{Y-0o+h?XhiCN!DV{L*P^r!jM{z?8FE{P1(6
zZJxHHi>uh$Q5^{1+NkjHyWTnK?C?{X4DT}G=>^GQd^({(5=`z^NI4Vk(QSBka3iZc
zIWch@KG#qg(^r`z4hfKt8F=IPy01IHB7e&9){glKRgqp0-Nqr_`fMwqQa*Rqrv)10
zZ9(v_xMI$ucpK`-faodGIbRqF$1fEdvvb4?N4BXP+E&ZNwW$3*KZ1l*6@jxAze4qT
zU|7w_@sG}xo1YNC9x6LL;c9SJqnWU}Sdr&Yp79$iGx`fwDm<X(C-!i@HDayuBBc&t
zp|XUgHn<Xs;<#SuXPb;3!Q$_8b_QV)jK^d6nLpYv{fjtkJesgwG%F>y7Z_8}`y3d;
zxoPac`26C}nUaz=vo;EF?j4j%oAJ^D%VP}MJI>J~BE?9zVQt5R^2SZt^R`u2-+jW}
z;IeFar_9eTYUV(Cojewi)#{c%zdvHFOJ`{BC6t;ETYoRoa;m1UZ{vs^b-aj{%M|qS
zSFn_wySocF=gMeQ__4Hs^(l=%bhP9h0Wq!Y@Wy0bpe#-Fryj0mUm!`pq+nX(y})Ud
zB>y*=k}!+)I3>j|r3{CNUv{}_s%iFAP(QU(27D2x9dSbec@yU*FxXF(5R-6xWaKP9
zcdRdlaeqh|VJAijHRbS@q;;{i2y3h!ro7X|WXxI4zSa|8_K{bcx4)Y0d9XmZ;m^v>
z6i%Jbmiax~_F@t#{1q<Ojj@W37)E=B?%06vE@3183f9+R3(mig?W+sQua<7Px#})G
zD_fgmZZCZSP`B+`wc2O3Lv=;W&=y~rt)oeq8}^)`i=(&29JGu2HbB{McIruc0>Tsm
zd(z7OZ|YnEF%svZ$qaltMZvdHC?lETX-8<lrEFZ;iji$iw6gl#t%NnZnMM!EX_qhT
z`6&eCN>VKApZiU6B<C*1=xwLn^&%IR@qkAy$U}iMpvmQ}24oMOVdQ@9W^Jqak$PKW
zCq{Fe!rYqjDNGJ-{8QF=Ia;Cw$mN?tr20Z%<6Rr5RaS`3qC!qNzVz;wr4s0`QFPep
z(3U4NQA24L3ZQG?^CL^tq>mG`mm+glmoKaUPgC8Rd=1fk9OSBV<ST1J)cVsk8IXWO
z7F!BH(DE$JPm9%B%Wz4IMEr-dTbK$jb>C(DUoF7cw(F*^F1$F-w3V`&y`;*seOU^K
zZJH-14er)!sC8X4#KayYXNYF4nhr?PEFK*rR>=(u1R7_wx{T?wyvIPU8V`BnWCN4w
zVrG_g++=|w;7W=kNW45{5gIO(eRX}t&Tgg|lv!9Y-%_nx?$&F;C8k-($+!^ilRTUt
z`T0uEf+fQvbd(qWw2lFXBTItfqxn;&a7VEwjq2yG?wK+m^4x2;*+Wx)q5D-)VCLIq
zciQF+yo5!4P6WkdiTxUjlyaTL{JIcv7I()>`P7!?a@O^gGJIQ29{uh1vWh<8bk|!H
z5I!|QFr`gwnW;^d_zoAfx=&tLe(ZolOUisDDeyLw<m%kHg9Gkk=LM3Dfl}m%9n6n@
zL5W}KMek2em5IXjup<@L-i1(pUxs>&(J<s^<g|0M39V~jpylChsAv}*5Y^!>=9ooB
zwKMPG&<1icM*^8pw1S7MM`2@cVQeJALAuE|j4+>7@)!^w)8>6T`t$`BlPf+RPMcWK
zpE=XGGc;?a)gt$i6i{TSA93~TxizMAPcLI@l!ZfAv}<%GxgKc>>BTeby|WQ&FQYC1
zq79p_N&7Q@kb!^j>A@@!o3=@!^DVT@=<v-i|7MsvXniwOEn9MWuGDC`JPN0;0;2k<
zkCo>5T}+GTs{+qlS;O#h;OKrLzONrgk%aK1opSmqf7X&USLs@&a|epY4-UKDQ;&Lp
zj~VJ>G=XAcI?tI+?IUxrt%RZ|)^xZX4Qr*346a88iXv&r6kocnqkNefcX<E)?ZXcN
zar7P_ZhTP>rre1^WUe{w+08JuBFLyz9WNPWNaHf2tBjQR9lkjUTr|@>6vtvwFiG&R
zmYry##|^5xuiJBOT+Hxd3Tc|IP&J!<AdZkd2dwShel^}N4|j<+h5;4%Wx{w#@#+Ci
zrYx#YTSn1}b`i~~(sukAGA)G&U?qp@3~ZKiooa!^w@WaNC2NFQG)W|?KR`wP^cFK{
zrNsVi$Ig?J#AV4uZfzB$@iv_&2`732!HkiWtd@umG`R%<l{~lvL1#e}C3c!iZ75M1
zo}V|UKQicR_9SU^emHk<E448Cov>~JB!b^_(U(j5wU}v+kU_hYrKYRTnN&b+e>WC;
zru1E|#DP6DY#M4UaA_r-eE|d;rXLjWQJKfS;`r;kyTYFJ{%;{G1(O8bt|ffJ_|fJH
zHg6>@WjhO8Q2VL-<47gCx7csIcPVtg8quDp;1@FJiqGVv$(lQAevwbQ;o*PO?{4#1
z3=cLwewZy^3=}SED0VZ+5T;gNbaTmA*;5}3dQOaRQMu6UyFnPJW?l!CX!7y%H;ggH
z&!3&Cq4@-bd5wx>A0MU?7)}|L4qGdJa#;1pXqeM2O)bBv6@DKqHeD7xVdrQV&BkFr
z*&Ock&_mjzBDZc;ht|+bNQvtd+^AWiz1W)Q)<j_&u`KASoHM#QT^XehqgTSSH&aZq
zo<44=T7Pr{r^{S)B#R1yU%i5g&?G^B|05VfTUmNxm+)7}83ov|%GI~1qW+7S3~gi!
z&Aes9*CPG-BsFAd=mHb{&zuCFZVZ&MCK7cLjxHz2QIfU7Q`>~Y_-emQbiL@e%Ip$~
z4O}(l7r(hKuZ%`!^1Da#<ah{>WN4`io;9K}+52O3=nGiO4UfTr76lHIYs`m<obApM
z0~IXKQ1vwYInchUGGv%rSKGat#Zy5eAW@{%UB;dp@X>6{mEk>WxEbhCMDN?%PrDCX
zJ!UTz`urh>dA{T_XavRM!L5yp!lG8G)J^UIIZ|guWwk`B|9MMzW-^~~zf7I*<oKrI
z95;H*1o*>@Red=Fbi@gFTH&T%#b0uPCfUV6Q<G@|%F(^Bk3nsaTkdX?+gg|Upu%H4
zLEY2Swa;H9Il~LgMzo<JM>^GEuE6c!Kg2wDDVv6?RAu0_qLirZZ!EAh1Cd*BmIK}S
zC5#6JP8<1q_`wp}D0VatTE+%QzH|~^_@+<QG~B$%c?<j?MHa1&Ve<0GQiuI5Naw&E
zO^e;y`A_Me=kVuB1h%KFc}-n^Bz;ri{m>{=s0UKcTNXC2ruKa>3zjuj*vFT%%rw7U
z)=?n}dX}g(dCE!%4{)ef@k(RyyUGg1EP#u?E52HsaU6_`5n9Ln`Pi%VcFHs>J9tl|
zkhmrrZv;sS#BVML3LJkyxN8nwC@L|_errLD`ErItAw<3P`Zm-l!WeL*g&z-xC|F;p
z%1KRRnm|&sb2m0%1Pkf(n4pyKCi>a>YBZulvp3vJhb92+G#vr^#b-0iM1?Y?ikPI0
zVA>EZHg4U2)1^blhO%2kcnoq`R*cXy9u4|S+p(z(=tA_t<7t5i8h)lv%M7!c9O``r
z#!t3lUN?W4q>W)$QNpcF@+<hNkXJM8caLPn7B8vw+pi3ylW(c^k0kW&Z;g02P!1l&
zi0+hT`zd1cPvl+~KeGaV{Rm2?aCjkGNx_YebWPkC0kp3FLh}<BvJsCjq9cE`JtA8<
zmvQU-2|}-b+NdRYR<`F+4SOBNa)MbCdBd@G=bM2l%O#=9Zz<)|3V<R6#ta5=d0j@?
z0}&LZ)h9K8D8<8KoGPrDk=H81jGG}K(oC424R3LZFoAffg&aV%)S}<kP!*!7))aan
z6$!Ais$6<8<}z{EGLafGu|Sz<x9tmjaDGWXsBh02pobtnm#=3o>0U<4l`lOTqA(c4
zJcyWSFIJg9!aa++d@7n#hU88Ke=OE^_^zI?Qp|2@%R1-Yu2c95Y+`hUrxk!LDh3P`
z-)7q`v{rfQGk~U1MMNnuNs%USgVk{s;zuMwdGTQ8M<t0@5~V9lo`kz>Q=cq91iJBq
zmLs?eI43g>nccYg;hzCH(c=;a!Nx{!Tn;GH+w>=C4%OauSsc2$0hXh_!NxZc8U}xp
zS|~V~;&y{+!B`7%l>QzFUJY}6@0l+!Wq9c5hSq|&7JmL7EgybL;?U&gtq-;kt=_(D
zJ&91LM}FxP=b`Qmu@7lm;7gcCA>Ncc=+NQ@(Fdn3%;>#SKF<{E4XzJS;lPhWp&Q|c
zH~taA;y<Pa4zX?+9+3Ux+C_aQ!G}yYo;O?%aFnB-hrTy3%h3UnA_aL<Y}RBCIA`yv
ztg(?qkf_qTftK&0`9^n`vt#MDhP)7Sqe{1qc;P2Ho4shqdww^)ndq*&A~uMK2062{
zLYmz%u=f0P=F5%8+e9>o#M_o?LX@w@*52vU3ER{8l&TXtrxV<u6MnlG2;MC5A~1^6
z-c0qv`PS927;)k(<k%V8gpgHDpkIx{vxB=D<<Nxk-Av%TGp7m3(+vK+tL^?>D`8ca
z-PM*CiH9lPd5`01m(gj@^I|*<FDL@u8Pehx_Wc!k+!n9WCbiNQg<#AKZ*Y9)`|aC%
zdOx5r99eXH&%h4WW#m0|D^y;La#!j0%;k|6)q2Q8r`2}d<<dRz6P_QdFj`(b&koXM
z=sl$$`+5*t7kIm4d*pKO9<de2II^l+d&lmw;hx`5Xg$oSlV>~Ya_k=055&}tvJrRD
z>AC&ma_yefkF6bTBc7}iZ9Dw3=N{vUJ^)!HF0WI0`wa5GCNLtgd0i9R2bVwZ0Z%-w
zSRE0@-E2GBmtXF=p7;Y`IwC!{zF)4~lRU8opmoHHbdqhyUphXqzrcc`M0)ae*e*$*
zXkHLsNkFk3T^rjMmv{H@tsuPD2vE1kj`5}N6VrP9`%8K;SS)dRajdZF5GuhT$|ZBm
z4291L<>rJLO0I**N%EFSf=SAVgUlRRqZFaV5!lI?9N?5B4vzSg<lp8{<>aa66uOcX
z5g{_NT)GP8l1kW;vKo?#KuLKwNo8bn1YNnb#65F>uB=ufp_+V5F(_^}8E#r8GlVNh
zCn6P?j5{r7UmRPHC2&NZQylGv1%E`*w)?I&^DBkj(3Uxg3ntzXmE$&r(Kgj{uQD{X
z44h0vh-`@D5P4)GuWSOfY$64R!Zfu+9QpgC+g*BBAYT}<d>qw4GS*<^E_LmvYy~BX
z(xjQeBXg=H$#HV4Bv9Sp(k}5eo+~R~e6})oGSXn^E~P8`k~k{`IH@CPWN>d6u{PB}
z_8X;kvfW_AF2AeLlC&c^Pg2(4*e<RsQ*-R9(mA<j(vQKlT~b%J=J-`*QgXDU@WGy4
zjB9%D7(u06a^<A6U546VLB(8(iKK(UpSyr-p4#MA86!%zWRUhCq$<4T_YQ8A^+^0a
zxUx%f&FUTBsw_-SmJ~nec+LJh#7|C`DleIBko217chpmkpJF@3M$*OL-7b7B_(>*!
zQY6`UQ23f@Nm+W3K9pVoBdX9ksz4{I$cr(0_%p3)ayi4ShAkmi&TxUHO7pA&WBhO_
zVwvu&y)CMy3<yWHPXmDq%vds9=B>fUm8U1FsggP?Zi}HQB}>nssmSu#JSAIAMNUqt
zoB^ez#4RP4Lq)!<WR}C0uOUcJwzAN+OmA3bPW4s;W=@7nm3CM`m!4@(p+TiGCDyiR
znL%Jq%w5e;gJ&<_r_AX1oh?^Gn4Ua|Qe{zgO7wBjDkvrVT1~hj?^+#-Q3geYf>A-L
zjGjxTuZ%Y}KS?8surRC~m|75*A6GoD{$BOH`T(Sh-hk?WI-Lrg8l5UpS#r60nR@w5
z*-UxtEbTG!vBEL)vHdaeG23kOtoQ8iS<7SSWAS6kV^doscLaBaTkT_xW7lIuTPAlJ
zcN}*vcMys@i#v(CP(y6Xr<TN)$d-(j(3aGe*p{4@;Fjc;=$5RO@D^}Od`q5BpihEN
zgipFph);@7j8C>tkWbRGl91F{e(vYog4~kaqTEuW{1@r7Vk5{mc8xw86&RHm6&aPT
z=dTxgs5+@Ssb8pEs9mUDsFSIXsgbGvD332!E(0l-Pn1oRvy}<Wf@ig7H_EHZoywfb
zFUl^;$;#Sh<7bs;CuZ4Zg^#suMYzOcyFFlLLOxq(T3V;=Tj!1!)*Z>-nEN0KrRGX2
zmwr4XaAOrp9xwWN1nq+>l$9%iH!bDHZYVxcB7el;Lu#lrQHnQ-<3`h#U?izMg{dc}
zJp+oiAz&%RsZY|HvekpYtt6GDC^wis3~ez+N>%yV(_an=Thh3v-Q9%NM0uta>m#{m
zaF^wHW?0;q9Ew&BJ(iU`Cv)8J))WN}Nn60eF-D421q;*RGbh$`XN8Z}JZA-M_3`JW
z&u)RJ(=cuks52P+a%j`+{7Q6()H#LWhaeMvMXN)qL#m_O8`Ybs8}^%;8<(4_8-$z4
z8`&GU2lEH)2aN~dgPRXkTcmKXaI$c;aF%fR3z9#pKdHZPTSj|edqR6ed-}S#vAD6^
zYifH;dv<%!x}34Bv6Qi*v4pX_@q1%sry{3(r(&l<r_W9WP9>11(u@3y;)}uy@Ph_`
z1oVAIc}n20^vLSa>geF`;0W)qV@lu%?+APdKGHtaK3X_jIN~|vIWoM_zgf8vxcPD8
zd-He$e-nQ5{>Jga>;daR{eko0;{%cp+B3~F&a>x(-2>5s{)51S?*qIK+cVWO)-&fb
zQd|5>>bi3LWD&CII|=-#0)j9Tg1D^=W)N*wMz4b9=XdHEHluE|;Tc`K9Gn?~w0R64
zEZOTa_!KDAd$BobMh!lvFqrML?~VFdLaBFYa3Ez!Dd13<6f1Dmr6;nxN_Wu{;1pQ`
zW74MBefm3@P0~0<()UIYEotha%1vwusMH5$IZ+g-W_r`{In7MIDsawp*K=@xjs@9R
zohrc347std#RMOj_+<2?&y5mVvV7#Ni*w;%{T%PYN!mYhpB~UZ0h><F*%^}l4$Gu)
zlpM=!TOml6gTXR_z;aq4j4y~UNq2&{k9dr@hj@f|fOsOiGkY+**ZzZ&rILw~g_4<)
z6*os#I%hg(MqPSc#>e!IcLy8?><1vutPG@dq>SkF=nR%on$eO`<BXB?kqoBv%F)zO
z&C$70uF-~3_t9HOw|cmJ>3!OL%YEE^t$pr&kA2jArG3_Y$9>X$qkZB1fPJWav3-ht
zlYNYR)qVDTmwkkNSxbSR*mc3)nciXEY2I<(x!#|C6V)YqCwfPEXLyHtr+R~8y>q;S
zy_1*vTKihZT6<bYS_fJu{5t&x{d!L=g)N0mge`>4gss{?{Ca210cq7`)o$5t(r(di
z)@~K>;TMMphX}g}XUDt8bmNTY(YKt#l(=;vB|4cFI%#`4xnrhvOR}ft9*6>|IsHmj
z9~TMi{|{m36kZ7rw(GA`O{ezMwr$(C?XDVAth!U%wr$(CRy}pQI<?z>_P>wz(LPFY
z<sfIdk~ewon~^VR#_Vq6n+FzOR?ZL>uu;OEMQ?D{LT-cAgHUgF)(X2G)1IO$-e6d>
z0ZnsKvnfgkht3MKI#Hv+R&&T!hoH&|@e<90rYqWDw$@myv1%Q+HI<{$-Ckg;pR-Y+
zI)bAKYju*diNT)E&TMPlV|CV}KF1z=Yle57ur*B}+F+*EWUVp0=|Y?8!t_lW$aP`T
zQyq6@^<f`?*a&I=8?gzMa}ueMg>#m2ojl7leBFd|#&Vr(oowUbQsr{tlI61D()se{
z67DkMQsxro(fkqPQT>tq(anRbD?%VxAW0xfAWI<p1Kx+xhtNl`E2Af%C%)%*Px|(t
z;h^E<XG%|WPj*kx_N3v2;fUc3&~V6b%5cnZ&e05D4EUFi2Ur4302Tl<fYr6}wfVK_
zwdJ+RwZ*mBwH1*ukvWkmktLA{kp+<%kyV~?o_Sl7QUl+5*@o4+)yB#C$p-d%UjyF;
z_D0%z+J@G;*2dbu*e=&P*M`BR-sRRM-(}aO&*j@C>}B|+)TQI2*&{meQSFiK(e)AD
z1Nn{O4fD<O(e4rNQSXuO(dQA?gXxXz4gHPn4ZbVxBV~Iow!R4efLV$=vWO?lj3@T6
zgPt)fYgpm9)Jd(w2IR&Vo;7gf!q&mhm`Ar~>D<)8qfeqWjOj`N(yvXXJ3Mwi0{J>Z
zXbot%z;{UKV^ZxG>vI6x(vzHB6bEQ{Fw2hFvs0Ixf6ewY?5Da+wI6|gI8wAlR_)vJ
zkZFyrxFYJ4tqo^zvsvv|>$9y5wzzQC#@L-)>cg&0xI1rW2Vd;}>KJNY0pU6_cyhPJ
zy1Fpd#<{u@&Q86w`_Ilnw-a;qhqg0g?-zoIu@4XQgXCOj9Df7xju-XA_=5Nn_2vjh
z2xbU|2&M?e2<CG7bH;Oq9rhHD755d76b}_oI9;;Z+1lAUn%bK>T-*DcPFzl$Ph7J)
z;M?IlqS~W67(f)D5|B~HRQps1U3(2E1*8F50das@K<=Oi5GNQ0ED5FrTY|B`nqW?_
z2N(&g2xbHW9l?ZPL$Dy&9}EE&0h54Dz^GsqFbmij3<s8R<a@$s3--zM3G+$yiS^0#
z34FtAOY%wZiSWtr3H3?wiSfzt3HC|a8tED7nduqond%wqne*%S8}}Q&`nM+t?h76X
z9txiH?mapgxfnSEPkN7g_j`|e4|`Ai_a0q@T!2E(Lau#IZ|z1MAE57ClVpT<A!S~f
zR$i$mUb%AzO)oO<=Keo~Qu0QXPF$aHd>Mt3<__;(zWHMbW#tWF-%9wh7!A%H$-S`p
z6B^CVonZgP^rh&FHyYNuK{K4xx{LD0VLHL=PSm=wH5{_@Ca60>d`I)A>5Dd+t=rSO
ztpYyd_NH>(y88<3_H*4TbVqRAVeL$E-7)ym0S>pGJ$7b2|K|8&@6PZ&6ZWPFMH|i3
z?XTU2-(7f7T_3!8ab55CbjMwveE0?+-$MHSM!rK8oJ7855uBxZCeJ$ve>M@Ev3e$Z
zCVP2!S9xD}XL)aUcYeQlhkK8BmwAWzGzWfSe5!x4f4cdT^+gB;3nd9f31ta|f58J8
zfrLQ8zKp(rzWBc1ed)V{MuSF^Unzajec63MyOTx}Mk7WuMngtZMq@^EfJ49@;1A#c
za17W79Q_-eT<=}~xjwi)zTUq+x<0%<A=)GQLv%oNOtepQM07}WlDC)lr|nJ&c*FNx
z_G0yH^>Xrj@`C-`cf<FB{gU>a_M-Ky^|JQ7_QLhd^<wa@_rCSc_ulpH^Zxb@`yT!-
z_3rp-_KE(f_R03?`U&rk{6+DF`Q`a(_lftZ_sRF^^9k$E^hNfC{>AnM-xv3lvO5>|
zw@8N?-YS8fHfq+iah;wqYHo58I60e{%)w(PySiL$qqEfHLJ49y_)6lFe8=67Ma_J8
z``0@cy8ij$J$5?BCkfnPdA*BW$n%W;>^8eUAt?I)O!a-lE(rN4ygTmRe?k7FPp9}l
z5RiX}dkYhX|BC}jv)%uP)z344ruav`8Zm%oWxznufno>a9wwG2{A6F~6pyJ<SRQ8I
zTxO4`u&Gus-7218@*8bkuvE(A^j1hCH-zQ{UbB#fOzrpd*yWqC05D&WL!_<6sDANE
zVi%c{2i=tI3pA7gB|LMPo6t#iKE6{}+%ul0f4xXqU5E8XIYIjrkbM61hFd)x=xXsa
zp155yx)u2Q`BQ)DExeOA_vO_FqIxb?h;P2Zm*rf%DSr;)dUPN*5V{p8&l9RVc{l$E
zG>QtBOcO6ZWWVf-x{{)2@(qFc`n3A$4(SFC+Z>|2@tJbpebX~K^ZA57CRU>a%@T=0
z&Bv(R!?w&1Cl^u<uvii`iMJC_kdSmfaHZk#{SzDTj97wh$R<#BAiBnGo^C(JgKcVS
zDUk~tMFU@;2B=>6dw-krPyuqdn=EO8avi7y2XQPG>rCwXCqGdAZ*uC4_n7-K52LBZ
z2WXPmzCZGYJto$yKQi$49!lkpmo<2od`&##-NhE9c(y{k^zEH{lD%zY?*4AQWfJ!n
z+?eYN7%g-q6N-A2GVEAb``Pi|2c6j=uW<~Qu>cMLLx7n_(h0%uE^i*@j&<(`FmX$T
zbJ?RDJ_6s82wB1~(32`5*mCHN#9C|6mEh9KWNaV>)=afPk?dhy;+!l`<V(JlVDwi2
z5qy_mhrr?wKkP!&L-x`TzGGX$O~{sv75Mwi1lW=yeRgQf0yK6+jeJ^l*wn?4REWB8
zQq*DFzsKnn4J<9zywPXEbn7e$K+i9Svsa|3H_tv|+~?Rv$jJquia&=AGqeR(a?Z1o
zJ;}TBuY&hXhT^d5aF^(Js=8cHCaurst3jocr<=GR^~6ele={4dGxC$ab2H+v5j_=9
zYb`VIQb-<{-eBF_p`{dyG$K!8FOn-R`jB0t=)FV<k4kczry4UCe}@(m0rn}?sQ!R1
z{*Uod#h7L5n~n(oO6uACEBPclW{zoDHk}LfvH-Z7zm1Lw`QNf5J?+Hv2P<CIC&@L_
zFX4YSrXgzQj%LN6S`)BtQP=5Eag3R0#~s-_lH%D_+IrBC&r0|+SXp*W8>Z|xujI=}
z1amWw8@Wds|8gz{)sRh!0-IJ%*-r7{Kc+1%wNGfi^Qb1>*RD)cgplR2qGtbAgtU_W
zP6yj~$(fa75ws;rtghi*^UV;327xbI4ZQ2Nl6{nq3FnMM+OcV%d}-%DI##G?^T$m4
z2qTdgqf-K947AUmMu#tmX?g9`(5MfWT0_w`sEsJ!V{z|5%0Ds*39L1%1=XWdCg}|^
z*3$6r!*ykwv?dr_VJB4magI;LxlCU|FwLmfnHCL{^>*z^@AqoEs92-SiozruI@oCX
zR#A!&MRE6B+r#ALl5wIn8v!O7<+zwNmb*)?aEH_^G1Mt#DSOLq^5kb()(1V$vK&8|
za7|@om4r$V8uCfO1C50!1OJQBMeN79ebc506QwK&D3OI!FcwW8rpzs%Vhp6MOpx~_
zUBKXZh(L2DZTeNkMMI}Fh#*57j-6CXHqFW()pxp?%UdH>qEv8(F=_Tw;0BbeoXC=s
zZ`0_2T$jqjal=v-QIk;hJ|rBRQ_^p$M5QC+)cE%;h@>yT3do`t=oz|lz2v0uJ_KLQ
z-`nErbY3wt#&<5n-E^gz<r)8S+fjtt{8IP4cipK8os?M3_(@u7$_#L<=y9F#nakt*
zIy--$0@h!>1_K9ozd%*$zjQt!9A2dQ*-n*lF9}(3ynm#qO8%v%jQueFeV{%xmW^WU
zX-8eYmmDgf3VbKy-Yt|mj{Zz}`STEwc5snMki7HiEvv~<YqG;xfzb(q<nDDodQRDe
zefIdpa5vJcu;wAOB#y4yvC|Seeg1vJp!K3K;m@#oZ+Uq=Vp`AV*&A^}!#L)rM7(r-
z(s!xA1dQ>NAE`c(O<qx<YKT7hP{w$g-=KyGuG4=T>H>|?1scM=kKO~*3?De!+$!8^
zJ7~~I<@D7`Q?`x)-qlwO$H3LA*F%A_S)umjs#RT8Vcn+6>YT0&A>Z-$7y3KwP>8ma
zuA1Z>$1zK*TY>3AlQ$Fk&A%A4ef%Xf!HZsd^g&jnQzHHq-xmhA%q`8}nj6R)HA^%P
z0p#d?DZm-|$8!19zT)$59IB$UH0;IRXG$@fC<;xYG7q)He%m^{bP`M4B03%5*Sc^-
zU3h3yV?UxVh4qU644sxGgR{vmvo|Ce?y*v~L4>ZvCQV8|qJIuOFnG4eQO-unx(+)F
z9yckJUJeXL#2wg)1oCd}CVr&I(&VBjv9uFBh611Gt}1?PQjRJ`mAXHpD<=IJ=F+pX
z)=jsNRZv+yNSaRe-#kWX#HUuxzL5C>;fF_A2y1jFya*bqgBL3>ECm(ht}JgfQ`6uR
zs)ES(Mka32DAw%b7U7}wz<<6&_J{ta_5HJ*Ty3-H1t-YBz~apziS9Z(`3IPgy+Lb<
zYXN+iP%PPrJiMB5rFcKLOOrORiuW*yMN9HLYmxGvs>`!|+PYLxeaLP3GtteS7)uJ$
z_|!ofn86=}IOr!~-dcCXZnm8c%7RU70^UaX81>l&o%y}>Ut_(842*W2^ga7(Ts(vS
zk$)I`+_L+u&)%wbEalhQdfHCu2|p}dO@M1FR<-&+yFje<&_e#ly<Em)NTs=7-!7$#
zP^?qu1_|N}42N<(>j6!|)?=K^b|LTh0>7pFq7VurOm3Teo9atFt&Kt}!e35>m%zw+
z41{qo*8*>>So@IJ9z86B?@2l>c_mJ>&*0RuV@9AG=x>-fZ%HYI^BPQ(kvzpA8jxU>
zpfh@R*z4tO>R)sgc#@`&2<pQmdYkC!vsgGl6rPe20dOWq#7AJP7X^5SpTUWhmXj4O
z&xh*R7X4M^)UT{Hs$8hzlRyWish?*jFWl;=YGh!1-77Kmxwx1~zL8E0UyANV7}e^S
z-J|e1lP(z$xlqs?{Ko>p+C3%x1&nUK7nK)kwHTrhVB;0k6Gl&yV2VZD#vCK9pm#}G
z`_2k&y{7z`Ufj;cdPW?m?T$h6&SK2cG=w6@bYZGJ0B;dBGnll+1+w~UcquCbyt8hd
zV<yughMbmdc*yh)=e*xp3fOLfWvm^)AZWN4q=fveBsH6g7=o8;#M?>F1M>8EUus13
zSCfn{%a;<z88&!Y_-*hWpYQVsoV+fBLw==d{#JVtj4y#Rl*ebFFL&m?$a51me!<c_
z!Mfas3$s_x^nN2fmILnJyPXX$p&8W3UAvoH-IpLwD;B)0Oy_n6{op<NHKnGgN2y?U
zG{ZNZcM?Ny?)gUPg6WcC3)BSo+M*%a<8#Z4Lc$_Jv4dc+)<sRKb!q7xllLwX!L&M<
z2sDJh$*d>%)e>doJGY-BSnVVo@d>eEEzR*xl-L)7(G_3}jS?uhkbMbiar5dECuDUz
za^nS}5~u64GX|njpO|dr6`bL%Gf!yh!99-<N}gAckMx$}f~0c^K)wFSZ}gw=Ja~ui
z4U#B`kfJ2SF+QqJs5zA6P-!wwugCSV{7<eNG_gseRhJUSi#Ole^!~|(wY3Zuo(^Ug
z!0%_Y7cYai;9!c}z^*v#B)xynM#E8PC57T2*~L2$ZEQ`w=Uy_$k-fp~MF2~aBWc+k
z`r|VnxpSmGcXv$=pz=?1nviLw;A;BNhP_y51io0>MS6tz>I?}#3S-CZmq%Dz*lVF7
zUzcleF!xYmxr|yz&RvyNU%i8($kr0)=eqdJ`{WHrc!sMI@*O*!dZ$<D{Nr4m*hK>X
zXm>4^rOj|W(ECA*Gj4L0PQ6|p5S7&4_KmdjO(C5)$!E7))b4W6*?yCA9w6t8n+<2k
zQiAOES#3U=_`=b3(%WNsR^ZbYPB1r1!}vFypdy(?fktH_S#RxXd#k6~5~2##=MPz0
zs0}nb29>tmMe_HO|5h`FT`XpGj{zfRJ!vyG|A?l3X%{xoEK+j&o2j=7c<Ol{{=REC
z)jJz&2B7=rgEY^U8ePosOMjxezZscpA=sxv0&Mpvv;KuFAm#0p>*a}@g6ovd#`QVW
zOD%|7%rrAwXljVsv}jvscA)p4932VGnxRvUs+DAU>I3-TD6Dot3V-El8e2m{5J*4C
za-!ZAy~mlgU>)@*5-@0doK7BR4l(hr&{uut1{EFCN)s1L)XZx_75<NF3d3lTBsW}@
zzY#<rbP_^Sz3E}cgHSORa^5vObqyvH!R&3_v)9{sRFf-c!fvSyK>btyYX(rcxn!F;
z74A8kgL_Kr%v^eg=p7?P<W*BCB(M1Z(}U;pi#*NB4w?c6T$wow0;eU~L9;;!rj6P`
zD+4hBFSa>i!kYuXtfT}<7hi10JF?qO^p_cm6$!iWnqmG{**_j3oP_xo6d$0g^K_&p
zt|or7N_`|OBGECJ)H;z=YtXlJGd*Y5DP(1-5n1A6_>Zs%^~;`FB8N0kJjA$nE*TZt
z7xOaDdF)f$iA-!s95Hhy!*@Ur3adY@a06)ePgOwuaqvkaks;ZmTabcUtj_Dleib?4
z5Scb+_fk2*o}}aA_i+L^=0z~14O~<~Bgq@P*pMqUu}O@9GKcP=5djbd?Yvj-h%V$m
zrt%B_biGPyH*ZT29WSMFo%&B@qMPehzg5)sMw|S3?4T0j>zi58=Fej468$91Rs<mZ
zgp&=vgWj*l!*dKlhlOWh=h;}P%9cI+VNSd`$EroGv^wC_e*6}0vtFjW$@^c{<Np9Q
z;i<B$kvg~+!gd70MW0C7*~{p?A_}ms@^TZ@?wX3{-LFpl$6N<cNizjE-*#Hq>Cls1
ztcpxr`%^7i87bppCX*0EIVB`g$EASpBHUSs*(V(@GGgW5w@oKA0UIu-n(7T8Wz0Qv
zn*z#E^Rc<zrDUNxiuen<Re3&E!5&6|>YvS#P^Jx>V^)i`b`3h+vpg_C$<pZhJ2g`m
zvYtdrDpZ-L-Pn!IuATx}<ZeF?hDcrDlYsU9?yU{;X*y$j(;5_Nk*-nc8W%uw)`s}o
z<SP89H&%Ka<by&I8fZ%r*E%2IlhN;1MYTr82|^J$v1z?wKQ@|#P12)w7-Vrl2z^(a
zeb4L-06|E(3}_FX+sAv!6<gO&;x(mGJVBi>-PGD{T%k<hn8KDI#k7up`I6(A(0|l=
zK}OBtn=vu0T`n!spBbxTb#mZjxtA7M3(Z)r<&<{hSe3r4gX$&#X-@Yqq^Y@f5$6q*
z=IUYn=L?21PF%CF6?^dS4qPPkBGkwre)o89z+Ea8;n)No7oiYuneRXD2If{D={b?*
zj-a#4mf|J%jk%5<HrvUAx4`rF;q3}}iWfQUwV-t+uEF#sVf$`e1x8@e#-0L3zV<1F
zSp%$~5wBBshc`phQ(bRn^p6(GD#>B)5eJD?xR`<RIb3?}^p#z<qH@xvFVBoWsmNgP
zj^H~irBu!!^9pW@2oi+uBX47$NJchovyyU32N`nDriRePMNz*quJR+UvgJ1;)Fv;5
zWZc+XK&TCu8HBX)_!>ldT08(6<D2JKS}6dUl4GM|b3Vbl%h}yX%;w=h3f_vjMyRHe
z;cTG#LV|I8`Yw=FSSgYcfFEle59o`yNYWhSU>Hn;aDo;F&ga#}Q$`ZceIU&5iRF_7
zzr~tFc}v9b{wM{-Volb?TF{({BdF<|p%5J}z3*fO{qQ>$SW&X4&$Cl4wmJP5U0u}J
z&Q5ok?DHEhPkI>N{>8jv<Y1_iXfg>OdqsUIV4qrgm?&Upg~>hb4S0m+<-C*OtHNhT
zFF!k|vFg(R8ZRO@On4Fy!B=sK>i7uveu>K#ieJdvGPlf*&)%5h0o(QXxpxNj=6nS$
z4$i!3TtX!_inj3^LqP*1rj-Kj8?zHXA1wBGm>vZfu-p_J|BKr7S0$N2409BkhZd(6
z?|m;8FeLTlEMDaZdG}EAHC<_V;#-0jP>}4<KB{B~s?X3PEE<mKcWGLjzb#lNWa8&?
zH%t`9<Gpg&4RXefWE;G2-2MCAlcDkEWK69?tK^`?1lQ5y=7e`QC<$Le<Nq{RVw=AX
zi2*peMXbk|jj%4<pqJa5sgD^_2vW<0%|cLb<X3E^v?*G|V6wT>(+`d4Y>-N>Ta;PZ
z)OX+o>S!qIuyxlxzG^Pfi1jCAR?|7-_?7tgwY}cr%-{`2Li#U|XKD@XfY&__vn)}f
z+P}}ETeii(EH!7U+A(jazM2Di)3H^{^m2IMDir**#N1Gqj!<>c>2>=A5%F#@z7g)g
zR>T|}RD>F~=$jX4z<Blw(be4al1-0o44*{+ZGGRX2#X|*b6&-cPhr@cG3Z+f3fE?Y
zl{n{%Vn=UOL_o!|0U>QL|0M}xt0L+xhpK0|-{f{D%-_pL2xGNcX$wGqOpi=;jWr?c
zkY=$8#zr2(L&FtBKHl5wcr?&{2a|dZFiPt5_Wcs;VNqdBQ1MS%(o)fW!d-fOaQ@E{
z=u`0fI_5BHCM5@YcoLH0Tjob36ctDjscH9L73W9Ry7Z<}=C}3XfxaWCh96$VK21Hp
zI&Dm8oHILE!)4*l9RAdMkdm=fg}mr1b<biy4_$uYi!Kj-(hWhj<O_m<xQ{qPHfK=+
z=+cqkD1jtvmQ75bV-n=!k=z$*OsnBs5ol`2wZgFkRAoL$S(IGMLc`|&&T-j8VD@!`
zH2Y=kr_{ah0<9i*Ag<s$P|xPoLS74gE+AN61ir}4Q$Mx-cMhHA>-rBhEt;0)`VVpK
znAYzKO$4!(w&x1136-)8*_l>J1Vat|kDdI_cKE*pUKSo^uK$<7>+9*OKXUWTiK(ZZ
z$}pk8NUPc4-dZc`*=qjMbJ3#}e8XYTm*hsZofGh1f!KEj6sr4FQR_fsUMNxGdu35+
zc|;E3?*c3muU9_28-wwH-mAFX>$|(2t&I)8rY5$grmj29YbfIX{)vpB*tLN<eg_1i
zbqN2pXRZDk%-Ew&Na}+KfN%C)kY?BZ?*g0uyYL-Vb2Z+C1(`b^_zJ>!gZMvq#>kQ>
zGCM+TQRiFw|J)UBteG3HL;ZS^cWq^NiOMin0RP^8HzcMm4l_h;o@;1f8Gyn|5f!Ii
zSim@a<o<)UvkyM&4)s148?OI=7rC(i5v0wA29wnei%#|h?f{9=>0^SZnHO6rbRB2J
z;RkMf4EtaMJcv@9%_zAHH-F43K{7j$_ArdYuq_-C^5;x$Ibr^%ktOB&GB{l#EN_!{
zw3#+qM3&9*-`^eSJDC2Buu>|)mjPEPM#6WDR%1oRdZ`Yjv7<Wj>sO~^;2jQ@R)LhY
zGla15quAD7xaF?_-0Ar@qC?u;rFW(HI=F9;{jLm1ufkpg7y-1A0+LMst%2u8_FQcd
zh1*lv`Py4#01Ymi0WK0@;r&F`9i@Yh=!&~PdN1*MKHCJ7m7I{IzM&M`2q^r!4eJf~
zSSQXezg&A2Ok~VG9j-y_0B5a_>^~7VgU=WKh*%6vr+sM{C?i@+Z1oe*Y}xFL9H9jN
zlWMdD7rby=QeVl|r<|_}Y9Y1-i9FM4!}?g(AmxFsaa_Gdn)*%L-e+Mz)-AVW8$UQ9
zd5i;oSO>tZ2f#-MK#d1}ONTnj$oLU@YKI{rn*ejzguzxf)BR9a2L#+SeNB|b_UR7n
z@4@{2Ssl!`NA7!uw<ZV{wL7E8@T8&BYIGrZV5-w{!t*%Xe#Uvn^h|*H)D`pn<K;pH
z6wqoZm=v!wcz5SrNxU1=6Hd%BK#Qm*J9VM3vMV6khCcnVxK6J_s<WsP7u<#{XS*pb
zOTKl#BD7#2x>1QM3+%{M_5Tfq#e=X;YH=8X+^U!F#Bpz4D>_Q7b&w`CjLOV9ud>?<
zUy{;*57(gM3zM+hY}MtW1KnbABc!<@KD5&Q(yHAk<g)&A<s>(zc@su4MIOu>I8Lm)
zF#$fkUcGPQ^qAb_LUKs>ZNByISa6-05r<Ozp-O~zT3(8U4g`p?+Gw>^_W^6aj=evM
zVq=d#tlun~?b4fB_+CQ=Ter$J5!{h<IHmC;-G}OJhKxNg`bROVIHfhm%?ZS^v}!N`
z*X!k==68!wKz&QeF0BTUO8B`!q@V@Bbu3;EG;?303!*%?Mz7VQ*W2WoU+E|*tB@!^
zSj}$1K(UnqBAi2<+6SYpgI4JiRK%Fh0tU|Jj2SX}@o3w~(IVIOSeC3141hfdpAmP@
z4{SsOb@Ma%X-fcxT#dM;s?JiM09{<U*S8Zo48pLB@NCkCyenJ0+ebiijc8WB*Xs|B
zFWT_>tSdX62Jg49hb_*wcSU<V?Io7Wl=1hiwYEB-7yytV*jMJ+^7{&`I<?AhP4MRr
zxM0;lx@HRwL;a_W7Iq7jjbkR;T{S*|>TLIv?Xe6=k;dQH{mx6pP_ujoo0ZIgp*Fdm
zAp(bB#|>jQippJUTwK<?Z8lJs??`Du?TkHO=~e-ul8<!0Y1>wlV{G=`-L+AMe~Y(O
zE;Iv}v*pHBgId+O+EmD)K0NDK;)Q5M00*6?da>;KxuF?nN4|V#j^-64SPHJz)L`2g
z+M1uy%kBbtMF7ti<nFHYP9-6ED>OOOt0ajbe@zzr(%j==Lz;e3SZX|)Sy|ywFuJ4F
zR{?l`(R1jxb^;G8Q}Eu_njfF&jXDaxR%d}EYMyO2^{yBH*$Ep|E0I4o8o;=J?KR~@
zJ3Zi%H1!4-*nY?HLaGK}dRA|Dw-y8jc{pDjpmR3#%*^y$mNKkToYu$dTBg+MQnXCE
zNi7$_yfs%;_|$jV$vvrl$Lqp05D4Cm`Oo=6h&K#e{yVFT;k(#`@Rkc)H@JGKF3TUN
zaS~`-=l|-^{>`#%E|kk}<!e!npTXc|fd-=rdS>~T962cD?0i)2(I*K^q-E&$kiwN`
zHhZ?Y<<7(Q>ra)x%a8)sws0@5L@wuc`wVBTUD3azqOLd(!`=&hfuT&2BDBELTK{2(
z=6nluAp_>*N^)al(VtVdzZ+*NvF7kV-Y(Llyfho0Il1oYj*3o5)zUWtu+O!%pWxN~
zQl+10l<$>phs5_Kr=D5k`GK5fD(9$aa*RxKhW}iAaL`m7-INC2&nXfTfR&F0Qmx9+
zvpb@1b|p=AxEk;I&O7Rr6=SZBg2ej?pAb6kQeE~kBRrMIU9ZBxFX1m{R>WE$mOJMf
zM~y>bNX=ks@BV`UWDkLyvc^y*W>o4jL-~dMwN?v&6`@)54i~k{e`9oYQ~}p>uJF;8
zo3&cI-c-!)u5x6h{FlmwGO(@CRpz4-oTA`Bhebk8X5dtjtkYL+L#F59hUloTxx3g=
zXgAc@iQ8NsYs)I__X~Q(9U2ArH#JEnm4T00rb3iJZjV2LM*y}h-(r8iW{06l3vlCT
zz<}++DDGr+7<QF4e7-X}YS`kn^oSS(+6#GYyT=`ZgfuD2_n#SEskhSIG233<?wQ$C
zn>br<RnzO0bJ%DAmI%*aPAwQ53Xe_g&4pdu&erg?wzN8KHLP%TTK@#rohQ_86mK^B
z@<0#a{=9vI3ai&A<h-Z!Xnpi#y4bYbt{>>Ei7LtTP*Ff#al_nR6WK!R400TW<vkp&
z!kNvQ(I5McSQMHw7|8LKqVc;6yYMWkuj2Clu8OO+0(;taYpdS!a1uovmQJo@ulXau
zwhP5g#qTU^>_KZ~Rj3W<rjAipd;A*CCBG}K=~%4h>2!E|mbIT@JrV%eiZ|L>Bz-~-
zRaF>@VmMdW;^G{vMJh4h=7qbsR$3qNJB|-YGED<0ueC@hImj2$t_!;Z3OcHbOy`ao
zBU`fgyqLnhpcr&}DjhcpN9fMG#H+AheTV+aY?K~9Fd+VXAZrFzOYN*uWnnGMN7@cb
zSV^hnre{&PrKPPX6N(KD4V@-f-w)LFiihagAS>Uv`dX*o!Rv+vIAXBp0-yw%Jdfpt
z!Wj=)9P{>yi@QSYoxE&LR&!hMv{n(BY_E3n&xt-m$?Lm!XmDEVhJX7$P}pzhr&imX
zpXzb=LF@M!(ii~CK!Sc8Anzz`(HPo$ms|UiJ&MhX$_+!St2s}NjbwAZ@cmmvy{=Aj
zJ7hdV+W9AB{9cS35SKfP8y=|KI;$5plM|1;3e)d%1GU7*fNUG{^bVchnhh`g#2Azu
zG<6JeXUw}hkwr4fyxZu|=R8^LY3eXu^>CuAJb9|q2?j0<WVbBXMwDuy8?ey19Ky7;
zLnE54IAyfzO8H&;)6!T$PC%R(_4+d8rgT(w9rj;dgLk4&O8N2eB<(0B!5%H$W;$(d
zIX&KDc4kwO3%4d*IJE>@4LkKMb}KMCQB?(1E#4ciJI7ciC#>lk?G9#YVqM)`4ojWK
zn<W|#Gr)_~r4=iZrVnW)v6I!9tAj_&MQJRK8XLonoo?d=TQCIH^0Y4mcD@{hpQUZG
z``=z2h0yb~dH3cjImxv0sW3<gYQkD0gWbi&Uh=^4Q0&Q4CJPDaFqJW0ul8t{f(9Yq
z>`vm7teC`6Bv9aj*yLOK)I4Uk1xm)w58%|o46vS`pbfyj>U5!?<$2d=G1UPb*gAL`
zVbSuSz%b)J<K8k8W7oA-T@JK(UbLf*J7bVr<0J~RDMMMUxpWYVwIS$6RL|vlRBp$;
zES$sTJ>S=}0vG=Mo$*8ilGvx5=Xa$K6<|YN(l)=C*1!N~ZotD>`$Z4tW(c??XIjk`
z0PDkBw|}_tJMI-kgmZRU0-y;ApVW}_L;}V<RjgqwH>2`g+9O3F<M6z#4+`+;OXkIH
z$f#!sX{n?p{3-)OXEmfxbLFk=4F_yOgyovJVHg`bg3#y1di4gXgdsahgS3JfU0{_L
zPbyTDOO@o|P#~RO?N?+Ukb@D~u@}abfr<sjLX5fLa>x5WBB4dF#A!JqCk@b#GLQ1s
zCj<C$(re%rc7oVbY;@pRo2!eoV^^COyP)GwI%57R`PgIzH8W1$38wE-ZnDbSEZ!TY
zuUc6%P)P-?9-k2|%H|<jT@%hT&84-!seJMz9Cl~aKER(XnPsQ33@*7OLcOeJ1G7~o
zQ!YqU6UfD`Lumx4l$r-wq_3eWIBj|<l`5pD<4Ei1wAfS^oRdXkm!OXNTjCZvMN0r$
z5>2SNz~r>lCXw_sVxzMj;jK2+N&KUMjp(9-OV#W#o7OZH!>Mm|kW@-^fCi{Ksm#gA
z?U<YT6hVo&JJu4ftJ}N#soT_L;4I!zhjS(qUYS8I(Gw4CtWpOl-ic1ZM{6bkQjw~5
zMO;Ei!~)?qnRdoCy=vyK16sG0Zw{+GjqBSLo88H`YpZN?vhJ|Mlr9OwS8hPhAb*sE
zNJLsx)34kzyb~IDOn9iXZJiD(@44sQ`qS!@k2f9aU7;-uVQ%EKzrLi+z>jK&oMgG&
zH145`{JQ5W?xVcJE0uDu_rQ+*=S`54ubE@|<8EG#gT7xN(Gzh=+x+72XNQ1XTS^)r
zpcPXU$@G`j@LGh8j{J>+@2toMF!N;Ky?4X0cBRz2M)*h`bz0wTulm}K$SWZ1Kwm~0
zReVhfY%lu@U#lgg>}RnT5K}n*ApXDaCKPorP^-$epZqpwZ*se3b{uPm&P`T5En^&K
zg=Z7iB&bNOx`pTqnrft2OaU2R0KtGLiNLGp56ivk`m;V;Xx^W3zVNVqB<YGFUuwR%
zr>9PkP3`YTI{EE?NFsM7p617_doPUJ_9OuwfFsten{1>-DWvCV;E9x<x8cxX)YN}h
zQ@-9iiSSs+^RHx&e3;^=eTmH0?^r9uwYAn-H)^kc`M(MqPpld`-i-|MMMIx7d$isp
zukaosq5lzqb$d+*;$(Wy1v2$PIl)YcR4>p%$F-Z=;R3z&Hv28^m7#eI+@&6#+dI6N
zf=yWTAe}CsgepZ1V4J52y22WxeWhP;QMr(b$Zk+L*8PH@z88}N^1M|`Dzslygqte3
zYr(2Hc9qFx1zhVFy!fQSP~8y$(&*}<G;C`-F3t2($Zi#EnjC2<>)~3dz``GTlJNH1
z8gc&90nRNO0Z%?iK1i3qOrN{1A4YwRs|o1?zpYRy+7Xoku^m+IG!1-J01oJI33FAx
z;W${%9$PaP1KU8afua>94WSibhe^2>PZ^`0LM--x$|r6;7tSj0D$3qH5;ukx6RNXn
zn+ltZ7RwbMIYQm_=DnYc4BRkzJU$CMPlO(rW!RntfSz{eKbDLCq$b=r+;sFV&W8Om
zPrLU)y}{kUy~q#4`lP#Wj@4dFr*BV&%IIHdhQfaNuN43<5u!D%oO9qMbZVV<;K8of
z0H!{JRTSVUC~W(I$~Ox8-Y*NAy<0>eKTd9$7uFkMCC2b85PP~77WKc<FWEI(IE8DK
zcbd#=p7>HG$h|6L%cW^vT|o=ZoA#h%=ggDS4>l_x`Wj(1f4n7OiMMrX>fylA+mcbA
zVQ$gkTY4TH(*4|>S0(95CuGF6-F7v<?<QNEW3Hg<Q+sc3sg*-X-5&^omq*vvUJvDM
z{V#l`A^xoFTlZd2&xapA`O~Mrrlx&I_}D@L%S)f5e1BjcUD04SLvAd_9}jQvb;jJa
z5X4VlrgzYw1Dla@dyY#wANqR7mw7%ch{qK%h86GSE)bB5hH&GAXVjD<cs7@dCv9CN
zXN|Bmo=1q!Ev7s_-kv!~Lg;w7|CkX+0~*OAWWS|?QD{!<SPJ7LZ2f9eBt$y7$$3*E
z3G-qIqy7q~u|K}yq+LNdnj0YOH5?N|M|J?J50Xq~41K8AkxV89XIr$YIQmfAADiGA
zEzJ%Q5}s2Zaen%m;W6$1Z*w#>Fhm1V<jEE{K~HhuJ91?Sbx=RPN=Am|iE=3O<pvFl
zZA}aQ5a0(NUB7z0I}r*6P4f6Gn!<SAQqjh|d&8Gq1CK99lscTLn6nL=PMG<CG@s0&
zGZ^55j+xwP5Ck}#C+2Zr<3+JPxV1AW_Sq)o*%J(y+3L9BO`IL2ZD$aQ%2SXLgr`_s
zrdpT)Q4--3D5xzabv&^RiimJCeNTf<$R|d_6mJT$He^mjiH?RpxaT907Ke)HCRRZy
zh7XcAjHmhDNFu_?Fm4H5WHSJ?7Gcgs|DzW4UYyU&m@W?`1vPL}O`MLrsEz_v233$x
zj8U?SpwNtg9x@6|vPp5pjf)my#v;N!HpR?CCFzuiPLYTVM|zY^jGKufzSM2bqu6dO
zf|9c*Azutl#-q5H0GBx#q^*n+_1)A)gr4sAQB=_Sa56C`&2QMKZpLIFQJGS_77eBJ
zAKFL?F&+_CbS!cz=nCQwN}I{=s{8505+l+QHU^^cvT&+4uQNYXla*+Ru!||7Dhi1;
zu!_Zk+~ngGZzyGz{#X~LBn8R4>Br+l{9t8yje%!{6QQISH;2y9?>3!~_fBlH4DrAF
z_d|XRdc#*So?!`~84nK+biol}G-`NQ4>9H^%YQ79B$|u)K5Ek;-M9QXz#<~ZPCFic
z#zi+Sb;iXwKK9%o1Ap7R%m1<1Q0R6T<ZCD_6^?|<p%%E=f`X2r8YHTzJnnp`{j+Q+
z0~_N<P(*Tot~0A_xF$1C0wzZAJsu{8YmlnG^5h7VTSzG-tI!-j@L{rri4#UwkRi^G
zxWoHudZqPA$yYazbT&tB*K-$y#&ZPPznkT~D%}D$-u148h9&4uZO<j3V*~s@dcwHg
zW`R%3W}nppXGP@~56E0QP7fNba)jHhf4TQ<(qLO9YvNKbfkKy4U30&{>uJbez7L*@
z0C260f3<eQd&x4;{Sa5-BrP{4gDU!}*DvlWqRzjfz{+SYp=WNn5-acdPySPr+0LuU
zXNaR{uF16n>+bv3nCbW3?L_|uH;L;Fsw%MHL#|d@=FZ%k5hvJ{0CfP7Z-@Dc|0*;W
z&z8}?>p7VX!yzI<{$O)p0&$H0QLd!(*Ktl%pV!y+d2TC^Zg=M+D{AH_^~jwm)#&SC
z(5RN@YjR5H+b+$Q@1IbC-UhGZKY#gvFWqf-zta@KDEw_cXA4i92E4u%&L<^d`(V#q
zzJ{}6>{!q*`72~YC!oh#;&4=5?avRJ2bJ9qxfPX~Hbe9CrL`RYwmwg-w|Nx>pUq!O
zc#M8WQ+%*Ma9YcQqtV@gRNeNeo^yttgF?P50vEr){X*^3(CeBaA2<;^jL4s_{(~Qw
zB-d*(6rpsvZO-57Bl8Kqn}E$)8hB1>yWI8`_=|5Nq~oP?xro?y*}XTS(Dmgp0#_$c
zB5?Rf-!7NLQA5P<GjQGL<6mb2juYs3eiZW6<vsu=t_c|$x!RtFCbbF#=KZ=it@zto
zDW&LZzf`k(#{D|n^`~<NUJK+rFu_OoY%kgPbdKJZ&DZv$X0IPB|JzXiPyrc>_vT*o
zb9SyMfV&K?v#|%FOnCthC8D&uv6-U~bt1=9Y8GJ0zFC+F_d_l<zE<7I@=!HroRrI}
z#8wWNumH2su4tex^)G?ePm`*|yHsQ=i_LsW8v9RggHW-Y1kvEOOc5QOSxO&Uugs02
ze(Wy6VCQ_c2w6$fCZ3V38zd3VJqaTz8L}UNYNg9_&_J!eQOIBI7D8$xH)zA8$U7V<
z7{|%PCcA7=#8v_qMF6Q8S1pv;f`{Pj4p0a3oH1`o`QT`R;pLVGtVMI1Ffk$bRcEnd
z#$c8O3kFLU<Epy-<@yQJl}F%FFOsFs6_U*#6N^x8#_jj34XSUoM-jolS(BwFq9ewC
z>(pwkXBVy3Z?R&z7mLgD0FdP9p(P#QaC*+wm(Pe=eDERK)Oc%SZJNmnLG8}6)K5Sj
zog@LhMreu01Sd`+r!f$&fllRZ*TJB&KFda(ES0;x;?<J&H~%~kq5KAwd}X27(T`}D
z5s3`l^vItEMH~6FX>jl#i@(VXIBCpuVj?qGX+vj~IV}*2qY6<0pewluaStVae8m)Z
z+)-v6b-9#L^$CFDc%n!H>5+nVwj(fHAIpX3{*iR3JcXwtf@Y$qQ+l3$B1VesHC?3q
zyLirEgA*^dleM`?TzCZ3h>hIx1s0wQPmht+ct)aXOrP~aNK;ruJ)^w}4?U`@>GJix
z&L~H;1a4y)$Edu>*($XQiDb><CZu7R-Y(HHlxgkqX|aL+B?k*?&Ja~fM>lX$zE86T
zc?84EaMyYxmC?($SAUv>Gepd`V!rx^7yd@_Z~@)vgBod(P*Um(s01#rn4HBYvM9`D
z^B7Yik;FL{$GIH#o5a~~8dT2;(*k@wd5M&U-wRr-W!h3KxUtwrDpu3^N}-sYg+Bb`
zny1<t+_fGoSe(b-xlJW_id2EcIw>H|Li0Z)Cb5XT#j;h(My3Aib*|-a>Xw=Z5m_^_
zUMz#Gq8T!FnzpJ5-H9^LGc*h36IoB?_-AhA)+iE571g0BC!)2<i+eLT3@lBX=_nM{
zhEa387LRAyx5~ta%w7c1RYrDP4GpT3rHV?S`VEE}(+148D`vb7AOKKS+9G<`xXFs2
zrbwxVlTS8@uuTu!6sKlJ4*|-6uqn^EX+OH_lu1^COjkkkN>*u8UxzaNAFD9Yd-z!P
zMBTI}$YQ!PUd#H<?tvmpEn$8%s#H0wfOA?RNTO$hDfOuNd?B7^f_tT+aP>_7AtUl8
z+6db-V`;jbg(6B@{vQF4Q;*r3tteKRl*y$M;g{_`Dqz9vUb>u5<`OAIi+xXZO3g4w
z1ZSl_3CoE7;ID16qY80_`SuUB1=Ofy{>*wg3<4P(ddZmSOzMj<`3=><b2^=S#a82a
zYWh!eXL|aC;~IH-H09E7x-!o4YOzYx8NazMU8REz$J&>$X<mV7JalBK6o?x^shA~H
z+qQDV`7GM_HbiFXI-}oYYzDE?CJ-qKXnwkit9Od_i(+!nF1;FWvZ6$Xi>)^Dnmu^o
zO9Jf8$sHE#47}r3s`BmRgbAHX9AFGsCaEplqA{yUPE4vFO=THc@o;hk{@m3=YDQ4t
z(qiLFZkOlH5_kjIX|kPC8486tweHh4%GGk(+9yeCbjljMx*r9jI4xJHK#-l{71NgZ
zwmIz>jN}3zVQ!3sSeOUVtSLz6(`ui|R*P!%iZJAaC0uw3zqVO94;rFr*mxw%VxV*)
z=+E6{XDl^#YB6mvAdG|^OFF%`i(Kl8Fj~I9ahNFe7r6pqg2*J~X0;h#`FU+dQL!Jx
zrUt##vvE22Tp|O+0dST}E^*9+_rDiCk{C}^F9ws4S_TPjd0k-2sL#=`l4C2HIjCv9
z-(A8o#S_|i9uECEv%il<CGqBj&jJ#5Q)Mv+c}-NSlCb$R7qTVHSoB&-oYW~?c(cQb
z6||URzLx-9>bUEaBTLXpoIyV`REH(CpR8Hf&R5#y_E8mlC&>^_5FAG_6V{_d;tXq<
z@O~=M<SZ$S<UEE595|)^B8wI&*76?YEFn2?9c!)@+pfbnRya=7ubeuTCqoM*AH3%o
z%G4H4ih*}8>6X7RdvieQV@os%8kN^KQ<Z_&l^F(F(nS4WYzTUgHdk!n%XRvWiH@X1
zzQ0x)VhiYAyNKwjb~f46X>O8?*|{RXhJi%0nLLZ25GzTfqNj-f*-{?KWz3i)kQOPy
zhL||e64CIw#TE|{py^P~*!Y3eX`}H*BJJZBy0T?Dh7aQDs&U7XDb2>$mvJrhYh*SK
z3H5;Nb{Wm3pd=V2TAMZIgM22mmNNbilAID0nzAVmg=`kPm1+xFGcK<oBnuV*V#)df
zaZ>EoPm@&VI7OJqn;<nBE@m~_(K6Ys=;-l$^FfGGa=K^!%nId5IOvf;l^jkg#7$Sh
zx>ZMwhQ(~PB(|S&_B@yK!yEDw#f(){>ajpyqHQ*VS#1@mwNuipg<<^H-(p9~a%Y*m
zg)!d0f@S<b2aJ|8v&>VeQO;(h`v20OoldMm=TpPYzZ%$4CdVgZ8!cq7qOF1{3UXBJ
zsyh?6YMU<LX`KZvZpUNPSp0z8Y6$17NDZE{>^7OSVG6PZD^&E4&?~PKPO9rw$v=Vo
zlns9RR&7$rir%ZHOkp?<+{3gptX91ItOt*2)iP(lW$`B1MuId?@Rb`W&a8>qGVjK=
zX^R#U5vd?wok**Z_?8Yuu20()NM+YA9WAKMW^r=tH!+iZ5O<Pk_t0Wtwh8H`#t|s%
z%%+c}pDwP>e<y(tOPN<Xs<l|brZm9u(n3y|2~?CRf=)DoHFJ@p$fJ8KY;;rEU#sjX
zKbj^BH?CWnC>{9GoGRq1Wi>73DzuYlrVOe(%kNpSk{D;OaN4v8nx4)g1A~~<CiyNa
zq}K`4m*q^o-6J!}ROl;LO1^KaDd1|=VtABHE2_xXxMFS8bCsHt4_3!IN2LSTtp`h!
zN9iY%x5+(dT0Hvf#0k`@G+un?@u;iNSt+wwv>niT_?7RYy?t3M0$8@(E4x9`ezW?C
zG|4;f)J15Smu|T*YW^{^I7t`24cg;$B@G!yMbj5LotAM~=x*``E?KhFjT!0PAh7aN
zW34LaI(FjzEPKY*%3jw~-xf%pDX|(&Kg0SXD-HF0W>a)xv{=+oi}-@6Dk(5zzEZX9
zhlGZ<U9z>Lm^{gzsi~!%3NG`;Q0;F;mVx9!5(CKuuF_kzR{BGZVg9rDHG;)13uw9v
zrOcKF;dMh4J{*<FDh?%>9*+)@)3`9}@roE0Tmu(&>lnBm`3?Oa)Mh|vF;Ppaq`>?b
z%#>ydImXQKi{!^;YPsN_IZ8>Mqqmw%>i*(f6!`T~w?(b#Jl9Ic@|2XAo}GUV4Lb}i
zQkW@mgQGJ_(^(u+39Kezniy)+v~7G3;u<RI^>X1m(*uksuGmTuMEK|!&Qpre_qq8j
z&>|078%2gNN^lKG1&x6oa4D&c-o-zoq9xRigDU9>v?3vo@~zcp=Dq9WLVQwm{7B7_
zqpoV*B580{k<xt3LlEPt*luKUSZBRjMxx15ueoT{V2oBT7x_Tw?4P;j;*xnRwNLHj
zul^1T%FS{JEUQNgmD!DOKpMw-i}IS0(8L85x0jJ3^hvJ?lw#nWMA@_z1Db?jf1^x_
zQqnwMM)VA!E36z%8EdI@rwh;acLP3kmL}3{XY+^00ND%qnD8Wu;D`u`E0%}!jS<C;
zNt!HHmdx+G_lKOkZPhxXg&B*{Ht3Bse!A#p0x$8LG!|!r`AE_s5vHW22q}v<(wmBq
z%s#287Zz^NT)4ogNBRDgAGT~G(FSx(e1{#T%Gp`VROYfR++Z!N4AdIBohr}qp4VtT
zyx5V+Fm;-mrmCjOM)3)9eA*tdbo0_%))G0A2A&^gv+~Z1n#nQYY|dRYHVqYSul#z1
zEjW`dd0a_};RhwzK-z3gEQT|bLq?sP)MyrxHP#5#2}__AX=^s`9@ALUrFw0-933lf
z-Dq)gc?z$E4AJfJ2+W!_ZF;<3wy6Z^DFbDTvv=YR?EzBRX35+$Lu<5U(5P2!Jgs0Y
z+LnT4f$4PK%~lkS`|$Lldsb%xg_xfveI^3mLu7nb27)=eO_Ch9rD7PBx{M0t<;u9h
zL7@m4{Rj|}LSeBE(_39OhEsVKFB-=a$gC-A7xh}G%0C;zT4*n9KYO0&qR^kq^v1sk
zp+Q;(7XgXW@>|9`N}`5rs$9EE7k9;F>bJ5*6kDXRZn1MY0vuutP;8U=;(_|MntH6V
z*|Nz+U0{D+mlY}8iBx#a+HR14gnQYNjLu3!4F(t?RPen~{-1x94*!*=C#r=FnsQ27
zj4+kabRUjjXx-gZf~8s=PrJczmiO*QRJw{%$+Aby8vaceB4^T~{F=Rwj1eQxy@b!A
zI;U$c|FJ6e*z(a}`%12=PLEq`lPxx$TJpc-4MinJjE&swZxs#t5OHrRbmU>3t7O*V
zC@EmDZim5<GDZxX1bO^4pMpfeh~{kCjD^Ik^cr*ucf4lgN)J{8nO*Zqux!l^8d?^^
zuM)i)wTY<nVs;C;KRvou(W57%6>77|D;}=1<X9HlxLs_29;+NAJ_06={=Rl&g^FDw
zH5_R#pR^9IoAOq;R0RJrGGX0I89QThmDT}9KO@X$Z}MtHH|jPG7DXzYsy{lhP)47s
zQs5YrO`9+oM6qE7?~<%EnYt=#6q^-CHgP&k<IPtF2hynY|3RcqZ|^p`qShtbR3A9~
z+vP?p!Lzq~k2e`wJxbxGokTmDHL22Yc(@E0s;maOk!v>B%WGGumrxbbH05c8I}89#
zi7gak&K>RxCY2Y%XJnfsXiOhuTYuKe-Qx6daab%zL>ktpo1}cV$ZhBrr6`R<-26>N
z9%+p)pAgabD`U|S8Fu?uFxwen=Es}mQE?$|fF}5(HI!XrrkCkE3NZJFmC`?a&<dz7
zfm%?(`Lj)&e<tzc0icpyRaf%7OEU}nXe|#s`1+55Uukfu?egShr29^{_H9#>`8v%a
z8$Ug@${N6tk42w<yAn9mPpXWJ6$~>8q_Kul$j70FoSMimrqGt~u7k1b*R4lt4&t0g
z;_d%657#NobqaykFF6knWsJU#@Xv7aJK(2u0LHkm(9gZynyqiGK_bjht$`-MdIIJE
zXxaR4w)qgc`H;Vi|C2QSW@!weX$<MH_n+e4H^)5)!#zlUl>hkp_xHZnqvOMQ+yKf$
zU)oY6pFPddh~ZR;5n12$bc>9mfl*ceQTCHl2cc01(>P&p<Kjd1LdHUm1s)D~4#4e+
zJE3voWPekHE(=^5z}fTJlmF}I1jORT%Z8kVJ_#fWxEp}p3peI^Mtx>!N7093gh>mK
z8?e}Oae{6~(}%8w5rPnc7J?LlT?;S@up4mS`{e}Lj{1%Uf^vlE`_>j9u&3#S*G}-S
zhzR8w*fk)qXZY97iKw0E9ftoue|SPD<iOp)@By+tmA^l|@cAKfq55Ez0)b@%Z2tp^
zKz6_2S?~w&9QY%69{dUX8SDiwfEU3_;AQX%coqBwyarweZ-6(!Ti|W*SMUya7rY1l
z2HppM2OoeB!AIa@@Co=7d<Omj{t5Ph&%qbqOYjw#1~ZU*?FT^&39N$Eum;w`1#ls(
zgNMOIupTak4R8ru3L9Y)Y=+C=a<~G2u7s;#3tSD?z_oB4Y=v#G9d^L=uoHH{ZrB4i
zz>TmM3g9NV8TLUT6hSeRKq-{LemDT-Pyx5Vt#A+y!EJCDZiftHp%SW~8fu^x>YyGP
zpb?s&8Cswf+MpdepcA^F8+xD@`k)^M;0|~=JOb{7N5Wk&2tzOoBQOd_U<}58VFD&$
z3Z`KOW?>GF!ZA1w^RNIX;3O=<5-h_hcoaMu9s|DvkA=s<<KcJV3GhUC5<D560#Ajf
z!PDUx@O$t~_<eX5JR6<^&xPl~AHehB1@MP(H~bO&F}x671TTh{z)Rs}@N#$syb@jo
zuZBN?KZQSoKZn=AU%+eOb?|zBcmuo<{u15<Z-&2ux4=E{R(Kn{9o_-&gm=Na;XUwP
z_-l9{ydVAsJ^+6UAA}FV-@%9BBk)o97<?Q)0iT4whfl$$;WO}A_y_nL{3CoG{t5mW
z?u9SF7vW3rW%vqw75)Xj249D7z&GJr@NM{4_zrv*z6bvX--myPAHWZP;YaXe_zC<J
zeg^*m{|WcO&*2yFOZXL>hBF8th!Dbvpej_2YEUg&fEJ=UbQoHM>d|7<fR>=8s1Y@x
zX0!|~M=Q`uv<kJL)o2Y`i`Jo5)P~wo2U?FhQ5Wh)J!k{kh<cF#Z9<z-9}*%F5+ezc
zA{pvO14xb(Xbakk2GJ0I+J=VFcElhSDUk}Pkp^jz4(X8r8IcK@kp)?i4cU<cIgtyw
zkq3E^5BX65?Ldd4BhXHCB-(|7D1^c&f}&^y#ZVk2P!gq38f8!x<<KY^L*poq3TOgN
zq9Q7xGMYk1p`+0;=sW0GbR0S!eHWd8PDCf6lhG;YRCF3T9i4%HzK704-$!Smv(Y)|
zTy!4#0XiRDfPRQ}qaUFkqYKeR=wfsUx)fc8E=O0OE74WxYV;HIQ}i?Rb94>*1-cep
zhptCApc~OI(M{-P^ec1=+JkOIx1rn79q3MU7rGnWgYHGYM)#rn(QnWL=(p%W^bq<T
zdKf)|9z~C#$I%mi=t=Z@^b~p;J%gS_e?ZTnKceT+pU|JtUi1Qb5xs<7Mz5e((O=MO
z=ymi4dK0~c-bQ~#@1S?ld+2ZIee`$q0s0Vqgg!=}pij|f=pX2xXdn6<eSyA2U!iF<
zg8_yZVT=i`!qvD2*Wv|uA+E!R;YGL}FUAdc30{gDaT9KT#>?<>yaKPpt8fcmjo09{
zcpYxVZMYqG;Pto@cj0c_gE!!fxEBlXCcGK<VIdY_F_vH{mf?OpfaO?$x8SXK5D(#P
zco=WT3}&$stFRhtuommE9viR`o3I&Muoc^|9XqfSyRaL3uowHV9|!Obd^kP=@5D#q
zT{wtCIE*8IIEqJb499T-Cvgg=aRz5`4v*q7JdX3YfG6-IF5(g{<0*U;J{li`zk`p(
z$Km7gckv1MM0^rH8J~hr#i!xZ@frAg_)PqLd=@?%pM%fE=iwjV^YI1vhj=&s5&kj0
z5MP8Z#+Tqr@n!gOd<DJ|Uxly6Kfyo6Kf^!A*Wh1&;A`=9_<DQ;z7hWt--K_*zrwfR
zJ@{698@?Uif$zk3;k)rY_+I>Ld>_6a{{}yRe~TZ)58>b8hw&r$QT!Nw96y1d#J|T+
z;ivI4_*wi1{2cxxejfh`{~7PaFW?vPOZa8{3Vs#;1;2)0$8X>_@mu(9{8#)Aeiy%o
z|Ayax$A8Bk;1BUf_+$JD{uF<P|AGIB_u<d+7x+v36`sa31Q19N!Gw@1QcY?|Em=So
zk~(r2Sw!l|V$wjCkfo%NG?8Yqj4UTB$V#$`w2;+g4OvUpkyg@1+DQjlPdZ5#=_Wm7
z1KCJ=iGXY(n@JxL5)ly-36T;R=_dn3P84Ji3)xBr$q?B_hRJrq5SA#3mzSUgAAk5s
zfb1ZLlOxDZawOSBf+R%3BtoKOgv3akBuJ8^NSb6wmgLAN86)E)PYPs$Op+ogkusSg
zN0Fn+G2}bsSaKXWo_v>_Ku#nlk(0?O<WzDRIh~wAzDLd^-zR60v&lK+Tyh@y0Xd&s
zKz>MelOK^ElMBg3<YICOxs+T+E`KLikSobm<ZAL0@>B9N@^f+x`31R_Tt}`aH;^02
zFUd{hX7Vd?3)w?%CAX2=$sOcQau>Oq+(Ygqzb5yQ`^j&}1LU{lLGlp!9eJ2MLLMcL
zk;lms<Vo^-@)UWRJVTx(e<071Ka%IkpU9udUh)EYk-S7+Ca;iJ$zRB8<bQSY26>ab
zMcyWVCGU`T$$R8)<bCpY@&Wmfd_+DbpO8<<XXGE`pJX5ToP0sJ-_BprIvbsGiTf=(
z_kSGZvv0lt?md!IX*!oig@ne3wKPs7G$tc7BCDeDSasz+fY}cM^FMPDFXZ1g<=T<C
zTif~j$IWYV8BN18GdJElGk<eyg@}twxp)YGCn^$h?Q1I%4$^cqO+TUOCYtWyB_uRb
z<tS$*tfmsy;KxDLe<0<7@&QR_W##fJ9#&W0pgtfwK3Mk3yEwc~oF2n7Uk*@RZkwk|
zMVtL`cWvd)e=6=KXK`^iSaERNO}>99?miTEABwvV#odSE?n80+p+LC%P~3ee?*4xx
z?%p2<HvF%|fz(Ea;=n_3;GsD1P#kzD4m=bG9*P4G#es+7!2cKGz;FG`{~w+W{|B>c
zo?4ecH47A%5!VV70x>d|pj`zae>gcfG73IE3UhRFWnpa!c%0392Y3@l+VIY<ifvi4
z)h)S5vb2(mB&%4GJGOBz7_f1}6ypjuU}Ku84ke~{NDdM@gpyDaLP8)UkdSZ}NV|l~
zT`oDeBe~>Aa%p$D#MbJ6XC;Fn$#>85Ki~8GzlYJz&dkpH&fDMFg+K&Be}oc!1Vv;Q
z=H(Y~W^oP@gkv)FHdj<8Il9)@ZX^g)1oxAhrZ;vKOIn^J2+jq#KhxIO(?vuO!7zU`
z+=sVy_O_n1t$Ldvc!LBHzp1^YvH6?tjCnA24XV2xIz(Ud(qTOg+#A}b&z`^HZN<lM
ze}o_?S?A2A#@+86Jwy=Pe=g`-H@$Iw7x5;s4%%@rUpu35dW-gh^r-}4!+ra^X7<eX
z8Hi?pZ^PpR-V2x9xcRXkUz!w_@vk6N5P|>p|1J75zTTX6;TvBQQxGKKUWD6Vc0T@t
zD__Ut6E#7EugPZ%lH45``n$sRTp{WSE@30c2gVT;igKY%FdD?&f5~-17wx}Ndx=(3
zg198fqqrO{NpboJV)^igtI9`eiEKivHFDQ61<1+Qq4U`U^7(x5^fqo8yE6_i6-5m_
zLE?IhxJ~5|D}j(S)K1<pqKKDDl%j5842)GlwL<^q!2B6-UkTUEWGX>He+ksDp_-vq
zLe)Z@0<{)u8Pr8kf5*VwQ&2bHH8{%w4peGA(SYx{uM^?iY9bbD3AFW`zYz(X9zqB0
zB76_<oK!TC0PR>9i|0qf+}C}d;BlB2%g(EY=X!`f7|()x0aOWpJrNmLUrPA*c_eTx
zr7q#U`u>UU0gqy655TnmaLt2j8O*7Gb|zFI;GIFH`kJ6Ee};A@&_)dHP^kIv+>iJf
zm@fnzn_*lA_avSRaD{M<#B*WI_~D%5R1q@b|HD7>I??t28i(P3pmm@AQa{lBE6}hn
zfvzKQ#eKkoOaC`80?%VrprFd&7qM3ku@|letTRv&h;(8EQA5-b<B3Vc0%8e_K1D6j
z%CstNv^G|2f5ch_bIn91k;BfKKs4T+C52g0{#m}i{j4<kng;jY+<o)$n~&UVxw-OZ
zHsinj#RFa&iNB#jbOv2V-;zpl1C(dTm&qICr&KIeL@lDOP=Dp9IJIDvU*ZgM_1ror
zo!n*I*Pt-GF}(G>SNRhDIR3#PZjdWzTF~`iBDgsCf8pTs!Gj?=A)7*O38aE*!3M!U
z1pf$iKq-Jy7dkU^F_ia(BH>73zwn&!2hn`dRgo_&D{NcXxo}r_U-&68S6n1sDZVcL
zQR0+Llbn$TNvowx1LcYT#d7g~seE^@$dD{dHbzztWySwcu7dR3_T5IWaXY{RMu5%M
zQ$|;^f7|I$$Yp#A|MK*)xCgZxYk4D+l5#jRtT{PWsHlxfaH&U>m6b*$4%%`oxZ9G0
z<#8pYCojN?LP8BIQl?=m>V_{*X1f(+iZwA+n#xS^C|nkEn%Yh2k)c<m8j+S}AJ@cu
zh~gHQv(wV;rVY#=@!GWSHuWK_9Z6^iLMhd|f1FaCODA<wxH{!}s5(k7)lpKNRM#`%
z`1yPvfu!Rr$D=Wgm6ML0EATO2PZ%?vd1}%OR9VCvk3z4HMKz<*>r5)HqnV>){Vh_3
zYCxkpea+Nwz*o|sA1;EBIu#0~*vM|l<8sOsO1RY<jV7@I(~2+GyWj?ic|5sHA$5D)
ze{NT@(bQ=c?AU&*)b-r4?6E1)2Ta1XYX>*J^FsE-{Zr7C=EmBmO5;*;Djr9pR&NoJ
zMQc0CrZ0S6+R(ri@w1rs_iPn0oKsIMTJvsrUmr&wN2$>}p>3mzmkw?cM(De<bLVz~
z&n@y@<uw6aC_+rc5_ZsJ0wF!p4Y3d-f9zJq0$PBv!s+k;VkRSUDDEHUvlE7fxm|;X
zI_l4Z<NCKBnOm`<V)WVqXN5v+kZWwQ4!f2*TDZRa*zDrf6&0%sZF-9})@C)>Y&veo
zPZPKYZf-ttvF6FCQ%~2V%zt@pu_s27Tz=+axzjtN{>iq}=j)&7n0lhx<t}*Tf0;t3
zr}*g$r8ra|N`1Gu1F#P}SfgUtgHF!lk$eT9<n}0e7*i83Ad()8w8t+@JibE7qHLmB
zlIvqx1{m>dXu#7PIXYNVd1^-8y2AX)GMYX(eeBWZMXz@sx_sj6q}U}>7SG$U`T3=5
zPQ@tVnPrO>*5%gJ#a>_0nmNCBf6bf`bEv5_e*|-RO?zc&apd}k>!!^ZcWOcJHxIS1
z%sgISu)b~D-bsJG@a`t7A(AUd-_cMsu{X`$>s6gOyfFW8W5<36SjI6R*=knL2<dPw
z*zHy(TP*3U<i{;c1Yx()n?cwSQN@&yi?|zb6oBL)bEGSr@L+lXk77u2f6*f?n;t`s
ze=poUN~bPa%*>?AS~sIL?;$tx%}B`mg4uE9#>q8L?1Yu9uu`>uC8-PeFOi26e3#oT
z0g_os>!U3jA7kG7Vd0)~ovL&Zw>hD-bqh1^edc!znnCB^K^<4#KeguYP8{WJCP!0U
zu+mt#G2YW`9v{nkpoy6=e<WAH5x8O7>}<COj}LJW7d$1fjsktfiHNluG*%bSW6sNs
z)md^^lsl74drK`bF~wQ&nWWrci=<=Z)=+M`xtLZ*#oFTIBPVC2yGs{FTP!iUk{KLX
ze%=%sAUQ1i^7M`hqeVlfMT-@YB1Nt##+*=WPfQ&-H!;o=Ew|eGf1M7KZLA{P8m00`
zLS;f#WSCm6ONz84EXBK>!5l}A5?2W&rkk4;Fn#P0_Ws?@XzLE<^98g-W=|`1=eBKR
zj+<jQj+P38Wx;7qdqK~nw$rduCF&z<NhS8wQk`5^Npigdr1B9=QLw)=iOYll!r0*k
zmq^NH?d)at*P4`#e<N()Z88g}Px-Z*%wpuD(H-uFpQ^dXuyri)eMUXUZ70IP`xDY+
z3Dyp!LM$U$@_WLStRA_=SW(!WkR|J8*H3<I(XLg$pK|%3>96LecDrZCSZ#*X__RD%
zQ8KyvGgL7)XU`Sp<QL4@?Vnuwf%)w8_QqLHqSViJ_1JWof0fK*fY;Zcx;%iZ0I0N6
zECVAc*SWGt7lwoZeT_<V(u@X%oSdQv;nQk5m-G6*f&N)3F(gfs(e?%8pSLAwV>Gaq
z8P+-uYsFySp#z)iS7*LHAYULpBwyzMNurKV8oY@bk#_ft<~>GQ_13OKAK6L{|CoiQ
zbk-E85tkXDe^D-a^you}=X9TY?Y&KHZTp{PzD^0ZTQEm}R@DH<0XVx^I>Fis7Jx3m
zUyx#!Vyt0-edzI)FgE=5w9_jN)a1UfxUXvqb7yr^l1`--&sWk3t&ix{n#3KWv=w`b
z9-6$Xol~-U`?QMsZM*Gf7oK|PNS-O$9K;>L6YTD+e<)3fj?0M&nYf~&ZRugmJuU3~
z9AFdzo)a`)FV>57F64v@qRyQ?<h@MJnQ@3Qpzk*@J5g&NwQO)5xz9TZ_A&+b(hGT#
z4xZ!d_#9T_c*6uWunnwhi0U21wAZ2FT`Ox=jOpoJFw?46o03Y)=bYZXcKQXx;g%gc
zYudf)fBBBHeI`$(BPuammwbBZ!uQiGd@>B<Sqsok1D+8?9L7^b@rO8rrA(YGF}R%w
zo82L(z&>iniYE?q7&dKQd#!EJwY7~Gx1g~9ba<~x3JaXYHLF)GHr8<4X<^0w*H<^)
zJauf{v4&?*^jTEI)Oz#!D<|K|O*;7K@t<&he_I9-z#-VHfYl`I<3Nu2rZ>qyFd1EF
zJF~XiR^^Q5mKlG#$hi_}oh$%tSp*ob0gP3Ik-(X$ahTz{&pZwH9!lwu?_gc!>U|Tg
z9X)up^Z2RMvOk@^)LGq&?DMndwzl@U?C#3Z>!)`vGZvD^SM04`@zT??%650G8r9mp
zfANjp#-94qH#!$rOr1BkBDp<@`Fp{k$q(&XP*apT4QM$Ac5?(UQxYbKXRt~3__^i@
zh$IPAMHneRRxC+7m)(3P{_&+7ueC0G?TL9?K7MWAMbatB?Jci+xGrasbx9OW&OwHg
zEgwDi^xC6qjt~5m>3wJ#d2ZRL##{6EfA0SMylOK*J_UAX6Lkvc2-Xb^vpmw_R!A3!
z_RL8+x%f(*@|z=Tj#rxNZ{=c{*Z`LDdFnK*roVqR>R0S0QU_L^_@Du$PG|cU&i?7A
zpPNz~1ELQ(4O9>CmG8HvxX>KWz;AJ-dd7Y~7UYB`&U5NG+Xx=El`i~`Q#Wvpf7&zH
z$Vn#GGuCRf1??EmB;XYre4kM1;G1I!D~^HPfxyi#2Y0vPX9%bjk3XD5uf_B2<r#+l
zDK*U*R$W5=<->0_7UhiJoFfm=3}r7lw6(i8Yw3=$Ho7y)V6QCcJ~6+xqj+cg!PVdA
zB(dh5jhw?F>pul}MB(Tb>G-S|e}W~&eiAv6->kCq6p++W?{^Kc=~I|-<5bQp^pPHY
zkUF8#`}vsExEY^*fnK{&VbUb=X*w*zww2Q`@aU>BT$<)sb>>M(NE*C<#?e+RWTc;h
zF2xXuL<&Ik>jF=&bFm>Hw%%a$bPm5er`a&fPZ+*9pxdl%rk-A3(Af8ve^0!9&T+Id
z+Enf&OAa>e*uBWRke-yfW$UQRFEo#y-Tmyv>dPCmY9q-rF}V#ZTh5K6-TGNn=MtTn
zjxanouXSG-pFd(*`Me{Fftis9=2vW~;&6eJB@h#a0ad`KA*r5)2qBOp5EF9rTCBPf
z17;6K+rxQBqsjVoU;m#Lf6x8$(G|bz)wD8SpJz^<TXPnTcya5-1WBY!E#P)A&bQ94
zX5RbD^USxKx{t`7J@V5FgKwa!^F<12qz!WeB$<n?ssh_p=lvwnav+8RPhkR(ggBf4
zis+ry21OL!dmOT%%u7#RV&;6fwE8pTVBY+?zK8bcdZ^B&S~I<df4TU3=97!>O^HGU
zNQqP^FB*0Ug2*`o(6D_H>+n9n^0RJ7haIYu_1qpvbXY|0VS*_FE%YQxm~Bet(X>b;
z89R=-5gwQFX-~T?D<^Kwz#W?{QL9uNs%#v2m`Uz*#I<lq?`L}JY$mQLN*~AM)SHyr
zq^!lvle98CyNT+4e<&u7X8zDIS{{buAlN@g1Grf*ZWs|j%}VO^Vt+OPIoCbv3}FT1
z=)e!-DugtRO!;{~2t%}Ho89|@t;!f74ACUoZPYhHy*j^T8lZBgbSC4fD506^Hl0cm
zLDP2a0;<#BW^PQX!;S`WoLk&uAP32QIRHRftRa3u5Mxnvf9d4d&d4GE@=FDdFo)cq
zhx0jLR@Hlv@%DG`_^z*XU5+MaEGbltik9`<T+Ph8_M7U~r?<aR(mOLnDvhK-LaO$T
znRETAe_m!@-fpDPs@4%YqcNGD&NODF4ZirpGY4OpS`!g3*JGBk((*XaC?9L?JwmVu
z0Y(o}O84uue+xW<4v}+#Xo)r(naA=EsAjg=yccYhMwNFBJ7o8s56}}v$b7pkQ4>M_
z0j+5FQ&Ab7(>%ES9!b&TOw%v|cMO{bJAiGF^I->Id+1-mYG@zi{09I7N-RS3eXPUn
z!EJ0COStbAC5H9&IGVn@9`ByN3j_=SnAg~4BSs#ae?75Nr88@tCZ!=ViG{*7u}gcW
z{^sKP2^n^kCSklgw~E?51PSaK_XB`565D>i)%1ry=)Y23?Dh~I*2dvJ5sAaiX7v5S
z6E)t2X-=t&F|!z0y%&e=Ki8UM)<nqWp!lrF1cwHFYc6UpQ#?z4&4ewi1C=yIL>QCN
zTTJPFf6^Tr;U|7}Gt(&TMB(G(Vw8H&7R87H**VxnJZRl>unUL_k&=4ACd-WhsbVdI
zo3leVd*D-NH7#c?P-|z6Hayg^yy>we?PwmK*+i#kXHy;6`p_sLyLa%(N{w7*o#Uq!
z?^}QZCQrwb=YHZ~r9x;J_lFH5s=)hwBt6>3f5h3q_Q^!0kmjH-&~4P0R0Fn<9-ZWU
z*;b=hc>l$jGdOp#CV{4twX>+X^>NWAdf-D2dpo%1?!cOXwFL5g;`;~ac^Qs~C_pLs
zKKau>h$CzLB2gEWiQ%CSFeZk<Ws$}TKntUho|zt<&Mh0{Q=%b21FJcCgD>6%dotfF
ze+|YKA6uCDY>plYG}mIouEW0`_Gm=R=1&rFIHclVq9C-KS-{+3K4X^u`K2Gu&RD%+
z`ZF*6xOxVdjhW1Q%o|KQ+JG|9$ZMyI`;Raem^06;LJ24bH5^|Bkg(@XWOdDqZR*d+
z&br;ZNwnggv*n|MQO5FQ?|I<0EE0H)f4({U?xqi~+Gpjs#zwb4QnaGVIhtI^%<0nr
zuTwO$sZQJ~eR{#+w?%~^A^ZAjA1RgMy)rYwyLAw9h=~a<RuZGZU<w>F;9biIba&JK
zoY6=<-1_AsYna!Vzqf9xTF{Typa>L#Rst0koSnID!;EJy^z@gcz8H4uaHy8sfAUOA
zT23R1yae8G3p1U${v)%B^N(c*m{ZJiPp@9RA7y-ZxUV<hXWM}maoDo!bco&Z|3nf#
z)@cYbhq4Pkx1HI+xSU#HOn8*B%*7IiRRr|a2iG?qIF2GFubDZRDUAxgd}Yt_v?g)^
zi4ZgQeiDs1I%o0oMrPr|wV~uTe{^Ko(mnX#h3NC$;&6dZI6h*%Uf>Wdh76<){_Irj
zj3I||EQ4_<T*PjNI!;R_JlW8`DlzNxi)%~&c_BSn^NLy(4Y8TJ_Sw$Gn>}eJ=HS+{
zn@@H2rYP0A5Rjn6{=E~Ij>&SCE^eK^ZOqQU1an8kB%yb<Y@WQL-qC7~e|cs0x~eU|
zcd0Z<fMFKM(kZ{)_WMPn-!l&*A8XtAdMRgLm{B0rv{k(X`jO<lgq7vMq`2e~zA>Cz
z#$2v4q<IFuA5siXs7Tt`fU*FFz;}~-8erh~_yOAuepZ}(pNn8A5nvki4!Y?aohTpk
z<+YDLwQ2KlXqa4OP(_z*e{5g*ZaFXs8}pHxZttJ2-P*TvS>3-#$>LEo?J~^rp02ny
zt7P`GACNQ{F3bxF=;w*RPUZL@3DQ5jUy}=;69QWh3S_x1?ujDW70;MxhGPm>6=#tN
z6H~0H4rM2$<#R*1WwcOdZy8v^*<3Hv=pix=wi+DM20x+1vn|mse*q$C3@_4mi@zA)
zrDAxo0e}IR{{6B*r6!ZnUxsxCFwwjCi(R=fvP9<LI4}y=4a{^)s4PDn{X4>yVn%{n
zaay@rC{?MX@npCmCE0>Fh%`qljG2I=F<HN2;5^kd_&BF^iP8wp)fTH?;^mY5v&K7&
zQlTUWoQo~qxzwv6fA1`^DdU1fEZ!iv+@k?*u?PX;587_yFQ5zTdK>*wt!^Hh!JLaS
zjx~e%1_@!-<tCNLjAUL+Qbi_;L?Ic`Za1K3t#0&snJ0(D1?7+_%?^DCO`FYziA*Wl
zKhYXxRslXom}%r>&>=n>8$q@v){&E$BJ@1-F^XlT@lnN(e~)3jOPQ%8<)0^oIWDNB
zFsTS8ea!9n4^zRzaSBcDqIN;f%=4du;eX$vqYcb{X8%NVlH2YD5%ZoUufwqKpG*Nq
z!t7*E%wRo^WZ)x?o++rp*1p*HCAFG5NjQj1h<JvMOCYxP_^k?0t{k5FL2kqb;y5&y
z`)w4?1=%A4f3k4B!JRp2VNCoRU({5Npp9gbkxn|bXThlSC`pJiEId@6(bZ~CLywp%
z@~TtHR!kSGmQ5RJ&zoOuSlt>MYfiH|k}cJn;x)O6E1BOePnYq987VvRwxS6cD)Z#j
zqDchl8}Qwx&T%(DK7uo$duJ|yh~G7sXs1}LxMvo5e<*$B&h_u^UweG?q3SSgL{x$Z
zNiELlspB7iyxHZ7BmaHwn|Hq7-j|j}J^NUZI$Yo7jr0E5;k^3NsTU)`{1XKLu>>fD
z&y}#QldfdK=@>dM37jFa1OS>)CG-c&ANvfUGyNy*=JXh`K(Ehg&K$FE^^{SbWYqBN
zD~R`(e-DsoW4STOD4(l|DVehG;J`?0FXly_?>1Q34WQW;%nLu+B|vu9y{-9)ujJ}o
zVr+&3kjd9a_Lc0o`JY#MD`1Q2L?IGe!gPvAi-7ss%FAd<s?8sNs&jl>LFT}fE2yyi
z=;Q282R_<Y7$w$s{}z3a*Ogk)e)V^Mz<A)(f2B(56d@y`K?ZrsdoLbH79WM2)*1aa
z|4*p7xxap;MI-;+qlfN%b9U!z-hOn18?I_{S1u>hug#v_G+(y*7D9i#gZOV8ORF`c
zWIu$ZyaM8y1>ALzbKmFrvBlK8ocNGDaMFO^%U~LVkjb5LbU2F6s`P#oAD63o`svzd
zf4isFrX|NHoh2HL(V89g1y$xf+!t#$7~=A#ko83wt1r&Uv!ukhbkn6$d)tlNBAoGO
zG6mF!z|nM~n5esV5~gH>Z!Atcy*|KSp8p6>=|9Zp2ad@6XZGyD$KCTN_I!*t{0{D2
zRrS~RE}wikQAF{$R9ND?lvfYs6`D0Ve_K@7o0$`4PJ3+N(#leS*u|feoS2H_CCz!s
zqsyk`JDL9^+0vR{JagQcyz>?s6~DD^)vMWDUa(Rf!sQip^_`U&Q)OZ;pF?qjg<WI2
zo3_+A+z}CUZg7*vuF+2<`{yp$U6VU&!Jhiu!H1l+w9SyUv?y7j;9!G+&sM4Le?ZdQ
znEGyi))5G#{cK>v4Zl}sMGhwq{)9UqiKu+$vYb&}ky25JEt|=bXFEbDO`gp@twf$$
zz@%mBWf5T-wLD3LB-{<&DGTze8?uiv7ivHOafB5<3gzvXn3P<>L`}463<haPN;Q?~
zmr9Vp3=l&;;3vQ_;(h0Gcd>E1fA1cw12*vq>FEgx8R<(@_8ey9NNZ#;KSmuDCqgpr
z20W0FkdV&kyxQti0I$v%hZ?t=wW=^f7XZTF0-=rEjQ}nFXV8Y(K85oEpmB*A8HuoV
z-_^b2YwbF9q_|NRVO87%y^$SGNX%fggROUN=j!ziA-{&M*-Wl`BvHqLe@BEEB9~Cu
zs|WJ}OBQyStS{&DrL5#RhYq~Z&|3wE=N^YJCKaETga+x1Xv5g)Id|?%iM1J2S<Fad
zWE}H%m9?C)7U<=IFp*X*PY|PU?uNmx_wyv7p|WUFt0k@Je`Nl!P?sbMF&L0ss&t|@
z=Iy$a2xKsb1xno*DtAv|f23HCKgGg6f(!#(<*e2Y=fn^u3suR5%!m<IwMY}8juRs>
zcf&wVbxJf#bt-#TA<JQQ*E}2OU=6n7{?}&8Ul7E=K3N06=PU2QyxYwmCZYGS$B9Na
zODyfq>P7Ol4W-51I)yOAoylZK({;)aPNb>Y)lo*0^0WfRUY080f9lK?Zdav6WiMsY
zM>y0h6HQ@AmPmfl9A->to;1I-bX?jZW^T1s0RpQG*NaD^HC@(hSCJr*DP^S?C^i=Q
z?Ag&~4<oO4M;Z)~>EqDEN6da^!@fg7^L~JRI|JV97xfMwEe`9vM_wl?-M6K*Q>zdO
z?72+3G}{@%$tj;Ve^(&FXv+%hpmPDNzr0*pow11Nt<k7hjSH(l^A>k6W1=T0q5-eM
zW>j^kNbT1EA|HEIz$y$|eB=n6fCk=HDzWXANdi`lB;H=qG54*dZ!KtBe67;ek-KME
z<C3X`)XClbCl?O(9a{U;k{{>gjM%;CD)aH)SH5328Ee>&e@qGW0<3SsQ6xn><#%5;
zu~1Ay9CRv%85yph27&kR?3+5IHWqHISkutGs_R&ZJI<j@EoHPSk4Y*I*T+QAC^=X(
zy|OuLOhb09Ey+No&brat*tz1pFLy1Khgq1<Cpu&B(SpF<Oiih?MTnL%$7br&YDcx6
zd$)U3goO3Me@qF708FC;p6Q+-0$u@^Ot8Z0p~OQkB(P<mIwG7Uj6<3dEsGexs(9r)
zNcKwVWMi6Zxv6<X*WLp?=?&D$f!10_6itT<QbA5SE53c>b3|*kQ3h`kIsxpuc<J2B
z&VYR;p93t|cT4V}Xk$p)m3IyDeMX?Hr`J=IY|z)pe<gB@O)AXIViF5tRUurVUac{O
zAUSpN%{NDyP40YI{6wa>%miX!P_S~`v^O)#Z;hILx5@VbvYpNJ?!ItQ-hDxY4|&DT
zp#aNZ8lL5mn{>u`4F%O&&7>`Fyf~+-Qzusnb-JkCQ}SyXnU5`&T?^giPI0&-lsd^=
z-8!wrf07axZ!K)vzxX#XA!<~(Zo`<={E3^=Qfs;&RfdW1DVEIl4Vl5Y#GXZnopQ+O
zSV&Hu|AP$(7ToNMfsz|HoN>A=u}R;TXRS@x?CG&6<2jd@-xqjK)MdrTO=)sYY9iZp
zim64$7Fd@AiT6_52zrRi{-A1TSs*Ikr3(NPe`AA8H9<h7F^QP3EOQs-mv@_^JVhv{
zZbahr($sotoA>=aY$$cPFSl-8ANoy>BNEZxU45h7Wh8%;2U01pc>wcEfT?BQ*!U?c
zm9o;!W+6k#9L}P|=wy^BUjF_KWso2?86_sm^ij<Dc;=iUP9t_u+i0U!Z)13*FeO?P
ze;g*DX^uFiVDKx7>rM&}4q|1<cbj_#pqW`{JU=itL-T_g0v@<Wddd%5i27jXuU<)x
zFex(7nW7k3(A$?}rc|V>iD%x7|AhG$&HO1kB?EBa#6)S#-fz%T{TWITMbi{mMVZ|D
zEgEoZrTDG3aO&V4ve^3^MHV}SIF|(NfB!q+l)~aPBwGHX#sC4p=MA|yAdKn0*FPRi
zs7Q1&UZ)o*a!QM0jmT{`*vBotT~(CIjJBwx*$;2cvsjq-4UxwBmrs<8$pkE;lo5{b
z*!K1&wLBVdjEJ4}1oM2aoiZ3?BBgS|tFMk1N0>;1fh&ui=Ns(wU@Hv~;`e~3f8*CU
z#j=VwEI7b&;z9llI20Y1TP(W2To?0$ViQpU9TyR-V%EA(j!7@`*mS9JAu)x99Ok(&
zohn@E1Po2lrhLYMeu|Hi1Pg?~%Ltul#NdpTtMbeVPDNN&-5&B8ja45S9_l|4r8)sO
zx&PY$q+@e(y+<cUI`;Jl)gT!Be*jX;_Zl;#k(@XlMR<3jQBzBm;R2*${%)WWRC-4V
zLl3^EH*4GQ*9K?<r-nStz5{gzjx+9lZJ<<e@Rvgg7S6gB>$Hz{<`hhpnR%-k%+_{P
znP1vU9$2<jQ=eVk*uPN}vw1R>ye@Q%Y^C<%x6{L;Db&%vb!&V3)-BXte|*6eN8_LR
zZu8abw;xJ;3O4-v58bb{(YU~OA><zeFHnaX*>}GbdGHE(@K@*xM@)+D=D}i|2cs+a
z6D!}B=t_`;3>z8?lKk*t5RI;sV4pCOYNIM4BUiBRe&lz9eCIHf=wI$e1+`@%!9t-~
z5}#S(8QHm#9N&^H5QGZMe~S3b@|4_Z4|6->t<C9rp(rfVY|EcLuK6jWF|8phN+b$T
zPqY`!8aMSR!sok-14X<F@!|oX@+GPTeG5Hm_PZR<{V$k3Lz(ecZM0etDiTQ4;<zkL
zLfXiVx^$`~Dbr<iX~M$z!5J1ul(D;NZeupPQ|48wlKs{v>DRyZf8qX0e^1MZ5P>j6
zp-?1blzVbJ`cYF&c}Pg8P@xpV?%jEvE16dlQYU1>-hzTM5^Y7ZYNnnrBv@L~^&(+V
zP*$R?U=Hk`AP7EDkH6&Q1Veio`)x07BO(Uw{B4pD5vu}iikL<02(&rF=5UD^6clLl
zh*)GKj)LuV5H=`oe`r+^?L-S)%ZZu945+h-UZRWb83}i@ppAbUp?@kn!wMrgL?;w2
zF&6sT;Q84^4|~@F*A|#P7k-;zW)+N2XM458D7emJXU&AZMpy~YZzJZwN{#T$gYeV-
z%hTEio=+pHS=c=RJhg-iFtC9S*FpqQ4!un<Iupic60HCwYW`Q}TZv?1{xIl%*!Lih
zCMsdQs=(LQ@aNOv|9A1rpJo$5z$G#MFARaNvO@zSn0NROK|l5iVZbv4Sj57w0d|8R
z|I1*{bn&TcHjxXzdBg<xZG?h|ekh1I4h0dXi8Jtf77F@5Q6apSfv%zxmnGo}7MFC!
z1xkNrZJO?BTIgO{x=~t67fM@NgtE1QEJYR(p(u-pEQ5lef;*_AviMwv8Bz47<G7Ca
ze9k<Xan$F`v^ja-xk;fQGw<d8PVU+6`TpN`zU|zELKH=XQEMrNDkv@Xl%V72R}`g#
zPO7Q8&SYL1^HLr~p&8Jg*SV-;F+IV&LQ#K=6597K=vca#il%}oO8Zx6ixv#5>WTY&
z<8q4P4O3LocyD({*Wc{9D`4yr6nigpL}m!WU_BnRHNA_5SDKZg51@S<%F2PE&W`kS
zZ4IpdER4UhsAJ_~YCcs3W697~4t6Z+)~4qE10D^6zBd;SEgkl0s0%><G8v}`FMNOc
zzBezWI@%+1ehN|q5k9CRU)f5?{foYr|K@uGmk6)%2Vib6H=lgqE@ZKXY7C-$Z}@tJ
z*RGFDecHI5HmVZj6nNs655x4)FH?Lfi2oqp0u!|UJ9CKYp`#F=rh^zEpHDM{b7uO3
z^_6ZVMXo3K{kQ~Kge-cgfI>c>4<>&e<5zH;@dQp3KlKDn$_eTe?+)rTESEfeHQGsS
zgRxmqVyDe7g0>m%EmM8)+$JbyC@d5U6wj?J5gOO$-{+?T^H!5P{|!pSZ=llPUJFG5
z^%UM$lu_WM>Y$`C3DBk}8Ptt1rW4*vrNF!dXxG3zE4f2k$6HGE!FU<eGsu6Muwzky
z^`m|vV~)P>y8w<>cs7l>m#Tt$HQcKKZxQrYLc0XykV>EMy#e)NsHX`|P!*&f#>?QY
zhf)R4lmpIMc#h!6hcOAz6~o;GMGWK8fVjzyMZ-7Z?mVy;ii)R1&=W?fsT9gc*{EzP
zm&&Iasb;F38letRPmmpiz0-eF=~QN5w2&L^@Q?bwy6x5J>%5JA-Tq^Q^>zfV$EbIx
zpU8#cP%_Hrt{$`-eTaUf)30B3+|>iuV{m=LSeQl3Y33h17w;b4xBOUsBmXJ>p9Q&s
zVZoDvZ-nW>Vd0y?iJ<(Tl|gR@y&Wu`b|u2KEclt=Z$nHWT_Hz9MWKK7p&LRkg++&1
z!uE!J94-!T3V%5K(}?7VSrMBfUW{ZSTO*G}zQsxOl<#Xa$?pdVf>tB7POsP5tagi8
zCXE&f1q`_h)GE@42GWIktEshYM!VS-uX4AyyWQ<==<JdsA77kZ+15U@;_}DC_}%tm
zZe$*;eVTrkc@fqQBNl&v)Xa^QZ*I)Z?2T^BEvbq@Yt7v;&3UEearC=rUAZ%_agNQ<
zhS#CBO&QruZJFv`ST)&qmHCk0ODU)%ijqszHVaoQ3=72~RdYoxVHpW4VOttDA8~#9
zbK_VO(l?AXZF?l=%YQa(Y`~wk3?p4O{x}{T--tBp(NnmZl=Xl3la06u9mh?y0cnVL
z*+##Ip5b`7g#%~C!syv~rIm7+u%<Mpu(8!{m_weJg?s36cmk{jNd-c<#G)v<OfJ<?
zVi84;_huIBG8)URbHB$=p(=jAvAD41-c$HL@JIMecZtnhi+(`Gr~rKjYsJD^&Hl9{
zHoF5Zv53~|^frGPSu3_T)2;U}g{tvWxX0)zY}s}iWrNn0a!cWG{4zd=B?MOy-iLmT
zER>vE%Wkvkb!wF`u(=#lf}Y`pLfG}Ngfv%US82n@6L?>``Cy$mI7ldN%`58KIDFq{
zu#y=K(W~e@VvC5ivGgkMS-KPry+f$9_`X5Mkd+FB#&mz>p-MXDdpsQ-$jaS3p7~_<
zCNStu*h|2K#L+UD#Uf>G7Bip|TXh7UUQ6$nl~g8q?V852xTs8}Wo8umf!{lEa<wO2
zt4%IhOTXG?VwIY!1Q)FK5Ud88%(6Br%4X%3uoLdco(T{OOFJw~&Ey}^(1G=B56;%w
zKiRS1#Jqp9Zu~gX4iu)UG&1xYGVWM-&x7HwotbxR=Ef~&@pDmW9)gzjeZ_2r_0ynX
z%cG|+4~z;44T@C-3`h>#m_f=qWLnZxu&QO-eC>=cx8D20>^aLu@ozDHyxLim#wLg^
z%r5JDjXthsoy&6SR@@(c?D*qL%kQx{kF9whf9QWq&NmiD1RY$~vgI3Mtt5^;0SH2<
zaM(p;5reLaSuyKi#TI&O<jy<scUaniwjv+1aB|N(_%h0PhbF?MJYY4?KnzonJ!4oQ
zPfjrN)KhR}prL-i8dfDlS@dYP_fHno{Nldt7(e)Eb6#PZzNRBLJxM=nDL#aMRM`0y
z7;k?HKe*w->c6bZOV3IxQWmF*!dBLw{seJ;<r_4~oCiIS->eCe=~~gisX|9baX>qm
z^BsQe=<qJNp(kMT=vCezvl%o_2z;|r?n>sBOuR@6vw8jN>tWVv-`C8&U@a=}#>AIR
zZIM74Ex$oDuv-Fwa5|FzOrc{Jvc08tZM=UZ&27%Axb(vL-}FAvl^^A9YjZ<EFAfc!
zTh_2~O@b^&q^h)M7F8E6fBNi(_QUgw7EHnv;`Q19g$QEiY1ku{A`XQ0Q<sBYgX$p*
zlKC4Jvx751y`Ev1ddxcGjfy^;JG0G$zLubGOAM+!?_x!@QYN6|``*5c){hmXITe4R
zAgwmEb3ZS8;`qZUNqntVCQ6Kw1Q-2)u3!U52Q-r(0lTaK+L=IICg=1Xtl_#%*;vjP
z1bos19YV2K7%j5|TFiatsuqv#!C!c*+uRC8@mzZAx91mc_kOv3(~Q!wapbVqY?{&Z
zApMS^V9w5cU8}U}tU+e+pi`x-dt`s^{C!ac!!0dKbCCBTTxqsDN;lQD@5uq}tMz>e
z@vNVdh*(W5TR`LzMd&)D0@wr%>{XP8m<{RTH|o>>y7#X4GxJ+7KD73O<x75k<oEd0
z3%^0l=kGh%8mlx3Aw^3)b8&q6p0m&65B4qIvTQ~Flc?m(dDQw^p2lQ>eNcaZEbicB
z0aCFLui^-ZfXF~Di;_l1(BS_Va6E)6@vX2QI)%ZN9~mrjI}LRE5BER!QtSAuTXQ$G
zh$ITjv8I)?3VUW~wMywi=FVQLURzX)&%ATr_XpbJ!g#)k&+2s{kxL!~_sxH3Bt41P
zT?%AK{{$3dH^c;kMXWZ`YQKN8BTdGy3mi5=o}eQlf*Ng9tQ!{TbYYb}9TIDH?JHlK
zwYd`m2A3u-B9tGZ&=nbYL%M{8^Rgb~Vedyr9`<Gr-*3U|7n_x*pT)IWX@n}Khq<#=
zs+PoS@zAcdiBW(EY=ieGAW9D);vf;JOmo1F>9U$aW6`%PsSZ=CC69mg>*XLGugi~w
zh>Eu|C1UBKoFjnaihb=OZ{xX9+(8611%lM^=$0`>B#}y;?+bwja(|0oA2gs3^prYG
zkp;B?9T5{BMd;f^6dQ1=4*o{18~=E4@7wjQzr8nefnDawRMWf4U83Oi_?tcFd>0%g
z2(+QQHvRRe_>5@K71e*mODFN~4qw0@Z<R))xEhmAtK}zYBxU$Nvt0{M_HR9j%;-^3
zP<e`z-~){jM1zdnH^-%$#3Ci0g&<^q(R1q)bjGdnqF*QV$WZjTtk{`OUrf(YLyOeC
zIsQ7m4Y%GZKz|*tMQd-gCdY2n(NVv~(boVwsGs)Vpe7jUYqx*H1X#7VA<Geh^<};<
znIB>OR1yWJttXi7U%|Z+w|66yBQ^bQdX6SGGPLTAZ6~iZ<mJ{0d5$<;Zd#Tc2=b?>
zczZ8Awc^=DC5=_icxgzjI8G9uKKFh413zuhT|o`db^&eT+$@}11wV>}97DI^HvkX$
zy{%uZnAzyl?wNl!mp9L?Z^dt!V~WeY_0t6LD-Xya4E?+?P1Z<@OKZm&kN4yngHo#%
zB+62U(WX?qz0Z1!kfI~l*af%+?U`-S$wC>>uaxCPm*5D`4+qRzXfXe7KjfT80PPO9
zOjJxmbH&ANON=^p-W>xw7Mjo}SaX~0In?Wn2(CDKDByo}guOu1PUQ5j^%AK;yX677
z$?Vf{F_+O|I@!NtQ))@--oM9q|H=<<oQpFe3{}aYGz_NEspxmi8o<HEbWg6IrnTQq
zr136Idb;H1e61EGSxupHn3e?=y%sPgKup*J7+Hdm_&y;>BZ8KS2`E2KqC9#qejCE{
z0d>Y5=(T?a7pt1=@AoKi(&DCsw4ywI#pDZg=}1~O4Uth@J#S(UZ{g&TWwU@>%K-Ch
zja@}+Nd{2^)cy()D4a?JdKyTdg*2<w>mZHht4NCO4*^j&5v^n7;K3i*^CsSf$KQMy
z?MGQJc2tkd-nYQhG{0*<zdZ~O;`cDVh$sJk5ruyvBidE*%0u`Q{K%uj<^mM^N9YS3
z1e#Xxw2uIXasId$P|#_SSn1D17;zv~RMRO6PwVy2Ta7gM=#GwWSn<f%*ao@>Zzh5E
zM##PV(AdkW7<#Ywd3xvGJ=+MEcsu`l;8MnE9dVWrT_L#Yxw8kWB;RNnyCmW<SB&S!
zlMR1+R=kM+Q1(Cg3fc<?2q)T&&*Q;o=g%5#*t2)`Xyv@Hjdus->YhJsMI%UnGSDtO
zfZxS`$0L0HO9$|0_~`LvOCLeysAT*MkvF0Ld*EG78E(&eASD+D5+cNi138GARs!?h
zvVahl|IgJO1D-okNr588j%VZYX6HRyt9O4Mru*>N&EhD2VRZNWyd-REmL)M-x{u!H
zebTbAfB*f&BKmw^@K}%xaqkj;2EyfK+$D`BK}OG|C2Fx{Ds$KAjr6o!-ocy?O-cA_
ztY?KZp}=(FTHP%C^QD3%4H-#s*-=_;`ozw~8!f$KXOA>qd#)(Yv`G<{7!IK)=fr<I
zi%Jb@laZ}o*4umciJ#&$(a9+^_0d-&wHYn7g>%+E+<xS$D6CMK3pmR_ZebudWgt`1
z-!3q7_N*53!!*jOVqJT;+?{RkX8XPO{4IHnavdb+JMS7|qbB}z!y0+A?AqOEh)5&D
z_XYnbP%(1ZG_W0T4uSpA>-?VShGTyRE95p#m_fg+u6D&b*328+U#Uwl%t9Z;J1fND
z`9EGcJ#WK6TtNfBLd#|kdwZW>Ue)>JM|8@Zsz|w3YcwkByxzaO|Fo&#&By4y%bY3%
zI7DETPX~MecUA_Eq~pA_KW&%E5#p4BAmTq=mYrIM4J<a*JFDrfvL>ZmWJG@~3d@iw
zlhR6oaG2YCcH&2#{X%gt<i?Q+QJMYTxpecQvbaQJn3#B-DBqXDYk_=>%P<JZ>r}a@
zg(R@=Tms^cViJiTf=zf$XN?v(aiboe#@n^HsMuaWSCpDEQOE~bMss04z0;E@jWPWE
zsalj(4R9EZHtfEM!%W}gZeD-gu@Zq+OY0MKquxQ9-m$zIbQgsPS*d)vcMa`nDT+@q
z5nqMKX&+7y6`bYxrSeP9Jtd_8K!0%KpLT1^1NdWEp}oQ@EambDe6GE!klvc$GS&R_
z<D59v9KaQvnEDcy;xh{^*E0tZ?Rh*GX|*beW+%=^`*vq4qGI_VG2ef8xP&LcZ;{hJ
z1E($tPdD)~erp5Rc&qOR<}>C3$TA0VjX?O<+WaT?n-5+76J|ik9C9vK(2E7aK$bwy
zJh{21?+miZ3z7>{<KlHQUHP+@TpHZCUmg(>9UiAhH1`+Rw1lj3>DgF=dF!5q)%_>8
zxAi$v5~5<HNomQMo(g}<j147s6s7LL4-~K>ZA_WF`~l=Ft+hLhY6bB~X}+sG1xQs+
z>4|LxUJCe;fH7J9fyN&X%~S73(5dCy=AD=~a%n@wa_4@PFeJ@_#snc1F3ZeJyS@mN
z-Rm8><MQTx|J;ya@8&&HD~VUoTJKRj?=H1#X7=M>d{~nWJ6eAQr|))<lp5s3F%N#l
z5jcr*o=2~nQg}j~DM%`MedwhxdPYCmdD4^Rstgv$<w+STYyC_|d1ll1F?X&)asTn^
z&Qs$p&f==B{McAa<-xJ<U1>((vl{sH0H28g&kOv>rF@&;il?@MV^?jHaAc?GI+*ta
zL53{6taPa4ncjc;-sgJVy{_P}jG|3t{n{9<$!d@%H&yW~CN3?CW|cg)^8SXrL+gLN
z=Px7HLKN38ONdYP-n~6K>7m0<ozO|P`mr!`fp012&saZq{_Q7Nq5z7}I>o${nd|ih
zw|F{o=4YuY&aArJ-{3v5{oQM7tyFDgUFfG52kP97vi*PS4y}9jPe}Uhk;5yKqAbn(
z)!f@H(9R<8?^8TGz*yk?FIL+uHof(RsEOSDTPu*tr4}jrJX+b{{e8YIdh=#<<=N2{
zWx3W|0WVA>Ptem_A@5t!76W#yL5hqDddqx|X~%1=S%xAz8yqi=l!ioR*iNmO54KT>
zOPD_Zrx|}#E>%Hzm8!YG!m&!MRAzCQ<^Fh24m7Y44*!=wXBPVBm^pBaUl#%`9en_~
zp2?KN482+=SYpU^<UR3T^&P#l*BxJTxy94AzHjN>E5A5Bw=BD++MZKmP%i6Xoy&i9
z&%sE=BIcpN%w)T(YgZlLm7+1y#)6Hr?_o1D8#8~5Gh+*uc-CiR9$L8Nt-NJt9vB)t
z_)KBO#P{MPo29PI9V<?h5xJH?4wE%?S`55NBe^Qc&Zg2uh!f(ecO3pcFr*8WYduY?
zQ<8JB&Kw&Rm8M9pNRO1bu+9}L)<fFn{i@d8wdoMv)o&AOG(tA68yy~Yu?`Oo?TS?e
zX*7QVrL3QMzRw!O<!^A>pw)0<4CUTaPk*0uGa8_*D{PrlP|(tH$>_$yyu@f@5r2T|
zC@7eNU0y|}gQwBZDtRZZf+|^^{1%10pgo~nT)264;VlQ7z`4f%@<#07NOl!8x8&!y
zG+z?OJ}@%6EH_1$j%bl6R?Z4S5QEY@{QiIDe1agq8Rtx9Z7ytE(p8#XXfT9{q(N%2
zI9VH=J0$;(F0$sEgj@_L2D#tukI+c$2m~PR@FJ81ULkQ97@_o5{?Gm1&88QiU*)uH
z==o%0tjdZLlnJS4bCUCLLO}SFV;>Y|D-@a_t(LK@?ZU5Ij8TD5Vj|>uDAIMD+me6j
z^5;&(v<C2q{Mp>i6rZ^v>57Tv*X7H+IiHg+A{HT72G&tRBAVX=Y~5v08*$q%@Z#=P
zw79!F#ogWAwYUd&*93P6?hY+dio3g8ac_Y3WuE7}XXebDnS98H$YghCGymQDx_<9F
z-BOc$n2HhK$^YmaMO9~EwcF?_|I!F2<M&`JDOtdt&q1~DqexmIrYu#Cvs$(aZ<0!K
zJYKcy>*+5pukf32>2>*m%s8^bBslwWZow<|CED|sJpjqY>zJ84ST|HAM=MEE@E$IY
z9NrF#4)MDPe@J>Oao%QBtm%FqyJfA#^tc_?kGYM*lB(9uD9%2#-!QW}+L_+jLdm<Y
z2>gz-Bi<#FiXN-#B;D+azBsUrk(@WxY@edsSY45+=Z%zN(`w!jTtQ;$yY2!JvfGA>
zB6oY4HGrLdOAtdcV!k;y_4!b#*E;|4V9vjF$jFwg+FfLant}b1uIuv*3roEAQ9ISs
zurZQ`gmUtPFZ;*sc-j~fP0*Xyv>teigC#3WeY9fRIgDhM!A~akc_z=LXbO}CLPH^Q
z%(<5`E#J7X1G?%O=68o(4SEN9M)ANmQ|X8%1OC8pjL#7&EI=B5wg2<e!t?PQ*8jHy
zaP&^Z;nohRK%J$=oS1c=evr}f(5vu_R<!!5SuB0Qrw?(euPfX4RJ}Zn{ur(&Mz50k
zwzOU2r?1h*AY+(naJYD4e>}++vp}NveyFlT+haKwQK?-YSxdjI7Z;qkOnS8>zlm}K
z00ga`a)z^JNKO*MGBd1rnKR}gpl@n)i9sN$&7r6VbzK|CEt`=th9Bp5VG361YN<hX
zO?>?03b@EqPN3!WwbS!q&qSObG>GxL<yy49N-8D31m=!_#J!`{?YF?`3Wp%wv**z6
zKgT#|*ASUch&&$e?2_&YKg^?s%^-i}0NPhkgBcfgH1kt+>)X2~d7sC}^-{;(im0jh
zDt!uzPeTKk6!7-x^-(?03pciZ&(d3HZg*A|JNPI&R1q#EBz9?VDJZ-)+jybp&CAHR
zf73g84c(r)cmMwK?YoMSbzq*6oG@*}z)awiewm6EFkkOA@V<)Q%4$keT9{3A4saIK
zwwy7`5KzaZ+eZ8@xfS>gPoL`xXO7bG=jRRSAC0ho$<J4Qd_ucgD&8J33Inzb1o;?0
z+Et5U)Mb^?b0dxE50Cc}?XT&qOkU^#U|DF64~<tc^XX%2WW?Yv458b-(CoxB_Nemz
zC8mmjj+!qR=n`fNZ-1+lZ-(^q#R4qnzmT*M=8fhRWJc~JREn(@C57Kd>t$744n(Kg
z_ld}>I<`T-0<#;x#s=yBQH4qLln7Vn(zJThdRR!J<Xf<+hg2c`7HfWJ!hcYYlIgN$
zrk*pCD72-aO{hy)5J*|HQyu!3P+9meUGiniRYNA^SSHr?z}QY*$q)J4Qxm{lUx3@u
zX84RpIK--Fffyy`M>A;VV;M0=v$i;cXEx-olH5?ZO^QB}tn&FqU-AkFpF$?AQ3z)D
z157KcE&D5lkt5|M{ffW-TqSH|oGFfiyG$;MBc!QY%3E}|*-t4*U@DkLTPfaVo%WK~
zw^iUKUnb0;QOY3J30s~-00of1rNNbsi>R1-8t}A-{t_r<k3lCn+R+a)OzTqkH*@&Z
z{=4fqjO!oLQ`eWieF-XvDA!t`T`Ch7hCt%l&zH(8B~{n0FpU}kg5sj0(a+M&#<F5Q
zX7F;UIzLbG55ASH9?Vw^>D+k~-enz(<w3lCyrn}835ar1x{1|7hpYhbpR{qGQK%^q
z9Qh3zH4Xtw*9C#e6+S+Th6hUtunTYv`Ev2u9FOPYD%2WEqC)&v|JXuP94P*|?ZQd+
zCBM$VfT>1LU!lEnkV|+G&QW>3ULr2~X>sxpR^5Z8%8(Y}v;-MT$ikU7Q3)O3t)mS@
zmK42)`qGF>;EPc;YpMW0jgpBC6pK{)g^B<ad_#y-kzXA@U9}XsLJ5m0u^bs}xm`!C
zP3-lc*enmdP}b|pYYzm$@i`(w1kK7RtI&S*8Zy}a`!d7OAO=$AaeK&uZ)9K~R+|dB
zP)5S8ir7~9Od57eQH`*y`UlYP*09W@q2qAWs{Q7;saG6T9p0k;3vK$m@~`2c<=DRx
zmsfK$0{fW#(G!%nQW~do46#t6uwbab=&!`;sTrU9OTnM-o^V-*-wlyMO|=F(qA2O6
zNEoAq(D1%}bOs>5vyHfYclvL-eDyO5E*vL62PgY~B{d#?Uf%yFV1D@_scFjgUuP^h
z{V@9hJU97)P4XC)n24e`mF6^|tfg((?B7xz5ur6N=c?%MT9zu){IS$>^1l`_Zz<Eg
z;FHBSTipzJzUl#NKKsq(fw*kPU4xH=zJs{3P(S=M!BtfD7`^TfU4!CP;nOaFo?+`0
zS&))n?g%D?FYQFLmrNEq;~NG{qaBx@%YBrj%e6)9%^UrvNJj)1`vxaz8I(_6LZ4cQ
zqJ+_(8<Nnzq_uxfuOgy^t3}bpf*{`+@!%>YkX?<6B?^C6*+&{G(2H?4D}XNY#qeWA
zi7-w=DC~cB=KSk2|M#}Yk{h}gP?Wg%n10e+M7OuvXHo(i!UkiOMD;l-@hOk57cE5l
z7j)w)zB{Z4F#+m7#2>wc5p<5!B&rFf&{h$q;su=KqbmC?HIg$f!0j8Dyht%Rn%!xg
zVxo}e_vc`tzrXpDXQW(He+h^D7><4z5c(x;M$r#k{Fg8@sgd*c%|<b=2#|UDVHTud
zgkk(xfKqm!N%>?p_O}Q1O`#f!<v}V$u(d<pwcV;~=FoQ)$z)A6Lq^s5H|87J=yT?v
zz&~yX;1wnrhEt+aNGR^}V(O~wz7aM-YG=x@0=A=EMrtQ;_~U{Z2DTxp*4iu5!FQW$
zHfSt=OkgSsuw_Op^@Jdl5MVLO15PHyfM#O2{wkKvp+bHc`I>kb3|%FY_$gH|d=}pn
zwc;<+U6EfAvRByhW}iam&`&eQVr}UWL!@oEn&wMAcRIgK7#-xJHUIgK`akr>u+uKw
z<#6HRq(hY1<RW&%XOZ3A*RQjI=++Tzag$u1@WTjU@ib#IvqF!GkO182SPw-A4^UrX
zLa<T@zaWI6Wkbuix8t?K;DEhC%rRlkZf|dsN5ozaZV>oipG6mb2xIexz;>cFHzIfM
zp}#O2gzcYpzVBgSZ_8dE2y|jSr?~NMCtXiR(cM=1=6y`cfEBBr?Xdd7OcV$A0GKA0
z$DFjsxHbg$cpIbWO#njdX$v;%ojuHzAEYXSU7K`%M%&H3S;BNkbjQYdOBJYrXg%ho
z>^(MknM~G=B)kT75{V(5(c*el>I7q%TjqCI$Ld=z7>LEczBaM5*)R|>bk#;M<`{=C
zGG!I7uhATKrD`x{sb}KBEjF<?G#cq>(=f43hChVCXI7g-IRh$fGU%Bd67|(N!*fP!
zSR}~mb9WXO8$I_1%h8mT?+JP!L_`pywl-eJp6XVuC6_iNzx?W2rSg__Sh82SecE2k
z83PkN{Sc=3!^qjK$>pkzYVVR?_)H2Ft%>Rq6J6AQa$0e*3XXUZW7rd6E7qVVvzR7`
zo4T=ZDq=C=<N%v6mAdpb1mo2wxNOdb23r-?WqbFQwp?xJS$B6bV<qEJ)7CkEA(1!W
zW?KETN#tPlHkm=TJSs;*JI<_$pKUGiS@vGNlhmea3*A`>{dR8%{4z4GxUIG8eBRd5
z%FZ;J62A6Q3ew7T8s+Q1pqX?Lg{Q}OYig@%eLb$iI029QUH9kQ<^DM5p+|}DjB8&N
zoi#o3D+0T$LCu<Nh>w%>*}7Gp9@XV2HuKzYGjn@`3Vwc|UU!`xMlaW(F=*{d_ag{2
z_XK(Bc@~~7_v&GJPPd=IrNnK?*>F2bY$(SbPB`?ZY9`w;TRfe?5_gN>E^Kc=AF=+%
z$W^$*Z@`G_ZcbCp?u6xCeN6)|GNg_g`%2me1rj;#Zd98?O%p0@jZ~1LfthUXxOB7B
zG-3E~pYyx={CC_5t9o_@gJXQGk#=JK1knmlmJZMQ3u6#RwK&DW>Y0}Oqmg=$wXvr0
zT&+TIXas$Gd%5jd91oMi@s#Wg=CmUsqyC^D4L}VC{g8(z3_srHTGPd4Rc7!fi8r>T
zLWzy<Hw?Z-S9iWiCM~Dd)_V0B7ImNTY>W(YJ+-ZpG(MYZE$zsb>W}pQ`T1IlgO;7l
zzwXSxIFC8%&*SAaPHh^7mgRbJS+&<%tN^S2s{URrrUJeO7e7D0K06cdq|jOy<mPS$
zMgUz(I-f<Sj}j6NQFN#+@9f0GZ*?ixI<cb?;)|^gqafO*9~P8Y($qQVzWY59AYLd$
z8;gP|1{)yE-O?i2k7=oicg!9$??26cam)CB-mLLjF00GYm}+ugkLI^4&POs8Gd+%s
zC$c|h>v9vYsb^==6A%zAF-{ox&$hzF69Dk5#ynZ{=o!;Jr<n~_%FeZ>Osm=%4VEVh
zoKv;9ClpUu9Z7}CwRCuDsua4bq;!nS=(4It&HJ=&FwVyXJPw=RYn9n+HE_0(Y~9kZ
zV55?+_cUN+X&en9)_2<@anc643Uguv>NYK#pHOU8s>T(MmZTRZGI_MC&-M9g+W=zi
z3mysJRtxE5qq!YDuu+`Kc1dWGMqP}ZX<Joqs3||-%zePtI*70&R!6@?-r8E7BJ^Qs
z?<3nsLKa{-*pRw}8!Z1s_jys-R~VQZ{?h}QK1(>gQeI_$>SlFCgo_bRyP6hx3XH$R
z`c-7%By$?5F6iSAt_as%&C1431|VTHIAPAXYUwgbwN0G=ep&yc$f#I3Q>DkulKJ@%
zr8;K}9u<j+UoiiIpB*UiLbZS{+11^vhhC^uno2y<@2R)P+2VSEqK6_h;u5ZVq22eC
z(<mPLmAfCoShcerU+p`ps!sDR#<Qajy2Hi~hDjIYl~j>^8sli6Lf>x#@BpKd#e1fe
zWi}(d?>6Neh~F2USlGbN1$MlJyUPVV(oP!L3WDKG+>-g&ICGe5x<$@btI*9QP+sQf
zmRdBdlc9}wBZ`I>>wYNb8H{5IePXB|qId5BBU5#a%X6)h{)!$?ybP$1aV;wSa-)H!
z7v+HnNksfuVn4!T0QET`5?~(a#3YO-(xz+uJ_bqUp*!1>(%`sN`gtd@pK(lrTDTv6
zBzxtDX4xYuL-W{|6UCEgjq-bihs|YWv61+0DL;H7An5{&<+s@2y64M}Pb6&$0Xfya
z6Gbw_7wVJMVAFZ-#z66OK#kwy+?Bt5(u(Ett%3|)Q(D<Enw#fP6rc$QR>u5wb?X$|
zWLuoqO7LXVVZ)N+ywfIbCtg5Dzm!IjpWZ!-y7O5`l!;+H#lQJwf4?@XMdSz;&E1?k
zq0alk<RoA;_#yg>71-;tkAb*wJ%Ht$PDBXt=m6t}J{meXvvDZN%zZS8wo{7fNmSzM
zxp=vDWi#A_S}-5Z0r32hgH(AXzt#^)GF)x!@A3;88Vq_yE7_hB5y=gZe!ZG4y<0nU
z&sA-^uHWHowfH%UFVe-wi|!01fGdEMO+u)>%k_J~q4>uQi8j8}vnNqvzGb1aFBc{{
zf*CYt9g}Xm_^P6o5ge6^5C6m;D*fq`lr7RKn|RQe969Wo1>li7n;!~^Cs5BOb(Ai?
zv6Gcmzd=J8f4Drr#&6+bOro{y_mv}i)%4Z4JcV3KiAy2#hek7T#RQ85OOj;<71wq+
zUVqAy*{K0CoR}gOZK%x^%PhgNxPM=$^g!HW_}NxI_4uvf^meNb4JC`$s)?GV`tW2%
z_m)S~<_>x34e%#zJrXtN%<0M_dFxRzw_2y0zEH0>XLUxpwMfM7iR)FjV;qLo%02i~
zu(hn>`btgt?}z>M<NAX7<8@AHk2Q<*_W5ZabUry_9l!d(f%zkvD72ew2-(z|pL@K*
zdau=XEhs)qdu1G7Ip27tx7BYbF3rNPQm4y*Eo?3F9*~`(dxuh4PZ^l{EYuoy8aZVj
zS?eFb8`$^E!TFvn3yOU&54};rWVpDa7yvicFVROPG@2FR@H*+W%=PSrrMKrHVFg+!
zwagu@({HK@9ZMDS`SDS>rmLndVP(uvA{QVI8i68B{LO|4Pxl8D=NOWDjC6~cVkBJ0
zmGSY;0XqS8W?hWU-N&U8cQ&&UH|eCgYstm$E(PXHkt{IcT3IY!&QN`TDd|5R4ik<{
zD`3XlEEf7y-b`Iyd3^j#Hc;LC9+}qCEJeLhIoQlr6%;&=8u@WLmX1WJwprm>oRnIq
z{(W9;t5xOrGiMxxI-!!w=VSg;$tG53zS+tK5Dd0CTTP}xIWyL*Z1iiXnTW%mI*en=
zp2Y2Rp)q2k(U`&OC7-L+2)^mBZoZl2X=_8kW7Z#;ss2)Bs`XLvQ`AgAp(j>aZNltQ
zo3F38KyJ`n;+^%WOZ#UzSC?R)W}P?D&o)YaYbWVM6;1VehX$}gT|K>K9rlCD13Z8R
z;9v6={ul+~MmqVS2sz7vpx?%|F)1kM)`ES0qCh&IDt=DXAlqv3v1-;u5NEZ;#Y@S|
z+#Mw?@kkOA8;oZ-Yq$9;M>5(LLQ|eGi)%bm6vX1ctq+7x#3upOm&kLNafL;gUYpm_
zt-lCKRq)0B`rFj$iBC7K;DWglqjNn3K%jL$4kx0t{{xF0=RsLLp)K&8vdR>$fiM7V
z3ap-m5}=psJkF?Xe6SC~BnyvQbkt!$$f;4YKgb#R3#)}FRJ(7mr0l*X5iAWSw%A}?
z>#@Aj;}!qvQ5B^)O6+^v@23gYs)}HV(O8}3l$Oqvt|#m0De)YCW6)HrtY3Zx3<Qkm
z3<V@~$8`ZY)wDb`qd6u-RG-Wu%{c7HPg!f3tMhs(@LRoRM~t)sQtp|*x=kX-_mtH+
z@^}!iTpP0z1H+LWvsUm}YK%Vx%<kijR1e{puGljoBiCfJ>DPku)a5?G?Xbs4xyM_A
z+$96HG~^@Y=u9*CdTKje{FV{`RMQQM_4Tzbni*LPhK$vo>k5>Y9}gFcgFiU)$Gn{q
ztk2k5`kl?TI*IK%)n^Q~j_Cx7**Zt1wE?x&wFEOuawDwK?cLhVk$<F*Jj{#D`1Wee
z4ZXLfE+1h1H~jrmJnZbYws%I!Fp-@{dj|WxG{6Nkzs?of-L#V*mwx~@W=6bGsDvFp
zzv7=?zhj!f(E1-%*$5afwE%eNICm*a&bs9}5wF6mv|l}N(lyzk48cZglHQF=@zp1X
zkEb~bjwfy+_gTD4;{nGr?22I%SS8PY;SDR;>X;aq>vH+LshsR*r#_x3x<|7t>)^50
zq%&XfU9OnyiPn;o^Z_ourh5|Ts;G%def!<xu2-l^|E|~*LUkPbdn_K!Z(wZe(wb?d
z!Op0oxz_2Zdj#*dZkG7)Z|nP$i3j0^?CC<brF(<Q;4$nz%^I(>-{%kYNUA!j!uor`
zsye<^bei-33g}9a1n)4st!psyAEW}9A~fl^nK~xMlZtDxqKpA^T!yvj4b9m$kB{J5
z$+p=fqMWcYRfgN32JC`tlxrS@RT`A{FHYjmUt*~ve*R#tZsT5J-Pg^?<d##g&0d;j
zG|=Ecc-%#<6E|v7FlOL-BDVIZ`Pp)!=y+m6VQ<Xo;jc_(%EDBryd13`e>_>hmp_(k
zESl_EU0|XI24@276;R?C$4|1R&F<nI;S!Eht+2Ye;}OCF_UNV9NpC5_uwxT^o*teF
znD-}g9c^criV(1Z2H-}Tda8##?i2U{$DXTBxN6c?o60t0n-{SPd&5jt-ul}o0=rjZ
zo%8GXn9_-TB2Y}7!A?S<OJU_{tP+a8JMS5@7S9cHExUlUSNQf4E?!|di05GL^Iuvw
zR;5i<xgIft30;$=!mpuTlJs4F&)XzNWg%#o07XiudpJw7Vlh6}sXJkWPX@jxV6e8$
zj^L6*-j>J^!vcYJ9KH%01F)GM5NvI7)IvNXX}hYsL_c1s*$T2b!F#5lp8cqHVZ33G
zU{Uo&p$5F(UogFr_`a^@H<~lU*5u?Sy4|}U4C_-H$<3GViZ|!-;kX)#1=GkA{}Q7+
z>%MJ}?-tE<p#}>ZGSRiErg<K`7=A^I8xfN0_I*=n4zHneZY_IqRKu`I{vtnLa?2%W
zP@qhZ-v9VDdy2Rj%#izJvk>Z3Cz5NLJJm3A%m+woO`YvZFFT5Grz*Y|koU5BkdZJa
zkPm1%``Yf!A}{n6K^_4SLp7~6Mva)93Ylia$zi<W_%>O79mXcDH9MnrBB{BcOf@WV
zt(Sd5G3HkU?i{r?4GDwoJtA&Or4A-MRth}FE=;%?BK0VlKZjc=%^@p||7?m@uNYfy
z#z(=$xTE|ul*EsGrnzGW<p_tEgcNcrsSrBded<zyh;-AtP4uuseOY&N4GkFw9P)zl
zW10a3Xlg+@5S`+yn!lpFDuz7{xfiPj8Fe}I7f}r&gb6u&kNT&Oz}t&-wQGuJt*krF
z=I^5jyc%pbr_=3t{NJnsPy+oCwasCDlF|X>V2{)%Xt4qkX$0^$Ond0HG=BR_8g7~9
zW@MV}yacQ?<cze4uvtJ#293MrhI^V{%Y%r%3mj=@Gs&<=DV^Lu&UsEHJ48Vo10;V!
zkd(behMdm0ln#7oVRP+BpuPZfgl@4ndu~=JZyK^Nnr(T!Y8qR{lGQ6U({;;&)iwb3
zY+t|U+L2~f{=^q2<!G~^W=s&%3frH?<1W^NHzr*tlsPh}e8B08DLx@Whi7Wm-a7;|
z>p>aM70TtRGpJYZO+E3hrV|h=PjnwL$7~w5e6Z%-<TN3r0)wt0G~mM+pYRVUQHA{a
zdqHH*dyBH-b|(7ak-nhIJV2sjD*~V(Jn@a4DO@yq<8$$s>2s=7$qz(x&TDq_6jIqm
zk%5XW0Ig50`u2{IU`n4?`F8-pMr5+T_lBB+5Egi0N{p8aWi_fmbx6#MvV@qnoN|Fc
zk=uiEUAOlAb&`9E8;gxLp<Uqj!9YSLoS-WCk^GBM5@!qD8PvhQ!k`#V`Vv5Q!Mnpt
zN9)(+#iww3W@jXX&3~kvpH7_-G-v5ZpbCGRRzii;{wwr*xmE*-V^W4#LfUtdp{Tf4
z(%*g!7PgJq-WNBL6w(jitU8@y&4OJBbY%OK>9ZeCh|(aYecubUs|rjocG(Kw`^y{c
zA-o~Y)<PAAP=Ak7cRD8X#K!@j^qrrfNX^f`<LI+rlFwmHk>~v69vUpqD1xW0jNUZb
zM@NQ*zKz}Ne+A%vt;f@z>irQk7{m#4ID=nM<p8<sb=Jz8)A+VdyGTMLSL3_QOW{_i
z6vPV%`kSoTu3|s2k@-utuAn)y`grosMwe>EC8*i!Jnij~`Y-UiXmTN-na5Rk0L8CI
zE|`FDNJcyT?<d!z>6r~~EO5ZR?-fpOW(MeX*<RP9@bK0z_l_5f^;5p847}!q01U!v
zt{w5V!bZejtA|HuYx7!$h~+PEp%z)yU)c!I<%WDc1lTEN7HuoPXF0!H4WL9EV=@G#
z!On-hJB`nBWAWv>b83PB=in&&9ymdLfd~lQeSuB%YB8ZyCA6+)Htro93keVkNB|_D
z^&APNbxUYR>5C~qrM7At>t*-oD<YskUI!s+W~aE7lV@Yze1T^@(f!w;j%ge1PXCfB
zyrsA`L6R;#zyS*v@D~pEjlbM^+)#6y65ENA-Zy@IEJ)&_8N3SsGPo)yp12kg6*lwi
z$X|Tiw!An)x$8)8ENGt#pskhj97TD-qGVXh?1*KgTlA~$-IWUqF_tiE-TVU!%I&PT
zM{TMGapB<RrAiJYTLp5qvoB|KpzHa$ljF9Sf9Z2t<;J2d4jJFb?@;^-)l_O$N>_PJ
z&i!0U?z#YlJ1YyAyH@7GB}wm4oE@RYWi}(QQvceSL&UbJbrTi>4MqH_{?#TX1o{m>
zSaH`<BKKlesfS&+`I|_a2c=SC`hR|T4D8ZBl4km^|2+DOb|V1`1Wx}j0tZ|;#cIa#
zszg@_l!}7V*x3KIu$lQ_n!5dgGW~Id83@&5>A=$y9sz($4}=oeo+e0Xf{VDo_?N`S
z{}0nt?fqAO2qaVVT<j4pq6WM)OhDpM_3{40%k^s%Sk{j(N}1VF2^@F|4-Cbu$329w
z1w#G(@^zr^0$qIMO!D6a$|&=js`}T9zfSltVQi}f_i)cPK~R7cHa)R1f?9$=sM7ok
zl$an`Q-IqaQBp($Y@7Ar3mPM!J*TR`ed}B8@egWTrI)bFk558h4J_2b@C}hSF<*d1
zMnpzJj)B$3eJf^L^-5t|O?`yRMSKkS_X!TC-%NL!0P|4g4(?SqBKEeW-|W}qTG`B#
z(<bZcSH$R-FtHn00aNxSJ~wFg_Q(s@b-7;PA;6UUSqMXF&+ob-mfu8hj(5Xk)Nw3`
zex<^ll5AbfP<8!si|gCYmkyFU;VvhQ{8`n{OaZRBxQZUP(;r>81Rla)hJXF+>fSe+
z%)H*pB(_|E>S_+^P)bu40$)VJSR(J#Z!|=+M344*l>|4VKR>gG+z5NGLW#<g{k4z(
z#{+2p3RvF<B(mHTw!fHK#s|@H589SDI=dlAgm?Awh^C6=J8|g>1bxKQzEe60kfzFo
zaMS!5)HFhGVq*0!|LGFFdWjVvVWDbt@fh33af{iNW>IK(5g#9f^o^VXedOmr1pgs!
zH1xij90^hk71D?8m4p$0!0?TdR^<<gNfW@5ozWXLp0p`t70V|Dh$+NrQ5kOZt!Y8B
zo;<e9O6`KW3%Dx(ncT^D^a!^H9^q%bTNZdxw4a0_l&_<3xKr~&CHg0st;PkC)fyTK
zNdUG51_L3It=}`;@OC447@xd_f$%9gL9ENI*;nDu*cc<S!{K8IzU(w)?g>_KG@bxB
zb5eajgrEIxDh}Vdn4b`gEk6DdF37VBhl_kydFaV#nb88|*3`6wFK{q0;-g^>kz=Eg
z>h?ObhbeB|G=zmI$yDNDlElCLU_ejt1fFtIS8=6K>jI@T^05(Oy~7HC{HKpG;o*lw
zlpM_Hkl_LIZ|v0QQPJ-3h!vXqDO7+Qo`_td+gcI1FBa))c5)<fv68oq{28>mawOid
zL*n1~3%GQ-8Is_B4)YGXG&SmyP|Z*sQqodWA56#aUr~O%>^a3TX1J4I6v*@KD+yiT
z@R+oc%KFIgH;rseC)JPnhAcVMIGmw<DY-mE6gRnHM8^GnDT%z#v2p1`7A1iDjOZe%
zJcX!XDs*?h;bEIn$^E&TB7WryC8u0@!9tN9yW?pF<9e0>f$N5X4xdX&(>^@1m+4lk
z9~~b9g03e!c_sgvF8$<hb-ikAo!BpQGDN>mYd`QVG5B4~wXi;HHPsn#N4}<!uKK-`
zO-P=I@X_#yPBanLZEibdj5-7Sl-Joh06v!iEA{6AHt&yjLcKqCjQ@31JxBfdO+6Fn
zS8M!H81a+GRmk>jJX4Pcg|9|f@p=1ksgghi&v@s3HKVD#DS;ClP%#Ox7>bHNHhP_?
zN7)v63OzG<KYKiw>HoT9NS+(`a(S;kLgjY-wdi&Dm$guXDcR`1J=+<;pF-i@gNMSM
z1~pI6c$Rm;-`iW`jd21m9@IC_0|L|cz<*O4S8S$$AUy&HNHdRju)O@iOx*~=Gto}x
z4Jcd4g{8*eah_!-)?chs2_W8b&vg$|cP8PsEQGp(FOzfmz0m8q<|GQ;(9mZeeDc<9
znO|-0Tht+bEqwonN#$ex6YzBJcwf+ST+OsBz`E{!KXjeP@!qw~mKe~#>6dVtnw{Ig
ze{l2>IeotASlR47ED@*#%qH}|UgX>hPD5^9vQ?D+;1iP}I~><*7$G;jSXd6k(gFDH
zX@2MUd{2O2h`m=nQmsr2b4HbC_qqsOfn^ID4&o8&{fk02aMnI*L#yK7QA{391CPe|
z0PmY{8^@V{ZTJsfvisHXntj@o|9D@@7UnXVIP-n)y?Oe*PLRtg@O#P?K6C2&<o>VL
z!W&&ZMn;hP^&hy)-~X;QP8N@mWAU6mDHrLERw#>aG&To$$zffPaK{fal&WOAjSIrS
zWGw|}%i<*IC-!at4pT>z2<xI%5%OgKj1H63iF0N)MKdQ0HdYFi@|20c%FHY2%I9m)
z<b8UCik}}-z3;xZvSrAP%V?M<8#<^4gim{W*%gW4Hr+$ncbXC<zaD~PY8CfybENjX
zhZ>uVu@^d$#uqR9I5L0XvHM!}1Doh<9Fj2v-+OmhTQF_`bxpof&W}CPBH_r!)C<SE
zK@432rMLcp1$Hf)jKuqG6pCtPsY%|xIQEJkmE&nWe&Mo($hjI#jo*ccGJk5$mC=wO
zD}<?+E)d+)2S#}V7T2y6F<}2hFj*-YzLI?Fshz4kCUs9v!~iSDVY<e>>~FmXN7B>t
zRO%uOj%1|(`ouW$)C5Y$t2lm6EQWi}RjcXomZ?}9P^(vJf!h?MpH8b(ulaz?@7*C9
z1!Hy_vQd_G)vXgXNrt_~XTF~7=a}F>8C(jd-C^>k{N>jww52k#QK}&5@!%fX)N?d?
z?K$8aPGVPH{!r2(V{Fw1$+yn|@af`h28RchO}rnHBu+YP-xd{Tq`FwySSvbMyQx@e
zgm$k_#GsCY+v)<HVUSbwqk^{7K)*o&>*!sjO?0qhJ<X<&p*D7ns=EIQICp|<;I~g~
zS>xNYLzftV@Q9=@%T4r<XcvZG$aUHD9LLEK>9FXG5vP&rsb~c9PPBW6R1IX4DYfcj
zo7Vs&>s?(*ll;=xBNng@l^MTl9BVpiMePB-$j{i(X)k(B9JBvGd+*l{ooP#+FDJ}o
zEMhRe;rmfLD-f=4q~FdJ>oH$u&@BE{YyK{@ka~4=xiyk9vbd)3DYq$Sve=E5^}JE0
zY&$`~E~PD|b_>03WrL!*-8ROU1WCD8at8~bI6}$r*r-h~;mhI;5@MOBeRb~Ds9QE5
zU8Zk1Pog{GRo19S-FQtOzG48=a+P=*Y*My>>89?H)F&6e>>r6L%TAWbms<>xHoa77
zpUhVDLQ)uV5bY%eQ%4-r1Lpf%>DFozCLmUnuEIroGz#g$q}*kK+6J;RXLD_3neKq_
z#fw>LK_!-fh}f?*%O{+VJ+e|w{H|^M;otN<Xp7mSP(djp`A;KlCecb0m6F3U=CV$n
z)GldNtsMDEdus9;V+q?%w{pGxPgosoK2nEXHBtqhMoWe2-G?@rqZ@SY(mie9Cv^~S
z`P48{FdBtEJ()30)9PZcHt**rB3*ziJY@YH<_!N&NJ6rIdUxl~eRU$1<wnUBvV`)0
zpy9v88I#QNgocu&@7RULOXs?@vTrKUEMQf~dHD^qk^DLI-y#t6%5pX$Wm!t~ZBn1l
zveZ{*vXgTs%F;bU?v^!nYG7nqv@uWSr3y-*d$ci!<p|UBC}oqB#u6K{&;lSWwO>?n
zk;MZJH%L;{+0=&K#`zI6--p!0k-<*LWv|Le6*pR2YL%q8U(q;O!YP9`3@5XJfW6ns
z30Bef+r~zAl;G_uF~%c}p-qRcv;?|(C9VDmjToR*c9a%D3Me#oxqIx|YD!?fdaO3C
z?q3Y4_0luHNFZAB?lQKHs{&}%?|#+5ZQVc}Kv(aXS-Vb%FpQS)k7n82TYzol)%<Gd
zkR^~G<lveskaCkFnUoQC`ZI;MN~s?z{+n8U61x3-DHuw%!@Fn(Yrf+(>cKd*ap1Qy
z*fQUs&Xrubk&$y8zLa*m?t<M<qNFN_J}U{%xWK%N>i7ZdHD?|K@BwUYpDXY~G$gSM
z`7<&9XjbbiHI7qj#~(INhAialy?UKV1vEH+UBOx0F!-1PCqQl1(z{&vvt$)tqyir$
zxR?*+HJ-^mkwMWn&QXPG9VPM}m+Dr-c)IuMt3EPK{1ywW+z=^?sn4ph&WRW=jwd8N
zPN+0YO^8Fpf2|z|bpdp-S)fHLHK$q)=cE{}UlfNfZ;Mxc`?^r<I5lipij=H<?g1-A
zg_Rq`znrapF0u{Ws!Cw2Yj0cz5^7l+lrq-XQtu=Enas)>sOoSYm0w0{8!c_R7a6b;
zOrI+gq#;E&RA4i#i>pjvY_n`L-55z8d41&~{j1VOf2<iJfea|;TuwW*4x&u2Ub4Me
zi^2=GSK4v82Se7WD*j%DNGvj`3dnLIwJF%&@N-u4W}AXt?3H0jDIIr0W)7AAT+I0@
zkSb9xnkdtkw4mh}7+R=U+Ubo6y>V!}QJ-_6JBs8Z=^F5TzSrZ5D$+Q*t(1Inv1h-y
zdHrM7Aa{@qrwJh2anrI!KTTXN>zWd}@bsCW5|=fgAX19drj;J9L|U^R8UtDnyF9c;
z<n@auQY{k74_g?NPtO?o#WUlb$AkKKGjmS<;1(jDa$QMDSkraR$Zd8<Fwb2s`udq1
zqJbsOMTb(h)_E<IpB#FNGmP+@Q>8pz5{-G%mTA-NGXd+g3O9m@Oy|3nB}o(>PHi%d
zzh^#6Oxtl=a_YYmsSAq~(U8DP<;w`n81lfrjmgPTe~ZKpjMi0rpiJ%J!gfa30rL<(
z%7@o`4U=+K*1gZA%r94ZzP_Y1i<Qq+L#)OZ8Ov*wt2=!2<%5)H_VWdsEpT!xgyy$V
z**wanhyXR}hw;xCOucm~+n1LZs8uu!nzXfizaH#c7WP_hTtIX-s4^PJU;OS<fu-(!
zG<YkF*6!f7V_jcm+B(i90g{i_b|%+ZDNn3A&BLr7QjJU+%VV_VP^s~a%En6B)_S1v
zzMKFx>Gs@LsTC&IYn?x+V=8r9j@b^R+iHtD9Dv%Vq|vF%AaNSMe+rR0@@?DdvGivd
zvZS=mjHT!f$}o(|oSdIE9c9x@eAKqq%addFn<9o}9u~yk>S!=if5{*YYvVUiU$)wD
zDx{kpI1p#1;xV3ijc2%MGFr*WM=1y6eEITuv0Fl<7%E*or&+F*s7=R4E<R)XZxN%l
zf)$`w#+EbBDfJ#qA>itvkiqdQMTk06s-ys`#x$+<nPI8K1#EP<6eHE_xq1HJxHXN{
zHo9{X|77Ub0@lQfeH@>nbY0!5Ru6FQ9d}IolZd{5h8G?<Sd&Ve#_J`x!2I|m&<3wg
zUF78;bFgeTTd$*lU^Q*-T&R<;G{zI#{})iSHp6r=Z8uWS`zvFMtjjPT3l!s2@lZ|e
z+I&yer88{!D4uDbnb6VhDAiOS5;eIiWy5`-?zliEO0HW;S}m2ER$H3psZfSYtI>{C
zqx*~Qr9OnpCS9gCs8@Q6u%oP-%ce`y@-dFn1R#u+-hgiBXHt$T;F~#@Cx0pfEf3gc
zQYALjFv-_FXg{~w_Ez=%!9=QJ?diTvJT=^{oBkeeRL%3#nnBf2?e`pg+PRY8KrS?G
zDyvyGma*U_XI&LdxkA^dV=Uh#o)^Pq9aN%m#S*nrcLLq9ivBAPr)o?QA0GMda7F7S
zKWhB%oIr(j3r1P7rirTYx-7+uITL`r@Or6S)ulrn9~s$=eujx-?(n+8vUL{=CVCxN
ztPoCUhHgDl$7{)xo~@(8W#;fgpSj2PY#$*m!tfa?4#7kF9%0;$r)Th%a}a~8V}sO&
z0R54lWLgLn4pLkEq=WA0#uc6S)!|kXnRE9PHD5bnG<G{H&6;iuw*9Y0DnWqU6InZ!
zq}UhS+xPHstCcDy5z4)#ns7l^&qY$Q!^?MyI>s&9=8iFHR)9=S3`7H~O^Dv%KoZ_B
zW6~pck^E!<>pH{;_mYGblG6ES+T3TH#2X%uQ<;&mnbz2#E%ghp?c#g}D{Zo`u)Ayp
zUtQMPW0sOZ_0?6T0rOc(8b3h0MONhrZ;P|JAG~!=7Q|i`CwnLohqwmkyV0E<mtx;K
z1kxb%O&xa0V9MZ4)WPwL=yfiU<1SmU<Fbj}U_zn)h~`C)@jG}ur3SeRmtNE1|0c_%
zc@u7MmM<$&aWt@e!2J7Q5Z=8p=Hqj}+-_n*c#)i&XfHjULG*Ozjs{r!YcFEbvUzkl
zM*Ws=ZgNS|6frqa*2_e3(9<@)>d?h$ok9nZ2u}P?cct=-T{wrQ=C`TPz)C^U&tUe{
zS}6>|uWOn5YIUkwEwS9X1RTRWjM?N&ohi~uqU|-`KDb7umUydb$-Hn`yz^XL&*emL
zcJG<4RbI{5YxD|Pc>>&nd~@@4D~>31bCYgxlYB;X6dx)wWUTN~+qRgrpVp$=RE%YQ
zdngLU$S&V)N6=&(vw-{epwg9{8`tJta<$Jh{i4%^*M3!!XavYHqS^Xq7|^XvwEIgb
z*iu`>K4H0nr}Yj?DblBud{OP0&l8M5t?3{dY(Fk!eM%N&L%`wCH*2{Xo@ZMPT75MK
z=ld8`hwPkMkk$9n%;9&|RKxt3s8_raxk=Wzdl+}?N%E!YR*kwjCTyA^PPFUn&KEn{
z5|2pbVx2@yK1#Y^>ayvF6u;%_E4hyxYl`*g-b#YQx`jhHD-H?!9Z|q{73?v&{bQ@Z
zRi~v`Ur~8C5a2V>={2EFyTHS;ONWd-k78n00akJ;+ri$Yf~*hi*_m$guqH*F_7z!T
z1al~`gRU$!-S5ktRPA{yH(`qd_FSuJZmL`zxKWPk8TLT5Tx)TMnW~4gP2`j)Zgc|%
z|BmRWeND<Gp5fH{Y5XO{B-idB9Z5jdO0_bb6Qe=(2~dSve5_us$ryhhm9fsvKiKgc
zxd~?Fl$GIhIr+3kEF)3>pe7-?&9kW!zI?SPtJLjM$F)SGaR)I^RG?TIch>M3A*Z}w
z|I!35E6|IkEmkal$bwRyw@)zCtZ1cRpxiJ_HFBJ=60|D7N;Jjw`TfuveX2uof~Nz}
z!ajM_0NkO|bJdiGb_!2A2Fim47IAKX5@#P5e)i9O<k76e@5_8MDY%pZJLJ<`S{y}!
zgP6_FHL)rrmV;xLt<Fe~^F^I0%QO8*F9{uG_;MzFp<TLY7tQ5U{1%uMPxB%wmrAh=
zJ4QBa6yo1ZI>xRM87*032Lu?^AEncX+GNtk0n{|4&K!jU*F-$G<4S{IEp)vwNSQR{
zLc7=4W^ifW1~>culR@}$u<b1QisKd`p{w^DqgOSHcop>}{zl_G5mHTBO{<Ng9sQA3
z73r9n0xtKs6hp9{{TUHY<pM>U+lV<@O<oX%GygKno$q=ZxJtO*L6cq^q>jhdjMifT
z*eX@Q5j)?L<u-Apyt+Z~&E}B`43yh8C)5BdW82p@M6VbKNjB+)^}a`0V(D)-xZA<N
zm;TzJh?7RW)Uhtx!c?D-5ceu%7MN9jt1}`>9F~#j&FTG@i<-7tjo0PMaF}HE`4c|M
z&fNIKam#l(82Z;sHvZcw+O#dE*6||%V7whVWTKs6(^OREZtb5?DvN1Kx#ZE^>**Ws
znNx0{&G`6_vVXjk35jD|$}(n9vi#!+nm@GI(Qre~%;1Z~a3-N!y1dNL>ES&FgxL#c
zO%U-zvDJ{rJKKt&wZa(H&>X(9=%HqX2$DlvG~zPD2&a5vNP!Yi`$VG#<@F>q2bd5S
zvHQgImC6p9Nu0|Ls;&sF7P>}UXckI@{Sy^?D7qOuz8PG85sD`a@hMc_N4h*5$_(K@
zZfY$8@sE)UzIfv`SCD_p&hi74*k^bs%*o&$Ug(lF*B#og*kwNuKf~FlKt+cR4bZy5
z@?$%}%Z8Q?aO~>2k?@l_LD7W(a0cXet=y1Tk^fgXRdV~kxas|X=?`8vsQ)i(y7Ir6
z=_<MlEMI8u0L!jUBg`he3xZFG(15WST_^D-%wOayxaZK<0hnF!8%*EN!q8-J$)Udn
zSZ`oIL{7K@_?ZxZ?SRLw-wodlv@cdKtO<NWi0**nuGbB`FHSGqHvDyn&p^O#&<)fJ
zW+1F6d|`;{fbFiw4crTMAe{GyF4!<2_JiyO?FBy&p&vmk<ja8SuI&xV3*H-iFhan<
z=g-lDD+*Y{DPi1J<R}6_g!?^Qems?MI5)vOD3m=Vew1lIl(ZW<bCk!PF#i|U5R^Si
zJ!nO9Lgr|^Mr@q{2R#_aJ&R7*WpOOrp>j9E!(v#4V$|_sXvSjX>SB0@J$F3};$7rb
z#N1tlRa8SWCa3V4U58b4FEtFbSw!VVn4Drb19Q5Iu&r7605i6W@OQUQ>w83<`1Rqx
z_uxCRKB!Z`f2~vWL5kDxV187X|5Z*c+0k*>ku=?4lLombe+=#Jx#4_lJtV%N(%rca
z36@zHoeZPn2hMKn4Ye<)Fq}(d<>12Z*$t{MtuRUf+Dz!l;Qj8O8#XuM-cKfoY+(dL
zio4}EoW26R&?ZO?VY)+(yKOguz9PK<D3@ry!Q9=c8+>1;O(@s!jv=Al{2SIzoNcu0
zP(bAK;Op-D$L1#wL=;8+5}G{tYxls7AP`y<=|gfHvfXXD5qJ@PBMyY>M>Gv%8`9ma
zx#4*c{D2vecEVhTe0F<oL|#PSJ_RF+g?$-P-L1UgdJ%Yo4o3PO*7LzJuG|2=xM6(k
zER^rzJ40V~lW*u=xZdFYA_Ky|5B0gBCQ*fuOCVAq&&7x{@2ioG%WBSQaiifCo!P-N
zN^#9Ga}(ng3silclD?k}Z2iO{6|aWGC~aLuqFtn*6<Mv0RxKSrhpiPYC6|y@VjUxk
zO)bqyEsI<x#aJdoR3<&4F5+PMl}U}tL4rx0%R#)Z3aw6}MqOy0LWGl?inAEqN(SFb
zI=>3Vi;DPMysrx5u@uTm)^XOL6}?WDcvj}{tIDB-%b~alcT7a#?#moIauGRlF?(DQ
zeOxiWLJ_q>F&1~+JbidJJU09@An8A>CxenDd<$^MkN=D6faWc?QAp(hVJGIyaLbL8
zQN+ovg)qU)(ETlRFDBa{O($;lp1V;f(>J{O5uQ$bwh=`)(hthhBre;WOtBGnqLGBD
z@&D+ZY`-2mp&EXCGzK*cPj$j|?DO^_H;i2BML({FB(6pXH4*|08}WShSvM1%I}x7u
zMK_ZX8c7=l9B&1C$y|RBH^B%sq4YE%1l*F74T@g;8sZNL=Z_fT4=d%5I^YjY=Z}=V
zp;tLT{Wu1a_&y}tR9`Mp<S&WI1HbkUZf<>1K2X~j)j_%g%^RISMp3lFq?sSK`z<$X
zFC>Aiq8NqA|H1$rdnh-NFO-2C{jjESY(v=xOgEV?jDb8K&TV|d(8>Yvjdvi`$6=G;
zI?%CC`obG1)DN>0dp#(0yY)i$rW?rCkFk^dVc+gY-weHAz0n7wiY58%(cPrKFuZXG
z!;8fi4$T~V|8Q{QUufPqgW<l%nGQ7^@ZIFTu)OgGBLKd~?+jgkj6_DiP`z>dg$2Zk
z4HX`+-DJNo^%DOh1tk6pecpAw>39)(6Zs4EF9t9uc3^tb@WS^dv>pHJh98bzjsjT|
zS6UPGrv^!;?2)Es6?l=mIwVJBst6ejT4Z+M)s~tnjstfs3Ok6lg&4@OlqghbR3|W2
zGFB;6#{sG<9I6Z)INBnrOQkY^1_~^tz6uiZ41_e5xEX00>JAE$_TVEek)^M7MMPj)
z2bv|NHnln};<h*g<u*-01yw?ND(ezKdM@kYS}nRIX)jIQ>ge-wNL8>yNVBG6RokMV
zgGgKGx|{$#-BHPAM)aLV_#);}>DwYZUQw7<3;<aZi&5cc6@O+?npPZ9u?(0yvlzV;
zy^>d5R!vqT7hGCZ3bw4W1Rqo#fLRui7GoFX7snPE7In_G&biM$&r#2n&Y91h&PmRV
z&V|nd&)F7v&!NvH&MD6=&auxm&N<KB&ymj+&Kb`g&WX+q&IQl?&*2?}yr{fzytuqj
z0A5UO;oXVd`Q72&>D}?`@>|MVlJA+_+1<(Ah5jM_DgH73K>rB;4F3fGyme_2aS?eD
zX%S@+NfAX6SrOIuME_9#RR36ikbk6qrhlS;zJIuXx_`WXu79+DwtupJAtVHn0*QeD
zArX)aNCG4e5(Y_w#H}m8=R<NJ2yK99NE9Rsk_0J$ghEmwu@Dd>5|Rl?gygR)CaNEB
z7f~eIDQR*mb8#zrc#`F-suowyFPuXA3yOrZmf6m?oUVCdiA1wjoXp>!{`pXTDf(hq
zixtl}yYuRcn9dlxbLxv7&wf5&cPHV`S@<*bB^=u$v6Nf4=IP8T7)aOH1JLTqvlkvc
zVfw;c%5qOLJ-N0dI_8}p82x#+RDRouI2R?h#$FXowMMqj=X(-tDQ}#Tb!T6dzMes?
zt27j^%>O=p{IG<nE{pP8<GmNi))g`4C0mo97KS`S(B~-xm1IxpNlOnr!&K%O{3FQ9
z7d)dx6GZd2rM`%Nk$0^~29zXMBo`-_CzmEycFfYv(#_M&(JfTY8lGvMEu1c#ah-CV
zwVbw`d7OHj-Jjl{eV^SpML9(|i$9G&Q#@5Xn>d{~V>)Fzt2wPXb3AoC`+fTRjQI5O
zA@M=^Vd{b9q3!`4!VB?+phHw3tp0RCd_frRx)2kHC?psH1rdh;C?Mt#EQmUU1M<zE
z;2rjz`W^S3`yKV2`JLol_?-^|2a$%*K&&Bn5N!w##0!E3QHHQUoFSwTV~7akqc#R2
z388{mLU16O5H5%Z1O=i9Ve;pD_klP<zC4gYh#`g$AxHoO0U`^bgV;g{Ai5Afh>t&;
zh)gn9NGJf+f?bk>dx)KRh{I1wlq(W6u4IV}Jex$VNCAyaTG((&Pm)vsK@*df$6P4D
z$VtkI2nOqMpnF9a*s2=nP!R>T#^+K53d#(}fXXL1qim@YGEzC*Wd`U8@k(vD6SDND
z7rD?Tkt<T|Ep#}ilu#DNTRCcgOG-kemJbP`01i&tif|4t{E=}_PGcoLOG|&CNk#IR
zE&OMpmMHy+TFYfFVqjuI_%}}0ktyHLY+R$L9HJvLs9aFAqY*%M9P<*Tgjg;l+OaYq
zmQ98{7vVAcv6~H!2doEm3rHYNAV(ldAWI-gpkQq<@5e`MbU1G^Z_vqF#ahKu#dg{Z
zFl{w$F>Nz#K5ad1Ic@uQ(8-e3jMa+Og4KrAoYk7ulGV1}tlp~LqTZ(7yxzLrvfkFk
zteuOGlaGUstAo9RQwX>L+yDsyg+M*P{K>6Jkx5ff0O%F?3PJ!PfTDrXAX%U+=oj!8
z$aoTGGJR5Wa$%BdvSrd^@_up$NB{s5fU<$vAYGs?Xa%?e;sf%5I)EJ@AD|ED8Tbss
z0AhfWfyp3MpekqvI0Iq>vVj_aTa!DW1`vQf0O$&I1ziKLL0^DhK!w0UkSWj<v;*7$
z^-X@}nuf-2j`_*_bDnvqnfcdo)1M1mZ$_a+7PHD0u2l(dTA}#-DFA+x$Et-lt59<O
z467MIbNniHdj^Z;#2RvYTAfAB8c}<e@g%GHZ#^s~o9yNZy@Jd}4V{s3eYhGc?b@8B
zMgwmF!x`R2rd65tSmQC?78WO_jgfi_-ImMRq@@=4<<Xo~^yNtdJ*JH@@20KV#7pyl
zHPQA$QnSkoB5#(SBzEH&7c;(Q^yRT`J-*-OeHY|H!w@|&p-K2va$<`ir-;O64&G_n
zRq9*|*;RGkDVq*_Qg}ot06zl%C<VF)uB->@FL#pcUq>FAo#0LG`jFh|sa@nQ&?d7B
zukP^FUR+n#rm%}>M~LAl%f3RVMtuU)31g>1eO%44L#KfYM@K}>fm9yQaGd49S7lIM
zfROG4H!n@|n}f=beb<qZ$jXnpU7{{p7n+sHHn%z>;*L1OsWuNmfXWOZKb7siAU~Jw
zUab+`%1<v3-umd@N0827myi|@$IiA*K^KvZ(2Y?6e!7$W&AjM)_wY^3lY_TSc7ok7
zqZkwqEY|U#o&4FmX-09xdoo?z*?Z^*=qJ42WZh)lbGu4AOS>#PExQgn54u=3kv3yD
z<u}JR88&sUw63_X0G?N<S4vmRS58+XS4LODSAkb-o4i-hR}xp0R~A>;R~lEGSMFEH
zR|;2*R}NQ1R|Z#tSN>P<E<!$3J~%#HJ}5p+9pOERJ^4N1J?TC18)I8jTSM=eJ=s0U
zJ%s@w0Vx470l<KWfQ*2IfV_>LA_F30B0oi@M218rM1G0P0NxV=LIY9*Vgo<{kpY<j
zi2?t^*jtB1^+j#NG}1^)4TvBp0!pKF!vKSTfWR=6N)0I;2LwdAL2^(*y1TnYa_H`k
zp&8=C-}7GY^}PRm^T*8Dd!M!MwP)u!_u6ZxdHQ?CdWL$Ycm{bUdPaI8(7xy>^tbzt
z5P*(DhoMu^U(hk=kePv-G;}f=zd8v06`g>NK&PYq(9!5%bP_rc9ghx2r_J<-JFK{~
zkgfj^OI2JOc2@<Zbg$iiHq?4kl7+d8S?oOK!vL|Rf~}>p;Bv0VWl|S|zcDP7!lF2@
z=MStXTru!8FtACb91mEA2`z?5z6UP|tV=vlz1@97M)|kFxQaQxk?0OLu=hsA<xZCm
zb6zaCEeqYW0Z|D+{XRM}P-@umJ330MRiBz~L$me%{iDp1>gga#K(Evg)#0jqEp%>R
z=m+@IO(jrLyp+SDVZgXSC^;-%`m*8omqF+sm$U%^lXq;_FyhApcN~^mcdF9`jA#Lw
zPsd}J+}A#2wFhkHp20%<Nd@89^q3QgH>GN6#>=`tIilQd?<&=DZN9&teXY&YwgbQG
z$UbDQ`#h!f3d4vSZ8pP1diIzsD&bD6>X+>;_KaG>QnSo5T<-k*VbZNfjw*iUG(gzD
zrhg62F3C_53H*R~eL_VOcjr!s-gvf)$SwiW+iw5=2kx$)?K1n^k|FH8WdH3^W=XW^
z!hL`z%rD9>ER^{83X>TS;d><_`2Xxu-c7@Iqw1t>$%ZeGG}3NyOL@qW^E5`OP*C8o
zi3hM{a&*w_nr7=szb!Rs4GCw>cz_iW@(oL~GeYIydgJVA3Rp?z%WdQC`G<Mo<N3c;
zuAai>S}p)S3q}T$+5-y)@z&0pztya-F)^64YDa+)lqR9npphsB@w1G6<s`ai>}@U*
zB)-EdTlaSH`vs~QLBp(S#x4pfbs|DLkFCx!`{$<wu+Oz5e)J!Gc9(K7QkF+Ywp4z;
zq{8rj?)d3<*5ny;8Ky7k#A=o{l@bJVo46n&$s5I|qAAq)%AQu-hZ@7tWB$)i!i|~r
z6KodXf@SgcN>q}a7rV>eZsau28T}=xlbsfUwg1_@#<^C+*#o!Xpx><pZG*R(=m`$d
z{MaJD$ewYcR`wdIaI;eP`7VrSu=+~(<FOqD)Ms!Tfuyt+<BvCoPJBFZ$XS%ov6F<R
zYkfd^I_WUt3QA*rd;ghvc7xSU&DwF-|0EL-4EmjMdn#aD!65NKL~4joAc$wddemO{
z#_JQ$)HIKtscDzLgMW}=!#7d`?-EIDvEQC!is!r2T@fSn`m)v*B;3y)Ra)Nv7XA>d
z_&PpBuP<lOC|v#D)xYHb8~rbE8Z<89^#4Qx{e*>k<$!R>j-@w6_)rekI~ZtC#|eWN
zWEyIZ<Exms^>8r)1LXNW(su!Wk-z{)^O0}1=hj1|P{t$o|M34Gfd3VE`QA4}yaj_|
zr@lb_vnZ*#?+Xn=M`=RNpVlY#4nIzrW<1XEkOx4^&-gk)-;bshD%C+d44JZ6LQ)Y{
zN`hE|2Ti1<`w5yFQP$<1!?~kQqq*wBq$;wyzj;TD=OnnF{o#JWBEpg*_CoM;TiD4^
zN61!bFm)`2|CeQ~kMel$mtTlJyuAJJ_(!_DLu;!^u(Xe;GXIO(B}^LO$kYJ3EX-(3
z%u#<$Ammq@4A-a(w!fA?*HaHSPx-FQPIO#1J2j4+$2&K+Rk@3&xafNMRho4jxxcE%
ze}cJG$v%_XtEGM4p#Dy^nDilOiLX5-EtP&TR;-sIZJ$|tE0%nBWt+nED966keEqAO
zLKkjF?OMDWqz6o>s$L$Te)xSeEsB~_lE1A#8{p*Pd&57-{v_94GYaP7XCO1#vD%RI
z<5u42Z|)M$Wo^-L^s9N?x0El+KMsVvs51ZUev!x_r$CjhM#ux^bQn<mTM(u~dOna!
z$4Gv!1>MGbiucI}+osB)&m+NLvS$OF+}|QpiH;+Q)JdKV5)dmTZ$ar3x0o5?_FgrW
zi~(6~F*^*1_pe{Mn_9^j>(qgNL;~)0*2?Ay;3C(LIoVkP`C?BwxY=@k@(sQb7ku&J
z4QEdlA79rT`%ruS*pufxTqQLEZGs|W6niOj+ce8D4~3pQb@|v8P=RVF$(d}>Ja9Wd
ztZ5NT{QfPZCYbW0+oz8oIWFpd*L5bcE2t^~N@QW7#fN1zsv*P=2#<T!IYS~+=pH4<
zgH|cFVm25a>21@+fs5TX3$S?4hc5nHqsZ?bEpRe}r!IU~ukBrnkCu{(FeMz)spVTo
z`8n`#60Yh-t;v%pAI7gOGtzCOtiFq;15q=_F$!>1j`2PoS&m(g**XBx@4Q>0+}))B
zU|V#CG`j}t^!uq>n&k9)Z}n(m5%8nGY4Ljxlb9c+tnJtwxja)V`2L7Cj?YZf)YipN
zM!`r!X#{7&koPKu@ENCia0*Cs_2aWgu+8-En?fePJ1Mpp4B{BR>&FN=cn!Z`PPACq
zEcg@l-B*=)kZ+=6^J1Cp{A5z*t}m028MtGkJ@_8LS8aoMu~AkKx2O`@$^N(V$%{7L
zR~4+{5|48Qo=VK{PfE@#Gm18G4h`0d@V#u~<`#Rx*~`H-QaQve%<-7Z`X@Wv6u*bZ
zTPwGOgFiW_q2(4-Nt;q)Pq4%X{!yrkckB%|HpgWmF1yG35dJpkC#p;H0VStM_2&Q~
zXEn}6XJU2&HFYgcxB9tSPiTMGPYJwkRfLhqs|JxQvHrQvPYNEF0XUH;3|J`eL0{Y4
z%h=T1OFyp}kV$oofCN^<qCx@pXhp-{pDd*0jeVU0gUUmJQa~e6SNfyZhv-m<oJ|Z`
z6|AK2)+obO$`ZwPH`y~Xv>ec<2Nd^7=^hMiUeNi_rJG2Ui*ZYQC@qp0?f-c*>craq
z0<_;cWkR`9{z)Nd^|fLap69CG(>Qm7Ys*$nZpabOz#o@h<!7p{%0#Cjq$(sTJ>UBN
zat)q5bLJ^LDHlPb+41pK<2c+l0&sES+!XM;6=-zu0@gh`x>nKb9p<_p2Y{Xk2lcZT
z++n?^e@-I%`UXJ<%xUWfP@^QRWZR>#qLV+$VTV69h{|vh@M%A-y~B~;U}K9@>rst-
z@F(vPVvmmDd(s*+Idu|)VRY24t|ll&J7IOpviG^u-(cc1u-f^NvwFW0g34Gq*(iZ|
zRkD3yW^N!RjzZUP6(KnnLk%!czch<+RX+?X$soABEN3+v;d&mcC0@=dd-FVoYwi>K
z8d_2D_XPxk0P%Bmb@OsP<{A-|d@Asob4;{tV5-(j!QqF&XAcuga|^cyYZ;A@^OH7K
z+E0kBPE4Nnn3uV|K1=fntD9`i1tTRY6Hz5$0Y~$tN3~5&Yw<ow>E(dotXO{^7i%_t
zHu@{hYh8UTtS8vw$NV9``bV&c=0>$B%_u3_`y5f&S|gtl*gf0=6F(+gUDSJ;e+}gD
zSgVPM<ccUDetwp=uS-uyW#w>0ct}Ke)Sv#A(ZDJg)pK}AhlqZ^nM|i|5lmF@?Hl-v
zjQiv-De-4D6_Q*f-hLP0lpych3Bg&>i}OF6O6hcOp1cw17VO{}hL4{t7Q{(`T|NhP
zJ{cEh;cn-h9&N8}V14?u8`(YBDJ=SOgujogysX7jCNC6Fu=(O7^(EBFQh6#MRVfr^
zq9PSB7`FNywLG?Hai_6SaJ1H0bot)zwrF1BXlaX|a8~B$%@b|{fIVGesoe1CSKL9>
z2RTa4PCt;fx}Rk}e$baGa<yseDA_E~UI_VfowMskHqmm?C$&)`@~L@QW>5<934DT+
z$o46;7#5Z2s%amV0^l_c%9(#++fY9z{d;(L5}vjMVvJ?n66C6Snd9}*Qp)g0v8#@H
z6OaKhQm|>tcUu1w0MxW)2n=F?jg;QYwPq&0-P)S!%uUadNDquH<62qvYWMdy>~CAq
zjFs&dFaN^VRe$v{BJ#A4Gx+3>gENr>=^w&@syOr;PraWnXaL^C)sC@mj~04Fn!jAj
zePTWct7sUyaJ&m%@pl4;mObH4Sf#oPLnW~<u_rks@$+%#UIN2wozcS}2ZC4&=-Wla
zA_Yh<NsESJEtXO1HUGHgK0QMklO#Xec>4rJijLm$9zBy_f1`leN4GHDq)1OCuZuss
zB_kJce_CQn{-A~y+fsL<T9lIlUzIvYC%ga>$6`>s8h01L4r@NQAJ#A_IoNcsbbkM)
z!PC9EKkp1emI}l(B_|xflIbZ^s8^R$nDhk9V!-+Zt}2?237wsSLIONItd^z<Dh|dG
zFnbqw7i02M4x!2+{x{YhKNYXo7Q$G-VVyJFPk1|dd0syrT#%H^XY;B9zyBPaJrNKV
zqdoDyb3Q9U6-Yc>4nw^%^Z1h{u)p8L5oB}mu{}9ZI28~Tp4jk(OeU(o|K#Z+;nII#
z;4@u%SbyN(Aumokr@P<F-FFPQDa=pBILi{PT<sy6%*L3CL26gtp%<59)IXj<SxFPZ
zd*3(SoxP9rqIA5LadqfQ7<2dZ4Br=Je~!Lwa#erqq#zONj?Rw;=1(S8e)SpkG@aFD
zV~eTOg#j<7qI6Gv&^)x`m5J(gjNb66az)_QMXlr4{ywCO`=;z=2xHxG7C+PMU$Vx0
zi_kg_;f$FtEqO!xdl#R;o(pGx8k*h;1F=VF?NYDVDyGPItmcMGP<8VS_+lxqTi5k=
z9W&AYQ=)T&Apd6Tfan%A2gr{1ykQSMSneZV4){M7ZFKaRe>Zr2Z#$JifH~N(KX*!g
z?xOdh7;2W@V1i~?+Ls3;9WJ`NpV0EwoRvc-3PV8@9d>^Xyh<EbeyVLu@cMWpyxa-3
zM^pyU{0*I_8`~;UgWP;x+%d>sAGp@(x8JK++}1h>dp~r%I^i^)ZkXiiSs(Czp?~G+
zJaD7aT0Q}-KE67f=_<Z><+GC$-~ZZ2EbAC48cKWMS%0^k*t9e2+Wp4FzUOQtG?ZIX
zx9EM7yJm$oS{cUJ^W6j07^N=pkl-DWM^N+ZT`&*PJZS%>&!t(jP|LA;!r%38vh@^o
z-OV=hMf30VqUJ;G$c+fQxzmoM2t>Bm7*MG;(`~r!t7W*bGPv??uP>3BHZ7e}QpfGX
zA5Se1=cBrle9~i55y}4P!f}_Uc(X9i-0=c6<!Oa1ICyA$Iw8{q&sz6Zd5>glw;d&1
zb}e4PWIdO@d6^%!H>f#N*Vu!~ua@l9uhOu~mzkju<n;x4_|t4%irdV;Jr>L91pKzP
zX1awSe<NhhTR$gZi;??2U}M3?%{hq`@e|76woo+KXOdDJBKV94wcxL1*i?_4qddWC
zY<-tOwn=p5cUvJYK~9Y2Z;AHc6tCuo$3|j2@guUwwXIM)z!dYNJ;ak}p}p{XyJ+>2
zJ`8ihx73)i1Op()z>+3^fcKb%3JCDCC&%paS0cy#DNXz>%R7*O1;pkn_wpf|pZQAy
zL!zht&y1hfkgEQ=3DS;ID2CznWQvE_ykuJSrK^BN<D*(tH82P*?|wdt8){OZ<HV;n
zrpdvX@MmZVUwmrMpMzEYk3F?#s9~DL+{bbCt8ZnrC##{I#oxy#^TltK1&n#V<FEVU
zE}9%ZaHA5#1K~q_1C1a4<4|e*vs?KW-<RNs;iu#C`qH+7ji0&E-LrhS#eN_DH;=lu
z2t5S3F?(T1;Bd95ln@r+G5ZM`bL-*%V^vQVwXVGFa1efK#{83568JFR!bR{Q^##2R
z_JZ%;;yrhS{f}UM)5=rAaE)>1+i1)@Nk;1Hzo=;c;2OsVuh|#YYPaZm?;(l!o>}p0
zZhdG^#faVAN?=csik00;XHS!gz0rzmAARe_B1bNZCE6p48KUupPdkH9a1&>yrK*I<
zhU`sCL<!|CaeYfs3BxX_XG?ks?Ji027jI)2FiCb6guN&w@__WK?4pJU@$2>_dmKgr
zXa?73|NS9s4;kJ~67LM&6aQa}NP7WB>|#H&B@qk1+m{%4Z7h$7WsNzB{g+;1MFd5^
zBvfdB^oVF>5$6#Zr7>&jgIHs}RGi|#*niBh5q@?n)px>C<JW(DlU@>iY~Ol`|JS$n
zB|x^`o>YQC)5fYteE<Kx@Lwyz`uipR(8CS8;o&@v-Pd>aLicPn;s0e%-Go!I5B&ZY
zcltN*c+sl{<Ns2qhXgg`JYOJf*^8zZ0$z9$M2RgMi^uo8Hmer_PvHOIQEP~sNEdwV
z+Ny!YnM0-;#wMZ#|ATh2#UOiJLjv7a<l&PVyrRIJ#qLAO8jug6a7*|he+_}{SA)fk
zL!uh$e<Ulc9e#M<tbB-ETMib_?Kx&~UGHgDPz~+AKY9t%jr{fjSu0|3@R0U`>zd@2
z^v*YE3314KAuNU!*=BYqB8CZR(>fFY#IOh3oDRhrFnC%2BV@mbbUeWfR+8b<j0zE0
z4VccT%3-pKe4P=IL%AJRmr<0%upQx%k)A`l9bP2ktpOV&J5|IUk`j18q98k@AwVqp
zYsmtKKG-md%Tac}2iu*McQxEAiWepOYY1r}K<{59Z8j`oE`7_1f%}t%Dh!a(;3Sk?
z;=~G9jOHYi|MiF}ba@DeDw0BjHTheN248YOk$mhhl>jv~==Tq*xR4Qz*L_k+oJ1df
zZE@lcNY!$Zt^G>M!Jz)hsvV}H@$9+mS`OBLO#G(DXY9I%a{;yr?<|DsaOXm7WvhR^
z8A{va`7E65zb}3M6FqdZiFv{Tcs%$&6tj33NILRo_t45FK?OOt4CH6_km-ql2cCFn
zLdM3>@h0vGs|NwMJnt{vq5Mt33gX6yc`3V})%RQqQw3vV=)CN~FS4N^3tatRogc`}
zClz>w@;gJ_o0JtG?+~Gk@J;>-0=R;~(8eZF1+{l@lML(^e3PL9VDb)i$v7A~x8Rr#
zbos?R1gfCjlSL0>ekQ;9M*0IWG`LB7!gWP*6LBjQG>q8fJrREWCE};qrpRkQ^`Bas
z0<Zo5{&d<DtMlbC^?j`H$n1;gA2ZBQy*56bk`Te&fSJXr8YbJwH;WN9l>1@zi$ygI
z`w^at>G#bfytvKV9)Qh~op)m&N{Kxn>ykax5F>uGvgC#X3Wk<&xwP+3VtbnM?uL7p
z@Se5*Iz+k&fbQ)w%#K8CT5m-#@RwN_!({C_N!yo1up+yoMF<sF9x;Zl9O5uWQrfeo
ze~Y!}OAjdSj6I?fqlN`#FHxn2jM~5c+ma+g^l4>F1b?ul77!uZSV^kEpj~D)3<KLg
z<7r>3!5VCfzwo#>G<diWVAu7|O{fWXA;hk|dgaYw+69l7aJv6N>-jSJ@a6*Zn#JeA
zVCV6nR|AG*7;|gna`)lN1;Iax9kQH#X!<|wapHZaIljQXX7wSsUnZ^S9_C*NHV`*Q
zEVS4y1J#E!7fcO||Cd5`!!-)lT|!<wX}~M)+&S#NplkpEA;OE{7yJzbc3lRC8y7?k
z)Ie}^8*BxB!O*}2gt{&s9G<&z%m=!zFdu>%Xb;-aN0?sZci+hFd)(j!?KRge$z8-<
zOVAPGg7;cj;!EVR*@cLNA7okU0uYe!A6$025Nq<~rI2Eg#-WrEX`}S}CdbP6_M3{p
zvfOl3RVI@q<aJa;CgqlDT~tvf!<M>7RC*@umRb?3w-Rh5@`MAsM~d$o@l)9z4Zbju
z*d=ouI%UIeTn<n6JN(@!c$d|@zVRMC`PG9o7od|ZdTiD!V*2=&%@-$zg#u8OQQ{<c
zvc&c!j3b&YL@xFb1$em!hXO*O#G0fOqr{gaSHvFMOT`y&sQ5dYDn?~Q>2)tl5?iQw
z>=s+lAC_9S$ko`SOkb)PR!vnErDxBctYv=r!y3Qp;fP%uJu7GX^qsj-ZQ!hm?UU-*
zH$7>qJdVOivipzEW6(V}tC%Q&#r@kK_TwI}GG8%O(BsIM?w*xZg0iR=tdN-O9#fQn
z`&Th=Lexgj@hUEg)jjwHJ8!IRPyVW4Sy+SmJd0gSb<fNyQ(0;Qc>c*jELl&GIqrL9
zooM9hld`V`>^nW(tCVHwUMfOS;j8>*!8T6~dNx*x%HqA0n^<A7@Kpw&EX@n-5_QmX
zZq6|!?-I-011d}0eS+@Abd0)IB8^7$46f3mxGux5)o)pXdJ(I<C}B~Vh#0d~5m9ON
z7_C(SQQ5ySPOD<IQap~n{*22n6-6ReMExj5gJVSlwM4_6mZ$CEwJwI9Mc5P3I~~sJ
zb@tF&TSM0({E66|&QoB$X!*+CyVl1Lu*DFLV(1`Q|7tH=Ym&+@oXXG|zG^6<`#0Qa
zLretnH}rVjO9b{elA#ki5We1JKVffH>yR3Fyn$6C#q*75U8Y8ZCyZ!=wdTl>jkZ(X
z>6PIN+HSSQ<yst`=#(CIhu&GXeSKR#;lPwWXt&ymW{oyaI2hRAt5M|%?O*@xBsxpX
zli0t4s!cM))a{{m=)9ka`r;kd3~_}+^H+;DY!_`;ZI^A=^J=DMxn~P!;j??QOtWdT
z(Al|J#(mJf(Z0mK&pzh9^!{U89^uH8LGDG+I%o;B23i4aq%YDqhSqS@X4iDij?VJW
zmd{e`i|)Jc1GxM0`|P&Q&iT#>&!3;uSBL#?7RKOjV}E0J<DhqocTeG>j$?iea#nGc
z-j=&M;vXqvFzDR}UlejgIHc4J%+l;T?GxE@owJ`)p9@xpqrcAl_3qzWY+7mBaB-}!
znVTh>1=;deN6ri~Es{D)ItJAsY7jsztOi!QP_s}gS<^m?n1#(Q%s$-bbPap+H*Hbf
zF}r4TmTv!rYs8yD=pqlwH%M&x6~rxK!`+Y8Jvh-lP}e=&b$R9xe(B=nd2iDaebC{$
zUVjL^wDodr!e59z=saI9z8|T)FMYfK9}LMT<_@y;phMY9lLmgt)cf&j6@a?w&WF2h
zh`T}NL(kW}-C*;P%$=}-$o1~Si9@qXhlarO4eSdkiEm`<vKJZ>VPqRmE{?p|m^&4Z
zUwOS??uIO`T;fRFw^NRz-fOm7eIGu_Ktvy`8?vHxp)C;(+2FrWl?WYN&psBtCYDGX
zTsgi>^1_7m&>nSq5y1L@#G^GYT*=Vl)#44iMY~nIWxMtKi>Yhw>%wdJ_1-npb=o!b
zdhVL>7IbTLD{<>{i+L-3``Cv^G7>S!yU4uGyu`f5yu!SJSfoXTUT|DyUvyrNUh`j<
zUsK$Q-n!r7-pb#y`#ihjyCb}Nen;ON2BZQ0Kr9dnqyRy%zd&<;b9eI~&;s-nFY2Q5
zFOb)Y*YrNz%@KFs?*d?hK%d>BFbZ*$axrjCbL(_V<imBxen)*L*c^WMb>T12f3VoR
z(!Ak{s=t`KCc6gt@HR&-3^Fg0p(Ig37l;eQCF}xrxp1*?DS6R;jktzgFI+#o<pjbc
z{~{J4sBGY3^qTJW1rQ-Q2wUVOl=8)*D3QWZU&NIr$5oEPmDj*kv!|GT01tGL@%-UG
z^mdc&GfmwCXrQf(>yMxztxfh5nj(s;2i}1`GJuKiON~ct#57+Y$Of8xDSv7B=y4d8
zA&zdVnmw%;4x|-)NaKYAYlS>wH{=eZ>3T5nz$_4O_#%HuixnXCSm^<cOn}B?)d#e!
z0Y@^K<m_@puVf0yIaJA)192X|{m#io(A&ngq;FF8QvUmMLk?9+%>eDkYD%<x0jiI|
zJv6_GMB9iT>-JEh0+VF?G&rdUI%R@2p2rca$ppRx=TH^V+LGH+*;3fj<ONK%akmw=
z!Q1xQ0H(IIHfY;i8{-ma>E3bClFt(6lJwGJlcJZ9@4PR_K{TL;AZidLh&G*^hA=dM
zBQQIlvu(7EzpcEDVo7w#eF=9-eu>>A_pt0R<S_3rxkS|s>L%-^<py>$a8uOdY2a$$
zXyEl?@!~8X*CEUgK(;Bi(VG;Os9)$^$m#I{Ue9gFg$NM@DFFj*G)qoPL?-!%S%>k5
zl_hEy3X?ouT)X5=lufiQg!KV)ZDegAlj0J{BrhX5DWN1`PyiwT5eN%_1ug_E1WE?9
zw;|eKZ3}G=mvZb?MR-!l)d{l$M%(C?3hdQIcn!&ULZkv%DN2>()K}%DspOU8<mCZv
zd9}|JGvDByE~cKP{*!Na*<5Jqzd<`~O<hZaCbf3i&uEG%(BHf}eM|udUl9#PHd30P
zZ?c^xKg&f786QVbLFIIZ)jrdT%Rz?0Cp6x2uwe)zyAgK;P4~BnZ)TkiKjlwou{)$*
zDG}4ic4)j(C8mASab%kLh+QG{m1zO+h(n!xr4#4X+f>e{!M)3DNBRzBBJ!!vjX2aP
zwK}w4sj1TPcc{Js|Dnka6<sENrTd5SxHHMrPmhx(xYIOP?|DM-nrWa2xPYpd){fkc
z%8tU0Cck59nR~f#8NR%?%(R@g3|*dEW;_BN868O+`5a*$Ngq9SC=!9B^74=a%rwjo
znW>p6nQ0N^v>~A#9G%%6oy()k{LAIb6i1>*?nk&s@<;3rxff*@As2ZU$u+88P%l|8
zEibT_ftR8oPZL)YM-#6Piw|cJxo${)2Xa|)ncktWM*UjvTF#Ky=eaGpa0nterDI^3
z=E&)Y$RYnC>mvT5vPSJ%VU`E*;o2u}rfjBl4XN*#TP9luITY7GW_dy6WFe9vK^=$=
zL?^5R*16EJ&?(u`zKmFgEiWuTJj!uX72`=KhlFHzj4sn16}YL3@fwlysz`mIh$)d{
zQ(tD6reIf&VVBorS96S+R)S}_XnN-QkG<Vyb55vJf@axjy5<IrX#v~prwK(dS4!Sl
zKAM1~uYd+U8%e@fCD|;Km~sI_`p4mMhHSdMYL1CwY>-|sD#42l)(fF$hjND}bSX_J
znPoY|$fFXmGNqm=5hloFYCKaVOk~YG(#)h{mj}PnETH00i(1aYdG<D$lU=!Ygl$XT
zvP?ie`8kwBEmkvA8+fLslE{~-`V8Ec@Ea^TLi|j(FBX-Rr0J*4Nv+(e8La(0UU^M3
zPyn14SCnWQWgBN3W1EndIW@vPQaA!1*&AURNgIKV%#AQ^fwqjcB({9EFt?<)9$OX(
zK$3a6qd*CuXiz*T7L=GCMWYg$$&r<v**P*g!aq_zLa`+ZY`JgYZpm-4TjrjWorIj^
zog`PNdO$s7J+wT)9tIwY`aF$XjU0`<-Ynjng;6>x`I*QO#SwbT!V2{(y(>9=Uhn7d
zC?OSua!TgF2+fw$7LjHCN!CgHNo9rFmBKWSH`iWNQ*2YBi%Naw+z8nS$g;QsGR?~r
zMXDmH5|jxbG7(v@Ojy=J=0cWaX8Q<Y1U9lT@^CBXv+8S}v?z6z?99;-x~+oG>aTgB
zQ9ON8U-@E6Rn67cKS<MjP)_(Duk%68C1$1vzUJcSS?fRhcAw2Pp}q&YX6xu$8#Jr6
z&widze81TAUh{DT+<nC~Kx||QK|Qi-CS~Pfh9KZ^WE|97cS_AAQQRCd1wKpgHiu0?
zK<qH?$b{~mi5{~xhcfxIMC?^5Q6<s@*;NfuRno*Kt4EHRjO>d2uN(^)IUrFhYdE5B
z(>XbMdr@qc`tD_7^6AfE9FSP8Rc%o<^+f(vRZ;NYgzSD%6tSr8-`L}|Bu76(PTJm1
zM<Cend1CLHW1twgD6TlsF3K*>F2*h)e{~AQjVeUJQF|yRR2mA3nnN*Of-a3NB`$p~
zF)yVrAG;TcLDG47qnHzzqnYEGW0?~XQM7%bs~l_DtDUG(6hEpQMR6&5>3)fODSyfC
zo_k$(9dey_o!p@61ND*h(eeTN82A8+Mm)`2%^c0V01Lob9HrZrzluaDqUhZV8`N+0
zZsm-4f#-Hn!hML|l+^(g&85>Nk$e7i)^+@KWrNzS!aNVabr97Yd%th3uYPq7MTP>o
z7dJrWd6}cg`Xu{;RuQX+HP|X_ZDDm`O>(szg+Rej3#f;eIbNy~Jcy`!Ct=yEqbRz|
z0xxw5URV_Gb16SU%@P?Z^(AWQht$f^)beks)f_aZIpOgxDxO*XBX74dKi_-ugvQ&d
zxMl^7Xl-Sk=oD#QaeBx5r~n^)`84P<iFLkm%Ep_7l=B(V{Rq=Gq|)tFbI=u|f^>q9
zbiAlwoe;V#!@@9~F3t&n(=6U0ME*z@D^7}Ci9kmtPJ>;QK$kV{NF|dZOOET6N&!W-
zs>X6W4*T1r9JXh@eQay`AIkXTlkyC+RkbwZwAs~^b@}2{*}=U!zqv&Fh}m^}wNUX%
zDt?+dRL?q9f;IEvo~@|_@_}=;i*#)@Y_)AQZFTbEruw-13j5$d-(DY6Us@luZ?2DV
z4YX#oCb8zThPfua_V_~)A0(;xg$76m^cM6Eqy^GV*PwYG8pjcz9oN}6+Q;8l-bb+}
zy5_!yyC%QJ{vj7th6+LDp_0o~-J$NX?pp3(cLR6D_eBl)4cQIFUKw6F1sXcf^W%_x
zihcAS3d__l^)3Oq_r+d$HX1_D5zkWM2Ks2$oYsgw<fF1s@u<o&wM&JmBCq^ijV7%o
zU6<$eadUlSeV`A;Wss?2Mh(*ElFx(U5OIijSR5>VA#NdFGOoSve(~A2(D!gH$5B<Z
zC{;uKd3M}rAKhAkqq=CZp$1Q$RN!;XQWb6WwRh6g@05Y~ck=JvsX1%T<iL?GR-Tpq
z({J}OU3BVmph#OQ*UF%2t-Y)>onlRNjyKZB3UKy)t-+K@suPqWi!{kAe{IP0BSIUh
zt&3E1))m)=Ai<|P-r6uEgel9YFhZw0XClW8>5wOXs*61)C8$KABRi%cs7j*yWbDW)
zlRir!A9!U|K%cFyv4X@Ae4Cc@G`Dw~?Nr~n?6rJao>8{Cme!cIpqiR4|Cp*Ect9sR
zU-bUC2i*a!V`P$*pMDNaZl_hSeqKWEnpNOyaG`dwuAPRRww<P(PX5@`HurYnHhg<;
zn`t|38@fHW&3FnrH9D0z^*O~nl|Fs!T=W`}1{CvXFzYbCWq!x3#jK0apv?;%<3MJQ
zb#9Mt^KX}LQ=E#Px}V~n%Ac}3=U$avg<R!bCD*BXL%n6awY<UJ2HuL$qNe<&?51L$
z44<4L4c)x_G32)5HobFUo%)U5jU2StC(l+xI1iDVGB&VHbLw<T<eYz%b#EYDS*Lab
zD9jc4<nL=VYc=b-=GBkQZIf+-oQvxqbHyMHvOLMWpfSW40tp*~As5CLkdkBV+lX!0
z_QLkV(;N>~@uGAMNM82X=r-MHfrq+yv5^L^m6SjINQr`g`ih`5rJ!=GpuCo#n$yU%
z1-#Nl-?Pwv{OwMr^LU*Fw9;1JwGapz*V@TC9WNTWvhc3-(FfqZLK+O2B;#K#WGhXQ
z%Y_UXeuR%13g`}~IZcQOKnB3a<6Z)=0SH4Dv@m?U%VNU9tkNM_{&)hbLW*07Xk4a3
zgIkqog0<pEKa(a)-ujh(0Zq2r&~haX_uG^lcFW#rwmp4#nUH)+9yD8R6ws{D=2inw
z@KvaCgZsySTZ>K;bL;kxqAHX0{d97uEj#bu=jFv)uIUE~f%C_TCTxdn$81Mz$MY(t
zrn#pJr{U9k(@fK8)6nU;X~sR!p3$Dfp3ffUp7h>hc##k!rI>pNG!7aDAwi>{iS!{F
ztI!IL%Iu2H>CtKa>GElSVo!9>eGhj}evciVdscQ9a+Y_NT&3y>^_2D0@&tPtcq$qc
zHRd;FHx_$mc;^%j=~(4gAg2|l>EVS{>S#T*oI$a79(+j13SpU2F)&TD=d?!z&p*pL
zi$ANZQbQ}u6nW?G4K<B6O}JRqSIkY5O@rXYRgjrtrXf-*Nx&+o0#SjegjK*Q7b+Gi
zB`eye5!0~gh3SWTIWDSiiqeMEt+Fddr|I?zT-4tbLx*@?V{&W;q?S-RET_70v?_m&
zNj2x_RCXRoO--E^sdTp57@N=a*HXkd#M7O@cDj=E)Z?JA49k9BbX8x0kvLR?L*9Z-
ztX)S<Ha(Oz4;YJ3+j*;x=)yd=UOd5{rXP(}LZ}tmNuW>$dK)rnCl%r8<Gk?G3g{Dq
ziiuIuaGT+`kT-&5@}I=_MtW$VrxgZI3_eecg6<QvAfERLcH)hB(cD*?mJ141o7ven
z3{$4Q>7+Ks+(auUcEx?krsC`#eOu3pv%jQ=csvKTatpFU((^p>-o3jcw9qSH9w>>H
zD2JC9Hb+^d;5V3rp6F`9`=tbI;%{T};2d?or)|Li6zSr5W?PHg*Skr{blE7S<-KjZ
zTJAj7X3o08LU!jiDV-|kH)|t)(`$MsSjnBb=e<JG=1+Qg#ordy`M}*=patoKCnC+I
zU_kGNt>Bc>;Jnn<Zf?9T?KD<T(hqs>GGy${0aQtN@YC8P{S3B&sCs5lgA|#r+{CDt
zM8mw}?w`IR&N{<|axAgaY^EI2D!Wb8hf7q}B_d&Co8ku2|JgbBHhZnE&irn)3<|Bg
zv%D<gS-Q&%n=vOJ^=Fv+_${3jej?KT9dNNVPg(MK{d0IF%zQd48g6(xRye#;!@oD&
zBb4s3jofr-NIJ7LXMl;HTAzsg`rcF*4OiIN`i?hI{*u&p`)X2$a%S7uV9z?=6)tGY
zAP&#YW;&^eO?Md{wS6bJHr1q4g*+Fm<oj63H+*bu^&uVESA~{RD|}I^Kji|+0dnKt
z>2S^LlL=NjGU(J#?o+EP_;}VS3=SX9&|jwMg(Gza?d(=vvz!Cde{Hx5pgf1fPZ-6U
z%cB=k#tA$k(if0D2ViR~@$O{1M(|Kg+T7!a;R~jIN#&KI=QC+b#NnPfYF*R&oap??
z_@8Hy@2c|68lA2UKh(2|RRZ~C02DWPIw;=;VOW`7+;?U<qc^Dg0UfYcxM2YIjwyIL
z=|hG*Eft(>;-9JhfKInrh}x?!_2#NN_!V8RmQsx#tDyJ9Ua@Uw{)w*-Av=C~<Ieq~
z+XlQNCsX`sz&nFT+(Wmn@zi!G+$X<rH(hC`NHSLE20AHLTpQGL#gtnJ%*9%dZ;Tf}
zI+RZ=;G5C)qh?iTMYKLx!<oceG`INVz4d<niC*(qb(IIqI(%L?(F$6QvxhQH<1W~_
zqEp-=%iBTUCXS(R_D1O8jo8Fv2N=jweLTM0_eE%TeB^sjL3e9LlV|7R>uHbfM|p~#
ze$ELQ(FT;(`)p^+HkrU*=lz#|T`UKfJ_a}>(!B*+F;||Ul-eCj%jxUMkTyG3FY333
zNwgObvsP;`dbsOzvU+q}<C;lz*Dsx-fvWk|hTY6F%{?zY>nWE{$HNEK5?`gBjH_FB
zRP7oJ##>z9>OL8N^J9<4t&%4y>#RSDyIp?=?%MP9ATqpP@T(v&&f{7T9Z?t$Gw2$&
zFwrzaPL}8tb@I?+0rc3P{akX@Cc@9G3n-M#qL$>NpdOY@Y7?t?qmN{8%N}WN@COQ%
zQCWQoLQWO$J3<MX|6E<Mec3uvP&XGhKql%wc`KkW(Hm-Oo~y6-D0@Noq^d>oU}t*z
zMb%kiVVbFR;M6qmw5sZRp}47a^wcy<l}pn6zHwpszQ^>hK9|AKcGEf8b{D<7siLg$
z_{y;Y7uWg({lV=wXQtNRpTD!lgZ{-y)+bE+ZjWPD;!jnMeJx2yMuI+0XfpiOx6<)s
z6L+fIQ#rUrR=u%?Zh7xL-?`j$&jG2OBHxXl>s#)8-3DIdjpqL5X3<cuJVodnWO`sC
zAsRPW$YPBf8svc%+`9^3K%#T2KzEGrm%}Tv+k%-3ESaEoY3<RXH;jsv49E!$CM7{}
z=2R7Dlla@aszal^4bA%uPQ(ty^A>)1a3lM3Z|`^NqrOxG61e&&3u9PKdkFp_5WI2b
zxG^XNycw$AK0q6J4pg-~BEj$glWg9P`!<s3(l;9U&193st+$2#(p^(F8`v&J<0N8@
zlw%iolN@;rc{i1l?pmWGB*h!$m^b=LHrn!qr&|Th8;|NCcws9JEQLC@r*(A*uPb(t
z4x+h3goi7wKujm{3}ZcMuTR&|u_}4+-FZ2nTRm%6`9`)9wpe!HI}7UvqhV^N^Oa~k
zsb<^3;S-Yj!Ea#)+3U18Qm4f|^ft}kge|Xz*(Y+Qu`zZP+sA#Uo7b+oQmp{j@xhAu
z!<;KLX60GIQC1zX9=P?dhc_n1q&KXxxEYC9*ein0+2x!SC*vzhw_|SKjd>MCa|1R8
zX?EswS(tvI7K@U=FD!>d_iWQGcDr{r6`sY*Nx<4b$n4!pJvEr=#07U^5lxMqa&o`1
zcyzurLwHfz+e+bEF;<m?Cnh&m^)TXAM&GS!n89U3|4E0eWzuHh`S0bEhs$ntRiRMP
zZ56Pl@HAyrLi>IN<7rjCuE(Yz7=Sb$z>W=Y?s6mnc25HXJMs5i`+ew>@W@V~r&UJc
zIF;y=#Iu8)^{G{qlR$WI;V0N=J+sBcuj<n^YhJPf<VyAF9s|QMT=nbZl;F+TkHj!?
zvP!UZMIo>-DdJ#ey0;XWLz$mt%X>Ex{n3E=&e8koYsYC!YF*<^-Og?$0GF#PJ=*N*
z7#|JFuqA7@y<;BVK9H?%@>wyP3|IDUyxG2OLV#}Q^~~-MHF7munGf%^_}#r}Y8ROs
zk00)Q2Ck9-+HbD9KBT6>OUqv*P7PMg!ywo^<#1UFi%&CGr-F^>x|^H2;qmk0nQXf{
zJ<mInmZoewyQxf<Chv5h@Q!)7rIeRr{GqRsxK3yz(|eBQGncAYzF)5{6B8fNn}zFf
z3%Xa1(wA~~Z*2u|iMe_;))J`AzIhAbFj}gOwNU-&Qug1_g4{7FJSA5h8MQ7xoQ<_i
zbqqwyynF{Ku5WA1o|<}=IQh&&)zbbzTU@Qa%_)2I`;TtoH)+6Iu0aXmb{^U<s^SB6
zZBCy?MWB(Dqgx71-W4#jct-Iwhro@$S+53dMF)8*VP*)e*p%XI{(A&m0h;lUK<6q>
z8}nQx$h{5kEPG{w%1%My{UHo}Cl%L(gHQ)~&jHgqO-ONbo6~~vrv<&it1Fb%>QnK?
z%llOMm0hqS@JYDLoVR*&t5Db8h^Fg(EMT2JFN8M>h7^yCHhE0LAo$x`#^OwQ*?&D=
z%RrzfV`>obld=4~x(QtUja!CfbTz|UP>VtweC0?y{JOOQmb<Ze*%*Fp;=!A`zIo{#
zcKz^#_}@G^*yEaYBPFgl$ZWjoIdq$RKb?~Cp@7D%q*F$5;9K;8qUZbj`y~JLFsq>r
z{$0)XFoVTMoKCKz6`CaXo@|MFH04J#%X#wOCmz_Y25Ca>B^O3}A~SBt{>{Hk!P!TV
zdCA%H1s_Z>(B|U{hkAL%KO9u!Z~tJz4KT<da4v$8*QnRw(`(ubN-L*hKHsc>or`to
zSk>)uf4Klp=Gl&Rv+RndRdJ>VQ@C|*WB9hX!2a(ulf1%Tj@g!i(l^73`<Au-I+|-N
zLLqj@6G|z4t3{DKGmDeoRg%bI0R@eeD}r*%KR;a_BddqqxGE2_l8vw~s2Gqi=@myS
zEnsm&peXz7V_x$w2eWu?JIQe1O|F`EK(>XL0(^&`d4Tz-Ip!5$ANcDwBWdL}<NcGn
z48KyqUjElzM(YtU)Io<a)We8jvHk+1=BGP`eIP&PBH;#>uLOhrhht1B#6yd#RE(Oo
z_n7v9$5@MmpYWv0*YR3De8jgAe5>{GfmHd%1F4-C(mOBiCt-}pGEe3X;0j$`Wfrr^
zdV~CtC18{>L;RyzM+OXL_Ws=x&Qm+e4$+Tj*ebrV(s%3{qF94~wK1T~s$eaVs6zuG
z8lyrOwEf3z<#+;r5i;Vb^E5Iw9Ys=6hx^8$!MxC1uPpt!M_!p&xMeo@tUP4z{aF=B
zYW11Z?%sVfJ-9rL`05O7mG7kO?M@FCxE7XwnA<?sPv~21ik_w;6FpM}OHY;P5AaJs
zVYZZWRh7$dZ`zqO|5Llq^|lD9oNP$Tl~k9IdI6-xL%y!?oWSCKi&1!r#dSazuf_Fr
zo-RyG*l#=j#hn4Y@X$r$-upSH*qqz%UEBgb?Pm*$E4Fn!_v?Qc?9^^Zf`tJ)#HV4;
z#m-pofNnfrB*`c_@Fd0yGLblZQEKF<-MCtjwFi$#0Qn_=;_u&RCV<it(uFEclqya*
zD^4sbPDF-Bo(Pwp2sGS|P>jv;X={b>a7zo7#y_cTy@}TcZ?o@MH?uqDPBsgh-lZ$;
zolCzKssYr3w*kWg4}+vUg9NM0I&Eh=<Hkb6Qycrcy5q3Mofk9f^k{(^V8O%5S`ypv
z=A)vw=E4l<41$_ozy5lkFelnj2U(e3-}@?D1IRkrA~nz5r|L!y4Vcc3Kc%1Awzi2h
zlIE6iJqs;V*0QSVvgS8{TQdA84et{$DxZpUG1M#vrovq;PQzSEUOk?xV%{_UC07S^
zt@!0B{)@?mO}Tnc@y+C9jID0-mT{qF^=M5}7n6WbpVe4#f!*s8{WE;}>fxHi@yuTB
z;$KG?GaHIK2IK;_aw~}fw=yfzJ1L|EXE*-)vC5}9^mnG+5^ZOaT?vp9VIK9;;V=B3
z5vD`efCkK9k|s<anq)TtD$7T@>*s^pHz$PSZ7KDtb-KAM!y5^6+ysXX6<Y|3G2u!Q
zi^>G#O6)9#94soKzCTrQH5)5EZW`ylP8a}FjOak&`7_I$zeSceJ<i)3R;9>MeSfsU
z&dzpnZIg?}-s>yPTw7dcn~e1;<n-ypq)skiOCYFiH)FN;b$d5?Tw{>Si!`&YX@ADz
zX7;e05qat?d$0`McMsdX@~~*MQxquH0lgo*`aRya-{t9CnRWjV@!WZ#^mzQ2T0ws$
zLbc|^9ebu6=NC_JaRL~@^9X9)d#2qYNU{$*C&1kK0|;(R*D-2;@-6|vO`*0ITkb&0
z<a!r_58v&`6zZrlVfRz@PHY|j{40-&VCUMiFy~oz^vuV?9fW^XU)J$ZaAkrG|DZC-
zKEm*md(6K)io`v|E@N)s{2f{hVz*iREu&W4S(}zt{^*IcPPK`DYSC4We>5s<hCdam
zZ(V^jvvFjP$H0XItLMGnKl%iy*>IE3h|dYpj>XYL6snDAyy+g-wDMRO7>8Ns1e#e_
zk1hP&8fz&~AH<sxt<vesDr6D@|DJK)aJdqGS<PRNUdtp@{d?xj>5Wa5S~cA1O;r-z
z3~>s)szV5&!@sejGnh)2k~<1Vi!uwje%jsXU%&Uzlx|Bl1fS`7ow5Lo?$tR-nC&DT
zn>hK_!6i4^KjMaa`%m2qag6;Z<didWl{z>X`e|cYKlsze%)c)^1KWJw^v1;L$SHlN
zPl%FAyg><5I7!j?@t_1`50>i_y}giI)kNm`y~sdyPZxeLnhyP##iKDdt^(C7+(6tI
z7u@deO;NYF06sg_p__HKV^tB<T-pZrPk4ESx}_vgVT;{PC*jCOw_ObAKHu4L@J8<M
z8AQGHX{VW_mYTQ3$F#dG#fkTdmH0yqwV&tS=Ftv0XBSQc6qTos2Cj2w?&Oed<P>)o
zviBzzq2spS3LIP_X(Pef&8idcfd$OZbGq92!wnN#!0T~|V&N7%8)IRVp(}K6{PDt~
z3s#P}x*d^bW3Bq>x=W65wRK}{V-59dX4mk)U32DHOG1c1dC6ImdZF6Nh|+{^jpX<a
z1p|fA8fm*&q6$3eiv1sOl*jafBjwCOrBmT4{06>vWiUDJQdzlY1J|9XNZ;X@)~-&O
zLDJtl2}Brb&8h5bTL+Z*$f!A|)EE>#Y`szz5QKndHpUmO3N4S%%B`oy2jg;nC{0$I
z>})8EMX~N8FpCf*Zx<$|Wv_$kxV6wix!&m5K!@=T7yOF3a+~wy-?I>2?}%Tw*=#j<
z`+1Jou1FygG4|oobad`s5&Z6t(#`p}Er}TLYPjC-RluzpootRLtzO{*?#Z+d>=f#|
zKAe2A%U@6hl%-G4_v+7#is?J0dq+-h<XL+rPXteoCwcm9BggaAj;}OkuI^s%<yOrf
zzaA0WsH+q!%muJc@%0oZjPjbh3X^&%x1qe_DF*zWd5#BsUoKSkpWIt;q(5vI=4u8o
z#3m<-s>&sHhP3W2BzR^q7xTO@B%3kp5sZyh;DB+M4h1*A7&ki>HytZC8B<I3N&Opw
z2V+tkCoeX`Tzq*fm^VXwFo!qAHovkDF<EEegRlg|2t}6UhVVZ5SJhBdw1cG~*Mysa
zx>%&eSQJJi=GPB34(T&Sk}JdumD7OQ;uiaTmPf5OI0}y0enbnTH7KK&a0JfmrQu@h
z0=C$td`svZ!^wK2Z+<{;Mr0J$6=5W{-7xOOH=0E*bqpU<p-1w-zHX>ftA)d}O^zar
zn@(=yunUeFg`YRPx!8|58nIuDm@M)hvq<d|Vy&65D1orQtU0jAMPUCxk-h|^Zb^yb
zn(_Tt(~L_Rh=`*BY!j3_dC_M)*?1n~?|hHsIDL#8C@@*Km{?TyuuZjL<oRFyMV$G*
zXRQ0X>4#B_)v~;WVm;04myW3;V1s?UZamYX8X&s6xJ$AK-zunH*hU9E<-f8i47B#R
zZX#)b4WTm67)aL1XL^(d45)yryF<qc-SE)PlItl0DsI?rFv-V<o;q?R?Twbn+L0B|
z*Ina|S?haAhg?6+L}Yl_9V@(Ym;B`f`E;hsGCfv>x|Y%fpjHa8E8BEn+a%2!Bb|1$
zS#F5UuYKf`J>*^1mPIjrVsi9#?`hadwQ8=<UBS|2U;>9AKWKFOk26qVsBBWV<o^9%
zj4aYgnj2=-%x*!N>z??kKH9w^fxU9!n?TT5Lv_+ji<en{?Do0jG1I>CXy;jk6{bPn
zEyP;U6InCX5UAfZF9N^RyiwncZ(P}al=ML_es^y=ffspjH-AVLaRdVo)OQM(3I`iB
zX*cf}uGvG9dCEzE9h$T8&;5zp=XG{YH5_V*GbB5t&m+!$TRL)#x{A)m{_daicpbz&
zhy9<sE2jN-D=1$Raiz}Tc>y($sYg+}xMkfR{(?(w#yz!BbIeh)H~(awd_Co)R`eVd
za1Yz+{-^F5LA(C{2+_Q{$^0iI_CYT+R|J?&`Q1CJD!KAcox$xbimDSvH_*Ljr_VLI
z;r-yRm2n}z?kl3<&j}aldFB=>&!kb|KkS58H+BEAX)w{V({!j1R*S9v?lbeRF6Lhq
zto^6WD)jfle`Pu+*}?v=OsL1BT#WbHe8@^KG6m<iDjEYMdOP;_73BQ&^woa~Uj}TQ
z{)d!n0?$~suuFc*kaYX!U%o<g;~)Rar7Uo3@V_z<wNI=3r%aRi6<3hw$mh$eG6Ngy
z-`98Ew_msRNb9Wz675bu;~QL&dXc$&fs&r*IZSy^ar;>OyJf!p#3%@WR<8Fq_1l&<
zC!y}nFEK{(nOu;`ypl#Pp|S&Ucg=&6uWriQi}a7z68mkBtohgO4vy_q@Agab$Gt9B
z$_yB7|3i!2YG(W=2kdM;tor;v2I@ig?IN{dmnJ*;*&Tp@@OyWe=oVf&o|PG-{->hE
z;0f;k;CJ@JhwnX_-FX+e5d6HmtGyLO?4aKA&V3Pp++ri>qH%;&;cy2m5_*0rlXk;4
z8uqBS6ejJTXJ|MyHbiB*rUL0de}NmzW^U844lORUoRye-G!Lcdc_3b5g0c^#v?%d6
z{xtd0pj@87{PUB^mp^Jd2?T1uC2wrLO9RtCarpSCY`&Y%E#uISJ)dM4U$d&#@C(bs
zWq9gSE#l`*lFz*By4HOO@%|XVH~EsTv6EoznN?Kj=%TR*4r$=&vA02(l>Zc7Q2ST+
zc5W4xUwy4tJ>A^e8Ar^>A!?yNA8g-Z(M6Mu4}P<a#tOe%`I=s0;^Ta;p2gRpnPDJZ
zp#78oIj;8)Wj9#VQBy{+8*GT>NBgk-iKOTVu*r`ebeVjK_y-z%6cs&|fqT`CG1)c+
z8(Q>kHMXFbr!{ZjwP2m66>x*SWK0e?$E7<UO8$0^OEOOz_T}l4w{#c!%hP3V>3fWo
zjQ@pkkx26W0p%Ug8+|K_;NY7(1b_+=zpLhGDFsdciMC#QLYt*sUW>z~MS*`PswUHN
z_dthD#;*kk4v6^f0UsU^(KqmZCsAude+fIsRqH^1!8^D&gN!|FVp;K)raWp|RBeCm
zi+i`KboXO0P?c76I`-p*VL^6Srp^s)E#hpOPl5qx;MF7e|0sL&c&Og@57<&9p%SuJ
z_K58JR>>AZwqz-?OR_IB$0URhh3xy5$udG&r({c(GWIM{8C%Fc49__;KHv0tzTfA0
z{raQsbDiscU+-(X&(b+_{ze!(bYQ!JW{&Z1FPCT!Y}bvH{Y1+WEo@wbmF6fqhIVhv
z2yhj>qnrp{I{QzgwtBehMB2d65}laH`DYv07hF033WoB&DCDJ5=W8$>OJ+?s$r5*-
zapA+1lv`I<qSteol^QcaHz=$gYJck}3#n+#e7F6uRP~SN(6-xwNI=^i2U84Yj}A%)
zu%Gk$dADCZEZ!w#!$ce(OK`+_^?592LT*!Z=TO!CbtuL6$^VZ28|J@L{`KgA*n!!&
z7rb}4cy4?tiC9@n=1s$-K15f5*42&ZbpZ5b5n~AEy!IR2eL5)TZ@SCYoAw^|t+{P}
z`V+CUn^t8tyEGYp%4>&VmkC({G}-^DFuK3zZC2lAN2n8>iV=f-`V1EP^pyWc4W}h;
zg~NJHj9t3`R5R&+vjj`~Y|t*b@j&C*!ka0NH$sk$F`dIITYKRJmBh!G#K6L1t`p%t
z2ZsCj6znWmXix8$o;P4$(4mL*zwmzWny+)|ZB)8g9E(%fa1L!Dn4hQbwlAf{g7JO~
zDuX#~n}B8gY6EKm_yBHzHDJ5caNW%oEc83z7;L9mXH)#sKl%=tw`nc~gNGP;7{{m8
z<LUulj%9?+f@OBrUV<%3<w7bRBKbfKY`C*6+n2zGI~%+aqVTuHvsMQTi1}JMNQhAZ
zi`1e-m!c$*?hdKo!6v(#F(1#qpeY_m+XE)%vMT@SkW4UCm%vDca2;?O^hqD`;eZQl
zVqn?s1A;Mn{`lJa?MqKKLau$-zSJHnNu~1uJW{Q0-OT5chni7A4bWrOq#?Z9fdLm4
zC@h|TljLVjdbAO8dXYMbn23-6^6}__C>0KtX<ZK|xR7@(k=X7fV4sBAWodaTI)SwX
zhPg-Q0A~qcr0kyR-%<Oe^7r=7Gk<*UfrWZ0*NlS)|IgEuFW^0diVB0;q(?!5^TI!g
z@IUo8>6-`R0EY3xRnSCML6X!7F#ceiULQK3Z+Q{P^f?kd1qoMb{IF_3$hB2Jl!?;p
zfgZ7c;w1fda<hIMa0_yi@?YEM55)DRjj8kJo8bA$6(D0k6kks0_6#goPg#1ODPEtb
z1iKw75b?j$`I_MXO|agELl2}EbZg;2<g(I2E2$R<>GqTERhEI$U8fFZoA7$eKVATr
z|3$O(U)#42&;}`Cj~t-HE{&weJ|g6sFG=Z#gI@Bt6-ULp+>)M*X_u$<sqF!%3rMBF
znly0++qCT6_WMIAU^#({2-Mf$F$(<cD6q?3fcwC%9GrmNW;n2a<g~H**M35>y{}dK
z5c)b8>g!*R<fnw+fPD=ij{c4CZEO(i32@~a1l#)SKpE~fSUwl0V7K=P1eg6W=vxTf
zrfF&-^tHF0{~JOcxS(<>qxNpT_m7421Bfn54P_#bN8m~%1+GM_bs`EZ2RMU1afE@3
z@O#F5@QC=HG?d{nIbmg@y(2eBDA(gqgxErx+z;LRHV=q^fcH=R4ai0S0NWNq0Q1Us
z=WiFD9dse$wobDl!9qjyj3eRTQ~*`dH;L3}@%vy7Zi6|f_*aZ>xqwTZU7d&v0IqdX
zzE*EY{&qq59oQhZTejbWE7`XPO)t?5gnsD0Q}c!3!`vDeqot@#-av8C2@wUbix13z
zEH0w|AVAyG)_?o3VMEvk2zgn$94g7w?FFq(ejL3kgvHMiI>Lq$-YNRW3#Na?ArkUx
z(~%HpFiax<qG0vm4~1`uG;<6)(7Akecc~aYnULv@)#m`{2J5EI4kP3Sn2Mzb|3rou
zm`(D(w|yB7q^eXDS$Uu|cEWGJYMmpbV)ywB4Ive7(6O~CWy!AYa5dP}V5ofs4<JD2
zKXo*J$9@a}mCv8-FTOwEhGJ+X(;_iYoW0wGKq(Od1$+ow()*`i8~+ukuz#hW>p!eP
z`;gaE2fS2rHML)2h8CxcZZTLFA>S*|L3{HY>7h9AKy;2`F|ua@yfndzPr*)rZT0xw
z_PKMSREv=p$CyM<EJmKL6UjaaruWF7-LBzasvd!=V4LR#-}d5WC&cL&@WIobu)@|t
zH5+>`SAItIrpz`3@g?QOqYbswi;*uLZ>Zr|jFs<zHG8{G<PMk_QC}<D<9}NedvZYi
z>gj$Bu`kfdVb7FrK?sv~FPI4~jt|d#WA}a71UUi+N#-0N`C$SU>;3^;N$wENeD5qZ
zXq-7<@X={wekwv9WS`93CwM?uH#E4z&wb7XS0*SXg!%7%tv-M&5d`qB7>R|ycm({%
zLvTG$(gN4>b5AzZz{B-9fzWs@;yI13joc_93&)_9BTfy~?)e2gSVIhN{T-9spaU@g
z0R_&2rE{WX`yANDCxSQB&OiQ>h3~kId+wKkmG4$7$ah?^tVs>+pG``cGk)4ZR>V@i
zUb@Evp4X_|Yn*5F0WZWPyIB-Y?uY;FHp={yWBQJBx}-1nzJm|O?^eHQ^!r`v*FO=v
zpZT`SiKBP!?VH%=5qmgv?V{fxVO3Xu0l+Z?*IJ=Pw~gNRtl5?Q^rK!tzNFhh*BxN+
z+D`uM>UXt&Z8IF$HnTG=eKtU-FnI8cG$H?RZSde1Rd+ez8Te~0_5c(Pr8B(1U-2<M
z@uzCrSekBXAIJw-^hmxx;f#$6U1Q$*L~ujrnwvLtaPo_U4o+JSU3jei=@S>OKT{x+
z-pBt~fJy|YJ&+P8qxDeDp<*1twrV47lGC7-8&2WH?Qr#mu|cPVyPA*}JD1=*jsKJ}
z8}HvHqW@)r?_U<gAq)Q`4HzpEeo9SP+^t?a(t@W6`PBB>pou27Z!#rd9m@o7G>4~x
zWy3ZFa|g@F9gKsaEa-$x%l0H#r;}ir4J3$z&2LjD(go(KYXauZeo&$2w6RG^F=6E$
zeevrTbe7;j2h~^!(?AMP8{rJDyd|Z#*QUT=PlD|(4z3{LzE)q)bb&mhmm6fjP(Unb
z{;i;KP(ixs!5(LT6)CU!XD^Gs-ahc2e!aU7*DvT#yIqBtIF;t(lT2q+mLAa@x4zAE
zgyYu3TJR6xY`r&PA8>x<y&$@=Lb82eL&@V;(X+If5raN2XH<Q5+N{g&ovsD^psE)y
zz%?DMvZv{kU4cDU6LAVyPkh?FeNyqmiQjc1-;@`%*;K*J-+orvF*29ZH+XQk<s<%M
z1Re7Km(HEX1RY>!8Wzrl^|QM3#+K{Dk-njw=2Uf@`}5gryH~q%5WCMXA52AcpD+pR
z&WoJQ*x=y}=lbqv^&S{Ylz9l6_`cHcLBjo!!lL#jXj;8zrQuQFSmFzw=%>>#sy#oe
zNr=D;!6AjebUs{a7rPQla14mtc~K<ytTA@wPUarBWbB0pS4uRN?E$K-I*}9f>TMw4
zUY&^hA;m@QHjwGv$s>MaiAx}n=uFT8s8nvib`~_f3lcf8T1Vj6A8|6k*d)$leP1nn
zEzb2g>ka!ACXX>}tIkXDEmm1K3Y?w+y?HYrRc?{HS<wj5meGGcSWy#~T5-^#;gxX3
zV!?LV?F0VFSo{~oist{ML7;p4_p2C690gqmNijJq=?F<JIVEW;nLP;;X(HJGsSimv
zNjhEKF<%m2;P~c|CBF%Cv>rm)w@tQ()R?rNvg(jG={jXJneJg>lB<YfggK%%$PcZJ
z7$9?_R5}t!u_?F2HBpToSHuWet68&Ki(9K(bJ~`O4l2=I%4G3mS2%Q!M92E{W0>uw
z1`~UV!k~0suV-vWJ+)_Pse{j5w$rW`!c(8ZmS6-?fai54f9566r3dJvXe|{sKV0r+
zKr!k;=H0BsM1LJ)($@;B5eB6l=Mj@{%0C*owY>~74z)Cz)iIUqdD&AOY(id2g``1J
ze^^61wQW>o3T3L4@~lZAr5r9`y>iD8s9>`CbWCj-E^{qY`l&zNN0y_jS0`xRv682d
zrI5SF11OvC0o!FQnXM{r=hjG(0uJ=p&RnHOl9bJoR|6Oa)XNewFJxB7;ZFCnyk=OH
znt1hYgjAkHp7gVisrl9z6_VY-9J`RG6cT;>6qY?tDcFmwIlfy?8%E16%imM01tXoK
z7-sPIS-Ll&h^R-v5ZKS2xl@aswu-6&DvLa809!xnYo=8tgP8J$%w~Lf1}3q5Hxr*p
z_Y|ikb=;F=Rds^=T^LCisXB>hSJ}JY_0BUwstBbUv#f&`d$M}Mv|-d~iu^t5S};o1
z!*VBa4n>Q(6-N)_OqWC_rV#XqXNc4IL7A;F3l{~f43<6@&YN;XjugjTv}pHCl}|MT
zIJZ{savpmM+nd`EqeGcS0i)RTTrxw;qW#c^(MiASw_F&p*RU0NmKr9YhaPzi8J*;5
z)UXCjX_g@M(bW(GWwe+I(<Q4z>7)&(U(kFyJgKW{VzyH+UD2GG)KifQm+zqHe3;I)
zR%<HkK)d=FvuLB=b7b`ehVzcLicJrY_)vt@isBaOEvgUrNOr;T?b8;`*E2;DafU93
zu@A7Vnt0ionk*G7p0&h5ryir80S&xlO*SZ?Y+wvjyw7!C{J4*icU|D3xr-upxkp+9
zuUK`$lRQ_)VDGUj#poeeBu3fBT(w$doOi8s(7VUA$0x{*Qu)Lidf%hRH~azbhk=Ve
z^H+N4Gc&l?G77^~5pWcSuG~;XFBI-{Yud8(AsJqxXl~xKr#CZ$6fU=EhV}>w2zr6I
zF7l*tz}6m-PK9?VlAmYmsmNMP@HeZX^psxp$g_<7fk>x@m12rfD=Hh8lsR`4mSE_}
zpe>b8k%NbS*Goq7iOrK?nE<VN;o2jsm#|FQ^=H>y_<KZR{pr00usl7~xnmFg6;5Fj
z5lj!QNb64eN*=F}^nM%Y#_D|-`=e(=yPmxEq^I&~aqd`%1&u$$s&npGum!b0&FWn4
zSeON!Kl>{A#6a-)kve8y!Q&np-ob&3B;H(DnjW_}+;J9*OqE8pSuSAkRc5tHqt2|2
z0|r5cr!CU6_IWr)ia)cNHsM3QczBHN!>5F+MVkQyWwok{58*Kw`?3JlMFczpGhMc=
zx){70gkdV9ROJlXeToquYRaTj1rF`pUTO`}Bgr7U)6mHgzu1{|g7)ZYYaWM<UXT(k
zUb9FfCzkH$YC&E@oFYJulUTLSYe=|yg}*0*5}@5to9IBBAPUI_sejkA4n}5*r~sO?
z=7SxXBC3Geto&ecW~mCGGb=wdmszR`T%N5ROv!Xp0jPI$mVAO1NtH>mrEa@*Y^1l3
zk-}JUwFculIU=X9i`p=eZIV?OmQxGH8TIjcCLpvHxK4!yT6>fa?;YClm`FsIA_`wP
zoQi3zehQ<-F|Uf`He|r4aEDh*bKx}GEUSXpaSc4lHsdNQc3cy0x2}lw=>bUgICl6Z
zM9`O2Fz)l}TVo?Lv?Pad-3E=3cru*$s#PAGbCfw#Wlv|8u6$e-2)5*2Yu))$)7C4?
z!d87XS_^oZ(=b)|Q^rYJcusxylsdjmU-^N>Y`0&dap#h~<Pn;p#t-^@4{juWeU5Wx
z^E#(q-`->ZMCRyzFI178y%H@Kn{)De;iAk-+34Y@4qR+wD>xq$Q}+a;JXuID3w~W&
zwg_k;Ak;m?G(xgj9ZSvGad%8O8w0;Okk$t6e8{%Ot}fZCU+ZqB{5wNtRy`UQYm$gN
z3*y`81P?r!V}a3n-bk#g!gxU@$G&^z-FrYpNNbxzNFU1n<3;DULQdIP^)ZdvyAZ>8
z#xc`b252-JCmru^M4aE5XZZ|r0{CxU=ofboy@<lFLRRLK>(VeO_rXyg&*GUiMq(V~
zHS1~ALHY<t1&j<&oBp`_4G*?T*2J}(enbxZdm*QvPm#|zC=PkPdPN%(;OM3HnE5OW
zTS9x-->Qgi0w|>Sv%*4Axe~2)Fc+>zI3H(llE9u~)FH#pcLN_|T8R`mdDp0j6x20f
zNB<`UsbB(yEz_cI0)?eb-y#tr1ttC2Bq9R9r>z+FU$Uvh#6PEgp@k5Jz)(ygl&-mm
zzyyp5<ZT~Mr`9CyCNY#NxebW_f&kWo$n(X~_e6+Tj1NS<I4!Uo<3oh#PQVFA1B7h8
zHBcsG<G&_jq>~6ygxP>5I+q0|VKyK>eLPlY*8+(o1oJEjg_H@o1tx{+0mg@|k4=4{
z<u1N(VVY184Z5=f5DCGiz<Lbb5>1c3#cv?WpfL$#&zj|yfLnkjAO2YV(2ex(Y<e>h
z8sj&+L1PT4Y+Cx0PYVwfXHLy``MllJkVUuOhPhw^{jY*pXCp$0=kA^amC7T!y5qo(
z0zivi?cK3Bb7DR=z~cvmOZMYHO)!xW8pDax9TUU0#-(gEn*sUnye;AJWX_5hibf4$
zPp$EGC*t&WPGYxuz{Uc#;?JnVTJ<~KG52ou#|)nZ8w)Ip#OAf*_0)0=?!bhJhQ&0Y
zF5!6?9bzy|v`3+eIe#761e@fL?5upWQ*@5^6bgPU{s$qLa1~-xEvjxt8I*n`boh>4
z(ZF|zw+_4*GY1(5I~)wip9Wtf|A-UCJS7&UYLRpnkOVG{KHBw%LA}LLcqwKC%Fr5b
zqtz_C4A>J#pF;#dE~?SE=$z!K!qGQK&dV0W6+-#k8V4A*R-daoqD31J<(JyKk1&)(
z2taH0^8be5B0>PlB5R@$hP2s^T9F>HJ$6x;f_)65S@FLycBPK*m(}UyCPHEETp+ep
zgVofch9aSkg|`9>y1y-62Iz2<1~E{A{v8NHLPHbW0YXOiZp;coD}Wn*bK1bFgBVQh
zA~%T6tj=yFrW&I2-!Z)J6CqS*<v|F`9gFXJ2II{{2&STpc5sAA*?Efb@%RJbRCq`d
z<C9D)R053J;!h8o-=YN<ZI(ow63t%bxAmfs-1O2cUCeb0r%SUTEVEZ=*7A89^^PqJ
zT<3EtRFTAlL$dhHP@L{%$$~8JUJ#?^>ScUk797J?#MuLCZR#3oC*nFGy}mqX?q~@F
z=;ri$`$LZfBxWcKmD9frq!nhJ#9SYDEc_{fxt9#)cEhodQxX$%lc7jC7o4(`mT#;x
z8{=3=FL@&|c}Gcf^*J=JzNmeX{&F`#oC(2sWgF8y{)f-($Bl+ukj!;ur?tG@WN<>0
zPx8&nMU8oq566zzKq%=%6aa$ZJO~r2b^S7|AS=1|daWZ^?y!6!&V{_)_<bDbBA|d6
z9mp9y$T~4T>|g$8d<uKJC#Ln4oh))ooIzIt3yQp+)f8pv0#J~DZ(kYx3{91m+=69W
z8eay3Le_^1$^j!r<wPFzPi)pASZ38<iLCA#l)fZ}M(X;kB$SSq+B)!z!ht>lNB|Rq
zqIM}$024clXIWtz&+f^3%bfL#PKkWGa`j{R>-<h8XLo7ql`_|5oPYuD-Lv&ddF$Lx
z16;ez^$pqU^TBFi4Sc(j_52*k;KOW>_f$k8!Wi{yA8(efX8ZDQTYq-jJ$kCQh&``L
z`lc_}6Sal-)s?Zw(^0fD7)$NFUs1-EF{LWt4<fE#JyXhLlDE$26p#}(K<=y`Kv`LT
z;@zClS`mx|mM;C#UojgHt?bUOl78TC;z#YYn3b_{RdMmCtM<Z5;X;({m=XA(6_ddT
zYe=17zI>%fK~-X{55sEKx)Emm!A94Fij$SPtBB7c@>tG#6eK$T`!l8?e%SJtrKBQa
zcmtfNR)5s*d?jaYl{A@u--3{nvX-mcjg|BLTNrrU@Yv(;fKgTw2A(iH2EH(zr^DdG
z(wXrEyW;ZlgJ5sGN&3&XKd{2aNhNLm7%u0}b@jZXqjUOtuBu$7&n~c<+9cCdX2!k}
zPfJ|?OoL?a<dE+bozeDbv%KNHkvsJ{@mDIB!&OnwK?<oCzkInI@<o&EZqm!$vz{6|
zrz>9JCn27uV*`A?maN~I!|eP^sRiY*+MUbnAl&)g!_hn4$eq05OlRJZpKvF#!ePEM
zcPdd^eC}5A1^dsNDVnV!iFO@tSN+UZ{gOO)9ysQwXjcp%LoxZFR>i=rWIwylGI5&Q
zDca)Qw~}?hjab5zXK$ZdG5$y-j32(0sO<o<-OoOYwi53A^}w+uLCxkeFMH#y<fI>8
zTm&Qi@A5`<y_FdGn1}Do#&_n%N+#M}e=D)w&Z6eZa>2uK{h79SGSVHinG6nYB}dun
zWJ^U^zLj8Y&znkAYZZBRb>dd??eAaa&p0bpI^F=CQ57Ctt|;8?&OITT_-pg6XEo53
zjZ><CEhjdfkmEG-R1$N16wxCZab3AR`=;EptIJ2&bB>Ijs3?r<%8ix1)XH!0Zd)s9
zSmNbX>}fUZj@{=ike1jbJlCb|c(qDL-lzvBW;ss`mkPb47oUk{$l5)Th5wi>ck$V;
zOT-;W#pW&bLg0!+BdSZVOZgH2PUUjy580PK|CG%l`0RJY^}WYEYl&(DR=ht5Ao_xl
zPA{%~6a+1aJsFl}<Xk+m7Srb7G=4L%jtirF&QsC;^IEE=&lDuS;iQb6)&?~rhhuPC
z;C0}qg7s(c21qUIuHxKu?F-Ad82GDA|A-z^AX+GI-Mo3g@Vlu$yZXXL;R1Vc{OV2Z
zg&1h$wF>@nM{<gtf2$LHeU<+9_T-!ZD$Vl74}1KrKt;8}k1^MOq^qq|e5(0SbSdU~
zUs@-AMcv5f(fJvdZyCxjbGdFDw(m`~i}i6STD($->dcqzIJY=xFdly0C|O55L2axY
z$ZMd_(h^UxyAWAtqYdM`1QSmANxMJBgX3e&H<+&$g0r1E^0(b7i~>%~%Aa`o0W||p
zac6P|$FogCp30q>vx1kv*?5_hU-`^8WYwS<!|lH=yW&!htfd_>IzQwo(vjI6etkT=
z=fzW<jf!K$9Y7TI5Lcm227MOD!|6=GvC0{ba~Pj<63@ERwOnV5A!{r)D0_nxoYNzm
z?xU8Z`L~$-1{O%&T_NCXWl<@_&VjAl@)}WHpQQqoXpr(C26XewoA~;N!_Nbr<8+_5
zEYJ60^1tSIMqPCbeF0Ob6xiUm$N}_O$Sb7vLG>?^EP2f4>zd75S7unE!1~|DOa^8{
z+7$7ytM1?_v%EfwVMVt<7oQf4PfI*`Ucsq%@B|pYJTonCrOKj*PauoOxN4sc-@vPZ
z0e5`THKynK5}S?j$@XmRZU`Nguv7=-VFoEq_+u~2AUTjzsN>~BVL?fNU#Tc6>B^it
z0~(ME8NMNH-{W;0G?1pb5Ej{O1$yDhQOPNy1VG9)VYY^y$*Kc4L9s*__&lv$PbDL$
zY;no;C6ze#W+cd_BvYy{klFJU#Ae`nic`(8n*MC($UXUMQhg@O+u?@eK={49^=eE*
zg3MYPHXO5CzKMg}NY`2bKV8?&4+@ho!si>5azL&Dr#nRP_?!lM#f;(TMgWvB8P*~R
zgAhy!c99d*j>nYT41`^+xAA7LbWBK7#f!|sct<xLIOM0PPT6C&KaCXWtc)IGQO+5&
zAJcKI0mf~6HksFyR!E(C@w~xyaQ#K`8KvaQ9v_aeq~v&Zs?R7)_pn_IZb{*{Skag3
zmX#p?l)20cWnfx1?3XmN#Ml+kIY<kf4r;BX@uy9vE@SeybfB!ioJei|XMBDnbq15a
zEDBBD*kY@JOarH(1Zs&Bpp>pcS(}V|cG<P&7wGYw8(Tj<6zUAXp5Sz!{K}E-I575X
zY|orix(egFy78F+<;9uP{TO^3p`ub|@5KhQ#IGNz*HeK{+s9Zo9_Z#vMJ0+ZiaUJm
z$lBJS7&X5$X5Zu94UPe51GMD%)uT(KOB%v!Rh&NO)a%Ou20CXd-9w<#Q6WZuJp403
zpJEh%)FsTj2tdj<&<1(e+wkGBfTG0@R}HqMoB|d>pIFrwf-&o3U`tCS4TEHt2*cn%
z!^B}d{gf79{PbFyDMe*Qj#N~m=&XFXi&NtjR~7)m6(ywPmn$Uxfysx6k3hzYi}1@7
zRZmMQz^Q}&PJr%0ZRDP|i3@dQW4@GyJ)}-wsI!q0;+fW5xcEUgOKQ}O@rxHD=#YHy
z&*LnWjzW+_3;9*5t^f-iWNKPJ#c4i7f};i07tSW=`<@2%1vCGQbKoi3Yv5P;_&@`q
zv(<0C3U%<@KOHe{9;};N0W51HUt8e2=~wYm)o(Kz3qHem5}jU$NGN?!i25b?_J;F?
z+yMPgBL#d#qfOo8BL&liqpjT;I6!y)t`ptTN<jmCK=3eEk<LgsNUdIbp&XOH@Bw6_
zl)Zk%sn;9wJHs&Lmo&8_Xk5PBjo{$xw9}p4{XNsKa=Ta7y=bC_MzF9HfksKs`Kr%~
z6B5JYh7LgW=eIIZKXU?RHW#v{d|1*(>LnU4WUjc2rp45Iz5-75Z1HEV#Oh6R#r*nl
z*i-2!Ht>7zR$I<;Wsp)uP?x$=T8sjV6*V^SRL}H}-svBoH*cy;=ls26tF2%qcG@-a
zfzUqE&o2-Xe`DZBkr?85AN8##X<7`KobHyV(r^9^GC5A*uxIM;nZWOU89E^9x^%|6
zboaK49Oqx+XhVp_V#N$df@ljS1;N0#xbQnfA?Mt*-hXJx?HzDr#p(}VaEC+!!;Z$n
zF{fTQLyxJk3gC4c&RFT#c+^2iFt_HS@+H^d(n~BIM~j3%6>I|>3npiy?uJO*``L?E
zj#)2$+Jd^oBE2$Tn9}ka(sKOzY5bZiO9!<hINMzukOxakB)1&-v?VLBW^eklsilUE
z+1aSeTb_H}IpuYP>0!Tp3{!rJgn&f8$UFxc6Nf!to%&*GtTA<cSIMb2FbmR3Zk>iK
z{-lP~)^nvs_f{Mlu0vo(yITVWDbX;9*Nx8UaTQm&bx0{XbNvD)-^L2m`DO|>j&cl9
z=NVWidkRDy-GX&4O#ZF~q{HT<tm-;D4nT9k7yrb;MM@XKGy@wA;OOi-3cB>fAm!Jd
zpM;4Z=+b@W%JDp@(OO7;OKpL!NN1x23PDW4dI2UsfDoq?P`Ia1<HG>D^9F47z3vs`
z`#;<wHm^OqmiX!Er{_XKNnB<%ws(01Ma<ON&ubeS0jSxyzURm)TQ8ns5wpwf(Xq&I
z+fHuhvu1+r!y5g%DB3u$IAo;lsHruN^A5155uRimF>+L>jBDspUKI~sFJdz+!*+*q
zbkFkB9(yf%x500m>X8xO2~%stVaCBd_X_+tT)E~`ypY9hM#SNDd%+bZc)rV*iX%d0
z=x8ZHp!H+LQDpX>MADbakGmC4{``aMpIzV8+_OgHr5~QFL9ka@TS%9o$*6@ct}!C#
zC>Tv0Z<dv?g77>|2DdGI9zJyC93}3UH3N4H-lp#NBBut?$qd~HIPv)q&S6GVF(HP2
zFOO3$+gKu|LH9#1U=&SjPQ*LR_`;ts7b$VUbbtm#h`U`>R#L0>t}5mp5p+!m+%aFa
zk7tc2swR-r>V4=n3Q=TEI67Ao!0?xa|8D~TXdyu5|7amb;Qtn+4aLJFN;O2MFclEx
zCSt^_5y0X6F#>r(o&C7knx03_aTt^><ctt@Xe&ZH<Xs4{1fys@O9cAznwS{v&^&aF
zaB164yvEoilyO{TEHcfOoqLYkjH$gwv;Q*6GHxvvnPE%L&B{G=yggJ?>JmynE-Ka~
z)s~(+1>hb!)t;{@bs1$A*BR@QZcEMG@l?nVCDi_aJ5q!3nM;vv2e<jzA+2^}?J8r`
z6wk<+A>Q^XjVc`!dt4g-kZ!wftV^P8fwp(Pt-W@YIm&})L~v*;ZsFPdx%S^YwKq_g
z+JzHc8f{H9y`yXgG`&?&tUR@5D07}#3zR%hEuf7G;I7p}QE~@ppwzhouA%t21GG@~
z+yS~MChh=DlnHl$4oaFkKpW-59iWGz<KEUl>2YsgLy2&2YoXk@w{=mR+}oNcD{gu2
zp+)!5(i0I$yh*}IXOjfXOvThup6wsCj4j1v&pF2P6rVTqYIo8yHb>RO^(7*+Y+E&e
z{wpZExb|heXHyxxt;#ylKr-8&gzT>4gPq>*n+3!j{pw=>lKf9q;*Mdq_Ww-&|4}8_
zbK9Xtaz`ajRy|zgAg7)$H9HU6*vx1!+{wwqQ!4JJ<*YF&^OY$lOZ%V>w6@2|h5~v2
z`6cOS;73Y2noLk}TX0-3LE9f}bjHEYcFS%Yf`WtI3_o8@i@OH@_dW&wXQOWXA6J46
zx&K+@|GmbQURsZ+1J#6PPVk2s!h3MPkIT>);-Zk}NG$t=W7;8J7F&trmE+uk5f#T1
zg}9TR3h9Vxi<yg=pv2<hpCKRG#&Z{+Gm~t0(lFLW$;I_OLn3UWxSfT}4BL~n`wdY2
zah37NdRum$IUzHX_8RSeL)2ItuojPOv?b?Z6&kwU9;z*6fchL474K4KOV5)cG<2gq
zUt7u$H8g*GJD#C@{B4UY)2(S<J?hG1l}9S6Drqa}DyhAWdL8qk@uFIzT|2r)y+%WG
zjOGXp6%8#79SyY(oep*9(avL?G@Vozj&#ypIC}TdgUhm6ru-~&Qm-XmpL-1`ygvV0
z?6s0-po5`<jf1m;wu8Du05-QL9CsB~3rE328`K+B8m}~7YBX-tY`olP0+<2@fF)oA
znD1TNySk^jXMsH@^l>(2l^rJletGyUP6=-SYlNr4E8qq2jNQk(&vzg0Chtb?zTJJb
zTVculs7y^3Rsnwqe+f@WF956xnXo3a19R0_%C+q^^|gXErnP}JpEZ%y#Z{|A^r82!
z_`xFK*$vvt=HtayxlFSrGnA|5YqhJCtF5c{tBI@9s~f8#Yl~}EhnXDTGcc^a!fE0h
zak4l+Tr>E|-9GSRyRNuVTrh45SApxmrQo)~kLS|i&Sp^==0-+j1Nns_$&Zb*gR#80
z$EtT8o#xAbY<36Hc2czb5|Tl_dFD>FjMewZj%La11cx)p5&hXYSYcemJMafgMe-wt
z?qszwYJYIQlO|)9dUpLW^#`8GqwcQ?FR(<|Wk+GT{U5{cJU-3C``GbLblY*+J4L1f
z(M$!8#hc&W$#`>Po@pQ)kjsvB5FU=`$}Yf)ghqV6ll?;YXN1~06E;EP@U_Vs?g?%5
zOc7-6d2cK+46TnDv(vEW{KHA_yg1Fp8_s+uz3tSA@@q&&)(^t&RfB@UCqpLByQ|dk
zTOKccoY*`!DY=~BYgi{Zc7pTq#@;IKTHyJHQ&x}NJ`79-ET?U1?(hR}rbgzk)}i+v
zJpn%;{66&V4XN|YeNSFq)yWCfZ!L7iNY65lJ}J4XmlO8673;bxjbjdef@pEENf7OR
z;VdM<csi-&9M?#jSi)&hn<RIndusW6Q&*%|KeKa`MN3f&bIVN2P>Wd$hfQ_)K%2O*
zn6QMf=<ldYIp{a<-+X=Z5qKlE@bL9Yudr6_#f7-nJFnlre)wAOi?Fo(i-pcEJHCpP
zp}u*?^^4mt>N{0`s(2L2eqg&zE3KZA^U3|EsYitDQ0hHhar-3k&bL3=JP@+upCmm#
zy<nD%kxWb${Pg4Jd5^reeP8eVx>%jUm&BJ`@PaR;AgLDoa&JYaN2lUXKj5dOM}{B5
zuiP(o>&e#Zt-7t$t+=i1t(RL7TcKMuTWMRbwsN+Dw<5PHwo?4s?%2iNHGPi~>U|(I
za^5D-{Ku;Y#zw^vMolm8^;J2Uts!fSFBc=cioGJe!n|s|61{qA25MUU(KX|^eq0Og
z9c~Oaglm_x#XB*WHHIzRmjO~ayqkW!zuUyn#PHteeSA~pd&wrRCa?E2@7J1IAF+m{
zgr+<)4>J!L2^k5M50!sZ`$#^lHmo)T{6s5$M)IP<83k?y83hFeA%*h_VhU0Uyb7`k
z0ty!tBo)LJxD@yl<Q0?^M0SieJC>@yxxH6@)JV6-wkr_Gzf=5b=qqCta4*F>*>&W$
z{HXT=qqj$G<><$I_SKd0!|e0I-uAVLqrJbJH_9mo@eA+P&jh?s#BkWeRJD#w&1<e-
z33#d4oPJxcnrV1w{p7YxKwABf(mSO-rH-x&k=NAof(vsC=JUbp`1PFig7ty*m~}VZ
zw(?Xl@6a?GkxG-{))Di0dSJm~eQ4cs`&?~L!$&3Sai{US%GSzufE{47XS??ct2-#*
zEQ0b_uvsu#_YWwB#lezc(Xez_IV=fQ2@8g$z^d_?_&4~s_*eJ}i|<ETy*~~md4I69
zE3J|q9GOpBpIN`R9VkEE@U@|(;d8@iLo2)u{(krUZr5(}?dWeZfUaLaIeTT|i1U2Z
zy7#v2_OXB%7y=d!3xU0YJ%fe8O7Ug*TznqB9$(y)CeiA3UM4CvRF}S>y!Wf)&({xb
z%DJXV>FO1P^|sC|toq<&gHsV**X<vR4>SLG;?W{UpGMVn${r;?n)LIN*H0Ph)UB>_
zd`;~S80FvUMtdMD0F2o;As=H|!L-UQ7W;aSx{AJ`$@%+L@_e#<as@Jc@&&TBsUE2n
zX&z~cU4C7b_8A@sk8+P#k0e9vyidvf67P}+B_1VS_wLimRLfS&`N;Xm_{jUnZpd!P
z(aF)t#K_0smzxL0n}$yTr8A?w*{d(xm!zL3M%{Ml6nXMW8aN#=t7~^L?XJgS%5ywY
zmLADdZY&g4Y3DUaBeCrt+jrOP`r!?(-nSjI%Th>+#gEsNUKsUfBkQUnX?lh2)+!TC
z$roJvuW!HTEJ!loN?vBWES}nu#ruiY%SPAXq{rnXA;s6p@l+OF$&c16^0S;xhkDkK
zm#`;{1y)ZMpTq%=jCz@iOA5-9{U1s8CYJxiIT@SZxMR^Qj!f~5@nYgcaZK9x_wu*;
zGqany*|5ynd@pNg(L`prbIiHbeWGA?t2o;-fDBotaZZwoGIJC+Eq?tL={5Y;MP-;3
znP3)9BjH^B&W>FQ<I)+L0vkHwp}^{BhtmH^AvLU!79|RZ*t>ojF*9Frm+Ie%i>i=e
zbu+T2N3srHnWL5xa4Bp5_R>Y`4RZ?1ulD?q?XsC~?k-n1dHRKS#GE<dAznusKgxw#
z*`&SCKqY+}9~7!RR_tVAm$q;o89Dl*v#J&)yMAA4Aiepgtk)1(0kt{ym<@B+v8uN4
zvTOF_=JTmt04g;wVc~1rgVZq7k`?|)8D-S{6U>q3J0o-8FVTC-MN*`x_U;*jU(kr!
zsLruK^7yTEHX2m#4SnSK)Lzg0K+-s^FH^81CBPq09ZvD<zq@7%>kpE&jT#h1iaNhf
zM%j6~R%SXEGgz3onws}VSK70is`rQcd9(;41?O67fC>&I-(0hQg%VO^&gc0eJKrMR
zcNY>_<=Mb9_n-b&h?@%D%aeR`%j+u7%w<H=^XXVN&R?x3zQ6Pk@Z+Rn%TtK?zUiPG
zebyvRyM5bqLgt4bcWdjmJK5XWTUuj$WPAeMT(U|-F@|kM(+0nl7-V$(INFzI;Hj!5
za*1&pNoc_A<BCRf_ipK)T-YtI&^=`(CK)|QXAAgd&&c2XI|FygIuzm&xjWf?_k8zi
z#^xRC1V}IhOxb%px8L?rWIC;%uKqv)#{>xHEA#@B+Ckd!AW`LYw?><!->G{wB9tZ9
zL5-a^z-meS$CX{@hNEw8LRKV!z0EY|Jw)RA*eh}ltJ#qY>{fd*<8Qxl`Z_L-UY*D{
z7{52OX{UUT=%De06y#v_wmT)kK|PZ6LMQ^7@UNN#hn^t{_(6~1FFAc;i@Wl^<0U3$
zAO|zPwTibxA%HV3xj+!z%TxCr^u2u!)Gd;x7lRnS>6{yJgeeLWThJ7%iB=dP%#Fu=
zV<CT;wnZ~;c?t6@CX$F4f!@@iV?u}u$9&&H3MQNG$^=@ahb#$+>H8?ozwR9OyJ&!{
z)Ud&)eR(e4{{A4{^G&`nk~;mZbe>i>z##oyBd(JN=U7eRX4GKPzC5zyD^EaKBpEA$
zoKsaEQzJN6i`XDISIW7_MaVZEO$ikQ&=W&P^!D}y7erlowzZXz@LicDD#+W6)hR;)
zRe)vl2}HFUw=4^}Uk51D1*$@sV8U;nB$&0LXvl`l7Q+Lh2=11Wj}wxoqufB`QH@xH
zc<h#NjuUxoqv;?Xdp$9nL>@L1d=L*{wzZqcLw1Q8;?cM|WkTSw$Fdm(@fZhi%ko4b
zbUOqdocK+80uO*<m%yVGu5g9m{&-NMAZXU|2AksbbnS3?k*hjh9Gb(mPdU9xio1BI
z0{DVLXBFaJ`#8cS-WJIva?ht7K33etr5Rwq{rOw;?5(&mAK{A@ggIhxp^lE1;3Ocx
zgx1uOAUg_2wh2PA023-xGlJ+mSe-_DX?xQ^_?~n4;yYmLh9!-u;@j5i@hdEFWV<s_
zo!Zo#pe_eTcFYk)bf#7W5e3|(jg=r8IO6++KraeE_()nmP5b0}i9i{UM38mj2Om~n
zC&+lp;t8Tx_`%R>qS}SBG=d0x3LD`=)Z!|8Mi8ap2Sa>_T7qRM1kosdFnEKg#aEU{
z5Y^)c!#0RoB4rr_(e8NT6#1q;u(`1)v%AZ#%(Aze<_23bVV3sg4{}tYb|AN~X112K
zK5Wfn&0sBQO=Eole9~9Zn%tVp+Q!<@+QVAg+S%INIskn3*WTL1+Q(YY+RfU^8kkU-
zu%5U+aeqQ%!ePR6!gu1zgzdzQ3D1dZ6D||CCITleO`My!V=Z-&>GWY?Qh<Z{7Oev9
zo1<?i-q60`cyr<nGj=cP6O7~3UfMO98sW9$^qF#=muJVuzdRxveO~ip52i!!Z#ql6
zJIpK4!(NnlTey&1(PH+;@`j8i!qRv)-c+^+)zhI}f4-RHCWpUT(E#|xTZE<AY^51P
z&&Qr(t$L1Pikl4nUPaQmdJoBf`g{!QRB2!wS$!2I<y$En9F$<pzc7N&5sQG&5tBN=
zurzsN>5^owNARbMe6lZGMvPsVwJ<a6;q6J$tfzFQ9X{qyU9^$^BvZwWXAO>&bP&Y4
z<|;j{JnTwdpN0v$o_{^l=PB-f|B2V+tGWi9A&u@@M^}XnIJE;v4*LVr;1idls^GJg
zXV==1d=7Nj`dp=`^<ziDM}jljaSzuKV|ue5ra%w8hf)Kkv><v48=RZ|jv|=$q0*Jv
z$f4^!XM4gl6~m$rox*bEa@^%oRafEUS<7>g!17~lavM^i=aQ##8{(oU*(qTUF#~1c
zne>@@akypA@0ltY=YX}Se;)r0Aw2#YimC2B5kdw_!06dlsM@P$aIHNXy454wGpz|@
zVt3^4VbZ`Kt2*vUx_YcAqmvO~r_%i#$00|4J=0zjCbIvmFZKSjz9R3(8+Z@<Uz<%V
z<H;1oYJ(4nMIW{}3QNM2W{OiB#vLsJteT_AEl6Q`n9{q&Dkhh#F07Gz@`8`|3a+IL
z%Jo$C#3bTg{qtlmtz6UfGp=zs3m0)Luim1?ja8v~O9j&#-&cikGY@L?dll8Xf1j(z
zrf0v}ApCP-nedO!+PV5Fdd^>J{%KcI{fl;wj?T_-uz$=MX^{m!%x$Os;&AjVpmkle
z@O<oln<dKP?C|B_Ulfj>jkKSc#T*`K=alnHME%ZI)Xk~&eq8cXf+g=`@8F!0YV6gy
zn-YnIH%B5@v)^8c53$T;>g0KOZT(!mgRuVH2&Ne|kMQ$Nbs8ec+BasttNH7v8=Vh`
zwFIZ^)Dw1o<OKX<EuWkJXeBB&^b(NrwrBb;ZCggRRBK_H1bbsk)WjpSBn)l<2$?98
z_)u_)1f$XHjG8~qnO`u9D3wZwV?{T*!Kuqx24*5(B60BM%OIDvxd<!YSWAq(;22~a
zK)z`ObsCJ9xkbJ>lP-HfDnRT}HxSPgZ}R3VxYN1z{SYX&sAlj6XL{-wn=YvNe_k^_
zI}$neJ<?ZqnH$;9I9XArQOeG0x)oNhQJVI_ZRK3O_X*{W$W^&#Z+ud_atH2Bdaey*
zyGmy{7xkNhd`j|??IE}eeYY0D9B2iGGtGEWEN@xn4gj(r_(1!9A1J}VFdbi<Rr9yF
zR`-@^#z>_u0n|FYECy=zeW*_gOMMI8e1`67@Bg*eTens5Q++fhlv77J6p!WqC<@-v
zKDC0=T-NeiuJK)t@Lj&?yL{ev8RwH{&^3px{&I_|N6XzDaoC&Nybx2ByQg^q*jsw`
zWG}N|>+?=n2J4Fr8c$QNlL+vGJxt~oOX<LyW4nt<tb0~E>hbZhNaTAVGV1wm<6j~>
z*S2!)p?mD?uEq!>+j!HvdjMTxiBa>OP6^VwL%sTNF?h=xx~nw{-PJN0#gthaLATMj
z8(rVM1aGc`H^m_hM!;0;8vbR;#-qb-><?aWs&BeK=WN|{Pvzv>bdTdK*mO_kwBIb>
zl>R+U5(%up)AvMH@NarzB6r>l#tgwft=V8=w0C@woQd1ZGRh^tr&yFrR;K)w@2yUO
zCrxWp-pc6{t<QFRQJi{s%2uheJ-c@`KG3cGye~Byz|HPmfN+PgVayfZ+)Xtf^YfM8
z$lgi;cq^T7%RlMoX1B9K&HU0$c+%c)L&RZY+`36a_?Dpa6d@1c#+D_4i48{Y3={Qi
zn&+M-Zo4;fmj0fSgx7V&Q11BVaJsEey@J<`#`vHzhV<%K7df05omgg1%yJ~3OlJFd
z^a4QpisluS1#6A4=b2Rp@VWK^xd9zmaD&cxQAWvPfA_%3S_k;U&#Y@B%~6wfcn<to
zJQZFR&w#&xH^e*R)$!6NPA2ekIX(8zE_V<Zjx5QpKFuE*S$+rg#!7+TE@JCW`QwNm
zccNr8Q+c~iOovA{-<@<?PW3eoJTu0`85sk7D4k@=d8j{zb@3FlJKY=gIMzAUWnMz~
zVwc`XN`k$ylyiz#XO$gmMdMI+s)O#uicifyc|CIc^8G@$a<?9BRc^&Ipd^apj6T=2
z*L=o(#EH3t_P+0H>H|M<)Y(+uRR13T9@a$veyS-WOqrS~1gK6K)|vn1Egg`n_}<bQ
zupbf)2&wNMvt2CHEAM{YUAZxoIJ~_uH=nW~zpy>8KCd@lI?p+OIr`@d-5SI3qG?Z$
z8ab}iZ(Tz6`Sc#yUA*==9{C=j9z`DE9u*$XRvxdEt-M(|Z6jSb@N>xn@D^2&G*5Xq
zI9B<@!l_4KQLSLZ6TIA9z|=A1O3gb>0?Me1B26xq;j(oU9)5}mC9wA&AAwJBWbq<z
z6|xF)vNWH6#9JPbb<J4db+Qrd=({UeUAsrLsMkFfpN@@o3XR?|S`|aSv<xxobuORv
zCpW(A_R(qfmDz=QuHsid_Fk(E$P%R&eZA@^9L~32C8jJCC)TfF)fs&v-qgmO+!;8R
zZVSG@jZE@Q2H$`#W1Lj%HwbLI8J=P0++^qa<N@;4=b%dQWYqdq=l*xtHaV7HGd`PR
zb1v6xES|9S_sOJtiC3Y1ffuA<;03AU*EWA<pR%!*Vx-=164Gt>Ez)XO5(x~uf>)!X
zF4n`rE>DM&X{5GMXMg%iVLsV5eFFMi-n>ObUDUJZ>I{_n7?>I*)o5!Y)YWp6VNj-+
zfz{2+h924Ml3n>o2i0HE-ft|`EEld*scX}V^ceJ<Q;=$^dC~b=*ro!!WObPnkZScu
zbXHp0tRQ^`1LwG^(71;ej)^CnkQ&UsZ<N4%uZ1xz0EN8InZVA``ry5vkTkGE5&3A`
z=JQg45aVvth4Kzmp0|xRay0%zMOej;b)l;FMQza@FDv48Evh~`wi?S@46@jtHlO=s
zJ(qe!eryQcFJDkWqpLK6{n{oa8-wb+$5++7@UE%`KPcrRHS$Z?R{pDt_ruypX;_X{
z-3J5ZX}`eVs|_HNZ&r*?yLp8dXnpp<?ery2b}EIOF<VAzaaJ#Fxz1l5Uv3ozzTbe2
zRlD_>(bPyemk%Rpi#uk^aY$0<HkNW5Q=9%rl6N~zJ^CM3+P*S%uDLpb@<uAoq2*Az
zNb$M%HK=<?`MG!gC`+XDToVojM=G<TDNw2|7g^tjqHep$u)e#B(sz*nSesf<?k)-`
zXkL`2i&)D0e3YY$T*^B;l$ncEO4Co2pNo<?nh|xZ>hWDvvry#S3bup}@P79l7b^3Q
z(RVurA5=YLZ#704xk#Ef^`pGzeXG)4tyzb7tCC!An-57<r7awZ?%tD88neomA@$An
z>;nY2`gXV{bZ1_!Xi6#r%)SwxeOtN78AreJSa>NF{VX8WODvJgxUnK0WUpnCruTBo
z3|)~|+{M?o!!~h`Fbn)yHj|p!K!eVepa9|?@S5?9(eyJXIO+Wi0-V*6It_w~2*por
z0tydWo1j}qV#-f2lt?O)SOP$n1cSDTFj^BvL>S2>7J{WlM&C3d9-YD&!YpYLx90?U
zDM8Xi;0tJT;%upj1>$VVrG4*?)M*n)EK-bd5oT|YEj}a6-bT=AK(v6ZV02h6!8`Ec
zkuZIie@T>J9AMjgL@=&Q6{tnP$)Hdo;&hW`5OJmvA_SbRNOU3*=I(?b5$61oBoT&v
zGn4?+NEJw=GfvS!gjpm5#)&u^2u>nS7&?ZC171TCaRipc2{?Ofn;`@ofNF<Gr;!3q
z#2F`RB*H8rl!-7g=nNu^{e%b+MsVpVVfG%yjs?M)NCkzjH-L1#2*2g5Z#Ta}>Fc_z
zqWBA{i)k{44}^dz&^WXZ24BfSr=ZAr+#^qW1H~(~7QIRwB$6gX)k5XqCu_Y$6q%41
zKOu^Etbgo_NR9WkB(2woq5+bAU|;Qm^}@c4w0~bs(Hc(_Ns~zJYjI78x<gr$bvx#A
z(g!Nrm3*|_zKGW41W}ZLHr^M}xX=?tRcP;h5#9W8q9_`z3yJ^`Z1LFqK3EC*9#L(P
zc77i$9c{TUqM6?ZYe2*IMRaWYU<kA-QN($SZ67NOeS2R-%eIddi`L&4(Xj1f0p)1-
zeHmTqK3F(flPJnKmbwpCgm&B)(WdT$C85psMKr1VU~kcW`y#qq`&c39C&VC%kl7Iv
z87O*DkeK5kbm|*`kjiN?F5<)(G8^K+itH8(F-|s!j!8n|8`$2QBTj53HQC2vxbH<Q
zoB@)7eG&W8CedOk<-Ny*8rTBwV-ZDe6!*f3B4hBo$dG9u)s6Dkz8V#po>*e=llSe3
zuzD2f`w=ii)DmgHS(f(eE`wA-oJh!?v^yHY{Ro?zLR7tLI)0t<XeQ}3@?;h2(-gxh
zlvuJ}#ND8~h#x^e5DY;Ki1?s*gi(+YqAv*OLr4ZmA}WI_5ne%Fh_#?K1WgbPA}Xkr
z1bju71bj)BG=<!p#GK5W)SP^TWQ1&lbc7sy|CLOhRGz$+q?W9fw3a-8B!Db{G=O}Y
zWSeZ8beo)#gp!Psl#(2LZ<Q>JG>lxGM4e2XRGqw)q?N3dw3VEX1iUjz%12&6QUH(@
zkQR{Jlh~8lliHI{lT4FMlTMQ}kuZ^o2So-Yp_|b{;H?767t~Kka?q#mQ{5L>GMx~c
zcrbBv!W|utHbVEICDD~=FZ2{*4#674ibx4cL6`@bBSwNo5b{AR!3!&AxZk#TwtMk%
zOSesZwRMaOD`J?Yt>D%x0K!*Lz^8;d1^kUv6WfyS@iXl1mf(4Qom{<qmow@?+(5ow
z#7YhF;rF!}!>PKn#oSw>uR~<q-oMlsds4+XeZf?+-TZUHR2@z6SwH!Y=ep#}ZpQg!
zKbfqfF6Q!+{wUlPQ05=Ek$r8dj?VdvpYlh!F3Pg2adg>=k5|qj%fB}{fZu-(Jmh?S
zi+{L6hO;SITPb>7tc$NKAx<w_F?vM+S^2%!VR0&u!dY-jNbaP&QdnhTAP0NAj1^i=
zD_vEczf0WAzP$qL(CkM$ci!(&^sUrZQ=j(4FZxeb?jj4m3t}I)Y-#nI|L$w9KD<<k
zEdAcv8ymesgKYesf-P*_VwAcL{C4%Em<*(371|2-l$s3WV?Dnm;AuA*$iynVHRG8u
zxpPg*;CIE$ljf~^Qa68l%*;1$SxOoIUYWVpvZW+t`8yJeZ1Gb{;or*h44tZbs*|wu
zKyJjnAwwsA=e*pCJDes(c+1O^;lmcGl;LmInTW?LDMK#pZh6IAU2gUsJOH?GKbL8Y
z>`dI@sBxOyQL4KBn-Y68VkK<wTsvo0u|OB6O(YNSummXsMBLThJ!Wy&eV45xe&=w_
z<m3(yWBd+74Q_Hrvg*ojX{^?hmFmIrxW>yScT*c%6SQ|pEwbEqPsr>3*26kQt#l8b
zZ*R;Ll<sQ0<IKGmS~4lK7Y)36wnJHyJ+;GEW%=6*I~%=n*(K+DV{iN~k7O0sgj+eq
zN?l%6Mh}AhRZ>%2YQNu}rE&kYDlCWDv)2F29dTK}I9Db)`>K03XTi362`3Y~5bl+9
z^Q{QpW*dQ;QzrV~PYrMi$*o>!es!ub-}hwmhCuq&<+~Bn*V!&FD=1rD1KdwFckK99
za=I-|xx(v4V(4(o?#fDYt%>-}e9rNL!T8An_|9;QGKUaOGGo&1R8xH<oEo(9gEE4#
z*-9YcY??muivD$^Dz5v~oW8=9a?$2e{;J$fj^=gvyw);LL_J=nC#DH6lQ3y>iqA0c
z#pJb!4Z~EuWyXj|0ZUClRLfnt`3L;gWp~czs8f3RZ_*}pBlrw&U0r?>tfoA!;~v8)
zlIeS)S)1Q~vGIM(0B)H#qKSV@wVbIrK%gpT^I|i_sf=9HkjWKzV0^aD@&Y)EL4W7z
zr1L4|0$-+PHvx{!P4VVS5o)Kpu@<YfnHpQW_Y7~Tl(RMaohrT#q+Tsg;AGt_FXA-c
zF3;ht-7YWXq%=%bapzX6p#?Y>TZ`bS3#}pWPwP`BBNhZWrdz#Eu^N88R!-4O&!2Co
z5PwHD!d^djWiMdtT{h=pmhV|G)YLn^Jk1wQl@`2-o4jzULVzO|`@>He0tBAlQI60v
zoYz=x28sGE0>Eg@B5v6xqL?2()4C||(_kll^6QwITI%GL2**=l2A%@zxu%Fa<`I4T
zQrV_qckV_+(K5pH22}Mul&jWk>?5WP=4V=W;cT<5pW&(4R`CB;=33P(ZO6ttdK?&U
zDr`LQh($M1)m<YieSt3KSsJFQQzdhYL!0w1c~jMS0A!1?=xyF5RjNQ=GR|jcKHeoq
zsz7fttEXrtz9kJZWhq4IwTZctoB4+t6cLNpCJK0#D(HPJ$;K1WBAOG4d`rdjn}|bj
zZL&sj#CQstQ)?oIZ^{1TW+c^4<)K|~vb{41AQ|1LH8IY&WOdT_^X;y+L-%-=Ru5U8
zMVRPJ0F@_w@rTA_5Y-wJuJpbIhsG2U8=4d3^qXael;jY48WV=}o5({-$_RVjrLTt?
zBoLg5=mFlPD5^knGGzh8qSk~x&(b5ME)k81Evg;VA-EA)qY`2~6}_l2vBAAWNxx}B
zwKH>Q_YxT(iD-;RkLyija4(6_Z~9Q}Odr|>wr`h&oP3jn9zA5KgfP*ZkfismKLo!<
z=9Z2g;a-ZSsxv2BOhZ$0FJ(~$-XP=5Ko@W?B~b-hl36`Rdz{>iJJfIvQK~t?dUCV>
z5d03AvLqrS2@M)vDRO$7@G^eR@ewWr-@;7i9-R2&hp(R{!sL6rAA@DQ$yA@8j%6e;
z@YBoJ!ZJg8g2s;v{$#yqJ!$>zddT|S!t&LhS;kpaS+rSQS?O6yS-V-PSy@@1vqZDX
zv)r?mvx>5qvxc(#vi={|{xT}AF8CV-0|a-6;K72s2X_dX1a}YaPM?I}?hcK6(BLk?
zHMqMs7Tl+K=KsDkv+msc;ja6o`|PS+^{ZXGVV!+WNnj2{mF73iZ)R6LD}5_TD;H=%
zh_}M!OU-#L-pvLYY(>d)O#Ap(rQSSk%?6T{C3CY!`)*g>-hOR4t8$`%j6*r!WctDA
z6@j;6TjHvWLs`Sr(h=FEvbSYh`0Cfw!kY=7!?w#+Z;CeXsv$)-<}~7g<Ymr1yI-S-
z1VusgZ2!LLmDBxOzg!V{aJkB4p7$riT(+6$ndBp;%dN}Adq%&=b`8TKipomDL}`4r
zuU~Ly{-FQm3sW+woqt~s98&C498w%m9DzgZOj_otl(Fc;_WmetemxKJ)NQ4I!aZ-g
zRq$m3VFgRY<`8$YqxU;Ty5>cw%@$jI;V31ki-0B`=EXWiOwL=GaC4=RutX%uFy%!~
z&RSXi<`X2+k2sNG%d6z*Br-wc2_o)^#O~8F&EQx~G5W-9@y;azxRVL0o)3Aa7`fA@
zU>aGyI&Wml%}bmfY1ij&8tmlnl<O4cl;%|E6y;P=J>EFqINdlh@33sPY`bi-Y`tu;
z{Ed|Rg!6>=gu{T#fNzz3m3vh|i0K&e+vTr&(XqS`o1Nj}pKr;9`bq9~i*DcMipb<z
zsE)6H3;jL$B$VQ=2`mbKyD3~rb_W*WzF`&!XI#rI=6#D!Jsyd&Agpa!7$!Bs;0;ct
z9_84jaVZt($*>#asvQk!>eaI#x2)ipOFJ6b8ok=Ja7p*_Z<_iz^Kp3DZZ~x=oiHsq
zB{>b=BF8KBF5#~H&i}6FF6}PzuI(=VuI#R*K=+%*yz{Rb4ZyrC?dw#j=}d!;u3dS(
zhEQ4CjFNX!qTP;GlSZ$OHJJ@dZIUiiIr^-OO?=(LqKRE?y{=F>ZaMC+%-O+NhS`!?
z)+5&=w4+Z)%ty914R!s3b3?V)I(xc=S`X!@zrxFXk8qCE%Q_i<vo=&zUF&M<XlnE6
zHfVe3c<A0}s{p#=TH`w7+T*%xI&9i(x|Ld$I+eN(S`Io6+77y>I;YyFx)fRzIuyEK
zEwBz)8?0-nyQVFw)1lQ7=%s}k-0iIu@T&@!6_=Hw0<QwQf(+W`o5-Hjp4cAOp5g@W
z<lPBN8{nzxY2_*9>FR0Xso?4Dso`nw>2TY6cDI4r4Lo!^1g)WTkb&qQ?QfsX5H~P;
zC;~+>0PJVMNB!IWGdA8@$$Demdeh|E;U#=Xm^*Dt>dIex(}o721!2glyQojLa4)%e
zbRGSC{PDMITc0T5xh%_Z4@QB+Oh)CeMQNXVN)D!-t%ck&5XLx^KNkf~Eq*(7brclL
z%otPl0E&{Q=7`tP++_q!GtS3oEK9kTQuml$IWui7Lu*F_#<Y*iU3i6-GH^38$4bVu
z$L#6H1=gA-7#vwWDqJg^Dm?6+>^(39Z}@M7qWe~kA?{8s%`3|%_9_j@OH0RF*KQ9j
zaLYeVC_So#`ZJHlT=rT}m(e_8(+^nPYnMs+fVs#<HNIU|w`jNIrr{O*69tdNmPP%o
z3b$yFxfYV;$P+q`@RpgCU3(9YM*3#@CZU!1mCwuiC*MvEPKYb`n%igkNWO*}t~OWl
zZC%eoTHRtL-r1q2seLtHwRU!K7S}Zxa9y<K<q8|nsy=w8e{9k4%`&uo7Ub$l;}-d0
z51@olb?DnZo^{lUKDT%z{~G%=)GOEUx97mUIsT-uC|*LlAX%O*-GH^t*E`U4k<iJd
z`?=uZLDqxo*i~VJ5CR@uoUlx`939Yy6pXg~tN1jhc~qvI)^1?f!>lI%#e^<0J5hVS
zajY>)VAgBa>(l(jvG$8IP3dsk^)pJ=7$5<udTId5ek>1F0hT;3`3Z^TvtSV}rDt6`
zUyJ*Wrx8KG8%*``>jeA^t;el#YA90R>zhfwTj@1*h2ueBm>gaCgWk80c5UuVW#MaV
zIkw_0-3F%nNXKu+M@81ibCJEZ_Ho0{MPZyL!M_f`|Img3o1pREFUOX=FY)TiKn($K
z-=I)_tH9izi{62_5BhXrIv;KRq&4<(=PD`)!UOghAebDhE<-Qk9#2-!O?w=tEx9P|
z_IH!lrl|p7%)75`AKF3BcF{90F-05wzeR0D+cVE7>h~V0)-FZ2)smi$&O=Wv;Zuv|
zezppnBJBQ}^RelSm@Ckv+p$muvQ`bHxF)7-@}l{=9u}J(R*qJ5S6Wtrmn~P4SNK+L
zR#aa4g(_Sz8ylK#8ZleOn<^U}nkX8<9PuE9M$IO^#)g)g=IC|YN3}!|V;&nhuxe;s
zm)2i6FjsHea@%a%g7Ch`y2y#har=JzN&6890y+R4J?}ps5<r_5Pdx*F_w+Ul_EtAn
zcSQC@Hbl1Cx7#<`_duJV9njwMHo1c3fp_y=vPjWH+hW@!^l|pM-?ZOfzg52(zon;%
zr{$-`r`4y0Czi~j@QzD?<fgesz9x_6o0jM%l_s{v%BIssiYCLxwMNm#j>e86n}f!v
z_bp3!K=6TnWLwxcWf4Hm6~CEF9$`MkgI^MP?3P!{s8#6Uk*l_peXNo9Yc`uhFj8j!
z(4K0glGT!D<*7W$hi8Sl!n|(fNSo|N#-fR@w)x~&d6o|%Y73&a-;MojXIu2b30!&3
z1D4IU$Pnp`lY7Jijmt`rw&{)bY_DHdK?_?=;mL4$>H{OwRy#13*5Xh@aI#ch{=jN;
z&_1ryL{Z~>(qGP_&tkVcuI+WBI6M24_SLbYfN9%DWAZ7s&I7PWTsG83yy4SWU@;+^
z5-5u!H_6=R*C=pV5?C?O|Jze;(>&T-AXM(tJnTIoTwy7plDPISm(W|7J@P(I`l-M0
zXbRfxJ?LIW;1IyXXJ7o1JK2bm3AT2nFBO;lO|U|BIALWNEpvjvjl!3UUB?j_rSvV|
zMmbMIaW<^3u*LL$#}P3+uVm%g`Mgl%-yU>$ZrYVRY|tOMvt8K{iq_Q^#XUudV%InL
z+uguif2~>jqr!PyX|@y$#u2QVZqR>xJJzLe4G2BE4(FiM>pyM}Y$#l}+?GU8C)z%o
z;bO`r-`9tO>G(AULH*!qK7%gk$e&Mb5JV_yY+n;+M*;F)npR(PKaZa*WLh}A{oHTC
zIPZRr+hzeB33N6o)cf7af4NZfTl%BorBiIyv8AG_lWzna(d(3(b%cW-<A0eg0m0zX
zc-_M#R*;F(mscc&TB%p0-_GT6PpqJ@L1)?}k;j0TErnM-Ygz@bdg`_EUiCz36}{>i
zs4^I==aZ|ieq9vJk5Pqdp=aHDU3}Y?TfX%Ms4<&stfJzB^_VZa*YXAJ$D3<mBHB<W
zVC(h^Jg~(2Y_~d<0P#3?7|P0lx(7hLDt}#;gJ)KrS%=4iQ?$Pw7<J@x&6>}TJ%)wr
zyEuK-!=+WkR@Fg};dXyGzO4|2XK370JDygy*-~JfzQ*BFJE>=2+|%l5KNB<;g>ijG
z;rij-dL7gwnPziPw_?6=P_0?xgC3=z`0d1=;ZSLO&-6IEHP!_(sD(m55ECIc`k+?b
zuKH7$)iSe=Q@B;=)?vzB8<jXbP_6es6=I9N2GB>tP-xbyL2E62sW~p9@oAoJctShV
zrhRzIpa5%D9TR?MV_Y~*{?5j<aLp9grgOLiLceW}djj=DJ21{)>vjSSP$Z#F59po?
z53WLgIl!Ao=)!>Q{%EM_xa&nwq}q<FDRA<Bea9P6iCIU-eY)t28?yZa$$A5n*#c#*
zJygb>Q+yYNLV=%m$6xgPm!9Eo%i^9y-aaY~)&n=DY6lMKT-jl5yLxaz3AVZ~>7r~3
zj!OvaO28l}T}*MXz6bOh-*yS68M=97S~7$6!_T8&HckH}R?PBjvkoR$CWZxfb5RYo
zs^ij5Yv}J(uqr6dZtgK%)UfPrgFcCt>>y|k9vabqd=IkCHd=x{!AgMKaCG)5)URwi
zJo`@JEW2|VxzIkWz|N}=*6ZF?*ZJEuz|=$Yuhx#gA1B(j^sGJJMbS1MD|e15T$6OX
zj3z!l^W6Y1>B-LyfJ@Zc%dP_GC4K9rqbY3ddABv1;(>9V7fNBedvbW?7QD2qt!f}X
zLCx-3!`r)ka(I53_rdinZ*MyVDutuvxYbG$xH02o7{emI<%%c7#aPJaScw5)2*|YD
zB_Cp?tp3_sN9Bj2;mgx(bX551cN~7)YX|R%+#Efs?18e54zKjr#_vxGMh$!_>)gvK
zZ@>f32x22I2ms9sNy^|O#lRaxlV`r$xjm5L7~?MRQ#9@cz5J!?`la`y6XpMmdmkOn
zWdC*iV16NaJgV)0!2&Kix+n%;5MCv57uMd)Km9y@2~FL6Rg3{_?-4-x9U?cn&Kk0*
zFL1=`{{g;#AbG<9)e!sWPz9l|eNh>~`#(aP-L0)-ZUb=tGx2{}F#8{X_J06S%K?%Q
z=sXoO0Io`H_eBhWAM1Y`)R1uY%qH3pL4)}$hR~Ss7vov#nlA=t;?>^ga8``}sLSZj
zS50eiwP8>#(c8d_bOr)I`J$`f^6C~{1%=nI2R0Or+c`@Bj$woF)#m?9iG4yB3mAC;
zexN!2FVkL~Q#t;WlyMa@(*O9wCH#LZ`~T*@Ixpqr{}=SXC5A#A-u%B6yd?Rd(F7*^
zU^UNFOx;y?Z%R;OHIKCkD@b5rH4jnL-cYA&On723_f^zhRR=5@5=L3f9Tl~g)NAS!
z@>t9*6}=YJW$F{cS<H<Up}CH`bqOvk=DH39ia>ROa~a$pPAz81Ugt`!pwJ!h>Ij@+
ztLg~+VN(+?b!L@t^IR>uQ1dV?1H57G>Q<Vh1Cvy$q~t%GpP65>(pYH66p0blPd-vv
z>rJa$1SN>Sgac_xL!QLy<ZTHqR0V$(wQ<yW+Y+d$Xs2ItEiO1`0~0jZ%su2%uhe-%
z67<-10J*!Xj^YJil0To>hk-{|;dionZGql@mklq{qbD?`_Hyz!>elrM9&81sawRwF
z{_>V;P-PzR*b39VjR|tOtkw)XEoH?8y|MPWv%u|LT^eU@NDxsnj+A$Zjsn^NgEa$H
zesVFOR{JoBMA`PIF(GY5c3QnVIH|ZmD!M)QS$dTGJ+=EK?v}cQETE=XvH&N=Qec6J
zcg1F1UlEZetQ7&JN&ZK}uS-Z1{xl6W+0=a6mW+e7z#<x}?vn55C`?CTl$_xZFr0>j
za#~-1_>V>KI$dU3-TGSV)n=06;)Sh0jX#R7q@e&LQ0qpsC=U&%ZBdDNeBy|pOGp2Y
z5&FtthB6?;oYwW#uMDMEc$HUpJH}Ur0F=@6%3yhA=)R)Y<3J4t>f0jH>{$8=rXdHp
zN$Rzh|A8>PiqJyMvVApc>6KRh-%?~>mr?;`e0*h$6Ta%Fw|)R0YYr7JT$|`AjJjh%
zX>F>n^N!4>ZDn8Qu@OL#t`UfNmgHYuqbU6po_5TVXTgTM1wgkd{MFYD1H}vWuL=xU
zU%~C57$~o@m9K7f&yGlI(|MJ(k%G#$Dawo*&_ivu#e8+sX{=hU@as0UiNC@cLq%m?
zMIBxj=pGP}c1$hEz_X+|En2cLU<`F#_^TtHq@Lo_B7t70;ky3`EB(iJq7h3F>h;Vn
zhLa+@tQ}>D-9n)@`KUE5B;9sonJ#74@WCVW982w#z-@n=cW(n9huXxqviK&%du^Pz
zWB{agg1cp$yUKP5C%TkRy^;HovJW#%P;VMrbjd7KPn!sPOD#7F?<xmuSJ74WL8ce*
z{9TOsFoZF*tVAQj_{X!n*i?$_rgl_+yZFOa?=6QK1^(4J*zR8pZth3cK9#WhfZ{En
z-iy-N-dHLEOmM}Z2EJR^MUJB!;xhTDHjSJs@=&XU?W~+&`NuP^cs%s}ah#Ve)=Vvn
zaEl>VncylAY`5CEibZYmm|Of=I`bN+Rcabokv22Cy976*4BnQAQYHh3DssCj`ekdg
z*IFIF2666-?(Keg<N#SK8hjM@CPc|txr#=uZ|>EJz=%&aL}1h>T_OP1k2pf{@YGmO
zBB>(aoNz+3=azI|w7U`al85~n;eMRm9`%Wk$m8cTQ-r428qyZ;1Yg&!^*)ep{D^zW
zQqxg{-bbq<_}vNF4L`m&hu%o<-?lnCYtAEQ4L{;m9KG5^@}?u6`MEngt5?lpPotSz
zA!E2lfYV_7U*bO6G8P`~R;CEWlgATwR&C*{7(K*&pRUGj<s{V_+A=B@qU4C(MRwLE
zu7_7iF08)e9166pI3XnoU@oa#BM3_6rhtJGENLPXH7N3o^f=R^e>e?hQsy`-YT(|p
zw@Y>WYQi`Sy|+WhN&98&uImC9!6SiQX_se~?}unQI+3h+k8>Xesb`B*YeOMV*6YBm
zVkI7>ozsx`QW5AjC})Tmttiv%t(6>ch91`*@SI-$<l(8usSZ4ScN;8TV?0olKTQ8E
zEVkj~`Sb?k$dT?%em+}HQNb|`YIIL5>{%6tB_gpgF^odZb)1c&9FcO3H{v|G$Y3^Z
zc@G#>P9w>22X)%~%KpsLKj1GsR3007#Bm3O+x$x8jK39>%~sw+3@=x~qUYrgQ*%%0
zNh*SDgjC*>3c$;0SUBz=xth7@dwxXp7S;-$LzmNlri~-^4IRcM;_5BHz-jB(aQZXx
z8GR^I)DUqrM~E<Y8yrHYX#JjA&Z^zinTTH%H$%&W+vp6-Wp<^_=>R93G1E!9zY&43
zD~@T&WrQf4G5B5h@~<}JRCJv$^0^S$L)q;3w#ldT3>22EaX+P7fTkc0_a3mTrvYti
z41OJ-5rLw2j8BCC_CFB)&7kPZ)wrRDm`|!^;$25^IP|53(BPwCeou#7LXAfwIAE~D
zDsIK>nN1--Xyip2cnrV1C7d~D^Us5<K<HD|6n9_Vvp!2}CbR`V<<mV&%aMM#_-STv
zJx1FOILNO;-^EpLw<-J+q4kRX`&8+85CZ!i`~goH*)o8JN?Q*1Z=mf)spIEHmYOSa
z6qUd|iBMI>R{Ws=g`9f_1|L9@NV+qY>hGT1KRx*qkHK`eHZxNHU8aBgu2STgiH<lq
z0iTgrGQ{~en5X4c=_NB!+}=$es9H*7qF;S21{}ova1WPM*M15T9{L90p<wHIhG2D@
z7K0_8NDobl6|-3b?|G&ja#(-f3r{DiYDzv~AHFLVrEWcgHx8(r;FDN;>&JD;GSNU4
z0W0PSkLC^QjpB`9jIU)y%1xg3MhV6kaNeV#{t*x*Pn{64g>05L2zX1~*ZJ{aecDA%
z1&YkFlDzbGe~iR)Mh|?vCuwsg_x0iW>EO?M_G{!_`$p(#*m{1%4dVfY`l4udyqR9`
z?uYAf{%T;hvyygwt~1Nu0^JVbxAuf>_UI2@Oan;<A*^7(kRFj<V~WixOsDx^euyOL
zH5JCg|6eiyr6*s#a{sSC|4&pVvlG$k$^9QNfIRo-cS4}KzYDNWUXd?B9~kZab@UdD
z$Rb2x;b3GF`)<{JcWBT!Q<??dwbzY(cPOr1Un)lTy~u!D<J_YfE-*y24SE#J%Lgaq
z`^skD@cEe`D*9NV<_JjWzK<hEzHPuhbD&;-ICz=zqj{Q>M?YhNMKRloHzR)u_h2Rl
zN91Jwq#lyL1x5D|lLm9~VaT#?fK}tMq_odjZ%>aptO{Sgz8qnmFHr!4!IIDJ=9dq9
zfJX#0D=W^0{XJ$Xfov`KrZu8Fy!g!lE~U5n?zhx_bMkmEiCu<NM9!C+@i+laiqxR_
z_ele`W~`k0_orV(`?>C4__I=b{^BfhTTSJR2Jn)kvHWhD*nR1EDt~O~<8m>BX)VM!
zOJnt)bLD6)R6a`+?6Cn3VJk~WS_@BJhCQz}MW6b&7GSjm#dP1=ad6XHjZNrfH;KEv
z04>qappT#Dref-2+WF-8|GnU^LPUdk%MjPjWT;JJs;gf5sP98yeDl&nK1rZ$q%WJ9
zp_oLZP=3b#%zu>Hqdkr@<~_Au&PO)p&9za^M>6JJ?>L)|YS{+dInwFAvE)SLk7x1c
zS}@^{7wAeIAs#bhb)<9o$(1Tp1FIccE}_x$V8&8|aV|DXoi%{ai@FeEE76Kg;fZM{
zQ%?yB5v{>r2(p!Rr-YHC#0h{%`N!%H*weg4mWJjm#`+C_XwU?{2T&u%BGKT4N?=e0
z$69S8;r#4<?=%3YZ4)_@3jD~B+Kl}?@NF9{?mNwU%UBmV9A|QQ8TA-cIYwt}c}Z5P
z133g|;z6mJ7~5?WXZ)rhJz0B7fdQp$0%ww@pUcuGR5!7DG?;_3C@~V-F#oW;0zS%Q
zQL4mR4!GnaF~}HD(hex*<9P+P%B)g4#CpgPt4FoUGR7zX`6wkaB9s)dDst%R;l475
zF>H?Q_hH<Wkpq1B$ahiP)S@v2`S{=BZL4ANjNTx=rG$aE>U=}s_#F{e^-Y)<@^84I
zY++TH(rmbWB*7nJ*{G^;huKW~2+eTl6L6Pr+rHE7qu;+_nIN?K3Cb2FdV}CEZp2Om
z8{}_n#6JN;4SZ)MLcZ+$!2T`*#<Yu{oqQh-jveOH+xYKP?6C1&ct&WSI=>j9jC>cU
zdXv<N@(FI%NH7J)!e85nw+g1-2qOh`_s3l)2J@TiP8jC5;oqsX(30NJSK;yhH1C9O
zgypLuZTyLEM5_g_@sr1hMGNs`r}sKC?;Ex%Y+KmXPQ+Wlf7A%|4DQ*8X&#~eCmH3N
zxBiq>xNm>z8}T8*<QQSjqh9}bqC_Kov$0MY@+OuNg%mbeoSPrkM2tBEPPU7~ku>8C
zz4%9dc;%m5lrS{@wd<sEuzTX1axjEqjEzWtJ85GuI6KW_kZZ(v8(}N_ZPo=FVVpaa
z98s4MJUaCq0nBB@CQ8ihpRlS(<llqWu|3hUz89?%dt!u%ad^TgbSkQ%82p%9NB2Zs
z{lTe<vHBB56}eQ5=k|?=ze+a3wEuWEhA+(3I+N9#$aNAc*fnvkTNoWNCM!v7yzCEQ
zIs6LQGzvM~L)pwjIUgCbQHtM}2GmO?PF@$Il!m#B2?4p86Ju6{U(mnGw&bo%oD?H0
z!X1ZROYlstT2XvKJr1|ddzyIOf8$Cih(s2FAs(FDGqF*OAqYDoEt~7T|G|}85P>W_
zO0qxiz8FRjCNo4?0$q*Tl~WL&M@DI)q?o}vC@qhmnASQ_S@PH9!9JQRogivv<YIRH
zKB+6KASRF*y_kcl>N5?aAHpg@Hu+~CXBt^QOfYX)m2ev0O)@#}WFN(qwi!h~vO;_=
z_ed4fRroN}UaV~*a-VLR<VxIca&(_y8uLoFA$MuwcproN4Z76NiA*c@X4I9)pzNG|
za#yxyOlXjN4&sF4CFQ#xGP!E|RF~}UBFV)~C$s==4B;?x$>==#iFm7z-YCM6S>m`8
zQkTr$7)lc3d4pCc-Y`niY`Nd|X}QTp#n|#vtq9U04a8qtfgSCmb0fBeu1YxMc}%qI
z3tx()h41FvS;6Rph=@_-Mo;wb<6bh{qxnS<<owx3{r%Q2G%2@oVs4-0lI0$QMRIuZ
z#tMMf3DwA%*+;yjzDNEgZZkP<MRpJWOSU5y-HQ4i-A<w-Z*(8?H@uzn68l>?qA+8k
zC~TroHKIrkqHrgoXyg>w!Vm`IV|Md$;X?ls6SAr(E&6h<S@_RA)72GPeC0xgKdw5x
zP1@L%%K2syr@HS=7PUmnMS0(lgrIjLm`VawIrHqc{DnUwJ6)?|Q^<KyNFpP<`b@T}
z&QnAzzAJUonZ&b8jv%E+D0M|};My`;gryqqrodZ-Y8y|n+t>>7!lj3fc3YV8rm*lL
zriYLA?3%jI!;X-<bP||^v&-6Y)W3D<PBIyr=Ny4|`LkTLlOj|Ps~h^OTf@|*s%{<-
z9D&n~_A()1XS1cQN51IuWjD0ts)xVmd9405&uc4G4~N<bTTN+8PY`k3?QTk?^`Rbd
zDg3zS+SGU+hM80-MA|4;3(p-%C_>s)wu*?EAiO8aq`zuw9vMPI5S`hrY-(BcmKj?p
zJhLaR>OzY%$zQ)yy*ga$ojbB(KW7y%tVNd;Xl|-mRW{E95p;(e?y@&&s9KtT%|FL%
ziQX~s(h|}5j&Fil6+BN3;kbV56DHh~Wh$-3aShAVWnfY;&jjJQM(_!5>lvzYh6qE`
zAxyq%@m#|^g!pw^SLr~wG=lxQ4y!A*;ATVodeW*+wYaX~Y`S!+c^l^up+P;S{8704
zp`ZC9x%k6f_@hyw|0P10HjW+5TZJq9%Qnf*qCDwaxmMvdduGlnJo#FMDt_E_`fRp2
zDz);hBF;g3rYw4jwu*|pp$Nh3M%<D-%eiIu<*)b|-RX87+ej{gLJ=9=)xWuQcHSsr
z|6Qe%ely-tav2F6q0$xUgbVmG+J~iY>^8#Nhw5%jIokLNiok(G$Ga`JcpF(n5W(T&
z(3Xwvx3J6P9-V}n;f}Jt9PMvCx|27@ZaJ6XJ^rkm?KBFt!y1NGc580goYmb5F2fl{
z`)rapviVZCBj5D-IU4$MwZq@^Je~i#<@FV6hr{fIJE!!eCyzMo_5il1JU_G}u7#iW
z+-w=&!h9qZ4Ut`s^~3`qiAKn7$(|8?B#7>b-t0fyx<!7ZA&&-kt87`Gz5R$S8V>G>
zKfCbc%<?zv{Cpnn`3{7v($94^>`9juXt||%R(8wtC<uZZ?{e5|I9s|Udt?P+c0})O
zdU=W%d?(z*JPW?1egrt4-vVKxJ>V^APmX6;wl2fXf?K9Xo@WFgyrXCM%=u9m8Zxo@
z)syEL<|PE^wmH*z<bt-%?K(QI^n_at0ieCTPCdDv;T*bj&v|eC5s?x)kuoTe;<Ay_
zjF6Jnk+QIm;3Z;J-!EbhN%=?ws?rK#k%cNtS>~eV$Q0x1L+c+(c}V=+7r&(O#!i!R
z$i>W&zNGyf3X%d$-f+YaNukjNVM&G>_c}@h6N&HRP$LVQ;Bll8Nk-82VQ(S(b$?G0
z`$R*B9Tb4gk(wewgiF`^r8|M0dITA@JFe<|A@*#qs|f-}e2Vl4oh_2C2?j@UitGqI
zBm_P{ctebt1|YzW>NPPz-jHIZ%?LFQK;2Mi#2!ZWFoCa*(~>Tyo5ivTbqheO&N`#v
z#WLuXF~QwXy2WbmwJ<^5kiEs#4YliaH$lV}dy6C9tNcD?UK&Ct5u$2>S)DvD3!(20
zfs^8QiV2~7ANpYv%PA#<E((i7iWys$lr{>xKNPoD9-9BaFAYsi!9tdL@07$ZO9RbO
zF?%1_D3*^y7|Okg6RT{7l^pu%efR)f1(s&0O|RP~LagL6jXicls8Fx|Cb<)Mfc9UA
zZ|?UGG~`&Ap|ZWEo5<%0o-!Zl!$M3p;ngHsX%s>=du=w+p`}P<6R>xBeRBPaX-Y$^
zH{s4>Zvm-kth!#y+^AcLX<WllgxuI$8E)*gP>W5(Nr~S$b~F;OIJ6u%^vH2E3~_YC
zakK()^ziCGzR)BNxaV^&WPPFfI*4H=TZ6lh3Xv#{Jv7s-Az8?rru2ys9yG|OTS$jU
zTF3gy+tpAkfJwzLXb@w64pMEaIui+GOjF6mGy~gm>d~aqQFQ$=rh`t~p6Xz3O8OYw
zLHT^DZ&J#1MKOK($O4Jnw4-t^fBk>c{2KU{&m)kTAr5_0A6qL=@;50%a*TE__Cj9B
z8RnacU<~S@bUt-cik^gEtfIW7Gx32$bDaIQ^WRK8@d_Hv*s?*MZ5?N_1Mv!a;X(9#
z!X_YgS;{+JB%iG*by?y*_IX<adOw-DERGQK!wjn_9*xc;wq+2DGhtcsg!U%(VUYdb
z8)9X08tMT#&ajVC<aBw1)MjYJihZ%NgQnX~|K57VMbN9n77cQl!KTV((T>N;Z+mg3
zexhQFDcP3hjBJ%Ej3?eU=ZqhDUpvUO{q-O4&MUK3d^d(~P<PwzABI<QtL!Sh%iu>&
zFf%3UAmX;<KkT~{UkMRfaP0Wt`<fJA@uV2GLG^$5cWJ(o?X+vL=4JwSS>=>WgN!w4
zk76Ji(O4ccmb=t)>W-MJZOxh=wlp2FO4}YasgL6IF~7`60#(0DFhq1S_`hce%Vh`x
zOc<gz8Gfi|<1x^dk`;WaEBf-`Ybo4J?4gufVY8}rg5XTzp^RG*cQN@Fl~Te2`K!Wv
zRh=(}3h9T?T0sb^a3$i?M%G9?3GZaki(HGb6IglT{^rT3<&|(uYgv=>Wc@8dD@LA{
zvc@r&BUXzqVMyRGmryGB#K1L_QIpNg05Dm<Ggne7vQXtJ(Vn&)3aTmCRdp%xn)V%v
z(h*zuj4>@?jlCnsQkbNwJgq*Isw2~+T9H6fm*HHbp~_V9b=uk*y)H>d)=Tw>LB$$w
zN7^o*S8X)`b4SsxuwE6EAX=BWC}UUTt_t&o5?|^#-@inE+MY20rQllCr^Ig>1TaPj
ziUoc~EJ0$73(Lh&3ofxbM8cQ+qwX}Vc1YxwAt;`izghBm`r9E|q8P2ZWr@od9Jefm
zLiJ+QFN|)n3VEz*2VW4}Qit+uifs>3+!C8*^o#6O1*Vk_3Ea|~C07bg)NV@j7^8=Z
zP>LlEVXk7lrGyK!R8>kWr(H@z7=c0qRoZFA(gbhmw!&3ahZ2u3#9x)$iWrL(O2bME
zMN}zDRG>GfihhNM#cW@MuM(}Z-<3Fg!M)0~E(EEvd|{fAq2|t3dza^wmMx!_`z<X;
zJ1x&kCmY{NS|`+AmTBtv8@^8BiI_*e&}8NT>+g5JlsyVsCRe_pHzTgZpGX5Xf7=d3
zpzoZMXA2)DpAKLy#k{eEQ^+MS3xX$mzL9yq{iPV4f3>f6Y2}S3oJ1}gU3B#g&Kp)Z
zHcN`+ugs;HH;Ub-^oh^kJ}*Y_7O_|<E{0{v=uS-?5MO@sCJ;`q&#^lYxYY9|7Y5ho
z5l&qHhHHy4kP`YEen9&hw=KaPC`_JY{mpbN!&bC%fPbmrjo+3Ajgl*vn<T&VUW{KA
z^O+<$Q2NaWZQA-b{ea~+#j%P*LBr(I0h#L?GC9Oap#vjt!nSmb9LWRWOM}-SIgC8a
ziH%EfLI0@yynV?_W5F~LiT;UdS5m(O5gCdil?nO-&wD(-G!aSqiO@?x`<^sY3S1O_
zfOij@sbH8twXf(Zm?>^p$aTOhnBFd7SWr1RcR=Eb;TPX7y;gWS;c?(|=_i;xmUnRg
z+Z+QD6V0cXj6R^h{CrRRl);)Cen9Ao{1nGpU^rQMz;~&8Po^)EJau}2(i~TjTXukX
zDSMBrFFE%Yd?0v_s;>e71tj}2_arM)KvDVug)8ccLIVd998p3SQ3e%JTn<s1F;UV6
zQ5H54yiBZ`$s)(lCm)$WHFH6BvQ*_ymW8N!eZ^e*srH{dWPToWLAQe=?UO?xX5ODm
z^WUkUPk_Z6t{CE8G>ag1$yDPJN10&au6<5wVqptBt~BDF2y>v1V~g0Y4;pFz$&8L8
zC<2=+HMN_Fi*DpgUjm2e2r+73T(wCd$Lxr!1p-%m>Yot{TOwTx46fwV{t-(^3Vej{
zRwuI=0Y}t`i3RdjFSB_@s(A$J)=(qIFtLXPd~KZepK^;?cAHeU2*lc~b2DCcgAo}E
z+^x}D_Vy7A3shjM|CUQP)o#Sy0ui_KEvNX1GF{5TABcrSimC->ZSq1t#IidD?i0UD
zOsLWO)DOE@E-9fFQS2O_m~s0_&7(N_Q*lS+>9Pd=WLS)`BY%4Dk|fYi!?BlYMi<!B
zna@d>%DsydKW4_Bocf6_e9)qTT{G1NS_udtzGvCYo}&Rs6&lgsC3gW2n*U4jE&R@4
zM$V3zDm!Aji+qvb)%VddEX8CO{&RP$nL?`Oh|MngMUq#40>{pX5A?WUR+?hH3wIHF
z*E`K#H)2^Bb=N)3WtfUk7<<>p&9Rnhu?szM{N}V{?uI2W=OC~|PBLRivLH?}7f7;%
z|1WQN9&j(`T*~@t{B;4tR<<5@DfPI!wEECivz}xrbH>Q0N_fGboNg)oxW~HMPus4Z
zVhK#viD8CV{d0i|qUug0lrdv0Th$Da(}*Vf6J^m~WxC)5@zenG7|~bZF36Wt+4L$~
z6jk+=BMT+|f712lzm@X{WoCAbnOOqWwb~@JNtr!k=6lr_+CuIyHsgX-s0-5N)GaCc
z-GbGM+LrFb|K;;RoM$ujyDH2ytIHO6AUf`3M_m<`!VBo-ge|cvz5i9PfrjRF-&a3F
zG~7vAGFQ3~s(#pFwZx-acvQD6VDTob^qiRAR6i`RU%w$4BR8X-m*WM(pwW94c?;CG
zXe7gZ)v^nw5GUvvBQDZXrMhT=%N90$Aj^EbS{~xXo2q2YR#gI#=8bIYEvzMmnDfSu
zn$#{ZLB3wUgVw(4+O6VS(1qAtWB4Su^{-mGEPUhzvlyW+AVMUsu^&?Wx<$;v)#D5A
z>r?!?lB(Di)UWX$(g44ncJsArb6bIjtY1b<3yk$?Pn{q$(P|!BmWR||rX5vR5Y74@
zc4i&bN)V6w)Tgfcs$aGw!H(Z01tNL`{HX=P@&tlR1){bDetcfX6QHdiD;lZW`@;XV
z0&Xt$sMl?`+0i;fa4zwv&ux#pkz7xug0N`tYWLnzN6%0>{Rrs4+Cy-JYZ6~JvPa@e
zAn8Njb8W=VVC9RO+LCd~YvNeevM1%sn%YBaL|&G%$FUqBc8YIe$l$Q-R@(U_z%`ap
zyUr}YWdF``RB6w`k*i62*>)_bc4yborO9jAcPvV`bHN1z+RGGsZ-8Yt$x(S(eJoYC
zugS3@gQOwDWe?DBWNP}lY;BL;kfhu1<#;5ZVh^|X$8MX~X*C0LZ`f|P-Vu}`+K{-^
zXSe6>2%|?y*n7O~-=x26&l-TbbM5HU<hKlBjS%V#bU|!FVvP&m#Bd63vN}N`?D^yD
zw5)bQ<dGrNmASpy^m+N)30iU|t+Qp5iyn?gmg25@BPyWB=n<>9#p-mRhv1Pqyj|01
zdx8QDf$Y=Yvv(9&RyrZ@NN?#`**S5#Y0_hj9^OM~lsJL8iSg+b-pz7UX|h~)fgTrk
z4IF8g6)O^a{<Q6`Iyy9Y=n-p<we2xBDpZ7(?TR>3G^yyJYYzME9yYS+3Ew2ztiNk=
z(8ImSv;lTOjx2gibA8kw*VV|koU+#Cvo^nFZD?n0c^RzZdrBLGI`lJL9KVK)pLTj|
z3!P`)v9`Xe9P`*|IbZQYhaTPHPyg6J`{aqV609Z9?LM48-N8U_#IQtDD7rCsg3o)r
z$Utu^hoiTzZq**GKxm>#6#dbAS6*-+SkYK8&`a`9=Ftp<;xLka_Sx(6Y6RaNi>Kmh
z7`RXOV(O0g@e_zZG`(TN?oQxQ4@52sZrCC`yKaT+h%xLH`WJpj+lt$f;IW&0&f3a!
z+Q+uHa)<w@0K)G`Gwi9{nL8(c^j?i$>-0G%xq}{;PkSEzrQfl%Qk;%E>@=J&-I4hM
zZzu*3&xP)cpmhk-F*hXdgdYt+6dhp9EzGlxM{yDV=<U2)$wy<6G|}$<vua;bAVIW`
zVo&9a{?79m4@eX3p+5_K)P5!f_k#E0@9>^s!9#}IQ@4t~g5WO0U9LN3k@Svk!=1|W
zxjPbH3?RPa&)V+kna7>aqn}9f_!e++2iqP4bc$|MoJZf$KYo5De#v0l48J4vMSh86
z+c7+^yyJV+eI_&POTIY0Lurqz+$_7pe3X60HSC%D2fh=0Ml~D<c1Uhzo=MhvfxYxQ
z3SZQ<p$6oTH*ddmzSX0AtDgN<$LOub`db66xA5X>syK_tLlQpX(yI8-M|wb@vV>($
zcs5-zs(zrogon5!^x+tuH*%VULr!!y?Ir&2K#&Ar{GDBuhz5-y2uU)~xZ6=&mWXN}
zg&JPiIDuV<h&lql4|xmTuS+b2@)I5%a*%&4yLQTZB2>EWFI`{QaYx`$yVR?23Xx~K
zU5$g-Kc~=+5ZJ!eHI8D}OrZxx2q6LR{%z}&%y<OIQQaoSq3blv_!)ub{^9G4jmX3B
z9>#%H>RPnr1hYssfo}f6RR(8xyhsM!GRE=iEVoGQ-4@2->-4v%x`B4x?#97bly6bQ
zyOpW5=4l}W5&^2l(N&uB^bo@C062+8N7WFl_kkZaVjQ(X2%?ZUB+3CSdQ$u-<o-b1
zGp&yw-QU$KVc{4bla^-&*Wqozmg@)9DOM#>=>^p>Yqh}I%mo}(CBfM=7#&AB63(9V
z=#YPug!$M5=Q%5@D*EG|cv@Pu<NG}=w7Lrj?n<b5IH%%!Gs+>RD&XHt0P=7<YbgtE
zhq-r{0D_+pFMoBb!Ak)lU&V6zbLex5HdM|pqWyFI<0ORO%>%Dd7(0$hpe;SocOHWN
z`AOcj=lHIvwmW=S<4ZUt8T!9P?s++G-;no&;C*yQs28Tp2&|*g0u%{sN~)3&Yz|CV
zaA#|bk4v>$U~Kq|kL$Hs5N(>Ok}$_rk;c!kvaUF$RdPTWZXDCJs>u>h?+zPOlf|FN
z4;6~ba-Nag(5Jy09yjnH55pXXfOh12i+$Z}2iz!zH&n_nKeN7P`9C+T9lQauzyN58
z@9hh4Oj2Jr2wes6|Iq4Qk|890s6_!&-NYPgXXTE{ayVnCgC_09rH*QHxU9$r(96OY
zS~FD5fHITz4Rk8mMuue^`*7ec=qBJnq9TTV8x>w6=S<A=!$%x)RF#0DZmx|cRT?~0
zwg8-s0_Y1@90OE`fQD|NoKGJJS5fgL3RG#opi%@xchf^3<lu{-x^)xg7~C>)BSm)e
z<;dT%a-)g{5afKd`YeX`9k%p4!#YX;Y>61dM8_$~vt9d!=wr1k))!nryejOaZ*EBR
zr4OuW_p-p2^4xI$c>6HHba-m|LM^I^_cCtx>~OmdQ2f1325?`l!B3x~wfn(wAQ~Dn
z2EMP|^~B#Py|=J?9~k|YYs9{L6T|w>V4rOX```DzPm%tR`<{weAtuf_K7D!nT6FMt
z@_>^4e*?M(fS#lnc+b}~_`fLs`|_EZq(=IGru|2JQ7-HmItG999zuF7*E-3^HZtds
zHfrf4dY?i>q9a-Po+B;5+)+#uMts7QE(q769I+pT{?47}AfR<9O6yBTn$4k3MzhB~
z;y$yhei%s-K;+%%wF^mA1BCc|(+!U~x>}#5!kzmFXIPpm4Y1w#(9i8Y8{Air)nCfF
zU#6q{iKxJ*-qSgz6-kycMLx)xyHaj2w06iBwNSDBw$d(GS1tJEC=BKF>r9Yjl1^rw
zRpX8nI{EBz-ot^KaO+CLJEme~jOtJ0KF2qn-N*Q2W>Yve^*dX!N<eBvy6zXNZt|Cy
z&li&ITCGBR=7rd4OH8hQPFBX5@}j%$%UQM;Ns?W|4#CzY4b!H-zqWZ_mD;(he)24}
zGT^T~7*^=8ybq5{qm!xBE_GxxvYabTs`YVeoSkHCYYl=-8^kOfNDa4PYdAH0FkDiL
zrrY)*YEv}O&gJu|HUNIb_63DuP(|i%(Tp(u5J+$2bsgV7(+pJc5Z1|wzA2m3skTgb
zuXc229SW}=0{M6l{yhw9rlcWn9C8~gM9Jnef5BF3)5L2GtFe?~%x!7W;a=D;qkO3E
zCE%Pw+*YJbjl2@udoOr5ruxgREIPe*LiS1T;?FR0Lm$31*$&Xs3o1sbU^!WP*q*ts
z@wU)5F3Lb(psHU@s#QtUh!TD1nOCRUyl<+WvN%Q=n;MG3a3VfmY3j5})G*si_UNPg
zZH0>P;p}wQcz}VPiP>1Aq{nJjb$D+wm4zZ#DKVXl^(0E2F=BhnwHdT`yKzrXtZljK
z7VX+RR4=88QwrFekn7}@dO=K1Yao4J>jxfv+8TDW^ovSGeQZ_O97D<TPMw9QZQt=a
zsNc@B7}H-tvanI7+YL+fo$F_YDi4}#J?;i3SH>ei*Z;~V2lB{m^0sRGqfexlq(wEf
zZmg_SYm+LypJI{Qw`<$|=2KU!y_MuR*+o0rE-oe>uK-Q`hQQ3vmCGOt_q$rYpKR95
zkxgIgzYR@ttsO?opV;D3qxSTMUh6*pXd!ipU)`a&C|aVhKKVX(-$;JX?pdSjRJycG
zBY%(-f2iJS|7oi&=c_iGV)`B$IKi!Qbd>+aICh3KI+tp)ZDv;_A`{|wv3vX*-uN`w
zb)0APN*7o*_1W2ILZy$K)43VrU)OEn?^z-n-^ZvPy}X*8nN_9u_4Fw9Ah<N|!L$D>
zGw1Zyet7rO#O#8H!@xhkSvRtu_q=VBdab};&j_?--LyQnT=y_j?bQ^dB_?biN#1_a
zxw-@2;#ENb+VjEcFD@P4OQy0>T7UXQym*Z!W_tkYQcVo<`I(xv1AJ;(q^%Es3{dIx
z-nDO@<Yn|MCXQMZ&Ft<o&vhi#JwckX(#%xn2v;sh=FxlVc!qVA1IzX`PG<N?3^<F|
zEGmXG!r16Pd(vm3GJ%)-NQ#0g!NzTWWI9C}BT((n`E3pV)h+BgKJ(rT27}|L2Qn0m
zQ9!_sOMh=m#nXLre~{p;xw7FnUSLHF-Z-nL(6H)-{htTiB(*sL-R2{jgnLnl^HJDE
z3<>66#Ff)ikf}=G5MR+h2C5{w*;$Wdig}>T*~qC2`4q)_)hn7Lb~KU+wX&guU*YTN
zG2IpR&ogx4Fk8~n^q@lvJ>(&I&l&1P9bI5}ubUe+M!WT7W@$5=zUb>|`_)xhmKUgk
zAd73o=@0MM{ExPU2CfaAEp7IZDtyuHSoM?d8IJpA(YfXhAyI{VpbK;^PJJhO*{jXc
znJN1<R8G=paut*L<>iUSl=TuFoue(1Pj$IVduSNd<a>(;32LW{G0W+5NArFj_8owe
zmhi{PL5}Ose<q6G%?&!#^v#S7BhYzyF<Hzcu(m_^OMT+QG#YxE@=jKT1y;Pfufh`7
z(Ein~`iUXdO@jrvS)JBO{R`}21TzOqaOoMEn9WL34daCxKW<1cgE8N+uYX<r_1EUG
z=PVU9F_~3Pqqw@om)0fvUtX)+pRFH&K5WCqXJ$>bJMJ-?qL+)A>z?C84BOV)a@mMq
zH+42AKkytH-DHaxSuV;hIyyvzeH@RYhonvYbP_x~d^is5{^l<Azb_lb^m=d@`I@4U
zGO;n5-sNOos%i4R2Uf{6xz%a9#H-#-SK@r8Vk^<*8m;W>+&RULT3w;+N~bm*K-V;m
zfSGY3A}5r>JL%3m-`4zZ_ae~8oqwg>+KSJ0qbDXs__S4zP$$QFaac!iUileeps~R(
za(0$fh?w)e<KdwYb%z^8edEZB-vHls$HQ-o1d(44Hzpg0beZ)$Ed-YO`|*bwzIzs>
z+r~4^A`Q0|ixY!fei?X4e6}@%K-S=1mfctO&~c<z4wLfp^bnOaunWn}ECtxc)@J8-
z#05&osioDCRB#&k+Qs_v)c39EGM@O%#6n>WzJsJRixNG3=a0hqzH|-Gwm%IZe+w0t
z`UOP=?fAV9*vBo?5R*O~94@K<3UNBBO>UVZ8=ZOga&_^(Ba9zav0y=G1<<!_wfp>-
z#Ob1LE4_!Q@?h(o{BbL^tu*g0JP;=8VbOP7H=+Jwq>@w8eI6y;yD>$;r^AH>-aMV)
z(({aA`b^#}{xqqouL7>H^sa5Gz0B!;GcER<;ZH`YLt2T6qr>njpT(G*Mn;9V^S?b|
z(~P;oD?@Gf%H#8k8J*Cw-+<|y;S#>8;f^4Co`A`ht%%<ScA^B^EVfEl%R3#OfVILP
zY$cm~|6#46?sP_^KGE(r_I1vae{-VV`eWg-ETKjahR*yUMdkEy+KPf=k$945)+o>V
zN5(=L@WQoo;Z2{21N=(bA~`WwcBu%nU1N@X*^tA>;AGMB>rKv<Auv;tiaF<@TVrAV
z7-0XoU&^DR#vQ1f#B7y(h_jd_TW~w^vsJ1U@u+(Dx9-ne*}%l$KhwT8`9;W2*HK&$
z%$|~X?P1~%Eu?eXwJ=)CA>1)dljOnW9s`df?i-p@ip#cA1YfTTiY%+<!@q4^pq8KY
z8Sck6o_?EAmrn!I_J9msETPZJ82$R+Qi9PbhCIY&fy=hKhOx<LUUw!NCCgS<rHq_Y
z-+QHoNMV_dh1_%hCEoWk?7l*$LqjFop$Ym8%7yTzhfF_xT2)ilmK!(AuKih~EiF3?
zUwp3!%Ak>}ihZOuU%M6jB}qFpFo;jw>eHJo!^O{pmn}THlYoW>!i<RsRnn>o!>h!r
zoh3zgjAv*O;mf0HadQ%;sqozUKjb#W4iV9w`$lU|le0gZs0|?izscI;Om}z{WoAU|
ziMCsty7J}6iC#9P(GZa0{uqffWm(Q`U6P7EA~=?W4bU+q(y}jZDBNP`__P!yI+B`6
z@B28c38}hL0J2*5ZyC}X<`fL2$DKuEg{NpMKK_{)o0=DdmaV%?QFP%99|uJv1lfO@
zpAr*+K>xm!VnytbqYIa8(n@10Yg*9OhS{9&8ySRo__$_RgeF;>s}!qGx;KNaNdB^j
zv_72R@SVOjICVU7w3rvG3>tB<QK%O<Y5=i4LyYI{05M6g#i6kRyESr+-M3_o;HDE(
zwL1H4G2eK<Kj}>Ay6>}uOB-BAF62p;$KCdj?Ba+7Zmmap<TKl3+L`uA3_7}i2aPqd
z)6<L&$QhMy@wZBYHa!$N6^JKg^`+0`^F%^eQv5*pjz*;h<fz&zaO_Sc%cxvA*}c;T
zarABhn0Y%RJYRd)N!fDdhmEa&t7*V+j1o~u%<>$R2~<^b5#*5G$ALb|R?FVaU#;d3
z!LZ&un?ZIf>|p}K?XA%$MD*bAKx?IQZ859I5;C{ewj2i%OvMEwt8P2Xhia#w{c`pN
zcO!2%T`8}n&HDlJ;~sPh;qm!YJYM<zF}@@~OBoM#;vm}NI8FGoF>#o!bx6~(p}`uD
z@AWS0)-*{U>FQr;Y2&7`q{LE+sS^YAGwZPib%x31A68VBX-Lb`o()rdV#vsc5C@L^
z+{KLb^yrlv3|qUWMZ0%Ra9e&n^qB%}O?1x_SaWxe#T@d4zG2jbqgkWyJ6eP-4i_hY
z(L2$L%WFRKf#25OIfWhA;2E}fybHP0-g!lB4oc(J2+1O8*Eg5(j9JGDl52krc;9xV
zSP<Mcr#aO=Rbi;6HjNfJsLMMzV1*ZE;?ur|(X?qbdlo5p4&pJrg8i1fD;XX65WwvQ
zo5V^^*IHdrvUa7?@J$)1{heKUJ>)1DNEHzs!HHa4BfpS#I=oLpmLB!$`8>;uPSRFV
z{?mG%`A9Na=~E9vX5;UBzpR}1%{lcev#7oM(peXe(<VGm8FNA9X`p;=WVX^%sb~Yo
z%f{XOZ)`*C3dXC~5b3}oa!eqO(Aao-^}*B6)YUdT7mKfgZpo<Lq=A|he45V;c#B$H
zra8b@T;ZZMJ8(dA%1*+12BdErLl|fcPb|v^>{W%g$V^E|-)<(C9PJp)s8}<33Y)v<
zM)vq8?HMqXbzC$3tI!-2{z%sxEj`_GUbecT{LHI9_bY!R&*XQ5cFfBC*}vJ@jZ{OF
zI(6RNw@I_C>_XgQc?zS>km=ej0HB0R9+SU?T>QEc`_`m==@|X($RhC0f^dR_x9QKj
z_K=WA2a#Z;6YefwSbv)1T@XK36^4ecN@@trZi!}hSl@e78<)2W6NuuzPuSZ+Xm=Wv
z1B+Bh>gLguc|F+qTVchQ-%K}Pdj9azDUOWBf>fuF=1(3k_@>;ki_9QMfEc?}(xmI#
zC$BF%NY{#r@3PoR?0$?Q$|E4P`B2;}q#b8wyOwQnct>q&!ToHnv?WwlS6iNA@N~|o
z`Rdj=fsE@PJiFk4rd=tJ8+K%tz}0G)6K1kzZjVp|pN_mou6?8b?%llRotb~LZo$;@
zDOeb%aNif?R%iNf6E5u9512JfZ?9-pFxf>8kP3A_|G9L}?5G>L%e_Cyl${E&DVcGi
z$AHXlkRMkawYs0Te$E`eFo}##MLW{0d0$EA>udH>M=vB}>nOkuJx~Y?xMu831!S@j
z24g3|L3<LLt>_hILxgX3qQ(lYX~X<dEV0A)*fJHqjLJ~|4o;X>1_ao7Hy^(FfZN;6
ze+BK8UZORho?NR5{N<kN6nGjVnk&D~;vkMX2<*2#Ez~zUiR5ZbZt8I>r?vOM8w8pK
zs7zWa2C>{`@?8+EQIEfL;*G-`fSKt#*tDA@Ua$&Xb{8L%pQ899Y8znalL8CIC|Y8#
zA!~NCEQu?+@&7NPz9~A;E{1k$w^K~psokk<+qP}n{ie2U+qP}nc00A(`(K}jvywcX
zbsm!J>>aQ89N>C=QO%{*mz$FP*A=Vg2A~ws{As@j!TTy$0>1w^Kk53gnMBFjc8*;Q
zKbwK&R&?|B$V(f8W+=wz^sK&dGPqGA`nGpHm}G=}xXNBtqRCrW@)?;-F!HgX;)Pp3
z-1vRo_^IjcrZ?0P>9hN|qRLfc`eEKe`Q3lsMP`bq12oFTl)>tnRWQ#mPVfUvd@V$s
z=ewy3U%!H2awmqUZe73FWVBMEr`TXURo68i2@Z9IYf9~(xe5@m>@+UD7uU%x=Y8+e
z6`1Rv)_0wl&~m0`PW6);=1jjO-#hHCp6y~ZjLN<r4#cLCQBAy<T2ddI%)MiMN*a3l
z%fw(p0GVJhtn8_6?z)fl%DK6nCD>y8b%&3jcv<DFx%C6Qm=u}KQ=1OAz^a`(#Az%Y
z$eKTy%VE~h5jU*&N=t7O0ZB0rcsNTVKOG!$Z&({6Dg>pwXONy4CAJ#w1xzP;w-739
zWbG6p7Ye74tYgy3Ch^>^_OV_(%C=qdNv7YmfuCDX)`N*_R}BTs&*~n$RKAM`R~MTj
z5Oh#c=h?d+D&&8v?U#C~M#OefReiY+pI#z(<akrpr=KR?uHBMdR<AI*@7n3$!lQ?z
zX$&OkhJxLm$H(>9oT+NCm;P}Rwh(pL55=oxuh<mGy)~A7=3>}@+niX>Uw=%o&x&Lt
z1AqSOuUrB72rsn%zx$G9{qp~uL$d#GKH;yWp8fCU&HoO*yD<hBwtX`FH(uiZQSyz{
z6frpX9fHNTM2#dcsu2HuZQ)JDG`Z=rZM~$$d!xtN-P!YXto6)LrU(0exvupS{S@$G
zoRx$@Q1?xFkaJtT#CI={`jHno+|dk|&dDEk@!TdRay}O5%bM=z6#4!bF{`ms|GifI
zq>InHqt|nIbTlk?0NJ_deavmN)j3{?Q<FYmQ?TA`+@qGm+R)?$6y^e~{(N^vwY+o0
zl}j|L=ER@s9e5QP4^bQQ-tV2`tH75dDz+jg28oU(8?#52&v<l!c6xXoN=`78m}MeH
zWoB&L#9=WTopaawlPgz+%xFQ87^8OVzmA&x_E&3q_-2+Lb8t7Dzau9s<!8}?rKu1$
zRUf$Dvo0<S+UdqaIJKra4J!3d|BCf2mdfV6*HE6<j;J<yG&cOJHGWr_=?0DyRLfH)
zcN~rNM0;q-@K^*yDmJjP+dM2Sv3@_W|7w;j*dpnw<1$5t>M*@#Pq@j)KE-@J_fph$
z|B;g1wozVyzhFyKoH<?fo9AAH?gUD~<V5v~`Q@ur%yMSx`B}@^MyYvn1M{J}Xlvjh
z`Hb#d$|?lPB2t2hn|0F8%ooshz%CD_E?LUQ-#E*3u2x~Ro$lEhV(~qx$50M@p5iS#
z$g0La@2<)N*(r~`BjS5Kdf3hyU|MV^c}M6n?unBwv<~*>E#GoyFBGc5?hZN+#$sES
zt3qnSPx4(UPMMg#Ou4^W*7H`lWYOk%>sYI`bBV&nXwm&AqjJ1cHw2`(p_?%=2s_WD
zb{ZU*oq0btOwqEmKJDi&sZuS`G?CNoDCi!@Qr9jvU1x7a$Fu`IzRfMF`FfJVeo;W}
zL|d`Ig)F3N3_WLIoRib#qw9dET`i^%;=^+f7>+2)WO?4X@lx*u*~PZpx`q3lg>lkQ
zB(~FJ_<tE==6%29F%V}q5QC!8XX)9;G@Wzx>w%iWL%{L4egvX=quY>am}b+&EG7s(
zJtsl*W@~<Gc5#|$;f(ufZwy){g$5(BU)2OD<L91(=e^Vn4(~~Cc$29KU4|^WN6hM6
ztJe)=#i;mJGI~H$Z%tVEc0P|f#R>~iQH!ZyZjqXoNmZ8`CU7ObVbivr#pjL>@6NsI
zn-_hKp!RNa!?@h&?O<&mp*hRdT32tlIVW|SSIw??YVch5=9jZue<;MCBHc2hUXy~K
zf=`pqBID(DSdP`?;>EcQFc+4SH4EpBd&@(-S-+q}q(|J$05TL6>%eVYoSYa<4LK}U
zNjKCVe6Cd|;Cf*OFRW(Ub%SllUE{eWqqWQSAhYr9qT!XPero2mt)pxDvdpXNSS!rP
z)aSb-V10cE>5p%&hxUkik?-SN(oMsOthsi#o9{)hoQUNKtp-IbTL3J+$F(%9L!}0H
z|MhhVXA`D(#a%{zV<c%xeAkZfI_FYFur8O}&A-(+U}tB8cJ^pLF4z?x^6{hGQ@3vE
z(mP-uEGvUpaYRi_b;nUE{Xb2o1{MeT8qaL6fvO`~UN`u;ny};x+qXfy3ht`O&hsZ@
zFKwfp!C~YqPsI|45F5+$7SZL0^yYFM!LmnCttV3t@zVQ%yKE7Be7o}#UwUVs?I8Yz
z!Idf{KyQNvurNx+emm|(8==`aDfboEtctJc;qr4kb?aN?OUYQUnBThia!6hn(0Z3q
z?Wr^HRoHD`9i^o$J`-ALTw$QV<VUx)JL}oL9IP!!(|^m84JgQGl1=uxbZ0i%nhHNG
z(b|c0b*0=oN;oY(c07L=)u6CMl_jC0(yibCuH(jwZLnG8NG6vnFn9iSwU|tubi7kr
z)pKpxJ#>4FoF$r?`ri9~;?v=4HS)TnJKYXgR%t|B9NgsmO6Jm|ruKF&J_#?#0gIM*
zdR$DTb{wGynJ0fIA=8nsS$i2MQhF2b+S4PZzKP;!<U8rTm!6UGEWjrtPqlMa#2w}P
z?_YE)yHe8>Uq<ERy=B@StEBfCxsIs+8!v}A375`cm8t1?6Lpx_A`!VS#xOGMihT6m
z+A`#;Ub@`>@Ogcg5uH%>=cZ|QxiWUyzHZDvcz#6vc(-7U(RjlvBdagb>F#jq?tMJ1
zzYw3NX;Ccvj`kS{xS8s9+OFyvf5A%vR#sxtUkGMiBcAT9A{OeWaJ-gWwQL>_0==39
zmygw&5W$%goI>Vj|4UtDA7yuFPiuVgxEtIix`s``AlO!>p3hBvl-169+*Zfu)FN1?
z;4W*go(?~1T7t28vMUx-WwvdF;<F#9?Ky!yX~vBY3`T-4+vBmsX>L-3X|87gQ0Y2b
zIF6f3Rbc|gihjxFyzJT4{A=9)_j;nZqYg!r=}ESo3;U}Wa$_c|;kmEiAcz$MHYVDB
z<M)mBzS(pejd$$5{@UhmO4;s=jUo*jtxL>d(wXl=9nED`p)?t!YoqFKnqkMK@>>P3
zk#6AmdfF1W=-pCJxxUicaK!{@SD9%iJdHdjj~C$7RFPwz^1v0!S$4x!^e=fg2~H-=
z*qVmPhq97=xfQeVuC1nqFSU3L1ATKSn+69zHV4NK-|hHzoICS4$xk-?5A>df(9a9c
zl8|6_Z2vj`>2_8fnwpT(ZbHK4^b|XLDE<;zZrPzz=UF~jb~Uj9GxY}`ZF%TA`|NCx
zI*H8;mw=*TwUF&DH4nCEU&)cpE8HB^Ba`;W^smnu3F3>C<(9}zCIt(Nl(5FMrw91}
z7pF>>Hqc6_Ei5+2&+9_efV*Is`WUP&+g!`pu89iJ<Eo5OS9<L;shQbR4+^o)YML5f
zmGWigTk*-JCKDCggabhBaoy9#py-4)X|=qZD8cVsgvm`-*FGGt+&>qRBnv-f?`W5~
zoTO>V^6OQB*rg;I%gH4;WrgiN^DI*JZ8Y$2%*H>ZZm`c~ZkzVx@4CBP{TUcY3-Z!q
zo)Jz6s1j0gHy(61s@vVt(BgvylwmIf%GbJpuiFprKI;bZt}Os+%WZ7bsX_zGd-R?E
z<57Y_E}Ihv-pUesl?zZ$IWK47DG2EbOXYqvu>SVN*sg%MR@=fdeBi0@8l9Mswmm-~
zl@de=fL#VxgiT-C;#tYm?U=2jShQcNzaQC#%$i}gv+lWb&zg%_K|I)iYT~@0IYo=J
z%41q{8E*tp@B)atMS?Y#P)KLOw|#GVD6J%$45z~C2d)?HaUQuhYD?!Mqs<bro(^$b
z=(^^)fX%|-xHTI5Yi5XFlUes|Eo;@KsmwXCeH*CRqUacWJc|~U*>EtXq_5W-Mw?Df
zr?pvKY(r?;+N|EnGhhLpP2f3M)x}Rw@`tDua~JvNCxBOHnO$xBRcQ<5&cND}qH=7t
z!YS#={eoDg=NCGkLEZe-SE({swejNWK!`HA<qI~uTiLiXu72WfamNC^U6s>YjLO&a
zfaVUu^#;pxrqMm8RZ59axRe{8weeHr1I*WDV!86-{#;-3d_%(quZ_#vB_c(d72ow4
zu10&`1&}1Or&e?T@<<a!wnDk;7EzVMC|(or66bWib&uzq@FB8ufnRRs;egHR@>#0R
znP)pWy7WuqYDT-8P~yOS%R%Q}t%M>+vgcUmG1a<lgL3aSmXf7tX?b{^XP$Xg7oWC`
zl+*l0FN|9n>$2PA-{LsI925oa>K7#MnB!%X6>xSlGlgsMXuXNBblwo1gXbV8n=@6}
zf%aT9dfmT16^3Oy^y|JYpn3^1i>n-G3pl^c3gw09!cm78az;79RKc=)k86T)4YKR_
zVbvtCu=tsPg!rFGQT3A3RCEPH!X!7hVA8fVvE3D{U5P6Xi-plc!aJe}tpC85mwTk*
z9581Y^!cfLAy(C`bN}JFFccj7P>;CM?(4ir!@}p}@IFz!CUtlI#$~4VMB({1pL-W1
zDf3#M)iJ4dT0UY<oo$GdZ?)_@ztC@m_|a96jr~k2n-7W@wS#rc2D}V}>?|{qn>pWA
z+W(7@s77dIk?bMpY2v(9JqjtnyXn~Y0^AdDvRi!)F4id0$Agh3dy**3u3%V}m9~BE
zzm0Ba4Y|VVKYwJT{r)y>-mqo*U#DSXa&mI9`G4M#Hm0VNlNnP|iQ;po5*~4#FUlF3
zn<7h}XNl81O%uEkzXBwKiGqx+WYwi5$<Z^O6YCc9?+Rdp2a>RaXrp)4fk;hb??0Zq
zk1RGvaWCihn|rME_W1`oGRf~*cT75azjm*B3>l-3_98k?6EQ2rKjoEw+tz(L8(qpF
zjqBLPTu+bEVUV<@#?6-NZuF-SSnwwtUkT)`E)X8DYPki-3r}xfjihkP_4|&v?0eCP
zR(utqC@j$YQ@0gmQI6%^0G5+8_L+3<C%tM>L#0n8A}?_k6?4xN1Y_#P_<LTd7&^qA
zjK5;Y;l7?Qc1@*LI!^lTR?%QrSFe~p?UoXVO5{ZUiXW1$%#S<aaborj;Wr5=y9pE?
zwtpyIHMy@)R|wTFFw<xfks~@y_)l=LD0k6v6KkNoX)`U9OorXN0jo_I*S^1h6ZSL;
z+aSOjQk@IbAsub08O(Bf*}DukPHrH9!dj5$Jf%HgF^5>xu_lvjfNH8U&K6Rke8`g#
zrF*77Af_ad4L1H=MfdpuB2A8({f8bAJ|C9lI#yX$qEedhq!tDY+Xo2_w?*Cp=0QDd
zP|<xtOrlC=2KRyp55SP%V^qg`koiEMn_{&0ov*r&Lc1SH5bNQT;@{8=O_cefgpC{(
zbb)H4)7s;ek?!wZVc*HlRz(6`GIYF}0hm6&CZ@jyCcmge6O<bB>s7uKdNp)>jC;~>
zWSyrw1l5Bn(NW9jt%aF`13m;NQAwgh(9F8~{P1!KvBtq@fkC3bsAylLtEj=LL@(qd
zpdutlP?d%5Hr(g^ZJb<LXQy*!URK=7VGrazylWW(&vso!E9sMFd|V7U1N{(KUEJ0z
z1YU`Q7XI_cNXN#6bc$Wf4Eyw(^f1P--<{rj^rWWrue0G=N|7Rthcy<fSLxzZyo%wj
z)@z%DT7NV}fweA>I7o@=IU>Z%p3!_w@2(yT(%gRaYWt@wmotgR%>hbHAvXif)-AOo
z;U7WmKMo8>`2P;W;a%pT7zJSmyq95d8NP0tV#R@*f6-tErwGs}w-GENwl-T#uGb-E
zK6v0sh2R7&EjZLfq;QC$Dl+U{AbsWGi{lz!pPTUD0=YOC{ka0>>%f}Nq_@*DV%7W%
zE8J;Cr=lj`j4!B|3(QcI-1$x!eL21J*BGom2<u%=ib?m+rPX#@0sh$vdv+AU5O9(#
zaC_ueAw3XMg}pFKAu7KzKNHB*{sZW<K?FjF<2}7^YY#hq`s!c~b!#&@i(g@WC&w{D
z9-RaZK={EcDcexbFlw>W*w~X90y8d%jkQ=~$T8;0Z$F={zl$}DMfm9wXTRI5EbQ9;
zLsjul?0)s+lg<Ur-J_wv>Ja|@joEcN_TGvuf#ndTCCDST`ujIaU$Q3roh5~(W2Y;u
z-UB*=xobH?<th6;hV}$xT&}CPHb`48JS)q&IH1KEUm(lD#J-8iYC@8zl;*1b_(VQ4
z@DMk4R;fcW#YLD|x*c|OfnmV>PeOeRcdkBjA5I=lHsMWQoj@_yp{ABMwWZdb3Atu9
zXA|J|Z<5Q%&(s7`51Y-^?4FjBKj}NJg#plsb^RGKLLQQSou^QU>e2kCtXz?o6r33q
zpggOJqCzy50G+61@2JJKz<vIwqkdHn^K@;;1)~#3lCC|EgYwWnn5r(6P_xh@P`^t0
zC&}WTFBcdNwb}k|YYJ%IMH;Ssh)SL1W@jC@&5dTTB1mdzLiU)S=$GQ@0DP(^x3vL!
zX0eiVp|;1wMrx`1!8O9?ns1KN7_svWK!wCji7S`LL};7k?vNxu!(6-imDjj;5%NeV
zYrK&Ox8X6Uq(E(C+iQe_qSox#SAy|TP1qEq`gVQtUKpoQt?=LO-qIO<yoy5CS9N8o
zYx`@x_4MG_EpgC^qU^QgZj;CGElmMVi@3)IyepRN-!F~9r$jQmCBW~#B4uwjp!!*}
zTegcP7~Fx&Pxb`se0RSJSIlI*A+~KFBGc-<XhPPr0Ww9m*U^p+fo!@~K!0ql4#aO~
zt|t$95`?f}6vrl}7_H1Sgu%wOKFz;-fhX;xZp23M1=19(z+7oXDU?vbn0IjZcGPYk
zPavbYmG`eI&P&W^SvDM`$MvT<kTZkMZTHW)H=(W0-TXANNz0XEd6Q8e%q_mgM_aTb
zqU_c5MFvZz@IXl`t(KOvr?R1=bY4y#E<P0F4SWXYA<3J1{DeKOWvzGW_DP@X^p+J7
ziW$4oHz&tG$G;C*pl+*GLut2kaawVDgjoLkKsZ6>fb;I?ZTXnOc=qHEK(f>48Kq58
zFv8x*2E&n_V-dvF4Y?-}SCUou>nK&z0Av(O2azB&PkC9u;|HCE^EoC?c>=_;P$+J9
z#`%SXYa-&9nm^w7xQ<P7{!5WO+vo+4w0gCiQmbPHui=2#;=HO>tzk4xfHh{46bamT
z#G@9aC}q!kh>FjFvW=w^uz^UaSXyyj6_64U-@Xxb<K1$z9)NIj&FCNXt9!=cI}<$)
zVzt`(rOn+`>@(JsB_mMn_`*8M0KX5E3r9yMft~?sRA}<gaCOgpKz8)6Z&Vn%nkRXe
zusn}oj?5{7>Se7*t*+<}nm=QB3E(o<IK;L(d?CazVYgHjeOYl!z_{79-Z1&;=-{t3
zT-8MIMb{HGX^xXrL=r}fp79v9W?Bp!#e2q<&P#f={^6uHA?M+S0TyvJo{Td@A-0_c
zLTv<mM*p*?@{BFcvPlC!Wzl_!)ij^~Na^;hAdj>LOLAgmjWKKvbUWs1xO#7r6=Npx
z-Fve?7!4Br{-9{J0)I%_YQ)qivGEy6x6LXZmS6a&9+^9_Zi2(b;+K;-sRv7rI*h1$
zMn11#M=1KE6{k{eStwlelA(8gfGK=k7aBp(PsR+owRP!(I>F3H_8n*|h7gJ<@fjbx
zTlp#QK#N3%ipTvT-#JNsGrr7B<@7o0OSJ(MKr~uGQUr6`0FsW8`L5f<73bPD{n?4q
zDY0&~Ra#iD_&D|?v_VtJZ5_x{Z`>ZEY{IZ!*JX~y&x|=(+NT=fNZI82>9-T|sgkOS
zn6W=(Y7IITiI0~=5!A<H4v$Lm<_?kEbB61!>`u@0$qPR@)obbP1st3Q{`!HU37nf_
zBLBiNAu=F60!&AE=2LkXaA*TD{rUX|A2MK?xw7$VW3}rw;7x6ZWEa#p^zhbSqe4Kh
zo&W(!>91;n*16mTx+ufqQraVP1+tNk+?qBu1(~DyGdeEE#EsSuu_fU!<TX9YjL&rf
zxwg3M46SnYqZe<*b?(v5c`F{>*<vmp4u-RlB=)ljAdw1=59GvbjFH+k!T*dP;q?UC
zVlKhYZv-Y8mdDgiNK0$O>oqSR$`xlMV2_?muA)0zmz?Wr$uL|YS<Oml+^@2CnzTT+
z#ob7wcnQhk25Wt3=!lM7P|{aJ20;L>;zEp=bh1(7^PKfB%D~N*9RHuD;|BgL#P6wP
zntpmIKv~g{LF9#I<%N{}SNeqn5L>z~Y9SIv@3wB9^g*yjLK66V`038pIBZ6zQAMGz
z$BJaNKWZk=ADs&G9>a3mE{;&;x5M%}9~#O8Ye`lCiscBcApSM(ZC0#Uh9hxz16glP
zg!(6u#C%9kT>i8FkS}CfqUE|TIlpNBVVnL5aOo>G9UvTy1;77~rzk`>zdr{))$r*D
z>AoMEEB*014ql&Sow!Qlb-;QPMIwwuetCG1bV940t~W0<_E$gNNv~u{+)wX5DJh0H
zk=*o7?3C%W-$nw~fgMhB8U5MU7w$PK_Nq2r3V~^=++sbLC%G)I^`=J0rEdfKDCNEZ
zfCA(|RxwKoBejoza9{<IE0YN36N5Stmebfg3A{llSWsX~)3>LWW%rl&<D1VtM)vtG
zvcwM<iNRj0=>jRF<n&EK!k9;cZEszBT>H1sr!}Y*X0`+HT(FI)TiZrybQ%&(D2u9P
z|2RaIt<yM((s_~qTJ<BkDzoS#xW~0V0FenrF4b5%nIvP6IYg%Y3OZ(VO3%NJjv2!e
z1M+i8F@Z}t0wzeD-rMDEqU$FC#cJ4<yBiyir+teV>h9|FA8;>zFEf+<KR?Q4{!U_L
zJL$f?Oy`wZjKW$XW^0g_*;!#9v}8HeE?~cy=!8wB-m7?V5@8c3QLeA4M9?8r0P%A>
zPtn@BQmPp&YlY>Z@a^2(B-fR#Z93meYlATh9<AMlL7b+lb>P8r`B9|;EzjL%3v-`-
z*2bXL3$oD3h6lz+SWH@F&G}7tWK^Qlje!Q+W$S!QlJ@I`5Ve7I(yn<r82aCJ%m18G
zYj$p?kDjR&=5@1dqY}n=B_(*LfsKQq5b2}*A{}XD&A9!Nx{S5CBulPHSB{3iDscjT
zFC#s`nBt8E;`d&$iu%XDMy>O9PUA9i41&v2loS;C75!N+v`jYU6~fMaKa?GcImw0F
zIJ)&doJf2+ZwON}EF?Tv<ibj%u2h00cr5Gxb)jdm$Kr)t20AP9ih_H`00kQxdKGyn
z*D2a?S8*b|ZEvh&M+Jy3FX$bGba-&``Cz#hH%(4wq<iSU)d@jFvDDK1^|F;WKKDfo
zdj38&H>c^?#M`4POl_4|v8C87w{R}E;B{0hgOj?c%uEV8I@DiYJm@!nGV*~Ik<B{6
z=bVf>s-gqc!!g}6n>N&A0NFo%5}Ds@4h9jl?Z$dGrn6mMtz6z%J(q;VJBoj-yNjex
z{%u0o+Sp{JF2`JJWQ;kv>drzUlSRw^^TbW5xNTy`9W#K$%b=53G6uS$?NId%cq*1^
z;w5u`C_4`Mf@~A}$6>wgCzk2(E`D}Xc0}_&%`BXC;MzV9Y=Oe40oOeBy!2hfqtm#V
zbj@FSDeT`*p{SYP%=?FY*NJ#GZzJJ-#b3XEVo)%C|4I8N<djvsjZ@v(UQ@5t(8SJT
z6FMFq{(u07Wzvt0<KGAWP7nz?Zf`PJps(O&QMB|bFj-(t74$Bmlc5<qdt8bDDCF6*
z(qBy#wxAfd@S1qp0DLY-cun&05kjdo4@*u??k}dkUETzqF-h4-(`&U}ChvW;l@uHm
zZ&6PgHb~ud8=w~#h{mCUx=+_gA;!MPtZE@IOYUL#lLXM3w(-nn9B!SIe;oo##W!ny
zd-1LI@eX~g*2gUTL@R2&)1|N*mkDb-TPVs|$6ku>#d>|$1We;4eF#X<D^w?#1ZAP&
zZ~Tn8cHbXmBOdz#QF(%HrvF8*fqjlVH;gW9uI$}WuRZP^tBzD-`^hg>`Z!(s+=-jS
z!0aF|f}I9>FY(;wttBkKqgq~Mxi9i~F5)$b7rHdnlq=|8skenPF_Jh~Ro>OKt-Kl*
zV@~cXF6mcX0CH^sx6VCq)%peLJLmpxU(v&Ps9$$qyAtxn$SpUUeaU^(wteJJxd%v3
z$i}1>Bt7+E;UWL5v7?56MSZ|_Ww$IFhaQguEYPV6inS$?RhpL{nV%@0a8D2G#pTxg
zlPjjXKMNT@;X8ik+k!&CEY>Nje_}azFeW1|#Rp5P0ODgivzKjkXnGj_u-QS!lam_@
z60;|PZ|oYySG?)6)Vgbib+%7@=0+<~%+`_7YH3U()LROFI#86L%z6#P`wtOR>PxNc
zGCgq<4WZ-~#<8k3`S(YlSyV#}muFFW?j6>;-7WSbT2b6sGMq>LIz+Soq^n<3(iP(J
zsYr^40Th>ec%&wc()$!BHVia`xDp6Y1aar@@?^*aM#jnFqBUS0<l3l>%G-G1F~-IM
zNA>Z~>hYGA%~5j0W&aZ9i)dP6<U>OKT8tqI{{>s_R2tjo*AzFbugoWf^W}jfLV@>I
z_RaaR@)ZZ;YSy&@e)`$wf+x9~95_y1ei3pX3A`B4H6emPhW%KiVIs`7rEB6cu?Sr@
z!diiMIG(Vx;TG}{iXPZbpCOUXg`o2v!UpF{4g?SDz`Au8DmNEFln7)0m&-2LYQzjD
z4Mn9cxV|;lx?Sfo|5u%HkxV>@Z#&@TJ#CB2R!>&Xld0n1Jx_bx1aoAvHD>f6QXUfc
z_n*+PFa>ghNOqHXHq+AOt$$Lv8_!(8&qbfee6gQpv$B#SNZ+;#<hq6dIx}gPDAt!Y
z9yvPfN$8b>GMMNLp(P_o#Bk*W8hscH>Q+7VS<Hc0qUvF>Wariv!k$C)vSvIDFCL53
zH7domv{%g^K}c$7<Gm8=#O40S^PEaG$$;f$WRi1uTjN~WvX98-g~&f~_ErNsVse_R
z?h(%Qe6?G_oiv0?{-kbP!rJ;kJ!_s+*urFf?4qL*#MNuWwQk06$}|`0j#$-amb*$*
zqezwIMbjRk+f3gN@b#XJ?FjtJr^-`hfN?5ih`-k@5-aPs2$SKlbk5cBBFL(sJ`lY*
z({cNdjT}pfoQtV<7iD~I+aCv2jmQ|IcBtEEVs<jol@x0wy8a)vQf<BAbsH6DDFeCo
z87WK$efYXQNpat;$|`%_a8zX_boocLQu~2}p6yMs&Fl611=K2MwoL%N(zkhvk7nS`
zW@y*P8^gla@$BHr+plj3#_VU}azG%M^#WKgf$0&O^?rZ4`W9oh+3EKA&)R7DmQB_E
zKc?OPjoE#3WwQT2XXlFxS^oV=Pl6i@`t*C1T>3@sdyf3_@XP}V9Q^4HzlTI8L;5yB
zRZ$4rm%%<Sd)1V2${cwl+&x7s|A@+95)1~=j{VfoFa5#l;SSAujzjB}$O;0uV@5bN
z64^;a@Cw6Kb0qA9m>E)_KvhxF^@bugKfQULJq|wp^g^~WFpl#SkeuUO_dJ{!acF!+
zXZmJgGpf1%F7<eTIMHjU!?z$+Y=|d3?mvC9;DLCAq<$AFZ{=c}8m0)zJXBj6ZbJaD
zW3gyz8ke);rqH4$k1<UcB;WZPG2BXhDAG>Ssd|b~TPua#h&2aYX)a|ys^JZTwpTZ2
zyM9uY-rei~f1p|`Etb{Vme3ATiGR#;^in=;{+3z;6$|HTIqBAcM8qswkoTZA^9-6Z
z^mM6)PD&8JWA$%U-h2F~QF){<l4%Oi%SNMT9_>{zw7T|k{-@{+ZK4z^a!7fQgRAK?
zB{A1j4GlZQ=+9^_XhifIv}|h%9xM!&QRU;&+oV$*b!@GQl(eMa0Y(u{xtr<Xr*AuU
zu~Hpk>tui32`zZN_Ut;oOSWc<L8Wo;lq9I8R4e#Pot*mShnBr%+;(uRFX9C-QOT<)
zCUxTT!gn>}K5u>;gwNKengCBX;<=~6_DRLUo+aYvj26c_L_o)niO4;Lb0(X^pr8z8
zko~Cc1IS36F!YTf_w9)e&Hp@LdUvvCFlM3lxHCudGzD#%i#YlXuarK6aMOf&aCIX%
zA?BQJ^&!eM(731u<%$Psiw+Jn5;r-6Ht7?Z8_K7Mh6>%&%La5$Vo~V(FbvOfp=I-i
z{les<ch<owO828z&K$9`W<8=?l`EptK^9kG?jnsGTSTw(icOSMx}m!^qz?gsL*9t+
z;|Te13_7<#Jn|@Hx0>o8I5!}SC;zMDTit_HZ*))0GaP~OTZbWEK?D&neX7~yenAsv
zE8TTs(AS0HqvkiFGS0-Ii(kZ?iqGAwsOE6LZGUqKMn2sHxfHM0t8PLsoFQGkK*uRX
z*b<swwdwsfGSWc^({B^~91nCwnGjuq6kD9P`LxK4@~k1Ky4pPrig{c~gY+jx)g4bG
z0Mq(ukd(lC6ST#Eo4E-r!PVF#M(=t|=XhVGlx3Vjzfeoy6kxP3L-+8}zc<@kNWB5Z
zsqo3Y$t_ADTO1s3g&cPZOFYyTTe1W(lm89>b)kg#bFuOEeyuJ(Q%+>+P>BCMhTrug
zbP$Unspl*rYINEd3g4xSYzuro-G*3B&sZjlm+r3F1{)(fL2VYc`N(=Y!^9@3t?@tV
z`Q|S6!*VJFFW)H+Edea?c^L$zf~FQsBAX&WC}$855qNMk2~lf6T0<AP>T@`4lQTr?
zllq-fq646?An+p3_03bN0-*l<2WYn-i^$VwPzOQvJXmon?6CDHE1A=pcA~FB9&&Q?
zzFG%BYa85Ac9FtWwp6OgQj-W^m(O51G-zf$o*oOu3wI+y!N?)x6qA~Bj}9|~bZk~^
zjr@(%BcWH*4Qs_5wjwCeUVFFmgB`?(>j9%$Ld-h;EpOox-NED~`UD0Bc+<VI+QALk
z=u#sFQu&3?(C>CpI6vnwOgGq;Ce^kFl#yVw*QFssb1yuJfk4N;wFopXgADUg7U5!X
zkUFoXktc2(xo&>KVU<*>;KfOPdh+!Z`y<`D?OIBHwP}6nW!Apvxyg#p09Tn96zF#n
zrkH)+l@;vAGFs<9SF!p5nJ;9cL2*q5|HwWARfwT8ab|XslKGB&xIYB_t1_dja9_xS
z+LIYfwTkylPLunE^7KC$2dVUpo7G1z-MYugjJ(gfhMz4teofUZSknFnA7E=T;&*}L
zLd(b(9(3OMhOI!J5x+;p8FF+Ev^%RN?<F_;=2*hAiX++V{gTiCLTZQ4*9U!m{{b>S
zlF>O2s3t3hmB&vXG`DWV(lSFwAWMRXL>7~d!0P)VMj~yMEVW4N7FB!L;Y>JbRBnq}
zJx{41ME!r0zj*(xL7auT&(I`h{Mp;m%q&AocM)Ji_g!phg%NFoGyhfVww_RO6SZo#
z+=}Sx%{vZ@=H+G&K-DsNLZgfrvbI%GIwO^VI7;Ff1D&KiM5pox%`wpnU*eK^ML2cy
zJz#-)yJo$n7nq!BvTR8&kYf1(@NDAKh*YtUL-?i4x>EH*@HNsmn`!ptf?7+KDEqeU
zoyxU29Eesl!st!X+v+RJ-MIb6!G=F;Ff%~e@b;P;kpqkYs>yWxIjCuw{SI-dpe9zo
zbdxh?BqtwF_2N#PT&Lm;nGh7^B7N=D9DN(d`tNwKK}-?1+?}iIr@JHY+>~vilA!?C
z949&Hg#aOZDBmC#xpYUCwGOC#E~E^+biOU5DR{{ugFPfsNhhzMhbLsV%_r1)X1FhH
z^eM{*N2X~Y{u@`Jx{->RqGkUq<Y^%kAV}9IXQSx1p_@aD=YR4!vxH0l|BqphWNK)c
zoxCE@n3OOAr+kRGFmAbkEMTizSS8hd#aM+s_J^LHZtESjMo+|^_#7by!9ko~f~gQ4
zC2r@;TF=lgYfF6U5vt-kDAbv4P%d83rG@U)EJFtPv#-EmdFZvEysDDVHrTLB=$)V?
z%wO=l741J)HhNIiRPnS8+XFAHo3tYcF=)I`n!AU<sON$OErOyp7h>G^A>He!h!!`F
z7RaZ@C{CtfBI2q43X@%1@KZ@L0hMD4hQJjYMgW#iqifd;4O3c`kInLy+(B@p|7GO}
z`bZi;%dta4sI6_r2&`X#3gDs>s7xv8(&qiXOXNiJMng7~j(N@4<v14U$%oa0eZ-1q
ztfKEBo<4}9#ZxhP6}lxi<#JVaWc?9~(K@*mb6CtiGgBxtG~<--Q;*M3u`~&&El0jK
zcK?M)Gt1LF-3WpM2|gYj^_@!bkA3g>(v$_bb0T(Cl3?Vt|C2~;{BHS0SL4mo!9fM)
zL5C1KxuWpLfbi(^2+JJuUo|lAySEOj`A~uu&?5i$29AGiI`{7%h}PAt3uHOP)*FV6
zKkPbS?tL8Fcha4vL`;gmK#)ya%$x$ej(HtK1wmhkwTa~Xbm8)v(KFEGq;OCxX3^0B
z6g1}s>-%Aujyzj>SFetne13V3EacbIS}L9cC`sX<rGqMcFY-UKFCZBk7~Bo9qq!*l
z%_|tEk@vAp;zlfU<@i%yT3BNbKO*spqxGFYhT~c*96es|j}}o4C@n3TpEO>>^37ok
zIH4%NNP9EmG#;vci0>eqyg5>}+ClFE>IgXj`VL+9=kdD{KawAa#Z$RhsRgGS`PCR!
zTM@gIRfNqaKss6UD64z6D}o{z#U;tmRGe&d6g54YCGgoTdSXaHytrI$)kc@0rfqlX
zm*NQ}<xUE$2JA{_;}kA8R!zZtj0#T${+;{@2<0*E5FDcc*oR>c0_Ugy>h3@QX18r3
z7`zk^%A!17!7~c_V)(=->{zVPIiTfiqgMV}0tS4pTm@VBHC`CBJ=sxxf!TFig5IAN
zzZIx;g+zI$90G`hqiU4Gz*cb=pws;se_HbJuu%M|2)?GLpTxfol*hd@iu^9eVoZOh
zO*=v6yNwVVlre+Q^58kr(*P?6q<HyJ_Ya%Gn38B`h@~g`z;Snfae40#3V3hIHF{!X
z>SYS?wy6f)cN*CzmH4J6NGdn{mOMZ;-b@^yf*l%!e1r`EcD-Ur>qOaiP}j{M+(hVY
z9~!VzIET})!4tZR3Q%SVThT6pW9=QE=JpThq`ARo5D0rQf*fE4I$a|Gq*<pNy|6P6
zM_SB-xvaXQEFP|29&4mndz1&bB*I>J1FAcW$Q-qaPNsjE>HG{#Y@HO6S!>M@Kh&IE
zr=e%g#s~)~Cy>?20=>qh4F&L+Mtui=bO@amJdWB8Ff9;;JLq4;$ryEZ8NGB?19wc4
z0hg@pKmOR;!<w4L6+|fkyDAn#0}2YR14Oep9`1e_1_sqG!o7MX4I(QUw6XhDNpU!_
z{~-*xa?a<T%?Y{{zDy0hHJX?hK^cX}h|zn{oDvlNd#v%*Sd@@K5M$vxl<<t;Z+3sd
z`3qnT3xlgrWsqLm)nuG5vUu|zu;i*_=u2Ez5fJ1rBhd4XsZhQFb4%zjPCJQoc-agz
zf483)%b#tL4g*z9qhSo$FXw72Tu<%4v*HC)I0QnBjepN^fQyA&vXV0)v#s|cfpvjI
z=BeNtsm@@qva6Lw_!d<kkt){cdJShMJ?2(<<-?TLkxNYtVltw^bUBQux2~`Gwv>4+
zQDvjNvK3(Wzv#^YTdDgdG3}AOjcLkga55^!abtgkF-;0ZLMivg<z+@7{3x8qGwEX3
zVX*o&Cx6iSVG)84SnvH1G*$?%Qf5?Ngfm^GwUgPi8xVRIY=nBXW}-c(ve-`L*DBIX
z_;5d~=x3f88Kp+tGxi)iVcGH=bUp0I!u>SGfZ`cNw`E8})G&7HQ>2fUyOktV8k|p=
ziG)H2{uG2=i;2e5TS$8r24^nQNh=6BoM-k)|5kr+9(a%<8^K^2xcu29saZ*b{CI!P
zbhD*jz4uF(!6_y-U0QpF#gjb98Fp9BN5GunSjMRAU0H~qJ1hc|yvTqaBP3EmXFwL(
zk74fY@VlLWBvVVy^#xA}f@V|W4h+0d)gq}Fs1hGQAd-7R0FqBk-13KAvqfhi!Cw0)
z`3+~Eu{3M4pu|lrblF>cYR2k|H4zhr_Ki&O*=y?+TaURD!)ii>Wa)`dlBNwaZby^o
z%`ZMELHCCWtYO4$UXjz3{1e7<OxM|B+s3In{hqCk1Y2VBI3os|(0*En^Ct9@-f8Uv
zffTde`xhlarqx<!bdjgaRDH^`n(dQYlrWc?@|Bs|9GOQ2F9UkIYUcj%+-?je2gn~i
z*#4#cRfMtaOAssuKMd0PxaO`D^%J7y*BqY($PxOQdJ&p+4B?k;Oe^{QvFGe)v{c$w
zl4ti_g~*g{ZS_t%Hw4jiUQ+0|D3)e{pAoWtYi0<z)vLrK3yQ@mRq)|5nLR%DXHjar
z=TllfIn4_EXQk2zLqe|0*^NbeT@2`LHJ-L)p4A;7xJOlp3yWRX6421@AaX`+^rAQm
zt~lph6NNq3RSojsDGWoW)jD&pPs!T~jZ0`R%{#nIT)OZ(4CFhD(*0mNrTxZ0-#GUc
zVX-x_4)u(eqkKD0T#i-72<+iQOcLCA)(b7{83dNHpX8Hz-Onyy=-!0L<m2E~PPk{e
zOk*hjR!-+CTZ3e(lb30`PtF9jxFH1UMdtob@2MdO-^P=2xF7P%0H_}$XYWUnd|JHi
zDwwpLuBvdv=bF`2Sj5!721Ybs;UN1)c1x$}(9ZA7?;K=d1k69@71lt_Re7d7RCB4w
z#|u93s)pX&5Mr9MO`PW8j$P&ZwE=sTcS#SgQ4C2PC+;VR^AAfCSWIPM@!2c8$w_Hn
ztiObh#;DBUSXk_}f2BI#89It7jEp0Q&ObD;tSJAbVw|U~17d--(495FH~^`LZ(G7i
zkisfo?S(Ss{V0(3`;ThbqK2LF-yAaij{nm2C~jeD6he29=94|PZ)rtpA>zv#Hpx9I
zI6<%7ETwPmNGn!fuV3+LtlrySwD>`Nab!EI2`-|Mzw5WJW(HrY*1P4o*4jz9RyHqZ
z6Bv-*A$T$CJZm#?K#7h4vfdgf#zH0MQeoQsR4V#)wp^zFUMwE!`Z4F>&{;ue37Xw}
z#Y~d0f&-h@^RGLb#M&X2k0vq{q(5CG3{!87p`5W5#_BeiC*iZzDS=^8#xe4tlZ^X-
zO5h3fE*)=w`#i(mIhQyD_69z#cnPY2XVfOxNO;V4#o|)en2ZpBk)D=phNo+nWX#Yd
zctx5JK{qW5BGsMJJ;RRKm4u~l7!gdB^uD4l!Ie)Rcp2mWye;3rnHlKP2DL%|6|_OO
zxy?B1i4jTjOC*4gMKsmAFrsYCc&Fd$jmO*1iVAh30=jT<MmBQoY{bpF7-H(CFR%C|
z5XLAsG>IALjHUwC@@j2>7idFKJw5p|t)d5tpIz=2|1DA)C_C(a?xU6CN1Ae{`@x%&
zNm?lS)%r?}=)|d)sY-)7FYVvqfYavGAJDkxhU%ef^%{~3m-p6yW;r+fEzXmk2gV`A
zvQHxDZbH3;5jK_+<xKgVmqj|}(iODN{%KSDih36db0Q2pKRySZ{kKUqm44K|F0A`_
zbBBsAGRlmru-L8lFIi$9-J93U$23pD`=Wl2<#_LSO#YZt2g0J&bvIvS0HaSy{5mRJ
zLFmN-Y5vDM;E3|3Tn2ibS=w0ESC@bLpSWS63BTm9l9#f>PpU>25y}&2A|~>hj91=)
zLGey9TzF|fTv_o4;8+-dAN~)0a9F~;Hsx59J&a$6-G;Rs)!da%B}Z>AhkGNwv>b`N
z9-p|5!g{vu7DKX5W<`r!y(#`e)SE+Ev<Ih$AD?M5h^v^k?`td8^V{sd6-R1C<{AYw
zMo90tGOMXPc&uNGAws?2B1o|<Mfpn1CAQT4KmMyp;j}^tWYM=s1qD<!w67KG`V``n
z9cHk>f}nzF$!QA0RjHH3hjp6G`s)!dap#-5%Qx1wr>13dkW4gIPbXUCA{l7*Ti@?^
z_TSpm|JFy|d3d3{5<DDF;*?};x^<#<A>jESS0?>Qh?)BNXcRfZIFqWCs-xlX+}x>E
ziZ7Q34AlHoxZi-b^lcxXa^A?qNfOr<rLX8HfU;l16I{K<Tl9-F2dBvtuRE_HFupjI
zF1)vA7+Bev`Za<Ujdimxw{xqhq0Wzrwg86rP}9tL(#5^wJhFl4n4!Lgepa92zl;m&
zX=NC@*Ep0Pbv0vO`f@H1Nt+fe<!``$M7$me2qd5JC(0#_!%ZZ~<qRvG^=y*)ZR623
z>gK@0{7amu9hre`Ygvfgh=h+M6l>am*hrLl3_0E-)6+oU4OBoA6k4Cf!^2zsMKCAC
zN+PATf-XkR=RsQG0GPL|BB_-s^V%LtdKf%PS8~1<k0#f<BsRIB<#nj3=aw=C@4WW{
z4^UV+aZIe80R!A5PxF|4;Hl=NBSK5%W&&aZZ1fGE*35hG1hv5CZtB*0`$NZXZvW0q
zGUC7dM69O54CXuv{mvIKF}m?Yg+o>4W7=mXPP>o%+#JfOL-E?8Pilc{qJe_MEXGlT
zh2+Db2*QGkuU9&Q$ik_Cir{2Q647Bmyd8)L%Y^yuJ6z4mL71-kGMl6eQElL#P(Di+
z72Y3V^y1k=GCyFX=^6Y$uFHj>^y1_nDA$Cc$M0c2Hq+%A@u{O)?i%+`(4-lmTkY!d
zF{({OVVG<6AFi7PLr~a}=RqX<Xzv1}YX=A(KT%$yvA&Dbws!0EHONB=5~cS68oR0@
z0eY0hX3R80#TBrt<r*qM$7DeZ^~0Zo!Nwv)VAT7Dtp@r8A`(a3{PJmBm^wU3Ex2&M
zMc7Fp<7s|;mYlZYf6{@{j~kY{_18}k2$-1S!g|C);1@>zT>nhN(%BOd^`Y(`&JmK7
zTi@O&8ebfp%g_4VJ1NZhYBv50n4`|jFCF<AeK{xl%nD(s<ulS8``M2*dPk|%bf4v7
z*mPbPY=}&q3uj!4GyP(DEKV2{x9TPQ*?%_rtXlTOfZOMm<Jn-R`!SKk8F@(Gw`n|K
ze7ira`V%NjD;KU5Nkjde3%ys3rSXAr7)N-}QNW|CP|$9jfc^vE)?kVN+;$)%Z5<hn
zql18h<lJ`lp%R@=_gQqKTb$-f{0l>>)@^fxalU8A>z;(V0%9_lW4-HiM#KAW6F_?U
zM=>s6RSMaEV>$Z@eb_9Z--G>yh>BnuGj{Gzr_jX$l9RD1@PEs+vt{t5F?~ltdTk8X
z(lhYCpZ?m^Yv}dcbeCcPj-S6wDCytwp8Eq%TLx*y*J(WFbzzPad(aJbr(F}azOBzk
zTH4ZdoXeHlyPJnO9{APJxhC0yA~w-w&NAqF&Lo09CK&l4S;g5)F_dSbpd&}So0&G!
zwJkgQ{QstSrh{V^J*CF1CM`;_IkKjFVZeWT+il5BTP!}()xnein}TPO(^4i5f7pw7
z6u7zz%5aGIFI^EUrZhXj%*6tRI)j%#R7)VtmXXSMg^bN+KTr!b4^;!4`1of|>bAsn
zjKR4`-9=H<SFQy)C~=5BHiv^-UWYUb)_!uwex0S$r2UgYcdYvbW~~L?0FM$rMoIe5
zfX0x$7rW_S<U3|QFgUn3gk0~`2Fa3aNR0FAc}$JG7}C3F*?jdf&oyYGWk;PA=IRc#
z1_8HK`$$4cJKOvUE0jSkRHofFX}K~&>5w*T)0uKY;M=;4a;2r#3*#-%+k+d_331JW
zx(PLhmC=U*qX<%#&4*gbSZ_+yo`?rM8Y^Z7q{vH6AgW3ou<JHR%T3Jwdv!DC*|3eD
z5^;QovcQ@dsp{&bPFT*n7ur^067-DSW(B(@V6to7^dH@WrR+aONo5+IXu@x5F&#d?
zkErF1BwswAPDm*SoNSxPHSuhgo7-*}(ji=Orsirkr<ZK0EHZJ-W!{KaqOKGpZQ~y-
zE}bj5q;{v!K%{H2vC|->gZ|g(FOPXdN&!eP+N6nTuRCFQbdr9k_sZyD6Os2uFi=jd
zW~(&|+(m|>E@v(MG@sK)!|#3gc4=D&TLkY;F2&f7k@v%vw#Gxv+;Y?_`dB)&w*k+J
zqLu`vD<f9T?7@RTpMR)qR-jY93F?$VPfqd0$3ARtz%Vx?y7|eQ9Z+5MlwdHhHSYqB
zEOV3ZEZuEnf5$wtFjs$Z^zQc#R)(XfqN3skSu;i>0Ih8rF#iuXYQ0F*Y-5OMh#Iz~
z?^U&H^`PrX?FsLFo^M>JrML|K7gFLSU2I}LSe>6ipg+LG{k;>@L--+gVE5I=nY%+6
z?Dj1VxLg56Z$XrejrCaRawzo<+})vFcz60IhQdaE;b3I#;sZ#|_a0JHuS82sDiyF8
zd6G-(_!5*A{Y2(>cls4Cgk6x5u%lRGtOz`)H}`fM9;9=OQB90#GcaX5H+mb~VjQw+
zyb4)Zu2N}8p6O)W7#ikwNN8Vt4GbQq9QVn9l{plAlJGp9^UCxO{j>z5jfF-}#T7!D
zzmJhv?r1n~VgeD|{|#OHhDxyxE~vu$L-5p>Xk-`4{$>?GN<bzi;tC|tCeQy=?XxDc
zPrIuiJN65~)D%{&slgI5it$wSyy+~hP<@QEzRUWlU5nAmC|cK3FxG9d#k70+O5uP3
zNO(+&kmv^x1o{f=SBxKvc)i|Mi91y26VK_a&Jil&$NxZPbJrXkX5L&NJlV|LOtz0w
zSP534>rM)H%=hLqOR68vc*A{|31h4ub4<hl{fP{^t6%nGQ>rkZ!f9+`HIgwfE<}T&
zOpHDjS3gCpGRR<MulIK#<Mhx!8Yo3b0Q3un-5?k`Ce25KAt(B)+;s;f+(BSHedw}c
zDymXw@7jWZc~!#@!`v>E`;KG5UST?wnKKlc*RjxnCW`gT_`llFjnhM#_iJ)vr{Oxf
zDl}#Hw-+0f&fOtZ&?YLy7ZumUJIE$8#O94|pEjJ+EYtgZh+fc_e8|IKwA;uDP*6zg
zX$tMJ=#mAF?)YFMo@pBl8tY*1;24zqpY|;edz9E!5c#iMiLz{nK~#E2n2p1u;)W~P
zOL#Jv(v%uah!6yMu+b7TufRJ@Fa-k_WKdAGS(m;3U~{nRe{31yIA2cuVG=eL^%_`;
zR(HYN?j@+Vg<Y4>A~>Rr&3}ixfpWn+bkGZX*m6O^Ms|z1%yMbbB|iP+s#YVP>>%O^
z2frR8I^jpc>Wj3L7C0|)Q&jc=PIQI>JJutZ$UpG}wT3dbE-3yePr?)i0G<c!$znp{
zze$pR`7p9^uy;qAOM`NBCLdw<s@!zJIlE;spyBtvAog_88hOKPa#C70z(1-XC6hn<
zL2TDsS2zy8hA$~2EcP?L3N@l47Atsqat?9YB4)Uv4_qz`C*@2;Y*Z`<`(6y7<g`lO
zPovINbRbAiY0i;YPpdKm@R=2kBs5S=YM`f_26Q9B8aBvo{4ZmMlEAZR_y6+H9~zH3
zjBI813SKYJeP@np34FXm0C&!y8mJU7nb(m>!Ug+6kkURtT~xS)Mv?zAJi_duT~%;K
z;=37CN4gvGKQwj_-qQCu6qeWbi*pqML==pho5CU@DljZRlR^?`<Y?`Beu?}@h!<)X
zI#flF%te+WDlmO>kw0k?Vph~J8*x(8blcHX*16TM%C#~f>Y`3K!2Ux1s|$Us&}568
zQXB$=Bog=<tNH_LXgexTsH3~?+nb>>n5xGgAuSsNXoX&3jp#P^C-I<%hY*T|0yN)P
za$-)#ZL9LBa@=}!K0>Car?KgI=0LI$Xv!wg{s`yjYh^*KOVKz3*M@R)-XYKeO_WvG
zI1PkG2^zUKYRu+k09_Kki{WoJ6kBo9S@~UL<xReQsmaX$0D?e$zbq=$Fq&djNg{go
z5vKOu(QHp)!yd*oFccFaUd`0p3tA;Iq)r83JDxu7b|zRWRxqkLDXoXYzh630{9e>Z
z2toJA0`lO-Jm4z8WKl8YxQj2_@^{K7KVD|IGj3{R(=1{L4020q;AwwALr@6rh}Ud#
zuFCp}MrN4gZsqrWG|DL=hWI9JhFEN7`C$}YMWJ;*JHMZp8$~HsJR7;fblOOu-nK;$
zh@O+>?2@rDXpybH;0878d-Cv|ubL@#OWGpoZ&N6(si1+zHhFT+YY7eX)p(Ewu^VJ1
zG(782v7gFR=~vgQL<oNj4!&6$y_SV)e`scDR!_Tq#MlpeJ;CUW#``+e-KVBl!Fm9b
z79{pQp}-Y#ZUQDn_?O@sBzCa?NJW5w)Ljn-_}e=1jTO0{4I7!^-^7nj1h&G7VR;Q4
zYoU<Lkc>3ovd$SundOjzOK&x0q`ZBZgd(QgT7vR^&JI=}v(83zgImrfUN6|UzkQgr
z&(+<~@bq3d<Erw-@PQdPD&e`U=e-hlEOq!3#{`{h<W&aSTfCNGb^1&$bDo=#&TOPg
zYfyC;D3=7F2O)nDmW@bwG1u+2|5IvGeh(x1_U+sMkLXmtef#$9+qZB3ov?F%`}XbI
zw{PFRef#$9+qZAu{&xhdzkU1m?c29+-@g5KB9-&)zmiHS5YYdzYn$?){-bL<>a)cL
z2nZtiU(L~rX<F7<V(7zPW?g5x7Z093k#;|2v=f*m5+#50^NR9|sMs`+goOp*F;!rc
zDbeLbV0;P%xs!=CAM(*=gGz|WEQuY<Tf-n=g5m}o@W<I5Q7K~V&c;36I=7p-wkQ4)
zA<8Qod38b?7G2pKdUwA}r!yVl?R>c$-_^tcjxoNhV!(mj+e#xk;#1J=8ot0zBKZm(
zmos5OJkx(g-A~|wLezxW7n@T$wGn#EMbL#`H9=up9g1Nbi9Yg(Tbp)aDtfFKX}`MA
zx#Ck>V@)K~HXxB}arH5;;353}{tk*=v7<O)QO1iqMaeWM;Ub(cZXG%p1r^3v6CW7^
z!SHMJiEj0rv;`AN8OeGvT)ou@>w(eKk1VP4k^g`AKsw39w268mjWX{_w#=?NcE6TT
zesdX-it~GUJMA-Sgz|f4BWB_OA*k<oh1Hnt5~8!@iKA+HA+6Qv`h{kNw(w``U~Mro
zQ2mr}dAT!e<``mxm+&0Kfr(oA>WN|1i+ZG84#IYr2PvhN^h;^bbA>DrPlfGkEp@XF
z4K07W9nGHu$gIxp@(nkn+M72i-FL}aa;YCW@PoL>eFq=?ZJ?gP@(XS2{$yjW$_cj*
zLp;qz(DZCPy!;B5>1Mi<6LhCEU2Q2wZ1TlOl-Y`=^&-pCvyEn>&en8w-E9()C>{(w
z3yfo)?f}SlhphZ_Xh(uW*Av%C#NPb~)}((Im{7`2U;tuQ1tk7DBO(MldC^aw9>IXD
zCdsJfe*HtDPHG(~3e*%iscc(afq!Zgmv&F-ylBour(1oVRgzRy;0P!_SVQF_%<Z*O
z_5cW$d#tV&GJnm4poZIv&^9Q#RKWy=5SRlb9%@M|e7`rMb5OZqxWSxPN_9oc(b9jV
zK+3-(RwxR;2*(Wap0Ed^2cUo76DF3Uu-UG3Jt!r*oIXwi!hG8*k+x{3HL6+_>MM7z
z+dNr|k$SEHsoN`JJJD;c+QUc-Hi#3WPr?z*BOdIQx5Y~637ih9zVW$$hLj#y_Rt+J
z@qtC~aeO6@RLcGbQUYs!#uJbqB+P$au_6hc)UK(V&D9x<-ti@ceY)a%)5I*zxrn`6
zZWYZ5bs9X?=pax{(eLT6-KwITyt|+d+JeA8@1Fw(0#Xme1jGOZ!H<*V9Dt=pL~t%J
zwJo%&VV}~&VI@30;+sSNNLb`arR)Q~hDFOYPlxBzXCO$TT`Q87n9FQ=O;vxG-<U24
zhY-@s2&#%R00#jI$H1hI0=Eot%e!C>=xuP3@VK$XANUe1@QmvVhi0U*Ycn{x`~*&g
zf6g`fY!uU?vb<>KT+3n1NI))8Fux+-nGS3WSpw1k=_9=kg7iz<R$Lv4%oBFowHp2a
zm#do-k-dx#C2&~V3!P-achP^04Xkg@i$FnwAxHaV)tbNt;3^Zob86J{aGDJ=TJ;}1
za$`x?YFk<H)wdR4nf86Fm%Uw5n8kBb@da7S42<JARye>sZ1&}ub$NbBHd}xVMk!u)
zFnHYhVx_3tqv%E;pHTB~#oG_!7YsCWq%>8er-!Vj<saG5G_;#_Q^6xV@8@PL<_9x`
zPbQM{m>N&6l)%u`pK=l0)@+cRw>_<!!V#B0r3WH^ZN823d(%yOOM(9@I8-ocz%&Al
z6%urKQUsH-9a9mA3>fWRU*ybi(`|rI0K^{3D3w{i$!hfu?sRVQ4-?W$_ow<3;DyNW
z2G@8HoF;d~VqxLWUp*Fk1zjO3h$Pw`SZc_!&}r!XP@z{-IUcXzSST-BdX@^YQGk=O
zGx|t>9noBAm&je}ql4`x_=Q?-2z95>L*~|E#8Hrd_uEh=8)5Qc0tU{M{2-9XIx9S(
z9%sXHB9l>i&n?d|{BYIOQuaQ%fGOG^Mal=nZcJ?+KR8a;xqbZ&!*)W}%@9zaAe^BV
z_IM*X9NG;nbRI*XKLlUJAPn$3D+^AzvF+4<pNh|)GpI$N&pz{F9XYKZEZeQmb|T78
zZ%&e238J$Z`nh2;Zo4s0r*qSGaw$_h+|`i0N)x&69X=8U^<Gz6TeyfWYF%u1z$6a~
z1f_xT@8H=f%Y{0j)%4}<=mQYWy)R;e?OL$Q)Gbp#-A3)$As>OH#5P#?_ZbET%?(a}
z8cWyZOcy$={6z_08R*4Qe(RHZB$vH+IK9Z}uz&vGXgo^c)EiWjJ60jUZMV{K`?`0N
z$ob;ftor&u71z79%uHop`)88<Uz|nyUsDaH_&=si0ADPDx|6Oih2FTSsnBFQZ``bK
zroqM9tT)wM@ihJ8!oqIkMb0#uz9P|o-te@%xt!y@L_ZyIQ`5LyU-v?A`SsELMe$7U
zytYnoSs4P?PPN0X)sS+i1RU8-_{04P^^?XqtsLLP;sp_T{@x>ik*EY1_UQ&U@Is!b
zCl+Y8mCWk7=GwvP4AUpUC&}4CCpEs>=lK4e+fIw&YEXN<6}|<yCrp_5-7K?z-QdEw
z-f?DY&OyF9(qdg1cQ@mcU)Cn~;5U`+$~$4V(eo+WUG9`aj1-mdD_ynCUQvQGq<5pl
zq&dB2`+b@2@qycb4I)o()0p3}F24N>+v{yzE`3DMxYedH3X@K4j%^=6C|g6z3vf;9
zC)mMg1?(qxyz4aVp?E03JDh%hqG0)_P?;avpgm*B@NBK33~Bqp(vTI&0M~~5@wq}p
zMQC||d&@gr8tLqm6yrop$bP4~-4&q<&_D@wg-Q8<JVUIjSC`VA#Cfq|K(afE>m+?=
zUVbe}WN(doz`h!wDoE&z@69WnTk~`Gr|t>sy_kR1JACh14Q7+=#Q8XX4SUJt8DB&1
zHNqkY@afTXVU;av{x9!75;0V2y5g#QV7rzmfxmS*;d7l*8$51QeihdpN>AI>l}{cz
zV}Gj7*h?f#(|m+Nkg%8_<TS8~NlmSAZ`vk{GBWt7Hss4nXOCLz`(3Ue6MzCQTk0Ez
zndOeD>G+EKGnLNZ2qKVwp?1e_=G)AnwYuIi;`sOpu?8@3K4ziNF!DXP)p_{>eY$KN
zCb)8My<RYLJKxZ&Uk6ec^|3i^nM3?G*eiTJ!Gqr}BI9$Xa~)BkUk^X|&&F$JURIC9
zslp+hQW_EP9er;%?n+$1@BB7%61DP80JKQ_cQ{2IfVHzsi_dF+9Z}L<VdqW?YL$TC
znfolfs9(P(yr3tWSQl58Say>_b4dHUUNUYYlhw2AxKyb6d%}mQR{Z!xxo@yU4Ty}X
zcCD5T8r|YJh`(m?pXcx=kJH(5qnCBXte0qUWI0!}{cca%;LvyIC<iEEi0&MZ*VbeO
z`JE?mLYP?`2htROQoFhBwkkJERH9}CK}^guQsS!DFP0m~`6EDUx}&4|bG)C!H<gw+
zkcr}&qTOZ)$-Td19>W=lPh=Oj?MdQI#uZYc(ejQC6k4Wrm2=&GfGd?6YLesrc;T2v
z1c*Kvgd&YV?|O2R;z2Uer;0n#geTKLiIHS6`kqVmP`#sn4so<!4ZRHmc#RAho_;IO
z3BUi)pIlV?B+?$Hsi`|j7`LZ`1vfv@&)Lw<Qja=3(#?CQa--z?P!`?r#zh5i2JWoq
z&WF&q2ceco&|(a)bzmnWsBUZyI-m~uR+TCq)xk&Ivnie-zL)gu%_c~iV4CUQQ^Fu}
zq(u$9J}i8H+#jvJ%>5Fmpl|b^D~#!bO5GJEzW3&f94gHz`5ORvqSKX(ZyWQ+$%N}J
z6QM`#oCrPE;OTL<iCJl8y?<7zl=fbI=_dkdGu6(z7=ZD<AtAvhsDvn4FoV2zG;!9O
zmvJq}2cfhEagHFiV~=%Ajwcw7E4lC5ql{zEc}$jnC;fr1J0oQoFf4Jeh!&cqGCjxa
z&G#+~wm2&*!8khFep&a&bs<d1U$-g#XRkvkCQjS*EEr7P@UGOfUW%eHCY@}zLXhjq
zU&Ox|jQH(uy4u6!Eg!CMpOcGGT}P@N{fG4qdv3ypoS6H(Ls`7pt#pIRFDwW-%zrya
zNkX!J%8Ta5fv}QeI<rwgig8yFsDX4yNZQkkYR>_1vUqZ$9n~>yG&Oy-)<Mfs!*6==
z$J&yMGG3?~U*1ihZT?#vdUbmbW_54rsZ3`T!xCLj9FuxJUFS~6CjL<%%lIjdc!Iq2
z#vm{Oo2w!r3~&uugyP}O+WzN;uBfBu+>&H}P?wd+(^Y0?n=aN*Yk@&>ck`boPu9N8
z|AU>simjvx!vsw;Geeom%*@Qp%sysjW~MSTGc(&|W|!?UGafTDv*+*bxtLw;N~_jN
zJ1dox&uuC)Ga};+WyY7d$4Z0ydrYCm`vLV%R%TjXOWBDLg+NJ2(`d}Z>CW03MZ{Ep
zbY!KLR2Ig0G`95l{aU)jBOT0nG;V~7u0MKI2-|h3>%lcGx!j?|<P;g>k}IlvZs^po
zH(~nl*R5hsB!@G^Z~9twNR=xvUzUPEYI&d-S@8a2f!91a#I1TYGk*5XlA5aXpMe&>
zd%C%YuXB0E-6DOD(zC()wTE*<(qIyQXI+;Y+$0XjsY`;;ySo#l!}(@r1*0!8ndj~7
z-U%5~QE-xlO_P4mVv!oOG-<X(;(B7D@@o99=H%&iVBy=HEcK=hqsT(}T=LakT6G=8
z!^knh`%=9lnlv7fCk*elqRa}e-*P2F9(Qb8t$fSl6Y5Hft3}t%(=+-EomFXne-j0Z
zkOaQ96H1bPtbEXHLt%w0*VJ|K;W#DhBxhGm#Fi`g95_;$!_$xD|N7s4o>w$8r=H@-
zIOS}wBd9{BP2p*)=iU9dosO8WEN$CN_9spyN>+F=hD_%nLPCexCPdXreKsxNsDj^p
zNUM*!YyaX4CZxVAjYRV+E9NbK+oABPigui8{aa|1&r>i6l~hW&^M~FBS(7R5`E*aD
zmJ9rrxVYM;Gigwhvw!!o!JGM%aD9aq<ydS!h*Vo*$K}a>;&qRkf9gIT9u7~a@~Kx;
zy+QonI>K0KB7dQ;m{TeYx4t(-!EJv^G;D{CpFWv?DsyAb*(2-pCC4Ivh)l$P{xOYi
zl4Tfnxr=%z8M5!Z!>g%{?bw|+>yJYS>~Q-K<2mOD8(n>})*R15Wwl5EZbvO`{W8(^
zoSe*fn1hBGiy<j~97$jGy?h)#J5LCl?~xknUxFwB%50GM4g+HRUIfrY8oqkswVr+%
z7UB~cmy#2KMX-SEbxLo4B+oSiwoW&)kDASy{tQ#Mo@5rcU0meO=;}|sq~}ovth2GG
z<Px-Wzp&&I{WsSZlK51P91jT^i*e|Ad2@)rnOJH6<$V%sn>LI@zgf^ycO!R%2PgJt
zcH_Zq)~H2!Uz>(Di}PzhMPl_IhFR^v)ui4uMMH&QdRVWn?A-BxeUK{$ftIeSMWjR%
zhxl0AXuEk+o)DKFA2rk$-%nN~bqRU!;k)Vv47EdRu!8L6@IUW9FVnviUd*O&uk7;-
zxlBwp-&?Y^5jTHJ|Hu)`QSyeUV(g79@_QbDIZQ6}*JRO6Iyqyv{e9Tx8X+hy8?lgT
z?56$N)t~rZ&oFs^AOEQQoy{qqV_haN)<pXuE*`@`O(BRT-icP(FHg~Q4K0B{$>zs1
z0K3mTNKU1hw7D+zeRudUr5lJDTLc{vSVW5w*{!Un2XAW}I2?3J`X$?ocus-nwAs#A
z$E)Ji6La^DdnSXRFIrTXGGSn?KPg6?AR^R>5m;FK3ciMaNR0AeGx*in@}RZDkHh8k
zgp~ZMi+6rbQx*19p;<MgR|->Z6RM_$L)dMAtg@gaLQL|mk(lV8?T6YSGD|G>F0;V{
z{gMzs?xfI>6F_#gY5}z?Q@O|_--)q~gb63Z7Rxszq}aDKe`qcmL=B<eIqIz+U=m{Y
ziDtP26uLlvN4lR$5rUyseCVgfTcj!N4o`V09i$a&V<C{Y*7;d<?&6L3>A!>iMGz@k
zRgDWX)Fg2(l6|o>oZ<RBr~(6^S;}<XYHdro52F9zeZw|me#ILhj#&KPOt~=E|10J8
ztb(VINfQR%UK3S1xB9H>#4P_8ZUr{l>~yQSueU6J?OYZYircEHCo>bB^lZEzd>Hd?
zdz3_8`iw05LQh8F|5gZO24{s(uXCA4!q7^MUX$)_(kEUd3uW5<SzZ|HpVgXpXzG`<
zKpLWcLYoqdLZ3@fL6l34F9~=9tD&Meq)T7_J0myMe;p*y1`4b3gC+*MPssgE<!lIE
zdITGPjARDRf}HyKQp_M%h{79n-G;PoVsVnOwDbeg=x`aa`+cW){8&)3^_A&H)8Lmb
zKIO5&@WX@8%@BjiTuqByKyqiJ0|==urQ@zYk!0Ars(JvJ62OEj7xpe>B@y?9xG=kH
zRG;2%=o-8Z2p8nzi+;ESdd#ePy4F1Y<R2%0@`@2vmRME^oaOjJEl8&ymN<dt;}}_N
zGV8BobJZVI1Ey=G^W>j)l9u#b=l0jP|3zTn*|7~3jUof~YHLb0x#YzNKKNCNAty+&
zx5W7-A5|iQu1&$~Ij`0gFjB0)xEaxBlTs*;Kl+PBKfMoI2W4&cl$o5c7_F5-Z@Y+p
z{OI$gSJ(>ax3dM^<9Eq4y>N)Kib_P%h@khw26=9R6+@mLsJY^S?bg|`uqCOo-|-Be
z6ig{7&FmnYpX$*B3&?#%r~?u%Puo)>Ob=JSQ|vf2{%LdTYU=gvQL}Cvf`{w0`W)$x
zWrf${g$7x+_h6pzf$@x{mzq+zn5Zg$cSw=x+~`QP+T!!wmNQrRaBBulc<h=MP0tDx
zw*|2Dc{ym*y!5Ea<a+K#+E3*`ZuU9_eY$`qxcTse9x@~d^jpBQHZyMK9vXIPt2bQ^
zZ<1`)C~RbekftKO-_y1BO2UqUgx3<E@O(*W_`XWWMo?FwDV|VpBb^+xOL?7t7`2r)
zIQN%YFFgvj=CCcce~{Q-2|Tw_h|#RIH*%M>KYGfD-ez`Fsaew!wR6zDMWWXS$4z^H
z8Xl=f67uBBbF@7#c^?#BpR1UQ;5~04YK=+EPwV%!jcVpztFddI{C*?b$?pcsUXAKj
zqXwFvj#I`f1AHMo6Esl}iF%ZO$nNdd?x!FW4eE!j;#k0|?mv*B)~>H9RX_Egb_nvB
zwum~RGyGrqPoDeu8lIQ8XshjeXXMqO6{<du#jFFU*_*E+*#g-=qW0A~jvX?d%V>bn
z%HA(sqHKg+*bPCrD4&1uPd`W7H#1_F?(;mr482|v6zC31)s!;e&|A@eJMDl_Ge>wf
z-k)YMn=Xu%%R~vf)-c|^BRRBHjyj3PjK;3YVwf3~+WLYpqwRvFe6J762H)4)weBAm
zK!Z1968|q)18Msa!#)hLO^?y8cv2DAapZnA!$@WldC65V9njgZrI#5x&p}s%CPt?H
zKmFZ)jNhkj-!~t=tqb0NSM@>ghQ3pD?^N|ADsB@`rEYy%d#yyPc=cO^W|E+wKl%>?
ziZV7?22<NN#b?Z*!AY`-c|Bj#wRqpABTWF8FOBy>KmnrFzCcY?8aZFFU^Ak4H^N_L
z;zHuWUV(_l;HXsbLf3}j@-4@){js*erw{wQ?}}Sq5t=^~)|PmGx2SpZTp*M{6Xq9*
zJk_84r)s|M2o&@^+GQ?4_5z2$u&J-^N!ziYu2>H!v2b;JOHJ4VAlX<G=%2Pq!W{&s
z&|_Vv1PMBD`#JVk?yWbUz~M(@j>hGUHmQtPf>Q>>gu1^Yyb~-#^1K1YYs$Mf`;w<~
zOYpJ0=L@V}plx`6$ekmmggl6Xzi^QmJvo%%kaKR&g4Fp1%^zmcv%}pZ*@}x?P}*UY
zXQubQ(>?-7LD485?o-mfqjpa5McVIQiUY}QAp+h>-C>t~5AEw`v6G3Dm@g@>koioq
z*Y&-~+f?%Ji2j?}099B`$r;YD>JvM|JW2+n#^u7~D2G9RjRVgEjKuz^E8|$D=aFHH
zS3PO5C3;)5jYk4BpZCLzYNr>Z5sB8DMiB@%EVm{zQ;fYA;AMO0Szx0pIE=vrQvjOe
zjzqG(5+U(Iw4c2a!xBZ0k(U7VvAZg}zWTox@2dwbnypA<*_7l&$>)NzT5A!POnph%
zr>~b6^F{D~y=V^#Fw)SfPt45tKN)zi#H(Z~#IQC9ND=4<Z9z@O8j>DY?Fne+LXB4b
z>(Jg8PskvG>o3|ZEXHG~sSzq>bxzUuwyIQjB7jDRx>1KBGXrszrG1)ALXGj!N1Cl3
z5evetE|%^G;_95x3RxVg4;5Sj%bMVwH2Bp@;fn`<q)1&|2O4m}(6^qOEFiSp9gi(#
zUCJe~F_RfTEkbmzJJ;);(B#%GmPbDF6=`szo&yAC9H<va{bSB+*zG-b>U+K=nSPk?
z?gqz~CG0I*r`jMj#y9_HV|8Z(+GYRh5(ee7WT~J6ncKaMzF=Fbb$<%1D2!h&j4Yrw
zW{WF-K2xd7|E0EcMAL7I1uts2!F~N48DL(s^L)t2j->@VAT8;nih7}jsG!bCvkpN4
z*74mR=ZlC*=d~73<5BPT_a!*Ye1}Ln;HM&BaK?tTFCh^)V@6?I&cBO6^wJ-D$SV+#
zBtssR_p~J&XgK>^C;N#QOLSj;ic%hvs<tYBjZBF<B+Y3=uB&VSJ|SbB;;j}FfUPm)
zoD=uM+l}>bZgMb@*8^s3MHP=$<u9u#-+2U!@4l}&jrWCq?yGqEw*7;V?!zC!%f}1e
z;%4{bQKOdK*i@3|SmC+)UBSZJ?@*pqW@K9BkldWG=*6N7uHe8>6b$A}%#(5dVB4^N
zc`-smwCCiQ0MYQTZldg;&a)2jv#E2rxx;xt|5N8m3-cMIQRC~Hm@W%wa=|clVJ{LI
zFpb5*XfY*w3^VFs%Ze1H5wuR6onzS-$S}1PKVg+bqCYo-qN_S+r+<G4?i-vc>KsEr
z>cl(^+$q;d)SxIsk%Z0~wU9iB4iX1{dp3erul)d}OHLf|X=oi${asd&!#6QAs<5cd
zEtNi~4S^>X5*i3v41#}K<6m9o_+R`DjQOxbZY!0tXpzT$xboI<UryFg)JntaN1Kt0
z91GDJfn@wZd|{MiT{`_tAW{3@%uBGh|La@VRECeO-cs(E;PK|l-^XrS#nE_wGNbI#
zaj*f?b`%kkuqL-4nsBkAUu{Jgt!nF^7EAg;i&dX})pn(A-zin<vbw<-<iwWBm2K8K
zYJ?;M18XWGj&gYlw(*9ndB0gbu6m9yh*;fi@l;1kRAxS$Bt53N`({4B2#+~68%7&F
zuD9hX)wVULupAgLqBY-zYrE8cXxwN@V_aD><41CCpW2>o^(5`d+U>W_8?}7z+BO6V
zvsy{BGP@msy|KO5z+^d#EA5+Zn+VCcM>z$>jishBkwPI1s6SN1HITzPXdU)BadA0U
z*Vlr;l@-qQm5uj^udgrck`&Uo{S#WKmxE+Q`|0CyqFRW7V~5qJ_}t%rw!D<_u{YZ{
z05yNGUHSr9$QzjoIV`u!u_zT>SCj(v(0wl3^#|t8m3qpGrK(D`w-GstPtk=I|8}#<
zBgd&gMZq4<ud9>su`x=DZ`skkarrHM1lN}2tjzu&g7U7rY`Y(9t$TEsL#De~_!V0n
z=oTi7b?19rNGdSa?D<uH$0QI3_g*a;9ZuLAZH5=uz=zfT{{H-IC_YD{?`2H`ugCM^
z@@c*d-Sqv@40DV5GS1|m02wi_pwoMcjI3-xTTk{WJ*V=;3FuJ4ND5i9^!zDXZKj6G
zDO;PJ@+05fE473q(9GI7IQkehbayz{WApYVj)3>;+4;wjb>Q)TbnN%Si>bc_$L`(f
zyq5r`m2>WAf?XIfS(Ue?P?z*a_Epic3xT&io;G#J99W=6mXx@da;R0OtNWoAFm=DG
z+6M=hdtz5K0terxo)uw;px+Gi&^j>O3dSy@h}GOF{W4j$UFhc;iau#5#D=iiL<i$n
z@G!jKNLH>$d&z8nTF(IyiI`v5a%iChsNE?9uR~w%^fW_?N=BJg%_yMm$|negxKs>}
z0tPl5R)kJRLQ1<YEqYZFX)mrv-tHXfVEOXo$=0v8Oh8f(j!OPB4}fP`8#%ULeKb%7
z2L&JwO(<ZOvB7J3v;kLui%LPGgWe=_c1JtjX(r3_3x3&u1^%oi#4#5YZ~S@F3Y8)O
zBRo=lQU>Y=Ob;h1#Q>{aO0ssN?s)K1#wD3`M<^NQbNg{TC1{)iXM{uB)ATpozC!>8
zEX&<VR`ypE3L54Tk;k|=B4p**O41sYn8rkfY4};L=m|jx*|HnyARdZC%@XZL&0K{P
zAS2u!Z??&QR#b+1t{Q`aBu$U9icmxnVr46)&yLa^C}`B$fg(<Os8g0NQQRs49=Bgn
z_TTfR2tyI^7os;*Q?@%PZaSps&a;`DAFk9uNfR5+dFFP*tzWh*1(mPG5|bY*U_&s=
zEW;8}0$OCI{G!GUv*Zlod?8NNg*rd4GJ~*|rtcAdd6o5{Dvc_FA%PI?@J6YF)1pcD
z8)6ax;E2g8ehR$G!SB+e2)@uYCZ>Z1MYk7(X@R;})oOKCtBIj3!VD!`O*8aaVKZVx
zV^W94o1vbSrugK?pTnBu@dx?5K@5yeEkX$dZMR^Wai=41jj&*aE(YU;voXoL6k0(p
zoT`m~#Ew<3x7;M2h;!YhGgp|<7qCBVNIC|*qHm@Lgeg-O)8jWz1Q}K@Rd`||EU2ZK
zO>rVx@+u6l#D>i>-IhjaR3TN4n5l?|0E#vtUet3!W)ghQ0vZ@{M0AnTt4UI$BQzOI
z@FXgGdgy^Izw9RSqSl^lAyP`hqJNfX(1yr=^vwjxkPL$4T9cow1-qgb6pa+kzbxK+
zn|p^FH%8iREGT2h*AyaUy=K_uGLmF8?m-kr)T#{)NAE4e&=4tCqZzcqUdNFv_PhV}
zM8JY~1Gja${BQbBnIK<ZU!UQLb7`~^8gru9zkTT{{bN$sitg}4=HAitx+D^)Ayp55
z!HoUA{~gok2Hj{I=Q#qd8tiypKH3C9`wpu5N<GL#mTmXFu(M-Sd5YtEQW!C)#^Uvt
zgY2;F2c(r~ZRa2gjR-!)K$@MWs9{m3ABr6}O#NmCWm+5?iIxhpAp6L{FocRs)7nKL
z^4ZxT^yljGI*&2@^l|HfF`xWF>Rh6Kjx~-LN)fAech@&&z&%HWH_FRobdy2ewJfs7
z*&;Osg8|vm@ZHwdR(&n5<8vNA_6AF4dTK(<2n)spCQOKIZMq$)MY&_ZC&tsN?n#GF
zCA6s*pl+--CHNIG9(@crTK{^$;~da^eAT5`i;F^>D#LGKJ@Tp*{p=f7p`i?a!-ODK
zoXR2@zbo)<lGBb9VpeQd4*FY87&JW8BaY~JZv<W|P2558nl)hR%Mh}K?wm6X#X(&z
z+vMl;#is4nP+1t0Tmsa({7<Z-sBd?oTOfguhKwbr@{0UQw#ow2`0+6p&j%EkR5|O=
z)|Nh_uW3Itp=ZHP=k4{|A)1AMj*b_pVW<uwJz}U8ySK=!!Vh|gr)<W#yXt)7JOVo{
zls^(SPwR!6)L2K#GL8Oz&mPdw(7%ZOyN*Pui&)(w8wK68eS6w+Munep;D9wZOl)54
z1+r*LCWV-U)n~tpaTm*lfhM}qQ3V$NE4mfK0D@E3qsLf$4!(PUZ2(n&za*hoNvHi*
zCy}-c;PJ`DwJxUa4Q8SHK@gHS8YPvbll@npUqV3-dZox9(?Kk0#99XceB3nY5r6sH
zbfr!|l@@AMDy@7!&W~wfdGvQ1LtGxgSOOY-Y-eyQO(^J``lsi!U*^QLKGoy^NO(j%
z6KigHSJyA&#usOvRPQr?hr7EI3&HQ#sl4N!6Z7?TxS{&Hah)JFEx_Fa6(sBEMZeu5
zhr^KFWKt8o4lC}_fA`Y&ME&i}J8H!Ez6`L*%f|Mw9??pj4eI*>Z^)HnY4v)vq@R0W
z-;=C4K@z4C<+!6E<I@`)u>W6%t6K&Rc^YI6)e{www#RMf5f(9jeO#OGWI;hhju<Oq
z93SURwzaBUYz^W!lMlM4Rdkj6M=ySqlG>Xd$loQSchpTD94ubbPrey6KgF11UjX|I
z1#f=O#Qr@f53ib+i`TTqss9LHJ_Ad=5@<2o&w#R+$=jU?coQt5>UYXni;Ih6L_)me
zS*YnL!-QCEwwQr`-Dvx!2jG(T^&}Us36vSWu}6ixH-5mOFL=fEaLcux0dzEG=jLv&
z^FJ?oB$tgRjbiuvgTRY@+^_R8I~)Nk-IpvxBJaGCv#Q6q)Eb$Lsmg%i{(eN@$3$_w
zK%)k)4HSgu*XwZv(MLM;rK$;~10$slHO)ZSZ?Dl*X?mD{HK)lZqK{+EzPHwRW6?WQ
z$$)@w&bsZ6+YLbL;O{5In8UZ5;6Po6wXfmN=dEX=kDiz@LZ1)a=gaNl>$eAshxWev
zT%vB5z0hv7_bg2~$DPrjdU922O!367_pf)NzN0Lg#njd3Z%{s2HW|*rT#^6H#Q6XF
znwC`mmztJ;|D$yv-bdy&|3z7%|FfoLx^|42IPO@0y4&<`o9D}3zpnD~>`VasWsI#b
zOeB0{2!tanbGIei00ieSee@`{5Gh1RG@djQUMRG53@KdXc!kMWBs^5g7Qp<+$<^th
zJMeR}Su+*+xhb-r>ZX6_BiY4yx^nT=|B=43ekU@2?&N<Q1}kWc9}TX$uLQ~ocDe?U
z{*O=R+5weO@AmF9G;!&`YtO3`l%I{61`7KpjTPtLuP?M(zEhw?T~H2Be~atK)8X<J
z_8V5~Jn~`i1`wUlwiq!6opPCr57Qd5ZO2nLr#2M0cZWz9bSae?V8Eqi(8RRUT=97<
zzbQ_C*&O^1wx{#AZ%v9;AR4-Su4GG3i|f)^7-yL|tmYirBSS3ZEh_))m00hsTGfjG
zohA@>d(Re5=`S%tL%|9KR{<e$GU1l>juni^opyMy-8RhXc^O#f>mP*&?G0c!TmX(A
zCTC9`r_hXSaO&%PzXpK1UuAI>cf6JWxl`$XNi%jM<A`kl$yipa<QI>XjBK#);g`ob
zvAo_0Cm`sxh5JY#^S251xVv#7&I9fwNYeYWWS>UNSL^{T9Ras_t>CtD(+!nsQ~6bT
z&rP?LcWX;)+AXT`#(e?er?t<YH`+q)s%l)V`*DMRpJW>`6VPfPt4Zz~$9b$)$!yzy
zwN`a4jzae{xW3qCsd==1+SbqO*%OC~&<HoG6!9@fsn(FF;f8{p2DK!#o!0%Zg`9E&
z(jG|AwvI>BC<f65(FGnC4oyoe@^mzRwDk!>6x4ZMpE&()yv5HM)FRXd*$qZ9Vq3+K
zizY5rb=dXfE<1K7mXp9@NDh-<ua>`mBQ>Kirx;I{5fhfF?}gIFrba7)Ai>xPrc1=n
zrAnz@k}2d#P9Le=QG<eSz?w%nEfp{FpIU3`w(%!CH%($Kjija66gnc~Dh+y;1JfWi
zMLJCrq6u9*am1`<Z6YfIUhQGQskKj$sKbVqD6xj-QcRU2?{Fe1)v;5lQ8?azp~IB(
z{ZUm1J?MwEWV$8RcO?o&alOf-Rm@!XLVVmhQ@z&6|8u;>8Y7Lu0fBDZ%%Jf+U=CA=
zQWbg5ZA({!_S`AvAMf84kxZ+?|E8t}VC6DX5?6xUG)`5qW0lUB*WnRcJP*7AG&5Kd
z0Yqx#`^5_UY?p;8^_w~*v7ots$P_TlQuig^yB5bhqT@UAR`W`!DSk0o1&)KsVVT%P
zr+|^bbB*8?C!>=kf}W~m=9M}xM*SH)=%*Fo^8i)hPO;AZlUnV1X2*f0A?-_)3#mmw
zBGpe(U?PWAm<*CTe8MJPju(@=#<9O$E8rL|0F`^iW+n5Zv_x4BPcnml4HQ8Iw!~G)
zvtke8P+k`|b3K}qCq!w4BmwsT#rwvVr2!YjpmOl#LZjqd*>JO<d3oRrVyqR08srx{
zR5feNvJt{^;Q54JT8Zpg68G2kMW%gya?gN-6*-de9`OK9Y!cY1R7nyH3G_Ha&M}<y
z>TwXFSp+AEuqQEps8ULQ6}z==S>tj;+br>&DBsLaOf4H!tr(8L5oNGs3fHXN?#_MC
zdET!HKVFNqB}Lr$w<oe(JZjtUeYg~eN;(xCG6Y1~@BqTzYKuSNJJt;_l~DU3nN;mU
zX5Q$ju<6s@5z9K*l86OzWx_VLS@U}59xGV9f|VXg_)DztefLg(JiLTES06vBt!Uh7
z00gCMDmoCvp%PN?BE&c%u&=h$h(dYy2J_Vm`o0hVlN>!HHTwoAlN-JvttpZVs2aW{
z{1SDX{q|yeztZoXrShSfe7D%1!)5-Lv)7FYzExhLy&(AZg_g_?DWlLI!LT-{gTy7`
zGTfoA;RSp%K4=$zMw-l4LjRrK(6HYe)V?=T2`u}GDJuThibDeoiQY7{Cq{$!eN(rN
zeP!#3QX?Or!q_JKy$2xdc!`aHC!I#a`C%14jTf$?eb5X@`H%#Q4&n?`@+4)yGhyWl
zWBGg(*MWckvnP<3Z9JbqCoL5c`4(L`XC4ncp7aoqd-KJAdQ{OLrr!VS!(E24Cl3~z
z0!0m}5~vc022+VLh#QVq6F2t>MFF2M&GcOI>rR4N!$K+UaCX~|?!yHVVC<Uo-x$U?
zjUe2ZEY<u<8inUJKy&<}Zo04jYZGs0Vsdtn7#+bbswflWd_cT7kFQZZEJpABNS+1%
ze(F$@Fo~OgLOXx}H$a<Kx$OK>3-wN9M`|}JrTsJY_xHT+%fK(EiuCi5E5GQ2Wb6j3
zF{@;32Oj_bh7-!e&+Z%%YHq3{i*qrO9%Z=wZ0gw9IfrF!&kyOQ2Kh!DQdea3cBb|6
zgcXQffho6G6^^vQZP$ByLSJU6V@E`juE{82#<CoLGA;NX4Uxi>0=N9&wm$`mv%Ere
zTq3{QU{7OrI*?d5JeWARM+YRIo1a{BYh994#_mtJ%2sZuJHovu^l2xLc(FH!^U|B@
zk)S=d8*^-nOv~kc*Uw30WwZP#DGb#Pq8YT4k|@GO-!*Qs&$(CzC$%Ba+7m2{J0Uns
zPR9{{Igs3LI6EJ*L2J`u2}Z`Izp(;5x!)roeODT5aEHYymY2+jBt8Z9Ryk7+oXRf?
z*c!tM7KramBxo2^q&v?EI?w4-Y#jB#!6s7qicO-I%6a&HbAA?IyC~w^PQmw0UfCd<
zd^eDM{pG*tdJK6=l1R?26kZ;E^=_m}Q6No!!ESE6FlkDuq*v!Nar}|)-ZQ>{{F*{3
zfm4Zft0z2rp)_GdWAgD<<lwSJE3nj)<E}rAyT89F$a=1nOF)i5j!(<)v$vs$wf&-z
zM)V4;y=vyX!3OAxY7K5cZ}4nbIOBNi3mglb#AfVBeEYUucntvQqK=QT?A?EVD?Sx}
zDQ|2m`sQH2?3pPGYWQUTfvd{<MAe<h?3$DyF3h4bMUZj9o&Pzp<UPY@TK}f^(PufM
z{&x*SkX6rp(EZw`c)<kbu)()sikZ@`lu5<>&@f`Klv0C%dZpt!R&%Fs-lY6qh9dVF
z@d@m&;fSBG@%bxpmW*+;j~9s+em$LkU!--O!PfU$rsjRNaLCKVVRzQ}v402<_`USN
zhs{j6e-QtPm=yB<2`wuQj74nk)9E1PDOw5nLM&BIy`o_yxBGtxeoX($vi|eWKmY%T
zVdtNJ{`u#hfByNu6Mou%{`u#hfByOBpMU=O=bwN6`RD%?sf&O9`RAX1{`u#BpMU=E
zM1$?0|8Fwk1OfSfyYYbOfB2sp4>ZAEBS1i4{^$SwmfKsIHVHq}F~`1-pG>^Xz0EBw
zINm1&#=+Uf!`1YNwK9?d8^tPARE5!*HG-mFK#LC}h_zC%CMYKdp|NC?rC@2o@cKjH
z3WU+55E6%L4tlcX%{?fy{ifxA6rWw6d&ZD|sVQfea`FyUm3LP4{k;_Eb9u}0xe5sU
z_E7zP;s4}(r(}2ncXr{(U$6aE1Pk5ht!Z{S!t?xXD&E}re2jP&Mn8ULK`e+H@=$N)
zSX2a<eAcfeW~}A`iO-D!J0zbC(^m#z1eUHk)bj*BY*EF`JBJourat6<Pfm+qgyUD`
zgUXXpSGfh}F3W(SgwY>h9;*`(qdJJNu@$^xg2S{0G>7ldhf^%1dTv8*6kFQrK$_q<
zeyFF~2pfQh0>MP9YptOM1#9$d+dS-r!~(nX)SZFY_QGZ&X~H>?KXuBCabem6B#*y(
zsO3FusIS;u)_arIJNv?a+2}=nLzL7|9mexh06+E=Q7?VN_ylE1MZFaKnH1@5WEZ<*
z$_)pa2<JdxhMx8uI7cpYi5REw0`b!ECK%nr?Z0b(nmNqsB+EBQ2Hv3*qz8#1U?`N0
z`|Jw{@H!G<Z@A0$>`Kos%vcSxItPZ@iVR0k{o;Vjc?F4^!4uMdZQO=zm|45M6fN9%
zPVv8(HMhxYRxYst>4LiP6G}s^8Wl0B`+{9E{Ng&-aj+dJ50RzX51R#*S%<x>0V<&e
z2Izj6AbWy5fxr0Pj)(DMbpaQ|#3GU<aTxfI%KMxpedn??86V9KFFnvsUm1prg^bQI
zsM*zPBQFst2_GVV26L(6gyd<c(evMzZF8VO;NaO!DRq=|k;xW_Y3G%<a=94u#>8L~
z<h23q*IAEH<`QS9?RX?Vh|xgBYmwD4g}l}UQjtNe|0H4I=ey1PTJ{Ze<%AT3R)YPx
z(6PDJIbDYb(nV7q4TIWsL0|j|m*)nB;0FJbMA!=?UZ{kBCAZT`U%khPCk0(^HiGy}
zaoRg{)hD1`L$?`88I%d!A1m^AnLxeUuXdYe4RVm;f^JvjF&)L3QLonv$@+QE8)Z{8
z=|7->2q2)uz|aa+P8{c*xt&A#^cGgbhwgKMmZR!7%Bz4aEzhkWT<*`m@?s+HqAr4>
zk8bV7wWQ#G^zbj`pxp$Hm>@q9V_t;ZeFc5y44Vv|yPqm+*P;<zK!j|+QeEHaKq|I#
zgB7l&9F>>nKaL<I;@28fVC5bplyBU`ig{#;r59IoBg0n)ox2jJhZ9&pe?SD!FVbRy
z8wI)sQU<0V!MKpecF<O4bVcNMzk!rIdU!gcWC=ijK|)8F6HS};6X=uU;ZPNf5~SNz
zQ!*koI1f3=v`<zxKn*`?N~G}Qq<wzkHmO)mm}TS6g$4G>C|QMBLQttfu-t>F1oA+?
z3~VT`^hXc;y*|j70?7hf!V?+<(OZKXa}akrFz15Hp{ytZWj`UX*!seM^NH_|{IQVY
zhg0Z(Ohb{05zs>d%llgoCrp=(H=tM}U5{bD)@UMR$X^Hxq_V$X4K)PVTXsbT0>~61
z9vDJT*xzAt=%L_$XU7~iq%b2W6B`n8{+v08vEE5C%6sudOLQ#W&RDZ`)$5H+LZ$M8
zgNf)jK>Yy)QpQq<5#$<dk1NC+2+V#C23%@?i(mE`m41`=oZ@m<|IAB$xq0Y()iM3Z
z`xBhjHT>bugc!2rU!j6ZM~=ZN1??&tfk)SW4sUpuy9n;qe!Z^U$lxk)PozUT99)fV
ze0x@;)p8W9?3}0DGoq*T>}Tgss>X%DkQed*9_V)hQwT+nGA%}kB)-pi#?gDCu9nGv
zd!3<-!{K$4U;UfOQ8|dl|DIM5#(9*K&l#>nH_$#fl0*$R2S0>&?N#lpP1Iv*@l_i%
z^fsmrtnZhfgAN?NWG7+DXYsMpbVv-9l$26ssL|q&q#}UqQp?=EzmNYM+64m^kD?9E
zuYi|4fy{Wjkv}j6_^L{fM1>{}vcQjj>aS-aA#bO7in^V<wJa;52yth8MNg3XMJ#0q
zS;4#Vs;Y%!$XRvxHFQ}Vg{>Cs%u_=5MVv6S5}1o<So1Cmdyt<^$!Lc-gS({*218tv
z42Z%kQm|C%&VP@7bAzJb-b*aPCM5O&-tzU8c7$?-g?5C%d0AwqJ-_@Ql^FehJo3DE
zpL|-8Znf*`LB(fkG<@3mYLGtd2S%24@_mB`5<_4}g$lrfZq47WR@Bu?#NDisNpe~|
zjU3SC^@QxNNX5{%8hq-_K23|G!6RFRGm=G216(MlFAZjVIEYNO142<x3ul3%@>^pa
z`#h2vN4(|SNG-`Qe8ee6l?1haSsXMxbpW@!nO;01-1HC!0$2?A;ZN6+(M}nMI!IhQ
zqaLhCc;Y#zRQ_zFxL%S)tp|Dl`Eyj0iwxx?=C75TE=&g>7z0>6hLG_I4MY%-;ox&}
z5LhFGeg=>(iGY@ih_scbeM?PWf@~-$P~m!?PS*lYkFz-b0N-cyw!Zd%)U3)MUEBp^
zq9db5>grM7rkV9b6Wo*&hIfh&L|A`>5ufGL6tOsaS6=U1=MStrmox6BYN9RPm^IS^
zYTga5^e4ZnIeXal!M`TkFWvKdzecLQ1swr%vX|+<e=^}-=l&k8cy`i$KE?=~@YTbl
zgD&JY0ePAmn?O3k=_fLO;dH{u@-sa;MW@ulwN?NXQ(`EjLMACZH1Eb8#q$=cESaGW
z%#?W-nfHGhn#;5)SypbLV`g4C5^VI>?%3a6)O%y9W~(}?D`s<$=1K?o2D@hNJ$FiO
z1N$GD;{St<jsMU20txQ_ERdTHo<hFT8Q9ljqe+nOjyyl@Nx|=b>xI72=4H3hwtw(8
z+Lnu893Ok6ykAlE<e#duuyS!w>-JdtNU&cY8}KdoeHeRV_%#{u$`~A=vi*K?=Yf5G
zj#M*#7y!FDVJPH#(pdgtVPa(Z5-n17M6V7k-d@S{p2-C}cxA1yu6&rm^!@EBL!IR*
z%bW}ez+qy8p<WMv`~ckkiCPmo3r$J528RM&9L&P|((bSush+pWx_Nc}9Xh=8jt9J7
z9j`9)u&Vh!c#`_SUyI%lbl|#f2FJud+0PHt`t7?D$<f^MG_dlrK31<L@ACJzqZId+
zZp!}DYUk51!oh0LL`=+$Vo1|W4Gwr-{Iyr1eJLFr*49RUkyDmty>9>(;qkN5TGf~!
z_{^r?uO?(3;}v4dnBzT7{cf4evm2&r8q6mLr#?}O<B<>4s><f%zKG7}?o#T#b1T^4
z&1l`)TNE7~=h^f-a-wF~lVijN)9qje)L)9ssc;7D4QfSte^_&-?y{Or^0)v`!KVu|
zZj!&AL3%EKgyf^eUSwl>KXas-&j|@=Q-S7PS0aE4>_8zSh!+SMTq<YvNuAW@gGbS{
zZUU_#L7_KY;N>cNGXFE|OncR6;5p0Y#?YS|lr$A1>bzfL$Uu$^{_YyJUfM*h<?xQb
zcnq5i{-4;>ptp7RSc>>~zll}cu-`;>AhU#k&&+jyzx+S9Gj7;ZM4;ft1~fIOs}~vJ
z+uk@Dg8GCmstx5+O5BwClq{Y&<@suiDmyBxN%4L)AHG_69nM8WjiHw;SY^4NjwU7L
zVbb0hGv~ZP;Ze#PCt`3$)-(9!37Vh1T6CLvQ+NagRZx-xcI+|x)JCoB$T`d`E~1hX
z=3xAPTSeTA66TMlFgWc+d<Yd-qVS_I+SZrb+lQV5;dnD1Mi{4XByuvX@?0hI2`(!Z
z7a{sqqST+1qhNX%yZ>~)Uz1kRS*u#b*r`&dQX?RfW@k6%z-XaquF1LQ#CY3pxclc{
zA@{x0-^--ZN`M;b;Pm6;{p9h(LkE6w;KlQQVs-t_6dYy58fVlV>?iP;_c*sZv2813
z&;8O_Z;W5ViqE~y^HUhjV|kRN4dwA+!i%5CEjKP#9i}04*JD<58@FAXJ}Q;9#3LX_
z`^AzpsXPy*IpNq)k^*D)-wT@HRNkDH2-U*S5z<7g_cm+`c>RWKW%sj=d=6%l_~l4{
zRk3iN7bwEccJs{CX-<#t|6$Um@5SC`rfh37N%#3jQql*XvL$of`yxvxXOu_HFR5@F
zOdOV+WL)t5hw~JTf~DPBi<RR}?IeeTw9JOR$V3Sf)uaX{Fr$0k+eYj>Jy1Ax+#E#8
z@aFTyD$XVGt}0P^5-#LfQo@q&7Q(%M_W~_cB}Uov!U^iSH)8(n(NlCttCB3SO+y79
zd){++m#j<y@TBN3ciH>ibTvc-_*^_i)Lrky`&r3GlL|Igs8+S7=@$-puu><AEz8Bf
zu~yw!*m3;V%Hn#wWo&xKfz&{&5h_p@Y5kkF-1>fPP6pFtoC%pXm%vr<35F$q69R_O
z@-jkTupf~#+y_jyur=PDe{jlHTg>CicwXCL{%zZ%xQJP%zV={aph>3-SV(qmJtw2g
z5pMijWc<EAO39!V47H=<_u2)o+p%iU`3tY|=h_cVA`i7OC%0Cjr7!?O=vyirJ<%(S
z$w0PsYU*)M*xySJ;`1|<QQ{(hW#h}s)hT&3Zy##A4J?Ly_WbXke!{b?^)HZa3oFbX
zhy2}od>FKc%5|M7Rq7MP#h$M}DAI>;3C-<INXO_-zJzc-1Ouz2$t^{F8~Cw)X}CZN
z74Q>T3_@5VZRRt-`TLQFv~R^#)sN9)S@FD4tqa@%j9D#=#dB^J>7WLGp0_;Fb^X8K
zohQ@oFXk+oCOsg0ro4k`^ZgR_TnXz82WZo7!tYLkKre#)%}W+?8lJBV7jDqMgcqNm
zH|f2Do8lG7&=Fn*bp9~uFaK~Qc6UStDN_Nwm!=z!?7tL~vJv>uHTyrpk1_?uh)K_6
zqOUvd-FClCBQv$^;o7o)%8@%*`kjKMsR>B8j7r2H6uaPF*oN!l;d5VC4E4eKra2Xu
zTQ+x$WGE<7w{RGN_9~Xt#xhT2b0}{&LDIp~W|o}O8XCvg^?hLWtQcSue$P!SQ1l$?
zonc=qJj=H??^gTFQRbWMvo;v+tIXr~4i%p<MN6m@^CM-jH#^>c_4)*$zL4yT$v<>w
zrm5_XF5$#@=_mAQ8h2#Ub?U(ae?e!n;nnyA4s=}^k92K=w;{?T>VIKuICLkU3VuMj
zNxqQ9<xNz<vkYH?s$8PKd~B?H@$lyJGImBSyXK6~#BM*WyUctfa0XUAe^lmOo8-X2
zz>+}q=^Q>YXEgYKDvgtw*!JDgB!Fc`f*VEQDEMU7PR<mfcwy&`8IJcS0|AHWebS$c
zI^Nr_h@IH&XrGU{w(lb|)QigmAC4|A{0U|`6)jKalXdVi0BZP^m0jD8&(D~`v$H|m
zIRjJ=QwVUF{uexuV#HqBNJcz>sYYgE_B<E3IE^HRCEuxkl675I^xoT&=~YkeVi!>U
z?9Y%>{qHzDY6`huVhW%P<~bDrU_hV0RVd^%m^69#ge%4+kqrdlAz5PBzy5gUNKGnK
zyoEFQsI}RS5d7U?<4|h<?tOsLmK<Tn$^WoU&r7#%)LXr~KxeDdl`QH>6|>+ibvwt^
z>Wm3zRT#=*247kWe?s!F2ACc!mgD0wf+Fk-A;CA!v1jedVO94c6|>K`Q9}m^yq(#A
z?2gtVHzif7RoZSy0NqwVnQmKDrQNQBv!{$>;wL0eXA{~G{PJeXYB&BsTqBO`BdkZa
zGWHIar5l#@X_>aPhUHwN(x+oB8dE^95S9kJ2{0`RMq1lLf0=;HF42T=0{`Nm&+uZS
z#uD3R(+hquAASkssAX|$euf|9taZH7sZFZUnsv*iaYy`++St^mLO5E@nPIKK$W)2?
zvg1E+<_<UPqcR$POqzJ+1;dSZ?qQyJ7fB2E_Mzg1!;J^T2uqke==;$dFhC1gZ|hOy
z_*-karE%0)e>}bmVsLDYpDt+M%znE1UF?%}9UIAC8t>^&m)$25k>JKJ2za60%3+a0
z3^sw0>zq4gY9Pc|#}3NDnd)h{Z}{n3jVCjnIeXpi^b=3j^6u8@{8EZOd%CoJd-7O&
z#Ww^mIF~gfdp<Eq33=QM*m^XgEi-&UH-1F?`|{L|f5U*NibpWY#nE{dZuVz~v5u@2
zK-wx|)Ovw|<uZu!)PpuFu`kOV<n+^z8aHu|fgGZTR--68dvG4aBq0hym$4)816>hp
zhmDi<eZtUWX(_CD?K!*J(>=cD6n4H+mtl8UMGPO`X%99<#rA!?)b{1*S&9o4ubP4P
z^SVwee-Q>J#E>cwV|PEJNu79K+1Ktn1jq9uG3~Y2K!4f4<}d(j?kAmuM*V;mT%X!c
z9yhpqqHZD|Nx=l&rW8#D!H|hE`CXNpRti+Q#>J~H61+1fS@OHde2VYQdjQt`BstoE
zicQytF;uj;1Qbin*Mo%<G}K@oCveFP&k=FIe}BEF6|ub4?$3H>D|^{g(dG{E<3L#p
zoal)RCaTlmU)GNgcs9tb4A&pVwY6+SJ_v`g**My*c;ITR+Hf;`_<xtt;1v1M`DRes
za!5(VDCJG3&9IeO{qQEDm~j4{JZ)UTScqz2Wp=(1b&1#_9T2I<!ATR#roMGjni*(T
zf7c)dx0=hrbN*O2Dpffk^h`)s<RQNZ04*XQxNx47|J(Cuo)yOj_Wo!_E=CL!D1%#S
zO96@9bCZT&q1^#uhHz>L!C7IwFfj<#VuvlOQU`C!7wvK7L2SaMDDX7kRreke%q)jw
zURYhmVJnq@2GY(X#-c^T8sN=cd1e36e~6BYv(*ta*gT_rbt>Ftuu4jX{g+h01*%gA
z)=)Ky&8F|cY}x-Cx}%Z}vvzHH@!@153jG=XT9{&*?}cg9^YB*kAhFIz^4BpDM@*s1
z7oSdONfUroihH>`qE*pm7QUtXo?x}L^(FAgBZFYZuP@rY8X&__H#U0h8;=P5e-vJY
z!KJ2>{zb{ls{mndniKha*~8d3V>83Q;i~le!}PC9d0J4~8mm>a?L!-(kP*nf7eF2(
zpZymsWxklI()XCToaE2hKoYj$>Xbi_@5cA>0fRe3@kL3nF)0P?=lI!q{?2y?BZ1~Q
zk;%y1If7-K2T}T1>NL+(z<j+Ye}0O#cGeLm$2-v%kWnKLeYYVxv!$h^9NzS-Ev$XH
zydQb1{=enCCN-Mk`3G*Q>x=vZbGSob*bu~v-bTwt`GZQkL5H2X7>;I|tVeQ?R=TL|
z|1KugOH(BOb+^spBO)OmMS((tDsj{Dwp<y35vB@60brpkK#+QLhZ~8>e-PSO`yxA{
zI-uNMy~4lB)@Zl8tE8t0{=#vw9KoS0P{r>I#2XW)!Gx+N84iU*;k^Rw*>4QGY4%g;
zsQ2EE2!!`SM<L4M%Iq6?k~tk}jbsdx?i@wAXS=ME%}yz?#mBVN#?p~ODHt;cVS=i{
zkr8RyPC8Fhn{)stJdzjre=)cD7bvQCUMc-jGk*lZ1PjDTIZl4!%L>FJrXh<X7nbrR
zsep>p!2+Ma(=V=(efRyY7K-CUZ3GTSeUP$2V;i>!@J4f~!D3mXK=tE56o62Z>Bz_g
z$BL6U&}!eI89_P-2xHLG$3R!BM2(i}nHq(Ynnlo?^`MG)iC|3jfA;w;-fQ5Qq=EZ=
z2;K!ih3?Q;OwH;1Z!RU_1OL}ja%vSkMNhl0;r6)i8KB;Z>6Q~ydrd%Qve9O@k>^$0
zXt(h+YztA#RxJztE@5MDKRV~z*UEtfH^W_S*%;Yi^Dg7v-D4T+LE?Z+IsIa}-nb`$
z=KWJV>REaexRaGBe*_W02g~XMA~e)8Wm)YTXwQyv8r!f?Yne;#{0sKdc~EMW!!wGn
zbQ)Sk;25CF_vu!!8;^K$63@1R#1cEu1yL5>wBtR|O)2fRoP2}$nri2*@_9<oOtE%_
zD812@cn?*qs#J5NwDy>wHu?=Z`oRop(neKQ?a0h;C%G_Ve+%wA&UlMH;>x8vPg<VD
zt}BEV-ED6j3|;ClIo02SiGQ<w(lh>KAe-2U+>r&OVHf!Wxsj0PN3!<Uk}3?XT>Xu6
zOU~@gQ0O@t*7H+w1r__Lw8UC)2j0KFXo-Fv5qd%0gBcPxTt6xW+E7(D0QBYz4o2%6
zSimvNxB+Tue=JQNuC~DX%ED4R2B2vn`z3P9x^MV!-2rE*?GNfu<HJ6>j?sPrV#Fak
zdEQLQk8Ym?Rvo>CJkgX~(soO?1DOU6Un5Zf4U0wx|2mp}!uuw>F7R4Ct^kzev6f6C
zxJ3XjGZ6oNa1#Qo<pps{+6BSJjnQ}Edxn`wsU69Uf4AsIU8Q4G<It=duz+vGL*u3E
z_w#O~pqeR;QlCP6O|Ve-&rqG(e<GKelh3IuZSqeeSPOu?#Fz=~aoeEBS8w9)*FfqG
zIum1FhLje+E8LOmMlTU{+xl#lU*YUfrzMF!Rs+nDiDXDTe%J%g0~ON1D>HTI>~aH2
zCk54Ve{^QoY!^KyVEcRMAYsenAp+mlCmSY#klO%mWzu!JEFSyPDIW37AR(SeYrJWY
zuigVtRSl>>?IHJp3W5Fr?P)dnD+%)%Zpm(86pzdb^JS}k!*qrMvmTb<>EhX__aO5$
zR`o4E`et25ly)L90_DZ_d(WLXAQ6)tyFZi7e<49+G2IOkt%&-oV98-M`fwe{e5Rw&
z8^{i~KQwLIOVE5&e1b0`Z6vPu8Lra{qv5)MfZoP<Xr8{S#iHRQWcQc@Sr{&UGu0NC
z8YnZZRLhf@Ki_T*w7TRL;rbmDb%4ks=O$#vpab#iTK0`3>qxtLHnW9bt&c9pvORNI
zf6GB?#Y{p^(6%9Rh6~+flC_R%HdPGh&^5{u*0RwBI^ziwtJ15P66*`cj+}p3s9Qus
zO~!JnA{%}F51R?i9xTroAoUNmwrV-=1Ay!pY%U!Of`QAoVHZ)<x}s5LMK$-BsW}kG
z^vI~;8Z6EjHiKmOb^d1DE$z5?aye&sf7Yc9^6V8CD{B9hJ9AW#ql{Bfi2SVw%Jq)5
z`-+nRi>J=`lQq)9SBmZ4X9TSY+TKrgH5s_->e~#zWg>Z&cFgcu8bYExr2dhj*Ws@1
zKfge9CUQ@sFcQf;QQw)a)>j^AMK^fn|KSQa+%SFIkKEinpacr9&b@N(V5B7wfA%hS
z&SlUVw#!TY)>n%{;Qj{LLG=$dQ#rp=Rdcbir3<d`7Nx@P=u}t%lIa8WjdJcRN{xFW
zf>tu!9$|}?JH#~vu{MQ;u+U3Tnfd9$JkK}{nT@(^;1`JcGPjXxw2}2`h8VnvGRBR`
z{wVAmn^N$(nCETMZ#Qh+*fu!Je@l(A{b@OZ<sB>TDMa9{zzJYNK{cWB{Z=d@c4Kx#
zlr=f@?qhnoPgmDmv0Q<jYnA*y=t{yU+ZvsrCX;xaT-<t&tJAg-D>5heF(yh4e@BpT
z9Xt%uKnnt{g@Z8X(T-ldt{T|an9_t9e~A%y?Y&LG7^k^bt=Z|%yEF8Se?R*~-B;3X
z_xDwKrhMgf=y~{2b}kKi0^A7{5=RIe2?fxbi*JO;hu4v8R>10ehii4ZIhATqlci4x
z{bYuk^nOL>FRkS>-)}U5=+LDu8s5o{Uyy=00h!5Zivr((b%AQ>3(H!5i$1a3jpCVI
zx>zc>!I|-~UCiKRTdYL-f3%M1c@+STS9i36W7Dcy@_E{~+NxWeBZC4xtdFxthh{9A
z5|K7jXeMX+^Zuv7T^pD310hN?1dF;2<}u~gZQK&OKLI72vKhG|m``(pY2Rvw;eL(l
zz9s8t7H6rm8U4ulPnzF1Q9i%KR}1+1gKb&a0>n3YmO}wo+Q}6?e~>SM<O%e(zv=8d
z_MK<Mq~!8QpzUCNA&4_OvtP*VFL%x4`0kyOar-b+TcwP-_K=|UV<MaX9JWYBIt#rT
zg;H&a&EB92e@2{$Jub=KjR|+W1?fgC)CFuI>dyV9a~i2Q4}u4wTi{MLM2q0u657Yt
z&5ZWX(8CtnPY}VLe;|t1N{zfr3_}$h-U){7w;Yx)tkM)dGaxxT*<Lev{DU9J))(UZ
zKqmc=Yc+rQIWj-XZ*ReBnSCC_AiZKZGBf8shkI+G3B;qtSJeT_LskH5)TgVry{eGl
zR*zH%+Y52-w<L=xoP~c?kjof@*b-Cg!64`CB=pQDPe2Cxe@M6Y^n{>e!88L<9&vwT
z-t=OY_Z^o@eWQE)>GgX_b+TbBE5R|D$LR}ny8kcaz&fL}m~bOTrh*&-z(Nj0$>LCX
zgUH@VD=~18FKaoJd6$TqLg8vFc`hI_UY{MZ^UCOtp#N?)aB0847OurBzUgvR3Yc|6
z4ENwj_ABE^f1<xJlyyMB`lW3AY9c_ua^i_#hTBA=1B!SdP1K9T7&$LYCu}Y*N!xkT
zDUDs1xXu>WkfA++2ywL21hRV!?FC=Wcp#elaV$oL%xwo3pHhlSr@2+n_sUaT-4s8;
zio%8cpgA?-=Ac*(?eQ9%1+8s>2i0JRRhW{%Mil*Rf0j{TfuH>K;pU{li|82z6t-E3
zYy%Y{o<4jB({kaYQ{W!jZsp)Q?W>t9ZqZyOGnj*DTykx!(n%Gp3F`2$d`f0DgwYis
zL`z9C)`Lu>_&?aY%h*bSu0hOZUo*p)*}i6GW`=9#F*DPcnVDh6FlL4^Gcz+YGmqKM
z`|a+Je<VtzXcZ|NX{3JsmP*}S-RD$y)rmk7;iZT}QXvh@Myb8iuG}DSokewZCdtPo
zI_~ySEIhkz@vVW;@z)iWk!>KMf`OzWPJxtuW2^W>Vfuj|Ki1{@K&X*2B>UrgNXr09
zUyd4PQ*=oZDetK<7G<p}GViW&k#%iU7^wkPe+W2~`~Yny5z`BE!m$OeLkj0+O^3O;
zP!py8Bqr~@Y5V?YkF=Gy?I=Wtz)<N0SGpj9k5_-!m?8<4XwB_c*9^xNNADAc63V)2
zLF@slP@nAUiiDs>pC~oDmIUNcE?S)|NmOsfQ!V<JaHs=>9sQJngV6lTomlZH1J=_+
zf0E5~(l{%Tmbwm+b|~fH<=tn*#5rs?TAaUGUJIT_h1@kPvfF$6MyX7$PKLUdeFkT$
zmUfCm?NKf?N_K4>I?%OTh?fVfP7XX4RVnyHzc(kU-ix|eEaImo`NgV`{YMA8eGRod
z&JoN34ep!CcM~f=Q;xJSwzKMfHYP&Xe`c1;AM4xRf{u^~t#;J00NwFvU;}S>$ZAk{
zs+c#6wSn}Ugg5q@QeLupsW``2m9Q1DNB}A-pe>S*dV-KGat=BuhrabHVTH+)U_~>F
zNH@L6?Bn#+rr=_Ma8t0I7}=-axKc*fo`9X2k;ZjpUE-yOlQ-I#ET!Za8UK>Df8jW9
zgJMiEF9jx&6rOZBcGNt=1<i;`iP_=6R!x2JThHa(!^IGN)qwl8bxd6#LAS7P=ahzs
z)GbgXeGNDvg-wOh7T|0=fW5Fm>a`0-5yz6)8-iAhih3xP9~9kE=CwKf4Vqng93Q`q
z3`^Zi{g+vA-nbym$zKl?Hjqsae}E<cInh(hm;?q97m_7I>j;_H6}^Jj1JMySprNCM
z$Unuj+s7<J$)3>FlTX4*TWE@T4l_m+aik9njGP3|$+VbuOb=pXQgrTpBkcXF$51AH
zDAO^xblHI6Y^Kp^NG(hHB|qY357}u#Yc|v(@EiS}KiCJ|i-2j8U*rE|e*ljJ```aH
z8O-#K(OdNWuWiwXCpI!y!#zAMHXprWm)oNw?Q99e9Q8osXlPCmo=~vRc%!VP5M`<5
z?~Bsvy1*z<ImvBliXb|$2+qzLK&2KyqaJuyi`3K$;|*Sa{`hC>>EeR_YQp!|ywKIf
zMYU7iZS_1K-lV1LwZQiDf3@!wAZ_QzUZg*oY#CLR`t`xVLYQdX3T=^=VDdN@tPx2%
zgD$6C){rIHZcJliQ;zemfyf_ZEO(FDd>@0=42(~G)VV&aM{m7e^Q;b2ie?_a2=R3I
zI0QBgXwoix>cqRWpn94ZWM3eh#z|6T=T>I&SThez?5e6DFE1~{e>G~Ze7Y(s&M$|C
zh9b8SdOk~X?7tBbwr(=Vc=PgVY_7~~7(b#QJ0Faw{K43_Yz|4E{yjz+a!uaJDzZUp
zYdOTMP>4!F7=B2XHb1{9=IzZFm(0Dnw$>(u9sQ-Nt9w362jRH0YVq?`@o`f~P_PSS
zUhl0a7XMVg9oxe=f9A8<poH~?WoQEPpngOaZUaKrrcb@|WO7}F!OjvZKeg{kV60ls
z*H=K_W@!gjuvIUvt*uRzHuF{A*LTxIx7ps;WfY9a>*V+K!xPFo&2?KR62rK5XGf@_
zSp6K+tQwGHSn9i1jI&c1h$a3!jfUQavfBvX;EBrk5s5oZe}Xo1z=^<ioeU9Dwg|mQ
zG|<*P3REV|k4>#cYA{I0#m@fje7?l=WoBV<e3B1F<oS?zE%fz{&@IowJ~y`^+I+Jb
zGyZD!$j)FREFDb3H+pb`x_ZIQLz!{4*7MMY@0iUSVn}L_#~mleno5=`o2XbKQ*tg{
z0s@d`WR9}Te|*7Nz`TwgItQ5B+Qy_ErKNKjHoue@ZZ=)Me97f{vINuzi}4j=nPl2I
z^{)(Xn7&nBX@zRdLKGvV%9_HGq5^^#{3E>g8A6KCjh!)5VCKa&?I^*jM1T^gP!#BJ
zYdUNVjpiph>yvc_*Ed^rCYX27l2XG>^2g50km)ESe@MU-D<}1h9qexD;yO5x+jlJ&
z`xJDmjPDsM*PSBP#vyqg2!3KPDOrbNBw&H45NN&<1#no>a8;R9Y5x1>=FV&nC=cXC
zq{8^QCD(gkqSgVX6I55)Bota24P<TQ@+5^Z!o?-E;jq#<+%Y=MsbfQSCutfDMhjE%
zjA#H-e;XD00957xHC`k@VM<|A+4Qmp3s_ZS0th{fR8}1tA7-Q+4jKT=Z$`Bom!zJH
za7KIEiKfVXk=m0olqd(wt`q~P$O(zW`irny7YW<AK6cW86{QLXXtY`Po|UWLx@;fc
z2?Khfew!dW`(!-JeaXIZ#bfwCAwl64s&vY$f5ozEs<@gq;7QkMEkr{Af|Rq0zb!ge
zRg6dQ?AEjB`${-5%!nK1n>Yb{V&daXP<~Y&g=A1a)i)|jg+=o_qWR)Xg0KHUWCv6o
zXUb0aYB02tu$%k;r3GN+YZxjxy)g#GE+?}xh~uKmREYW)H`zcz6g8%SP6okOnpkw-
ze+G^lkVwr1z@flfJYDtKwi?%OIUT5Tv_%lXX)7fRP3=B1+i9_OWk{J7Y@EP;!xtH4
zEauH{;2@Be6J@3&h?4wg7zXUD3FS2y;ft74Iss9OAPPY^oPjwA<ocoIUb@=F-x%SA
zNg7Bg@i>@>rsFpOl9mc9jX8ViU7~e%e@KDHq#F<`EFpFpHJC0%sy^;SGXd~eqJTbT
zHMSR@mQo6A5G|1WoK`^T{pI+S#x0oR{AS5c<R@o7D2^UzPI_#EmD{>#n~vO1Ga)|@
zV3<e5#t{|S88l{L$5P`+utu2n2r<e-8!+&Wdk7zf<Fp^1cFpT|yfSq%B0h)qe}!$(
zfbtXWa|*($s!Ejr|B<5^xys^-iwaTd8R_8%%ZeBRQ*li*s-*b4dR6vt?Q&6(9%tay
z7Q)2<J={pT6jRow5Hlw^A{`q`w8>6WejaR`N_a}CcBI^kF(P!yvR|CfszGx|@ELs+
z@=N@EKqLV@Tbi-*3&&9gm8L@$f4V_Zwm^%v^+f`lTc(7hNLUw}D1T||5yEBaF<htd
zkFD#5NDOk~k6k#>^e4od{I;#};z9JibI%i<8ZB0zGFtqgGXuk9>!3O*sdE@AltxTc
zLL<*%kmLe=h6^f0w&RQl^jj5<ObAh>PB15)HL0rs?`|98p>rk)qBI3Me@2s?68#wD
zshTy7xpsmyh?PDCzQE~wj%6p9G(8QlkAVy^d2HFfz;V2@R0{$Pii4cq@<!O6SBmqe
z1W>|P>?2Z(eyN)VWx%*jaGaTcyWye|jT$hPK`U;pk54=h`qx7wz)>!ws)EMui|VM6
zD@nd+mbNlgL%^S?lE}oQf55a}n|?gMtE<alIF2wm8iJYO{1<T0l*H7Ab1@>FxDT-+
zIJ-so-7=O&Dzv}*ifZG$J8p3<>f4Y148lrRx4mB;GLOiq!fei01YOspMTqBfr}H?A
z9&kjsk;BFo5MoW(KQ)-y*kbm*XI*IzJF>`xCHB;9sIT1kXxttGe?So+A_9xvBQsLh
zhy8^G%>MpdbQsc8wKG=}6O(NTE<GH+-T14{We00(Ufi_t15m6y)tPb;Ixpg}=8UB@
z8{!z(rtD|Czi5#K#xv26LufO}U)$ctMH4qAxvT;L3WN7rvu%5+*?b;~jCf#qt*tLb
zGxr&Am=+kZE!EL~e?N3kN@M4A3QXWqlH=%W`dXvZ>RY+HO@DKwbS5NI3y}!11%pU!
z+S_v4G40Z!zH2X4jI(8$Kumrwk4%(}C{0n(DF_7vq7}o*CjNK<&MAE$lJkYh7Usja
zZ=LY)#Z3gsLBhaJJN}&jlLg}8;|oogveqzt>$%!&zdv<7e}lgCJU|C3hG3_Pf~Sbe
zX>XFrG9xt*_Vd3Wmu-IvxNoa85K8^zyf408)1xRC%ef9E5Oj?&E{mAUs?acO`~vkI
zCxL^ZM-C)IWFv&`xcY`EQMrsTN1U}71&|hePlQ>MAuX1a>3F6?|GFobd&&>v<hogg
z7-y#-_I)4~f3tv<p-h$r-eqT3<g}^jrz1K(ZF+PcQ=m_`v|4QpVaKVn7iIcjqJ{;s
zSFS~X<ryRE056&i20Z^BXPAhcnDX9fUEW6ZxalJk^F|m+!w-_trPVw?UN&$0nT~>k
z5e$3s-*kLKLR_@?;r|0uEEpZaNE^_f@#G4@Y^TN_e|b9!m(=~jhaPSq83L{&xwy`*
zu;uy2+<I!Iqmu>1j(&-Yi}Qab%j!byfkffIai>atX#_x^6KdX?Z<+WQL-aHEFr$Te
zZu!&{97`3)67U2+j=rG<pyG!0KCj?9biTlJ3J9=sam;USejIc@ZMhsofrGJga0mn~
z6}Y(pe`6kXe^mM79zrjgrY$m;PZi2adGEG}c`iQzH`>yf(}csoWkcVW$G>D;Trg~w
z-4myAhSt~Dh`#c@x|n;qeBTr~7;JpBJc;aVmK?{d4o-SV(yV@?CJu&zZHuYNmZsVO
zFSo+m?QquEd!Lx)llQMX$4}#hjQd|7P3z}zf5Uv9o7V05{070nbaYtbt%?kIJlqqo
zbgPdajeBkmFpJId`<VZD(Tf~bwA1)`GZ{#6<?H>YWjq)RjC}&$XKb7HC1zIEvFGP!
z(qSh*cOD%^gdOiEpXo-sx0<wO(+xKPfeiev2|37IQ1uT$f6w)n@ag&+jsGD&4PP8h
ze|o+zR8Y^8=jEbit$cDUehnpdy?X1#=gE?;L-uDUIM~Hz`%|~b*8m+>tNFb7kY>&P
z%qh5<1=Gvs)2`cJNpJA&XxgMWB8XgWr(eH&*<7o2Bm{FyK(|C&^%m3DjGDt{kZK$s
zro8EI@tLDedxY6OGYh?$`%+F@-jHZNe`xwE?L>-Fe0bRh>d3E2pbro{hlV7#*%4p%
z2Q9TQdpw>lZbi4h{&OL<x~n*b+7t*Ftu`RPV(yO+X6q@&B>^IgT$72-D5_;@j+?Ce
zCi|+Rrf1Xc*IU^i{*YkLQ~Dl{Mf0b`g~@T$Y9pr8RB?D#ed)PWFK2AHf${jXe~JYD
z>5-8vg(+HTgJY?e{-0G2m%J@2kFiD1C4OI@A0_UWYlm?;_^qw^qJI?0Q_J9VV1#-m
z;$}4;xY>B)l%t}KohCV!-=BM7iJ#Ytv~>T74}Uyuf6f2>Ph%LE(Jg@2W!t@!%@HZ$
z4kdp>;;w5|XZ`A~wkI4e-^=1|f30#ig|wTM7NdR?DJjWx-{;xzr(|j8KbO`Wf8@Ro
z-4s)`?uMOz`A+M5d{{X+)aaCR9D*P&R_eqaA0GHuww69!xP*c&25*d!2j3C@EA)Mx
z;=5W|UtibN8{>f1-1+e^D^<0->k^;M?{*e{|H9AbarM5K?Xh*+v)I}Be^O*{9t8$Q
z!0p(>{r;EF|I*vwuIugZM{RridMEn%JJS;UsY~BlR@?t%9`*lyu>j`(U9o`w>K)iR
zmn|X~7$We$CwP|`-j!zR|4Hy{sy=w%I<8u;Jx62MdU^oRu^CBgOG4t9qU2?=ET1Y_
z(#d!->mfpGg`^w`>q0t}e{1lCP0--PK!y|@IeGlbd`<|msD8xE<xY>58kZ@7=?^{c
zs?WM<<`I{u464Zw%5&42<j$v8KmYja*GuUC`U3RdkH25z17D}cKMnJ8yeILKxpU7Q
zB)_~~i0>B8I}e@-w`yP~*TPee832*Bq2E^fDo^PB$)@%lHa%4Te_q&q_q&2p+`_o{
zsjv5J(+%=;$f8i}7C3oWFX$dizSttO2<dy&7cJydJuvrYrzzIq>lfo=+Iafe__B$W
zf}&Lma~H!O>6(L>@5BDANQ87nWM?bTcI~0{){3h2(Y~f<a_#vPR)4Rl0*H~BJx#E!
z9jqm0QpKc3FgcSjf4E?kU`dZ<O<Jjan(JhL>V#ASECn&hqJv52fw2w5aN;`H`3cDl
zKRql<DpfHJQdhrYD0XAFpaixZa&B=6>|Y~Q9C>>?jOF^ML+pR?|B!0g@0nE2t#rtX
zU}+1VA-5$;re+!CHd?{2_c9)MFwXA0?ts9$f>8~KWY$KJe}@qzNeNFNEwye<A{3sZ
z!lQ&t9;~p!6i7#W{c34oc|S|-mhyoa*Axm_^98?#$2)tnz^Pci^cjyad0#TmD$cF!
zKF(z7juAfYJ*C5MXZ&nqYitg55{^g;;m9MeyfV5Y(&i_LA9B_7c3noF>fR$e<6{Ef
z{a()?-=@fVf097S1LC1sCM{i5-oot5hBytJ9P5#Wqbk6)JN#%owBQ}LK^fRL-qAel
zl4W>4%roHA$}JD~s|rOlC$R*H_g9rRyV~t*=DbdQgP7X)*yA<2Cs*v8%|j(o<6)*m
zJ0y#VPaqn*9kCN<U!cD*ENpTF3+X!&h%!y(KbzM+f6a3X+~*D$ta`AVh`p&GFBA$*
zA>9FEi~v)wX`kO+FniSa_~W|L59ibI%0HJ2oCmc~A|sX0*+Rcelq?Zxx7gqMo|}MK
zkd{u!kqXIIiyZDiC2uq)|7s$^6m6q9OdP-iVj(zeYQoU!mq_!T*iO{)4cro9qg+Vx
zB1`tSe+U(~{|Ur#Eo;R4(P;H64^FXDo~cY&aaYkWWId*qCPWo-H|52M%FPTk1FW{$
zQoSz`LOyR+Z4=d_4b`SkBAQb*Qyc}Wg!vgfDiV-@6;d&NA{{;Xc48be%OhDL-jC*)
z#Ol4}xA963fR&Q&2rJ@jkDj^%u8sc;i3K;Re~83U+=XHYDNie-q$tJ9r%xMwmC#m_
zh+#mFiBn<4SUTC(>F)OW>WkfXld{lLIpFc+7skR<rvOmX5I4aDLY)SvNvo7_vWXqL
zhCgCduv>__R*&Xms$#NxT=Y70Vu>qzEv>P}{-TP;VVL9d4Z51Ek9n(DC>e%|6|6QC
ze`zC~LqcVxDPTCDc;y)?#JKq;X>lMC#=1(n8>-p=Z0~e%-zzYG{}|8H6@EvcCnVe^
zC<;J@DB};gLn{Y)$@R3{^PdmL{pa?MqqCe~x4Kvf-}XV^-W`9O$#MpWac<=M?$PMd
zQQy!7)e@nqL3S|rz=;wt(JabIS1x9dfAt@HlRRf#lL(|k>^FK{shwHoRuN*NO=Y1S
zRjKZ~#UL1#;6*RP9J_bysEzq^(^Ce@=Ihy7vX8P2L4`P6M7yGJn9k1;|4ufF`5nGP
zCpkNOOT=ZENKxRCqH~{+_P3aClV~H6iq(?SJN%qe-O_h>{W!QEHuRa`!|Iw|f7(8+
zZM&CCljy!x%%MMvcsz?|J>#aFU3185^JG~;<>-a3sESC3T#5FOyK1u9m>9K7@|<kC
zQwl6E+i7DASO$%~6V;ydNq*h~rT9h)fgqB_LS*?<C>z8jOf8$<w0w$GOy1eyh0S=U
z=MS8_O{3{wII+>q8S>HWV=@JZe+3AIP(Wx9d<Z6hbc{fNyje7R6Zvvrp6OzMsSA@t
zU)c{B3kZR?q-SJqw?QsYT}pqWD8Ma3lubjfO<o$nhOx0br3N2mHeZM*QUf#e{DpCS
zc6VqTr|L97X{n=a-Gj{?CrlfNip}Dw1&BtCisVo2&l=TBy=NO4%=G?+f8L??ef$*y
zTq7@tcJk$$4jXdtR7TY!THo2-Qs4K6UQFmY><spTcFr~HTq3_Rfu&qOZLU`oVxw-u
zLzhQoJ^hN_iC=}Bgs4jpL0%C!8csp9W7!ZTValYX-y!rmM3FLZiuWh?rQuSS;zp?`
zr?(2oNBB(lkrauw%`Z*ke|1z<s#<9@e`ChLyv%-Td<qj~hHrh8ymJM30Rv%kjn0?1
zhPdWp43$MMq;ON1F{Tlql5MOKL20bsRPYfviKtAZrX%};ormNDx^w^#0he$oYc?~F
zMtm>Db08%VRVAa@fJv;P^Q-O)+h)^etcU;D*4NXv;5t;f<{8A-e~Z=7b$7rp;(IyW
zV16SEr9z|&=$EKY2r~vKx#6XZMjl>e#MuG|p2=3(uF<hVVd&Cr=;!dPRmgd(G;C$u
z%qePtOD)glWQw~KGl4NIr1v?jU_Uw2V7Wn6s_!%PL$$zwN!v~*E=w#2jmj@K_P@3i
z26_t?0bdIl3Fzp%e@jlZ41Jjb+&ROgofBuX1r+@ZK3tFmvsRKhg@uXcCjHD&FXP!I
zEgx6OOkXshn#Fjb2XfA8-rRnP-o-dfbs(bbDvp{AysTLgI_Y9G8R^*T0+4F8uTZQo
z;7&^3ivg!(u5c+!3OG5pn@mr5Ng^LKTlA}46l3_WgAz*1f8&rpxi@9Z*<;raBEPVG
zO~Rdsx_3|k<Ihy<Rk8@SIo?@2phT;XbhE7h)X6OE$Fb6^Ht&?9%Qq|4_wRpJwFOqQ
z34^?Xm)ONS1&5L2g^#(bDIcK6SPa`f+1{5cc2$q>RylbmZc+3oQMxX(T^w>Z+XEVz
zuZC$f(?aQ?e?{R6Q30nN35sL6WWP2QsyGyQ@owJ}k8y3QF*Ka@QjPAxPe?hh$wvTU
za=dX`h716KV5~w<BO#Att{+#6wLHh7I|a)u1q9xihE7hw@J4JUopb#)mL0;X2j5s@
zdvR@9#d!tK<V%2<afW8MeZlPJ*1z6oRs5bOiR<5bf9UVMi>d8A6cdY1=u7Z|pgZq6
z1O)i>H#h_){X4LmT*#PZ6VK0=^m&$y?Bl5vKrjMG6yk}brG*Q+-{OwZQ7~XOGitR>
z+^6{s-0*(;^pM(4y6j>x;+Ldxza(>JH-hs`*`S9cxni<e#xu)^XzeC0k`lKcaW)yC
ztn(Dje+=GZHo|vXqWj7aNyK==jnmDXV*_-VyS<}oRj8Fz->p;gYh9OL8`8OecW5HY
zV~i<(bnU_>7&Rio;l`)kw0Ss9SK=aJvpy5J=ig@^a}P&ddfgSFx|)N!jz~;w1~_na
zzaau&#Z(r~MF~56vIg%__Bh;)qcf&X6$%5qf5uBdD7bFJt~u91qmKHh<+c+k<W`Dr
z+@_V)1EY6V-VRwelZ88fsdJ7Di3B|DkEPG_rVYE?Gfb9=_JH~`vFJoMzV26AsL}J$
zq#{*e4?bQM`1FLEg-bV%dN@osr3+$nvk|d}f(2V(6)rvBT_qbhOcw|fsX}S!n+^P7
ze{;Xao_Kt!ceZa>c5v+Ty9#K#+FLA9IF4!MFEjd_AmhG%#J&hHxD#~X{)SNe*n!Lc
z3<&M4$IVWT!}v3iB>8RsHx<#*$%eAl75<UWUT|*lQ}^Ir2O7lqaHNNxwZA1&xNR1T
z{nM#?+xTXztKU~qyASDjk5`xRYmoi|e~x=%iOF1*n{^d$@Fatx;QHqi`S=l&9*Szk
z%`>df_)hG1PcbNaZ_E!R*q6=EjHZM^EcXloU2PVn>FH=8B`M#IPk2%3JJT4$pZ(Z)
zlnfvCn6WUo7?S72Evz5)@mu|8(_RfH9kZ}C-N8sZX?#M8KkoIZUe~B!E+rL`e};I<
z*QxMMT|XXHGIdUXq=;1C=GSq3KQNjHxcK2;CwcKxh0YP|yP_@UuKf9?F3~DDc%!0C
zasBH$a|AYYwaIl1jUESdl92b?x8-jfUbR1)?e~LLfyXe*Seup!+szH)Hr8Q6_Ur>b
ziR<BvUyz^XbMX%UEj~~ED|EXLf8m2&mvQrdNP*b@mCg9)pMU=Uh%4ovfByOBpMU=O
zUx}RJKmYvm&p-eC^Upv3{PWL0|NQfR#lY;JfByOBpMU=O=b!(T*c1Qr|0bVtFtGpI
zB{=N=<-aY#8T^5N4hDug|3AuRWa-A}YkCg*Z|m4x`(C+BZTLh}JE0H5f3c88E{LnK
zlN5r~9)GK0Vd|(wmS7he5Yg<x-D)Jzs{8K#whk@*kw;oyo)2aRZ*8TIjt+>+enzJz
z+8!dBp2*B}*-UTj61=!wQ8d4BN}_IRkd(5R;_?1i*4h60`s#9sF2AdA{pL5w2%9JL
z^1Ae;4vmy3PgFUxu}pr@fBeD&%~BeEH+{(nj^A_QjX)DKW%m_HmR+Z~B}M6noSUA!
zg^UP>9Wg$-b;cbHW~{9nA-z0|`$lv%;}{^GT1Ace&Q9tr^n8rE36Y>TY=USihMUv*
z`PmeJh`Cz%w+(hdJw63&dr}dulnFeu4+Gm!EM`3;!u}VxL?wHpe}Ffxrp!#j7L?8y
zac^T{Dbi5hKI57$SZ>gU@nWpV+^66B4wq=7-@)c(bO83w86}B1G375`=n*3fOl3^z
z3PGET6PCvUD)b_Ja8PwEZOn4w5h4YHay+}uiSy4|R|q}3H+3$UWE8%v$DEse3K82e
zK2tpj)cv~0QzT(pe`%92=B}tX??Y4YNjAMk-)=P?={g;$ayjLc0~+kpT&a5&cH|%!
z0CWrdTo*C6VQ|B6QynSxpI)L-sqnt<%9`@D*E=IX5*^fKtV#pOgI@JIjCSBVz|b@T
zHw7Z=a+5+^4Cr1_F<k&nBJBiynj38C<pMsIF`l?2I58mTe|kufakex+6JTlsOR{bu
zX@m7R2%~cGoba2JgjQUmb`p=MQzV?7WC*?ST)HH*rV$X!*^o6qf<EJqstJix&=&GK
zc&9nokt*J!o;V7t%wf5!LcGOFv(3dynV1{U5Np0MI>Q_W$S>p3OG_((^o*_z3vdcE
zW$kk#vn?^Xe^k5wIDudlyv2OM!X=dWGrzoVSuuVreQs|#6?D6EF-gw4gSe2yNd*w(
z%hO4kxrDV;UZATs7`$3T;aoMfbg}aoQwqWcpJkEp2_5^)WXd`nm8yeg^*Mbidb_x`
z^s9c)a-vjlaFZ7WmqB2A1UuUpim=CJvChUyzNS`We@WcbOe((k9w5$=h{A1{2W8*j
zV21b&KTwgpi(IBivau<B3NkmT-T!i4+yW}L$42he!Dl=q{0rOWGufwO$Wnm3x(0$S
z#nvf#MD`f<k2Bun8&`5LHx0~u#v+gPH&eFy1E947vDg{Ho<^`VK~`KdwnnBWb5if!
zCo}igf4NTCd*CLP0C1jRrXYby*fvjFtj|koF4s4;@vo-XS2afH<`;YHhma!~Q@ZF4
zHftkR2$&xLZ+pTqOHl@$mx738P~^^uC;PHgSGbCDEKJ-AiZPHx7m~~h>2#uVC%Z$f
zF#4-^aQU-zPUtUnwZhLxnFOdi0`?+6@^42ae?MJw;<w@@3qN!6`SrP@jEGw2DCU+R
zT!gL`@N%h}w^9m)Jv6Gh;JtZVj6Ze}-yU;HH7KjacRre+t~sYWrcqUt)P!<sTA9K*
zUY^EQzI<)NpLPi!G-;x|aqf?fyHGbew;Nd{?;erdJ;y;*7$-NZpJxcADvnoFfs0_0
zfA!&IykfsdCYKoV{d8lsecDZu=KAr(*snzNR#6|b3sK4`vG7TW*NIV>R)wC%`(tid
zyYPKfzAkXg{+3-w#gJU5v$fw2sUYRU(|3mDeB$6TkqiZ22VOhGfG5=iPNK|YhIt`a
zDJaTNW?{qbO-zz=YC)>}BB2V(YvwBXe`!8DXnBqPpqVIoo9Wr4#bEGfbPaZPIR0m(
zR9Eod1Rcm%o-7NqfS;v>Q;pG<Uv3Af*T#2l8QJ~q@ZS?AQ88vP%Z9zn22kli*_KgA
z?P7_Yw0~i&FoPu`?;F@}|A;l~gK7&-ruJ*z34ov&C#V`cm=4ite`P$_ujK)me<<Pr
zEX#%)6NFVfOaU!HI3aI5Jcb!e`Jh6v7^uDh{Zbj(SuDuYJhH|IuwD3P#)00M3;wI*
z8}ho@;vsDz3OqNii@Pbk5FpoZQnr82MQm<<Fk%$cB>h1g^Fcl`>B?z6Z8atbhvh~e
zB~kMyIz3Tf>hW(6IC;=j8tzPhe~f1BDlKmG5E8p}z-)NL5Xx^zz&UEkN@QldmJM@a
zKLu7k0DW6Zw9AC~XTV&t5Q+DPlyr`<S^__vRAN7~P|ZFqXx&4DokWWwK)XGL&_H-j
zf}J?1Dxji6!V;Q7^pCpjlNppm0rJq<wQK=MY`Cc3;@k4-qnhcTVLK3Ie-f!m8yIQ#
zX!a%U%*hEG3D&@(GCeIa7Oe4YSx5Eh14OF6#S8&Uls0#e=SM3@Nxmb|dE<-`J4$d)
zC{~~Em6UDvnLie{4~!z{0@GD~Uh(o3U*=2|WJR9UU63T@dEhKk8W^8|A1;~Dc9`Iy
zXt{Al1~VF-(U_d@C?~oSf60UmYrs-LEoe45*KAhI6YFoX|AiJp^o+wi|4Cl`744t)
z7)`7k$<>j65rbq;0c}IO?%yY;nY@}St)`#c5P#4gE2C4})RFFXc)n9J?~e))Pq;K&
z@ZDIssK3bhfbzJ6FbH{f_I%4DVKKe`zRau|9Phll_rzi6Cnxr3e+caR)<JJ1PqVyj
zyFvr|+w=%O-ZL}kscjt+uck(M^P{0<sSPn*B)C@{gTiLUFq>@Boked$EXBjJv4Tts
z?-FWzof2tFsotGw_PbCOCp*+bdP3}&u`CUtyNosRiO8_%!Up-~h1?w7XUy+k)FJmF
z@0fvdQ1j%N<fF^sf8u|J#ttdxW@&pF16?K5zxiL=tRDwUQ2pHrujIQ4Sx)6r4@-{;
zGg4TdQg|+kPF^T>A3qxvD=dJG*mw)MfKx?Lm_O-rMOv%h!4YZ4cb|qZXCrJWekSAk
z#fUY4PzWx`gBVtHg#>k}-KV1lWhf-#@(P`QK;d+#&c^1Qe{$;07+t=l;{$yIza{ph
zVETxOrw#~q!NgJgJ&$6PW+)zR^8UkCdgCLhg_=_5qs69#m_s$WUBL!L7KdRf-JbLr
zJ%ZK?DG}7Afl4P$Kq}ZX#_Lzq^OVo!Gu?UO`v%Aq=o{$uRCUl#O(=Ils|HEvsN(l!
z74cP8p12*Me+7p?u>I%t+72l26u%c<;Kkbe3zU3M&f$4t#+mx4TmR`hwfV7=vT&sA
zkNs}OelC_{cLB<5fyRn~lrhGIzPlH=i(ZWuym%Yl!T*xvY$1siz`Z0_0Ub%=4&eL@
zoy14)SVv@0wh{#~$*FyS7vE&qMzo*zx3rcdtYMz9e?fKc_R|hGmVT;xRllvD(n<N1
z%Hc525`bFqW$?@#&tbwXWx|@!`;BuSaH4Tw9n?Nq2`@i0hS;_f3jIXng;z3sZtxK*
z*MGFGp8}$Cp3%H^C0rYHs5AvbWgJ>7YTS+erIESsik3(2!Smsv2Ji~o&O?oB-(>`D
z=M1U+e_oU(uLMeMg7EVsRDwtc%ku8^CGY>fd3K%4>0EY@y#Rg-FJAp>asbBQC2&*e
zaZBF%e+4{Li|Wydyb=s`_P0HCQC2DHVIn#m8;D**_}RVa2qOE1SX~*E+y+it;KXsE
zdmq)a@~NhE$cKdxU^u(hO`nYAd`+z>ef~zAe{!W%*xozwfVZ^svk8knQ_hueQM#S;
z0KDMxzB!cNXzi*z4zk2_;zl9XA#47WkcvKecGm8b(;2zgSKgM=%6SJleP)*Ejc>+Q
zkhn)+iWLe`bm!A~UM4b0+ceR=NU%>{xA1ldkbpaJm@>y3@<#jL18Ctt!}zywa38~!
zf4gP%JWsPaR;}?f{SthB<S5&aW_!!RcKN|a?m-Lv`Y7)7*`;IU3SR@jeQV1~I(FG6
z!yGR3hOmXiQ#ZBSjkDfbC+1mogrpm;J7t~S*gv55*UL(<IjqRTg+Y<?@`T=mjTuiJ
zfnBl2NB$sMU1M?ef&1pLg8MU1t-EG?f1hc5i+_lB1mV5yNABSCh$EILGQK)dOnz~L
z;<ZS>+*rKYns~e~1lJR@4x+Nk0)X~6<Km~$qozk_gVab^NTn1_SgG4e8EmO5(U2rY
z=@GseQ|Q_Oi$XF6V)$Wx5wsCOE;6ZL@hR>k8@t@BYYaM?kBXn+MLTpuovH+ke~PH<
zcEL&}j~awE)Gzs;?oEb!p9ExPdlpD@JOK+Oq~|8I?b25-6ise`p$ch17$iu-pYt)S
z13DB4A?!R<YMK%Z`LmB`1P9tO!cM+#dq>$#6pbUOCXp!ok`2cO^0-DP9vQW0e_U~q
z!dfCJ)G5mBn@ny@3Rx98p8B;6e@TMrGAdEZ3`ia$+!AO>T`W{q9Vxj`ZYi~4LX~6W
zRJLI<+R5Q>dC)1vpZEh;@UpVsGvrH1KHdt^{q?AbJT<&(e&g9AA5@0R3&yOz8NIh!
z^h(gA*7N?AW<JqMU?<?{ijL@Zs}ON<Ttxr95({;!2(GPZ9UnWh%ZqBRe_!%qRW*|C
zRvd>(%2KiY7G}E3#9sZ0s{4&>bO_Ps8(;ZK>$YgRAKV85%@uAa61s6gCIihujFFz=
zg9afi*fzE6^mhwl2>f28!;W=uS+xz!&FFU5!`3&`A6F`6<3{D<@m9`0iZ=S9W=uoy
zRD6QNdyy6tUfU|)1nywge|TzoJ1WPR%$hvYmbN&u-a01uBMo^Fw)E%tFVXJcoa@V5
zDk#^(bnTT_IS^+INpO1=iRncy0SVI8*6n_~^4M(%1tb)%2U{lrKi#~oBRYwl=FM&$
z?78F_BmGTwAqPjVB<9Y7#2ZzMx7%$|*bc6!Atl1X5NTCQO*J_Lf4V95KSPS!3Qv-h
zHw;`jz30Pf{fI>4R(*e9EL^(N1jM1TkySHd^>0P)U8FjcjQ^cIxCyM$B+7bGz*z28
z`%ZwH+wl<m;QEO*xsQ`y*h4w%=3;|r<eO9b0FSq<qN)o@Q=BE<#Bt`TadL?r*$Rw+
zZxP0=N~*~jRzoq0f7vubv@<m{M%<$pOiq6*k<3jzm_wmMaVJ{tOUUiIo4-A6oVN5|
z;E=&;U9x6zufIptP(-~WMPD3mM1HL2)go2qDNfb-Ar&7e4mW5C*NRu#@U-!594=~&
z7H^p(I(=@r%|HDj(ZL$KLCeZ-lJG|!zLzFo{CxQw0gN+De+5ThFwO~UfLjeQ2LFET
zyr6e78q0Ki7{;EdD1XOW6L<RS9U1H!&>IE>?a+gAtNnTJ=$40RuHZU-&sk<n_mp>w
z{-?vS6WPwB@9bMccR&WND2-jLO$T0>dQDa~9b0=3U)w;SIOgUHAz0F%F%aS#=02Kp
zRa_a&?aN{<f9n;#rf!48n%M%wJ|*kP1d%k>H!WPo{dA>3yFAXV3$#cS&AyS2vbi4^
zk)F#apv-5^fEba=0xf+C!>*9VE3Z*$k!T+vBJXkGs;BB;?Cmm?y4+<XBp%QET*Xd0
zOW=8y5k2N$6mpb_vMw7{>;8s?cS&t(EHkzf+-fGyf9O$sTC4XDgin5^lU5A8K^!qb
z(XAyF1k6jgLKcKGSracYaalD(kfyhRt*<<2dlypa8Y%&>NBdmQr2M|;&CRfSaEUDX
zn@g~2aW4w(-dzEa=uF*mTYqf`-$NKmopAQ*BmU8o7-zE%WBt>rvOvi}X1?tQ{Bo(N
zg)@FCf4p?cJI>kCzzV}#0iN)OWj(%=3l<QQm*)wd3eTQ%eG5VOb8lQ%NMs*9BV)5G
zv4SYpT8LvlJV<=;XIWdr3Dh!0jbK2QWd-gnZo7L0_C6uTR?QlD))$JL&!%%;SiHl3
z&4c_u*p}q~JST$T`9F65$nvb+QuiDdI(}dBfAHV--fpMlYF*_5K%}FJLPd^HNvl|^
z=++geNi=9MT)MW&bMY+|RZXoJ>w<Hoh@z!Ok>x|kXt9H%lfcQ?FSQ?Ry<M$4@EkwH
zKY2wm<mFef#aSF>dZx2k9NqIB^G`o{=HxOD-BhqsbQ|w43wOi3a?I2O`ZWd)d<*S+
ze@|Do2}_b;ytt-zK<otA0@1*5*JMdUD2%k_p}~Jg0o#b0Sa3}u8pzngzS|4ni_k;4
zRYf-Txe;_!7>v&@+IZ%#_V!LxeY}g=NYG{)WEj+)6<msb=BuF+Dab48ZN}vXkL!g~
zo?=pEQ_jE~?Uj9eeL$ryAyWFp=`zmOfAx8TlbIlLk^y1E?Q@i0_x{fAKZE`vuU*;b
z4S)QAk7b52k;Wxmn-CiKI!43CbtIT_WauKcia}iw1*4|J4xGiCe%f9VH`plCs0)Z=
znJE2n$~sJS?M*i(>R0$p!n`NL29b)j8<8XcwLgNn(nf8i2r)5*TU0RI6fq4Ge|Si_
zHH$2Eu#t$|NVRT-v(%c2&~U!t+M`g(s3yzBcbOI!x|0rL3TB2#=PKWan?uh97u(x-
z$(RCaIh~MDnBXnK6t!spg{X+bGb-}^#cF?7i?`+MHY5=G`?*S@ED2v|_T?M^#*PX(
z&SsU=HErVkG;7O#qlfd`c%s}*e=}4Reh;;PgEmgZNVs&b*CJHnJNMStLNb?pih0H8
zC-~h5LM{Kb1te<#8UzEBEWj9C2k@}L@{;*m9>?0OE@IyDrl+ZDp`63H)wV|P@L{rU
zE)SD7N?9euzLA@#;gpadYb&Nrl1b}E&DRvp-T{p%xoFe&)06}f7YGKff3t7hxw2f$
zRG~%&lB7t14{%15YCsKyXz+CMco*u_=0ntOu|zx0{(|pvxo)PBx($*iYaJ0M<&9D{
z5?-)GO)+2Hwq{9@=S=$WMc7QOz&=bBT#GPH0pS)I5J<xXQc{jGuk69@hO%lDRL`9=
zRNV`R{=g%NAfuFEOIqp@e~#K@08l`$zW@?3$vOGc3>ZAB+GovXX$@EEb!6l$>z&#Q
z3ErMr=rAy0qW2}_X%uPaPy$37mM*F_()_5S?3HYgb>rSXz^B&@LL63x2<i+iHOYW7
zLuV6RIv*$)**n$^?u`kSKxJI{N?~9FCudNIjkd(J)70b&r{{Q<?aGp-O@Gt7yh4QC
zS!grtIIbRewpOk)|5CbUSh|5d6E081u)B=uA9ku?&!a%d5Rq_sUNOJ#3B7F7JIbBC
z&%JeMuWvP%=jZM2+KfU?eRV>nLfdAGX@h+lZ*7UPm%*U2&zV0nX`xG5EnC9jq#9Jg
z6J~Y#I0Z<w06>MhYf11!M}KdQ>)9pGwD)|ai9ZYWUV-|`u`9}z511<h9lrE=lD3fV
zqj;f#Ha^j5w3nAt(O}jme>N!ll$x0Olot^j-t>;=-I(~&;z>0pXQ*&~#5ocpmN&We
zea@Qqqq!*u#S9f+j0B4AXO$37k=jdpTwt6XX$XluyRwn=*@7xi&wm*$Q{m@LSa>2F
zaRX`fvK2A6@MAb1jnF%DtbRMop==vh?w5d2X3I%LioZ_yx^0zH-i&yMCx3RQJ5@5V
z9h1IDCE{qW0Votxgu%Rg>uA-xOT=b*{{hEKx{Xn#e(+*~NJk`s9@8;dCgk#aA%!((
zX{tF<y)W>X$>M<9R)4hPumN;<Eov8Gix5z%H>6z~AaVUH@ali;;fRAMa1A$R&mA4e
zr6<PCH$EY-ZF*MC#P+rm-17LEgcaI%EZ60IrpDU3UwipAo05Qk_99rhMOKyw9ifco
zMurDNt1>dt%VN#ORyle!Lj6wtS8Ys$rYgUwvNBu#c@CFcr+*3?lty1v{GNB;-;t7w
zT62C4n`ed?t>^JTIJS`vU*OZ<Bm$projP#FQQ2~uE91cbHXLtJBKFoJvL_2&IB*3_
z(CQ+vT6eKuW%eA-CU{>Fn(=#JS;Oc0^VoT9V%$qs=?cS@KK$3`!Z>ZDK2v~Q0$-sN
zX>!<O&gFr5Ie*9LRjg6toU6O#W4HW2y+X?mV38pWNfTWt&`Q;pS!}iw$e1?at0Uvg
zim`i3mp(TM%}ZvIi$sH1v^B!<(sG)o_D7^*Owa6iWSiKyXV7_jDhLJ(5iU%kNMj&x
ze$jjNzqe+!S*qP>Hc)!KKqBb)6xg^f=4rDGF|7_rmVXUAN5d_h)QCjT#?zTyX+}{6
zCRV7mSYKvYXrdr@JbEh$2pno*|7IbCqz;({kfVa!^)nin=gwqv!$1v<M=|1euZyBx
z`9(-tn;8Y`cGz3b;B)v~Q~j<(Ln|I1NGVru$lS;)oV);Krx=#3*DeA1ZEvPwp?e;f
ztp^zF&VS=g({y^H51h~J@U9zZ-rrQo@~ChkxDu}U5#|*V`~tx$c(U~r$gxhdS&NN_
zq3^m+SKfbDB^$#i8DgSx+i&+M_^ehws)Ny-f3W{-ojng>kLe{*o}`LgtibKKYI_--
zePH+A{!|=$+Kk^^mfEoVPMK`VWj}Drl%GoVD}VF%=LFH&+Y{*PyxZunH%jgM^;cw|
z%ilV$mu#PQ4q3V|X^)cumTdR%QWa{(Nzqo(^4XmZtnq^S^jJM1_mdm3qD)rYU<T;Y
zT!Q%vYs~s3r)u5PHZc`y;Y@piIT7LAIXR~=m}6?<|J*aGUDtvaU4ClyBD;MIh}$=e
z&VN6-Of2T~Pc)*>$m3bvo;G8?h6yM5Z}jmTx&qUEOGl4pvo}6wg82mm#aUNLEt^#)
zsoFr2xfx{oWsaX?so9!UhEG@e?e5#0p2jfKPHpfKvJW!$U(kWdPR>{zO*?H34dAn}
z8+}gFxg5MgEZnXUr+nAq#dD=z*&Cir$A2l)TS59KFLk&_6v>#)dcscQ(3p&!Ar^u+
zI1O=vVRjIG$n+a72=Upt#f_#=Lgo1t91j!hWnS5u*-c#^ZJGu*)m~+;HU*1EMQU!B
z9BaQ=$R>4CZ;o-8okAu|9mB(qsh5a+V|Jdo`<zfCp~(Gx_W9-CR#@UTAAsfU?texW
ze=rRmWnui@@WL3|5w*1@2TBaZC?DCwiNf4og2kynb6~A&EY`;M%aA|P1}mloEZ(DB
zxH`MLxjeiJ7W)*6Yso_od9`%J3gGTXKcc~qhHq)N{}7n1Tbi^Ps{t?6;NK3s`WN6_
z34%eU2JU#P3P0P3Y78u{y|;%4^nX3bIw^E)hQ96@hpwNgD!z7uO*!LKcmzkbm=yL_
zknUcfuG?t#qD+I<ueln|)fJ~r<()2iazAP{x;F1I)W*ydV+e~k?M-yC$8cTALjPiD
zIX&c$ZA}eWCpKZNHT5QC@Ra23<6=lq!$~iO#+v*R1<#a+P~K{bU3J)uUVontzY&PR
z4sla(+16b78k8E<cZF+>C8m13T<3nS`T9@DBJKJZ&U3%9Jj>>bGyVR;@O&A!vb$nK
zJbhT(C;}gtg3gkjg-|7f1Mj+2Rk9=$f)yHp6OiOt1=~j>iV*0kAHxDzr>b5CP*WdM
z>qHK8gfBS7%<9i#Dk|ouihpWh^ImBfvf{vSYxXC85fr#>15S5UytaOPi%bk%Kp{Nb
z(dR3L$V_+WW5O&|lCK534HFTXO;;=$p~5ir$!)k!{Ob#fqzIJ^HdDGX-5Js1qOQ*s
zQb~Xy527Ihh?$bjZYly*s<5*Qq>iay<<eZgaDu)&C$*@ZeRjFR&3`@3s;tD4|Cw}M
zIV!6;0(cyk3OEWaj`klY>dWmus3wZ5HT$N&{)QY0B%Q<g75|5x)u@H0<PkdYGOtj9
zp23*KVvfw!S00nC_Dv?tT_AArG*9ozACjZ!7gB8Trme9V+h!Fe1P0w1pZkQ8e0)x1
zw<{1=!RA_!cD>2taew`UCUcezj*e0ojRW(pm!fkXIksakrwp$6FL94-(XB>Ro=N+J
zygX~24Ofvyu;q*MS{WuUV5C9!SnkN$cG_g^kFfM>Jh9m-2A{OXn0QWj;`E|i5!zlU
zL{<@N;XGg%+$14K>aw>=TvZi}yR-8_&xb{4u+%&{QrBJr7=N0q$mYEN=5#L*Qcn#g
zO-0d}Mzw62bOoG&LMG-OsZ;DpxpwN9{cig-FHgWDD+8b{qoBk}1{5FxfxhcWEz=gD
zJ#Nmqr_ofon2UGPK@%w!(R>2f5MlQi9@~Jm0SZE(BfO_FJY8mCqX!e4hrd~l--(^W
zAh9+Cgn8GeTYucgxB?iWo-?py>#rwkNp@VhCcwNHsH8v|En)C?>Rjvg&%E>+XVEQO
z`OwT#n0b|Cfd=Ir|9{Rwy(~sZFBx^*TOpXyM0A!jK~fb}g}YGipZ|m+>NVs9IOmAt
z)<;O)SW-q)SLfu(({q^_qAQ$j^Q5$zxIgwe0K>hfmw(`PG`{CV!l2cz?18n$Ld_bg
zMrX>wWdj-OLHLW*aT$BT@WJc$!1uKKIsudtJ@a=%hhmj#vShf||2(6tZ;jPDMa<4Q
z^L4NeUlv$T*CEDve=BI7c4Q2K^1+%xLkyGOX|ZgBGi~K=OG~u)eH~+R>Lu$`W%fvV
z#!O2EUVj19S1rlCHrt3jH|<+8r=M>;w}yuODRlhzOU-Eh7v%Il<GRu)j3h5p=cgiQ
zl7tOW%rGG-G5)VEKVXMXTnO+^F|YL2jMoU|+ds&0vPX*9c(SEQQa;P*R3O9*fEnCz
zkIv(w0qHCq)w8xcPfv-D7$I!+fMp3ch^%%G)qjpX=L;Vqqjl5iEn%~D_ce@RmP^k1
z?T+-R-~B6tWcf8XR^9-)fH2EDD5<a0WP-QmpH6x>6{{58FM7`DdQhTsJgyOQ9^K0V
zvegv|hF=zi=Y)w6g_uIK^sBMjbAJ-zf`2sc?}!*>&#i}QR9psvFF9~W{}{%As>0Ud
z?0>yL9Hgr;-8>eG&K?Du*=Ua!=>9S=zy6>yRvca(1ZTB~P2#o_pxVVqkxe1?3mIbb
zMvH_h-|RcTws<KKl<~eb9!rJaZ{8lg)wLhI^^vF5uA$fM;`!U5FM6J?*3-br$C#Kv
zC<jPnd;OzR5IAv2Lyt@LD+3Cc*roIlnSU*gq55Fp4(w}kitc<ce8dMp#cnF0xviCI
z{5<;nP-_wr^*raa7FrQet0oaZQLorDb*X$A3CHcYbEYqfI8#90_Myv;l(C(r{QGg5
zDSw1vS9E4XfI;)f_Oo%urA)fFA;tT(v6bKIp=aWPKC_6t&@Q}GO>_l$&Z$iBPk;7z
zpQId3{Rmh6!sA(&-B8nM9@tH|2y?j%#Q+VL$Y@m5VE_>Lt38r~_yzStQ$Nz4<MzHY
zrP~Pw!|<7mb(cKQoT}Y~D*02bvQcB`1|;9Xns_3MOR80{fc3NgqyniRRQ1B_BMfQ9
z`)NKiQ=$c#7Z7=d1!LfkL?`rW^nX4WohvsU_`1(m#{UXwt;8>*R$*K?0K^`(;|+gL
zLvZwp9;m`oWR)}d5_C7XUr+gaO+97`2!!m9{<Q8Wxk-1gG;p5Oi+R;2;m~Z}LYK<b
zB9^!=18bG&uhg!Cc)1YCmxQFp#~2o0L_eLMHa&>9FT8HlG<p+!EkuroV1Li5c5gny
z(?^rEv0X1<aZeENzX3Pz@+Edx0x#ky63=h+9ZgDKCiE!zK)*%_SUhhlZH4fW>S?gE
zBMh2^u96yS#A{@x5c&fs!N?B+Gg_Axk~tnhEAIZwL5m_3B>nuOzh5iI12is6a-`D&
zk<cgF%qQ>rGJfH?O$_pVMt}R|LqrPI#6oa&{`LA>?{gn?UX9=%NyRvEs8l_Hjvyji
zacJSOW(XWOOKF=ufQ8lK;g<F)j<NTcfk1@72n%_{V@)OF<CXpFxF5-J;oKSluqHzQ
zXGNsB`Q$EViJ3nx-)Mv$P-$aoT~-;JW`9Xj{ruu!ZZTW>L*(KYw|@zantlLJEwFf1
zS7vm=b+n+mcOo}RBUtop__>vU&KsWo1Zsrls!7E!1yvHwsXkN%o-V!rDsw#D7N0O|
z;1Q;Gf?X2dlnSz%Ew_+^Ap9CL+P_vTB7WV8ALqM2a$d9&MAo!o>`)@abcTBW+C~b8
zxtts@#IAn8O}mU;+kYz1?ssU09DJq{m^wj0V~!?VUsJCe>YQ=c13i>Fcze<)ir~`v
zn+1c3<I&QKXIP`p6!2XOA37MNAvUv0XV2b5+iLm`mpBAV5xc4mhB%rc=I*xykbAv8
zDOy^nBSGQ0u_t2-<D8SQG&@XS51=;#Gqp<O_`_}e(~&xx>VFwX%PWMFK<@XT4Mj+L
zr2-PXlx^L>M&u|m1;H1m6k~@C7)3;2r7exL7Ch(~t_N_^6j<T+H(*|*7_TpJ`@G5H
zZfMI>SQXB@`iVFMz7HVh6w)2)_HFzwa`TrR*=}s~`-$mnxA=#~YVuPnQ8nsUlnm(&
zREwxPn;|Kn@PB_}@1A2k3*JV-x9#p}+nTm*8`HKmZQHhO+qP}Hr)_`Redl-cX0yB5
zO*U^f*}KUk=kwP&sj8$Zb?P}eRZr1xjVX@jeUb!U{MbTy4SVfr=sVc;<XmX;ohz58
z4QtAwQO$*pY0QW7pgpF|hM90&*L^gGa6!ztfa^}kZGT<swUE+GAs^0$!xK;&1SuoC
zVS4N%vMx8qRSVI65ga}|*gMW}4q2!b4k22HqRSsbMTS(eKu;}7%Kl1_&5Yd9dv#=F
zGg%ccz1ZLImbqU}rbwnv|IIIVC@cS!m?gtAPDjo8*w^aDamM@k%C&MiLGvd+sTLbV
z6spl^tbabaK1L8)tv{2bn`%XZ0;vGgA2%k+G9vi|4&mT?Qk8UuG^7MLIQ`6UyfA2_
zKOFYPlZgAFwBrey=f7MlZ{BwtpLeXjIMkFbOmHBxl%JNXQ<lU}HZQcSysffnDx}=r
z9G0B)tD?qA2o{I0<rk{D5@@Z3Jdu$jMfM3z)_=uW-Tj!j!?zO+QxtlkHUwnAo$%Db
ztA&^ReW0~N&^idAQ7{Ob{Gl+#vIUp(HA1i<iGblM{9uq?d}`dRF_3}8fQfUOTThj4
z0-ZbwrIEm6)niY*vI5AFF!EHanQ^_Pt%^Ib<gSYjU5t1+z6NWv;?VRtx2A|b34;SY
z(|?$9OAf9}SA0?i!b%(6158<@Z2|60sk*`x?HL|t5C{1<m>Hev^%JS-*1j<n-w5#n
z&jjKUDnGu*nlT*fz8H$HcNxcL6>-x?sgu<5Szx-Q^Y~$WAYXo*c1CJ6+ZL7c%kp<X
zF@qclO{m;FFl~P*S4@6~TnUxlCrHl#*?%p4;<B+|)%GBAv&aK^joq98-}Dvlfe<Rl
z;G1}T05n?9M$^;YfPz;*n-D23|M0%8Ev>FIKS6VigAZM&W$880P%KT?6fr!uwnf7>
ztqS@cs(;9R!-EF|IO->mh0L@kJEwNXgijL;)ZpgTGgNqv`brXX@BK!I^#OtgCx8A%
zK}F$*bD{WzdjrNsZbCuIc@JXsy9pd}7Hjbha8~Pykvei2z*oPTK4;G4AHQz@macrX
zEJ!8SG`&58YKde=0_z$$r=+d@`=0YcEWrP3gHDY8Q$wtES3<=%;;XTa#RYWNb6saj
z-W$y8elTW*P>9xVq->G^0r5b;9)Aq-Agd_;q*rT9059p}E27+Lr*H1`1j;k-&&ZnR
z7s12O<#)cu2eM(R_;)BqzB%v*1JfAJe3u}0Fo`I~fj`CzQiXfd!G>~G=dqcS*QTc`
z;!Gl*7{<ycX=jUX^l&}E@B>jafRiYZ$Ded@4SUqU5^0$bKST`U*G2osA%8fZ$k;t@
zW%dIW9{-K3Wz0_OW@O0`bk5G3#dFLKNPg5Z0SJ*50pW`VsT@Oa*F1jU&w%Lst9%V`
z+A-KmMC^Nq+$H>_@%7vV!}rFbPQ@DopX0&%sYAVZCRsF}zMzOBys)!;Q*>nzEe>GE
zC>3B2)H#h@cHUP$IW{+jd4J+W)SG4GPuVTq+KrH-a`tg%WxYI_O&^6K2ch{n9yX7J
zIc`WHT}(M}(5BJ6ZiGYYqQ@ybJ}?CkWn}^*@4L?zZ+Lhb3D50j)0-)^^2y|(H&Eh3
z9({rV=T>AMvtZL#Gf$8X65Ljl458B#h13&luD)_`lD?srZ`0o|rGN3lkrm>|?A^=P
zo42b=?dQAF)D&o7r0!6;zlS=p4fY^rz@A>sO2Kqs$wS<5rA~;OrQ_!b0`n&YLLe95
zN)sKhqU5*wUop1B=<pSLqw0JLxA|ST;eFS8Lznt&DD+`Hp?~AAy8lo-(skO~oN?nE
z<5Jj)iuwi<Nz{)ZM1Ka0bwY>Q=E6pax+3IovT1VC&mJ-B^{>A<8PCpDTxOgf=j`nL
z2It@O>`ZZnl+&{|igr{|yux3yA$s9Zi^>7UZ(xhE9<}x%Nn#5qKlH_TL-J?`Bg?}^
z{eYVQ3*hH$T{;4!XSEB{w;hYYcZ)7_9gNPhzSH;$hf3G8<$w0;Qp&OXns)3*b1{IO
z_0!5_UpJcLq28FxG<8NW-GwQ(u)E@Eol$^tK!Fx)L0L=M{qxd`^RZe3i<-KPH{-e6
z>1|#MaYghw;BMOUX5n#!CG+DE{Gjb{MYqK%w=5Q!d+dUx6gT!TEX3fFScV7g_Yrtl
zA24GDz3{Tp8h<!((2IB3HbOqE1$=haC%3FtZ;|}&8wNRk{Xz>pd*q#s50^KNQ0AUH
z(JwNt?!yFPw&~K)B!#q*AFX-8&JqT=LXbu<?OnRJ$^PmAooEdpOE5u)tYuZRnYCP`
z()yp=zY)*Ao(y(ZzxzfY7MWHvlkZ1A+kAjfkA_d*Nq?NWEC~DeX&N6#^`hSltWQr)
zP~Y;N-H-K!zksY#;a;Ibzk<zuxw%jTIh;Obe}Mn&-=g=@-p)bxwL6){6g+>%u(4QN
z<YIfEc(L=K;UFP$ricb9@b-H8QKYPfEQ6Tn0zu(UPTU{{1H%Tq98}c}t?YGNL=o3j
zH+D}KhJOzA=Z{1kg~u-jcYCgr5k186?Wu(toNB1!(|g;Cx=)1Uh2Fh|lO$cau@re8
zh0{NgCvmd6v6`Y@Bmmo4_ejdw<TkizP-X)_>K84G%XgWa-q!^aizf~r?<<fH0Rp{%
zcE6g{-s+*a1kpy(RQHvd_r;1@JpMX)_fZ2b)qkhFl$x$Q)B2FBW2pn1(Andr98(f@
ztY0;u4|Ft)z71b`jyCT-sNL>Vp_&)xhPiEAx9c~VFv+S1JM<GT|L@S*&Y!XK*yU-M
z+5+d0d0w;*Ru^GH?k`AMbnkiJJF7iX8R&(}!!*SQwx(|#-z6ok4Ha@^Xc0JaT!Nf@
zr+?`ZsjhnRyJ9M)J^nvg=FOv*fB=|7z?w`Xo&-HQCADq8X1pQa*39mtXI+{d1bxm+
zE%|}i2=ilyJUo^G5ahNmp1TJ|zjt+dNm{~ny8e*-ojBt+R9*jQnNb*Xz01wQW$tlH
ztC`As{fSxgm^y9$ranriw{Sn8L1W{QQ-1;34RV9pfHXbq`^-&+ukB57+znPDH1A6_
z+hlS;Zky3aTsJ3xH>hjj3T6N|UJQwSKfYf+n}4s3HR;hu^gTnT>i)nk7&j3DOvwp)
zNSpN`7r73F2qE)(lF8V1Pc?jW-p%6yG6n(L<l?z*cpSo|%+o!fzEl@_o<C1|@P8=%
zT>1bEisdF``u6Hx2*6f_xa1JBa+FF(U~$^VE?eW5zCG*f^`<LoAM>HDjgLo&6-|m<
zWi2s(+=7}I?B9?GA+YejYHV(LHiwT^JD*ndOFD<LL6vd6&%JTm0lc)qwo<ifM$g-+
z_A{IQhC3s6m`_Nm7esJkkoB((^M9;y*F5g|5^-h0F+34s-g0B^vU)P`OlZ7A9p&;S
z@0-2E3B(Vs-eW2?FEGo}E_*l>s@+)%CX4Bt;nj}?<<Asb3#~o_tgTqwJb`$dF<6~Q
z9k3xIJr`lML3e70M=5+rL>b5yVwAD?Dd!x<KS-V8uYWf^U~Xsv(}$_gL4V!hZ7m6d
zdYZ_SkP!{k0DRMGNNvZtd?K5k5yc^UU-%EV9(-XA1jgi2vd~9n!;sV%6V-N&66QU(
z;%`tIxX!U(#mcxqnbigli}h*eCh>sr3#n3~)Ejv1zX|PKG49U!k(PVIjYA*I(@DR1
zNz#tRF6XOXovaf+>|zT2Ab%pulQ1r)UI;kh=+p-ewr!V4^nA_Yn20ci7_3rB@6w3^
zNDKLL+78$(c)_!I13%1<p{_p6u7J<{6d+LQ>;vqhCx@4-9|3~j4AcoXR58*bF}CTK
z=f7kwOb9at*mEJKP3!-h?8;R?w=F{5Yy`d1Z;1eUuzA4u@4C{x9)Al7hTqW`pJ{=#
zc5b7Z@Y`ofJlRBraUOD9tZCKo;Oql`(-Y-J9)LJJ?yol7cTXx>Ad$%%qN$2z`(Yod
zJEDQtO0Wr0>Oq+zIFZz0rA_B&GTc3@WD_7hmFgMU059@3#SHA|DDAYOwg#3xhGfM_
zU|4aIM1ffw42eqGkAGMB{JAPoU_n{EmoUeS<NP7uj$N@Rwl)7?@)Yhmm(?pW|3kK7
zwu~I<5iGx-n|d6?a0DtD)=yF&*Vw@idZ-4HyXO)owrldubiM)-UNofD3%?pExptDw
zEQ*)L8qEl(a#k**4*QfZqQp~i7eo(o7gM4Ryazs?Spb8Yxqt2`y6$OOOuVIQc@^W@
z0g~V~z$K*?)kq!?M6Q4Sux5%^#8Q?K3>;yOBx7-H&)noJ&LEH=Q2D8;Q>|01-Bm)V
zz`<<{wE@tpl=nJ7Z}2Ga37+#ny5fy~<2pazQ*(64uMg2j)#lADwRE)m$~4&IMzx)|
zk;v_Mu*z@$hJPn4o0TI3W3eHY<|euzBo6Zs5srx?N+>J0erJ!CMjDnlCG~iW$62ne
zspli&{=+3zfE@&S@fg1Qs$6|jdo~2owCP71*c3=rt)D3S8nTQg2s@U?WRUP-EDTW-
z+y*C1kO@_>Efh9NPC0vwdcinKM_80LWOM|jJ2|!i$bW(<Ad@lq;LDBj4!VRw88-L)
ze%jb!2B$@UYF93!BsS4!gqHspsop=c?WI)-$=?>r4kQ&$;A68Y3<kG000|fC|Mjpy
zqqt+171#v(330%Uxk_IC>uX&1)3epG;V!ZOxQcLuXhYC2ROBa|Gl=KuD>Zd+Vs!IR
znn=!laDRQu+fl_3^g_*S@Jh|3KX-xG&(y4~Y%-w(;@>wEzMH(at+t8;`Nm+YVv$&A
z$}-x7)XxqU#^MZ$$ky?MjE}qt9;B4yRKg~pXsbkE48r7e(L80w-k3sBpdE2Fhm)R(
z`8x(<lxbWRm}G9DxDNsS#0ROe25!MV+S7pGfPa=>wVZMigX1Z}1t1!K_FVyAua4it
z^pE+L{eU?U!s~*1LP?o21fpe>1C#;|v4WsI`26J=$Zq2_N-2h6FlFq?Y{6dlV78vu
zpOP(GB2UY?<Gh=FSv7Z#)DSehDBI%anPpUPO1en(@QFz&!|0~NPxtPvtKFw=2=2az
zq<_8C<l*n3Js$?Hr*~c3kBvO^3B)LB^~+B-FdGQf-OB0GjLRSiA`)oGN`W^ncWC|U
zUKuD)n``I9EglF7QT~j|8=LPK4b-U$-KVW}!^hz^7gWlrZZN|(MfsoxoUT|R{$;1p
zcwj<cSEeU;6r@T#CIwLecs@sX`}eK@GJjNx;(0P<e0L?OVY6a}E`6y@m&~H2Oa5ny
z*4J&lcIwFr3913HlsIfA_%?*Hl{<~_IL-oV#QffX>KOx?%=mlEzttPqRB00z|NO=a
zzZT~y^`;Q`VZ<Jv2DQ5BY@Mr%qD;Uh=0FvZm#upQMx@NWoc!i?c)pv*^xR2~eSgnJ
zSB%XiaeC~nEM6B3OJ)6;tamZR{{i@YR-S-WflMqI*pES?4a;(Y+`yNwHiDQO_D0pR
zN_hTLzw*Q|0(Ea;)e<nTMw~1!WwD)WbmfH~d?_MVIVzGF9_byh4VTZ2(xI1yb|tK^
z1Q{^N-N9KO&k0Tx*tAP_QMz%H_kT&A(X6;CCQKl^xt6c?q3m!+zl)+B?^G<@a&8xm
zhPCVFyWbW6Z6b3iL_(}%v7o1&?^-0-v6bg*jQAORlkoEs_B>Ofo+m`sSGn{3y4d@c
z+>0x<cbg%w6&E>7_>nLKf*jYoavWWZ^deslI$gY*XBFFO+6tN1-MNU;L4W2(Ly8Gd
z!+#r!{~^B~=<DNN2SEiLJkIV-lcU}-PTu<6d)XI~*?4pavwMp21}{W0@+(rL8*bOa
za5FT#0*4`aT7s!dwfoz9VOcMU)(d{J+q?yJQNurFw3u~En0-#KO>$!vWdUv1^(BV_
z%qll@&arB{D9Kh>IK;eI!+-77_cM(DV~p2l)s>p531Nc2L%!Ug^ty`#dm9jY=O2z(
z1S!sU$mKIpjOW!Ge)Cv&MBH*=cLkw%ry=7Ep|u`1G}tKd@!;m8OR7oaZ5nLdE9^mX
zaK32pge>%jA^*aD8*TN$Jc+g&N(h*di~-gBiwuJ0!hqTl@T2Bs&41SUN$p$0lum?t
z6JLQD{@KGW*HT3JX*bexzs9=$dGahi-u2B#)5U@!R$<<7LR6b^m<4BTK-aoFgi2OF
zL2-!GNQeyrxB-8IOTZkT+=<zXo8+RXjZcAw@BRQv5}I+DRoYeb-TPqN>ML#4w*_8t
zHDlZt9QLj<52Fxk&3|xBV@=)Hmj`|OIEAJ+jxM%m_{nSCgtusOP*g{z-w;MeMrm~D
zA&p}MGcxShsB6-pGy%ek9!F#pxhdf1uxpRRc=rA@F7OkTz5Qlxe%}6?8qnokN1-ku
zrcAM~UVhv*2BI4O(RneTh(_4fr8{3ymf5RUypGC{RZma^qJN$#trw!mOCX!VIA#y*
ziM2?xORwTgP0tA-JG$&`rq5i=%2lz{>uku6Jx%GwMcdk!8yg|l>FTgrqx%hFm9Crk
zkv9S~k%*k+MwX~mR*LQkDKJH`nsE3u4$szGqM+&%l>E_q0T56@80;jjeRdNj_JpYO
zt81e<0mrM+t$*DXgMNiC*ne0|o(mUtg-{fLr)>3=LHd;oJ*(BCM{FqAhow@snbEl@
zx52$^vE2He`jXSlurw{U%aq7bULFxI!L2lLJbW%^{f!@Gb)>gFzPR@d`X+t{Rhh){
z_}~02hWKAUv^8f~S!<6vkNPqLyj@c#$=Zuv;wUu`rGM=|<4ibPj@F`432n00oKabz
zHcDjmS!DT(z&8-#LD0Z6e5fKoz%@w)6WI_q{gg?~@k*-~N1WrhQgAoxjmJ|cxyeP9
zydtEpANb7P_UXpSib-X<@b&w)kG4H$eP`0YUvrshnpQr#?oJD1QNW0f?t#jc+-f3|
z5`u?Ci+|$KV890$2xCyWRnH_E*Lk#cD)FNd+h~!Fq>2|XhU;llCsjx7(c!4n-rnEo
zlcl=NcxQ8+b<Cz8yh1`Cs1Okj*4UOUlar;ulS_gOf=tq*qNDdau4kK;4^uIPplBzB
zpad~P$cTov716eN+1XuJFOSwg4KU%=E}S!_(SM_VS^arSmFo>K!gk9MuU```SE+!5
zhoAmi%9r_S&3<CA(3b_(5e|^jgx*M#9$Xv}$Yu+&ke!LiQHy5tbG{d!udloL?FgwV
zZB-2lp`<MAqKo|jm~b&vHIify*^hxIM%hG;7!953B-%yV^%iF%zTEGj$Ehi8Owrj(
ze1Dwx6a!58^%kATf!ix!<8|~Bi-xu~CqoyP=fp|16aw7s?$VPK*ByVOO>GZvkZz9A
z(+!kg)d6MIhC@V5mib!nPBoCugZ2r$kdnzlWYG4w`3p&TKaj+cV{8!RdpKX`9nEIF
zo3!cpca<++9rVf{+l)4?!stL6Y$Ah$hkv!`<g`DQ1_lOfabhxYaPfv4ZO&`6iK=Op
zJ02l!G&`acdjn!Jhr~qCmY{6{SMm#k*mr`rJfT(}>}+sGTLcAgMVG8t3n-0?l?;w1
zU=+~|F-NW%Q_XB$bpZSRU;gyho2>xFQTu=zpp2}Hx3TfW+3#+asC+~BIEVVs?tkbX
z2&!i5orcV(?dsl~mK_qJBURPpECcBKIe|^T+e1fQ44PQ%fbv;G4E8+uf`xLl>0(dZ
zp@5g0RZY!I({ejys&xlhWGbwd|0E_Rj+T~`@Y#KTw)11*;%0eF`sunKZRxRURp<Bb
z8-xr%{JqbS;=0!D%m4T!oF(v6RDTjQoBGxP?8b}WiDVQy7`U05I0k8kOBi|%yO>3)
z*u47AJNK&xWmTs&ws_b?*YgRtw)>e{uu>8UEX(8Tbys5XusxK(=f!r1DUU@~r&ryO
z_V@kQIay3{WSg+b*pVQpIT8pJnG#Hpg>VlBEo3@%97+-p3y41wRtcQuvwtp?Xac2-
zbc2<-Uw^(Q)^2O;xBEF2Iy!pTpR`FwM_wIhP9l*knErhH(87U{C!RVR23fW$R1hjs
zb%cV3D8Qkb1f*+WEG`8;ci8j2UqLsB4WZ$m_w@_7lQ-3Oz_r0wNoHD>7wX(vN_7W#
z*yTFPHXHsTh((nikPu<f6n`A^&n62ZdYz%n4nO=2X{Spy<W&MuPamA2H*a=|OyG8t
zQx~^mhxY5bEQlf`^X+;8p@7S%Y&J?FB)>QaH$D;Mkw?+4V2ddBSz`GQF5EU?8?8KN
zNWYfSjoK#N?@+N;K{Ck&JOL#s1HyUDT5&in_JNf;gHKzWwr7X9p?@^9oWb0jJ}wu;
z<8A_x*ce+cy}I9BYh6cN3@jl@EZEVxm5VM#^fH5SB_{q#>mD|kJ9oxJ4c`8j>Sk=u
z;33c<{^~j-8D8*(ioq^n5its=t5B{il*OH?>WeHt%0UdyqGh|IE7%0X5s++jNy6h5
z!|>OIFJ=J91l^I^dVg3HF>@`=`%Xc7)Q!&Q4&_quAxk>I#+V^!Tw3K%6u*Po)|>*@
zjv1T8n$Dpn$$CC@L|S)4d70#9m<YrB>e+>@vOjADp)L?vi}E{*kBSU1p$=#%e&>_e
z!;7JXQ3{0oT-q6Av29OvyFs>|6k)M~;)jgs4qhB;KCOlqrGJTD!CrOl6yHqGx*-Jb
zo(_0YU&PKw>u~kkoB6|nuq#IT(|AtA5|*cST5A;~uhpw;9Oe4$Y5Et<)vqxNDsb$0
zGT!QSlq<YWO;YHNIq8QU#KkQ~ux6Ifs%q!7&2S-WPpX=LRB~v^g#EBW$}5;jjg;h!
zlI8dl?tz-XOn)$9WyET(8OPmW?<3A2B=gbDEiIeZ#^uZ0XM_U|@^GUhrN<PHKQ(R=
zR6lT9L^J#rY!aQ&SMgj-+lu@peyqHv-craV;&Vwk{DEHR>8~crES|N=ECywdqlPM+
z2C;QACOwS^ElR34NF#-6(5`L)pJMY!Kyd(<P_DwrC4U0g>J4yuQYXs!;BTAuRkA1S
zq|l)mAT?phH8dz$IDyBVw8vXulZJ?H=}K<TAZn#Jd44hcY)Tccp*#2j{CSc00k^v6
zX~W;JZ@CTMfsg}I#9g!mr>sU+vfKq+=p^uoEyg9R-I-g&2XCbOj$e~<*?f`W#4mzg
zdBwP+>wk^$zSNC!<p(l)XKF88Pm;aZKn@#-BZQihA}WS^e}7-;AoVuZsZ3g$oKGOv
zEN@X*R`WFBo^dXwnuc3DXIfcLOiLzfGWdO;v!dqB4+WAj4WWqp=Y2=BV#!dAM}-p2
zbWse|M60PNSWa2tD!KdDi|rC8-WM!3)Fd(A7k_>QfH$bsjQ`gX2y>{IZHV1ySxvQK
z^{?=PupL8tCBl-9B~p93F|ouk77bS11ePHcD)ZnG^ApnT@*OTG?Ev#;iO><KYd8A&
z>YIT{fB;J1PQ{<0mbh*QlXOBTAlaU{+^Hi6D;?lNj+vr4Y#UFNNYEgwRE7kwVwRAV
zRezZ<AuHoK0VqkQOWlCY>p@z?Kc!R+%YI%ygC5&NLaVkIWD&2g?ithMQWhbu@V!fm
z%BL|KGe?eQc$*b4g7V!Q0yfSN{E~CjqDD5sBw)m{an%rKx4IdvJ((*x7xPj?*sQnO
zc3IUH5*Jqify)!rj*h9437Cs4%X4#kl7EXVouHJtlRA`WFc{~GPF=dV`pYy7m`!t%
zFmj<q^8yKZ-8|Kv*HayQEr`o7#InqUcm)=Yt4<8so5GQikyX_-DB_IW!w19Kbgm_u
z)eApT9(d``Z!W%j-z<YG&}rL52M7g5?a6PrVff-n%M8PBU%W|=6h$iiC6<37{(n9^
zs62{W$e>j0x*HL-Y^D}OVqjvrm#J@cbrz>GrNAJwkfO`=ZCKjOEYiFy*_||uBP;+a
zUP3orjEQ9Am;J)|4tt+)G#?e#a1oa{gEy%UUf#GVMw^<RVYL6^u}B~;Rw*nb*;TTT
zLKEEvPAZ{FG2zjoPSz!kP^Wsd7k^AAjppK#Wu_vDuDT#0OG6*Il)ue=G5avf6)A$=
zc+#j{X4!m}@AO)|QhI+pBT%k1*=Ob9`4~7oJq09^t}kGDNc%aZ+zQP)6G#_^Ej76F
zu8vw4N608At!VTLVB<K)Ki{9S4EsFukA1F^VE!GYxwB3?A!5r{SBY0N!hbNPC1!1Q
zU#woUByhsd*Lc1|fKLUh?n06jJYXfM_!6p|6W-sO&rS=LN;I){9q0)xnOOSq$p}JY
zY?SaR(Jnkuk!F9}%k(@nnO<sbCVX!_K^CnPkvRK_lw5)t;(y|qDkeUPA6pPcD(SK`
zvVoju+9=trOA%4<sy*{vx_^8`1BR_Ti^yQ_4lHbiMhJ&$fVqiHsevP{n?CwJqju+e
zdvzH$?9wWsxX8lkdX1}`XsbkdsG+TGXzg?vDOA_ipp^fsQn7NmLj=ZN26t3MG3e%9
z&kom9Nt7r`Zxm7OTt#h_X%HUNVtt)&BgH!TLOA1q=TjC&?_KLMoqv5J2StLaOtq5d
z;SsRL%O+O76l$X7__x2l6Oz9#ydUU-vrgV$dSWj+&|rd#_xJbdCG$$xCMRm_b<?u?
zftuo=2Eh!p3%!N4s4bdK3V%Xwn@S8axP2{A9dH~RXW9-hz#-ssyu9}J_jArZ{2k#q
zjWm8Ou{%3E^lL5Nx_`k$e_D4&G)x$|*<&p-D2cc<hYSm?NHm@8v<CoR=*_WS8E)oq
z$ibK)#-<(_sd`_GtpxlraS4<#6cCV;xfnuC&=!s^@kfthzU$6gG@zfKzWK=od+(>8
zp|3lKCIN&Z65&F|)+x?xNCuHkPW;t~J^?G+1On2i0q9VIXn!F*pO1iB?a=vo<l~bQ
zdmVtI&x{_zpj{wbhZIbTiB0-K9NZ(|+lubQ*ZW{uZ5%O419Nj0K(RAchU5Rsq67su
z_IBvqg6{=-;BHXk4`Vn}J1KanT(+@^dwBf5!AusXFlNy1)X76^nM%G=^3x%g=_+p$
zo(*M@fj;K38Gj_i8$BN8?w~*S^|1<RdRpcv3%pZ8+$FcrAOBd?tyjLJE8;+M%HRbU
zVW|>&or7TvpCRrT+~d7|PzkEk0?LmnBq4D{k*p!L>EGFWA5FT0O-kp?k_kK=R(ZKc
zo;!ogyI&ADcPw{0y<$%zonZ%<iaL|j+M^b*pnr$ppMTKVFFzqZ@pkQ!b!+0F59#Ws
zU_z)DlhGL|yUC7YCtS!y7J|x}YHwC+HcU+1B9~h+Il7vH8d_ugd1L*J=pSI_$qsLi
zleAN_i)z&MO67G;O^-T@EIp?k*Q!K2oSkojk(FpcD`_dBxT3ilnwlLZe^>CwJKKL`
zbU32`y?^qId=IDvp7^Af1mo&8@Ro)LAgCBKM%WM!53q;#uhN|%F5Vk}Pp8TJjm;-%
zls{&qEWnsC%&X=s{G1AO-)4pLw9_{m)05JW471q=`cE+P-H6Cn+#u%1re^L(Qx+--
z`kV+-<z;J&58|Jn-WUrkHp-1|p2EMmsjP{@Tz}3kPd=12FZh2iSw&D5HNOLuy5bpI
z9HV?G$L{C&h9^(Jn9XJvE7lgyg9-M1eZKQIdIGL*s!r0TAGWM!YuwB!iffY+dX&yC
ztgNg&3m9IqBv5~eA=<OWyd)px>U*6i(p~dTL}ZUL%33yavF~~<@^9G<a)15S0dh4;
z<9}9x;O<B_z(k82?u{8JdmM<Q|0qu&mo^G@)1VTm9M`5HmdgmTn5s7##eeVn1bnCe
z;RrHlE7UBt@^cxWyVyVAKoF0?{d)MjDE?GdPV6P14n6a?Kj09Pl2osBcwEuSeVG$R
z^scDw<+pCu{2Ru#hO{s8HZ3BLGD5}U@_*EQD;r==oSmJ;w&#S(F^hVS;@x}z5PeVC
z`LADfo0l!G)C--H(R}9r&Vbkf7q$G4kpHPp2@|ZU`d8cgbtnG!+RfL@&1;XIMRP#w
zpLyG#h@Vr~)EB@(6mnTF!jlc?*wG>1d!UG3E$Xx_$H&KZTyg{*oL>a|qy?f?+J9Ge
z|INt#|N9KtEdRR<+5c%BkWTN_-{;^L{%en1x@T3fn#PE)RrO87%}LAbRQsb$DYLSv
zCf6FZ=;2Cv2_+eJ(40B#S`ZL&zjRdid{|-7kUlMCu!LkFIZ{3nyb_^hel$33YeWkk
zm(z8t<Mw-2ckk!bO$*)E-Ib#$W`CKDMZfP%V%Pe3Pt_;ih4+q`4&T}cTT6YkjkOWZ
z=Gus(-^)O!Ij<dL@^>nK?+3gqX1km71$v?T^qa@MPNSmNdB~tO&$htmH(i&e>c=kh
z#d5B44#q*2^Nd&t!>Ftxk72_h|BB4rTI8<W9V&^_vs}e;w_|AK^c%OoCV%?q@SDST
zr+v~#`r@$_8#y~Xk37m7*dO=b&nD&TXOIqF`y1)4F|*e@C+sC+gPL{d%EoCt^W+z$
z>x5hxBi)@4-IrhTU99bPn3u89bD*JjzuW8qp683qzNfFMCOZD(p=q>+b7z~hGX$WH
zJJ{?7)jE_g+&A|DUm>QWHGlTUHJ$jXxsaqBqrYl|{6HD>A=-@7%NpN|8Kb_5WEbgc
zdGWJfZ#^~IGfQi?PIg9WUbnS(GwutLDIN#uJ^9C#Q8d2?1}-ul)V>R0Hh)xs;m#bl
z5rg3E%LLG%IHklRI3Adf-KPU9QPq5{Tb18<5$*Xm=0S3x{;>uYB7ZK5jZ@816Xoc8
z?st-0DWsiUppebUnGPBE6+PhsTz`Xpz2B35pH0h5UmeFBJKd(Fr;o7uSS?i4ebH|x
zJKkuwRXct`LRD{TW!K(p0m3J?n%NBo9DcDI+&h>?@^M|{FQ)NGhONBQ=3p{(mQHW=
z<HQT%Wc43eojSoM!hZvWs^AN~Nz?}1W=i<t1|hP6mkR>7^bIjeF7cxO{JG=1uYQud
zm{qi_uQmr|Th&}qdrOlXh<fFbcW%@52It0SVSAOB{L;@Jo;ja+=7Atm%lDLFXML$^
z4zA>{K&EOY2(ecIRV$Ezc7{>LV}xm;d4;{`2_OoTw8Pe_GJi@SyKj>}@k-@cmY})=
z5v|-V+OXVLMJ-|vxuw?k?t?tb&q!p+;06Rg-FX}QS+YH}H~h3j3W_#uW@Lo_;uwPo
z0}6r^LRmVxNIW3Z3$*pJi=3PHG@o+Yxe^KnIT093nEM5PRb~i7^h3!VEtpImt`p&!
z1UC~h(<l<&x_={NJoIt(jpHP3y%CfMOhai-FEV`fou%YWCDW+P4i1Y2xd1{gg-Gb*
z7$ni4(BfWKk|hhImJwx<G7C7H$Q$Ry;1iD~H}~r?X0?V6xXiV;zIn1%Z5Jm<RbGO?
z*eyQp=Y$=0*02H63=)7iL2%--hX!e7FTz=-CFUo}f`9o~U2ff<3ipa?HbLj8^EJ}x
za;hl*e$7;#7(d*7rlLAOVToE6G}1Ea1zX~7^fE<0p`-|V&NZ-7BTC{ToEGQb@+!|R
z1n#$jS*gayN2=Dv5}s}|L|I~E*b=~E${DdhL~#`%paD`p3gPWtgX>mCH3C^Pc*e1;
zMPz<XDSxN01;(ky;d6w-;3j&SmbZF3&Egw99TGp?;WyXg3l@fBG{yOV6VX7mQ_%pg
zM4?N-*Yu^MnW0pT+j9v^MbEw7e0@1D0tif>B;~c<3yA6UF^!@}n6VZrQyLGXE`Bfp
zosk&(-Da?CI5utY&fw~lbT@`HrVy_}0i!;^E`Pb=3%JP&=om5}WD()k);IDAHaSHc
z8Hr;)tCcrHs9@u~B*Rcs3Rl1gy+ZLI)u@C`*OQN)!&$*p&F8@i?Oxqz06GS5SI_ZU
z$2LC|K9iWytypHzju4$9Sh3bXPFO%fkzkC&9!JgPWb=zm<|Y}?&rywJt~(+uJ^2T0
zlYf(u4;te31SBMjStYGTc><q+aVB*jE<j~c4DZoOm9wTNE8<A9M%LlX#N2;i{lZYM
zuHQ&TwS3%qs(s=s-}#VomEK#&iEhEHW(*!d2QL|`7mZ=&<k0d6R)E^~e~kA@^zh6X
zf7Kv2#VC{43s=h)bX#V+o37|1gRREuR)3q2cqRIyM!OfR`ex<LmhxV77Z%0}b%s=c
zJE+k}W@81nf|=#aaZ)#vAGDV5{Csl`Pw!AUF3^i!m?^5MU<@v*nb#OVJjpncv>Z>E
zEF{5Lk)(zlRuNd?Uy+m&+ZNPER$G&V`&-0vQufF4o#X~=<I8ef8MnT-h2Ju`5`V{G
zNjoPu_Ml;P|9X6S6kn=RUgJUA+sj~<?=)}^4`!PkN7L%smYZnF_#%i7rd?i<fCmT>
znNrF<@|a@mm}1yuMZKhi*Ebg(rmWa{YMzu2brB=$@SzNj_Qb?%7>isyCXYO!hz7i!
zzK#Z-)Xe}VL^n|&<!2Je%OeTx=YRR{>x&aFtF-#wv0?4}e#<~K^dre2ASyv^CM&~6
z`XI_H7iPfpI>vp$Wy@RH<zPcbs?3l%+>aHk%pAk6>Qh%EwqHhd*yXtDk*w&I(yx+c
zlp$Ez!(WzWj9*jdAzzsU9DH7v2&N!zdfn7M-RpL`mEhImaU1HvnvFsVm463n7j6dd
zN3q_$hb?0|OjVmzOJSHWyxOCOj0Q%yA0xvz+*%t=SOM2@h$)<aZdlq}%~IBDMFPMb
z4<Zqnlsd%c!ITHZ=StnlHP<5_KBagsT<#}Apq|RsiRREqgfL;!P!zg=;`z$@f|NK>
zi-b0LZ}r5O^jE(ET&I&99)FQ8A29g{qIVDsJ$Cr?WH731HQiV!6~>G)+<S&`Tw!9?
zjOJH3tXbr4$65E*6F~0>O>6N<*lw5jIaPOpU1tCm>>v-66#XnZW3GLHQiV#82s}Xc
z)m;nr4sdfZoKn?QC#YV#r$%EOh~EuMVdox%5h8H}j9nUf>g7k}K!2L?B{niaeY!M%
z(Rt(SdEM&!8i?D@<NBmx7W>{4?fs<N6L4rodO&?503C=Hm33{%NEhO&abrC(rF&V8
zZ2yDp?!tz;Iy-0@V*cEHMUFRIj{P=SI3dL<W(CdNUyg~ZGRA;dhUYNW_X_{(D)gxO
zs}^+mB$u$~37n_sCx882kvh^qe$n=ZX7avNV;l(4Vb~J6GMzma=xJmNUqy)m5w-Pv
zS{4zM{@sfP9WJ+UJh|IMUSxn%oPnb(Zl<wKAY#tS*6UvUyy3Go6tLGd6b^rHE<Mh)
za}JVcmZJomlD`VdKCTi}5E2PwYH_jcQ%qsl%slry*mfgD9Df@z)Y|#zPxlGGJWg59
z-yqqKobJZSN6g4*STmeOc5V|nSe17ryIq+t<@c(yhgo04B-Xea)2len2s-Yn&ZCDi
zs8+OMneoN3D^x@+2u@*nO{S1S62=PPv=}iyvCWMbWxtfX^oWCiGoy*c_05}b^K%=W
ze8$996>2#H1b+;p)j8XL^FN-2(&L}{kO~3WcKP4-0e?StL%LpDU#1N_kbO1-3&HT{
zr6g=d$pVC}$0sUT%3H`S<k;p1@hJ%SrLmpMS7>u&>^pdVWEO-{DS=_D6;-*ytA{4h
zv9EYNV(dH&dYWDM0chz|ju)1uFxtg9Z$U(JG=iwh*ndD|^8Mk6(8#6dhKZ@mkk~e$
zROw^4g_JC!8tt~7n>Nfi?oP4r-zSidpJnEAaKt@Otl+pN#}44+)z4WMl39Don?JW0
zj%{=4#?53X=@}w1s<8N1OwJ=fw9p<`S^MYWiuYcjtHa|g8wH>Qm+(+*jGH#3n@%>t
zqM?H-2!BO@2F$EY{Vy_zMhSQ)%SY8t=|nHJ&G+8_b}o{0C|bDKz<4@!t>?Plf;YK4
zpV4@?7yAh6ftpi+StKdZnORmZ&~^;Ck@@UWTAIxtaA5a@1#5Zz=={btqoYS`Q6@q-
z_z9e=rz}zG;lmj0Y8Q#Fc)Rm(=b7xVunww0iGRgdkrZREy<^1NVt(I{zvT<*afvxx
zG_z!*(mTcw;v0H+%V5GZ-(+yXuIftKSR(qU6P-D)t6$}lMzvP5kXyoeLQj@*>%*!5
zDW!1RUeF4bnMc3sGyO`5h#ofK%P9FMUD;|!f4IZxc~~O9ZBpx(5B2<g(o!*7J!8L+
zxPR5<n33tCw`e@7`k*p`Zs#&KUrS&x7oE1v8<G?t)#x9W5Iy{ZD^mEwQo^%G)VoU%
zQ>tnnt^>Kd7#^Mev~BT7)wV5D+$Skh`DXoV?<c{D?%vK|=&jFN@PR`2!Pr4mzb0fI
zsiN3Yc>CL%yJll2vXI@IFTPP7GV@LiV}CC_sXVMlC1dw8)RClh$@oDOt+P5!4{6EP
z8Nn0v+8<5<YF7kc(F&|8#IZyb0{)Dm>XZuhjYXkgBf>sJ;p1nvv<^cIO|u~@>8Z=g
ze8=g9!~lgrdcVjlzTBSP#iJ&IIq0Cy?<azi2UH5D7r{rf=Ld|>Ag-M5<&7wzliaiF
z%x-_~l40q_vdFl?N{Z~ctPOwR0v^Ody!m?%BGB}gAJ<;}v^QEWl>}X-KDzj&JX&6d
zHZPFm9E4~Ghn!rUrmqJzl>>p%E{T?nV%R2CS+Q%5pUGg&5bD$I6f-4ev9;T5ywk0K
z-b7KN7MJ>2tQ|+Zy(?E`pjZ&EOQavo0u+CbeOT}oGG-Pp%ge==eUB68D&9=ur%C%_
zk8=fwdU~&P4m(dDd~%AjC;GX(!9AbJJk(%`AQ_?sz5eyKyuP}*bsBG$wU};|k#~uK
zl;7QIz3&J4m!ofBH?MudzC$9O85Y?K+%FWgzJDA3uGQ7XIU{qxaUa2dbo!jQ`JaC{
ziXZudKE@DifuDKq|9EVQz`s=H|NQgM{~s}R{PWL0|NQgMKmRL{xccXxfByOBpMU=O
z=bwN6`RAX1{;z2E{`1d2|NQgMKmYvmzY<%KfBxST&<O<ef4f&o;6MK7Ua1NT`yC)4
z*w_DTNpjn`%CL&cT6Q1xJ?Uy~znp)XxxDmPO=TTngOG`WPQ|Q5u{Q?+4i8Ccl2W21
z)Lcp`5h>4DV6!P&5KFEgB$E;;Xo<rirJ{lcQ~JHX03pGcs?RX8X4Tc=+6~Cg-t^>`
z=a0&dD3E&gFmttV;G3!h3}$i8-hAeMKV+TYy*#}<anuma`s$>w;xB#g9&mqM`yHMx
zYN`UNQue<ce8_;)WXNguw_HBPw+w&IblI5=^VnCm(gGogiOSd^NKWfEjWXAJhDsVA
z-2*W=mPHL|4V}%<V*8c3AeZ=@-{1OCR#8%HQ;Q@Ihw-|9pu>i*WRhO$;p68~?q>)l
zPr=hoe6hy}V<RF>xzNY{)aQQ&=K*GR-Y95uw5reoe-boO=}GK${0K>@hrDGOS{4Ns
zSitOS`gJPs^b;1mtme|R3Y(+Dmhk|CrWFFGII*2o8X@ni8MdRUC+CU*X1{+i0TkfU
zg{ky%F}@a-ie>HdDeNH$-1eCq`558PtiV_CdXKK-eLRQ<sh@E%#&Lfd)rxJCoC+uK
zHYm%zrOf_KlJiTQ%@|Lb_50yrd}g=3tPt$J*ry9AIX+o)A;ttBr?2bHmU`V?UYD%8
zVWp>Zt1mzAeSAZ$ym`|$?<R?MUwN-YfiBR}damS7pyT3rGx)>XZ5y>iS9)nnUB82!
zRplloMYnZ2YiUBeG75h$&q+;p-IVwCAqH4s9k_bM<{~wG`-WMmR|F#g*4fu5&H=g$
z{Y4%~ynjWXit;eer7cfOoL^Y!D{3h+94t6Bdi9%9$wz@o7fka(N9BWn-E-pZT>;qm
z=Pi>JcLh-MegPV01b*+6eu5ak)CbAUN};gtxmc~9si*TTQyhPNKnvjy3B#nHVa1XG
z+CQ6T-VnSmuJgRk<Fd!6&XiloD4Hu)4yo@weqw=Q;UrH2oYDF=D>`3nmGp7l%#W|7
z31ZABYA2r0H?wx^knjq|1d{}oNTWN#4%u(mlJQzyY}yZ>z+L*H)z4t85w$T)7F$or
z*B<Udi=D1=Zr*=UKU`Sw2?lKaa|PxItI0)nSoQRu;8$tgZh^qe%DXDZxb!v5S9j*R
z9#FbTHS(N3FJ>VVpLa9cffBHlvdLv<UduI|mw&di;>b{-7dv%?FHAhQOrk61xOT8r
z`;%3IE~Gr@b6Jf*3z?grw!d(%_asY}8kgS(12?$Wq27POl+`Rq6@NCSzzG~Bc8bd;
zmRbado!6dS!^^u+zr4g-=|mg}riHjc$iOeF&Mh=PPm%G$lKMYnu?W|_huU=@I9<Z&
zpX?Una-u4OOA_J*SB28mZZ!@4WJHLxMWTx0w%SE?lKDc>t#J5-zi3{%Z47dW$*twq
z>-!z*nSy^HfHtcj?|&du8i1(xmQV;AOhcvGw<NHxpAi>R;JKRp+idG1rG_Ml168S!
zh}o@38K`Rg<oA4W4`7d!P*wpu34EW9l2g6=;)~Yf;M_4)47i>zORN~w$#$c2uRC^>
zPg8=R?WM6J?i08BN0=_RDU_c}|CGQ5w2H4wvQ2-?7An8X6C_4ANs%El$@<PHRn1PX
zzIQKy?oM#IuitS$zgngI=1hld91rZ>e9MPujO1XT9RY{z(!_v==V|f#6z|C{k=!gs
zH4Oo0xsXh@g15_ivYKY<_m%Vv)d@nbU7f4WJ~d4yN$v%@GH+zlv)~cwO>wCm8_iqZ
zrvHB<Wl^Jz0d@>9l0t>ItTF@s5^7qNu&}IDl5f0(kB}uV=&OO@qKe|88app4Z5c?+
zQ@IOuse(6m*=H=5<?(O>F4r7A&5Sm<GH8W|8_*p!b>X{(+!Ind$Z$ktgf?yBphb$R
znu}i+<T{!*FfXuTpv%%PZad_|pWtClSZjZ5X<!|!#+~`dfN~EnDp|T=dDH@Z5HjaH
zBE8N$(Kr>V+6pF}ToT*qv5g0EH%D{0R>n%U92d%;*^Y-nKxMGCIBG|%XPW>E<D#~4
zcC#!c_RyRhCT77R2)0#~r)HFTW-6r}39fFP)zOyIgvgmGAv(VaYCF}=xo|CgJZ67x
zG{dP)L7Z2;beKFPi(T`;33EFgN=zt}ThL4f?O^(_+IVtI+^H8Rh?^hDNx3Jt3W-W&
zrBykcmFVOuRVwrQir?2yQsw56=hy2MY3&0O(>`O^r!LO+@Nt4uP{f6CErhIoO@YZS
zbGF_s^bVH=3Q}_^Ad?XML1KR8#iW0W<)pFzi+Tur2H;xCyXSJR8-+U~*R;fEKX71&
zRg;@#-CN|!R;Om(w(_FMz_4_|DZwEbp>tu}K*`NbAooqUU6jxU0Z%q5Pl=y|csb<h
z%?Krmuezumu@Sd!v(fzF=v!bIXhZC-+IbImvd`x|R@urs@aa4QlmnPxjS_!zB0B+u
z0bxQ4=8#S!qTq1|@~AOEgZ9kdvr-t>*RO%4JD29@r$c4lR-4f?6H_N!vRc2&4GF}^
z`=f}fIY}ds5?gqY16$y@5=EDZ3)n}X$-8aSx3IqF-tP!5b&^=zw4W9LUqkgR+J=wE
zyHc@Q@cbQKnOD<0M>#zPpxb{xhGc{}g737_SOi5BPz*KlEUET;%02b~U!q4HskVAu
zQnzl*M`JavjIM0}ksjr?gVArBEyvn$0705+KbVxezB^_0CaYhOdAQ;-`n(-)MAd_>
zZrC0-2vDnC4&!l<p7Eip*U>u5#;yF>EfP||bDzC}R6eN?IOCam^jv?{x6~^MV7vXr
z%>NIjqh8MdQ@k&mki9Ny5}WV1%&A&gOaMf&j(~y%Saew1yz`iPGCl3I!KvGXly8SL
z#nVHQ#Z;wl>h4$SGz%pkl{kfB0`Z0@RiG4n33_75ktdCskFD`Kh=ToGwS_e~rXKq@
zb3LGLN=#@?L_@9<1O|Uq22^SH!|4p0coeiR0R+64bbhRBQ%y<tyDHp4c<F)=Cdv{N
zDjV5I&8MXbSb|)6VVhBb*Sp8@a2GI)h2ly-4ODEC)SzGxAo)Q5s0)}IYk<gW?)484
zTc7TEY2Vy>#Xw~u_kl}^9tr5vN9iPqUJC}_dn3r(1YOmOw3&b2gp5+%ip_00vSm5I
zfif}F0EPPg45{`A?#Xh%Pllh=l-*_Wr60daSpzX5sUHanfJq$82C`fDeq%xWRuxU(
zQ@V@s`gPwi>SQt(BPPr1(CvPllJ>FUJFmsx@(=_hGVOh^u4=M{VklVV&FC?k0L(DR
zZG-*JV+t@MZM1(E$b3tmy5z&NksD0kBHx+9GQ1gf(g;%x5sHwD$rJ0bCo%e5O)LGn
zwNTyY!WfSZyXF&NYE)C?5&B-ySZt(gXaIi=-bFnLOWp{Tz#$73G&ECh;%+hqN>Vbc
zTXg!6pk<zA6-h_S{MivZS(W@-@kld_idYUji-`lFp#Xnsn7RVlB;Duf^DMKl*FbYU
zH~jQH*#&U=W?e)-h24CRiYoRDz_$znXmgMoTv-<&C2D#~<@)q=I03EX<bqHk0kP_1
zzVu((WU6U6wr4h&*?uH#x3WS0?hLGC)_)49NtBVF2?`zU#hoSl*8Ca*AbuW9A%5*r
zEw3$7hcSN`1dw{9Aw(zM``wr7;eda6yj6}Hy*jRX4{pzKQ&K7fz+?u|-*}Gr7T$&D
z$n*7H1X)Ea@d?G{2?d7n&Qk%wCV*4>K0Z)r+OmAFMMaZJ&E_rGFMvYsMvYv>&QQ1k
z*?Z_F3mAC?D(+-XVgm_q{rKkCVs2L+W@OSL<FkM4+5UWwo#u8fx4!v35P-ZZH#FYc
za|!(DeJ+_OGybV$MZC<>r|Y~cDVuhIm%zer0OC5;7MyQ_2-Np74r@9CxjUtPnn<nP
zfZ^LiUC(QZ;_5pKAG?%V4E^N*JlMtp=9NwYC+{)807DUVy(14fIsg)u$f^0NqQraj
zdF_AtnV7>Mhe&N7vdah*c0i?^tf*}!sGA>|yeq0%>59@9;2{9m?Ve9+Ux5`d1q8TB
zmE1UIhmhQ00$o9Gi>q4RXvVci91&q{-6L#(0M)z~IWRSYm;dY<C_DT``?^_)dI7uT
zElck6T)D$-(hXY!bhe4P(ENt?(Dwx?H5z}zowBY?^Pgzp|G_B>|L4fz$Nm3|9DuJf
zz>{=DTk3i%NYpxPJH<Otp^!=Yx5?m81ewR$Iy-R~_}Vs^t+g?|#s;^EkP5EoR%29_
zeM^3os?i%a<=*=6HI#c+I$K@ol)5Lf|8Ljp_mBQ>BEIKQe!RHaa?To|F*85kBinzz
z&(lEpJ70e<*OPSAXxWpp32Q6daxa&M5%@muk008;b-C<Zyu$<7teu}5`ToE%YEV6T
z?cEo?2ewQCJ5TN;%q)Bx=PN6E96TIB4A{UTf)cU68q-I@mw!-T&^UOO27PcTq%rmF
zG_!Wax3f}u6B3Lxmtg|gz(Ir!)?t6?n>d?zuQ<}*IDD#p#v9g_xe?VFOaQG5<*-xt
zs(&A7x0<X_Oe#W+s55F70xQzKh`TxLMyWY2LmBSBX|uwz+j96;s`|ieRT~v{DN1(k
zSo~QSPp^aXQ{_WWh7w}?wY<Eo9aeCDf}>@Dcj{Z`V|}UI1;W057%jDKpNfBRfY}5A
zDn^wQGe3?kYEYp~U94-K9?j0TGTLpWW*Zcyw)cDMmdRFR1>o{CA++0sA8$0wCMWif
z2=M^}G4&7kc>vTwnUi_B9ku7p;-J+Y-MS~iPFPjv#k25$%t)z91HKxySTGSa)SO^?
z|2|QN_Gs18o0WaZ!Eaqi_E&#GU;6Y|-#&J!s~lxZ3(ZV1GLzr5l$}_!$}smzVg1H8
z#VE&&`f=%@2j|Kg&1`vSn!{y;q;$zp52$FP;#4V<JhdI7!sPGsB+qL$it4nxiKqvr
zd9fC4tm$yR%s0FbbK2!y)IWwNmF>IcFcqMX6v)81l*|R7{N+ep4i$g;;{m}+d>p4^
zyFl{Hphdk;+ZxNfpYPWAIHI9M_6lNTFyi6&ui^G+aWlX2k`BnGw0Fl`5iurjew&vO
zWc)mub}nA9Sys}83_3W8<(bqY@p#YBIZl$wt))emUxYBEVid|F(f|hY+h*1W@6<F}
z^FHFZOQZQVQje(g>wJIVmdti`$#(es6jwS^1)a!xX<%9&%!$pF5|Qf2@rjthSlusW
zF5-!;x|y%DWBmDkIruX8KZtvWXkmD;N$}dXZQHhO+qP}nHr{L7wr$&1e}DHZ=FGA;
zv&!yCRUVwA7Ag3pjg?RvixRI_9IWbUjpO$C);JhnAsxrJ;BJ3BV0_=YCK3p~O-3%q
z)&(xqPB^gY5>aRdsUeexg$5u-PZDmpMdyJRgj!%G#6aDr-oI=-^<RMY@V=n88hd<=
z+Hu?^ZMeDX>Y9915~vEL$S9G_NgX&!k)rQpp2x2}!WOdhnWUP@L|e<DYI}meL1>v2
zX$8ed7n~TB{qleNtn3Ze6ZdHOTHlDZqF3WP=^Ng}K9AY)b#ACyXeBvHJ6<fY*7bH-
z*^*5y$(ellks#3VsvOuUCv)_Xmn%rGFNn`ih_TUxOqj(tL?I)d^qD+ow?2eD&_@~L
zTTSzmQR!0RC%sE%U)7ecxMfzvl&E*-Q-y_v7)(m-AuE4M3=czG?7w$!AIgeplW`O3
zh!!!_#}p{g(Ut-Em=lsOjzum3GV7Fou~fU4cI%Cy>P+7o@t^s#CUw^sxcszt9P2rw
z06@ktj)el9#lfd-`I1LjtnZP42tjK?=~F3e_GNGUwdVV$*_7SQcn6*sO4F*B(5{sJ
zFJ#kS0WE*C>3vC6|Ejo}l-u=pvtGH#m^6?7alYR;Ckhj{U%)I1a2_$SafoR`u<?Ea
zINGzPMh59&Af-;mfJ{)4Zaz3D(Ln&l1xtX4Z@O*Jqm5-vj>t#9={a!LnLKRleeOmX
zT|^%V8I?4H&d7vyNu}8P&2?S8-?k;DrhfCDGZcT_srMb8-1)^Hmd(6gl^zu!SS<~L
z;^X@LfvZ1Dyq!PDfU2k;sT|*5T2D;d5#Yf?L=if!5>J<6YPE$L*~2@!7k!7l;H<B*
zJv+$1;r19d^VV)r;j{sbIf@7wIS?yXV$_hEpx8YJ@4x<ARR`4G`CU*fYuZn8R;Ph4
zo<o0ywcw=POC1d%eDZ%Z&f0s!(}ON%wX%Uxr3eDZoH<lcS+8$<$EzvNk@<NnUUym`
zwfWxY5OEBNcNpY->%A|Xv~uAJ{`cARsF|Yz79xy7RmAV@>ydMK&OnviA{#FWr7h}?
z{?*!+ZTz}>)HBvk56Jgrzov>&(@4h9%OHP75R!%<Duo(g1QKH?i1T=2&zS11uA|~F
zM)fnk{SX-!bR^@Y2N2|8l=IruE4?+wKS~{$gtPa#l+Wn1rd#m<sa+yKz=UaHnl}9k
zZNX^^3p<8q9jyi<VetGg=J}a>XT(y8+~)H)hSH`Tpr6?kCe0I;2A9YtLW#bkG4p?(
z<_9G?c^T<wf{=iTW1z`3QpM~3N94fv2XJ_Bre}oRM$7-bjSP!Vixy3Bp>YzMGJJHj
zjQfO!w(A01S8}!ebk1`JG#SY*!WQk2QyFAQR?dtX_UdZ4p`<16O>KMUf46Lj<nH>E
zug@P&4Y!$JrRz2@VZzuOpR`DYUy*;|R2egAa($;H701=%iJZBB=w@fJe{R~P1LKq6
zkKi~)EDz)`!zhm1T~_$}`eBT0SEvGXQBc}E6OuepzjV`<q}L9tj4?Eo|4WmLt`niG
z8hY;=GxIc$#%IccMkv6=h83eUe8R-~bvG8|JWJH(LWzap{iy77JArF(kvM<eY@Q0=
zLKtBjL_k1;8cF`RF3gcXcDFrQ<Px<6$9;bJJ-*%rIKv-tHOvSAty~$;&Jl+_!Uz$G
zW`IhCRw?VWO2r?WM_pI+^!;?BX-zCjiA|ZxeJ68+7=F~k5`0$p=qV*RfZh2d7p2{L
zsG`R7xG&7p>cq<Z{cMy4k5zxz`;LrtQts(_XrLs73}pBZBDfz*2K_N(_~_xD0oAZS
z=n@NV&vT4F=J~}RWBwbtT@mBnzB+F2tzE{=H1$j|=CHDx9qj6&^C;e!OR#AE)ZP!f
ztqRM!WFpb!m%VTH8r~N|Gw~!f1?=;p=U1#%#|Ki;oV-d$?(r`;#<zbkGM67@D*U%!
z^9r7@s~~nA<B&oqb@JQ@keMwE1DjBrf`OiKU)xQ~NnOo>%dcvjKQjAKxtZE^8i%qZ
zxq8?FG%k9;Af++yAKx)T8MDt-O~{XLdyA_@FznY&?^~|O2RzdX&=3mPJ$AOm-*~vC
zMn}*Y{{tnMT^Dku^ZkEGaY13>Jx}JCoe@b7Sl^;3IANK_@G*J9k#R{hD3_CJ&TrZY
z{Hm!^IZ*L5!0n1S9u+*?kT6q|7Gqxg0@#s3PhD}u^|qUJ$OX*bEj$FjX>3W9s1+RF
zz3OB<DXQQ11o_Rv#qz3B%NkzE*4e>K=Flv=?pV{^7mDzk&RBmpG7(+}W}ZLfDvRD+
zAFtMwz?EFdHU=Wd`0&*QgMp+pwfIfL)=l);3@<8%S(t<QK=+1XbNH+YLIC0tPX()-
zDd<vUcvyzVtETod1Hh^3q`R&!>=oayqzaBatc08_>{IVIsMg+_UGq`X`?h`k#kaom
z+#La1eSzd6ugZTZwe6V`HvWP94(zbVa*0n`%bY6p>)u^f^O;}0^U^7T!6{6EEYnhT
za}pBLLICS<$v%e+ITl_+=nS4K)u_D{S=(7200hC`wsZG;<s5+$<rYXFYZY!<-q*1?
zrq@2E+xNx9GyjLBh8s_5-FCcwU*0XOC0Z_HIB7L{llFg87sqEB9p2|jZ1Z%U@DTo=
zfnDzbe=U%Z8AhAZ2s8)+HEeG<8$r3}5?Z^uA%IQixC_*Ur;YJ_d|Qze>6N4L^s-BZ
z@!Bd(-!Bth*DsgWYfoI<@j7)~Uj{kfgXv-_+*K{IO3zPtNrl<LKoe!|k1bi!YDa=p
z*T(5El>>h~bBuPmiY`or(n9OMS`-TyAj6)2qho^BUsw_;6%FE=EL?1^Kp4dvVxCv4
zwzBgnn6YWcXky2^T+^RlJny2k(RMck{EQMeQ70_h4#1)2`NhpAq++YPQdbk?Mpf07
zJjVuNdHUhmQjF{{@*Y(!FWLQOW(bwdZmbG8c%pxtNI2-z$G~7~r03T}SQrM_dcM3D
zah|P@(3Fv4Vh~@S8)74J+(x=~&AKT-7vM0re8WBJDhJy+K0o~gJAJ>Pg=+1YE{lM-
zAc7G`95B01)LPcqqOs)vT4gf^5-8KFsHX<1L^3235m8WrlnxgptWDU00jL)pA-udX
zyZ(Ow%MgM#hv0)LgdhT?dhPDr`|_n?E`Q#de7hr2EnvCGFldo=bYs_2%czSl9&o&F
zeE~43O9HZX(l(4Lmn^|<{Ua7kO!6?WL*v}GbKM(Z5w(;xscv&2m?`b_B4%?ELIfj~
zI%KK}^Mv@|2L%IOP9>af+5c%pj!<>bgZ+OqFUc>u`^3)ps+2DZEnvF9(4OVVrA5~X
zQCA0-BE*TOnk$sEiV~|Ah0?>qC2ey=c71WJ7zKNz#3u!HZ0vifEFULz4wQjGx~UI{
z6vr3-P{_qulW%J|34k<%$VB=V4YJOHk>77`3DhIYt9?99-WQOm2IK5~lbUnoT@-&s
zD)GVQ?`_`=2|h2>_|w)WIm73T3=6-mMNlFD^iZ;aH3cXg&j)nj?P9k(Sw=GR8DfBe
zF)+WkG<H5tK@2R6;*+mvAR~YSQsak1FB_7Hv|&HJMEDGCVDU4RaY-dI2_B4k@g>9a
zfdb6FJ5Itzf9CUu-0Be2aM1PZoL_&wy%r6Sv&of4#<}Y=Svh=EoH1PAsX|1NMgaq>
zoX8@2V=ZT7Ck^d<)`I-<tV9DIB2*AS0ds?Z5(?OGr8JlT9z``8U5txtSSA8@*D`lc
z!LtuB;qe$P0|Ho?W~RMSe%YQfaqkSfRLTE}ahZm1dgf1_OC;0%e!aC93JHG%&|PNc
zCKuPG`+K8rsnwHoz3ZK{VeP)T`@-hddF``ha6wU2Rv9@-o2!Bm3qT!rw}l!~BMhV<
zpouMlvO+#66Pf)TFK}-FY81+r6*!}PzHWyXdYq1g!2m>_ZTg(&eJ=0RbFr+<U_fj<
z0Po*#9FAv*P0XHd%u%^7pXYx=#jWRvsb@?KCAwu<zK|kO$RmgX%BFQ_gg7|vC;MAz
z4zac?>`XS4uqtxF;%5wO5sR>HMAaWPst|<39H9*qCA6(+9pe~+;w#D5Mz@aF*BfVH
zf<g$h=_S;7aqTR@WB&yJtU{+bm}FgdI$_dG3gcK^h4Fb~@9|t8OCx_7qma7{1xtY|
zghD)sQG*(HM1*`2JZq=-K3=XMEUaSQ^eUu$*GhfS$|i$hXdfT^xC|M*8d=x~#~k6j
z_{vRi+U$N=lMR25_%!8cV(*r9I!7!~1W3pL;lLY2s~rIbW|_f;r*6}Sd*S(X{<l(x
zxVe6HR^JxCYh6p4kFkGbZ`lx>+;cQlf(Uk)h$wc~o{i4;?&$4%YsSnmN+4~z$^Y&5
z9q0BHBVXntcB?0CIRv(43uVBQ{x#RQ>P|8!6Tyun3IIb`t8ep+7?)t<dmUK<X-Upn
z9c!fCRs#s;P*r`=duiq5eJiN##B2iq+nno{b@P?adt~dz)jWR_&G>3^{_|4jcy;-3
zHY>Wif*2FOVaF&D6L5A^s*C~r@D9?H9Gwz}tj@U3-LJt$G>$&b{}Ut24g*1O)rmY!
zFw6LKdL${?TkfqJ%Sau{C|jroauRS_%8hJy(L5;uK!^}$^1ixNsneNalSDQ8OFmAk
zC9<<Hl_`NIoXUS@3$)gho;~QgAZUOeNAkrM)U4L(pAZK^coS+ZisZ<x>xWo5EU{?u
zg-}YLN&RWpg-f3L--Jqm>*<)hf)?XXgJ33{UEFB8f!<j~gME7isnM#72sQ9A!RTv9
z{Oo9gY;_Ad(onT!5kUm*`=w2l1Xpj^al;TW9&c`4@H&6Re3yia=X)nu*iT^1yZ5Co
zNm_BXwF7<~6(^ls!}lPN{(He%bT-@2BGO&U1IhM(Rvrul+)C0;>KXV9vmdM7%Ke}H
z?Y8b1Ud(jm*PLgx@Kabjbs+~F<l$GiZRAHCBg4hZlmxkId){%rXY3!cvMRJ%VGvd!
zJn&j3Jhp$ISCuQb9U+Gq1^xLQ3GJ!-;)uG)anm<{UQK_~`^LZNeevoF(R8V{@)K)o
z%Fm*z&--q@zHQLJ5k?iJReAXpQoqb-LZw175gu-d<BYh9-~R2`dSdJ%V<$t#4osb_
z+kPZwjO7zy;kEP;j54?a<A_d6)pnqN?|-qW8$W*^V_Xve!lJa<m8CTIyk-Wjj>}An
zNxB^fWm8pUj8TLR?4MX+elF?q_?~h{6h(}?LI#Xuu+8K>G4KDE`NL}On<;8c-@}Hv
z8>Fza6p)Zng_Rr@R`0t|xfld=C;}3L`oCr}EbQXX0N{+b75W8-<3tJpOx6_{$O`}@
z1FL_qd9KzL!>uM@9B_8!iTlm2<f}$_Bp8@YWnt|TL!#8fKu_FoKzGLAh&OyUkh<er
z@LN=Jk;_g_MHea0MF`fK8k$X0a}%cg>TXsbpkOwFka|M95}D0CWeeY}%w;?;2mq*g
zvQaM$>}sA-8L>!!HBm0UhhdD|bp44@{J($YSqvt{U5%^2)i87|Z9j0FIT+&EU0Zm)
zXzsPTx{WrK?i#+hSBQ}MVkcE);%GGb!M*wszCUConNnbgs|Skwwp|;J&+}mn@<h$<
z3>zi!92rnBXfq`hg`)dIX}8sNuZxoy-baX6!ssI-gR1tp@}+?q=Tp1~eMe%FS&n~q
z2EF*gG5pLHaf}@m#Idho0hF;4Cr&gnakZauicSq6!UQlfUu)1{+?3|U2$?Jyad1@b
zTM0A0a9^T-g8}tz`48oJW%YKswy~yEpcgEw1wsG_z=cN+>c&HBf%c3~1bha>`!5$;
z?@mA04Bx&ri{9cw2-LR1zJ|uYH&TBGVTcfsfc-L|HM(T-V8|n_8gf6V<^6uJz4qjD
z6R^|G+LoaN2tnwVmwwLTwN9)BnVtyXH|_xbspa|8bZ$A+R4IDJfe;a~g)5F45d~-t
zJn$tseuYt)NP&pTb%<(;T}30$%?PhOU_cl3a@G2Fb~Ze~6p#8L9&d}fAKHJEb{pRv
zUdFSFqY|Vb6H(Qy&PF3{Qp&lH4@#Al{8jZ)Od}<4<h-!TdTmnj(E*5KrnU;b6iN%?
zX1h;y{{UZJzIl&ZcFXl5oOx|uSpvXP7)w%%NTV`sVOrvX@4njeq7&j+!6E@H>hH>p
z^Fe_`DL0Nee&&V`!~?P4?FD~w7B?sNq%p+&LQ%?1TYhWjJ7=(fun{?=6cI;QEM$ol
zC_yL*ZTIdZA`$)35+ewO6oAM|O2(Ww&O6dw#2?rL^nSAuz**bw<C(_J$!cDrP`dY+
z&ER1y02_EOVQUvkSUe^!H{J-^eilNH5V(?@8sj)0PlqA+fo}KvFdcuVuQ$G%#+?Xo
z*ZGM@{AvwD={3NJs%y#zY9kFsZZ8zF%_pV)csBZQ+vEQThaGEdr%A}-u$Yx@PoNs+
z5sN4_ogoe|30*)$Yi1Pq;@CyCcA#wz{WJc+UnXclaS)fe|1TwD#Kiw28LzB@y5O>J
zjz092WOi7D4Ljn@hNXW&PfbsEe>qwf-Y_vUGyB$0Ps5mwGK?{fI#}LLOWc)bbCL7v
zTJ&2ko#pINTgG_BMD-zW`FQok$nz!vmx?E#sU?n>vZM*fBaL=Zkg+Gl(-muMOQgsG
zq;XrQsQE7*ES;}LnC(?(Uiu)Wx&Y3Qtz#g-3kZZG921~Jd^mq(blVi?@>l4+=?3Al
z17NxrP-t%e02p%;AKgOZoPV&}z$hw}8qk+>IOBTq!iFYzc>*?Q3i32X4Zj*YgKZL0
z2{2YD#?+OX|FNHA{a`WpjlIKVTmlE!O3xXG#2e@ciNEZ)p!}vQZP^hVohp`xEZ5zT
z=W2*-cGEXK+E{;mqLknibrMbrcks!)J+rIU{b1BT9sj~*w1YEkE==`qNJ~&pX&&Rj
zf2R=3ihJitwdZNR-Kkjr1;uVI{2-(hB;Xhbo={sAeDWFWNq!RVL$|lyc*@NAh1Nc=
z^nY=z9<S9Fa6J)K4VfPXF_{r&5TP6?wpbhsKgavxSU7(mi580&rtyK^&@3F@dEzju
z@5n85=LCM`ifR9;H*kl#u&V@vHrj4@pM<IU8<w3d;E_X{hTjG0Als77yK<rB0%@F5
zcb*-{=>OSaC6^<?1zZY;W|sON|6y!?VHu=sab`V|5ZF@m#BLy7G3tMx_zTbV;0umj
zwi%3Bn`nO{Si^pW|Hj5z|Ng7`F!$QdbFnTc0aTnZ-j&s3lvVPj_I>lE=y=Sxumi#j
zm)f&x{r5-3?E6>V8B~hb2EKzu!3xB7=QucR*Bt^1?}x+d?wM`!h1^&}VA%g#c;@`G
z$j?xdcj2hLR1*lrPH34w2Fd!EO|{ZvZ?+#8KeT^-70Di4OSDpJYSXc_R&mNFqu+Gy
zsJ&1V7)2-K!aowKi$|{Gd(FP+|2agO|CPnk8W=-JWxw9`=)*?$)4;O1>amUHVr}r)
z3&2F8b?TU1frF8Fi~2{E>w6~I*e2Ep4v8xB%&W4~ey`5*Y|JCavV#TEh&%!_ZWO;I
zGh%<*9*SSw_cby2?snOgz!2JQ9J$$fzBRlM%_~RZ>p+v6Nl0TOa;?i_XRU<&4jcW6
zCtLf8ZncGo988_QTnma{p4PkOCTA6oEQr5}fa)i#wj)q0?Y+HP(&-jWbKwtWyAfY`
zD`XKsSul#;Cv`{Li!Uh@|4{~y9|YYX$!&kxy?gXZFceHogYARI`-pnEg<zFHT}Y1B
zCv!*X4>NJbbDGT8oCwQ)D|mss{yvM>hThhqV>q&pNpt;qJ%Ar>1NL}x4lHbbwX-lr
zIPN)(?)wBRxFtVvS?;l&x4nYY^mu#5#PO_%)eE8>C`9g6bqCX;?F+M*Gv+hT&X0fK
zq7%>#7xYMp*GBF>B5_EzHEV7$@l|Pmq5x@D^(50m{|1;i?tw$^`xLD0E*e_@L*DLE
zGd9s5i=sywT<$M&>5X7X)WPJ{_%mWf;!!^Ku-N7!pzz5Y1?OT{I5r`m#`lM6cM!~f
zRh5lcO2CjYu~^M`>WViey!RORtiyjTs_==r88Ie#ko4Euc=-LKa~IruO6Bc9B|;(^
z-`1lnb0CU0CPlh+JA_LHoPX!EmiwZsn&}xa+g7L>bKGg|Cir97PtO@<0l5!n{2fEN
z+WWYtTX<)+_V1`!th9;Lx!@VHXizJ@xK#TnPGp6zHJUa4L%tdwrfYg%B`kmHs(RYx
z3|#fV&lXQyxNX#ya9pqS`8c_G>;dZaj85I%>r~oCEfzkFz*WWdwZZH4bIk)Mb(Q15
z3jQjE*WV)>M*kjtEyJhkKiXeXd&#8ne$}$r9O(Ovl*@q|>eWtT$vkl>cCpA*Ty?>;
z`hPjteaEnNUR%D~>#646)8KzSo>SgBdz<u|?P17*S*SxAKe#A)?8lBIF4j2|O8y4)
z?0%=wRFipya@^=$@4xNMnyb?I_+Hb|spWkGXwvFtjzKMuN*nIxWOUv&V~O+Pk5Vs@
znZ1{%(ZAKbj#E!ZJx$O&cCgB8FIBR8fA*>Le6l+~qzv}}CB~4N%gKMGr7Nq(eC-WO
zV$V^`y9T7{Q%d18R^!8UbBT+O<{sNvz9e-f;%+@uUAN`=>AHJ={4IBD=oy=}>KN=@
zOc61!?WH~k;iPPTpUhP(_Z+Tm=>mqNL{K)!j3*ph->zqj`is@{Uzzmp&YH}lTA{YH
z{pWMLLce&@yuX+`SZ#k)c$(*%p9urX3b?t{GCyH&;Klx(Qt`Tvtf@F2?Ub|@Zye*k
zz2m3U{N>Qnd1bd=Y$$1f0ZkHG;+Cp!8TMWi9d|CaSM>5nWNgms8?slX-`;hv@8&Mn
z+gQrCKP@QHCcN$gbpA+<pOh7aOH+aweAGGr%>b`2clyO9ZM}bgSN@unZt^}-skbjW
zw?3l>Q^tz4Y+wrwV?Isj-S&$#9b4W^sGBUR?}0Hthcr>vd6y6I=d10kWpB@QS3YZZ
zH`8MOC~PblnH=~{UX%@2j8iVJ^~=p_KQlJHXIMM02IkbUX9Erq_Ia)#qhM~b&g++-
zIS`jmC*4)#*Vum>RmPd>`~<oZ_j+}t-fkY>z5fHARbZ}*^}P32ZD&TkF^y)UHYOQ%
zyjkcCOydvp&o9d8=PCN1XKf)1ga-Xn4mkzQ=txNDY}QyL5)Itmos$>K6pR{+-6Q>5
z>H>bx_|e@$jU!1ADEvp%#M{q=tWJ=$xkD>hCb=vFAPRrFz?fA8SHQINnOgK<A<003
z5s>N&hawa=zDLXL)u)=-fK)&WrQPwEx#U>Sn&)<sT`V!;`h;2gJ>gzKFLsr7AVvvX
z?dgi3kwYF!k8nD_jARrW7H(S1SR@La&Ld`&7fBOTxwC}pk&&4HeLh}WiT061XwTc<
zUIB{>qH=$FVN+&@G<)}_Y&8xQ!GjY0lT!Z@q1C|7!b|K~h0hqc>ffecJaXZ-&nIlB
z@ylIK35Tfz*I?}5q383sSA6zTjbn+-k8;a)KXIRFR<Xhk#3IKx?mm_?T<UxhK%U2D
ze}AySLnSDy_r=umEWYl@xv715Yt5c<FKEx(N3DMdC{DnHu(4Gk_SaGqkDc5~oi~Sg
zvcpc>WaG(<zk=O63h%vw%5wZ*!0Z9Mvk-lTHtc@OtjA#iAB?g3;BaianQb3RXCDb}
zFh1yLX8CZi{5X4?-{ab4Kj>S$OoZeWLMnUJio6d7!?aHGr7wlJFu8io!bEH6q$*)A
z-lBiv@Cu?f=$cZtvOVXw?gCMslY$nEG#;pR9vt)?pF#G@T6q_J9}zFZqgQqcH&2{;
z`_Ws2W#84EE<(^Mf~bVCRZVtG{-I;Ue@Q`o`8gBX_`Hy3Zm~@OAlZno);(GCeV45U
zu}8Bxalm|az}!7(Qk?IFN#nz6ImK+RZHa$gI<VeNy!risPqlXQ#-Z2MaiUeEFA}@}
zFojX6^Gq2d>|~7-vHQ77-Fmo%pXlw&BQwNHUul@ZV#6b>){C{Z5pBe*cRe=1M73~i
zqbYV|mYoM%VGGf7KxaVXcKh(PF<bM(p~pp~UmO|n&QU91<%%ijyh2=Tx%|bW6|{fG
zk-Q!k-#caVJK_`qU=zGV9akb5FAf69U0GP*;9?Je>s06rIOjQsuqe{1h7yb+PcThb
zR-DmvF^(x{oKv)0Tl~A;tNQ)Y8RH?TXdtJi?Nq|T4i{lcfh<@U@7ln|1Na^xz6ZCX
z9f%_DEATwn(xX;pTvQXWawVA|cpQHOK|P)KgI(-ohcm=PZ7y`dlmVQNP)>lPiX^Nl
zUc_*qs1c-=G5=!gIV?5rw3x{U7~>I@f3ZugkC-%5)GCe%Yj=WjhWrlnM{}Jtm$TLJ
z81>$%g%mD~SXL%+mN-743Aq@U%C3M^#52vV_y=W%<Pva>fEa5<QZXFFU#))w$Q52t
z4-mAy?Jm--H8HLXr2Bd0gI2(hjMN%f9iT*Eo8a}b3)5Ny(h9m*`YyiU{%I`kJk`aQ
zwCnK`P(o+{4oBjgphY4{$g)n*f8wMdp}_Vi6ht5rQx2@NBv=fl2q*)trQIwwKUyFI
z7z&KCxb0cX@>Z*ETb>7NlbwGLG>WyEB8Z*RT7b%uEEw6;g-6qG|1K_R_UGg0^um5i
zu8c~O4sM+YU;)`;u26Hv87ggMVi`q6RzV{m3b+ZvVOq}`PU5O#1jrDIki0zqz){wW
zqKm<!0pc0UVva}Gl>R4%dh1AcZyd+WMPn)lZcz%L0Ob%=eU1tcxOaaaf0*^9F6oWv
z1ulrGQW!v$s&Fz}Mdx~>92$t**?#Gz8{=l??e|^hb~jS4l}#?K4T|An01#UPEyvVo
z1p`DjgKPqqEW4jXRmK@fNh^HfrSO5L!_*^liS8o}I>j&Od9xJ&HHMK}ApweLRSSS9
z2v9la0u16e#4n}cH=lpaLE5RX3M0;SU5DIhnM*BKUC#h@t=8#{g#fRt*H!MgzkRn^
zi7VEYI-e*86dEx=W)Mr3ZA+wKlXkH9Tt=jH_SWU_04U=Lp{x@$>q=ObnC@{#oq_2e
zFbUs-_Rc$ofJ{RrRgW7goFfnov8ZzMzbPmEye4v^_((Z&#QA?`;EQ4ZUL`+(+Vinz
zM-t*20STbUVUtkoV{wWg<<t;a2HBRi8^I|@I7nWq*2gN!cye|!1W>&YPfYia>^>`(
za{Z<o?QsY4;)ph1=+Gbq&j^4t(0Z_e%qMA`N;e;a-a)GI9589u7+0tLGhH=O4%K72
zPqskKSFZwzC2D_7OPHBXl4((qFvluM<+^xgxEMw?Nlqt<^{uFnp>jnRQJ+ovob5}B
z=|N5sjMq->Is?n%#;<FH;)vD=pV9&$j|jJm{ZRTl_<1{H>%PwIbnlrlvo>+%iFPjd
z%6kTHdIdE{TfOs_TeoGS-il>;TDJ<e`BXq;UEEl&PQZUzmt=B-yf`Lp_ds#NO`wO5
ztnQIJOzd04`2ljfevp!F_1s31sw?_EldteNBf3OR2qZyUO9GT)<yk&&yPftSZ~v<1
z+kAiVJgX7|g76w~f`b2hEe_E4JpX~eXe+)sEA{T0o4c%{=maVYjDz9IA37$MVGN%I
zJy$Sv0+oL$#Mi|VLI)E7O&Hl%3O7n_Y_XMcl|_VMaah8_buTRTPL6}`oS=4O9%|<x
zu4a?8(%T`h?O+GChbCc|b{{mI^V4@*qrOZ3eIYKVAg%aScB^oBXqgsGv%y@F_VDF%
zPtP|`=B<-~ci|aelb-B=N@8<xMBcI}f@V)Wa9V%Ow?4mQ*hDwvNxc#Z#nq~Gz%8@Q
zO(?_&>kr^4X~1UhL1gESVZm)pOk(XBKG2DPEB*lpgd#rWj@93_*S`(i^N($6vELj`
zv+H?wRA(Xg>&@3TTlo4_vh!a7HI#p-oRHX>YRugITK^Z>j>RTvM@58Q<cv7Fq!?Cv
zBM^Vy)dNJe78$pxNEQwxAixw+p0J6LG@Q4881gSMVHA_iF#?i&yhRtLK+OL|K~AOU
z%kQK?(|NCW&|%{bDE&zu>9$*aL)B?co_upo&b+8=g9a2e_%%ip911n`oZ?<crD6dr
zWi?NTQZO>W+2Dj=f~GdpD7z+lZ<rLZs_B2py8nr1`PV*obRs2gWl7hq?0dU8>2J-3
zjBBPWXddL`0;H67G5{*YTw!z?wIE=KG~%Ukx~YA63g<AYKsqDzw6gz=clmry?#x7H
z%b;gwwt{@!>Up?X$s@-$#MGR&0>mXsiLwHw6o;UI=TriE9|TbVs4hfd)MYFmaMpj2
z&g%KA+_ABoMWLfSb_*|A%{hMDZ1AhI3<?pDh9Y_q&BBpj@W3JjfCLD)NV=u&Jnu3(
zK=ZU{)X&}gmVy!v1qeI*twq&Ye=VVFYh$%4oMfpWBiex?0tl4KzHX`Xb4;c7w@+Z{
z$N{jgli7Xw7|dC?H^AFWdB93tIX8c)!mWX-e0iJygERA$&FGpwQ1Vyq7ax+HSpOhU
z<K+KR(LoXUKZ?#sHfYMWSnHd=YEqW>=#a7ZsCAf!F`O+%TGJjAGc&K5nVE*!r~^)1
zlUv5YNW&Pj@z~J%zcdy7%D6bWe7^^7+wH5TbeaySnoie`$slHdHC^{yfrx+Ji;GOw
zQYA;#4joJt!FnGnug)H|>d4)^JSn<->^T#r@TZS&34i}T1*Sv{P^%m>B=5J|6PNk>
z@$u7%$cc1Rs8CwF9b6ieC~Grwvvl+*&~lwhg&H+QsfDyT<%PApyW|;@iIYYbclWtx
z7k7LMYisU*jt&kE`?WfBZQy?tc}`&4&U3suR9IM8TwN+ueZ|Gj6CVVv@$vC({D0qy
zWMt$HIV81riq2Q<FI+8I&;oq<!gB-e)+98NM2Q5M%f`CtzrTE3+}s!E=MZWzwH{?P
zw14B1s@1jnO<pf80+GrBuc7FA;}i3+?7JBl++43|nVFew?yj!ACI){F29o;v{8CVt
zLX8^L%8x$ZTCjBrBXsDASd?p`A9%m-44i}ty1pQlFh~eO7-SlYLQ;`OBqmIm>o^oG
zp6C1XUH_5JyS%>MtXVmc?qA9QiHwYtlnZ&i*~<Qp&-3ra#l@R7A|LoZ(9E=JHXC42
zL!x0``<dP35cqh9DN=tbk&^IoRYXDD{iQ;U0GG7G>xTz+>tT5##sAoMc6;Rt87@c&
zd3$qXv)dSKG@8B#;!9;2%9x9v$#5n2HuTlq@dx;l4+oIv`y?He?zC+`jwT)??&;Cc
z+&0^W=l%M9ro%I=uLZNe@_Y>9RCZ7<uNy9&faZ9C*4-Y0^09x;jn$+%0*ji?pl#RC
z3&Pa07UehECRLI^k_Vb<zW0iE=oHmsFcp=3s1{0Bi%9M<CmC|1NQ>HR(VaPe<k#vo
zeaZ*?jEw|{<9o-bS^hQsExEnrdH)JZ&wQ1lH1-rn%k{k9x<t(m!dO=<9j#zkOeMCF
zt_%V_EhVEsJ*9t8p;Da?wHPHz{XwC%=}Vc8h@~VCLtc{L&IG7LrTD3F<;EotW=mq9
zdgP5A4|6ChCx7w?mMX!;mNJ%X&No(Mk{~2&x7vKj?prrYyl!9P)XaZ>Z-<5Bc^xyy
z^ZyQmdwYA2Tj$P{FgM4?)-UK9_)eO=T&`$He-1nq=!ky-LPR2<ExsX4u)OH1D{Z>a
z*_FXYMUPuSW=as12t+`f#xDm5P$C5RXk+*E^ne7;y{~hC!(E%d&m%xTLA$uRC(4v@
zcs+mYTGw`*LaXclTzc-C(=rnH7*M;M&ll>3$K&*NbAL1T+^bZMe?A0XE0F4ScjsUC
z1DG@+fEa)1VU;9ENE6>9+~lgz`xBSOp6$=c5TKvN)DnXfFpxydL4bx4B2@-LeOwxI
zqfzUz1h~b<)M`!z!}Azq9IWsXlQK6o&G!1f+1aK7D#4ebk|0r5zUa2+$%n5F-HbTu
zS)*>O>`9U(gKhy%0THq=m=lJ2dKzv-bV?s)hD(3)c7jV&s*u4eiNFM$OMHuq1Y}4q
zfCe(DXCYF13}Nq$|JOA!HykR}tPD!X60ll=Q^2&^R05%VJed-W4aDO1WPzF$M*+zI
zlryXt1Vm)#6Z@SU@Oz@K<@yBPM{N=~yYLe+Vw*9_EVq0a9S?iNVMe#2wMfJ^X(6zi
zPtSkP&%;2+9CB0jL&DG~k|hkQ>Xe~%fTwwy2Hjs$th7Q#vuPrxPZd(2Uk&;Rp0A1;
zeYkJe&<eoSfTpKeqHK(ee9;;Z2?)6TZ@$HHfl3s<vn5MGXcMc!mVwhlpb#?w5=5ws
znYw8W9AjH#C1OWG4AV@9cWRP6F5s_)<_Le<v*EbtLyM>sD&N;;Cjbf$xfzH4!jviy
zTI9rQH3Seol_^oCsv|HAMTmefBVA}uB(1j({9ABgh|x_Xx1XFF`QL2~@Ip{3Ot2Lm
z4Mb+w&@_Bll~`!{l<Fy9H3F?%^?G&CxDF7w6(U7aH1Sfzi_;Jbl>-Hc^ko+>$drFT
zGZ377LZ4%QvcK5=(oQb?924)3vC1i8PfaO<6#*$pDomzGHEM*~cskXZLQt4u`U~`I
z-Ll98Xg^?x0+3lF%t$z(z3`DFRBLgK*Xwu%g%<UcvC|5%(+Hzz?XGJgi8X_8@HGi>
zqa|rTn$A1p2w((}!zvCiRwhC$jgo&k)~HRx`=VEsI!>%Dxaf&;9P4?|ak4U#`=FAA
zht3#$($Z8~B-;Pgl-A;|oh9nLb^Neqr7^W>_tkv6&4$Ig54>U}g3IfHT_1$|nkh#v
zuSu0@h!hbMCPI;8cD(55BXubjulN<re6VF`^Iuzv5Ocp!g$JQ5J-WDSEIofRI1kk(
zDWX|uny~K_=(39ijf-6Z3X~=t!J^s0Fp7B87+EO`5Gtc!A#m#|W&!vT6lkw~$VQ_{
zGb5FsVks678fn&y>c6R?TOw-GAXKgGHeDgl5in*dMM?rB$oeIMIKtZ~<D{q{))?{t
zkwHi;GXbInB48lWA^`wGk!yc91=v=3R?oBdGNE_8<MeafzMRE0XvZ5A6f}fD_=7`4
z*jv^(5Mrdia*}t!c@B1&gzvQfjpF6y<#W@Zii03hL`z`WQ;-=FI2qT>DMkO)Ey}ue
zUmi~s1s#!!VUAF353CrCS!Kjbl$Ap7XyeU?r!LM^J7am{P1`(R?QnlxYvu(h?x<9W
zkL*}vnBM!J>zLhaW1$vFq40jmmC~JVpj62KH9?k$4gpqi?>iwZR=8CoTj5FF8ZR<*
zflT3wbta&fL$ug@jiq9BaDOANPl#cNC=Fyo2HTT}BqUY8rw#o^IUa$>1E@zQnZjHP
zaTTh?rsE0$N`r+pPPBi{8f#v`?dp&RsZ7jev&8?5juh!qDupIm?2-aJ%svjcwFq>2
zJp!fl#fm_PrV0IRfm?HZf{$%ugRKgcGQscIP}}tb^i^NfKfW+P*E+mt33GLG(O@+K
zZCnhHsv>m#7Me(;q|SN>0F@zVHhMh~ixhKm!Gu}Dvbdz)-)w&qyC1^WXAG)TQBF9b
zC;-$4ufuR0;Vl_`LFR!90gL5$98RV>LF$AWxaF6&qTB5h8cKvTQB@6(z$m0dvpLsm
zbTyGl8#mp3p2C$w@jt=O-kmZf9Fr$8Q;}pup0plFnMY-|!#htrE*1DRdTqAi{}T&0
zn^U(sA2f#gUr2voj8Y;68(ltnBQPwa;`Ob}w0%jT4uR`d{P^EHza*Xq5F*CiJjJP_
zU<qgZz0dp(Su$|Q=$>0nXsL9%oW(qpNj0$RiK`q0W91W|4}U?L!~qzUQ=lRRR&|I4
z($D*IP>hnHScZ%-uP6V9{V#3hPdtWdByttHiPOKoG8=!qcR-~mhvKs4v8?3+)NwU%
zI?YBCwYIXjvSdn}t)k-+3ToqeqInrvDa7*GnIyy$P*RmYf)nap3ELB~`^yNAUM35Z
zK%!OuC9UK%)7efwPl-3$GFA)F#+AT1Tn>$S!>0r_V3+KuEVLb<){V@55@JFuw4GrT
zR9w+yDFlBq{=o3Q51c6bFPsx;edz>S=uD(8{!%QB^<nKDTQ)(3l#)cbayYAbs_XlC
zDobeYC;|u``KVS>lw6d+JHlW9A(p#%!W9z0)8z!%SEZi)llmW_q)Z$DY(SI0xsC{l
za>Z6uez6daFdJGr8l^gHV2j&R=Z<0=@C`4Zu|&=p3v~^Dh|3qZ=WZve=(Cw4kiZ4O
zh4yDN-SBmm2&<K2uwBir3Y~i>lRGCR!GgPV0v(=V(Rq$(3lF{GRarSX3rdQEPFLmq
z`6{pbc8mh@c`8WCQRT|x_A~FB$;M3iHpRT$Lf(5t!Xgh<R<Ncj!;`#l3Uo!>9TgWW
z9X)3@DJ_kEPrQi`$f)1836&W=Qm3B5_CDe8FbdS@GON_NHrdzb*WEeCgk@w4)SVq(
z=T1>qe-%9Q2J-++8kL^f1H<PQ#cgcSU02yt^|hJ#Lu`Jzmuu*055;O6Y7-7K9K?sr
zh6hG5aj_WKD%I*u?U%hK`@LR5SglZ8ytwey8eQ*yCb;Omn>489POnV6E5mv%7QvWD
z-~=Y5gZ2H)k?OoslsSLS(9-G$Yq}x^dlDg562XQHVk1QI!-52?jIV|gTs&ORlnJ0v
z6vMA?wYcPxyx|9dx63yUIU}3HbBw%Z7+@$>^h;M`1XY|NDFj(H?%ZG#sH4NfmeI4Y
z#SS5Vk+p~8(RM*YpT7ZM@R;2zF#Giyr<XQScxwlqgfVVH1uGSQ$VU-#b8x+u!9*48
zV!VAd$muvR$73@BRwT;dXGN#IAM-|c-C%@_esR|0PYSGTtcO>2c2OYI3<(#D^MVC`
z+F!9h*RjvnuiKtCKG-;LCLSF6$B%FL#tj^QI}6_}Zp;Z61*$Y5ZG^Ta)n!a1tO5c0
zjQ{Q=arsF-zt|elO&K5(;}!?8bj^$~b`?D0Eqzv{gURwda$KoU#Y)N`nq6)?@+=&B
z<H(sMI|s0fNkfGP4Kx!KX8nO1pfvO<!1zNTl(1Ob+*FAyy7*U_;p0EgeUf-ySg8|#
zg*4y`^-C<H(Xdal?CO*E!mxRMmzGW+IGcEhQstvATfc6wap;dCWR_qt7ebSEr6?;5
zh!>ipM|rXx8X$Y^!o+}s%W(fjmEt<sKKj%mpJn%mdhW<TGQ1fpIbP$fgFiP5)T%S>
zft)^Qs2JA%>9_q}4Gj^4v;K$n-hpU;p6^ZHRf9*D4rRRgB=ZvY_<{I{jOv*cNI(;9
zuvK6j!m$rOb+%|5E0T9Dspqy@W63x}MPvN**QooeaKQV$5d7s1-{@zv1%>q~SH#HB
zz~G~el>>1cIk#fyki6yghX+RRjEoFH8hl;dAv0fJfC_>oC4w(5;n80_7|MZvDAnWD
za0!PMwMc<92c!Z3D;t;WT6aH>*ZchHhLtr+)AlF*_08A+@ApUE%7G~1;6NmC#_V^<
zF(*^1qeQeZcJng!nwKFaB8eCkRRop@(n2l{A&FosE(4SNXNlg*@}2ATn`P4Na5f>z
z<*%0euD?c=^RC;u(i^W+k-Nix>15J>d0&K3-mLLA>d6pS%3o6&s6{Dpw*}i{J#?V~
zlExBIgbSakA7j|~nR}W`*>d<AWMb^iFcqy>s0uR{Wl+TDZO<Q{+wGPhnKgeY?C$>O
zA~W-E;lG$eLlXk%GJo1v2Zi&jCrp-`t+`XM@;BvLwE+pE7(}tK5jNg`O(+2u7^%_k
zovLacb9Ktt8o>@b?RR&bbZa_K&Rj0LjjmH@Xw6g}u6G}(!NGqe0}}#y*TB#2-NK!Y
zpZNt4m#%DfJEMuUrrUjg1g$6_B66}K7BN>S88GvWmAb!RQFUJow~ML!YDZMb2o}};
z{71&(9hZ~TGC%w_rzVYmnSaarA+VMXO#hv$$->IY3x1`_rCKSF4T`z`2h(kaj)8~I
z;xhse1R}Gb=#HT#U4a)kMc*l~3SH;sc~4qM`vzq|<%FbN&kLH{^?D)kLg~R<R0{P;
z&!_dH|Kh$0q5Oz23$PR}Zm$28XRrHSuQwu9!O=E!$3x~B#flYwgr%q-j&P$Elhr|<
zH)`qM8{qbexnPHd7g(4eRRlI(m;0WKx_J1+t6lHMDZ?8)jpdJXhYqEsL*svVRRqW-
zyMR%@bu|QT#@iZBx}P{R?hNOez-4F(N@Nw>5levv8dX*FUhpQ<yV3Zc0aB3^i=^ih
z!1zALiFwL<W<Jh;^6PZ(0w_l;fBuq=*7@i6Rr=xJ%cGJahxaaV4op8<zu_oJx%E6*
zz5D)PH^t)Xc~17vwkktj0%E%=N}VDGfk5~;AP<!~deMX&j_(a`p6<+^PG!%}Lg&Qz
zo&UDCulF3FCcJK}^{p>0%YnF*s+X^B>roDCvYOP~&C#QO-J;0x{UQYWVm7@1n?9X2
z=iU@YM2qHJhCCTvs%)uxyl;DvDGip&WY<4`4~+!xe!tH`5!|gDstkHAWbF@C_!Oi(
z70S!i=(2lk)Vd}FB+MEz`RemcQ$3r8T5e4<;<0<UCK&{bHrQIl3hwxeFxj}6Z1{rY
zNR=fl73tD{e^KA9<rp`lDCJl$Lcc$@x4&l_8j9;Om(_e6mdx_-_@yp8z&HL8_bz|a
z+_pw5x&du#*}VA9o%PQH=6T!oO+1T*iBFS1capmI!FB%TED5ZB?fn5hRen^4#K8dL
z;_cOqd|dYS_QnOd>56hsXl#%&I%do^5UP}hblH%93KB)C^d<(K#p5t~_S#Cj6ouZb
zn=o&Dq*CiY>y-wXvv8~=^xipg6%4He3q{1QSl#|puM@6`>NBF1fBAR%VFY?MuqC<o
z35*P#Fo_^FnJmv2c(ocsTcJ|L(K<A#O3lyA&i@AuD+m5hz56lMBA1s|K?-)oYNc@&
zL0^@B4pkQDi0*>zuZvinHX)NUs`%&+lzfPJQ+aw$=4hRbs{i?Gtxo?f{lw`5pOr&5
zVQFb8M-C-w#NS$f@mHKnVlZXoims`e?MbF8n^RxG^Au6c?zhs?fkW#W8S9B_RlmXL
zzWOZJ`}WStfy?mc_wJ7mcq%<#jppXA&)U#`(QxB@{Cw7`BSeqXPMv?mDACcBdABVq
zim3y{PUB#s{x(a!=P?x@MQE9oBe%XZB?ofTXH_#lH!Ev4CMKp^dZkLmw&#98R;3yh
z$dV8^U#N0Ajn@3mZ)|Jt7q4I%lb}*qV-`fMMoV?4*>Pyh)$)g%b#0`2wPHp0GLUG0
zer?1k(srx$)^AID?~~4!1D%Bf`M;i$G5mVP9ci&v^Ox{<e5}dRCeD>GK*Ug8?{FTw
zb?-g8xmzv#NC7j4I(!(zKa*JshUZJc!^HhC|H*IQ!|@8CuIoMw$N!xV=YyJd43mU`
zhku$XI7l?~oT6>}O;mr|(*N3A`^Hm$*iRSu!?(>KY9=pKefz%@A^-pPdl&eB`Mv)S
zIsh?6p?UxSq}>1Kb0sZs4Hfg%U$7Dh<%Xh$H4JSTny%56j7G}NjSLGE8V$xS%_dD*
zdN<_aQHlmcYAjSlL=;xBhM+~n)GDNg!U7FJL$leuHy`Gq;q&~N{0!G8hx{{tZ!ojd
z-H%z$JI^`q*&ZoX98~cUMMstY?=n{BH!pIMz$gAuBBxHvbXp<C`INHuH#{m&>+Jt|
zeMv<)7Q9WAWX=)C!KTRhm-7_wTi6{BuA1lW7VG{STCa5)6w#?tKM_tBwn8-nUzzCd
zR`WK?T+LIS3*qF;<=)}sTR`N0W+)uH!S2S&ih5@$xYlPag3h*F@?590cvM!Q=gv*;
z*x)3UQ<OC-uOvU>TLd=hQv{a(Q6?q!(932b^~0PQ|DC!f-Tj%sS<}{SE^{f^2Jc#y
z-KDL#kmdz?CR{Z$1?l8>+;<x=c+VAB3eKHG*?^6S+@++cBTlvP$DsRv(@L1DePwGT
zGK{Z(+{s~HI2CjqN{6@+t)tY4)~+*`b7#ZHv=s;^tCG^vA3J9$ero&^$@Cq;^z&>T
zR=0Ebx8(c5{j*L<ucYaN?&gMkG%}B+?VR4uBYu^7MBe}`D4AJN_4_XwYS0Qah4g#C
zhVK!bC=TnPn)3#fiS*5XK%8e(tfdTlLG}WR`$$TKw-ZG(oX)O75XY9QcRe+!4EubZ
z1iZ7cCQw8NW)5fC8UmX;;rzV1`}5H&^Bm(37X07`M(+Z+nfQ>4kxGj|_wiB9gKi?@
z48_5v)rvnc@dF=|PmA-$S3Xuc^T6Z4Bf%T9e6zNxnn(NhIPznEpf=VX*TO$HuGeTI
zMR(bw_>?8gUP_*6)V*x0;ikfazI-e$%!P9?e72@qECy`zudoPNnx~SbmO7t30v3O=
z?ixVkgJCF7Q59`Z5^dg8>NmODK1}&OyL<Zk>vXw%B4s(ZZ!J>_uDR5jJ1c|U=AZN7
zm+9>hvpL0_w<ynlEAa}qUzPCXL)}gVLlNA66(EVDKoxo8Q%SIW*6_CkD5{MI#p-Ma
zl$J7rJ@-gH`MOs3j(_KTJY6~G;N^l!zP-H@Q)^c(|53Pdv7VkvVJAguqZX4;(e&`X
zm9o9_>iaLrx8{5`aMgvotfnM`vJ#v7@WV+2LJ1?V9gY}(6b|UW=Sh&PE3^|@`*d7(
z$){syPu64R(EGH&nJamkht4#7jih=j`|(v9+Ry;|W<#$F_d#WM^;S>!oz-`y>g^5Z
zr&u5_Q95f(EWTh0vs9lM{L%u?D^|IvJ(KhC<RLz?9RSp9ZKV_=GK>pfGa9CHUc&$$
zHai*bKv*k(A(^Tisy!FmTq;v0G1FO>;_YKq<AF9f-oX_wT_sovAY&4h1ae7us_;4n
zGIy1UKXzw(0~<#q6#I(dt;IB)o&4yr9@mRa<%zi<5qQuaUF1#k;cW-Lo^>E&VfCzR
zP6BUIEdGqOOb0RuC@>3si4zrx3)+wZY21u!;dH2fo(k5Vxb|kihwJf{RHwnvMIfDv
zr!+6;8P(HpXg$|qOt-3P2>ZUmO+?-xcw_$a+N31&l2DF=%^|Xp3njvE#qu6Cy9NRU
z1y0GrlpJFzpM7U{soxuZYL9fH>s&v9^XAj$mu7@tfSbT8MQlV2;itI5VgeY<R-<tI
zqH3If!MBQdn4fX(T(_f-oy>PIhJIrkssCz3BYH<<VyRDD;zID=5LL8y&LjJ>F;b1p
z$5pko6zUUasZ1vpV$Vz7aQna}0SCx{fE9r*$!2i#07Od9!8?v1_jiti#>4I^xW7P!
zW^}GLs^|(cvAC?HfAcXcc2?vzzTWJ<ng$VnJ14%N%4i6k4j#7RVR@WOYAg-!a$@dc
zq7-~<xwZ~t2!%Ua8pN5iSHbcDj}6!w0SELN*Edb-uuCbjbhW~*l6xnDR&ef1!U!VH
z0ZKG+NCCLUqnE%(BaukXQTdyFn|uQ8Yg7;8TLyiI+MTttz^spXUlFY<WKsFE0ry9L
z5$B8MLzVzS-MeD}aJ>l}0UC?bLkjuEJX;FaRHhtVoe+C*_JeB{^umt8P@Ro$#BAMD
z8MAd&17Qq9;B$ae#wHujypp9}+4p@~3gWp;xtd2kK(%6AL~u+_NG%rXHA7E&`ZFFW
zL)v51PpM<Ga{l2RA0Y+sWkN0Km)0YHUUrcaX)-G4##1gidf3|O=B@x=3Qx!y=HR%Y
z0PZ+KnHdD&?jg)K2lrUYVl<sNYe7b2D#e*Ky<#ju`SwYkOVHFpN5Z8I4>zh9QEC8{
zLyT?g{9Ulg2xYGd&KHSu6nW{KbCEJNZ|S7YDM8@%evGyajM6ZL_p#EXcfi1Z>9Ss<
z__aFru3&F;m2)z1a6$hpwW8|`d0NK{8hFW^YnDG>$VN)8gJ%=`nTziY1f{AiNxVHX
z6Nx)Am!<eUyd+3S<rgD!-#Gt#oKu=gc{BZv1{-rj&1;!8cQ!Ng(`ZQ}%vy-onyG6@
zAF2P324Sz*2cj*dXBaYWu5x65dtJd&bvFrby*vVCj$`)H%=oaS%r(&ornd+{;Hfr_
zj3CKYuodW09TQdb|6=c+Vl-i*fI+`)PuqHXrfu8qp0;h<w(V(a+O}=mwryj-e|K+o
zvzzQDo9urvNj<lfx~QsCb&^xXx=fP1CBNr)Ad3$wOY4lv0wn;pf-bs$Kzanx*3{|$
zfy5mO_s8zCY0(-8VvPC<Sts#~dL)J&G)sEGHb(l>lBU#^mI_qPq&BFB+A61XKA-xK
zWK8Ew2#S|gZp;*N>|-o#_K?=IbKvL2P!(x_#?6l>NCVNHT&5lYwpT}nY-<5d?Pvoi
z`gB;fC2DEi3a^E$=Y`aNekOc!%PuC*)jtj?txV?b=BD%yv^Eu^jZLh_jy(3@v{4EW
zG{90lWqW!h;FT@WjDB0XxI`lx&NTuZ8|S*ml-}>o=g+^WFN+g0T}|)ylBv4_o?D7Z
zAEhqBIyGe427|8NWcm6zGSTbF5a7Se{)^8|?73YofL{Pc0+|ti&0Su(O5fkgTbwGF
z8^esO_UZm}E7+%wRQ5vq6C7IVT*PX}L^5s2o5E;#z|alUx!Pn3WVv6yRt+?3Ul{qJ
z+xj1Igsf6_qREGzeTeC}aTdpHEcsxlnIbO5lMZp8+8b))L;7KyQBb?+OxXP#FYrHV
zXk5VOfOIR~nbL5775IN4ZQ<qAxrQh>Z{qWUC?tWQgrgs0;a$2{L}7lIwpTW^aZC(U
zk*EbK&&`VQ&k=3iS*REI^bJ}qVc>-3vqT_=oWzR7P;+I}f4T5=RT5n~&-v{W5t2H4
zf_n_1XBzPlh{f%Oq<utSe?QO+?W0R?JX3K~7-k!86FMt@l!uhv>VupOJ^A90zi9`u
z|8j3bA@d7@WhW_MzBDHl2HO+hKvO^?-q;PgXfN!=r_j@M^KHn2#W%F?6Nkh3xSY8G
zO|<$gnSLtj$tNe6w4$r;Mq>{yN&jRX%!M%rQI{3IokXu(xyo}(5SVK0Q}&4C>&(7q
z3%T}{EZ_rwbPn-%z-XO2T~rRjtg4d}=nVA(y|*BHSjq&Dn<CPYwYC=pcJ3yZ{BEGx
zJGa3za0W#qY7;#{s#4mnemLT>NDy8NnDK`u|J~V9m`RX*XcUo^+l22X=KMMO<mSzH
zh|H}f5)#ci)5L~=c3(Ti@$k79RFl4E%#Tp;i-d81uxwYi)-IrX>!EXOJ1b^~((bU`
z#mS}<Q5EkBM$R}0@q<RZt^j2#5Z(mJFE0Mxw5wFKeVb{f7sexJ21z{=2YM}@<4=Sk
zpS-RWcKO;zM=5OaK!kwBc!)d>j2ALzALeweE2t2BAvAmx@AgF9pNhIg(WqZOeK1Qg
zj?mbD^KWynH!4y#+3=@jPCReOA)dDQ&XyTAj{LF|-ay`@%cyECa*K+*>mde<ZPhwm
zouU)h#mMjL**Oco!$yZ1&NhY~{_U^do>=*GNfYzsox*J5&PZe@O&GYSm9e4&U7Q<=
z(9v@@%>{lFh^@74=*xjqwk6Zf+mR7XET+<bJt(R;M7pzYa{f<_;T?K(YtxyHJ_Y`L
z?%f&RQ`Lq_BXrrQw0Fvrs))+LyN2)$ft``9+p~0I^8%TAA^{IiS=5|=W2=5V8A~VQ
zXIeXk&br9dj2OZzt?bMVWILH?TaTq)i(>ZSI;?*NiQ7HU%#gfj*Kj%TIfn$Y>pdcW
zfmPz<MJ&CQi*}FIIIRK}N!-HPz=<#LY;#{mBVs1)8{(%1=_65lU}~*}BQ3LfCKqZ!
z4hLMw?oHK;Ws-S&m#CuZr~<#{o-nS@dl=UPpJaFH@GfX*T1K>JosleooKi(UzpKnn
z`IXU_<sM&@$%Z1|%gH$KC0RRdayPYqexeprkY-4NQ$*kWBuNObO?3`Xg0fMW2+gU5
z7tpOQzwfuQiuo}+0Xj@wx7O^HOg;tr6O@_L5BAGP{cb*q@JMKVh-<ESAD`Sa{t6km
zRD+mwE|i$WVHI`eqC0dHsiRC+i)tg{5WZnb5&JUxU-)R?-7etzP0qk9=P`7D!@U|(
zX$Q&$n4#sEiJuC6vpYWS?HkIdx-t_OD#%{L=0^yloBx6Tl96S!=d(Yy6oSS!nZ_EW
zGVvP{gGJ^79#g(%Wxh9dq5t`E3xw<MbyG9^ks?*OxR68gySJI+W~KdkTWgh>-9fQD
zC7AdvoeNK3q3%vMLpf7nrxfOY&-B^96f#NN<IynH;ZYs*)U!N%q7QWEf2nOM)IusC
zHhPDoopWd8(=+FfIqN8$OcGqEjc--%yEyd5`4(C(AgWB@`Q^TD(lNDy89}wdA%Zh3
z)QKIL%!^qFfpz4upJTtM?p#WG2-xIphMn^h$2%#~&tK#DW!t*SgORd-CP<Cc-@KA{
zOFnn-qV`?8D#<hFQSR{3DGwDJ_qw)t)?V6R18dn_SZ9T%d1wkyi0zo=aOgB7^PSAK
z@@KjK5M1P@OuTuVomNJ5zFYeEMK!^z`T4z^PCaaL#UzbWBHnvrMVDx<YdICo5b^75
z5L0*?$J>_lff1JVsM*|qT$O_*zn4mTZn4q7s~+CX^Z)d(g5Luxl%K{Zn{P#0I{a_-
zz7P!U6$g~tM=T_+cE<mrWa?`;en_2UwKyLPY0BR~S8l!Fl$#(nZNs`UY_IksvIMdG
zO8mWXa&xSa%K&TgQS2J)b6b0Zj^5&ebx<pCKpG`uf={4NBx(kKVRn!DdjkR+D^fe6
zLM%A`kz$ug72&qkrjL;1op6?ZcqcJS04tTiCwW3*(+C)0uX%S|)$r%g?e3V?L7H5?
z;UX1|KToXNn*RDF)Z>Y*-JkOsebKbFx))yBuPc*_Y6&tz<p-nO2((LID5NMr$o0D4
zp&D`T#7i8(T&v1|aqS><Dfb|)s$vb^$tfFGd+RPPo1q7JbW=^(IVE$r1a4;d<ox3;
zz2W(nn29$S1624%Fv06n4kVN1hkN%a{z14T2l%6^Jb&*ITZ8Zq<HyFiX}uVn$PrKa
z0m7wuO%t0F|9~4#Cx<l5L@gH1cA3~tIBbyBNbZvzVknn?ATD%!^Zv;n8_o%>TYrD_
zF{EA!+yD>haWr>}pYA+NFX>rah5XL$bz7smHgsEQ@0Aso5LCm@LrO2Hph{hZ#7YgK
zDso5T%NhHQ(ql3RPb14<9_lgMZjY7K8{FzF76MhJoMI;IO@!Iy)>5wE-`^OI!FET5
zQ>ue?2m%p*N9<x={z6@aC)kFR@_``$i4V*`a3M~T87hd>pM6e7(DTw|B44Vk^fYZs
zxCit$=mr)r3zA!N8S&FE#3eGX-OI~h(z3P2wlfaNhpr86R&VK8KK&i}N1zv>6p5`+
zJn-09>Dha^`RqlFBXU$EqJ|ZJE}4Qb26nXe-sWb1XdT%MyX@R8ix1t~seOg4IlV-V
zH5`LM6{I0g9d5AM_$pRzTz&(16byNOhEPpc8ZMe+i%&3*Bw-iEKlZKOEHD1ahriWi
zxO_l>=XUCiif!-z?=-W_#(HxhV4zxx;f4hE>Ki<`a0_e>NR3sRZxmX{KNl;9M0^NT
z&Hz<^vaA}uy;V%Y_TaWpCrZhGGFVVEmO^w&fJq?u>zsV&$~~ezfUIHa$k^NxuH7QI
zfU$xp`jUFD;xUAuR=W0S%Y#vz<p0~C{p490k-TmuzKpH`<RRekiq6J9YhN;sb6r`I
z_zi+OsUs6eXZWyw29aDJy>Pu71}*0saoEs*V|4}JJkiqa7eZkk^84y57XLsVBW<7Q
zA`*+pygtjoM-@@B>be;3*(cYa2j*mzfo(*4&*hg(orlwT#+ehOr8~1+>R$FsTOEf@
z9?o66rv~#L{^4lHjlF2@{ME(lRJ<79a(~36ZAtb9U*_*6Ha!~>8D%D4CZ6wHJU38(
zmM8B;N|(I5Dz}=Jy%KiHn27wn7wcGGFeCg)V$n}A>HkC8O%EXc|Nj^C|NQgMKmTuW
z9sTpqKmYvm&p-b&F`D}4pMU=O=bwN6`RAX1{`u#hfBvroZU6JnKmYvm&p-eC^FNbv
z?0^2hG<6LC{NI*+>irM@YuV>ssw+Ex0Dw;NzgJggy2ojoI`8-%w?B8iKP`WH#4lK=
zXVAc{_bJS{>0>4KQkyVR{~(}@f?>yo)hfzOg`tP&mt&HWPpk=|hYu9O2yHY7gEI^T
z#~c2^8dH0*l1yT&q4~Rc;q3EK^Xe_@b-&5jvPeN<)#A}o;y6~Pe9QIv)!Vdx^SIqk
zXKLJ?gKk{)qKYeu=cb0EIy{A}TFsvEQ%ffd_E`D#Zos>cFn3?JGEveO+3li(GX>yR
z`C#qRr&qHMvf};R&RAPM^^i^R+W4K7%|km<ggKMe(z5QFE_FqIdN6Wmu3_JP+NR@v
z1HUemYNXu^HnXCF^iF4NS7WDt0utBKiZg-J{@q189W=+8HCleLF?+TO(KC(MvjH0|
zCb?PZ%O#GZ9g}g*X9)n;?fPlTV+v9AW2frk+T?Tn>4lP5+gvjd%oG8z59vJG{%JOx
zvNJPQ)#P`yAvp{F7*Rfj1AsY1M;miC3)rtbwEzre6AkRhT&cS+0qj11+@jH7-K7Ax
zCvR1>ug5VJ!b!~AY)(($yI#gT!9P=xm{(US$6~L)Glg2~P!jhFvg(H+<f*L&o_n46
z_o7F?2whDnIUlVMiK*-$;`QiX)+{&cLH(3G+4MPkxWz34Bk(U|P)C*}5_!XB4V*>l
zOf0Qe!BW5bF9T(+d&=#9G~%Xyoeo$ePFbHx0zP@D$d5db=~*k=p$N}(p8y?Yo`nyU
z9e^}2w%{pVS&jDXxjz8XY~64}9%BE@<;1EL?v@IWAij=1xANufpNDNk=>b~EPLOG@
zgYR?N--YJ^wGS1Y{CFU^K#pa{{ny2D48PCabipb#??HI$&L1X!0$?MLf`18(Ojag%
zZ-!6ls?V#^ftgxDQ+^WxxOuM@%YYYCQ?S!Z%-7Tx4GV8V!_97Y)WttYJm50m5SVzF
zR)|hVzRH=s?RnaS-vK~ZPtC3st-E%oJ4_%EyYvmhP>QoQ6mZkNJdxMM6q!yJmF;%0
zmt|B+eGGmzvwrb^;86pTwKGOpl?%-SxCVm<ff~pF*OUY$A12z=R{QMzfq=Mv{B`_^
zQ4hC|mn?H0gw3}>dOWzKi>%PfY)9+q+E4;BqubFAlwpo429EYQud!%D@t5H`)SV)f
zH`u>0UP^WTu<p{aY^<EqWG+$(c7TasndzL#1m_W53Wy7TMg(|4WI&k!-N4Oxy;)p#
zEJ6v)G*e~4$_KTZ+Rl9J#}IKCWKUnRf7KZz(yrlSK)w%3RrbO3O7w=u8yL5|n%YwR
zv2AN#WC2VZvAO#3%uaXL$R;ZLrZmND*#w?iPA=5Ca*oFP?v{m4O#3(V(g{?-cO?cR
zgDCZaru(UX4bbotL0!Vk-C{Fuv0K1lZX2swf5No(DaPdFFyn|umU;OdjUa(}gRxuR
zplL<gI~9hngYlQ28}MH}<}~y$-$37tY{YK8D`#;!bS|5Ftq_jr8gqlm2O$Me_^rV6
z!wN@)(De9QWEGquH$y$G_Lg_)TV(jkZQLE@n|}O%SZwF#9u0)6LL~J!a0e`FB1AcP
zBUNdCZ(`hRp7L$IB|3FIa=rT8=VZZF&4~^O3_ytyp+IwC!#7K@?;;PXdT%~-Uqv2T
z+j2A*QIrJXlE3I3^-=`LOYx>K^)6`a{54L5Sme7ofWJu_YG%ED?msxU(S{WV41o>%
zlMBy(BT2*0T5Wr+-Dk%tH-EkJX}^&lTlYNI8O%O1s;1EiG`jZJRe+UU`(8Easqp@p
z8bS(2f<h`ZLlG>OW=xB{m=Uw3aP_~-@Aj%jPPEBYn^G{|hS=xljkRBGp#}j63w&A5
zR%{ekf=hFjSOew5vS4c(n|;e0PNlamBk*K@OZQtXM^pZGphWmIy?^2;P+MDVKY7@y
zgJQkR(BiUvu3vb8)&>)cWLPi!m}I(Ht9F%!z?-ay*RnxxrA*~+0ri1!U?I-Yq>}Ko
zQwIgi3~;A5VUa0?`I|sRr0`mt;pUvB6U6OX6(~{e3&#;a<xy)pa!a+kqG#9ptbzi6
zVpe7@em04hA;D^Fwe(->mTMb=;OI~e!k(ZBqxuD8fe99<-8ZPU8Lfhr_#R+ef^AmD
z2eXUJgYF^nt}AQHk#%M&U?+@HtJ`VS)aN3QKN@;{vy88Tisx_K<7hw|D#6tzs}NqK
zL!Job;G=bSL<@rCrB#R>w&-cb$q1Q$1Dch(+Pt4V$Nt+9L`MY><nzF#yc4u8#g{L>
zj=HD{HtI39!PX}>Vi|IY3dnls3@ys(;*Gw>jN$lEIP#F|gD6@$#Rjf<wrBuR4YqMz
z&H>=L@+KhSPdo$=F!5c|F~_3Unq2@Z2Q4rj87fHMm)vHP-!tf|$G>tmP3~HMT@|(g
zE;wPjR#-Tgd;4)Q{MIZcdY=fp(_8n|$s~RQNhZum`A&Cc`iosva$otnl<Z7=-#pkG
zO5+>T!pR;H>VO?18*(?44GhMH&Xco?Yca&l4u@5c65liIMt`<Ed2C9{6g>XBW;T_H
z+nfyx%0;%>ZuB{!I2og^Z;^I?2sWr)q7!cDMoyE#85h^P-D_dQ@8Vr!2;lEVj*_Gq
z18*aWKZM(!`{*Vv$B0rC?u6&tAUbe;WIau~8=q}*d01qYKvu%gDKL637=_#I6THrA
zvC&Vq?prCHXDYq|%yncI9@L^X3o8n=oGtH5V-%_FfsLvRqrnhf)(=a6@*yPd79^{z
zV7NuhZa8&ndWH!;&|veG8tlZYm8qBQ4fAWa%jN~QZKta5*QqKfy*(qP&NUh7gfyl?
zC(mI`RlSQvl<98mz%<>&>@%QHhMpb52+;|ipV5)XvZ1cr*C-v_G|k3^zk(;CI7CQD
zZwB?~!~zXUy6gIS_1Euz$M@@>5(M@(FXy#Y;6NRHEh-@{Df^uUzODN0mNCp*N=|le
z{`9K&4lUT|OC%eyerY9dqZ`nYXa5wz5B35k^%)j8uI;tNF<*gihdC5*twjHb^&QR`
z)j%(h^h+OeR+|KwcTxq{?$7#5E{T<3#ns>S&cdN|cqu|qMT5eB(yu4`S%r=QO#6y2
zhoQChUJ;fn&v95>`>6PoCrpS+VPnR$omHv{v*{s*%4vM^g;{7P>WaPQf5MLN1A6jj
z9~xIwlPnrzOI8DK-wJmSfck_GaIJ!@@E34N4r#dIi2QR?4qm^2R{=wq4OMMB{tsw$
zNuRXp#1kB8h3pc4ka=?clCajnz)f=hO>yFG8D=Q-pJ|)hKul@FO!LpDMkcAL%pUs5
zGlco{gW|)PY;~2Tb&uX)e40+mBr?JiaYNsUA~+$Bcie+9NBP6CDJnj)4c}XCD&0;+
zkLA_x@0{9__3Jh1<rH%QoSE=pm6MZR0-CB5hQ>xJmQ6l?axoXg$o<NG(tfw>UxO$i
z7|bTUk#$F_A6ie2#$XTDQ)o$2f{YNXp!us#LvX!IYbk&@h#$q2x|kM>Gm12QiB_6#
z2|NQ7RKm0akO4@2&<X5fGZ)1d52&~&4Y}!oE5Y$RNCRs2vxfWhye#=!Rlg{=K*qe^
znX7oNr6&1*td|g6`N247utzRnZapA%T`-wnPRTqQI9Lk8JJtG!ETdAijPFd!Da>+8
zVT($3SmjlF=}djNvZmL@rvz1gIat()=-%zao$;AB(@9Ipj><u(zfcQM$B`4m;0z-<
z17(OX#Nh`5L?fCM=bH4^edgE3bXW$9Sya7s987Y5(9S}`O=VAdjG1KYTGZX%+4{dt
zN3Rl(F1t^6(Ammes*ugQ7b(VBY;?O!-eARvLgx_A{ImHlR|G?urd+z#F!9FWJbBw^
zQ`G!3QDPs_hy(m!f5NH>gG<j_J(C5j;H}lJyrveIORP_USbF-Hqu%Eh+?6P)T$XOW
zY`*$`y1*M_i|>10zo5@9J<3#lUT2~=MrQqWPF)jC!dW$&#wr``oys$ZvT{Hff@{}x
ztNk&Pq84xlr}B$D!JCC*$hr4kUdwEVetm%T=iF*of%(uJ(6?IoyLzDfBk#-KQ&iUl
zrJph3sacmVsi@ahoc1HPx$W4%b@Nc%9zOzqiV^V$yi74yx`t?gD1AWhzagKOo}NT9
za5{1fsSQBfa@)a*mz+37KCGaP8f6%5x%YXLcg6C#seXRCUUAT9YbO7l@V#zZ#F6$L
zDJ^V1SVDZ}D5n*Y_GNuPmC9#CU?wup6M&n;YCIjaP;+NsQUD+9Wv7UNa)YS(!HB7U
zH%uBnbOfzAI9$o)R!+4s`|clFBx|{zX-w_t`}IU6)$-l#-rv~lk>LX|T0N3<-XNC-
zk|mT68HCR)En_0~hH?lNR?E&omXQgEPKrYuN(N(ksCEYLJ;>R}hwZklD@!-TLv0BF
zOmc0hiw7F!+)-A_zNgqY7MP-2;4hee2TBQX#)eokNA!@EG?J&c;x}T!Fl58oAai02
z6~V;Hpf*LiTAJ^hzS(w|%7?-y!}EI`7vmo%u$8SoKzeFy%;|PKne0RAPTIE8i&+Dl
zKmw)&Hw60u(kK@JR0`<AU{S<jiDH5^!zM7In!;N{+k=nap5N`?CbK!V)SLEylbgQI
z@lT6fJ?3e+l^ZwD&8)s}xWer@FCI4MDng}EYEUe^;x`6aafd?u5lFvO;$*_ItdL_S
z%`+GHX1~9nx;m`ZX6f1^)5dKRfjpIT9+bMz$IV4gebvO%e1XK36|8cEc!>5|^hd-{
zv(OTX&@`Ouq&T)nDZ0<CUEeo<A1TuX1j+Dz46l*ajJ|JBM$4V&j-w6T^91-Hr$8Jq
z4m+&@hA^xkv|4$U!zRPIQqsQ_pXP0EG~b4+JaO);(j7y$&QgRtm)F+hw(plAPgb9T
z9yjb0)1a5Z1c8oq#zd?E%)x52CQ=(o$w?u6Ty}?(r>$T;_sijmYDx8f8bz-2S>{T<
z3SzMWIJB8-_5u@v2ywJh_v&+^{6B^Gs=D{ZVrj$4)FMOzr)_Vu8kh=32lBX~>2zL4
zn~p+#D#(s<SI0KuTJ$<9hV#u`^2o$%tScrFyiG^7ZWXB0(V))V7|A6}mD}E-A``;R
zt6ZwB%_p?rtTH#tZvB~m9r;EDF`4di;#*#4I3Ri&$W$eJONpXEtS?SAlUTgIDH?-$
zIG2Oi$6R=HmU8P^@4vHxl*SR4eDAwn9bo|>`VmCzirzTugZ4tUU-KbHXR+s6P<ia<
zJ*A^E4n?rFgCP;=cQJ((2Ps3KnP#0zGzUL(j4Uqm7IA_XW9P$vfnjypbS6Y_pyAXw
zX-%Aqo4;Z7%qjI_qZN{@Oqk4R*VJhY-82jhPlZKmcHCCMUeK7OYR#|6Wo!;M>H%yW
z<Xp^91&SG%m9r!s{FQ8_SrZW9`#^Rw?YJSlq#71y8ITh%_jA94%Rw}5@)mK%S{9#=
zSck|uH6K0r3@%}RB-#ncG%IQnd1mn%g)P<Z8E+365Txl<Qj+#$!5^^h15&ogS=vd7
zl)-G?`S~*XK{5#ty5JSLwS%IdFu!@HJ%&J1+uj9E8Df$h<R<jTWCV<kP;U<$BOPg$
zxN_rz7XZ9!WaS_R{^VP}Q-B&*@0!%D`}l2^z^V3=+g{gy83O_u@}kd|N0SFr-?$iF
z_qSNM*FrFyM35P+<cJ{*6ecoKzPbef1`nL%^=GxSxvXxat!?t&EnA6sE(v0kNE8@4
zVivwYjMx4z#-@FT_m#@;P_I`V$5l^RSv#v~!oFq<%cvbcw-R)#g8VWECw0)7elG54
z)SMSLouh1jN+b@F%T-3;(gPB~BgdUMNHrt>R0piNPOo2wMwUIZH^Ci4di7rg5iLYT
zw1FaiK;pCZulKKA9E<9$KVNtAvXbuoI`*0J2#M;jmR#(Y$>3z^FStiHo+jjokQyao
zMRGD<^5f+{2>;~H0)KeUh??9plpOsiP07)o!q7v1+Ar|;csi+P;i&QKjId!#*Ru9%
z`c2{IfecH56P<f%-*A%mN_n=}TN;okw8_m5>0nKc7AFd2&DS<4#oZiyi=OKo=AcG3
zy~`Q9hn5rfs(WEzCvDZVjb`u_t|{jz)&GE{zmSi^pKda3j<UJ@PWY{pLIP;riC|wB
zW5)P@a`L<Q6x_Di^tj|-OSUFWZgw|0%95$2zkr7a@h-6j6|u9}NxQftDT3OdJTT3r
zHtU9xkH~5&*x%Z6BJBvxbti1ykdclw9K^Nt93{Rx{yw#&Su|<X#$N=w{h39JMrD?g
zZ*B{vjhiO`lVtn81h+%9o1RFaebb$~U4#06oIK}E!qrh`KrvB-kwMpj8xkP*S3#lx
zW(Qici2uOzWaOOtFhRk%zWBW99M+Mie6zK!&*F2R1j!4Y9b^|VR9d{?qXOwr^5E-o
zrMn3)t#<ZNNX7e>{7Q&ylAN9V;Q3?ao&m)1N8gJVvcI`_Ntqj6x_<WYdOk28@44%L
zd}px&mgd<<3~>gkVso5>bO5~x-QTWdK6**6>s0=`i8fuaynqVpc?V&k&GEdiU6TFS
zoV%Zmx6OLmlg;`JVx=0&L$mCZx7?Vu0oV<l`Sr%~IOa0Rw{fg`nu*R~H3Xl)BN+^f
z!XUEp)nko8&Fu9E;Cj*+fXN3)AL@O7_9L=RQ2+p7-H-Ld0p8KqtKp+o@Ob{O90`H*
zTvnHhkx$t~3=T=`u2O+`I2sG3PJ?MjB<3Q*^;7syH%5X6AVQq10w@bUYTm=vkx!ti
ziaH#@Z=vQ~W+ws0*Bo&Cg*8lBus>$Pfig3tF4To^KCP*iN82xh3wsx2Qnm7bQySgJ
zJsfa)JFW!j6336H7ZS>0te2@U>!v^w>dQqHK<$M7p<FXSErHCS$uMW$B`z9L^E=Mo
z$Y2)pk@6jy%WN;ET$jgXN(10GG{uV`%^FEKD)7DBokRVW?)Gc#$4shWXScKIekLTp
zl^8RvMgrpjr71Bm-C;U)Xs*V8<{C?z_%|3(LM%M;UKqm4U`kxltj{iefFNmT;DiH_
zAJtPT;}!-19_?*v#Pi6(_T56Ns%87BlFw%f?Bw;MH>9bbA;2xW#(ijuDP`!bq5=1q
z2EfnN8&)($MDZk@UCVNAneCYM^x_WiBWli(`SAJ*xgIdJkfwOJ3}5PhK2&1^QLAGz
z*c&5wfWMa&Ma=lnvm*fL8G3Jx7MnUza$tMh2bq-}g8&+eV^2hurTQ*Stw!&Xn+u)N
zsIwrf+Vw-u*375I-PI*uyMGtqk};2NWc`oK>i>hs_5ROUR`TNi?T3$xUXcIsx*Z7c
zD~DAW{eN`e2Z!%@1R#}vNa(uN1<GG!yF9OOZhK5OS+D=sy4LHh*V#63^W`@SE5;^9
z!pf(LkJ1{Sr@t2ORoZSkZN21o9BKy?yI&sZDgW47N*>lTo=?Obdt<yXsUqDr=xQ%n
zrj%s0zkBSqAzX`-4NW^~{Nm2}yU$d=+SSPh?qUZqBSmN!{`**e&H8Gh@5$1~a0oG_
zacWa+>2%L4c2&~Y$g%VTZ-+<=q=EL2`d-4S^TW-`N{Dn0F9zB8npn)wLSbnC6PHrl
zekT)~BMNQMH7%J3uY|e*5=8<$k3}sLRk24-1qwW%9s6=3!@|6i0}!d)-`9b_M&+jZ
zkNa1ku<^}w4_OO;^uuamBDMXkm-qFRBJ6kw!JI{7oL@Z#h#FoWCsM!)mNf*G43=Gf
zK(#YcmpJroR5yn@d9y}^<Lb3vmKH#|ehLLsmgpvDoiS}JN&q^(n76pOfu}V)s!=J=
z3~$FHUnr6MQC`+=TwC1Y59NOS{Ch}4`tHvep&`3j>f2d=p7!Px)v7k3cHCb8OPW58
zy9{TtiJqO3sp)WM%cTle1@A>ngZ00}hdU96@OXS<YKFVFj&l1yXB-<jXwykT`fiZ#
z1z%Zz^ZVKD*tH^0%_fec55pY({mbPs*!MfD(ekLB!Be$DpgG;DWU{j?_=OZR(1u8D
zukXWdyY<k2zY+IpRt80w@Ag2XISzLwadI7rlxZc`4zYsd%xQ(CD|4YYIbW<x`_e^c
zfF#$GtY#qiHmltpC5S44SwwAJmMadE7jwy^6=n!4A=?V2zF4VHyNbTi^Vp{OJ_nH#
z7CXg{*W(2V(<Hns$u%7vB}#zb1~6q%FJi1_I{J2hu5LjuAIXz#VDqXGf_P<{sR4c6
z?_9;!Uzp3Ld+d>!L&E!3i})tQ)_NGtr4AYQ-=X-faJ){7l}XKTWFilQK`b3VRZHOZ
zMcy@Cf^adI&jEX8llkz2S|9Ix{;cPXSVC^eAZtAF+G<JGOVUI^%J$TQ@sd@HxB_!7
zE1_tA+VU6gxUq0EvQ}1wPcPG=kAN{KtgpJ7oT9+V2QX}XsKJl+8<k^!;=Dj#VBF@}
zsC)Wtkc~n;;h>HuO-8s`-n2NdFUEInrS37QzS{8;YN0sR7pmm}qrt)<vpgbLj8`0~
zSkv25wj9ebV(g-5W(|EEFHo}OhIC0{HQE|~gUlS#nrNU_ycA4k%-03nw@%>$g1yI=
z>1*bsao^``aBohd2Afry{?_2OeZ?llre2~Qm8e1V9fS+xNaRx1x9z=G<^GDT?d!2P
zb_v6WGj2#1A0Cbm{D&j*$$~?nInN$QhFIc(4i(pJ)+cjkveT3!G`wDL4;UlSOqdsc
z78O4%QdnbPDaSmFKqDEM2$RCyHGW|iZtt@H_Wd@$z1ho}V`;B3g?lVp2(|Rc9=ohJ
zPNO*+4l%0`6o`gri3loyO3!AW^lQ#68vnk-)98=Cr_^c%>qfW_x8B4ttfV)p*_@cy
z6`Sv2go4*XU=<&ph%Aie?50vOx*|n?Ee}TzOfL-e@n2tRJ}3v_ZSqw<Qjds2r`qK1
zEX6a_TE}C+a4Sw}$1P39`qUPK;MQU6e0}kCoTMq4PHf`}@sKd`?1MdL)(`SO#aqib
zg=l>yNpKKNn}<^+wG;{0UZGj{EFIwzk~}oH*!pUcLwRP~!V6y`c0^uOHNdWamttRg
zcXPf2UPCI*+sIJdXt6fx`-(aDKK#!<SceVw2)Z}dPsg`&KQ8lRu2^hPhhK3h`HQ#i
zBz$eMEv{hiEfH9rhvg~1r@Muu&)TO|Qa0_1R^ivzeo_6A=m*eIqqyOafd5sw_}sL8
zotO0$T;Zx}98!fPAt9h=<`_JGn6wo*@HFE4=5UM@b>~%}n88seM~RA2xJ+Zf0k^Vg
zbV-WAZ*6vaUhbYg)ZgKdZM{tPxW629G4&Rsib?_w1Se!y9~aHYva&amM>@yZ0;+V4
zD2QJ<GNJ7I<l?($mCiNhm#;UkH#DnH!m!+CBl~I;I?WZ|pEFLKY&|!BR(8!SAZ!dG
zDr)`UK|3V>7?cX{cpfC$X5L(He<$;O-9Wi@g_0@DCh%L1Em8(rE*Yp+6x7R+t#l^7
zszjE^347uYp$pPT?%}m!Z;e0)_V;fzpnhs~To!j9)-k@6K=GV6yuOulmByzXAHp>H
z1x7OW5{)o|ZPKzz_l_rj`uz}s=B{vl^;tiSb2ijU_SfJh<M-fgvc>sC-UTG(?R!GS
zlD{(UfN7~@KYug|G&*#<lU=bfvDa0a;L8_-4WewlJ-(p+GHT=;gY8hz>G*ggv7h*>
zbL;wb5*pMcTU$(jLy<&v;((pcLMlBQ4VkxU#CaB{O!e{yWCoUh$VkTvBSj$qZ3hS=
zB=g+)>2ci$ni9Ou`)qEj!=mUZc?O)vfrED4QrX)vq8g2~NCfwFNEnm06+CR1C%4%a
zZE+y+utVB)_v<I6IGups{3RCVa*_L5%s2mXu6v5d9>xNxOiAQ*9faH}p}$<Eb$<Fh
z?Y6b~11{S|;(IuMru*X1v@rYo<aA=onY3_@91R(D{N5;123MVY7u^dKaYHYy!CE})
zR|IO*XzJJScIx}3tr`Pof^3rvEMQJ1$a>*cI>aftt(Ms;<gTN`m}o?d#r+mS@aQ)`
zut9K`A#3g8c_4r5S)MjJqw|%;mfP9m${gXihSC+Cs>gwUF{^2t(h4upxm`(yBRD*i
zH}&uO2BfV)=6IkvtNF)n?1azdxs>nwx)UNEKO}?_(ZErD)pdsgahEDr!Q#AMtOG#@
zX6FetOU=b9RQ^>~5tG<DVofj-2Xj=jJ(F5sR)$!xKCN#-7{prRk4<8d7(=O@`ty9k
zzKd1qR)xQRB|K%ldFnnop|k-W$+L~LvaNHRvTYCCMy;96Om8%-wjv5U9=|OWATcq%
zn$*WNBa6F_g|tuttGx&3ueW2iW~8KfH}242?dyiQLe;cD%{yiEFL6|OuHB<H-gR=(
zQ=p(Y0ul=vaprZuC_{N4^l^M&;p*i0gNTwdKU!~pxlQ_actUwTgATr)5lLCCeLiOw
zc;D2Hl+eIe43J?-2J%1(VRu86$stVIKm_AK@^E$prQ5S+*qNpAT*akD8?Lt-d|n-s
zp?H_^aQAyYxZ5lHkHVA9Do4mPh~9%SpbL?Mf7T%#jbf60N&H60L&b+%uXH30+(GYY
za2v^g*d822?s{}?_Rz5C#%|W2eC+7Bc`%xOXHbaCh@)A+ZXMoKe;;DoiH@}wvBy-C
z92reWGR%2}f8V-O(P($chlIQvodi+wbCAO&{G947=Bsy;f@0H(i>Ocv5Ued0%yvKy
zdfh;gLHGqGy%rU|4l|^VVySOc(~QRaj9=h?ctBsZ8uaGd#sPQ29%J?SZR3n6{>xlc
z&p*vTYL9(lwI}4X(=IuUqh=yX-NeMBVWM}i#*oWhy&k{bj(JAzdAnF9hu0AQ*uG-(
zyV!AYP5Ng`a~Z9d?jyN%|9cv;NT%xm@_zf%wf9skp+?5^F<d0r;%aTY0Q!7113r*{
zLzp{g#m$FUw9Mj?T)$;=;5LLc9!mI<r^iR(#dBzw9g9-;Wub@Z^8+(2^TuF%8jts}
zW0>-GfW6+fExy&(m+ISE4dPb;zeYAI3&hBA>f=K(!~Wdwm50BG^^f&AWEQMiF>(-R
z&ZJWu&mGZ)v}cqvvmlq3sRqcSnDkSB4p-!1XGA)^WH!_Cgw@DFMA4#P>m@>^aDx;C
zGo7B~GEwuWA$awAAjK7&ABR1NRqW?dMSHI~Uzy?iEBC@uMwQYiO%Mhee<OZ2^r;2~
z?ml?!<~t6R*OP%{RDM)&P9Vj^FdjFuF+5v;x866d8huRr>OUa*N}*hNq_?|&psJE>
zvOaQhjUXT>XtX6wEta3Ed855v*#Hdq<pq0`D5>3t*H7DT1eZGBSfcnElD$mHqI*G>
z@Z8Z74dSY3r98mJx0IE{r^KR(M8n8%Qx&q=kC8DPq+;MvLx^^>VWOIGk#G8u_@GOO
zr_logGhGJ8p5bF-cx?K-uAP^E)q3u>gEsDOAdB|ek8>O+oejDavG9K(jaqm|`t9Tz
zgbj(Fw(r3vd+qbd9NZ3ow<j=p9kX>w&~WftVeL#wY(p8&skaw_RgZ8`vpI%c&C3|x
ztXZDOl#zo40W50Cv)zOxZk9LQm^`~Oy{_kFj@jsZSz3wtb;QVuR*n*XfId^o_$u%i
z(D;GqsE6JK)uFlAOs&RDy<OgBoiQ=dyAU9Q<asEp>TAkJ=}a=O7&mCyfRX-n*Vzc%
zAG)mj>DZso_`228WztJwJct5eA{(d@=kK`^K6-w?t~>C%t5b&iPpW+;Lo#&5oG&>$
z6u8hLfr4$=^V90Qqg^V0Vh;b!tE5B}m#yErg1QbL<Vfa08g@KjH!JH~Q+(e?Kd#&!
z%TKQedy*tm1!qZ2AGtRSBo^WRN>fKb2aqOl#y7F{-P)&Tuo*mGiIkzDl_|H$V?0jo
zY#7FTS*OfKW|xds>JnoAMIYyC-*QhKp%&wgH2MXOSVPVb5Z1<j>ASVQbw|kQdu+-(
ztZUnaJ<#GiEsX)9bqLN#atcdJ&;G*e(;Af*wdu|F%yVe|ko9haLFQg$cql1|YM9?s
zdGTuN08K!$zs>}AyxB(=Dt4010r%*oTBxSH$3Emu9%O$}(oYTz9Y}h61Fhr9CE6>L
zyP6vZo@+pJKW03|^H##be{8WF#piG6=-Z(}2C?07(PtP-=geK4uLdN*9p(_OUrd7-
zSUPjcvg7Vl)gIl~U&ibj$*=Zc(J?LNvZ&BVq7G+2p0U~^jVe=wNEH9;H+n1&Ufl`a
z(`CdK{c$Tx?X!QL_Lzs6$2$;@WbMvG70Mg>_3jy-<ut&cdSyu!f1vqT>%3u&)uzr{
zbzij{_I%NY8i*;<0H*yKK*d4F@wqTrPlcZX_U;C{JDtHJ4r_7<XM6D&l|qM60`d2^
z25g!?Xw|C04aYQyAv@O4bw{L_ZObgnuRV7t6={B@%AaKoG@6pj_QSJXZpb>VaJZu2
z5(e37-7(=%OLE(_f1AoQRk#?vN#iz7w{mx#Vu>;Cr^CGdwuHjX9f4mz;la<-Qq=@B
zX=SbctYEobusi-boT>D&X5Dm`t%OWewsH;#P;PVJt(PRpZa5q9wq|X!`o1|4&DMJv
zMFiQYH_fiKaQ<s2@2iPh)vz!i$6W^mhB@;4EKyTpYQMDnf0+td?)p*jljhKp(#&B}
z<C&tE{+MOd{j-2cD~%l;7QDYdYQvt4tNRP#>FcSvB;b_1^;-SpO8=d$Tf*BntAEP@
zr3mn6(C#aH`}S12m~p`b`X1tE&`SJq47)6~Bd<oefHewTtwFtn`X7+)0rk-8R5cFQ
zBR)_>2k4#Wf5}u3{=pH)P*Sqbu{?;CczLBB0IMU9nz9-53FjC4#}>hl5by185Y+#I
zq>t=12*Mv_XDaKhXttW2Nm~c5K#F!M&z~<mJn&jB6rbS;+b+1i-ox!HIZ4&84y%_F
zTDElWK5vesLq5|Sd}vZatsgb-FTLFxgC|jrH*IU1e=R_na3{70OV+=uBbl}drbO`M
zzu=QljtPCeI=egF9=A3<uXd1nWqq)kGwm%-N4tF03%7u}6!RO6P)N^zX_&lz$%IKB
zOOV;isf|z3`3^c~riIKQQ~$TqGJH3()$h>QS|CiI9sgFrRZn3@2XC8Z56qY4O_L^k
z0pjw$e-Nn_?H!LkHZnMU7=phi89<QYB7frgjHvk1YL6cabom7+(p%05<06<Ul<VU-
zN9glo(yuHIa*$;y@!gj6SA+OW5e4!2o}zGCdF{zDW$)wmUSAYoi(>T@nKnm&29&j#
z>%Q+&abTUratl8CLur{WuT7FpCUe<fbetl@e=^y`G5g5e?c!0psricw39bu!#|BsX
z;uoS*som$LAjO2h>!8;hxU+OnTCE~{KULce?C8R{e8#bCDWipsRc-e`0QoZzO4x1!
zNrTDre(R~U_9ez}Re8MCmRCXe^bv*RJo6-nXDVAT=XN68x%ZI|6bUs?D3X_*t-beU
ze{$f#@B6+n-3p`6&qq_10LsW~b`YweQWltirI(+lva7F`*9w~r$S{H***2Up8h`Nk
zQsiY^G%qOZ)yRN)qJpoLXJ<QC<2hp91p<E&3EB|9Zpg4Mf;m2G>>gCo5mnvX_Rv1+
zLXSPgu}CpmNXwCiV*<0e@^gMq^IDo_e~2#g)VXY0OM!hfJF9xcD)MXvA>02wA@xLQ
zCjcnbUoFSe)sif)UM1}I(x)+N)<TO)xFQWib845X%FD#WmCn!~?5cK+Nps$EvsK%B
z-R3jACxCa5q&+`mIsS;;dURP!rY5nHnXyu$$Z=*B^SyjrXy%RO@_}q;>kZ&Ne@O$&
zaP5hyOva@7RBd`=(A}<!;`!?=rNSFQp;wy3spdVf>oICx{N+A6@ns5fo<{m2R0h|c
z|3Y8BL_(98TEyf!?+^tIz!*K$j`XDm=W;dBNGOM15ly_KC=Q4Riy;8Ba$ELXNoKZe
z{raL_Zs~zJSpTi2{Pb~g3{S>ofB8yg^Y?ge92z(IBb$y0%vSH(5bWYzoc}xVoLUF#
z_N3c+7lFC;t^r4=FjeuW>Udy|>UEZ`>82;-aV4A9<Y{u}#NQ{x<-+YE+t&ND!&5KH
zJV;kbTP|WBByukR2%0UB1QzbFIIw|=!iBZxfp50!i40gv^yo&1EU{f3e~XzWow~jh
z0H7r`=*rdPmH6pWpe|c%ct65%T)po<RK0N^e(Y(kT&dcv6tc;GFFCH<hI_6oEkfoC
zmUi-g6tF4s_;5sTShPh7ai7nTeC)PW&)j&e!HGDntGHZlF*TT&o#5?+&g1wAW)kb-
zVrCRzB6&^E27^cv5IK?re{h8e7DMmrjgU(a!3ALnRcYBE6!qU+Hls#G#hqV?B8pF>
z6X*uO27w3*;NDlK18ZcDn{p;hm*n{jzZi}M2|~7RP@1%#;T`<<ocj*k5}miz`sFb<
zgJhx%$izkw5N0zD5~K+~=-0FbKJj4atTDnn9M-_-*VhP&9ijR}e^Jr*MFApgv^@fG
zQQi*VZ^C~9d*T<$p8O1d&%49Zuyg?)5pV%DX1|TV<!k)VNmA(#Ov$OX+hRZO$zCTz
z;ixZogGJ~#bMzci-`oP9_EqK`&m^M0zhuokxqM8+<F`K(!uhr(R1-$5nSNF+pLBn5
zHu+wjliP&mlXoU2f0AvpvAa>*JvTrAo0<@Meg;KDE)A)>rsMOm=VlXCEkV0p<kC>+
z7WXNO$ww_(&4jF_ntjt_%kkGC2N!&)K1&^ofCdo+nzCSdebKvaL%s8EOz(XCRDNfA
z+J4fMBqR7;ujBY<eWLt3zIOdu5FB1`!K~(8*GHJc94qT*fBtH2gBQi2kq?W*`K38B
z(Lq2DJb15SF&m&Pj~s&t8Z^KIta}3j_NO4LC=wDp4&*|@;<_`EN{RJoLMaO`Q08)H
zhVjzM6-4UyI`x8{NG*bpy9jy}?yhGJCBw}-Y`wS8hK)Y6k!m0Ew1i4mW36EyB^iON
z{Sol?gk1*we-F6v%aUfe=&)U(t<`4z^T+*44*UbR<m&Wg=`!8tcu&u{-&+HCt~N0|
z2#cVVp+&x7QXAEPD1ADMq57{7hNw+P#K37!TE$uW2a91VeVPIVq3SqOX89xzg|$>_
zcJ0xq?Q$hMX$22r@&rgOgM(h2cHLPCo{E}EJ@W`-f5-q;a(b_6Z+I0lB;>F^eNj4`
z3Br61>seJt&v)(?8BO#}K0Jl}s+{`D+^nLfD~9x0+AUgSkRs%Z7I14g(ffYu#Uz0I
zGDC0dOQ^-o_EVj%1?LVNaPcNy^vD(ldzSbpGpshFte={T){z*By4_pIyBK&RYMS-Q
zqt53if9xN2)Vbt^ulJ`M@6=CT-=Q*OL6lcQ=;6OAXz0sVhbjyve1bZA!YCoO^KHLt
z#)V{xPzI~kX=v0ZwzfAS5?LsjaS@(2zX4lwBr@HyoiV59LdTPiuVlL9J0Pv}1!U0E
zSyg~k`*@x!3^YBzaQs-JtgO^26j)$E3^IHRf4H{qL-mzf8tkq2TY@z~;UPJ>K~Rl`
zvlB5*=?dt*ZP(~+lRcK+{J8A^gWs<iAwmP?Hx$h(dO#EmH%<t5n?7p(ul$%zi=}hn
zKa4E7MPuM{EPYi$bOeNivQ|;Iv+|_<NbP#OjR)#bIONieN&!da;SBgkDI!fJ^m#K>
zf6$BC?VE&uu1|?J_!69za@ny0vnm)rZ25|u29Tu&qb#dU&WHK3@r5u*mgNnO*}4Za
zRXa8)4$(-46m%LRf=7)W;*A8;sh)Fb7{v_1k&%McfJ%iyH6_@2j>meD5UjQvQl6z*
z2Ci)VkC28#dg3r%)27!kSr71thL#8bf3F}nv$%8(>K(A!077Qfs>|zZh$qJ|{jwSk
zB$u^?)@aeJTVm+o)_Q>f^(6#A31^?@boWOjS4dG0!nns2Pl}lV9t1IZ0c7l@k>cDd
z&d69c^mqrZPJc&AcfipK{Q!eHYO$VDmU@zSk9z0S92KqcATm`dk10k8V~1^Of2Zd&
z1Fakw4!>T|=oxsTAu2OY^guc@sij$=;3Sp>IfAkUKN>iXNO>gczFbCWsf}e1r}Csl
zd?zB`-a*jZR<gth1k&?BcqZvG_rQp)kEfjcVy0?0teDUcLm8|}*4|4komcN{L>CrN
zS<+DbZdOw*6X{%jg_wX)Oo@S<e>{jB1WA)*r8y_NeoAkMPbXq2<Kg+4iH&34)1w{c
z`GN$42y!oZ5M_O(R)4825<^@p)Nl-^pce%gAzaBr&G4f!?UF28tD4exs^9?noz><i
z+FyD{Bst<kJ9KfdL#yFp-bp3$7LWGtHB0S7e?VEuF?bpG#|Ng|dfVWre<UE&FibrY
zPh|M(Eaf5F^M^2zi&2oCSCk1#+|W%}J_8hOcj}*<H|U>`6(ask3S8dW+AkT+anr9*
zQ4$@3v-0WKN}G7&VZ9JgW}qyVrwz9q1MCY&WH~Fqqbi-~#h*Wi<Z?2l0&3E_3aYAY
z*UnUafX3Z|R-NNZsNAnue>W@g?mHD3=;x(keI3$;i-~TAt*bc;OB<fE612Q=#=PFf
z-n@B)hihdKL=+~R_{F>qPN%iJ(_MUSRz_KGh%=e(A^wo#eKZ;)BaC%U*%us0t$2^Q
z?jq!S^=?nlTkywn?g-e{9zBSph_k{<{ge<UuVr*h$6+`@@~$bZe}gdYf`zWx?|M%R
z@<7*-Wt+|J#NtOsic7W>&DegmQOWXI11V?+9bBzf|L8@md3q~uStnKjUohb0D*ZZ@
z-S8YO#CzSeoo98W^$$lPn}FS5Zgje^M?=L062pRtQ4LLoP?5>g4;exD>#cm9PS49g
z;;@r|UpgKc;o<sWf7yc!XbgB8?IV+BOm3OO@ZSaQjx08weLjDc5pyH<p!T0U;YVGq
zU244OU3V=l?gPtYD(St>ueHKC9vX@hh(7ZnQG*}c`Veg;z}sIP5X*q%I;v^^Ef&`t
zcMK}tZ;rPq&PZ{77MEiKG_GM(h;R|2TIbdQeEijCHo?Euf3cI--NCc#*9B@6#W1)^
z=$h0DoL04{ZsB1}#c=q9V7U392@IvlT}=k@=6(`B^x+H!2k+|hhY4wQEPvDP?vE4B
ztBlG;<g7%O%IEcLJmxdB|1c>Vl=tjCcVv7~RS{$1`X}!ka&p2nS?zyC((cA**pRN(
zhi1CzIh58%f2|{AAMcYLVFyY`aqolbmORuvCd<~Ib`laVuZEZGf#LIe)=Nx(ye45x
z4TtEn?qN(LU97^D(L_oB#D$zj_`C!Fsmu<ZdXL-wBp4&%`nnE~h}T;}?_-Bb*KdYJ
zHuS50G8-j-TfIY3^(&=fl9qS?d$d#)A7iRvWr-Kxe}mH_u8)8-UMbIZuJUG|ozIKc
zUc}Tiv*@=(-n<qwh9Nq=h-CI3D3JgGp8W=)#zw^Y*M36d=k71)?s_n-&+65|E~AE?
z9pe<avr~PCZQcrHyo$M%y1_$;S!x(PVJvf2up*GVB12gqMDY8S&!xfQ^8$#7*-Glw
z0X5&#e;HNk%b_id%hgX&q?88nU2)G8D@>o8&k65Es^T99aZ0)EN7&N_*L>e`TBd1E
z2qvnE`#@r=1w5`L=Z#w@lKc0k!cct=&za0?S_>)OHve6&D~GeQ8Wl%S&_a^WFg;5a
z*ikLBTej}8mldo;RArRyHpXOjlTQRT<jd{Ye_KbhGcUiRj#phkw(AK@8it2`H-oM^
z(lA@Tk`mfB)|2h_RE+Q}x821ov+oxb*)4xBw3!Rq?hq#K_6w=xc*?Bj*DE>y6ZUb1
z^5_qD;`k)n_W`n7IBRjDoLi8D>Gs#CO19PSaot+Bzdvuet!R(4?eU5u!ZT4J4>-9-
ze~7zi0(6j)yYDa2JU#2Sl~akCLu%g%fE$hLlX2o%)jQcksl%y|ZpRb4aU`X47p;qS
z!%f)uWn^M;$fWyR1coO;h71BHIN7BM!tzLBN5fY-s?%wv3aKnijz9dQzq7vJ=yFq;
zW%FIP1em!mLY%P@H@kYVIs|*8lR6DDe{f&Y2Ijt}AtVQk;DGH#XoEH>G@je-*ez#-
zc4tu!Z&VSA#(c@-bfgJ`2Z#6SBxHWKUM?zQx>^4Vr|uM72^VgQuGqF$(y?vZwrzK8
zXT|K;PC91CPCB-2t7G5)?z5}T`}rPc&6@Z)M%BQ)R*Ds~*+#oRA-N4atu?Tle{gxQ
zN07+=a(M&-tClk|nU(rm9pbH}Ai=E81^05WloT6psDujNFPmtP5evA@kA6!~*9k^{
z1^&r7-tLaA(>WL!j#5*lK?FiWR_ozbhN4-^r0Zb)fUa3GXf(*;4xC2FKN$g%MYx%?
z-w<7IPaG!%5OOg7)!8M4_kPl#f4zx{TT8-?obM{eVdUNYu9(VWQ`u?|5Hi2YBt^yz
zZWz*W@b7+LG?X`6z@BXun|AC>A)=W33+tPbtIYGL9?iC;m_aK+wX-l`>{?!Z5r$!X
zy?rG)<Whq?VvfUwiV7*vw`T*uv~Sw$xQZ_^(SKc2VsYEzn0^JGHITvXe=|DRD};3&
z1b+NzZ{;kpIHjr*FO3&4`!%k|V)%mvxpXWh-%n7j;i8t0ciMsT`mV+Ros1f_iXwgD
z=cHQQ;7&t|u4pta%NdA_pupm!u}0y)&Z>R4R5$P0|B8pwhe=ZuX&gM)c`eJh=b!%B
z`^6Dgvk?_SdG5`K3lfPdf6!E+5@^d1?Vl@R!>IK<wOKiEPv3gfl=xe4&S-b3^s?Wp
z@4_K6O~o1k3mZ&*)GY-A6M(GW$1c3>H|au%=u6^r8-fwCTh2k~oLZ{eVfo-9@5%)1
zdN;&RaD<!z$d1&|tzzSKRyA_VMBBKB4TBe`l~9L>1R49Ko`<4Pf56=fR-x3mKmW}!
zGrRb+`LPSQnn+g@yo2P`tQ(+nM_-}RADGIigWvu8L$AhVCOn-v&l%Unmk%wAM+ma*
zf{Q`>#dY^U9^#P0Drfkh@aow!z)}Ub$5{0*=$>+XQX)p%`+7}&+XrUux*K%IDk-Nc
zjtsv_?K(OT`@7C`e=Sn*F!?8BL94}yxl!<4qcK3cZ~d=^@IHHSGBm446<^%Ja*$<j
zWM@v~UVpj3poV%tdq~PAf(`&&qlzf^5$0q{56nJ~Shi7l_s&^~(Q^T@r5vZo%bS|}
zh0I=V+U~p71DWp(@>~X$5YKTEEGHO>++ytCFUKdp8yH2te~wcJC$rNtB`6m05;L7}
z`@0dewMF;njK9!G>JGg7(7IvzYx+`<z1@e7ch&y=F>CKB`TNaMRWIPsFhiO3EvjE@
zmko1M@)(B<R5?R|VVxvhfsf%+$5*y3KfqBz3vl}%C0RPDiQ6fjAH;luNgf$lL=0-=
zLgI0jrtX&ff3JkcTYhW;QKq{6P~diI=WOmJ0?ci~7td4Mx*Kn9LOV=p6_g+M9qC=M
zNkZS5T|WgADYn%^ie+26<Af%Syr7-=79hR9cuwx~MXozO--_|$oH*6ewN>{R#y2&j
zlBGAJl1m5^VuKgngH&Q#$&VkJ#I$n(JH;oP_Ziune~(o;{$<&(L&DW)+8gJq^oh*F
zcTqftu3iDb*5(;RMqjkqg02XAFOY^(FszRpyfy&SR4L1uyxPNTk?k{&zQFhzJ7T|s
zDxWJNBuK3KEZ4fKNyW1G7)?eg5`8It-s379rShB`9cE#u#VP`(-&Uu*=hU7Ulyg_J
zJ*GT{e~e1l*1|3e%B-NVe__M(FBg&?-x~?5N%9s{BmqM_U&6x?rfBNYq1CaT?ohp%
zY|oIp0cB{e{+bbAC)7Lc?^0=;*>(1S)}wV*b2Fcm!w&LFMOVGH{vHz?NGN&DtdLgX
zry3>~TTT!G(kNCllY#8(s@WO8EtW$J4v#_kf68{euSHzTD$rR&#caWn5?$AgzMX?7
z%^4@o|NVAjJ*R4>qrj@)Lm6_EhHlj_UJnL(8@VgoCZdaZ4eXofaJlC5rP}hK)P$1C
zO%gTY`WNFw^46?I-QLw&e)oPKwVGpai|Aj;T}}`CbZ7--iF>FIRlc&CDGlN21`}cZ
zf8Xuo1bSQqqR|q!pUaIN<DYD#&^STbVN#J1j_+|Nxd@Q*Y=<&bd6R)SKbLD?cZ;Y4
z6iTpT5~2EOz0J6*1EJY|3VwNEHE<qTV5K6;E;pAN)S7F^V`o&>MRO&0ODPTqnHzXT
z(>S^G<6#$)7LZ+@(mK5vl=?x}$DP5rf6k4S{}U3~5JTCnmwx<Qt}<t`11IYnNox=1
zkAa8c9YkgNRc21{!w1-z2E7;LikW$?4FgsUkWMp3Q<c{I8VM>B0rj7SwGwz=&bc0e
z?}~g$0-3m7Ilk3m9X9+V@>}xnHGECUe@Y?_HO!Zei=tUpsj@?lz2XWrOnPT-e^UHR
zONIi3A#$etrHgK6H@DGGf{5pSeh2xYzYzz<9VqY>-@2ZB^pgIKfrftFF}7=Rd68$y
zcT)2$l5;MRmJ?`5>*2O^te#XZJ$*lf_r`(68q=f;%ATQv$t(yl=dvp6(cAwI*C2pV
zpqr4T9|QwmJ|iTrZ2Ba>Mu0f(f1dZf5+%ABCX;%68cxD@3@~Ks!wCk!46NaY!e%^_
z-o#OJCw4F`{Z_+kV_ATzb|b*Nvo?O86d*3VaKC!wTa6NuP+POY`ue(qe;7s&`1YMd
z=V{S86v%5Sx5SzU3vTpkC`BKB7)>*@J9|L97RWifGv`OKljl6g1{0a*e~B*$g3<mP
zQd%XxTkVKAm^Vt9<W3Meg48$jLJ*<P&D{4*v2J>S6K>Tq>{G1bt1Tyyr$L{jQJ-c?
zs1pAxy2XtyH7Eq_<6$b+s}h}z1p!#Yb=F^n4vrL7)dxCh;5*^+fF&V{FM0-;eZ+|=
z%7NdC8>cO~68mdTuj6=)f3xZy^U@kG)a4S-(7tk)RmhIfUR7b{h%o+=#1~!|!p9R6
z3+rQ(_Yu_CF`HM)<N1~vZ1AUZW(uTAY_gi(j}oVVU5|6tQSr7kd_)Yzrbo7Jt!gUS
zlEpN(W+5%5M_Pt$xKsWiPKFN@LJ89gGWzEU-EKZjh>SI$>+e0xe};3s2X4f(Ua(bj
zR8}U1nArq{CM^Fn16EyB*m42UB7~&Ti?BJhLvy&_FH#0!dZnyr{)?$`UCrPuMyF%|
zQK<xj8n{n`{)3%ti6wk1sU?BEy1NZ;G*H}}0rl1sSqNlS2FI6O#fOmBz7rWvJgK#`
z29+dOFc?HqSg1lte|6x+Ri#(cSZH~G)Q4O3@g4LHqf2T-9>Rte`TwYMB$@qRo#Psm
zGoe=N$lZ7QRw%yA4`?>Aj7*FTrpYl@w*RatJ=61wnJwj@I#VW%LT8@YZRg(cS4|Z&
zE(Mj*(hWhG;FbV6ztq6LaJZ=l68U9fxrU#VBIfK%+q#R-f6RpxWIW{Sp<JsHaXM1X
z9U)$>JQ<I|Nmf&GNd@2bd7PA5OluExEmB4jk|>3yMXR){s6#M|VCuqv1F#?`(klNU
zH>j3lG}|NMqN7d_l@=f^{a*=~Inyr9nV}Ci#FbEqkUM4}RAmSQ4;HLgpNbW=q%c1-
zTw(@>JHK$Be;O!Uuae_g&g_vFJ#@vo%a^49xr;prj-QmENUEXo*hzhT)RY$WSa@Q0
z101b0*~^9~=^PNy7@dWyp(Z!xM49L@zQ!r4U@VZx{lc-!GejgzKNKP|AIi0``OQU^
zX&3Z`^9*QpW5vY7T__`H)Kaz;B!nZK6z=Lud|S=0f2ivPQ!{`!_f{njFqR*5V|$e-
zhJ7nfxe<u<d&C|02&@VKPYJUo@<L{*2RFn@&ZKB|_y}d+5CXUJLX#ZmheMRW;qVI=
z{G{Fw9Xqmq=n-xFfB;S)D3Ij>tFM(>*|UTHy<%P#T8o1g#Y(_RpsQgZ6KUNR*k535
z-~*uPe*;~R3Z78`&2&7uwVMj5XMGbWe*%!06AY5n#gg^+*`b^2NOuA$gDGzpP#vI|
zpbEi|fI8QO0zz86F+$LsUEI*h+?W9W=BHx&sQ{?#$mRKs;QV^N{i{I4*UgPFhpt3h
z9+?ujA_n7RRCsGZOR4+(@;4DLbReAh^A#8-e^oI8uP${&ASss@EypphuG$Fz%fqT_
zApzL=7HYn%FOB;qz5!fEL=Od^YQ<$nmNZ@b?CbLP1Q?{u9UUkZX1u~I>HnCjaRNVX
zEJx3EgU-Yv`8mi9^$1*sOM=!H0lZMqU2O%Hw!C;7!@X-GqLG9+<D0ag2_=gqd-7ef
ze=OBr*zkF9UX^zxi7&{G+ZFzSA3%H|wcb39aA7hV%g`Ge5ftY)I;gK>{v#UWVBG&=
z*H`ViTFi>@d$q@C-edfZo#;z|oLW^M`j-OG;uecxxw+Bxaz%&pm>1r)Xt1Ym7oPk&
zXf}?)oaia~BQ%>O^LgIqBeP^=Tg-wDe={wV2-2wkzM$?(J8klhWMie1H0{bMb26S5
zpb$bF;V}BVUh9#mCwydZrr@kX$)t<^wN!Z<piWw)tU#&Fb`(mV=Yi4wU>}(@z6)Q4
z2Z^dg6cN4+^AoePSNh$isWRIY=SacYgeHvVb_oo69mVvl+52#QCly+TFP41-f6JJY
zuRvtdMElJ5)^S}iPhnKXNV2)4eOUQS5(-2c)<A7H8W1FryOM&C;E5}PSey74S{%HB
z6FuP_c~EwzhG*O$-}oWtzVb|4-UW$!72XTHN7QIyk3P?bBl87D+EO4g>A(Nqt&lYm
z(-CEOjhkqX*ZxVHR#Pf9StqG@e<}>eLPZRL#YZa4l5Ox==hERgW?EgJLmtd^ffDB=
z{W4XT3SPNpws-KiZ{nQxYvG*n!a=vBt`3pq0#?-Rf*D{iTF$*((5&QLGUwoFc}3dO
z>`UB0(^cTzFjqg;sfDbfv{;;H;wv!})Pu>|i9p=)gLMCLDq6XW267zqe=eE)VHJ~N
zZs-Km?|~uz5Y6LjvDhc9ar&S;BBrhu9VD~$13@a+RHkqg2Z~Dc*3|s^Gw5s<5x@JI
zKvtGr?^-elnoHl2H@l~6X+LTTYft=uhkaAI>u&-IHo8o{n_CRtz?CkUa3?YM3W?46
zCVz_*zpHS)0t@<JW5h}Pf5RUT0}_O@rQ?I8e-vS>0|5%2JEcU~MtnJ64=jiO5J{K4
z1X|~#kjlAZ*>%@%5_l~iUdbon|Jk(#8ZqyJsU-G4nOV4B1Zs2-5=B59M3aiAaD_5p
zm?wDPMm4wXA?MBpFuF(i{&fm+#fc8$Mw6f=Vl&rR5MoDEbY0z;f5e!^eViqW{l;C|
zltKRSt2Ua+a$ps~y0+JHgQ^6H8eS3zO=(YJrOEMyMUZz^&y`u8bGD?fpv;{rE)_Z`
zZL!kkXel}|VdL}yGpwMjn*bjaT+z?mF{QWlAhjs8W8%c3#Iv9@DfJsJWZ(|@N2bB@
z>`aMEo#o`qj`BA6e{f5Mt}yVJw2aL`bL9j71A*uX`u>p3ZF7E<c`mZTa@q~|>~ipk
z3<JfV&aCV^$CL|mr7#SD8e`gp%oX-hr}90p*8s&WJ|9RyPb^zqxnxq(gy1tSFZe<f
zoBhN#ZlJsl3NZuX4@;Zn>R`NLrB44`O_^LUM3tF=U=!vDe=Pg2GPj$^XK7%1V_et*
zB^wZA2>=ob<{N3i$45(lTgE)02@@q2CC{?>?mFQTM`Dvb_DKKm?Vf_F6cpdKcmd;D
z>}4mC5Rq<fe5}}Iu59<mUd_oUWZw|)G6Yb`cNidG%LVxzzT4M3oaX0tsoBg|DE4w;
zX<QHrWrPpbe-I_#RK#N4U5FTw2iLtk&MKVebBvKMN2^=NV2}7sSL@KBXU~*J&ZE*)
zjl_gN1$p0)aAQV&K+#&p7stMm%WCdqlR-tmxonp-bgyOVpx{vt({aYX4z9IjJgtpO
z)#hXo1%_yt^~g$g5^4gqpTE?z2d_=@t_GY3_C>m~f4)Icn1oLp$9p8tY*z?Q^>L${
zCNSwHq3Guv#vI};Flvr`b8b=rpqpVL4;Y$f;;|UPIVSnJaFVZbb7+*rHyYe=<*it8
z{60I<>aBl7yPua4xNG1{J_Ld-Ie0&}jWH_SIh*k5To#pzMVO?qQ=Gg>(6;yLf6G|B
z%IWnfe-AwPTAqb4eGOOGFt_ANuZCKKMJb6V$*;0Hvp5TMGD{W{Gp&ta26*Ml=e~jw
zxP`ZJ2l-4<t28$fqxDW-)O|9JVNmj3(jG@ybq$eIerCx?1#YKtn$f*Fh{1}npNcjI
zl&w6^YRQ|%+|<kcG3CB*jg8K{o@0p=kf1btf1}_<c@fLF7|@M*i?en|MS4#(y(%pW
zym}|}fYU;hQuR_&*ChVn+;UrSXm#3)Yt_v-s;9~b&lbyki$a-az9!B#NT7(w;%)AN
zgDn*L=c4LB#d}E)_s(SXN8<NQ!o|P9Z{-z(Pw3$SNb7?KDTUFya<J~pLUpNdsis|=
ze{YU7&AKwIhHel}{}7dMmtT2&@2<Wv9Uoe8)B>JjJ&APvWkPRaoK{cp)8||(gvx;#
zjOKLx(g1s;z_6ZLj}#@*tBhw(ee$RelC}0wgun9qf%(LF0`Dc_LG)gTyubeU^Fsc3
znw}vI+q77j0i>ByU)iY1pso1O5YZEPf1T4Y6Rv;XCi6}l5+<FybtQ}j0tCX2#Q7{6
zkw@xUCIOD=Xm-ft9id0s$a757p^y+qH%gDLr6K&mbnwXMT*TRGmS%NSq)AEXd3||i
zRC$2pg&qmqy<YuL1Ac#6rwYMP%eztj!r>pyNFo!Dhltl2gVBhIx}3TT#~w)^f1I9`
zRG(44OOUy%L{6#Jr}!IokK|J)rsPa;)|_<-@&`UM@$w?1h^y$ZiPCRJLGzT%hdd?i
zy9pB;R1O+@We->7|2PN3z2IT}kIDGWip`WW*yY*}@A}I$wyO?0C96S>9h0q==d9r2
zUe;E(4jc}a$dey)FUG0ETA#{3f8Wo#Z1=3V0tCsqKo?~fQFi)bN?r0bP3KhtQGpLy
zyq^!xq4NL{<A&scwD)@2+3!9+8KTcXWTw=$B!VOZmIdhW&*n0$8Yjt%dEA8^+t%%O
zUZ+p2l?<e|O|nqCZMuvG<e8!8z@w&@T9Vn$e@K=i!_2nG<h-a+5F;wHe}E8luZFIu
zp+;oi7_RH7oz#d=64>bOF!B0jnn%+?=Gv{mPehJ)E}kw_Xf3AH-RI~!h%9;Ijrf81
zyzqEFh!NsA87?2g`d91TliC|EySk1U#E%=R5$DDgW}bcKp$w8Ydc7zAH|QOEOZ`Uw
zDJO_1FmPKUcW_uaP}HHof58#q6E=;z{T*f3(Y@{dQh|D(Y;wKs05k=A?-}*g*MTpQ
zA?!gk4sG(e;qI{7N`-nu6283xjEN8Qx(~g_Bp&k@dx;seA-(neJBd$I+j;&<Cf0YC
z2sC#0nzd7LsLs-(0UK^$wtO$FWG-^lD1#q8EQq>@bQOM|3V{<be;V00#p`{FD;H)8
ziB2K}l^$+jUb7nNs{JfCYyI0R@?^quIDW|K{9S{h^HOxGF3y&jh(G~V(l*hHL3bg3
zQ7Ocg1hXUY@(p&)f@=JHm<rv_kK|XJfT}HbL}pXrfx2{a2%hfCIiiFJguJ%IXI8Q-
zyD{z%!PZxtv)xv8e}Q(6I6v|^>5|A0<-)xC0hReU4kJL8KLJ-JcQPKN&~@t5d)Md9
z*@>QQ)OMv7j8q@=Xl7l6r=S$RTx>jf#_Ylw%L}{DnrprQC*M0%e$Ou592^A>7)M2e
ziJ1eKO=MWR28Hj?@Lam1tSxPyMmXsq!9m1OL~M}Nn*<^AfAf!e%mj81-tTpqN*%Q2
zvbV9`u6pk+hohy~iwTIt6`@OX!<zDgmPFa1qC6_H5lxU|!FuOpf=?g-%PjnYArj5e
zF65eAf1PE2f9oxzbkSed<yp%^g3vX8?ouR9-EZ5K1@6%rPyKWPJNvP!V))i~@o_v@
zyL{=&-Ud&Af8Ed;w$54=uNjOQD@+dGz)n6Yyct!}cMkx(lSkWIHSa^>9#{}Y#GDQk
z-+!HE-Ta1w6O|Yqtul28I@XkLF!&CL9Q?^r``^LOHyraWZ!>rMg+yM6<Nn5U1s3&3
zSEIi-P(!q(`nk!1c$eYwha8Ks8!TecV%2{l4@Rxbe{#;)*>)^LlNQ3uLfZYV&~=+o
zs4KQvHbI^l*|oKLX<@62VkdF0IbJSk|AmSzLMM#%Fec^<E1Vy8YXi3ohsu)i76lc#
zN8awC$uYnEW!IIc+`nIly9kT9!eO%_v~zxIA4}&Ep>u!5JRfkbk0H~)OIBeIrYE_$
zCK%>Ge{1}^ARfAJwy?PHo?R~lFo!SiKrsLOH+<e>F`V^@eaGYvvwIYsg8!Q#5`;Qp
zbbpmZ985QtJ|#nOyo(p*2o~Q&9iMSP$>XVA$sf2e1_^s&d%Whu)V79r&DK4aP-kO4
z_Xn3wQZV#f<}b{lhiT*f^sljbAw#hnf2(AJe_ftS2aebKp8*rqy*etQm{<_;J}S-p
z%D=bnjSg<*|9f~EeJ?+#dFJgGiIN%XMB@DV6+-vJV)%_Qi4bV_?gm2%9}-nY>;R3~
zgmZo|-kgLtPUAaw=B=}iyvYUo$k1gqyX%eSzT13((hfqM9}^6-3wOQkOEjwphL@ix
zfAqIOf1S{6Z@`5Mm$W;;^*>&X(;Tu6zFMT_IzD~iDI*pcuNjG)3veC^VL`PEdk|r^
z<do;evax1OHe$(k=Q1kICeEu1cQ4nO0u62_PTK2Ua}c_vm^PU9c~!u^K#%{z-oo!1
z*gM13x`gj9lA|@82o8Mxe!2$#8)s(sfBy3A_8ePsG*z3MflkFWIqBUyG5LQDk(4T8
z2y<|KB3W`_>%`7xbXxN~go!6TuPQ%Y@>fy7=0XT}ga2U0G-NYlC^w95(K@ul6+;oN
z@!hMkPS+1wbadcvv2R-3n}GUG7D89BSjGl+t{qXX&!^uVkMl~y$CFTSE6`l7f1h<S
zf?=}qh!3#bG1uGfQX@`&&I25o=VLoH9v^nLtgn>>vTKlFj~jFQtgt^(5!hRm9fDhN
zu0T~`c2(o2QE*@9GZ@}Nh_w-=R$|Y-<zmwkk!c;wO-CL9gG{|go(8XTxaU@smr7-U
z!wK>`g?gzVd<aS5Ao|GVArs#Af5&CG74s^pz}_p8Kw_<c@7h!aX5wb?7zJxzq_DMZ
zj&AfU>nyi3k~Oru1j2O}71Ea~5Ew2mVp<LY%nqt%uEZt5^f=MQ&AiU@6-n5cLtV(1
z<iJ;=!^a#npVtf1lDRP==t|)X&Fy@j&$(~Td%(2z{r0(Rnaeql(eF6rf9!A;H5FYH
zjJhg2Q5)DIhQ<ebF2bJ$td**Qi_%usQ)psl3H;zlS&Z!C02+lXB17J@?WY+X`5b8^
zaQ(J`xn+G)yCk*x?6VT;Qi#1bW*ACTZ<~3go3{AUIsxCYP?7gZ>XmYMn7x1am)@gZ
zu3MBz8Z9M8z>qzZ7ow~$e_?HydaP+`UEBas2;~wyVu>P9GaUI;MD$Mz*@+=I2sgA6
z$rM`C1X_!1x?n*I)sizWy}nmk@E_e+x(^3578na`h&DpcuZzVG26Sw;t;k-Dp0^~r
zgEy^iQpc@ka#J`jQ)<{;k9pY+sOI139%#Dh=o{%669%XIP{=jJe_Lu1niiJ=Y{|CQ
zSnJZ(WJidqm*U4<#%13@x!sr;mWll?=3{5Q3adu)HBBRnBb;P-AYpfG5IN_MX~O^r
zq8k#$iro&BK)HV!N|licGl2&B?<s1{f9E9OD1d09`()?ftF?#?Jm^30YsGmntOEce
zaikuoEbfVj@*z;}e-)5Gl^77zFGvuYD9pI`=_J_|4Ru+fDf&Vtgj!$!Nt(w;2MO~J
zs_y7dTqmm5%ylq3F*ZK=7Dx_M46=Q~W-6uGSB7%%ox*52rrWk5CH`lgyP~?SJQ~tv
z*+o6|po-mO`jF>}dt*6r7S7QQ`YH4Q`qeAYh18|+JW3g|e>o5i9)5RrH)*@5t&lB$
zlGFlYF|+~n+wAT9^!8t_<>7->R?mGev4uU`?pngwpZJJ%3cKQqUY4G4pfNV60adpA
z{wI!paS+efdd80%kDci{qc`=fb;$AxE`YUk4&@SKJ(#|yPwc&QRv4l?o;h9-SQG<u
zN`*@hR6_-~e{#XYY?O34Bnbf3E~yJ80y*dnb`e@7r5N_5-K9|9;cC-zBIiU`no6%x
zQ(tIk%NjKnmVBK+G$&giM#6=cYr+V_cbRX7fiYly;^3&W-?y&-A4vTYKD<INEWLnt
zi{_GsTZL{K6@wgww?E&E94jH;@&X6TLOp*Dv=DCMe`QCvDijPttd8&_93l@9N3no$
z4@HkrP-4U2n=wC(g#ja2ok?QmvDrioBaET|)pMB^W(bW`*D}Ghg5x&P*VkS0><~C9
zeV%F@Wx2}@=*OT!?L>veQ*Pn;n9ePcwoa4)-C8=<!-{@OT(aY&-k%yOEP5K{OJz3=
zwaXOAe=PWPVZW@ByOqJ!FjzMrh-P{LhOS<r96{C-1gEt(fw`vl?if#Woi6x#V)jH~
z;y#e55bJQiO?`L&hB2=AudWPvjhT(N>~Lp0YzWgY@j$rDb@%d#K{6S$N684+P#j~6
z22GO9QEk~&85pC-n1V!R%cNqw$$t)c#77S=f3vb9RP4ypm$AfQWxR=i?1FHIj<tEi
z{7`?r4rX><{+#Fjs_fHSRYK#NXSKv<L9T>Hg)EImi4Pg96hv`jdSV#u`Q|;UMcGo~
z`XU@hZzNo@?f+d#T%Vk=ohskgPCQ1KN`X(-a1CcmN<K|aY=$^bCp-&iz?xf?<l`~v
ze+il_RACXBn=IoAf1}h@G{L81d8J<M8Vy6Adh0hATkp7?+Skk<xwTOO^SD!rZ}yDI
zpfsf?0|HK$Fio4hxi$1VjPq5miKBDZM2PStJZ6dng8<VahD!AFr()+2Hc!7F;uK`e
z%sXx9*DT+Vbz-)b9|(FqPyX0kiQto7f3Cr00{e?770du)52DsE&6?<Z@v98LXKUDu
zp$Nn&HhKEl`d`}9#`qHrj}{;TX;*R|vI76&*`9x3@|XM?5sJQuw-8@ZESHWI6U?Pz
z6=VhDqL|cHX{y7e2v0P<T^COO)VAL`{$+ecUi_=UyCMVGP0DSziMg)XylFZNe}qq|
z66}zV7@BO}dQ6IJ%$mZ(0?Gn5e_d7Lbjeb+70;oIX=~eCF?$pOB$S;%L=tvMv#O#^
z!UF?BPJY7vLt&sPB6K3k$%3A64@w+IxfTjgjaiOJXo0_(@?=iYg3wzuJ8~dTXk-t%
z^*<%hBq9nvUkpe@8K53qTTvlde^f^zj)mht-9zb=^QNB?*ENXZM1XEqR8wP(&&CWk
z*@QA?H`>iYc=vwc8Spx-XU$f?f}RUBkep=<J4Ip%T4&b_*7ll3ghP8Y06P$vvs&dB
z`xzO9_PF8G*}v>*a=t}|ENqVyMbW^CSi4nsC6_;1JH?eWa$XL$b3#H`f5||=R%0U$
z-d#~7<1`X3BNb7(e+v7aHO<8Y>Z3FvEo`i#DOBs68_mOL{r-xrKZcQ0fyoS75=VuI
z7V+Olceieemqf8hvJ661Hlh*Gy~oWr>7d|_forl}8^Y{l@t<IMBqtaGNl46o5k{~5
zbpINtlWqOTWsfjIwm&ApfBdoLGABONCW4cj;9F5pn4&UVg78$n|GVv7<LWfBM}9=J
zpaz{GbrpIiK1`FmRV<<C@9v8xTSgrYQ7|_=vFRLTE6(=(n<eXtY*yH-=1t4&Q&<r>
zyXQgqGI{UdjDxV4uL)NMq3xjcx3$>8lhoOzg-}0NzW6p*+O6kVf9G{@QPT;iwQojb
zk^HGF0`yc?5KZoer?I-zm_*P+!}sK9v`kOcDp06yS{NovPp0zYxR0$@pU?O5<D;HV
z$XFjK3Wkg~>`j_JI-D$P>_ZgIV&7K+vm3p`BD~$<Weg$32qR0YU?{wfQ6FMHOYO#}
za`-s?;xJsOto=#me`We#SZ{di%9hmU5X*d~q#ptxE(w<mpFL^_wkj-)v3xvW=Ho<>
z4!`Z?ylJpiD2Mp#wzRZ@6jnMMm2{$?sGH?<PAk*Q$^YhUcS7){EmmMg37I4YIYhBA
zm(rFWpYR+))u;J@rF8HRYXxi0m2N(-Z?Vnz9Yw@e4owf{e?VCaVux3i@1Ci==}9H|
z(LZ7{06+WFG#|xI$W1BQh+obgMpvt_U##Wy+{|gDpaSPK1+R*`+S#GxaVh(=%A;S;
zaCyDwSi`=Zu#p!{0$rR10>;=@%0LtgIq;dvt{CMleuMM#W%{^5Ds1_sUYcMZQMVPY
z|HpQr1u!kIe=0~e!UY@7!L&VUbv?K;!Q@S|tUdMt;ElWnIM@4q`!k^okA(8Cg!X5l
zd2#QElYv~otm3(6M#LC8Me)lqY^i{_#*OHv7gy!uQihJ4y<$P|d5$h>XGoDPYO$8e
zut};No#RUvmqj`MM@R0M)lPJ~w=+)_+87ozN<Ma*e;-3k5lnzhI!~e%yJX$FOYdvY
z$y=_RBgThnFy)X=vl{AW9vOdwTZUq?FS+Nccn-xIXIT@JjpOLz=zooREEr*D(o(FO
z3}k^Vc4B^)o6^D&H#d23Qf3`!3Ed^NL^@185)ZP2^}x;55zEmJO(T8`UcHk6rbZ=*
z*HMQ^fA>@X#@buwKV&<wwhrHCkf{v(I=;vF(q(jlXk!sgB$YOUbXxO-&<(neJ==MX
zpByWGcDkA#W(K&PrsBS%+7xY(MT0*Q%PjJkj+(MYdLT%5%oI1_8lm&)u}l$lho?K@
zJyJ*uhPe1kw}IpV5@?YlF8v8VIE4EUA;5S$f1^^;G0IoObWr`ppXmcU(@geSjFl0&
z+f!+gsr0jL{4c&gTRpz0^6*YtyXBZZdG~EkP0E2{<=<Uw-%WU5>Lc5~WADy-_9Fd%
z$a9eBI}!v`=U*7%wV+J$<EJRLfxu}LG{VGKW5zn0d^WPg^~i=H=QqR636g`u(f|F2
ze?;SJNKL^cv_VxcLMT^oZeO&`0{)MmJ-jiZN$Pw+Xaz_YM@9Vu(W*ag{Vlow%AW%~
zuO7Gv4Pr??N^q?j%tqby0|v_1BHhxyozsrGs+K*s650)#5*R#Dgn-S^l0^@p*RS2}
zdg4*3#5ttc$SFESO};US#Gy0@LvB}OfA}z*bv@b`Kr;A(0x&-q(WnSml}f>E^1_Zs
zFVV+xA!rc{8}mRQ!5<K9<G}{kkrC-*Q*WYo@0m%@s*jnKmLI+sSD=_}wxe@MeucpD
z4Sr9I)5<%RGH*qzFhU}FESV;{8bjA_%XE?InjU;K)KlaFS`iVMD%KE964ZmGf9J1S
zR}<*E?#j8s^}hIL0UR%44f74FnL{C#(1~(IgcSb-Mk{>J+p8|2DlmR)n9`uUAY3R2
zQ-wxl@M$1r!xH9G8fn$Td~O3Bc|*r%7<-BUjH7guZw=#_RHI*{o?$1L^WGBQF2Tva
z{G6}3cC~?6e`TJ`9UAtF15#aKe-VCbI819Y@x&o&)1a!LZOmZtFxn1faS1bbgsNyD
zJ%0jPAE_lK5;hyLAvFIl+9hP}-0uiPMmu6+y(h<jG7lUfEg{BKJQXN$H2#NFgvHRI
zXfn7U0BsD4DHN271emEfma@oF5IZUxYy+}?laMD2RvWlSJ$2)KC)Mpvf9hA^va)?U
z!E5_S?x+0$bWdiSgwxq@PzG!m)OiX(9aInnsJe_(l>oE}yD}rOTS^PIO*7{9vfbKY
zmv%tq{tdKyOCL80VC=2TpK?UAyyPjgkt)VP4aJ305eHOa6L)7(#)Jmp8V5@vfX`ch
z4j@ho!oCm%k~e-%{C9ocf7c*Bx`5P(<x`-^vLVxC7@OHbO+1kq2Q2IoPXSyYKRmEt
zogjHs=FF~p36awX?($ek+{5oa5K5oz5zCPuy9L8cPATsGu7uf0h_zKm#zs=TR74z*
z7!C$sRBFzfRGq}{C+7Mc<^THqYb?GlcPxMUTUBq1FurC_Y~bO;f0n^cPGgYOA>758
z0~LZrS}|qQ9$Q;#M8azsVqEa>8$#1~Yh619r1JkL2%vcVKZ1bCG${KY3h3cGv5}M9
z5s4|EnVFd~&ap*isDxjm)ZEy_2=V`|csJ37Hxag`tllv{=(|tovM{7SY!-w0e)ODI
zB|8U?&II1YJd8*Ef3j`Sba3l1V51o0(9k&7)5|ToTGdSkoHe6y;Kv2mUJ%VZ@)nyF
zZyDCLt=YDA0HFT_iM=i4f5jqD#FGe>QT3%>bZ9v_IT>AXPamaOC_MUnmYsNOsE)V`
z&>)JDOQXIB;+iRIV7bzUW70U_{xxUqF~Q|qvUUHhO-)FLe~A!dIhDgQwJtBKk_LES
z#0B)eUOBl49<0t4UqSxaYQ5~V-{=W%{Adj5)q*A$SAlfoG=mc=<B*)h)t(&k9-LL7
zNjK?a^k{7p;R7U-izQQ3M2n81V@e$Hg{4X|rn|!p?b)`lIxJrVDiNIZYS13x0s6fm
zZg;-Fa87tFf32)WJ$$>RI5d1^RZ{uln&%GJHm^M9&fFS$dg9$Ef3R+p-;1CM_W>nX
zL_nr5!3jQF;v>?b1^q7i)>UL4Ap;Tsb%jvH{TWHfYJoM$<o|XasL=kp^b-^^U`!7b
zSabZgceA$_3OdaJ-^Fuh+#eNsYgj&WyS}=4%&)Uqe@}Thk+NOFj~*rq63_5@_^ZOo
zGc-O9Pq-2)g8BgzM};RPl)a3|h~l7B(LqbbBa%zzE)x_vzG$`;9w<1&mz0u(5?_ad
zEC6rP4CRFsuiw)A{n!?DcXxxDNCKwKNA;ge`qyIfKOV|ob8~a8h<N-CEnEn9mh3q#
zY?F77f9<kpWucWqwgOP7G*{}^&I(p;e%$gyrp3*+qVi$y@+A79sNxDo|B#NoONSAT
z7HyEM;T%YoaW*A~JD`w$fC5LBkReT<g4=EPGfb_;2P+@~UKf6mi9gS^4@B#5^=405
z3Zd-w=|I&tc0@O!1%6H#O;9Q3c-?7QU0|sbf7c#SzL@VyyfY3gX&F&8cIsC~yIWb|
zAT+UY^9sS(`6H<Y!i*QdY&8{15z_=E4@r{-%O^{Jq$J%n-iR`0gX+5Q_DWYsIa!U1
z4sXBE`tJQ%mnCo^P1~HCn%W6<rzp#w6oMOb)2SNRDqu`JJ#p0W`!P~vmkQJwKkIcX
zfBmrgjHcm(LSaz$<wphvLPXp@hJW7wbizl3);jGF!TTka);QD3fGJ18|8MnR77-%U
z5#}NW;goTjY)xBic}<MeEh!4(6hs;t^{@YLY$A(z7amm!x9C1Ehy!BIf(zL5MO?sx
z3<amI6H@U_?#PLf#thbnkI1~b0TEYGe}IOKH`pic3yy(-L4AmzUEsOa8z@xUb8b6F
zr4Nn+N&1~vuvYOs%YH!uaa+f>8TK8?hV}iv6G)OF=)C(0xl5dP=RMBOLN?AyTNX7I
z!zh~B>NmS38fZf->xqFBWx{S%P*MW)<^=Zz?EFN1Ar4^{?#p%}Ou>bOT#=kKe}z0q
z@9*3*)MX0KNiLk{(U1{Q(MamAqRpy*@sATfiM%0;iY>pxCRn`W;^G{-QKx3HwM6p$
z?4j0KoQ%Z44LyneH}oC3VBgZ?yjGg-huSxe2gc0B6}b?%^L_1k9`$R<lYxP$_t$yX
z^hH&zT~SYYlTK{whP67avEIdPfBLcVJ-z-~g-Ml8q=_|v31a{{K*hfq;L!`SvL1TF
zdm9PxGbF|ZyX7|t(6$+9-xK6c-vUX`0ihUGgZ}!26EKyLn6xshN-seIe5hOuHC{M0
z_{G$)gS7|${YwT6)Fm|Qc5#8`EjFgdTvlBOxoamzcLuri13xdoK3<x^K3-=6M}N*B
zEwUb#>ij=3*w~utj*#N<aa0=-B^Hz&*i{&?3ZGh&csoEUI|Fek7#a2nV)Jgmco{TQ
zNZ2ubt9mMcS3FVz00c*Ui#Fe$IO$Q_g|&?I+((yX?52e7)mJ~~8j2->1^D|w8b%tl
zr#P#WM<S~-{5MNg)fm#-&JN=zTYr-_8LkWF0J{Pv!f?v*!YQ2xxWZ3J3XlBHYO8L{
zJ}zf`5y3O=+zi3`@67w32z43}99)!QarS6SS#VR^V(iaCv7G|?JJtI|F-*alv=ETg
zCM-ag?;#j-QXOe@x~SozG0H2sy{#|qoTv%ZB)CS0U>D~>D+=_!U&grmn}4_ezBAj$
zx!RH_zkjEhujP%IQ|e69v)%MeytA?$w7t82aBUhnKR;&R8ChDw_oUMQH1<eVh_FwP
zF<2?}F<)7zdj@8O{!_EniLxuHIxnhCoA*FIbVF=*mxoOGcT<}AUnH>pTsB&4x~v#*
z<NF=V75Dc2oDsnJ7Z+1sUw^OsmZw;*2k+$m=ytIq_;t7Qx(l=23%<*D!T?C}BZB3~
zycnW1@?GLsg|{r3L&US1W&b{%aXx#4zc#Sn>-f!xoHQz0nG1yBmM}#D(89v1NoS~#
z`GLu@#cqF~*>B(bAPV=5;BPv^q67&WlgS5*$X1A3=D~*aKfQ;YxqmXA<`{#!9zFNn
z#@uyqb%C{Q`p_X0@q_X|FUz?DKEz>jpP>T_ETw^vcoU>n?N#vreP9qi^?F~?XJJ4n
zxdWtCE2N+YWZfoz@G~RR{xJg1+~Oo=s)cY?#qvN1tKtM~2qgF!_bDloNhJh?x7v4Z
z#T#57BI9T@q5__Rqkm}rq`Zk`YB^#(VbvOVU;BIsl)TFrMf$$OjTemITSLMxmAUh?
z1?xivdq}CP?(}ad(n+kL*P;|LBFw3zY@W6r%GTzbDo>`Vy<a#C#-wsd=%jM!+;ahF
z!pWzI6_e09DJpr?mUw@t6aAm>wO=}ShCjFj<K3><ncEOH|9>JCFO>-6@s`?&S5rzu
z1<`tE!zRV9RY3wP#(~GjW!X;s1lzZgnPB^DlyjJD3&z}TU@kow<AunmB2Mg6eUs9S
zh;pP$Gm`!#|CopVF;~5&y-sSryQ?eYHqKB`45H;Ye|<6mq)>qEk6><29XOw_5>xS`
zx_G(uN!~?M`hTyG6V@Sb5Q&-IB^5?-m9BuFWA>E_EXvD88SNeZE|=;Pa4_JHkU)|j
zNKZX(L-DwZ-$b_0Y8KRZ5n3l{Xc?l9x%ZUO<WM0r<2|2vlLD@=Ztr5JMxHo+zQpXr
zim6~htgwg{Romh4#cz&h7YUbrmdB?hjn@X5Oh?GC-hZ$<7jQsSVIr@)VU3{65~~UR
zKQh$&LF5H-+SQ+<>KGj8Rc>CQXn*x~*&(KL#P2V@Bgn<I2T{}B2(H0Tc)a*kGj&@4
zWh>P|S3{w$xFfW@fV{$I2>E=d;~s4VV<PDbbbzlvy;Lbp)paZ!*jk2#S@sknvj_dt
z81O#Wwtv;oVLG@J==mYTu9XKN@QLv9z6}UGin}#E_CnO|K0KRL{=$opk~OmmwtXMk
z$gtx@2e@)TDW?ZXVn(P;20a%*R!|DjvY9I&<6{5EjC;v`Al5PtLJ|5xBXlqO(SQzD
z!PxTx5#3Jc_DK8?Ugqig^ecn_7cig}5;g~v{(tD93=-%wX0Vw_QoUnca9BuXm@X@r
z*`ZgK_oz<`=vBdNSC*&!r!MpmB#y_<QnL!@<e&|NK5NkBsFBFi=8xUT9q7OryZ#v8
zzTy8+zqysU#ane%#vJYXB4JuP#zl)-`8fkYi8~zTHbzsVl~CMVW*oK#VhcP@Xt(q+
zhJP>i4{A*hR0!AIYL$p`?#}4rlW*uTv&dkrUWh-hSi<x5uC0MH<Tj8H3)0b7@+%he
zmfMgg)H6K73}A~N-HV%B^ZTZm6`1%%VB4WnO{~UY!Ya77>_3ZgIh&&KsI1SlLbE6w
zTX)|D4o9DU<mQjwX6ccuMla#PFJJ5Fo__~rUgc**R5sd<PCBPLXO&by*eHNE{#BtQ
z+xERorss~G<eyT_H1oC7kY}-M#>yj%#W2UfL$lr|(VmuqFksp6q-ZsIM7}ks6UENh
z!A&4Hh7lf_S$&Ze2sg`ytpHHN3#F)Q&2(8+X21*7;z6O=1}$#p(r0N6Gcb!yL4R0=
z<zy7jNp93&lm*#i{GcYwgMp;w->ipOZy`8<*$&$ibAmGPpm6o-!^wgS0jObs>;1A4
zHqc>Tv4kN~H6Th@{2-6|O%)^za0fnYkx%Nw3lr7BWb7G5>@cAq7FoNBTY@8^TH7LL
za1eMvl4y?jp!5>`dBXOlKFmc@&VPeITKd41XMxp!MJpv1Ir92k)OnXNADUjm6b34<
zz;)WtDy7UaRie`j3K!2oS04{zFIZw;#qQxE?L|PmAf(Urej`ykcB4dPWM2{MXZ`gF
zeeGXd)TVvovixR<hw3AyKkd$yQPruT2_hFEx|Lu-3xZ7%xQLA?fTK8MkALr^Y5Y9q
zg%Otsg+n~$FzS2c-909RHev9>O?)<tb>pY6D^3DSU0+=>U-}i8kW?Ph)@JgL17j_-
zD~MZ8%}5RqEGz)VoRUo+psb#qA0}+vTANyyg?D1c`AmU3lH?&AD}`&|$>&q&CGhrM
z%K(+^!6jnR(qa;la~7MU41a33!=pt#0z85LO#SiO**}jf=KoKBTTQZzzd9I0(X&6Z
zANADCWYM6htG=iePDY)B$F#cuq4nGg-DiS`2H+2^!uVP0XsQ}EoOj7Af*9UfAq{P)
zR{cxG@_s>gc=|_B5>0D_E9k;aI%)vpnz2stk;*B^!KuaydqUuCzJE9|;`(*k%1E6T
z1MhPW@rE4Epl92_BQnTp@$pwP%{vD5vRfYGz|gspd4^MU32dL`M3fx)&0T`Pm$m>H
zBzOfxJV@gn%(ZH1yD|00QgpBa%?2nqLylfFxCUokskOGf#-55a%5mg4GqZS!Ia+QZ
z<tEx?Uw}`%)kuK-LVv@A8Qw^}r&OD-O>+XW{l5%imQk(4S6%Ih=Ewo;&jlTUbkNKy
z+pOYH7kZ%tD&5e3`HO|Uc(&&BIb%|&Es$t`GnWoN@xxEY{!XSRiEUJ|s}<1l(B?iF
zDTE5ZL_LX7M0RH;H!&N7#liNF(L~H6S3zu@j1n+Fbb(B^+<%=zovQm{^YGtuN^<Ag
zJ@E*2I99CxrOiA@sk=bm<vKzLXXr#HdH-Iih&imScK{*Vo7~J=X2Xg|XA#0}<mOrt
zJm1TPd4)QaxJ~F925wG26PS!7Wos3j3&FXP6sb}F8u$v)9RK+z)}yN$2G?=T-C}~L
zaSpp|dd<9LA%DE!FKLs3)U9bqbJrC*Rn6`EEQP<+AionL_`V;@FEJwP<5y+&;!6Kl
z43b@kR6GIPDL2UFNPK8Z9zO(Ux|yQKwG-i$oyzH#5dYl(CBEWEuGU+eZ1w~5F-ews
z;~(Z=lxYzBO>cnm-d}wZ<1gM`Pe=amZ!I~_z#v}d%YW0k;O1AGy11--mNSKoRVArm
z?k6?zRGt)rhsgBd^gY1Y+^2Q#E#xLqoj4QyEY2S9h*;u$UJ~oi=4QOe%BSAZloY_D
z6E2L%g>F5JI<OI|s<W$WQv%637;tW^@?zpV<Qxy|J5*MNcZ#ig3kI#Y;G3sVA!y3W
zz%v=3Z+|J6@4O<e=f5Hx&JaT3D~!cDl-XqvaM(0p@n%*(9WfMVt&##5KZ9Du%2cto
zygu%zc>j0gPfoS?URS4)R%s%i8B=qs4*WHi`s&YVY}u%XLaZw*Hs?-8ygpp8_Wy!>
zd4gf?`Bvz_JR9X4t#Cc97&4wfAl%7n33pb!>VIAJV`hhhQs2wq($dmuQ-Sy&KvlZt
zAR|k7CMGM&sR-^Pw8W4iG9XUFL=u$JJ~YBlAVp{9OH3Slc-zMEd?zH%7Ymts41XwW
zD_ZS*^{>b<25T5!{MdF5Zm?gu=QkX<`SHYY{9}DvHO~KJBZo5QxPv0T0nsm&=;pYD
zE`Pz2;WY#%LKjj)B(_J2iTY>}^xA0#z=c&};Oh;`_n44Gz&?#JBP`X7$WnFGfIMp{
z@~%)t7;8u+UaF|EGoCHPIRaznWg}a;rl!yTx+jd?m_a7lfy`C|YtAIuq)&|!ZvAZ9
zMbZ{ZOl2X}L`S2I%BfasMc3hK()SW|oqyDHV9-h8ZoF-f=@L5FY%lGhh9kCLRu<oN
z2`15P#Ky=v>u*|_#v&vRr~tXPCikL5XFcV3(<HEf;oKVoqV<k2bS=AwFf?LJ?J+MR
z+TO2E9Mya(BkDO9LaveXloVxb<GT01(RZRa$d%<%@VnVx!q`KjSr%AIVekZNy?<g9
z-0q6t5M2-E#{oPq_$?#sf$#X&l5?%_dhLe`@_{6Rz=Svfk?x5tn0<nW=_(ytE~OSS
zzItn+Ft#mYJNTg9wHRqlj09RKq<N#86FRotcG;h$wJ^(p@N13>H}kUR^t7iOSP<|3
zfW`Ve$}t_+YuYtvS>qQ=1S0a=EPor#b!-a@LJJ`_Y;j|h;~dK=;-EJHa`f<U=$dJQ
zZIq64N%jxiN^(0JWUzP~6XE44I*II67Be#k1N(q>ksOfueIE6;+_0DW4kQ#=MQ9=N
zB84m6QZ2?-^tR-v1ul+Y72NANqP>~u1xP`1Vi`=&Wo&dYL8jxt+`;%v^nYRJmF~3b
zdxfRz1zy=xju=(`7gIDkb977y$U*tcZ)JI9H&adsb+X1SWP<V*W14~qTAWD!NEs&t
zju*?LZvvaxLCzi;j6DnY6`2)qiO?=c1LB!bu*>h`)XP=LCZ&TFK<wy9p=>UAFnU!4
zx{0xypLAB^94Y`X!_)7gg?~%|*%Il7ZIO@65IM!JZGz1b28QmpmtUVk*Ts}2!LYU=
z_I?44>nU_JzR7K~c2@%)o)|UbkXYfhIH7m{ghy<$FITajt5kH6Lk~`3o(f5H(PH#&
zq{y;p*a|mclY{%q$XT(NbS}7xk<INSE(k7G*Vh+M6;oKiyqEf!lz&MQp+zeYrYV$u
zAsJ5I9)Rm?6!zA`5aeQAs#u16E|T6)HVehumqlg!{rwWw9MjjWO-2$miGMZ>k?$ZM
z0<(&%3^dM`+902PF*r8r!TFic_*0dv%j37kGyo+HmKxUhMiI`K$u{Kj%)cs$YuRrv
zJwt%Hz^DUoL8sH6)PHY-TU914=>eQj!N>&GT4wzX2ZzvSW*{WX`TBI~f8uBh>6XH8
z&Rf8AMq;jRy`P*+i|gabGMGfH`>Jy5Dp$;*FDCI9ktY4^+IaD8E-g&5h6V;HS^?MS
z^t84MlXvdX@eCGb$}VZ<g3@}7Jx7v*v_5F@Z@<}d5p%LgK!4W~yS@gCrR1oj`EhVI
zV7r^oIso)cs;CLc_)B|2QPtt(+%|PGGkzn=*<o(hml0~?%)|L($i=*)P!A+42z1in
zY5mjuK!5&U=L+la`b6S#8-%|4p&>GzFj@+6sqaj~8EIB;^$3QKrC@i3rhQdo`<xh{
zG<SPsH|M)kSAY0Ef>M~VQ3`H?5}#|ecr!?;5>vEZv5l#vROuJjFK0C^{b|H$t28dN
z_h=*ZcJ0|a0j7eJo3}U`ZqWG@iK?)(kw{sJ3hm1@tdl;7V}{kIE$JjXz@}ecGlvLM
zszB29X0ZA)>r_ng7F@pt@%Uc0z*xnG*SO9YYE=79aDU?16g95(D$2H9o*$sgZe(PI
zA=$oce=OMLe(?_0fbn0!a$4)W?H(U5uPu}--TX4QR+$_gAe)|M3LmmSvgw>vZ9q8~
zLcxtBWSB;{e;tsULn3HtV{C^XUWTsN2yQJ*mm*-5)M3l!0LFt8H^s|G+w<=5|8Bo@
z@AUd;7=I-nO6v%0!3N$C@Om8m(jpu|4n`QNhoH7NlM=J{8+r$4>beDo?k47*aCV%b
z;O1K7g-<~6LXx73A%giBfkCyNl|r}WQDoI|1-u8fCgVxStLTkm!cJd9?8?~UI`N=0
z)ENSCIf1pQOdjw|IRjoLie5WC{yQIg2?5R6sDFIHj^(gK0v^@YGcCO>_4Ru5Zd(eh
zxCI2FLn%3?m|;N6D5&29Ialg2{~vpI8JjuGC<^*5Gcz+YGcz;elwnF!W@cu3%ghW@
z?v$Bv%FOMQxp%&Eq<gii-5<N!A9tmZ{3uSGIEmwcB`dB`C4*{Rp8dQx3aO3g6>HsO
zn17i5?$T9^lFhVmZ2f)OWmr2U7{MK5;zG+%X$L<wyD{`d_3O{Y$HR)j(_z3WjSHU)
zy+TqQ<E73zyaPEs1oMeof2Z5Nhb@Y2x1A$P?km_)B$>r8Gc+O|f=C=72iValqA%Xv
zw|)wt&*G~TB~|367MdW7yRg$3WUq|P;(x<QL2{ym?zsM!@n{G+iKHhZ=~EtXoc8C!
zXe4@idLJfYH`q-?)a2)9N9v_dVN3=W0$1g*i1U6Nq2H%swN3Ko*AIbfE~0uQ32WGu
z=Y9G6N(CR0LXzjRZR3uM#|*Y6$d(@8+gg)gJY$c37ZQ4N2np^al1a^8KLow31%FS)
zDscZeY%Q*;?KyLf7kt#_`n$gzd^cnYvo{ag1vh?LA`A3JY4<T!LORv&Zr*!PW|Z=+
ztPN{a_?I1AnY4kwJI6Uwj#fS)oQ*!HP9qrW`cc?_Hcd?MvW|39;!El6(4O8#S&ANc
zpX`9>Tvi$`l2dOwmJQH<$qT>xbAN~gnXvVuTlDXnI<-%p*x3~jy#JE>hRN^b26nUi
zs!h<KA+g+6JSb;w%&KFzC7yUF?f?3*gZByVxr#SAUz=nW;5wO{D8jiLWW7oORXZ8S
z*gQ&ISC+UkyAwsnn2z<FdL&huziSt7#Ot`T(-5#K<HDzKb1d{VH2(hnPJab-zEytB
zo!JFkR@IFtwL)rdp8<H6mf**v5E@|vfj}ks#G17MwjES-k-N<^Cw8Hy6|3v7N?O0B
zSXp(<RkQY1@Hm?lIrFcj$Ne{<XTjQ@R~rENSUP`jO1>1=mdpM&)S%*iua-N)PGYh3
zb4}&y7&TvO;+RRZWIgBf<9}39lilxDU#?b^IF#5R#dQML72oSNjn0SrOM#6m7uuQM
z8JY50U$5_e7O<acl=L5zy~Mrg!81&lh>*&fI+3}zG*&%63Q($40W-C-m0;J670?Ol
z)t8DvbX<3E-{Rq|{gey9_nY3kWBmTOC;NVGHI1b*<;ur~Y{}`@yMNCRnrrIQZ;P~7
zErIc}m&12whpL%&0+=`_(cjB9Y8e{g{I2~(a5<dThA}2I_wt!S1pNVFxcp8dFA!Q_
zsLTV5G?C*|oA;E9w^US0Ax?qNjYZV&`)vvCr6{fPL8xBjhQw%-pGHJ3zY-;K2rgHf
z+>t6PE7|Wd|Jb{OOn(Ad?xZYdauuL&Oa>0bVEZEG;?2)rUm!w1@C|Mu%BC|S`wmXI
zJ$euv<^5cJe*VfpGlqdrU#9#iD_G&UUNH^cLcYy$@bw`@jobk`l}|_Q@>RpNeq^rX
zgupa)x6$DW*Vrgut@{(Trl!X0Dw(^!tJ){Lyyy#+7=u~ufqw{2<6VVi-~aBr;S_OO
z^LWr2S9O2?Co*rXVUgEyWif1vUw5&h_-#ENVpoBJ!Z2+ZgOuS_>305!gOGS@9bW4?
zye6u3GRW^WUzia>5}s|8M5DHCw`|tNww9Kvhl$>7LEm-vP<bEa0QJ5Dv8X=Wz3Xw5
zMLk{JpmCbiGk=|G^oQx(CTKlfrLhorq3cgqxi|O{u6>mQTyq&6v{pH?gyNN|v|=9=
z%>hI7ulpwIjTcModzwt0Tr_FIoSDT<p4oW+uRA0DW0h{N7T!(GYW={yB$HQP&dBrK
z8PH-_3)nAb%4^QFw6qU$Dz0=Datx~jaD$#t3w9(Bgn#4dWToi_;lPk&{9Ra6rLiO`
zp;0m<{%VvNbEBK*vFSjk8Z;gP%cb~(v@S0-v`h=p0mrXT-;;#>KU=R}njclm!_?ml
z4gE}(Co{Lxa`@<lD~)eSQp<s?hkSd5R(Lond*4GqL7<V?N^92w{B!ujd;ElEoTRXM
zTl(U18Gqwz;Xl8$eq`FxSEID=u3IAe++JdvUl^<3@fHXX?rv`_hfQU36?Jsr(rMC5
zk>gwZA<#jQar#>EygT|(2vGke{|73e;JuK%!7mvHjos#X$ofdD&LF(!R`$EK)sMX)
z+VmV$D(=?6u_xFr<)f_h@jeD~3=$&m_bKS@2Y>9nw2}h?!z#sCMi8hsq3q8ZOi#Nh
z0c_7&Jt-irvUc1gQ(K$+Drhk(C6Oxpyuhb$b0OFwcWy}ok!U8cLBoB;WJQBWv9-mv
zHWt>Dj3-koLEJq7c!zXJ#~jqIt`?TJ9w9Q8(04<8|L))8CcmTI#kx8YM<}6YN@ing
zOMeoJhYTBb-}K(`8tq5AJ1PKLjB9}_7$RT@T8QJT=|ksa*J`SJ7N>2{jf=5ld$SUz
zc@HJV?*=q5_EMFaD&Dha5;N5wNFALRxe-tz`*A(NqN-Y3Qk@^RUoc6sr)U~pTdQdB
z!QO7)`G6Uo?=8Nd2<qqmb|917Lo3W{Tz`5VT&mc8Ri~=-sCKpz(;#~Qzbg#jT3IZt
z%7@R6<1#@P=I8kUN*5|MyreZlG>)UOVG%#>*ruuo^jE{E*8jX8akPV1pmL8(uRnWd
z;eovFIA<jAc|--kKh}{9T&GJw0<nk*m|qeo6Tsh`e@wg0o-TV8V)%b9<S{pN!GEu;
zY?n!?+zoMZ6z*NYh9^(&F_6lVvmYW49b%^ee8nOCwLu?c_4>Mq9Uh{OPh_A^Hu?Q7
zuveQ4TU#ZYwt7A;9mHN!oS>LNY&)%lx3P!~m=~VERnrNQ`Pk+mLIhtJ55lNC-AAQX
zG4F=8JnP-jxV(YYpE|02yMX@2<$so6<p=$Tf{T<C2emrik|$*zr@e8Y$fiSx|BBkD
z!v1RGCzx|_{Xr?7gZkx!K-TN4kIGtR9{LM98nHn=q2~e0mhd_;Myf)fvExf&C|o+d
zUaNjfJg}NRC9+_d+)bpsir|ix$`+7Uu~SqyM1CN7DGmLn5OuKlgtT$jFn=cEFxm>+
zg0uikMq7v0XyYm9SjJeaAJA&I85Q6!?DEO01309n9vzWo=`g-|K7EPW*nR?+rb@A=
zkKKvFOHCssO2%;4I7NWBI;j4!2d=)dxc_X7A70`(%Sm5CW!%EQ$BI+6OmaJ@hm6sR
zURgtF4VP4YwwYR|ER~I`Z-25me1B4~rDW?~Xch!6CW4vXv>c83%F>|HLoB@h=XpQg
zxuqCQU82)8IGBWGme9D`b#W}k7&2&^)3LDvCKXdT$$VUvN%Uk|3MDO&Xqq8_0D%vM
zLvO~_@TziU>1uYSla44X7Ot@gk#LpCcd&Ng_He@B$oYdHug*dFhkwvE=`|jNG?%=6
za6^EV_;zx{0+S~qYeTvyGZPoo64w^Evo%I*jzc&TGPt&@j(QaL+mQ0M`^<Ckt>iB`
zrM@weT7#dofrVnSaD9qi@BA#y)M(g_mQp1Sqv!sx%$UqC%#u5>@AWRTd=O<YO1*VP
zdMXT^)(o#92)17(wtv_cJwd;E-=RH4m4Ksk0qNBPVNyF@^GbVhWo*PGLq$^Y#HfgK
z6u(r}G{k7!wO>xo?^p(Q)j(q~s<pcIFb?>!;clpLp+g4<AY-J8I}ILl1v-a#?S6qe
zeItjJoAo=y{ceOrsTbhcBVm0JUN*hlPodU<=fJgTjM%>tFn^wXR4R$kET74mDT!&?
zJ-J~#80RS{$P;Bq_H_jWm_nTQyj=}sYz0{7rfOtT^uPaJTZ#`B|Aa+IIl!`Jurs6&
zng0$KCJ(BIji`_l+-@xj(JaT}p!<3u`I8YS6yGE&siCe9J)SAdEWRIKS^tPJF*V_x
z{{AKe!<<%6=zn|967!%S9eU_@TH7JLj?bvq?npu<vNWu6c2a^iySWyaGzfj$)MTu0
z70QD>G<yF+i)H1blHv6>pnrDuONQk>qbTco5h?n$sx{o~I?>{&6P5h69$<=~7J@vC
zE70vrR`|24X=Y_*r!>X(T=%Dl93*qk4+PwS0qh6_(tpHcBr(>*+pjx0hDqrIEZ#E<
zedfwcgfgX^;@={sovmu>--H+7Pd_#UET=D?;1Xb%*$yN<*j>hnyA{?Y9@+!35J~a6
zbj&d#BEy@;h$I}Xw4pY+eepfN-f0@W87JOA$pHvtxq`k?7<~BOxwgZvEZZ=4Ln-9a
zx-=FQ^M3%D0Nr2riDsbG8J&YX%M_ruA~@X90{9iVtYcbKBy>o-wb9fwWAn1|_Xc8*
zCC>G7v^#CLj-Qh>Az~uwDPsx(?%tx1nsv2avE>DC5ToeYuCA`5`FJKLw;|BSBn>Io
z4d2dptflNkmIucoNa5xtE~zJ`!ZNdwg1f0^T7P$Z9E9F=egf$~<9_qZeB)!kcsO6_
zoofB#4Z;eu42HxX0pCe;74pGq6*^zy5DaaFuqQr%VpVW|AS-T%)<Bm-J*A?Gtbc;^
zEx#Op4hWi4K9)>r^G$*nd9ldyFbabxg}$v0Ho<z-gy>1W%f9;|?McRP`d~V4T1%B~
zZ-1(hkO37w-|^ApSsrd~K`NCtR=#8RmL_6s+gyjT!`n+oy9}+>esi4(@J!Bn&#JSM
z8fZK>VzpFR8H<5N`JVakbBKaM{kf%&3>`Z_z!t;{Q@zOf6*Xj>(#fQma|&{CiP(l=
zx%%g+cf8Q!syFzkI<}pi-RObscFzaKNPir`TPU{KgKn(DZ$$sHBo3PJG6v-t(ivZ2
zXYb`&gS!bSLcbGNpJ@1=Np1Qlc}Z7Sjjs()XCsPCjBM)SO-WdFm0&PIJMc>{!BY(c
zDN^{>_p^Q|LXV>MEGURkGi(M125h92GzLAY90B)7EUh}js$HA11P0V9PV!$o=zp+x
zE`@y<Yfk5N#Us~v0C8qSM%(@2SoJklLO9IH_%N|ug(Rb9^-)l)q?V{)#VbNYevO$d
z@2i*HWF>(Yi$B$p5ZFk}jH-|^Mdz~xV&<_53PM)gTQ}GYGJVQMU%^NlU#XV4o<}(V
zNtQUqTmBfni}jYOog$*QRW66#eSgNz($=ldop8Z>5s+arc)^$v+siDDwUKzPE{om5
zP!vFKA9wdB96|r@?!6IvhX0p6#{l4#A_^h^Ktnv-`!|UH44UVxDkTc2oyI@?J40+L
zt*QV3cu@iX0U-du>wiYlI{^S(nE`;azd7+{003Byzz!AuzX{^z+A<aj3V#6Fzj0^)
zNVqis{6E?Kh5Mi50f6O$0Kooh$=_x9p#L+~I3MhP#s9Nn1)Gr~06_ZwUtQYPFM*yZ
zmpU5TLdU>um++3K<(so5?+-6R@N6Bl7)cbzP#I+vT#7;+8|^vdMCv(X7XeeulPE?6
zTq<!0QMeCuI|y)8unurt<$oi4tNf7_he|Dtwll@vUHO;&_bcT(qFHtYtNKS>_f6a@
zM?Y`g?T^j3_Z?xxgZ~HN^K|Tw14YNFXL;R`ExOTYw8IAl<3gPLAkgb#0$XS?`Xzk7
zy2Or<i0T%Xq)3jSkYHrq``Y<>Gp;YM0=DfiMu1}u=(RVo_DS_EpnubF^Er$=+6a|u
z4y|&&cwfZTp1u6@hx>uyhh5#y23BW8c5b-WJ=ZYP_xt&Di<*0sOShy!>zD*o5^#@r
zXG{Z~+h4lZ8>Mp=3u&*@s#<ONRc!{{<5YtPt97(s_(E~-{dBxcr`65=ZWY-zpxUM^
z5@T17A)lI`V?Oyto_{kn!1i767qFLKPdzD;YbB{R^U!AI$hPTJOooPbUxR0JE!ymw
z!YwE^BzGQKLi8TNjucxO+6GDSKa3P^1q?KaIL#lzHfzTC2tSg6?@?TRojs{1>sSwd
zU2Q$LQ5KdoEs8t90lwe`T(z_lAJMP(!8pjn^NEd~EzFG`K7V7|?m;IE1*7_?;wp4J
zCouw!Wuw?*RLl3n<whIYJxRSvGA#z91-?d+`Jd=048aL^sh(~A6<Z*fUBi3`Zb2)i
zU75<UVeoEJZKsW1Y7N=FhwE79NPa`OJCl)zUyFRrpWBUBHWxl2fUY(VhZ{{(*T@Bo
zQu+poY2&)_SbxqZuX8tk4{)5^+=N1eYBQ9?z5+U_M7&|K@Vg|_6*p}`w~%6Q3R1%g
ztplvIqyD$h!>G_a0}l_l+Fz$6^N$TL0lQbv@9jdLz587r`#16r({)1A2XZCiU!;3a
zhQo6l1JAZ`O%D=yJ3V-vT=YZ&w^>KybDZo06W}`xet%vKt$k~#4ze+|$kPEF9_KgH
zyTAdR_!dM{f)4hRd1Z{Oxm*$=&yI5%E&W~*=LcG|edvgaAoFfisA+oa!Kql{L5OtZ
z&ucr7j(BG86O&0ZW*VvBKV{J(pIEK4*Ek3l2Kz92y?<og6mNzuaq7HDYUH?{AIUM8
z?A;cNvVRmfWLW<w?r+rTzZIS>LzxHg`L#K%70|`MUzZeV=|c%1(-wzFINU>C%Q`}A
z9dPUI<_zluH$gfuOzQ$!wCz|@OKI6PR9JA-;a?HscgD}Xs}0;}RGxH0#)I}GYOId?
ztZ#7jao~;cgo)2xhlt6L=YHYBT(gM*arW$BIDd;Le3-v+Q$uRsp%iUGxmIkeVJ>a+
zKbn8{D;W1bkM?x&j?A-eIee-iRFr7?O>S#$78^1)xRDqiCgghm(&_&RfwQx`PoB>I
zZGWXB-RQwo9FKTDAGzTq)vt%9Lzl-Mw6#wswn@Wd8P}3s6VIiBCOYbeKI;Y6_dNIS
z`hV*?^L099uFtl}r@LMpm7m|iI7d2R43%zLwV4B8N2RGlqEJ{NmxM<pnMW6qw}J_R
z83Gb`2PkV%TEW$rSLvvSi}b>O7iEuR4_ymA9=D%6)0`WOM50dYC;IqjRUX&W3`xx^
z1~+dK+j2xUa<X3L&r=@S`?Ig|z9c<dbANw8A*})|9li^hpWY<4aUdBblXmtu6;}&5
z?=ozyV3~?V{Vj3~V@htlz3-tM7@At#H4P=DqjHqqJijgBV$$_L$}!U73CXSup;!&1
z%ONkY>z*9FLYDgL0kRcd0*kgu&=tzGFp|m&2~)@z5njF$%$3Sb>Sx^&9#B2te1GKI
zzrQ_gELY4;-^34hE=^@0^PCful0+t%uV?PbG9C6tpgk-$;|NqPDW)~L$)=PH>V(N=
ziJzj9o|2mJ`S^odJRM|qdkei2*lr6v_Z@Te)o>+#H^cL9{V|3yL(T(A3x*S{j@7j|
zlV_o#99Vb5nU8Wz3#4h#h+M+e(|<(Y2VSy~wQ_Mt)#>h?Ea90=XpuFFIfMO%y}&MW
zZ&*UMr2Vb|KB%G7jQAoHg<*}E$c~nPB0B_)L1Gpav;OUp6oRI2Js>NjTy4qZ+hs7=
z8cOR%=_=2}^6BP}E-gPvTfWE?E6Ikg;<*^F*piUqOcV~b!uG%zHnT-xNq>X{YrA)k
zS~?PvM)WcV|MQcDC!g&CqAgs*Nx<BF_@T|I&YJEq&ERFe3(2`7=H0ObnDKdU)r})6
z38^v)YH&J=C{D4nHVL)!)Ky&RrkqZ%PinC{4yge`-fjig4T|AY!xFZoEO1UeIq2@`
zl9f=?3_%86CdMga9*xUHlYeuaz0+=wUQDvI77aClAw*V$yuYtUQhqd)8Z{p^fsT5u
zuwiR2X<Ab^7INiWhT2vfwJ0fsdQ90G4#z!FrHZq$QteKZG_&;kaX)qAlIcw2(#=r)
z!}yF1z#reUC$T&K=i+FFDpQXnp{M}>WRo9)zAy=g6~#5T6}mte8-M70ahc+Qo^H@4
zYWqUXYLIvAqXoh5@aX6j(}uC7E3eVm$y1D-UQKj9d&Vvtv;d-k@Wyj|wN<)=v!G*}
z+=5rmE;fY2N}E`V!s(v5eEx7J@ZD(vGhjU72SEYre7n*j_AXF_I#O1*ygfJ~U4+uP
z48;VbfPuR_8#9hjU4OR2<$1*Y)9k5+ZoBDaE*f{|QG-zkNFFaHNkYDaZp4HsQW;k0
z_gTW`bA`22lyzu9LIFA(YEf^?{o@7ovPHwJ)vzeFP!WV@TJdj%XA^mu*7<u=?2Aml
zmI&~kPmEG;r3-jVK_vHQOm%Xt_0%bOmlV%gBU?hKWEB*m;(wGtr!G~HR&C>kw!pO@
z&xsI_UKNN(#YlQ+k%Wkf+bK`+hB9zxw@cUT*>y{G1ng8(+Hi0t9j2!DoIfA+`rbNC
ze!$OOvDd|;d6u*giiD;}5a^)3qw73-)tJPoTigqO9Ey^ffn$Rc){#~tqnpO625l8^
z(%MZEU!bRQtA8!hl>Oohc1O&?y2v4#)3KZ1)FvC(g;sGEgZs8E&?WBe8Tz@#@LD#b
zq9}_iM`KM!HjY|IE<u4qJDsQk*%+uCi@VFRy^kp(xhP(azUzCrF?aF$DA8#YQGVLA
z@Xh%N@p|Bsx|l+C;aK4D9I+d6`fIZgBn67){p$W@Gk<kitvkjt3?WKi7=PhrXc`?W
zs<?0F;*Ol8-@B`gyK0S3s4pe$kW7wT2Uc<4E{+Rg8hv+7(*sX%L=)qq$s3yAHoZF0
zRWnfqjf5@4hFBx4oM;prgUgEX$%^R-`x^0YXc*q>9?;XnTLSQ2pjd&o>_>#U@D=f$
zZ6D(EOn=#?NYrt$>4IwoP4yphD5&mSf;(^+rVmyqL?znuTf5$*adr6{0xBKeX>`Mv
z7l`cWIS5ZJU$#iP>d3ys@|-99ka%viPCU5u5&0F2#Ssi6>Jh?)Uc~a@%yVfknncsL
z^dK7ARuC|t2XxJ-Bqfp`mExh3O1EaHE1Jg$v40^k%URI4F*A!nrWpk%Q7f#TnqSAA
z<_+WX&M5q~e|EMJ)WpqY;LHqJD=Lo>31)e2`xE=v7>l?)vq0!Oi&Ri8ylZq#eh;TD
zZ8giz1qa>v-e&JB)sO%i*!z8xw#@qJj9HD@QZ#QjbkL6mVtwuWm4|c<;g8NLCQ*8O
z`+v%~*&UYtFp7^Ulzjn(&LZW+!OnbiOFQl2Wpz&x79cYY#{IIl3uhb(N4)4_MQUz{
zWh(e6)gCUbR8yt4B*S`m-252>+tm}!6};o{PW1pzbQ|O~`_`E!iM3o89da$GjV?q}
zg2mLv?;H@LMQh4p?CYSt9JnZV&6QL2m4C^AVVr2y!KGr|uj2y;UMD?ioHL4<-3<A{
zFCeFCXu0btJz@9_V*fADQp`L_5j%30sX!ClT3QdP%HdN)nf{+|l=6~Ul4Ksq6||Ky
zA}ov<@IP+9iD=;P+REL>>4(`6iHUFGdWv)K8wQNBWr<IdICV=6P9bi_BHW~PPk#v>
z7Q@nv@pLt4n>tGF>wAD7Xh0&lX)uS?6#-#)?d(#1V7`1~q6-!=h_EoC^MNJr;&46C
z0XhW;b@)X1`z-0*TLMU#3N`Q}Sui0y4ijWaa)#)l?=eY=0&Ge>9kci<xFjlUk>t--
z7G+gnL<hwg`qvK;;}5o!E}f3;e198DVI4QZBBIf(Tyd+bnHKZ~Q2C7*mSi=tQsPVs
zi0_>tUDIa3%o+AM!-@X5Hfyf%+(jxiwzVj%GqbO=IH95}Az{#|;}?;J#*l_YC8)%t
z%w4R5ftnzSLmQJIr!abSz?qpxT!n_adR+gRPNb~NVHje%$#sVgjIVyET7Tx1ulU1w
z;EO|3oK`+c91AmrLXxOD)uj)O;@G1uU5EUOq-$sboutf)q!^+gO~%_Uj&ntu$1Co0
zjbPj<@F|Wut+*z{qD*GlfW#hObg&!uaV%6J;REBsWOo3R7tNLYmBvxInX7j9>~P>-
zX?vpLx8T@v1&WSZ5<9vRE`NmSAc_iZ49XA-ZKR4yNCaweR4|yLN(R*h!!$(PI3KX3
zA5hB~@B{*Q-a%jJB>|Vg6?l34N;HHzyiBZOru?C9E^)vw3R~<14IxWsRxBn?9f|=;
zV_t&>B1=;Is|ve<lw9z@Pe=jI34u|)JRut)>y$P&6=WJbgg8W49DhfY1EsQ-S*LnX
zhzU<9JTRKt;;}73)qKO`Axdgizz62Z_k95Pb06JaY2iC=qlH}rJ*h0ZN@1|dd<u2L
z^J>_6vQ1b_m-};83Vf~*QxE9t59h--9$!;nSz?9h)ZsyPewTsoSKG6B^;aUbDEG0`
zbU4Dq6w%hJR}(zZMSpd+o{L*UKc2*8q9|i=A&q?+O9VJdi<nH_W5O6L=^1gM;;Mcb
z_>QGUk5ReRhbV_1h#Ftj>XTG#46BzEr?#OS^)ST89gjI7|C(NS3*xnpN2fc-oou=7
zqwiNxqb-5_LX7(-=+@+Ql|iy}Qo7qca0J~!jmZZzmGkq|`hNfk@7!_tTkL?17FqZ@
zGUdB{&5%tnTR&LoP*esMGKaoqlcR(@P3(G8SuXj$?(UqATIvsyn)+TQ{_dMhRLn1<
zfq~PnbH}`B;5C70B7Ke1$ttXz!I&eHrKOtb{XMUpGNs_6O>_^j&vRwP-Biq#C1fTW
zct3Oy#7OmnS%34GI<Qx!`_Wh4-h*FHVmGhC@$VgEOHd0-=ny+_0>G+iSgjxd)`(54
zyqP?s(vXkNvZILV2dEB$_BJEqaF}(M?^#0346P?!SXwaMzgjQpUu&?DDZ#lf<^Sv&
z-<9KI*Uinj<0%Rpvi1kTP`mb|S7m{NG`3Ihow+dj@qZjs|JXRo`gr9EyMu6j-0IMq
z`*y3ZuZg)=&PHhZuD@o%!V16a(Up^Sx+_+K4o!15rL(9)d^9Ta{9*onto~Yfdugfl
z{xOdVheCB^z=pC^JpnOE5m=b!ls&B*-x7;`&F=jXHP+5J4$P+EHIop!dsOyd<i8>L
zxQGsTbAOgv#=ia5Q^ViOH{ebsI4afqfV)*KK!g+DzKrd(su#Fy%<f9wu9Fc4)GBk+
zIey2XMsbeMG-%YOJ}z6^amMaj!JxS%Jvk;F&cM-NT!f20RhTwvLYiK_PDM!4jBhD2
zNLxW4DmFU@7SNydG&>h?R@P1I_dzHbZGd4G1%JFf)Z?2Q=7*a?e%xNWs&?CNuWsuJ
zP9IDW?U`;rNN=&vU8JQx>r!a5LN=pllQ~LG_6YBw$daaLlb3)&u*3pX)bQ8@BVSe{
z+w1%N`mx6g=Pk-d{V@-jyfUE)g)V~_aC1Yg(BZ6MiB@OJC0d&Y&%DIF$JkD^VjwY1
z>3>oA+>g9!ww6`Sf}UnLzg=5qH#89%Xrc$hc=}H+|GbT1-0=6DRJ!>SJ#EnQVv6qn
zi1K-rX*BU$ZVJV6hzu+Q7J>3uT$$A`S9i$Izysf;!59?|;X%So*&*sFIwV>$tUcfp
z^NC0!)2k=pt|MQP9?K#xQ^Zm-mr<)=FMmao>)V54NMD0<Phkc(xSAK~fv;B4FM#^@
zkES8saE`P_>dcE+9EbQdel;M`<E29!<@+Mn2kCVMPw)&Qmw(LNj355>B84tqE;b#?
zPh`&>2wBhK8xs1G42c%)*#fM^uRCXgsmfEhF1NX;yp~8>M#F?92`sgPLyq>YQh!wK
z46Ywo#YCQ8nsk^z$(_ig2sf=n4&&82Y^3v`1tlqm(l;{zO;cV=0WQ`>?!@1txVpMr
z6{?l>+cWA(S}}UaeL)`vBb@#iz`E&nqWA0E%r8SPreV*TwGmxUDz=tSks!AYi6YzM
zrkpl0!(TD?3yMhUYpS9YrR4BUTz_^{pUM^-ooV7>Dy4Hz^yeP`+`P!?2_9BWmV821
zaRyW04?@A@;R>sB?r!4{;euov>_oMdl@~1ZFP$;S+b9_&kdvGJE?1~sKpL1ri{8L0
z?k>m)?=~eB2KJR+ayab&>}oIMmpCN2Gk2XWG(3{`(c+`5ms=Qe@(dv<8GjYfJrq-z
zp+;#!V*ae7!d9mr+FM^jgOyb60TAQZBh{!MN+p~2c_r7Qno+&T8Oau$SF-6-Zo_z5
zLXW=Yf;NIEb(T!$QwMKgje!d5&+WsFufgwdQ7;j}f>hH9^Df;u|DCQS=J#IFJ8ZP+
z0jGD}W3+n<feY9<ig!MCu75pN-1o2`m*CZCMkhWr5vWJrWfS-r{m$Sq_1VHuS}=nJ
zfo0z{`J-dJ!(|0&;f$PHjdf$oytzAc$~}Qpibe%bbkgp`SG$bMgUHGP*q<rPqQs@M
z3-8^TCPNq?Q_`=V?`nJwCHAGK^l9$*+0v%$BbejYA5LWd$(`pjU4MilO_ED#iLEjT
z7$P0-TD?y+LkV2mK*16b-vcQvkPw?pP!krG<!Q8#^)^qP-YpW>3Eo|148A+2hRl{0
zB9$#<-rxX(a%~zq_gbZQITJ-+%&wiw7;o%^D}l5XUh%#&p6uQ?F!WgnCt6(#g>rp8
zs2F*sMwt+eqMCl>|9^#~I>~2ka%A9VQT&0tHN&q-Z(qL$y2@RIJm?qojcAjY5xeA1
zAbN_mmFX};;}v9g(MUv7gbBCV@gil>6r1#;@;s?VY?QuESze=keFo0NX|;qFWEsNC
zAX_f9yj81;db`Y(|Dm_hM4phcfgm;5`;uk-j6ZxEdfLcPVt>1ZWF#^?aY=RwDa&Qt
zlC`8`zjy?)>#+g}rWD*$w^iVpKKZ`mTVkTo36gxTK1D$RS#nmAv`m_&w(b>bS?-^$
z1U7d&)>8)(9MlTh>TO#fo#mDg1yL-b*l;VWdP$iOa+7F#`Fm#*q>$$x5lwF~WX3Y=
zwx@u<77k%eaeuoFCpHP_JeHcrxQ~+d{jGHYrL9CHO=O#PfWh<KP*gn*!R6yq=@W)8
z96_^}i=;Ti{3Gq9p=8nSsvzHgKG>L7&&W2RY03<k^wg#aZQ(TxO<YgxdG=SgU?8bm
z{PUdNN0GYX7K|bYd&|Kbx%`2fWkv(PWB2h=(bK0A;(yUcvwr26hg1}HZ_i+{Fa-tm
zzvC~=pwluHx(g9~GvXH^!&F?nI7b-u?B`;$kCF8@lbfI?ic)UeoAfmmyo)4xF^*tH
z1F~_O&S^-bYMqQP;_F28RrVoKeIBX*2^P8^*|-ZmyNMPId|p;!^&5WZ+Sbj*mvOR^
zeV0|ahJWHvA}`74Uz`;{XEVK|n+>U?I>W5^{*&38{7BZ7Lh*Wcf}o2qAp1h9Zp#SB
zi)uo|N2eZ4eLjCBdGCd(rQvh5fbnsM>mb`z%bYrlt>@n3Gd0J9?l)_HJFxx2=kwZs
za!tYm`ns&Q=CkhFwauH0F4J&!9-V5!o3)oH3xB><uGyS&caN^U*x|3NRcWHj92ttB
zU9KZ>eor_wUAD^SN~QO-rSNrcP5EJ0?=4<gK6gl3bHQ}0eL?{jsje_DDc)vk%|+Wf
zjmJ5|<71Az6}A<gM^;x)^EM7=|31)rxR^c#064sXm*qJzTrcNR?GAa71uqS-<fKA6
z;eUqa2K^b8CLI!Gmsd*$VmkfUS`?Y0%90RJ=R1rCLaM5_#>l4!WNbG526p*I=QR0}
zK1S>_2T)j8Tl1<KA*CwJz%TZC(}H7S$R#Z<SmWF_9KEOY=_wWCFSxZ;|887vpYK06
zx~pYs0y%SOeyNsndV8hac75Tn_Bt5H;C~J8U{A*_*H($4lQ)k<<B*b34LK>t<1W04
z2&IYP)tD@g`uPO2B+TJ8I7K*>D(13`)YP>_f{NzG1qJLfmFB=jm4Z+)1GUz6=5Lxq
z)mt>>G|zZwFa>4?utB5Ho{3wBiH#UjN03IKg;#nLq0SEHEaUXvXSws&s}&llf`0+t
zPt-i-DALQzs*ToBE|<&;n**c7n)G(Cuh69_B2YttrG>hG*hXpJV`MNEXu>`5Y`<x?
zY*`sdBhVU{SleYDibYAIZ@522{B6oNEQPSss8kAmJFR4v<j%gOJ69R&B1Bv+0MoXX
zFNqBK#vRfXz#b^QWIe$f^Vs`2V}CgOo2a^nP!;UG&R?NyZ4YZ@d2#O1CcAl4veK&6
z33fLFo;Iq1(pIv-^=ClDU?|$if|ys+PdPM0HL(HTm(5OQbb6B{$?z-P?5)O;6pE)U
zmT%|x(5EBhkrJafYtyG|%1bf!^&Pq2*-i=zf#9nZ<QE8iIwIsE9#Xk)+kZ1;e!EDY
zNK3&>I`_)B#`<#;Kh`DeD{dXdWuS46V9soYJe5?qW1Pw}Iy@Wl9c>*K#)r>lkE#l)
z)LB$Hke#rxu+)fj>DO)Os~a`am=vsB)?Kuw9gi=?1RnzpI2D!J_fRJ2Yur?1aA`e`
zZM=Azi3egTCDU<DMG+DPgMa9YHm=^Bx14P%#_;4uY;zy!j5ZkX3d4CJ6n=>KL*ZVs
z$dFOm=@qME6LeM3!fWi#g^CP;<nmfJ{1j8qrFI*%4!T3Mg)gNZlcErXotKnPG8d1f
zq_qo=JUtyH<$z+xBY?u;u)2?P93x}R+H3;$6wUZPso%HFIInS-#((K=k=b#aPYK{x
zI}V3jEm4=@r=HB4z*ED>G1#kwS@vAvA4Z}fP1&LRy*|w=*m14cPjAE;p~#)hUKF&N
z+~?F`Jo^Ra{DE`!GMTot3}aLzb&ReUHTI&wVR9YO6mj%q;O9}u)B*+c&@crI9UepD
zV?c3Bh-`LwISX4r!hhVagJ9u^2x>i(hxrIihsdQ^hN}+WQ7R$cy^Ap*U7c-1^Sn58
zARD59fGS@FwX;~JUZpH}{lR<A%x8D_W8afl2h{s16t#nAQ9FsIeueAk(w2?9c{wG<
zi*{4@<(PBeTz%8!>N%gup*9b@!1WTbtjV|xcSc*6Q^wyaMt}a8lAP33Cf7Q1$Zb$i
zEFv47@k7EyP?kxX{7f_ye+VX4QPN!}aX9TW?P#%^V!s<`lcWYe5a1|SNj)6+y^1!F
zLm54Wc4B7p`Dx>&o}-WH9hCngQNJqW8B=7F?@{nxHrA9i?6cOGJ+KhkZmLCt+f5_6
zMK0aCjxm|xL4P`nVUNBL|B#q8tDB-Rt*{Mu;gs6tbd_I?Wi>ZHI!Zb#z|qEUV+K)i
zHM9w#6%sV4ICajzy1tS2kFN7$jJfjy3!$#dDUCC=tVl`lF&0G!>u0b3Tb0L@SWY9+
z5A4?%saxwEz9i}D5GVM+Cs0%HqC{i<z{bHc7?YCYpMMAAkmu=jbGn8UI=n&hS_vva
zNr>09lpi1}xRqul;5u~X<^n}+xFlU=y&Cndy!a;(>Y=LivpcPVOAbfQzz6O~<*4S&
z*(>UG1cg*R#XPhNM2|0Ws`*qaTLkk%p%M-zJ>6sfp2tnBOMk&G_#3S}<D2Sp9vC0J
zw1}gW4u2M0O0-e9@91Q_4B~B6Ywd+%-aoN8m&_ngT7Kb|PO)h8PiGo%DqS@=Ta0ck
zV_VWYk(Dm#6}p!zSn|MF0$O1?uklQyKq(kh$SpQGud%``%haaq{X)i09J7WrnWta&
zO$PlPliIvz&SgjHwr^}cALR<(nP6Z+pXbot*MF{kn1WTN|AZZOsG{*qXsWy-@#OzT
z-cBwtG>;9?te%tBEAW94tVlJdcAheDSEshtF^ZSYX6cv(3ayoOZXM2+NR6d=HS;QX
zg#bxFw!c5F3JM%tjG<(g{aEIF)b8z)t6Gs9V%ds*VYU-!bD*6vV<sW820k?Ff!b;N
zUd8&rKBIqs5s|;D`rh<<llgzdVZG{2<JJx!Q(;)*rY+PCIIy#-qr;`#t4m0*;I2s6
zi>CZ-YvxC@94jKCO#gTw%W^?-m(D^c<d)RJ_*n3DQ_Lw@v#xh`6K0{cZYGU0D9DH*
z__#A|ol&rIRa<7Vo-?#BG{I2h^$wq=8}2lf{D6OX8O^5?Db8Pe-gt_Bj$#4yEf~&V
zKhNGjWq%^zB_2eoilB$a<jaY1(AXMEhZYHTm^k{yvpvD{{GhjZNy5nL#wcu#Rz^Tg
zCrj`-5~IRFz>iHcdr_7}AHuFVt)Z;Ow`az&f#kz*-|7%+>K;*Lk{qJl5GG$i|0$+L
zXbFGzM@929SN!Iv4i`+HS}amOZPdzZ1_1?LS+Zk`JzU&8kS&bQ{*ugzzK-c{{Uos=
zlo-rm7Ce!|&4KZB#Vy{ClB%B7KP@N(S4)F;cT42vwKZ5~x;q#E)-;)NDy64{W<S_r
z{w_*Aw0C%Un(@GB^IO6-wjNE>-u;lh<)(ibm@MYlZ3W{X3mAvvoIwW)X#6;cAht6v
zFD96_{s}vHk8M4uI??3i8b6&#Ca!~}EFPQGzGmV02(K!^?q!fg7kBlVF?JQ;<32go
z8SUTxX6P;2w<IG@i9r;L`nk7O=jEu7T89m`;TUwLAT)VSNwNJC*l;D_`hauv721Dt
z5qH0q?4F^w7g1IgISO><HVD8D19K(?0nrd79|ON!vX@pMg$Zxy7M7rKA}hi^CZED2
zjZ$$ECsTtL7$|8K_zV&{sNoWb9}IfELPLs^_0#?}J45AvOQI<F^k-u~$3q=ATFm+)
z(WBV?;v(bnv-E8(#{iN};8Vj^CZT_YEJ+*!QjPltV_JTduPu^+qkEvLyqSmWF2o&r
zmwLo>n9sLywa914%zbqF@#L}J?a%E<*JK`m+X?S+(C+Pe^G1UJM9uTc!Fi8B=*R&_
zHrG&-Ut-8l0oMQbRs`NP_f#2Y+VcWE1O^Ncar}O(U=N)Hqjh{ufJ=A?v_OA6!?>!+
zs~sn~KMkYoDhqg#SNB=Eq^VcRPQ;4#aW(P@|8&cobTaWUr1Zw12wL|!f%ONnK$=Pq
z-kv+K`xL63K8hPijx2$CT|n!SpRvDFz0_`O*_7XwW>WPUN6ohW`<qMPm~)ue6V$b@
z_rt`sH_;N7cW_S~FPMCZ1(ts$yy-5DZqy}pu97@AR@@w|=|J_TrlFnvy2^67=50T6
zu{Z_IFSzQOa!D~a_uIt!_XmHU?R2JIe+ldz(J|Q8(4EU)cT=jYd`^4f+-Be86a;BM
zshQq2d6t>B`Gf{}h^~H-Lhv$G45Lv7pA}V3KzU?L3|vhgP}vU%JvD#$NYeHctRbhH
zSBOiXQb5e>z3Lr~BpiiL=X{eR&dsAu-Z5xj8z~l6l67l?<JxGd^O*NPyheh*AwDSe
zH**=-_bhu-<W{oDac^z>UG(jxr@z+k51L;V-{<`R&}VC3TG+>cRQ{}`-*&)J>50np
zEqhGG@8N0dwuEGsP!@j$=?S9esia!mE{<CX!|un^$`_&6pDzc0nr)ytKaZSFdXTf~
z&2-(@OL*_G|I%1zoY4DY6Btjz|2cSKkAH!Q<A@Nf_~#-1AA0rV1Ec`}%7B0V`RAYi
ze^K-N=bwN6`RAX1{&!N(_s>87{PWL0|NQgMKmYvm&p-eCU%7vW{pX*5{`u#hfByOB
ze<L6YDF6I_DeDaY_`m(DRQ`Yb*I%WgXDk^20Q&a-9*^*11|puG3sdTkvxA71d+%=M
z8DSVRTQq45@x6pr%BF(&t~m110n0u!=32u^KU4<ns?@8_MK5E4GBrAEsOW!B;>hmK
z{mGnfiw65)K%0N3SbqL7CtaG7!O24lC!XaT;eL@x*Q3hI*Pg)-68??fR3vBc=+HGh
zJmVX_W7xW?0+rY7<(NDZzktrPkV)VKeN}%tAMyQD@Nfss&N*h!IIGbkq;ZlUsIz9~
z&q(?NqTrn7h<Is5wDsf6B=-i&=yF}v@Z&PR4{B$4E9!p*`J!)Dto0Rx%iVldjxNrQ
zPD74veoNH(&q0LZ7x*X4vt_!u&!2BM^sZ71nB~VP!3^gR;ho?=noXX#G!@7*gPEFZ
zNIIQ$IV>RQRqKxBnIePHE)1p3uZQ_L4a*^!<hh?kf8#bf36Y&5sz7Y!4jGQ&L)RzA
z#|KVFEiZrQI?!`_6x9@Xb>cMTY$bpr<78YdkReh6S}jr7#PB0)^MLL*l6qq3dSLTb
zVWXl32kJ|+fdJ=+G9J3tXpY5JHkX^wRu1%sa~_!_K^u`c#gn-@XGGk-*VqDMvhTr{
zu?#%VqI!68lE>2X;P9)gp<dG<pqaYaMS`G_GEsk1JWxhfdSaBg1|;VI$Sko4uPQ|F
zh;@nY;IvjhQzwXwC=mr`m&3d|<jbH`gVT(c(+PYm{oaX9zK#O8!PLIh97!d|yAt^1
z+r_XSF3ET1NE9M+(h}PvcXmsACh&M%&S%O;Z35K`XzOK!n9_4|9B%?!SyWH&(Q`gY
zQN@2qjp@Fdre$9=&_Ly_Np0g6tjt8hui|3hTpPT2?d*WrnGTNcf_5k3$C5zW(h55t
zT8;Hvx=aQba>nA;BP3DiH2eAu_d~4@OK+r7oW?$?B(#g(Bg<6guIkYt3htjF@t{61
zW31vfQa8A=?EhDOE>u_P>=@r8Q*o(tWZ{2vpa^^@SC|kJ%Yz&8AqSPGgm}*Xvl{tX
zDN<srs52VNo3<VZ$N2C-@&4XUO$AgqDhM{R6lyaK7D1Qe2H4W_3kpHDPt14p3rH)l
z)&L8*#62hMzh|i_q*Iy<7`7%pL%rS}Kiq3OyK!*8kQ)9jP@e3Jgi6&%Sx#(H&;fs9
z@#M$A#DBFz=6x$<bFRmu1NHro9a$<tT&%Ng)AhM+VV_W1a_XG7g%_4%l>r&d8g_^m
zKWFS>w}K1bhaAgq%FNwVIw?p!07TDZ<WA(zVrLQJmzx(bk1Jl#g)~d&rK!6UP<uYQ
z@cH%OO4Lr>Xr`A&GYN!eW9qG+oP2*{Wn*I-U}b|}m?j6q`7s(PV}WeMzxd((_O(*e
zpgPfsCe<;m_P}E|@p!tRq2y{*(3^GyGAsDZh>c_oo+NS&Kkt23Wxdsb?AZMWYMYZr
z#g=F}h!+{cHKUmm4?*h*GKTL?bgL_k@hgALcSKAa!5Bdwa<LDx0VJ7ZV1a*YY`ybS
zwa>Mz;I8?16E=iVkVhYx(|pVfKPM6M)g+wjzSn+*19K<lC$3r>sKCv{4*jaz>^lB}
zrg7qQ<~3QxS7yL@B=Boc(8dW39lLN2`2-CX`|Yu(8)Sdlr@+DLx}4%q&F!&S<Da~>
zuOm(sf_HOAIb#S_ut;H`=%Rn*IR`t9DUSZjaY|0_(QPdEj@J%X*d3{O1QZSNbO7U`
z+WST<6xgr<I-?Is(y$b1-IX2b;ZxJ`PI~>9ow5*g2O>QP7&D=GKNx5^@w{Y9c!xdt
z*e@aWKUe8|c^`N?U@_j5wfITxi0H;}<e<$#y3tmSpTsf#h4spx^(=oaff#K3)S5=&
zOg;0hza7$F!c8rVV8-nK7B9!FIWbrT00Ish1bvXWCl>Sk<c0?RPrBUQW1ENG8^-Nn
z9tumm$p(cmPLoG2pR_YmJHB|oZaHj(Y7E|mGaep{GV^ex%LA#NDbb5$k(40NL!nw;
zepuA}1}s&Vp<vWarj>uy_H511uEjp^z>noh1h*wvo+xPTE#DO_1N<b25#l(ABLP$y
z82|!d0^-t)rkKA(yZ)s>&No*-)!7^Nx?4Bg8c+8b;r>}J{+QD7>B-*ly#p^@hj$@W
z(;L9;rd^4qRH9nTI9nd52T>FNAp{P#4%EX|6xaaO#Mu`g5OaU9K&K>n8CGAJQGCmu
z41(9PFVybT3SSdY)d*Key-cle%U%W+s3=j?i0KC}iq;^+@(_a>KyJfm22JezDi=fc
zZ}IuHBpzU6jAC5~$=(}LofjUPR(|zUVse9lGZ#>nfCVAJlh1d;Jj(0BrP<An)xz>b
zA3Lnlbe_A<>b!pflRv{5_vq&{4)k3CRRLcEkRmAtz>@|_I@gW8-kBN+@4xy8CTX&I
zPGl`&c{Sdyv1L6Gu5`8QbRJ(n*+1)QGIjlOd9SvHEzQZFf>cK!ugd=o#s&|I3{`9l
zvfmGjEgZ7V35wlEODvrd#7*rb-Gex=uRN^GL864lib{Wlrsj7$t7A7MRKfWfqvP>_
zR?6><Yh-^BVk)=yJy+Koi4%mO4>khiM}3sce&qdg(OX~{_P+S(Pbr+xJxfAYVPVAk
z0E!**8~dF+jW?p7GRe!?lRM8u>3bL1b|NMQQNx5Z;lzkC^u>@I2;}yn@Yup22WNE}
zfpaHduGD`+Cr^a+v%o+%c=M3!p_7jO-v$Cg-A|j78=njI*9JtOj3C?r2ao{l>c-7v
zp!YpsssghCLbe{1vM<nsyp~EZSKD|JEmY$6E%xX81<X!J=ZpDQ+XefUS!a$z{QC{v
z-X>aPW>#n++!BD_Sk{q88rO>0Sil1WPzSPuPTPNXxI<SCu8=jGD{;2)tf=T}9a<^m
zt3pZi%#+!DSGL#@4@&znaj^<t1;%Ph789VxjA8}DtsK6Hdome_hkYmhE%9B%RFesl
zW{&UMQO?@gEnj8qA(6b>N-ue?U7;rNb+9|~6Uveb3<!7(=y#etNQg7m8%%}Y8Drh$
zN~3>yox)BOSF>J+NZG%)ZniPvm>I1vf2t%wO2dc~+c6U;W2MaIlH&67K0>h1?cn>P
z*YJB=Y7F|5@-4hAtW_L3uRHIUQun1txr0$h3-?11ItFM_2mUJX1JGLWMp|DF*C3tv
zAE6Jl==tSj_dHFk-Q6I)bh(oo;}?&7btiwm&ws;Z6NVXva!P=NRaedvW*5qzNIwJF
zr-jA(EVmW~dG92=l=5x;lQ(ZLM^?(154)!V8-fj=4-l5v5eeTBDdJSkF6?NRcVoGF
z71+LspC52|TM?el7|OHftR}+G-vqDd1BFEnOcR0N41C=9^tt`S+2J?EP2PT%>`{N-
zTONq_Hu|dc`RUX9dz9o(8PEgJ5~bK#RR^(;=m7NzTE#s)jfU5H%xge;?{<iK61Y*K
zPP+|oDspbSCb7XMt^vUqge2`7)RN0sWT`pI{rgN4?rUc?I>8%0oIH(sY&*caGF_*e
zlb@Rpo+-Eu6vk->eHc1f3A=qazx{u#vAh)XKhJJyJx>Q6PBrkoNLa*W8?>tz{@yQZ
zEDWj=p<1kIyV_zJ{x{W=#D2Zq=TQGJiHO>334=8pGsdk$P+en3GE{vK$HhFgvbPLN
z;9aZNs9X@8dHTc+Nj9r^5Jo#xlE4H^GnhO=7+l77&%&Xb#8^KQ>ui`q=h=THap^OM
zC?$cfS$z?UT0p&{oUQ=;(lW(1is$~}ONG&QPYY}~XE>QlO^KM(7}e@3P!cXCm_4){
z1l#KBm#m-M-!o-8n5v@xG}2H~O7NxzgYtly7K1=1?A;nr>UvMP@}KaB#&(}8F+x!@
z=#e?=?8nYWoWmz~MTUyyBv*e65VnQgUq)(jBSFBHItuN25nt=oHXCDl`4*WbT(JX<
zK2BUWyFuC%|K1FI{^|VpJ*M?QX?_ift0oLj3Cgb=2(gF$9Sk|bb{5!Gu<<tgy^ouf
z=^nf%X8YXPNX4rh9Vkqk`pY;%@-3|Kt;YzVov|75icAr4?t7pIGemzqq97ECGL)z>
zu{~MMX}8MtU@XY~XxA)S{t;W&#NG)sB09`X6e4V~=K`DC3V{@8EtJK6GM9{vg$z{y
z$t+kKydadR$Xz}FeGgr&YN;Yh4|F)uvw#ZuA>H?zkX*@*2>Oli=`6m>Ufj&d@uwx#
zPDg(1Z*n{FV!M2#4iJCOe8Oso^uX&t735&{(i=23cc>V$J5i;C=_}Q`KPU|NXZ#+Z
zv-4mu%}@L|j+@k4*QGpA4G@>YYoVl2ATc0QK^VwTfSOJ59`E?7>o~CC*q@lmR=Gm^
z&ituCa6ZZ@#uh;FhkcM0uw^1!nV&B4&5uFq`M%W7%21?5pk9CF%YEtr!ltklN*g6A
zZ^nJ?EGs6c$GTKLGU?;NP{2ZoNLkz9(>F}8TDXU9E;;ng;Xy%SFak)5d}HwM0OgwC
zgTT;r_*Q`ys>>WNX5)<vTb9W5Wgdo~0c!VOP$`IKXve<YP9!^C`8jt;att}eEm$Xk
zL_t-309F%tb-aIk0%l6-Z$J8tA6h{6hxMan3V&D|$O+V7>`21Sy6ncdOuPIo?^5?$
z1bM=sW`uPpE?z$nagaW3#{pvucw)%R9uU)w?5g2i1Caf}|7_lAsP;OaTXGu!0TBhO
z%avpDXJ4bQeIdH{$7nm9L&Dnceh*@>KgOUcvj7lNVYz?u+JFjSc=jjbQcU}{&145y
zY^oz&g^+kf6)#6wY!TC94o~`>js({p_82(%ZAf15ANk-KwZp;C`O1tS1k5O_xE5Cy
zrV5W!78ZiA*mx^8q)uxz4B{n@%#;0BKmG?}-xytq6MXq%b7Es++b_0lO_B*GwmGqF
z+fF8Wnb?1}ZQDD)-T#-}Purins_(7tK6UGKozrQrKR|7F)f!`uInP)tKEy?HB)Cd}
zwIFKPJUjq64#ELm+no`nn9(ccdH?#_@Zy(X6oOMVrDJl|9h9g{NN2xnVc)rE>A%aT
z{W)QmLhTjY4kPRx7w{MaALW1jE{3HC_aYsK$qauz%h~YN+n?0cV=%!#i;M&FkHh}O
zxHfH%NHMcqUiVq2W%DF-6kCe#p+e((Ko7mwWxyc66mkhdchA8v5<m%n3c(rpj^6go
zh%hWbztza?!b{!ppwExZh#<|HBVL8^Wj2dakyLT|FkgI&uLF&_rh@G%D^ZsC^Qk1B
z!1RA<41^O$dJO%Hh!_BXAEgA`pE7cD!#BWckXZfg=3{AiG*8R=%J<Kn)T<1qB<gnB
z76ogTnrRTrfWh{-Bxf|D*MDyI@OoML3Z;qd3J+Nl^&yrbstVNo^SZ!94S>}oM+Z0{
zuFxV1LLKri<4~fIcs&mMJh|~x!1z)EDg1w|IWU#E3r@kL#iBHifr=uhi`}4-CH|0}
z`?^mZ``gF-###qmgm8(0F{T+=0tvqv1nddcYAkm{{!P3_Z_E#M_aw?EGtnOVZaopv
zb5=rB19L8RsG}gEPMBB~Xqx)!eyax38p*Aay%H6q-k9sLsC24L4Cyfb(k0D?#PxqC
z3Vla>29J7SVEPbhMJ54{ha#WmgZe-T$_fb2jO#-YLa<I1{Ak@(?Rjr3aeFia<CDi=
z)T@-zruRgns5bw3xhX#QeI}kb0<&8xat9@?;f_-!zy}4&&VQ9)nD>|rW6J+5Fb$vt
z1&0Ap@;!^K`$p2D1b;v2KbGf!f8Ku$Mw2pgM-@L=&J;6QB~TPy{#DZa_yvx&LJ9}P
zKiDjzzUIY?%UCVVx)Sf{7(htmv1_O>>vQ>Q-+GJebd$8CNlw16`_1UlHVn}o+!=0k
zz=$x4|EoFITowb+>8}hx6~f&>z%lq;1@RzIXAS1SgU3Yr@kw-Y<d^t4sF{Dr>4y=Y
z3m#KH@lDz<+Zt2%KBb9v(!zR5sFvWY4&ocbr+whrmi29P>)sgC0E$5X2lGte3RGGL
zVa6PZY@Q~lTC^D&2odkkFmv>UjvEb6TUT5<To#NjsxI_IpGMhKf>w{}W~4>dcg}fx
zd$l*=X2JTP@N4`d0$l*Qsvdude4*BxVu|&$F!nQ|^AN^yn{EXxJjG9({nteKj;*ST
zLB8~@jzhk)L@8?Cg1^2~=7IHOAcIgUs8)0VffW?A;dl;S_ElZ`l_VsLV<u~ii7Euu
zDT0|qlm&%8%#Rov2O|#0!>o3#T#hFY{>xV`@^-Jul`wuRvef_K!U2CW*EhmCy@JJy
z-b!A>rg0hNYb==E>R6yQ!}#DYkfxz;oUko<M8Hi-{wjeT7)9ygK=BNV4)N_*+9uQl
zXBdPZd<AkFsRi6_uZ2-SwPeNT;;n#RBSg!)K)k;^06GjY4dhYAT87Ka(vKB^KFePh
zm#HQ51rR?1Lwf=K!Crr?`y;guRN$>2J{T)yuhE|l2}(^{?yv#A?5I~5LnGEspmnO)
zGZeObHkG(^E7do)Z#PK2R-$D;7!ACR@S(5x)KMIqQ1&G!?JyV9pE~o(b3)4#BA=ai
z*Z1c5I3?6x{7wDFf1jdl^G6r2T40<YgDfV)0$EuIy8_7`xif!20-rKtx-3XT$pEkf
z!2m!RgmG-<K8DTX1<xykft;R!Jx(!1&~+8Z6q0;`Mhvj2kZ>A=PQVz&K}X>TK`%r9
zCpLUDB>3e|L}*ftSVh#btFlfSom(VF(VJIkCk|PwM>sg5&3Hb~#l`r>r)onseC3aj
z-2^%oCro-~(F}i+czaqQ9Y0agzWNLYo8@li<GGgY-W(7*W4A~tRakU5%QRM>7bwO3
zbfyIP#$E=bDecls9|t!~&%Db1{9?D>ds8hKz(}@JvaF!24lfQ+gX0XOo&_1n5oq-X
zI^{tpcp8y3koZ6L{u1H=tcB_z%~F2HQfZ{Y$_uuFJpg~`ancf!fJ=ZwnSFzADE7`#
zc0T(VmPf5QMh$uU&IKR=w|@Y_KQqumQ3X3dQoE=YgK2*03AE*@*aK#ciHJtwBS8Jz
zP<el4k(C1y8CUG1sW0cs+$=el%3ELi6Wa%!1Q@e*QpY5nbgC0Zbn;bIA<{RxiWqeY
zHg!t6rl)`QCw-Fy?#<gvwBJx79jrMI-DF!JmHf|WIp-E3+Be-L2mZF_A67zK)FRWQ
zXu7<}$QaB!UuFL?xyVX;Xj$#W=u75t@NHdoN7jqbgcP>os3Y0!J<2>Nf87o>Vhy8}
zLM$Ts(bzsFzX8Q2oaA36)C{SO6G<us<z9ye3xIzO2()D&nfhu5{Au=v_ovluJfO%2
z@cT(Z3e_N|%upMFLv`A`z%{{JfwYH5Cz|=NleRZfRPe5`2vCROAY+srD8Qrb%@QLl
zs|3O-r=yWQ4_MnK8fb~+GcbQJQD0UqK4s5#x{L!~+C?rsE)trsJPT@Kl}5MApPU%>
zpz(j3U#n}w0~ncvDyBZH;~QhSnjE|mSNh(#-!}VnIPFqA-xPSwFK?yqG*lx?Z3=&v
zFQC#12fQv!IJPsAVQL9She{CYAV{e|=mwm@K;e)iR7zHF=rC`rmN1y9sR1_rK)??#
zfR9>;3AGSSP-|9}fffWcF~wTCm+13sZt;KYn~f@zqFimSre!2LvdI)?SaFgy^dPOc
z)X{Y2ug!2^x|lV%Rhg8uSrT#|*<ch@x4JAea(E7okh7jbw;X43_#8)&b1z?0ePmIt
zuXV}$O21H+Wbe8BZ2nGc`h25P<fnFccQhGIwG`;;Q;?%{{fXVOA%Tu!i?l%3yP$us
z&>zI&4}l~GfC7sWA|a#Jol@)4p~b*x;k;<Q^n{OshYF+C<>E889+7lrCkylU6#fpl
zzw5}8tbo^x`2(JXAS5}&Oi}2VL9!YwE*m;U>s<>v2qa!bg7=x6TK5*a+e!TS<FM?q
z`>KuSre@4<8A<%l*G;ruZT*|=#=(E@pwMP5&!FQ$e2QqIIyNWi&L_anhL9rUVw8e1
z04szXfG+PWQ{07cn%*9?I7?kt;14?$OB<F~0jt|l+H)Xae9(Fs2uew?LswS<V?hn`
zybeI126@f%Q1f#`H47nX*<;PXR%1-i>eYf=SoMB78V)NbA5u9iP%XQhm0o|0j_iS;
z4fCXqwmJ#iX%1U771i)l4Jf(>m^i9>Hkv4HW1h|jFVjVJ5-m&vc<T^~;7Z^Zg*B%E
z7kPy!J=+_U?{)$at(Q6#{5^8;!*^SZdAhL<ZJsDXXpm5l?5L=EN&)dC@bssU4Ybs~
z2xM?&0U|R73JWKDyvFAp-AjLmr3))4qxXb8mR72{;2ItQWM_g80-Z@mLw^uL)n3Rv
zBMmJJdhtczel^*nvNhuGLR*lq2@}de&mt@eaVh=D>zh&54AcmK_GJfe;Gu>0&lAeK
z)r~0E9pl5p1Q%|J0+3<;@HQfq0Z~$;se$VJg_YC-3i{w%SztZYjIV!d9&i_qvuCq>
zV&~U#!C&=)hF4?X6^MU(&`2{>*E_ua+I;BNAL-`K$&4x#4P|NcBF%uxhMa?yV}?8d
zCuEO02E3y-!P3t2!Cu4L#8iA*fnj3&J4f#e1*{RLVF36*e@O7bq%bg>KrtGrDBe7K
zX8P$%R8OAOsWML1QH6i-+Fd#WovZl4&D`b-QDVr&_CYwl?bf@FqvE2G28PguwPvSB
zFL7Q&^r@+|=fO<oIfODfaGJDmA;}J7;=g70!fbH_4;1LzGEI)#wU<%wdGL@?yE|4C
zt=-Z9Kv0-u6oOC{RAyi}2%lPDpTgOxi4A0T564F&zLeknNT7f6Mw9NfZ5}}085ZB1
z`>ZoawnXAEA!(EK#ww`y(paM0%?WIZJqArE<w9qWd^4IQL3kA+P6iuB%@^_kV+?8#
zlO*;N6{vvc|6==2@-GDeBK)b{g;~Nlv=Ygo!_b)nw8}78VY+P8I>8oR{Tp<5z27XW
zCqC@6iUgtP8<2m<&c2?I-g|FV&hIBwYy3_+CI;h)o7kEmMi|_F9APP~L6!(v86hx3
zsQt^{0i+eU7Rc(qQ=p#VvmkoRun}9j_wq-}y!``z2$5AWu(aS^c(RlU<^K!u12A}2
zJ>UCf5LI(Q!K&f9ry2Ow2f}Sp-XD#9cQ6<wW_)nA@40_s{9?FC{dD&nGcLft40Z-*
z2b)8bV+P>nC4fOpBd((|u-Rjt5<CmJd;@!5++b3ILW`{zHU$lmpt%Qh2HO6v`9;(!
zPHn`)9>Qt&nTtN~h0Hz58CCVZoasU1_gqxHQEw>tSn5;%t~vJ-p1$AW759iJ6PO0e
z;Sxu7oX>v>_`U69kE?@GR#`(d00y5|1`V&<0u-y5;lpPUE6kn(>qF;+epceehEH>&
zt6+T%W=HwZ-(Ff7j6e8#(-{OVk=)dTv>vyke5{%NaWHqBf=EmE$P=L;y!eevs~<;d
zfn4KHD_LoE?`f|lqz;?J(2=VdOhAsAc6@hrup56M3|FXMt9Pb)pY_N6s)u8u>kF}M
zm@~HOeSgiJ#xSjD;#{G%<+Z1}s;BA^)Hi(2uM{Y)R8CF_bCPem?Nk;q<269R9jb|9
zP<!bQpcM)sl?1S$LAoRK!7su*N0WL`8yhI-v3!I1gudQdA!X5;;<hl9KHneLeU$IH
zy()hOWBNVV^>u!-U(@RAGmt;jpy&s#FMtC33_O-F3d9H#k|W8KK!b!#5_<L)8_NTS
z$_lLtz65A=v?+nSeWZAphnyc54383mz66X)nRotjZ<o7qalb9oIiGx+@W+-d;L4J^
z{M@y3mGds~-ff)L216{seMYVT#|v5p0Rn$VDKXfEjGVy;M4)KHU}#bL(0N6@Tk{a1
z=$-Des^z_X8XlM5AY9SEF-AfBYQ_KK_?SF<!UbU<*UaI>-~FP#rT;KKaC*!Z_aIDx
zL)Hz54uI_sWC^Pe!(k2#1CUhYk?4?Y>VK?uulLr8g<_hS3u!N6U)(cnNqJrEf$@Ju
zlj;o$yG&toUEc(q|1sy?9?-D<3?JfoAMk5#YukT65x0jb15gzB4;s;j2}gmElLW%T
z0>ItH#wsQ4l!Z0&gCZ*Uz7tO`1R1{g*zWEqLZ6FK>fyl5*w-PraJ{|H+JIb*p7?Lc
z$Jd|cF6YUrs{CJ#U=dL{NDB2)gVKM5Ai<Zv>yT~c6WPOuNQPp9nJw*<UcHw3?y+4V
zE|<%-F(Z!;n6R~3Nu<V%L)pOGoJ_g5-_U&;t8>&otCkuw10H%ws6m-i#C>5lfyyuN
zQB%rL4!Ye)jn}~&v9uXq@*8)*{l3*DrrR46xHoL5AnH2*nFCuBe_c1v`SE``NL<5M
z`}e?%T6P*9#~=JhOB^WgR45V@1hfA0h5hMSSUh=6M91sX()obv4U8`x4tr3T#m7S7
z7U_G=GIm||vH;VY;ieqZOJwTIB_M0<)+G=+PM#7K0EVFsqHD{;yYT%0x1-v!P8jR}
zckTR#LCXb(8Oyt!$%rqU$%cP_kIK%sbnW=B4$LjQUI??%S?WxXFa$sur4T$ql^Qcw
zT`hz=_wp;ZW~~z3m6r`UvW%FAQQ6HSM*@L?@oHx<v%vpCEW^uBxpKa~B>>s6Ok#*W
z!V2;S1Q=vKxJ%(JSg}a{vv5pm`BeMK+vc}_!Q`e7G%o!;_GFbIa`k_=)3i?l<SJtF
zNN%-8b$p-C6+9Y*G9OT%`CTMf84L`Cds=4Z?+z=}+;j5rF3caWJy291Spx)$V%+yT
zbUGD`J64Y;J&^0{@<Rq)H_sOuA;vVZ$PS1n7`;=NLP8#q`WgPge@Q;MAib}{REYoP
z(%->&&={?y2gnqE8P9(XeOBu2>Pc$Uf%eU3-UA{CaYEJ}K7(8>4=YTlmZ%5vG*IRy
zq|fW^ySm4BBfT^SEwRq~dvFQed8qK;E{uLZ{#nNBa{+5g+7<j@wZW1DpJ2h1jR0UF
z+owmqve)7vibud2;2BgD!oSGbKa6~c0m&x(Ih0cg5SMN9cw>L$b7wjOjRSa5PL*Bq
zSVi){wuNc)94(-dE^quDehmH~jed+)8OuMM(E@W*1-X8E8V#@`e6BjA*oRW#RYHP9
zGD`Fm2M6a@QY$OLpLZpM!=d_F%9Q6~tX=TFYitSMPtuIHUy3qXv*7@8-J5$M=SC3^
zKg3jvP=bR0vGRXP4mALkTu|Ki_FR<Nwxb5(X5sSzGqYCwc7`HFi%OFKt5QX@xPR>o
zay3!$SzU7-tn+UGhfxYl0|nlM;fR63oMITlsf;+?BvbK$?e(AELs>Zaay37r)(1kV
zK&aid_4fK-NLbBLk#tEZ|JxS2Fp_{Y$asuSXd4fdw!eQ1*g2~B*8gYKk<s`*^bY;+
zSY#yOy~t~(rMCYfG=4ypf*NC8uB1^0qr{BNf))k?^&X}=4+lIG#Adb~S1|Oae8dX(
zsfZ6)79nB9XgII&zZh&m!CcJ{%ope34HPH?_g@C|+x?}{@$6qSR(ZsR7>r&yLC8zl
zq~m~ah!cM+oFN%_fl2pkhFi8}&k>+Z4xJS)-iE642ZL1Wg;9tv=zn>3?7m7a{m*U$
zC6{}R*>{f=53OJK)3BL6VE0}0d1vR}nuwFRYSM(_a0*~x)!>{S;@KkGgcc`?b6s^9
z|Kap?|1}{%?b4O{C&axU@4GyUCD86SRX3SY$BcgfSJn;Q(=c5bzYze%suzaHKC=m&
zZX{jjNDJ$qX^gMC_NxY)<yjHhcVPx(vO1#l97*Skj*oZUCny`L3<BOziPR?NZH!L;
z5+Q$Kfo)6ziyiwCAATc(^z7H|8Ts0;QHxbS22~d+r0-bK44G!^Wu{Vno3@<5H$|7%
z8g_r9jyiK9eHflXWP5m8fWJRpKb;QLWZ`CB(83<r-tc*UsO{EkhG6>lzOUiS4S9Ki
zA}n+WEcWoc1waq{fXDcCyIoUc&-InuN+$d=@;Tq9YW~GaV+Qs%zmf2q5LnKa{P8AY
z!Ql80kQO|)t4s!0=PvV0`c*>H>zv$tW{rOv)G1357JVLal@OkAVGOcD(0#m<WRI>!
zPFJ|7;SEXvN*&=3-N+<NZYU0^yj4KBGD{e?J(1xE=GLauZx;FeQ?KPo%dID5*{56m
z2G3o({%T(Vn5&-bLqN|XPCv!`nFT!wQEw0$dy5nUG#Iojs)y;x($@HBVy)3trmufO
zDascP&<pYSmP|ZFfzb*h=q@j!LYNwqMgo>wh-q<x?eg->YLY=sA9E2`Ui<F#w_S0b
z+b_R_tIGi;yO68F;f09N_f=i$L1x9xK4t}%TA{$2IH=8E2kD2BwK5)T05$rP@)fE&
zDnv=3R-V(JkrU$2pFDoo*2_Lmr7nL@`nmV@ej-*diZW*@vPnlZQdj3ng`%RMJ8%g%
zhOETsL|k$0J_HfuKhR_WP$)WTQmY0{aV#a_HXGL=3U{$ziY5s^A&xSDQ>VKyNH^G&
zIC@qmqX(QV91J7pzPINjX_V?jH|ImD(5bq|_7aRfra3>IGG0Q`MsO__gqeTxt*=Bw
zBjYGD4<d!gBUj;=<>&j27%U>bTT=^&0m$az(Qz%fadKo=wEQSmW;8RLk?U1O6I^4d
z^$QX(-;>R3D#?|z;#bwzN1^4A!=LEUxESN+Q_AFBEUv~lY)wz~QItLbH=$eZ8bB}G
zX!_hCy0{>$02Ih9k(28Zmn?r41q`fV1XL(T5QJ!6WPEc)YN>BK7tKJrwko1hIR{6@
zBkt7|n{ub370Y;2zQ%4MQqcig%1pBOFk_xX{)&(Z0vf7Bv#OD9fVdpwU|_$6Y20u@
zORN@*h7x%g)Q{;Zgg%#LZZP$(nA|FpH76;;EI<S{!X%SQrQpHEedB-61Cie}CfOT?
z8D8B5<f@@Epz!)pV&=p589JRmcfFlz$m+2G_mHU`7#sDDu|0iIoly7m$@?)EwNlJ`
zjx_e=3d5v8S-VGJbY*LX=bmq3nNiA(sgi8mqwx2~GItVGae2g_=r)Lhfzc8a7;$)F
zH2r55)nc?LA(FBvAtHZJZ8Hd8R@fLw-i#K0_TvYiEDj%%`s<(cKp;_LeSmJoyBZ?o
z0PUsf7k;3i&3D6d>x`_0bpg2pAxuoDD-ewuk@{S#s#9c?LqVO8!MWOptfs#k`hMk!
zU~(AOpy~;i*j+Uf3xd}-HWsMeUN^Mg+ialxRgofOEM{mMBYJ<SJTQhjxF4)xNJRmW
zy)dvk9?lag)g6((J{LZ=Cf9U2Da25d5Fh|x2q7NVoXULi_*%M*pn#}Tk}j4zww7RW
zq}a;w6VW8A%xa=>qM_p2>E*@TkF<y0E?R+VD|4Os3-hK|l&o2L8jlQ@mPZ0Ti4#Y>
zS`v{24V9FYHUoctdgHx0QiwqZdFH^ZqS1OvJ@t>Efm(GgRL(Bm&~ZN;1AG}jwSVAR
z5pvUQq~pmkyh#={ecUfR#r!MB$^kFvY$wBHdb{`L`^BKARsA~>c`-6(%&-C#(IRlL
zI#@IdbXfH5ITB=<_gjjJxm2c<qs7mTtCuf`tcH6J7P5clhdHTJYS~C|fC87>VS~u*
zi8#W5J8|zr@Gl~i_xWq@M~5Y!N4q7v6JKlRV`z360Mwjtf8nacd=P9Ilp!fEAU8<D
zf(OLFsKW1d!xgc!zZEz#RDM@L$?H6Y>$kh1Pxw={K*(RSj6XxO&3zZggy<XAhyv<B
z^gzLw+arJQ?p}~KhL{jDQYe6k?93k`IWM*jauq=+61Xr^io@^lm}@pLujxS-3)6YL
z>vPn^ip@UN3qiXLb`&rydo&yF?|>D8z(>KtUFX;3cCW%3FX7j_Sx4OIuht8F3<yJG
z=#{N&zf+$AiaOk{Z#7=GGU&I+CfpGlJds82e=2{d2}5@NyMtC8tUea;EU|ErrlljL
zL@&B4H^pwJ2a&pdQBVaQ%+K#@^VrV=i5OJ1?^Lt<b}%+n;$LD1rO1q@_OR-Rn?l7F
z%Dc2qEV=y7oJLvc+0WDU!*!#&evSOD#@Pli^H9KPc>`qvdczVuJ+Ij*{@YfF7V_i~
zlZ<~<rII{oev9I;TCBv#Ts;IF^PfXNce{t1_lP$Szen^WiZW=MTcQS1+Z!_A=2vdj
z86%91BxQ#?JTVVE1S1kbMyiF+Q-Smxt5Ma(eyE$-o_R&&8AUeZza#-x=2q7ks5_z<
z-{ePQ)WI5R*j=W+Zgvdf$_Jm29W{My_ji9VcfIY?TzzfRrOR1pM&^dGf(T$8($^VW
zX-ApquqQQIi@=_=JejiQ0ceKuL)&?GI=rfZ+SvGBcFsQEGw2c(kFBsH;F<G;{K9IS
zr%gXiz}9fFH+uqZN}Fhf$k}183S%ZW+<A@G)3dt)r4v&Y=CImuu<juWD5K7(T&I7E
z&^G4mhqS*44d!i8l=G_WCk?16ZGrgAm;Wgm)1cCKC8q|0&cM54BmdfS@n08wxOEpS
z9&&G@_VC4I$$Z&aAI}p1;qd`e|Fsj$)Hcoxp+3*Uu1Y;B&hxpm;D0gs^GG4Ter~i-
zJAl(Qm-9EP(L3()NSUWB(5aN2uJ?bW#P@glx|@zlCX9`nCvzv&c>z)d`fUVl1`yX?
zfcc-_nf`ty1cB;y2#zpS=d_(d{UHcf@Mz?$C1c+J{=T>2%w(rXu%!?Ot>BDwRSe_>
zXdUsg*yORHf5jK1<4zahP0$=7>$HVYiEA!G8{<FC-h`8*f=${Dl`Jmxdia0)4GY3G
z_|Wvg+?Kzvi!sNvxpU_M`@bh}0<2!63j*~dQTz%F!%?#>UVBQTQq*){zDM}fXk?aP
zH~K$(CiQWHpH3MAXS)G^3$&ZdB)59->QtqkmT{FSX3u4Qy*LH=p9SECid%4W?z8#D
zjP{a*jzC1Rvc$ujW1RO~bYg!A=yi4dt$_e;dm8<#23WOD<IPHG2zcq0=73mriOf$G
zvKgA$j=O{ZIR2;HxASWqPPOJc0Zg>1IXt*^iN_&@);iCsH@D$*|IJ`Tm@#&Zs)9_;
zC+Ie3F`{yCU~;MsS9NgpW!Uya3qjb6o5e0|x_@40u(bZtcGVi+Su%h7!@{r5F{fTr
zm}d1w7zJTD&Xn+`_q*@TalgwNjBk|b9Vz+n9ggb_Bm;W*8#N|kW5YD7%ctn{8rb#n
z$!}E3vhtD$Tyf&r_B0;+Nh-Zrc$^I?Dur+*GaO?Qdr8dpKMTQ44Z+~*`OCNFtD-TL
z4YwTb{8c$Ma{jB!|4e@zgE30h`KF!x9N6|3S-#;p9J8h|?RmTu7n@a2pv3Ev7q^bB
z^E*8DAjO}0UzvgzAd}h9cd`s~y<Iz>J4|WxA=wok8sO6%Q$}j%zIgUK1=EWk+9$2j
zRWA(Bf6dPSAK&Tzzm3m&0sqtZ+zSQ<V1|Xr>+-WSDI<af{9k{Ad2?)u`f&oBH->&>
z)v$kToGhO~d(btgqqIFVJsmgY)9mLa;m?2LH_>1=;ZGZ9C*77b8S(TNgZE-JB0@qY
zj;9*Qrz|EzHM8RD#po#Wvn$};LB~XIU*Rk0LT;ligTp7s=c4Um%@9t`fm}A{H4$ND
zwl*h)vFrKXR>glK;9})1?z9Fj8U{~`fE>6@Rf=P%_dYYbJ|5(+Z7U{zF;e-mFq=|x
zbVRJY;<k?eu&+wlAoKTj7QL$+HxPG3DCl$=mcDlVCwojT@;e1r!TyQiGgr%fWnm<W
z{zq88s^Xhc_tmqhv2D!ZID1M7Hz?B>mXmedsChI!GE#qDklP;GzOXpS6$W}`S2L(m
zGsTX_cQ(Myxiy+f5}ByT;{dabzAxNpawlsS(zJO%rene;1^KYD66L%vIwWO)WfH50
z-`znUAHq%-7Y{d`hhKWpmQ+~|#4IF2f)TP!k2;(5LSMLcvC)pgg{6a~OR$HC$o?t)
zThflBwKIRvjuQ+OOf=#zfCGZWJ$9d`5;nkIN2j(O`0lpuo5$<?bTcElZh3Xd(N<!i
zZR3E*wqlvRj)V7E`jgpng0dh2DhP-LK07qd92IvU&fuZI1UYNq`EJw5vmE*r(IIy0
z<&foVUNQI4PtkS$t-Y=F$+N2s<?Gwb>dx|FN<x3pt*NFpdy1xJFJhz6J^>IC1O8hE
zEEuVZHdi4n&+n;*_>1U(4G_BINlo%GR#<0&T{n#DAALqgIN{*a+1V?F?>Aolwbz1D
z95}iJ9o~o6`#ho#uXgk$G(cHpFf~%hzj)A;D*S^-`#<-=Q{Hwxh`ntp>DFHB()r2+
zpi6%ZqZ9T6Olh#6h0MKSGLEEbt%E#TRzttw7$QxQ7-)a`l`dFyuAUf?qINPZ%0ViJ
z{unUvcl-w334=(Ccqi-z(jt~=+Z(=CEs!}NC;Ow@7!_2_iO}(+%q6OkvT|@=h?(ox
z^FM6oQw+Rj2B<E#TCeIOwG}ocnU(bI>OFrHAl>~@QPBYJI={gBhL^04j`iJzA-0>=
zHcJYm4=~AYO970KF;z8=1Cu^#)-DZ|wcBF3Q#O^9UywLULh<%hR<d5ucs+ItIwl<Q
z%7|icKea5|))DFbou283m=XVF^j?MJmZ$m9(85GT0T*V?k2qr#$T0td1xoCgDCK|5
zG!SvRslDY0<?Lndl<TUdJyLO_lM{iL%}osPhf$tR`MZWHfn|nqf%qFH0Ii=I2AzD0
z)gBx?5Y1Z%@|K=LmQAA7POvZQjhYOlUr7A8MT1AMJb#E#QA-CjF=?-HZa^PBDEVeD
zAHIk@l+%L21x;ilO8%zXMI<8B89;waI)ygc3xNs&HSRSIKtM&b17nejd~3@0gZ*Iz
zG!i;4(K8is-Nx9p4V~QoZtlWoxJd8Ax};J;NB0jR8b$I@>-@}w3heK2|Kv(qD~<03
zPX|QXs~JbnsCC<DY_Jl@McNgR5l+h2dW#ng&VRvvpk-+4kKisJe8cix5?6oT47CnQ
z8NeDsCGI*M)sK#kf2+zcE<Wi;yd{9km+GzaxJA;?fNmcO#5}r-dxA6dKo%+(%}=Hb
zeaaDXv5$M)k#?P&YPC+({2H9Sy)`ASVVGGpmK{n-uss4(u4b84n2Yv1xb{I*!W^&7
zR0$f2xXaJ_jRYaW0~h(UZ$^L18?_SR!AQI&?(-w?@*X3)oP6DQZP>8!*M5hdr1-a?
z3-f=z2C)w>x1zr_XdsMFqY7chqTW6{;=N*AXaI=w*vmrvpLlc@1+MCW*(<n{W8gPA
zKBkcf%gLIKOEWXr=GPiEq3m;E3^9b84>4RwXTvRC^dW#=6CouAx!`}P_}M7&QLqHB
zK&bIiKbT1sSg_n9tsG3sb570YgZ=NmR}ROk(+&d%>zv`h#ztkYAH+2%|C?ZpRpFZL
z!13co7rm&QkWk<d1g!{j5Is~7DnE%9EYyGr+pqxXRK(KH50~!52G;JNe2JjP{7UY*
zw>y+5#1Dg2TaTL3f=_>#|6JXIvTr?u6qp9+^PsU1)frTN>4O7@)askuH$2Ha6&HtY
zy-kcx9zC0~(XZAN?JUE)CJxuDU9Vo`jZ*N1B4n3$myL~%YSvuEm~(@0XG1x>L4g5J
z&$oI~UgD=A>!P{z@{uk0ug~=2vq??OqaIF9!}k~+f3oczn{R(>6A_#QFZz%I{yPK!
zMbB43&As@U#<hYn+!_LQ#I-b=K0IKYS8Q7H;n=WO7a6IjU-8;NL)79ff48Ax<!xgm
zld0!z+&IOEAxf_MY^I%CY=_|UxYMN6tG!RyBJ$Uo^KpGFp5@=0wcGdSo%O3nW$$&l
z){YCIV%E<2GmU?YO-Vp~1#zX?oT&EdJ=xfvgL7N*L84Q9htA$}Mg6)Wn1HW1yZiS3
zw}jq&pDqJz6tSNc#CE9TCK?!JP`CV4t$^OW#wwvMrrFx1lWF~531Ey0WrJvAuv>iI
zVl{f&JYHA%qUKwkm-~X9V+_de_tWR^*e8$OMjMlE0i1tJD!28u-ievI7d@Ye*&Hrz
z6-O_G3G7`DQkPSpP!={>NYS7jwG%B86$*4x5`ZZwNrk&meM3rId6RON)xyb3*r$#3
zi?aTMBnWY+Y}0wDgWu}ugXq4#vLKjW9u5b2I7k>4a7Lrqq^+3q2n!ra6%Bo~WMG;*
zd5GgCjWB;v!^|Rgl_`pmAYj80KPSLF&}i+%G{4*&>5(TgUVn=mqWAXD?fS&!=mukN
zhfbLKyymw>ei3}F7Wna)m#^?d3XwgjU$`E-1JMq9f8*2eL!B1fDA=*$8wtP&cEEa!
zxW$GS2ALUvCYPMY+FEtnC--oMKx<foBM8A7gVulbz}foM0TJu*cZ_j@ADv&LMHfMW
zy47fwUvf0%jA7f$GTwVbA#>pn-XNH}oMbY;!op8HSSxv%r@}fI<lxrMmmCgf+uAui
z-~FMtX*GB3f_v(k4q{yUxf2<FO(Xn?bbM_n1$^GfbyOYwy181nc1!t~RI2=lYg@u6
z7dn5%U<yo;ru468q?w?g#DOML${3eP^Z;XF28nUjU<Z?&P4NKO#EL*!KN%Ksn}eN7
z)h8$7a={0`l(X+*+_GMK{oW48j$#C_K`Y)H{@S^yqn!ANcRawey-1qYG=I^Q86EAC
zr8D7#JmuhuUA^E4l8S-7ve<9a2BVfwo!EbTS1y_<jG3lSAxAf3^rg)vRC_+68kOn=
z^yF5}I99E=Q+Ei13CHB>_Yj~L0*aUGC%+N-{CdHUY?vjT>K<Em%_}BL%5+#P@v3TJ
z5^y2dpRj>&M$q6bz9iU6LNchm%p&RDMAPzzQE0cbO)7s_0m4wB+h*Cz?Kaxahbn*P
zo6R_X+d=$aFimF^Og-XQ?J!MVCw&@)`;0J59aXO4zx-E>jKClQVSftcRJU%i7th(C
zM+)c6T`p}#QA;bi3=eL>(EVwdrE=8D`4$SYd}`<FxOAYx!s5I4eRMj7VLF7V#;P$O
zw?#ycjbd)H=2{zci{qADzlft}s_%cAv%FAwQIo&N1U=DET)kaRwXr0Bj$ExjB-uWV
z^wCYg=w!r~lPL$oP=Bk8qT|Q^D<iYF4Mi3VfI_~;XOVv4B^{QqrnJd|UUT0$#1mP$
zB_x@gQE6{DxZg0?Cj=G0GpRmi9bHDzF1$URMh`KBbu5j~I+}P)NGZ$Nj~0L6cKQBt
zh@!;QTjACBxT5z^s8-qOwEN)Ge7{YdhYpRH|E8{&?s~u>&LCpE+B*nnb>D_4%k{x)
zl*CH!xfXFXbY#(V{?jy%CXTEMLuOG7AI<x4VS;$EKBBahB%Pz0oonuGMj>G4ew@5<
zcsmym(|Lx!bu_5-iS5_4_x*n=m%F9&Hg)w>Odpdz2G+t7t1pry6J2&?U4m5Vg%^@x
zjXr6_yrml)96uaaObK$-lwKTA)K5*3IhjgBQy`{rQxU1j=d(qMP)nyfG*Oa0<+CZY
zU+^Z={JLDszi!u}vR1EGJqPVcH>OlAT>ZPcS~{u<mnkM(U#uts9u<G_HtM@{TKhhU
z;aC6AbwR&F6x}$b*lw6};l=K_Jt?#AyYJ)r9k6Ikf`^qy{ONXV*=^x~Kw9+>jn)Bt
zz@;V@ivt!~t5}BhpNLM6kZ$dJOt(aa{0dndAK%+gCjLO=YQj_eT6){)Uh^{hW%<%n
z^YqM3S(X4n3+_)CQpbNN%3Q^+?m(~6+#qgJH{$$z8*J!s2eL|R%$3nB;#4_z4wX9h
zsW@LA6pqDEbhJL|SafAk-i_WCl_?dS+O76yW0O#{`g6GDDK<;7QT68^8ipg-x0ujD
zK#5E@ckH~CRPk!5h+a9?Mbqq%^oztJk7aA<{ZhIt(@tjYyE}i&0i{E*sQu}ye}$;H
z65Edjvi3nmf#~O=L~Sj$wfH`@k`iuTkN7b!0W8!C2gJz$>IP#GFm=@8IRElKBqWxm
ze{!oC{;i~>tvS(rG_>ah!d43DbA_1SWa{tkoL&dHHjB8pso9z+h9PD0w_ZD$?mEln
z=%gT}42aPd-I9Ogl!uab$TjEcwB#jQtxO{lGJFOAL_oX0ei-MzW03NR1^Dpm_vOgK
zbn((!U|MM{SV~*G^L7Z+=Em6rQT%zD`(JOh_Oo%TF$Tu!=}2;s;y@1QFh%ZiDgOER
zDTP9Zz)Cgv-S4C^g%2qfab`T)r4W{b@5!k*UEMEXWC`vYdB~%GkBAX*-&ul0`w%Zy
z!!wt~$Hd1K6cZW88=0nXEI8Zki=}G~N*9OpAi-5y4AqpdG3g4V+Btp};Ac~wl<u^t
z62+AYrnLH8tgWN+UQK-&twD%wx!=C;nxuLO&_^66KM~d_cE@v5z$$PeN}{6j(ISnB
zfeS;@L(-4IQgkbSs!?W@`zMLY!Ma1Jhfs^`!bbm)LKnl#lUs3gU%A&7O`pa8MFd-s
zCUwK2Q=h{{af`A2ZQUQwXD0G;apZ1mJmHkwJV<_g3EE-^vtg08eJWpPXcyKJF)qs)
zAioO~;pB)Fo&MfijV5094e=Tn=lW+^$5Y>dr{{URJxs=bxElu*tpK<%tX#=ehJu_B
z6%|K;x#}_bua?x#RnBcJRWWW^*}q-Txba8`0Bh0^Ex=I*qfr(Y1LKq{qs1X9z}Nku
zQ+;dnKD95N`%bW=IWw2r_BFn+7>YvAW!IWvCO&onmqvY463hbN%#?#|FqQ)+NlJpl
z?HuC$<y{(ose!&b^Q-?Ywy?#G_~Dyk5i2kz3XybycC!7)Y@>lp_a7P02hvqdLviy{
z*q41Y&qg+_%4oNmwABKu=)8lZFtpJW3h1PVL$BG+v@}dv^cwV+ZSQNvZeY;p<dJ|~
zU1kYNs?OfitjvRf<SL>5@#FB28>q!Wq*|hd8->(=C>bxIUkXE&$AP$p=o^>^+W@b&
zv6L7m=YbFGGy8zo)Vo=#<A}MSJcDDugNS%>&)|HeI&CwpN_o6En!uGMXQneYw!;Rp
ziNm;<iT?s>n~g`h2D4Q%BwC0Sre-a<LsS`ArmpRcmVaTC_Gfx&xluLNlk=;B$7%;~
z_+jRMbE*5izcDpsk}xMzuxqc+b2lsjLCcbCR2sX=CZJfRaHRw*3bq|A8+qjv{^poE
z=qRi2THvyG`od1~BZ^JRRl(m$&jgBGSFgxvgraGZFL&U|CpMY*-QQIZ^Hu}q7kii$
zM?ViUIiR6@0Rj>LM%QXbA3joeJWaYo1LA9c$HH?zY<xr)?-8&5^t#jb9aSrpox}Ga
z*eitHXeGua61P%s2zepvEz%L+!%>%PFiCQ+ivYM6wr2e}5WAYV&R5LA9%<+08cHVq
zf-P*OebD*kLl*Ocm1N-93^!W?q34gx{8<A-3@$!SkxC`o+L=S!hB1R0t#s740X5-&
zW{W44%6w}&a0S^$8dzBH_#h(^GdCw>syMK{u`$<(myVI1&YfR+nr5{gE1z5UJB@vF
zjis$Y@jOsRsQ!)+9wvCS6VOIxkiQ*4AV_8Apr+;s*N%BbzU-SJfs}el{w$p>XIQQ>
zk<zhIMc==FdwjB2rhHQtnS7PMOYrl5gG)ofnxTu-MT<e_uWw^Hs#hcjS7v!Fsa=1;
z6YTWNNHh74e3t2aBo?oKUCNcVTDPnfM<-ChEmD2Q3{>6ypxTy@AT8g{qzg_yC@{0c
zD6A0oq$*U8a&gJT)#mCmF(r*VIui}WCqCHr+LV7Ph_tl9r_pJEioGfh<}XBl2k)C?
zF{qs@TPR0DZa|MJ*T_s)z*i<!3FVdah}8tg8<Hy4@zzHd$Nz<-Oigv-xJUerq3dKA
zOh4_29$^Y5=eys{YOB3|({%*4?U#>>A-ARP4(G(UNj!NOI)Gu#F5O0JWeky%k_|;D
zowY)%RMmzCapQII{3Wu-=&g`{I0Tu!jnq`~0%mmP$Z2Y}wWn_<);sM*F<X|GBLo>4
zec?1s7zBGTAiRjM@%%|Gw_Kya$SpYa1^bL8X?b6+NSH+Zia?0>a@JQpS<`MHqlrmO
z^*rmY@h(D_C(~q3JoD_@4`wL?Yz(7>Q^65tNiy|9auNYF@K5JhCTJgjFYy4UhCOL`
zfs^w~J%a~V?q{#|%H?%kGe&RQBpri;<pXflR>>jk=A^RP7Oilk+iKFZn5eyhqzb~L
zoCpI}K6=gY4pCy(Nxdd5ESN!<C2VL#v5H>D@BDms=fxmF@ZmkfciNh2Mvs}sLMmJ0
zul?-Q6r#>YMl5|UL&iXV8%{0lwZSy2q#LO^M=$X_E-povAAx(HFS*M%p?*qDIruuz
z_DN`5vZKvz&#;ofYhmQBz3e8&?l21@z%N82EE$NDC35^<tHFN>G^*W@sV>7obTnpP
z_ft<bQPExZQl)NV<*unQyx!>8hX_7Z>#c=`vIHg-{U&SDk2aEj01onOTak8UA~9GX
z$pa*z+_lnlj$yGtYjCSjikWFPC#lv9S!&M{;rl-6Z)Vqd{Br`lADOhdA3G@81o(6<
zDrD*fpR{C3l#3F4nE7$ENj)a>`I+6WF7O9;4fTo$q!W2dqB@l+O&UEMctcF!lf_B=
zk5EiUtET~1K5LPGS8P4cv6a=FB{G|#9MrlChnRJa5f57FLI<W<=B5Y;QG)MiS=R;F
zDm?aNTp{OW0-|8t6_c6r$URR!dM~R>v)#`mBgfQg6<V;t^3}`KJxf3^((<LW$Ik_9
zg4QQP*Y{rHPh&Ip{ex5{u8j)m8LLJh*3cO-U4+b@xP_&EkOP`ZrP2mhjF52mEV<nS
zi6bP*Qw~4Q%rXGzV9GPFw}_c2j!pArNZh?4F^j01A(@(DvCmToTUfFFk=6Lujj?Sz
za;yFI)Ipy1P0ocoOpTiA6Nujz5^kI0oS$V8xp=nzx)f~$+3zLQ2(&Em0Oq>;1>C*3
zEu2TjpY}k11jr|Z3Y>-L;a~W^;ro3Mi*2Sd(Z}OLmIljTMH#iM1PiVF9y@~Ap5N&p
z6zQ1wEES9vP<&6#9Cwy1%_m$a;_6Wd@OB8NGkD^y@&3Rc#=;73wPOmUg@8<qmd1q)
zq*ksRc(?l)RIK%#7M%j}^OfqS#%a=OQS?UaN5+4D7nZq`#;|*5)n`%XO$bM0cK|@z
zH63Zd9r!1O3gwu&ABDO8BA1P(XS-dbt(IjXz5gSA8mxg}+3HY9H_uBbQ5a^7W?S#Z
zgwnS6%MjvyVXO1-!C@8$hwNE@bFF6nuNd@R#UDB@d=68sY-GsB2qAhAHQRd6ZzE(2
zL_f!WHs4A>oiFdGl#*Ga>Vf);WooH_y`DJ!cOIt046FO<T7j3?%7?3%iE-O8Cq?@h
zHOyWij2@4(AF5{$ILIq)e#5H_1=NT8TwU=ql7b1DDlP4wSCe)P1rRzgOgr0+Ir{5V
z64AXtByZS*%n45DZ@*fH|4B(h;6ph<h9OyhwCo)Prc?sBHhBbTL>#&c+O8fk6eO1x
z6<*D*wx)T#=<4Y%oO_RNZR&&P@H7c4zsRc14@-sa2C>!L%jyk@KO0|Lo7zGn9(pgI
znh!omYyws3Xh96jjSOqXKl$!A5zN!mS>z%|elLz;{5<Sm0RdGBg1$F0X!8f|oLt6#
zRu~-QobtLH_T!sv1s3n0zIXIoreB`$yiQeDczrz?Bs`Ku+YZ(>M=hdjAR*nI4+$O~
zmM9RT&|mv3GreDISym^rCf}&QAb#bR<Xnf=3b5RMY#35%Mpr-Y7XCEPowjuorXkG}
zj*=-yEm3l;3<3#x3=`GQ1^f(Z6ubt1gC>5n_+*pUk)@~Srk8n@P9l7Ou2^6S7Pd~w
z)b}N(IN7bWOoEW}dH=Tl;?*-Xd$}=BshRLRm;A8Vb(4)3A?OX|_G?v61FxbRc)h8(
zbn3_;CTsoKE!nBIDM}?xU0fxPI4WESJ~}%Kw9hJ_Et4UC+J)-S*TXF#P^ox-@fc>S
zIN3{jdy1!LP+@}qU4?nYHDh&?H6-|WU9q#c=ilLhqxD*2_~N0^|9LL(^<0^1_VVr4
zHs-Gi4dHExFohKa+zr;OH8qrW>Zs17&y?4v>Tv4S*3>x?SA+8!a*FF^o`6f*>2npm
zz@VB%v1xi=d|tg{);!wJ=T4`86TUP0-;9644lOfb^GO4Iq^7i1B4lVZfJZA)dcHhv
zpP$5aUtL$p+{ISxy?6<>gYSd#=LS6iw#r7Yx?xfz?p+u!{FZ^YM2e-B$4fr~W{)hy
zD0`;Gqwkfqnalq+WtgfW;DmU0jrRl*JYME=vLlj^;wQUUvf~v+MmEuZ_DM0Ai5n8f
zcJ1%ll;w0cZH!zV8vi)m?1FhVcubMh_qc5Q{kwL}_59gC=}kB+$WpPh!R?Pa=e}XI
zpTgKkbwb1|+t&>-uHQ-I3ra@Z*|IrsEFQ%t?&Zv`$m<;k1G8BIVy_Dh`A_TnTLiO-
zOqI=~6RAJlX8zYX8?M)X`=0jAJ{6nyiWxN&G$j1l7n+C^b)1T1ass$l?TfW**KV>S
zvos7$xgVAKL)*~J19le%sg9o@8Ach`w1HWbRqtIuLYpN?E-Fgoi5Y7Yg|+}~XmSIj
z34^Q`O5D^W$%PAB`Hw_7w2i2umCzcQ`FH+_D%mlu-@hnAW9amMnZM3C5(S~&2~o&Z
zpDy@@d(3Owp9A*`!o!&a>Nh;RtEs6|R~w`mn;v0ev|Or~l~Wd`5yWU4$W?7#v$u>t
z@C~Q@K;QB0_j5l(eEeLHBHh+$WHCP&&~pP>v7EglqHB^-26SO})khN=)&?#lDaKhn
zPX?+ydlAySFP+MNYPE!+AmMfP9|i%-+b{UEW{<jDPG_<2W%MJW6O>B=S03w+^X4j7
zb|Y^xc`XJ{rR(hOz)H2Scy$f*B}YTNAk(0z`-?<o`9Ge4v|Jb=urd@ustgPP<#ij3
z+|ws{tFq_{Cv$Ms6{b=F2wwIxi)`+v#YbK6?hGhwvIcK|gIu#)TVHX{t9)BGcbc3T
zJ#`J4($y9_Y(ynTD?gy%;oqypUlQ{ZdY0oa)>dv&{FuPTu9gnFZ{#mMUt;U7?7n_m
z)ywm;%gru@%Cpl>R%!iB0ZAnI><P!2NQViB#Umrar(-|y563I|B$T801v}d21pLx1
zM?r-4(4zl;sZPChJv7~FOIVrvVRLBL9__t^eA(&D7pk}=*R}BXAmhM%8ev|BWaUUi
zxxZWnuKM|tUR-<F1Sb3l(<7vs!?efzR%Ej@3&;qAL~2laF&&SX5ZOGFYK~~lu+L|`
zM=9BTSIaW^-U5Nb^}Xk&qvt8k@O{O_TCv01``xF1)Q#7NQA>K|@|DPmcmLN7kpj#^
z1eDtJ%1VWp?%2we7jZMv*|YDjFZ|76eZe~?=U9RgPEJM{L_!2?GJPZTatk$B%*yL7
zUbQ*xDs?UKF#Xe?K}{S&&26B0?4JJlP+$~;%x|VPp?jC)2xN-IKq^`F<nM)rRWF89
zrK=r(xpoQ@%w9Vo>=cT$n@s&r-;IbLy>^>v>XVXtwR+Aqes@w+Q>5xj%hjgk_C0G@
zmvnt!K`REyDF%^ejk2nQ{?wiZ|K0rKyFB+?{1pqf;q{1}_XWP-BM8DP>Oa2Nc7FS!
zzV&U7V}4!IRH?QqGOJhE*)>vuN|1lcH)qd(3b!tSun1!54(B+PexFC_&-KJRZ!DQ+
z>u-%cpi8cv^wn!-OFz2dLM?-~`88{Bu^%we@CGcwmrBAkMK?t260ce8#hlDS3zy6f
z=~K)PAxzU(o$J$!)mp^|_Kp0BKg1aqj`(++mR-Is&Q*{kC@JH74CPfUv|yBg{?NsL
z9LQKEUR}>o?%f3mA_Yo7n$URu(yVl0Y4)DK^bA5Ng;fK*jwLa{6BR{f41JcPQe7kI
z3N+3q>AE#jSlBs&EZqfrpgyz_I)jglYm!09&nc(eKQ8v$@|AyZ6UoW<Wn~L`8+pU&
zrU_t!AwpDy6)1}R9^#c-KIa4z5Rn~!|E6HCf9whN?znv*Oe9y<0ojFX0VB|uw7e=c
zkUz^diPVfa@`6Kv6Z--`o1BME&+Hu)RjovW_Ct~Dzc#K&`MlFGZSj@=m2U}MwFAG`
z&4a4gME@M6rcL$qrXmX_+;E7JuFa^%;pE*a>m}X7AdwT*v0@fe8E8v+A@Ur5;KAs6
z!|)8$n^>HfD*fH<r0;Mkwot?L5hwi{7%veNUAc7Ie}TPed3UL<Q(1`2uNPlZ{-gb4
zBw4e_92v1&1Dk>_14%BoPbE_<yd+X306qffhpA#Gj73TskSzG*G{0E&`RO>(^LR$!
zdG%ISYk(x>;&)9HpNha^jyYU^^qz>Bj9pEu8lKuqr*jPhhUYRZ9rgit0!xaE2yKQD
zPM&pYSAS*q8M9~j27UCgV90tqEE%T`r3Jw|u+PTs%Acs?C}18Fqq@c-pHiK_Vi>?;
zRDFCawhV8~gNdSr%VUpY9XDmeu>0a|2)spHbD@@P>R|l&6ah;jT*&u-%gRH6u9}6J
zyFW~$3O{$-GS;KtcSGO3d+w5O+t{}JEsnl5`C;%5I?>e2Fo&)4M{$3KT9E;1@OOeA
zpAtFcv<R~^EE=E7v9}+~0j*tqAzU@_1?C&%Siy5;Xj6r|-<TSZm?e;@&02#_uS)F}
ztnkhjrG6N4Wa1!{%$4wedk0U>Cxxl%OG(}~NLNyTon7~dNK^H$EoxR5>;-l#3GSt5
zJ-jY8-lX~l=p`o=6`^#e18YjbH7ZQ18lRZCI+9<F0vNtG|GqJ849BW9|9eZfFP3xn
zi?xjQ#*<sCeadX4SsR<+e4XGneKyIr*aD2a8Lx6k<N8>Zk-yu2xafi3Vq-+w=;V)j
zW!S~iQjOx$1BYKwgXy}?Y`8<io7)&`d?}6e@JYqCXH`N++qVF*11deKf^HW!Dl6HV
z$@>7!u87xTEm&DC5-2&fvwU@KF{1z*+mwE--z|ot&+3|N?_qS7*<LZ!+DZ|_{gwZV
zlW*Lzg@Ki9+qP|g+qP}@?$fqy+qP{Rr)?XjZF|1Ccb;HgAS<;hNmczximWU{iZf(%
z`|j+0y-()(rG0_7S(J`{ztryN(&qk*a=?9~K=R4<J#PQtVqb60IT%_h^D=L~F>|=7
zbHj&;$3vg4=jjbCcD9Xia#jza75oMvZfL90+e=4kE0J%1_Q^nCYSFzC7Xkvu9MROV
z4g#LIa4#JIAYZ*;R8k+GDk{o%5;c`(fk5cB06!kTGa_wr4&S~fZ6kAktX$i^_88N+
z8sLH0y-X}!x*1v3w49czghLbw+K*AgUgPoe$YtD|2B`;Aec=L#sl9^)jiykM`+OZ+
z3&`LbpPp@hIJ}QH9j^bzF;(=H$+3%8XFSLft7^vTJcN<JU;VyPT-s=lFV25UQSI-^
z-q5ud=ll$b5J)?ZM8u+{X4GUF0k!v~-B>uvd5mj!u<4QouGv6%#^Ae5(*GJ3+?m>b
zf}+ng5wUG9ih;SKC7q%h8-9t<JXU&w%8-r(7H5!ub*QDQKqs#iTUyLAHaZy~itoDn
zI^1qW6`b6RWOPK){!cW0;c?e$;5u$*?0=HgSMyFbX&St)ak7Fz&2Gf5XeWj!_UIU~
zL;})KofR&mTK>|jQ_|4neqWt#ynb*d#KayXS2vmo;vw9TCyQG`>#N)N4PSB}G44t4
zt<ocZ`Pxg>i^rR=YAMQ*mtQGUz8Zc$q_aAVVbk&88-4yjmOun&ffkUkXbSl{BxGLJ
zpPtns&c9|@ap?1jCxO~xVa;T4D;?oNa<X<6Ntd#R-p3A=-nY}Wig1yhdG-tuUwZQ2
zyNwB-vaD-QXx78g*J4Ti7k+E-a8K_w4eYLex1SWR1wGDs5pv|D@?NH^hlBTcZgZ9x
z?bv>NDzaC?y6`Dx1vUAU+irozv}*Dhjay0XZ&bn$ouWmmY9=r-u|1!PGrlVG_d}+!
zZoW$m%bNZB!7|VfsA5TSnnaWObaV;?*d{y)zlf3<eSm@f5u?oyu;6TVKx~XZ($JWH
zn|0y|yy~s?9h0j#uwFy`YeOlDS)B^r!1yByir0N^5XQ(oQAI1Gbymq>v~!5u*I-JT
zJE)wryq2hju3m4fL_Q*_(9yZKhkkhfl~+$2j+p8i8epZZ;tsHy5h}vA<<RElnKZ5I
z$XVzcW8~ug-s5p-5{|Dm5JfB}KX;aYj4tvoSSqw4#wQ$}W}FlV7c-Tkf+=q?ssSC5
zWdc_+#}?Hz_#3%dgo-xp_qb<fHKGFtQWM)s9iT$8qlia5`#B+r<#%OzSnAe^EZ+~L
zro^t>qYX+k`I;3pgpu(h!0~%?>oBU>cRb-rolB~!Mm%~}Sxua;5tEnA!lYq;{12HF
z62dr-yiLwG@}2+l@994(3=FEKx;YCjkK2C{lnEzoTccd-FG-@1E7t|hF*=E=w9X#^
zz_mT6xJSyf*7^OeM~t=l-4{5J3KD0#qxSi&^0jR*Re?nXdFCbGzD<}c>cp}JD%fgz
z2mhK0wHP^C6W+{v|8Si3@B1i!EXVmB7mMheJWj0!wGCb-YAG^Vlc_q6@$Qc8o2Nf0
zm62SCo1a(Y1&vEYJ9o4l6ta`+CokOg9K104?dE#;FC^YYko|}n4vEjqmvYDZ%?W=%
zI;SB3!C-||dLJwq1`lp3NZfu>G$Rs>(M_9TV2YR8Y~ph#>OwA^cYHE`xLHZpowtzp
zSK}wu$Y!0QoL)kPC50q<iC%CMIKR7L0tCL(RYrO7xU`Xn0$i^sBnPfri-gn>K<WR~
z0%L6H2hGmuh|t33KPyeXo`E)`wbYQgt-5boQD)pvWWG<fmel&uJ>)H$$Y{x)c()x(
z#y7rD`sF~Uzjy(JE5%2DJEM@Al#x9D1WaoFGp-hr!POb0o@5zbMV)<b7Bn{+mT>!-
zy^Tm$z=f|8Y5WOoM&Tn6fbUWr@alM_c$=UEf<MhS)?)RhC+xN)hb=2={e!l3l|Inb
z1Q7#2`l42v-eh@J<wPY-D>|dbmTJ<Vk-RwBN~_5`=U&NgdbDYOc!jZI=#-?pNlybb
zD{UQ*T`Om(GHFWvO`3{|r(WSl<YK4nC<v!0l2S(1y{uVZ)b=y-(08rheRi`;@2P5y
z4vm3Y5=v}NjIJL07h1u8l#tKNF)<ba3kRL=>~L0}t|LF0kU!|$q6C!wf|de{>y$3*
zW<HUEx-@9=cwg0jG=fv}@VTqX?1=G~#LFiKU+`H~EuhJlP6L9HT1;Nl8N}|F#pfWK
zi3NlfFN@m7pnGD{H2+ZF8#1%fDXSP%$v$Wm3ium}o@N8FXi8-wT@4)`%~xkZ1|_UN
z`9P~VZrrZFh1cKZqTD`T;Dtc}Sk~U11|fjins5baL0cSu`XSw}F(q2o_%WVYt+!^d
ziNrZ{4^;#G`5wKZ&re|l!~H5jC(LEkV;dLZDBYm8Kqbq>E{$FA{&IP>j{HubD=M<0
zx1aYRQjzO@)sWTwXvSp=RtYC0W7X)QQtC3>GI#Kzy3R?Z=2!GL4E|UREBP7b4TLy-
z8pYc1OQfcMvg5kkKdMR9(oa*cs$bR>ug?i|+mEzn2WU8Wel5UarV!e6W|%K2-udw<
znyVva0S`G+K*Q?p2swqlqKJ$cy^@(NpllJYgnjJeW24I)Hh$M{W4WvFhtSmI$vKB4
z&0t?Fv)-_orxS!>QJtKwN@ye{QiDu};}%V(I20*=D#-yQr9OLtx2h@W(5@7n(geT!
znzamb8liJN;dvmaN(LFK#szHOd)WnmwzAFV-qo=`=-#i(g4fkA{<|L4Knmx1Qe|@R
zf<JBG&fl%CXMY|4jg{?pttmY|Ht`5v13w~x4RFWQ`dmz(7pPnRjPIXLlXP8wwC%XT
zO_&>hczHCsplZot+D<}G&2}3I6m4*O0`{{yg6wGfcIxZu7kid%<fhvBoGP`TuVh~i
z9MsAEQDf!ioAx}-nKEVU2CN0Bvg&rEs!pg>qi3>LL(uCoQ$WEdv5~{EE1;${0t&9c
z!)u4$N;S1bg7kG|dALR*bxs2zg+3rey7)qW4iz`d%ZDf4Pgy;Fz_rq{qh>p0Xs+$N
z?`64OI_DO&I-{C2GcAR~*Yn%S2Gv89;o+o|KKnSok;8M=_{LLB;yRgBI1NWMAWnXv
zY!}B(AhLfoXEQZVuXfiC$`pquXt1z?Od$`xT<5VuKhyWevI{KsCz}t3=$W`32;;AR
zzTh?Od<6(QtOEGM%f%olzTX3~RFZbiWKqNL6a<gpFfBSsc>RyM5H&nswg!w9m}OH{
zYJyomXjuWi)@vwYz0odHauYP72fSic=3tGJMTfDy%t`#*#LXIB`6X6SZA5{a9i>_Q
z47~a}Ta1vkY3Uj!k)g;Ax7G$z%xiytiu)|!DN2?G3ZVE)kA{0%sS;HFj$N#{yxbi9
zD;Es5wf923)bHb*`bTbOc`;nE@rfnyl1*oxKcEiU;NhN&ZirjP3iGe(i0@?~>_E+N
z%3C7SpXuPia<;)({qKjL6xuO9z;1JHMHg+0@Do<=^ZD|<-~H-1gBfin#w&?`g^y`~
zryadxAa`Jng<Nv?wa$JIg7Fls)unuCOTK_(g|-;xGWj^fMH!H*+{|(HScIXnUJ*7_
zAky$6CI`|iYb$q#Z&|4;kDm3jL6nK3hq0>N2dOp?G(~>v{M`K<`L}>}9-{^(oDxpx
z$vb2I6TF4FD1k$KcGmD){UMZpo8#x_HrbW_`TMr4^~sxWKj>udgT-d^XUoR#h4pQ9
zuNO@wW4AplyZvOEKcmUTUtghar<du@8#B>HrV_&~ImeOXu{NKgI#0;7VG8!=)tUR#
zwY%f@=aYJt2X|}F#Kt3}@tu2GcW)Zs@CW9)r{ma~mNFkm&szrNPM`39jp#J%qD76*
zZ~{$g4TSbP2bBig+`LkkNQFOK;806WNmRR{3iTx*>35{)ZkIvE)2g~*_0&+aRxiy!
zS3#KTZSI#uwn3_*CURw-N)`%x<82-dT8Ean2OZhU)+uT0XFv8VFva%Q8}WUc-RH#G
z0dT9W_tXCyvy#pSpZlkO?d#uM!%`_yb*B2XAH8^a*jR+xF|+r8(~d4J!TSngp{lqx
zyOKtscEPl9Umo+%F=gX;Z{NZiTC2MO_KT&yoKEr&TWw(A2RSHczgrcGQnz7TYMAR7
zR?R(&v(PIJAIAk56%4$-&}SaQ8#${6IW8R;^ync7<sXrU4#}2(2eX&s0h|qp<*@Ly
z(lrx)lA`bIpN}=AT8zof4hpcE*X5wR31Ad-YTE`iKUrmq`AoZpcW_^uo-22*mQS4B
zUj{8Izc9<M+18rgtMlVr>`9wM_5Qo&<!$Izy7UTooC|qba(}LbxHiD;7X_p~e2X2t
z2s7lEut0t)NWCzBWdxS@jq^E<Z2N}f${%H2W(M;#8Ea+f_%4XsJ&g|#NCkF)dvI;l
z!U&24fmT8kb1H?3lx+(Mylk3?c7yU7(6uN<CHkri>I5otX)D_tGUJ63h%^;@Bh&_c
z(zIrx2irX3!+I{iH{f=Q(Ljt&23;fL%>{o*Diz+}rgxct_4*uat3~gptyu4?&D7_U
zspr==%U1IXb?z;;p9K4?yxSp0%(}@fyQqJVM{?+oBlB_r*_%sIs|vRJKH+bqlQ9Ac
z{EsJI3?V}A&A2~Wj5s)XVrder5>T#!S68Fpzky1KYdbAy(oA;ZDdT{ioxuw+s3aL7
zwnAhlxCcgmGjuvXMsSgon<qzYo&Iw2NEf<>GL*SwtzQF<7$d0UZt)7}^@uQL^v6ol
zeW=2eGpJzAWF7+{PnPPpR{p=~O-a9oJXsAF_xO2F_o7dNUWu<i^m?yxz^i^m`H8uZ
ze;ZOfG0#VI)XlWRZx%@9^qyTH+HDe_bO7=u=#wOWCTrZ3_dGwT^-%%~AN$UV+-j|u
z*nZ2T*nGcyCAknv^zl|{;Fn#wn0Pg7V|ZMt1v~IsOSjfEL;v`*^CgL6p_toFNfNBl
z&9P|)#J+!BvP=*NOS5uMz~mIFQ^=*&9LtJTtB}#9g_#8j)3${MCv3!c%x&N5z`%FA
z7pv)ioT2P6wX$R<S`QD`6rD%eB|E+cllp&;QcC^v_OEouumSK+bL{q|-nTn!AEoNJ
z+U>IHQiZ&&iNvct`|pR~%3z~yFHS6}C3e_9N&sDqNlh_7L+Qa48O?Y-dU|lz#2$`|
ze;a^yO?fQmRM2vimTux^4rwB_6HqiiA4?v8z7Vy4vKU}Bn&hBADR_!0iGIu}ade}D
zqB#-Iw!1NKQ_Wy=r45CZi5fBwqoW6vTwhH&5r@*Kxo`8Z#@v_JpD6uL8xBsd1OQ^=
zr=l3jo?E73Mcw`HUpT|}XbfC|_NXO`4`yHTHtph^yn_iy0XdaR(o2gJ@i?`KQk@8Y
zR>x;nsqpYnr93|3>14PTvFjy2hx(Sb)UWz@E~<h_9yz{CY{0A6xz&+=3;a00SW;^d
zmBIc%CD^r{6y0P9p3PkV34T@UM`GL+l?vZ`5RnAP92H&2zl^M+ULu+!)W$MeLbb@W
zwLjt&7OEI7%lfTH6ptg4h-uGG=UYyHJm<$;$Kq6RDt^!!#5W*q<!!(Z+M^eiGmjJf
z`6hFXLH<9<A*24-r(d~8Bp=f_=&QGXvuc6kd>)osFfA*-J{L(n+ouN3v#~p$Oe(jY
zAzAv%A^x!c6`kuUDl1uGtOuWmX}sXA-)l-G)(qC8YbE}Z#_*~|d=2RSUhf@$9xms0
zs1oYNm8q$3y$Pj9)9w~^w<8D(D{&Y%X^ed3<%mfU2AQC`tpzG=)TW?rLv38$u$&T*
z&Zg;M>;-BRlq#8_Xm0o675E(s1LtOMYqK3T!)FTth0s8{#vf*pvvPVMh4uLezI(N|
zb=rretyFwfW|wW@SdI|~cBQj_GE4?vJN7YN%a!_9R`s<ndK=5m;Qb(F!wKu%K0=&o
zO(f6#QOamcLt8N!)kMXt;$xt+qB55EKz8P)G!-OQ$W*m-UhmpH=diC9=*HQSGU;sI
zSa>M^7iB3gvv75daWaEOo+=ie+aUVE7<PWWp<e~)8DiYN<7Xtzh!O&SV6#n?>i&eI
zD>)vGM*A@|n#+5R$0f8qMI!(W8pD4dN%8?k%vibiIcmVvi1AfOA>EDFrLp8GpG@x_
z%bWqY`J;9<;)FDD=4oDnZRTzjsf~H1(Td~vHwi@g1YX}Iuw<2q0&iIc61?asulvLe
zxgDq0=QJ3_sysX0>{>j3tj#{%QMa_RC^!v<Jfey&W1>sZ^?!iSnP3hQ{uXy_l@?1X
zKX+Y$wyG>&KNzzJX;BO{kzP-3wqGa6zrQj;vmkc5S(<xOgT(_+CTun*tWw1hnC?DD
z05>2vaPV=S>y($07AKqxE?HUQ4H1VfA~rb=a4qAwN_^<#BoCQ?Pd2R3utoW5-2fw)
zX11o`30Z9-UO{W))RY%!C>=l9Zxhw}$SbQ9Qr)S06U|JdBM@5L_dzm67Ew7pOb_l@
zdMa4D#hE>xbA>W>dg~Qbq`A_KU}?B?$8RfFD{?u|{5M!UOt==8Cc`N60xnRIz;Q8B
zb{&g;4KX5o(oryftVC!qwu4?OCy+1AXG4gTCbT)HLyVm?BNsJmJAp4B!=wt_^b#qk
z8pL)IQ`eN5of5*i@7mDF$cy3pEIe4Ct3-z|xl%_HRds)R*0v)~e2j3TARGor#I`}F
z0rHk^7}|cVaBr~mf>k|4*!YEQPNimvG6f(`iXU>;JUa+~ti0~hZKP8n9xmOP-8YNc
zS}7_4o0*pLf1RAbv6X<xiG>4n8^<UXpJX5vzya=};7g&Qf3z3<4$d5_+;ll!rTfjW
zM1Gf4o>erJsG&mcuv40rjBjv%$0FCyPzfY|yPi|DF-s%7lS$%hQ(Kl77=1HKyKf{I
z1>vjrsn?Hxd9K&O!j6rMeEMdz`s0&Wq)>5S|9YroR${P_rC@A));31f4tNoPBj`>M
z)OtEtMOKQ2Yw2kfRKfY3AlYkxxY>wNAgE6!0pk;i60b=QDN7D0l*_g+xt+~lyG?ZI
z3wQ4n{zGHZCI%ZbqNa1o{p@X<bb^R_NJPkinZF5t6EA%&UDzxGs%6`lrjs2nFYSk|
z6{u-BS(&2D4TB3-DKrIcwMfpK^CyTo@Yc3930f!@j5TpY#?4pjl}s&Vk!E&o#&d&b
zh*TUxGEmhS-rulv{ILI_*a_9XD^2jgiq=9R2cXX}M7Cobw}HSG4_FOQ6hPCl<6JpT
z-T9?|yK?(@M0Iv@6D#DIA0BkI;^4!|`kh~c*cMnP4*g(bMp-d3EZ(@Bx9|qFNscG-
z@Y@!*^waV=I(y~KCz19el8X2F78<A`<XruSMY;4v&A37?A~7)?+}Znu1m#6THqH3N
zJC_PI?T-y0Gq9jZgJvzwt~2zdwmnyA>FzIoX0KAvt{MfHsc2#Mi|prq!u0Lg%^soW
z;O=7WP}y(G-n%VD-j~|Lc`;e9lCqYcx4y!?RkJ}jqf%l+5l~g0B-lAhBQV!x)D#vL
zps}T6q_KFM%jpeDG9K^b?fz(bc6Ol_4!<@eAUZHaLn?z38g^;iYHsGUbgeKu`t{O(
zLf>;YCPv2aypB1~MQLOAG;kYdo5km*N5%Ai5g}Yvw=`)Wt2nNjy4?n2(VcIyCv~R+
z{E9@g;Y6nCS-?vwUF_0*w?uV4b}D2gV>@uxoQw&gVZxzA4Ax|Hn0TE+cKpA}r~D15
zBv@7>+HUpM;F?`mwHGHA+TZWg9sR(6H2Fm6uGr~m&QM&}$5RD31-kt3b@Ly<IBIl8
zvs$gsE^kR0VX*Hwd0EG|@3AemY<XnfOP7))%@|tBnwJy5^K$&aJ4L0>6I^+k5L-Y&
zU8a)oPK?08m9&Ui+Nj3<c>0BbQu4NR8$;YQHz1`>n)q6n&YH6|ZFpuSqcSmnA&DUB
zgytQun>SJAYo)*KE-3orY+dIm8F<8Al2R3G#S%ZgMMu=tmJ0Aq2ljvSCN7j00wMu(
z0OqoiMmzfSj<}atTitU7LU>?(K}oKXZlDx)vY!N%u!`_evGW!ayFB&Z(@vIL=YkER
zld9AjgYK+G^kNn~oX`kVp1pg2I~_?#s69lagge<h={){dFuGDz5$O|NuLT<z;O5DM
z=ZSiv=3dZPB&GQB^UVL{B&$`Gd%K<v&6pvJTs`Y%2xR=WSMld)DH4614BCs|RCIm5
zJYG(!Y0B475FfLj_l5-u(VW?zVjJ3RKGaN056V}Yi6Z8WbByGXttyFs*Z)MbBtFJK
zKw%ODhMMWt{kZ$;G2c1w8QJBujC{X3^~GN(YB7w6v6M2V(QjjTvNeTndYb8~ORVNQ
zlMs^x2MPW4Zl3Ar2sJK*761=F30#<y4Zb(mAQGxUAXbGNU2>R!X2xg%h|Q_1EPV*K
zF5#Lck?kP&5kMnTmtOOK6oOQ61Go?OU2CR9Hza!$nJ+)ue*{9BK{(8K4wfhn1H?}t
zl_`~D=%MRd3nO;Qpu_coCs8vEN^o7<{Xg;VQC71e&ID*L(of7BBHpv@j{7wGaNsMn
z#F0HmhmP6wd>>8>zd*`=H|-PLd5<5P&nAt0za3}7h`jE!!Ws~N)09nO(M@xn)9sN>
z){7!ggV?g*!@|R{vU5t>I;32E!df(733P$Q4nb2tBu=RAs5xTDL!y$@a6r!PKHqEu
zV9Jeo#^x=jDgJ|TwmVv+!g)R~EkLInWZM1Oz~ve;_<U&$K&sJ{v<^LQl|hY1Hd6#M
zpBg|~TKl1G{{3)&HSw-U*?eoRHyLHkmuBY$m5~ItG%PwN<P4YC_&oKW40P{}21EC=
zC@2(CR_AtW7}d7_VXb?6NXPb^RHf>+jmk7t)5g3PS~c;CW%{nsr(_}$^hz0goIP2L
z_YD9(1+IP%Z9vpWJgr?(38Nf8$oo8->stOA9Df>8*{`pEMQgoegD;*+u`Ji49*7Po
z2J((D$H0IAPi<YUa+(n_RONMGA^idgRpC_o?}m*keP&A;yuI<i4y{wotW-;@K+6Qj
zLUKz68uy1#_XxF4bHBB<=MHqxX(N;#q1R%VVY~JKt>Sblnr*O&gp@4I)fs+?$N67d
zFT0@7gdm%Lob8Xwt0!dVB#!f^P4(Y#GdOGgCJT!1g~6k#6SI%+WLohcyno@Lf!8|E
zT5RR_MMevJD&uT%OyzXUf5dvwpe>H{l%en#{+7kq*_wogSS@qY-Dkq_a}nvc-^unb
z(g;8WUdIOMw<*T9WProyrX>%92D?HkSd`pA1k}@ixb*;acZY4}jOLB}j^gjQLRz;O
z$~b@XRN^&{moZ1pqp9nTsBJTLmHXo2oJ^Dp4(ptPhZDXgz=sa82G@Z-y0oM1eM0st
z?yZN!uUN@#$6?a`vE8wAzJxWHD9!&s8&21kvGW#Sq4OrzRo37JjIN{R4TSvXY~w<^
zZ%uB0es+$dVN(`0>|)BIN7>tR7-~-@H?*zhOP1JX-NRATYKk~mrmr~b(i2pz9hh=v
zoy1cVl5ez}GLp@)8uy`(1Wn{Zw}GJtp^B-P0H))JS$~kuoKSSV=6{>4^B-Cie%|N&
z_?g|D`2b3vy*n|y@N*rd9xh7|N%!a(=ba6IHddFcR2(##O$Kw}BIGzV=5v<@bKvpc
zBHNF*#IK>*ewUowH)G_}e&3hN660h)Sc*F}a^M(|oN426&W|ga&VklzZ9^-M7+5vT
zNPJ3nF#^*nDkcrV@*nMnB1@4#G%_^0#xmh{=~YXKW%~s})%&@wKI_85RSVLwz4qRJ
zl$$y@I^jY*Fffdape2k(&chV93$`Bh>kS$q@Wd5_I^<!QE)P7a7{1<d1o$9vPAJ)K
z{b2mlg?$yn4<rR3-0+rVCKnjz1TwbIH0S)p#?c<w>N5MKl~lM74Tt0weIMv$0&fTV
zxj*_StABEy*Xl-`oKUvTL&7o^u~!s-D@O{4WE?xW1?b86&a$%C<^j25eyg|bE*V*7
zG@_~Li*@Z8*%bMCWex_tIhhy_+NSe7(4YLCwU}fhCVgWgWU9A6K;!*BwPG+ALa5?|
zN|K32y?k;Zh%E|xWbzZKQG)5e=>Rgg))urTwh<r6LSGFqS*M@L75e|i@9b@V5bi~%
zIHRrNL|<518L#)%&*GI&%KFiLBp;QE>^54RC=&wdiH}&Pu=us0J|EKH9%e()w_dmk
z1CZMo%c?*8z;`?0uLDBX=Tt8VZC;h&xv&$1&*;hQ-mTH!Ra0?}LnTg>2qH9ri93lZ
zY^~IF+M9OWcPIAb&1qU0AK&bMvZZk2^mw>fD6CS7lo%F7fw0QsA+2p7RcX052EV?I
z%9PaqK1Z~>R!SE7<>)-irIRp86W|64g^Q3gJ%1m(`e^82hS8_het;xGRJ7Xi7*nZh
zpZ<<L^K5P2<X$Co2_~{VD;yeF8>lhKm@ZpacPPyH4S1*K@-riq6L{T!uyNkIjT)gA
z4cJW93tW_5&n9o>k^Tij>=2!vQS^*Lt6EbRDN-5nDHA)N_?$Rh6Jekie~XMjJI;5L
zLX+`E3EvZ!ma6LZ&bJ1AD9#uqFX>Lde`YbDUUmTl1e2V*m3~%{(x|EX)DUGToIKH&
zUz0%tztPwYqQ%0ft^)plF9Rov(=^Y>&q&vEDJpoojltNb;GZ1%6yG`Yej+MGL;rFL
zjuX6XDg=TzCtzNBzptme=BGt7VKVjW9UMD%V*4Mgj~`hZH6d`(iL_~@)I?18d8fWx
zw~r|_cRw#Qr&`LgWabexV1kSInq+{)lRSo~{d39u=1%i5lV~b`&jED?Q$?2@u2U;>
zrM>R;biGBqYJ~%NXt-%dU5#w1CM&3fm{Q;z9_n}by?H7G`53ljku`LVd`N}v5ljIq
zk&gRjVFo{9obr82R4))PVGQ6+m?gR9cwejZ6@$b$H!T@#*@c#}L5S2Ih)C6DKrxL(
zJ1?j=@1=$*rCPp!YesTh({Hp~M>GDjU4-9`O`TSXXG*NdJ(?MYHSAsvU_98b{r}kY
zej_9w_H}n<nAyce*QAnpHvJLM0OZFoV#9`%O_0lnz{wJ-I(}r*xxM~hr`r!Tr^$qQ
zMfNt!gdPKLiaA^*0o$|{+#>QFi@~W3Yx=BVUcGS&Y+|Z^rN=bVXFMWXe2Cui=(!>2
zX-IownVB`&-2Z7!r^zKpmpZnR?M@oy>vpf#{HEkTnbCWGLL~K;cmiXOVJ`^$$zj!u
zQ1J!~Qc5Az%~uKU%7h;k4YC&(LLViyS=6~cuZ@T9nj3nYPoDQ_%lQrWfK1%_VvXBk
znG{9?cPMXvenZlr)ELp)1<8Y+$;3IoEYUi)re^p0i6h+P>I(KxsYRZuT`1Kl^(>-|
z2rvDt<nmxpvQ~(bd+j*iyW;If+Wy(W*IvWEG%hSt(8P!zDCp8m7S_-i|2y6my?5c2
z^T|`Rr@poPtEC^mk~^zcyZe?+FO#tiw3A+==1l*8ZmM0L)()<tfxj@6hxocbWbcK+
zkQ_Rn$*CmpxySt2@KJS@1xw~9;+RF&(4&c_X9^hADZ#fY3v`A=F<UYppZ|r#y^(4-
zeK&2nz7u-4dkV75o)4O+OzpD%d-lbauoa#>RX8YWUtefrDY?a~<juo#|4#_jTVKI&
z!53(Mi+)$sjRWfGX|}R#UNa{lrd)=TLh8*rp!4<9zKOo}zT_P{La(#$+j1=}GJFE$
zA``y*;?2Ze+e7gB_i4H#g>&Z*TL1XPUXH6cV6`WhTp@L*JO119s}|`+Hkhl=8tJDj
zGb1BMr^`0ZdTe}sr+qVVufOh>CqA22?h3wtci;I0od4c4gC-vbpL8q=GMvy&k{P&q
zC#5HnzadM7x*rZu%;_8jAJwR7aCr<uXVuOJnB0F??WI}o7RLF!HcV>L42koUtY`hU
zbgdNRI`r;nrEtHCh?FV7@`R=Aq49f;ooP21CcvCc&vv~TVR_vh?g)Ri%?w!F`uh!k
zdz$HC9~2<ZwenAz2$#Qom&Yi*R5BB26@V_0v;KfcM0#aP^bTg)d*R3G#0~{ou(EkH
zareF^o$}ThkR>al%ct<wOBH3%Ev#>-P)h2iYVVVA?o`3;!9VKslLA`@7}zk~n51f=
zd*>eaC7-BlScF3i`BCIaKy!fUt1I$<(X2`FhcVE1ZwF+=scu(r9S4R6WJF+q)@eQw
zI_-Avl6vmi*rho{$tN)l=I%OIt#NMJU!cbRd7d(R$_joQ(}Fj*l>R{Pq6goUY2-b3
z@3V9fOB1Vs|7=jQJHK_Uuq0kqv>cCbJW2H*I4ez;p=(|MaIu~AZG6r8>Z`GT%UCb=
z3H;Mr63#w-SQnxCN%tO*kZr46i6h7q$orq|^LWNd<H<cSdKu(Ld>JPFtl7ciA<=4x
zYCxl-XP5^XW9SL^V;uO$4j~)eIJ2P<Ogc2G%Sda4HdQq|^L?%UuT3YLoQ4X)V37Op
zD?Oguw;F|hhxyN{u9nxnz+WkUvdA&5fofNnp;K}j=pGcD9*%iJE-6&)54@f$IcVk+
z*Mt06bkQGysO%S>4@G>p_kV<zmzRc;0-W$|lpIjud3W6f<UljK);~B)*Fv=z_yRsJ
zq;6n3%}jg`{;tYC>w(EQ(%m!e!~5pxTbX3<$v9x&4qB?g{}dZf%j`RU^)5i+I<mCb
z8$onsz4DkmM30aVvlkLShBeT=T)-dO_r@5~m*_1|2}op7cpk&GbVJPt5`R(3ow%>v
z{WN*xPaYqMLl#MEo*ns$)z#egdmSg@k<2xZzfT-ZhK;PxMhV{SCUJ2$lg+{r8z*P}
z@?O&07i#GUMNZ4esut^i=oA}NPf2$iDA_Nc6XF&-Z(T1Q$g*cEdv`jVAz^{P?fdh}
z-?;9Zh5x+vd0a)&_V=We8A>$@r%S4Vm5_7gI`_+pp6IZiNoBynoAkuZS8xT;j==h6
zg@X8TkKy3Zj^$RJRB!(rrc3cRT6BuHIwd;SG?3t|zew62CNcVdCJv7Ch55K;RV`r*
zmC8Vc!Ml<sc&Omi_KIwJ%jB=ECbE!Q=)4VUuNEqOf`(JWI!X4iGkQax{toXMrw(Fx
zQXO0+GD)K@>d=t6$Tr5j=Ks8vSCH!n+%`dX46<RM9TLkYUH!N1l1}gE*^N4aWH%e_
zw?DOGUs}Lk+9z6nTAQ1X&J}j)=$M9Jo(k;j;K~hL_uN|z%JFWVA<0dpt7|4!<F(T}
zeaU|<`BANooB4#`r@j>#;YdRdthfD|?7t!Y-F9Zr_VtosDCZX>-yPh0s~i!%u5;0c
z-GhKt4@I&^u~t>Y%PZmqco?Lf*f>^>vF?7AXRwSPXU?I2Y$U+Mh%#x(@~}*Q_3MxS
zxEqM_upLLX=`~azE)%stJctGd*VCs6Tnzk;IqsR!{oS#j$K|}XzuM}y>ZoF%Nx$_a
z68nc4k7sUVlC#h}SCWxCt}s^+Q>w{VBvO!evI`F{z-6pF<A<^1#CNJQ9WVG?DW%BY
zmrX6qWX_*|$VPgDXgm{bDCYc(gYhCjrS3v8RbW6Vtx}`dOD!ZNwT@w=E`^W`B-R|&
z`da8zjZe3jJTKjLY?*i2v%8tzALC?Yps*;M907A2+(1*Xl*Q)Pb*bsEnuSRoEAf_j
z-UOGDu?Qf-#qQ+9#qv>=r%VN<WKEK^<$d(_TPg&9{j}rmtuin$`8<Mm=gPH`H%N6M
z*q)lmv|QBd4x3#lURU77<74v(db36ch?&z@)-OmYEr00Jb==&u8vaB9Ubn5-bAZsN
zC|kz8MSEDbCJJ&IX&Kz74yLg9Zuyi2Eg9Z&=j4iMKygs+ABNy!UX{dl<)tLfrjhy>
zP#I2tPfG#*1K)kRhVL?M-|vJ=?dHu=KkAHocr8W?=ey;vB}c2rWRSlfgxqh6zadhy
zhf1&sNG#;Wh#3^nl40S3sb)LzJPwOT3(3iQkJ(wYnlt!(P8~;5Z%=k9dC|k<RLHbS
z_=2-hu(QdYT}f+K5n}kb=VvtH01@r?tH7~;fW<&fX=@<~5B$&Ra_pWr6>S6IP-eZr
z*pOHKw0?|uD(V(tOiR7*BFs+nZ*4YC`$3uti+^I@dR%JSakVmP>V>|SdNk)nL}t|w
zcw1JoL>p<TA?6x<=YMVdMsJ&+UF%b!uhlb2@l}E;)%XA6niTaqx1`z`xZHGw>kB@A
zvL?9>VtON&?-D)C8YL(gPs_`Ffj@uPBIH~t_1~A2JCL-UW*aKzYo!^U(^ikWq$<XP
ze*^~3V|q@Vq&L1xE0%P85@6W%p?5bN2M>oWqezkM5%R1b@us7sivF1_1y5|S|2`5l
z-kJNB%Lv9+TTmuObMs`#oJS4>Ls=|;m_H}roA|PApMvXrL4a&mJ9TbWYkurgnuySp
z`^a7%8?UT4_&cC|%5<!@7M!jpH_YD#n4BePqvL-(D*H3V@48+u1Kih^WzYYuJ-z)!
zuX6egW2mfEgy%zATA{2KhP8uE`|sAE`Jc@`P<cRQzRw3Mw{rH+h32fcTb|*68grX@
z&;>aHrmmCq=uz&;7-Eg{pQF)ByMpFRh6=g2pJkZ9qGRlJgM01}xv+E3WV&LlEXy6m
zUpU>pI|#`LbTy#7J3lKp;R_+@Y7!oaofem%3cU!(D>W9DHXW@LhSIj|NGc7)DHpko
zYHc=%ib)0v#-1m-i67B@E;ajqb#qj{+UKRru=V$5!EwJeixPoGlp6R{dy0=?I-u&1
zl;cTGz^2RQc;Km1l$O(TmMa|kD75j(=CkArp1}5wN}8hn!+FU`AxLP^K-2z9F#Rca
z*et*906;*$zYxv8H#nV858a*sZ)yMaIb@07;sG5p^i`WKz8g;NkIp$(msRbjfBZIT
z1BXb>lauI1kOt#=Dgp#uWetNcdw3Lk+13;TieS)^;^7-Vq(!jcC)5;Rj<$&qkAv@G
zrsMzzT<|jf_r;Jf(!Jh#FLv+U7q=|b<Pi$u;<qbY>N0o@u-?zHF@r7Xq+Em?7^&Gk
zud&zXApFnQ9j2mn0i9IcDItsoe*&2T0Pb+n5<Eh^;oLm-mYJXyJwqg3r4o&cCQ!qs
zpj!pnpiRq2nNH+KiSrp!_}(|c<U4qnepL199w9#9@O!@r_&X2mhap5%<kZKMpBY~+
zlpendCMJ^h?x<Z7^0r*0EG)ytL}pia?PB>8vh#MO{-BSuPx@g}$13RAe<WrKO-!be
zDc#e}$7e52=X&j5%?utFdP2>n$L4?Cj&(h|y&eP`@{T|B*Dw!LOtcgcH6nhrMF+J_
zCAHu|f41i!jK|3;EPFL!hi-30Fhr8Plqn+$;nh&Zrz&vWfR(G}f9EWl!R0!;p@}py
zI}#HZ)keTuo7$rjjOcbIfAl8$A8bBq*MSz2##J@YnbwwIq84{tuK5S=*!#ggM?xow
zN#?`5>|1kvn?P-lRkh6Ss#ovziB!(<I#dyLdOfDyeu^hwa!l_zIs7WP)A%K}l2N?)
zIrd?Vsw6hIxD%3YwJq}bCIcQPN5$(kl!+zr9$GbSn2l*r=a*1Ef4DNx?bnms+Eod^
zfF3#hqW^Wdws6>qiQoxzqa<TNCA|-%C<!2?JC5yIdWvP77!&pPKp?jHAjMZScfZ~q
ztfu$m3={q!wf;>la8+tmBSxSh>d8eENRMD{HyPc|1qBuCEqKlWEr&^x*KPj}H>lvS
z^V)wK1dYb6eyH3ze|hjFzjKc&wM&1w;fJ%^q)J|%xyoUqlc9-Tpi!t7KWAYQ*vkpw
zvmrvEA_qT^?)|$stAFJ`=dHcosY+qc#$j_Owk$GIP_F?78=rp7uP#T1-bXi3wU2zX
z*32hS$<~?%rOo{|cWZJQ{|g4|zAJq3>H}>A`W{rKH2wC<e-R)gtX=JVd$F<xhy5rF
zsX$JqxaG0w|27)?j9WK{K&Z#Bla`K=XJg#?1f~Lmf)>5Q@W_C~cQ~=oZUx%1rQ!#O
zDJ^3|SCW_^fe-mkh+LuT{lkmf;#X85y@cbu*B1(U>&y7K*Oj@sPxPJ5@%OP}B#<aK
zesx2LsWW~2e<5#Bi6+i-92Zop?JEiJ=Q}v*H1~Jx_hi=a1KsU+RF_G}6o6IpOcp1b
zG&DCH_S$azP9JzgOBsKAW&Jaeqw<K5BO|qHzx(j}4B<}5{V@um*VaVWZr0nsD`jWr
zYp?=zZASr_+}Fqqp|@I~lM%k*S-%Afe6ddq^~rEqe~-ptMmwZ(QCOPopHwz|yFN(V
zzK#E18l^6`tc-_~)ooRiRp4qFj@Z_?OPaDE87G6w9~~=A;SuM=Q6VW%Vo-ao-+qOx
zKepp+@9^FGW*ZwzM2drkaSQ}b^6<wg1*Yv6oUIl07i_QB`@Zm7KE>x+De(J|Ry_J$
zbKCaVe|b}V{BkDMeqF3H<nSfzOZa8i5`_Od!Syi{-w|}cZmsmX9lY^Pl&T;^eX)xw
z!_4~@P$RAz`eGQJI=A_oLsf%Hk(2F~-L#cB`##Lz!S~Zr&U$!!Phb9@`F%Df9x!5B
zeT{#Cj}{4`RMrwb<1S8SgSxD4LSn9^l{=jue-|9vhUYYv7w2K4+q1Mmw+!qN!JDLl
zG%zN9`07+4dd=$1=GgseZTX=pn4$(;P{;eT{9;?!^%)PNd%nL%)_7}_`3|Jbb3#Oi
zGm8wVS+{k7{k)aMQem>vy<SVAqqEmi`$jReCcH5`3Q%B0?bA;wK>ZZP{;g!gz=k2U
ze`=zcGD~yFk0wSibRY&zHxRMD#Q4}gAlL6ra&e$~vTdAt*nyE%M?;aBe7Q0n%)L3a
z?~#UD>w84_TeL1AdKdwa{{vk-b0}1aDHH;{dEdu9j;d<qWbHuRe)#xZI}Wnu7?ss^
zfgJx&aK`O=-AP&5$AW6A%~c)iKnOsCf96As#!@}p<hY}=n(K}5_loXnBbr90#juQp
z=(!<{>JA?khomvMb@y{aiUVB%NlixDC!S>31#c3Dy3QW{u;g_Sk_q3C_+FyiTFhy%
ztmwil35Cw0?3_R#C^Ii@h*%Xn$pUocDwqveO|L%)1`JFMZ&%r|iRtRMOZdjze+m(<
z!FtK69>`#h+U8;{{{!xa)%I4N(`F~<G+!st+|tEM*a8-*315qlZJJ(5y#}Aa<hzZY
z?b5YHH*TqvW0liW&Ntu86KxcCkRg3Ed?4?EI1R~i8G(aGnif8=C2SEZF&tNLY!C|-
ztTHw24lz>W5WjZf#hU7V`Qawyf5(4nh?&@spi@m$NedRG0H_P*0s%Zrf&S!%-CEFD
zvi8NM;1G?&b>%2;!oO?B>+#=G)kQIF^ut#jwCm7epd4NH5N)~auvU`8=0__WVw;r3
zsgYmcNPtW-60Mx~6ps+upMieN5hqVXa2^t?yR==}KS6SW3F6wnuJ**<e<<UZ4GVX6
zN;EG|erG0XQCUJBcx#DjFgyZ(5~##^rMa27J;&Fq&yNC0a}LvN^qSL}s(zfAnYo?!
z4n*^Ds@CcOgC8Q)Fx=4AH9<1gG^NbFI5BMIz!{mD#OG#gVUXf(3d#jji?4w%2BcBv
zmGi7hk}z3R-iOdh9;wa=e*vL6))V4j1t7}OLl@Zg#3qN{POlS~1tv{NAY$H!9jo=#
zA{$h>Wafs=o(^;S1I^*7o7V%CamS9h96#wj_mk??m^WEGU&_g3<?&R$3Ma2d2z{;f
zV;|!pX=05jC3rI|lN;bTGO}+V)?%JTz`10^f;wCQ^@6wfE?z9me<#pj23~~fDHR=e
z$qD{#%%H`1O|e@b)M?cnqR9%qHL+Rx6p<A}pTW;m{M@k$fVDq(DtO!l$(EGYFZ2js
zLPp+(m;F~Wln`NE&w+!8bEi8$e#@k_ttl$j2LTCC)jp01{R}QcH5$|IJQYPq;0^5P
zlQ{QvG|Ns;P0&$hf1Vd~cD{u}#N=>WZ88L-e@wL`@c0V7x%b#$o=0|>diqV?;pWUk
z)U}`rscA<v&2(VjUob}xhQ)vIaxFQz?t+7kAH2T%zrstTKTi0~9RWnr1lc-URH+m$
zAIna$mZAXg_7p%IHf`uFJKsSR$h}MI$m+3CLJ`p<;TFIifAdr$9UWi1OVlK&sJNhk
z;vyodlmv$iU;0Uz?iPR=UFDM|8H(o_TBM}(XGTTmXt$>MQ)$&#L0g@Z`z|=-cw6GA
z{{-^c%J)&&wBEM#JT=lB#k{fzP82;F%txkfIqO}F)f8^03Z)6#oe}1^>EW7|jtoa0
zK!=@XT3yT+f2;x)fl21k&XmayRw@d^%xBpfz@Fm)TG(&xhG>mmSWQa<mIq6CbX7v_
zEIm}`_F2~5eB+E+yK^#th?ArqJLbQI$m(E(ERaJR7T(fVl5{#CK^`Y2TLUDX2PjK5
zS=BLQvr}TxmWqHHL!#Nnv$@^X;R%RCgrKowKZ&d(e~MJ2#_>dCjBtoZUoU{ZLSB<t
zTTrQ^PfcGNzaOmApj*bpQ;*W+k^Oa$ZU1Z{w?^c-3x;xCm}mM$ZL7`e^BB1+>te@s
z!e!Jlf~J%wL}@f=Lflkqp_wYF#De^&jw+*6(W(C1fZHPBtp=2MJcY_i_qj<UhlcZ_
z8Q9Rcf7lh}jWM>nfZ77;(#ZCe7Rc0y?*zWXCjR2B?s@fNcbYoD{uQA65Rr&1VSVn;
z8?(xbQFW1=x_IQPlg~J1m9j#F;(>$qgaD?KY&9Aagbkayr>K*VX-zQ~T2fXcQkbM-
z;C<@NwWTz*cxj1MqS&W|-+0$|@R|5Y^V5Z?f9#<GS)>Ue6TPhAz8JEh6Kfjz@1^H+
z^jrI-2u9#?0Fh_8nS$~?zs-0`-FK{~&SDz8cXy5=hy6%kX{w7>i`IK6j5!8pDk7A4
zpcj+fTG~tHhpaS@LMxmN`N4Fs+62$*79YJ>b5;1DK%`Oa&`|ZchnfS=WC);5)SSj5
ze|<(XV^Wm4mNmSpa6Q$`31UyWjwsJ>dO|~hpg}t|2wdymXFgp|Hdcf2i|#GPhpa{=
zL5jhJ1*xyjMl+nD0%vTc4bXu!ofnEKEi0vjw#p)+7e!&zlV^*x|1v!kq3tgpA@oqW
z-JuaQZ&v9`QCW1u$vi1ThlRmtNlRE1f3_BEQOXnqy9r$P16(+Y41~watF4R))cO_H
zvj|2q7l+N?A=~y6%#Go{*%HMJ!64h3OUa234+ONrQHjHfFX8;bxEM>Q$UBw|&BUvW
zmn0#3BF>PaF#ocSswkDjq@A*<D=21z#rfxJV=u74i%DM(BruD3-JRuivFXZ(e`iZK
z*Ur%(sL%Rh9@$DuYn=}6LmYwUb<f^i!y43RMB`#ERa<&9FSdZV44$@3GFQGD_Ntnw
zCNN8!E)$tf%T#1Iol+#lCMzwnRhSKkVk?zNGS&CE^il4E&o~W#Nhr%}@PbFQ#HDU}
zhR^M3F}|L{8OsZ8EhKD-lqFH8e}aeyolis>RKb?L<*IEU8%vVdQLt8)7BWGuR$Eq8
zvL>sqWj8OXYzbc@C|VK0{2^z3VGQ_uEA&-VozrR0OCEGtwJl96f42Tk%BsxMYKPON
zD<wy3T1xiTt}KpSbT}}>)yxSk<wf`$;Wp&v{@ixvY5<7Op?q1V^7NQpe?iiW?tygw
zSB}uB#`ThG!=`eF+m}v0Z&!`4*~+to-A#(NUZ>3{ZRJh}k#G`vrk@sE?D?;7ZA}2x
zQ6Y%4`gVC2RZOp4W0gQf>j#!Y!tK_7Bwnmkb7#(^t&9bV3AVAlFn>o~L)*9la0s_K
zz=U0(1fr?YL8ct1nQ#86e;fNoBPFQTnU^uGw8NPGxYpGO?8z<Z0!<-aA0rNbS!(TM
zNdRZ}qpm~D%F<h|qLow1)HX9!q*UofS6LGq(kaAB@Jf}D)f*{mzhI1Qb84n`f4De3
zF4TBG`q!0z7FJ5e#yM4OD(UDh$RwwBHdd?Fa$s3gLN0Ea8K{Fse~MYC=?AhTq>s6M
zESB)=qN(asR)+HVJBar>7O19$2VnaFe%aktMvi~6{2~Yse}PR+V@HS2!NvbSKbVWg
z{l5?9o8T^Zr=7p|w~w>aNiE$b4fM%!#tN5A?XPK>nVr2pzvf{nnZ$Y)|C9z3N+L7O
zwJi=FrhDdoXSDG@e~&rvcpHzua~~J@M9229=Vd%1A|(_RM5aKZeoX#6o)W!ttF5^p
zNnjHRErG0}pjCmz9L{XUUl9&zyd+_7Ny~mBM0KSby<!!xIjM;kMJ9U|Bu)>ZnU1o$
zZW|0~c`%GVIfj%4GohIT00E&TU?B}CDMIxDlkSU~^I?-$fAaoC<4pKlM=VuSXyrq%
z?1!pUl4xZx;H!AxN6DX-YI4cy;{GNgaa~-Ifwmf;1t}y91O_CAI9r7mp%Nce3~3oj
zOdUlCzl2spYHyz!L${=M=iYM<FC;~}bPeOd{7O5zISTiFYtr(L_Xi{|2pCKW+*+7)
zU;#@BK|%-*e{MfGg9i@`2&@4niZl*9K!^zamKbwKMB+zI_Qoq~vYn&uKPMQFI__AH
zy=hXh{%fST##?cmeMg6Nv4CXLszBP{-c$gy{t**I1xZ4H1<FNHksOlj;xq0H287mt
zp$0S_O-yZ`Mbj=L`GmXJYFLS_4ZRF7i^6dDMY&<ue?59_<bBoXvAY98Yk_d=>}zQ>
z6)rTGT{kJBL0P*Sq30iz0g1ltFh@fYH$rzv;6derraURhHS@&)1*%FeQJ^C$2I*|<
zUl4d9-HZ|hZCji`qct+-c+H3%%-%?R1KWjzLNT&d06xUg0;dC0A-%388LpM;i2CP2
zD}VGEe_0~s+!vD`EW;kEm{mbL^#<T=&Ey9Z#ZTsSqPa~ICkYJ6z_wNufUtPFJ}nt#
z4Ol}+2Qmi)@jz9W!e>Bb!2~aIe8JAh=}Ed>m5r%8R-rkRq;^Nc&2$PuQuqb9wIxl6
z=z-{lae<jgiR(^0m^yXlCj$&1V(x{G81JcUe`k~Jaz%}&P-sSzskd0EF%(NAaFxNZ
z?m+HX_suWmP?!oZ#Dw9s5F3zEs#|V;SbMws$hF_OnZ}T_CCC_D9~H6r3f05iz9OK1
z`I4@UXp>K(i7UM)LJi4K{lKw~l_+;|hcqx%yPG3YVX^CTCAo8?(Sn)xO9$rU(;Bfy
ze?aL9h(K1uwFVezYe{KKs=dHB9@+!>*_^;I9Bhz(IlGuYCEOHzVEW-3kTeIv5@P)n
z-ERZ~bv-gjpmXa-&sfH)6fH>j(skI2{~$908#E_F3c@B8<Y9>k`9{EdsFQJaMa3<y
zwdmIgG)1jPh#i$Xq{C5IFtNSJ(nO-(e<veh4ob|cd{XG2w*wXPq1<PIRQ;7yWtubd
zd6Q0|{AeJ?+WQ-@chM3621LXRQ~}uttQwp)gujUD8y9!SW0WGv7b~U5jn9Rpzw$-%
za`j6>CPa&*PE6<<Z{P{7v@a!PzQ9M5ddej5Kq7M#-Js4C7OXjf!9=YD%LTG8e@tgY
z0>Ia&Xok&C(fju)lqyLV8&S)TLt(1<2@SKWm_a1~Ap#|vu&{L=n+IZZC?)H20Y~$q
zjTUYoV|9BkhK_{zMRBK-%a=h`02y6DAO_<%BlG!Ye@4)W_XZj-g_G#9hC&f+cgvOR
z_^JEn1g{N5>+B^TQEw(OXIVQpe}yt{Y9vilWz(0=5q$)*9{Y=f($H{xH4^wz4CdTK
z*(<ExbaiArfSqsKst5d)72D-xyIm>gjmr`IkcEx&TZ5N3A4)9)1X+Jw)N@W2d+*_o
z=7@j|oWaoFpgjY|5~u=K5~NQfdNawe63eynGkTwQV_yLqKF}ASf~ik$f9PjZwW>Mc
z>H=aHmp+I$5>@*1BMc=1Uwl(*LorW7TB-~(4{j))0c#Mn1|T8`62g)wm#Yt6R=2)*
zo25CR(!^n$V2+~z+f31E6gG%fr2oUoH?~*81lz{ejwd!Iwz<PM$pjPI#?HjHZA>z;
zZQHi(Oza)!%sJ2f1-CzUe^qyNtzNb2OHsM)oz%Fc|LX6Hc@Alr_4+h(&i=H+d_m9&
zuq0J&5wpWv#khfljOnWhxSbPnnl@cx+c6`1LyhdC2pcHrBhsu(X<K!tfk1j56Hsbc
zGa4_q*ZSc*cK^5ShVL-WAXYYjNvsvQT!);Xm;@RLLu_}|J29Xef3L3l-YwaKLt)4~
z3|RBOUWT+vr=ZCEWvfb9wH?#vpEiluT;IT_ya()_)1C|&d>xSCw7Jd1<*`-%_`S+e
z|Dg(osCbbQ9{UEmWQ!D;PCN285=;i*qzGEhLy8JIBn>pO{kjiNZt?SfDoUGkop+Nx
zWa174x!*N+qAx<he_>-I>mwuv`!ui^PHpCJTyz<*7ySqW7WB!Z`O`o^`?HC<lngji
zhV;A#9ed0a9VoN7PCSOgJ0e;Gm53p9U=D)tm0&4uvbAku1E{~^ni~8R*lyj!Lc^ws
zG{s7#A+gHg4$u|=CM{CQ+<LO-vT5_KXLz!Q6_zk_bgFP<f19X-rO%56hT=Egt2=H;
z6}WzJb%!T1Y3BT#g6_w?NSIK#5b`J)<pYh}b&me64+Q+F!a=rQcK>bwC<iKKbP`0O
z<DW&$l0i+;u6b_SXbD`eB(p0H%tQ`AuNb0LVrcl|!-$F*hZTrhot89a-?BJoz3?Sg
zaoNJ`;j1?1e>ZLULkSy-;uOMl_pW9gXf_;b!!_gpKlH=ki~nUK0Ys`K)e9NTOT;z2
zd_~3B_2*C2ABBnirEpQ*EN|{jv}Tlj$WTw?8_HST-ro0>(adTCSuK)l&=*(w7-T%T
z#IQ0X2Ex!@DM$Bbm~-}<X8X)1zZm!M@+=6y$`-Oke*y-F6hjHQ7_K{D?i+2r^|TvZ
zAv3L>jZ>=w>Tz!*)f0s|DMTrHQS^Ya)ir7JLj57mWc#6+=?SV~!5GhxSm_l+OfMA#
zBy9K`8PrCi`N8Iwq29_&X^0##!BsY2ZN9m~$9IHWVQyO&UTf5k{(8TmmQ&#qgHzt4
z6Jw}we;bUeuyI^Y0_X#15{Obs1q5G+0jJb@^FBp<Wc@g{Zs5Qc2fTW)9)7bwq)mY8
z?*V0pnH}{7$0v@zeD_sU^#`l?`<SZmxy@moC=jJk0IDo&H~8PNZzuxVJpme-N3%CG
zlZXD`(<N9c%_xLjj7Pp%2%red-@#q@Q@%GVe@>UpAGYLZbL-V(I=@f{olw3Ld2>Io
zvo3ylFHe7bGrE^VLv=H|suwd2`Uwqd^GbwfJ^OL)TS7b{sIT)@-H)(}pZ}q>jiwCA
znhU1}0b3?U#>#(9b#?kB9CGn{wAlj<)#aF(kg5*%HdM4%%1OrM=%0&RrEg?B*VOC6
zf7d&RDg^}Rhdebcz*h7@=z{|JP<$v_Ya1hz9on@Ezku4sJyGa?4p@Qs4mc3pXTZXZ
zyuE6=RLcG3xCOQ^dQ)wC4dg+!(o6r@IedAjK?r|3cYq9*?X?f=d4tF-+civBL3Z23
zxFa+<jb;S?Y%8*k-o-2k+<5UJD{%5Je}?w%3WPyiYp*QGS{zlV)`^ob01V{CZ=Y)0
zt9LdU_s)U2$<3)@vv7yHgs^e(uuw0yV(7-F?)ax>w~7<B@Q2<J_rZfwcRDx>wC%)z
z|4sz8R$Nh+_Roo8)sJ(yGY_lM4H>vYTfGB;13s%7m6k=9dJoRsqDf_96alTAe=kW~
zZ=zxV(XtV74B+OUl$d)F1+F(SyK5PKBD=}2EwZ@v4&ogHNI2U^&G~G;u+X>SrI($8
zlFPDnqDrdypqY?4eNm-bF&GHdJ_#}p$_>viY3?-#!;uc6Sej#dx981ZHVid9an_B!
zPpjGaezS+eoJzYkQe&KbjDEdoe|u476t@UG@p!Q(XAx;`n(BO&j1y2Jt6K-<=m!pq
zGEH?8AT7?V^^3sS{mQjnz@T(XF9#-oE);~W+7c96`V2vqBo7mTU0-vpvX=hQo%(1R
zRuItE5%YZMhC!8v6^5bq!^P6w&{_JYn4FNqTzBeMF9(h|@*aXJyjVpNe>FB5O`s_f
z{j{)TGnXIUjKGXhJBM3`$&-R)VDY&ac_weRs?K`eUckb<Ea^g<Pz}Z3Yub8@I5C&I
z4NiCee=0QBmzr~F4cS!h*c$by4s9W$t%Ugb^U)nrV(8~w>rUQY-`w0ML;A|SE_+$k
zBKH2iDWV)5348$=d7%ove}Gf!8isDb@QibM^`y`hb_0rt51}%XqAKsuKf{I&eqZ2M
zr^Q^NzT}j+Zuw5^B}^o|aW6!^D9T?HsaO7~(8aX5bvdG9N+(5uMz<jZ-&e3DjM0nj
zKjs~_U+!7hd6i#Jnm{}VqK>9jy6uI8hg6fXU}NWSShf&}Qs`bce`;p~d-|t+a_x)p
z`jU)IyZ)cyrNLC-x0(EkkGNo?uHZei+Jhu&&P9^|e0HtD^Xc@MPg;qobK+twCkFwx
zzrSx)Cc^(4!O)m?wsb$eXpfy@%=!{EZ~jOg6;};CLqm{O#%6Uv3a7}xjb6z}jPcf0
z+c{;`OZO7Wbu$adfBh@HijW`ikEqa4y>yI9o^qbp&6!?=l@W}-l>;$i3XDYum3skX
z3!%@%0c%ugQ7{g!>1dNa#G<ngPE@5B?NBu9cW9_#q1(!9a$i<8`3_fZ;lS_-CBi^U
zY#d0GQixcDM5_T9V#GC577Z>3=k&8l9}-TJ13Ri;BGliBe-(9g&SpWUt0{y}3x4?w
zd;2!w;^E^MSHZ3Rk-de`vPZ1?6%NgVX+hm{M&CKW=e=Zp)a4iog8$MpTkp5QS&sa}
zgV@KZrXsCYrH6P#QdJOJbdW6<X$)n*iF(rf4G^w>&Z?I2=3*HCh3dPYusHljW|n{A
zpY=RWPyr+Ve+w7C*BF-sSGb(g2BISXV^K`-##=PO6bX?((Y)e?PXDn8?Po%p2>jn@
z5jELnA4Hu?@@n1Ve^*}XL5m&lU(m1dxvyDZ4K9UQ%6nDuRvkp_l?$jMAA`YkE}2SQ
z97#B~;FIS%_9eY&dB<RJLEc++y3LFR4&+&+UE&+<e-&(AKDS<5X$D$CS$B{zL&Cu<
zB7?~O_y@<iH{6*=`Qq+Hp#6+!>w&l4xq}*uox#9U98sTk<rO4&aQGdj1=_Yr_gGfs
zWGuLSHbu0_9ag?!FD=aFMv+CoHFq6NJ-wH4P8d)%BAG?>o#1khP#eUWapLtRcwq5c
zFNrb$e`{yIu=M2d$1V?NW#<BR6;oLuhs!PlO#RclGuU$t)J6CQjJ~s?9~ugL4VP1`
zizw)7N9N?5gYdcDKad49pN}=x|3ul>HnDL!mwPFz_14_8`v;t%QDuu=WcjX{_k^bL
z5AVrXkle`nKE1h*#S9kF3J{s2`n~yWnBM-@fB$dAW1@*YAhf{J4*mO|B+-8@g&31+
zGv!~RV)kp8HB7&6rw0gedyq8xwG<SVZ<xU)`#eX)Xbqt{!d(fHGhTJgGx~N6l$KLv
zS7NuKm~<r8^Om|H<J?pm5%e>>(s2Lfs9D)N@v3CNJ7Lm%c)b_z1Wo?peJ401-O(FL
ze=O-tPxbiS#2%_1Hn;Apn)m~W3L;6o07{!!^jBAU|0Hc@-(A=cO!q*-s9<{1#eNK1
zV(aj~k4Hj+x_!nq!Fvo{vp5+|UM0Va6pkw0XG#-ws@R>3Qm`a8IxRWO&SK%PSA`}`
zQC208P?jRqcx0xyv?21wWxa%(WF2bCf3wd+d5bWJm79k}{#W?MYqr0Ab{fe5-aCYn
zF;p~No1pOdk#w{U?+e|RrZL6%V~Y2C9!=PPNEjIC<pTa}g;qvn0uRt<8FECiRK>#b
zT&Tf*Z;8yl7agjM&HMpXmy%p?J+LWM;kk6lEut8dWkbZ~7JrkdIR5R&{<mKef0d@~
z0-CY&(8L<23a2(@tCRp?T}f~xmpgP{iYi-56O@I5D;%3<<;aVf{>rMxHJSzP);rb*
zQ8!@{@a+k!ChoRC!Qs#{i(649UP_i<eo=J5?d*Z5SRakbtyyhYnB=|+zLNf=idYr}
zq9Q*!%%l@NGx_JbTiW55L#Mxce^0vKO>xe6qzq6_Eryj<_FcS>+2gwO1axW@9I<l~
z)%e+3Xe*6D_~SQrLOWxR{UNLOy2$37(m%VAVgGl8%}sffhSO$Gw>rmEN0auD6y>8%
z%}(flP->8j+M6(lq)F*ZHgI3=ZH4gd#3c0pB8Ep5GrrF`Okdb8#~ju!e>1chC~ewp
zD!?ZSXHZ&2$UvjI5YTZ|=v>+ZVA=8hmZJITm0IH7y<Q4O_mflk^%cC~!tj|xg_&;3
zK{FR(3D`H10AX8YqK|2@x<;A(`7+-9k0d~*vqV|+;)rj{=U}0!_R>I<pL5O?x$KDr
z@;p7TZbUb;&PEs%vh_4lf0E&hi})*DRX}1OoQVuhLXgT2Y7nkpho{#4HYs2U-48NK
z@x(Ir$NLI>`^y{YN}h-T=w@VVA>P2fqmkK{zxEG3{>IKc>CS82H3$2zMAQ0o3FKi1
z@q8f!F6lnIq|FG{I@HWz-_iVuKgg=?_$D&MBXj?S8MyuVJoqPye_U2{MVVj-MNRWM
zNjofF5StspW@tYFEe@-L`*>gQe`5hv>a!psThvGGI%_2qi33Xy2Gf%P_jhd9omc*_
zu%t3{Y0@o^r=iWKG8@wyuv3u>pm9<xNr5hK7?2D$L>6GCT1awBkL=7Fyf*!;M90Ld
zYYK1Wj@=JRlLn{;f86~Dm&)~EyI8$5$n@D)2@8w*=kS}y0QKf;8N(X5CF3C*vWr&q
zM7+^QczrX(lRg~S$iK{BT#xos{dz1X_qx!gQC;c)iJJ(hfb}1eS{6Q&J){V#zDAnu
z*NYdGlhyRzp5fWRT+r<?ver{x&BV>Peuf_!`vK=EFUfkUf9Sa}rwE?HQSGugk!Ls_
zue_T1LFMR!!8@AOW$Qrd#A<0Us$6Lr5V01YGgDMfC$Ei^29DVX%(H!X17dyLJI(E=
z?g>vZXcL#x0MGdeKm0+g8Ugx39v<^K%^rVSRc-b)>uq^fa5MhS5yZihA&J+m09|8i
zL(ZKkT9rQ^f302n-O^0sV<G8y=rq=#Gvs0nkDti?A4dJk8<?Gs-cqA0GpLcLr9G$p
zH|u5v3EB1Hul!8~3h&}a4VMhNj%VSRxWdX}BanS<kF#&+W5h4A`w=e=<L)a0o7l8h
zRamOVn$LQ9cJlsys)r4Xxf$?o(q9wvhD6+Q+-AB)f9$+#81kT-sC<UrYk3^Cm^wEw
z?6l3gz#Yblv3Hf`Kx2vO0zZ)4=@*|%p~P&kUx?Wjs6L}D4D6-lEdE}(oDBVmi;#2I
z$0Cpx4VIFmvy;qxGje``y?C7_^aq3R4?1>&2T~&aGDxqxpT5>EH$I8$`EEJt(*CY8
zPIdJZe|ju~sZ+iPm5x|xzM*7|+*MSAj?R-lof58IQxq4v;z#pnV853Rk_`hyl?j3I
zRq<ER88i_z{9#?6ivsy|ZXZevSXJsU2@toLy|E^+h4t`BmcUHBfoX%T1ZsyjN)U7y
zedzmNB4$_PYn%R<j&0)WZ=-)tJquY6|9&<hf4iI(^RVA+7&M$;_i!Ew)vz^lPV6bk
zQLAT9MKWA5?%4kQSM7y~??%MT;i#N;iy%ocAe1DR0;Nh}9~(@leyN51rFfeDY{>At
z8d(}%Wu=LYEPbTii5!ZU?N?uPfLd6b?oGL-=;Ay9@ut6mPD9=-BfvYa6z67nR%om2
ze@YVX--mgdy677$hC=F(PIA%$L^emCcS|HM+bD{H2Y@N^%sS(DHZ{o!Q%;3njD>IV
zqr`r>-uq_$5Ul?GP;{0s+%SNf1z3~!%z;Msg9k-fa9z)e^|u&GTU{~g80{H0OI7ix
zjoC>kXXAUxi<j4PVl?=lq-a5)${_cAfAk%oLb&;_)noO>vY|0D1w>lWPK26PpV*dz
zI0sf8-&?{ppAi;1g-*;Kuh4;@1ey0w<@Ws*4R&_UYr~h=AbA$5`hQg#EwzRuWUL}*
zm^@M}us8wq0k%O~khN3e-J9||@)~W7Ue(T6U9Md=rjAh~hqE<9Cx`(SlM=trfBhb1
z(K`c`X1s#%HBpBqf{l$4M1Qx>zO$`1|D22En0+$IYeFAu5f=_yNgix4p?7fK8rt4{
zG+>AB=~k9n@f9zuU!;n@2Km9vjVPK7O<jeU82EL0TgdCbc%r4E=XgGlH5p!Gi|InM
zrIT?Tvl0&lg`9V_rTJ=C<vYp~f2AmU(*|fC3|cxupx*iK6zTMQx+-L6x$-8<`|v)n
z_PHjFeiE}t#UxD@WH2|j;Z02s94m@$`~Yq!hBQ-KcH?Plv$>_RA^IBK3;K;bIy`ZI
zKD)6y-^UfPzf#CPI`eH}4R3q2Z#O>?4EGPs`@vmhTvs36qYK|JL7q}Ue;^Oa5K$oP
zQx6jtGt__;a#E+0?CVpYteKWWA9d;oDm_<A{Zrx2TK4BQK0~^4{MrWcOwR`LPEMM&
zk}O|i$zcHSi*os5SlpwzV?>!(;tfu7sV1~h?wF0!A-c5l>!DUZ_9RWd`K?6yaS{4H
zD>Qtz6Ha!gkaB_|Pw=7#f2d5KdwwLS>D0uF*M`58h^~~y3+&mCTa-#eVzf>$X>!8p
zK(iqFnok<FN5ZS4y*W+0vy2_r$MkzbR^?OGMw-+fZDFL5alvmrZTV4pogt!yMV6t5
zg{5V@{A5{h>{`dSnZQuUMffgkjj1UTLsM^Aj>Fz%Sxssu1X%wOf0`;ejbeHJi=Q=M
z2xX^x)b@GqYgDBBLAv?lMIidxr&!`G)9mnUVXE9t!|UjQ&HOV$=432h0Pv6gEa604
zZpOp5r&1IFl~|<ih-~@<ovKqt{0p}WewS0)cU*+a;U;pn6?6dyCTeFI!~3qBYk{HL
zx?7(UU(1VY`yjgKe=FoLhHauqeY-D>qS_-t!qnQO>~u@qOc@hI3`C`ayhKqSSmQx%
zAbXtDmJBCklTj&u6I%&P3Z@Flc!S->0)FR_EGP8}TQ@naT2I{P{|(J=b2LSM>rmU8
zueBI{;&tpD3+0=boa~It_`l`&jpW@SgZwRZ$GD!YK}e9Yf2`x`L+&Sa#SD=JeWUBI
znHLoeq5rZ5bFMD~Q>%m4DvZwH@P**VWp5N-RBTg~D9qvLj3beSCh=tW=JrT1d`H@P
zN@(ppj5W(^5bR*BvuuLsA#?SIhW?{Fz%!BFzB{Uaw5x&pj1eFsqTLzJj>zfUKN^}$
zaVWYn&Mv6+e}y?e$?I>FQeXp2;?&ONkJK(>M^E<;dek1Vr?)Y)5#O&N8(#H~{=jEJ
z!bQ^!YAWzX_rC;(FeTJ=dmog=jN6T+0ePwO(xt2=7(j$j)6%@>TA#(gKSEBvm@!$o
z7Of{CkS3{`4yKJn^Rh6W-e1t!JhrA0TGEUu+pr4!e^c`BcYCVw9DEC1(`J{tTIbrF
z?^gNbVQ?^RHG{*SDZKK_0&%cr|AfvFD^*G0QqYQN7}?{62R)(TcQD2_C`Hq}=>8O@
z4B@=X^QMW!sKY38w69EDeij7B-xOT-+;0s3F(ADZ7Lz8*=h{cgm6{SmsCC8Q@f2=;
zu6vuve@pX)zros^2DzRVZLU3+Rp{?o)Oh2m;hk&rHU(kuTb>$e2f)g6Vfy=L7>Soh
zN)nE<St`)94ZHO(nz3%xxbh6&!lnBtjY~IMylC$V(qA+dDp8#nhq6}sR}-DTEU&5r
zdqGJ)2R-fwM(h-srN99ZVW0~_G7NbuwPjnxe=nVCp;^An*IrlQrCWtslQ-Lv?X>8Q
zNuE|3himouz09*c5cFo5&2glN5!06qA(d(o{GE2?=%f>)kEo(2k1dQ@0_Ko&xl&9Y
z%~BO*j9MZP_%vWtkc<1RVi=^ppG+(vfU%`$^zTTA_^?<C&`M>khxS=tJ&L_h-tm{S
ze|L)CK0m!EHc52<yYhZtL}hv8(AY7}3v!9gJAaGt$b8Ky59Y#P4aKBkjH25W!Zs^}
z6+S?^$zU|Vtq8CyUJGmp=K4{w7&wvOLcbmbxRS*dn0Wzyqff2mp6p$O1JB7yRMl-G
zTFw|rZ$D71eYT!RJc~Qhx82iM#O2s#f8U?>q|_V0t{D2DKm0Jvi?TxJhMC0VCa21z
zKm<UpjL<^f{$74|<|s)~fvIK8TMB=qAlr7+e1HBg*bB4ZQL(d%SNd}+(1>@@*(BN&
zQAnF5h|coH^X6#BDCu8uxe3`-`L(iJQtjth_qYxQw9jUQHFYV~1U&VYdn55he^>w*
z4FRK?ImPmY%Iqksy0^{?qs8jBYv&M{Ab%T0XGuJ+exaECtf;T`m?m5<7;Giz0#N{p
ztVxr9V{z>Pk5E98!$&=W0Rl6%8|u)VS6qry+$X$MjM$Ro$`kM!-;#x`)ZaGW!$8I|
z7jc4<x@kuBMVx>TftyG&{uUY6f9xD}3jxeIO#6A5J+uj1L!p|Eg*`CH#UEYx=2`|o
zT@AqV<Io{tCEU9oDmtt#NblU+iCVJ}F<uYZX0N;qs6|=^aweK3A+!+`v$0`U(i?F&
z7{XE6cMyjq3y8gj1K$y_3-lv1*!zVNj5|IHY&xo!3`=m&d<y(podesse?q5vuKQf~
z{kl2(Pom_;^um6BT?Y-tYQk<5$ZQ2Y4$MYaqBDwzuqOY&m(hTHtQ{|^qc=WiLbF8h
zYIn`L3zlm*ed1;JMf-Jl32xB&dQtpK<f$3#MZm7#-8VDc$*m?9hY0991)3^-gWjzL
zvV8JqIO<S(3;#oT6ZTJ@e@{6!uc;C4@A_S_mDjNcD%GGML|LI+a{X+{=vBLj)npK>
zz4eU3%VemW(2=vY#ik1-`@HMjt)B<v_1oju-l^ADXp;|*RBH)q_fwZk-ABULf6B%L
zp?=Oo(lEi{hT7yG-&@_!p)U@-^fC7C`~E%Q5b;}x&(P+<r@oZbfBam@bloV4L`MSB
zDdcae#&`aR#ux2==Ww{(?n|#>b1rOIDBPc{>jsD2_|qNOYrewse5}(WpJz6g2VZwm
z$09GZi}x$it+cz%g13I}i$kQvSBCo(y~SRA!Ze|!189EF73ubh63@E-@P1C;y!mCY
zAN`y(-7ZtQkkh$se?)eO#2e2FO#RUi&shr>tRNn$&~L_xQb7uph}R+Q+WV}=>PRo2
zgS_EJv9JNkhF<V~Rok)V={Z(l^nOP#Tds};adQa!9ctD+wy!`~R=eZlGgI{LYNJ+h
zH-j$rCckzTD7~v&vo;@zUL%G61^uPGPAP*R(-c{`gY;;Oe_I8=T=Jjgl5LOHV0@WF
zff+iLZD-oCCNz>bCac{?5mVO~gW<#@t4j{=bYHVmd>Q@bYr;3zo+E*a<(2M?kl%i3
z)_ai%77V`T8x>opo9ubR@teNHw$U--r?7#B(u%&&3wVu`-pv29E%aRW_La2bdBhZp
z_JfJI>+C|Re=+FrO)M(jvT;+t;8jf_4|6>}ddf~9kfv}gvx?qmeVtGQy|^YQ<E>aR
zK64$eVIw|*zR=0`_od$(cy+s_Ye*gZ89LT)2AJkHJ*)@6{B4b^fpkH0f?}2n_m7vt
zwn|yuKQqyCQH;E4`$qy`jM(?pl8>j6&#p!xOP=iBe^cVXGsA+Tr`n$>EcsnBxYrL!
zDZ^gp3*n`rmWKdjt7KuQ7fbvj_jRW~tFRm^()Phj;DEn&qqe5r1pLTO&DS3ymR{Rm
zG&;iXa^^>pfN5MQbicxL3zAy{mFU24p%O$iK2%U-5&b|l98cRBjejtRUjmC{ba1S%
ze7+9Yf6b77@JvY46hcTz#U~(|Ui_jvhWItcLO~KCDuGGw=7HUNbdDAuEjPMrkr;nG
zvv8iwgFdO5DDaSbReWHWO<CJ6l6~=)c|aRpPp6Nw_xXavoaLQxxaA$SHm!lIedCX-
z2{@_eJ#_ZvA=-(=A#?<!PD%H}#a(3U+_<`le@?^qG07i%qm>_jsknEABJeU|Fg)Ik
zC>@~%f#OVjzMW}$&oS_yWI)0%Bc(BKsj&PEvo&r+OF+MpO44v&$ik67G~-wt3ndfX
zaBdgsa$Mo%AbV^T=JN7f%8OpR_r8UR%e!`l5P0U>&dW+KV0t(H*Xx1(-5EIaQAm-~
ze-R%EpDg?+wX)F03|U8S6Z85$=c^6jl<^0`6|**$jmT*Cif>pYvq@LTCKPn2krC|W
zHp*k&@W%$IZoP7yQ_M=#nD>QuE4pp`;O`X{&kmtfmc(5`?J`xgZOB*@&os667m4Ep
zv+V(3fl1RQxt7;Y+2uUUuWcLL&9gRse+K@KiyLcCzHsy7?1yfwM^f@nGN{;}!~+z)
zH<?(2UbenqjtsADK7cURKVlcUl=}l_+_;a-Nob-+zzL_Zth@}NuJl4)lwRPv{3)3j
z-YnL{mdG2E{CjYNYC~zU*!{8CCNo}FD++Ubj%xqZHNBHcLDk&Bp9!yj5!cq3e+Y-1
zXvfQ}>20d#C#lblO;gKjID!QQJNu*kO6EBkZ0LaQ6@`{KIS(<6cERddUxlXUTM~sg
z&A$?@z21PQJF{)@X{V)|L6*D=<qr8RT$!3)&561bwgQdoyLKX|RbP|#TT&LH&HLsV
zxi$~OQE}v|jruToW?eX^#6uO8f3X+l@GFIWJDYOCUmK${U3|i!aolAcY9f!FkAYkC
zkD%wL7{D~A?%O*0=xJMvC?xZBsO>I06ohd&OZ@D>vB;};F>Mq=OUS>9A^kQ_x;C9B
z@+lNc+8Vr#zv`K)$c9XasZ~l~(tF0$*zkLHBkZqd;dDLfX|W@yo<BB$f6-{TTplPY
zG)2+8^t<AuxO@#8079cr49Apgtg~Zv0kFI9u{%O0!{RR2wgY)@^P>9anRYPu<blFB
zUbOG0lGlTAg(n^oDmcyqc5T>+cfVkCHa}#R!FqUm%^><VWWJ{bk&(PFUzBqlR=vJX
z!~6t)t?WYNu3)rb{}8n0e=T5EgwdmM;!^p;pW}QN$`)Z1iHkrp=LYZJgN62uCxbVh
z1q8=hWcU<N+Xvpr^iuIp*zEPhctybk70ZT?_|4wCM)gPgYX}xZmuqq1IsJvBOXx6R
zhe&jU{)RHjq81**sm;QC{dRl*q{nQg?<{!jGtK8WlY;H0MmjVWe-N?M`~?nbS+DUd
z*99Hb=k9UaNc_Z{GqzlhQG+pxYRnUnIM&?f&WjOw>=<m%pP(@Po3o-!T?R(sSJWf7
zJ~Cv2m{BQ)j<n1KFRnFRGYox;RWJuCPyJ=rv|@EQcKSU&CZq)WRQA+jrrjR2qH((r
z!JacV;g}xA<r-m*e|gL2!_4X!o94BsGBnd96pU!EQmrs74bl$)GzT<dIBqzDXj*M;
z?4a^EUlyUX(j*ZD<RG*Q!P~CC^On3QQ9AH6PPhlne*z&LdW<h9fm3@LRS7uBswQEx
zx~d|GR^bJ*$&vE9=OxmP?H|S6+>H5}X}?F#3fNn}{Jk~0e+tke%;<IL!`2-%H6+f3
zAcK=c)>-rNYZs`7-=4C{uf4hwFz80^zFn^cd-<jnMCoWgrB_0mmCN)6tiqX-bOvaB
zqBk6xh~R|{Ds%25vxZ!Wm8Q=Af}<}6h{S3!bSc8fJ8ev2{x_UxNn;gU9L=6QtqW{b
zh+1sJk=q(Le|zMu7Ih=h5eaqv(ff*7-GH<|duyf37rOD%>ek){{|T_LguzvmIq!@c
zThEh=_m;v47zDA(ne5d)ZYNh|c^}##xBj}DPPxw9StE#j-@IPS8%SdliCjX~oG{T2
z;zuA`OxH?O<j`+$Z_DS4YmKiBXMpH)1|Tx<`e8@Pf8H!4eDX%hWKhqGQQMMvJQ$*3
zLH6ge+m}1ze)D$Lfj@g3wKk>BKD&Cl=R(jMgvt-(tF3c1wMMhb>6u)X?i8nC`LZ$;
zv9NshEUuo=5ea1YW0agr+>5G65P`xbnKgi-xedm5+r#OBSGA24Hy>_o$QL}J$2{&i
zz;oUie<2x3U^~s0Pm0YQ5RzCxD7+GgS0cCk+0ST53X}jC98|8hhT>auVe*F?K=9O)
zli8!(o9w=_H&ei3BruXBS~OzPH-JJj$kl<T3o*{z+QLiUANE_7Z#_$5og;WBab#>@
zZeei~%8(uE?>61ib3O_Q{YEz?r#?wBcn1bte>9%jjFA?&L@^S~)BJzxX=0$<23Dz}
z=bkeQZ-K9HoQd7kgO`5$vR=H+wm5>2n}1<PGU{WXKvuB15bpX^`)2+s(Nr2F<b|J~
zq5RS3k>w!|lt<2*z)=~c0oT@|Ow-osM#$zsjlPZfU@$(2av>uG6U-5u$K?gKk5j-Y
ze?dcMMPbj91k@9MlZ>2;nbSq~WRR(N&6PK}Kj<a6Aa^{Lu4%n9za42;YIa0Z6&pn`
z4s82G2rbe}&~F-8Rup`0gc>FVSp;`H+x*eGe9O+M|5#x4Lvg|>oxm9m2*?P87Fcp6
zE*9oHM2Rp2+=gQfisLdNo^+1Lv!%gsf1g06Q9Gp<TSq(*fL(L<{i6edA({fATw)&Y
z*XMW8!;`|pToYRMX)yn34!kEj2yEC18$$;8?u1w3gZj&|9dx2&Mno$Yw<s`jF{QvD
zjv+aPtZ=~IUS*bh+Mf^ozuVW&JF>c`|D_4=zdwq&`CO0Ad^TUz(D2nGw4;@ne?s0O
zeMdw;hWQyq=UyM3DWMF^l6q~E?%dZEHL*YLgW?TqfVwA9?d2Q9nNoWlG~73WfWu9E
zckwS*#6*|5?A{XBrcU;e$`gXFVruJZaSFj<4N)R*%EuK&GTo=pT>CO}y)j@(SUc|~
zem0m6#HhlP(4N?ra!YqGT8D(`e?yIHm>a>Dil|}{p1r=q>P3p7+uTHQGi}YT*-~Np
zoOW20u8>>nLD_<>yutVta+_;T2DJ>2!J4E08*2OL`)MEJ7;U0<EkB4kLPm7T<VRxo
zvEy_A-y{@8b(`5D?=ZC?)nA(-?!yWU7^^smbt}X^99d0Bdbz?T>R6r7f3Kh>l23Fu
z*nQX%oZ`p`VDWTVN)URz2~U@}t6&++UIpI(P~&MiP-h^{KZeZco3hO_%}Y%vsy<)9
z^qCLBkt;W{jOIyfbh+n@A~+Q+5+Ouv`vNNeuTPYn<`5?iyI3oHGgD7yB`eBQb}+y#
z+&Zy5N9Qw)cZjb~URmz?fBtwuL@u=AVVA7MazZjHUdNu6344N9Q%A`~lgFQK%pj~n
z0OPymj2K@~D{eUGy95C^&x3RWCW9A!Sux8YO#gnS{^-@fu<~(3bm|)c`)fqCb4Qda
zq1WK=RKxkzPMESFt)t^gr#;l(D$e|HytaY;L=ivr8u0k_{Kx(1f8K8=8(3C(6d2Yh
znO}2jpf*&o#a`OKpl@@id!s4n-x?jlUImSA1Jm~>#U%7%oMc<6_CU95RK{ApVvpy`
zqVOqDIyG}wNZ8C<CQ^fV_(EAzB_pu?1dYw)zTT_*-_*5k6NwfGqDEJ_L6?ZX{jO_d
z9j;W4|9lSgLRlDwfBV#ittRgFp~Apek=)ry{b|%{xoh^_|BpK)3a^b4l-BKDY(e@y
z2YNqFRP;kxA~7#}<;sC&-+Gr%5Syg}hOXyAd49}+gtq*{)e`>LMXy)PmWM6j<Xs*8
zOB|2BPWWOMD(5A`$qI3}302qC<E%a2(hsU*;;FA_e<|A_f6s#);&QZgJ&H<Fs>(}A
zuaVkWNVUYJ7-*#KUP+00`HgifRxh??p%(?$o3F0Kt1&{#EJu(S#_v)XP_<|lFjI0C
zKlIyd*rC{p>sYg05&-UBL*r{LbYu3o{zme>V+WogjMc!<96*8TXb44aTsSL_Q3>~R
z!mdt?8UQa8fA>H%Kf@5DKRUmRYV=)Pf~Q(dlgO?%Sw&Jj<>;bV=vaT!>m~C+5;gco
z+-$`iPxOl8qzbqUr|Mu;2iPHvXyY|IE!L?2qbJsCSQN%P!U^_=Zh0u1#VbW^Qe6E&
zjSnjSD>Y!6Di{%9C4J{}UAz&$fj02HZF6}G766C+f6=pf)p`>rRng?u)r%_}z)0H1
z=$|a=R|tr~qtQ%NlHg{ASp?eWSjmIElLM1U=o!_9`BRjB&i40Gd=KYQh1DG-oQ9-W
zHN1nwp9*4y6pv{m_&)ncfWyjB$SO}<ol_w_37Wd>uMH1n##B#O=GLu)y)D=!cpKfO
zq~NWZe+!QQHtQl(NY69?zh1$%9=*_J8%e%sn#U*zf3E<JA-pTl^mj~X2vEj=A6Q5f
zvsxQt>vMMh3*y$UyvIHIbE2NvO8>u?pj{<QQ!<?8c*RgTYN|duBsx9JN?YIraD%+y
zr;Hco`0aR8Nm`+hFVvF`?`xUd1*oKUn_mTnf0flK9jTl|kSr0e2^K&BiBTCR$*E%1
zZ#_x4%+a_pBa8J1gC0pfDf$Nvk|d`r-FDFeGoc)7g{Bvw%Jlv_%)ZX<Cg>LwZ!hPE
zC%Z8Gk!94-*9YYJpVpj7-8Z1cpo&6UNA78KL^D7TE$`ca87jLJQrzQm@npM>rGydp
zf6OK7%c2GeJ@aQ!%Tjinet&F~ikF}>SpY{sxWBBB1nM2*awHVJ&a5@CBih~6l!6_t
z>bAOZ1Xs_?S$TZ}t$n$u1^-d_)^)Jusz>^LT8Kc{72zqI@MAFtysZBz7`q}WvotQg
zt)|Q=gQ-Z23*$sKCN2ZTO@hTesRjTFh@Yw}$$t!zTSw%!A{32Gf~;e-TBCp=r|itm
zc};=MuM|HVRDq6W)x&LivZw^}hlN}LlUIR7U2#XFbzjC$Mj``;W`3{_&&Dy2;O4<i
zs%^?+v3h4X<EcPsb2vf>V@(iNae;u91b_u3Ey3nG;E?+Go|5-A2JiIp0_sC@UP-`E
z5r1Hk3TlkRp<kDqw`P&CdGpnn-m-26AsA%SX@h$tZ#sZrpZn@28(7T~Rifbs&|Mgx
zc0=528>sK<EiA?Ds$MM&8;4FauM}xJ$@BrziMa`k&|izR>_Y|vO)3g=>92+pe^?(6
z<18uK)XUh_45d3wJu{olv$!nApxYJNsDDoJVV&MxA)%X)W<?~PqUa}`6_)YVyB={#
z^yTNrc>YE@bMYvG=$*yVAK!FI{TPAxpP0DB=&I--Im)jA)=AS%Yd-W$sO5fQz~fua
zUBc6c{+DxAwY%-<WmlZSE`ZIk+SRO$;wm3F-ST90O)0IArtb4rzO?Wm3obxEY<~z@
z8$)k$^&YBm!4>`(dHVaIv{Y)PA_w~uqb8kS6@^a?l5Z&xk^MbAgKelXq#C|ay;t-e
zs+FEV5PO%iWrtV$MrO}31lTD(g^`Avua-977w!pr-g3B%f{hh^q<9TBE6-hQqlU-d
z2yGm$D~b~magBo?OnsM&&i(?6rhl>IgLI}@Ts}|n=b_kYAvt4g^c5+Q@@|}IxVNBP
zX<7^NeMcG;Ay@#S_@QQvFZ%WdjU=~`A`W`b7b7lspP#U<g;HnC=?ShUD3AUeSy&)L
z@dDTrBrRk*%?&ZSI{RK#a{P27W<=U;jGv7;6=DcV*t|@lLMn8aiP2|7bbsNl2_W_@
z!cc16HXQmEvLW|&k>o~wIu#QFr7G4PDRbt4rh|@)Rh=*0VP;QUEbz;>T_5j+;Aq{}
zpM_a{UZo5$F|!y<^EcCztg!O)A+^G;ui5b&jGhj@zvxImYI>BeUss_A=6}1b{ihG7
z3?$}NfGWeHO5B>DX@9Rx8h?<eRS#HVLO@y`5+D6yjPn2$uZl`2q%4)?k&E8Q(9K7$
z!JH87>sha0&OL+;jN=q?1=-k1MlvPLd6(u(WR2Lwzzsos+d;dew|$xA;B|dAV)ywV
zWp%tIg&Jw=DA@Lk;r%`AF^gs#fX!dYZeAi4We9{+5TK3$-9lM>?|<SEJ^@}j^*pQ`
zb?WWvXfj#a0VEls{EH>eqm5j?JY}M`$@fvlp>!boc~xwsN7<KMayrSfSD?HS>|<QN
zi?=AU%$?`oHmQ4{){BJlUvp^?BCoc)#@Dw0uI)xY&zAophAZny`)iqjVA<=9Z0_1O
zxLC>Lw`;+Bx4u&MntxCudMr(`sV8G;KpO&KRM3tEl|DBJS3qDY58onkMu`HV=X1Kf
zg#XYw-#_^f(6J!LF7c_>WuTO3#4E$Du!AlSk7}e1%K7eg5L<&OmGFyp-y#uTOCrir
z2Gcr6KauT09J6L2%7jHW1Fx28EFBh&?K(djYjs_}f1D|J$$!VvU~qN_R7UWMyDw-Q
zX=Q3kP&_jd2?}D`en%(z8nr2XD0@zg1Fig;!hPsHxVda3)~ZUJWLKejNdzI4aFdVn
zidycA@+ST5{M^gS@_ns&mLsW4t8+v^vk_L*2al!H$fhnJh5V9kaaoG$wm2mJJb!<<
z>T2#rn%vhuA%F8lV#|?4(Hvzzj+EiK%(QHwd7!><rqmh?h*m?N=-^U^6?e$4^+nNZ
zOR2ppiy_82XDZC7JCyxTzZvkeci@??_K1j0$48KM`{h@x-!8TDaZWG^Gvy}r1MVM5
zpNr4k1Z%4TD5RM2l1!)2nx)zBjQIXD1ZX0B3;r!0!G90v%WRfct~D1v8Dv!ol%k4I
z3N#VJB_&t}V(bFsWc25FfonzmP2b*etPKsKXKC87z(>(d*TO8|CQSN(xUdMmip`Iu
z+VNo2J#mriC+^zL6ufehbqk=r0w#F5wyB_ufZ31H?sAF2(BFn!lF$*B0)p#UE<Jr<
z*kVJSNq;B|i_{zEzNI^{sp$mZ8ZFtnaHH5Zn!58Iq~x!zGzHWYp(fPg-VlX<`_vMr
z2>f;^sqs(LWW78uqxx;PABM0PUFjl_aOAxpc4?#6#Y6OsL)~J9F-@{a7~aJRueGam
z+aInUu`sn<zQr%zV@Smt3rssmnqqT|(OPAK!++GMkXNdlbbf%t%Y?uoa{a?#YI>jy
zCYWJ=9ngPAJ3E9v;!Ubv6To+KDdYJ^5`tqWl3V^tbi`s^{rsn$6}YG2rf+3V;8|$3
zPmW?UFWNSz0juWK=j>obhb<IYP6o_d$}MvTz((fNm?GwfgbHDn##geXvJi9LeyDB#
zIDh4N7jJ$4iC&5KX@|#fPlhJX_De>bGF|Mi;lbj43Tc&wgZ{3nx6Krq{`{ZU`<7sn
zk)D$Ej=M`Emvhb`)7M34y`lc^ns{>%2$>ecxG3KI;>Y`ReMTVyO}{BVHl?%dq6x_N
zCyQidT@e0G6;xHVJ`v4thyG(^QZYu68h>LXiAZksXwg!^u9UFxJ6e)Rn-7Ge({ro1
zPW8e^b*W<T_Mfo4N`khz*zQ}mLjD*0-@JIVT+V35TSIxyFTPxe7T>0-c=9nJk=m1g
z#Y<r)_pf1Yxe0y(tKdHl9D?QSKY?#II%E$JeFR>K`vi*Csj%$aF^$a6FeMS~kAKM0
zYyFDR_Fr=v5B7Q=f6rzo7b<zqEfpy3u@P<3i$>TI{LgL{n<Y6BRNSc!BelM(bac8`
z{k1sbRyyfL#FR!nm+^tPBpFEgDT6&1lNFVm6mCNaGYN&+$C$lIlHF%ZaQ5g_r2X~Z
zUq-*82muL;J)!<_g=qbIHt!F%)PEhn=rX2?#+(hv=&3ocB|3(UVf-~m*zB#Dl7_pK
z{STs~lcKS?S7B!}kzfKiHD;7``y79+^4xOc=Wt-W8Unnf1Y|%1y|>3uP80K6q_mqN
zi930R2pYcT0aYwiYOQNTw64EXgV!?(!2I*QIMrw1KFSW>K#5rM^Y-=m$$utZc2bd&
z8>$_y`Oh>_W}qe}5T+y(ttqtAUemquN7M>4i)EBkt9X3hg8wx6cbU^%7rb`bxoPsv
z(P`9gMd_2Y^*G!Ti$+B(BelZXlzIGV)|YF=Lk)ku*?G?=O@2Y?2?Tr101g9T-^Jne
z{A;^{U+9w_k;~9><W8P{bbk`2%`s{6K^n_|S(_gaD?1XucUe==siU(p(q&ScDt)}V
zx7eNn2$b<HG%9;Od>=;#c5aa$ms&PO7(b7EE(ZH_pHR3*R`KVBuL~Kj-^7IFR%5}B
zrtn{a>^=j8XCGVFmFS9oHk#RM*1p)0>cT87Xw7gha;=Vm<yq^?Sbqvtno$_iaZ6}O
zLpUVJX!IzzZAkoLR5853Gb}<oMQwPBjrb>5UA~yCS95n_)j_HP1~TI#x^!}NFSV`X
z#bzT<SWj$Th(2h4Vkj$edx7Yp9z27<)`uBAk#J^j6g?5dyt+k9PQ~(m`oElNgSwFS
zDky=;Lq^VryfJjMh=0?~r=5?or1m23Lp`m&kAHfOi_`jFk&Y9CLv5q0m-=Ze9518L
z34Zy{u=Ova6Q@?an|eJ!vY<_5lUBsa3n_N|q_)StWtx<#Lj?$6c&5|khk6VJ4!m$C
z;no1c7XPCY|MIjR>yDG-RS=JarhWO>YZf;6W53NUqs(V2B!3^22?@ZjmX*_)?@~1O
z25<{c%-BVLOIXM%RVmaDUGfPo(y6<`48~BFcdDp*GZ_y{so?`SYQkXA9Rla~7dZ3d
zaV^YLdAe>Kv{%0RC_9kDdSc_c0cRw<=uj#etWD6xGr;kQ9i6I=YeeB4-me*9-uAm}
zgFRZ@Ke(|~AAd4jB9AvpCu8Ds{oLP;OOyeqx}scurXff$VNO>0nDx;ri{W5G@qeF=
z3h+}h+C43fn+fO!dm9#S%qUXFL;N@HWd|sTpjDl099RS+K)oZ%AAyfSRw?FJ#XfHF
zQFj*b&2(*+%0L_u5M>!|NlHnVo^Xg2#?a5yjET$b!+$Lw*T6MCckain`(ehTy0re$
z`XVIbh69tH)yLe8JIvDG<hu2*ci&pmfH(JW@jA<Jc$lE=t`=T=x$<<}pU02_tW1~a
zOL2eC*TNG=r!ov$*!b~N5((`V6H%sHM3tqLUt@4F6-%sdjGkP9p%gFS3UePVkaP`W
zHYG`h4S(_FCa4v20G*U<23$&yU8xAW^nF=pa>jqs#D!L^Rd8<<$~@6Kq7#-toT^FR
zxfP3I+r?7hljV1QF4xc+L3WF<hr_uM%Nu!@`O8lK^9A>h3pf_gmD%bdN_XdBE(?o0
zbPLB>HmN4$XRgrGZraPiNOzMk_tVtl*<qF}p?{N|#D9b3sE7&zK){kHcAYAqYP#Wo
zpLF-~r27YEF%ZpT5{e%l8o(nZS&npGoqL79FLz@%cy!qn04nx}w0&)?K@!J13+H}v
zcbcHa=eFz%@)B7(7BU><t_|>h=~0mSu#a4ZU&H?OfU0<C8@CMo`NSYF;qb9AyCxEQ
z*ne%vBvqVqL)eS%1TXD1(@?#1v<zMzk?LvGCne>v3V`N-CiMQ}(sCQ4h!i_oJCFLS
z(-acc`)9u(zgVZgj3-lJ=b9(=7tuzq47vHhQ&fQV!9uT04HpVtrqhy~rge|?spu#w
z%DGAIF&hJU^0VDfKS*zm-{NRJ?|@A#<9|cPug|RQb!k6g)sbq9NP9ll$DWjew1=bL
zCqIz<?o-f_M|5@!a<bf|PNSPrpq!u%A2}*|+cja%_TY0n0wkCxQbxjgcQ6*nQLU1K
z5h<YPX^}I4@yE)q*z1Ba<+-V~p#Ovu{Rb|a`6Ei95u3<!kdzFyDY^%9IBqF+hktC5
z`0fnicK={f#y!{ANzo#m;z>%0cxVWEDPMGqZxF;)DaQJ0q?7tZK1pdq#zjC3l*=3h
zEhR;h8;3&=iupGBGZHhOV164-uORaYrlOoL4JX4_ARNk6tLX!U6_D?W3U7>Zoe=D)
z9-RXVA*_t@dKFTy@15>o3_m%Uo_`@X3Eh0<?RDr}rbO5no4X722|NN_b(pwv(j<FP
zYFU#LhIs}H!Z{e*(qROte~UKQS;zwV%sh%-Zml>aI8`=_{UaK;SK{Y>38;rIDZ%f5
zONajk%|Nj`^X&t$yTYe1ny@06>~+A5?RX+C3yMRHI%-))KKdzM!d0I7J%2wzh8wPS
zHlEGYTEdntS&q^pVwhXS?LQUny8!1z>DA4^A=~G6kKANNJ*tT`Nva47l<nV6IX}?a
z*c#7vhoiotF2QBJ!u|`Yy(1u=!7d8>9I*O1aDc+VAcx4qRg=X+4LO=h853YgR>0kz
zUny1if|>(2rI?@CM;C(_&VMO9sA^daQ(POI(3?qdoJD0|-4J6FngNXjI*?(D2!Uu1
z-O=)8xUtA$o)_AMZu2_W#?R5}m~OwCaBlM!>zePDufXK$Bf_sH&$oMRU*qqxZ?qo7
zgfP|;#q=MwBBk1)%Hb}j82FwRGGPLhwt}Y<9vw&uja1nY{rj?e(SHGK0H?YsHCorQ
zndWs6MM+bvF@rjBw^+OBn@}AqSbx<x+~}JA04dKMQ4oXlZ9cqMx4#&S9~c-vQ13a#
zx|)^A_0A*OOY}E!V!tUb&IXdC!gF->PWq$mNpKg-J2bw)p*?`5zExw8X`%@B%fEKf
z^G|h*Af@`yM3WA$ntv=iza=h9pG@BDAg0!EGEeYeXv!~q?o!(Ua5(1=?3ZY0dJ3~)
z$iOACsv;r#>bIj_foDc?>CY4Xs~DE;bitl&+=@Mufk-c@E>*#5eWsa~YUwG|>qk~N
z^2Ct(1;GR%jM>Z;C(Y@imzgA^NR%QV=KeihI$|jqWkt@@Pk#mj_|A|S^21X<-H9$o
z^TE}SOTD~v(i*wD!CI;~1e>b+CgkGSJ#f%Bg@D4p=$@GyJ?31=3p;oeWLM6p9dn5|
zJZ-PqJZ(=ty<fL{p+p}!9E!bOl0*QGHl>cM1m$7ru%rD1qcy!sJu5Ayn3*bWjDrVq
zPD!lbDeG@BtAC6okK~da{Cl*^zB3B0e&G9$bUwbPVJ}$01rz6$&B~|px3HI^u(S11
zVE-?VF4t8fVgt>~P#a%nIjUvnaxFHIfnbSVc6?r-_Fn7nQhlklH{kAocXvXn(bY_s
z<I~`3k&3n2pQt79617{E`qsH~n@>!2TvmbJZ*pFT?|-=v%uz#j8vk+h#zWnhKZ8`H
zE`sa}KOLw#U!Qy<(}+H<8$5__w(+|@gVCjFOYqm~C>crH{=<8Ka<;|2-DoOzn@8SY
z6ESb)R)QEcbX0Dnv~vqg6v{V3r~Fi>uK?@N*~7MP0vs=@(Azg!)4X23G@Z9iG2txR
z|3AlhXnzj>zi}R!lJ1A2sUeCoW0s?w91ji1m)2J!oRhWR%=M=|&3g#U%|p%2T}@ov
z)+DRz^$dqi_cnPA3Y{$V7FoL64T4n@8MS(*sTsUY-g^!vGdQfBY#4gl+A`dTc~<7;
zwgC|mkpco8b{$?FYf@bR7d;-#(7ePCUqJwPeSdv@JUctPNP?nUt!laX?D5rCN7#>*
zo4Xl3H{gq-n{9D?97*`{;E`uLTp~ZA+1Mh_!FO+ScYR&kK~ZsK_v*_2dVAY<Z+AC$
z0Q|uXS*_PQ(fa3iyd47!<EWBSo>>_gW(@a!ojVgr)aBUY(|p;3y^hz0tD+mY_@H&7
z`hTQyDl4mPeQw+Lv41E^2ckU36XNS~=aV?68c@zEF&Dd<^Ky6)cl}?{f^<tu%Lr_9
zoz%cztfO)MAC%e^D}ZOnKvw@!qJGhtU8P7YFuWK7BxZhKZ8G&66oxD;8*-|hSZeqP
zmQ2x48QPym^4wi1{}rc(g@v&&6ydI~-+!GH7Z*=gRaMn^uji^N3cp}qJ=Aq~Z?hO?
z#lIw9!*g_ac`a0*N2`8MajsHdXeEO|$f}poz!D}{37$%Gk+~5Js8;<BXpD{h;od#-
z(M&z7#a%-Q>YJz8Xogg-9{6asbBY}~7&U9~<xg50J#jkmYWJER?FPfWzKK*W+kfCe
zBwtxV<aj)3ZCV|SkN-#TA8``?g&5>To=TY@!wt%k^`j;RO#BB%3XqW?2&ZnZgJiG>
zlVT^y1p|XSK<&B&Feti<bx`+fb8rxUd1cvg=L5W#q&U4hzEm-4&OZA;03bl$zr(UD
zDxl1SQWTeK4W9UW0;yFq8r5rCUw@Cs#bPlelSyQ9*}Z%&x6oDWdM}g7yrvZ909?M~
z0DSfi0dQsIN=l%)S0MS?&d$yk<prNiCR4d&Dn+HK)vBo1>e$=g$JvDih|9&$$S}ke
z3Ro@B41k1D?+=<Yk0FE*^@N~^Z~FSzaB1-p63GNE%3Q0~Ajt@1808ZHwSUq90$D_i
z02&BwfiDKFzz1?qU0q%1EEeQEf=Lr46d<FJ=RhJJUzSAZ?e_ML7di`_uK-xMBLF;m
z?i_B{ar(m#6`)S8uC0ArwNm*eaeMdXbNN)EScGJsT3r~QNfLpb?QMwbrQ0lY7I0>M
zo{$J^T5;%7UDs<t=(iwjDSx1takYA%Es*$fo+KEM1cZv(98^F{83nXumNmhP7^REy
zXYk&3w((8h^i9aiJueE#xm->Ihm?Fg*=&~gr=fK{4`JXVkw{$c>h6Ahd~EE|VprFT
z0IuRT9g)e&N!)JZiN~KPF0U+qb#Hg?`vr_IiHa5a`uk8U6d?gVB7b&-nL?l;a$Ty5
zR-h0-E}KJ9l*Vb);mH3L<QxG?44m~)8Xl?`fIw-QWDWp<P}vd2aTY+gsRX)2EKYaJ
zfKbPH;8IMlT5B4(=Ff8l+<}39^!9WU%>BK60xPhZb3^DM88sn{Mj}++M&0RKTV4CX
z-JRVZ?Ca}2KR7t}w11R;9+h)mx!uY=iof*RWIX)vBS#k(FMjX-{=xS-jx(#3qDNj{
zXQ4n>8jHseF)mI6;rSk<Y=VQ*0bQ<EKv7DRM0MmENTiY)Op`zWeyD-<;QBtn^*u3}
z1J|P}hQ3FrRT!A8I540HP?}a{BeboS0@`94eiQp?#pM0bsDFk8wp1>Q+9j#liG+YA
z>L}$LX3g15mWn8ADy+V42r4i`3W;Z_teqY0je&uImwS48{#6w6$=gL0m3Aw)`gr7#
zNAF)=Uj8wuS$=oJar&i>M({G?o+Lo0tCDz$E?0~$ujwXh^_l=zlGtw#2QpV=+w%k-
zfG@9Bt-=v&RDUaQDrNWrXduVfP7TUwKzR-<0nZM6SYkF6E`$uO^$3-sT!tEC4QyvO
zoY84G(KrInZN`rVOx1*s2}d-lO|J<Z)h-gz>lmLaolX<LbSBMbWT^+t#CcuU)ggex
z4^0%AzmMMD-UT`5UozRuKLMD(r2&-q=@xdikAGF}?|;WuSJ%Ene#spfc^Ub(yr|h8
z6>9d>EV{e9kxV4{a`eknp!=fgL}D?<c>ARiHa0hPIR?91+o<ktqr9~VZ*Lc<lwj8?
zh`J3V0tfNXM+_n23W$=cP)vzIhT?V*f@^wcz0z>jtFYugf{EjBrcS}hbx<wCz-R2n
z7}Fsv#(x?N0pu7BB|jW_1}b4DozdWlX#mX!mf#0=7()go8y6$I<#Gj5yJUjodp_aL
z=CW4{g~ESGhvpvuym?Ckc>cl#+-l>s*IxUo1mi!yzP9!qUJxWx$t2P#flOYo>o|0&
z+XB+`^b{U=-~qZ(fsVg)4QP8uC!+E)w<Wk=Tz@!=i}Rmg{n8@p8*8x22S_$*$b=rU
zDnQa!NQ*@j5U~IoKnOx+X3_?aF(88$cw8zfkVq$EP9=)x&3q32;5ZdA;(G*FiP04s
zU}2QmWq43WRg_oikpfVe;ek$sl!AU1y5w$A`u_fY6pKZwpU#?{h67phxwR6$`r2zq
zCKnPoIdej;S7Ugf;r0l4h-5ms*HtV&EVrgN3i~>LynI7&E?m&&8{4*%8{6iM@y2#;
zY}>Z&<i@sb^TxLAWWIkEGy7T0sXA4y>eFY@-A`}&Rs>KiC1PV|^=0tud?;S+!9pOr
zuGo%^gQG`#0MU*=0PR!=Mo|u1<d**OUt`#yj3AE>CTrkpqyHR(NFDh^Mz#WoMLORs
z15L1h?%|(^5Z6?7@yY4k_->LXtg7&$67l3*PXr9Iw871Ymd{%zWvIxnfDowmIF#$n
zj+nvUh^$E7?`MDOT&y^qjHIEc(Ciulqx>kzcfM<CYU094rjHkW`$|Jc;zIk+ZVSNb
zB1?Cxtoqt`I_KJN05kF?4i&9&1u1n9RYv}Qj^J0ZI-SrPBN{mdjhu!f7GXn$(a%V1
z5aCm|s8nBOl<^j4L!Ud}yrsFXnuo(mT@(?T*F@UUmrlmq1zM&Q2;8op>54U>Z|z;b
z+Vei~wj(cjMbEUwV0n0XcN{LBuR4t+8{e9Un0PsPN%*H)M;w>YB}fgQPa&UPniF4t
zthd&JCT6N%=R@>9U;Dwh(u7S~0v7>8Qe`DhnjUP8mOFJP(~kI^LU3J%PcO&au-RDO
z+LJQ)56(Gpq#wV30yA<H0;~SylGn<E36PudCIYY0%58Uc{2>0y=N|G@V^K`m#xv2P
zi0qO1BcXFDN(p{Vt<Y-=kcBp7=_7=Hp+kKp_OUR^xX;gx2)o|kWP<&pp+mCX@&dH7
z9J#+8QoBk5{zazOii@6kqL~3YqXuEcaXH|oTTbDpPD#wLaA)KOq5gWFaWZ{D{X~20
zvA&-<a3QL$VW8BlKZg*yvrMAw^$-KXkO;}==t4sMXS~J{6X&dFhjf${5;gpP&p6|v
zb@I?f*QaYkMJJMah~-}e$4*W}1kw#DXh$Fj3}~ed@CI1uy$DD9_p-SD1LPk1fn4Jd
z&HYF29}yVFo)RXKPI6z}E_7vH=Z>Or1CgquF4gHdfg4Mq!#h7vvOk|hhMMmqxzcbm
zvOT7RgsBRL?4&vNa7h7w74imumIJK*k+*KkFm_AUlNh#=OGDR}!VLU^jh}K8w>^+C
z(m*&?pA;U17xfVxq&gZ|#HT0U*6G0--h}LNIDoWH3mj^8-P;&dK*MvMvBIXzErsmE
z6Q}b*xVHG?qB)IeN4mP@PzS3W9+VW4B~`p>_H(<#)M`V7{B3O^EXr1Ysn0cOEiV>A
zs@jsc5x3{IyUw1?=Mjjsp{x)xU`+cU+@tOw0)5=-9}y9;c3o5Rld?*|Tm|{?%xS?{
z9=>zg)k(i>-*BsCClb03bQmFitAFZC!k*#oay(~Cg}rB1K~h`@zz9+~xiiC5|3DWf
zJx!%L-5rkS;tq^AwING?6(4du#`*z|0)fiT2%h}S(?m!;F9ekotx*Cx(==bNl!!1g
zI#O?QfywtUwMfGDV0QR{3X7YKmjA7%*zsPxTNE~2r!`euIw<YpR$X3yHeJvw<uXl<
z^tesY+DD3u2cDg(xY>0B)8%Liz=DE`7(Nm)pNtZ&M;U%`u9et-m;Dc`4nw)Q{+p3B
z0*EqfZnD9}wD0`<p1SsgbkNwTW2?1<GCOnKA9|n2qRVJeHmy_~&*gT?1Qj(*>VKH!
z$08K6?7IDOHaL=o<an$;K0a;@H)PMy*M&06x&{;J@aE^`#j+JtT`D}4r^dRL5?+Y3
z@p|cRcHPhV9eeP9y~IX(lOU6<CU^a}J$D(iAw7Tb<rlv`7TN+zpt&jWkiebO*!Q}=
zas6F_*h0*t*(H8By;-8SLXJYovSUAL>O(mi)tj4F@L7Y`EaBCyy*;hQKy(iUz+2bm
zO1qfXQ4YRx{L_-Rj_<7TB6H>IBrrKZ1b9S`4PEu{;KYJ|=7rcgm{#8cX>)b;@BUR8
zTPOOi!8-vCWC75}I2*i0&Q|eSLUmjv|2NYc_5i&}YXG5@3u>nhWwQ5mH2v#rXV}pK
zCr4r1j$m5oH>?gGPvPoZmW+Kb6q1Daz%}-o;6Ot1#*OBFP7oLvojl;Lab;pAIK|Rn
z;D?VQeC0HM%g<}vk0i~kB@4<HPHuYo<}XxZg<yF}O`MRJGG6zC5rn4kv=-klPllcu
zhNC&EuJ#|R8=8FF$%ZRm#x_Vhb4E9d8?%a$zfD`shn@eOABuzPYu2l4UA+)Q%xo5N
zYS4hs?peQ0&ZZYfkr^$oBg)r_J;I%nz(~iX`QYh)nPO01lQ*rv3iuV%LaoY+;Fj2f
zwY+NyW__7Rqn=!KwSe*qSK@Y4&Qb;qGgzFxmwGK$;qHa2OUk>;%Z;@uk3M*rQ%Zzm
zJ|Hz~JtOP+vcHFgCXT>u&x;|1_H57X+w8&Vd{N6tVZ2hE4$@X~PEO9rzvSB}x^8wf
z4f9)nFJoppu_ex>A2hHy%K2yy4naQAGVyNB*5Wbj@fb&tRGZD<&63JH{>=S?d1m%n
zX=e6KLR&*vo{|!FAUNZu@?`}>Ag+9gxrPf4D(4se{$?y&iBOOkHc$^~kJ!CUNo(%K
zW$+wY6TA2{c3C>x=gQ`a%lS5+`d<gTRh`9uqQtb<zp=n)AADY4S$Jqi?ni~ce0x-H
zarejpA<#RBa7YtzPxq9cG7^#0JFU=aGH-0@#>20#V)&*dB`p~~!>X(KjDG=0{6C<m
z(zjX^LH43i3}}~>^Ey<G37*=)aCuLgXGog?^*Jxb4ISI5N@N~0=x}=fSPw!7xcfza
ztXB{7e{+sn%a!)Kn_5~*C(zmTrZF)K6pZM6)2ChB02T6F_>tfd@1JQGCLoR^p5CsO
zmzRHJ4GKsb{>&0mIAD=Jj<D6Ew+7oCQof;CPU-a8=GfwJu8%JT+vsH8lXAK40xDqd
z?e$zzGCG^GXj__~qHlj8U?sq^u2=JaN>ONcAV%0cKBd|yE?Lz|b=5VF7?`P2uEw<y
zkot1%Txj(cC);QHQXe>Q_pNQWJaaIQ?oZIx_BpBrsC>=eG+M7Y_PA1{pETYqFD~Yk
z2L3Qq_o0Df(s<X%_KAp-I@qSR?&>cdx`q!)x-2-)VZ<1O25S|kI_q>9Q552T)%3mS
z3;5R*pkx}%7Vc}#1|kkxbLG*RvYCBK8j=8Yc=%lh1!PzB07Ij@QXtg{=nM}0cEQul
z-y0A1BWw2wwzk8|o~q0LVeX=jITMg&Acs1geoHh+g!r&9mZBClC9|%@L&@jgT4g0c
z1p^YY`#!Lj3rfv0#WShSu-Qa^{yhmtcu(6cFhFh)g^zfhlRV)&j#Qj;lM#;9D7W6a
z1ka)?7^*OFd}`udww4?F{!K5zT}l@H`J=fl1qoGiWhz&xicGW&caUfEO&Gk^H$FRF
zf8L2C#m9%|-F_6~uS6;vTQCmRBcL9Ns==YF^F^wPav(a(3fjfr!fWGyAwIGHVrsBj
zWgx(0DGnYrk7PW$PKYV|cw*8&JWcyO8RN$U1V*MFQ;L<DU@fg=aI-J+$_%41vg<22
zsSX}`*$r?xc}czdY@6Wko`hHp99KWoo%AR(k)Se=4P`H^c@Xkv$@T*2p-yq(5g%FS
zbu9R}5mZFBwo6Y9y?T0o;ywi^a)085SCL@ooL`fYr0DE_y{1#s(*86S>=jVjZf3Xg
z$k-J=8=oR{C$|gNTk8(Ur75_L^nDdG5Hm+2W%iy~3HaA<_`)1m)igi?H()MHS9GqK
z6eUPCPKekrxjOVdowG0o5RMa@-h5ULs2VF>v~Y9KEx0VLESm~{MOt%gZ}J(k15K>G
zbv%0Q;{SaagR_7nc-?d>lv?)(QCcLo8b+7CuH2imflBS3LOr5uC7LfsOU2OMFZrID
z>In5#Ffl?YDxy>m40+iJ7j|jcD6<Scgl+3OYEq}X4R#86^UfeicHMd?_GKYVmE+s1
z^2QQ!(^Vinzbr?80M-4%P!|H;T29wuG)FwWjNd%oK3-elQO3Z<Y}@uA30Oeex!dX4
z6xhAdYAKPny)6R_hLo*jMn|cp(BrZNqW1Edb_X&oY4=KgE08U$hTt^R%cn`0ChFD_
z3{w|Qo<KaSx7r}Dbrd%e0q>+ywqzp$kzJVod;0)ct`>5CO7)<+y1IT$uc!2;6SauC
z+0hpaEXZQ!_YcF@02GV~tT%U02Kc+b-{R`(M<DbJ$d>G$9Qi)s+kX?|h{g#;jP`t%
zb~IL&w!OSAr7y!m4*jq1>%U4&|AKH5QU@LQJIB(X)Jf(w_sxV(#CyG)JZ&^CQf56<
zm8#NZM@J-oOhc1t67SE{oC75KKBy?r8@m%{^9)^1l)+hG623lOF61V$nUJOCsQ9FJ
zZcFbQ7DyF~ojsj~2^p#MCO?Xk|BQ?%t=p4iT0qK}l`3jd8j%p4DT|I>SxR&?U@9*^
zVU`)V3T#C4q=3Ol4dvWWze3~4T|JQes4RM~LoY9XZk23kltV)(jhNLcV9HcgM@~na
z+A$AbU0-ugg>HWF#i5Roi`ljxsS&Wivi16Siyi=6%W+AM6jz(L9ud(fR8(BBD)-}o
ztpCk=)lm8p7(PS$pL}zK#;%X>q=MX#y<Mn_o3S;Ln(?F|UNsc*XW-PG#vQOcW}DLL
zC{nI}uFgy+t43lXCC*@MgIVd}R?VrnmRDw}IBKhnpZx*f0pJmoeyPVV$N{oJwKnS+
z;pQHXWK{*e&p$6k;zOnR4&vPR5{8t@>Y6Cc8}y#zC1X48?73zH&unCi$$@bLq{XOc
zV;>-IKZpVlhZqJUacu}vv0SK5k3<iv$6<VbzJUoa<*719R_w!x`xe>>iBl(uNv_7v
z&(E4WMLo*$@(dE8VWtf~8F>%H0kXk)1%Bzt^uuK@NIX2e`bwQ03-}!{tBJaX+?`QR
znUb9rrOfga-M9CZ30>|Ode%2X>8WHDg^BvsRre??dKmm)y8q^QG3MuwLuJfF3Z>G2
z?;+4hz-L*0L<a|@+fUiwyeiCpah|r|BP_6++t?_d$#FK7eyN<jVLk-@h!899@xShh
zju|A3cj5~4G(Ij+Gy{oM37u&p_elvA(j8Advg3}(g)QH<)$94VBd61J!n6G!bqJWW
zb_BaU;3)t3vR|F}yDr{2z6vkV&T|`oZ7n*r8o(C)nW=~xwl#ymzZcAqcQ6J>51vY>
zHdTUlfA%&0oyFI0v0k$U=#CjgSnssxS|PJwl5!cTI3`NF@}GqHu)A9NOHpcEDFh~t
zvm~s~tB5ufx!$86Qyi4-%7JU^h=!1MY2e+@#2S<u!k9%)mZeLnzxc4X=G%&Yi`VbB
z*qUj7jqj1DB&W&Dn|S85BesDwcT4t%FECa(M<=M53-*2k0%RpjPG)p@OjsU|2@CC1
z2ROTw@b*)};CNZwQ%QvftzZsWn0|4`X=lU|h%=ihYH6I(;58bFUfoDs8*nb1=z?$1
zS3z@|t08b_#0*Q*8)G^@K8^H$@if!^6%S|fL`);30c3<L{Nle0d;IDVB3|6H$~Q$3
z`f~PjIe$F6iO%MuP(G2i>_={sb}0q?$v_;ht^Pf|V#CGdj0sj`oDLc2fl5?90GxVu
z&EMtC6EbvzGaLRo5jTKyIyPT|u1*bCy6fod%)X~aeGY<z8GXR7Ta#gbR?R%v?)o`O
zJo}-ngU;vM6^KvbUM#>f%Y=Qlro;475El03&#Mfr+EDz7=&z=LxWh?~F3gOnT1?P+
z<j4~eHzd3-Ym!i;K4cN(^u^@Pq1s)vlU>#ajS5s&E|q0@kgjZMZ7z%!)MlJGl)2Ln
zdtb918aDwx%nDjscU@zDSwtp*V}g<P-ogpi4jTER_7<@XLxtzOL4=q(oh6*9j0s_A
zXw&R*ou@L4z8<1ay4ZwcVo1Y?(&%5oNy%rT9+$aP?g3@XN9|bx5)uq$TG1b@l0hS>
zP&5C*y&2=Lvh96z&||pccb`wtzRb~Mlh<h=x8IFqIcw0(DJlzpPU})RId*!G9oO?=
zI_I`&YX626$PF*@9mdTjG+o-<h=HX}zUk!eor@{$uvdrUTS@p^fyacZkRP)#(H@><
zz~<$;bnjab{1w!*<(&jv@GT9yCdy0ak~Ux_X)wJ|Bfvx}Hksb!=M-?fKXj$^=1&yt
z;2-u(wlnJwP6aG~WOLXvj?djf?+0~<V`53ch?0^VL4M&EzjwxmyA(b>w$Zby)D7O$
zX3eUaqwj^n!}Xx+>oTGdx&M6l#-=2M!O(GtUH9Gy5MbgZr~4*2jd;k4*cI3vd)^$P
zO^|B|%>GUMr8*e5T&rV6KzAaKSXfmyCf=~JeCdImBUMy?-JNrm@k^SaV+nP#gMys~
zd8&47)!DSe-_<Qt#j1C3<zp6ABRc%@U%hgectnXz8s9LwEIr0uWV@vEK`6q+R(qe2
zuoRFt@=c@HlHlElnOq*BC|kNDi%wjY{O>%EH{`e}p3+Er(sw_|soD{JWoF}X`ctE|
z+1d;JnYDC(kL}ia@A2%rI%pKeci%1mlUAOMT`tM#$j!>ivX_AYGeZxh*p1m`VSU|F
z+Q>ySbDp_jE)U4_=VKb1rgE@;8zfq;#Qt~_T`TPLN4EiTezI27+Fp_@wbUHwsH*48
z>gw$L&#LS3Qcb7P?8&c6tNGpzn$FB!|7%^neoQ=nrs_$7|LHO9-$Jiy(DfkMAWaGm
zT)6|Il?Y<)oArE!C7Zo#(OK9IsHYYV&I#$CH7ynWZiuZfFiD`)Q*$mO5o0-tM}`~w
zZze$GI-lJ^C$6B!gB<5Ksy{hqyZgJsEUYA`hXG7Ee-D$R<DsQQZNGVGLa<DL&MvXp
zg7h<gnx1T7@k#HCoOWT`z3xqa-<XsdkkZ8U$-|Zq8~P;BWzw;EK;5?Yt0fPLDYB}M
zcjk(RQghFFy&r?I>vbRvyW4gpx?a|itGMR3Ou;{`;D&q0t!y5vaLG5Z620QK8UiAx
ztG9)gI|m)#HPfBWs}}8NP%en1D)-;9gu=gnG(Da(PB^+gCusG}cvmahKXrL@{15W8
zjUr)b?hJejE3e-7@R@|lHp~V?5#qL;X188Iu>F&&UL(InOdPIURtYtm9gloUOiQLQ
zgNq02C%EUCSJ7in^0g&UpTR?$I*siAwK*&fw(huI=t+!#fs2^z^&St?iGhE^rUABp
zM*|8l-@Gk$mnZ8m;>RvgrKT2T+X^VE@fLBH!>+qeYPuh3jlmnzkrc9>Y8f@(?t+l?
zgo)lBbbRUx^YiU<Q7c9&=M^&6`wI-=1ORW|5?s`cv@8W-H{B=KJ^;_VjzkQ7-^mNI
zsH=^Z?k>Zx&`w&~%FLw&is6N7bxqBGetw(P@=Vk^)qWtmZ=W)k^pTad^(TXe+jIPI
zZ(8348C-37JC3G@lgIuY)d~@h_vs=(fBiHI9<00y^;yJIKB*Q72SYbyo`P|j5&PGE
zE<e&IkAKqGL{=nK;6+te%;{_UA9cRFp`<)pE300KYF%KHJ82D}AX&5+?uurAxA8_x
z+>XZyK`(*<yrzfDT~i7Rt(`(FK6gW~s16ag>*wo7bE`%PN5)Zpy^zWN&v#|-JFOq6
z0jj2l_PzxoJFT5|Q)^Ld|F|Ik$EK4P`lCF>-yuP+Mwg4!UP$6Du<^*3m!DfC_uq*a
zE>nm6-$O}$-upulJEmF7r#Wtan|D|MflxO(&AXoal-hj)88tCXm5JjOpKJqOr>*8y
z-<iaq8;yp0Kga7pc^2xpvH!<4$N=y^!g9g@Kz$tCry<0DJctwUw+NtS2LJ3ohS*pV
zC<g#|QUU<}!2rPfe<J@=0KkO_05~@Q0C>^?04)3L4kf<-6k?_tQf6|0asZnDXlMXP
zm<0g*f870dasMYC09ZZ<0PKHD{*&c{{vU0AKG^@I|Hts}B~AnYAcy?F_cO0wb$g_n
zo~Ukre1vwtWLTX`(T^uGj~L+Lh3|oeLg7O{;2X82ksv4bK^UPzZyrJhP02|PnDk-W
zGprf}wGY7>fFTCYPl;N8!$aatax{=vQn<LesH*2!Ann8p_Shkvs5J9QNwmy*=B}Jw
z)2QY(zI3j(u5@lUV_I7q<8AyK;b^IkvHAZ?UUu8;gMER%^2XP8!!)ZB?|^zALrgtv
zhxZ;JZbA~`0R;A+IcHCv#rwl#+!GV;gF-NQw<GG4i}iMsO^%~~Cm}9nC~lf(^ebq*
z<YX9-C^tWXYmdyqvPO{sUj$>EIWhu3nY*=`edB5;sph8D>X%*$INy)6opJ5pz8_t$
z_FmlkmlB|Uk@8bL&vM+wOR+3!$P#R^kTeQo*r;~c3!xRi=^4{X>dY(IpR2EtR~hMB
zo|~(@Uxqu`7&;w)Pg$C_`HyaZzFrTd_dWiSZ#j-J0mh4qghbRo_~J_S*{S$MDe4a)
zKkUUH1#w@9dLM3gAUm%<n`R~NGvB|y8m_i{GoQV}#mG`beuc!tB8R(Ebk+WVZEN2W
z-r#eEwL)6aw=^A2!YZ#@t)z3Rq<o;+P2XTTK8`AUycZ3BB2*EY0z8r3e%ya#ybc}(
zFS7{*33GP&-J!NMtLoD$2Iyq&HD|t;?;U%b88d11UeDa@kGh}su04g{3${Dc{<HU$
zwX+Joep0ePN_j@65f29^>2qTUej&8?@8b>X+shgBifX0o;)!a+w1!wwJjQ6$%*ZP2
zn8bddvAU#xC3>AZpUr!sn}RfoV*+&l?z*Ca{BdpI^}K$)EDn<`TD2z*Y^@vFuO3du
zD6J|>rTD#yiGQ87O7i9Av*~s}@p7o~On6txNZf5YBSh6bUf6`iXFH20p+y20m9+5e
z=DKLN&MWvm=FCQp126T?JLU|x1PF#C8T_~w&?4-Ab0vY<4&>ZL*v7fV*jDAz-j|Db
zf&4?mgh9!ePRJM+CH@pv+8}5p`&~)&9HX-#bcF)Q{~>tvd5P}v>Ee8UzRS=(GL1xL
z8Il7DamVUAu?}fOREI!L^^oGGZF6O3j4JWTNa`}V5PduN%a?U;_%od*NYQ<9k2ix)
z;Fz_4aNd>p%whFv&p31tyc=kr&6#R*GdDw)17>XSN5Nt73hjLZZJ{5UpDRfAMd%sE
zR$)lthHOmdB+*?cbZ2$vz~^LH!cBkQ29aTO4fF<n8{J)bKaye;$|<tzbJAPsy9#w5
zEAQ52Seql>ixb3slwhpZbMv&*b;j;%qyM^p2Av0t95~^wuLCA_0?!rI2>AzLMWt;5
zm_k9xNd1T6_vq17^7Yg1P8o*ZRSqwzG|r8+KD0**3!fCMpS(2pT{tW7Eh{;(hz&(#
z!XNB{Z>24s?hw%!TotA}V7GLGD%y3lxCmzamX3uNip8c|3yh7YpQtK(e7n`pwvKv#
zy_S8KeOKC^Vw>U4EPx%NhUS)%Dvv%xSASFg=ol+)<?}E}u<4z)o;!Dk9kBhOTy$cc
zxAWa|x7|K;As}K74jLTU*LXE;zE2+J2Kh&(iv4xM$R?y3zNVpV!XSDWH>^>>sE@2f
zNOFJ{l$;A`#-j_ac81&fj47prhG2Mq!H_24#eUJo$JKVdlrtk9(Ji4nD&MoxzjL1A
zHs?S+9J*;8ZDkid=f?EOD+eMkC}V#L^^cQvim0k0eJVZyecXh{+lQ)Bmk!T|m4Y{-
zI?*KHZSjWiMoFHi7FDNXa3lBm3BP9*#Qi2JERTn~)8%9(<Y7b4j>MF4NWs~EE))!O
zw=d9%OP#oDuzeS%ySi><w;Ca!+llMsmVt0@=D_>2`@dY+o83lXQM?$Kx5Y1QQVF5Z
z*O&k*rsQ6+W@g#$nANeCa&C)0F^aHgg5~i+xHIta6_y%{$x85~O?=$8;~Bg!-=ML4
zvl8lH@b9Cm%Q=)<8%azg77d1f=*mBEris5<ndyCbD&2Duy~#50tMMJ=@u&U8$GXq6
zI{OyRjEw5;vFF)KT=<Nes7Uh}YE`NAss-HUraco1Vn^$_9Ir$XNwh>Mk|9gM^&S6u
zxMB_kQxDGCrOk#D?u;94aBF#(<P?HS{(WovdV5|yD$%EPQKx#FUdon#++Lugbx(m#
z@e83<z;I}#o!(PhyLb>T{89v5HTohr9B_%>y)A*fHj{Tj)+R42_TeP95Xd&tSGijF
z9L}Hv#ygrty^X1%9b&z%`dU$_Mc3wAcRO6z#jBtGQN?VBnfqfwZ<j6SaY1FKgLX4q
zF@@*rzXe5@te*${gOEgj&j3G?>6}0A2_sdZBpuIKQE6)7>zu&Yb3?t;cc}!nyWyLt
zmwDB7IADX7OCNfIVu^ZC_P$@qKDz*O+zlpTedrV7M$uML!m0y(*zLxJ#b4;w54V0Q
zTpdL?yDvLdBZm`fqYMsUFiYjbN~Xx}lycg8wt?J0Yq%qHw1*RaK_F{WIVmV7!ba&=
z3t=ThJ7}lz&C*1`2#F@HK}#n8)U0r)@5ohdAzZ+*m+8vc(*>Ccomva6TGtM$m6lCV
zo`O4mNOUxWRbKPzYW!Km{kYJ(3sd+|-~2KUyjkr{nN5s6L4?{jrs7SsPL4+aF6c=o
zQl8QYTgW9!PMG$8&-Y)Z(I|UwUFp}m-ztIZelZgGE+2kwD@4z3S4g%9BOLsc*y2-F
zyZ4Wkd%)SQ&0*~=?{`Plau7~Z`p<@ut#C)NlBBYY1RJ-qq%Q!EL%sD_@;ou&Bw5?8
zBFI{1Y!<Vu6QUVN7o2P^DVMaePqdMaBC$KwK#+Uj>+y4cjMbpUu7t$_+3`|<mZg9d
zVRn7(?xCk%)j;jwu=&-Dronca9^5*N860a25lnRzIx~nU3txRzwO-)y@?@?jtshNp
zj8C!u3)Jip^<=i)RMYE3H9cgvgNR>p!jrOdYP<<Gjhv!I=mL(2MX`$FG`IKZ`3=_S
zaGL(-#NY>ip%P&Gt6|&b;QNqsX4CTlP3lERPKc8JHCQ7CB#TO5o5`-|#NNjH$c8U7
zNS&N;5&=4kY(1E3R;#OC1J56uPhVVBYr=HcQH_N^)D)3(E7AVjL3{oqM;yU6CSr6Q
zY;n^at_M8r_YM9pj1$?<j=0#_QRxVC!B%8w5-<pV3THqe{168V80qM*Luv;zlmK&~
zHurJsHWP+W(0Sg#C?vCRg2}b)!LK(*ho;XIBh8*ygMK@Ki&!^CGw-d3H9frpw5l}y
z{N$g_dCA<1IJPrlk~50_3sY*E<uY>75**+kNq(_0Up^TAbRWcPuMImQectzmQNO3p
zg5ThO{@Y}P?rWz|v)i6~+@9Vb3D!Zl!%-DHqe@WWe?Q~x;obHtAj8GEd~FE(vHMRd
z;?vVvKG%Zp)0|u`|NM%Iq~WCdLlJclS#&W+1Z(TFpMH0pzHO3a;tfa2jn+@PG1Xk-
z*hbR@l?AmvbmXoLxjwc=*^ex;-;J~z<t+Pu<wXM47p%CKmQ37e?<9swq_(B^_Z|NQ
z(OXhct>!?w!59SZzzFYc<iASm-CUea*!Z*ibYztIgVf0+IFEPx@n4}GMRF_J`F4Cq
z+8REv9##(7PbyB%%Qm?e9Wl<K@QIOU=aHGS2$V*rky5mX1j4YKkvstkAW@)lW+~`@
z=x$EdyWP4U@AY-w{wTB`?0IatEdHe=6lC{)H?ey>@??Tc36L}vlD|+I;vLgJFPd<R
z*rFj+=C{WrAs~#q-TMP`W294iAb0>0a!VW>C8#DQgnK`5fPAStb{gk->Pxh>A#o~2
zl~sMyYjwb*9;h1%zr3Ov6ORvm&EhV9RDu?qnDbAb4X6E<!BZkC9`+1_3#tKL=&@VT
z;jZCf_kE@^s<t5sznW6AFrtKCBu!F%?+HHRv7HJ3d9vt$vF&;8?nJ&8%kMkW&(3$1
zS5KR##-9UrF)5Sa=IDw`;In}9WAs90TVNfC1vPkj)_|U2o~$NWl29)}DBu=<sX{GM
zisBBYXwl_Y=%McpF}ShTQ~tTr?cfLhA^1%QGUqk)C0Nw!(7?L(<mjLL75@6ZKc?JA
zrG}P}VqNFOMnx}2Lg5|~PrW^oMa{mwu`AaV%~uqj9}Tc4)YgjJY)l`V!5LoJ_P3s+
zx>ATgljnonIB1}*edFQP-@Sr={}VZrKr~^|!or0n&#tZJ4lW=-Or!LxS}|gTcivlo
z$e54hqKMy}VUK=HFC4|HPJA~MoRYA8U{rhFXZDUqnqbEdbbv$!sU!?~OY}VYA*g3P
zXIk*x-0ypS^f!djS(OVSeac*Uye8$@6NW|UphKo*vD*A1#TdCeHwn9c2n94wAJzE_
zeS^IBhAP-t>YIJOD`6fyW|W=Z>CrP1Bj3ku?Y0d-@4b9)@nhqQF?kKSpaE0X=xTq-
z|I#xv#j`?t@Gm@;j<kKl0fNr0J2NvfFyvK6GCUuRpikSF+HuhOd_Lmvb6V8%0A$=C
zdg58g&c#T1-e^ag=^;IT1~Ty98jE8B30kvi2(@&ic>kT@_?=-yIlk7L1T$H)3734v
z<r9vq=U(~(Zj;0-I0;1|HxK<Q=w72Ds910j&YB(?mN2bY*Zf6&vmF|BN#BdGnPdiu
z*e#IdtbXx^d2^B)tAu5QI9QAtr7LS?dXTJHf)YlWY7E+lgf;ko+=URc8Mil5!?VI;
zj)6k_F;tDU&HiJWGVlAN_49VGG4B;W(hbL-aHvGZXV}E8ElOI{o}LHfX+n@eK0?34
zUjSu5n!kCkP5W)K1Cn+n67|0<(3xVR079_C4nW0e1lcLE@V3yU-M&&iVP7GPOBg@y
z!jo><MC`xsI8n~ga*TH3e_x{hfy*w}dLQMkDrYhse>CV%k#VYWfTw~fdf-<n3>2ty
zJdBE5+e;jrbb2oe&Vd69O(L|Y#R7d23oC*PyG7g+b!9AuSzX+~40hpCeu%$NO~(_z
z(hI~T6$=F7h!Bt^f#)zty+h1kcRdjcm*;z+OBW@fm!kz=lbD1qe;F%2!TjYt8f{jd
zUKC*adzTxdjLXXBH2LR-;Y1%&UH_8-?DiVV!Ak#(5rs#TEjiG-VIbw-wc$g?yO)d1
z`HIWZ^$RQp%Y11E@djPvT?6U2n1ZSrT`9>Omlw&w<uqEue0Xs$UI^rwWy(MnKuF(z
zvY+0eCfp$}Vw=h&f3v3HurZMKWp*xN_i|b^G)X{;5rh%c6kY1Bf{iZLF%}V)u;V0r
zT)uxLBeF?9{t>8>SeOW2fX+f_#{~u?Q-KwTx>3!8*ABk<OmTl*QYs~GNnk!ppb@2<
zynTzd5g{l?OO{UH5ib)UU4!itb(x56GSEUPLm8x4G3V%|e_0?-CRu*1l5TzOJ<83?
z{W<3yM5+NWNkQeU6Pa;(Wrzu|10hJw%tUHYW(i=;O2|jYBmG~jm@~LEQPDtA;!MLt
zVMEaBX@Hs&C3~kGWaH#mM1rJv&r<K&W0$gA`(0K$xveA{kC4^@ZZg^9cXAYk^beZG
zWs!+rP{-udf0tWqCT;BG1ds93p_3OP<#S%YX9vyyOkGc>7F8-E67rR5q*`A+ohiJN
zOGQYt^T;Jg1uj_t3R$7;kPG3PVq}d~sYg5-5U)*tzY?oe%2D-UcNL&hk5L0ln47|#
z6XT)F2bC&ANupFOWU}5Q7Y3=TLQgj*u(gKs*2)4qe@N6#kV899@^ofue)8&GW8HB7
z>w!Dpz^An@LtJA<T=@zQ;DyGKVFrGEYIr#NaD=|szN*)}LrfUP!0;pii-IxTTbB`Y
z*hcO@<2H7om(en7DuHQ+9(}(=CufLl%z%F}g$wUKT*me(d**%t)bM|730c;05)i`5
z*mUm{f7r3l(^a6y&E3Mrw_ON3K477crg5-B`_+haEl`c;BZSXUQ%WUEP~^!>BjX`W
zFt~@XPe0P5p;t$ydPIF(*dxc5#S}`2TL<SWNLR6GSwu_&JQTa#yM3r?(yR)SdzmZe
zO?u3l1+HzXNK<wpNC^@VT6>-g@@VyZ_hgWMf8KLIceQ;R+&;?w3eb>)?@5jF26OI7
zOpx~ocEeVovG3WkH0Y5%|Mi-aJohw#W=$SNA%7?!1u12lilzSwFgdX%$|)@?#_9^6
zUTyN^pmB^;bZU0tUmrouAN_q*SV@!m5O@#-k;KX`u_4+pkDT+A0NhiTJe8-@79^xG
zfBZ1Y+neE7-Tp>iWgt*I44ro+!UIV!##P5LDU9b4u3+gIxl~RKm{aSHcah$rc3WAk
zz<X|!KPsmsSR~;{?uJg}nO`i>X&aCoYhEbkf(RzKIkrN=uC1@+Ij36Xp}o0XVcyKi
zo;>;ev+ngBfy`NB$_Y>z5!C$qt`;Wre>OG|#WGPK)&{7tOp2ovs1i)J(`Anl=q>tH
za{%7@4st;SG#B$1pSp)=6ME%25q+z+kEW!yU=%(jS0UX*{dL!d2u;wYcw5W5S-QDe
z?)cweNi(<?r0f|KJpNys;}dy-lq@G3r&EJISS(^u;K;V$lM<Eq<JR`x0>#zSf08dK
zKmHEWBCS|1j2E+jS#GRTniP*dMx#iyO>7czE48a<CDIAG)e&EKH(`4P9dp$0!o>bl
ztJCRru`bCYm7o*zqJzVqV{`3cu3J|hMyX>(LVjlOIGpC|`iPqTHNy*@pS*w2C`(P$
zf083Cw$+79<1T>G$fX`)EaJ+Se~)EF)Z!axRG{DXETx&ixXc`Pu7jVMtUm;IR5j=!
zykey~v8~G0s1XxW-tDGq?CMTrEO4SdZ>?%5GdRDDqiVtBH5t5Z?thJ>*s+tmmWeG}
zf%w@`%fSN`_Lw@p76sqp+U~mZb-D9`tZI82gD+K5S1wG2Th6Yftz)S)e-ccmsy0tM
zVj_-7GJbpKjwv-swZ9rGhf!O5vs-pizGW%fL)v%c-&mvOa^QOI8r)El+M!B-1wqwJ
zxfG^;fM4XmK^F@->oFZ==64%iThc)S_?lFDkv;kiO-;6FcPGCeKUUhXAEb^-gFnum
zK(nxnbbL-lW|k2M_@_0Zf79u*$7@m<{WtPA@!bHa$=oWhMFPzn3(#E_BN(=YWvp0a
zWp6;5dXk+)tf;|)XN#|;qE1y@V3u1zqt2ye*1$?~fhgaFs2u7pAfCWCwmH-7BR>KW
z`wnsI#_3y>65g%F<Fwk1l|OwE&+PFXhQr}>Xiqt$2@{K(r(6U_f6+218Mk~<$P6wB
znP(_MuLg#&!%!GYu@C~40E3etvqXyW{Kn;~eAyiLp(S-E+fr#*Ok273Vr8!*>|?L0
zA5NHOO5k9?@!rDzvjPwFc015%`!2b33H^YKM9kpRC!}mgh^{LLtWqdl)pt&nz(@CM
zPxs^%(?&t!!MSEze}{x^n>Sbmx|VFTWZX0GETJSljl3JQ9G(0OmVfRPwj1fU=LK$1
z)ufiJrqO-mS$|;vFGKvK*kVD6Q(+mUs@vT2WU@LmH;%yNjt-C_IECGoJ4E%L=jqGd
zFB((Z(>P$_lu<P7le$g4L;-443#J{rJWVlsKiPykd?!ole=jRN4oj90J*CU0PwSVA
zs#;<1yqcPc^yiM%?J6l2Ybxh+a<}wfgdA5vSGteB&0}1_JS$$IMNOQ7z@L2^w_EMF
z-k?tvz%lEWu*HPtiSWOFD(KxwLd3zMLu8PUcO<OLZOa6{aj|f%SJUO~?eFE4jF~sc
znLw9!dZQ)^f01cb8aa+JY<ae@7Zsh(268;|f>w3pAN^L(CZSJwC5tP%7PflRr8+LX
zeFy8jthu~sDM;-yXI>Ss%zrY@LMQ4t{>lebJ1}E|I}}AxI-j??BPZ8K0i4|-XU!06
zOe7Z<bF;v-m+0Y(QxG(QeYLDz7g?2HcqEf*e)Mq~e|1_O_KS6^+S{7_V$6oSV{xy~
z1rQx?8<p#A=K;K4*MYWQwO0Cfxj^U!z4xl~mP@pP*BBQ7jlbQi%H4m}=c}-ah{rb=
zeW~7H5~3ZE-PkIycyQm1TpdBs1TT;UyxNgnxZF7AIO6Koz22Nr%o^7X@(*olW8|P!
z>K=5Wf67ShN2$u8F_}mF`-Y+(Eka9GnY5^?%3))61(WqvEY6KhQf!MT4&z$nQ5oBc
z@Ig%VlW$=q6nYMJf~s_p)WZ3V%y`R8ozFL28^q$5@x%aeSDX(6;)(95OL@2Sl~neX
zds_Oiv5}7U@NTcA)hq&ms!Ouu)`yYSlbdLce~OK62SfX?ADQ=-m{Pq>w{8{b9s<L6
zP8_cEjZV>v^Gs3+kUq`q-a&!ZcW*|$_8gntzy5o?T!QBWWrZZ#q7>3ydA}qY4cwc{
z-^80oEKq0{&jvrCs=6?$m9}0p-`xamh_Zzx$DKADU1SOe72^!y%wWvEbN5n?;^o_>
ze}7}U;SffeX&XY7LXyJx^dRf+Z2R2hp%J5$Dt4r41YpF=Si(!YxJcKe1+9-NahazK
z8L3E1nTqv|lB+f6N1Sb24{6r^Zcs3GKBLwC2XA}ov5pu|qoGGaJ8U_2=u~LuR8b^}
zhMXEmTMS=;Q5EeehGKPGK?bK>UscW%e;uMxGOgyR^;w})of_Cq(*RNJ2FK6K@%+|?
zY0cg^#}$xohNS<Z0iv1eea^~o8VB*<MOCxE>X-RCS|oMPmW)VP!fiTGf1oSlu*6Kd
zO?IB#X}js#oV}I18!8g5$KGFKa0P9}C!_wTHMwOfD~2!4gKD$ZYxJ+zdW<Cuf1RPl
z4-!co!}L^CPwns_@TkeaA=_A5W@S-!MjrdhCMm{MX^l|Cu9duc$tGKC5kr?m;=$@`
z#I?6nji`(vJ%n<DXLMza`ITbP%4uSgV|9gl)%oX5o>#=Z&WJaNJqF5ASGC>hCM?b&
zyOv*n`XX{B;;>Vv8bSKjo#;zTe+NrXuF}LV)?laQ(3SA>SS<2VG<DoLLHlQ_$#Xf!
z&f3Z4=tf8&|4==4^ejoNFrLMe^^}<R^wxVSeqazao-y;0x5x0D6Q8^F6l4e%W{dE|
z=m^p!@a!0S5!yt>`d3qE6&21S{i5+?3Y2u}L!`GFlORI|VJf~poMmd!f7gHi726#T
zg*n(FNn%BV+~6%PVlBIr<#SzZo@xN=KvN}jXn2zhXIG8afY^!PlFj$ru+Hi2v#%Vz
zH=np`CUr;HyIVPs-D=paulJaADU}DGF4X4E^dZRFTiKt7=JUp87s2Naw9(5lUhf>a
zXx6mz$?j02-@fzQGcUcef4vMA?N|5U169r(z1dRf+K2eb`8tN~`58Cax8-bD*^>)L
zD30rH7ugjbyUa##hOU6j6tfI*A`Sed2G3I+Au`s7?~a>4zCP%V1U%41iG|bj%Fc|E
z=JD-7+RhIalLtC8p8mAVOtrb1&g?A*78S++qK1$n9eYn4ca`Rle?3J)YcR}no})Tb
zP&@-qw3#bnS9oHAy>U~iIG65Q!E5S3SIP1A5Q@pzd{>e9V`uhr-Pv|ycYSp0C~jwd
z_C!$;FG)YI1+)kPq85Nlp`!l-R^Ga?WFw2v7PGmR2!)bq|H6p1s?D-5e;Rqxz9YaS
z3FN^<$P6Yu29cvEe+OeZIseYH9bV@2N3Ty6z%JRC^th2B?k#FJ@%tcciA5T!oY6TI
zR5pQ;4ymeob_R}@!BU#!0KpkGe^5z>B2nx~rZo6nO-@<ja;s7sRtLa9XvD*tD2hxm
zL9nIHwMLdCI~=`T2(<Byqi`r^siRof?g7AXdlM?$9P(2(f6)>!6CM%D17e-{FZZsf
z=7uFQgNwlE_vK;vezfk908;9|>K?apcKcUu{Qj)Dd(aEA`AuRJEHr5pJW7%n-+C4A
zFErnJ1&PRTuoNgX!jbR3Xa964GQAYZM%>0sZ?-bSF6_N?QbW*ots)J3Kx|gwXwJCX
zc)p_E`Y)ApfA6R90jHY=IfLmFg~gWNe*rAFBS9|xc<b@lTqOg1-DMkS10zV7eXECr
zcVH`0(a50Q?kwH$;Mvk*aw=|kVVT=WvE~I4t&rht;ukO#t;9Gp<FfPPs6JgF)Id{c
z0?R59B(m;8UcIXvb4K^S!Y3=S=Dm~yTqOzBD8|1Qf5xXbpQBkXx9`=i-zGcT-uvJw
z_=9>VqzHKGf6>=PNKiDpIZIO1ualVmda$U(6N)5POD+~EE2~DQN#!TIk=|fbMjI!|
zvp!2s?GDdv82{Hfl`L2-jnhXz(7SX&p`clMe$f97>+gF{rTl%C(^IEf#lsc00?TN8
zMD}b*e;jdF0F4p(Fa5wqkwFGJKXRKTyFuVyoyDK6#}kJk)~-!p{+CLyq;a`|+xd_c
z4PHUe>H>^N46+ms*F=ZVw#~Bzxq=mhyF<})pc{-!^^mXl+kw0!nRcwr)z4^k%)2Cx
zzBh}))|%nZcB|tJ9^v7xrEsSEJD4Qu??kTTf7DYIBh-);7I)EVMYWJa3YcmzSR`rA
z$96YRYW^{I(1_R(f5cZ@g;C2?Jbrz=i=0mlInxR<#;Tu~ekQr&(eV>Dz~Q)xI7O+d
zVFI)YDr7x0brx5=JGvK&JNF;)&&<Jczyv@Nt2+<glpRIN8Yk9a&!^bly9@vW2Hfu!
ze|qgOq>ebH_a7TwW?{PF+03$xq7tJ{x{TkJdzkIGuG3~lzQO(1QTq+~-h~0|kU4)3
zdu#V?w%mg#bPH%yz^?Og4TIW#cfIyK0D)S?4=TvtdH7{BpCbMjv66ykxoqeldC+6a
zWWj|Nar?KW@_x2(K95JLjtA1#tL>K$e`gW!bG+BClSG}(I>(qWII&E{Z~r29_WAcW
zZB69~KT^-V-+`2SZb|dsBViv_@LyA#5yci$k=0hTNGok)?d_#Sbj3St#r8!7+E~gQ
z%c*L{tG>E!()zwBPgs8wdUa7Xn)GU(y@C9)p&zk)IlA=cwI)MW<5FP?+7LDFe^k6C
z7q}jw(xcXS1Wwnb;5X7Wy7U>d8`24_0^gC3a@i^?-7mmUw5bo(HC0h4$NO*_IE0><
zE6aC!P<iL2^XjqyG!;F2u|f+L)(`?%M&BohUZZPufd1W`jz0Rn4BF90O~x{6Ii`%{
zkBv%kTk1x?o6woJ=o**ythYsDfBrhu2XywXp=lC*lmwy5OPDiWzM3}K;8z0G2XKhT
zj!OOKdW%QThpOeEIPzoY%?T{dO*EqWluyG*uIP8soeUJ%%qE-3OI4u;`lUX5vN-)e
z3N?A1B*2?|c^zafav?@|6-<zVCvWfmve@WFs}`!?edAavR`reHmdus0f9WJ{Wf!yG
zXHc(7w>(JKV_e%Og<o7j`4AOMV5?Oq<nmD2le_XC0m45;CygM{{i3ee_BZt{tj=Y$
zSFv_9eC356BDfBgIdxU$yF8;eo^Mu1?kSbK==-|ZA}6cl#^2z6ZpOQB%_fHuY;wQd
zNtUE;+4Z!YdG^uAKt!Ife`O)FJ3abVIHqEyYlyU}5N?<c;Yet!8|OJ7A99i?TM}y6
zrt%nYpMB}$t+othY1C`yCMXg?JtoFas!&Q<YCrnb)p|F^tb1=WKBc&gRnYfw2H-R^
zm@JmmP~uzYZ9;H-o@51ygt7g#X5TB<yiT?v#pns!n8DGY*FY5|e=!83FYrf=n!T!&
z7TQ$BpF7gLS`*=VX|Bb3g4}P}oT#*m6>fvK?1iccP6`)&RwCd+!Y$7Tfq$djLbH3@
zXY+5kdh}TM5k1G}gfOheU*$^*lLpx}Z)i-(d2$u1Jo=vBoCzjMA*@ypI2OsyYa=-_
zTvmYeG8GFw?_s{>e_(yQKj07gf^j>amB!auj6-1>gPJ#e|86HU<#o)#6ijRgSl=ln
z;G0)xn6LR7AhlN0minTEta7KYyP)?-6@DEcC{|{+){u7M2t6X6(DTDTU*f(FA^4{H
zQ3+itgu04IP^+qUH<X%j&u7(BexVL&viSs`7bs6ZuL*RXf1n0erW4|%!o|H@)o%t%
zJk?)#!wqPSv~2T`tSrqVD4gOcOiUbR&x|E5)@Z^DR@JMBi!(Fkv_7Bso~BJ(slU_a
zy;yGM)E+VRJmP!~G#nbVAjdUgc!?2f(biF#gIA+XD_vP{HDL3XxFD!I2NI#Ot+_mu
z@{0S-^RtL^e}0F{UFqJHBi|W~Umtwc1k82fkwg0;$o`ee;vxaj=9b8U5^pYc18Xs<
zUMo|MK*^b1SW4yHEJUuatbw8_S)KjIFKFPU4#dC+g9<GS-)0I`TG~_81y(1)&ku}o
z-W_P6X^QsN0gZTVuty?NZzLzv3yXD9(I*p+s_05ue;Ggb)Z051tZt8vYE7RXY7bs|
zuhCxLf*{l}xru_&Isq#|5d`itkW4&OMvnXSrE=1r5%EG|%hH?|F%B{(T-V?FBH#g*
zSzuzbBvy0fNip&_k9Qa9#@#6yoPV3BwxR#+C%a0J@Z?{3s;nu2xQHWItu?m^XVjj7
zMEI~Ze}pOSX<WwvpJ)C=|7PN6X!ku8@y6bu?!Gc<XQv;)H9GHovEuI~@GRvo<rUe*
zFl`%+BKCHfzet%(^j1=&mx(Oto_%Tf`5e$MH#^_6omKe3S=9fO`M#aZ>!&@zIBa*X
z2xbe#9)hBkHDl_h^`tV2mQ1Qy9CFXeS7{Qyf3&a;MrR?XF7&w<{|{4lr&_VfI;{U|
zQ|8lSt&*%-;JAp8B~!e;0goAw8lH-5-j7tpt;m|LZBN02#UIjg%Z|ND=TA<BZ$*8c
zv1oF{*XN{54e*y(dfMXHL!JkNW#n-=Uj}BrRLRy2yN;hKBf^2+4xn!^otrREQ=d@0
ze@%5%p#I#Q?dW{Jd)DqCTpiUOoMQbX{@e`{4d*ey35;<&WJOQd5^XEslj_CsoDotm
zf1Jm!>oQVhrpKksBa_bTTJ`kiW;ZY7)u%dFWv6o91_v&>INmtxydZY%!92;h@uc#U
z*u5tg>4hiBiP73r?H_t$qCgUcSg3*Kf6%nNpt`=G*Hokva!-g5-x@Zk7n#Ed)}joI
zz^b{As8hFu9_Uv3J11fM*@C@IZ4C6*s>{YLRrYJG|J)(F(SIybO0U>X;rcrH32gP5
zX7w0mJ87Hp2u&<hU;SrwbE%{4dMAMRSk6i(oc@Lycfg<|<%7@GYnPSkorB><fAxzk
zJ6o$WqL3n10gvotSjyvzw*jr8V)0PZYV^|c<9vb~bmuW9`}<*q@7iL4p`Thx2HsR`
zqbB~5e4~@PJJ*<l9iM1*d#2i?RjzRFb7IqWXU@9CkS~1PoUA$0Lr66f`9wS}O#u$`
zH^%SZ-~C;OP+|kU-p3EGS43B3e}y|&BBwGviL*^=-al=lVH8r>o8)Ajia!GL@g?!a
zx#Vc%84{x+9r7xQF6I$HRE$51<G)xFd7=X_w898=Q=FGLs71^ipo^_9Mw|n^*2bCC
zOIg$16uwYR&uOJk@jNH-h7zZ5o!lHBM<!lA+(<37$R>UGGX(7<65V-6e^Z^T>x(DS
zWMAUiU#gW6U+BLCq9t;hsKz`qoAQD`3SFR6j3S!lal5sTz<f>~8&uPcv@t?yIMJgb
z9naDk+kiN4Z~_j3&*eMQ7arKUZ=Ke)uQJ>3s<VfxVXU?<dfunfT<WvOvAsx|wRTeX
z5~L>^i9p@`a^?4qQ~Gtme<)jPmC-ZyycKtZW{Les_F9r{{<Gx><5|H^=I-r2bWU2s
zw0fw)YR53&E3O_T4!`}K8${MfgJ@dPTaGEm*a^z5MOn&7a%Ox&jYv{dnwo0+=Gufc
zCJsd_fgzWIVX7{DD}qucbPp*3S`ES!{A+DQ#ILWn#GgX)o%^bre>+Csvm2*3iL|FJ
zNa8*}AB5H3&nOR7kC@`Bq2E>^mP;Qwxqoo9{lvXXl)r9s$ePD{&d;EwTa-oclrGNY
zwDxk&ahdCVmOh#r&?@=sZ#bZjsEsFv&bI!rw@oGQzh_a$-3(%^=JOynf~lkCAnvpR
zW3}Vlj>gxWlqakAe+RXzLHQl4fg+i(s5aa^w$za`<SSYM1k}xSCB%T~Wua(GYb%{c
zcZ#T@#4p+ve8P9ZNjSYzww-63oms!HazXFWDC!+D0O;nM<%Iqxsqe*882(YpYq3~@
zGn|GE5Epl{<TM<UH;6;L3Zq6g;D5Dqmoarj?SsH^iWMpDe|B-bv_*;(=i=^Ov|QZX
zp}4yhD^jeuUEIA;TrW;>yEttB?`}5PWIt{8!*0TFawe0LnaO14%$eu;Fpte*_m2&T
ztiH6)i>&;-$wAwfZ99pSc1zkW_lo2yM(7^4(>1&OW?++HH=#3_yH|_Hfd@&WFa4`z
zxq=f^=`Ti`e-Lwr+Oln!Dax?#453Ps(jQPhjto@h-Kfv*&?Qdw{ANOH-`DbHmO^y0
zvacJ9UZAPk&5iPm@wlg`9Ow(F!tI*nlcnFGx&PIKz1nnK2pk`W>K!!ACqpEiy+7`)
zceGY6RO+6B!)zKC7)hAG)N_krdHi*DmcMAugQka}fB61;O29i0l}g2*@w6Z3YZ^c1
z>z(-{xmmd{%R|jD_m)-D<fSm(Zkityq{;R9EouviPsfODC--Bphr{R+pFaYZvBaT=
z+avC>jtW5y6J%8}+uz9bv2@q1--;p8*vu)B#IjE0ItyL}d=bDZo-fC<I{qzypmEP6
zP$gI5f68>sFK}_A+bi<0eG27WTa_#IKsqMy??3F^uqG#=6P5(I2${)`Xev>Ep{m9)
z;G8eE6mZHFfF0K3{u|n}jl9hkzG6Rrz-)&P|7=$HV?(}c&k|M5$F+&un8mHl@lUL_
z_8KFtspDS;?SMhtoLrKzKX;Ay-gJJ$D=+dbe^(rH!lg)2)biH8dC26`sYqFvcg79Y
z?sg~50>gdBYOZ88oCxAZAajKukieDQ;TOakOo7@6?|9!e+#vD9F~Pwbo@09+A7ZPd
z;O14#GDjHK{q3qwcF;<9QQA|oSuAoF?OPg({D#<bC<RkX?W>S~PR`!9@}4w+G7I#6
ze=u)UrdGQ$?ztV)X`I9&w!NN;z%1N*OEiW}l<c|C7?Bg0MHh-e(z$QZZ6G{VnRuu`
zq__A!v2CFiq+f4v>HonO0jixdiMWsOM!bJ?>GnbUt~{FB2z{i-|E5GFFV91%dWG(7
z*B*rQMZu^q@8s0EO-#_%fOG0TM$w{;f0jY}sY6-y*e9RP0o<YLJwXuWk7c!*F}6y5
znZr=Hp1>$588G!ee4YRY)dIdlOco?S%(WskI@jWi>E77&=|?z^MY!{Y4qQPKPe_)O
zxo38wYXNY^`di$)w-WA`Nj$c^dL<D|^dx~|-TaY3${)%wFd7Y`mf`aQxA^@be^-yA
zpI-L78yQbj;HkUh3}fzoOm4+h9bKMB;5W@JBo@5GzR!$?#bg$+8~3GP=8$feBc#Rp
zacQau1U{4_O}YP=%xe_eOt=UtNm*5V*Ecs<gpd&;U<YKN$T4wxM$p@9l);<a^yofM
z;g33W2De~RyYL`6E_kjmOjS|Tf7xWM>Ycgvmn#S@H2DrRmTMJ==8EeyP)9EmQI<ip
zH)GCUb{AhlMLg)M{uCm74oG_zzO43O@CW8xGM5orwk}irMQLuOr9Gn&*VBO)rGx6m
z+_eIP){_tZx+xVj=hIYX0Sy!&&9l%$)5?o8%3zf$1##^{i`F`eOwk=~e;G|gb^EAp
z7@?kJm>HtvFDCwW;MVODxgJNCBCcIzkrgVz@5PQk<h=}4Vm}#4n}7U<NTtOjN0w~@
zWe&U0EG`=x3OTA<({0#gU$VR{Z)5ZB3TO77ge>6RIPBT9+)Gk*uM?)+KE9_ZEPP|c
zyc(HV3S*tFxE~m{b2nroe?wbT8S7&{ab?VvkQ(W(QZUqhM_Ca+O+g@QV6fjobUJsD
zW+%ODJwno?d%Ztk3&bKT&HO<8GdNn=*9=(1J3@S1bcGses^fT^k1YLw0se)=i(y=}
z@8Lrfw`%H&o%i8*n`JK(byd=DQk{_OU37WS9gw_<!WLmd)X;%mf6(YgQe;ApiaA=a
z91h82=g{+zNHC|2dy@xm6)O1jHBmd*!I#^!&3>RsH}t;w1asEfyTag;%1_W|^_gUa
z86p~`ua6Rz7v5Us0D4BU=tnHU5+h_=IvHaHGn_B#8E);S($qAnA*3`(@H$33OVgMr
zi90<GJI~0dX+#UAe}N8l#EiRvFHuQ-n)91WivFB2nlpVd*VhPVTndCg>Krh|S^1b*
z&u;ggw$je);^>7bUEvVgH<vw+ZPvfJY5HU*mP%Dj!DoOiH1FTlR_a<WUr`TL!77qM
z`fgQZXH_%@Bj8ra*8jxKb1&#fH&#hW2}a|X*kYcbU8Cn1e<mo(w>AbkH!#w7_|Hl+
zymLuRyh7TFu;5B&vmm%x&vN!C?n;&8!pPRyu+@K-`6QS)A$Hb!Wf7Cl!m7Vx+A{tD
z%VJQiyVfc%Z6xS=Gn6;yeA0U{Psqu}blnEdXD#QJ^M%Xr#;gC&r*k&6zx6TIwKM|0
z7>$ZeQKx_3e{7AXvI2!$bZ-pW?o1_bt(QG&tnc)ztt!&yD5aQcR7WcVceNtEI_kEJ
zH;6@Y6wg#XpodP;sRKoeBP&q1Z2P~T@~`l&___~Y+wgbjZz=?SKwkT^3@;G8xP=QI
zi7YQQb?t3bu;l*uK4s&Kuf2c7wCL*PV3XwKRQM42e{|)(a*!Mj{=|pwx$_0f{~|*P
zg{E)ay+d5W{hJ?&nmMy>SAC4!FQ@68Wa_@J{^ChGyb8Y*miJ^W#xh+xbb6ddR(8k`
z>}<zsPKPQ48RKkzHQt&RuU;lUfmd%(snyJYQszP~=#bohnbXv$U>b+cNy}j3q^wWM
zRyi%3e_=g?{L<HfcUtP^1VAI3<;F-wvP%4J4AR3mRK$*BR*|&Rr+9l`v&7g=9=JIe
z_T+`->}O#`wA_<I<@~lwT{jkb+EzXio^=5dG=dMmr+9N`MWPxeD(v?3#ns)*G8hgv
z%m7=^c7r;e!f0UW1b8Rxsw&Q68J;~SI`88%fBq(lv@dFiObBT~q9eJs8Od8@?>6Jg
ztrKsdd2EWR8a}m;+jW&eVlCz6OnH%L5jGl=u6a#ol*JOiM{n;r{cvASFHd~v|E9*_
z!gX9wj_nC9zQkS%iprkj9~P)u#KhSFzbpntmsZ%_b$(1qRoE2GmYg9}mk<ooyZ=FU
ze^i$WsGg1JXU38lr#(SG!Zb1%)RMma%l8OWbC6tNKGJl4cRHV$J~!A>nS!dt!bV}w
z{;r5}z&0n}t*wr3fm9b(?a5&jT7K0`3x;nPFlLG3bzG9fPj)LY_<ZZkRy8*G?s-P(
zaU!Nz{WJ*<={AK|)n_jJtPSP7UgDzLf5sav*iE6zON_a&N;xuRtKRxXuo9>mtk8Jz
zEWl%%N>lYGc3!h+&8i@1)bUPZWa~kPQs1=EKjW@jc(f3)ydPh0;@mB;$+-rjs3xa2
z<9MhZ%&2!V7u$wTG+8FZtOB4j3zGFJ?V~F$nGc89MpcrhRrl1EhUX5nOysoqe;&u#
zlZ4&d3{YPtYCZosb-sC^`1kp~X4uX1NLW`?6_$T<F0rRKZp@ylGX7-GnXcZT%ln=q
zLh6uH7gDzWvCX~RvIM&&LuZwI(n~?aZ3L6#w0pOC6L@$1kZu4O`<-$)_V$N9<RyL7
zKCkX&Be^%+f-QD8-4ypA0niNSf6=nZ9LVH!`3bB@0X-P}EurLC8!q=%ehVsAMn@tn
zMoRicH=Ak`UZamkHWv{*=37#G@QG1=v{-j5G|1>SVtuFTMh*_)ad%a|^KAH0%Gxtg
zLU4EhRb-ZnyvIz7XK7+TPSu5!K{%xa{<IfoT=Afarb$b--JrHLXJe^-e>$gTYE_%E
zPPI&+h+e@!>rKqx7?LBw*x_*{<GoFOw~5ml=NXRRgramJeczgm?uS(JlgaZPykZt4
zz#372EuDf<Wl)t~)lV%(kKU051IwlAwsPi95OeTn!64pI!Qeh82c$dTz`TUPkE5gd
z1Bagtnlr@F;d##yT9-|ye@*{2%aiH&{6)R|G!Vte(*3T9VF-f=dC%^o&e?Cw%2LMu
z4;@*N83c*uO-Akw6T4RHvDr-TcTz@%t)&Pl9W^D_N;y|o@az$CgfD=#GLhng!iqd|
zA{y;#<R`E2qAlkucY9MO80II-cLRkryBqtN&~7=vj15M}`0rXVe`R<8ULEjfaRe)O
zPCxe#o=*PMh0@sx6Z<Ups2Z&IRaRIfGU<vxk^#7>hl4@o=v3l|a6LFVL$gV=et*iH
zc-TFlQGQwBYt`^?&TQPdUqpn%n(`KRsaBn$_K&m4YFypK>{l3vfi9^9Ge~6s5Me9C
zVje><mtF(c1&A_ze@z^pUgNUW&BxHJF&0An^@H4g?C=J@wMICwj2CW*J~y7wjB0h=
zqGt9>Er2AB0<X8hcXUS%a9K!xAXguq`*X2k8@B=-9f9fR+^C7^c#~h{8OJFY>BDiZ
zF~Z_ejx<ITUhbiEkiZ`m)et&8m%*~oFS=gRI_H_^(r1XAe;$i;a)KfZ@V6KK5&|m(
z>;6zSD(<!6J`Z;pd%@2oBtXzs_TL3=Mr2jA>|gTOaxN@l?gl*7t>Zy9e#!$IK>3k)
zM*dyhxpj}Oi67tX1i$G6IJcxOlG<Y=_HjY}GX6y*Zv}fzm~M?A;1;iz@4CBI);K*9
zXud1#syB{(e+s8PlJ@gYJEoBNwEPR)G`YFzhWmcaKtz{;0tsS67eQNACD}Wa5R+ET
zAzAr@UvvI9YA<O1_g3rPPug(bm$nMk`uEBu-mI$8>)<WDPpZILI$Sc?l$i;Ey2Tx+
z3?F%c62mfPRm&HaH_pUD;g-XtNC^;aEz4_;031a4f60y*#hB8W&KpS+%_P_?V~uu1
z_pV_8SKj*SBQ}(L#-go|W3$g6J9?}h;wv9Y1g}2#3%P6Q`|S%ftu$^tveTg~(@j6)
zrN9yd(9~43gh@I{Yi6;w9kss2L8v-TR$X&UKhb0*>DIJuF{5{badj;k2!DP0UEoq$
z!YVkrfAX?q9G(WzI(hm6A7FHm@VEv2?DN$h?ny<~K0U#VMC?G@@UY6N(h^Ts-kQJF
zV*grlfp0OwT=#dm5m`{ZF60dBTTob4%18FC#DQ5)7WOWIhPe}N$i<$_-9Dwjal+g8
zPl0B94)oK&EH4fbs|*9q_zsDPeKfNCs<^|}f7UD!g_XtMLDhGeb$ph+`|Ts9k%{G8
z`D<h#O8{~dvbuSR8n^6b(WU&}V}`<QiT`O9)#}12_YQm-K@%ox5dF}CGPye;6s$MA
z|K4mqAW_zsUA-7k_qKXFLiCdfv1>N$Z-G{X>u0FJ%%49SQpq{CFm%rMs@Kcx`M^R7
ze`=D@V%9GqN@1}Z3B%vi0ZciGFz+j=c@jkn{SI{}hjB-j`t8mB#4O4*o<&xf@Zg#T
zg9D3ciBGV`wvXMe^svh95z?8(nm<l{)(A=5`Vhjt5?X<~b{r|0m-VT~Hl@d=IF6f}
zbVOqfZVq%Nbf(lWmTE2t3ucA<5-#Ohe{1tb^@&;oF`_w1JveaKory+tK*udd_{%AI
zRbjIm$J>u36h-QzsS??=oJD=Zl4k?uaZ`vP`%RAq?y;^j>urXrQHk6c`CgX$hxj?y
zLnz@_;e*kX`cBu8d%50h4-aZ~kjjmten8<dck8-zvGqP-(P)I1rdz{rJI>maf9_<B
zKX=Ia);MG#P1C1=*Mc5=TU}lv)olK2r{|+>N}IfP_1gDOqyYo8k?6b5qMi1`_i`@f
zrlUXX@xt$i8_ib&tjP!dh}QM%hSGv9FIENgg))B9&6GoA-pv0M0#~w?RTYFFF@gED
zKoRx)s@Pk2){6svtgG%`3J)cvfAcx$G-6;rOu4coLn(WY9H_^{Y&fP?HQL%$Smfb+
zY|C9^;&GjL?Kw`4d1XaK+ilxS;|5q8q(=ZSS5YBgU@;V&tI~w0@{f8M@ENv;-7w|3
zj!>>+v%zVm7huY+ToEVMivi@?gX@VJCGR)ZxHN=3%L=pwMr4gyq*KC=e>W9J6{)}*
zJ<->EsJg6)xeUk1rew@wY~~aU9Q^td7^!s|NYnC(Sa|>S_e*i<dr<%~a99OIRR)YV
zNn0J6Fg4lIoccFVFettbw=3_j5sERZCnjRWl0^TAW|ZR)+4kIkpX`Pv>QQMqo$Lld
z=K@@&!~vi}QhVVNER!haf1v4N7M5}#Q;q`3zx-*+?m$<e?<wyZA@-%}^yv#7hGKIQ
zQ?GJi83HrKH^3ZUt!SuhkK%hG%M|?48nn7GiUITy)%eL^X>|c|UyU7|F`+u^bk>Da
zaet<L?DqmQMLJ^s!0)_AP)NTzfw^IA_O5=Ls^intmLS*`&25rFf8GsPYZ6ya6i_;Y
zkYQF@M1;b4r%Z!(qv=lQ;7$Y@B-SXEAtYi-p$W%Jv7mpVgq-6({my<0XMt6B8@TJh
zsuf#y9QoV!P|SicQ}$!$oyYO)^cMM0ntUr|!#@O-<M(wpXpd?fEQbb?!F^p*-BBhP
z!oX3B@7Xd?%pjYVf2VV8_H-rE(piWf&%lwFLlbE7K)nn#?s%ghSBQIbBs-wT3~?l6
zA}e+n;1<c`5lROxk|kk1{JWAuh^?F5$YQ6<7@|GrLg(LRw@TAm4M&(yH_R{&oSXn-
zNo1=~Oc9U-K!}yl+iOfps?`%Z4nE4Xxix+`w<1JOx!Sk2e|AYtfW?tS2lKW&Ejl?c
z@d<OZ90WnfJQe(tCG2?0bv7}Hs0OW(T2cnpg+C^v#;))w=Z{~+xe>KLaXX$;Vc2ih
z2`953_GvNCR^e9F2}6V3#`^=7)S<%@X%0^^@q6E0_YDj<kirLp`tiJk7S@6wb&<zB
zzG2IVC|kmdf8V9&P7~hpc=cjhl1o1fM#J2Qk8^1bZe+aBf)h-E=a{IJ5nJ~Odl%xV
z2PzS)az!=yj`hMbo6oB$i|MZHM9VNXcU>9Diqpu6NVc*M0&>GB%uflXd}mi`atYp5
z`k}$%(hU_g=Aaa^5p&63?~~=kbwX^^G;?cl(plvBe@e5)kZZ>H-EQrlwyAd5$>5~C
zVbZ_G<j#>ZEUGoT-}~6$+ueI1hoC84o6@9@7px44Yjo32qZiVEV}zEyBP;8~QIg=F
zRPtQ7KHuDz)`w4<eETw|R5Jkll+C@e8VP_XD``ZSa)C0ytOH--*LZ|r<oeEIajfz>
zG`~!+e+>;rE2Tr;Z*8w+Isr}&Y=2xd{Zz?%q7W;X!SS}}4S~vVlkz3kk6G0C!_8Pv
zJ!AlD;Gi0PDx|a?!eo^4@74_oH0>TsCjH<!cezdD(BPgo4>SCClUfYq&K>{O<BtAf
z+0ZXF*Gw^{?AA(FR)?k^0N{OsX~3tlZWA%Yf5(^yap6V1+^xJ40L1zeI*n<weh{q=
z`MBdiJk|r2C;OJJdJe<YAjxtYT2ch#Y;0{nA>!zDa7~VZX+n=Hq5H!R!G90;ud@x0
zzJ6PbpKaTZxGkxFZ$FI3OMKk;O<}I+W;#0(>byw@oLXoCi8+Z_;z<4B2YEJ5Er5pk
ze-pOv#LVr)-qT3T#{-`L1e}ei7s{Jm<h(TNU&u5x*0PNS6o^M);|rqEDHf|QTP~?6
zXV<`VaQB)5-9X!y+TZa-B4U>B)LTR42TUGX<KL)US`u1fjUEJ5<VoPlw|!E06M>KW
ztuXqxW{(wlD$3GGcz(2&+=XXgAGJABe|D1z%&E!nXqiP8qU&Z3(G;R<tMk<V){L!<
z;ew#EJ5=9G%9q&<<;M8(^yEp?==iPt>kG*jYR)HLkB;lhiA%_)kx1)i(2Wk<^Ymd0
z>`uuXntkh1DL$Y5cg(h;pFxrYFQwp(Qmbpc%%fGn5ODuSaM@C|aZ)kpd;Yw1e=(vu
z5D9`@JD<wzLm;a+XFQsC&`n+}$iT@=Bv)=8$gBWf))=?ApqCp8BMDX+u`1ZV7WZ&)
zvEpCh94<i)LNC_WkJwp$PDatLe4ebHj4@o4IanT%u0y9IhXOUZQ<1|3wnnqJW-s;k
z+qZ|bDOu!BE^hNcQa+=5FK;@pf7`W0ydV^(Gdd2oR2TS$kGq{PUV;>llg|bE<k9ak
z3-TlDWFuL;`u4l-5hXGMG);Ov{L{ay#i%=W)W@^dnfDZxW6}_^I$v8zhi&zWM~WF6
ze1j&385#kXMizv5O`B(>50KcA7Q23vk)bT}>sh9by>+fSO(Q?jB0nN?f170E_x?3$
zW-lRdl%Gfm1jVcJ_6ex8%~!5A?0jev;A*GLA$yleAL>WNAU;7@^DryYE7#q5h20Tz
z?i$f?=3#MqJTma`9xl%nbzr^w<?>~9he|hf^V5A$6iWnhlm|%^`UTG6V`xBA3G)lJ
z+&(iwE%ZIs-#z6j9zJuNe_FAj()>et{<DVNiBA`j{mZA=A;&eR#Bs=wKx$C$X5UVQ
znWIa}@LIfcoQSl&AWFVWJKe!v5hNO1QzW9xC7|u(vC-_+vbm(ud$I_y<b1mzz(Y;;
zHUUIR1e|L)oTY1CyWTzYs=it9y6&zmVgajp$*U1x;Y941`cjBMf4$Q$giY^%!NNA{
zXNjIxwC>l-Fkf6WBb1agDUjX{c3eJlR_tjx-_Ag2j0$n{DmTsiC`9+$2a{3CWJ6TH
zZ_-K_{Qh&GAM1=_BisH#@D_$Vs5WWa^u}$HDNK)fky^Zjv{GEBW{kDUDB}{wYq;sC
z<VpT?yy}o>6E&i$e@ceWq6(V!>%MI^^*U;CD>i)@;a+ZYo>&$9ayS;S<`5wJF657`
zd2dUKuDzAUTY^~Agt}}FW<mlDJ8p)f5H(;QBqD#?ck1fPb&T(UoF~tjt^J)z9^_8p
zC>=>;5xP`&(gpW;A!6x}ei`T0+chjp0`~^NvZpp#0Hc!Ue?Wqg?g}T~Bs!G&tkKkq
zYwzL-nP{SCO=oy6g9c(EwS=vKS{97Z%IkC`?F-|ixY*D;-P;WJa7k3&kxL!?7m$!!
zlB<f&DJkntQ}IWx0P}SJjlshQwE;bh3H_l3{&_|+m<kB*)3e#9NX0kV+{vRsrYiB1
z7#EVD6ut84fACt}Wd*Cy?G7wBDrE0XXQqv!kCk|WDj4V6Uc3==)auGU>3r&XEHjJQ
z0B)zqSW+R&)O6FpVds;V<uBQ;M+P|2ZV#A^C}zFF0*5pjq(}u~8#$5;axe}r%H{`j
z?Djjq``+kaR(|Pu^rDL^uS9zI9NB3<ysH>GVp|=zf7Gyp1QRc?=W-U2po{fzhBNb4
zPI5)w$B~n%6hfFC{%8SBhQfiV23_)Ob}{As^WL&|y9Hv`jm14jizIWHYQu3>OkG_*
zxp^`lch&l`!#wy`pC$kmTcO3psC$ku+Fea*S^Pc;7i1qI8~**i+r}$M!q9-xIrSVC
z(DZnXe;d`0SGn=1khyy4TWb=ps1Zt&M}$8b*<B=UpU%B<5q-n9Q()?*|1U&xc!3}<
zA_59+`;CjHSd!<(K;tISHsvJOq;t(lr0{G`sk*l>XXow?HSinWB*Cusy(4~ILr&_&
z*5+Pf0i0(Og)X@6^Q0q^6U!%=PzZMWTC?;=fAa4S;_3pTMW3i2Y}w~;l-IVVks&Gr
zzvVYDSDsDK_UtmI$gWj%!lLPau(Mi(4{px@bXosJXdU<q5tj8@zq~ul{L~$4j2xTo
zTQ0s^qj-c724|v~oBJY%Od4q5%e+wJ!JZ!RCjHmjBTm~WxuA($_^Q)MiH$8%0X%PM
ze|mosyrq#}Svyg2#q9*@w_1+uu%@oEi!P~|JtY^-OPA0|2%z=SX0d%J*HIVwhFx#5
z5S~LZyqGnJ**Hl51kXYuv6|a^gL&Z4_jne62TlIt?NY5&@Sbwgc$906eGx*Odar<u
z9{ZMcmuJ%HploDgwOHSG2#oW&lSbjmf8F=~#@SL&bRF&tVi6^5pMvo+FB@t3hq7Qz
z4_qnTH-4-r0G|E3Cy(zq@z(hnHV)7gOZBXeefXPLzgjB+YQsrDi56p$KOn{y`Zwti
z+r@#x->C~o{58xL+rXKoHS4z0+KevNCoBr~+lM6yT)ACgwvK_k_#vVbbB3T_e@y(%
zs_NLn8y$xuG*1%e=MlR>$;6e-yuTlv?E5(Vmu}9w9?JK;^H4YHUU;Nmjt@N?RW4M5
zg~vZzox&09WvMqFuv{8SJ$hV(LZ^Lqd<UH;R$RhFmote+zf2%_W|O4XXH6z-pl1&=
zrvaV<P3w6iZoEpt-_#5DnHBU*f0O=&oCh(3<l{u?wPGbGweSCA;l_Jpe=yN0)MSF5
z=jJ_UQ$gE8yPmeSet&8jH$HG|;z$?SlBQbTzCe}5lyM78W8=8<k7wA#NI7|5?%A`_
z<~0<JT{wD1nWR@`$X%T|e)|$GbS_r8oG(464bGsu#>-~|zU9EXMp4Awe<#x;+>Q!*
z<^xcemAV8Z3u*4Q^xfMDC8?Hxh+W%;ep};trKQBqV$EDNE2og_^Y|adJh;;~2Krnp
zC4@6>K22^vTx7kheA12%_vr=hrCpknr)(k#Q+BS+d4p}W>AdvMHxOYTrZ28h2lbCE
z!61;f9H1A8If-b&G`2d`e?u$ir?gRswN_Q83P;-ZW#TiFD5Lee%TN&Nb@oAHy(TXU
z|Kac+|17X%geaXBlM6TsuxKetXXjs-^q)-L{VB2=d!wkgJ%HE|4kHm63a)PH^*=y-
z@Tts++=~uh;Q$6+Q08~F)=)ck^eL4*r?hMtovaVex(pGOfHtsQe~;QRmOEIBCdBI+
z<D4GS13dIhF1YT>huA^YhM4SPI@mZvDOj5(8k*_@+LMn~fvQ1<8Z;?zHW`#@+fkdg
zk}6Lgxot$gSI+#Kh<#TNz2P1M6l?)|FDIR_>h$ru$99~&s)kz!nuUZ!I>232!38I8
z?kAClhm4nt&W!^<f0|rc0(ua+6a5<?tTxhy%7^VIAYX(y?x(DL$M&r;NF%JTfBvh*
z-dARL+Y;Tj%4to2#zFIoVefC~xgH9lFMY}+@=2w~&DXZ=o7`vpwE@)hgPRiUOVIk@
zasZW2FU7Mo1|QD{Fd(zcFJP4F#b~Ju@_r@NDoj>%0Y-Tnf8$jVT2}u38;p{bUG+^i
zwk`Zl?Z$>|gmVGU?ed?V`w2s|^`VLiW^VJqrqtT)58?BVM7uZY4_fXxlYYW-!T}1M
zB7UVME23zEIQ}_Y&?!}vv)K>YB#aDvhoTE^G3oK5?@t8>h%Kb~AGEMOEh`g-Rj?%p
zgoiLa6z~TLe~Gf&L;`kdjrpr_g3|owFq-pXATJ1K6c&?0Fon=}z%k~pKTc;(ig_5u
zv~e8+L1zJB!K291gIpw@7doOJwWSt?O6d)l2R%;z<ud$6$`cqCYVNE2em010*bZ<4
z&C+lDK^TsQ_hGZ&`!QzlvTrsd$ajyKERgH0?+(|_f4k?-L`OX(?F}2b3!7w$d&AsM
z9exz)Zzo4(n;II&_>b>p?_85DK=P)zPOI3dHWG2#%i9`Oz1P8eAzs?NF-U7#1oPDd
zX>NEOAQ`{q^eN2F>>d2eY^PkciQVK&k{wei?yO&exk;1G7n0qknlvf?E#I7KV|?Kd
z&lcTHe|>x6$j6&QN(|I?1Sjfi-7O6s%`+$n*est1bKOww6EoL!c5ip^b_bD1ttXuR
zoh23j67VmM_i3fh+u6Ph`l`d7)#{yiCA7@Z0l)E(;JbF|DW36QFW9_Weamw48&Fm2
z?ud})%x6<d2pF6nm$P4V6M?JYfzC&cbT+aee~pr`{QyK+Q|^w)J74JB`gSle5drEB
z2_z5vkG^y~{o;->M(i5==6e!%9yxuv_@K2qNoBxe&i}K=LiinNjDZTb(9mdM@CEYB
zi0@40IyqC)q=zsnXoPosSDyuAXfJlB-pnz(j&DL|A}DB)O_p#bQu4%qdoF}(t?L+H
zf6CMuZ3D|ao>E6xky%)-SWtucLo!0}jXmOxvy!)9HQ}W2qSC|q3vwRP<Dj9E&ymNr
zWMaTH0tq@fo7{=(+RIemWseM&Ef}%O9sImg6d;7<atM=luW8G^WJVB{v~kRurkA~A
zMetK%_S+(v^mVxbgTY_e9Zo-YLU)R;f1?Zj4~v3fBRv?!SES(^hMBJaFO}Zl|5IBH
z^FM2Nxc@5PM*i~hZ<7{|>py*H{~FG}M)<E${HKTG-$MD{_s4;Qzk2?6EF$%P3baxG
zk1A~c6I$-SK3%w1uU@_S|HOZv&0f8F_3G8DSO2eg{WiaP_3G8DSFc{ZdiCnnAFEgY
zd#^e3t5>gHy?XWP)&E;w<Fo&}{_B4JH=4}km!T;o6PHIe3l5iT#svtMCD#fi0X3IP
z*9tO!fNj7w2E<_w69Wzqz_b}k+=1atNE#>|CNs1haEAsu&?z*-Op`(~6H2G>S2EKy
zAxSy>)bBkX7${SQ>F&I@-|l|9-|sv2?e`Ey2#L@TB2i(uBvgw3g}+8fatB7MY8!JL
zt8N|aMhKUzePvKsO|xbQ!7WH|4esvl?g4_kyE_MhySux)ySux)JHegh{l2|-@7C7t
zk6T;yRL|2rbIz~RU2|r7diXo_ZM7YUmnGH&f~36P4=zkBh=Cb=o~upoj=EN7!No04
zQ+5GtJOQZF1SgS1kK7gyw1bM?T~%n%oJn@;UN7vU)P(zT46-L^0P0P<Yj%3Ilg-R*
zJPGavq4!nPbJ{1~guu+ZS?cIiMd*d2R^X=R%Oh3TH06uF`A*1e7bW}X7@-Injez!t
zQD6>t_125uF94iG;IbgHeX!0sA<`3V6RUHyec&9#^NEUAF)JU|0kZz;mF|P)0n<b{
zJK2zDloM~BP|vKN(VwU^h(0Q#i+jj1$HKyBmEs!x<mX<J<ad<eUArfuTy}PQUBx>t
zZiX+<`fIo?D4gV=9dbce{he=+VXMtbWk%Q;c;<!5-+@Uepjja6v0X*uSz}vd$Gz~l
z^sn|u=e_6hSEDgMQF`&opQ2HgZZrWgP`oM3^AKu-H-yAtg<mT5&C;X<MHr}Y16?Uo
z=qPtFh}-B_?WPn=l*FJ3xvu`;{K!VS<v0-<mE%?Ojp*Nnl#UdgM%ua*E=~UX$eU3b
z`XM>j<^jmJ|FYCQJ)&H!ys{|b{QIK-iM;P?LqrtOvQS6=LMS!}Dc;rAWBa3~#o)3S
zq?JukOdOYfK>zu5+mDl=gg6I>tuy!n9|%OLGMkFtVn%#qDrPy9$Q@#Gr4u6GMbICd
z;ti73nvsj8T?SEBmM2poU=toKqFck))P%eZ%VL0aw$5u>m2g?T{S*1EjE9x!Seare
zbFElya%KYi(DLokuh2H4A?8$MmzYK6zQ3+5C?2CiWDj&{B*YAa2DcnsTK<FQHNV@z
zxns!5aR<HWb>vFZ;44KZ#(q->RXSsOO+D)U^Z<R>mD~4fN$d!lztxVNYk7@+_k{Qf
zbC3d@z6>XjL~^Gx%(5Q8bYi)=1l~MO@7lB|7i4roTVt%=kv2l<Q8IcZzJ_r@&$R1+
z#3*GV?knApz#iWHk^U`lamR*3QJ-k1N<9D@A}UqwHZ(~?E{?%FoOZ+-5ZU+ybDP4<
z-957qpnVbU_$-lEFks;7)}p&XpdT}?b*2Rfb#QNJW{L&xx!IO`tUi0BI=a5i53Eh!
zBd#rOs-Y}9G;G9`!OU1+I2|@oxD9+M{A%-#%at#H3SJoK6GLPerAm)JW|rM%G}Z-$
zq(cObD}2VK*viFL^^VZl;(6V;l&xU)CZHi0x&M2O<U>bMSGjnUEp(O9i(!YiHsl?+
zpM{Z+XjUkVCL11m4P<o?$H3#pg;j|&`0!)*t=(~Ex5Veg`r+-t)hjirHq59?Joycl
zZ{KZ1%}xf(lR$GMv3SgCb|?@`n7pNXVP<FKVw*9rv<$>txI~;(9BIqWjZLMJH4wp&
z2qS!)w3$0Hf>seKpTRPGC$QPxPOSy#pn9;-aQ|YgVK!&XYcf7(5Vg?t7~wrBCx!rj
zxN@h&2Hs?;)5zN0srJozp6HBpB0d$JQ6LG#%{(ft4x47LF)lHp?pRM77NB!LOzhl5
z86M$WRq1f^sw*ebj8(7tT1h)nq9Hev)?&O~ZFsp|L+R*qJ(ZIrlT6$|jY|zIoE%yj
zSmo|Ldcq@=9T-^*U}r<w?$tdR^(E`g=yAm`$+X6?$?$Gq{BCORQmt?mB-suXazoZO
z4abHBlVna6X2|}W?OIm8VI`8sljB0G*t_Fex2UaPRM6bc%_3(0$s`lIm#8c89EGv3
zJ^fp3kuRrQ73{^gxkp7SDVqS0buA)q5U+p~M%B-RRR-)p{bK&hBy)9kr(;hf_uX{k
z);L)MKX&=RC@h1bB;j0M4K`R@Z*Ay2_}f>+gKW*+cW;3rF(%RYTVK1(<w)zmuoBp`
zVQkJk(5F^DuNB5>W(>s*()%UhOvzZNy_q!+bNACV8{2Sj$zS4928)6~5Vl4PRf1%h
z<#i^SVIa-{__dA_1M*aYhe!y+JNE--p8$^gpMrLNdMg)<Niney2AS62pQI+Ch&soC
z4F`>7*J%6sD-BPFXv=9ARTaFdY4}ofhS&QT*|GUPA$v+@P{gQ|X28KB_y8?Y2)X_G
z0P)>l`trFwlr5ucvUMAPcn+g%IC<9VHL_o`Ag-#jDs*GENIXi;lt;eC?6iw(^$fKw
zS4%wD^-sYhs|YWF$eM%%isvEi?Pl=#d9p&ii@+jE5ErzABX{}f>@zo>i!2j^6)r3d
z_JqBXNkCpO)Yojpor#){Z+`1pziDb*oUAQ_w8i36uytJdHrP-BH3emy+xh8no@Bn1
zsDlKPd0x~5Bj%l1)$a}!y3dH7u}cdX<oX0iLm;F#Ncd8IsVTwi-l8_Yh4=-ycYV9P
z?t*vg-Fps?)GyCCrhsRs@YUaL3&zzaHG!Ded(+pJ^`uADFr*6?PZw(x&d(Zd6Rz$)
z1GkWe7Pe2_s3Kwjz6btr*OCCwzM062cqNZK)+QEr=MdJA-Tu*7a<W1PUlBCzxV@*l
zLIqvZ<7fH~&c`=Avj;Gb>76oYdfB=A{-eS^6MqsVQgO<FRaW@u*Y5`G7^)&7U)+5e
zR_M3;*08yv4(AZBaP%q}DeWiH;O_$nag9=u8&p<c6f8smiIWJC>lDuwgYq#hQEOO-
zeV0+Yl*JT9_)8d?s(dwOojY^TR&LaG+J`wg*K@I2wUnand8`)D?6tHfOKU%D|8`y_
zC^#Ju%B+>1<;e`%8F7r^!%BAl=;rO<k(Tp;ay+qpf#fw@x`2&J%3>+@8cB8sCq`r5
zH)#uxvD_a3CD8!teAh@6r!_&ea&)cX&)vMKuOx!IT>ymI#DN7YoH3RgG80JSVug5$
z5Y}|Gc#1FAZ$@$ZX!u2`8LqwF_9MX{1c(v;6Oa-pyJi`aQi56aZX<WBDG4V7+*@VP
z@wQyLj<EfzUMWNapnZy^>o;qewy&N=CGv{QmKFqXN!+#k?Z)%02zQ>ZHDmuIu$t`b
z7wj+Et7Ccgv+rPT7;3NB5p5sUq3>WXd)bho#4N$;2+jfN^J)m2du9p7%wv69$A27a
zwd5y4^OgwoAdJq~t9N7HPUHv;t`*&REPV=sVY%NY74Zh)j;>)C43UWWz6~WYG9(X&
z7I=N5jPkam5Bn@P6#&DafQ;NMM{n?#z$H)~qm5GjN1HhamdJRN((cC>Xq7jwL_TI1
zltdvm7$gXKd<G_ZR)$3SsT_QOo}CezhX>l;!Ol?E651v0+{4uaYcSr3l`Oi2I3-a=
z0);vlN&P3^cOt&@^(Ou=M3}5+OFeMk3n8Pvh%eXa_5YQ|3n^nuUP_36Trj8&k&<^{
ziM5TX-qqktu4f%4vBe%_4Bj0-GvZ1ProK2u$Rgs*7#n+c`dHpXIzvDJ=9MnnpS9*o
zO9IFO4ABoT{|JvI@EfZ<49albLibk5Dio8ZK^*`eyouA}{o%JyLR6Sk455bQu(id3
zJl0|RHPOx&Y=2oiarKf`GF+;njMb9zZ=cj!I!Q8cBj;)V;us}ylyr(@1c4KN+{Rww
z5WiusUrNjIpH~`wB=d*@M>qAsQq|Z`y*t9Ngt?K-;l)Q{4OUGTg|M>%56hsp&9CRu
z(wW9d_qz_``S#meDcUS=39p2}aw}uEU50BgJKyzro{l7m8tlgNq-?q#`Yu6$DdxzY
z$jEBvn?G!?27ov3N{lro<eQtU8=&eQ0Lhj%`6J{el5TzP<7YA8=}Lr|``{MPyzN%Z
z8`k$jvvZ@Lw#D|Y1JGfed!>%2JFMSq6?XerzFPZ81Dw6GjFQioOBzwubto*&w30Xb
zEXq_x9yZHV!KGC`JaCA$jqe$mVW@d-duxo%B6cq*!%(spMlaXLcqPNAOAYf_hwbmD
zl;FyZUhr%Em#+bchLc{(F)WqhxAeKqlD4DBviD)UhD=k#m%~F|xddaDm<(>1OhZX@
zFip65^YK5g*7XFt2b=LYIxU8$NvLjzL)sCZ>Dva_cf~t54HDc&STC9sz{B++s#)!M
zO@^Zs<4ZcF8#(w#1J8Ses_^>-erovb23dQp`*fwFgC;OKl7utwmP(v_YbEk@DF;BT
zU>CS=8lDuV!#;Fyesr9nDZOpxn@6bLS?}+De7tVHMccZRPB<8Wjgx*>lbkuL%qFwc
zb(&eaFboSzuBI0Z3;oL=UeG7?>eJ7))Z;+ciUHO;`vzhZWjphRAFDTz|8iqJ)_FHw
z*$+G+er6wTKGa6YD{BX$Q)&e!2PQ2h^H$k8oe^q3)K(6i7(gfUA0%>1Rgxavq19ZD
zdQrYuj#pq(YBer$g)R2;dQq!2h;^EnO`qj#(pagcsd2SGGPTpte6E)ynys2umcIQu
ze=q|S8*3-j5=&d_FKpdB8!ym4XxkFX@_*M)AOKYm2DFTnrj`m;n-wR==jN5=mSz@S
z_dbGVci9l%O7BK{d1(>>4(yNN>0DmDyd#7vEJ|w3mDJQ!O!L#Y_V$vD^9PwrmC^@U
zMVRH!!PJQW7xu^W=iumpO_2lZ-)O1PHC}>>sb++wMvR{q7CPs>K5Hjgi#b21#FcOZ
zvR=Dbn^7Y_zKI&pGQ_RNjXd8gF`rA192#4zw?uPJxu%}=kEfp|pyj*80n4n#xaG5O
z5=xUG$u(Fs^YWyhXSv$jJw0RW-3`vwRfZSRHCvuj498E^S+LhTQ{N^#)!R&k8w5A9
zZZXDuF3gwk>Kd%f%T`-j1*^9Yd^6F3CU@!6kYA!hbGmZ%R@_H{^-q9zz1FarEUiU(
zOnt1ilIbb@PE~t#{8|**ayEyYBE6PM>-KO0oVj`ea|4Uzk(sr6U0d|r;zIiR(&eTK
znG@bpQ@f#R>`brm^YfDPTr11vMq93{_}`U`h6zW>#mW;C?!9wUsf3qxN`rc!oYRTb
zF}Zc|fh^zA4vziaec4sdEWWQI=J&6XmD5$Mm6tg44Nmv1u2J>D5C*65^})!^0Ur0^
zJEwX)YdNgo`jk?R8pl?Nd6{k%C%mZWmveRV)9006oQqt|)rM~YD@t&s3s!8Y$tbVw
z)F9RnonBC_3Qq3|rlSKDo+F-sdV<z!d&9nsUMP(fnE`7B^*XgHsp>O?o<(yV$Ac2}
zd<?-(B~n}g$rLe09JJZ#ijqQo!a=82r<Y==L;nPegS(?|p!*5yWv5r?KqGLovJTO3
zxuY_~!dju-aUICftRae~ZiN<C?%t-jlhv5DS+%V*=FnAaVx|cgn6CmQ%wZPqns#D>
zgpC1hx=Wab(%OPA5%(?k;0@x*a;TGDx!Xd$+B}4c+Rr?zcU>>-tm}R)dyN*9;*usG
zLX-xXB`f|ZqXM4l^Dh!jjg6h_wH>+oo|6~S<>jdxdW(0VBlV??4vmc$D^=G6Lzc$P
znys9w7a$dmilnXgZyUh4*-J*ar#s7{oB^j277o8@Uj5jIuarn@rRJ^A&z7$FuS!e<
zc{b<KN`YMFJdG8T&QmBWjTPcJ)t62%IESc}CKc9djds&H@uw*)WriOe`p%K|mkBr>
z?)uU0ud7(k@CZe5D-q8|ci|+n;U`8BIl|@vQYovHWH5|yi7$Y#<}atl5jr6@r+C6D
z_vM;(kU;a*0P4F?v_<P>eD|lfjrMJQ@ZRdHjfcaf%CdwPDUwW&`Z?s8;rAp5nm`ey
zRwj<)oh90im)Oi#5i{454G0n$CG&UYc@2vBUkfUy<I3jMtCaN(-x(=`lDTybK$+^8
zSjl<&er47Ot4;z|C<zs&s+t7)f|9E>hKCIo_7r`68wLBVLc1#!>6Vg)p;ktbn{CF{
zt07<lER~B_i+7bOYc|GRz#*JweW|)Se9ho6s44BeVi??Gv!$|KB+qWd8032%XGsUD
zp|qg8G^f&X^i%ifVTWy@RLOHs2cU<iGoQGjTUmVntPac>*~VwOMR@K>PyIYKD&gpq
zeNa(RHO)e6Z=A1NwBV$K*+fl9Z@<0pw)i5$)bYVmkx2WrOq%yZ8lFp{SIUps3a3+y
zDW+#R2w}8Av0OSMr;5%n^P;kN34;-y?Rko}v0T(Q_Em7El_{a&<uZ8cWg`9EohUVC
zaCB&wBLI+5hhvhasP${RsL0#NY)EaW|7cY0kW(wID_x2;Zf|w2=0@3JZq`_w+9;np
zHM(vMcuiQ6|A{Owgr=kbVfTx<|3Wpdgy@Izr;DLeI$bMw*xwYusZUxiUtVUuK3b(~
zHoEJd2Hc&w`|pVzWNB`+m>RznL|D3?EEbn*!U2B~H>TU09gSaBa9SIG-P4>sY`Hta
zHZZTVyFU;&hq-@1FkIMYmS&ikB`E#uQ9xP2`i@LK#at#pshFASvhRJ?MTvaaVrUf7
z$9%>)SD&f5q7Y3Spe(QaT3I8bCip^@YtdgLDH$L09H`XfrHe8<0{wh)qCEfWWv$S{
z>K#}es5ei+Tum5Su;y%SbE-9}GOs=Es+g=XU%XUp9bQ`Qbi7M3XXbSNTWVM%TuhC{
zQb(=c;=<mUD#?6jZJbzC$EjSorn|P<T<pFc(DH1U>QvI$_;6{~a=-GdJlu-2w|-d!
zz|}##=F$t={)&cx$rkE(M=UogU1XxsCIZUMN{`>xR8>7Yxpd5y9d!opKhNf!QB-t#
z&X?SKRn%TjbliDW8afZQBP_>4u-2VF|EOLOQ~pR{JLc=F%;=wi-iVmePCgnh+j00@
zgyYGN-0X1dEG*2@*z|DgZJC#*M5Wc5u5+8cUQt^pbGWcH=aS<(lRR%Pa8}%sYX$6H
zPR>1?Sv&O|M@Q1<6o(H^KNMuKQdSzRD_y2xH&Wy7fcmLke_T<+(tGPor!4z&a{SB6
z#PqkIjCV7Y)d4}MRlx_RvxX?@<^2qr=mqVD;+hTS#d=S=(OHo)hLz<Bo7n+rX<etM
z03OjxuSz#h$;!ydK!ZZoGD{P~Kwz=r{Ost_Ba^rdcr(&mv63`r6(;oLWU-yE9=XVO
zt-Fwr@vlc!s<)Otmxh=~9zQ)zEH5)(SzmHA5q$%>AIm>oX56(5U#zMjWM(#Bndfv4
zlO)u~Ie*g<4ZH8Y0rM&Wwbw<M-ca+cQ<(G$QcxyTr?%L%&8jt=#k~u#1X|pdYv#j8
zQx-CeR+$!LnwvV`W>y_3v6L%Jeyggt*64x-JJv{phD5+Y#5$?eblRG$<Qcw|2#<%m
z-&<)ecd7oW8E`d9EOC6gR-UhrQ97+LET=fB?>nUpIz5o6q{I+FLKQiyKg3+Du;f~-
z5p1rO-uzQGCeql@VAXz$0o>2gj4vpqa(+Y<rv(9iQrdy-@g)&)XKc<FX=nSZR_+&X
ztOlt>5v<6}lsrjyFDB~polhF4j@q6ldn$xefXX73`&J>^^0)e?9JKdyHfL9`Xot5H
z^aQsn#0*Kl*v~ZK#-#}f(Ue9?b?4;NlZO(7#?gtKuy6%!nulOTz*@7}a<U>_u;;}(
z>y|+>U20ae+QFYloYgemvZSG{%vwyRB=^ZUZ=X;l$r4X3;=^n@Bw!xq#@MkpMEGna
z-n{~^PK#8#{c55@0eV%Xe1(QAzU_8`@?qe-^@kw+{6<rGtvOu)?0z2X-RG7>T6T&1
zQlymJVV-NNXD5?2P`OE^uVRmB+F;gna%T9ldHFV9vET@Sd>@PONEPqJL4O}jxrA`W
zImEIba6jTvq?rVNb^#Dm$IP2m6sdLIQZA1stfwQS<&`xxII1{WRLj@29F(Bf7g6}S
z+_1-cxZZ?F<Mf<JI5^#2#0+QrqTo^(bqg6)DI(4X86i>vIA~}SM>5QQQ<ziWsK3A3
zZxc$0YM(}US$;&^g;SsMyp;0<nsM`36^!#~p2xm-sWnec+uNw`GE-BBkDsn&eilpp
zs2}lNO~qQQwA5Oyav)reAMcc%^@uR-4lAyV;&%<a{yHP;9&4ff*6^NAy?*+6zdT0x
zp+V{Z?VE)&usP6@VkZbgi3RK-np(s>bY>m<SF5Um<-M+IX%7eAElT7vG}Ut~7^cz?
zb1++uT7DJJj2<AvB8ETMBz?r15vXk}Xc1UkyY}6!U1!J_LRZQ#;FTYaVHn0NKe|&X
zKbWC>k;p8&j6YjmXP8$}s#)K1J(;PNP-IG6nO%AW2<o+E3y%s$rcO&uOiZ-cR2>`1
zSTsv7*4lR7?YV0@U>+8zDm3R6I?JkWjFK(p>t9+8*76~i$B37&2Udhjm1$zd-HwF@
zGl<(IyA8t~axCTQH6Afvj-0g<EL&b?@Gd%1HNCJDT^A_S!?-$wO<$0kGs;P-c_*IW
zCCu@F<j3XnM0=d)k$Yq(M(unY^AsxQv5z1d+N&?R5W}>H%6pOHoq{f)S9IGl1;Hbn
zrAz$8>A!9?jacK?WXVideOo1F>@%*uT+zkf=CnoHgvgaFN5-@>v1*f8r0@zZ@h?0u
zkeJmcR(}l?`_LKyT}Eib{e0V1+ihNZ@E#~IcTX*V?CR*fB5_2(G`sGM4l@NE%F>gF
z&S}7_3Ixj4Tp05VXb8F_UFjFugPvdqgyGYd_aV0i{cI6?w#xpgNbWhqz)mt5#z-g?
z6U+!z5L9TRyJG>9tHTtQ64grOtW8W=8N*BjmQ00QoM2MoT%N})i5g-+Fey|@Oi%-$
z=9#DQU?szPvP8$_#!x#n4xwaGi&PQ`bBfzVuZZvnY+9LN<a3y|pcP!h#!Gk+71#06
zulHQdx2im=bder=#cd2`xgyktY0<RMKB4n#4#(oFNqUKhml_Z#+z|;r^!(DkCRLk9
z&*S7jk;WtjE5RYeA-+|j2v&MYB8>x>!ehXTJ<~=)lvXRuCiSN9{2P%VbY0|%)Myo6
zsDCkvau7}AsUgwkmoh1p?M;vVe8zvO1q&mdj%0eGSPutnq~j16E<|xtX(|C!=}g-w
zMqq4PR#=Oj!TLP26Y`APPEwg_1QMHDQb3Dk6-uYgKAOy6p?^`r!NKHX)QJOn1|C&L
zNoEH$H;UWMLAE5WsDcQhCC-vpJRtWWD)gv^BUh4o?cQ#LMXF^C-}733bPm!nyvx$5
zVYq%ge^!{tu*4MciZAoafUK{yIVGY7b4laJ8=JS~6nM7Z%KeS=SLGn!(WjZ<eR?gb
zZ8Qf^5y|o%65}rQI2;%Q?neM;UA*VwY{kIaF*&ypZTqKH9|@zxyn3P`bPRRDdYeLB
z&0dZX?U)7iqYaS&)wYIt6zNFe&|w>!P;L&)^`CjZ+jFRvG+4n#Fw>BXA0Lmh{`F(D
zw6pltRWEiQ{DYk`J(xSnIgWSSm%&om@2Nz*(lC9AN9*s~RpM)mV*-E&V`rP)VW$4&
zx*TA4$6dEU_3e7|Ns#|77N_`?>S-!;p)&o4>Gqqp8~wamsQGC}osh=Q3Nos<f?HEt
z%k#OJKyf!;nnZ`g-b!Ikv~!K;s#~?5vd8-v)<h?2c40I@H!-a`MYl@HG81)<j=gc>
zLW+mepG2|Y#0WHqryYQhvPP(R{{59g99Pzi;nYS$QTWJeQ3ct$`cE1j&BUmSdE$gl
zwTJu`q4j|NiWGO$*1Y>XrJC-pg;bS?NHb;a7!i{nl`TLsYkhS|AC-Fy*Xw<Vb){||
zE{$t2my5mYpRzU~+7kJPh3meN3F7cjff;9cN~%%qc&2Q;nKvLY!K>6ta2>pu*~8Vo
zpQU&J(?wys?4rD-4@v(145|8HK1D?y#$v&<_&xRNeOy9{g7%0_ak_p_`lNf}^Z#EJ
zU8`<AP4?AV!yzUaxEnc?+$?;!QPG5P<XOA$sK>Faqcx>i6g^J7)$HI=rGDA_@dUca
z4SVx$O}S`@g#c*hOPbAUd8#N^j;q{CzI$|SJn-(ll&UOuv;c>^E}B*^SAiqUN-ru8
zj;j5al9ehnbFmu;@6{U!HjT}8)9*hPA)Z}2uDzZ%4iN5kUq$1@7pqGzGV>caDGgQL
z$3<VzDh-PIFLhLP^DeIwG9RacbwBp)1>x)=*+A2XEdU)eZ!~W-D6D0k6;aljji=1n
zVL1wG0ar%KOdwSblxeb4%p{*<{Or5I<g2-#SDX;!YL@GEUQOf#1kRPg_MBai+x?(%
zBK+?&{7_o?NGvfews9tpz2t(}+t;-FemJ&e4bKkKCXW$$K4p)szS@rx`$+;0rC&0<
z5;Zi#XaJOwNxnd-)=<0B)6^^Nk;R-h@=UyaOaRko&<&bkeJkp;u`}yRK0dioTzz$h
zZ2bD+JfZNC1>oIY62e_FyyzP8-d>WvU4FL$ljt}fbT#LlP=B%ASdrz(uT=q^FaS;r
zoFLb5|9k{?T@lQD5cZUJ!H2vP6eO~-3t1ZH1AzP&YyowIz0<=^S<c#k(g{~MmGt|(
zj$acV$_FA8)$+rV^Ea8{&3uPkSoYCV5h*aFJ>Y3zANls#dAi#UWc4L!h}J@#@Vi#~
zZI9TiU)R3IiM+$2r|PPka!ppP<{>$e8n91E?OFy5wE3xSna;5bx`60=p<)`DdbLlC
z0Rod$w`2c@5H|8=(#SjN6hzO$aE@+{IJg(aOs-_q_MQ9(u^vV$vG2}M&R;nXH%a0^
z=exXmL~0&sw!iEV4CN(TX48M*^n@ZQyk*v!2WLV+VjXshEq!aYe24K<_c4}#PwYy}
zYc+Ti?nzew)N3fSQ&dHYGCvpv2&ckQP=`SID5t=&do&>o5RbmK_~2$CpnuVV;DUwy
z+S>)GOX)Tjf?NM5Tv<;%X8xwKx?CqWejQ>C5g}C`U_7xFc^fb4#JFS4eK(rh40~3W
z17J?9LG&%pSWc|5O7l1@EokL@?YKt*$ub+FKX{FS)ox49-<A;W=QBn4aiGL-=TlP?
z_wuVwN1wlG1g8X8-Xe4KAmb+H{7+w|pzF3T@NFO+v7>~ukR3Im*7*=5+M?c~K)X)m
z?6~(L`8z<+1;o)A_C55rzlIN3D%=}2R&x#?T9#oK5p6WccM_fTYML5Y#VRBBc<!yT
zEUk+GRN}wCMC85`?d5j8$Y0~1WbzFcdXxHOiaZ&6%jO=iZ@F&4o@jiT_)7cr(3|$V
zmGP?24A)9TbX9uW8+$gU9j^`E75)e*!6tMY3^9VhJIWQoR-sQO2oJOe>ZgZ+N${Ly
zY5b+p<=nH3;v^U)cmSCvJBGmhCiB(0f4vnSkbFJ!M&R7)g<o3d#}Fy82Y;lJF!HYD
z8xDjIn}i>GgAbd5FTkjY1L27J56}g0E{UW#<LrG*LambT;0!_i_W}IZhb@qj{3oD>
zVy_O#_IA5gy%E0P^{pdE@q#@O?J0H*dKXR)GIo*5UBh0nZ{2iZ)TM(>AYKSnEQ#0V
z#$Pe*G5V#SneBAOYC`<_>hAMZE|Nn5{y1-$V4H0uQlJCx8fu8tCo=c_&`0)5rbxPd
z*G(5p5#WmW_>~~AdQkVw7Tq0t04p$hKsV18{Ty2aGjMw1AF7W%fF4Lcpd0odbiqHv
zDZ5ZpCl}`JTmWc|`r9(KNn<cUbK4R+E<nSFD>|MVbs6aK^;&$(w9XUT1^m%<3%RRM
z{sa4p>*}kT<~Ip0GE<^X=_UBMB|z>cDOq<gl6fi87#Tfsyp9NzQCwee-nL>C-d7%I
zE;u-2@5vkka5k8@r0Dy!#@d+-#U3Ly?O#ltVhK)&elffh*P=0>jyRkEZ5{~yUbGb%
zVwB*=ilk5RSnzW*FU2``k3Y@>`tkdf{2DhL_rKrfZ0r*g*lzGwvj<T3iTs*L9CzQV
zjc<{+MsprQ+?;$MjJF?t^N+9EKG6EmiaU~7k0D85<jSrPB3=+tdJg^YM2GTZdKc&2
zhbu0S|J*ebjIoS@@DU`l<#Q5n61?ZT2LbJh%zg#m3h(Oe!l(1&&>cb?lGi~>0+abd
zy1gww<ed8s8ignH1V9aC{_#M%Cf_o>{cAg9jL!@5M83t?b?C!r!U+?19q?H#BRs84
zL`IqLp@cqlu5WJ=YLS1#&(3tLC^~Q+o!Tr6nfV|E(_T89I{=fbw0clZKQem&SMVRz
z9hUhX-Rz8hZb`rB-yKHhUHn_$%{cHw`AE%L@LPQV+&CA47Xk?H#q2$|Av|9XP&&UD
zx;@A}GCHWSo*lLenXEmwE0(P{GT_U#;L$Gm5CSMKj0da>rUp0s6YL%-J};ODrdx*3
zEA|z(!~|$&ArhQ2AKbViRHJ+|xOpacD<s@~2xdxlC8CUgSJXjMfKd(+uiy2oi6c0h
z@3pGR7Pc<0-g+e217XBlkUsD8Mr6i)@1)n`0>UP|UZ>mlmwDf-bNuTi{xds-o>Jc-
zEQsnx_8`p*eixVT?C1DTPd~Q{<*vU=@W8#oUdeCOc45pVe>#0)=qof)V)`pI3_yb)
z3p14Vm7&>Nilz$!Bw2&+0A<V9+k(8S!kdd6UlzKGvMb@U?{ioc<)=Cn`}H~x)v3O!
z)L)bO%uH7Wrd4fezNg~<Wjd(_7W6;L1~XJ6J!^0|4Y-{;-Ok+ami}Ve0Juz9@gRr%
zpevYD3w$?XJ;+_LUH^FVBna&n+ONdvA~R1k*`F~U)mzkO(1-Lh_!W9bf@FefebM^X
z!Do_l_8{CNf(b=3;uEtbb<;1z9%WGGOftfSWCS%{maNPH<7VJ92^vR0T=ylN4}lIk
z3?#M-Y74Zh(0lSrC#(mMVe@?jJlitLiF_0?J&K!;_lXN~+;{39Q5P6(Cd23T<q_oy
zV=K`o#*0+uR7Pkpc(w)E(^lb<=!xxLaYun_&14_^!>Z1Xu*Ry+F}ED+uOnfHRbNl|
zV+*1-t3wMS46EL@h{t+RCDz|NzD@`Z?x`()N(436sS!!wuUoX7T6`M{t+-e4l<58@
zfyLJjB7$<ZOQaMZ)UEGRptnf+JbDT-`dw64wp;&-PCsvRJG~wcL}lNOit#*eb0fW6
zPDMLkj}r0Tpz#Yp`k1^;z`u`w*+J*S1`X2xf(VQM2SkX@8xs6`_m`h8g!}DiP_z<3
zY#U;y>*j#pjMcq}iwj}70}`s79f}J!F)4oLw+w;d-mb~7c%VEGZQdMcJ~JE4kgfbn
za6MMvoqVgX{MPZ$z;#*wUnapI9Z1xFL^Wi$9;7@B!A}AqqHm!DeZ+oEemeBuC<%T;
z5r_}~ePn*<{<_3ri0A?Fbhm-oykXPm0U2~6`slgzAsqBNpO;}pGR7R*x+L*giQ_jC
zMX4hVQ9v2Qf2)x|Ei>viL-ic{Gf(w<T)-Z+>_Cn&Fok_?EZYd4*}f=QaGZ;4xHp!I
zi~Ucv^S7rxNRchXur9(OQn0b~uLm+9_J!WffZ~^bschsr7btYjBGvB^dT%)WCyXKS
z&M1_ZWXhTHWo@~?T?e;5&|mR<KlHBv*!Rfp5Bf*m2uDlo(-k(RNPSJL!4?+yapWt@
zuWlq;tKXQU^jJBA*UyOVt7DgnW%LR;g40ikoY-QQwxuMDVFXP7r=cWv3HV>#pW6R7
zMPBHfEXN5&o-?Ef2aHh^u|8Ml;9rJTDEWV3ZNsl<{S&}9D{Fx{t51mh3*f7)gl7N1
z_a+swo}7-?pOi~+3xJ+<D!8&R{*T5sSwN%UipUtcb(uVE;$KYG?!VOl(Es_MRkuYu
zSnVC^*n&Epy7j*m^k)}XPp$wSTtU3Z?8w2XLH(m$`rE(%)hv&vO~~|hoDat4iwW3@
zw;&&c+&2y%t1O5kP;l=>5Cl-)E;>4aN88)KyGQGT)2)%Y&Um7iJP|k(<w>9CYxJDf
zLX3qPYur)@2cubee43x2!qQ}Qc)Y$&+VBJ)QfCUS%I2Jt(ii?q>AOi-jrO+^MQy=Z
z`Il5Zf;VXb#k}wi;LO_oH|;8FMRvRJ%izpDlsRhtq<tlBq{{QHSvNFCZ7>{{e<uEu
z27KmMXWv*IwPA5w227atd1BgTimVkPKKx&3*tzL{7cbu*Ug#Pw1#kZoviO;4d;kx-
zkB8mYr@e32!%%y%$U~&0QL-|hJwm0iCXPtuGCA|&bsWLUq|+xvYUx6yf#0J)p{VnY
z!o~|W@d3+zG8vWo4(obs|9hGz@W=UQgX<q4n!PO_HY18SD~dQim~}&c<N?beyNl&F
z`v|_x)WOddZv9>6-zxBLUEULO6F+T$6|yioU$*yRw~KMg34CROZxzFY6V%c;>m0T&
z-KXI{jYm&hS5OAih2FCIUfkjJm!@Mih1K_;6Bt=SUS3eE%+J~v;A=d-4U>Ojjk||y
zxAs(RuBq5u;nTPvWHLZWjdf3{%F_JbYm-KSLpd*ap0wU|`>Sp2lQdt1L-|9llQhxv
zn<9H$$BEpDo2whw$0x2=4_vPa9hPw&+;N?bF`bUB7dh0;K%~ziZ2a0rS4^hhjLzWZ
zx3CLG7-iFpzjKYNL?-bQCv?Iyx-q$Znce>BQ$EBn_{<2KVEmnKT*Wb|<CxKX!X@iF
z?+PBB^2z=or8obK`rn6mfZXhSJ?IA;3x!ESL+cv;hivWr+oDRx2xDZ_Jw}z(&DuuQ
zu}%D$G58IJF|q6$%#VKr44N>VJ>r<gH%7GXvHwaF;lN<%6F<JeFad2}jI_Qm(t0PO
zb&bL39Dvc?d`)r%8EeC*x8L7n+BuB6jePleY|%!6@Pne}78rkJiIWmV7jX)`m0k9I
z@<=I(X*+P=#z&*E*|w!Y+WRR_ld_)!Mw76oN2u|~OSIX*PZG7sAX*ZwS;}V=rP(5A
zw4m7{VYIN>BN}Vi)*nDoLEjA_T>H&{zWawzmF73(jMCm8WDT+*|D4;@>`<Qm<|#<D
zpRopPm^(dx+0Z7s1FOMU|LDh1MhgUmh8;GUn4nng6HVp_({Mn4#F)|~#IA*f&oEE)
z`)Y9Y^v`N=jrPM3)9`R~_YXD+Rry6kF%&cM-;z!c+s|vk1=;~?HY8(kk+#KKbeb46
zKO*eO?eKrV*%cEdO4t@Ny%{y5kc<C7(lCpYjBlD_ON6&QW=oXuNxL<PprOFtWtc{!
zK@PP`W_u%Pl8PD4Ym!PB-9u7>XWZ4_q8I4&r$}E$q){KTUABE5w`-<L9JOf{h~Fp7
zT@wo+Gzz|m)(8WzvL}h3i4S~5n*_)vfArj@?nBEzOWXLf<-{C78#MBDq7av`_WXdx
z?)UEz#{LmJr<X=q(4?0@d5{N*DoPdwR`GjJL=jt_4K+W@PCr+*0wr&gOl8D&|C`E0
zKYPe{-_c>YD96R-+X8}B$MF3aua$&|W+(dFi_l`@Q?VZ)@lu~by{Uiyaob+mc@yaD
zr7Gd+xs0GaKlt%?Sd%wFT6(3T^_G{Vg8;jEe{W@%yK(Gy8vlH1=f_BBuC~_AY;Z$Y
z?(<cmcDXqAyRJ^dF~4uh$Dnzqz3i@F=fc|c!W-oSm-C*#Y+KLy6aVDPNO)pL`G!J=
z=CN%DH82Xa@2Yt6zIwKiyWH$<N_knlhhM(=8+}YgqB_65t#Y4wC9SegIV|$sluP<=
z(mb{L#!^36Nk@8KOj>g_joz*RS8q=Z+8;w+Z&<VH+E0J$1>Fnq)EOLytmiUE2O>9L
zBCa23x#wD5CT{WvDuL%wZSFDhOG;|id?S>I{!QRD(vceH{B*r^Cj)psaod~(UczZ7
zc{}Yd3t|Ub{gWSLylUIuCm+a_S|^*n9)6rq${M~ut6#$Lbnd-x#1?dBp4;%)_l_b|
zwC-CMMBurdc0TZ2J4br(Zra!{?rN%YPloZn?p!v6JG!bY<y>+hae4?ocdp+}5$>p1
zdjMgv?dzj7Zt2yXp0e8!v}H{<)}fm??#FN18&{inrq<6h>e{YCmYSaD+GVfn`uRq^
zfZgWxE|wR|N1roKqtl~0XXevLJFCUxzP)zm<yJFV=hD3zC-43JsrJjhyZd2g+xrD8
zuGdb}PUiX3p?3U-k!<8mgDh|`x5?wQ2?%a_+;_7Awbx68q#Bjfo#aku$%|S|4;7re
z<}ZFU@2Q!O7j37R?>k~7zdDa38Dn9dAU+hXP#8zC4Y*>CBun7_5az%>L(6-LY?@1(
z{{r1TDawj#%^8_15-o&;*w0zc{xLIcC8)uvMbQFl_`=7r9Z7z!+g&b!G2kCI3&ahr
z4BVxd2tdLO%?pC|KE+MQDL@6-sM7t2q2cExN^qlE_!}gw(h$GCdmR-^Yc&3xvBtNO
zgAmW%p(CI)7s1&klHNJWii>;8t{@&eiCRq}q04%C#0a}u4>~auC0r39eCzM6ob7Ce
zb6lrR6A;FuG?j{aBcP0TckN%Z0Hj7fOPl4Z>mJ<=%o`~-lI%?$oNZXhlBLi@9=XK-
zOgNyf-VRc`%^T%OTt#Baqgtt>?!!V772t847+C!wSYflQHlpgf!F@Cdo@3Q0V0s&e
z4cgK+m>ro4r{)^0l5}p>L6(&Ej95;75!~D_pEwu=lW70c9sFnccncY{7?}Hwf1E^j
z#XV58nt&NK2;)|bf;D#x@iQRC<S#J;f4=JX@O@kQd3|J07R#aaT*#!k>?93sJ4}UU
z{>A~bJ2&j<UmK>9rFOnh@jcioaj)ypwaoF?tqK=G6TeTG`(beTGbB0o-6~~{FY4ep
zpTBv^ltv!@8t~(_#DS;$Lj%;#qAw1%hulWVSffW`+#r^(Ax^uy<ZeW<q$&iL(dW**
z;9P)otnJzlD`J#toY%Uo>8k~%JfvXbu2-!U&7Zvau4KsQ4=c|Uprmhqv%V={&ed(_
zCL8GWCE<x`48C~up51EX*iW!&`#m?f&mXv&zF>Can=Q10=~x=$69cp<Qa;Cb<RxL)
z+~)-%`8UlQ;@KR#l*>Wio~-F6s!-krEx!h7(WTY}dqm1-<Iy)^3%Uia70#XrTdtAd
zUHzu=5a8VlO>Hf!5X$6FrA#7S!_*>0Pha_!*d5=Hx_4Y-wNx4A*ji2_N})?$Si4ap
z2W#*(9h9b75&a(h>mQ)Nglb<O-g)`twm3$la+R-T9ygx{btXmAw>KrP_xsehFs2B&
zh~T1)C@9R?b~k;Zp9O0)^2sbsEl)|a={0_{R<)8+gPP<(W%L8A*)DW>H42_Bl-;!A
z%x!Qn-vAfl)NjU;Xubjq2lH|8z#389k*4#NrZqE1h#b@o(k(y*5|i-~1Cl(HyuH!_
zL8|B`La58gE>TIQ*<B!!JSoSmv3FXN#ic)}pH3H#A-FitHb;&w1UFJ#DpfFtTIVzY
z2BcYUEE`RVgu9;gn}`N^w%FT9DE#zMRO#5Xh3r7Iw1XR1FQO><kH6O?3Uaip?5+O%
zi#8I+G{kN=!EwN}o&?-LU9oL$1*wrkegrI=U30co;~-nMGy15HpVpx>{K>9(;ZG!{
zBnw0N${~?>D1xZ)M;v622`!m#R4Z#il%`^^M}5EXGiFX=-}9LJ2kY}6vnIO+UBI*<
z4RNlgs<eh%_n$y`%Ik<FjU?GO4QH>(Tls%rGX?buw($Taw?T-7Q@QqrbJbDgo5;7{
zBEHooWGBg2RAKzoJrt6ugCAV?HS`yp!W^J>YfO(kwa<=IO_4NGS<$n(3CK~A6FTEj
zqCdF_)T61Dm)Z~H`m2yKndAxDt2ey|2@CB8RLUeyxIE1zZN}Yyw<Y1PplR{T;L(gx
z=yRDquqy-t%AvXqbGiMGs_x*V<I+I$hpJ}dd65=Ecc%@+>*A?VU)U~d*v{5{W&A1S
zl!YBR8e@^hvWoZM-S=%J#}tQ>N6lgvx5Q0%;njbcH=@ULFK6*=<~n1zf#ZNQN@kA0
zQtUvF_<*&RMr|n`K=s-P7@~!;2>xW)vBRuW4&(qX8IpQ&+xg9Zp>jy;(NJ;pawHCB
zKt1>6mB-o1O-OJ!z(;P4+?l}Xeq_<}nBX=%{N9JE%-_4X4~HQ63NE;CBuVOTOK^U&
z0NWDV%p<vmxDc5*9$?FJ==j*)<HB`tcOu!coe|V;c!`pB5++aE6yU;xC$(Ib!^*lN
zRxkz-G^%4bJ;0vSTxV?_7rdt8T_=W2XIpHr75xyFtO;Z_d4lp?HL_*9<M*Z1V!1KP
zkB&_JN$#&Xx_Yjq>H3?A;uno87YW-ALHj7fXXX|M&Pv-1Q(DN;h+U$S0M%cS#_6r$
z_;DG@O}@6l3#O;`mL}IRb&9|6f)f`Mp_*2JB@H&Roi9f=*UmAGs%cw7k6!noOks|f
zEYC5knTQ95W7j$Is9LvIUtHbNpW`Yvx-!(Xh%TGHJc&Wr{Ho<xipR8`tlmUM(_L=D
zgcuJCx(uw^)?Q!K^v!)tR1E=VB18v8<M`t^CoY`_@;QulN~^|`x!|ZGj9Q|Z;i^{P
z3{9g=+UD3%%aDBk?=2Cy>wMCz>KvycvEr}dVYM_PcdFB>DK$BGr$RrIVX8(9yPQQ;
zrj+`UCf;IHFn<kw<~&JXj=)(~epu<I(1dNFHIC_B=FeP6%^v-5V%P<~k(oo8;M{E8
zaOx#ZR6o0o<NIkd6R|_R2{DR2%02<0<*{m6eFA(BRTSTFi&~<cWRLMte?6nZWB~au
z6mj<!b@FY5*iSiy!1}*Iz1y`0>%o8eKQFl?8!XZwkDpbzZ|b@58!paslp4jWPKMT!
zZCu8UDTG_uer!s1j$13XvkrS`GMRvH9x<$sPzi&FJJpxTbsb8N67_{n6(B_e%IPbM
zpg878codaW@1i@tSi`^)!Dw2sZyHM#wFubuW)YLa2Bb$A@ToSy;MR8&FHtjnR)7ZO
z9Z6JJF(J2fY}s{6=PGAr=N4BPF<RjG2@W)N^Yg%k<`@m_-;rsGz(~tapE>SRGrbGK
z#~O(pqDX-^m*9`Q<;=z@yRWkY^<*lE`Vx+PNn}LSD`F&E(U&)r)V(r16}Z<Swkzty
z4z~S>JeDe8jya53RG4?j`$;A-58&%PNsPJ^{_S8ZDC~OGR)PIAd-d?mn!ESlXE_?k
zA;)k6bXs<PjDM&3Jze`~4ul$$XkfzzBmG)$lp8stZ$oX>;zE&S^tH@^ol$T>j&+RN
zd!pP8zU3n(+26G+8?*>)z0VFl*M9PqVS)V@Roq#Tq-nOYbR;M}D>cnoH^o0eFaGq?
zl8KBFBV3Mso1quw!oKkf40GezKZ4Km73VQb8B)I^4<QfVoN8jXrbF%V%H+ZPKKh4J
z74mBNHEEhMOgP=NlQuUAs5({(@RpCRIYmhp8^BKqGgV@XzCLLy&i>xd5r_DwQ(`P9
zhe}PO--2Slg0yWFDtQ<lCmj)|n^h+7c8i(1U}A#-CL5_;N#C@F8$X+j7FOUbQz=`t
zwvjV<qI8t&wi-2i4ha(%siEb{kb*c<EyQnlqU?|=$s)hE>y&K(T)+~2Z6}Ep2%|Vh
zP1J~Yj<-ng);g=j3R#I-)Q1o1ulTLHi=D+CqIEgUhV+D}8PoWC#LV1bjltp<Bw>ro
z(!|T_UlX;e=XHO?O37KnD-?l<FxMfbjK$y)?@@x=zPbScyROAuo2w^&XJwmXk}>6W
zMeJ*5Mciquo)y2Jz%lu9>sa!Tw`kDP+lI?evA=fD7V9j5t4K04*kUlg9ED~><ZdEw
z>!|uuz0NQ*ZrQT1{R(;;3h=2oZk}?3g`z#rJ>Sl|6=gc;_8#IzpUQ+06_R|XtwMXL
z3O)UghW)Th_yZX-SdWpxD%;4+JolkQIWD1%$T6log8zc$0$Gi#Lg`sBu4J5?w>+_|
zG|m*WyWL?T#>`NvndF%Wh8Bn;#76Y7bWM`vDbFQgEX8EO&pqB+C_=oMoO<KG!QUim
z=kvbb7TDSTzNCN`+NGG@|E2y1I)q;!o{q!<v%Du`<~le}QWf2SXdgpyS>twe93-$U
z>VDwnuN?b279d>=4&L``$#4rthJF9Wh0Qn`A_u;5>c<az883lZWV#aR3#qkjsRV~@
zg(h^0;aD$E4=L=%Fh7!8pDZ$jCXH<n(Gc0x7A4f!C<;y_Xc)^(3m*l&C8EV54-xgH
zcxr?ri9e)US7FUzR?}pQLEz2Aq$Z#_!Dr2_$7Op;KLF7EG(w{qbSm=j^=*10{kG4~
z;G44;Y#7IGO0|i2zxiE4-D=*#)4E+Eaej`cVY7(@hJ{aXMjm0Qgx}r{<oQ#;qr#H)
zI100yA~`B9ZIM2?V<wr(l54Zs&{o8$fSWHr>0%PLmC^t&Hhs%_13$o#5!`Y^m@|`Q
zPqY`O2rzpL$&Z;UMuRLib(`4@;_!3OPGx8hj{bm(%n}dXsGHzOgYj2*s+0UYXGMCe
zH)X!939iewRiEnVmW@6}79g$4vxA*r3^9sYo_^m+<4Ht+6e8-IQNx_qi1tTq!#aL7
z93<02E{?Noz=a5vLNrV*mITpmHSk*?!P!XOARtIAyk=lS>A0b=ka^%+P`0u=UR0kE
zCKoczKD;ku;A+i<ZG)nxr{?8%?M`>nV2&-Z>X)0BWxMtLDTZQ#GxTdYYr8;WFScTW
zAWP-C!Kn-a*61-};V3qA0ap$_t@FtYai*5(!}PY^kO37O0u)6nrIJL;PCubY^ur4`
zE&y>pD|&am7R}e#Z9wq@JBN#3((5Nx3ur*rn$^MRA7UcbTkyLC`rOYs(&!R|{+|>U
z{=Y?wIFTZ031y>s4PZ4s-qWQrCwtH%_7QO``8mEt?0K;;$=NXj`&VYqCK|=QyYTK)
z*~5WCg0$KSa$IoBQR?$(XZL;K#~P&RdB8eIJN1Dxj8|=q#ti0<lq7OAM-pzg%*M2c
zd|1sD1GBK5OGw9A4cTIMVUBKpg#fMUGII3Yx;2co?y5?SEpF~V3x}COP?&{BbbeA7
zLBhO<<XFfaGnMwU9jft=aW^O5wUOFacIYw{4E_kL475Ur=#1#tI6>UH#j>A^#{s>{
zjRh#-tAiG}l0)$`2DyK8WXSfZJVeOcM_ko%m5dr0^kA-ox3j}YOc;uH1lSAl?7r0%
zAYJ0baf$>Etmo3uC+2GoCkanQLbnN5k@nysY%=CCiwFg7Am({mi&2ug?Yumwd`wz2
zT&qN%h0fp!Fu=Z-Xtnh2BvYzCg#zM8wDeeVG=fh7qx+ZIcN)si?Cts2nIV#fjt-W2
zlF}+cG{@F``5(IvAO#7kex0|*$Lk`C-<O>j>gNyJ;_)!-?<W5=QoXBuDPG_I5PbQ5
zv1zB2DtgSp#{1F#!NmLFQ6IB689KHI)v0(V*OKsydrfpvzNLdN@%G_d+eb7oG>N%L
z>2Fm6S6QiRxauouTif+hNZ}9d{D=Oom6HzxoBoFsgcq$hPNiG%lfmw%2ey;ZF(psc
zBe)x%nvuzr4={Q;&WeAZpnK(lf&F(Ogfny)ML>v)uM6~tb(l!_){lOy$e>2m-4b;D
znqc~YqTt|Zu^{^C`SF%a(Vb`u<?vQ3B*T<TCC5oRM!t^D4%3pBh()DNx665VrFpm>
z$m}n_f`2oy)H-K&JVLyJ3Y?4b9S3#y?(7t<@hl?~Xh1(z_wR;`AmHHAVV-P?1ii`H
zE(5nQTktYNgKa)hRMiG%)37Yzp5Tt4-d;C-Im?W45P9F8sfJET656@853{yR{MfRb
zha?Bl!rgz-d*IBy!4fp1K))W+qh)nM4vEIeP-m*pk+OhX=UHGlsQmJ1qQYJ21iQ<W
zrcPl64HpH?j;O<9DK|NJ)R8tL^~>4ts{#BO3nppMK9?kKHzVc<8I&;uG|`+wspbl}
z?`|Fh_ZlnDqkh_TGC$=4gnMm$^P>d<%Hqev2p89a6PDhs83qJS^G#mDb$O6*Uw9;B
zA79ZcaIL*J-V9a^4TQRP(m!(}(c7g4$bJ*|4xvYYsx91fr}?z^$bo0^_N=3!A_7EX
zeXxF5SXe$)NvmR_10V&#6{L_7N9UQ}e?{>e!}ymP5AbQi&aETfG=b*v`nhwjU5Z=2
ze%Yq;lT8ipUx#=4n~UD#0-2is$_&Zn#|8Q0yOSU~h%SPk1f(MVTKvjn;z-$dJ%Ts^
z7nPP+V;R2R2)gLsaQqq+@QA7P?KS~czM$ym-$Zx(Htk>kM_bnc7Dcjz4-gfGj7l<q
zD54_n%xolyB2h7*0*atWSWr|zP{FWZU@?M<wnUX+&S_N4IR^|F!H794n0+<7fK1Q3
z@0+{Z+O7`O)m490^(;1K$Gf(C-&^W2wb`*|YxMf;`7*NXi^B`8yDh_8&6!{nP_|=2
z`iGtmkF}X+7WrmjCs*5(E30HHLt1Lvw98q)M9Z^8nv-^*I4MW@X|T<Rw6NaOt{Hdq
z&yH}uVVs<CSC}o`&?E7tcxLtEVHLp@v$pQ}wZQv?;+m}PYlk;S%i?<+-}KS#SJ#nQ
zxtIHwRVJHnO|7x8YE~Ig+fn}5F22S7E;}de9D8TrC-;=azuJATn?Lnb|5LB$m(R4A
zY4xjpw|3{}ou7Ta{CxRF^Q`WsTQ6<A@W<(I?>`rQzrGp$Rhqo#hpB&>o$oH+N!{IB
z3xp5%q;0y}_ifzxEsEN;jy{afl(4$Y_nMUfCm$-rRpIZ>MrL}i5lji*f8V&h#VIel
z&URf+=KFiCIGxxcr;qU@m!&&Cq!QOx%$p<~bH+RQMNxbIjuT2IMFx)^ZT?xlNij8U
zv&YScm4`ge?0$ERjJ>LyFM|tCGiLu<Z8qm^Ko@_V)`4G_EAPaGC%Pz>*lkG<r`}oF
z2q>Y@q}ufTYK<;dW(fy3cRAnpw@#p$u%iFa$bhBCmiv*J@untuCg;xSwAtl*EVcCH
znYRYwbp7i`+MAf0CmuC8@nn4M_3(wm)-jK^my~{4Ia3}pdi0A`Zvq~5^=qB^_WjZk
zkE++{t;_8&r`n<UY|j_wW1j6!SB&^IY{>kah+dYXboM4VZ5og{(eK*2nX?}WBIY!&
zwV%>qPkR62uvHy(-EHLky$;Roqn|ZDvSTh8yJzsL{|@<+TUL+GJHFO%5aYTsebvR&
zdhK6*U_N#G>iKB4q?YI~eNEs;@!$CS1KrKfwAAlE_r`%G;jI$S=jKGt2<T|qdH%gI
zid*@)^V@{{joN$FzO7Esz13fP#^18~nQ#k!o^4K#gN9p5oJU6;QQnGJog6l_-Qg|L
z|MvH(>C@raD^c0_(i@$ZjTODvvQn}>DbQ`u)FdDIlS^wol>O}vE$Y?DW%tLxEl1Kr
zvpnXtoOADcqSZFh&u6{1$9&oQu!BNx?@Q5&7Pi0pD@Ih=DK96qc%(bY;*3dk=G)*`
zhKhwLk4EJC<j+2}<MQi|2Kj#a>w87EDoEd8Jy|>djc>u4NB<2WC$`@mP(4+7>V;Wp
z@AX^i^v*8wxzv7XpW;!?*G+EMS95pLHZtqC&h-4n?(xZa4*qLGE?=8&Rke0Z?RP7!
zsre3%?_};3Z@Jq^;T)s0J@)s!fwPxu{7n0~$WO`io8NWg)<U#Da{2MNqv3s@7esYB
z9e&)SBw*Z-?|1f97iI1J&vr}d?76Rn1p?nE-oa@G9v3P{&z$0Jf6DRFSo3jx{hXHN
zn7?d^x<6eyw9~%C{hD11E+%$F8QslYb8}69+?o};N4!5^%ab0<2DDPVJzy$()%np6
zrEK!7F_(`|GhBxZCIr<!_l(%AyWF$#<)T^d1Cx8qYJGfBrOvE@R`27@jY|8Rb{N~I
zG~|iN<7FCNr9%H6Lhs)DPdkhmqyOyls+ogotpmqhd%4hgahyxgmp?1B-Sc~lt6BS&
z_$;1$<Kv%$qW90<PCM)nZP2BC_bT}DyreFLVe*@o-P}t4W`xg?Oue~&mVWF!uQJcd
zt<&D+M#;9N2N`$1)Mj?6&ig}=<750k`5T866jqEk(z*O~LUI~uR?>c?*#zqyQ<^*Y
zM=mUj9dvOk`SbJM4;g=Vo{zVBKQWs6NUt0ro}Jwz(#m>`-Jc0AVW<4Z+%%z(IP;C-
z!})|ltMzW%^L^heiC%1Kv($Qezc+e1%^pO%OFa8lmTn0)(UFv`DL5W6O#g`Ahi0<5
z%Ieb-7kn^J+LB=WqIK4R*&;8g@6w<|&E*}gb=^Nt^2+q_gXo2Rg)NIJuTk5LhFU#6
zIW~V`U(<lwgZIY#o)x<4*4BdT?|qc32h6D2lA_qsYul48u@O@uduHiamhRf@aL+aA
zW@O3Wi0!pud!xpZ)wePue#^G5jXUP-dHq)3+a1HE$~VNn+5BOg-R;WlXWu<A@fh{m
zDYE(H(=P`0`*G0i+;=jfMr7Cd@Lcp%Z>9B<mfO-z?^^_a^ehQ}wZ`P&+R>UTn#<3)
zwRU(t`i}PH*9v;WPb0T335G5|B~Gq}58t}Rd`uZrUOOSxDAj74(W}tUIlt$fee!*H
zQ2TA8{R+y@cI#qz^{G~#bt~<0#ElhGre=oNB>2x7y<Ka;%gsAxKk{iKU)HW9w^Z)M
zyuSaZ?DMWVGg)Q!FWLRW@$q$4`OkIVKlbpbDSQ4ttjF|awwf}9STQa9{^eN(H%~Rw
zTlS`9UI8^VWwvZwB3hX8a<!=SBFTP@`^HXLp&5PiE)HILv2~(-pT0{SH<-@IidweR
z<m;g0VP<=>8Ntp+&+->!$otkV)IENn?!1Bgv)!TnC$9eREz#YnyYVrq9`#XVc6ZU}
zKcw*LUAuMOGnH3Y_MSV#TM_re=bOCunsXOJ9(!da>^|o-vT({&o9H0ZuJ4*3KGbYF
zk+G-9tkNOgc>8?2bA!V=cQ$!5XVkIWp^>Zn-7KB=&G@kSS?7LpgaJFXrW8#dv#>|8
z{A8ZZ@y_#x*#;0@3=4)H{&wzc(VU=7Ze7<~+;Htx{$#<?&bO-*64GqujYym~P;qcm
zki@Pi(Xs2fs=l_%AC9aUR^jVm{8C}J+}1fiNBVbR#OC6i!MUAma>nL<2wUc;Bk}b;
zboEH~EtgISHly!qtvs(WWXz=Z9c}!+NBB5<GPb)DdRP2VZZB_X@VtA~%7Zx}C1dpm
zcYaZkc(qJ8E7RWB!S-dQ=O+)xn<j@eB4vu=Ku53heFvU8wa9hIzT%k=9&S{Qdv(kH
zqDJYYs#(vFS<b4qOBY^ytI_XMUp;fZ;>($TJKpHjSw8Vwznitgg7=P1m6wPGPm|VP
zGARfV&wQ{F?G61iG1$34^Y)h8W3H}jotCT{KhY_Eo7oP%>3#aWnLX!ex2e;1nT%St
z<Hq+Mtv4#-XD8Y&F;`Z1jmTYT@$h;dMVHR=<~mx2ywI~7-twc^YUq8f57V|L&Av0t
zF!TK^<L|~s%DubuJ|wm?SbJCQnXurl{wv>oU)BcZr*<Bvn_V?Hrq|NlJ<t1&__8B<
zlI9+7w+Gw36}LmD9$Xls(|+Hc>Z@i$ymZc-6XfcQ8F=~Vct-KbFP>`mW!c4xlWksS
z2<lvZTx`)bZnoRGT;FkhwwDJlo)P)qYXgDC*0x$9iyt|^NKKr0z3qtz-*X0Q>tYiB
zE^jrL_-Gn**od5L68fj-w29h>?Kh9TZ2WwZSIr7v-!H|V+Go8?ji@M#c|1NGonQ3d
z)5+cR4~rI9&pHv58+_oCrJ~<|Blo#4d64X@W!UkRbt~br%+^1?ng6ifdnY~rWkE<6
za)N)4loq?DZI1V2X8S$tIFDZD^Q-lMGogozyWK&bHanK;fAGyBa`O-Wc=YD%$d9+Y
zYP-0%a9bXt_u^=`d+oOP_0;%zeo4gnf{?zwZ!X!_v-J)AwQ()NXRmk2Eht-4uE^?l
z=t|L~&l$bTR&OaAJx+MmtIlopw#>?OM7?f3Z=r3$8pnQDmT#RtbXb=gk4g`0R1Vv3
zIPlQtw%u!2rJnubYJb0K!RLhkZap@hHrHACDq+;41y;RuD&spmPOh4JZPBc2vXc)6
zE~vdJvO92lLig{n@y-)}S_Wp<&bC!tS@?d{14Z(_56*#EcPfueo)_P`+T{G97T=?8
zW_KPxL`z?GqNWVJ@k%OiX(xAhH9xz*O^<C4idJqt+E>zJ{PB*tosKs@t~a}d?aJYF
zM(3=v{=24J(hGRqquY=pH=e$@G{Z^0=>3GDp8_wO)5=QoKHBBc>m%j+Bd<I<;gFEJ
zp!e&E`nx)BN>PMGi!777-+eOEux0g}*~fbxAM)rw`m%D`$x%hk-<?{W^LJA8iHb9m
zOio<Bc<Rjkn(O<+EB8Ee_72>7$$Gzqv*AFqqN>8$ciA32iR6WTFP>kz^m*ID`^$0;
zf7U5vR$TX$-HF;D6Ghe*{r8sC44Nhx_0^~{lFAT7CfoFQ>%a7jqI6E1UAqs>D>my9
zDVdkIff;@0aMY&i%yxpw#~-y%`CjMt`)5GK{@_W8b?=_c_?fhEzf0;D#=EMfV)j|{
zKbC#k^x3wx=ll+NM(0~-dvED>dr;8Lc|%>T$CX|SnS#C+n2*s-ij3+pYO>|_Z7r(S
z4!#tZzROWjoikcI-8)oc&x~q?P79s(wJndmeycM_VHEvjf1lQeoL8?4KUy~T>X0ss
zcUtZJ?gTowX2GwgomRzOc2c+ro^1KP{Xb%mGILq#nU|eUY_tm)(y2|_>=)lJKY9H5
z^UCW<p}iORU%4r7@y2mYXGiDt%XV+j+9Pb$eE7iIPs%)ZX?58>^!%GuwomJ}n~N+J
zCE8PVSPC_oUwHj(m@MpI<=8n3Td$j6r{@?N8?edWkDMUb)hne&qjyMRbHkQ*jhjVI
zdl+$DFQeJ)W9t?k+WY2F)`d116(84{teq+T{qt0>0j^!Bv{rL=_7qM(URM5KhSaJu
zKKFNrE1{t}Uq<S>o?$w@jc$L9NxSp3&EXzjoWm6}T+Th{a!qi*br-$P*6)_Yxs;fu
zme)CSAa_itG@JXkW}dRBjxb2fczkHuv%N0W-gBMoZbVNC8=IQZ+sZvFW7qPdhaw-2
zS~_ls&LrQvK?er(>D#4Sy4*IlaGa^^@wdv5aT7ydA4rUkiu&jr?pNs9deBaK+Lck!
z*}V&1?|pOXiNdtSr9#oy$a5F&G5)Lm9u8!7UYX<AEm*d3clxz*zk;Ck7T-*_S=}H1
zBCX<JpIHvgv!5l@g%7;7_=DLG@6nFua;AK{-L1ghvbkn+@5+%s|GO}ERMvyrNtYvB
zkNhlOWOc+gz5M;J+DVUI-nla8%&Pb6)=6I8_&w_O=PbpWbn7j9e<-vD7P~rR-@mSz
z>na)f@cvShV+(gZe=%mkguPF_C97P1R^EMlV2xe7i55rR_bL3)_Gjgc<6~#F^d6vW
zKH_d<;Gf;e)yp@>mCSvAb&_uMmCEo`-5o7cd+9wfSo6DF`p#!*`MSXePl*y|pE)b@
zdRlw>-Y&-@zdk*?BMB?{Zc)h`oZSBRk8vSeC)KSQ*g4KE{?W6LNzWe?C^QsZ45q(d
zWHk+ycO|S8@mHtU4LTO&s;9C2>-#TBACn*1-3t4ryXjM0kYxM;lgue^omUmD-t+OG
zqnjb~{jt=irg}lpk*_r)inmpc{<Cn-lD&uf&6<-G_snT==M$p+D=HFJ>Q>4MPbR-#
z_U*T%@>1xM(K{`F>xJ}Ncj?ryp+79;YsYDlUCyrWZuegJGxw_^l^ECc^^o3vqrYrx
zxnQ5C;D>$Rs<EB-n@#ZY{O?JOlb~Pvc!$y9qkrZYz3-|qdB^$$<69ObEh-8td;YHR
z$_*On`svsAC7Zgxy0!Jt)P%QpoobFxKL5>B=IY#LcZu^Vjh<e0G1BypJ0i?=eoGX?
zkHk)LO`#FdHcz*$Um5N0q&WF;kFetVz;Q)w4KGy*H|`soq;c{0phw2n=FKXb<W-m1
z{qy~f0ba-NPc1@s<iAHh-!@_Lj*^-)b1o(SdE@q`KiZe9yFE9`WlVTR$GF5!7I|-{
zcWQPqV{Yqx9bVp!Eo;8FddSY=<sTJ4^97}k<|!jbYxchIUT4AWp?4Fv-`H91skmaQ
zZLu%4rsnvmSsB5D>?WPed?!0T<ZgQ6d8*>Tu5{`^<oS%1gU&w}na-;!)Oebow&}~s
zqm?U#!zYyAOZ?e>z@sde{ug8}hqc}g_3#SrG(D}Z)wMm>A_DIE-=06pBrwH1PrlFA
zqKj*%>Gn^{^?$~>Pd3T6(8%3WHluVw{>>^>(VehUqzKA3d+%^fo?JQjT<(`&(PviA
zxvk^+qvGkq%VfLqy5dt)UU;S3-FbZf&Ws<mZ?BI(>hqk`TyiIG$#wa`&mnnR-z_)0
zKeJ$EY+hm7A-(O-H6|B-UmJO@nQ-<q{Uf<G&ld%wUX$Zr+3P+PKe+0U>lF8=|G-no
zJ@9GWgbq7@cs^H@*qypE>gu@tpUpZ%>TPUpmD~L6FXMy*CvEp{E?!3tF#V(LSYvZb
zF}aOZ;>7n4rsX%A{w3lOS#u?uvCZmr=XWp3l(z?ymwj{E?h?6s{9t+I)On|DtG3=e
zmLfa!XX54I-!8=+OL<kB*YoAWwbQ;G4z0cwSDqMk?^gG?k9!A~T<EE|<YXsoZ}#-@
zE3+?URyR-i-b9D12L1lp`BjVm2KIQEuv*%)--`vFNjk=E(H|~Ny76&Po$bZddsDs^
zW;N>)J+OMjjIy;gx;hul?)flRuIwNEP=4mve}}8>zid04wBf*y*V|4_>3ZL1vg7bj
zzmXrE%En%b6<oCX`Qyu|IC{ON-r~NBkn@Y_eFXz@H=GQ(aqW^r$n>a5@4mUu_79J5
zwpi-WDWGj?d{u|Ry*=I|%ZWQR<I~^t9pN-nWYHr!YfI+fcRO0!BtMSs)Q#$sT6fy9
zRTsD6)};oaJ0=fe4i|>G-YsAMVbka5-GBABJYcb7c-wnxkL;LocF?0==QV=FhfYmy
z+5D-(s*mQSy}Q@naBR1<;;weAe&Ctoo4d9+t+dk8^nhY-{~c=z!&X*L8#Hoc@R-;U
z!?jmew@kh3@1k|o(e0zxsI2z6@S8c8?0(s-Ra*CXRgk-X)jD&L(<Zw&mAUy<#pScx
zMYfD1!<T&iwBVFZxaFss3vTf@+uAK|Rbd<OVn(YkMT#qJX7_9zw0v;;c7t1W^&ehY
z{OP8or^8uuJIk9Dy}v4Bm02&Eg>K(fnJMev^6lieSI>2r=X-66`@{$C1I2wN8dN%-
zyfCxNw-thk+e{7g*3~R4n!4@uyzvPRuG`PVp7gKTX<50Tt$eNYbLaA$ySLAd&nP-O
z!Q<G@!JDsateV6;nyCmqyz|S+7G)FnOzHVyU0lkP`z>B~F+DLO>qV6F#bz?a(e{M{
zMlZa)D);TX#cQ5_6r4VHm6o+W_1NqD3EPxQ{kIzgk963(_jlT<>tP3_73=3({Fvh&
z+@ru~K!8EZtUj81GJFmOuU{l^{~dZfJ7J%`L3{82sypv7{#LL(Ec}+w)=i29@nOPc
zmb)~soE$!LcZT_L@0Dg}R*QcgGvAvQx*?rBy7=7U(D&{kb6-4}^0t4jpt_C8dNTLr
z;TXHiCp<Rny|1r-!y=-vSI@F<FRR*hPs>kT<m-D!wlc+gj>doa4hD~29WffyL9^ph
zGQ3iD@OaUjw_8iJYqwp#*}q$8FR3woLGgW5g6@|olY6f7&iI|XYnRVs7vqa<j-8vV
zZ8+eKG^K^+fdSQX&C6u&m+j8RyjU`R%=N*>DJfm#OP_pQQB>$LEYJPk!_tdII=!PO
z4H}b`BD>|jh;lgW?fk0~<zg3l`_?m0i%mndUO)Mn^ROc4Pup=~%Zm<`y|huAgJW*K
zzS%8MajU22`jl|%(RUq$+e16`U*c%=&g^){z8^RDf0wG&d&=}yHba&j)mkekI~{#t
zz{NMqubv(gyX^L)DnY*gmc;N^D;M`0@-ty`KuKkYX=;|~SbMwKOU9Ut{cl<CZGk(f
z|D+%1_WokkUfa_5u*2h=?4tfhL>*%nUd%SVzVM5vgYPc*D<1>=Cbbt*x4XDzS0uKY
z^X!Guo6yIDyX*_FSw7n@yk^dt^cbhS=4;v>S{QwGX;^l?cC3k6@9&-bj0utJ=&ysD
z*R2^OHZJPvy(@Nt%l$K2U;7zlY57$gZ+muNaankb(f#KE2j&e5Yrf_3*jp1T1B+hy
zg%oPLW=fBbPPXjl-TSbj)Ust+=RwZxUac$9xjJH+@L=m7!REhRR)w8(+j&h8)Ah_(
z|DuO!N&TwpjE8^IsIxu0E~TP!)YuIfO9IT#KQsDitABDtsq%Kq#ADl|4Kt*z?$}H|
zx=-LYn<y!Y5C2f6ZIm^aSl07m@WSEIJ<nLL$aR0RpIRuZU0vYW7Je(Nx8i+7&2$I(
zj)j|kNj-YMD|GuhB;M!rqP8;XUe>8Z`$0bwd<N)xRrIy_wek2avDb~IqeebhmO%?c
zS{DuO{-?GkbjA<A@T!|<{<IA|FS)vE#NwP!kA8Mppb(<E-F<#t2sb!S6?cEB|19+v
zl~|ZEkk}S@_1+mv?N32Zt%r*p4wH)e^zPlOZ#@a}T~PdaX3v8mJ3Lo2eubKwez!d!
za&`VW!|p-SOrN(X<n@esa~D;aZ98hYN_irsS7~f*($?TtKYyKn^&xX}w;5C4uk9N(
z;d6)iRRIaihdLJ<=33$U8{Kz!wXSmBG@`?`^7(Z>kuQe%lx%!JeHt`jmwo=NXMrx4
z#wp_3xQe^&2)wD;$tTi$n9rv3g$ET=$M;(jd~eJqqb(zENeY;)Z$jgq&scV#jo0fR
zQQoU!*N>l`xbNfRYhKk)pZv`d`*+(sWa7m^UaMEw?y`J&W54Y<c-y|TTimZFN0wW6
z&AxMf?2M^>-`}Fb6#|p2Sfd&COrJC{^HfxIY5cE4if0#l{210%b6k4xr*?a9Mk#_F
z0=GZyH`;K)9QhMjTjiQLTfUS&H@}vdpy@m9`i01x!>5;posQofW|zHNa%kj$m({hU
zsNa{w^wL8wTkHBMG?q*ZfAD2z;LG2??0*{;eR-%Gd#J*<qUwuZ=QZnohvdI_wxwdz
z(44AQcMkX3wEF8G#ek)?YwPOPeVJGE_U9y%8Co#Prkgo4)4CkWGd&^+lCZ;gdAvN6
zQZcSmsz3X6i)Mp<%q{wMlPbIYXA*E%j_rB~O&3wi>p#A<hmU(q4%Nz_@n@H^x~1C!
zYpS~)3LE(H&{HdGvzJ;$OQ6$Z?k{3(Cn#K;_P+>BzT$H?zbdBmOW3Dp&n!n=>17)`
zF?E?vM51zYhpDl}i{?B@{BS>YRU+NP&^>z9r^Ui89^zG>+=Q1(+^5JqS_HK0UDL%Q
zG52cP^jB+_2+t1cYFcEosy1xy!>l;_^Urf_`{rnz9O$H|n^B`{A>QmCaPR^dzE9(p
z--8*$&!77{#C)*u{D*g1+d4fvXtH6s{*fPF(tFKLvi9@xICQ~+Ufw%Mc)Ywv#zOM!
zi>%#$uKayX&#c)z)a>Cf?|Tux)56#H?DlzPMyTdXp9Rf7=E?u|{!0YS)!VHu3+B5L
z4$XTH^BvJI2xW+f0WHK5k+p=R(PcSdiN1=6KFB<XFha<UaBgUqDJGJ&#nzNej5H;L
zJ+hM!#u_w|N{IF%k+n!9ww6$owMa%;%LEc@iIB9GNF>%`G0@?^5{k4I3#Ha#66o-q
zm=>VL5~7C&g$_!H$td2P=&VJOQgqFm_@OB#QJ{?Y*fPS++C?CsMQETC5rb|{Cb}WQ
znb1d5q6ot_Qq`9d65e|i2&iz?Cn1gcITJQ$uM^SMjFhR_DOC$WwCWQjMO&bS87WYI
zl&QWX)$BBlG+YQ%w8EKai@coRN8|%16NU<PKVo%1w0c~TdR$tl9ye0ejWAO6Ni0@<
zqSc>7^`AuQmQkwj#OmQC>ftH%LWLqVpL#q|{dfXo?@Z|FkYe?OqtP%I!p15>J+N3T
z5Qx>C2-RJRWXLF<7>VNh5_H4f30(<y^tLZC1f6juj-uA131g(=ML407zJxUzl1c<H
zeR~nzG|+l)q6@R!ow%=szWNaq`@Ii}>qiW0KE!8OaIiP((T^}gp`JuO>J|f?WcDYV
zntsKM_9FZ=kikHrGjqk8u+u_0!w9NLi{3~lkQmb3Z+Jl8!9M6rKVlnN6-St$u0haI
zJ@ssVVm(UpC(Kc{Khcu?mz9=COfx(DiBJvHcQ|3kDu_x^WE4XUA_6qf(!qpOhon^^
z0@XS-nCRGYjQW$5c{G?<q=BXnf!`9jqaX})#H8vQNfi2^AX;@&%MEr*rAX@UX!SNx
z>OO>06g8CSrz50PjG}0Cb0~2bEe`_`*H8N5Fv0~Hjv|IO4;a#K#9%-4F^*`1rUnwu
zI<&P=BD01graoR_aYQ@xIgsdtv=U+EcB5hCO?VhZ5OGoinT&y*7(1LesAWd0wL_%d
zW|4YI5-G9?1yvOfAq>&@P(t6VUO{MDy^bi=RE1;El2AgfBT}o2ghZc1i4wFe8g`}0
zpy+8B;ea~Ii6PqFetvy?P|PS|Gy0qY^K*_NoYX`nYBaG`0|{bbbERX5$<2`IID)Qc
zsELO4&mRYS+c(IkkB2{+CMULP%4oDEj__-w#Smj$XaQ**Vl9)&tV69OQfcG=lM?a2
zFDM#}Mnfw~*zgT{FrIK>hQ$*48h#XeyeJ7JW!Ec?V)rdlN=HUUgpXk<G8y|lP@*Cu
zN!8xUgzUjmwTX%%qocqgKs%ZgqRnH$yo`?rnbc3d|2V=Gy^SY^q6g!M6B<IKok;jG
zuj2?E4Wyd{>$jLd4An%5Q{jxPiYEr5uTx>={@&if!Tr(3sbGO(5{Lr$!xLXqVD(Mt
z%;ZEOM+4bRC+rwO64AREDo6(<`q#n_>CGa9$R!XCrcVm7SwoEO&LV7)A|CcRG=?x|
zdZiMNG!T8L*jP&hrqN~~Vaj+<C*n04ZJJt>MfC<!gwjXAk13y?K}b+w0Q6!xlK^w9
z)^kd&=M9D{T%|igHK$l@jvAC6#SbQ0nW<z5Hb-sLC<#bZAP@@CwGhJ8j8=aHWm6p`
zwZ#=ippPR!Q|*U<JzdNGYp#MAgQm>{8@qQTe2fku49tXTwHB*(Q$RJGN#q&|!u+Zr
zy6KW?14>hF$ZZfvr$-tw6YWnUo`Q(TKzPB;+KV92)o3tFSJDYL*fir&gsFlSSqrQK
z*k6r~nh-g0%vfC!EddJqe=aV%J=I>&S|kvtn)U44$JgI45IzglpVf8`K1<b~)yLgh
zL{jR{>O%yd#p=(h<1^S=MAi4#Tdh$*sPE8YkiS=75BOZ)p?d4BMRa|K-X6U@J>h#=
z-JzQsvieQDWiHPq9PLnyhu#I|%tpeOKvw<qo-$wd5=e&Lt<k&41brkf5$Mx;JsJ(@
zr&of`ZO}7dTK*wMd7?mF{TSwohn{~6w8%i8Qhl!>Vm|fL`#lVWChN-)d>O@*7wbuz
zqv8~3(RqVjDVmz9Z@^S;&`TSQ+9nvtnZvsJSF}*nGy@^}wbD)(RVVA4p?C}9Xr%ks
z(GodLH!x%p4E5hcq1HKuvB)}KV8K9}<63BEp&^ZKr0AER%pyZWCL>jUc`d55G>Tzn
zCm1}^K~}a#G(yu1N;E~Z(q*~<<1*dwwi!BUXdJ^#&oPwfAWI8l5<M+6EQ5K^FEX4k
z9nG5ADw+wiGCJG>O(<vui?TH;)sQfsZH+2kqn0h($QcJC<9995L(?`S>StlR7VT}-
z#z6Vk!WbSCcubkU7OiGSqE)@jqL~*nTg`2U()*jic`j&Gih}*k43z<et(btq)_caH
zi{mWh%!HP05(p$$T2QE!yICjo((_xju|#f}7KX}`t=cdrTbbSMhSGhk<czkv*$h1t
z9AQPGUH#40BF9K81Et*G3?6ev?r#y@9^D9S8_m#h79uMoi)l-uT&2ZYWEk7lK<S@p
z!T4udijJb_%62e2AFFsv)Z=kG66F=9=%W=8Rx34ROwUNGvhV2Hxen2cQ&`(SI%w0=
z4m658;HigRRJN<%8|&3x+UUmt&sHeySqCF!yV$l&yV!O<6VR0;>lo%zWxG+j=tinF
zg~A@UD?=NnSsN-%p0s03p0qz)gC<?Fku#F>9g;24_uDoUs(RX?6kWMvW58rT>)@V+
zc6GFc?~|>Iw9yoSErniPvawamC3~8+74j!-4V3$*Su^{m*_01PuLPas%)LuC?Fsb4
zwG)N9-?1r0huu0EC?DLhVIJJ+c*_Uv?b=z+SlZf-)JLbu&NSK}uq{CaRA)mbgtT4!
z7tLO27sCuDJFU<|*6ZwOWa-wa1l6vyGh{Bhb$a;<eb%y%VcK=;ys-s3Y+_HLBL@0<
zsClkk6HV2Wij+lEXQqg<tBC@eYA;9a^95E6w6ZclU&jI0*k<<i>$tzp&I(<Kvo}y`
zueW2g*LQgzf&y3A%bAd7_7MhXcP_O4U}9g2=I7ZPFvX_!<wMca-(BU*$ryWq7J94O
zO^EE{?29#JBy%y&eqL9!L$`Y@b9jaQS4~vVraO&B{OMXh*2Fw}OK_RW1$p+&g1oN5
z5$Ix~Lkx<~vv0->{L^)n9-`75C}d4^D@85S9SoQXqT9niXvfkXa%5;Mwn7d>H#4;Q
z?>r%+Ai9H;<5u+$BF{+<HtIbIHtTMsAyFoob!U>y9EOLWH}4%|8Sx~CUwUZZA4dvx
zS=OU|DsR&qtTbdwopc9AC%wmdW5nbM<c#^U9sznNYrQ~(R;}u>21RWU7%2y>?!gRN
z?U*+Z&9k7#B5AU<B{SiJW3@iAwxfmW4OsNYaRsWiqm7jGUq^=i+jCYvYFkCeG9dU#
z`Y5@ErqGG?0tgzP(+0}q4FY&bCV2zZCLWFZA(W$0Rz_Cn%6dWl@`5et^8_+)A)?VR
zJGunDYaudVns=ei8MNL=9K&Q((eGOzS4%O4*45CZu#*1IX{P^kVFy#xW`$JFRQwRa
zDX}e)(yTc3P&Z?7y@qTcx>=xaB~l~huNETaR}1l`mZ-x|X$%7r?xC~%0zjIHmf{jk
zl2*2|62l{5T3JaorlB5FoMM<6E2Qi6P_qmt3I&!(OVQm7C$Pe$Qu82GzS>!i9+pU(
zF$;c5duyY|o1CfTe`KX-|7K@H<qkN{J2aeTB%}P+u5xDi6sL&>NUxhKTwKX;Vi#~P
z!-=_<;r!47(Xw80bTq@M8DqD`xm*{0^zKC=)6LFh=&VmKBjwr6&dk}(E)_B8?0$DS
zqtV7yw-xGk-JL?N-CRpGDO&lYn=3qS%#&`t1{$F1iav5CSJrE|0SbH5heWnMz1C`o
zl;?eVG3R~U|HdQXE01WV=K=R$<|yy02Z=^rcVCO*Yds8=#y8v<;~TxN{6XQHJfj(}
z>wU~EkkbKA3T40PQ;LkrJq?&XZ~J`ug$}Ipk~8_QJpSmSu^YT7bm6N<sU}S-6KXw}
zgxbFEccYyX2gsQ-n>-T@knMp16dHHHvlQ&s07IsIxo7@UG%+(k&VVuNr-LSK2_R9y
z2CucqZ)<>oa?nOEc)a29fyWmfKY04V)1Mi%(Ldr8I`?8|G-DAzfbc`DwTF>t*nt6S
z(Hrey21=ds0q_ijXAq-PK3IMU{dgZ3jUFBtpv~ON3|QF-9nlS<P}!D%GPHsSGE@%V
z8UW7_X86{j@lL4xOR$^~yd3(}3Z)wir;wNSurd^EINVVALwgwWLp$*AOJvo3q?{T3
zAu!AmY5R_((MR2&Qgq*Uq>-|W2x7{J;MOk@buBc8>G(Bxw8e_&p%l{J8mo_1bswox
zNjd6eINTCdJ`Xii#uyHVX9PSUOpM{k-BxIDRk$2&N*dpmf%futC|P3+g*IFZRk<fQ
zI^jFg67|;{W2k)NJCb?h8|tk@Zl5CLOy0H7=+<a>%SZ~HsS2-eedu|pB@*aF8Y*j^
zhr$yE&nTwm`RH-A=x3>1&g`oSKiCm%JSC^mI*l=<nj%u^uQ`VC*Nph^9$i=-8^e@+
zirCc}-Q5x^L<?I+svJ706R9M1qTq>UNFDjPeB_ZdK9-3nllxesK`X~o=)oy@8S0Wd
z-awgsTFzvjj&Zqyh9oD*8G1$RdNb4$C6GvOYwTJuUc0u&!ZQ}0am=o*aZ662FBcM{
znT<)~*V>|#yNMJ!mz+?)9R1w!mT1tuL<6NLcRV~3;F-vXa^u_IM`%luoH>x3kYt1Y
zo=Bq5Xp~TbZk<d5@3%66F<F`Th(@m_rO25P7ZckXpqRoG3T?cbSccq+QVf-0_Y#?~
zdy}LUXxqG0IrDo<l2#j}w<489<jExV^xQs~1Wz(Nli``d+&($gbQ@ZEe_Av%I4Q-v
zE86~Qnh+HhrWB)$*V7Cb|Du$L*XX{}j9BCv*46^8D@>_3bu;FtW)UdacLs@ESEQDq
z{(dtIl^<86G9On=Tjz=VH_VJ?{@kCoLm%}opGl*~ucnn~N=T*h^)yELdiv0TNV}6F
z1_5@nV#1tfv@t-ByC`7yd}oxRefA1N<p{qS%m}}kpTba2m$VpW_lB9d#>mb$jY5j@
znWgBLZ<+x^9-Mhoj;6Ismowu#DJE;7)As3b&E6%g9t0KHE38mq*K`Br8G8kD#y&09
z6dfYxMl&m1(z5lCW8b+X3i3@W0~`0-H*My1wD?U%H1nuk`cqxhLqkcSI{Wl8O)04?
z>Y5JEEO=(aGlwbaI=6jGMD)&-Gq%)RT@y65UnYe{^_>fH=$~n*H1(Xzn0jWUu0t31
zL7OjcGMri|yB*17x*eG}-4AW-msx`P>CQJ`Li%SW#-U%w=L6u{pIN7kyw1*tP1jJC
zAj@;}4V3yvGa3D(^M1Oa?l}wO%*4O*v~`hv!2$}c)tO(4{uC@QWQOa`FW!ef%vvZ%
z0^RxAjQqs>s%A)(wU9zn&dx7Jdf5vN8T)hdH7}rrd5h#L&dqPeEYDex(*jj*SVW<a
zf(4}-qP>L+K0ZT7?ktuw!Lt`u5olD+ViL)-7P881kiC#G$X=w-MJ8U^(ah((MQ;p{
zO<*>KM0Xe0d*-~2i>y#xV77ts#KuL;iH(bYIijb+rE<pZ?qZ1^TG?l*5M_F0t6IyE
z)$_&XXoAO5Bc;dl#f-=EtV?02pX0JvCdDgztsxrVx=e&ZL`yrW0mA*jYzx%MZJCi$
zJ1Cpc4qEcy0jeIEGnVNuS~@@<EgqLcq6>YNvLHOcW9j`@Xw{wEXl9q=vO)voshI~^
zyU?6^l_1=fSs@FpJOicBZ5bnU%h}SNbrN#MCp5>)09D+F)<?$WtVJ6hK$}T%Iq)op
zX9YY6o|Vj`xLk+v=$mt4G^2etx0gLC7+6T5$(nh^nk30sYUO!dLtf=Y;52UJ>9#~J
zr;8}0^&qc|^~@U|<iV5AY<y7QABHMMtd=ujE`_~J(ZZP36oS8e13RHi8dS(64Jx`m
z7LD8p4YrmSW$CKCGMae0s1yZlU2UMWIa9>goLRMV847VMj$xcbRu9%k3#G*rIvlea
z+%gjpyZXC3`n{-F4tufskS6-Eyx0__6|}NOySA(@(WFRa@YdB#@YXe&X~+T<>!aVZ
z7KSj#9gENDpqVS-^Wiw6`3j<2M|4zLyc*myGe%aNHxv@1k4EOyM`q_17gH@zL~ikh
zRwALJNGukLB-XS@>L?(^LXu{z^NOuCkoDK%GGtp&9Hk*a^9qV5z<<6K6d!29BB4c&
zQc@(A2$<7_#T_)z_ASNF(7jc~k<iwCwTfli>f!^2|3)FDq$7=v6&AN<7Og3c)r5w1
zC8~zerJTOS63UT=*jhj_!ZNn+g5u&jBwJS;0W5{<R4jVyIV?0qIf`YJNG4+LuCJd?
z4f?QA#WHl0isi(n;sd7trXvx<3S_jHVzM`@XY*sLs$J|hPS+wa=_nJ(Xi~~Zw%5<5
z7PZ}}T50-D70ZX692Qz2a}-KQAuQnVuHqPWrCs)_8m`#OX-EkKj$)D$P$Uz{6#KFb
zx9(RpY<GauP$Y&O64E3kWL_U&cgQ`z_$j)2P&EnBAr(vMAr1>A5JKNFiCD-a9%kol
zty^*mWgJy)>YJk~mXKo{7O|9eBq3u0o7(j_JBs1?;?wBE3AGeYs#s2(<gkcfuLPt>
z0@7J>s!=-rXH*m0c}B%zbC$y*WETy2II);{f3{KEuAf&;Om;!Vvi<^x1u|=nQc4Pc
z@r#*!k!9&=T#}DcE~{9oFRNGvT;Z@#0+FMP7C|zEX?s;I+UN>Z!<!WxJrI#F9ZEn7
znd0lkHuaK?y{THj<(n!F*IV4K#bQT_q+|jyLsZs_=@c@&qhd+Aqhfh-hr=SGWsVY=
zOd^Hc^WDZZ@4l~EfaL=f%e)617D^&;l!^p0U<s;XSzybbptcWHEVCY}SUx`Fur#VP
z#T<F0);s&Bs)pz(r=f@vJBp-2DMc|+&)8k-@U?gyN`0<cLG^PL%YYXg7E&gILn)L9
z1x(wQ>b~c`RyF+cy7++6zjH;wQlb76{;aqaQ}IT9vRvM)T5fvJ=@NwQC?Z)EWl}yg
zt}yhIYK130saUAb92Ox>gHWU(`@LW4we2f9^;N~uy;jAMSIgmOB9oXpwI1yJu4-uW
zgVT_diCK9|MHKV?NBtJ9MK^w_WFq^mVp;#2!$QMSDKRO8Et>p?Wik9!e0uq`60lRt
zt4mm`IY6VNsnvuM3+S-`3Q<g3%@Wmlk8Y-Fc(WO&Ash}c&H_><WlFS58a6+yMG0$>
zPqt98&@DMEG%WxVAr;GHjE0W7?|y`;;Q@lvPz-w|panvhM5Z3wHyoxyG{JzKHmWdC
zvGg|NvPeOFg)+!IGKNMh3oP^$x?o(wT6=+sie;4vmxUx9rBW%F6K1?=BTLuTDwf5q
zRV=?-b66mA>Ig#!K`Sq`sh?N@T4JtZsWn%zL|JfHXtBUiM$u3eVQ9+|Yu11cZCf(I
zgw4w~&D2UINMl#=2HSsXDg+xX5eQ{sfpw^E&w!{&6O$7oq9$2O(dtvhgEfI+@Xz8P
zO^FbZmx`lUj|i{|*}N`}Fy(hHLLZ+OJD?9|iUr2JZxMO6cw?u3BSWDLd=<M)Y-9;K
zcDHyCJ9L6k2@EY&4-MN>z<&6+v3Sh?TUc+Ck{+58VBT5mXo-(LH8Cn$S70rb3ef$w
zC6q#D4cZ48>Iv4ms{avy!b5tPLnCP!1^sYoaPVm!O$y)vYbO=(`V)g&Ce`f}jRT9t
zG7;phIfDS2knw30&8N{&2E%zpP#DH(Vlm|Gn~b4=dV@sDX5gC;SsLgzPLm2``0B(`
zN(9+>F0T~)JdY-VN;cjOR;S<*;lScFnSjmca|e-;P~XC7w2;p$;%$>yCT`pkMZ>;}
zWpFfk9YRZtCJ~TqJ%TeC0A^5&$7%4VHF-1<zBmP73(5cKP%6enC?P>L@eWBqoIDx@
z^*?Mfq!2C!;53nxwub$Oe;Sog0)GyaH)~P~R~WE%0MU38q(}*G5Q=6?LfkPxWg2-E
z^~X*E66CE801kg(8Sg|$XcCMTHV8l?{CG-ep%kBtLIQx7H!v;XPllH9^aD%)Ppjbu
z24DO_TF9G>P$-3MQpx|H_=RHrtc4Q(9s@5=)FJ_taxp20D4Hi35#Y_nb_%uClZXJZ
zHWC|X61Eb@-8&J$0Uk{TH&d{7Vv>fU9G6#2;o2{dD8zg-3J8VfX)ve<Z<_#~^Ryq%
zF;8dU`VF5(N!dxW^8Y7(iIA@g5)ohfB@+HNN%)2f3@gc#f|R4I>hlLM7%ui;;*ttQ
zd}aVlymk^HpI0j5tyl)NWSm#lmE`Z8jOH5)nGg-`RAQ<S^Cb=-o;N4Z2z)H508AY=
zzEnW*c19|oc?XE~p{o8sT#dUW6~Mvgbtskb1|b0j;_V>D#Dyj$X)&Lssx~+3v1+?u
z2PL?|OG)sAyg_6<uPmiV8aD+Hbx3hNmICbKErb#&c-tza{*M%(KVFA4fNXq%G|4j~
z5K~Hc(xM?RqT)sU?Mes*4dw#xN-UM|h6LA!pJOnh|BQdV?Uz9m&u<6z78^rGsw(;1
zGb@A5z}E%XfM=^^LNU)Uz^xUYkYyqPZ~cIUnx13znU#t7XhQ~f^>DqHiP%ee+_No%
zP?NVhsaT5fva-U@5zrJu+((0k13cgk0yJ13PJ{RvQ(aO3P6FFbps|;PIFlwxidLhc
zCWjD+kcq(?f?dY8gd`;b+;YH`M1cSw7>*H+a!9yP!`V7k{y-G|pN9W{T|KTNDN2Hi
z8fdTq*rWke<46V65`sd!ofPDcuNZtu1E6m(PbA<ExQ)dXAx)|7s<6Z+?IgIufgz$f
zD`poA!msy$iYCku>)|t`WkL}yep)7$;46lBi$x%u$q3;j;`$+!U={)7PXZ|6iB%{g
zd6N;!Xr3;JC>ezhETTbR*knXtKln6CqQI2~@&Y)p11C%4o`4iX_6wJcSOf?V8yL(x
z9y)=Q5jMEb#+VI=d?`o-A`+jVM8GphfR*8X95yfjF5Z!q0L14?OCbPe9yA8zF5qb}
zEJOu!nkt-xg1c?_z?2j>>Cm4H_ckQ>8k)jlHc|rFGhBockqX{&lnam)@5o9Zw!;mL
z<o_r&IOj$f))2FSl^5}jj+B-{Si{w72uN`U3l>F;J8YnVUB-DuJV2=+0e$0M3}`gZ
znz7CaKX%}p@Gu%Mm;i^%K;s`{8O0hnwf|`}ATlv*GB#@&lreDSf>;)Z(2!2!;eMb=
z@JU044oqgl81*q55Jk9!gA68~VSw~G39hYyS?%*FxLJ)WD<CosG-me@XuM<sr4Yb|
zVtWi;LoC3QkOE(aD;&^-a8I729~23*;T|z4KnOrH@phETQ>x_OAb!Yu3-NpmU_2p?
zhJXf16}&^xLCkzpP<F!2Hw4zwCbmKyvr*taaiswoWEk;5WFRjd4Q_q&XcGJwgBg_a
zCQT_os<>zX8{o$YgasuEY!L9qJmsPQ$zwKvf&zyOpCAopkKJNc{*B@X2-`$7s>l`6
zpCnH)Ap*yJIke+trP$OdPgw!zH3g%p{fET?_`y~O7y`HbfFUIKQ3RR{kL>{OL-ri&
zPbdT{#iJ=e8*riw#K5D0*T-m(BftYl&_GZmyqys68jl9%ho!;#8^teT>lIi-F(7En
z!9Y=fm%RcSCB#?9DnFkl;V3IBe=vj)PvQduy27;|3?@&5Swn~q0<H;%+7!5G+$#c&
zQsA%&i2PYgpnif&2JVLAh=!7g*pxfhAi;Hg&WhOu1B|T?PygXRAVO6bV+I7>=ql?`
zFn|DPinjy1#ixmyYC1bBh$SiRmVo?$D8xYo1!=;6PNLq<OW7O<J}?`f@n|&9NJ$|j
ziyJN(U{3|U?=lKxgLMern5UQkf^mQf?_A07v>7Fn@ReEyD7gMaG~z$-i4<?|Ahf{u
z4nl7kezswHB(D85$Q1{uG*qUrm{I{GnwR7S8bqXADF96-<Ix~PiAfN$Pc-f+fd*$A
z>klF^p%}w|P=tq26K^P%;b@38-@HM9wE<Q)*c2MT0iMwUnxs)b^y{@6h;Ve!U*{4#
z1-^$g#D};}01eI>Hc>c{B7E}T_4w^zraWGjS=ApZbt&lx=aO@b;SL7RDFRK>phy1}
z4CPzQ+Op9jUJe2pFIxw+Mz_(Zmq3KNCq5YnD*1y*@RS$uLMaaC1<b?~5@aE`<^%MS
z&068Q1vr+!V#rtUCIi`d-lPFx@@XU<*+E<lb`aM~N~C(#gx!;WqGoUS;H!hAHm>M!
zu5tTD!*23)ni4~8u)e>BxC9zPIExPguWMpX5!&%;jWpbHz&$k3NE`+LjR!RpK!gGU
zKClGBV;+r{6aijd&X@*d#@7W%Ve+;Z+>iu|OMqE~17o1^0wSPE@oYNKAeDwsT1MhI
zF0g_i>xOn-YM%o{A&y0XCc?co&>*I7U~c4<p=0il=;n_F)|qEtS)+>|3^=%W_5iLT
z@XA|2<JD4V8i1>6vzlNmAOaZ1<_U2)@1Ox@=IJq88p96|7-HOO!5B~;Xfg(iv7m&;
zOWFYqa7~kj>UK2GmBEqZ=`kog@9@D^^Gplui~=t+fte%us{?La-)S09Gd@AM(ARWz
zs!7ulJlJPVX}ux-hq0hP$ll-`LZS>m1TZc~gsMRx!r&T7kSZk9coP&#x#|h>r)faz
zxRIpU`ylvapj^hMiTDzPL=tac5g<9dKe2$qb8IvXkd(I)@F=*?qv2I_o@B&eC3%BD
zN{2^lJoW#484ZY=HwaXzc}ge|@+SlNIo_nf|MFH0X((<x@MW|Vf+c*00Hk>$WK&MO
zb|O3yf&O@fexUJ@2IwFq#eEr6L+~&Llof(*d|;?w@RU_1=C2qsKm2yG#-rWn%Y=~Y
z#a9Q}7vA21?(>vT2tW>(ARH#%1R)&84V(gEc!<8R)d?YD#P?kYK#w;;l7HUeItHF;
zgfV#KLa<~|{J?z~<jQ$iSP01=T+_kv@N9sP67#Gh)R}pDB!qCH@s!l(*dS{`@@EZp
zw6S5m-(qhV;93n4+W%?C{*(lmrY4vO;y~VMQh+hzGsA3nq85TV!#fnhogyBM7jr}U
z1>z38ok(@GS^x77wLvBP|1{)9o6w<{7YM-h4xZJ6VkHl9KoY8n+g9h;Xh_xKc@?&l
zf_p5`OEE4&xY5Q-@`z;;9wvfV6O0O13KCKQU<cbz7?lS$fCh*PV+K{l!wFa#pjTcy
z)vMJ_B@N1<uF0|TZvf38E2y{O%zz@W;|cAAO+={5#Q}|1S&+aX#;*(j4U)S5#!&4)
zR4RC>OQ7*k8ysxN`2AyMR|K?%qIHvnut^lW9bi}9;$#Y*t%h<4B*rmjHj3xd#Q2c~
ztPbcJ=OtzMtsn`YD|O%o>u(f48&zS)2^z|H`T@=uzr-T}NQ38KfyM));1VJA&}4$1
ztO!{og*geJ@rpPAXCTsT!mQ#2Y#>I<JW4t%Acc>A3Bu%w4T=O!XQ1i?YB~5R0Qblf
zxe#c$gaCx|pfp6gywtS>GMzY-hTqPBAOf2-xMe&)E@kU=*rXw6#jUHdsw{;l5kDI2
zHA%ee0QWZF6$S3VaKL#Nu^{IS5e2s$R9f*e1|(fYA_W#nv6)z0gm75^sN4>L29X|j
z>%g+Wx#FIC)=$IzLe6BMO4vB*Mkoz8Um#59o;6lj_&p~Q+zg(-Ai)yg5`=hw<X+E#
z<RIjQA#`s#87P-Rkr#HpDG>w!R}L}71R7k-#o9@QkT}6s2T3ppD7pQ?RT79saT)}J
z3hoht>=vjOSNqvAmjtuVton-iG&UyV3<B{O;0Erb!HUCiuGgamC=FFYu(Dj`f}0Rf
zd%-#c*Z|=TcM$MA60B4O$$Q>iSfGIg<1SbMcOw8ra?dBwBzWQtaxPFj$J#;RK#D0B
z<XiwFV3TIe4Q4-Jf7xmR7fJ(>7cN0A1vCU3SOTe2%vnG>1bDf73^bS@HW`2oqDHu0
z52ZoUyc!6bX{H(*s?(ZmRsshJkUkK=Rcp?cuxa7?3ptIx0-}A$_j1KgE1+tR$7J9Z
zfQB^$3Bn5i+(DqC1vwy`Cc@L%Eb@XZ8n>Mg02+j3Dp%g%&A?TF55_taL23m<F<{Ez
zjSQ?Er0QwRNI`VS7UQ`Cvo|6Bog6ikhH@RG@30P4ubyCHmBQ@<%+CW1gga7LJ3s??
zvK};sP4sXkBP11|BACa57YiYr<8}xq2h!f$ErAe&El_Yf1al<A2Z8J-esKqsl6^ag
zd&L-ttSjPn$filL;{<67Hf-UxgFC%=HWuDm6A3X_4!_?6sh@w7RzYdjL*Sx;v&73&
z!{uaHF;@yO7x13kBL;<Acx8@jMd2nITV>}=8fZ|i!>|`z+JU!CxY`QuP=Rmbt{Czl
zJPZ%cg)Lli1_8maB_5n66{*ZJtN-;_4t5U0Ztm*934vwht_1SO0FklDfN1b*<bVv=
zjpq&w#aGU&2kiJzjR9T4I)rlrJHTOvLMHe?ZaYB2@PY$(#c)v??q+ZYW-m|U2$@}(
z0yd932#5er2!TC^Yk6GB0FC!f3``CV4_8{?wBb4$cQSC~AXBE&1z3N*_<<<J0|oYl
zERYXpf<S|pT)9$!EG6$U570o=+)2Zg2e|swRH`sO`+lAPE3Cp*0oWC;<pLUD18gOb
zBZ3<~+zCQD2*0`tUI;)5S2948kqRt31!*X-j#xwXLKzlh00xH3^jxn9cpS_WMuSKM
ztN?d{AgqS0ek1;q!rsB939O+Iyfjw|Z2k)l8K)iOW#MP%xJMSCixiMQ)=mNiSk7b=
zAbCJdm|FxIq@uV|U@uWL6xkbe259hun%osb(E%(g#tUMBSGc&7fm00SQtpbu=7C9X
zsvw{mLRtpDw#Q{w+iEV2tzKc*l4OwNfg9A^b};3}8>tQWkIe$YNZf{S#S#(_7!6Vn
z+&u>10;O}V#RM8yA8wrssuygQo+AYk@HdOiIQs;L4%{}^ZvzdmO9N_EA6c+aY^sJM
zYSwDO@8WSJ$X<4a3^mpcJQKJq4*p|f6_7PY)T;OeyHf+<6>HQv3dhpmdIU#;Km)YE
z)gzV$$fsd~YWxR80Kwc$wu&a?f(;c-#N8$p4WMz;ZBo&&7jIY^oJG!dk^*?e25cd=
zVxVCrSjAj_!>7SwvNZN)7d|i)Ke&6$wo`k%MrWtuW&Hu`f0}j(g`5V_s1PsP5F8t(
zAME`S?vYis!)}zZG`tj}qCpv=VbUu6ry_!vXdtp_Qxy#hyI7hCi(pi=Cifp3c)=m_
zqyUGJW4M4<0U(JB9@!4XSSY5V!P~p|1mVDAS`7pYNwK`F0mpeE%K}nR$-m(^K|}1y
zvWgi4nJf+B8hj;Sy}1rX)eaJO_`nd4{+kSo|Ja6L)_JP~D~xF?w8QfGDqg6?;Ddnj
z{~JU-2H;LE$N^pvdo2MU1Yiko@7N3jJ_x)nfg2w&;9D+EWCwvz9bX(9;j&xD%D++k
zpj%v*$}%@zBWcnOZZzP>4z5{qv7U+-tL3sZh@6_}42-WLVnsp~4FjVp8U{90H2A#_
zO#BcZ@N_{0*bLVNkq}C`_^|_o#PwM0AP{2lwh3@BZnz*C;9@-$FI;@UCkUrbH5pj{
zKk>tb9Nr)RGkKzhW5-)D+|1w&0`WUf3E4b&lgWVpgVn($dEUSPW_d~jDTXF{r`|dU
zU3pS~tQk+L0Kc0KtQuD;gHl41*{F#4^>ucFGKg|{?f#Egq2Rz<G5nARJ}|^i^<i8C
z{)0i-EC#+}Nc!*;Neq{-@fE|*n{)9W+aEYFd~tvRxH_XyHH2UcTb&rLh~fJQ>hbSB
zNxhwi*H*cy7q&mh+Tc=PVIpsFw1`yj2ElJ)u^qx~1fB@lIx9YDIAXkoK)#4K1|ZLR
zJ*vll>>vP=c!R*(IJ`l?v+=|aH+^{ni}+@l&0llJP{6>jO}s$>GT_Hf43Q>p5Fp_v
z0$$MJ8JhnCP@y{r)iL}BwU7TJR>%nORtzOt-ee%S<B1yH{NSz_77Vu^8y4J%|HKd!
z@m35m5pNJEI`ReqjE^fE*dv}Jf?@_PX$1%sD-3`xKp}*i-Bi)A-??CE?3;F&5<*6R
z8-%FZVO3ET4bT6vL`ZDo`^i=Wd4o`VpaLm-Zt_aiANH0lOM|LcqXZl9A6w4ii4cAe
zi8nCZL~hu-27t=G)sO23+&AG~_GbqMG}<_Dz5VD1p(20p*fIq!Ru(b*qa`JV$Hqk^
gs(wm)NNj49>NiV_!%MpAfiICtbvt+V9O$L{KcI8x2mk;8

delta 674564
zcmc$Hc_5Y9`}nk=Y13v&w$N(3`yxw=N(&`QDugh!kfkELpT<;*NVl>irp-Q#Obc12
z64hMpBuk5^Q4~eG$<FUN=e-v-%cq%7^Zotf^`7O~pXZ$SJm;MIx-3+p=*AI=qelq3
zDn)gTDwW9;J=x@wMG-w|qNk{yC9da^<!q|xDT2cmwPTCgu|@4TA~;+I*`6z^C%9w-
z8ifQzqmY1T6c%nsqj1P4Ra8$E)l)_FR8c*RB$!4c5z%NQAv79^h(;6Pp^M<qNjL<J
zE^0^@HKdCgGDHm-B7_W4JBFwoL)4BbLdX=AGezYrQGXW6F^wf6m?a{ZlpJsL@G*p_
zgd<{sBkI8s_27u=xuSZm2%|`rG_I%}muyF;knQLcvK^g5!lR2sNvDeHsiJzCNS1Vw
zEa@Uy(nYeQ(?|d|qjeX#`|R*m<<NMg!)+wEIuso)k1}H8Fd8p(MA%504voT79?2NT
z<m#|!bQbPz6M22quqnK&Bd3kyuyj})E)`4OCemQ+FeOwhL1pQ1DZB?G=SkpxJb4K_
zUgk_WwV^;%XD?f`cKuRo`s!61EY>g9)tjTbQI*R3ai$z^f~vIi@-^mGiy79ss1&&1
zO&=vA0@g1fKO72LCu#5uB*zV7@P>_-Q~DV4iiK877qOO+FlnfTECR|qFKIZ8PJ*K9
zuo%3EQImNSq-G9d@rKc5Bv@1(2AyXvrHjDdg90jBhr{N@N-Y~kiEMp0Qg$R;hfO;+
zN>v1d#?qm1dGkii`vj&Az`I9Btto8YqfzR(dWs~C#?WDKdGcQ`LGY<cQzWT$h7O0x
z^ZR<&NV*P}&3pfK_DCj6hsnzvtv`aML*cz0JztWkL*uepynSP*@RpC+HWCSxM;$H4
zyEi6Tg2K^Z(0Ihyw~{m+Dw{&VtqzUb!^@PA9mPZ}g35TU<0nU^Glq?k08!GozpLYU
zjhBZ)8A%3{sYBuL62@!uR7c4GbyOWXo7X&^!CNp<ZX`zss5X#R07c45P&qnG4$o6s
zZx|bdD-*e6l*D-6uhMG3syS131XG8>8#{r5phj*R166htRC)WPWJXgt9AJk=<$x9@
z%JD8un1G5U=`6Mmi_UvGL2U?hrHLBwCL_t>(sd|w-lmCjFfv(Q>_oQcKcv%6QMn9{
zGilZ^8d8*u6iAUn=dyVIlV<atY0B`VRVVQ7OqvA*&EUyQo`K6&!E?bZSxFj$p+lwf
zj!xFXv@lpK^jbAJa+FAbG~P3rDbuLhj-F2T-cH)~yS=ns?YC=tx^HvBHp}4I%gKyp
z(t&FVjRK@Xa~Ybpmy@@T2X5`SW$Qpg*{|7j9Xf-;Alpr+Ydh_*ci2XP-DbblN!!`o
zbGyB_tNV_DJ|H(Biq52Qxl9BcY(7Osdo+s+?nz^DXqZ6W_p(x>oxHqoFBTii;cFUL
z51Y#dvxaU84({&WUf!Pe9@@U{KAxB~dq+p)|2*?4(?+u>6df9e#-)((gt98bn30su
zkx2JkI!{NAE*3A9s>9`gsnp8I@{Y^N@FvTF^^kIVA|ubMmYar(zGi`k(C8fSp)*ru
zcyr}7P-*1$@n8`16edKzQ6478i;`FTNY1=p<#k3g8B856jYg+X5#3NE5g8mja;zkZ
z5KKDq9gql^Ae+Xavv}rHsl1&kvJ!N#cpC5YR81b0B{Q1Nq=5NS7%V0<n8q8fATx|P
z5C{wu43(HPnhux2=HQrWqdI$=y#tku7~*(CTKPo<E^^pmbomiXh-#yz*$ktg@E{3B
zOJ#s(PTK?pK$8^mX9kDE>zuX<;wM!}MuH38%;Y&LZi06d5~w<CI`5I<I?y0gO98=5
zE}O<PRhouNri`a^*&s3|hlz$7o5*KNh8ZEQKc=WrX*Qzhx-5i58iXXCjxxBVgscR1
zd7h&(19=_;1_2!oi_PVt;SLzwzRk<qXN#-5uAbPEwYP86-r?@;1crevl*U4?u8Ulq
zMHS0su-g`=ZBEDmKJ5d@MuA=+B+w~5bCu~sXgQ+78pev;_hzJw1RGqR#;Z|L#9pYP
zsv6lkQ$lVeONY(nZBW%gZ?fZP5QBkkJS7134TmYBs0CmbOq3l58l^EAY|&`*bOD%;
z<n#$7HZ%b6sMF^n&LNU9z&LojrlV*F;RW1)&EVagjsgJGQm8sqDsQaXw8)Wa15#V4
z#sC9R9V`1aSQdrFrT|$_)Z}^TY7<a1P&WslaCi^ZAg)1J0>$aDDLf5z&EZTg&s<#=
z21^Qyw^dzZDAW}7IjDO2D2V?M`=Eb|x;6@Ocs%+=Lz=f*Ls1k?cWT6rWa`klyooc`
zf=|E%j?Jd>uFsI+1<hbeuwks=@bYFX{F)7eE`tU^6xBuADGrn5sn47?nhC~6rE@@U
z;_|7yT{EXiVJqe^c-Lo7mO{Y+BF2y*FmsL!@7YX6()>u@RGp<pzCu?dI5zL+*)lw@
zS<}F;WTimQTowj5g;y|3fowU74Z7hB7Ej?R&sM-*AtS}*>TtL)HeH`Rh37hZ9_cHR
zY_MDwND|PO&z_1RFNu7@9PQ!2r@6ZPa2P$U=jfw1a4s=v<9J1LREM)T*rrC(0XA>g
zTn#7~!qbAev!UQbgoNx!6w!G5=Pr(n7%L&83eimmq9zs3NWmk#oE&{TUA=upZVz6}
zBF731O=a}IBn><YEXPI@#$1-H1fK5j(lsFjL4*PI=y0iA8W#ot7-M9#6v$#K8r2zG
zHWL>+YRTYY1`IP4I)}w%;o>x{DHtS7I$*SUtfht;Nz!4ggE3cLn|x)H)2FrC>Zn#3
zW^X!778Nv4I<(g}_MT2&qFD}DKLB8pA)rVbOdT014Q2=&-Y6YIH00qJ4H3&;#~{-F
z?MOKZE|?pQm!qRe*3w}@Lpi3)f$>aM0!2qI&q7yAJbht<D44t$T@5Heldn2m#K8c{
zNiZG&4tX}6qQj;Fsc0$+GWJHJo0smK$js3a)8sLE;(6pir5;%;ieGmrTEnT_$Y&EJ
zWO(DKEcl;CQG)phcrmDXGnFBlufZS>fguCGqv;w9htRZ-I#=9-&Y^?4d5dWr=z#|f
zIt|8XCKcvWH8i<#&hFc`IC)~90OAn{8ccwhyhpT|$RK$#^cm0*@oGm`A0R23&KfRi
z&Ia>i@|x&s;!4s=ZRn$U`ix0~MvV&gGDb)KG+IJ_It+?b4udL|&u(|mtzO?aIeCi}
ziKnZgknoV94Gsn~EJ+p_>D8Fp!(kF>&RmHeh_stbG<LuYSJb78$wE~yI7I%eCNYj@
z$ud@^FgY9;RlriIRQQb3*B`CxXs-$$%SJW4B$n!OiVhQ1vKY7s8q)`xku{?Y4M*$R
zQ*@{lDwjoJa~O0goelArJJ=9cMeaLxb_${EYGP`&*lHz>#Z+a|@z=&^aT%2jpC3#*
z{>B+7q%ml8D8wH;gN1bXc4IQ|*9{Z`RZN(!G1(9rIcT!QU_mYZ=7Cym7|Q7^DvQBk
z(+MVnPDh_dOokY@HiN>UG1&~5c~Kb*IzV8e-eM{k@F7FvP$*m)oy}r#nN%9;EG9>r
z#-?ys6e`3yHh3VD!r%a3Ofg{`CX>ZtgY$7&R1Q!;CD;I){Eh_5peGEC(2+`|fN#(l
z(2>a;AdJJ|0%Z(fp2B8xxG-R|p;}BB8$Ng$z!aTLg*g|@96@%>0lK&p=uCx41cM8+
z6B^=OmC2$I;CyS4Oqeii(OF#J28LBG1SR-tX0pU0!x(`p8k^0cap_$6l!IC^VRR5P
zoeJOaOeP2(#urp6CW}Rf85$Lw2|hfS5R%yNO$*3GcnKPXO#z}AG!}fE!l2FIQdOC3
zvApOoe$l853X8*HaX_4GDp181Q>D#jGho_Ep|HRxSZq)wsufeE&7?qIHigQfQMfEn
zDjlf;<V|u6LIx2NKrWlb1ser(p+U8nFr*yl3AOM9&N&>Qi~LN-Cd7dV4GMsH7zi8y
zz?uP*T<L&nE@%&Y7sgm*2~21J5+T3sp_T!L0TTx*lfz{Y943q%biho0@?%v1V305u
zd=4y^%YYARs1_3jD4`xy!2;%3(3b*Sk?RAfGgv2s%As*sbeQjh6M)>HS}ZZp5*u)%
zX$zPdFhxKWlUz-}y}^1ZAaIZc&<qv@OB<li0VAP-*?<y2(C~@R0Q*G1#gu6?z}Ug@
zIDiz~i3()WRN-Sm+#7v@us9qD2fz{s@K97)1i4ayaDxiCESMUyK;$d{4Za7x#oB~U
zR2qxHWPz}0Y%m3g0KkVBHbf|xp@Z1LDq$u<qk<^_hoWkj>wwE6;$ggDftvtUn7BeM
zfsG$NVL=%%(dWV!CYV2rr%*2z8iNC0VKCDLikYw=0?eb{V#2gxmH+~#LXZQ+!b}K-
zB8V<x%Ak@3o&_r_FzEu{=7K+i^NXqpr~(6Eu-SAr@=p#GtPl)V+#4(a*a1b*7@#Kb
z1Xv6sS649MG%m;iOo0vmfPq8E0-2I)HXu^)6!2&U1v;`I64Ss#pjJ#79ib!`T&PB_
zOND6)>MW*=MPVXqVY4BKLy&`j#8PDecu~B7D1jm;7$OLV%>|bQ!oZHnY7hnmY?uu`
z3&suc6;wG8+_k|3K`IRN4M~8l!fF+l3H1Ynf${(z9f$|LfDgfX8JM#eGZ;IALF0k}
zvFKpr6z~C6aBneYC<d6|^$@qgKdBVZ#$f0NJ|NhDp15?FWU*-kg@x(|lnLquqJerQ
zU<W~ijG$Uf84C;>%nV?H3qU2fDAW#62H_Ps6^soWDw_cT8c{Y7`?aA5e6Im!7(f66
z9vTQ3uf>ef!LGr4kpF?TK-9$D#iW6eKp;S@gJ6(rfxKXnDC!L22g?V)rhz~}yj)NP
zIFnc?(1iu8KtO_!!2k~e=fUf|*#6n@@rOV{7-QoA4ys}e#C{|!4hV~mKdAsM()2*=
z2YZIkCRjOu`4Sx__7DR>N@AAKKo21od>#f-Bz9O7MiEJ5M05%Pg&b`BOezE%3d9?T
zO`>`jz90lbAfY1ThCvPKaxnUXuL5BpWeN<sFjRv3K($z2+Ay~U`v?1m;g<_806qfM
zV$uK(L@zeM1;QaLL4ZI$KM?*QmeF8<2A75hI0Baf;Q%7Q0Ob&@z@bpsfd&vaV0eJ=
zCaMP6;*bENJoqdf87tI^DdSK9A}|9&<q{CY!MPD^F=g7YHUy<GT2VmEFpmHuhUx*K
zfqW<+DX?(}iNHO~5mi|O0|4NKZ*q_&h#HLm-~~`CCQO^og<9Yigu?_|rVudVL%o<Z
z&;`t$&^!T6ksyph`~^P{bB#ErBDaHK59aS6a@1K&869jHhE(ueE+`!4N#Hv`t5}(^
z#6af)<uKxbsh|-MYKcM0K-Xv(rEtJMVLkvc9_qz}X@l3p`~cVjz*L}(4wYiMAaVhV
z;PMbFV0wb$8q|u(g6IoFJPN=dFEB=k)v9cAA$+v%H?H9Epgu4YuwIzffF=R&K<tNz
zPvxSa9A-~2Cjw&y!~?OP$%W-57%NdZ8@{;E`a6stB96(4E%bsiPGoD|*(toI3nU4V
zKs<m7aisQuCgQ;B0SLr#)Pn*4i@<p>RbkvBL3^;^f01ZBK#bxL<iSxz=&*NrfDFXp
z!2{T3lX;!dgsumSAuxd#HA7++d!z?U>tL`E*8q00zj#mqz1aLcfJK;Bi<<!fV(avP
zfsHM;HV^Pe2rQyzFs4CdRD~HQj9ea|0~l4sRWx`JsmlW<JK#{_8V0-!Kwv`pK`a3n
z#vn9^o3Y_#002joGax|ld6-d%n!)JBVQdyd0I%W<2oXAflEv+SgaI)^EJPmwq)Z`W
z1aoxp3y?4%MzD35A)uN_`>kiE!ME@0MKHUfqpu-YOLel}K6+2={x!dtDN)BhY0$j5
z<VHtC;blvo1+PYE$eJu_IomjV$39ctNpJfnmGUWc6O+&rd;EXv*y(Ur-g9N9^>m8Y
z_8BeGujWku=2pj&@ZCjw{AHTv9QxMJY5T)5Q|L6oa!KRclfEBSuJ&zAd`p>*K|-LN
z&3s~F1!FRG(G2%>*Q8$P2&7*<Kk$|C=8BwfV~dov$0v;3I-@jmfsgj$chjT)v+~xq
zr~MnRc8qpEx2^Sw`SI+UIYq7W;+Q+0S~!~S+o_?E(pUbFUCLO~k$&sk%L!KU*QcaT
zUE!o_obsf}+vHY4)o9ZrK?`LnH(i+jtIk<p&Uv0n0g+AwUK=ZWu={<(7>Dd5PQgBv
zmM$9;_Gc!o-0)%FlS1DrLwkR@{wGD;%D$#r{Y~fhY|;6}L@^`b8~((Ddp-Umb9JXv
z(}gy-#)8`{s|8oGD!FPSE}0hI+Sa`JEY;+pBR?kMVrWU+={P&v9@|qgho@Zkxlr?b
zO67uwCzC=htp9oH31d#X)wfS?oX@T3H2=QkCMP5$cleI<WZ%dIDfG#_8;jo(Fe&;-
zNBmy%jOT90oTTy_GH$yJQ}TSL-Wf4}x{AV4iu!^m*E0&kHTa9xUS6(iJ;FrTKkT8i
z@q<3KW}A7m3+ZubY5cu61&6(~zHMfl<3_f;36Jj*6g+MunjO16YX!MsMtz-j{cj8U
zp9!7f;=2kWJDw48Es_0;dfSQqn^AW4Ud_U;Ixl~2^WJOmMx}51E^dzxC=YV<=Y~@a
zh2j0h{apw9UrG1Z8og{6xcEoM3vwG&u57O@h<)t!Br*6+c$c8RwV?M|L0{sVUmC*u
zANRLN_pdQ}*%bbcs5dX@=Loj<*RjIpZmtUNtuj&+L^k*nA=b)$zer2B1a=&3xv1Y~
z)N8difmqd>oi6BZ$g%t&?8{!#`*q7ALS^lH-3N79KR)i3>$s`%wjjl*wpf~I)Lj|g
z-%a!^>NRLy+W$lUynfHl$!{7W1+kAa`&(7|+ob#32%$=Ue1B_yYi*_7Go!v=RQe)`
z4*w#f{#RW+H;MRky^Dgj*MdBihD%Bt172P2XY@T=)pjkuJ10D#JGPs7d4-+tOU;I#
zYlRI)N(KEVr2FE8XKTHB5(|2-DfJr{93)D8f3xbFy7i{ftNs%$yZY|O_dWU0-&tqW
zx0~p2?`vfX-gI};iUQ)T46bAdBDdDY)g3(8|L*3^D=K}@h-+Hm1%fxVy#{UDdi*bU
z2Xyvk5LZ7e{LsoB?l~$uT~pO+dR<oSu<ZSz4L5IFW;@1hoNw8jxm{g#Zab%b>Vy+}
zs~shcUsS$ow12)X+a>Sr@Uxx*7wH!@bK4)aczm_v#9o`FoUg9j{eixn^HuoW(~bv5
zyiKa+F5Q#=vhYf6{4C;lcT)AWINmVx?21J<hCMJ$X@BU<8D8O67`v1+^6^p`Bf%`i
zpf?sXs_wUsp5Y$9ab<7sNayZg-)0Z_6lvM4BXq@s+vgSXwH1T6Ta<LW98k~Pp5kk?
zWKaFJYi>0SJhz&)!Uv_^TDvOrOAVAlY?xJ6Wtk7w3eDeWQWh~)s)$)iA!lO3-3}Zw
zFL5!|Mt|GN3zO=byb>ID!s9_%CdX39bkUPN=$6h^t?*B(kEvTza?mZV{Y2QU<d~L#
zRmHzqmbCjOI_^xV@8&}DwL<#k_dVRTLa!3btQgyItJIao_~g}D)Xt$EjPgxzJd<zr
z<eOE+3y-uU6}%z5waPogVw5aO+yaX8iL%VqE%QDImlrQAX?d{Kcx9-Yvd@Qcp^xlN
zTLTm2{b6-k7h)>D3U}mNX6bFd^gbeN|AwbK*F7E;>i2Y~vX!2!+qcEmLN5nP;aaB|
zOPF>I5pL^L^wS$Ahuumy+`|tz;Fy^zt(;}{128J|y^;BVsF2#Kqjxj&L4{QK-W|!#
zZP)8MtMP+d=8*$!1*a44+XTGr+2*SMq(Vv%a|^c>2u@3u+XVc$<PE(d&2Y~SD+Tl2
zZPyia?uSC3I3_jG@r>bmD|y%DsE@)XU`s_m^;JR)yt&E0TAw6c$v8Q)0^kz*rHqv3
z#-O&l%d#5N4cA8&xvocjge&i(*W1yEer5#X#VW=MaCill<suwH6CpI%QyN{5z~o+G
zWB`<gfb+gSRx0{UV=xXUGu)+Xs~K)<xC*~EWhJ6UxrS~1hmwhyjGS*xiWdg_XnV)i
z7BFWt=Hk95_Ta`jb4^j-^>SwF!07r_6&Me*JOP17v)3$1z1FpP++^G}_09!c%5#sg
zI@q=O^nc27^~$B1_D9rLfHVZ5jEwPZ*XQb$q%I10o70Tnwh}vBZIv2>s`QtpSO>g~
z*^PQW^=Tms0{~u<v~4>N0oY@pj(hsm&jLy~M)4Sco)b`#BwZ?4DQsM=68rchYRb7n
zM@>C;kl?D@krl-HoHPSIJt{S4D~)NpZcXHXK}it}S22~TZ$NSYr|!X;lExrm6ed7e
zjq4hGab2a%225SK0)v`j{e(tM={)>PIbd_CP5{Q-o{)XQx=~rn)z!e3Fb<cs-F=9m
z9-4=Ui@$0KRqeBOtOZty-a}gvbHs19fWETBD-mp@MSI6OsLLy^0G@K&uWm%`l_Qbd
zly_e9OOmds1MNev@T+zP<x(x`%~sNF*SmweE1-qpZ-H&lOMt7Io-s0%p)+aI-G_0D
zeB2^U^C;92P#KC!f6Q4NgP>fC3r6Per(co^Bm@-qB0NSr3jk~7PoPP_5J>iSS%Nz>
zSll;uNU3)T!LT3VI{(Wg_BAsxlq?LTqr5N<^x(gw8j&O*sU@aj(1uIN!int&E3$FG
zXXt_peYjB=Z8ixy9fOY7#5}t+yV`;T;(cuq(Jn=Z+Vzunk%Wa|ihN0GS2SWt2<Z27
z{VY||%nh2Y!W)Bb5rw^t<^ikSEfaj(lEA7qR%cXJoQ=9__k&zg)U1-!hNaAw?y<~x
zm5N+oqSL%&Z*@l8DK}-HdPj;cbk0t$2k{F`nN`-*id^!=h8Yj_%_*HASud*+V59Q8
z)qI)u)V4*1n}FbhZb${?r{~8{CE8OHcj$ESfhj1h3v5$N=>)okt4rF!qJ5L<-8_@)
z7cr3nlv6qnbyxV=2Sn#w(Nqcn;tPA-3^WUY2<w0!bxMj)x`Csv1o{%)Y5-EMrBJy&
zmAU^g^b)QqK~%0_R-N!k>0DD%XSO>p)`F?BlPK^rtMCUv0p_Tu1*RNIK$5<x^{J(4
z5Gbvn;tD1?cdZau60R$u1F)q`WMdUlO;*5Ch18XK%~q@0uD=25Edo6D0)uN*s^hNO
z<v|FT#41UR?0VWa)zubW+XdB&O5ipBR&OJ5!En7g=u5ZldH`6^iU5yVAbpKW+Sl`N
zm;BmQ5Ey<eJwWyZ`+$zf!~r;1KY|8~LGPTE%Y=;=46h=|CrdYj%xxQkx<Tg9J`fN=
zl^t0Hv_pHn{RHw!q8k_jtOX?26?qKYZ!+%J2cm_3Mi5N^N(X-97-A@4t1yBJNie5m
z=`d{!Gt&T5S!`HlKtUaDy-8^ds*`I^O_2`szX_n$Pu_xA-HAc1&-f5cfJZ2HCLj`?
zUt0%sMYwMSrk3WrBOzGW;O6Fnqn24+Pj6pI2cFbxujy4l179BmwY||&MR9j^hFRP7
z=~8MCk{&kWrtPRCqQ&lXW6;uk0-7p!_O0zy1e1Xd`j;bG%4+ccgo^&V-c*Z#x3_T*
z_1Xde9u8uLB6*h>tHiFS=61`NFc5b3RU{kkdESkRNWjHY+f$7~zN+eU>Yn@aruL4D
zZ_erH^j)ngQ1ZDOYd7nv-Ot6tiTvuS?v{ey$l9yAcBkW1#zt+_+;=TMBd2DaLH{Y~
zb42_11%X$p4!*K$bWi_T7$6(2TikFp#oi>ivjyh6o&9YpeZ@wXCuG?WT{|}R9E{I9
zRnV50uDrPK%+lW7-6poa1gD>CYwtiv<*MY@74*0Fzv=Hb>XGgX>y9^4c~ZWfXe~3l
zJm<vuC7p{3@-J=e?z&Vbuv0OD$=?H`Lo<o)bw+9FD;k&eWwg2VU#x9!^R2{_!|r!)
zyKGJt*EUqO^eG!iZ)LSK^vFH&-jFzMN$EmH|Hv(Y$=M0cCI8XiA1fGpsrqqbW<Zg$
zTk<*DdoAfp)h^Qo4U^rnQ>z0))hpJ#sEq3RZbRJM-LG@bMMuoty~*(aytQ|HlX06c
zIk7i(gA;Yl3*}V?_ER4ku5IBqu9-(&>tR5&tS<SGe7MQe^*hhTV+B!LOJVrczp{Nr
z+qShr{cw7PMaD7nfO=lzLzs9at$18$SyHj68QS!`ZjWnxm|DMdZ+PL$*B4JeHsM?I
zlPf1iSvNcptg~TJR#987-QtJ-5Y?_k-2K_I#K*JR!r+`+P3>-n;TFs)P4AF4%aS&Y
zc@_psD>e}eR;47ChAs7JifH7f)SnygmeP<EBbYn85}MxXIMK*Wb)Ms!9GB&mzT>#r
zoyXQpfk1fPuQbKCa>}Hp<e1dw(T&+aVaNIVo~OHJs5I&P3@8PL_Ye7AOQ|Q8wghO@
zcY0PX_SR!o6-@D}T)f$#Nbb^GZ_k>P_R~I<57rn|^pw7dW8RWXaI2}P9&Yg_Lo(^y
z%yIzYcxrb_qQYi_wO1k<lgIB_cO@z_E~S&xtX*MY@K!(W&B`{*$@+qwfdE26;8n9U
zCGpWyYhjHNP}OuH>!9BU@c+b`vaj1Lt#s?F?|1rU7_QfC7mjT!_bHDQD(}`aYN?Q7
zeo#)1YYg&vLL>;Y5^h->^GyK{XnXj<J20Kltk1o?USPo&o)-#j1KvIgi_xA;&%a%@
ztf3*V>*=MIil>w5b|I|O@l6|V*QB{D-JBwQSAJzfgMy;n3Phd?k=wZZ-9u<J&85&!
z`JqzIivL7623;Kg!E#mG^`=KgR)FmL=JdYveksz8VKwTN!k5hg0k1LHFln9~Fx0i#
zrlvF+zy5R?_0gNK6qD^U>+UQF#H)830cnA+f|%!TYt;MKzA(j<r44f_@{4PKl16w3
z)}%@|Djf%N3Ru0d8<>h{elkS`vFv5CY#Cp;qY%-uz~}m&z<i&Iy+#`m(j!KD^^L4x
zPIZ=WFjy<RWYF5PDZpd-uw`v8Col7!w)m=KGS7*+bljFh$uSM|vbDXoF!AE-I^fs%
zZC+I8`KGScdx=T8mp5)EQtBI+X~XFS<q|P9KI8cod~VsL-Xxe1xy?uN$-Sbm1Jozg
zqL5J5nO&5oyW7Cxep`S|(G-gpNG3JsZ25@Rck}LdX2;#Ja~oS*#_WUsRT8W8j9`TK
zIWg}(S@3;yso)$;OV@{aA2EWS6;GiH5w~fB>5f+lgr!RPF3RcngNBC5W~1?YT4K*h
z+{5N>EH21x%77M2VWyQlXLf~GzRFndgsna10dJEJJzoa2`WrUHrMEV{TFdvU$&73G
z#UgUuD}@3b?Zerry&7P=sg4Oiaiz3hDN>Znw!Jw;D)9XgztdJ7g#UJ`fS2A1&>J{Q
zFy(?Xi~V3?<>g=2>AN!EKgVk(k6j71DXCAep4$R3qa80RZ=v@@+q-})-QlpWA=1T<
zGf%18)B*p3A9Nz4QaY10&!JWg*<s#+Cr`8{ujuhUqN}-R4AF(&&86O(Xs)-O8o#~z
zRgaeDqLyJ7l+w~d-HtEKDT;*FsaJmrIswlE(dn&DPURA}qj&vyk!DzzeV>`17Ai3B
zKZW8=*K*YQj9`SxJOs<aVmpxUHiuq8PpNP6FT+iHULyqO(t}G8{yGaniG4cW$;rPt
zGjXdwbh=jbou$B>Y1Cz00P#$~EbFvhSM;HC(<=qLbxX!+fKGq8`@m3OQq^&hc6s|I
z1kCYq<0S10uXQEehPd@Qx%H@Z5$iJ9I)$5vnMtJE)IsOQpA*pQ4@*uV3W!B5_<d~N
zTuk7bl*4NbvfT1ZF{j&vd5;f8UvrCVNxUJE01q3beeliOZuTuipLYHG<JYY#T6fbF
zv2C7_t{oR2-y2fXW{QaWpf|lpDD;vMzQ)AZt}4WWF7U%>^7?cU+b}xqPC$I`wc%e7
zW~GhI6T~A4zpl$htSph~Ige^9OxscC%=qpTsMb<_53V)MQ-8C$DZ=4>ga){o-4C;<
zYlVBat^}d`+PO+;YMzTJorPI;e{${w*uX<)Oz6#?S#LH2?)UxxoUoo+XOVaW*@mA2
zSQMx;=dJ;k<AeH@h>;~Wjfk{R^HrJNN9?2nrq+2SqW7Hi8r*z(D+P@NzeXU^LeJ^c
zTA(@MvOSnDpF_KF<LSw`(F;$czoe}<<{`S|g%9o%NWW3-SlVO14npy}GT_m^WW)7U
zW-gdqmmHE@rU0DF$?0Wj0<uN(s=2FB^-jy(tB|!7vof$jJ-C8fD^BV~aj9bymV@o<
zcvN|A!(EdG7wf5A9=Z7SK+-Bb0@3quHx@Iqsub%;E)h3hq~af0D!51sYw8{K4)iU2
zfTdnSV5czO?hE5V+Sq_38%&2uJ{mLyzSxWtcdSOiD{bmaEJC;Z?E8q%Ihi_@UUGB+
zrnGu%ifNlAp^|28zY59OZ9E6r(~`Chth6M}vj#{_v2AJ?MrqxpOCvzeH?b$Q-Oxmp
zmhpSB4zdm}M~o#NZ%2ys3Y&$D%Tgduwhhumud!EZGFPsw=qbOo2#qO*2X&DSh^yYj
z_Ou3_1j#VVaIM}|%wN#s2ebFd%GO<{nxj{R?)dP8w3~*=Rr*FoEr}~suux0K(BtCU
zT$#*~=apW!1^T_>Ks-XvT+D{S=_^>swnj@IT`z67cx<>krzpN9@p479R^_=>^Y`Ka
zaE{1%dK$%&M&HYcTYEYKH<Sb>D826Ka%DnuP;bRE%voEp9u754zH#1xfj@)_AYAlR
z-R-Eh(laVpS9ICvl|ug|8q3$~kgxWynl^QUj9tI+N(C7w%p>D)RpXp^^h#|8;S!f<
zMJ5dm@y#)I#|UNbgtR#;^99oDigce9NNd*RO*EZc+)!J6cm4SwyPjX&*B$8VTtTlZ
znV+QY-`8V9u;@ib0fxm!RYZ7(WRZ)17A4)i->~;m-A0M7hE`p>{%bAw%6~Q8Shumd
z<lU^cn?_LzEeFf{S<Uqaiy__Hb1B|VYP*}NgT;u6rxb#T2j!|;sLTnO$@_v$#~E)!
z6+uUDmCr9skW^!d%NMS*2%36If&ZX<b5R0pgJ&MKUOCQrn;XSZTt45K%8bfPz8-2S
zDjyMjOWasgzC~8tcnA>Ui$M7Zh^jO5^GP9w(DD(Kf6CC`1VW5+_}66nIiwI+oqwgF
zK`4c3LmNZ6YF5+`n*bpD_zpvC0*RIuGQ=j34c*rI2ng{-p!@-l1$?*9A%y^A9<<vp
zz|bF%@>fzJL@xAi$o6wcA%<$m>k?Mh5J#<d!#+DiY5WSTzhG;zqX$K&;(v$A&I-qh
z&v7Aw3<`xkGi$#;Hz{zt+gCli9o$|PCAb*2o$4DCqfpRsrq=X`(4Ec<>`C9^7E9Rj
zLyd^u#K3^YruHitr)xc#eLWRr-(=PG$CaF!w!c30b<bw6j%O;{#xM42yV<ncTDiZ|
z_f<x3&j#01BPKpp41Q2QzmO$0J)~q`@b>Y9@is422VC);7E4O)GIv5Iu7L6h7au9|
zAJlIyVoA|2bEBY~@8CsoJQXzcvACQTQgS_X`*`PV;_}-7glsG-SIv4LZv00;ApWqV
z{%0r%2sQPekV1$F7cu%pNcrzTCS-|3ONhnwFUa<DL`#7B|5`(;&X<tx2h|KC+Yp;T
z<y&Nj+61WisP(oXHUXlY@0|I^K!`zO*`hOGR)1tEpTiB<tXQz0DOUm+^WQaEObYBF
zA2j>FVsQwEpUNrNn)m`xK1bTWh~@E#TM~cAxeL?&1j^q5A`*6Rr>W$^;yFZ*46C^1
zCNYauoXidn*W29_`4cy=by2}%#j09oubvJY;xczvv|_i_);cCV-QBt9Lshhbu25ii
zB)saad_jM=EqzO1-TRJ)t(S{+S4!tiy;5*jP*C|kL-M`tubs~ddfvW$c97`M`K7MK
z>%(p$JnpgIl~>(k(;mM(u*AxEJTblH+Nt0q*RXKgj^HGh$_tMUMkIR{KlYnwp56A{
zG)N2EMHUAqRo7Ksnyfary_)f8;@RZ$$^{Fv6_z({xpL5x$tzb3JUHTQm<Ce=a?55K
z!n{Qh6UJ%mwb6yw{MdTMXPswvZYij}CpGcJUKJP4R|-oSy?@+4;zw8cd-W7Tai8hU
z+kLr{M$l6_d<8lD+jZTqt!De)r>qgah;yr{In$DT)BXV?)N<>*n>*nd+GzA_{<g<W
z%7M<DNv94(WEL!%O;cF1#Kt2rh8Y^#S`&IR)Ga;mC?s5CiZzc@&c%fHniM-E)$1Kh
zbfnfi>#|u#Jr^UOmSyfy5(x7M*U0GZyagRAi+@{P;-eH5cI!+`2KPQBoxP5vqRfY&
zy=b<xr7$<cTMN<>EqnE36W#I!^OQm?n6-ikl!A_LFL8kuWVYF-22#Q~HRe?pAdC4%
zDgM)ZGfp?Z$y;`0YDI2Kytfun-reZ;l*~8R&KONk@qN7tvdDywGZ3-5f8P0@AoZ%!
zQu3OgRPPuDy@yMec<nQn)-P=@kp-;2Er4f?@|r1=&c$R1O_&98FMJkHAhXT8&)f=i
zi>n${>;Ng*df|6C_nh+rvWK046_#7drNSG$2$b&&Z!o#}3X-|{yJO5C#haxg2bpO|
z0t=$+aqhX=b^a5`Q<ocBK*pkB*M*5F_xg-hl60->X=mHaty_w&{g_>L9MZy-FP1A<
zAP_M-P(C&707#>2v#F!&8UP@uTX_z0xwGxmPy*CXe;nj)iKo7Ct{YIL(B{3`Im10}
zYAg8H<gei*bL9(rGUu#}^Sc7>{oIu8MLsnfajDP{H@aJk)5khqWEVRxveFm7+Qu7{
zq;~tu9j!V6iH_XH(In~_I0Ie2j;llfB{`E;2~+Y{^C7zkDRrILB`D()mx6I_O~U!-
zq!KSZ*~TE|N}S(Ln;D6ln&sp4s?YG{DEXTv2MNjIYq6D&zdn?0`%1ecwa&)O4pP9y
z*OFs^WJoMB1t=4oTYnm5iIc|d;>Z$^&&<idspKZeIzqlW!v$x1Z3UXU=w8bdd+?jv
zFQ-9}PkZ>dW%hQA*K6K=)S+P)a099102P#jw03!g^2#oG-=d^{tRwDTx)W!z*FA<D
z6%-a{!X^f(1}bzXpno>5EJYc8;6n2!j3b%(je})YjuUKUkcmu&WOnIQQ%D0><d8U(
z+LImg-Q8~ONAOUp5PDjbo&@e<S5+rNI=Zv)0+i(%?Mwv{TUKpKg|hC+?J1DyEsCFq
zHZ8dC%+f0-q*@Hp*A)x%edTwf{Blj5C-73EzQbxp#uTsfzH8qtr|vA6>-!=HvTY}F
z*FchRx$T^p%}~9m9r8cNtWbKfE`ayJzu8h)#dfU=9P9!~IC0}CkWo8krID660CBPV
zDtIB@Ex*+MDdd;Er3}=w-Vded1hOJDYwu`6&MM{kiBuh@vfR18i&c^%>QP~}6*6|n
zB+vD|0I6FsnaRzN{=)=9qbihC{<uCnPP3T+Mqc)%AawVnxR~D~se5A(_rk!VGBiLR
z+KsyxBg_uJ0eg4b^oOA0uM|Q>m4Qj|Z}-N{iAU(qvgh7M^j%51Fu?8wlubTnm0-A6
ztz2u6Oac%``{*GUGQQcawm^HNF$ulSgz28r8H}(Cy^0{!s|I2hv^!rw$yazl1{~>V
z2#Op?PKyQ37bp!f-_?_hIE;>OIH4b9UIMvGVE14NuuHtVTMZdaAokJb7^|k~SlJhb
zB$JohCZEy4n6L&x+dxm&ax+BmlY}@@{;$&I?r3_=L&71=g;WFW3Xlpk;-1c?KkZHF
zT!*sBVj5qbV-iSELzNcYmWq{ekTQfZg#|-9#gd97b<a0=GCINVs{0U)U>l9@hUB+c
z`CTvngEoz<ce#n}3Y#xU6;U6EO^Q@(+Aqf;|J!1E4W*Cm+#el5%(fL`9gwDn+Z{HH
z)k4ZV?Cb9Dyac7ePvp|tA^#1wRQVE18e9z;ypMQ<RZ7|jmlX7=yMsjV3AZ5B;;i)H
z708Sn;xO~Y+=RWGy(4|7ox9eyU2hHPUW+om_G{lAo_QOCuOmrPM7xhT?@SS@)&&^V
z5C`S!Rgf}-okKubdifyUDUjhkW_3O_kr-m2ka0g|)%dO7H8jjXCRnVPv(l@vjg!2;
zPr?)wv)<V}IyM)Q#~HbvkQKJ`eE})t{C9UDHyrTdgd-%HH8Wm%O-3Gk&~UsVHHBMS
z&~;Z6ve9iPtit^J8?Ag_gmx1Z@r%DoT#B>Db-gAfYi&Dc^z2s4czM4}IY3#^vR6ZB
z6rX#s=Sa_Q2baqPo;YR~teLToVyph4xTWKi{4oK0;tN4Ynr8sd+R$$C@%Gv)8D)q1
z<_vq0d(7kPw8@6TOUEj|iFomhxxqO8`m2MHEf)>@cp8`dO$EhktGkr7i5n(MLnvkU
z)Iz;~8l@H{Yk&USV)<9!OkAS3;k$@1*#(7Ujk=PyxM8r?J+*zWzKQtR`zMpldK)w-
zP!)P^@$mZ}6@NE%X~@WgkBUdp!(_i+`BCviXF^eXQq;%gd=3UWv^Z+#04{McrS2mV
zP_cc{M<o0SWh0|!41rIO^n6JKpUXPtocKs2pU1jtmhorF_H#r_EdD=c{r1P^L;Q)B
z{+1B`s|>SAI~CgwGE5QM7{9pu^K9x{{-iHwv&82a?H3itQR}k<?n;Q<_=_U=8zx2k
zqewzq@ulJc0dY<gs*ZMYHxwR{CKms68$O6tb{#Nu-Z@Q}T>IXAyGvTxg1$4guS4H-
zXpSAXG^FRf4KZ2U)Bnh@h$F2}%J%g82GFUcGt{1ktvevA@Hq8x&t@lB0!#~~o;+BE
zwv}g{cm^wgvF@59CT^S>{NV2V!gZ3<Lr&}qCVm)eyv<3~0atvdwN6s)GHpU8RN(Rn
z7dK4hKe)TOXq_beGA#<q`3_DLN6nzA8^z_ckQ3KKe;Dh$O<aB(fRK$v<*Hfh#f^Ut
zgdm~+k5EV;)YQLE3h|{G`doe{WMR?5`lnc2UtG4ILkfX3_m>)aa2Hkpk?sf83@d;`
zYyy>UksWFipys32X+vxRYzS5W{|E>n=Kg<zG8Blzy1zpTf$jDSGBlKw|1K3(;$M{Q
z=a2&V7qPhhL_<TN{5{$JwP*`_{Ht;uiHU*Rolwrh>6?ijDn88}x~@(z)eO8sD=jFw
z+tGThujp>nWs06|UFXS&olC~l_4w_y9`R0E_JB&?^&6Z9a+e?xXxO>c$f)@7jroPL
z5W*-EGWRdI?O?C!Fa`pieDDKYK0RdrzF=*LcjEHz(qsvURg|dA{ntaa!Cvjb6Xf|1
zZfq`+6_tZi+EX0IK)@51(?Z0JMdi1(#Et&}5JC+7ze9nHp184y#4kV!0T-)%QHI1M
z7N&icREU33wqjELO0<xFpaffE-4Ci6JYk4UKsm&RAvS^3yhV1XO#qOi)>_Db{w@&6
zKMYvbXF&;ys`!$m5MoBZ6hj~L^It_v{EM>vn3O+O5HaBTNONCOw$y?<IxpqFE4Xo^
zBcP+D@CJuj?slQGdtqU(yMsLrag_9e65<Amaog<2z8T;5Vq@Q}_;WtyN6z;pPk(K<
zb&?f*k8XO;Tf4wLdxSTQ{3Bnqws#7z6)Y9d^Mt|x<qGZXiySr74jyeky~Mcu=c1*$
z3ysSQ8ZW*=2j%Lv2SM6GuLB*FYf_Vg+(UIv*aG7hai@y37BZ&4X5QcL$y6;T4#8nL
zH^Zdpj`31Ym89J^kCA$MdVKxfE2`5K#(&7!1+M{a0`3jr;&ayn3miv54#cq3<12=I
z`3kQwQk(B@{$AUbGyIffP_OU);m($==jfX^>x?t&mRVi{ZPKnJ#$4I`)m}I(#~LT;
zQ^r9l4EfMT2}ofmj4kSmenyz!f5v}z`x}b9PwOeS%FUFby^dq)DcNR+Uafzf;+yL!
zMNjE`5bmvYz|Alnk^^;0-nF+TLYbmEIy)z5m)zjo-0u8@t`xF}S;e$QN9FSCaYBQs
zmk=Xep<jFIIIOw}^YP)hJjfWtrgR#%;DiQYv=n7D0&CdcMw`QaM>q%PSFsby8vT~q
zsKa5o%e(#SqhamY*5{mo(imp`xxUMgm}r=Hx%~hY@(<*ZxzvX}q7=q{$=|0iB5?}i
z$cw=ghAV?iVH}Yr26Gr?5(7Dm+sxAkakfHeqXXHR1}4r&gm>ycTmKrCb9VH@!MuDs
z(<xK`?6_RoJp;uMbZjox)et2YM91awJ@FB^H_O%0nX;QsG3Ep$D}+ts1h+$X`+8oO
z1Bng&;#o(MA+cd?%0{cy>u%!oLP91Z869xjnP3iWj$b>9@)|arM0?ajKsSX{##7(?
z6;_Z{S!KHAkZ+_VEP8#$aXA8=SUbJ~r%7z;$?QTwJ$aZ;h+lIJVL7<HQ)fhmCZeZ8
z#u#NH+F%6~ct{%Oj^2D`#NmWQ`ttkea9-v9`zCN?0=7kx$Kx*HRK_I<bpGte1BWp5
zisv{%LR8*iqqAy1n$0JVirs)Lz#h3<8{W*S_mhBBK-g|`e{`~}rSh9UI4bx3<vY*T
zkA<D$`DE^*8z&fY<M5HYJq8(DO87GlweafK29)2qa0KU2gm3~1Wi2kl+F;0i!U2}r
zAvKUqo?i2+Md$E5Dy{YK8M%z_Q7)rFo=kVZ(Iu3D*hL<S+qn&;JABEEh%ZT-P`@lU
zCH%sidJqoeB{l@jT*6G<2!HH$MkAb|kKt_G`X6AS5fU0TJLC20iEc@YO-Vq2uK?5G
z_X30MEIf?>tlE^~b|&CS{MEJS1l+82bYiae&|XO1tgjQCMyZ@DSFKT%vQ=uGZ|&`n
zYv?Rp%g$_+^O$%gb<(oKTv#lQIFGUdCZ120!ZNZ3&R!ft%fFMBrK9sdYY%ClvoNjs
z_I`%DQ#zZbCBS0xKp(V(EozMxzYl2~D~2^|QT5p?hw;lJwDSHD<o7j>u<CkjikAUC
znFdR^7)y%rF|>@Tc4uuQ4c2Q-h_m5WOoXVk8JSl{C?XVRSwzq*+Yb+RZQ>fCPDATA
z2_VTaX_<G11w!|7kqqXyr~>kCz`d`L<!EqHI2Z>gnzA7|qqYn!@kc!OgQHmhi9qYc
z8grZze1WE>VdouNU)CQ*`2mf4(@r2<XCL1hl;9dZn9?B)i}(=}-A;Z)247Dp!S|9f
zDb>bfv$4>;6qD;s;gA{N+Y(qR<}9w|$Rb!@M-QuN$bV?esb7vIfaJ2w2W5jqprhl_
znz~5%@2yuOdT2%h%}tP1Mu`@av(kafP}l4L)c4Sod{~+m$*ufCCmiLhkP5*%W0v1S
z62PJ-1+ZluoOea?-&jPdbKa9SwTLY{erF=}yRh&`t)(5>wTf8_2R{dNGAV%XgcXhL
ziL{Wcz!OMJUGvWm(qpL(OZFlYm=ut<2KS+t5!jTn6E|LmlWcH`Y=GNkWtiJ`IHxEs
zJKt)AY)Nk#QWnVtY1lM$22R|{*(Tw<Z=0X{_XcpJt;=u3cBIVYS#au7EE-Zt?-$qu
z2Et?wfA3@(3>uir>{_HO<12F@HK%r`niO*Q70C90@SG9N{8lW`M{r<LOvILT(;z=!
zJSpHC$g%<%5H~>?h8w6)Mx2`$7jowcI{#)@osj~mig93-j0M=*6p^S2(0&x+D#CpO
z=rjBs*5^<?RVM3TQ_e<aXuSKvAl~!A$OhDW;HWB?IwtE@HImvIx$?&-Iw-=Kw*iqy
zK`vV?qw{ki_^I82b8tjU*~zCzA!V`n7-T%U4r`$Ngv>IOpU^y}2x7I1FpjrB3c&Q=
z-+K**A>kODl?E53JxoyAqu{Ux*m9rNaL%1)ImMCNRl4^4qGEi^?glYS?auMjoYcvE
z`S)9U8YVA0Sr7r+iDQap9P3%5<~#1Y)<?-k{>214udc)2Exmj8r01rs4`S<gHns{+
zS)5(__;l{E_TE!MnSGUv@E3R=Nw$7&Ak4wybI-rn>i6h}^zwFw^b)<2pomTb_+uuV
z|GZgLU?$wWC2*B+^ZEPw6L!W(sh_UDZj$Irp%uWNGFRnbEm!4zuNdJ!d&dw<H=q9{
z55Gz~$JS4bG82wkndm#x8M>o?D0R5m(#?7$>Xg&Cesj@4Z*lSU(EIws?|)PrG!>vE
zd{it&7XcqEhWW=3q@r^EH?*FZK~lt}oB;|jg;0Fdy6hjK9l%NqQpx{4f~cJ_Viv`c
z`AmWEpL`?@B)dNl(uinc#_zcL=Scs77Kq=gUM%lwQr%)<BmI6NBGs((pQGaeVgG@w
zi9wV2KjoWbd&^1U-!<>QVjXi%U;+MP*7xy`eU792IehT{f624|E9;nZ;tTlj@62i+
zU*M`depiQPnSP*3U-wbU`z0m@hZ?I}-F58AOoj%^WEhW4^d(R#gI7=Of4{9?weGi5
z5j*{R6SYDGZ!^N(3zWOr7IpC_Gw%G>u_`3*j9p7@zCgw_%&)aNzN)bE`t!GNxI?i!
zOF!2?vaL1VbUg8<p=#MF*x~$qe&I|hH5PZ2^~&+a+dNercyQPQmBU#N*x-Bz&U%Q-
ziJ+qu&o>v%l!ALNqcZQn`3>03%7cyiuxVLb4u?HptEVT$QCtoiyTy&ka#$Y{H~yPI
z2#oTxp}@BDKPH9$P|O0XSYlG6v&2mYsB;<MiWWlREhT=(cI<XBr?<7lFp*e*M%dy$
zL@dCm7}ub<#DE9HRhagdK!_;cN6$Zzr|_pw0oS|o2ACiT=HH(Q+s20o52@@Q5KMdm
zCF=j!8i@bJrvB6#NOgh1ej>HsTQ}(c-!$)`3i?CQ5`(4#9{7Jm$`Gj#f99`WK(+(?
zOc0*x2?|@&ap}&mx3!1vnEQMa_Q<e6cWqB+Em8Qq<Cb*q4$oNP)ScG4-MtT=KPZ^0
z=;QmY;%83(PbI|qm7(F<;cWN1E`ytOs~-3AWZnh#3Rm#X9XQtD?-NJZoLzSkUzl)H
zy8kU)m_QufW1XMS(5x^u@$vHmODv4X!w%=j;M{vN?v^?j8?+uNU1)r#w0qA+O|`jK
z;#L!Qeb7^W;)(7eXX;tc+Hx&phR<vFZ)DZywwLf7j9=KcTw+7h13!CwRdc9r9Dkwl
zh~mC_C)D<;))LF+Qzvf)-^~lBD}FU@TAODr+@ZzT_6=P=?B@h~M<VOu@N<W2)6#z4
zq)>GHgiO>%{<W_bIPX1}(=h&^{rw-!e;}I17Q;W(%h~%!WV$|(cVD+|v!(FViCduu
zj<h;ENi1Q8w>wXBw)8sPav$BBwP*iCSTTco{^}Ccw&q!<%@WauX8Dv(fA_mi^?~kR
z8R8wxHVqfhC0bkI>Z<V-o9ezv>0DhR%xgU~wL-rIZg7De%-uvBzC}xDhHugGI*)GA
zY6$R(o?6kf2{v~nSlR48?|3GCcexK-!R5BM*d-438@H@wKY~TTx_OQ6^Wbi+e8;`+
z3muohMK!Zv)h0it9rj9>_k{J@9E0!V;y&pA!OG<%9qI}e-Q55iN?U8vN<-ZY>tSV$
z(0==?maKf+&oL?K&}(G4um&K@>7Q5CAg|8~)XmxYn>4wF`Pz>Tu-k1bxse%PpH(3x
z{bWsye1(5O;~dy4SuD&(d&i2s&Oh^pb-B2Crio}JFH!=p8#Xko6ryd;fz6EXVJ(m8
z7N6`)z;V@UWx;6C%p=+vuGD(l<2RW}tFyViiM%|kb(tfqv+Y@T-xOBV;wmU;S8bZB
zmT3xF@QZb|gw@3ti-1MAqN>hy$kkbU;#$<?VClnRvb96at*R5`-eMKJJ~!m@EaLaK
zXO(}8H!0`vVJ!_-DTxwt^K%1!-4pNumhXf%6kELKG(|HQt&laHh(+*MZ>+;_%i)U@
zuEnxBLEe%zCK2sAPD^ydE0PLsm<G43ShR#m{P(-FT6N;vb}ev7w{lwnOM{VuD%ic;
zy5np;zUpdEiPw49OPt}0_aM71QVP2TyMCMDUM{q;nY<&b39j9NMY1a4;m7<<lSaT2
z61+WfKzEdJ2z0p(x+)7k-C=R9`irjyYBf5LSAG5QhGycE9nBjCb~LA4OxXI(!^`M4
z8~@+T&<5*SI&0f9*H-l&+DP7*wE^u^j=yRJ+%Ws_rEPmdPLT_Mm-OP=ORj%%an@Y!
zg($c~?3e}K#5$)c02cjLbk~=|Gv)blwC3P>*9YzoLhayYqZ+oopuvnu1WabZ>PjNs
zFKUs#7uHG0#_swuXp^Uf#(7vQ@mx-I;W<UkoVy9#SM(OH!9qo1SSMmVD=w^r^@qfl
z>U3Dg00iC3d6%NpT>MJmQZ_Mg5nW!eR`q<!6C+qex-+Ni`vb6uWR|?s2R6wA;u`6c
zg-Zh7MkCNK{F-3}Bo;3Rnq|k$8YJ^@G^~TfzRQt#wO&8x+4IRf!)O(v+-1dgF(2c~
zGCPPGs<prcO~)+Ab-TnVgX?x&C%kSKOY?DAsVCb~VuBa$N=(ouUNgLIClcIpyly8V
zg<Q82N$h>+8iayoL<lr@iWcr-&r0)Pq38K=ym04v_@|!{k9c7=ap=O`ojG{nPK*P~
zb8-7*SiJE(ykik5kY?|y5CEh!C~Hz4(T~ygbdj#JW<D|?D*RLH(WYrJVfV0*$krro
ze%D&8q(vu5C1L3vQ6199+!Qghh7W7DKvjL*4hajD>MMg<5Wxuuhn>T7@Rs2z0gRt{
z$p48fv;rkUPO93=XwXiaDxH?cSY@;)RKtpMMh5!@HZ(tnLE|LtX|amoNn{wea^Z^p
zb1|Th<z~^{XtTG4cM}}Gn32fug|#rSoZGLlRMFb5=Uv74Nr=j`rf9WNM1(VM`zZ|q
ztPO4V{c$dLF}j`#`or~9h`TU!`5;_Qg<$RZeo#ZCCpe#OB!vXA22fi;bQ8lpjCLo_
zDZ2*?tJsy0z)mBYeHP?B!Haz@17>@VkkUW|ikRy{%h-v0$7!89+m}s7i*06ju`L$w
zG3Meu#-4YnZ~@o}i}%^15U@om?Q!xIv1r@zakPeacMe*^OO5q}JIn-X|G7UseXsw+
z4`;&pJqyfWb8){F*U7(=-x;V_-s<1EEsM~5*0NXaqGx!&|F?JFU3nLxlBWIeL+7Q~
zcN<34U9u%Q!ZO0&8GQY`Oz+L9gYW#kR+qj!#_xjTAyayfj{fZ+VIq+{zFxG;t@e4w
ztK`diR;NdQ8*H&)!p^y))XXHNZ&@a>pfFiAm?JZCV&b=|zgbRLc+zr$aV*)05Vtaw
zurEqh<#S}do0|A7rOtA~7HH)hJNibb#eyhkL^qRI;JoaMHzNL5eAAu(C(4O`nZLha
z4^vJI5xOwY@)wh;4_mRY#oCBYv{-P|dW~2IxL6-F%s)0%HTLzdey_1rpzf^m-%{v$
z15|)QaZmnBk#Y%AyR;R6^xS}^5tiFpU=E>XLpA;>G>6KMO=PzSAy|*ta<b>iz?Sc!
z_;2u^h=3zoBS>R&ZvJ=7YXI@@t(i0&;{Suq4<(8ikksGsvH#KLhnhU`FZlFO{yt&v
zca#&qH`~8y33w;nO~t;$mPcz3_L~)kSTAmxtW-=)Y;};4eka{G({@|2-E=#xJE}&3
zRka#HeD^uZwXkJ4i&CGl#(*dlbX-))FvyCL|K%pp`RrMM@19;bE^B0vcoOyu>-X<)
zpp?y&RNsytYAmX}>*Sz_fyac*L)T4C$%p<Ve(byL;4m`5H1y}64o!?=QHS532^XfI
z$CAyD3P-IxCBF~)PsI;)%65m51lbmrn1*ygZDCbzNEg(W;y4+18H65{DMli0%6}k6
zB5FF;dD~yoLm+}+Mc{9C`;?7;%mo2L`e$s=LjGswfeYdzZTw?4K7$KbK15O*P+@hg
zDJX~dNIPBx`%`J~d!PKy7TR}zF{)t&=#Rw6?|U-TA~5X_3kJ<L0nzR-a*5rZp>~T+
zJqvgkV(-WzKY=#XkO|UH{+J5VT|U#2|JWp9jrJo6f9j9e{)al`zi9#x7(Vq!;!}bU
z8(-KT_wn7|jnNzZEQ3OYgv2~5)mu8-bF$GkhaO=8ap+KMh)U0sLQX$xa^1m}6n92_
ze0qaQ{$V+0d_Wk{Inyq8`>Rt&&5d40*%5h0cIRleI|9Rh>9~-Tx#~&(57}>|%wg?K
z)va8!Ogf|1$+ySF{H9%Zr_--zCDml%2C1Zd!HdT&lr<kQF+?GFJ=`pX%STxok2BVS
z>!t{Ch3Xa=xQZv~dg$VD&RTGHkNJq`#c+kxSxLIAxO|JOdC=4l1^#+*`B8vEHWro7
zcb+J2{Fy)qS-8#W??Z7|_k~CyzBEIBz>li)pNkg!AItpTknJCk@;e0)AFFu*e=gGf
z5H-_6hS&ruzpXXYCP2-qS;0eW0{Gd-SNm)rgc$l~LgCj8#s0sW0Ri?tME3P=nD-$(
z@+&aHAx0XVid|$V!B*HSeka_IWs6+vcLYNQ^zU2$5Q0eu{pUc4A*%Zwl)p0EziYP(
z`0l@r)0^|G>a66?gv!|^d6l)NESlIvZ@RAetd=)@S0*q6+ky&06kv|%hEJG9w;HH9
zcFXd12GTiOoO-eYd*ky1^L{weR2)2RXU478RR!+8FI!teR~{91w-^-!_GcV0VHlSF
zAbFvxvGaNdq-W(-6r#JHwZV^k^!HS^RRsnbTx#7Hd_>xKo4=|<9bB~6F`p<bf>f>H
zgiKtqP_}Nw#AzzQ4?5<P<)f^RNIP%yr#RLHO`WE~hjM4CVN_=8^-ys+j1?W5i;5tF
zD=yz6D{d?*KWZKNr$FEaJ_P-Lgd!p_s^V{xLVRh4KAWFlEL!4Ul<nt`LSW7Pm4*Py
zge(Q5`$09stY!$^sGJru#3qof+}0Xu697atOa4<Ju602KX;z<MDWAg)Mo9{G2z`I0
zVi<og;h$l&^*{Xs7XO=^2$jOL|1PNi2IUW=eNNY(F80X35FMO=!G8VO3V>4@Lkt1M
zfzJ@#p9KwS0dZ&9%iH@4Zgk*d8Xdou7%<;g6`XBtZ6GGs)yWxkTx+HFv+C-KTe`AZ
z&&<0TM)d8l?{PiV|JKS{-hw?j?`~;9<(BmNx3=3pzHUnR3SBp~+i%v(ZvT{x)dz}}
zqg?E~@Zh8~N5XB72Pef>IF%oaAkcMFvgo=gV|jGll-xCZ-IUKbeBIQpiDwVlXH3;S
zp1SXhnepD)R>FlPw|8^Cg5Nh8u?ZeOQEIPAeSPo8AFD2**ZcmZ6XSFhWIl8&t(ah*
z-M;g{i0>Diu}#>>`RbIU#P+ru6CW^UzZPi9Q_dY$IX!WNm+MjDQO4?b2@B3R7Z_CJ
z=8bshb@1kouB($SdmX5Qr+me<8~dP7XfOR{1b!+_h`9GXrO|;?k+#4-w0+4`l$=c@
zle13Jketm_d9{9Qh5shF-Kl6^M}CL~lyR5n$u45Xw~V{QuWl*12D#LOZs}WpLU~!j
zza$#nI<@uqN~TJRZ$4Waop=a<%xy~j-df1xt`!E<;3FG>aQ~B8MNh8#SXg(D@6XDn
zZ%D7sx%fPTFE_jS)-aF%1Rv^@+ei=e?C)=im5^<JbpCkiU8U^@ogdjBI^l3#;;>7t
z>GKk=gsqilu9($EH19Xd3&?XOR<<uJuIY<enj@#zUg`SNg}rBj-0g@*uWVmFe_SgV
zv4#IK=E|EB&HDrGOB!9EQO}1r)*h5|Ta_Q5Zr&eO(02NTN&CWvTAe3a)SUWW-(O>=
z+6WC1wBfs5nfvZdy{aORUKn)`e(dQapuBF=HQ&Lzqya9_4YZ|XxEh#NhnO}zHH>$f
zOwXzJ4fD`toet{GZNblL%2KAG>79N*nQ!qP-`w7`yeiGhqoAD;yF*W^y?gonR|#Hk
z*Jr5T$a~;DUO7X(B=HnargFMVxYYL%Qw6jaD=iwKfqVud0osTAyadj<d(uXzKN)j6
zXsf~s9@Ki|9bSG8o~v~h0mV{P#rJ>Ad8Mcyrf!;gs`Pr@o|8Y`eyOO>h?r4tz2P(@
zVgZj3a=AcpR|W6hdrcyoTY_8WLsk_!+Cd(Z-Fu@`PvBjmCnabbt%i^_)jnrr01cN~
zO+i#o{m^j@0O7YbhI~F_lrftWH`$>(r@Y6fpMh-HsnP}8_utR^m3tK(*nqxO)8W!7
zgtz__+#coS5ikO7o%)sFUhTVuj%>&lZ)lrU@BbY-vf;AR-xiXr0!de(O3!<IoKXH%
zj1N3e4{p*M&#Q8a8lL(BKT1Gj6C9TKmAj_~{k##B8kI5WiRbg-_{u>b;d?{^#||ZF
z8=m?XU~r}F=y->hM?TzJMT|ck<n?$-j`Qgti<XXK@;1UQ_H4wmS16pPfJZDwQk98*
zL&?jdxqF^XR_XO@blBo_kZ=!VjbAFp7K1pTGH)Rym;u`*Nl?0Vq7#^j%ccYbq-Z;o
zUkyWvT<CSUyPO)Y!huZfuezi8TOrB)QgKs%J+JGM8R2lp0TSfPwXD&(0xfO^+P;2L
z3thM)`kQ8l_QB6+lKU;thY0+SU$s?EeYnc^knAcvhVo^F$AmGE%FEn>l6|7T#x!5Z
z3W)%`Tv`k%xb+vq&_RLq7tzTM(ciQ2iwQ_20STp;OOzCwv_ckb%oqJFZ9~6EG-<{A
zU2+&kRMSeZX!ud30aPNir)>v|p67<63v@o>A{O0!1#n)Ybk)h1rm~O<%iMA#l|Vb-
zPiocs^5%fY)S$B?Cu7^u2@Np?-C>A*d@5l^2ueV%f467YE8A+n_0Ms$_d)1-Agz0K
zjwFR7dvIcA(u#x{Ikin$Vlk1z%Fc&#7i%33#XiJRCv*=%MiD8&z(%;S3VyQ)1lp+w
zvJNl?jVKF(jA7S3dZ4_amNh>b4l0PKY4V1orT9hY18G4Ks!4flOT-qxs&|w;M57i&
z(^>YnkiiAu@Z&luan8rez&qNe^8_8Ui0Gzckon6r4nGQsaiAsreR&8pgx@4WZ()p#
zMmbU`_3)Eb0~ozbf7+N+zoH6$dT0>w8<eg5Nb>x)-AFKJ*(PvkL@W!R3D|P5NG1_^
zCFpd;NiAnMhX4rcPby2?=U)APynS^*RZI7_AR(cEC@m?H(w!0l0-^%aC5?0_%@#?e
zLpr3TyGy0J6jY>3K)U<e`v6|<d$0H2_rCtVfA(<pUbAM+Gi&yl!?R{h^>OpZ@W8HL
z!BeVEeTO{zNCtYjIdg(r8BW!nK)mpqFX-lk(}1TP#Unok)1mPT62Ad6M1jtX2JOE%
zH4}h&`!~Njm`^ZwiL`*2!QhS@JRagtRxmihqmsbN4wdt;p@VWn)dzFK98VOMBkE)l
zMb6_vk1kigIB_m;HwO6WqqYN**u7hfHw1GstS$B@?H|UvQ3&SI<^!TI8aJ#xA2#|8
z-&vt4A4H-8qE@;I8?@t&oq7<IB?`m|4E+H8PA>h7-$5HJl*nH}8!S%e5tMICyTw81
zpayzn67B5#7(fSWD7zNDGHgo`eNaUx<XYB1z<y|nyVw5y97Wjoot=;3^q<$(G6R$f
zW@Z#g@^!(@LA&0R4)@%k*Y(zui9S&2*Ruj$UAZpal%UhP;KHdr<;q<dbR=}BY-7}J
zxi?npt(0g>_NsMv*SdB><>>R#OnvZX8nB91yRx@ooj#e5*{GA{vf~>d&f+33JQ=i4
zJQTEdXnL0_7^u0zw?D>+7_brhfn+g0#d*KdXHv5-TwyCIW7O3fjo7;kR=5{EM<!>m
zBOU)ykY%5J4vGm$FxoLqJV$0_I4J--(mqt;_Oj7;zG$aKGpOf>08EZ0`|NX2+EtqF
z_j>-V8sP8s)UW>^ngjgS?O)d|A?g1>`RC{WXGY`y4&|SN3_yeaU)cL!nrr<#$NCe5
z0nlInjRXEFlYw95$UlepbXxtX9|LFR-JihoFVXqu(-W{`DpY*uhL6h^VfpTSq{6aR
zBO-?WChh6$#_T(OEwpQZx7A=zbybe#d*n7r{&3Us54w&kfpu@CUWFQQi&(nX!8^Q+
zh8Q5|bp((nHt@StF52e;-vr52Y*t2RYV%Qv_ZXXTvPV}o3J()TS4xkpiRNoD7DoG}
zOOFIU^18_L=a8@m>=Y(8?N+-~&ggX7&?Px<$7>2y6=Q65^$Hv=%x4~a*~;CyN9Pt)
zz=B5uE5J-m?<AD*eM3(RS1@lAAlBNdm7IlsQiw*q!ip$hftOPd(`s$KAgv4~V}c4-
z8afIlJw1d}Sf(DZ@O>M4Dhg$AI#UA_1(PY9sR4<C8GFvufRux|jKBgos~t=)bJEDE
zESO2?Z|%|jUu*_Wy7^xj{R?dd{(k}e6PtmPVf;IwN&C)@_;2I)6Se<PD?%#pi~Z@W
zJ^#dJD5cTA@HsFK)~}fZzm5ON4ErZW|3aIAe>-viTcCepGw^3Go96ulz5B}Unt3dT
zM2E&o_yk`x_G)Tu^N1`Dd9!>qcl`A9h>n6^tt=ECzH7BRVq%%bK%3ZJ*&0ksz%oU@
zSzIcfyQ8hMU8iZ{>s)gDMjUEf&UHRgVI%}kwE$B*HG-#FAdz)6f`kGGm;#C!Gv5z9
z-~wGZ3RZ}k=#Xl|B;9QY!JPkKHm61~jX(IFV-7Te6%qM<U~YVnoz@}kGl2>wom0VE
zsh`itgMzNog<zDzsXQonK2raOJaDX;rQ@`L6G`2uGZi2cn%Pbp_?ab`eK3RmJ4=Ay
zO!;+|{5>W@(xu0k0H-#e1?B&vCBR<~&!<Mx)U(6?cf<K#TMnF#`>${;w+OQzj`a^M
z0setw{rzzMrHlW>6734e!=aRdr#An+i~o8{!1bpo`rl7B@7Z5B?IQ%)&}qGvtqISM
z)_Mbe`G-xl=Gkn@FSiG48ydGgMwB=jcXB`DX$sDhnD}nAlmJdPEbE*OiStI<&Fz5+
zE0yiOhPqk2WgX(#JKDP7Th15#K+m}h2-{p)(o{VxUea9B(<RlW0I5+hduKCgGCow?
zsuu&#C<D`V1_?>9LIudIg4yi=NYX9POqWTA0_0Y}<zBN^qZkrP2drS_0MjrAfvgD#
z5v<TRITdVXJ1Y+g1{#Th0Zpg!pde|VFF3fT@}S~dsraY*j|E+&S%EVZKoh{Xz?lkv
zYKeBmue1bA=?AkJH08gx<nJ-@p8Y#afIkD}7g!?wV<`W+e-NPt4GL-MKdkVJodozt
zUh;cDz}MX0ImzD-&565$gzBj~{R>O}cXtJkRQs1R=l7WW155rC6Ohn8GbjJvU;nwg
zMhM!V)4o_n6KjmG1F$GW7;_q{1_a%;>z9sjC?;@Sbnx-lG{N~_<I*pPhd<%<gxO`C
z`EX@oX@mqg3K8(sFsULbp7!w@!vOM`7n4q3aEj0iZeH(nfd($+NRvOGuIP?eazYY?
zrwh8{l^pnfJN=G1S;_raZvm%Ev%mii_&49s?L~jHj066-qWo9uxPQBh1J0~f10zdL
z(K!B6{s(Ka<8SeQ|0ND<|G!%@pR6bP{=0AFpL~M@XB^{Snejg^++pjVKP+qhj~AV1
z)|^mE+cSgy2TT4QlYg=3JhSG6j`aJ#_+9mvi_SCd3jF&;C+RfCMYmS6{pWrwGs~Lw
zjoo=J3-gXm@lse@wH=MyE#~`1I%-Eze&B!cTuPaXcs|=I<IdL}9rnI0X<Q~D;T0gj
z|J)38*Otw{4OdyyG?p9?O2E}vs5|;j;xck*aYTPG(KXN?f5^H^@Zp|^fWbrl#ga>*
z&%O(<%SnjYl=*E)GLiBO_Df~pQpkn#+K93wwyA4gp&+gJYS7Z=&0t&Gi0;j>rId?}
z-?N^VZO^Ed<LR|=*9a{<^Yf#QHpMcyu5WpsK)J>FxRytAcZ5aRxJ>4ssDrn|_ti$s
z&L_52vn4Wt*Zu+BTQ=q4#2;==W+w;{)>t496A+ZB76@tCG?doxB29m|UmQCYJVHRw
zPgIs->>^nA+1X=oxxYKl|24%|uToFX{LU8^6kw&s&8RV%Dt0#CyLIHO;75l?F+h&8
zNFAPo;SHvW=?#9~A)mVgeAitN#0IL&9V>7}2CCw7Z5SI_5scHXfOI*t7<A9++t`=4
zYF%zsVBADyj(xR;)Ry)Dd%Sh3WBz>9fKp_R{Q&zt{<lzts!kimOX_RIrn4GE71PGm
zn^IteM8y{DW;V%XWHDgCDYu-DiD$jPg}1l5JH0e_AOH;J_%x`w1_f#i^Z1q6Fxo6H
z%-`b$iFzkv(XSxs^=%Lq<I!2eUK$SyFAwTHx*;~e*Ka%W_S?4Vh_XLe<#0i^>vEFu
z@J6@2mQBZAR5^B%ahNtXUaae00?A9TgHCFyU=Rg>Xq%4kqK7@cDK2Nnex<6h?Kr06
z!#E9yNO?^$q<D!J7WR=NE&?j4Ne*O50s}iV6`?qSz3Q|v8;~#^QH+w|jCE_8k8SJ&
z;~o;ko#B(Lm+jQS!^prGi3fWU5Or=BZzKwRgia%a0ygaNqJYR1dWBB56e#9nMN$U}
z0a5ZYgETksFoA$@mqE!qp{E-JG*GC*Dgo@SK%6HOUtviEo<|0Td8lwBiGi)Ypl9xa
zp9c@P0@Xx-0S{2UaxiS6kJ}C;uVEFck3&Clz?6qz)P_BP0|H2-#t0oqHcO-iv>%6!
zY=PV6LG?Rdz}p=L56TW1nN_ajC}P5dk8Z$JzF9DbMWN8G9EW^l_8ynu4*ncvF!Vzf
zJd6yCS-A)$^t8G3SR`iAqw^i?P%;p&OXbJH0OtrSPGX+$J`}_8Zi5jzm#k2<|BE2=
z3`H7v*cYGFBoqo_S8`_!G%CS*Ii?8)X3R;@M^s%k9uyb?_8JTf(XfT7SpyGYgTh5r
z;h$>BptyigfUy`~#L^t0NDweJAK2243lz^mP873r982P)39B+w;s>#-GrJ66zz`Vx
zad<K0(|{h9*FDPwFgT_2YybxjusGx8WLXN{*HBf<0b3aG9(;J`hR<h^(QknTN3={<
zZGyD0E-dom<Z7h>610*mP|(L>7lvHGp5(y(O5KMt&7mikG$87mg*zA8jV%rF{-@XL
zVPJSba0|5WKKO-;Z_G5<&OBfT1|fj$fjgK_ue;^YuH;C1{kzyNdN8t~4236_oY<qr
z2ptF3B5Ljo9tj23D({54y96C^^t%T8XF>Y?^cI+c1Z1*Lnm;z8#XjB=0F{e&2|<ru
z3|o+aTbrf(%PNi~*FELhzY$d(_h$*(NgfG{Y>AB7g0^3uwgu)_rEQtCMCh$9+Zb(z
ziG4$ca%t)&inl<99-FPp42~;hq;$2oXqo<LUwr^r$E}@tLCXI+_D&&Gtw7^47-Mlg
zq~W_`#dK+oJq)3>Ct&u1U2iB+L7dl1|KkG6u?Y?d7%g;aP5&%(4AzNh)AL~7%G0JC
z;-Q0_SRxtuonye)8mtHFsQ?qyBFjiFq=~$mu_JR{1U5n~4n_jQvrz-wWl+S8Zh>dT
ze>wrn0C=n)2pcgKxG^8JR&6#N_s)&AYA^}``~(JQoL+YXpdmlOTn&36EN7>e9m=}^
zA_G8$sJSZ`mvU<8u`gI3s6%jl>j*vr;ej^H?P~F$KCXvJ!O)60_JT-Nhbz)Eqnlum
z#i=HT8fFNY>5^kOA(OCa4sD@V(|jegIX{vf7QAsXtnH>}e9^jE8cYDP!>8s5;=Z$D
z0j1SsQP#x!Pj3`8CkMCZgDv))Z*}c~oeieTQhMwKSYTpd5b?odtosL!&4qQ<x(YT8
zH~^TV9M3J50p<uum4iqrR8JY&Ll1r$Y*<J4jq}uyc2RpcGrHZfmcfH8?xF=E4?7%;
zB~s_uY-L6v@ZH{tkuAy6GYB4Icmg>FA0rf?64}0y4JOtEUBem-APRmFCwUhdHQ;!l
zZo{xKnmV@dc%-3y{?h$ub6c;VcVTlEWD*qR#nM9v#UP!|WVTc=z$an7yjI*rQgv0t
z#bqN%dJ_u&h=hfIu)xAUbPK@v8RzTR)wMzp`jx{a{9y1RC<UAqBMEK+C-I2rGX?vT
zz>oPh#$YJ$!&8?<kT{rlK5t)cV8VP}aONmRw^#k;K4F`geXR>a1Ru`(PjO^RZ3g=y
zixc}nJ4#2+YJ$m^rv$Et?Gra#z9_WRba^g4U~>#`*;zI`jsS@+`rvXG(6m)g-j#M{
zl1;}DquqEXks^R;Ip-E6`8Rir(gWVg&rvYF+Pxs1A^<O!4rbFl{qyvRR^y3Klfe(k
z2+QL?+gBoC;vjkQTUBePR7e$6A55ot{3lWTkCy(Rul*o$_s7i>ORRxZfzw8gEem-2
zHU76Yj@45z5#+{yKxVlKY+yx5IwPdYlDMXS5Z7Al`T%C_{OvO>>@m{>_~`i06UkpD
z1fGZaFWV#SJF)pU!`iui-y3i|edUfj_A?<cAL2id`gKAe<iE2K`2XAdA36dY5B@(w
zuDR&fy8&?OYyZ{_{*iC~+*g1fuK)kl4StLR0L{9eIVbeQRa)v4qEo?t)a9QGH9G;1
zhxNST(*({P`T$CJyCP~M;6KpT<MWul#JApanIOSwbUZ@Du1gOvkH0EMB6zsR?y`Td
zN3oVrtC=*cW9-DT7r)Qi>PECga<pHnIq*>M=qp&=&^D`Xmxq{tMv9}J<S_Umcbee-
zRAEs7(B-*3u)gtiVWQQObll_uc_*wOyGi)myAUAr=7LJ75SC~=D*(!2_7<FZ4vD$1
zn_OV+^kka&QLx-3eD7OG*3NZWJeO`e`y7-e?JGF*9FlG>I;ju*B0WD>BP`wZ7v=!R
zX8*9~=X(CDZvA65z@NfX|BF%nxjDcu>egSQ{Bw|jQ?EJkp<iUqKT!h%8Tf_1{Bx9l
zZVvF<)cFTK_-|4EImlq}Cd}-=n4<rtTfg<{Z(JFGUJO5n=Qlkk=wPm?BUmtx&wR#w
zc0~TZl_zFBHG7`%fl}mAm`O9^e&dlg$K*V?3gyt<50ns?3f}XwvvQK44ZhcZ^vYNE
zPEa<b*!oKCZImeupeVOVW)}#?Tk)#BF1DC`!cG)~0(Ui&)JHSw!CX?lq~ovxv-dKE
zHy87BZ|u{;z3A+7NQ{i1`MobTMLXAN@myNUmuaFN%p-MLkoH|Z^Bj_H20%T(2|(g3
zH%}FusQX8H{*4;UK5Po$H+y0B{2M)g(yc#L)BfgcUtzU;0m)NvPW%36Qoj>o27x{m
zVx@zD)qJMCLKwzpLHjEq;79X+B6U1)zhFQhq}%ywmt{uc9kt!@sl*~IwGkr2@E+*{
znSa2<<Q3kd#ur%nF|a~cMcX|x`>fx<x>oq`R1c&s(CCN!nQF)FoNewmwV;?#Dy3Ki
zVENa2v>nbqKQ;T0dj3WY)Qdkg2Rx79w6`#O{;i(h)R3jZ;62maU!ep1H9Y^jIe*hD
z0M`3oi?a95;fE?Z%-TS_9qVmIZ4))?gA|3RBP^YygY^CP=KCWOzD@^OKpsa)xF=9F
zz|$|tLcTk{Cw_U->(z?VwfK_8rIt=5Mxa>fV_yG)@9~fJ&jMcsrS`T<a|<_(M`||(
z7r=PqPOaqcP;smNDH4UA0h8>Hg1m$kkA@eFTs|!@jh=!Lr=1t1KZ8-lykNMd0h10?
z00s!D-@#DfSTIJIH6kBYz{~xRZU1z(3MdNlK4)uyq9FCedZq@b9gMX*ZRAAxJKu%V
zHcmvf8jsrm{?nkd+5>-L^jVqz(PrSZfB%iqztCndcp7HG|2fb<u^EU31J79D*Y@8`
z$JPjP!aU=2nDzIH&W<c(V*94iAHZMeJH_yaTMeciJCe1_7swONVmrMLQ+nz(u>QC2
zz_k9(x7Loep2cP6SnD50yqWFP?o%)Oqs&=FdQcyZTLXSL|NrdDKSB5>GwZ}=@b~u*
z3;wauKWhB%HUt0hKKR4v7Myi~{{iSfu^EX4Fa!wXiN|oi`-1y82%a`>xCo-X-oQ98
zSb&8n8-O9ou~3MzZ4^P%M%{2={tBluQBU`$0dqUSxelP%Q*v)vu-0jN3Io`oUziyA
za&uu|o&B?_g~Pt7;iRZ8?&`k$<)Ae2L~0xgp82>NIOLKX<`dj3SUpoYjKNr#>We^A
zFD{n)VqcxMX!zb_9%c_)K0iCXm`(XTbRY2kPF1RyXn3V(B}nn!8K-$fmMEm{D6HiB
z%_{y94n@URDz^rZApR0yah^>y3-A~jL#kpIHJrd*e5)!_zbTprpG4<EuH?$iu1oX$
zYJ^mK;ip^E2k6FISIz1`0iIxgz=C9$fV|PMrq0jK*c<O20v*U%QauOLv3svT)s2a}
zMA*RnlmlDKHjEtVYj&cT`ZgW+5PTvNj3LeTp5q2B^&lgQM=|7+U@Q>lWg1x?hwK<&
z!}wHv&EX(yu_4D;U`86EcXOFp)z@;2<GRk@1vSn*Np-aR21MnWN^OmIvuifJT5L!#
zu36+C@&Wl_K|wZskYJ4m_flS}eliEqv2zRa8@eD}xVbsN2NIa&r7}r3htRG$?d|r-
zYzb419J&xQ=zy%VDM&ZlY-V#Gf*bw4Mr!!mFhGlSD#4B2E2TAsL?HjTKbVq82}%lL
zBmk@+!8-%;#Nwk2Q#Y7+&TmcZkfDG(^C!N5ZP1iS-IM@3$G2(I(d9GC-s0t$KTGs=
zrqEj(<aE2R78^izGJfkCtQ<&61X*Cs0NIzmAW4a%32i}N+=}yr$XpjqBOZuk&9x=C
z2jh4p)}X!ocIwyvlHHvcGt_M?Gz{VIrvx@B{4yZA^%9Ig&Gq_^jr%x7KQ`_g9&g;w
z3HLo_Vy*8Tv$-Hm1yRNh$84^eBe-)PB!d}XWU$6Gc=#ensvbrhle>%H4row#tr(<F
zqr1kJ`Ea3~qI?5j{&hx>eg;BdVjnoTLXwN<;g~~uiYNhGkOiGkrk!s(_kx>5`6lc`
zJV>!N6{<%q!RXT&KG@FrnJVx|Ly*s1BU)^L2v>t+!nNXf^ZpjNy&u}29}w8lPBXRy
zW*<nfzCSn%wc9xWqiDHCj@7L>gGPh<>6f7N>odUU*Af_QtTvJY+r>XnD+FN`qjM}Z
z0jpc)9}6?ZdSnC|piXDlcKVnm=#0dfQ9f`pJxIdNUsZvb1m#c%xy_p(uOl$Q0yV{I
zCI=F~Pi!FKmncT@YnuPgJ`*j2Ja`kZ?>MeJ5(A^S*8F*)UH-$C=@7e{3!bUSgPg0V
zmI;x(bc+wc8tjK^kPRA3;Gv4(vzs{zO$YnkjEf53Gh?4Nh^Z#9tfZaQWd_HJG8RUD
z#>Nal45JK;**&>-&V&29?*LRFbNBIJXKc<A^gThBGJ@aaI*q|y-pMdl@Z^g9Vj3iy
zY+%fnO(F>$NG0~R@IZUUdtprB$@PVc48)gF`EW16NM2izfZ~DCP$yUJ0jWrkE#v7?
z1s;K%7g#L^w*MKV?S9{2$P)*U20XQ4O#sZ;aN7K_5mv(x)63Ii{Q!EB$f*V9{7w#G
z&jF9Rgal_Uz6tE%w(A1PF&nF4C?Wc(1xwJWg|Wv}Vk|wBe!I720zKK$a$YDHCf9>O
z3v$G>q5)wbvHYWZV0Hybo=Ar-Z;OuK!#TbC6ygD?R*j%qy4BYq7MIHB^OjAAx%wIm
z{b?BDRB{+;$&M?0x;D^pmH=2DqYUPN_|Y{PC~d+C%q*H`%<kC}gIVJ=6cF<ce8)h%
zDV0M=1k9=>m|)OiI1GD;qo$fq*|AGA)|eTE=;7WLf;m`m`~h|aUJSnj4?qo;S+|4I
zH^kCUOWv!N;E7y<azdOq&#?=&Z{?o>;w&Q!x*ABZ&Wf79I39Ia%P>Ni>X;CY{nilz
z62d2Py4MgO@#9K>sQEi^4?2hxc>V#@<?<BqcQ%*ImVN`^c%WHIp@SDsERxu%h2AV`
zBNt&{!<s+Vr)vfs@_91Ik@HZt_O6*ngW%Txt^hAnn4|8#ha4aBd+-Vz7Y=gy5QNI@
zYj0V=_c#;=Av66Hay@MRUMT2+%DNJ&{9+gtob%wwL-7N%y8g$WlF9<R2Zc?@O!FYY
z+{SzvVwkCX%8x(QMZ~%G^!50(1Z2(;5eeFBfUIycMwTSN(}Ms*&HDQ>D0@({3yVoF
z1<KfOrob80jysuS{^S@ZD11O>T^>s4emYF#5I_>FAhCZsVH&{GU_nqd?$_o*6H(md
z$3%TGyv+n@0FGY?$?UMP{W?M+m~s=JT(EXmg31wMg=Ju@a4d`!=J^Z;kO+VnERjOV
z3e?Rf;_%e1|3eC6cG7$A;}ZF^OpF<J7e{jubB~?dJUcY|xIr?Wl5l(FhnI%}Mvi8Z
zLpIY^Lq>q@rCf2Iopg&;r3(}J%C$~n&cO>LInG1|Hsb4zGkX+B&gqWeUWYm2nc?Ff
zlUo&D;6K|`hGKUY3Kw0y=fNxhu)@8l0+~F=k#zh=L6&{?IVdJ1k?Y7bQGv{wb6SuB
zeRJSG<;8ct^QT2KsOL8UNSr16>~m1sRXX!j!HGK3f2#)kSL)g3{-~#Z{p|B!ZVt2$
z{<L?$s9QqPe?a-?=m0-@_kW4<&p`%2ulR55{R?y37k@ltHTcLMVL1fuE8o&;d;)GD
z-_n}Sf;~Muz%dWEv;gq2uF8-b{s2_LEwT{ij%P>0S^@Sn(CApti8`>*cKA{4xc1rR
zj>T@J!t6NJ4vPJ!8USqm>2cd9Cj5!e?@au=wj!&4%&60;RH*pF(g=-XMAp$rVEqB(
zfPd5eIr9&$==h@p|7rQJF&qHL=I>GZMPUDC@<}d$wF&_FEr8WCUN*p#@M;<mEiwdX
z1$X=aZ=9tATwNc9t?gaq+5!HO+9PVmtgfoAfR|n-{%OlAhSzc#pEm9t9d3Uzxg8il
z$8*V9z;Y(wX#dS~qM0Va!o#jw#aF@twB%htt)Re&+?Af(gTslnqk{>Zz0#4jgB|<B
zm6iCJ_-KG6ett{?$h#wObhL(;WT3OO!M_>+^wie(cT@s|T}OM{ayhlU@#4yts?(})
zaJKAB0hjs4eZiTH+5@j`wdIY8=cNJ3t!skI>m>U#M}b|nhuAl#2ab?O2VS^X?e=Rw
zIntbe*qV|CpPYX%J1{aoLH;n@-dwPTIDmx2@c?yfe6DNv==^81=<pTvXV|6jaBwBJ
z0Tyl+c2ofYRBIb6y+@{~b}>_`gZ@ONSkCde5eDbSS6$$6)<~5+7nCFvG{kSY^R@dw
z^*tvG&wYfEY{zKTycoCg<&xG-1>T_!sfYP?bMpCK3pD#x+RO2;e3j;X!}j`ShQhB=
ziaprIRbj&&TRFe)@)<?MSMKY#>JU+twk%+fP#;An6s?Q~;eqUh$D6f$OT$Zt)oTZS
z*!A}xXMJXE<bKd@l<9<4vL#r%UscJ=BD^JdWNYjBVqAWsN#YyhD{ZGPcS=tqy~)Eh
z86NO35u~BR4`2H?p0c7=939eOVs9k)e|r<LX;t|ekJH_XF7ZRA-?hi>&rt}k)}j)S
z1NLRFMU5MZO^bv}^A(618B15Fw_Vb%rbTg);T!rQPSs!N7AjG>OMvzPuZTQK45Ni4
z?8%iH!HLd%F>#wcIqT?w!4B$gF1bl=0WLSc<6LX<17iJq4HHw6^H!B$5~?3z5@|{D
zF=cO#D*Qtl73U=~(d0f2`@-o1co|t!!YCti8x#H_wsox9RT<%uABQA_h@N3o0$_(7
z*ZOP)o%b%995t;i*72vb6HgupVKw?CJd;weX!BjZ_u)IrRWHTw@q0~6Gi!uW2wuvj
zf=2=7!~BQK_h)czIDBN0neA8E7A7vC^Dy5*DD0=D$<`sj`6$>|xH9PkRP_~gtsu>Q
zE9#Qx$P+Huh;AB1;n+K8J4_|LiXip^vm#5h`okz6^V4VNU6m2~Ze-PK4j)Y9Vk~t_
z;+dmt^V{3+(>B%izGvKjc!S>!QGs3{{06`6EWXb`$`P|4jm}XwvLDHAn!zEX&Ppy{
zlcvKkhkt9q;JWm{rhOJ^I6!iwH2BKppe%&@{bPjMTf4+P)^P%kgyn1obJ!-|mgKId
zN$W)96F>4zb}LY9&Yu4?rb5OYHrYAvGs&>_neB!j$D{9<`@u%<X^rh4GSVSgULp)8
zL@X<I7y5uV7L)hkxd@G~kQ)`pVniF&)!5WvWtlP?g>H=kG#dwjH!JkODqo1SOmRyy
zQ>cBvSLeEX)4X_y9Ew?x!>~b(8QPk6dTJk)8Wo9}xZtHnpQ&}&2@^@eky8pv`^wN*
zDqg7vJitg$5POqny~^O|Un!cR&akn%c<~LXj-c;re0J2AEk)5QYRX~6v3eg7m+T@3
zpI%7G^DWVsm^s9EmMn<L0ICr6tZEqu+-qhoZLkzjhF+9Np2fr`To=>PY_`o<sKdJx
z_Cco1@wzy%IECud1A<Bq30tk{8Zo{XO<g*%H+Y(9ffCK`oe!<nvpR#-YP|4U&o=BB
zk1R;8<>58+_KJUTUpHLldN)*RK2mFcB=Y&{TSbgW$8GtK+=_A^ZN`8rt}$T_FEgEZ
znuQ+6SIT&#?Cs)z89JboX)XQ&9K^?Mb$;q}Xvb>DeDuBv*N58-&a$*AMy4R#n>(sT
zmp-B?#y;NT!Y1FVQ5&}peeBI@2N`%g0o<I1yHx%;!tm(lI+eKnbCSHdM?+Z`Rmj^V
zC$&j9#Uf%9zeyo52HA82F4k9g`b@Db$$ATt1xGGt7n<-n%k0R62*%Q`eQJl7H4DUV
zrswez=%Ox&4U(bG5L{WXc1&BYK%4%oOdz6HDO%EKnd7~FX+CZyVv>hT9GypFY#|Dp
z4AE!!aLh#uQ<Unx_MmR4>wT{8;WJ2nk%o=l&$S4=FRH(xvYLCE16<YP_6i6^A;~2$
zUDBvMoHoZW?-|z6ePch8^c9;~zGt$fXtKugKta^K%8$#`{X6a?yo+Q;#UrC^iWnog
zaE0|f+`?}ci+!qmJ*Hxf+z`t(M#HUH^=<abANgP44RK_0j%PwE58aiRi4+NVN8xFr
z5<_iln`pZ5Ox(Ur2_H}`?0TJ#Do0%JGp@=#(fp|&TP>s{+HCOEE?TClRX&c}3fyc>
zC|pkVoe-373T9O`(Gy6S){SL_pL-}D24YA(xOPD9!B3?#9ZGpq7DYOP=LuG5;yD{h
zJa+1^i@11*!v#vt&$zA?)zf@6jEOOuckQ88@s05(6Mw6u{L-Hrc%wY&&7J4>9DU*Y
zr<5kWs+uY$QUvzyYrgl?5!=bED&>jVMN>>X8E#B+J$QzEl?Lsb^!HD^3yA5GyHX|-
zaqXk>+~FKI=565;;o;i2XG{6-OI=b9*SW;KV`7=}=nWxJF%?{cks7-$N~@}GKunJK
z*FY@|E}6kpOaF;m3X=f3X>Iv=PelGcS?0!vChY}b<W1-oq8>jfxhdAy?!ek@$ad+a
zzFtQ~NASAh>S2Z?hc{A@1e%CuPDY-5(~!o)Z`bEDQJqwHn+@&_=q{phFI%ecM$Du>
zP6#`qYAMELi;ZWKo~J^)9C0*K(I|Y;NZ`u{B(#E-*^pU{sze-kU@u6i6~DO7=}v^3
zaW|%TSe)(F!|&E9Y66_oY2J+j$ZO@H=RzmC#ous<U*fhAHi++<od4P%0B42IZK#RG
z6VH(~rRR%9nVp=)c{@J5W3F>|wn)VmNBZ&&yNCvrw;~Cz%2Srx(Zdzx;|2yaEpHdO
zlCml|piM=_A#E(&m;s6ph>}#=gUwAJadCGse&D)ozQpUHE%PZ%qCMgMhCwoC;`fWU
zo7QD}AE}HXV@8$?nhjGB=-9Z_Xt8!qe4<XvDd|Li!%IVJY$rVbYI*@bsD6GN$(ppW
zZ_;=B;F&Bd9}{7O3f}@j|3OKW^#dnk)>Rr5oB9D?lXRaa&p28EY@fb#neqvi*lV)l
zL&I%86S&haX#;!x?`Nuid9PV}xVW$di0jgtx1l#wFg*B-Geo9I!@Q@rTSkuZDbT_U
zZ=#x-^#WpYG6IX00l(PG<$?$x{=-OMN1L7$X`?$i4$*t{2rZ=^&Aa_g<-Xk)oVy2^
z--&dwS8Vvu?Y_?t0rdG5c=rkLX8JL263v(ltuD`NI3Q}>*G?Jxn%#l1$E&NGRC-CW
z^{b9c?PZiqsnqEC625>97KPiqZAQZ7R`2&yC#eGy(?s><uk)}9hqhn~rfK3EtGeD#
zkJxP`RVDUH)YfF#M=Ud=lv2Zd7psuP*`ZJ{>8ng7b?Xih_9Fl%)0;``OLX()aJ4FG
z<=z<V`DZ!-uZW3>wDFof<eki(_Z~fR&gLa-iFUQu-2{wGx=gB4-N+BL-|@EHdXV*=
zQNq9T+3q-NaP~j~Hz9!^`-SCbW7Bdb|E^#pU86S?8OVilMI<*j#@&_;6vk~V5Q`Kf
z=HDQAZD~+&@?2*C&e>%or<VpX#)m%X*NL_0D5K1ewnq@XOz!chr?RxxUk>pSyq4Gy
ziala_&zIUGsk>hu1J~1MMR$fII$EoYlPM@}>3EJlWW>G^86rw&K)Ri)@~xDVB!)n{
zcqL?5JH2X&DO>d&chK?;E%DUgGRCJnvc1kmvg5UB?^0NIkpNlk3@x%cwhP?_%tY{1
za_Tg0$^tZs7j8w%*$ny<Hv8SJr+jE3OxYX~rNes<H~GEK`BJQ_b8p2I%F(P%!SfwW
z-pny+yJl}I(^Ez5F427zm3Oybl$1wLbAR^+J7vd%q`QRY8TMzjgJyJfd6SXdi*E2D
zO&o#aoTyf$T`S2zVEAX%!}9T<&btJ{9!_=<cJV6DA8M;msao58z2=D{o159O9IaZO
zAv-;LK{-D*+xc5^Vu_&_+$^;tH+J_Ssl!y&VpN7Ez;$icAm*F3iRUgUN#?4_G_sgs
zBD;Hwq=G)$=i0KEPq;1%k9J?-s3SJyva1Q{`r?S9q_30Q19W*FxNwpevg8K9ca)yT
zyP5lXZ24=IxEHS2fO^=-QY%&eMSLFI1LEGU@MjAzS<(&$i1sjIb1vDe9VKQ=p{BwO
zw`cb{BF^y&abK(b?6FGd5_MrV_vY?pg*qw%#2oCn9Y)kTK{*^+b=0;CZs@8K7i1cR
zKLjDg=)F02yM+q-LVcXJm9P%^7qsx~{bj+Ko$*WIa8dBs;p%d58|OJ$xx!oQ5QqT5
zbB{2DP3mQQMg57+Gh0PmTi7Kh3|cq}xbm64p!r6cqZoFJ*LUGBMjX*uoVB!8Dn#7-
zHJHos1JCVAVm>ylb$MYRcgBn@hd8j|&TbNJZ;ibsvVJFF5Fo_5P`y0%&D}uQBK`FP
z8vP>Kuh#%)o_&k$Da?3VA?Bv?wMA-oAhg|EtNI0hJ@et=Zr|9{9VVCk+0r^z=_2We
zK&<CXF|#nS$7(x@ag4yBQ@1N(h&NfsQnbEmbo2v>Jq*ork(2nu5$bq_L5qQSA^w)L
zAB8vcXKwNMTz~J`z<Alqow$M9x4C@dqGEES6{X0V4&Bhy>Iq4nrt5(yL~_Dl+Duft
z?wg7soiA;Waw4XDJVw1P62H=V|K(~x@s4vJdY!g4E2`0woxCv9Y#+aH$pz^hkD4_8
zSm#;v_lhesWrr4#53?yJwBW8~CWG?y5$~q;uk;S*X9!u3-f_Xr?CZ4Ex~i|GfjF2i
z88u?tff`-;K+>@(<H2QtRL8+A8D3zdHREA>23wH_W>Rwh3%NA1TdShHMge?q6rE2N
z+~qP!wGcj+KF@e{*SSlcL5Ax>+EYD(OI+~C8%CilNg*-#=HdOqBu4z$PbJp&+^*6q
zePmbNE^>EZxn@dV^sX!=GH*4GL$PLFS5#DlJH8KfH32_WVC*XPjoAUI8`&Rx02gyj
z8|sUg?+zpeQuyaYL{;a%Bndq4Qkk+;S1abIU|5LFxl?JNRpq15=KFwBBgaNvl~8>^
zzZ>O~53V}vH_^zirPAVr={Zu?nZ~_p+c_avSQn?94r?==H58@L>_<l_tF4`SJe_84
zRW~BiMF-xCGHSNv_@K{&YPuv`(+7mjnnXlv>Gj$pD=FvdYi+-N^s!JZim?BjxxGnh
zR?lV}dspP8+2PH{91Bi^j~nSOBkJ@BpIb+6+t8p*(#{<)$IuGFL1#UGguBrjftv9M
z6;An?V9mkK@@m^s?crgUrfWx)v%voLOE)<F2t^DeOk^blEs5M@T$u*mX`ujM$zo$!
zcz<tuGkRyAA&RzrZg1ykWy;q4Xg9SpcijYM!N3+BxF5o+{}kCUuERRYUq8(@Ri2Qu
znw7*<vRL4rc(i~Haavalad3Z)Q?yBI5_=0~cAH-G<x&1toY?+0g2J~~A}>oSh1=|g
zFCA`_a*kldz8B6Rq1XtTr{0?aa*+hPIa;Yl&dV`tm&fNcSYg;Xl4;!BdQ#Qd)iBd$
z$K};Euq-~$BSX+P%{|)thDVbCdFK7fxEh(@Ojy43A)P4kp8ZbvZai(ki;|}OtekZU
zQ-Ym~<+W`E7B`nx3Y*uz$<cXHpAVU$mK{MJqbe{HnCE#)K&5+VX_DMR1?=VV>`G2E
zw^Hzj>?Ot+sn#XsvPkI&VDDtm3&tB2h}!DX5A}Fe_*-u}+;i%6;plSPwCbGDyJq@%
zjC`;`JXK><OTEpW6Io(DyG>(xcS8{X)=W2^ds~ETtY$p=fG+yt_Ab)Ri<EiHyj<51
z6fVUL-W%afunWiEbT?w-iU9g!Ufg;>Q^g+DTWfv6ztxvs0E?omndL!Ij^s^GL*!PC
zMYO%gmfpex<?OHHG|-Wdu5F3>W>1vbhO!_9sov8;Q83iav356F{$#Eu%Sv+Ymb7mh
z7L8U!W=`QF(fkN<E#><MY^4M}v^*M^#1AdVs(tqFytxq|;vSv2ST5!YBv_JPlwkC0
zW|PH89PI9PtZUYhrf^Q$KR`v+GJz-kp8x);CAal39{VlNi<a+JT|T6{Sn3s7Ybem6
zsT-9lw9m{hT<;N9Wb7@~MA_Y}513p)6+PdUuG$c{IjGo^?uY0{dtjxU&v}kc|MvU&
z@H|f2Ko<lF8a}*~ginqZO#ow=xpP|LDve(LYNDHBRa%z#RBzYxKtLg{_X}j(ZC`!S
zd_{iis7}_jo6<XxRy-tklaB7-To1A?&%$|~?8?WA&}<^qsXU9uH=_|r8hZJ1!EF)j
zoQ-Qhm%-cn3?WO`Sl<@o1?7G>Q3_-x?L}_3Ew+(0o}e6%oV}i(7LyHR#r4XuNO>04
z)EU@jl|71UnvI?1qXa__=AxV}Z(PI>=;xG|oS#6_FzLRFucgU?B!FILZ`{CzU+JDO
z9Ms)^ZcLIkTUafc8FefY-j1vR=T+Ya6uB&HlxA+fTUBm8ch2A7sW-YX$%qD@YT?4f
z_#8tj(4>Z;%aQyJi&?D&K&D={oN~L{1`YGEE4fkI;FZ93KbjPzH0#`LTGK=thV4pb
z8ZvteGL?Fo3QOL5K|`eMVqe5=k)<WtI}N8sDXLsUylS*Rlf@~0Gl)2uIqj*RuQspw
zPSeab1)PWK3!D{3LM3`9hA=`uc3O;!jCWDdS6NXf6v8V<5e%8!*nr1jO*mJiAM{2d
z9N|x3mMiC}_{6PUz5X#rriJ3Q72-2#<Whgcn{L4eqjk@^^^i@S4a`3HVc)MyReokZ
z^#M7+M$_Q@^~O*e7vkoU0sL%d6pg^NqI$Ce%QgmVn%VicLfuF&Cj_u6^Iwg~9+A4H
z=rWxT9bA5ItIJR?^jxnWK#FJINgL1v_BsR=(E=+P2$>L~W11daxM@%IxFe8z8J{3W
zZ7O*BT+qbjC}yDS)$q(<Jjp|pw%)$B>uWwLY2`UISh`vE^zPT=?j@6`KQ?{!WHXgq
z(OIQ$NL4NbHz(XZb5b_Tg3!oVZ{jdU_4OQW(vEJPBTv`Wyviv`N<eppP;0ev9?k|~
z#X`#PT<Wl6QZdH+$BX8O)ed5%H6BUa@`4MO6u&%fbn6N6NK1@xeE-BC0@)6eBdzw*
z*RLq4QeC77^$w#*Pm+c_l=)NS_bpQr*{eQhyqNHN*~_2BF=_AaM|IijAsv6k94DRN
z%_}p-lnqHzPx5MR#q}WqUpLB>xR&N(QcR?DZVWM#G22(^1o=LxAY}V+aWT}U!YFRy
z+RZCM-2`S&BBFbJQTMhg^Jdy<8|bd5sXAufOfl;bj$r7z1{a2RsiiazZ|E5U?KyfR
zWUF{v;U%B2gZC1KwH&pxKKYs157>zPO<8Y$<TK02nrUTC6=1_PF99ZGu$@QCs;2ZV
z^h!90j4eJ6|3)!I#g$M=vh<uU=UGc$N!_m50>X{H@Ahwnp5G1UDx;DoHv6cxU6H`T
z;+9QWNR{`oj2-Z6>f9U>P;g0;naC+_=6CdDL#fO7*i6?JtdPMKqhOI?_Qne%LnEmU
z4KE{v-rmn7$z~kY&a?>7As}s-@f=9weLEi(9-1T|5V1T*M*J50-Lu?pcD`-KmFGUr
z8@I}Razwn(E>rk=GD{eKZ18^L5`sMUgp9+Zl2mi&ae-TG7B@_IzUDF86Lv4t-&WlC
zjQ;^0g&{v)7Nd2HC`67cGleL2Js$}UJuFH-Flvf2{8{u%P0jR#BEal>eo2Z_ksqzk
zv^;vt5?V<zmxax0n%mU@;!UNG7jyV5Ki(?x47(V>qQSI~b)T+K#k8Q(>sIEBAu%s)
zG!DEU=JM;oqM;eyPs4`s4g(4;hu^SoJx<BkqM)@h(3YKBFuQ&?u61hR@omX?T*WM$
zG!94Z*jqVRkLBK0j^BR|Jf=Gr(oLMSs`vE+hTiQfY$EuIqf&&NgGIfCEcE#cSN(S+
zOg@EPFq&P47k7QfB8Nw-n0IJcx_my<^`o#gug0N%liVipompYYd>(q_fYvk{Diirc
zyaj0iMKtPz+bIv@cQFS&J1#$-&Bw3Ltx|c-?BtD{OPd}joz}EYM*!@u$RwLn?Tz2f
zS<#j)c&n~5Zra8BjfBYN=1ylialRTKzh)*!A6;2wdv)-PG^1j3F22tAiVwQ&uGd7^
z9kZ!%k}|SV)$eJPJB*q3U8s8DS2%*pV>9jAM(7KqW@QPJThe)XJm2W_SXWlcOs6YM
z@hGlX1jxUx#QbcMVy6U5MwEZ|&WS9?vw1iawHKVI5MqQTQLiQukND^z{;S&_bC2tY
z6cMjfl-l3+#*f+zW7v#Ov{qndd{l0`#e18RALHpqnhO5{@UmlHL?}}_wk40$^=UTN
zwve~%fQ65)w3K=jo>YCJ%9i9w#X?T88{OPF<JBn}x7n~Y9o#q|GK`tQ#AirntxXE$
z%`kzEfYjYbI=egYPt$gv8@#r|GxG_=Dr>$~nj?R}epyN;(`2f8(CA&POu1Ty;^_X%
z_3A+QS04@Xs+r-3u3CQB(I<5-9+#2L)8}<PxAD-@{<-J3j8aZzrH_JEe#uw9Sn|3r
z-X4CPmP$NXYVTj<V+&N)8jL=9#)c)FNh5@@<vBiLo2@n8xBZIkMRbfkNh;Q~R@e0S
z;Xu8XN`tT8(M!gMcF1FQ2*o4S9fO@z=C10MUXJ9=jikeSWmvD9YbslJuUXfd#N&(B
zYL%hNN<Y0~Q@q$C_zr?CYD1YaWUb-rfu@;N!V*G;seTs;g?Uy0hwnDRCh<bj9vs<<
zhZy}qF8eu1gG9jQf>U@Wty9q}g-NXOd5kMfS8a<A>>nAMw>c>U#hOh$u{Xtyk^G$T
z>dSrY;`%2-+C{q~O6Xyph8iz+3UaG}_5C6QF-2<n`e~v|?8t$S?cD}e$LTDcurg6)
z4Fk+C?@`yYAC#B`0A*Fi_h+aQXID!}1TpT0*XDC3&z^UVMYFf|!EMi2$3aDWJtTH8
z!E0+~cRiR7xQn4#9q2BS0UzG2OqUSD#?!6XxDYgud;!T`)g?QY-L;|g#U%O4oHx(T
zB_sdJwgF0s1c!8o$*Q!Yr+}h+N>^8gm~2jw$hVKdJGVc)&jUgOtya^iXQoE(f%$FL
z=NX&U%)P>o#+pVtYt`6MQFr=2nfTBg;kkSet`)p+_oD2cPWK1+B!0GphjqQg2fQ^o
zX-C};k>2vG4w~U`b}IHGroLL0B))hbhjejyWgzt8j@8{p_cdJSqO@x2Q1TJu$~crD
z4Lw6Lh9vs6l;;sQP#i2JNe~fuyFH!?`{TEas@BI`yl^D|%{tvL*IUG>c8Bq~3g=ze
zFV|8>9k@Ywd{zc7c1{*<R#Hwj1}07}=r0x)W(GF)aC3b)4FLRQ`#ajHK~*XMq@8NI
zaw7`idYlBGH4ynyd&eTUet&{4+WhEg(R>^2vzQ|cciqBf?I(qm27PZIlPyRG-Bq|c
zzw$7jvXk%733G)c7jaF1E3>OKH_e<1{Jpz!FRsVAr7nJa#GGm>0!@s^@lur0k_UzX
zK*fjsT<YozN#>+i<BR)EYqO<&fXu8t?iK48-la}qi5A}r{n2b9F@0SmwedBzsEu8<
zM_cQcIipG*3(7P>KX@Bw*yT9P_coHxqupS2YtFr<%#1N<c2)Ffp|V-uF||bxdyuS+
z5?)SVo`R*Ce_)_I=Ju<4@CUw^%-m7|(CvMj=3<B%GC4JQ?Ni-r>}t(JwB9lZuf8%-
zu6-&=u4_T|&Ir|0LlYOhJvrcSlKA4PRVivB_Jdb>(x3QBZq8Y(!X-8W%2wRDJP)vT
ziYeyB78QhS$TJjJtjzCrIot50Az)PCK4DT$XknIRYD>F+j)X&Z{Q)4{p=&ZJBL<j9
zAVLb|@U!(~r}7sjh-3stx%^&?$spbVTT~RDzI7v0o(Jn={j<k+i3f3>aP6FXVCuW?
zDRuYkWA+N7LY4qiAD$SeXK$Fb3f_pyz#jL*YF}k1;2f|w@p_ZgBJMrs?0fw=0TX%c
z<pOvXWgw;Z#hXr~MvqShZ|hpjv7ZPtMz%-VezjwK6(oc<rWUnPH*u%g?#<O%Cqqpg
z38X9UocF0cm}Z)C)0Tjp?X`&!f!m)}x2<;f-<Ds%J+NS=myx@1A;sOdJ(^A1lfp}&
z?&H+ROjCSg!S-ZwCkm~Uwx$N-V|(QVal)vyp5|77^>I-^zR0CGMw0sL1P08WoIP`j
zZIO}ZjHGd-2fbPJ1X61c_j3WK-STT8{ukuu%T#x+VHqE0Yo^w!HH>iF!JP3niet7s
zLS|dSG15%sHsZg(-_&Fn-n%?17bZ`x{WzS|hWuM6Lr8<4C>B<r6n+`IYJtRHTd*DL
z%A1X1V5P8W(<_FnA$0AF$4!}n{$K@@oh+(_hYr2Eq$;oO7EW_?bbR$%CE}(zpElkq
zFjbVXo*Lu7)YRu-KNMb&D!zBwC9O}?F^xYywRnwyKv`r=<O=tc={O=ibsH5X@Y<`u
zfHvz^9G}c&LseZ|<aFEqd%};ZE{8@@0}JP?z5)d19nX>XaIdx7)V?mPVC;?$%9^Um
z<ez-PQ0e@o9uKD~Dr;#?MCT1JW-{i*oP<EjuYr3wx9{sP6QfA^)vpfciKzBr*0oNg
za(>OA{@maEvh1qB!9J6L*J{C9xrbXccl)d6OAhOOcpRY(=bLl}a9rkUzL{jW$stdU
zithOV?{1Thic%+hyC=B6y%m4>SvaUd171Sto=ppXqmYeRMg3f8ibClXF-fH?GPw7z
zm3hYe(1*LdeJ!ZrbC!n<Cmqfa%<8p7F6>C`Yk5lhiz{HZ-@ogLfz@v6;a2U*Sggas
z#VUM$S37S!K#0Phbul?Wys-E{AA##as70I8I^a^<(sP-*rB;(*=(SQmWw!_3!->hz
zz}uULbgR4g^d@&mmdr;Z2l?LL(rt~BALMS?#<BcnhbSX;=L^O&NtFqs+l+5V{3a_d
z<|zpEp6kXtcd2T!2!666rr74jH$LpqbLGA6w1hE*M)N6MTq93LKZHN&-bekwl$UJx
zmfqkRkmX3RRayCvUJR}0);*a|ug@uSJaC(=LJTzQz>doAFE)9QCAP+a;ZXaG>^8*`
z(hDb|`*s*ZSC+6>r?E&ca<MfAH6rvj!ef@<(k(UYULBBogKCX(kM%9w*trP{Ucd}{
zJ?mU-NxxZM;uQl0f~{dKy-&Gi=d;!euGDi&?lA)9&vD5a!p#cY1C(XvFZgCnA5!Bb
z_!<ZsZOAZb>p1EKZS<dWMz^`}QrS$TTU9!%g!S$1cO5satYaS7v|Yc}OG@@F&H`Rp
zKAY_MHCF)eW9eMJGDJ`2Q;f+vp#z8iHYyN)?#q^^=GUla2a+W@H2RoxYk0w?jU?Zq
z66+m#0F;u_SX#p7%q_>#zV`k(yYCMqxZpLl%sK@VI_k1LD92c{9LQzf_L$4PN_c<%
z`2)8)H7k}C#A_vlYY+CGC0t_}m|D6>G)pdf|KYX;qH9c9K$y*wsbX^u>#A48U$uGl
zTQJ{zMQyngd!7(I^xE}qn|+M$qnGMa%eBM^*Bbi)wEX&){Wz8Glvm)yJZ=mpdr;zz
zS?^co4K$CVvsDo-Rb*7p2MpCb?qTWCh}`L};b2RCqSffG<=j8sqzUYAFanF+fp_i*
zyuWx=7=44e3n>Y+KpC&xUo7!e-B61+E2FYQiil+^euGh~-&5C|b|-{qolf<uL)*->
z(Vs`@0SwF!{tFMY`B>|XY;QGk@6GKbCcY2V@2w>DyV#GA{n3HY_^Vy;R%wkw-YlkG
z&S)1|QO)^Cg2l*54reuY&jBB_`@6#D9K~`j8Tx3*+T1Z0F2$OfF8=TYRmx9BP2)AD
zP%zeFKrZ=3`Ntxc-;G&%axqz{m65U%Hk;TfpN|L3sUN66D683Y?6=?+wKpF~Q3=9A
z-E?>$x_7(Gz@raAMt@MK;hWNV2}-J5zEo;wDR=I1f!c6NULSjrcqgZL!AmF;ui1tT
z_zG~EpL$^#MEEtVk@_~Ld=FR&HRD3nygJU?clQ>Csr+rVxkiJn{9-}(MH}M)M73o^
zvP+*Ffduh~A|0>X@3@;-%(GQuSgkbF;LfqMGA>lQvKu|Pj%l@ep}2)cEug#q@uRzY
zPv2M@jhZZ?``njaa-eYkfE}ByMp)a#aX0G)UI!uB`_#Mh`XaNa@B>d;H=StniVd!}
znT?>%KJ0l-B_QBtBy_!z^OEuqGP@aDpMv31Gnm-HFFG<C-DK{9>SEy0)7E@Rmc?wB
zrBLho6jMei8E%K7ELl22|2X`o4;AyKO+UT3CdgV<<Y)A_R!4L{PGFV!X~$g*g7sk5
z*6?&bM1u|_U*`MF`o(p4G^wg4Oruf(#WLgz&#`7cT~)fz)M@;d$cmB2F&E)-8mZmt
z5sFnN4=}t`PZn3?{lWI>I0XZ%gR+Gm5T1k{uS|p2v}EbKg|GcZgh4FE#<ywLI#kCJ
z-#!1M?C@(_k8e-T`?eII)m4wG*rJa0eP5JHq1Gx9(tLt7aBKCcuCoP3QP(g#U7Wk@
zqKB<r37TATdYn{Q@5EIn-zl6e4<Ap1_pI)3J%$0!(08)}Y_aB69{Zm+c3Z-+FRb+x
zBB%=~B{&Y<l$u^3|5{hHrQLyLSC?|HBW^AeJK7+BgtbUJectE3=I1y4%Vp2rixne`
zsyn7`ikcZ8xN9WbU$cFg>M3a+{(9*g^;KMU*U~LRi?Q&vw#BN^D(x?kwo6p#B4gL=
z6T&IQf!fll`J=Gu3Bp|z^D1e<M7>!G=IV$lDuckih%a8xqJU+8dqqYxgp?dZlXF`Y
ziRk0v%7rDPW>egTDZ{9~?{i&Eiv@b<9vI_BA`P<?=$ZRjVU^LV;f!=^P?Qd*i>ReF
zXs^rd?1UZF7QU!4>H{p2NhD&4BWRC4QY(ubJj5~ntkkVS)Baf$4TV<Q`?ik6z)hM@
z6C;66Vdkv~ht%{VO=d;X(T8P^tEVzopQmW6%odJzicc3~w=oJ|XKmeSyI1~zkG%x3
z_Wty(-1tM}_15;(<Mr>bB^)0d5f=k12Qvo?3n?=z69W?~D;GOADJLsC12;PtTlm-w
zxa;96)^K+S*%??^*_c2vE+z(MW;SkSHc}3D76vX>Caxb+m%^8=;dqF+SQwa@IM_g0
zP9_ExCUzD!4pMdwZU#;!R+eyP8aRsZ(Ia^D@FzBK0@t`0xVczanOI2K+1VL5Sh=~F
zIY`-<I2hQun3$QuEo0yxgky%Drwf;U0>_VkavP?Xi;aVsnVpoCn~i~)Gdw8tJP=Oy
z6pjvH=V1H&dYz!njHrA?K(l8CQMz#Z25I{{47~wmGP>Lt#DZoa0@Y}Qr|`U9`z|k+
zv~8^&^mRX7PF}p>vyr2nU-4*sdk=j%UhZwoTK}8bWuq<orpS*(0J-QEW}5lR(wdBl
zel<?Nv<CAO5tpE{1^P3z7l4~AOLp?))7{laTZ4-um3hMsE%Y<}pHXgINPS0`b{;``
zY^#l=a%Su8_IeXw8z4a)^te`G%prx{8zoui%d^`B@lRV>b17JLw{<v8zF2s9_#SPZ
zFSyfh(ItJk9ihhgiZtGI7TX)lNeAptSX$n+-$nPyBqeq%-w4sfgjCA|rez_mpE<rh
zBAc*IN00Ime?gP<T=@mdn@IWjx54L<<lC1g$)={ud}WpO>8TN8eRa1dOz>Kl(WS1%
zw@@P{3LC%PcQ;*@woWKs(o;jmiCIBy$FE>Llx~amcvGbuse^D%OG!B=7F)LM+{U<>
zSF_($$~SSv;@Q!4<S1`1SOa}SX+vuROD+yu6YOHmLlcWzbe&@^xw)HBu6bcP-*}2R
zl<@V}HL|-b$^j%GesS1$R<$YlR)(3FVBi%qQCa@)Q@g$jb@&1?_^1}T9S0WEkGwkq
z^g{`A@U`W<oaGnhD-G=wr5T(o;G!>LcnY<pc735>u5t@hdPl^`R|+UNFkZ7&v%h<>
zmSrONX&7q<rDqKHJNH$YRc?dY8W+c{HPZ=cf$zn&UkGp2u0+u#C3C({PmX~*Z}|P4
zH1m6I<Cpddh}YWHgvHfwiARxLt3|dgZd#WYFBY=HrFP!V*d0s4Kabmu|M-!#c=Q@S
zoEvXBwE@fbl!n{$N$*6X0ZA-ZH(^7M(s#Fy_BYLea_2#{E7;76sLa!J{j@6?#C;^;
zu3PAG(~EAG;AiZIQ)e#Jt!+EUh2SgbD5>kIc_CmQj#o>Rq1C*<SG8pyH|jkRfS=n{
zMAGMASDO%7(uR^XP`1TqbfYnIhzi&G?x*Gmb?kK;VFF`fUl(BsQNZY}nw}}n0+MMJ
z6;ApW?$`*CKAm@;y<gDZmH+4(k@zN-^Mz0HJ{jwkMiOr%>HcSttln#0A(5d(a@2;U
zIlG+!ajm{u8iCg}NCr2_ud*Z+vpr>hF|irU!L^vYNlJNv{v}&BT^Q@4an3t*2Q{25
zQ}!DuO3hXW6P1G1RkIwx^*Tk4>mg6C=gZViCQSKSB}J|fv<Ib4GZ^vJsRT(qv0RkJ
z!1tUC8|P(CYhRU%vF<3H+dkkLX~^G`o)6q-{wnU^MY({vqK>IA@VF+)8u7?AcUs6&
z!XeO#apCINlIxbeO{y2_#Hw{8{!UjxcM+~3$sii-#R8YmG-H28V6Tp%XOMg?h)4@L
zeP`LdI`uoFjXAh5it-od$g;!mtEJ|2&1LblbaY_js=JOHk~p@N`ThU#^^U=vbY1uG
z#F;pgWMbR4ZQHi({9@bY#C9^VZQHh;yt%LI|2*~FU)~R0UDdU#diU<`eNL~l)@r8^
zlW{ROLNYx|N^?*YF)mq)8OYIH=Kk_74<Z!!1a7UH?yKLzfwqN6Rb_T5W+KZ9QHjTX
zB)WBOk7gbEkYVQ75lEDJCSgak06=T2&qE!tfFD_q1OUj}*~_dboMK)&bN^o7#&U@z
zb>Kz|!eerf3s>|nQ)iyJ`2v#BoJ9L+l6xG}ntI^jJfV(UZ^0To(}*esFK;|os&c)$
zs78-f87=~B-$PZ9IF*=04d*797vgFA?G-2|Vz3>cS%W;DEZXQoU!{W%P%vAeeQDSp
z8relwWYYbh#aG@{&v@<UhCiZcuZlFn2o*CxXfQt5+VPY0KAuc>Yk;R*MY#jVk}3ct
zDjg4*trpbMRhQ?y!Ky}1-#VxfG@0>;-Hnmj)+DOo&JFV8U|uK4+*#X73s6PZnlh1w
zh*RSw6=ic9`?~FRXO5}>;BN_?#&80^n*$Xq<l5=Tfa7crtS22hosxxRVKQ`njzMUW
zmfa?AktO5m(eOjr6W(?KKx*kr=VSxN<VnVeR<l3`>&uzt71hKIvST@HM<%oFJM#xV
z-pq2)>uX<hC>vM^Mwh-QOu1=mh`X8G&W=Kct5OT&*d-as*!O?|zz~D1r}*BMeJcdz
zSszB`7f@sq(#Q^K6cb=!O^6u1VXjbbg##ZQI?UQrJ$?ps>bPM@p<?dzec{DO;ouwR
zQ`!S7x%YcU++Ps&D&U`?Saqt%L2_UD6XHiV35S|!jd=x^766x>PPd!z{2opaRlVf7
z)LK|L&ArH`INh!VgqyW;W4U~pQQM||hQQliU+I>VXFNlN-1j*;Rr4opReADQ<m0R$
zYlVAF_?ZJ4UuEaOoS{30iW@S>xoKp6W2F}p57gu$e>i4^c-nfnbqaW}%(-ITK2jQL
zMJ;KzU&SZ^!##*q7hqcO8SkRH(vgdix{Q&ggUjP!9&ObC*tZKp*g@DnZuEp93oyz>
z4zPkz<;Mr9$~3Wozv_Dd{TqIs)CZZ3wi<g8HI8C7fg7`Oe>kgeC)t$|mrD*D4nv9_
z*i@Koo?A@i^{B{G@KuA2VQm+z3)wlaCvV1ZWZWIH$yyw?@{ji-_Zk=V8D}`mIab{&
z(c?0*8>vVD(n$`>P}z$~iy?=dyFM(YuP>Km@M%2MUpc3{EwXyjf3%m`Il{UsBP1)N
z8|Zb;*fEEqYv+moB5jN-WJy-Fm_7XsG;75%Em&Iwfxy`gPuPa5%A8)59^`ieLDw13
z#2uBI)GoOX6ID0suKTf92ktd#zeh!L>~83+&&3-HSeW5~1tUF1xPRd-gmZ3~b#th#
zEmJn}c*rSE5t7yhC)c>D4b^=B5m#L2Vh(lQI@YL+g>Rlo>4ly^+N6VJ$)J&t4IOpV
zB*yNdG;h7tP|zEpXegJ@aMH{Ry(z|Wt3D)gyV-qBS<CR@%{KMtxkE*1=wEX2O|t8K
zHg(Gf4Af&e8>O_H;m8b@gRl3BBW#cLo`BLU_JvVt!4?PmBRSD$+QId7lbISnLrL%U
zFTs)yp)i6^fSffdH*PJ8gQPldZUb2c-z-Gr*lfN#uW|0r{MD-`P=tY&0?Podyg-zV
zzH?u<|CGjX{ZVOzdC*>Wl;mPz{zv{nWwnqBP}fcgZN5-9TuQpn^OKymz(>ClQS6~+
zyS#bMo^@J;?uRMAjmOS;Pz2S&nO`btM3B{66?yvuqF-E|lDeVcPLyRemA~+oX*oC3
z7>!2uT|T?XZ3479>MO<OYrpzAtL`jo(Ultu#<6y&*0dC9$Hu*|wRodA&qZMY_Ebay
zVDH#4A?SfG3GMwb(iyjy3Vm)Xs`gSanb`2qlYSA<US~9JLvND04LrZJV|kBb(UVfY
z6;OPsJWtM*M7uuooEHhTr7&e{W*lVYMskNb>=*HB)NZI|j!{e!mFdp3_Uazv7QYx!
zm(S}nsk=9o=mB?E!i3~wwV>~lnAZSJGN5t1xOP3$UZ?h}5-Ro$)fbZ~&@}~~+-46=
zmrhl4><ePB5jf~y>QbFA&?A76;lJjKm1=7?n5+oiORDFNKjs+suffqg>=GKJF_~O8
zz|CeL#GCwqrJ;+z;GKpKj9nTr$3%#iJ$LNfOxz9yc7D8f@O`2}Dnrh2V!-9F#$d{A
z0t4#$_wnJkuDA9E-3|&CHeutCgM9JfZ~_ECt)C0&0i*Hs+aa{@88I1Mtmd6DBJMwM
z-+fCO>(I1o#DPQZKW@z(TLr=TiUF*mI%ZmB0PY*Fy5A27J*8*`a5m5Fc_sPSJ@-q1
z2^~dm?z!1bfY$)sTP8w0#gQ|bRxftFK3Wo(wY5}9&acJX+@Apk#n+~69cjxS;S(+;
zRyS3ZfK6v0l+}t90x~001+j2!CjHaiB4|r|7z!c1X82-OM&y_&!MH~>MoBxh^wd^D
z6Vun9D0mOG*9SSMp!}M$px|MV4?TZ(9(dDG32_+>2CsU8bE6jG5ISVRwYIDg66vcP
zp7MEJLfEC4gqeI=_J{#39~Z?Lnk?IwEiWJ8fac2|-6cO@e2sT!v%mb^4m~5h3UAUk
z59r%Ey2}|R?<x=9LT=Ah?$a1_4vR_(`p9xVZ#!_7MsEKaN}fqdp~K(1inDA94y9K$
zoSiK_NwY%FdCwe$TMwbT{9>W4>_AF&)n+;SeRg=XH{T3<H%_bcPX0l3vlcL|X-E4~
z1=yfnQFvHj4v(&&MXoS-x8&)oi_YHB+2z}e=^IWPr7n5AYO`hRJgwe)jM=%|P`6^u
zjA46;wvq*%f`aae*N<{y^H+C_?W6_2lFdr@ZImX%%-TAsQU&K<I}T&arjxMjD_vsG
zO;b*(uI>VSU8*AXbqdNZG37{bH9kA<0XlBh)b?EN9~9{f<S>%;#ude3vqoHS14(P#
zhWpg@<4%ZYr5Nc$H)=GURD)EQ&*##g1atyLdi|dYMr<#IUS0Q*2NT1MKbOQtV~+;)
zHG;5KXsrJ>AkETJek;+{sss%V4e)<)@KKBhg=%g82Ew!0%ZgZM3p8E8ugnjg1Y|#&
zSzpPbnbW0f#tUWVY^`s8xXq0Ov{7qYuaqN1Mw!7_TryZ;)Rq(OfI052ia`%EYx*B`
z4tsLd9$dI~dA&`%*+kfD*0%>oY2K@9Ue<_tN*e`$+u)B7LGf1L7u1wZRYiBNhW0ha
zRaeyO_BC}zJC{2y%3n=R-ph-E0T2UXB1VSW>Dap~XqtqYXkVOIHv>v!8<S_`iD>c|
zNgFjxg*U9i?3WS_NB%Y?R<7deU)8R@<5?kjI8LH+%MK*j<9Y%oGkazmX~xLkoUN?p
zZ&?u6KK@F(Fyv)yu6&Bu%y7|}TO4YzZL9SeY0TgqXdlsWmq!q)#C(e{0{~P8b4H?6
z#>+kpSH@NeRk=_MscvU&)!vzF_q+xjXY4awMF*QV!9@`yVJ*PG-UM>-%1nu8b=Yb~
zshE>OHjh89dX&T1ppzTHS<lj0PxF3V{|vz>NP?d!tiS0mNLgC4<y{ZulEE?Q;O_Gf
zU`OSeN>Y7my-lz&&nA<&1E`2UHg>0i#=}IvZvIrLA}ZvP3F`Nct!vJDcIh;Q&eFcj
zu(UhI!Mh9Km&A~SKqd8xbK-{FY_YMmv=i>Nu$O~JNB?>OI&2U)%7a+$2Z{yW_A>T6
zL-M0s<GosugiK2bl&gej3iOybqW)T}Y%+-A5Iq!+V_8KkoX=Mw1r$v@-reBn^5`zc
zC(CYx%Z7I(Y(Y^>Xs)UkNq$7(t+gXL)Lph+p8fKlsJ@V*H0R38g*mf%ll)LnABITH
zxb+_AwODofyPeQ862)a_*M^fs&O1f?*hGrT#%K^Z373qH4Qr-0u6;bH;j2{TqJio#
zvlSM+E1oX}<B?5|MdwB1?G-U_Yc>lM`rIM`a$B1;MYAtC<YOTB5(MTB5zD{Ri5X-E
zT;=g`$eTQqmiBM!_6q@e0DL1B|JA!MuvWe$VK?5L2HCKwyWT%~d4{7C*boiSC1Co8
z`)owdh?boR*7$sQm921uSv>z9$ytHSRy7ruM+h(WoR$%=?+))ADFOl7e~-UySMbP8
zg*^R3Mx`}iV!gS+eE$0UFET3NUpDHG5@bdV^2=!6c1|zH=TF}YZMkv#%XUsEd}2ld
zHCqHhtec~dD>&Lqu)U!xA1*EdQAgE>Aqo@ab0x9kEiwFwo0n~-$aqXbq99%%ErtUv
z2v-d7JR}!Afm@t1U#-xVIlpe=W~%NZp^R?s`qgx?!h13>Q>|lkfX1L`E|PwTZw{PF
zjh-?@Q)Zg_<{wTdDnpRJU{Y%C`P-we7m=Z6WJly>H{OCpP1oT+k(9596I3kd(#n}+
zhqi$Lf6jnKy?+qWRsD{Bh3q_DCEF6z)JFYw2mpSPlHj#$yeD(lo27En&Woy|L~{au
z1U9tj$we{_uTpeH28cOpcUM+Xw%lrS5)xpHy1%k5_-vLA>cjQ$LVPZn;a}Txit?DR
z=QZPS25zZ{f^Hs%c8582z_Rt?oPxRpOpA!}_Xx2{1j>jWzXmW7FmXVQ(tR^csP_ov
z$_RmrI0&{W^k%Wal56F$5mic}A-5VC3G(wYQ!ZnhN-n20046&d9!;F*9e8lRf_dcZ
z{aAHkyTiV2qYL2G_%KnvufhO0q?yyTo<TB(-~5_M5(U+)d>6P#C)T$dns7rNPuU)*
znSx}y_y1MtWDn-e-4sozI1&ObVNVTfw->sT7Y#Pr5huw|L(N7X4xPjeM(d0;RYwFx
zNmEW6!0!y2#F*1|$-903zTX~ge;9!#6tP#L4pX^>nuu)eXkv`;j1ij0)|y7>{Cw>d
z`(AQGK=(X&c`rX&Fxaz;?bU=Q*#ZeK(PKHB+88z7HOIdPh5!xpTxcB&Hw{weEA%>o
z>-3&>XwQw!m!pnDH|l^oUDOkp%qn1#SsXA4IDs%ATU9}<1FddDN=h^gXS$YllrPQ8
z8<3p>4aW}Nk=|-=Q+6l%ffAwlb4Iwc(t1$N&N!Rt!e*>wsNFZ;&Cg=ceYZv+jvTRs
z=Ty58Qcmn<p4_axF;))F)*Mr@fhlm1{@BFp@9p#kL#iwS>0WVe76@~{ZhrDl^n49q
zz^1!}QFN5sFKVcO!!NdRaXKj<`*+%Pub*FEVD$&iUaBb}1DsJcx9~mS)xe#ro<HH}
z^eT>OZpxb><Z={Bx)RG$G$9nJ!JZJlnP>i}L(NkmsJic$Q(YhD%q=m^F(J0Pz-52m
z)^09RNXgKz$vM<k6kqq2s=M6o)C-BO09W^8oOWij?3V#|5*|CqT=e=EVc9A<&zy|{
z7du`S-3KopsduI5Z4%bn;8!;6EPYGaYPBL4ztpRr90kBlni{(^?+4~bvHNvbCs@w(
zcUQVA!;>FFs=r=~S#^;lLAFe{r432u!L&X$iU}Sg+x2)Ewf4MwC!U^R><QK<06BY%
z{-#D)<#uElZ)q+*Re7>^uCqQ8&;HZ3CwGS4$tP5HIKRAQ-(+$wZd)h!aHl7k?6sb$
zo=~dMhyJ*zo0LV5t&{p_U9iqYIG`xQK}Jj|Ve9^xK!VK}+!}#EyjIvR4U0sIITd&j
z{Y*H27HkY5&{Q@?7{V0u+!~cr1gu!jvW)evm-^niuTL$hMSC6z{Sd84%sJ|B7IO9!
z(iH-s!)MXrAvYqUGJ*u!(K=OX<vi2<^%m|}24^(YUMFA8c{ERGP8o`YD~20Wdc}7U
zKRtCj^%#3&J-CGs8W=duX)b(Bbi2DyPTT1rs8dWKz2*EEUjh|@sZAN$^=(`gDEX-U
zq(d)Bp>eslF8uy(0}&!2NOsg?_{5=WM@F5N*||4r>%7Mm@UCsvI0CznL)b)O%E=;h
zHNW}03Gt8xk@ao-{HVWzEIh>;{cRZOfYp}%YeEtDR`Bx3pcJ(=kdS`$Py^I24J(aL
zM8!(E7Nv(LOW5V1y?&6N5iqJhmP!zRD6bs|UJMHKGQi85bgj^=#Rqyx75jrfWAEsz
zlgFTvq5kHgI;lo*OfD<<4u%!p=uvamdf~QGZ8P)48jYITvsS909sQIsaLjyA{#2&b
zs`RPf!2wfvlVomm?Iliax2<q!+&1F2DBnAD|CTXYGmY8fQ|sBm2(Ww0M03iCQ|9`o
z6T}2)$cfgif{|>eVsN!y(AS3QAu*l5a$Ey$u(r_DU2#PTr;1(yM7?5G$0o+7G)z-s
zhHT2fh?KQ(*_?MMpaUgxcaV~JV{rp3a<fGZcAcu-j|u7$mcn*TJ4Vv>&jv~(D^<}r
zak8)LA)4Co0A`<mCO|Y`09ug-2g^wyZ(?V1=RB-hfhf4K$0=ktt(>5&2GVvpaC~3O
zEu+RG{**2?|3Jozrpql8iEAlfU220qTQu^ZJMFKr%VmuJ^Lrl4KrZtWjN?#aU)q=e
z`mmsiQ+)X7J>(iX6XJ*($zjn{2pMD=r5S<=WCg>KzkE9gD1a9}+RT9O`~+2f%ASC(
z8qbDdY0;5GBEn<R!}>73tlJ`EZP8?L$R*#Rew5s;zW(h+t@W>!RafxnLiF*1xgD*R
z8{yE*Ss2%&kx!<jdO*5j!c<H8UZN>GD#m<Y^2}!19)~<MrM(}ad`Z<4@hQ<m4cBI7
zHFfsW%SIZa10Za;jm#YlW$u$HtR{q+tur)FLKEXdw`5Okis0`!hwZ-5?Ou^iNy;m;
zLzl27Y<I3{#OLEdYOR%TGptjGsSLZV6Kl9}=3CGCHcJ{vKQa}WSlz~NQq$yPEd(h6
zA=SouvY8jAha!vK2=Y#5<%AQ1w0)DRGov00b9vG+M*t8NUWp9G*sd}mR81^wuMXex
z0f?H7sGDpn1u77RdR0<s-5X9~o=6?i2z7~;#H1q67!xWlm91pM99PjoVT2FGv3kyg
z6a7ZKkg0BM)J`Fn>fpVcu5{u1CW@-fqXgEU=KBZKud&U-t8Az2JrOROFi9<WmdykX
zgA623F~A;itdavK>EkHMx}?KyQ?%P8+TaMixvQ`PmH`gtE)7D~=V~g5W;%i(4>_MG
z3m?x(z>I_*#nCnVz8}qjGY?@8b@HhsAtJ!u9k3bKdq;eUNcWO&w<Pj@_5*0{EEFPz
zEz+SDacan~ug~36`0wjI46C{ja^5VXV%5P3Er7A_9-#+gr=itjh)>i!PG2V$KJCHF
ztYc!R{Y*96)w(JgJoTJktl*yQOrlyoR;!I5qFQ9D3TkNyLH$F!;%Dr_`}v8gYJmvl
zJE=;uZ2MyJ%49Sot0^UM177vz%<|Z%+LuNrEH1HAoaEoQ9M9S8KzR3a<CV9(i#vsv
zeSq;@Z=ay{Nz4>%ZQS~l(D8KAbtY^u%b$slEX1XNFQaYYEL~lX;#xJCgJKNTtj2dA
z{m9NvsxFjz$+5s2I!{iS6#6z2mnJ<&M&=(~+lIg^&Ww@U(op+a%GNtJ4dZMQj|uz6
zs3<x4ys}}Oh6HVQ&Z_#RWgl<_rUMyf9e|DN-nD$_+9Cs#h8lVbw&QuxNnjHUk*<n4
zE}E3Xin#lYdr4O08FJ?>4Nr2FLKx?kb#|wrx8kh3arffWhBk5L^Ef(IWj|{fBz-(8
z#dV3LsPloNYM-yyu`Z>z38FC>Jc1>)l5~vfymR3>agN`KhzO9bedsd9@!hnAsQ}f@
zi9U&2b5q6{Cqu;y$%DR}dpu3<`oo(<{`Gm^;wq}gjD$4k^h}<(dJkl1MucvEme@Kn
z(kQt5?bB>uZ{qu(9Jo~|tBlZ-)Yi#d0MS{7akb^y)2g~4hT)b(Ba39JKM8e2$#vpX
zTev!2&R=t~S3b|5Y#(lJH@Noi_JG$<Dhl<~0jyCi@ZYIB{Nlo_Tad#}eEolGAw~j^
z*SLoII1~m289;e(8~l!20uuIEF`DN=8+|1Pjr*<PZqx`<1K&HRY3#66?7}2Y5%aRk
z(f?;kyN8c+A^<`1W@F)stTxEPoKIcB#r)4qtxTWj=zzYpBfJf8-_51~d}N?Mie{aP
zq#@+Jgotph2(pN>E{A_@%j1_9$D+l^8zBMdceIBbsSI}L{Ya-doQ`BvLAckocPprR
z=#B)xgZaB9S)r*STDWFXNwC;7nWYRytO`vl>L+z`#<FTndB?yUHc$!EdGtWdq{??d
z3X8?VK%+yM;w6CO5#>C6yZf2?3f7$}*trRVgS)K((fCK#Qx9~NrVDFrwO-2eVDLsQ
z+Tx1E@%{O%NFb2)HzC=Z!*H{|(_foIp0AALdAh9>%4R*0^`EpirImXw>=Xs}F<Z$;
zPt`!rq?nyNOon)DV=^!dwuYtUU4{(QOw04;>Ny_)?w;%O2yY@b;dPw9`#3aVv$8j8
zr`Gn0f|pqx6chjVw9($1IIPV5olzP7TuCSF8h>oUeRD8sDz}57{GM#eplm`iFbK8=
zrJ4V?2rlP$k1eJ6kJjr-eV1x5XI9@yxcpBN-+})Y1Mpo9*Z;rBVd;hYW_v~Hy7fQZ
zVE?%(lhTMih*N~jiVRECEOD^>o$J!_DnkTnre%3^jGT||{WnbOHio*BG+814H+>v?
zF4(rU<&=8KBYb1m|EaVgAV(BSw(pYV@!;GAthV=`M4iE!lfR2V7+tLIiutDCQe6Vs
zCO2yOJit6^PB{o|VUAK#5ueH9Pvt+%*i4LNPW_m6lf-R8`u3yr;H2(c@L+G1gZihG
z5&yJp^p;(MwIkhUg6ERVY-6tpA=(_X`x@QRe#_|zEUa({I3Q*^HNS6%<+eU%`07Ga
zolcjWlJlUSW6Q`dRdP%a%cV=(zNPYh+#CF;USiyuZt#RAuwBpMDSc7dDU_W0WZJeZ
zcH&zs|J&UUUVPUFwOyh^^+1KLymS=h1vs$oAz#x_d(z{U_~)Av|HJ`Ev|k1OldkWM
z56hh9Ev9SXC4i;X_-#zehW`j89qVF=ouqZIe`3E<LVfYbgJukWG%=CLCVhk;jeAPR
z5o`Kyzh~6sO8mjgp{D?gtIh=uXEq*eFVc*UoFdNfDFH1<^2=Z%9!aCsR=No{ymoS<
zYsT-u7=)k~KXXJBn;Hq_hFn#+_LOR3^wg!#&JvGgLjdpC9L%cjzIn2fQ;A7ThEaaV
z)EXboh!X!)EQ_s(+iJCn%L|n&L9Fc~k?wA*qvr4=i6-<k<(Blz*YfXOZl6*|J9E)<
z1I^)&_6aKJ=8aot1I-ZE7Cc;H$H6AJ73;I*B7tV-efjOGAF-IDjbGE)WFQxXN|wK6
z|JLg;kje?vfRAU8bHxsX+%(qQ!Lj7cF?(0eALvRqBAob`;6*i=1LRkulWb6Inx}D`
zsk&3URT_}?KqLq{JVA+w-OhP+kQDuC!Byc<-r-GOJXrswML?thQ37Ey(b2Flv$3<%
z<1w<a(Xjr9Y`}!a$iPO!z?>qT4&?NI0+`rYY1rwQ>DgKTPXK!gN(K-o4(m6On1O|!
z9gm)gk>)#sg_RYLfrXidj)|R#o;^iA9f&!lAOnaDz|2hl-~Kii+}~ivP~6oA%7+!-
zNISeQnjW!YQzPYaJUQm_0M9s+sTEavuL46&R~MqYh>5a_GrXq|Pi(-BlIQ`Vs)&e?
zh;jsBNKQ5A`%$CbCWPt3&Hd-~PInq3*5|<QjS#mti02PGx#(8CKlMYoX@EzaXFI1}
zM*J3~A4=iqmB_9`x;XFv-gmF=Pa3jAHrGw;pxAhH#0u7Bfp0t`1%Rcq0X-P=_55%R
zid0y-8Z$Soi%GaIZ#L2LbGCf%EdY)xH53LYhqK0F+Xfl<>+R}?^sJ~ukrB~2!6yDM
za5YY1x9QLa8$)3Xkn*&HFhI&dKH;-#oKAVFvb_{JaKieXSpFQ|Pn<XsJ0cN=gY_Sz
zL=xTOY;C?0B+gcz`7m)kjFl}o=!I;ic<R`qrHm9bsV-dnls=#y1p5frFM43mDzJLc
zsln?_GE2UotZ2=CnB+%rS|>IMh`%duUyzj_K(K@F|AUBto#{(_^F}1D4IA2qfHbN{
zIr`*r_#n3zzIQ#U>LIzP(=v;&n`7zSAoV(=rHknDL^4#y+IbxnlxRl4ue$?3z|+VQ
z1~iHb_$bc6FO8(TlP+1%^=Bw@WOb8Qi?uDx5Zt$GB(?=Ko{vNVmeahz)~6{TFE|op
zyN}>tN|5bXq5R+hB)UM}0;D=jlyGcqKbB!h03Gx-0*iyWNl;(dDX4tMz1w|o<1jG4
zgsOu;H_h?=kbtw8$02HcIZUjq*39!<)7?!+mqBgxL0rufISO2(!SsJM?26_pLH|s(
zzz1SQA()fb8;G*N$3Iy2quj7&=*?H=p@rqSn1Sg;2rtD0yj)Q6<U{)mh1XEF*FS^G
zST)usljHoJmRUyOfz0TpMq-FjFcsqeSx<5fgB_IBGrx;u$GBv~0rjW1YFlR+^nWXR
zZ(QlU+Nd(Y1@k9}ugksRnS45w4-V3PuOl!Hn8kJZ@T?g^-(EdAcfb5`CiOJN(2Ky&
z0RZrN`@BA#kOjP+#BB9i+2+7~J)}F@159<c&<C>=@yV8BTi`@?upNs@U3<^rR9$t$
zzIZx6Y@*RQB01a!M8`j04~Lq+ZUp<JvQ6sI9E(X@H>IzxPqOStx09!9A`^pqvYfyJ
z4Q{ft9@F=7P2J9p<nHM%9J}y?(7``FU;y{X0WVyqJClJ+t}O&YbXuBrk`?#gOU^7a
zSgqueem})G@Q#(5N;N;0Rmy5g0)Q92l$rrwH@si(eKA5Cc)|3*VFFUKjXy(ejV4ur
zO%u>3#W7Rf^f)uBosA}0OtxM9*umd+MCUs{U)Q?cue}8)){jc{bv_^g_Tj}$QGlj6
zdrrlkOBguPepF8_zH@tyk67~Y#69N%D)}h7cdVtx(GoctjM=ZmZH&P~S$CKPN0zww
z7Bu#k`NK%>Z&-6%?Fv$crr930Yjp@w%d3~LZqoYR8Duk0ye+yi6ip`3CFKoS8mMLX
zV?RklxpCx>rTs{KrlmiG(=h+{7NFG^8sWLZ0YD+BIGA5Y>{VT7FAibA>G^^Ia%ST_
zE#4M>sbc&~sD}$b8c!|l*pr{fQk|!AJY|TcH^N)C!$GoJT!8bZrS$N9Ytw@{4EkvL
zINP-|Sm@nakzU+NOw`D7Rk0(@@M;cJTzW4531{c#lbdoO7b2H25|{RS5FjK`M;rP6
z1X$6uTbx0Hoe%<6J@qfPJv1wdt6-AGE=6*k4!3@c<tZZ~kX`BM_N_1iUIWC3d4wKK
z3y>uR<V<3dTqnt}%t*$z#hcp{tE69s*g^C~E8U~zB0aRXf%Xt=*{&mjH}0V!R9q@%
zH|~8>^FzX(R9hmmJ+PM<BtU53^s;b03sxyVXiBVj$|=3)*{B^_OS3MQgi|ukxLK3>
zxz0FF)Kbc>U@_IqaUDO0MC8zX8Z%+-jH^g<sr&$Hjjkvl`nMtWjW?NxSJcfY)6q>i
zze6Bv__>plB3WIT4j8>s__1TM^m?B3Va`?5qR>%fNR0+M<wl8<C16us+f3bEL=gqm
z+C{s}AnBrQEuOL9IJJI2(j{i`a5iWkdynT?NRcQ2?NdPF<`Nt}Kw|*fwWvu`q!W1#
z%XN-4e>xoU<doW1Rn=I47t|&7QJEhWMolf=ATH2|eo1-U`(qi{s^*K$$5+pXIueCl
z3Td4ZDNsRRH5cY*4M6oW(DeSMo>O>kt366IWRnrZFR{D5(o}=Yd|qB}NKCEm_2A}*
zRGGE5^_hjH=&Hk^B$Q{n+J0Si50GLcL7gs^>f1p5GJK;nPxit1C>~wkuPK|65T^!c
z)GK<)9_w@keQ=!WP24|vEZWfUlM?M5xZ4`7Zq)QMin;Nv^8nz%(I-wavrKY1JW2Ta
zELHo^=~xjE)V}3NbOfByF!BaOgoQ$u^b-`a9!RX3z}UoVafSg@P!8m!P*FV}F!pUz
z5>Sy}=oV?R0scl-87@ExL2clF6xI&(uepe`vx>nx<&^cSwD3~m*z@XC87=RO>hdw}
zW=jhy@|ozI@BqCE98*ia`TC_sXQT;OcS3bqa(EYVg(Y!zlYh|dfs9A%1AJccb<sih
z!zvsbX-8S5odmMRL4q7SwVfwJ08N4UY@fJZ&u~6pN4YUuLxEf)EQdjV7t7wY5;HQ>
zWO}HN?KB3~n(D!S&*k|Fz=3O**q7LTJ<s8G;<q(qrUR6g8LPVP=sFmgpD?`zB*Lh#
zx_x+BK`!ss*JWSTc(AQyPRv(L!ym9fPObvIVLjQFZD4~3Jn#dfeS$nPofV#zWSLAe
zv!hwM?x-G9PqIQH1jU0)!6n!x3KYIR&v?DRHnzkXxcW)`jYjV0CaL)S#a$$5P0+pZ
zv#_Nxk^n*>lD{Bq8Kdsn6Gg_dHprb`=TB%7k0+mlMKh}-&cY12_R%5;OU;>XfJ;;8
zO;s~BFa{!VT<zl%?j62<38$=^j~I^*0)9Eohpv_wccll9o>Wsvrk7E$od~RnUK?Rh
z-)`J1wd?X+6*iA}+|;=DFi56r6)<iPHsP=%76Sn3L%^m4>>n79hSe2v`p(UzlPykg
z`7lSd1d|7f%#A+981)0#?!1_=Q&mPBZNI*S#mw2l7MCOZV|A*`(PK9_CX5rJYu#_a
zmR-k6l^-Zb<eh%Kfp~?cu7`J4wQZM(V>)v;zNIfM$OepZ1~ADrzs=fnZO}bb-k|x1
z`T)c>JO+Dwi8S_ik54H;X^o7<p;D8J{lp`0A4NrnvL}CNf@$|&5XG?)@A4UBCWozQ
zZNG=bAei-Z!~^=Hf^c_A_o&QqrQrNJR_t`7YW+b;wt4K|(^y3~4w{CVlEQ7)GbrrO
zW*5I&<4qP+E19m~V47S)I<&p*<BwNu&;Z04u0w1P^rzOWS#!?{A?)@~McLrC7_J!$
zuxBwprF2WD^xcs(4N>lTBhucUGyCq-IN2cut0Ak1;@QapC`@u&yq~=6q(cS-607zp
zFDz$ejj%SYw;Oh$T!#8%#)OqFhkRlrwX*yACdWo_CVL<L2t!l0?-xgK6ZD}l>HtF0
zM3HSy5GS$%TXPtmtjF79+BU_XC)%@HHOY$qP`FD*%v=5FM}iqId8K-f0!mxhNW>{y
z{=hD{2oLC4CMP|X5oh;{3gKFsH`8hW;ia`f;<Uf^M@6=su#B1zligq^CMA`a%FVdN
z+362e?rZ)%<s*b+ARnT1xH3Y`v;}zBeO@pdi)_prsMaR%qm4t`Xq#Dy3gHnDKMZu`
z?_PyOYmvadW&?_#2T|LGix$O(vI@c8hI}AsT=cEmhbB`Y9%?EUgcx!p*g0DU#Ywz#
z|28yv9G8g8h3x|8cD`p~BYC@d;b!kfq!6&#Fgedd@0!aCQ1zJPZkLxeAp&G-9JrR&
z6caYKi7-$GGVC1VQ}AuHR&-|XsUyodY3Wc!T(T#qSy^4vBNg+<Yzqi8a<0CI3(YUQ
zijzgEGlY~@b-wnoemx#eu=elE)+?!pEm)8H6w6|Zw8_s0UtEsnQq`&^H*@4GsLL&O
zbZiz~6lI25+l2$|N!7z1?*m+z)w9v^neqe#n^hp1GuViK4%DenjvBmfWV(*<e)}Ne
z0npkK*PWzp--27+UQu@v-ca)_=dRI_dV+B6>p2@S_*xZIT}O(NM(x1=nzb&aLT(nC
zE>S*F{g6<A)2OG?$y?ARwx>VLXf9iNY(S04?Qqc-GOA@8VrWt*kpw*W4m-+MIaCtz
z|8`L&YDc|^1v>!&+0uwLx(ikMc@a*xBv6s&pNJJg{6SvF)aE1K(F!ef=X+9wb7zcb
zqTTj~s<LVW+|n{-IjlDD`el?bD`X<h@aLlMb)5z&?eYQ^j4r%uj+<$0$&uQDE3X!6
zA(e>n*jpEak#05q{u)5IbqOP%YFPtGRJLbP#>{ATC44A#kI@JprI5TuYg;{qCAG|)
zNvHkC%wIHpEOp;HQ3FPM3G76D)iO~t<DRUl)iP=~@zFU$vI?n(YEPj@k}makfeCHX
zHQLC#@DXDB!|@=5E0@&yY>cMgxc&)wtT{>i2M7#WeDA5$RAT@JM!Yf)celVt@>PMl
zfCBhB6Prpg9{!aSLyc9EWk<U_O#x;gu&E=X&)%BCMD`K-9^pw+#N?rLR$G!@0++(W
zL5L$thTU4T5wu(b@t9C}NHx<`Dg4#9fIzu0XtYViXZGHX9S|*nWn(34Y=!3~erm_T
zLcW+@{7ELPsyV<iDBPJE7`CW6qsK&x5}3xd<+P%xY(NfSCMRomkS`nK{-X0BoW@OG
zEoS?S<K<402Z!O_JV%$M?`n+FtC-(G#NzT4rvM6+R?xUXSwjRQvqgo4PH*<_z0+bI
zd+o<ei)ZWn)uvl4)o~7PNAJI>QG=HC%e%7#30dum^!I?aq(dFGLw;)`vSh({4K$yv
zjQv|8{-|o)H__PBgdgw$t$!eh;f-*G@5dBD-8YTAU+r&y*Q;|))`HGqu+KL9Qfi#|
z81=P40*VNsp0r~psPV{`@zTzlQ$M@-s(PzP0o`w;8;a-YOi{ThZjMJ*6_d;81`R}l
zu3QiGeMSI$T;t#FEQxSuz-OU_rNn1Q5>eG}^g^6fzfM>RCt-AY5+L%5nY!evX%&wo
zh%gasup-v%8JOsiM8<?Ou-GF&ol~J1ABYgKpxacxY43ZE?nyrF-;j7<L=GPf6(A^q
zDl#GH3oP|v>=^pa&<1UO!j}d$sXyecyZmix+*ko%st6twv-q&uvZDj6*l5-TqdsGf
z<fUc}2AWkd)&;MJx{07e8_3>a?D|?<L9p^B7ZxXv!RGlvQP;BJkm1U9da_ClRoSd2
z2A8=c(&WvZc78SNEaetQXM^*CXwelv{8*|jp>M8YbeRs{I^o-i%65dWo}WX<EM9!k
zUhn(<>w%Z5#bKb>W?sW4z~PFHFs`HT{b#5N$8Zu@my3@)Qa`*9IyPI<i!{B)_L#QS
zys#yoo{Bj6KN$%@erL3KwD=4ot;VP9r7gGb2{AMz)KK-E5s%ZjGfv?o<YUwsDDkuM
zaVcT3{}kkJ5*R&$x-}<cHTwYjpDpnKhs*9H8xD2j@6Xl<xLN&E={;Dnc`$36vH(^E
zZU}r-*Pq5Avd6<|hp;oZo#r+-;_Eb_2?F&QORqmOBQ+<R_D#+O74Yh;9nB`sva{w`
z5Jls6Y3VeSQT2&QFsJtFTqz+u#(t~1$%j{)HR_J_-kBHXkeMfi{Ek5D+MG-TNRd<D
zaxiPPRYsaM+QWDXpXJfV`3`Vo_f8?g`Mv&FO3jCCY?QUE3J~DROeQ^t1ck#F`tg=B
zL}C|pQy*E-fKFXOiV4-Qy_B2vV75K!!9=HCZ_NQ!(c-*V5I3tHBf^?iQEQeoMY&k8
zp`^lqAB1|!*o@OnT7U<YsTOk%2ot@aG7dLx?A&8UN0TJps%%!DGgE{UaGbE#VjsXH
zMPXZ@Xl)uLx|v+!a^-N9su(@XIyZCo(kOH+eqmWjQ+Yt6iv!>DXw-RNqn`0xbi}*k
z7&tMzGv&T-AaK0%3z~W+k7ZxIgV5QR7WZb&GW~QCOMRSa_VOK)%86S6bWgO;-;o0W
z+ZO82oJ{5FIPsY@+JxeqAeW25qgy_A+83$ltUNBiCzfY(<-VX|xWG65@#tH1F_g+)
zZz&QorQAb38GDeY9ZB&}QZu9KG@%SQoy9sBk5`dJem#BLRH2~JDLZ_uyIY8W&k=-z
za-KaLkl%3QVdsLC$7!$t*k+CZ;|bf$lpYb4%4BODqcuI+so=Xj@TGSRy9=|I|A>(9
z6!&YV&uYioFeF3Ya;RW)R6#<$M%QlY7(C(Zx*^^tc!`ntXLUgnkEYf=!OC>{AcLYC
zA0$V8bc8ZWNfqL5{pr(4{3)QZ&~?XhLu3Sz;98P69xYIxo*ghYqKvX$-nIU9rW@1s
z?#1=t;r7sV`h0eBR4ziEDf^YOH2$a2)c^KAiGh{v`s|D#xlxAtX08740P!qF5j8YT
zHfVVg(L54v5#del3qu}Q;QjD7s*pz`PiKI}=sn39xU6l(p<2ae&xvPsk3hFCA#xXn
zaDUUrT1{54S~8$~V66swv8G&ZvsBvzv^S}unwR#O`8X_ot~>Sb;0`#QzF|f*Fr^LY
z?I=J1>Z1%u;Qu{P%+*rCrK}^UP`-Z5P~&+%e*L$oD9<oT+qXnvh6pOXBym;(A4Xi)
z0(%jx*oWoUXUslp$d*)Tb0<tPCW29bnSm%98yP@uB6ovV^nnY@Mbh&xGOqL}QV#~*
zx5TIcSFRnMs?I;AwyD_%w3$qjYm=Rm{))kcw@sZ1H_fAsrAYGJ2@7>4`eO1}y~^^U
zGM8;@WsPow>l9BZPp#foZ9DgKS3@n+CtWpTo7qe+t07yxC$4T>CRsU&>SV9`K?fH>
z9iD)~fmUnnzWs;OIxZPyg3ct1RpI_-#1ZjUM0hq#G}&K&32>$bxoUVNaN#T1<9c>3
zL6W8JaX|fCzqf=A+`MOJJwm13z7UUhi6n$;Z9j?S9mxiP?pl!ElSrT~+me5};d}s|
z-YGwV-P-5Ke>zVA4(Pvdlu;dE@IQD|mY75RmkI^uALrYktYKP;>oBG5U>T$9=SK8y
z24-IKf`{^cakJ7U<8*2cV&;yfWQ~mC1%s_iV!;4GW;TH5UF4N`8L>JMu4kN}$WTw$
z)oKSEDL<^2>39Ts$9pCaaO%6ZgZa={4pl#;1avNHk|@}6X)_W?;j-|~ithBxLRXSU
z`+c`8iVyOj!PDPUxdD?c{3HHbQLm${=}mHPWGvjY05{m*w-i0<jKVx)DDY8kJ*xGD
zH%DJU0}?#R|8mnVn}F^C^vulc|4mLq8<Qboz25v5qKToUY$c00`of0&ssyIY7YlPh
zOHWfK!UKBzO1f?PTRdU-6f0>0I;Tyu^k&>QeB%lHJVmZI>25jCwgDdlVyfc!E)=;U
zsnyxrHN^jq1}*Ym4VuP38Z<ugG!=k?11HZ#$X0L&{&}+w!&s}c3n+rW`Ssw5FOcCg
zk2j8tYxnc>i#r=$L4TQdl#vKc>L$EOUaXcS0;pGrUeBLK#~NiaKZ%xfcI#xmv4+sp
zIlgYa8^o5$z@J)-CxOvI6r43AYSjGYR-hb+(vZ(KblvT7&^0?!Z;_fS@_K+I*b^1I
zx&3H?^4Tcm`pI<f;^PiciGm%@5kAon&YnO-D3F7UcWI(&sS*@;RXaP-Q(u9J?jHC}
zVy!;VT`FHjc-8CPKG3RZ8H$&>I_T)@&*eT8jwd^?0!lgwEUNBf=u$=-V^P2PJ`}Dy
zy8x9!%yN?~<~NzIqXj^`sv5u({Rztv7&ovdCd;(nRgj_$aX3vdC<{q!nDU1u$mGhy
zb{a~R(s9D83A-W-c|MFImbCHE+1t+j(YJGn!^6+|t5>@B+8r&aOv)Hdq9cr)#%|tb
zZa?W@{SQ?!g|v4}J1>vmHQ)LLj_IELrP#;7#v0nsuzO7NFsUIX954XwY}3z}EuvQ7
zj$vr?a=~3}yVLY>CaB69z-YTmsAs~qd^SM_{yoD)O_7U`Dd!fZUM~W>@?ejtd1xok
zSgOAN>=vsBKSY`}lCj+ck8rU-{VheOpTSd#JL(qpjjvP!s@l!gqQ`quo6r;Ss^m(L
ztxq&Zd26Q=_pSDfxEcUhl{{ObLWte}W8!h@=9|#e??vV__=bFkKVHtMOn@So*OCw@
zsxLcGoySOh4K)!qO=K{q6uyJedl&nJ%8Dx{Ccm^|RaH6@)wN<ZYTIM2aJndG9~d)E
zGWKrz%)d#+DdergRKDL0Gn7s6+l8B(v#q85b=e{;vq{WWkqMAPs@16Fwq;6A)Offa
zFaMfpgm^VgC2z0txDZI0Oz{p~d9WG3&1{D$)q!tUE|X>SldN8#J_nVvvRRLHC=BBS
zal=3;b-Q+-dRr=(XyVeM8Us@m103{6{p>ax!iMwBUNvtfl55X|igi=EzGV%T><<|O
z(|U%A<4P^v9yP#81>{mek+N-!Lk9{-2MQH1H;*oU<GDm`@g>yNY5mzH;zp9TY7S41
zw`~lE)607MFIMYJ#9y)wa1gGw91O!ci*XogjDmm8wN0eWdo0tkEfp$MXKkX!RuIi;
z8A?r{8piwB#F$y{C@QPw2Q`3P(0R`kPxY1rfK7Y#WUc@yBphAuZZ|ubQp$xHX;x*k
z^vW~~LXiX-OkpI{J)Hz_pQ84OD5ASm+=JpDR)U-BP{w#=+UK#{gu~n0hmGY<g%&pk
z#&|lb)WQ7<qP9oON@WdQi<90s0!2cEsrH*Ib?TDM3x6=Hg|wmu)gee9nqbQFg~d;M
zjT~Z!UZ((U-Vt@GXG|lkmDd$JMz=ZuiYY1EI=bvg=xI<ugx|cuZghBfC!y02Vv>yY
z_gX(qPXi&p(6d~}Xy+!=YkIBuO6lZCt7_I?v}%)yoM{Ci9O@&NjG5!arULw+(OS*r
zi|K8<4B*4JGdn%%JU_w81dYM7-(*YFz_JzFi8p{7mLSmh8(2*iE6JKT9d>6L+}}e}
zL$0HUm)>|H?2+Z1dtd}BI7t4}+lhDtIiCj&gO0VZtfJf9WL#Y_xS!Fk!UsOF>)s8X
zaQpg3`}pkjB&mPJo<FgxH;kPpZ!-CPcX5dMHKZJ5ZCSc@?5>nsy}_oX#PK~rUML~@
z7i<9O62h6{rXd@~p-X~38M-&Efp+$?2@9Ts3AOUaav*XEk4hbm9<6V;#$WezGE;pg
zydGZJIGcihQd5E<4@IwquIF$4g1wkpB6AF`-%SFI27x{7=heEn!J%}m8}w$M{eiN5
z90MYm52ay)*9E9-3_GhtX7`Tb95-#ytTY)&23$@IUX(S4rtwvJAkj|IMn-#Ik$(Y`
zLZU|ktIH$oV8z4yUV4s;9Y|390(Rs<1pasMFc=1UNP*&jg$GQiO53i{!F0T-K6B+#
zkca&Ng<(hD(8mtW6RrWmbP=mBTGq#0{Q&6Ar(E=lr{oWCK$Kah5#($YnEm#g-uii(
zvpo}t5aiwUIkVxc7swZ5RqLF9t9#mVmWdW-6!dl+1rH>64i>-<dge6CF1X1a`}tY)
zHve%x>k&2y=?efoL9ApBi~}KtKA*e#Y~s|;^ZR^sZJyyHR(hkyD8nxe+V=$~4<R~(
zmE@bmM+Z0L#b}#JB^}fg03Dc}qHV(K@SqC6-%Ty;^V#Z^IyQ1%H2Nmre$GGNd+I@s
zQWX56KF%aPo&p$Gg^Qrq^rGe>R1jiv=Zp0Mn$8g-9Rch2T<Er<oy!m)G$Ok`rHEVF
z-k)~vh0iG&mt&Sc&Val?@la+VxaW33opCaCs-4xaIp8U|hYS*O?9-mKL`xjCJ_=1U
z7~*p(nUyZwB9E4gd0uW5E(-f)mnN4Q&oHh;j#@S;SpeGS`ie_cBx<#<+}oVGs#x=z
zglp8DkASg=%LxU=aD~s3=lTe932ve=3riw8h_>>PmzA|AR9sQ%Um{oKBpxDEN4-a(
zC*(hOg<upB((_g(V*6vOtqND;;wqra)3`Zxa4Tn{f!RG*H5I()%CfDk?9_AWhZb9t
zxfhCIQTB)uZcE&dg007=O6fFb{L$HazjABJECB{WJLu`&P@KkNRnWhT!2%{Z)$KUo
zDK5^_DuQuQq|f82k7G)u&SAsk_>+7a61!~y_PYgPN|{1T*$ASfRfos1vI!D)T0S_~
zT9i%69?A4A+%@tFw<h5jH3dkIZgi6w-RZc5NL7pVrq#ydgX*v?m=D6gxGge%EjWQ6
z)&i2ORI#=wWYFq~r&#S<e74f<+O|YEuwtIw^uwY^)H5N+P^>=j;Hi?~%9+UqP=!%7
z%Abgm;jLTI$BsiNZe#qcZHL(DJm~e{kBDz0fYu}`+38lGE1YkKP~%JT=Hz2xTqVL>
z`a)$q6r5)Kf*{Z>eidPj1@R<Jufp%+8)`nW+=H7Jw0LV<Upxm#yYeS;?gsTYjHnnF
zG>%SlY*aR~`Otzd;0Q*B_nyS^7kHczkulGRo<8sf<YIX8x8-1w;my!yHo&HK<}U@+
zyu+B_WyGfdew;^MT>ks2J&ylJL%>4+-_tY<ZCfnnYj3~+k80W8&C;?$Vu%1Vg;MM<
zrJwzM#%q+hO|ebC06Dcwxb?cOt(HVO$HW^CZYEq?IGhk2f2Is`zuJLzy!lLDcf4Jf
z#Qjuey8`La|D0I9cAPOm!Kmb&1t1Q3UgwEk1M^Wx^8qS@m^CENc{@*ZoN@n(#qdKX
z{^EZ8A@LKs#~qVCHzp^>wk-l1a;58I{=z)ZzVwk_@P1H3t^<e=I8e{)tCNu*G$T-d
z+m*3~d>cIl3h)rxZ^e|3>?lEL>w$UzCr%G}e~7gb{)Z>H;*T7PIurxc$5{$3QU@+^
zW7cn(m^y$aslYUgd3Z1uf#?b**Xf@?k<6afqDANnJve6tu`D|X8`SbFIX%?Jx_y@`
zdLkNU;qm~v#pr1Y+yFQ!Y;d0?c7&c2^i-od{Jq74Z%vGd7iDVcZFE4!rZv4uzA`5~
zxxp2Q6-Lk!u+?p~ssOt&8D}Tia4Srrip#_j3J&0dKRi}T(d}OJdSOXyg*`yVTYHC5
z_uF)BulIQ2Z~lT#YR$cK(D%`veWY+yct*Mxp|#Vqb}R@7UDfOPCD`?Qn+STO%2oGg
z-i6OKr2-6b;#vG8LCYUz7>8hS%LmN<)EQBCa<g)Iza}Y9yvOTE<kr&ECMlR;)S+;R
zhyi9@Uf(~^Icb~w9V7f>R_EsjhW;u)y7OuvI`qg3;_U!#jJf6GD24<^*fGco>|6Dh
zM3CWnQbMhm6%_atiaMJRqd~()LIxaJp7KTyZgXCvvuh$ULOjNgt*z;JUT$yqyANh^
zyZS4ij>KOss)x6uP_a5|KQsdJxhDtF+t>j}IPoH<<y)^AM;mh)^Wbi@R4c&w`!m`i
z8gqg~QsIrP4xvN-<$@(GYW8tEIB?)NvBe|Z0R~Al!UNg^BbCX2q6xk|iswUWdzOo4
z#@=K`Hv1v^Cn>8;J%k5HMzKZjFUf|Ef#}uu7?H<C3Pz`<)1LAAM}2+Rr1u5iLn#6H
zwa%jv;yL<>XWFQZ6X5vdXJq{vqQYkExzFQl^Ib`sj0R>h<>;EhteE_UK?01xy!au5
z)QkD|kJ<ct{`$^zq&cw8ae=utXbR~W3|35Ma;v*sgjulV^Jjl!3ygv=@QoL1_zM&e
zT6kAW?1{)8o?a1{V6m-<$^~T%%ToX<dE(%VaZ^m#CW8FNQt}Zfo&dpbTGM^sI)hM9
zONy9lT9_3tz3kzDzR;&<dE@k#V8GG+8>#VF#C%_^KxRZghRTbV{0jI<ASKGa-Uf}b
zV+P7Vs8A{Ylsfm@<B@Hr$BdeJhjMyl`z$7-i=&A3MC>po<6utbB#=!Xx&ok!rw@Dw
zYW@HvC<*+kgLzO9k#%;6y?Mk|6Z|e0W8>Q?SHN-!_z#>lmAYXBLYpIq6GG@soIw8h
z9+dp6Z#G<)Z+b*s=8E;C)$H=dBF7pdvsyBfzUAOZWg3Qvq>bBO*e2qVN$p9iQI}|E
zI6KD-rbk~;@=$-i1520%L<xYt9ha0`*bHB1kCH*B=gS!U60LezUb<1~2%V<~+{|gM
z+@B<%p=EcN8*_$D1Vx4z`WQy|+ter^oR~xKf<gDr>DIWxRT18*q@}2Luj~XupTN1E
z;;NiM&%vh&GF|^SL=(a6X6Ys($+V%twqd!Yu8G%I#G<JNu*gSWH3z^w$Sw7w7|Z=r
zy<t9j5y#X4ebdVp@@uU7b7UK?d6(2@NEBkL>8&YyDbG41E3)(KJ;$MlRLE%WfnDvm
zl?BsCZ{T>t05bDE6z@c@)9*=gBErk)*6<K|7FOc+w72LYS$k+2V=BjiO6W~?ukiN;
zlK9p!YC)%XmG}`owHAO~)}++`N7`FP#rZ7T!#D(o;I6^lo!~CPArRc%eQ<XhT!Op1
zOK^90cX#=d^E>Ch_uQ}Vhgq}MtnR0}cUQ0J>ZfY&K$VOKTz3J%r6&0yPBlUwQZLX}
zV*9Hg35|J7+KADFHCadppxe82M4Kv*u9RZYRk@eUfE>FYMCMDJQFF%jEVraQ+b7%H
zjwb$;dta#i_axE4CGKmO4=?HdJSD^+bBgq1MQ~kHch;rx+B@T(7L2x|Hv}#4`CD$l
zye^ca7Zp^12AMXm+x6*yg*RAtse*oM^M`u+^i)C&co5f%+k+xGhrw+EnyY*7`A3<W
zQ0bL-iZ%!o+Lg6@+R<4qc|zD)1>p{z@*n=a{v%edc?J^fy=Pg&9b&Ft$FHGMId=UP
z5De|aS{aT=Zf(gBM}f*=<5Z>mKcE``xpoU<*uJ$P5f^Q3HHQ`2{V`shgjW{%)Kiw4
zOXcWvhMCrUxfA8~25NIsPjxS*R^7*`M%oSd1?HSpR?tQ#RT_|7Eo;4wyjI_rf8Hw9
z6&E;s)nQK?E47Mq5{+JdOB}bKnBN%NrJrL~JJ(FH#%?<tZ!}obCyCVfL+hLj7#I}s
z?x;OgFFQ*nc-Rp055tu2j*QKE?!<>X&oz1&6uSC7K*L?Vv?PV3Wc(evghW|uHvNq^
z5EvYrGID_HCMoIC$+%Zn7_g;UQW-?fz`&!5AqTTiCq^Yq^XTa<8x+?=9<VUYxMkuM
zk(N{`i<?j&%+7y(NEe$+H%4p@;Kk6MYmW-mM&z8N#>hxp_Wh=^WRQ~A=F_y2Y=A-;
zO5RqH=J6Eu<%87z#e?ZAO0IBCQQDV2Oyho@MFJ7PrF-+KOC(G}`<n@e^#|P7#|MM+
z+6U`&0e`BEEv66>Q^zN3<8zLB&g6*TF#q6qR6lV<v-}oD6UJu!6J|{eK$%42d|bQA
zub;0?FRxEy14wU|#jTGkcUeJ56n0eov>dlCM-~d~%lOZGa2I27Zcgt)6Q=9D_VX~u
z^<9c#3VBelaLqdCH+G<w9>eLe<|k!?rMuI7bgh`@8p$v3VLy7B@$$Gnt`$hxmie`j
zlz1+v5E1+|)!4HDU50^@ND@s}QvN?-)IaR683u{Bl2XCYfci_I_CVxKP)*=gBm^aZ
zi~YZElFB~=gH?9q_7k;3yslCBp)Gh&VQ3D?a17Dfehg65+bSIoe}d(nqYr5AJc&?E
zX{VZMi1MV}OS_K8pdNzT4xu-cXfZPT%eSk_^J?&32zR4UQBtIfTenj@+$ck?+bLWI
zKU5DfrV!l>XKs^001xyk!0nLV5#VCRFK&Y66X+pgfuIL3BnkH72zXj;=g;<izv*0)
z#KZxXxCjaxNtQ@MefLiQI>O4K#u9@<B?r9Go*L_!2Xsq7%;f`~O>(A7ZRSX@qn4Z&
zD`iI!t&9(nS&=8Vi!V<EDoG^JA}qb~VCLak-^T=&Gz?+@HT@+5;Gyc`?Cv7_hFxPF
z!i?jAIFqH#Ts#qs$r8wt&+YV2BWD8}&W+|>@3USlP__faVqWoc;*KTYm#|yy4b^5F
zN2Gfny^Hd^4}}fVSgg7Vyntk;SH+Eo{IPs1T+g$I<*Xkp(Q{mS32LJ>ZJ7u088308
zdEsc-$uBg3_3$H)qQzdqxA%iH7*4UTG3u*sFxJ-V?Hg~)0Y1UWV_HQYc%Bj8%v(e}
z>3ib$hDK&x3p7VW3*0rrV28FjJ!pn1-CEq22AHE{3nW7I$BJ<34Pxt8riPNYXqDJ=
zxsa(U?u^DYX1}GuWeP+tWuDF2^-ZnWJRp$9)DS=bqKIiJyCMCNfA^9z#n#r|j>^d4
z9E~I&S=_1@78vhybBtk4f<>*04DZv6)af(z4G!}$^vLEJ`HLL~B=o@&*zb3|96b;M
zOgVyZU+)B==xVR?tjTEx>GzP}tqlU$#ZTu$j3@d-1azv#-yk&yK+o=c);ZBou64pi
zE{ReATkKa2PL~YkQ)?`Svk4}$Bov?|m1=1<gftwM7dyU6D)z$-6<ejemG*uK?d3Ps
z#V{!zh%_qui<cmYOj^{#n)!B+;T(_GleTl(*fx(f<5`?Y#`w&HnMZ0gTKzn1iI;lK
z{K`LRPw>;&s5ico_R>5eU}*n<l#k5(F`rBg*a?YWpl0jU+sQJhMP#_iJ{ET>?+0v@
zTO_}=aQ?BJ&#s(sulYt@np7shaOq5*dT$01%RyR1@CeYJ)FM>{dvP$Dj{@g<lU^(U
zS2-!EReoTzEWFa7TfodSTpvDbSmP!VQzv+?!@VesYo~cIcwfy?maos|dzwj7FPB%;
z@d8#%B`VRxaIhbzNWmqxaBx>u9ZMumI{5RmcE;CmwS<REJb643=wQ8A1(_!WI9?^N
z<{zow&Ok1mETnq(n-M=mIIk_*PYVBnS0lf&X2;nI^<$%M{Qv=x2c!EZ7U5a}MF5@>
zg2{a51KU|b*n)qi8w0CzAgBOb|0h1tUWp=WMEI1wJTw8HKlTQVaAQmdvD59dpw%b(
zPGHQ_D&|ukU;p+IqMQ#$rKohAX@3f_bmdyGL>m@N5-r6?*U)tNcvl?qaiht2;a~e~
z|MtGM18y>Y`DimEh}2N{Yv3XpX_yH!!toxJb!Hs^M@TQ{`V9g|4V$PhM)PNFZ@>j<
zga7q1rsChKJ0t=B65Wx+*^cY*em&osi`RX<UXw?<*b#hDI2)lho?|asuq)CP-UMC{
zrbp@68w3PgBPr6S*jL2!;Ac!~@Gu%UF|hfG!b`e)fm{>mr$?|avB!v)O{b1Y;RBdp
z#ylrm>z<+W)Igv^1bEfE{Zuj*?Tzi*R%{j2y~3SKu>_w${vf#E!Uu#z+&HE6M-R%h
z_RxGAWxtze#*L>c7!5ZjctM8eThPedCj|@j)^kgZ-aPpU&EP?mc|v`$k26RrcmAMJ
zPFmoG8kTxOdv?GbzLVbPdG-7202e^9VBCoS5q9gR8dK)UH|wSqT_O>~^vVy0`d^K+
z?Av#mU+@8n(}$FzY}b<4?XHHf;93k)*iz^>lDO!OCCr;0*25)KTG^upWUh{T%<rgP
zA;N$*t4k3ueJ#Phz!qCA)vmdfVF(#pQwHkJ=iuvAF8XxG@!@Qt^r8{Wk5z!H!LQ;5
zb<s)#dRGPmAAgLVX0(=x4c-teC8Lp&doz#49yI?6-i7hfku=WjgRIY7uZ3Tt9~*6e
z#}kwEk*?<ZD=i1>)ty3;VHr=$(OlcCvxyYLA66e{?)o3aS=TqbA81Sc8}v3EKd;6H
z;OnMpPge*#pGLBD0N|b@2KfNr(zo3UryH9G6=SYz;$IF{9Tq^lq!Ur^pN?#kb1(8Y
z31<h@x2@U(hWJ)4xOeWLr`l;3LxgV_FAm{WHxT{RR%K^)JvaOY69%TWBct_CNfj%v
zP5W5KuT2r4p5L!Dn^X@D90$4L9ZK|14j}h_jx`pf>E9AOp4U`>d4~Y_J`_CP@T;9#
z>CK?~i1rrt7iM<souw!881*L36DHY??6=ANN#yg|&V84lI*dUWL0J(=?0KQfIq9Xl
zETIgY*JM@wwr#V6nRtG^Fg51Ia52J?<(z=QfK#_hCiuv#H||n;&yq|yv*R{I##*Y_
zyTZLr#*-9=)jSrokii4G#0C9Y`p~|ST{;;IVWFiMba=JyyWk6ReCVB~Wr!QFqk1|L
zzbi9AqY)L2A;DG9H0%A4JCnpoj_=qv_1fi}vHsQKI;xuEcS|msZ!y!8CD<~TI=r!f
zG0kKJ8g01+7Sq^brB_fPeb2!KJ#z>`0slHx;eRrhdG1r_xkC+zm(H^_a<^vqBc8}9
zqfIFMXz2%iZ6mj)`8#GO{8vfhYF8^_AM|7B0{8nVckuAEe;n8%&Va!<d(u3e#inAJ
zbP3(1p2Ug+smPA7*-iEW-l9v_6rQdMSSEh4=iGu#g;P8xq}u?3@Ycu=r8JvB9$gaO
z&F|xq@twmQjn8U;c<LKo&4ll5?3qZn$wq!0QGv;oZS;?Ua2C~mlJ9G2&zfRs^G$Qo
z4CPpDZc#49wC9Q4=T8R9q_9)JZr&R9;_O$BL7qCaw^beOt3rP)Giy7S3LdK)GR@fh
zNw21@DL!n}mprG#T#_P~!XAj2C$X8V0SLN7+WNSzgh^roxS5&=ZF=?e?$5%6v~oNJ
zx5HWypbCA%ZXQbpj{DYL{D2|egD@&3rU?W1ZmaisPu2t=OnrrJruwFk!<}zrEl^#3
zqLCLlsJ!RYU@ptr%DU@?@cmlinq22iY4(mX`2gS*(E24c+Z-DUsh=h)XPP+K-_IGU
zYLf&+a5)(u&)erkCgxG}2G%52uz=;)0M?t|%NPuK25;Lf3L>~_`O@@_(szo0suQFP
zJrlCr-wBHrKY)wU)C2^M-tXN4V*!6g{w($yt_w`3k4+j%4-s}5yR<<Yf`%z4%pz)D
zdx^lT6NJ7@`0It-ZU0Ef?^G<sge}>KG7vX$MIu|k0GcRGmWU!UHNGDgrC}ko^vxQW
z=+rWWB3giSupT1Z($Utmr;ChY-nAqeWcT#<WPc%N_bS#6d?mDEPgK#IRC0et=)hBW
z73u4LcT|qCgR2ylSCoyQqz?Hers~sHScK688Ag&Q|C<sf5wRN&t!BnQ|H(S=x5ODB
zo)Wg_?}P(SZ*9#ww6ZCsp2))dbdQKezZ3KDsi$6GP=@{B5B;q$7WXgPK_%q>^mL#c
z?$c``po9$(AgZ>|H-sGY2s8HuFZ*go+1%a^u7p-@>2tk?7MT4P@PEb(I{n==y8a><
z&K#oq-!=iCMlH(xCkd!GkT4Qpz@(u+0bDxjp7vZ&hxX-D?jWSi#`sxlh`gU2laXUC
z*#VyCKXR||;@wn*m^&~Wg*Mk0@_V|Kg;sG)VO<doW|c`)Hen*?zvk)t``hw?!vDdu
z?wac_o`C-iXt^ii{{>XG?(<=l8ioQ3O3GhJ!>&t0W6_B&s7fHuU30~0vTCP<6^@Yq
z2P$^=x_d5MJ_sOUFCIqCOmF_v-)7W*oBc0Dqd462u0NaoofhCf^U_*8oLWAxyrq@5
zfyVy_RGa^Rs?`+!J5jzlT<Cw<Qa%4|dZu*#8~G<Uyo36n91?K9HL#WP$5TQpB}5Wp
z&wmzqi#|-5e~%t^ffoDIYYk0`G~+J*)3<DT1z?w*`7f9J@jos(fX1fCAN-q0nH$1E
z;q$>s`>l{+sis-Nipcc%L0q(kg~6Xr$|O29{0S<=|F>YDPWl(rK=UN{zt&ll>4se3
z(AcIvpOvmRZZ`8T0PS1;8$iJSZv_7@faz7Esgs>fU;nzL+5aGz{fP`-*na^?88*uw
z4EQeqA;W(Eb)Nr?pYLzVJqODFhVO6B(BI21rzoO1E_=BT%W6zDV7vIDzFnWYvix&b
zelK!_`8zHG+ObavL@oYq@c+UtcKCCH|HTgQZ*Twi4*v%{Wf%9t($97J+<NmJxaY%9
zZ%d$K3i2h3X8~<1NT$<;4<k9XXI0C!&;o&&cQP={KjplWX5v@2nB$Rv2++=1_`(*y
z<n`eVitL4y4#1sXx*M0xHoHD<p(E`t^=>x=Tv~24T2-6f`+NX(7Q?>35D{PbY`%`>
zaL@*D2MYuJw}>`RkvF$px#_vT-EChUt~S%}Cn-TZwaXILu<+QpUg*v5)#1Di2Rl97
zYRlyS7k#N%7GtZ1M7YGwY$UMhc7%?%(5P*rS~7ce#$o6*;Iqy5Z|fGjLtpCsps{O@
z**Qg9Pr+>l%B2BNPX!NIBm7_nEjks(_;zpF8XU_hCfb-bkWo7aPff%alflH5{YluR
zROa{&7^!i>@&3GP9CkTsv=!rE4ti{VR+`V7;LDA<wy39a^_D+~#l`Do0%cA2W85sl
z7@NH<jjzMidXd9lnv$y=eyT8j4L%86$K`qj6Il2$VM_?Gq0l={Y|UE!*f#dVxB5|R
za*hivL$mdwJtMW)Y^M38Ei;z@%|jYHegE}rU9PY{r_O}ZOQfPysR#`Y5dp9kN)=h-
zR7jcOq?;DmdfpIHEoBkAtOvCibe245H_^efQ!kCuXM_B{cZ*ZC-Vn6z#3xg_^}MVt
z8D%Gh_2LFlJ#m1a9)kD={s*Rj!gD6+e2;v#smY8Dk@cq7<wrj9Fl{HD>@vo+y`!cq
zZ4w4ozQ2+gTl|gd#U<;7xnYuDx7I`PHn?dq%S9Vl(d2sO3p9SBZd;IsLjDN4=};1-
zlz57J<4e|0Hoyj;V4R2deLT7tc7B#q{z36x`m_sxgL_&x?-Bk5{~+{Bu+R~Km7Nho
z=bRa_<(e>1er<Th$<?n|?N@NqHmZ;IQ-d-Cf@|jT*!r~Wns#wps+>sMxfBKW`H3>0
z&c`Y{#UJ7QDBp6AMe`QP-f69=5XTu^_sn2KCF>~yruvrhCgI-d2RtSnBaO+dl7jp_
zi?U=uWjw|ry$d1pOG_#z>G2Ed0lBj-7=rVy!;9gfc3GKdX_{=>G7QYF{UT7>Y~@U8
zEeNg)Y13)-F7oio^%6>V$DdiQ@#k+u`^!C?71XN)Ij2V2E4MJ+-hp=9LwnCMqhaaG
zo>c|I2{iCytkSf~y(B#LlF|jdwWQhc(E1zzj>$JRG7R7q<|9Sm6CoVh#`+#Z-33VJ
z^Y)E^=iOe`3eDIu`tBxV!)q(@*@IWUIl=lzF#I4KrADw?x6KL&atdIjg!yL{bJIEL
znKx;YKC^da+;{G(3B7BouF*TBugy1lXO^&;mG}s2vZdogJMSD{hs;OuTx2w%b)+)@
z@e_vi-o&x5)P2O3)CZeRm_8d=cG&^mRCW<_cDQ!%3j%6<q@lEN!Af!1NMCELTTI?s
z<%y$f2j0qK2kh~t#j&uyd{o&DXN-IxyX8gYOZ7{g``xXOAf-<-kRko%wkC<bdR`gy
zx9)@EC(8H2kdiSfZSbxLV=)<dQL~2wENU@GhV0|(KAn>CZ;$ikqitj=)AND9^mgb5
z`O_0F?^@}S=rFnYM^NL(RBF3nn1fY5^_&kMl9EAWb59a@(J1oCz+8?=?B5^4_BPCr
zTsCqOR(5zlKOMLTyxTUv-(DX7I=`N|3r;Ib@aY);Mc6pep~+yIxG`K8%qdW#BgTRq
zQFT=LDXEl<lU_y~E6^vHeDB~9%5o;W(TIHPvdLD{DzIb#^T4gpog(|O8db-qJkEmO
z2(I~4L}orYeEEx{|6c11NxN}c7%Ml`I{Ty_5@M2u+nbFI4)pau(YM*=zoT!k&!}5*
z4Ac(D)CNuoVBzBUZ}Fc`f-!5dzXW5yvk++iynsM}R@XXjE{3?&`ufsdGvbt|LugW1
z;0|6ChMB~!r3){gbeAR;w5HO||ItSe=hNT1ypiepxAqUPcV(>=-(=kO5mU?YlU@w&
z(W_DEU*)*clQJF*p6cm<OBon?bdZ0-?(31XwdmF?m&FapKX?b@t)ehgDJb3U{&anQ
z0-djQt;=xzz%1{zwO&E9qWc}z+l79ZFK=uPIv%-6jXe13jImf?-dJ5VKG3x2?>m@+
z#wRn6H4@Gto}nOW^L|A>hhMG8O==qU;6=bblI}zY?l5D`0H3wEC@il=aW8#^Guem)
zR1~(m68|d2^`r(rwsnSNlQ~|z7tH^isC!8xZsyCMvMD7->m*X{<3@p6H!YqG-Gc}!
za9XC@T>@&!#X{Uz-m9pak8r8VsJE8`uGX=lD<YC+&oAQPwUA@R$BS(A+nW!he3p?T
z({P&)VbUF-w16G;3?k-JLGYKH?3f#(-OstD;_~|f1U)u#W}T+ENFrzTyi?$PONH*g
z6lB4%9DmDLYX#>DmYl$zJAGE-Ua(`KOckUfb;{Sv^UQUL`-RsbuI5Y$Wmgj5lQ;$I
zxY?FWSvhl)T*`?<$mN}==+1|sz&cmNNuN8S0RsHZEYoou(R7)R*SY47D1BBq`pHc5
zqXmnjV3LnReA0Y|Y|+%sa=A&$6!200Js+J`;pLs9bK6@#2{H~X>Wa&8I8@H7Uj*Ft
zn5vU<f6)1hlDqgE*vX9MQG_GFRH>~$e?*XJCj#Zb6bt$s_%`ghip;+T4)|x}6IJp&
zz53~A-Am?8ARJ}jgzdUvU8FHANS|H;sw7x=R5b>ybOwW0n>T&aXoUo7ljtF8x-4_o
zx4E~rKA+qGD?2<uzh2F~o!_w?=mT;qZQyC4bW%V(VZNZ0cT*TYlkxtZaKx*yey?tO
zc7AwOfq!Z@3F4uM0oad<@{V?k>JAL5w}Jt;wasvatd7l<#8drXz>%$icYn<9ngbwi
zJxHW}(WbrW!`@Xi3~8X7s6zRc>dG_^$_@{1ZlB4)7+=R=*w_grXn|UDqS@=J_R&C^
zY5Nw>-c)_XfG>j~YxG>KKe@-tt|#1vEid1d!$R@|o%JBM1wd4w^y+uJNZDjdlP@so
zhy|0OcwgFhz*p#k_9De14e$6?;l&t?d8XP=Hs}beO~ctQ;v42r75KEe<70%KR>gZx
zC3E*|1mnvj+=?(D%O~PC6CuQqyIcA-|5A0dB8Zj9oRmb1LaRr4z2FuVnM9r9-xS9!
za-RNT)CXN23+Ui%k@IqW3h4r{7ZN3XbdNP&zSx+)c>Pok9T?nin=5(c9qNR!PN8e?
zp6yOJ;u9yg1>KP<LYZ3tJg;#4^4d_K;=3VU-Y7bw=pW4-eL3Wqu|uro@7muD-BVgV
zwZvn=9|#zsigB=1I!bP(vU2e5iHup`U{p%HL_W7T19X?0ok!nr7k-y#yTyvKt|jjA
zE45_lbN`gN%Ap;FDXfole*7%O{}>4ejv?+5ROMXxRkBue&NrHB91#da3N{n{iES|1
z=B|&nm0NC#*onz9!Gr3bb~hF7pKXZ5uH5L-q={qWOlJvBL$2^huh#CzzJT+xt>ieQ
zbQDM`1o(MKi(LzO_8X@^G`ExQEJ88V6nUQAJle}ipPt0?mXulbA87LAroK|kAlfra
z23@5Lp0Px?9L`!zKCGV}d0GUE=m^UJ%iivsjKmf#gvti}*Ae;-x@)Jtq@RW%>x7ia
z9J0~EE}8V35@sa)2+XO~4M$lu0?!xItwFtD0a(2}5RZP3eM)KKAvUBShL;h#PnW!~
z`pOKYP1-vr<Vo^#l?_x>%#9!&rdl&aCh28X1E)Mo-2vZ5fwQodXuFBYu6~LGkuM7D
zSw%5{+~DAZd1c<!-b0_v=pNlYHzLHY&ms*F{#~7QxE7tPxob^C5^dMIi~+*1Ts+Uk
z0f0G6Mf`P9<I*R*CC_xpKAE`Ui|#Q2qM_K&qDN^6GU7ypZVpgMaa!Scv(wCPlwM#q
z=*t~Xo90~p<S8}$h}MPt8z##&j3e%x&o_l|FP`5mdRZX^`cNTJx;iKjF`K`go&tP{
z0>ewm`=XReU>=h%jfD!rSAu`$g(%P(-T<olk#kPtvoy@^lNtvDAN}<shgpqFobX&5
zkAV_?^z<27^g?{Q#k?XQxw>jo-CV<qVX6FncWx8Bd6OcOZdX(^HsYUD{{pm#8C_O2
zn>AQygvQMA%MHcP$#zAIQUMCW%_(3%zwVb!R9D@Be<AGai%8H4M@DTXd@Z4fXaca2
zR*$90z|^6ni(t2CxFYo8;U9SZPBi?%Eub#*T{SLFrjAyLMqbfSPzTvQ8DUi=H<OoV
z*DfqDf>^A;ml-#?*OTl<^8(LgIUg2#A)9c=ugpUC9?vMvAc%w!@=J9bcvvYz=j(GY
zreQQGj?5RBSH*NtJ8nUqZM>T~yLNzVKX1Th?PlJ-ub1^q;35;?Xki#N?{bBfG+6q_
zuq0{J>UuIkr($34K6$}(NhmiQLS}NmG0~q1nBPHYMr_R{UvaI^59~{%*`^yQO2df_
ztVWlj_*Wi18E&n)8wPetorSiPp_uOk_|KbX<n8;xC&>q7=CnEDxhb@~Xwv`&lxel=
z2D{-PNA)h<p}y~Pt3X^2F0F8+ABCKHtS_gz4omR&hT=JnDp<MUF2O-E0YrHjiGmR&
zR<cD_Svo<@0Z^JjOQ#PB%n@MtN%95e<$(vKU1g<J$}FMiU|J<e)pEL*;4DSc#k_{9
zWHBb1e@c7h7<0ofmFbUkbG`v`G1U>6I#~OCjjaDDTa%>3xPinDm5K&~&kIab39Nd`
zYu};5f(8xUvg(!#+%X19L+giOCJJboI_{ljo0SDXMh_=e*Nqx%F=6CsqYJT8&wdL?
zU0Us}(Y?XaSe+aI`Xw50uL!AEHE34^hCn6?@iJ!)nth%ymtb!i2Fn1dMTRsDRJ8Ja
zNpV~{x^ighN9AxX(6q4MdC?LElDHvg@G}u-dnD>eV)!#5E@M?`q2YqFkgk;SCKUQ;
zOVYaq9hu%N35h_p`oO*^8X8fjXs}>F62Muul_1@fzaVyGle(^%y9%XC*I1L1+zDn-
zyR^W-LSz<38UI9gyU_=HE0Lqsa4-5H3c=3Y12rwHf&gQDVBhLD#*7`Lh<|Hl=*vYR
zhdY-kF-bv6_Z6ws*6`S$e4iiIhPhyu5wW^o)3Qb;q)|N@y&>Yvf^S|o3wm07Se>;j
zp^2HwU`$a(+LV$#=mm|fmlWHd!5bSUV2)xzt)KfB9kv{kZ($4o$9OK}s1>*Yc-yAY
zEFMy!IKq4Ab|Y`Mh4l}3Ig0PS9YRZsZ9cAZ2Wyjg9yMc`;g2bj>1T2%u_;7b<<n1R
zJj*rlGS7EfGm%Q$iq0MzeIBjXy$8;)9~=|~@_s!~HFN~|fTL_%t`IQSaVb5lP{z!L
z?a=r*KK72L@{Iv-I;e>AvUrylb4&J)=`rh!X&uZ#w#2KJz|~nxmVy}&T<4vIc=S9d
zxa2(@zEBI4H<*~E$fo1mDDx=@i}YE+xU+UL$x62J<OyMF@CU97B@9B+0t?GLXzxQu
zWmg;N=4MuOs7se@&t+J!d^A5ZGAk<udLVG%UfrgZ!P@{fu<Nv=nBWXeNAryNwOG4p
z#7uc&oTZ6z8B57;(?h#jb1-qDG$oYi1*oXk(SO_(5x+>6Cu6P`Kk6W(w859xo0lV)
zc}do|V&k)FubyJh2u$<gAa{3D37LA{F$4xn6Yrt+V>KbF(g9v4X8ga|PbUcf*s6<<
z7p4-&2%G{K9|y@cVDCr@9FrYEAuYL-v+GS%>DjA)n-)KSIj|BI&hI5sr|Rk<vBv2?
z@pA82R%ab@%hl@gu442l91KQ6_8C&QBvN|e?D8TYYorQM%S=2k*oD<o%W2bvu9Tyf
zR1Io-wsJjsXdKSax}<p=;Vag&y1=_>F>r}m(vJg><;B%=Ut(205tl$Y>22|4aykPz
zg>#sXRWD+Zi>6~t(CMsZ!l=qE{y<uFGFd>|Xh#&#L}PMGNGO@r<T21S&croszRhpt
z&33T+AQfVAADL>r*Vy)VNyTkPu7fRXjY^fhRor^QTx`RUNJR=;2C`ODDw3U~q77@h
z+uwZFB=WCPCs^m+*EwIUy}KhINMzcUKq0peY;uY1#kRjyd)FG}?W9BxSoSScnbKZm
zFmYLw*IlYaM9Yk`a)m6&be}O&L2JzY*tX^Ff_H7j)2m1eAGrK1FDXdG|5-sLwz@|-
zP)3k+^5v|IgsMbAo1i?0@10D&(cXFMB4q|ZW;+tV(k2^U&8jw{s6{eo!eIG*$3w_b
zk0%v~nT9*z5tqn^Dy({?Svut2qiJ4_RB7&(=S|9cz9~)11?j0b3|D%IfJ$|B=8{vE
zXS-^|3hy@s8l~WvgF>C$U<{d<JVSh2b+SqD3o#a*!`GwIu>XfR{HQuGJD>xW@Aeg-
z{0QE~Hq(P>3;GnG)a-<B=VSbg%;Br%P2ldj*MVCtWv;cp$2W|q<OOSBH|Xi7&g-Kv
zchD|2R86wY+rh!EQ}&DPKxUh!0cu&Iuv_lZsy5ljF_IXxSVY95(xpduS?4kT-urG$
z4dD8oZdpIR^I)DVFBQPeb4;mG-T)1#!HZy;t)|`o+Q+r#ThYRMH!{&A68W8PjZWP}
zP4-z`0ERymWHF$hqY5AF))Y<&-?Ykba~%gD1sx4sc&WxPfPm`}!toCKQ3H(a0OXy*
z@z%=NQ`HsDZ5E;lu*>^Z9$r<<EDz)q3%tIjOwML-yvvv#N9}umV|Ai15cmp6Z4u7P
zf|h+-8lDI!I6vHVV{Jd_0L%AU35}+}VJuSIT%@Z&B>(Ly0#y1wxGT-e`L#)4WT*9P
zcq{zuwl!lMW#zOkmwrPaAMYG<gpo(IeqASQpjS>sb^ao{3_{+N5d#7vpOWalH!&%`
zl=`8R@V@iyejk_x?5%7q{dflKE%Z)c>QVV=m1cVX=}jpSs2%w-H__3&X;8GD)|J;I
zdwEulH&@!)9-YKLLv>AReupzbnb$Zvp=N<K>y87bVvz$@fI2KsdlF8}54RUiS(AL7
z0cirp3u}b|Uh*Ydrvv|bv5tet-br>Bq|P$v{s1=Ep{LZaWv>a?KGMwjqxT7{OIT*<
z!*C+iCh<nbW2;Ub0*ho3+xup!0oj#A6C@tYLQ^oWNmeM-wu7W9)Bj1pHW%^7KS6!y
z?*9b!?7-MaFk&z^P9TaQs2&g{5u6dY1_=gF_{s9c_$mI&&Pv3}#6r)-!okYQLBzz&
zLC?<q$<@UQoN@$J0IEZQDFI(^L8$?(O#dw|c82?zEZltdH(8i4CbY-~G>9<HVz~ez
z6~YYeb`sje;FluV_Y9tFKxZC5)!68G#exK)==LJZwglQAhFCm=Q^<E-(AOO{nZNv8
z@0VsSonPZwz&`#EXp{1L`*%L@?0x%u5ARHPo7WCac#jBpg&@ik%Ki~QCH1B8!@l+9
z<@_e9zcu?CMZk?U649O^k-AM0^y$&T$V6))2V>~lMCa+b?Qd3<mumAGYB|_$d7&ku
zvG<vAv%DWz;BmbIBtPYbn?cW6QF9zF7|n8^i_j$e!o84q5E~hnvSs_nHqC#`r-tN@
zQ<i6@Pk+$_92rc4YaxOIR<~IH#`J#-h0e7Kce<o-x2-lC5~ATp=hwa&&}#195QklL
z2+xSQviXMoZp5In!%*2L8G2xCs-iuCr*PX8im4!wyN2l)UY6z(gx272Ww3x6&^n7(
zK8YZU+uX0InADj^k6`}pb;amoXKiG^!Ho}XufYMZr8t2#KCzBx!l1i;x?G#>C@&Tr
zIH?DV<dDL_7qKA~a6DHq<Itc84Ac>WUmptT#&$_WjGxpGz!8D2w)s3HobCG0V{`bw
z45^orCUNH`>A^}-d<OL2n<KE2M?!pY{g)i^)XjF7^`*C%_5W?i?HutbWFN6TeG(9M
zxAZr#mwJ&bB}Y+nJ%Gece`3%qVfPNWC;7aW=!1{KZNHaHb`nEHY9dE5Ii%c%-`9!p
zO@lL-u_MB?gM1*d-fZ|J2Q!!=$wJzoJ6+Ml5-W^{0gD8;$@>F1PsU_L9B@DLyD;k8
z%!t5Bw_D)ML%%{$h(0ttT^Snu4S1)aQ~A3psM#ugKTPU0bFYUW%5Rw{fhgb(*i5zt
zjA>EeG*&;wEU7*}pCn)XzeV{c+KCA5+!Q$7zwb<P-^GQ{wB7i@kH2Elsqiofd7!90
z66r&U$HmH{NN2>7>FxdOLthSW@@vL4+}!V3bi^AJ{n_0fg4<NyD%%fGuNyq*b%A?n
zz!0m>meoPtKfmxcVYHXMMzEgN9dhwY5$tPgU(3<PR%u;co|~(PazZ~`uRXxG8Kehr
z+UPU8g|I;^G9ZK}2EHtlW8&JbF@tcwDTnGtDi?L7$@5IcSJ`C>($x;o$qd{NWTg1X
z^g)=<!HF&NyKMDV2YLeJ=|l%ZI#x;c^Q1ybXzD2Y;NytbH!}lARIdnZ3{(2#`DH^m
z=)uXY60g?(j4^@c=!!?D?C%i8S}!a3Q!5$Yn?mq$*%?y`qJ$;0s3~_3Bxwsm_ha*X
z$9Xox#3q*QuZZFNarJ{NjP7*vtDOug+#vt?d%d(1xiaPA2PQ6n;p$<7ryYQf5AafF
z^Db6<(rbrgT5@I8BlU-}je-*JXatujNTAy*qbNVx-F4`ojk!Xk!@0lUKg;ZR?EMA!
zcttPSZEanXS6fuk{&4s>-$Rk1L@D-9BrOo=^t#&~y9tscsQ6SPp$c{Afj&sQ-9+P`
zx>(4>s(v<fg8u<%V~_4srCA((sw<x`P*pQueY(NRarYXfhKwG`AYGhys|p+QRL|Gd
zM(R2K>hbO#p@Vyqeb=^8g|Eu4=-y+s=o{T|Q`q?NIFi;l>I|mngEci_YHt%(2M?I4
z+}f9B<@GIvSm3{7F_Q7dctQPH#gDDljeo^G-9H<=d@Td`dllf)+-Y^w$CR!bKaY|%
zwd|NCzOmb2V9{yDidsSLUVnB#wID&trxfYj9>5a`>G8+ZXZ502P^lk0#ieAkK7wF;
z1wAEYRp5H`fUU{%f`D?NwLh99+!Zh~|AoTUb(PAFp|(3&Q8tUu<LVh<g*MNG)=6R=
zN<R!K9~D5<a0`$Y59g1u{0?u=&~nR<>Qp0&121eVE{leO!t%#&)Rtbtv!WL^mZKd-
z{HMlINgTQ`$``SolCZp5qKkQSfd;sWw1V5*YZZ4#B`lwr6#paC3Le&dM}jbvFpr!$
zwdkTqL2_J*e0Xql7OTAXxtvG3I<Xiqze&<%QEkBNXkny2qZ?b)QU2nz^gcA=QpoEU
zYL(e-V{5pp^#lH>C%R6dhm`mHBI&N#3AL#Cq_4^Dg&dHBnnnqYCDbD_UvQ-3_U|!N
zMmvC}HYyoLk1{R8u4=%Ih9DyhJiE%UZsvDuf-&Vk%$i>E77w1j1)u+h%~pJdwnMmV
zHcS9(Y0-RYuZRUwn*)bmxWYBl3-mE;Yh>?g@`fqmw_~Ijm@lm^!ZlG4^2`0p-Np^{
zUPWGnai7%L{tl+<a;r;CaLf<L@uyV_$*{+-3;hsl*OvJ4+K$5gP%_S5jGCZ(DN*mb
zamV)4N759Q+g<E1+kjJS5>2Y%z;6&r^soR1;&-P-U;B?mB!<`s_v-4b=ztyJQ_#EP
z8y3r=MM!0D<Kue%H>-k9=9mFg*r9gDH+;si=?!Qyi+$pwxre;V4{|EyX<2p<)T(qe
zf-fP`v{>!6Ry+&jp(2qkZe8|dC?~a`7<f;_oPG{Hy>^)h*3`vE5g6z2q&y}=(nFtG
zLBj<)?7ihwj7n8djkNXT)dqN+T<Jd!P5cUds)Cfbt>&~P^lLYr;0jCZ(V#Z&FX<sT
ztExoUw|ay7Z_$6)9psLoVscGB-wv1nJnyb;A_yhQnNxIQDfFu|=2Nf;7{=<=nj^2p
zj+FkST{WP23~ow=ynlB*a;3AXit__h*r}(H2JW-1R^BGofMhu^?bD@@d>u3&J;tI_
zaSG;)(N}a(HpOWa867}B&+wmAy&+_SSmN(RFqj<`jqGDU9?wdAj@1tnbl5Gcnbjt9
zA?Fxf!^1Ji725S_E*)zcCF(H{%dwtpA!<wbk!3oH<1g>utjMxoYacUZfq??(s%i^N
zr^LPvf<g3OM|zT7({RnIjw3$!UC2h>YB(NtfKspo%g2+;>`TlDHTJ1z&J4mx(!UBk
zxS|c7ch=ptV);2-NJt9Eq;S!fIK6(Xjce8ay0Gam&0bM^b83VDUl9D1Z}^z>?BLl!
zCEB->vSZwleGQzGY#dfHXsQNK#xs8iwLkvQ7&{&m#s|{S-eF!Sg@~DK6%E<-jcrEV
zb@FI;XQbBMHc+|NYaY9q!tX=e9E;OYE^K>@E!ts7<s9KnyY}AH7!;%Hc991tt;6Sy
zJAX{2394~hvTDa2`gY?jLs}WnTK+Mfb7A^u&`I@>L6maO!6U<RB|`+<J7JN|2E4Q>
zy0;=41eAFZZY}oR&yMV2vY*HKe^u6$RD+41AD_zTe^ZkpEM>@cI1<VKG;h-6SuP4x
z{suY{PX7&E`;eDaN4a>d?)&K@sDR6+K6=5tJDPrx|5#=fjt~Kjh_fn=(9hTwaE4K`
z;~S=!hWRQa%Ohph9zB2~bq1`62bBR=p$@FUF-Yhs@-1*&YLbn>VX*x$M=w|3f6}Cn
zc_Ka!8BXTP$7@@yy)SSdE*8GI1VRIknxX0^F=`qEG3d>oeBvim)E<SaclHxSs96Zg
zCCe+!*<2`@TKCzpr@8n$_kjiOJloyuesF62edomEJMJlWD@i~_RP&NI=Ca(FS#p;q
zOjVOSl_?K@paidSZcI^lFM@odJxuUR;&6`1nTJ#zauA~=?{f!*2sbskIDu#Q;CE`S
zFEoK^inXc8wPoT!ks64HJ+ISPe|YVlD<2T2BsZ>avP@)9=gZGD><=gilufNTn_>4>
zb64}fwrw8S3_t+6prwI?f0#VZv?NDqOARr=mr|(@zxX@XZ77lbnqjD|?}0AB4=;oo
zmcEOhfihU#RX8;x7tp@zb8=e}wK-rCVmd055ZGy3)m#T!;}3xteIun4b0i&(hqt@?
zDfIDr*d5lz+@L=R*UxJ_K6EHo2BAUDNY?k(Gv6aBvtA3Z!k66){;j!hIm?_R$dKsQ
z+6$TgJWW1X_S|Ip@;fQE6-=mDlg|;Tz6E5((lxi~LW0*?B!xXtFXz}OeDhmKnpkF;
zH@y)_s~L`{8(UvBtc08VC|Oaa&aMHa5_s$P$abZREVf!6kaYh&t;0`rK-k-Gp~E*h
zW%kSo8R`H?BGX{5fQILK=NmabNWV?O@d$lX;BxN~@b2_^Ijp;Zenw@f*!-S%^DR88
z@Y|h+sM{wWae<h8wR4iOs<akw6EQts9TRLyxmq8Rk%ayyOLVHr2z_bC2A`ML%}HhB
zCp#We=V|6UG)wa@#H<M+r99RJmUpAAP<Q9;nDPrifhvFU3yyn1Sr)Bs2qnf{*|0|F
zx%#?6i?9rvEyzB$dEWlhi5i2q=R4gR@uqRP|HAG59cQ7v5!&!cZB9$-W_^o$A8JgE
z<hKm&0aV?p04vs$q^?eSo+(s0yqYt+m*|3ypf6afw6yI{4I>pvgl82Od}=ir`XnT2
zGW5{^I4_aSpbmEVG9K|wd*nxU9QsS4ey;h_?arQo)tUr-SOgq@qt$QVu-;FJG>dqo
z$)0qTSjsK4*)CK)rIjkrJB51z{YOuOGKeO7uk3CIsH+DBBx?_wtf@HW)YQM7DKkaC
zh2XI&_C!O>3>aVXGm-Zk_$ri-zac?^=9a?(!BW9cf#VQh_CVc6Pz_)?Bp3ov)<zT^
z*cAl^17KzU@3*yMni@7_jVRt(zosUjR`(SRV|^HrEIi^Z+a&4~|0YZ4T@6cCr3sD;
zzk7G+-yB<rkz!Y|#S}<loak3qBoUzT|1y95k~e@%;(;TVg(MHnR-^PNiCp_#v*XXj
zO!xKR6!yJvUaZh0F=AP7Q9XbeBYr+As!WCV_4exWZEFL1X<{m>3=Nu~j@{Ui`*{;W
z2<iIiXrNc^!CkpG`h$<xZ&IYhE4eBwea86mRO|vTjnk7~0WVj2)Nv*YW2Qxhp=$Q&
zq7x)-jo?7+<hP$@+a-RyF8B73hm7BebeC9U0az)DRQE)cck<91WFO$(-BF{p!gK)|
zLFcOun4WA<IZB_7imrKA0~pU5XepBjWIfVJFeIk@f*r9*S$yK5o`pe8hP4ZGCt~37
z73gCrz#TVoYS?US_>*WVU@PrIxz-k9Mn(khMR5fS%@XFIIIg{cg7Lu8-w8d5hSsHO
z!SoP^z#Y=+TpGu{gc0!6Q#_Sc#CNc=h)^&R7CZqh&=MNe3&P=3Zx9a3Z>8WX2hDM5
zD(h2&D`*M=N`y|dIfKAWn`32t7!(DZsRT0RicilFcdHA#KYLCVjHWU_Nq$Rol4AK5
z2^(gxY~c5e<B+NUaC#P`l@Iydn;T0Vel<&GYX*ue0TNBUFcLt#<(CUVpS{4yqK-_7
ziY?kBmfi$m@-5uN2u;R#B5J*+cMTaCHv$1XGHLLsP8xawiaDAZP2@>3S+)%M5lood
z3shALTeGQ>m9IY(t<8g0go$Pw8a0>_aUqQiW;8y2qt?~WVjw-U2pg-(a^#xzO`fbR
zFw7{)pQfjZ!~kGKFJ_F@UPZ<|A3_J!vf~|TE3rOdr@%KRW#xQ5>zaIKo=m+bH3fs)
z1;$2wX@Xj~PKqd#;9oPu&*&@2WVy6d`KU?cllGfQ{7E&hNR7=XmX=nqZ*xdKzC_nY
zTV)4<52j5YM%vIGgJ0e+lR-;>Ey+DbUE*P|sf7EMhz}tB!6}mh&)ZD!9^B3I`VPmj
z=_SQ^tnYNArLZ^iom7NK0&<mq@e8qjwWYU%%VZO*YSZ|WDn4_CEg~prGx#a|!Wp97
z#hJ~=Yg*+7Daa}x!MiiKg2(HN?ZY|zxAc;n&oHp-b}jh9#-`IcdGsyTIx0jmNP~C_
zt_pMvg9bo<UOs8&LXLNa*bsbD{e3tC-J)V(e~!Q=)!FH?cRiCO?%e+D{_Y+OKYi+u
z-saX0bLH(y+H1W)Q|@T%r3`78b7}TM;Pnovk&ru$8#HT`JKSdX{+5WBuh$&B*Vo)c
z6>YuE?PXwP{GE<47sJgq?TA466>?OwyS1B*^c|qB+rdm%q)pJPqOgi;`i!CXha(o|
zJbN(BOg>c&AKnD-0UN_1#PsXw+f@7{;8YhDLEuU$fqF+sTz4AB<&uy^c5;&X=4-7?
z7Xwpam#RiQ4rrDso|A;Rb<ObddZtMHJ})_EhS84m<HkC%mlO3K>q+qXSmsTFgpn8+
zz9t}Ln8U{V;eGAbvKy+)bB<)kZ)kT*-u8Z*uQwqczO=8@C&zVa<zcCbmgaRlU$z_6
z>e~7;Y-#ftJZ3WAcO84h|HR#;i`7FUZaG)FnN+XVWmr$Or*{R8EOX)bo8x49Oz&6N
za5?onHfNWX*5%BuohT>7B)B=s9nQq&{zL$bY5=yl6Ye0_j-kAb8}&Vv>PDdS^$CD)
z=EPY?w?{l0ue)N-Yu!JBwfak#38V4((kj=3XmVci$8qJ+T@H?6J?-SB+Y6t9qrN#k
zw!+of3}%cl%jJ*+7uKZmRkL;*`emNg@Q!kuJLh2<x7(wVlaaN;pVaDPZA|R+V?hEU
z@*~3=x2tsYl!iOMsNi#}wdxWi4|0WlnaS#Svwc{z3NGHwqE^SOuU~#N-77F_Y(@Q5
zb)aXH&tqg(AK;_jM_aLKVO9>}UFqfTncq_a`|^x2&Bl96mpA5BX-aGsd@bN4$XT+P
zkDbj1+t1tMAOXocT{=Z+%7%!bnhOtbzQ#meO;Y5z-?S4#;VDB;7E^(+o}k!*oo9;-
z5I+*b#at$%79~;V%ZWm73}KUj#BZxj4yz#Qc@i1v&c1ajIv#?zq9*E8w~Wj!(V_|E
zd~T~}2D>_zbn>6ggUO3v<_n>+98hc>WO7uJ<Z#+OIS(rwTBQ<A<)o#vjfn-QO1&``
zS1Wa_Dytqaq(t1&09R))DO{gut`~<$$}$d@iP<!-ktb*)gNx-2E#KzTJ83AD&zd)r
zkqc`fMR<M^7z7p9imA<QxxU#)6*|jd2VIlN`ny`kndF9P(k5}!HFh6i9^#!oX_dbo
zj?4+1*jk`8gu^xzt81hWfXxAF;PlKU3g=-R>-{)8YHK<RRm)EjXVwWqnrrn5qjc8r
zwuo|rXo%$5-TkHXdrT^lLY&pkv$77w2vQWH($2!3A(u9FRCz|Aqzja#qB$oH3rHmE
zX&XjfQODBV3N2elzFF+Am;fusYzc9H)!G|r;ALUBw)Qlk<&MxcT&n?Y^JdFf(-PH?
z;5>W6N3gZBATd2(ncWUj9;SlR`o+0%&uv|<r31-sFgSc_EsL3tjslN(f!AZVu6Iwo
zE6dn&vk;gR7MS2JEi7G1a%Y&@k#GJ@v#(5p1TxeU2MG@^QY<`80qfXq6S%SPw38pG
z?fGLTSIPCM;Vn06H-3O7Re7ptBw(GHDo3?zt~A-8WUkJ78?SKg(RE@b6vvPwP5APN
zNds(XMyT=qvgX$wir<BMPa_Uu*vdIp{)qUupZsV7!O>?62W#VF4+r>&bEGmC69^=&
zg@XNBk%NEGoZJBKCDYX}0PsMFA&rYSXR_Sl=pSiH<bIB9Ep-687j`qkz~>^?dRZ3B
zP=4I;-}6%)EHS9<-s-m`%WR7m4{c<q)~t^@=(6K(w{-1vq@I-%(@K=QbRLZD^q+Kr
zxk-mYb`{|&rD-=yXc<l^-<>?Pl^jx1ilFPw^^-b~jkG7+N%!!i{BNpvJbZIc)9x~Q
zpa>_TEfv?##0&vG9U={~J%7Z3<A;bd^%`or4x|oy5ArXOEhgGNc+tj@&6rqE)aVW;
z>J51+Jfqs0EslsD9>!xG`dtlh8zZa_KL@xuq=4f_PS}>=`I11mor~Xc#iyCm0+W0X
z8RB?W?`n)pHQd+N^53EMAj7<|bn2)(r?l_(uch(&0**v@Xr#T*hO?ie&UhDAhka`l
z7QO^{Z0`l1)DH=d=;dXn<O%y8boIIOj2F7E4VP+~VQ();NZX(?kCmeP*VnuY{9+aW
zev*lQ1!H0d`u2gT{r!%K1S0`sXZh#iz6TBLD=-@plmK`^1Xd1=LI<PzJoT~sH-U$y
zR`hBEy7xlmqyvb9o2x5i1Y}F77OQB?qI#a7KmRE8dUn@x`PnPrHfDP-X1dH6m2^nh
zS+DXI!R?$w3cNON15@zB4WZ{#0yGooG7~HbYeM#xhrTBJ{K)q9!kF`w9&7IuuWoYP
zAE_3c0RWOG1cnkg6*4_WxFPqEzAkUq2}hZpFy4wSNTv6AA-@fqymK*-Rgm@-hU??j
z%$-b(ru5!IQC&vHijhRZ=J0xLmsOG~67<g%MNgvO0o1A)s?fol9CAIvvFN1P88g#r
z3Q<ITj2XwOpTZ%rVliHZN{>|QCtF?+{U`s106<oRUL8-DCh&`!mC-=gH{7XmMy0)C
z|I+nHY?i5t4B&1*5`IcUZ!SpuPn&Y0=Om$hHMh(WLA0~XN*aQHv2XAZyrFpB)g!q3
zJ9kt(Zk`0i-|Gy`l_nZEhAwFRQmcD#3LK(9V<3P^u9)1dPs9iRWXWlIVEe}e;I9n<
zrLzZFwvv&)KCL}Ux0c<<-=+SUWxB)|7wcT`7wNsW#;Wqb?iB>{05&tLgY<0uJg}(o
zFJb2VMEB!gq?BAhPcwQI&hele4j7v>lB#!f6C-(oi?3(9RWAA?QcM@dSGWgV>bMUR
z6;zK(Pd3%xf5#l&|NMDX@yY~9N2jkWmX&V*&V#AuY0K2BIH+620GQ&-zW<p%HT4I3
ze=oYb+?mN4Z<oHp_Cg;@tsR%e__sC>1HgFkB2CZiJg+_b2rO|*PYE*gXY61C=&U>C
zl6WY&De#KwE%~v9uA<mnqOc)Z(>f*rcymuuU_#xsz!=?(Wab^@W@7+IEm=BeO=dxj
zo5}sd@$tPp0gSHr`y{^+Ucgi7M?p(9;_;9w8QUMfhcI|NRv(8cN0*1MF|t!hIq#ya
zMpof%TL_Y0_dT{Bqd7jF@9%KqKHlw~xAGHQ<9-NC3NYk@E{EMNu+grc7`=@Kc;X8z
zJlV9VS=qESrbLaM^hikqX561#gMtZNlUFb=Yo?;afi3;z9?E$i$qR<h)VnV=zcPVr
z!)lIGvGXgmBUCr`vOtksU2|zQ6YX4H$pZ4vqls-|c?ClQrK9iK$~O<qfqPpGRI9;9
zsuh3Ne)d3Sz_?}dE_DNeW!*t^taGAPWs7jl7TqJ3aPPVSm-PpLZv)_^csm^u#2>)s
zZqOxWpepp|Qraf_7;m)S1d0K1Riy=j1Su15vi}}bIm1pLafVKiVXryuXRnU+qv2ee
z05|cq{J1NgpMl8+apl)uLQVa|fbf7>7EqjpY%|vQF@hR^P;RdDwtG^*>bditQ@MN-
zA~}jQV<B7Mhwv{zvTF>%khgZkPlCg!arj|ujKiPBOs0+o$#FSk-Ex7=Mbxww$T_X`
z@8oc*#tB8Haa6bV5t0i2P#OyK2aa5fG1qdOCg2emEl<bi7aN{$UKWPbm{--4gwG(|
zGXW&+KS;x?)#jhe)E}jm?&1xfEaynZt&3yFsDlzKeoTh}9zjYUzjN-D-rkK%=B&9V
z&*@N#g6GnM=EW(63D-Ep7-9WCw%##3vTu1Co;VY8V%xTD+t$Q(dSctQZQHhOO>DpU
zo%7duuJ>c_Yt_1UVejr$Rb6*g_Ohy(Iti>dLLm%!1F>2unE2187Koc)n^M0jOd+=j
zrxP!fvu}AFyVh>K6Y(BjT{rhP$d#P5Ft_~*r|}@P5`X(sTTCbfjx@l`*PbAIXpwOJ
zbxPpug4tEG1`L$lWle`sbG|jdmal-OeQI|j!3WyTRtNkAQ;CMN=u>YiQ-Sv$&#%JC
zpt=xo!zC7~DSR8=f^6(V&36Vje5=lo;?ltL;2A1wUCyHdbn0=5;+(&yi}}jfp=i3S
z3?F}N{up6|A5{^B=Owknad-8w$=aOA{tf#)?aYdP3eaOTwH9j#2U(S(GW@dg^=h1v
z!YEs&^k{lG-tANsT|~-<2Huj+b1=d`0#)QQ^?<Lq&HPz~xnXv^ny*Wh`6F6iEZlmX
zgO6_Tv=F7GFtri|H%(IzP48A5hBMD{1KFth@T$nTiL-iFO+(NU!D&T}K-)5u**Lp#
z2ytCM5Fl{z&v^A3M{5|qrsv(`Ao~QFr)TLsCMnliy*B62`P{oiIHyLo3}H+rUsj#t
z$nkT3#lAeFV|5j{&o-87P8{sXieAX_p5NGz09?9TD0%9sHO8m0Bg8(py^fp@>_k&u
zEQ8c<PS(kLRHHh0O;G0C$kCRKAo*#U3ZsrmfGK70u%fz>nHkX*y<)0^osNsSOa3+G
zZTZ`2KPWBa!WLLc=Tn~~KjdAzgal`-TcE1_d#D{1x5^x@nzHVE{BQ_(ZU@FJ{(QZ=
zU~*}HWR5?V@fu9A@%1mH#GzREtAjAs7tA)NSLSaiI+zk5h~oe?XXm4pT$L{I^j#G|
zb}^jonq$<Y;@cxFT>z)#WSf9`@WExOtme|2)HZ|!BK7X~+1{<zTZ1+b*luYC^N@K^
z*UKs^>%%4d>av(p80x_TBFhEo!59bkoDJ}HOINMyJ&OCGXg4(6Ee?b`4=MvYB9+CH
zEzwBp!TH(Vsgf9AFq(rRFAqlVBMuG_s#;hYpxh)8@(?cp&xpV;m@L;~q;HS{kGeD7
zagzcciX{Pwk0t|I4ki;C@GUsAFDy}CZELeTAeRb)GaK!(FXGuBp>DLiii5!^e5IJ{
zrD2EpgwKQtbAzZ;uA8bKMG(78fkeM;)QT5uosL7{4ugyL<D)qr%9J7Ev)KbYbeO-<
zHg;W^%QWyE@U2VFV&w`9*#^LlZESu#v@dTnn`lBy<6w;;6Hr6QJTmUUFjZFI51Y4A
zn29BwzcS*HSJ&)4(m>RwT(~ziQ{JvN%eF`7d!@sQwwd9r<74@r5k&Lg-f_(ytj=Jc
z>aa3{rE!PmSqjb5K@C2?^gjZ`ePji2)_}-Fpgf^x#b&}1F=7-Oy>?>&?q%L`VX}Z<
z^U#_JeHxQt%XBLa_a-qn=X}Zq`&j0wTVeU()dMfh!~l`R-1m{~11J4`DLq$Gx<yAi
zrWc{u*D4|0F4x^^;w7>o&)J$Agm{f1-uMYv(Sc%U`?ONEMFF<$Odr7K%f;~1-K|C2
z3*OGVg*yN>)$r6h=Gr!18=V-<hQmDUxQqBkYapyy95Kv}R24z%;xg-n+R{t>BSNmz
z1z7c5dtZs?`91~a$pVpRiJDP&tY_CS1=l=9if>T#Wr{N$oKm@-pd0kIa>JTOe_0iX
z^ou4jEL(kC<7=Q?+k&6w+>*`5gLe8yiVmGx$XR0~UllL=NHa>Apr;+CX--LA&Me$Q
zm*NW~{EeH;u$%mgE$_D92Bdn$*Xx(&h?nfYn>Dua{yVAHh5wz@<LLmw0kAPM{^u_{
zZH;K`f93NSrok8f&F?OTG%QFh66%ZYt}a7N);ktz1@iJ%N~j@L-|lKw_`@d@)WWpu
zNTDKJ#dvb1-nUzh`d!UWN3xV7@b2*Aw11SE1M_)avx2u_m~MAFIDT5HYWC2n%HU_=
ziXvcoHEB?DpZm`i9fO<g?MrcU@s%uJRt=!aXLRTwZhDEcSy)Rcbfqur=1Pt)BWr7I
zFaz-Xat}v(rZl>JkbJOS&>LJRtftM;&3E`iISsvX{uyV-=7vMg4US*<`_o>=YK}Wa
zV`JxcElfv8k=`_drlmQ&d8$FdZRlh(4iI)qK3_Z&t{LTbB|A#X^72#GG}O7_@Dzo-
zp|=I5yl|sZU$<GhNWEeFSPFSRc#(cC|9NnT)+1%k1cLHTB5s*^fMk_NgDL9vPv8$7
zOYB1h=yA@MIsvshQ?Izjoh|;inZhxqJn^#iv9#I73JmbnKV2wXz4*v@Vp>_Uz5pr>
zrjDdWKle?>RKr=?Y`QPDM!n^Qi9MwE(H($M%`aRz)>{nqJVWWRoxph5D!&*(ut6&$
z%4ZuePkfV}as`ynO*8%WGC7!V86eltfFbSl+I6U_KQn)d-sO!T%J+s$eR+UCGn#Gn
zb8EVi$uoNgF)gAc2IKN?YBrzud;x{*SvA_M#D|I8(zKDYWiTx{caM`n<I#D*ADPyk
zg*;czR$L`#o2&*b0kiu8`^8^waRT$czND=?ia|1sS>4ZSj<McKHlQFcIgk2>IZ~*o
zq(mRndfEKERWqL-0emL)0UL`|#t5i?KVRN4kKR7YyWe*Ysd7Fa+UK99`2pkoG7;Cm
zI~WkT-TqtxHFSf41$4H$8)n0DyLtr{`VP+GeTs0^NCEK9-Q*mNG5FeMSxbCO&d@yD
zgD@W6aXqeCI?g}(FWh+7?7MF|A|>u4otvha$)a9tG|e!r$I+RbJ0`uk);i9=TCPMU
zy%ieP7}U0QJrQxa)7WyK>;Y;c0^?aGl9mlxn25I1!)>+j)n<9y&*|M+dI0Z&>Yo`^
zjZI7RRDbV|^}OG11Ia7o2n$$m*54qaY9jyKvE2|z>6Zy5+r7b*!#dlFJjqfnLFnp_
z@(%DGKTY!r)>bPtg|6P@!TdqllGrXvaM!yr?}}7d-3o>s3RAd%?f_Irq6$rJ+Z8fD
z)xX|I+6E)v3^0B3)=&G)?4t6~T6)AJvHEz)y9<TYFs$v36JJ%{9;Hjdz&5k5et;ym
zphK=!WJ7Ez>CzNJkVk<7`&xNz!gN^L6qbu%H*F0B6XGjWz8`!b_p`#)r=s9#B96~o
zoUn294YObEPGA;2<N_#l*4FQ<Se;i^bSibFGZ!smCXC_uTE+HM-mFy)t}a>)cpy?O
zl%o7QU6;Lzd3x8T!szsxt#Ax`xEYhwll1XJe3j{F#lh@Ew*)p&IvXZ8SRL0Z)_6(X
zJYirtUDhv_{hHx7Ofy1Kz*xz`b3M3d74TjypgMdzN(*7wi2y;l7n_*UU7aB0h{}*-
zO+vro3rM2D5ro=i^&3D(5`k32<WDYYEf1?^<=ZFZ*Z4;z)qvcgvREJpi4l|wEYS;E
z1{WUT9HIuvfN5yvv4ZygXlLMKPbbN6jVq~h;rHvnI?IFsHTqjn1WK5OJj+1$SM8(2
zVC;ys59mN}Ap`6u3|}X8hU@H?c=-xId`lcNYYimq{b-AObTIDAHr31ZxS_e0XBX*)
zYQXQSWKTnXA{(2-CL{YNwt)I0GHSk%AQ*zkaSZ4s84l$IRiV*`*E+;6jU1x%(o9tj
zF$Yo;({dmy2GlP6Ru?CvMXif#5SC-+xExNo%HRGuGz3U657a0)AK6hClol!q6hV?F
zOb;C(6qT=Atf=Kr%C;EcPl^`_B&eJMF*;Stb3_;AvcPges(wd0?+L1Ny8+57z&5wa
zZo!-1v2fC36W1hKnLcbqb&RIaA1L#&xi(4J&m3Y@I9mZ9r5^H<xF3rb1KL%j;wuHK
zh%Oj>{iZ}zg<wtdWYm`TWj5X~ft|;ldE$b+Z5uSRQt8Ey7b7Od!#?pN8%xxxvxy{$
z)6Wa^gPM6IOm!oriyM(;qTvm<gHSXl{>w(c8h-i6TEexU=yH+^|BO4aSoAYu0qg_!
zo1l|q={tXQd1f9M<oZjOr`20X@{jaw2ZO1hnm!=TNJ9!SC+Bab!0_!cML;c1*};&e
zTwf4)Zt-=*EYjZq;kr@Dvp~yf+CS?e6DD{x9vta3<`DQN1i-hmihOH)AU6@UH3KzS
zbTJYtH&MQX>5?FzTSzb*@UVeBJYW+WDh0xhoJ+7&mlo!rlzvzjNLQS`Z8i&M4uZQQ
zLtB7R&uH=knV4tS1+(<@2}#P?hnT)}MNHEYHZ9e|n!(xqGQxbxi6rztPt$_;WVgqz
ze_ACb!^oAdnfj*W4LbPTw`%|L`)Lu0^PV5|T>dcXw-@GZClu2hmJO1rj$4<_qw;m-
zT;gm3Qv|Q2aZ|HsA0Qv8On0HL5)(F0`;`j7Hanw#-7}GZ89lFyM?sDM5n&IzMUZk^
z#54@*FZTnronSDw6LK_4S>)GI2u7M3kdaf0&c$<IrZ`t143Y_6ercYSv0&U9O9)pi
zcr2Lc+5)rd3WvodabZlpBa$~BsCkHrhQB}?qbs2hG5MCND}Q=|2x?GBldy{w38yIl
zxzm!o9D{_&m%GvV!rx$0!5>VPm%Ixcek{u`E|fn361<ax6X70imc6-AcT)DHXn9pW
zf#C*<yr?Ngn{n<kwtTeJ6p{qO49k?1l{xTG-BNnRO5ra#S|HT$b7p2{!9fxgWAD=&
z41=thcEplv@s1SiCZABm{$dkNme)3*8$=|K2|>)~FHc@yo3Ej@Zv*zenFAI(>EO~I
za1DjRBrG!E6a!op69&}3BQHbG%9#6}Y3P#uI~p>u@t`Xbwr;pW=2h^5lz25Jv|ui^
zK?1hPSVJ1Q><E#ZNrj?fNxpaV7Y$hjkBh!6HYv=xu4K*)hNyhRbxacm!{y8Xks%nX
z=!7UUD9zYM;S}SIEDr636qLo#0h$ZtKN52n8k<z-<qZ{W%|z69QABOM9F-O8_Anu7
zmd)tnW`R-kGY>6uGX+NTaXoc1oONocostM*zm+MbeUDJeiK@w4u-BcDaihhiILAq8
z^Xe1S%$f`)*aSL}!Lcz0XOt-bs#@b1G!vK&XTqNPq{p)=>HIg_iAsjQT65>|Z?G#g
z44K`L^)(VL#;amUHl8-3o^%}?0w=g;r6XOjr(qUR6D6(QRBqw=gVaM^+cJwaA|YcT
zm-=Kkq86FvS<N)KsA$H2KM=CQmOF^%fe)9BzLkW}sq76)UZk`k^0Fra$X}>+I8-r>
zek54HI=LAe!_G=A_Zi?%YnGg|&&<fHf}$-Uk5w|0mrpuv?WB-d_`Op073pNaA;roh
z$a4|tz~Xh*(A-k!nY`4)sV&75YL`}oWq4u<AzaO<YBUkZH`Pl91keztM*v%((Ft?H
zhhvduHm*|E-x^?Xj0si&O6&x6Mj}zeEYl3fUv!Z|?Kv4#!{c%y7HfG?9n>8r%tIAj
zqGb&cg-F}`{F0~qqUQMqs0|XuhzV8_2S^T;IH%u445c3vE0iatPzJ+Hh)X647&HiR
z2SriWYlvz$wDvM(j2E1pBSv>WJ(WZH?5FI=5W40%1uS~)EK*MZBj7tqJ0EHOwm9&2
z_OT|qU>vMPBp!9L!)FJB-0bjzhA;0)^WZ;IHzOWW_$FwW9C;bKskTFeLp^3}9Yo~^
zo>Q@hyDa+U7HAW>I)-~g5`BX!!)6U7e9031BLz+WloThavQLU0r_LsM)|1tFot?6m
zCt>$%@UC1N%hn(ORJq5+*r#qOwDT52q#88@T?#)n7$)xEXwy*+{oGp&Wskru^%cXE
zfm;zx(gim9whJppv%Wy^x`F^-+<|xDs_13Evxa!Kb*WxGWdc!x9B80$P-ov6xMnhZ
zAX2V%Y5R1StMa;EFS32^UZA~Ox2|}i#ro!F<m1!DUXK<5;nli6Rb`c9k$2NJ+U?Jw
z3_^<N{*x>_GH>fxZlI)x{2gF(!dGFFxY-+90Uu=itG)5^QKHbn`I~nK4)?@cxRb~?
zOR1OP3iDPnj~(9mCf?aC%7La}K5wA!meQYlFIT!=A7%y)Gb%rF)sPze!d1ft)mE|#
zxE5&$Oz>C%1AkRfQw4g~O9zCP{ZLz*j};SIXsdVIJ@UhNL`gzvZCk5J!-sR${1>@9
zf6WA@Yo~8LyhgigU$Tu^+j&tg+u05|o}8Okm7L*6ctmoY4>WdYEHe#Qc%QEYS?dV(
z@3lEmDAMS**mTZTTeLU1_*-J&l{C*YGxBwQb7n9A;1|tOR3`PS2NhWS49v1vr$9cX
zq^TPHlk|zuYV~*VFZHdJt}XMhgu)@$I!-TIqokITI+61vdOCe<HFpr09X7V}Puju4
z^JznV?*lJFQ5vL%D=u;V?EO1?`{S->R{$F_>-%p&TveZ%u^%(nh~s$Lb<Vh-`%vhK
z6xNhy02DH~GDNka6k*PK3sI9ZVX+N+i*kp3Erkoq1{)&>|0c_ErR737>I<A?yUv#!
z+Mdtc39{70>=o*s%GAD3=jRih-bt72WxwA(_Ev82bZ+z^lBZs3S)#?ai2{i#ZRDnr
z``4Tut10Va*@LBB6(P~<>sO|(JAGXemh<pofZ>7wN1E5D8SB%>)UhGn<{**Vd=K^x
z>N5j7HJDFyB7gzm?r1_Fer@U{Ubol7YkG3oN-QCrl2^r&=egoTNeC-0Zz<mFvBQ19
z#zx5nmD^Zsy~r2?P4w(=ep_2yt98Z3<Gke?u8@D##rnn5&qi<7ERZhti9l%KiVIA7
zz#N&I-r9u(9~pR66EunkRI2;H*Lp1+AMbu-Gjp|fNSWy2kb@51A&)MmA%@^r0Q25#
zdbkLG_yaP+Ops%HO23)gfTdKJuB7DauJuDJJNHv13xw-0NK2yPDwWK)Ta=i=s48hl
z-3zAO+gzPsfuNI!c^T|jSa;Wo)?Z+W03YZfRF#GF;aC=`B5i!FiDzqy6ma;(mqCL=
z=x*VPmmM@vs_qoH$K;K*W0yr}N7u+4?bUt|ZgTYCXdZ<rH+MT%hb%p7+-d=n)zB%;
zDeoOpEvy8)Lhg74ZWtquXsKU;hxS3NyuUnxMc^KI>8p7qRHBp|t4H2g7+;A1081H7
zq}0z&xa9n{{@hovXb5*{p~+$pUhEg;sa`fY{bDXRhYhk0o{VFM1&Ac~>j9igc7#}5
z9*zP|+-MhZEtp`r+g)>8xa^evSzbe)VXwOfq9YFM3w4K{*>eA>FlVcspPQd-@0UDq
z4DhCLuh5+3;?7<-gtF5o!hhb>0ik<UaOcH;+aC%?q8LBJg&W<@myqP1|N5?{nsblT
zsUhaPCJj<{a*XWYMHJzEGjNr72<J4jb@3|Qb*@h3c0W7A@^JuX-~V~;IE&|sW;e+*
zgD6Han6kP5IlbX3i}oUAOvy8@X6YStfd^c$(D?ag7ENT6OmKFdsc;zk4!B^^L@&fM
zoz$=7zTm;(Ijo%HPGcQ_lci$iV8=l4E~hE2y_X0{Zaq~NJ-&Ixav~<?jNQ$b&a8`-
zKV??}D8)Q8yZyBx5iv6PT$k^2i=HRQ(p_-0#%{aVaqUp?n&OI@;?8oV%Ez%Va$2UM
z`yBdHE=xhj@Ov7WDty~59Z*K?odMs3{g4M56KF8ZaqT;YLw=@PH7!X$w1X3nkmT^-
z`gV75DSZ%_xZ}cuii6D)rz>ZMGp4n6J}u=qp!rKpIL2mfW;nxmay|AJrKPQhdd%f4
znWq@UZa{i}|Ci1(ZlYo!!O5w<$0019JSeXlCvQ)yo_?>8EHbq29H4^av6~|w_GjJ0
zZ=<lg>*b8uv;F49Q1<dukojTNJtcvM<8O8@hT?#m)1^K#(R(S`S2c?R2y@9dNu4(u
z*!MmlhomSg-n{XTZdRw~c1pLoAC)<Be==y>Ay+eAQOo3>OCvE)lIsKq_OT#`pQ68T
za3+^-s@p}=Pk&E@aRKI47pMb$WCeA?dE5q>^$1Ek?Iw7j<tqpGpA^!VYtn!-lNGMi
zedM}3KMs?d`99pb-n~3tZLy~L^nAP)=!t<ie>~6l<o;b-H+-iQ{<2S{jlZGbsNjAg
zSaAepD$S8H{n9$xKSLTfU8BNb^9*%9c(m~L>SV!fr999>Z(;vEzB;n2uzYA?{%!}g
zpFeH#6RbLX>Q@790;m4w3oY`{QUDm;<6J$(TM<*?uBi|{-pV@~ZLnvu{U<Oo$oBy3
z<Xt>qbs*M%CW_brv$7`>bO4h97?|l<{xhwmE@g|&2GccNo#N=5DAEar?n%FftBDc`
z0s^LZUxVxB4;-bn{_;gG(#a0Le$FmH`(Vg}Bod2)hsOe)KQIk<tw)b97_yaW|H`}p
zujoc~6U}altl2ei^^wzgJxh5tWFGJnND!L`6bL_26p**nhgn&Ohi4PS7t~I0@uUDv
zR|xL|Dle%XLc1~mWc14Ig*^p_fAD-`&z_f8Q3lBPB^$4JHA9cun{qS111nq5n8W_@
z>r~SG3eCxO22!adF=n>9gxzU?3pN5b0g;nk&zPwVc@A7oF>NTPgMQ59cYU-1nG3dP
z7Y=sF3E<u@;&ENwEuB-=swsCv)KsiBGj_eTo$)A7hEEP<=q)v+i^v=(N$@JeE=4+p
z(Kd{`8Hm2W$#C<80@n?p!BST4CM0)o%}+<ctk&jUqyl3T%FH<G_k4=r-UjDVBxkfU
zk&!gL9x(NYd3RG_bLqY??zw2zaN2)?0KQSalGmPSSb(?mnbEP$O=J@8Fkc8(b)AH@
z5LduTOiH{Eo<Xq<6P^7zwd>PV1Q<;z1QXPA_C5Zv=A6APQ^?`}Sm4*+SQEDnyeOI)
z5EiF}Po4hUBFG1(>!rY`<@Xb%f4RZ?9>`lZqG8TTDg+6|gAM!VY19=>4J1bi&{%G5
zy<EI0CrT>it?bevnAqL*b^Uhe$=$PP|9qz{Y4W(Vr}UfRLO_yf7x_Ar+)SmYki~Jr
z@(8>;_nIiW_0kcB_JUx`XnWfj_sD}1?}9~q`6c~ecH`33jyHMI!iAFAR4xq}Fe}ke
z7i@Kxy4_+n)$2rtF_2#etM&dHAn8+JpnLop1>HK>Y{}sX*&_DVDK&ir(z?Uqu5B&Z
zRp8i0Hnj((w<}>L$7p?+`TDBVB&0DP7;VUf>XYhzVlmz_W;gw8qq)+-Zu_+OS$%Vs
z9M8z3v#!{jBP}<o0~U|pk7U?igOYHzaUW1;mQ+wRzB^S0hc7l{hIC#I043r&D5e6}
z6~)TE-qEzbpF_%}$Rp$mmhG5!vDs|p+4sTa;_%t-o{O?ZG2vn}NEnUL#_uf=5|@r0
zKG&4)98!P4M2TFf7L=-Fy;DTb)*>;F^+Q`=4a!R6T;|a+_o*+5@6RABhELbZQVpEC
z){hjzLQgnY=qv<xmr&jSXrGRvi*y2e21WlYpV7VW=$uRa9Tpswja_}j-edBlScsI?
z_8}Z^)j3k`Ht*SwZCP5-Y5WoV5Fa|q@b~?wRFUR5*MVk#GH#Q08Tp!O#fe~E({rpY
zJUn|_=d&r%gy)uraP#e;(74u9pkD1+HiN~emg3xSwqwk8{buVKaOqe_n&1=T<(}~t
z<ArP7E#w9ET+WI>bKhby^6~SH>=|=^jSho2T}IA&1MheH&ao*=S4Cp-+Hko0Og<t>
zR}n{mpx#@G?tN@!&<hV8B=^ew!@4X9N5zcU=w8Z)3mi;6uU32&c=fNFC9oT;%tR2;
z#`HH2Eb&$Mv9{730M?S3&CU|-oTu58*+=(h&46Cq+Z+8-!+hb_9+pm=%K8<WmHX##
zG@0IA!5=5Hn1&K>&0W5*&RnkjH@%nLDYE)b)k3anyLis6j`hkdaVt?+Tyr0Zzs*~T
zcd0m2P>DQ0*(IGRR!d$!|8DNy9j6Dk+k0S7eS)#^%DPq~0hBtEzn0q<rU=4;k<Z{W
zY(0FrTRA|>x&yVk8f6?qxCe_cY5z7+5X|;0{@J#qxMKcT?4V*QzLpli0?8K{CtM2O
zU<TH{1a=FboK{>}s5HK!Um$_I+f&nXdz*1d?JxJ@*#tUqOaAl<7fSt&hrrmA5B-A*
zYu}vPN-r|k360D_kO6y!zh#P9GoFgba)9;=<hfuS<zHn8U{;QQy|a_$zh^)Jv(f)E
zf%$t36dV12zOcXR5GWi-KGk{()8Z}Oct~dusx|e=F8Y{}4d!@dVO8!x4L$Dw>y=ZY
zzYR?FVL`Z)FpzCjjMl>!bbYCVk0_tKCfC`C5$fj=NpJJPo5eUJq6*K*mnFOb<JCLc
z#hLU2?1Pb8ToMJ16K$OafFyd+)*pEY!V&}}tAMWUkB+yNyZuPy0r}q*t4u>23KJIP
z?>JUhUp}8Eu8#Tvmw=Z#u71IJ#lz}YdR@xF=d7Pn38vslA2sn&?5HUM2T!OPXbvpU
zd0+3KE5b%4L>@@eo?SW!5tfFLGdT!59uKDBHl_lBi6L@+0V#OU08Eq(O$8~HkwoPs
zlz-%!6)ot|V3CYOIT(PAV<MG5(!ts=3JB9=apQb6l4AXn#rq446C*<2y9lxNkXqBg
zX0<SIq`{VcydbVmAd0jqR>jtOG8G3LrBeX82JyYU(BUXF;%f$!1}Y6mRQeZ)3X;$E
zaOHWXvLg;LI}rm)?Sddl&6K4wV4t#TbPE&$EX1_DB|xI6FktHsPz!4Vl-LxQ03jZN
zd-%6+nWh64voS0rV}qV|4k;<_{_ac|p|@RxX079f;vzac*@9Is$}&o#>H;ZHkBu32
zlZPm&%f)09{z0`oT4rs{5RkxLi%z!iX7!bkJ50Y#&ZPmiR*@%Z;<TjYN2rAi!egzK
zOpQ&>r2aBJdeoL9`pCI;mHQ4UA=a6rjg^QT<2t{DD9_Gb?#)VgY)S$XuE>QYu(0LI
zxXl|L*CDMV{ZA6@5pYTu&94zJOqC&UN6js<sZeLNCmvy`V0UFl*Vt7x^BQ9s?GaG1
zAYyCn5n2J}zi5I(Q`xMriO1f;G7f3O2~eFMxTpQy29}R|SwGxKQ!i85=gaSdPsr^t
zVA+S$Fd7-{i`Ym-ouX$WD(17B1M(e_&3;?&Ne`XE$4XrajvElN+LJDmiXKqAYQU71
zlpoJ$BR;kuiV`^OMEg>g5E~W6gIV;xpOXH}(;5c^B7J5ZyK?<WTf0^^<e|Y!q&$TF
zAq)PHw7KoQvf1Hw*UZM(5wLhU)!sZ!ZZfR(^7j`KFI$ixff>*n6VW>=OPk=}h0^2p
z$L99%dA}*q4^yu7imT*<eiGD9RDY`ASyXrQsiI)Dt;nj8dAo>qSi<fWXz<!mlnwX!
z6mtYXk+;hP6a`+a0QKD=-TXLs?hxd0Kw*+(ag6|{+TViAmqf!d0yEx7DKju@j<?gn
z^L9WNWyTGG*<4griRBP>kdbV1HAub8tx(jl_~(1AdJvNUelsNG_(>TDX9?;U0|9!l
zpxo|Bie4=|2RKa21n<H*RDmhY8yg+K?QR*+{a((PeO677|29!wlKT#A1lP|{Jia`7
zlrQ{jBOb>Gpe{wvfmG1!!^JxI8b1Gee_OO9{`zTZq?_OKlON^hh{#}egbd%I`>WXW
z4KK&X!Q_XeC#-aKzjtwH&@eez?i2OavXAUOM%w&<yW8&k7aYm_J=eRu%O2e}72!01
z)h+B6bN_aU{h0#pTF%vN)*d$eq)i+8>Fp&tuo{2azKyJcZl+T`i(Rj)sQAW!XFzBg
zT*6h?C3UI6BuXC-^)T}Fkz3`xs1>ztzBFn4F76)VsDp0*mU|_OhZlB_;B<bGv*fwa
z`y~#>H|ky~dJ`823IW%|BkWHzffpelADkk58A=M;3``i@uipX>dmZD?Sr5h_G{_e8
zouL28xHL|l3uhKe!-hFILwJ5wW_#p9YH<s?3BxTi9-}F=dkd|fX1M8=Rp=W1FvXZr
z46b_iGO^Sxd1*LYS%|?bmYjIB{npL{`JGcfEvIzSVZ^<C^fH!N#!fFg=S&*l?`D`#
zB3$_oLVi~*?67g9wlkeddcHIf@RqPsMYN(?<OAlKm^{-dMh9(H)uG?__y%AL<MNUE
z2FGcKPrG8XPDq!`XtWxbV$or5L-d4QwK0-{7ec3D-%Lt#y7JgQ9LieIyOETEwvr<_
z$rA<}>*!UABW-HBdBh+&%2b_zyaJ&KB9{rPMr2xw%2kr`j=LH0qWEP$ptx8Cn{o&0
zDM!8C!YFi``p-Kup-^Te2xZM{1t3eZhic%V5k-Xh2M(ucVvl;7f`zkYLgOk45?wHp
z@Kj}_#ex~^VN**d5`uzzoFg{#PNCJOdDfHTjV=+Q<XV&Vtm*C&7Xl1`fgi=z*~ih#
zT{2%+A8JGgSZA|94w>83RkB(wW|3-*Y`dfu*@WxBU?@po-JtmC!Qx*tYJ`t;BBO%>
z#lZzeu}@_rN{XrG5X~G<AXp@_aFE+7rA+VTUZuxB4Dus6<W;_ZW`EVh3B=kE68WZ}
zfI*pf*Rvp+3sC=Ai-SZ0q*KT<feZa!2Te=FH<f&ZI&(QP9$>F;)4{f7@pd_H51*h=
z7ltZsP4p=1d&!AC42q;?uqw>_wPw4oyJODEl_3K=45Q`0|J_u+%efD}lX6Y~0lj7q
z?Xj-ONwFL9E2`RwPSH=sz)|7Ck>AMaXQ2xEJO7)bB(yt`73D!0z@?ACCj2k_q*!8~
zBBfyC@o#LbtbKLMJan<fF#6^-7fm23k-cUxJ*qxC%Fuk(R@Jn~bPb4@+XHj(MiIlP
zWXs*&kAA5k`aw;fHmy}ZIcEmjYEiutCacm}G^1<z=T^*ifHg_bJ8Hss>fqs#Bt3W3
z^qz3z5nTr2C>fv>P;mZCx49r1@|P+8y%&|dAd2d5k2*gRW>{NNX4TuC>S~bbX;P9#
z;$HE>6tEq84zp*P@=QIc4Z*{+zWpVz#%yO+F^WUN(&U+=*iqo4{$h;Gs?aYw*j#tf
zr?f7(j*XV7>BzW-DM8QxhKdoU%65(o<^xp_#soXAy_uMJ0ArMcO~6D)L1Bm``nX^|
zw!aV^<RUX~Sw>Ugser}i=_RvV6D1=CX(C)ovXS3I?S?tmxrA7!B0d(|&>a}Nwv+_Q
zF%dQ|Z<8*6+j0bk;RP6|2bhg6|L~I<{?qx)jriQ1-NZAZZ=*c5x|UGjal`i#7VOR#
zx4YBW6x%?++~k#>H7_Z4jO0~Og|$)j`VRN<O}cC~@o%KY(e|~v^cFl)3$^3)Yp>p=
zS7MT@m8M~Inu8xQ?V+BC9w#Xv^Q&TG6jHBN2En5Hag*!y1R3QFs{QW;LCn8%NBY^L
zqu@?yD<oi00~EQw*@o8Vv{Ew_gxFQ)YFu7fV^-P$F@I7be>85+DEE0`^*oUTUjF5W
z#$dD!D4u$U<hYlWCE3bA2B3hgkPQBCaoJ$8mLsJVXDuC0^faH9XeLc#!BNo%8U=(3
zIq(ZeN9nhwv^kOlAj_)EpPf&Qf?DnM@l7pIv)IY*#&)uAawgX;<p{;)l16O}`HGTZ
zHIgd;xS3WM(qI}&>*odZnaHe<w))mVubR)vO%zFv1l9$Q?PJ-T+qvNht1@%Bwsfp2
z>oMB6MLBKj9H1iL;F;c7I0pn$hjWO3xvgMB#Ua8GNeRT9??J;|QO#3vIt{9ztsTH&
zy&WZKK=SNMZofN7s}xr*#lOjE57sh1K+J9d(iMsNFa;t@WpfTaWZz`yC=9SuvsT&J
z?r5+R?-#X{wKS<Bi;M1pibUe<6kOXanb3I2r9~Xm=fE6TblR8y_BdE;apk3{E^{kC
zREWA*G+_iW`IcX(>=QL;lw7pozAdPtp~cya%Q%WgxZF9tCL-$<tJz0-c;+%nKSLY<
z!j4<H?w6)%U5dbd?awpK8k4}3+n4OP@QK(^hJVkSoy}(~3fFHszw}f6fv=fo!W;3@
z*$g~{JyLjliFb{D<LA!^A$%6Fb)90n1#)AWYdJll;Ad~QzO75Sr*b~JUh{~TTM~U;
zTlQ6_eL>oY^nkXgf@xBmkhp)vy$Xs7IIo|2$%(>TO{u-Nb;JRMi_ny}&DNnkD51}=
z1zS&5T<Y%em!)Sz!>2mAu}rDsXMRrk9Ws_I`KWAB8PFWZoIPrQjWYC;^Sre9x>wK?
zt$R)8u3U8fNnKj+t0&JV0h!f1SM(un<s`E}3a>shdF-X&xSdIr2Z_r}ng`PeuxM1_
zICP)SpvuF^X*L0a{-)fisJE5X9AS>Q^@N&$e&NmBdF446bEp<@Oc$v1#p^%6FwBP>
zM0I+N)?qcf`eT$UwJSiBQKlmQXm9v&t$y<8hPyzs0UZpV=`@rANq0Bzq`6`>9S^?y
z)8p%9|MT9&^^VW<QBM|+E{(JlP-4#o+iXXQH*_vK-8IoMl~ySKtjbM;*UASaM+JK~
zylc@aw|01{^Z@SRzUpPvw8Cyoq7|`~`-v+7@=PE|$tsRX*qGGU)D;6S%^n7m)<TT8
zLW)-*cjtX40BZ}t^3ly---eV!ZQ1Noav;e5>K*-XHE-<Rp+kb~qTXXul#}Vg=EE2Y
zZA`FlQtJuuNB_%5qKhwNwNKmmyyEfd!YaVSIpnyY`VRR@Fvqy>jb(`0K;!$wTVBf!
z+cM*?s+WONJnbuMmYd@AdiG^$_MP(sO8ai)zup5;2VwX=W&M*M1NzRE{X=%e#Ln{n
zq{p<S{^|PqCp}gV)cEZ4qYpP@<!1(ZEeaSo(m@TTmaJbQ@+$c4lhWU#{4kx2%T()O
z4&n0$>1CAg_p&fOwAT3qGax=X;&(c9jzEM?rsMJ8`QiAK4%BPgC498I;p*L|eTlbG
zvGNWsF(yDNf^mo$T|aT5JZ6BV+>$xX`%AE`oL+VpU*RL~*(mg`Kc7_Tg0YEHFDb0M
zEFYhjtH%pDnf>SG@Vw`V`Dxh)I}gXE^Xu*bER3Q$6)F;+ue!{dC*>o!sQxb<F0gZt
z-0X@p7CJKGq+c-@=k*4}(MmB})1tp!=SC&K+r<IrD>3(eG59z0Kexn+xoVN)b+jYf
z`ujLpYqSPoN0F0MXDZ8&aHhJGIXv)cBa86vi7&A2j!7XXKtpdU-0~4uBrr((R5E~p
z(DmhoGxiYr^Ug`ZI5T5}Tf*8QiQF@sBBZD-U6DEr7C8G<B#E>K5uirm@VOWU1lKWl
zH*f&I_8`?5Lha)J2j^?LT+diHRD$FA*w?5smeE<lY=DgZB1S1eo_;-|7Sqp&@L<mh
zDKtAoUA8JD6qWev6*;A}G7`p)tR@_9ZXxn+AqjD-mtQ8WMQaR7{<~V<>;2<1bJ_L>
z`HrWzrVTZd6$2Qg1tgR<YP^sa;I^;WR&J&n>JaxnPuD$#&j%ySUJ2pPRQ9$Hd*}OR
zI^Wms1J?D?`crXt2a+HV1O`z6O*Ov~DfO~of4TYcspI@98IGgI+T_)|8N<2XM#uD(
zwGUn$?uj~BcT;0JA0Yb;7M|{aiWxWjRs3VLB6;Y>X120P3aiyCYfbeHP<p{OeoSg)
z%)mh@Wj*gUxj&bj01x2l{@5e-g;k*e)@_iov}F8ofo_zr><Ie#yqezJ4cH{a-{whC
zgLjD|G{-7jQWTh4xevwhLAo?Y7R!e0{GOeCp)C<Wud&-HZ2>c{4YVqja-($1{=@PL
zKiuE8t?TTy>^zqCz%D=m&~o=W`TO@aV~~?rV*T4;sx@1(DPFm3)zZL$azd!#ks_Q9
zbs}!Zi=E=0)m*srpw`)RMj~fA^Q9Bm6;2Im$H<R_SY4x8D{JMKD+k6?FqCqjXZU6b
zmmXYoFp>p1ccY{1amK1*CBbwY;QR`;I~*fL7jK}KROdhNQZH%D0A`!=SdD^Zol(;<
zIZPJFf>x^~r1I%2UVMu)`Z_f4yGzC7*gwiuw2KGQtyb1<6ey5DEElxrCGOM+<O+qR
zNQ6XIbD&U$5qq;$X(BO#LuZzAFGwfcHOVcJl?sN1ci#<8*%s(+<3G(|NEJQMU?*ri
zv%Z83T8a7DCI9Fg07M_9H{z`gFqprz+LuS~x_9@WpFbcblIV`t&^95NB<wT~&8Dp#
z#n%=2YqKy8IBn6Eu+#mp5p~T=J(aS*9_6}U7L!j%-=Fo}e>dF-l&Qh*u)_xY%3=M<
zuOu4a)ZWf*-j(<>U+(X<DN_?TzwPC*Wcm%{CB{R`<o<<tE+Ctvz;JG@F=lC8b%D}E
zKXNBmR)3tbQZrO>EUWc^!bF84(O9jiW85V6ccGk2!)!?oQm{K1zc62g9N))#`LdqF
zqHa}+_@EkPRplk{MwIq-%rcfPLSf1sbe&>?N<%At`ZgflSw(N-;@;0MFwD;nfRmAk
zrd{?EuV9*m2yi35at3||)pI$)>d~3d$(lTUXDdp^B#5ezI^h;hCHIEZnK;MsCoi#B
zey%sK{D7Joh9w4q+7_Ey{`N9JRxt%!zJs43kWqWMs4~4taIHDPsW}n^&Dm<aRa|KD
zn4SO&7z^|;84#Qzaf&a)-2ruKQ0e~pz;|xFzt1>S2T+-50?UCfPA2H<TO(OcM%>!k
zdtI8gTc!F_$q&7T-jeNRA~S&HJFQO9SH@+lD%nzuRq3Ql@mMc9o?+TGi6maV*JesK
zBtaeZ!@o=!>`>=nW4sy{@OrwA*Y#bO;qH7-jyT4n+uk-T)UU2BPqo~&!RnY3h@A*z
zu}AS01;_~;ZZ^Nr+wPOI*#5+SsZ+tv_<LXu(p!XsaIQM{Bb5C-4kzmbdq8XKcl+1}
zabEJO<RycIcT9Lg6ubl-BplK-7x&n(Y{a9PrmMR8unR#|rF>RM%brc<F1?+P?p4+$
z>_+F?AyNc5awnsi88-9ijSUh19vNYijC2M53!uXwV66abXOD8`j|U!94<rn$g^Hq^
z(kkKMIhJUOC9*OOwinc3Q<1zoT7&@NHv!H@36MOn!!OB2bn-Rpi?`jh21J8AdmQa8
zSR?fTS$H%y!5bt)hq<20(7w&3F1#vOi#$l!1KFKh8}xoc7mt<}1&|*dF!@myI>ECx
zlz?xR8wMhvaV`Uxu$9x^JyCK^R*Bq(%NZNXZFn>}WV<rml++kyWaKzM0TqT?zXKi#
zmSKV|-!ZxX#YQU%p~S_6D>4e0MAu$)l-ha!Lk##?IDz)k511CWDE*cWtf88aOkCP&
zw-6V|4VeqGp22v~{=-fBAdzo&ANL{44uH^%4Fw+vH7OcQl55}pyN7vN52vA`z)(~{
z%yVdnH!?Dn_*T5K;|5%uVPZ4^1@QmE+QLiJt_{ba_>Q+5z=W@y?%qZ;2N$Sc7>S4V
z{4d_RfMUii1F=ZYtt`6#w=rtC0s9vO6sm9dadjRJhBAsW(&A%fq@=1b9YhodEf<Gd
z{4X(wxV~fU`u{S|_ohazY%{#Ztz!RUPwxE-^-I_Wc#TWM|D*5vIFIf>qW@#r{}nwx
zw&my8j{nD|VQqlW?{Baxi82nG_PD)7__6|e<t;EH`EN%inRVbKqEvg!lLYSmx9`5O
zN($UA{3$75l3n}Jf7Q<SA7a?He_P`pN%gIt{~;+&0=B^hR!c}h>_fOWGcW)Z_e8vi
z-JJgqP-y|=zkmS$M&kJgNt{IF|7unGjU+@#0sMcE#7G7y@f0NxYdVmJa=sl)J?-X6
zNum1|BT4x~fc;um?q3ERA{|n#`L_Wj!_;_-;t2m0yarrUHUFi6(SL8-1gQ5LXWELA
z3|szZot-;dgu(Z^7Vdp(HN}cshD4Nq84zk+!}nX!Z+J^QB?%D%vU8m;R8V44xmo_-
z{}YuL_!O!y=>G-w&y$jM^B99t?hPaHe;wl~9=6CEQ~>#3&kF!P`P<IKgA{l|ilEe2
z0Sx4Z#Sq_jgd1nr2v10nPg?H<AMvmFXRP~|tHhx=Y|;zd4*kWUgbsD+!M_7p-+kyi
zusR+Ei2uV=_}_-XkL&xFPT#kqopsYB5vIZ$@*j=@d}CYU2`gS$Rt6M|B<qi=X_cp_
z3*2TEr0q976@ZTg|CK;2>45%kb8|fwfUo^??f=Bu|KGKBPsNT~0?&WzRB~x~kMixS
ze=U6K^PU2Eul325D5IE&2IyYHGbNIR2>OJL&_$cV{4GL898(Jp*?o0WACW_EecyRE
zao4o=`Ma-}rQfy|jMyZd<czm=#5-|oykLdQ7vb#vuG;c?k@E0-C-hN2dAsAo<F-?#
z17SqFEo5-9=K69<6`Q@a-V|zBGT(p062ykrhp)Ab<-PYDCp%8W4VaYm+@j?XVC9xJ
zU~k&wsKFgRBp6a7S#}wI<8ZO_Qgc!EL7LaC8Z@-6z_AM<=y#f|Je+_IpU%=R)?V7?
zyRbU}3^9bb=mt;L&D{G8F>4y7Ws9$8@}56F6;6*u5t^lPtFIR(EUj)^lqJ@SVf&!7
zzfCteN{kuRE<W9m0-){;Bwg0g&DIoYmX1EAoWT9<p8AVSSrgpFlfkW%LLU>ZM9mf2
zc#ES41NU^2unuH56=!l5q+LKgKHCES_7*$ML|e4|#r1p*N2j(~TRAROC_>7@HR(w1
zr09Me_nsJCS<T`k&rErCn%6MvC`3xVQoju1Dqu5JL~5@^0YDuNWM=saw-OLNN@N#D
z%RH$&%lMvG4IAi01{aCR7DqDJY-vZQO0t_Q`E<~kEV<Z7r8a&6hpF_Imhve|FM_>1
zc&8U}?FG+`_G-xlRm*3-ghcVh<l#W6FnYL_UEs*p#D|a)#<}?f;X>V@jVwGoUyUy`
zX09_jFJ>k90|E!Y##HZLyh4Q3>xesnrT$8V;tv`V%Z74zMdxMxtiyJ1V#7iA{Om<_
zO)3MR>iUl%EC4uue~;ZeOsU;M^%$Cx$<=G#2I%d-x3k@^$?C=%Bumm!6QoS84lc44
z^sHS*Qpn47QdQuuJ!mg+&neeb)f>&4Ip=0eFf}x>0`@B{T;|V6)j3KbZL!jm-oP-&
zC(0BmRxchcf|Oh@_S01fq~F?A2`srxh)QgJ<tWPpM;5+Oro%6*0k=#iZdX5~qSqdb
zPh@>^C=IobO3XPEn1<REnLv%Y#1ldA6(y{D`<uK@u$`GOkgkRDkatdO?)!P{r4I%T
zNh?X>1Coo^!B%NR`X3Msr4?it(WS097qjw>%I8V&=1LvS&q;f&E4puwGb_HZx!5z8
zU2KMz6`9AJev#T+Pq`?bCOLoDsCF-2TEpngmlv3GM58jfyZ*A|VRLqaJGZgo#IZ$Y
z$z1ApRC6W8+-Hcx&%>1#<yI=YW?Ze))~!B~2N>Esw6ifRy9{x+vvF9bIQ2wTDM#3x
zvk@Q4dVWEVri9-UAz4PgcE_t@eO$^`BxW|@sISm=ACc$``a{inov3lRQe_@c<i{UB
zV7)`szR2ltehpe-=yy5j%8>>+QJ2V&HCZq`Glkxd_qxv=EN9@7bR7QZIJ4UB)0=kQ
z;#Tj-L7sdB@iz$=KW@rQ?gzdrd^BJb@Q9C!eK_6W-!I(jJ)GnAO#{q-_O*l8{bk7k
zS|XDB0_mrHas77<la1-08m8L!f%@M>vTV%%G@g(H*x3JbJkp}(e;=$*>VamxQ1t%L
zLy$NClZg_#gMctNq*z;If+_-Y1iycvY>U8o7MZ#D4{)`wZ!QiJo(tTTV}=FpA1C$z
z;6NRxv_QsRU#<^(QWvoSgknz!dfolqbPy(~51N|wZu&bJc0RRz00x2<WpU*&3;D41
z!{g{+Jh(6RfX5{&Q;y~-T0!yAhU=lz9)hInmzU!HWwPGq+xc!dxfO-8GH+^q&lyc|
zEBFacJ58Ew_?^^cd-{NP3;c0G+ydoSc)eYEt@NVgpZ$*tbh|fG=**~auTa$o(yF>s
zGsMsJ8QV^p0MtZMfDp4R<2B(*1f}FiHfNoFR}2?L05AFP2;)AY<h9(>j29afC2bK#
zvnhv*3}sCZgub<&hofD5;=8(`o$|*L=Lfo{2rYV58u)DZ?@6AIAN^O`2K+qSI6hvJ
zt!~_X=lQ07T!o$TlH%AMaJKhHSgvB}^GjG&Q2-6xE}jl=K#1>O?D-8%L{VJRl)E)L
zLgt9DMlR;!`oQJ4vENkXBo*d@)Aq77$87$GwpfBG-GrKY)blR(2G5G_x0=1FvAXE#
zXh^p)OBfw5UI;b%UVEr$gb^|wkiKdfbd*Zti=d3UIIMk^KA_4dXxNB*s&+F&M4@In
z+U<JqroQwh04TlyIZyf#pl~s`_^)6%dBHA7w9vym{}K=TQ$f*~!y)^z8LrzMR1p<Y
zFPO6#Gh<D7fOWhO_193a?akE{`B!@jYg}slCg(n7w%H_8FD%pGF&dfX&pT@cKO@ho
znRNdWTc5Y$?f0{GQpubAv}qF9blbm6@AIa2k=qGPfY#qRX;{`h)}5_0ruEs@7VAds
zGp3Hteh-3tqq!LrCTT+F`Mc6&*!T&(BXvJWU+-M6zTSgfuhRJr!#<w%Ariu#FhK;{
z?_vG`<en>{tA!T`=B@T3xuZjiygl$NSm$q9##m1|#)@yPeDF>PUxgrGP0Xk3GvM!e
zKJ%yz01kSbk!aT#yrikM+1H;IytomMWmqU#N|*gMD}4vY701fKO4k~f#|-ng-i?!K
z_j6^<BBy9x^^OZhCsM{(pxvmRDA@zub6;!g6)QfRq}k6#-EynlMK6T|V&5%_tn7!+
z>Y<U}&F<caSdm?jA1K)}7h8kNpC!v-zBAk+fRE^E2#}P6ALPFAWC9At%rjYksKCR9
zas?`<a0LCUG3l_>e&x4a{6rn%k0j$&MmG{>0J1rk7Pm$ahDZq=f{c*|q9=kuM@0~3
zO1bZ_FCVgoe4=4LYO<FnX0pbJ{b_-VBWG+!iICd;xlVPQF^h{>)hw&A4>WLl4&Vi>
z1FWx?)crMJ!Gk`w`_`qf_OQ1w_tDWoL(e!nScX)$k_VcXhv|o#3pO3EX+$+H=K{n=
z6KJA=_qUUG)x}+*;%@|%z#5?X6R5#QGaw1iy*;BB)@Vm=Bh?(Jm<3n#nU8^0mtcyy
z1HdBP$ui-7RKhH?jzpC5`1E}}dhqNh0r<xR;LG+Ul^+pzn3C)G4l1939-CGFRAM8i
z2&9oWZoLIUX%WrAyW0(1vn$PEsS_JsyyFuECI5^Z2d$V7A4Al-CZ^4^r=Udsbcr+;
z+*d4;_IFXn5<qHQ>L@q@=HRm67%%>k(*~FXwt_9g=S|sl@}8x~o(Id^ccqf_0EW>-
z7SkbL(8AAcr>rkAu%2b6GhK|R$9*jz#%|CRY`47bhFzKSWMPF>P&^28MA-&3d}m94
z)I@}td~M_|L51D6!^x0pf*FwcX+9{dEc<WxslNDJB<kl>POoJjs>Bc!UfczSv%BL|
z;0L>)IRw{Q`^GO{yNsflf6g6>0Ak*hj4Sq2#G@FVX56<)x<kAxY4~86KT~#{ebjPX
zvdQuyT}SX7b8NiiG|1$v<mZ6apP2(6eVeB4YA69DAK7V<IS1Xv`M&zy#ooLn_5KCW
z%-c&{4;brbMOvd*L+X@9kxoL!9EQV4dZu3$KgPNH_L-^rgjdpz%zAw&00Ny!%vo|b
zy0e^}p2LfM5E@Bge=)I5Ps9*(<FJzp8q={offF8i9DOjN*K1^4Y$nML5uA!MSu?=T
zL~Sf!>3vI6>%U)DA$E--J8Q*BOC>|vN>Y|T@4QnFqZB5PrRMC?)L9WTLc%Qy#cF7=
z*&E_&G>r^PZN@08<p_db07<}yg`JjKu;GRy9LjFNPA1WPiEi&Ewyjej@#YU!sr58Z
zwGY~&T8+6qAh$`1qBbKgPW??BT0CbHqf6EA^^B*1_A`q$R`7~ViBg4%7WY=-+Wwby
z!he2V?}tF^c)2(5?jyb=2ofcvup_8#*6~Go8VoV1J^h}?Y6#GW0d&{FCwWIC&Dd;0
zk+N8YHIkcR)M_~Qsn=6`zR&x3pJr{1`LzpehF_Cp{i0ad=k+L+|I&+S%e!AOV}3Wv
zPwcyKnoa{sQItQ%dOO{5(|oI_PyE#z%FV;+L-H}pawl2K3#^BUO~OB}Ym2G(6a15T
zxf&$cNsrby!E$u|1F$rHO%jCybs}qqZAeor@c34l+{V!Sk%WBo_PCCdpK{e)u<O)q
zO~{Uj_N4XyarKr_aYW4;Zh!#6g9Z=o&M>&UySoQ>mw`ZnOR&M+-6goYdywGn?%c_D
z&RO?<_t&iHsp`GE_FB``yQ-g;MZ_5s(Tq4fNry)JZpHcY54G2tngQ%eW|I(aM343Q
zT(ZVrpFRu#v(RuT;@L8Ut!`Y+f(Tfr4#Tjwoov|1v7?B;lVDXJ)}UEAIqD@}uF8V4
zeS)#HWzLj!j3mOvDz?ez5{pHLvc4bZ-@>HKz36)Iv&PsJ6xx;g9x)i)+Gi+pj-9mO
zP_Lde`zX>Q*pfr_Ml-7zyO_@)Q0BUmgN}x3e?e}b#As)q&D+eFQV{bJ@fZPc9am#5
zEZxt;JeF_@$qu}E!QU`p2EXwa^KgQ?8&xvWm9=L=X#$oaxi?`n&g$DoUXk4z`l@?#
zj6b>_O^jDpXi!_KfdRR1J^VV(!-;3}|FMWdoVPP)IX;-nNHf;0P?#uYvJ%7ID9%ST
z?72BI*!BPU+tu!5?{p4%#oEnz!ouEW?h(n7+^BRvq{Juc8SiMOWeMj5WS?@BbZ<Xh
zxubxXgEorAx_WDFJ@Fzkily#m|J|;DhdZzKn!{m`jbq<G$2`20m$SD~2QuNc$J8d%
zlvJ0_DK_!>|C_*>@AyiM+<1%Ox0Iv*85l*$F}Y>-fBZXi*Z9quCT+_lC_D|b%B!je
zp?YmW2%1w?zhpBrq-3P0f9i!<V+TwlMAynBWyKp*xL{~tba=Dun|#goT$`VKQfjF#
zB&F`Pq4zG3=@DOED!0$s-=0hiO)XD?5vt*FQLdbBJ5yI}`Hl5SX2w_F;yPz1T3geP
z>lx1W9ib!LY|t7}x|w+;DpDL;^+QLA=7e?u=*7q3;f6<i(cQW62+J?fs?*!l?#G;x
zVufSAG;4X;q*znKZ@W*Y^i<@=eA90H-iAoVKBDgS?2Pw6_q?9%)^v;&I;55YEC;5l
zf5jdZ<cw9;BCY&t%Zc{9)LLIB#f_qEZ<>r=Wmi87TYXmJ2YVQroiE&uSunE@6yCM6
zfv9+p&a4zIyS1OK^KM_t&a{i${SHP<Lf1rv6&dz9T@_<m8%EOn@%8-KG}r<z^cTPP
zsu_?nq*vbb6jrH=3+U=6bv(U3q?rC>pVaJhJ;Z90=kBYcBGRGnzk4YzH!V(s4W#*e
zo&ih0r>o7USlEL%mY*KGIcM%2?dlKg`s9ssA}C;`YV<$Fr(e%7m|#a$C<$mte*C`$
zD2V7IEr^@*|HqReT&bjxJoW1^$^11_@+_{C5h4V=MJA;cEY{b%Je>J~2MLky;(1AZ
zS5{LoD|1<2>Z4g5@2tIM;wc1~a8_dp0}`mYP(*O2E!e}F0DC|n0v5y5T_6-ww`qG2
z0;rSsv26!mUtu3VNhzH17L;zMUCuE9GxbafcP=mR{(5={DRpEz`u;a{Ak=vBVgLMZ
zrhs341UKk8W)_oS4jd=Q-SzM}&y7WZp(PmO^>K}Mu3$hS5?WBvNOHpp=jZ#Iq)=fb
zdIv_FK7nClPg8=Bn$QhYC3}RaUR{9HM(6e2XgKKjD@P$mSU=;ixy@**G8DvD_Mfj}
z<ewd!rIHUKTzfY>SA)j$1#P(T)=u;q*biQ?3bGUz);O?PT5hC_%lK#}To$+gY&gL6
z`Gm5p|FMDAg;uO%@ipNH!u7437$DGUkA7J%cXycXvY=i5@MA(!GpK=^e8Cb_rMSR2
zUt{?w#$;-y&+f*`oqsY}^*2M{^>p8`{cRV#L1iGA(cy0%>399vfWNOlb<4D2T^GJj
zvJKPYJmDVKWx3V#rT6P(70CbT#mz;rAYg0P_LuWbTET#KBUd#m)nB1>N=*BT$W%NI
zdbQ8S92>NgE6njb=j2fBwRSV0rv0+*)YkWCCy9?N8y=<dUcvBg(|Ln<>i93E(snuF
znwQ9>IDc-hX=fBx!Zlx%aa7^LiBUDZq+by;`1N3UE0q-Z`MfMx8Qn;N?i!iFm{+H*
z?tujP;)ucRckS76?j#4kXLUidq~RF_%iVm>-uPxuU-0n3J65~UKO3k(MHRLP-{?*s
zV#A9bu~t6*rWp=6yw5pTkpIjSz0Cg^{%aVSM=NyjOqeRKlX)$qbFa_$^fAlv(&gb9
ztjhIX+HYpQB6?YAJe`Gh^>HDfS(@I^71k{DSydZmyBqxMRm$vt*P8YApvjil%J*=*
zK<xf15AZSFI>ROLa>%F!@#?l^HNLuSF%_|%k2iKsAgP_lEEjC}<zM$C$H?BkB||oX
zez^TU!XGM&D`qmJs_V<N(#`7n>HMk0>WsPLskf^0MaGJ$IpMS8{ZkRtS1ckGSP<jP
z8sGpkqO8zgFrRfG+NKME>uqM=%4Op=&A)0>?s!Ab?kw;t*-=s|=)Giev7?j7g`7Vo
zT*Ak$0%o`wIRyD;&>m;pGRyBWjX6=dY8e`xP)?8Zx@KAvMB%dMaq;&JLr`(i{P!j(
z={)l56TW<Ouxg0hXn<uyk*Ofe>DN=IcH>h(Wza@LJ8W|Uyn=?gJzj1#EDG~qhrPS;
z*A!j4&n_E|_|fc~pdlaJ`@BN?5Wq>kJ=+<KO4Fa(a&J`6k9hBeNja1mmBNjt!i=gv
zY~gGBHyEk#@!kU&C}Ya=K4a+h2;rHnya#Bn)K5&oGktp8dgyZTvU|4>>e{K=?3N@C
z5>)A>k8*5Az)cbyZHE8Skz<4r`}}e<>;Wo%oE(L7(|oJT1X;(ww|Rwn3|7AmJ*%uf
zgETH6+ToVa>Aco(@|`$2zW!3X>M=5e?Ga+}$%*%9oMN8g*5LMH#)o=132dE^+!<w@
zKy4&R`tZ`2XYGD?a}45W7bDDAxv{NPGYo>u+hD}TccZXaFd>Qguq5xDiGmY_SI>|0
zg-AVz9bb7JPz+I)O9SA7mN|is6)rN{E+ZtA=kWUuZX2(u--xaw-##8-KbuG~FH-a|
ze4((sW0t4B%<9{ac^VS>q}|C%4SzvQdoDr{I7DxnCjc$WzKLTB^Gn@1@8asNQoqEG
zk^|p<Rj_qJsUZ~y<?N?;y05Ia%?8`nCVuAe(Q%JuAOwmERt({-#7*h58kG`OzD^*h
zV8ixz{zd)t2*;+MoOji9q|Be4`?>e^U&X)8Y6i47K3%p`l{%a&sOf)nM?|I>3@eRD
zauT%2^_J_s6;qFT4iLkRJ7>Ad@4pvW$L9)n)RTZwBAqIp(;m~<v?kFiMYZVp7)uY+
z*D{B}0}?>3-~-_Ij3UbrDAls51+;yvN`*nk_@rj`4L6^w^s5L)+k=>ptgUx%HkVMI
z0u4#}WD-i|E+xYkF|XpB9BG7Xcca`|y0|ftI8IjgU(l3@U1)86q9I(E(#S#v8U?i_
z1-IK6(8~M2jbN~CU|qRkiARL0F5s&CFWZ(=N<l*^DX=I9q8T&s%1k)1q{K|ra2jzK
zauTtDyI`Tu1fIh+ujaHCEW0J&GJbOAkuixf6-o75{NPBUH6wKzP9YKhD67>gf+1ZJ
zo0w1OojZKV_0y}Ai9Irk7Cl7UeeqZKB`PaQ3T{NbaF{JsTqy2$UfpqgoS`drdAuR#
z+G3Dnwux`jT9w#7OXS_E_mp()m25f8UWx0ZK-Vl2eCi4{@gTr6b!`!aqJorbVizx>
zU=WL?uhhwYsNjMfI?z0Kt_I}_CPMD>po>?W69of==Wrp}3gJ0Ga1LX$>`^k?diXxu
zpF*tA4xWh!)m!^5`$~;shspmJ=K%T-&jCfYJ}3-#+>?yhH7?BZiY)8|fO)MA^bkTE
z58lSeShjM>tb#4J{14GV@d5Q8(E-=$(-S`s#$BfThZ8N|9D2x4awHc;`@gXm*|B`^
z19Dr4a?T9L`X7~)?k0o=pC@HQjd+XW2yDm^a1L{H$y`ddzMOmvGXupZ&LMeCI?^DZ
zz)_cdn;z93V&M~+68)G!&VP@HB?vPNsfdIbw;Pbemu?Zkm;)23J`w(h>3|q0iO6!T
zv`ncpTVt=~q$o<RgudD(OXvoTvQ|6~s|Zkl_Mtu}60r*;mpfI;s!4_O(NGDiEW+w2
zaQzvk0oCdJXY0Tnq@JQoX)KG{by@fM^#$t|&&Xb-jtmj|1=-lL*oZKTPm+O`q`QLj
zAJid$A0`rI5dHBaoY0Dh7Z2DjW6v8_`7zqH+|3p#AK66rLY{a)hs{Caw5vH2U3j*Z
zW`|2PWcf=SB{#*jd6B-F2((e8%?3L(M2BH7-Dn6wsNWtW<z&VzQcJFmK0t^dI!b30
z{kEF9p~%TwEf+5qW?HY7AVft`QY<_Z1_)!pr7gBPtah21k(MDH+@N?8_%ubL0g;hl
zODMp^6C>z1zD1m(GFSc~ET&7w+Zabw7uFd4LAvRX1!G9nlw5n`M}q2yZyUYvyNiK5
zU#G^ozPA8C-9`XQc<6p-KBBBS&nk_g>%zsN92ysIuFb(Y++j-cQ{sZubeo?_&RroG
z>C@j7DJ@~5pT=?eqn(wNe&K@Z>f#gXcEjZ^UIj#>XJNmX+9-YCy(sv3mPI;vNoN~D
z-Ff!c#}J7iFOL{qH{k#d>+9sFy=1}ol`d}Drh!5N&}OKv22i2Tc`;Hdufz(L*SP~h
zAd%|9Uk<sTd&58;g$mw?I&ae-Ij2QHs>D}lOb=141}<oti4!*qu|M!z@pk*%l+#F;
zTeABWbxAXikvu+?{M3SpD4kUzA4MHIgYlqVDwzvhqa;tXrOZFF0}Hp4Pm-gui;4y{
zuRSeD1xgNeEpxuTwgb^(KCi?$!d)ED7FEf&zp>(k`Va2FvYv(QnjcuXpZF7pNLUtQ
zwDEweedI_zj!Pv^W}i?<lTkZ5ZWO(8W$)5=r@Zc?(=w0j{?QmPa$jEQJQzW8!0uZq
zR$0YvB#s4&j$1Bn^01fdJXQ9?`G};+x-&?0{{P?(@kZKiGfBn2DA(>I2W!CTkQ=T-
zy-GaMKD(%!cmc+Wf1*o>v1mC3Z`8h(I(eGZ$K!E@$ibr&+A-~g2^m}M3WL=x4JkBk
z8^`igLP`CEoH#*^9@8U<r;Rz`VN1M`mYHOjR+un&I%2#{Qg1vRE|eX0BoGP_EDFj<
z_(qR+E<QdU&8kHyCs&ems!&Emb$5g+DSE#cytSoS@#YND3Yq33-8lq<Y|c+hmN-&6
zWa(h~sSo`R-6-&5f}=)QY&EQOtg=w})(@$DD^??wig69?#0a|`8l;xo9{3{>`*J0N
zSuEWnA8Gf<7|bBuRRo?I9?(LO2&(KzWD<?}{Q<=nR<l}qtqV4-?7XKC7TM|%_8F?B
z`RLJKiidoI5q&IS^x7q<V1{t)Q7M%aY13LWKAA|mCSyqxulgO{w6WsjqvZJ6*98kb
zu1UPJkA_U7Yu|<)t*ED+@B_-aE>q(jGSFOFhHA^dCq#vbD=r*rWq{g};j@BbwJQH!
z)d;ItaQ1pne6<)Gi&JDcA5j#`HRC_vd=&dXwgWkY?cnC_S@cv6WxXsKn%y4<%}n>>
zAKO7mF<FBG!gkP}N|J=I9rSKpeM^(r;efCgaAtR><(^5hTocaNOz50jDt1W;`XwL@
z=xf4mN~vj(HVc~OSV#*gzAsLOmmqZafPYvuv*1`#VUT3ieLX;4)lMgs*h4op^UOgH
zF{V|X_pGxL;qa~S>Q&?6b?<f!IG*g^e0u$Sd}1?%<Z<U=?6H4$exiCh5+q+m{AZae
zU{a=Ehd@U$64c5$BuLySS4NxyZ6#a5I+)>K&-(<bWy|M<Qcy|L-fv`Z4XZdWZYYpK
zQ)%_*)9U9b2Y%FDMZa7XX4k3RpGff0-Hl0IZFUP^AZ%W>ashPyItKcm-KC^H7S}}c
zr0hlK3h7HSSkD7-<_Jr3lsqs_-Qnc*mFFJw9_?Kzt)*?=t9Y|Vegb0{4KfC8><lr_
z?_EK5R>YZ=9$bg0mGWup<3#G5O@&@T4jJYv9QVhX9`(lh>xy3Q`V|go9xA!H(gfo8
z#{&AB$KyJ}m#wdRl;W|(gN+^Q3C00t4A(xuIz2~$v;^OX3r>&e-;(Bzyv`0UWp17)
z1+yzEk_Bqxq=z2jROGG>&&eo%=adP?p8P;D1PPPdqc5?GHCK<Lq7_wQp_-h)P<5B8
zZLM@5m~Tl&SUu>VLPYCUwN%~$Np3M}qi|f!V5jltERlI8=b7LwnYxq~6>=<`9B)fh
zUC0*K7#5jEu<Cc1y|yL(s3{lIT6gHQVzG&$@WE(s2o@KQ9{60RP;y{{)P;td0tBKE
zRf5g-pMhP>Xc&L8<8T)!4NSA!qjCEVW5n3f=NOUP`pu!~{=?YMt^W12vjMk03;p!d
zD`oDzDLY?OtiXhmE{%J#6GnGg)U)eFYAzuR8-z5c+z_+R&Zgz38;Yb4gw+%(dOejI
zl%ZH3SCHIQmhNvB)+IyED%*K#-9|yBn|7k}gc6FMhO*us<8kR<Ea|1jgcY#juJ^NE
zPJ0#KW?V8Nw5@wk9{hbOv(C<1CYBj#=X7SACOKYuo4?lWKPCS>=3lg4g}>2zW`6@B
z5e`<{922foq1=FYDVjJhoPD+@8W)(JgtV;kD(r?X&<Pl#d0!g@B5*4^cfWuR^VZ65
zrq{7tU&ylUD%{oTY;Kg7@oJj8tPiKfca9o!l9W%B)LuW%8GS#0ze9r;iZ$&!8+d~a
z?W4Y_;0npAa74pDlW7gPRUn?jNAbpsAzrTpp^9WOqkPYt$3)0k9SOo+v~C`|F{k{#
z;3LJCD}>3v;ASd(bnxjEp1T+nNG3-P%61SX_KfwB37J((o7wcYvhJK}FeF@QzZMa;
z>s-1g?jL>65!tclIQH|eFg09w7Y-w~Snwa_@52c~TX7kQo-}nJj`O;Wt)?#$sm%Ib
zHJljxG*`)Z<P0p>+tROD-p=3|T3$6)Uyp7%S>tBtlQw`|6|Hx+c##5)?%`rcNE9iG
zDwZZFdoM`uB9!`77&uqZl^ML&fA_X?GTS*eZ858S`LmsN>&>drtoPKc4~-CiCncy_
zN1KPE?wRaA7vy3UH;|X!dK=??;icu09YOV_&dbW>es_{IDk+PAyC|4Cu!=68xovV0
z^_m>qwC!tiTJNJqp3My^-jL<>+GNjVtT^FohkF%qvaP(jYVD9-&}m<_wir+S=B46H
zZ$sGb!I1W)-a|EiMOSunTz$0I_}W*8$#_cc1?@osqz3CYK+bQxmS0CW4Rr12TeHW*
zTZw2pPP*hkFC86w0xKktO@#Qjlh(1FAozj<TT)Y>Jea~dQxZS}sQ8_%D<TtZd)VeX
zY!65yCO@5;Gvw#F{Ke0eyQTaeXEr8V3dqtfF@)1NJvv$S;O40xkBgr22DwN#G4FS-
z#O8s%dX$&np7fG1R(gxAo<R4ixl!JO(uu_8$cyFmD0>Kh(fGn;>g-fA7DAKnUQkMM
zW(9F?iybqAEeb&nlA`v0-p&+NXjRLp>f@!;;!L|yL!n#dY0oALf+Gouwys2+Wsfuw
zcnz|Z;y+i$C%f_3yJ_Rc&yO&F=w>`k573Hl8OD3+O}ZS<7JLaxS3pJmZhc**;QRRU
z&H20=3YK0apX<``Ht>f(MxuGgGUu_H%WavS0j)esTHh&1ij;P(U80K4;_j<L;g!N-
zT4?8eo(y-$;DwL=`v8&&Jy<>QS{V1Wl>JV4IW=Hp{ENQA2bGKYvbUf*DFj2~ZlWP6
zstj@^&330f9@1W{FcMyhKXP@&8LLiBHIe#PqJRFpCP>SA=+D;k-hcW48u{=(+V*98
zMpO#Xu^I7>%ogQm5#a?txJ(3>o9>Pd7|2y#e|HSWNdVnqf6csMtl#~=W$ypr6*Qqa
z|Cg`8`G0%`c8>q9bGJkI3Om4me1(e^AuMH#+YjHlKdwLk3wAhAi1i1?TV^;u-y+uD
zK-mf9@Qf?l()hM;@t2}xg7IH(m46D)?86;oagwy5O{5yX9AE5`{1BA}S@oSztodi3
zgM-|AVAUp2yFYF7Kd^9JKnsEB<i9lFe5+5ge|U0!IK8+ho$wGwqAs|$|DYs8^6{88
zI)K!_!=Gn0Q)p;&wljpCJ5?_+1~zb+5(m5x^g)iPp%Ge{AmH272+vY|_ivOt+iENU
zsU9{4G>g~{AI9*9jaU)*-ama<N<iM-;FQ=^Vw8^8a<{I}U9@Fg+8-G~P7fD~;qwW3
zACotD!`A7e=%)1c$=;p^VWfm{WCa}llpv59iCD&>LSgIsQp5=Qy}W`$VuIf<eIK?J
zWW;;XV>pEd2c|B={3p#sW~)XQubBB17iS+a{rrf(9Plb!A2k&5E$+FbpY=0~G-Afw
z0+^vAx8otruSs53>ALqI{c6hR)y|X`HQsGN<3?EL08qDvZYv${uIr^M7=7)>KCM&a
zqT+JVIIf>Z*7o<PX7@|QWNiku3G62z^<MmBNezF+iri$kt>{4R0Bse*Vscjdq}@UF
z-u~&eG0@o(*gR-DZ{qsm;`wq(H^57eOee@H5a%nLin2BA0+R#^h<tpYoK)2v{sRRc
ztiUZTzM9k8-ub?{7?K4kCG~y5!L;3n6yM4&e<KS|8#@B#Za+U!<}kP3m@E2+)t2UI
z8s=(FA9Fu9mY*nA<Ugu>-q+8?nA92fH!Ssf>?s-ufTdb_0q>Ht4(<CqdO>uiS5Nw7
zS8%evmn7Xc?EV6cR`(IL7Qi_l`o0g%O?;fOAs{1aUe#v&?j$_ia*+DL&Q(=E!uDoG
z?H-@-xOUW{^4PwPw52=0m2)9J)_b?&P9}$K;R!+`Jdc`!s&_6^Ph!hTQ4TI<%Vq(t
zgE|=8e}#!BH<;X2YMGUNax-~c7ipwY^AWizmGLd&O0ou}j)P?h>yBC}W{OPiLvhm>
zU0g}`-T=Gr<2AJOH$yjLjf8S0o#dYu=twK_TKLs9IjrzZ9Lq@8osI+gB<azbHAz=e
ze*ebK)(g+}P39BJ^NHB?fi&ljk?EOAZblzP_!F3&Zk8tRI;ZRVh$2u3if^!wmz~!b
zGx*cZR~~>mEerDZc57)YdxK|&#1W``3KJ#02ErwWSEWv3p$onM1e&L6OoTl`bC_eO
z35W_ES+#ul#OlA-!+!P#^UoVswVFR0?goR+8dY>+20x$e?5fx5&ezy3zlfE{((C1d
z^>R#_h^$JqRJ;o5Of?dVypC*QIGL=vG`H5+HuXWih1SPgHp~>XoN<5PtyKZ1?NJfT
zl3TFs$C^xG?Gk^UT9+hUt+Y$qd38Wd?MdQ%??tECOh1?Gip^I=ukcHA&=<6qiZT1=
z3KRJMme%tno^5+i&W+|E*l*)8of69w{dM3wRxrkP>+nb_z=Zc19JsKii9lb8O0e(L
zNPxU8N+yFnY(ZbM4Oo28VWii3`ocWS{P)&XJ>5}e`L1Kz8~O2Qy7M7aeZ+3D{W7e7
zv!tKBKOk(F%AScy59@bgd7Ed;9xO(itGgtX!pXzTh^9tN>V7RIu)(>AGtE4N4IMw|
zZWsHw$txbd(DmzI{3V62O;F`+Xoa~kX<{OlEnEi+n?jY_e}nTgwM92bv)L)GK8ndU
zpp$Y!(FTyr0&Z>6<17`@DmhoZs5zN~D(pnSIg1|yF^sme${vS`{&*Sl#S)^B94_&0
z3su0A(bI0s9R{R+N1vQ^Yx$tXc6aeL_Y}_af2t@U&JbAh$yaDOXvp6$L}Qx_ise5_
z9nf4X;6OAeCa`!kv<}!h1k!%Q#>vY0-xvjg75mlZTYbZvedru7PiiCNsr+R|9jrBm
zHkzqiG*fN^EXNt1<#$OmS_4#CE5NqgBCHO<U1T)P)v80j(ays&+(njZSNiorF@$`>
zhnB8Aen}nujcMx??cttJYP5W@Cv}>>Fdb%J5-A!A<VcE6LpduWV?W6JHKY?cE99c>
zHcoq@qK-V^vs@6TLI^s`&%exqXq=KpzAul*7okYwvh#-IDZiYQDJib?zUkf08ey9Z
zH^2#RDt`JRr?b*sAwr>sUy;&9?Ne-Q&|fnvv^l|M$CclLu*yy<zVktQ+Qot^D+jw1
zF@uI18}tHEBwQatwdI;+?;Li<(sJzeqHm77nhQW$GpiYa=y@nAM^26dZV{;Q4rshh
zlZDMi5+A9CRSB`!E#wzqiFX2nNemeIhI(7cY_?aS{|x=^(bdLmHbtFdnEy={-dFOY
zoWA~-8*HAOk|Ck1Q9{_9m92I(bV)gV^DhplFQDJUCW+!@zL{?h)>Ssv-Iw^2(=y)M
z592J)Tc38uezatC(Y8TX10%hBI6qjbq@FbWof{3ubL<UPSqQs4n{~V%{QCa1k0!Wf
z?Ge-a*Pa{vt@4QYolw%Bc)jcNB}4W_O;#%u1HZFO@&$QP;emGlm~AgP6Xjm+J3{ay
zpbC_g6*0+I$o)Yu#;u&{q0iDbl^v8CTt{g`II9;{*szbN&+>P4aU{P*@3%tp;h~XQ
z*CuO)@B?<$tPA=VZ6^d5NghWc|MWpDU+B}f4|l-J+`NX1rO!ORM40=#1P{%0F+(mK
zRS0~;)1OmH`|1Y01!v-Se_0{8tQTFjC31qgHqW=$zBY19Bg!#a$R|W2SniaE2|xD1
zu^B68CWu#(VBy7vWzpqr2GWRVn5e=Ud=$l_UBqiC<=RK=W=Pb+a~7l>luh8j{#fe>
zP)>?*BNX#S+wdlb&m9X^T=uNpvRt<tF5=8JaO&|!sUjIZG7cFmW&g(GPA0*tp27rr
zVAdTh;Gf2n-22O7FttzLpn?2aTP3r`PW9;sgTCfx4tUW`q{I?g-Q5ApCYM9AF8Q4n
zNtoF+Yk>>HE@d%3v-xe=&Ou87!`mQhtE%?+W(O~G;Y8GaPc}8;icQy`trG{R@sRL{
z=^3l<j-c#^E0+_mBiXp~K&a^K&u0iqsUhBgLmIFql4dQz*vFmUM=(bo77d4<_07>7
zLuqO-TCzx9B31enQ&Kvk;to+-^Lt)H`}(FfORr~-dX4l<xlS9EA}#G`P2U(dGvWj<
zKTITQIDmcg?M{0mQxrQaXgZRO!G)nrYl17904f(vB;}YEW^7Me4R2v>SvwH4ODUX>
z1ZVktmTH4k4jsVTnu9zyJw@oWsl=p~%5i8*j}raG=V=_)#lU6ICoU<xF3vbzRYK@W
zz0J=8J*QO#nt0-lU&NI3XHLsg=1JGpmR%-D`a{|;PY|ag72uv}&IyCOsWvAb=R+y&
zzCxmPfG0lM!ZYeFY~2r@rO&aT9jC@{#$`_7zPXJYz5Zw2a9PqCYYrXhnvlz$fo~WR
zy<S%cl*-2^t;GlkH7(Zkb4kzpWug7GtJ-mG!}&gTp)IA&+?IMWr_Z~FG-p8zP7MAi
z_eIB{xRGY~k@wbUquji7WddkMzhu8jN<{bI?loW&4=9RG;Ufs>eSW|M^#nqV<o$pz
zj<>2em*|E*O0IP}0Vp-A%YE7$S%t0C-VjcutO`{s>qD-1P(PTPQr%R9aSoB*=HVjI
z8AzPA>W9<0=xsr0o4KCrLArJAA1QJ3-v`>WtG3vP5PUgZjEdGSnmpTb-b3k`Z+@w@
zJtfmAwwBn&rNFPC)sj~O^{#6nVn7J+*jh$pF3rk4=YL=CUY|Ys)Jz66>xKyjcgbGc
zli(@5-DdchieIV^OlM?O9uc;9Tz)j9hVxTUSIsUFp0v`D)^08NG^tlP%g5~VvqNK*
zs>*KF;-!d)$vr-ekrw>yiF0M)$aj9C@s&L$1Xhwe50lRA4qWqt=u-QDl)0@f-s&)B
z?Az<{snW#zBK4<s2C8CGv3D49oloBzwPcYDj&xZTH<?Hcd43i<+?7dBx2<2d+gCRp
z=r+_=hb&rG8vvwKYSVX?i>=uP3l-WGXzst$?nch}0CproPD+~!Q|S`575H?1GhcYH
zVJUQ32|{j6v<37aKbbh7{jICZa?<Ej`cxH;WId;6E~a|uTa4uok-XUYDXr2bTWz{j
zQo!$&yMy~s;{=hS!#n*om5i=WRZV1u4kayjg=3SgOrse|Wjd^TEEp`iaXwsNBj=NH
zmxAMZb=seFg3*+x0x8E|Oyrk;sQ7oy|HyAPBc@#^d!Sr_;1vBv6<}mV&CS=BTol~G
zEj5}&gj#wMG?wu|HcCc0?J7K>8Je))=pVgcNEo?)om(x|4*hBr@d?RA7_K~vEHQJ8
zz-f?wv^-<N9f>O?nEzG4%~2E8k*MHf5Oa$+e_*nB)NW`+eecC;^?pyZc*MY4ll6_9
z^F@2(7Mgb*G=)$gB7GFBlA)rf#pRJec{+qrn9E4#bY{9(&`j-ju<FFZugP4yh2q^H
zoTQbnaz4Fcd;1u~)M7F)YHu}kn;#_mBb=tb&!f714j8ePVgRb@Ha7)a%jCkIY_9!o
zStr6s8%_OXXHhCWZttFN?!KCg%yP=2BHXvv`uF_?^ve53)}O0*CCGxLe0M@Oq@Pa<
z@6_=+ns4Zqw-}pXve@bv@09bLaPlmfyaG9;aqW`Ady3kgKJB+WHRn0gqefNkyT9!&
zo?F$5ie2OI6U)-3%0jb)8yKPq<QKv=SXFxoVmWIZD6z0CKTe#Y>V<>AJEu&)ybs-X
zsCJZq5W4qRlwBomN~@RnXv>FDy&bH-qB@F?u20tr^i-S~OouL?b7tm<uNXu+-bAjk
zIEj2emK2z165ozBt|wUkoMaQ7_@<oon&@hIDi<cRM~(pXl&$`CDB9(-pqBt8dtCmX
z{u6!uJXY2}s>i?`d=7W@Z<ej$<BW4QN$fK^pn(Pv`2(@WlLg;+6N4fw<ry}Z8i&Rp
zMp}QC+hLhQwG+d^-oaS3uk^%<)7D5i^zv#;!#uwU)g}0bzfl+qIJLaYWOVs<e2$qC
z43QFyEK?i^y4|@PqGN+E!ra<O0~sw_!*Z@_z3i8}7({kHTiRAl?(bcDJFs|c<_xD!
zg3b*~{B6-r8O`==^VT{s6voj@-ci%tfg*<RMYFn?RY9|d>yKp{^|ROhMCl4m*8dJ?
z3@>&cx{98wJN`Lrso1(%Z5vfKT<J0j<hK2UgMkT)N#=&i!R$$q?Q7!UaS4RB{LIt~
zSM|~A$ADRCTm3DHTa)HvKU)FTPd-zS>hjwDYwcw3g!TL7lSxm>0`&Mj5KTX^&1%03
z+tBJ4W4_!0PIQU3S+;f;88O_*-|$!mf3CNy(Lv^{!NX(6Yv%63s@eUB!r_@xX;IHd
zMfmPqN`?-GCw{g!v&RDZJf*FT2KBtX?mU-1TaGeWN?HnSVecH$s~R74v$`nZ7FC?4
zv;f`R8xfp+cBq~}>X(}SgV}=mAwPH^VT~BQFu4*AaArjf%lItBW+N*(1*&B0V}}rn
z>`8AY)K{L(^?w;J7ML>%`a2pc7l4F?M1_Qvi{sxXI64)Y8;oNHr3c22hGwB<Wo2jL
z1aff!xJiIORwhn1762O?2`eWX6E`<E3nzdC2;gR7hkOSs=RzBUZ_}VDz`y9Bm}xjU
zm{{02Sh+bN7930f04v)+KQ=ZdAUh`~07wF4XJ=wzhve1}KRfVRIy4R#`=2E8g)<Z}
z4dk4htUy*)4iX?6Hxnz6jRoS&#s*|!1#q$fA*W;oGI4Tnas6}N2lJ*uvruueG6A^(
zT$~UWRyHOsE;cTR3m0T=9Bf?dkZH28FabEZ!P6K}IAEg;Xj<@KCbSzEHyxUl8uAMZ
zfR%-vgo7K%1Y}_c{+lTPz{JiD1aJaLIJf{zY%DC0)~Z}+0q{%~Gyr@BaijTna&~S2
z%RdViCU!Q!zsRrwSeQ7tS=l+bNjQL<Ox$d&{~MXEY-nCETP8FM4L2l=>;NDq3&aAz
z!~)>>Ph_}RAaRCV7l4F=19B+<w*N#%034SCZ3*Vjf@Y>+Xa5&GE+7{>34j|CJT~@!
zju1m8E*5rfAdm#W#mdAE_<yf)1`L-C84tk0!UPE;kb~vF{J6Q9034ibT%7-3KSD4X
z0164*ln0Fpe#wSrriFx&iIbZJ$jt#62@(gc|EwcB8y6EBWGx^|0bpfi;^O?bj^t2e
z;Mi!0<3kSQNh)Iph7be^+kf-s#<gW*$RPxTW6hi8E@y4COIQZir9Lz+;K`bt5s5IW
zj`?5>YrIj$KN;&%s%14<e)d$>SR&&&Gq)N8293qV+~KY3@QcJ0xd}?~%;@`8MP3_~
z>Ic>6_^@^VkatDiEIGRF0xoP|I{PjgC1~X55D!}JJyrERP`=Y|^|k(aQDLEIOTHGk
z3qa?#gicHja-5=oypO-$E)ZKYJNdr6CNf=a{YWw3jT%U}P$!+@axwcF9YHG`g*W6u
zUu(0In4s`}h?Lw?uKf~j;;!6TY=lKF0-N`B(`})7!Ujd;d*`9A<JRq$qZ=cW0FaO&
zLx}Izflvo8DQ`T%qu7X$Avb;;XQQX>1SVhm*o&>^ew#`y2lsMp-E}uMm5g-r`ufRG
z%9b~3hfX2s&1*ydQXlK%;hz8f)1+ZX=i?a>#?hYpeG})xObCDHGQ248S!u|}nMGhI
zquPtwuybI!f_LHkU0}_(_4!Hy6U1$aX)8mKG>R}vnGj}{!_ye~c_JO(fi{D~Z2?fN
zvuv7Pa_Czf{^CY8^hg;cApd32%J^Z<%etbP>bD5%ya=1z9#2p=zq^OC^UpA3_8qts
z40#pe?=CcGJSou|LMk#kli&}FN+t=Ps1k_tJ?5OCJ(A;C<TLE>HWWUD#Dg~1P{W^O
ziqC9uBM56GD25x3wHAb0R56VV0R?c1C*%&Re6SufMs(_hEn~jT=$1Il@kT2<THCou
z+3yBlbWC01F;_erqn|jeLiZdBly5(PNxttuALY+PRZ!i3V+!&f^&n<NVjBIOJL>nU
z5oS(DX23Kel;7t~do9+)GYq;_sJiZPM?Vq-=L*e&SRZlTJI_3y46+bJ`-=~K!^->&
z)C`9tFm)>hwT%8;uH%R=wVJh`^p_M@bv%wPf*$<QcV9J7Hn-OuR)=*xdIT%MaF&$|
zb?sCah4u1CJ;tL)r@SkTmxF)V;kxbD5f)`#R^C<xOq&Gf0QCdU&7geaED4*Q)rMa&
zTxen3);Mp6uZAGcd;eh(k6=KFHnC>C?ThdYYFI}Blp?*C$ZvKOhrj-}+pVON`sFIx
zfD^-COJBeKimseCi)LybB>dcqcMI5AhI;h~QWc4*Q(bB<?Wl~HFCQ7@z{L*@H1rJC
zJQ&ejbWHm@@gl>_7yv4QQeRd#n5}UC^JsXhzP8qpnAue)sOP8hIN1NU@vQGXUcTQw
zzY+WPkBO>Vy8V~NWN%T-5^8m!Zu+rrMW$4u!fB#00<6w+Z|B?gQr$vGO@__AU4HVC
zE*V6oiY`tCcQn1u^8La;iD17!-ZEF2^sq0ZCy6F0PW%A8Uj79!gFZ7x*>^pLPyM=j
zZ<zKolJ_=2inK$Wt}z!1H}MtY+--VN>?)f`<2@hs*|4$2z24pW{pF^s#?5~wi}ZCG
zHV>kbqD_?{?W4OLsH?Aod({)$J%h(4&}$YO2kwt(wyNHJc*Nfez$tdupc;#+HVTt)
zi}IuvJBGo)6bk`er-WBJrQj+-6}5k)l>g3(`}ZK17cO>^&3KxRv);{ELwkK&n|uqw
zN@8X>Pk|>Ne(WGap!F!T@o8E8T1kXYNlgPMCO4KENK8p_L^s09{jl2Vw<uv!p4wA=
ztT6RUuS*si$aS0Pjg-0~RkG!85%|a&jFrLj{YEZ)k6!|W*lyHCsATt6@>tgg(g-BO
zO-ObAHbF5e#G*i!s4|xc8gL?>mOPp9jH!`k%^cb2NYh^#p13yY9WE7DSzP6i*(Om*
z55P~NWr#xGbz4ZUSbX_Fnq#InQaAaa^&$H=4(lP}joLwLIx($-vq6nik4t|}qqLC0
z?anwkQmF}O!p6AvOASU2b7O%=gfzLVRjH(LNeE92L!NXNI#5iZ{|VXiA?4+xZRkF@
zmuW_44xa#;F*s_X^JKVvnS3DAc_NT|Teue}_=VFRh%wnCcjk?Z%jtx3NyW1&(Ylgp
zuiH-4wBKjMn>#5~+10Hm?u~94Stq#<LZ^9zb3Xw=!{L9x?T(2iz@;tfDu6-pLDed*
z^aJKnxaw|P2QF5YlNKmG&p0h_A~??ED4`?wm~Q`~aVzusnTVp`)Uq>;JWl*wb+cM5
zi2%TVLLO1M5?C~>D>}o~HN|&e{qnU;;DAKeqeSi5;Y+jU)}rxh4Zk_c;g;t0=1giP
zN02;dL~_2#m76KIY`L##rPjyS3$|(T367VSukuoV)PJIbaq9VSe=={;5jc@TIox;p
z5P6Om9TYd7$3`Kd16>s6>A6!(#N755m(x|Q5h-v@u6Zv6&h_g}0nWMVuO05O-QDhB
zt9woFXJM~y(pe824uKr1V0yRpo25kNZQeK#*AmgbXoDBm!sYLT^u|9<yaxp9m=)W7
zA#T23(gr+~PB%E;+_ffUTBZb%dAwo;36oD>jz6vA0~jcg@^2H!s2_8*KKai0OT*s=
zWA-d(dw38uG|fxOcl*92aR2S-A1kW&OhY4vLYT<&7qHm8U@PYUXWfL{7-4_TMAHzq
zryE!_l<5x^h%oREmOtPq`cM}xNz`I1l*%4&EnTqP=HrbBTo)N>GdBmh;OgF0)Ornt
zKFV(-`%zCA?sMf5?K0nPES4zZO`6IebJ?*@gkiRfPOL1m#Np_SWXFFozScXu8|y-a
zeuGbAEG7M)eN?VI2oLE$-RRux|MpQyp}4`9zhR8Qy?M~AU_Un~#IKON3X(~1aj>zH
zK$0O2NcPCVNx}|EdmzWy*;v8G+0e@1_f{Aduv|Vg9f+Nk{r{()N1*RO*mU{o-!A}v
z5#H+n{XO7MO?)#eeycl7{Xy@eZ2_ZMQ!UKRx#iESy4Bq^X;ch;v5;A(kR9Ln^pv$9
z(i{8e8-i8FcLH2xMZF<wrwU^epI#!!alX_%Q~Eo2jEpnk9-d&`l()lwrGf|f!+lmE
zRVrEjRuG&f(Ej(e`MEjok*RnYVY4mmLw-8S$77VJfG~k9|3CUC#yGQzSssg0G{3CB
z7CChQ;dVYQA=AaZR?ixvQnB@RaUxaQZouNey<gIs#gG3o(O|pN-r^POj<rEjCLOvR
z?hZ$hP@mMG&`%l=*{I5GOXn>DS&E(28;&e>A>k1zF#K~qHwOgEc-V?2N5u{VD-4Wx
z(=-<c!CJ?^6}p*<szn?rqc=#>t<##L$Q%K9GD6$fxrQk$clF>c<Gf+&=BmHvMv+GI
zJGOtsvp|m=Z6?qo^*Yw;Q=x^Uv{a%JrUxN=8*Q;%j8F6smLGL#jDe__vm~OS2pmG2
zzNgS|A~`0uqMOqFnY$*f9MO&bIeuXchk1Iu%TO^l9CF?ni-!icW@xwcyL*_J=F?R}
za6JF_s>VjD@@ynsO;5{XILTdlqBwQ>{_GFq9gS{3nC$eszhT~dK_kMo%av<zqZ$l=
z7+%aQAnWbg_a%n|Z$Z8frX{Z(vho}FJ%S-CIny8NQ|<^%c#O%FHpGnEz@fBLj*_Ot
zo$G-G>e>q1lBYAtzolop8M?Iu+uy2NJ)ibkIsXcXT31zhyf<S(uNxeW(z7G&t98XI
zdgcTv&zb(@H=ZM(n<szRzj=C0X8$ALdLiSQj?R8`nurb7%m+z*lK57pUOi)TGV>;5
zH#=uMXFBINVN4OY9J3e73KZ-E&gJ;~c<@}U#YPj|MYa$-JBsm&j^?e0?>c2jSv-0V
z`_4Qq>l$Z-3p_3sRT+TZoloOQ+Suy%giL&mlNIf6f_=s=^N8!aowVC}Lx;GvhObUm
zIREl_O`GAh)Pv;x$(s(3a{&FB1TLr$Gx<0;Gy?N9z-_IarKjyAVv$wo%**5a-}kF4
z^>_*5&jhg5h#;cJ&(oCeqb#y2n~Qt?NAb230=J96yW`^<%4EnkGNE8)j-+GC<pbd7
z1`;uwLWWiDTbDS0VaIp!M$+-JYu1G6!r|;Dv&e@kP*=S8T4KRpHs-6p!(!KA;Gyfc
zkr`CDF2|E9y=F7tmEfuw^A`yocTtPV``F#PFnCXoo-M{uaB{qq{GiP8k32Ti4B;wH
zWTatS<qz!|G@8hGCdN`ueF48WNt5ekaW^RmpAvN0NgFbQ?g|m`QihO;nx0Ziaubfk
zkxr>?KoQ6B>#pfue>81l4=#!Bzr=hMeBPw|YqF{yfD+Oty7@6|!y+e=?Kkyw)$@A&
zyk%A0&YXXzdqn@A^M=wCS;xgCP|hBf_@Cylrf<_>x3}Bp27K=XD-$<&8g42s;UaeM
zY+c-`5fo<bdRgh6QaE2E_9N)!cjvzjV*d?lPzQx?LSZ~B8mfLs_izuBH;(Eq|LaXN
zoE|4s0CNi1wLT^6;#ia@1M1XF<0iuKd7ReUyXKsn5<O;@W8_X4|4GL?R<QL3p!Je+
zi4gi;o=ZxYT-XuzU29qwL}hinIaJW%@we7%YALZ7%FqmbbWI(&?r4bR&-<gLJ@}hv
zp$1grp**ASxk2|Q{foM*?%<9!kww5keS$}y3URAcqJXXM5>zQ)e7&o5hXK>C55Yar
zvn4;o`~ph=*Fty!apI(2JL8oNx`HCdd_CBIv}g&la{?0f+QW~!UXx4Fa9rHOdK9Ac
zS0@l}S-4-O-WQ^14?f}tQow^RyTl5wNDn~EMP%5~6?W+(7CDBeFUYhJy=8w;F(uuX
zr1?UN^+Mhq+;N2piC3MeAs|CBz9EESGU}4mBozG+NeUGT*SLhBH<SiNCMt0;uDGf7
zDMfNM>ce2RtspH0xjDB~@)5<4Z)KEuEU#agGq>*rx$eXn_NwJLS|PQtD{lHKB0Er9
z^n$Ll+iC>M+${!h`z*dFnEl`t|NcAi?0uC1pU-135ymrNgzSDW+Jvh1Vn5%Z_mT_l
z9dZp`%J#iF+6Y_fwY$_{O!fS#NtB(GCBr28`b}&QX`|1uOANQ<VFKTsYoi&;Q)@5o
ztb?U2rB(xD88?n)^!I&J?H{;i3Vt9QH;tX(*3(GD?(&W=cGxZ>gm(iw*4WTlB&Ht=
z3E@0ORq<EDdB;1X`>yksG`}~Sa$9IwyRdH|GMdmI4)h@ENB)s?>a!ll)iUy8WA1&e
zAl#iWzRT^ZKf+}zl9TD#)VJUZ`Ti?(0^th5BOK9*F_J;f+FsPf8IMInG`RwF8C`>@
z?f;8>rpF$hnH&1ox*j?o8q*Uql#k{64@P*C7>&%;rh~Sgvov>LKbLe$sD>PCn`gBk
z`K-}Uea{7F@XvDRjB99BE+zv{qZu~4{+DgkV8#LPl0`6*NLqZF37kp|M#f5(;?Rn=
z&jwT00#={(vcVj_wAh=yPgEj^NEzpz={RFQdCIqXA?S)v#{>zayK!nQ)bZ$YdHI|A
z#%C@^JNMzpZ<MS8+NsgGz3bDwZle@sQ@Z6xwjlNF>E@1RO{0CLvw0DILtH!-(pX<(
z?Ls0jr-W{B@gobB7&QAQC<Cv)?}1sch<{l3G>L0`ia0_{F>;}a?|%n@f(FRP=BG0i
z>QGB9<&+S@mtlkGS#1u@dd4@Ct8~O270`2*WTplTgNSji09;!*_$eGjgu%I#8reU{
zLNwk!c?5BK*(Y64@#hTz8cNQc>sopfd=fMCtA(?3Ecb^a_t$K2T&h1U&i=0HfQl+D
zB5<%EBlzZOVq2UX#Q<jt0;;5hzG+nnX_ZP+thWdn_+IZQDrO02CygIUQBbS5Fxt6|
zxUl82@cx-%L%SWxY0&#^M@wP8CsS;^+riMMqQ$SisHc`ZYO=N;Wz^|(l|;nObfYq9
z&1=!Dw^fXNUt89C1~AC5(Y4g!p8SJ4amZ}*&5k;nVB%M3&eeb^$ZCks>9s2k=Tg<R
zx?gtsGD$)5X(<l-s<5?#ye{F{GrI%b7)+CL=&gTfPK^(E17rW)S%>K?5W%LA`)GFF
z>{m!y7erY=EE(>j>8NrTUuL|!_KZSb>5S;!l-+8G*&r!LY#CdjQ5uAoUU`HPwyrG3
zUQ4&LG>l)R?w<Yv(v9jPYA&Rb#2KW^96h3acm`16EhWe8@L1%nlXi3sYYy95hX0TY
zf^AELPP!@Qsr|bE!6b{#8iUGej>>hv?H7>9K1r%Xb46p{fjN$iR!=HwM=~n4;Z2X1
z4C^fXQbSHtInwSaIc%aVohY!7nk^7<ulkPDGH5+c12d06fZM^zo_$hZZw9^<*Md(e
zX&gKBGpgRv;_B#({kRAes)tWPuy&!?r(xl8KSG(^oD~Osp=DTGgV)A$9aoR)aoCTS
zHb{Qq+m)tN&?WelENHrunbQcNhxgZMsC5ta+5fmH#M7mF|LU%cK4W%*n35NgI}+c0
zi3tDDM+kXvgR2eE)<?xbVeH1eFPPs&oh|)+5|TLN6y?0+l8<i_(lBMr?-_Y2<>xb$
zhVD`I^rrkMKsR}=`G^Wt_nX8?-_DXCB3r)Px~{BsO;_E4)EcO=U3NAdyRA%zCMEVI
zBMGK?idVgMA;79eUFIe?D^ydlB*DI(el?dRkUwV@MCY&|jS#6KqyZD;D%whz6BdV%
zoL9SjwN9{eP?LjQmu-{qpv&(5;)Tr99>Z>7NlS5H7*eIo59-&9g!gyJ#QE_Y(mh*i
z@h0S{ld%5vlVU{a3(TgKau*1fkMVdNEx5?M<$@v8{>!;<{UR@)(#hAXoLn&80f4?`
zfxj>vR9c0)uJbuLO{lb<PDufu=z-qHP-z4Ccbi7&HA`L>mZ=go{sPOwZN!;|f{(Ye
zV5Q<}E6p;on_LV9_`*U<4y#PWgt7K0QI+M@NTwqG2kUbJcR^Xj5#|@c6Nu*bYf;SX
z=JnYYD7nl}z_$%E)nq=-d2K*b42Anc`^*xj$!`<yWOaXZmSt{3ZTK6L7--&{qSAmj
z+D0@-FzQ9}&n!<0pKr4MKAoN1)|xy5hFp3lz^d4`yXykyOm~S8WrPj7Zt-lQAv-8>
z6E+FD17tOU(9V`6Sd)Guc@PMSc83cbn4OCW&Mk*_0UI?zX+v}WUjrUD7x2FtJ;rq)
zy4@U~{m%`jC#8<v9_e&-PDP=iV9A!|$tcK(sp2y}jC=?3UEI@xWA1JmeWFoR+}XCv
zn82f_lk<VfGyBj7g9M+~;ax3O1(0Kcu)a~gvi2JUg*Y5MbA7|YEf?X0Bagh_=ndU~
z4Nyx3@igE-u&qunu7WRYFC1e2$U4~x2TuP4jy_GSNI{vt_&%}d*$WL__6qh!V^OM~
z4&v8Rmxvp8NlW@_1eg&N;fK}#j{7YWo`^-DLhBoAHu_LsYdND?r2V-F<%A0tytI@N
zlStvCg;)g5HFoBJZ{=2e#S(xo%24l^r1uR}4D0@pwtm`(kaMn?$VA&J6(4PuS-GCi
zcr_lEGFZd9;?gMe#2V03NE^@3)qwTsho0yriQ6HC3qCZp>ktx~2u<5`^PeTu(^!n+
z{c>$<ypkt;8y()JAe;@^``(R@xw%GBI`xfg#kj;WIc`fgw1|l6&ENJC`#$Z<#rl_n
zzFRBiNe$(`-jmu<hcn{77Yx`uy>TaBqDcA?l?OJ7sSBWREQic^SJkU`e;|?A`{L0y
z@F!8<mz6^qAuAUn9~0H>f@Pf_8C=!z{I~*k7^?GV-8{wqb#(l9pmmWxjzPQ>L1CQo
z)$w_6etc9qZotOHO@2j;RL1+rvw|-hRESRCO>VKW>jkRdCBH(py63k7yl2*XtfBvH
zu#4J<Uf@5?uRa_`O5Ga6^**UB>g;^I9ZXvpo^^`A6aC{%Yvr-@(2yVGCY~h;+Igay
zPL@B~u30)~b2!OEG4ivQY&pk3x&DP}TGytZ6c|=DCHa<jN&{@oXCH}nE9~Y2NnFVt
zEY-1q>_cpAYU-BS(>%R0s~JL~oBQfy4ToHxlDW;ZaJ-xh7|~{Jsk6S?I3$ch)JWSO
z1+_&JZRuV3Wh5?L&cJC@5_;?lW1|VTbTx_QV|LJ77wJ~Hf1#j0RjJ;%bahUmy2%IZ
z1kg^fjW4YSC#74*nTB85axuVyR-p2r+N&qvklD+a4ck0#XXUTc$5}r%<BG!1(eShd
zMNm!5k9|eC)@J@WP>9f?kJ+)}S2fnOwvI!i>jCavlQ-6Aw7X<;AjMyt(`dCht^9wu
zI;Zf=wsl*_R>ih$+g1e?+qUz^sMxk`+jc6pS+R98=X&<pXPw(|GcNiwM*n*2Z)**q
zW~VJCqzH{6?`diiDJvxq4qDc{A_*@G5;%E|&Y!R!TUTqiT23-Qqx3=427q(+v-Zfs
zwb9-wF5$*#V0w39G`32Rxchy-AJYz6&V4_V4Z@lb_x@oUEnT5B+4mGVuM$4=rnO1Y
zLV$u$z<Pk0*zP$SatwM~89HFvn3NT7mp<|)+bAjD3xR{!k+c_kI0nwDtd^CnoyLLU
z#~j}8y?F<`@HON}vi!PuIRF}V9b8G-GiPl6xKud})}Mk*bGby+iE^VoqQl>Egm0Np
zs~&Uwp5>*HUC@RU#&}*v3!wqFb7b*QH#BO?ry+u5EU}-ErisF@#3M<b^$3>X7y0)S
zKCx!G`>KaTTUh&z2F9o0x*`upDq|w;^P&yr<8cg(9n(FuOobh)w189~KOUza$|5D_
z2(^y1kwsx$dc>10(dZkq4LrOUM>C{+{x3eg8^PN&er>RKZ}Vz|Uf;(3k@N++T+j}V
zoWGLW>`s7o3H76eF8sL{pL*7&)3s)vb5CblC{k}yAVGhvZjdwxCtAT7u1*^!usgI3
zC-&P0A#<9(*S0dJ13-!9K_s-WhMQz3#TWSgsXf;YbawF6GiJ%eudF0HQ@e=Q$>T>Q
z%^L`>{I1^Al4nmu0Sqv8dNx=LspL&vLG9+B#SG_xKCE2JMsni8Q#!rYB`?jCjSb~H
zKfn7Gm}^!y^#N^<v-|vvj?^F!RDpbOk+?z9Z(RO!1~|$7N`QeUTzyeU-+nRhSVrXX
z5tc}Df8rr`Aj6|tzxZ&8s7OxYSf#r6Q4<K_Ix$l*n>to3+C=508<lp^5}4>QvWFB0
zdO6}d3s#KcNE69x#?~M>+@GoM6FQ2pS=>&$shy~v0dQEx-r=MEOUbQ#eB;>>xTf((
zqe3q%$~K#EXaLk%zJ`;!b)K}>V+#Us=ePkbip$@K)4fDA{3ql_>aijMP3ujbV&9=$
z7jw_O8mL?Djg~hmi-)3AFMdVNDU(J|3*pMI>&_Z{Q`%0_ZN&hVEXD`YsS=!H3Gd|9
zOhpKaELkn*p@qs!&8e}aBXi4XV_)Uz%iu{p`BOs)DZr|2O;#JV#k4oGvS_g32uyZ*
ziFC@Xtir6A2IM<|532+@R$Og%)x~l1Zy!2*YbTANC!DsNH9D>axj^1@?LW8acm#*$
zL67n!lmM?JiY?)`{KZR(j%cK4<e+*Y+5QJjae6Ngx`oFyrwYP=A`uv~WP0L@LqYCT
z^{7?WSpb-%DK)~8s+(LS`)Kn6cE&<C@t8wLQ1ndnQ?=WjRsPRI7i|r7*GF#s&vb(+
z{EU$Zz)_7P`dy<WrA7fPd*h2zI~??^Zkk3m`hLg0a218+wqj073Eyz^A+OCqTWX1o
z@u-^q_yYCuY0h$P)Xyy$;ZiO+E&iBy0Uqm2ApLI(p~bPNA7l4@G(gJDhR6oSE|&4d
z+`<bC4~@<StoQ!91gmf!w_7dAM-tYnz0Wu`0`QB&&ern2AIY9EsGsZ)A9m2;=EO2l
zR#Y(**l$hul(h|p9L!%IZv@*YR8jxI@45bM%2NM#*S`j_2VrFVPs$t<^MBL#QyQBw
z8?EqwC%xTckn^zDd@!)P*bbTXMxhLSFUW7<@$bP=wOF%QHR8vU%viqci_yg@AL{BV
z)+)M~5~*06fJn`W6XZP#EgX^PeY1doiyk*y?$7%as`QMF5C3jG?m$rSlDVfj1a>f}
zIteHMsNZ}DJ~j)dRb>BX3PA@!JHW+)SDYnR8M790*3%xz$37h7_5S6s<nJF)xbm-4
zfz4oY?2>o_GpTF`O<Y>{LyJrtK@+SJ8pBgrvWFy88Y&oNwxCkUWM7ZDu=|X4Qpt&s
zO3stz5EB>QGE%Vt%WLj{k$hhV7R^w4<hWpfgYba5Le>@0V-8QH4`*v^4ZoYQAq)Sa
zvqbwc`!+YZ#~BdBl?1i`P_qA^h#crgu08ve85iSJ4g9v@8Qdb0lR)drw4~4PAwu*y
z+SRnaU%uGP9XTCyXk+xVUn#a*b5A*0m)mABWm$jBtyJEBEE?OZ(1Y1zMxz5U!TUM^
za*SDr?+{uuY?TlV8Yw9S+*z3f0bh$<o^KsJ?~fTz#<OoSPc6%$mhynBt8Ja#gVAwz
zPrl>(k(jG(-)GZ3<7;ERoY5iH{Cqr|NCdwSPwkD18;XW4r{)Z!NwpY0yNA+CrkD&q
z0~vNVn@K$F<r4J+s{)fqyv`=n)Ovov*Y!;e;Pu*JzJy$_`9QzAalEi;VR;T$3Px_m
zNR!Qn!RUPS{8A*3&Y2yxopAV7IFN*(yE%qr^Gv(@`r6Ptj!5UYdxW?F`Bt)xK6okF
z%r$Y7EM0-8u~j=||DohO6b)~3$ynVv{mLjV*d?u6r|qaN_^G`5y%d(hdGZx7ZnW7t
z?5$(Ya@8*&Fo5>*L27l0(dZGKFG6KhFO?j6Sz^k2--xbjl|&G8K3%6!$b{%2K=9}b
z392ZH(<Q*w*-!w~nM+FvGc<)u1fBAF5oiyBsWlqGBQ)w?MteYu`{d^&<5_lM$%+co
zDJyUPXRgpGaVq|p4k2#6aP$r^w!UnLVtsSh4|T|m({VzKbA*k!t8$TQi%)A>FFCU2
z99htu2;8esFX%9x0wLtO!yB5miXQYn6rSN?2VQ6DgzM(6pg}dr$>pufOQS0uee1mo
zW=+UOAA(m0gTO*z8kiKOgh5U$&tlh#?BWJTtpGCeL;PCT3Ds|Zyg(GNCALp~*tNoP
zgg*<l^w(ADDu1QQL7CHgO{S2QVpVfMpD*CoB)plhi~1vO^Hv+B-w5h%bT)~L6{^W9
z!O-)In&MEqv^!P~Qw$HQ!EN=BQ?l7o&$W0PJ`#kn&W^0Q(sfpre}^t5oEiKdd~7}a
z*0zykx&u!C+sphHS#v`GA_X@YL=`#dGF)@<tkrNrUh!z(-DW<oU0EcwX>)K6o_h%$
z!^lz~F1gq-n12$_jHbG)NOsLe4W7FyKfkvdoKHkNNK$@Zn22yrFwOv}vHZ<6O~MF!
z?s6~QVE^=aL`oiMNstg-vkW{6jn;g!btJs{eof9vg)-M+H`EK@T`n|0%B5SxgEEXa
zV<CSNx8tTXYfNYaIBwj4CFA2y28Z3(yAbM9NCP9S{H1Z}X2x(vA5JaxWJ#KOxC=O0
z1mLd*?=cAt!I%j7Kod5yM{p&zEq}ZKT6#Ug!>^-u*>ahZ`3FmDiKb)(y_hx24y!&T
z=U(de6+8_-ub)bQa3kk?gy>&Nww%=ycQ6qGc17EF*zQfP9Z*(IA){ub5)#w+V(8=d
zQy#C#viY{ZHEOBi5)(?V{_-HYWGrMmnP<6nA*!&p!|h>5ijZzv=FH0eKy^+nl`AUt
zM|q%&J+pC?RB>@J4v`wVzF-arjfV?={v+_05@FVckw5<dFwAWw_jTDr1H$LuVlHJL
zIfv_)HCHbEX0<o{##{+HW4Hkud%TkIZuK^kMc0$<tMf92RD0e;>`{4F=hjGSW}ytv
zSDfPn*(R4tk1|IGp9vxKNim+fYB?mAj)cn*lAa2PgUUwU7nPU_3v$|L(HRX85iiPX
z&byzB8Y5i<MEX=WH$9z$<<1p_Vs1nLpJ0`60adjatjg&>bLrorJwI^)-IGst@*PnF
zb@ffz23{{a+p}Vbzy&J#dmH0SqK~au`ZT75O#U88569p2L5I|}Mx?EFcm$eZQxSYi
z7B_TnibjEa(?+j8#4hX$XPY3_na2gIBAexrNywA|xYkibQY{m4$<CGdD$1#Kx5y8l
zDMu40pbWEtXPf5_{vaUtXpT*7hp47j(>1JI6TrPLn^0!>3lS5eGNXx@*LR0adnsrx
z!o5g^W|KyzJa_T89TjESL!7%f6IOG^qxvY5!#YcR(+Tq>O{?4kpf8RAmR(|vGyR%Y
z9sH;O;J@anzTGNQd$D2+_uI^PGD03_XkFXWQ6C%2X{as+s&3wJ+h%J?q7?r*2d!TZ
z0^wL;f1=MTYulk*$<PuA#Svwuw|odM=AG*a=P#cHabs>+<ZV`<3fe)tm&G{Wu-{*E
zG|MABE5A@gLNeJ{ODlGRdY<7wjPY0ul}K#_nC+V^;RGYa6~Z>5GNWku1qx$XMxj6!
zeHOE)lBjl&f)HQ_YF|0p&}5PgkFChWUb<t`+lJlabNBXi)r}F3(9@yOYwGor6IVrr
z9KSx%JA9I}3ap{b5C2@GI{)u`ZW08Jao>IXh3|vTu<#P$W8arTF+}l~w6W#vRgGw|
zErc~cF^UlaY8MKUAP7CZv5S<UXgd2xl=31EsYieqb@!XfqF6zxw=N3EcsOEpqwC@Q
zcGz##xE3hcfS3DFRlCDvn3+Ch1LHDob!WU;;uDv=35z&oEJh=1u(hgdPI}U(vf$XJ
z`%i-SCR4f;p^k4R@8-Km=HCJ2dl30Hp#0k-!^FzW^j|8(<+lxx<bP_GDf4v`{dz-l
zFZ0Caricao(fK%SJ1Jx3&W*nWq`S&)ICVKfb+HH1e*9arOg2D!>I8m2^B)mn%O@Kl
z;U5u#EZQKp`0B(fl@$g~EiWVR$FSG6f%vxvkXlX@P!-IkDU+#(U!qrhOjSLS3oadw
zZw6Ep6ui?Jh08cHGf{Ht2`fCEqg%p9HD3NYVzKM2{JRgjChEcWlQ)lurs$uR<?s_}
z^FeStcq{{$77Xcf5=$g}lq*|9=NNg(bK$tDlLOd8k@$I5PdH(Sl(H#)@y)tR#@mGh
zL9h}4hA~Aj{6F=_gQhrRHpb0KCH@<an@LO<Rj(c?{qC59_h`DXwN&@I(1(e6i5}_)
zZSa!V%ik@_O!$pI>a7Y#+`+aDFB5t55$gVJS;h;7NGn)l^}H88-~YvNhIuYtoT}LE
z{wtP>e69HxhD+wC(dMX8C05&I2aOTECg9=j@0aqMolKN{+GLyx*?m6l$L=qZZPE3J
zXnh(G9>gZNBo>fN$5f<NoW<SrKeQJ5lgiKKo-e}ev1bD&<0MdmmV}Hobh0+VRq|Qk
z;j!BIOnP6?Yd~|AA{eLv^=mWRpGo#4Zsi9w_1H#xG>-O+K#l3zZe9ZZkwt19YXDUO
zR}Kq>q1;FZ+ir>|0pItB<Bk~PuMgkXOY!kAJM@!^6PaF9{FC$3P1|a}qau2z_Q|Vp
z%v){jj{Z;&`ni^mtcA8{R#y#IT%44{G{tP$Y9bzZHv5JvtHS~F31wHE1b2{yvW|CS
zoOL^`^WW9|X836gTeIqijb;bit^hr<ENuu>fPk@w*+=lCTEYj$amJKs<Wz3Vu;S6;
z(A)Yu|Mr(X_dew&6i{NZX{%)0`udf?#>b#Cf=sInC7s%Gj?ymbA1;5&qOY_{`HmK{
z`V~HI<I8YLc3qv}KkFTtf5^qoGRvwyBUy!&x5tyk_cbLge=nlylc^7w*8)PDZF7?)
zv=|f$_v3O#Zox-0p8sa&<toK{<C0n;1TF>y7i1HDg!MrPA1`I$U_Gr9PU7_K3iB-O
zrdDYWeN#-1{?IWsQ08&o!TMQ3fiTXkV6h_B4Ri!+P(_TX8P!BF8nu>u4s5pCtp<lR
zG?|QHk9h5xnR20HCf%fA4*))O$7-~dEtXO!-WYLCUhqE9cb?{HW4y5?7%R3X-U%lN
zjZXNiNxf<enoOHsitVZupZ;R)6|rin?i-(~sw#t`CY`+;&GkS6_YCa@iUW_k6&F_A
zQhs<ek?#Dh0(h;Z>7Mz|JXOZe4f?J4W&7Z0?_`9Jo5w2uzlWGLyMQ?TkTn4vPG@>#
z=f?bx?5a$ZxaMlDyKE4(fasIy6DQZkN+Z=ZC60ARe6o|&Fu}`4wkRSCX}>deEp;zW
zey2#YdIa*S6H7xn>}jpBm1(tVZ>zr6yt2g{zGt-R?IozBtm#~NuHF2|-=|-OV{H{L
z;WAJzza@*<!~?}mr~or73hY;snC)4KIZ3>;n-P)96!IePy=rl*wm?>d6JC6os^3ZH
z3=-k)j7!Pj;;NthS^>oqyLGtQ5?memPU{M2Q_}%!R6m|@O<)XXUr!*KW)yUW7t`-D
zS98ZU>G=u}^XZZ}Zg0M?w#Xy&B+Gj=pY}^K1ek01r4PiAQviIO;d>PCDjfq%)Na{#
z6m<mw25lr|NRE$zXmycPO|M!NDd&jm40`x_*~gpb&L1txcjtd!h?&^-uf~sKefgW}
zI1O)T^`d*VN_sRwO@f^9A0d2d8;T&1N?i}BO@&VnoMk5z20C7cUo!Sv8MS*h^qD73
zFiVdgnHNt^nJE-f;8Oh+i9V5pTW(znChBms*)c~mu46gkPHsng&o(;%K)d{fnE(F3
zfmu@O_CS99lUI(JqUZ<=4f;(?|KlUn2l*y?zsYDuaz+k%_HRI#g@cg!8?OH5hMAea
z(PL%~dd6=wn&lfIX8h)V*-{jjKv+^RXa2Dpa<Tq@c0;Z2gJ|;)!1A}>5U7~zom_t-
zFrl>yr-18t4G8+RHrdA_qG7!O^nUvaZYU;BP5bf^D=gv>!Hp(<VAoqIGe;b@U~rql
z?<)ZKhw%M$<igvoZ*0F-xInn!oaDgrvzvf9gLmV22NSk|upbgY0#OJ^vZ(H-l|j_f
zd<?-hyZ{0LMEX?$x~??AJ5+9BEs{>HC@{%~@4Jb+ClJwy9zT3b>ujgW+XKWgj+M}^
zw>G=9UH`K$qmpPwkin)~ge{%nsjj`jhk$ReVKbK;gM{HoA%>_yQ9XP7EKj2}jD|&#
zV8YIfyLa8}YegZTaiRZokPEXAl%YzLkB|L2p49B4Fb;X`O;uolh0q`7u@s}JCERsS
zEu50;#GKh~DaJnlU0(a_w~_@g|8$os{}K<A%de-+9YN6&^-X!04A2U?5uOU`(H7V5
zgirKM)vIPqmbv1r64aU}Saut6K`EPCJHah^tPPwP7zcU)DAaL_x6a!bK`GRD(**@!
zP|@eIi2qFIx&5)md+Jr_q|~ft35~?kcxPp~$?f!fEsDR-9lG{RJjYziCo5$?Yh$^|
z>(pvV=fO6D3B_j3<Mm7J&88)NkS|C8-!60sXtvAKM<jD5dyz`4*Mo@i05yCAW$G>i
zn9*L9uOu7LSlsjg7pt_BwdKLL)k%>3d3|}FaaHZml(D{hY^L0wL34L84ihW14y75`
z@6}fHV;wI%$0>SI9e`)2`{)9Vk4SK}E181P^L2OC?fb`B$<E8_*D~Imx~JEmGo4ZK
z7A{T)NoZves%A&AiA{4X$Yl_`CXS@$=gorxpxqa+*|_*Q4!$S3G<R1rq=0gb;+RA6
za?Ed8!MTv8^?sMOq|4`Tmi8&AIdx~jd&7HBN7cf@5V(iEutcnDL9dl?H{5C5=QZUd
zbZ&}oF-hmb%)_0?#{R&-{PvRIPO1xODq@Q`davP{UvVd*Rq(3clzlVtP)@J$W!Phh
zXv+gwSumrBue?h&@(1ZcC_0|e^9D?DOcqNmxURygAxQ@Y)nZhsde*m_=yp#f7oEFJ
z!r~#4N0=b~Q9v)k(2BU^iI512XR^ATx)bR1e8DiKWs%8fRghcLF%s)VBL-{IHJDJd
z2)>AK<RM*<nd;a%K;W*E*|BLDY2k3@RGR_>hPg+G^X`BoiXzU4894XyU>-Vb$agE9
zi(g`~W&aZ08{Uuj!{qiQ$VIsyWNe7ZVMg9KTs*U7&P!?*HmL9wy#i0AdaX$#Yr{06
zxX<xbDL9D@7HEN1RRv|fD+vp83)9}BljnT0BW*=pRnwR~$3G~J80W8L?xb5k>r(_6
zLsEw+Ay$-*zh<zSyml{qN1EO9kdlxapOZ!rA{!(|z-H317+fh*m|-aa&YUgBB>lMs
zf7u>oWS1q;X;`2-U$D$X(YuAjI{SUE3MPwNe3zIQC8y0`tbzA~=X3sxJ#v*Q1l%<q
zUwb6H3|GqN{wz{2u32|qg?(bDl29KYe_g9uvp<?97Z_hagd6j91u^M%^n;~*E-?gK
z3Zl~mNktuOu%Up)!!Z9~Qa;Xsu_Bne7(D@*q>!}P?S2luJYjN@`6lo_(?EA~(#iNm
zG7DhkK^^%uJS_A6207m?%^5>h$CcSqI)0@=Wp~AXo&?3U2yX+)Fz2IXvG*4cw?il1
z6E0uH<@5CVC*r(jHO_vNDqr{)T0WvX3UCdTSm$N5>}DK2M}?!N2Wvq4eQVdHqZ6NP
z^UUScz(ZXfhokV>Y|<3JcJn89yOq^R^nIJgLc(j1%Pacj+D;J0t1A!NF?41Iu0_oc
zPa^zfJjGkT#0iN!+1i`1b8Z1ZkqBYY4jBX8sXHgAq5%kPCv&3PB~(vR0lj0D3w?X2
zDDDIT>~@)P#PJOw6O5tcoqCwz^x^f-W-jbgHhGnwI4xL8g%493{8};L4;VVdAty`s
zuo^G{<DM!WY9APDni87F&0`vIe-^DXml$nyhcMy7v$VY+hip#!ee5^^XK<1HEl~nE
z87D}=BF~Hx*E2K5ffpJlbl_pIs75D8m5uKHhjvTT9Ra=gETo|L=}K)0e}vR1<@TE?
zwSm?K4-EU_1*gz^gpccqB07I21HikY18hTXcCyDHR%NbxOooqn9g)hA4~FP*jX~C9
zJxCHg8h7LQ5VgG3o8jmH`r{#`G2&`5^5u4cl`+usraO*f6CiE|PPWH{>cHa%7jsqb
zN^jE}JMY68>>evXrQ*c-vtdW1kRfZF2ALuUZD6J1>Ecy5F8Yfpz>7`?D-fmDN92Mg
z-=9Y+&>6}sluK;f?==tmx%Jj4#T$1FT~EAe!BYOx?~8yRXWejsb*Q8%FF0W~;r2$w
z04vu>V)P)32@;dA#c~3n(O9YHdoY&GjrqYzSkN{x*L0e}_VTb=78F=E&_CfjG^Fp`
z$}no^(BNp00bEWc@%=L!KPu3}aj2d8r_OKax%3*#!nB<=xKOQihoopkP7~|gd9}na
zd}S{oGBQlG`(Ca9p~g@qEN)T#N-l+{Ge2RW`)P6S1|b?4P-I@i1lM<W@62i2_MC&r
z2EbR&K@OZiK6C<>U(K6oGLjHSL@Dmuz$9GQ`277k(mxgU`*Tl%5h$kE8<n{tcBo#-
zVyb8SMZ-gFG>+BM@=Uclubre;1$Tc$K@v$eu=gp&nHU5BbQY-1z_PFI&7DS?Rky7Z
zlw*l~fJ|RVgm)Cx%jg(_ZyLUcvk^2$kYH*{o9g3N;<be3-zm$w4v!4SO0A@Hfbnpt
z&|B2NCYLD9sc)zZ_8d!5Nr#Yk$({{}`q!H1HOl3^%xx(;2}8p@*DnloG61-?vegBQ
zR?NwY=dIF!{W@SGKdm=QhFN*0Ay#oDzEQRX-&m6<b^qq9EvHLQoQ}B^YRjQ%=FKpx
zLDiaTO+rR@DwCm)u?m+20`<@c+Ea)4jS!}W5?E)W*IF~!h;ulNib*1gUQ(+juD%0e
zhKTHaJlCV)C}t>vKsy{agK-Os;X-<^bk}yuX^<8`*e~`9Et}S<cw?=*#J6y_HU*+J
zEs!+x(p-r!3xZM6eVWT-Fy=RAYfvoqD<(nlDJXHHy{iDZAu5?edK*^E6l`ju$hx`O
z3f9Q45(6fRXxM0Kv_VX<F6ls(B9L<A!*VqL+$CYkd{b6`KZEI;F}1-4cqOJ9!l)Oq
z`L;a3FOsBfOIU+4U4<#_2}zw8se!{xh#-?Z=N<~ly`(&8ox#AR@ls@ar7iB6*Xv&R
z^2ziNaYG~|1KiL$=5jvkJc#6OQA!j#G~z1evpPl7q0^o+T36!BF2QD$-ckk^0zVfS
zZHmIbpy9CJ@l!Z&!NdF<6dmj*TE}<j*gZjj+mkjz8VCx(^^<)KJFw)I6H9#Mts3qF
z-+_8Hgx~Cz#B6~K9>2ys9P9hungus?S9eR*ns37R#x}j)7<-abk%Y&9Ie@Z?o*0wb
zZdG{ZL)&=k=@V!V46Y36&LmQR#EnkH46d1~H$7AyjQ2_-uc&?H%C70d20I$BiMY7|
zeF`JfR7h=4C!hCPMP7DP5G2>LWSJdiF(WGeS&r_7T6U9M$vZ<($?3_*7w=VXj{!bF
zo+s%rz{>6thDjUO0aPVDa&ta*+J<VsRX8CVI4+ae;s9AEnW*`oT=`Ub9x$bFpF)TL
zeAO%C9><o-Xt9-2)@r@@OLd$>@ggMveR*UXHFS30`~zs{zI0~d1oeiJAmjQhPjG|V
z52DiFXp0~;8;A-$0`ITq9WeyMrwiBjdZ~1Pbbj72xf^pSgsTPhWm+zR;eFU_BXWZC
zcecvak+#Dkk-_+GH3Kpq5;5wwHmOo~!D~$Gw~Y?8L=5A!&1nowxB7`6IUKH3ww44z
zeQ#w#=6*^sLN>gmHhD#r3Ptfdzq_AigCIRf_2s(1K()N>(*7gi;QRq`NMIEImGb=O
z+YHww42lO}X6E{D0Y`Jw?i(WkZ1))E#GSdn+mwxqXu+UTuTlGf?d>|s!BEl_itTNi
z4d*m?b+oiKDti#lWi3Ct^Jdp<U;OQ(y!is&QD-C+4%<p|_;PK<E4)_Q)5}kFp1+rQ
z-#}P{C8)Z!jTBEsA{?9(K>|_+Sl}*d{wip?-+!yvE!o`^Joj1bmpKh208T_k&xcK>
z)Gz#cvI}XzgW~FbVbtCi_o(>1YP9FJv2*~CIke$yBW&d+&TA@qze9{9&2G&McL@>6
z<{|XAa}tQTj+3r^^bX^38YIpIbKoEfi<h9JG#3O?MzVM`j*W;vU2s|ho=xouW7n-$
zqzsJmY}Rl3$Z>9M1}-Q$yjycR?1ohuOOJh+_b-Fw^nNq~WylgFD#~Lyr^VF2tAv~+
z+vp6B;kzRxT5-!ihUKktLkJLLt+hwZSWgXi+4CD$G~<nt>f(Ptk+<0lnIk`805%;k
zN3nsmS&v3^)N0u+t9k?23%G4ZmYFNfynTsW-i2TvnQWway6543zF0(h3)QFa<yT>?
zfR`GSCZcI7>y}WSgFHA-8LCmugcU)#oWFpN`)O@wH*=8zO9FxH&-a7TSi1<54+}f`
zN_szbK+j7;(My^%F^fyE@xL?>g|LNbTA--V(Ki;V)PfiX)cXR0`!zN#^5$N}zkT5j
zL-zZb<e=)ad+mjJ>*7Cazu_BVPCdVL7v|{wp><#qAqz_(%zeIJXCRS@K~>7B-|^qx
z2q+GP?h{c%1w=t5LZrgxDG+>V)pIa`czi#iqAK-vBE?|DQaC_u7uEKbqTp)65v4>j
zOKrUF*;?DAiE{zo@`L%j@rbM;GH1k13gfZ`i||YfyFnAA>D+2d)7>XzbiE(j#le_P
zdAAM^+%k|=4^m<;JW)bi!0gGGN`VDNd-TRX+AJFM5~()LC24t?t0FAg=(od-a7pS)
z$bSG8_RSA&NEJUWZWXdKRKiDnvL6^C@SzU_YVY6#0B`_P@9fwXId(VQ{PM3zY!P4<
zJ1CeBc5I+4i<^Q7;KJFpKiIcISDvgY4ldHL@{sq#u#s0KdSBOn_K!=$BF=YHLM6**
z0C)`9c)P}PZ*tC-)2AKkGdbPf8(bDXw)ojb7gSed#R<8pKs64-7wTsHZMxZYHOr<;
zZDTIbYEJ+SJ)@~p<dw}c4>hwT6BhLntNT%pgR@A!tc<m)aaSKiD?M9x14s?L{Mt3n
z$%=#E?e5o?x0IT8jB>#Zdxpw*c>1Pn(tcNk5-Oi`#G)%^y2Bdo<k#xSE6H^qoqeHq
zn<KgNFnmIbNzM3yM6NY06Ml=!?t78>H&FLc_YeTR%=)(3D`^TteXC=0y<L&bU9jC=
zOCjhQLGnYMVYWg&Mp|p;IGSg|GKlenj|USCB3zMoLEXg)Jz{OMRbx&)?@F>k8?XL3
ze?Bi^W}aQ(sQ!41OmB9N6P4iXFQLv|4xv2h)FjQpjOcCX`ZwY*@O~r13S%2{5wMc^
zlOTXHw@}4|;1Nu8T|X(}FcWDX3z&$NNSaJ5E_3ZM*ZLa!+qS4k0WrF-zVzcW6l<nK
zdO==0FQ41G7h!4F2!9Sb#nid#>V{>v-mxn|*AP!ZXq`L73EE0)Bt9GLa-}W{wJF?B
z=2otFA}#W*2CJV-8PO1f6?wgy#oMv_oZn^yF4&pR_&kKkSYsobc@e&r@y=wVq33Ay
zMUVw>AMA2Q?CO$mgpYCj>It>DMqTwm5|5On_z1x!|Li<7+T-fcnWOl>vMm#Xk2ELT
z%VNT}vxf)uu{t(F_D+9JsrR;q*1OP!#B;j%&`!mqI&oK!%aa)_Hsc%A_xpYvw-o?D
zngh;*1`1w-U^N>C7#4k}wC<tfM$ZQ6@-m*7XQYgBdgT9PJJ$=u)QQ{wVlq#?<>%b4
zK94y6t8$ei@#0Bp!|5L`WUe@0k%p1U=XrlWBm?n0acCP*y|48Pz8@HjmfuuslF7t2
zym<HAyB~X7E9qr}T591>ML9b|$B{cgo_E@drVzvug@hU(_hGESE?eL&&LV+_B``wH
zroMEjUXKb(Jy8QONw|pAz_+)FR8OZW#NQy#?r*G@A5PeIbKQEI7ztW!1GprmiY63T
z8y2%xixDJ|Q@xSRFL4PHAiIYA%#0(#L<DA&DR-^8a>hj5*4*aG83QJZsiy>hs&QEV
z0*hb0%((|u<P5$zA`*}tzT8N#le&|BH3-bkN`H6uWSutKgbAdoWV--^H>m>cN}H(?
zx5EmRIPKw;hf7*Pwh1tg%h})DNsH8k;+XU-EBGrI2-J7KSw<J~r{A(|0o2}db8`A<
zs&iM!2s!yVnx(S$y-Yq*+1Ta)^~%?~pRehJ&mPh0XAQ?ZZm~V8SGLkQfiIXnkGSG6
zCMIzA`oe*3!wU@X=Do6in{Prq$ka03h=JxuG-`3d3U%w8<(^5W@N75Kjnts+`mnml
zMo5PUfM)Sf0u$6m{SY>h2L>&u9TSb3_fFzBK`zlVZI%<HVB3=dj#F6xYMwvwKb!m<
z5<=}C`0xNSn|hLvla1V6P>Uxh(e8^S`cJ>=AI<}lo+|H8U?d!(=5o90Ps}dVsR(u%
z!&DDbSe77whlOrZKr7Q#TgGx9alP4$+iXq10ej=-9?7v#Woyg>_a&Wa&6sj`6s1o5
zO|RQ7VYZIRl{!}$$1|V+D1a3F8Fx$jeH69R(MCq3YZ)0{ENv3|+>m!fs(a$YT0L^W
zX+<6Z&Hau`@gK-&UMEA>s~%-nmyep0icMd9<74@T588b~`&2|M!O+lK$F@$SOLaQi
zY2Ay@&$qLW4u>xT&NrE~n}N?wDeLm%WwWf7(-gzxfS>?#Ux!$gL6_HxIz><2d7jPp
zpGaT<VNA3bP86u3kn8JJ-_cS}3*f`!Gl$NKuzmA?_@PjGaWH`!Kp}c=YTwf-`1+P#
z45VIjbM04yAw3B7y^`M<=!xK({v&sC{wsHW7c}ODff9i*a{XValL;1#fr9OSwN6$>
z&hM-PPIj*E*n|JoI=^!Z=vg>YZZ5yIPOtrMt@Aq=;lC!OEM++vP$9UknVQswS=KaJ
za;#W<Q3lW0WN@LIT*C;+q@^!J(~?V98Lv6$2A)-)w5MC4ADiR{h!bF@sxr}bIR<!0
zDzoY$xLlV{8&BM|0cuj3hEuUqqn0Yng#Ck`aag1*1;bNb?ofJpG0WqC+%QY*aAlA@
zO<7N{p)K|bMjxWy)>mj5iZ$iSDx}e9<;TP!C`s(11|e!wt?>X*PJ&)<pb4l*eKZ{z
zUOrr@_UDS<{0^2y1@82<XwImcp3LnaBTroJuS`V7W#M6L7{n+?*fl*`b&t)qa*4V<
z2|2jKR5~tsAT3Q~1iV9*AZTKgVnRFPsf@1lyS6v(0($Pko6NjA#PM#69nsnS*W%)`
zXiCV2y05OX>`x}_L@{y9UeTL2t*4(vsYud2&K&)L6PCKa<}Vr!L?DVabUroaTG6CT
zQv6_xmIK}UQT#=G0KmVB%9Q_EKa`Y?3lPVDht;&p?_u>a3Jmvq2^jx-TK%KF9*x@u
z?{igiatuxz(GH6V7wdAdxe>d9W#mtLJ8Rp40ek_r^)7%UT?AVcUv4!V)nqh~ZJR7j
zOojj3xDFy3_lqC&eTGVZ+QVw`=Kb{g<)3=ZufZQvDef<9pKso=$r?4mY!Wr8jtH3m
z0Zn^2KiF_lsx&oaN3ZvXf!&gU9>iVWbFzj^EwdOPVMh2ZPCW5mruUDBlz}@GM&I|t
zo={l&Mq1S`&EO}RDj{4Us^KOKd3*u9L^E9pQ>Ygsk>sR}N#PR#pHS;~FEBG@(LULo
zb%}4+C5^uqT5C7=ulT-FOVj84iT6CfkLM0bhQn!U@~)u|3zNzNadDcoi33w~;VY9x
z18Tej3hO|#bl55%ihX-VnCS`qY5V<~8HW!8EtOCLa7Zh65^5rV^=K<>+COj1Dn;M`
z?ZnW&Kyu-I9?Pdc2{)e3JY3ra(R2sbx50e)7yyO~{M~5wP_bkJ3UUHwz7L2-%t820
zd-xbwC(t9Z#-|U>x#A3Udpi58%VJw~ugm?n^;R>4#?$kVwWI&=gXQ`7W;e!ZI#XZR
zgTiBGbz867<N5A<JT0|4f4YH2b9-VesVs9%VcB89>%bY0zr#@9)r3AK-7zXXTU)4W
zYAJ1kMdw(GoAD<C|77*#;VNK9zkOX{ZauT5M6$eOiKnNY=yXy1__5hPe&HiPsc%+G
zH8Qzo&<k^<Q{>njRJ?2e=x^a8AsN)YYdU9SU(y1~Uxx;o*5LIEo`}y?&68EY=h;Y$
zK<Bf}zTv$){00nHcYevO-3CdC`lNF+qLg&xkHRwL<eCtcF0h}NNKAmkws>mkmlBSz
z=ks$8(Q%e)P$9eL1qgdE-IObk5@qVSo09e&v&DSwqMH(K_AQKIPvM^ync^dWmf0kY
zBT818BW`tk;wXlv#0Q%R1?_>BJF#?`eYvcP9`y`vjvl0!0Uysews8lG<#6YWzeQH%
zVlf){V#^*alUP^kR;vKC)xc~8zw)<h#CgusFgT0uYrg3?m&tS8pcjy;)ng|wg-qD_
zl}RIAo=Be@XDhcgNS%d6A1bGXkJE?a3SBksC;>MTL7<R>{u^-MzLNq+c?(Bk#f?HI
z!(WYlxfxY-KSCJ#lcIiD=!zuvG-;3s{aL~MoiA(Fi|5_|7gZ0?v9fMwF-&r&t$!Hy
zNUKTc%ZO^kBm(a)cT&enk@J4>>#LdF=!hMYbRHWI;blTnL3t0Ub#304=7tMqYD3*j
zuF1@v%(cG%>9LBUt<c68uq(J<?KsyVUWG1`#{*ouJxNB6gDb0f`F5rEammIvy`|bQ
z)2!ONx<b)3HK+qH%UL7m=AtdHQX8qmmZ^?8qIyhpNV`xB`_N<z$%7ADb>I+G>CsHi
zZm)4CRg_9Nr>$OcGjDf{tn8FJj#eKXJHOy1cWpEK;f8skb1O`8mFRN7)0kQDl!wnU
zDbl5>y%2p&??|&Z6h?*~lWDOE!@~c%AMM%XR%J%}<}MGw&p1i_tA`7aZ`?Y!!!@}6
z{2i>>cY(|XEBh7YXdCd;;;O1$Mq9E!sni{J{}Kk0kd|edr^zr661vk)`|cQ2awt*=
zuTP0{fR|J8?D-T4MrfF37w2_Eq?Cf_3J<T+6lC7~AUFc;50mqrzbC(9yE<HEqlK;T
z2pB|XRKp?wEzYt{yELgsnvdgFg?pNg%&Fh)UJzVW{1}a@>DrB7(KG4TNTy~!0WG{Z
z<duJ<{P@_l*ijXFI4Xg%+-M10Yg3)#a1y7mV*hoZ-Tik7YqtM)cAWtl2tDrdjrWDZ
zX}@S=|1CUeIh$20Q$K<3``^O}j6YDvz;8Cwr^C?z_T63vRG1|rzdhnuDpar*I0esr
z8(8o@JeGMk=RODYIB^Uk^HMOFMEShg*$9Jqw2B`;Kd~v1Jg_N$8TW=qM|+wqrObhQ
z2TA7%p1`A0W^o3z6T4uO_+U`Zrj4sY%feO#JvZm=T!&Qd%28I{&94jQ*5%M3oyda$
zL%0zDB2Nu+c^gXQX}B>@u7iYKob&wiOlTKjK&6Wq3GX2w5_Js()kql$-<2>GJt*P8
z%tNyC3rI3#UzoXTB+I}c66FnMXDjZF#q!JYx>?}T)2QJXk;OTBr#Rq2fs=14cP~*4
zv;*4UQA^=%MDl3V{7y(bVNgmyhO4eXD8eNGt;;aZ7@ShP&vf|FbUJ%^W!Bg_a7B5@
zsfygeQX&lEGU}BO@-J5U!Uq=md;J3%3v<CJlWEM{-|?PQvQS<A&_(L0v1rh;A+Pj|
zc`Qj4nv9^BDbIE|<OpsIR_=N`td+bW=PmxSQ|6@Yv}H-@W~|)@gL!AB)yCBPyuxk(
z+@!@RUU`*KU=QL|vN7?u{>QEMwLfRDbN-?nA&oTLVcEooc}#X)#jrc(*m-bAZ)B$9
zE7DzW#3j;b@9}DGs(R`CE!KJrx9}0=o8r#FN_fcIBa}KM{E^v7oyOE_rSH~6=+M>F
zxWIO#Zq+%y@#N>%g5srK=L7L2MeVKMtpTjGvE>%(I>m>tCBLl891h^e*$5i8GDj$}
zjZ{s9CM_e#v&It(SnSS1lR%Y!ZZr`o@2m}5Z8p>u*zTqYcfe;4hGZjD|Ew=gO*pv#
zD+&#gW-(Hgz}Uz|kuG4GMYa?hQkfsDBhsjF4qZ7UrwD-GEK9uogLdOQ-%q;;7}qPx
z#_^!$TSR9(1YMsKfelWvaMq|RAph*&NYXugS(%TxcOEJ)tLwJf4471@#^yZ>b|vgN
z-N!&3X-WveA<-tYTFsJYQmQCv;r@-Yz7{k}7&kEB8cw4bW<F8KOhju(6u|#u;U*ft
zbh>a3jW|)7NcaR^RMRsAN+V7X5Ogg;Bz%~M^n-8~!d*h50*U~`Qm3v6J?wk^B}M+{
zyQ>bzO)Jw@r7XXnKC{CnCV~#G+_ecSoUIfj5+M=CYmq()qq7m&Q-aP4%@v+R)oPXW
z*FdcQV~b0!)6ZCCB9YS1Ok`um2%pp&JWr*~?a8d$Zph|5t_KRhAXWgyC=67@({W!c
zlrEsr*0c<U&Ev4oyNAK3C-$FE+y<w2E-v5vifNblu9*sH*^STPNlWbAtcB4P;T-}O
z@i&br8Z3iIIOLSUD&p6J-JPv6fC1HhnBe6KUo}6bs=E^3%PZb1Gz+-rf4ztY2;H)r
zf@p9{{Oud!jjI7@IU#Sy=}DdFoU2`!k15<Mgy*m-ELCtO@b1<xVfj32WJmq%nl&rd
zp%D68s`0><YSP`AVp6qn6&vG+Xdzou^S<$<@)S*8e$!S%GKb!jpmpJ73Hbfqw#k(M
zGRS?fCdO;wY?4d4O?$sVh&1AiSRxY<YcrC()tdBUQ^p0bOkKuGcaYO27tRV#7#-D4
za%a~>bg5!(G<tPj9F70H{D^EgIw1vjL|>JrU^ySdZWR^=p|GZ#-)&hCc(1aA2ag8t
zM+GI}Jz=Y3nRtu<r4<FfoEdm5SI}Q+Ql;YI*dVHR$<^d&(^N_4_!lx@aDZUBQjjt#
zq`d-BHXRsXL{d<moxAwPp04gj(o-=X$qNlGQJuasW<}_RX8_bo8iEVMm=k=>F5=!H
zLOsRE4@xKEuH=<?tyo%Mf@d>k&O6RGGJDYaIokzy`x56JBnY)<yPG?gb(2Nw=(X|d
zKPiL9U!LSm9GcivocfF?zuC^7-@a)5=d-U50G>5%uvdZl2M3eaKC#=CHyhizH=PM4
zf80NJldJYTsSn@B#T(jlbaxwQ&Um|y8#`)du$+nUb;5C<9?FUkaCAO@Mi+Zm>QHyJ
zK72~`Q_8nqZ;t$_z2tdXjcc{})3G$<ufFN*`V#orfy}|7la&QIB{5W4V|yD!HvSOy
z3($r8Cqd0O%M0v<*lqh~n}BNtky;$xl@me0+%sD!9M`n-9b@IJ>>s;r0d7Q(#{web
zZRGcWkeq}%w!XFs@%pusD0h+=JIywW2+!<_vek>tlT8rM=sp%^b@0S2m&dI9ioXlS
zOhpVI8!)^LnaD<AXJYw|4a+MDQI})Zt^neO8DCccto$n!XJE5NaWQusECu>d6X*F!
zhXXDt_R7scK}YLDcb_)MVSJNh=g9Ud^^nsrd<g&7Y(AAm*jT>Qs}bLQboXQ`Xs|Ax
zwalJD^V@;2i(7Gq#zdo#)~bpTjV;1g^90@?0^7Z`NdsucJKpZ`Pt2G+a8Sl%cR=LG
z{e)h5@Mb<e>)l6MXnY^0VN`+dgZ4IO%;7J-x68PmAsO+#lg;3T%#x}_*MpZ3@3!Qx
zvO41eM(@{ZF_am;T~+b;Il3M~Vl#;uIF!8g(L+5IhXUpEBm@>SEB2d=8|R{hqx0*=
z&Ffni_qD&!FWkH~0z0qNygFrfhyeHTo=k8)PfDjCJ==M}Np__>`NGv0ly;&Wgp;jJ
z6o@ZeFgioq&VDF7RVT1WCK$9-_XXZclv|)eVI?b<`8cdv@p|hBB@_oaKS+~F&b&I7
z*JU3yCrHa~)0n=15!p@fX)dY##J&<#uvFHG_mKY9)bbZ-vs14NjESwWQ;K-U_erb|
z68PT~9WjvaJe>arCSv*zOq4Qo^$m;mf`j0vBz=Ksq{Lr;pPj#>9REK~R71-S@7t}q
ztyecA>A?H={0*w-2@?4IF8&?#ea~Q=p(6S1srl-`^zupT%96ps4w95y#an0Dw;Oi4
z5oS1j0y!aw`KK<zP@wZ1pPMQ(?mod(R(JlI?Ss#G4H_fTu^Ewa*6TXY?H{`;AU#YI
zHc(S$8PIy}d%ET3&;_f>NtNZs=cn8+Si3cdH9NA6XxBc$2esPsva*?wtEBSQr1^^v
z<+a*LQd-(bkm**7m?kePBOWgvf^(X!ABTs6+dw6q%Q+G*#5H8tWH=H(2=W*?ff|7p
z>e{qWZ4=W)pU2>!1&<H1!pxWk5R8>)y2n{}Chkqsc6mTovLwf$1fRv`9ctVKIbAUI
zr0FLG(W3Utk;pNTp`K%*7b=(rz52i$Y7LZ%jYxtAOklc6crFvm!EjePTO)NYaF!^t
zxpL2MR<NnjzDS-<d(0T-78#L+c~v;Wa+fw5r7idydDs=N%CODH=C*nUAbjOiP;jYJ
zwR$f4-RCCt5tdNwW!S=Xgi{8Wz<bq%DG3tV>}Q&B=pf0zd}nf<WsqDs?u*aDFhEl;
zZ+D*41H2#3XO?SD?l(8wdUT}99+mgH62<3o@V<~vzfhkXas>qD3r(GKwog}|H^H?J
z+u~v-j9Mc9-nG|nO%FE!CR_P$FkR6tBI}`V*8EG%E?3e=?S3s&6;}*SFkxRt?cg1!
ze0-xTF}w?(Est;{J%bZXAEFu#TgBNT`w6u!9y)!Mv$t<xTG0}VHZ#sJa@+UWPxkeA
zB1<AsUX-n>UG;bgpY3zyw$)W~o(Lr3E;SyVJ9s%HqEew)?BASJ@874-qfmqsLUXOG
zwyt`k)BQS?wTgqOnQT6Q$49<LgKLK(AE_3UZo=TedsaR-#f`dtP@!M!3xhoD-^jLf
zFX3igaYw_419&(t(<#F^N5jaOY<9*q{u+jo16MH!z0iHHq!HQ#_u8Lvodjmy90fvK
zMto@!w8Kb$k^_(d!3#m=AaORel!;)g<djra#kL(lEFEfV`n#ZTysj4*R(P<WqtTwL
zjWf2^C4$vA(h?;=!%=B3h5JVm`syOTP2V0@2}QK@@PGwofD*?Pm0Y@Qf!0x}bq#Dw
zjuSu?;fry0I6-qp>^)}K8CkE9^|NnghO4(AS8+lgJHzMz8dveKvQv<&S~@&jLqOi%
zd<2Orn!MdyD0*fv3MfWe5yzn(S>~PSSBV_LBiNpNTV>R7Z3;=;mH^>*t6Nq|V3prl
zNMG_|wm&My>+EUJHya*?MDB;{w8DE-5oVrOXp^1e>eXnhwrZiMS}uN>>C_F{6{FlR
zRavGDJABsyblY++IwUq2btCtSTleXjypTnTZq+O+jAQdlbj_R~b2sKWCYQ@0j^X%v
zKJ2|bv~;>|?EaaCDyPf3Uu-s~j>?Lz?_YvK$RP18;b`5=o{2iEYdEy7A%dG(>fOj<
zfV^UFvpF~Aa9Ga~aO{OKa1)}|&duFY^^d|D(oFIOY>kuf2m7ZV&z0a7krc$@x4gz7
z!)qFICSS;QMuR{({f%(<P;PM&#iq0*j*@^LVgHE}ACIdcQm-nPNSay>!2z$6P#mI;
z{264lDJxj92XRp9GDY%4r?t1KJx4OxRe<n|>(X>mokcCuu-dpn>XAEySMiPR2kG?C
zWSjsb0G_#|WsR8?WCH04$F!VprSdfg&8-O|OXAg<z2U2K{Ov8ny(+GO-I5|8Wy#2n
zFHwezE^Ah|K*r6MZiGbjz@^!?0W^ay7!f((G6k_g=65K|Ls&~-Y$fo=*|_u6WHQA7
z6Mj5P;aCa)Q_cWtHtr1^@jgfC!wpc3GxW0>peQdHG_3_36nk?XK5GYYf4SJib=z77
z%aL%uPrd<KX2m0fCr@RzZ^XWAO>qq><(RMzT;W?3Ao}qH3$9QVCRP-w%YYhPT$z+>
zV{F4M<Dhgj3{`#9_nL@4Qpr(F0sb*!iHT*24K5}wkk9^T4Vl=dmRo6B1G>yo48%(d
z5UN4b#xn95)#%!%ow&^iFci(aseUrJ`=of%@{Z{=GfZpp_A=g9UE@F<msL9+B+rZ@
zme%C~4DDVSXKX{2K8CmbDi*rjgZi?31t&lNNoME(63<oR25|n;Zd$tlkzSI?aYnyO
zB13a=;>5W^3c~FpBAQb-bWqQsPETO~Jmv6j`nYc+5_C-TB%TT&T+Qq%Ut@mJsg48}
zQNhfn*sbZQkY;+jUFcL4&`^H0$|tNZ1H$DKV8>Woq~YXdV+t0>Y^d}<ChwBac$Q95
zDSledbI_qRC={*4_3xg_a!pN@q}PiooNXIUQqW-_c9O~D>6GLkuia(9s}0i1iKb)D
z(|==f=f7K(;tYjH$)+DK$1b#Lbb>w?k|=hp-yP6K-qYnNlTxAh6!%DYaswZbK-#br
zaB`7B_8>>sn}5W@g2T=)13)jJ3sMXsz9S)mK0%!Rkw^d8h3kYtzxP;H7S{g~s4uZ5
zY)Qnf`SqC0NZs1oEA*5PMEv-GXxNnslLT>bjcQ`+fhpd;@?SSuvf1kb{Xm<C)2geh
zpRC9k9bc>cd}%=%mawAsAMfljIaz)$Q0U8|8@we~4-mq$$U_%Mgu+#UpNoSg1KSfp
zQ<D7zP?B-%-`PHM^1^?1I>cj5N3s3W`Qg8y<^hNK@$|A_-vm57qQEeajVY$~P(il9
z%-AH&46I*;DS!weC0&gghW;sO-&e@Q(kg@ug2K*hvhhQOB@g7UtN9KBYr~pB{$?-T
zDGX*QYBU0_(}tLNT#dgijtlnney%?kotZvhDoy&a`a)AbF6so`zF>SGO#8li5*vkX
z%>!q{JvFwBqS81w;JnE+Js@28NG>~Pd}p%024&+d5S6H{*!~L9ETSfhMPfF*2G;xN
z973Lm-uT{f_v8bt_23*V>y6ugi~^Mb-BkZJTxDoETnE<LN2m9v9>-3;o5@nD`P?*M
z{p;uDwj7(Dd((a*+1<hOIBb@fQro>HEZ0}*k+QaBRii?UxNYTVJ#hy_8VimG{&p<f
z;Hy2pQ_cqxH)Ny?q=<lpd}#7w><%5DaQCZ?2{?y&Boasx$+ErQO~$s!P#7OIX2f7I
zCE?F_3uxHLo92!-0zVcim%nBe?WFsFj8w+3laJgVBVL9t1DkJdEqVzcPj9=&R@1>c
z`wyB*n%DznR+?0_m{L5?_MhMQ2i~8O=F4n{O+4+1>FMGYr*LcO90mAGa5MJfpB;nw
ztvq@^Z~K2ERK@xqfv_g2<TWWudZpI@u&#Q}M~Gg%BOT036QN=B@b|9YI&ypgon2OY
zv9k_WCM6TwSDjs99l5acT{m^dHpt781)23f@T(zG7P1BVnQo|$`MNc0cDQo~2{dLP
z+Z&vG@$3n+wli}%3S3AVqVI1tHb~o8qAoSPCO|s3>g5?xRnh`Y{ts907#&%+MGbfC
zq=SypNq1~p9ox2T^K@+6wrzE6TOHf>o990F``&TiA2r7LQFW@uslC=-d(AcH^rL5;
zjviqSZ;CNfCc~jv8+9}y>~q9RpMlm2_mMjS{`{Dx4jhG?k-JLF92r<v9yBWG>ac;W
z+wQa=4>11pdv?M;rvD?g>YEFzQEj2~wX}z49b;v~kxe0T4{<tO(;7Je(gtP#oiIIi
z0ov*?P$R@}$wA#eue^@fdnB|LS?W|rlb-nSClyH{JV^Sh@qy1KxL0UPbl*#A_FlLY
zP*b4rH!Z+W?2%AekSy#9KA-LBPO!XXq${C{WJ@vVYZ`lD&B(XiX&&?+nWDouuEe;R
zcdJUNAR+^IT$`Y0K_pFcb~NZ7pH33gpcQ>Dv~U7eZ;^q_Cjzq6jo!;P!R>8%t(@Dh
zjUs1xi;mA{hrV`Of;(rd(-PPh5EVLSK&$7o_Mt>|S2v`Wl$46^yEI^W@^Xt}u66R-
z@naUI?JlUKv+0H95V7(t12r`hf8~92=LJ@Jv1uPU`kBmLD#5YE!D?}0FO-v@Yvo9!
zNMg>MGt2oJ`f%`5MM#hv!*=xX{&~83ifcM#1iCzR!WRKaQp-83P2gBP?FiZ(ppo(H
zXPa;c8c|3u*}0Wdsk7ToyR<3_aTfIUi{L&t#I6=YV!U%X8wr^#41rOa?C)Sm7;tHJ
z`xC}rl3xF0be)#Dtn*e5o{aYv1;^qx$A&KH1kNeB@pnGSDgG0$XQdu9wYlRG*0J5a
zO<Ue^kxlo}L17S&4lK>H(3$T7^je*hKQeR?5_I=0Y^#^X$J>yaF4C|Q^r?A;0=lr!
z(M1w1O(}aNnc&Fw8Pio4+w_OZkkV*%oF`>=?v0wC1rD!_UL4U=EMr!0x&47MG8-<~
zmb|okLW(8PK$%84b+e+B2Lo3={h1gAPB|leMgG(g{&{SdQt92-qD)Svrmd5JBC4r(
z19AEM0;WVlCu)CWGG8*jso$!~-@koie}O^xNynuq^qT-CncC}xwC%*7;Xg<hDE)t+
zN)=Fg)+EA9P`jk7gn!aG9rORD^9<FV$Q>5=jsr?hny(dPA-Ul2_Q{PNrfsGsU$glz
zxDDImgpjQ0S3jV{r(+A)lu1G&!l~nk2ueg&urZmkH2(7T_`njzy7WFi>|5o1%h?xT
zl7=Mm-rigth|LWSeEphXPskSx#xMJ2Mb+CBsQ6`4QMk2wvi~s7o5qxttCY_Sf&C?1
z4tg3&5}PjnW_58q2#k!|^UcP=P$aI*-d#3XOW*DYjEv9D49`R4Qd`rVo3gFc(!^*k
zqE?yEe1IW+GoA1GTp5krHhQk7nney}Wh{}|O!9C6pAvY48-9eA78#sm!urMfdRes#
zn5+K)8M_oSfF8)zllm_HNbrC&HKMMw;GhvSMCs={0U@1yk8ihBH>i`z>*e{Jd36z$
zHi@L3R_%bqsi+&wR7awU`kP83`aHU?vhTuD<hp>=&R{aNkvjxVi+3sG#=ecf;ZU8^
znRwk*a}hgLo6BV{o3rTi^jwtI1P6T%B+rUW9cb__zKLG^TGyH7RGojAt;+Inwbh$A
zIdf~1T@6|##!x0aZ-m!7L36e0zJVKYwVA3JJ6X@_eJ}DBDYyB$8-)Dm1T}*Uc)#x~
z79Ff0Q=fT8k4U(QPZLYd(ne&AE*hx6iABacxkZL4$v8&3NzO7-En2ch%zC8&y_bS2
zr$$;q%gV*AL>?t9M&4M1khIFL!}l=vyC=+}VUq%hMlW?$-?<&($XQ!^YJyvK;jJ1^
zNIk?vDv1|*{eO&OcxBaK5bR78CCm?&@>apjd)!3gU18DeHkV)2YzwLHvaJPT*=LTc
zI(VC(a5t`GQ(b%DBsqF{zCNx3vqk$5=M-pap|RFELQ+0_kmL(4nj*dL-B35$1yooR
zSlBo$k&De`PG+L)y8`WA-pOQ+vBy{SXo-r^OFGyq9hI~@k`cA11ypGas);9(cvUJA
zDqTzk5uBGuDKt4bsD>>QssrK|=y^YB4AKp7EyNmlX4$5xpD60v=FIy5ldAc8_SRhg
z#g$)G%nkQ7x~gU>n5nV(XtQ_VzlzF3rpn^!Su6igSW^5n5g15%^SOtm?n<A)r8xoX
z)LhIF=MeNB8l5SeXT609vtFOs-200i8aB?-F&gPy<CWeR*;qD?_fft<shlFRsOR8l
zjf6Dc#KY8BEtAAT(n1>#aA(ds-8Ze|IMAdrP*|`ftO$-0JdC5qeoJt`r>pl6eV3QZ
z%%X9rJv5kaRN`b>d9X67>Z$2WvNEo;HpaneWhP5glSm{Y<>JU|A&KtV95HT8x4A}w
zkp!u}sY_!a+1L=SY;lzAJcx<XCKiREO){!qIlKeS52=4`Vbi)|UXTfNi?M;4#Op2c
z+lPz|O7yjV6+8Lu0ka8Z4{pr;drg-3i!n*E=eW;r9x%3pXP{D}oh%821`I996&ega
zX~KpR@*lC||FmiJQa~{OEfzmhj*SpuQZ^qb6u`tz_rED-UQ5jemp#_I>XW?%k~;qK
z1sk*xDzl?zM;i%pX@F;FexY5FcB<}!VCj3@AO@8&UhN9yax}Hqus$x94xOu^IJfBY
zOGYk`t3)(_*6zjj?*4f8UC1`}Js$lu$o}bv*PAmPzyGe|CDJe~P96|?L|9A~AG`9^
zG~9Lp6AS<SeeZIy_XGF(K!AZr6ieS#R@`Ds@p^g>{h09M?PU{jlb4*3;QhWU$ONT6
z1RL-xnAA9k_m*9NJ&KLo-&*vOB5KKn?<R#z1F6&g@^L~SD)kti_~%eRdD6W|AJYsk
zJa*W)qKbuODp`}deGTwj?$m?)@Ht(7)zl@|kERi}N|#ptWbc&`e8Te>=4){m15p!B
zPS<DCBTtW)M~l4=1n<|Az*7-#j2|yIf%iMV_}$a=`{kiOd{4e%Zuks|$@RA;kG-2b
zHJzCKE6%%3q^x%%ox0+HMsjR+i~B4B@8??^f*|94Gnr7Y4PbU`po5Zzo8nknO)tM@
zrX}0YLHX&mWaqpn6Q9-MFcF)#{D{|`d=33&!~|6--=>cF<9QZ%8yw8)PQ5%dn2zqG
zx|7UuZh;fveF-gjX4G<w<Vs<lQVXlFdbe!BH-CBNMXq?Y$!elqFu`23*SRmzuDZ6@
zc{(7W9kqQ@2g)~JDx&UFW~zcL#sd|dD&ER(Pwn5TNp(gyDV^G^_Uf`MIOkS%qEGlX
z6grUX9^31+*3t@18rfgK_r7J}TePhm)ZE{+cvmfSTH9-to?U8}NqO6#IzJab_<EsV
z3}!H-cX7{z{NW*K6MCNHO~=vk?{nBot5aqzX46s$K-g*V6<;sUP84I40h3PR#Q^&O
zQ0Nyn&#?;X4csb33@lZzKI>1fS?3a1>Mo{H|Mhcd@z)ySa;f3^<5l`RGVmM%L%lTe
z7CYtgVhPhu{hP-#w^o=lMIYZQB3GYucZCEj5uw-Z_j(x1L2h-A=~1CA=jiKm%gQ~3
zCzFvx;f-D2x^-jOL$=8c_%h{KiusZkAR$&WT9xd7OB3KYzC93WDP)2oEZ@c1q@X@~
zNKrr#-^qm8lK5r1V{jT$YmFBS_Cmfbpb%VO?&<8%?>8QM_0Y`8<wd=(qT+2CTi#~B
z&*^jvuKhiIzWlFgjQoiGs?02p>n_?Z4r=*o_ceG_DAKYWiFdi$jo<sxY}Gunz@hot
zP4J#Xi#;t=D|=Q$%*9PSZ`95J#-}|l*sbO|87}Mf-6_`IV1!+Rys73UWaW*gX9iZ2
zL)Rn4`W9!oWaZu#`lZa@I7*Hk%#l}zfNG%&XPZCW(}5Zk^DSQYsAb;U3m0mMsRM}-
zk4<rZ6r>d^-alH_$*AaP*uT_80R(}o==sc_%C2hFn>cF^hJL#NA(e@Kn;(xmS?{k`
zn|hCa45b>{^=5i*Lh{*W_bds_Od$)31m{vU&V>+7(l+}?qXqBbl_`%&c3GjD-aegZ
zkM7Lep<hw6Y$Vtoq*o_~7^NI4H%u-&Kh-ec1TKl8j((7R$Cx*c9X)kq0pJa~@q@1R
zUW7x{uj<F{R_32JqC0EbhT!wEyz^+5?wEZ%pyZ@viBgMQf=3#n4|c{B;PhG|Y)Z_P
zPhL0|#3e(Cir*SgnrtrY1>5ulTkEZDC!YtGak)f!7=4p<`W-E1jeo5uT?E8{pA+6$
zORlCG=kT(0Xg_`xIk#&n188(y^$qOSBo=vQAJ262&}V)MIZ!;S<cmJ6a=*G~Bf%9_
z%;I06Zi&mLOExRag;i8ETyA9K2(ziJ;3L7y{8Feb^>Rs<M2lsUbw5I3#BSf5swBu3
zsfW7!{EVp?NxEiwQaz43F(~ZwUMI-KeLCAl1yso2l7_A*qn<ZbU_+tH94+Ozd;zI%
zFxh6yO5!#a67<hm?-T36$vx9@;ZcFhoG_Hc`FPzq!(BS*s#ZuW+p`P{cIu0ghuZez
zAn$u`5E9_8{=;%uVAU#AYVW>G(o0QKOH#{$pQq?qMU3(0j%BW14^d$gf&7RE&qn%M
zxut!^=7~b{Vr{`r2E$<s!l=vmv_WQVsbMR+t)78M%?2JKE1an6IBBgQ4t2ymiEF#a
zx2Twu3u9noaiPz-#3X)ASmA&gif&ErR72qfGQE>{KS?`K@LRA<k|7QlIk496eyoyL
zaG1Ls0L->X#FZJ|&|Pm)xui&bffXEa2p~&=-+L*d&e}WK8?~xKiZjpj@Xo+x?I$p8
z9kZ)I>wy@2QI08}|7E6Gz&guhXEW0}LU@C+qKT9^iAT`!2BOS-URhU(DI%HEL%2$(
z=AvwgfozwSc{@Km#VX?h0bo+bGfo$&b#GvwYWX2m-p{onk`|e0FsVSH4wbmwBZsr9
zIqiVYGZyYDmX*N95t;@noC%aGEl9cwmn5#p(hfaCq{eU9qi*lgT>Lura#@2;lPv9E
z3Sn9#p0GTevdI=Pp6r(KSKt}0BM&rDEL&-nFf?7faOLw{a!9>02e`#?Gu2<(_7oQs
zx{gJm3c@99IErTQP-@(gWByVV$=|dyWss`5^;hlAReSAemg$u6q;H>MQ@c2r<Vb3f
z;WJUpRy4ACFV>%nx7x2j6ErLwtGA~1m3H@Oqwd6B@-N$_xhzpEH&lYz4HrgFwDL$a
zE1fXlR|~b3i7m<v12(Arb#Gd+=LP;6O@_-okw)}zAq#P#<~VwI<F}6D#FG?95D2HY
z7@zB!-!v80fh%u#Zh@ULnX%s0dsO9fRTCe$Zz4RjuqamE&-_Hej$fV1+2o5do%k&S
zCFAfnngla6j1aLq2j>pXmUXZ1uQe+)4vqSA%bv<<p-#ObpsxV*bR69tm;ACB5T<}x
zEj)R$^r)in>K_{+3Nv%CI44V&bvx+B#F-O>CGcl-?2*a8l$&~F*cu__C$|-VBL6BR
z|2;DQ3$7>#iVs>gK`iJQzw&M~J-K9aE(%HUMynV&T1bzrE@W@e-FIZJhFg~(P$x$j
zH3DX-E-W6jz)T*Mpb^EZ{KrF;j%zh$n{-shAA^=+CL3*SEzv)Bs5U~*a@Fb91LCFN
zWb_=;tOiOOoEf%pP^*d>55En_rXsfZSo=gS^ZNMF=8%p8@4v4z?TzHm`I{)7Y_y6C
zq8$y`X5;j>-I3Y3nxB30n0>kL$_P;;^n;J3W~Dqx0sXoMhV|l>cTJH3aqhCNak75>
zi@m&fJ0Dmn59L-h0Xu%BBDi#xg{4}8iK}oD4ULCxJ+i65Ek2w+k*|4u$d|<gGmvNe
zE0_mnl{lnpyNoA2((^dEqBwzIR+v1okfQ$Jb+;~AL<TY!;Vgl<Q_LPZf@wDN?lnto
z;%VNtK!ucDQQYPkJTfPt>_b&k+{)_lCbvZVwA@oaVk@^853SDlqw?xl8LID@=U`I*
z<yv@p(BF<aF6qd+pE`lwr@HI<Wo|aAyqqTXVG(w_P4mmi^C;WaFnUVf3`OZx4Sg-5
zAZqqGanehNVl>;Ne>&*YWt#Jj{Nfv&a*+bDfQTnOyt+NKKo3H%QjJ;MqFWV~9De<L
z2JS)xyk~^lp;IijJ+*?8Ub-!;`PRmB6w>-*7cRQ?RR{gYYJ6funTogdrl^`CZ)Ul9
zWU*AQ*_J5^30M`RA6YiEgvZK~!(p<*yA>%5l~l~nDl66lt_IkXZZ&7=mCn)=nb0eF
zfO{UjY%Lyxv6;2HeR>rAJ>KGh(@3-H$kDG6)l3?n{-j-SrJL0)lv1>Ss12MTws9?T
z?~Dc1O0xZi@`@0d73!(O6Moq4jQo*b3t->jClf@M55YsE)pP3qliiz#An0i9LAU}*
zzXs_pMo`-$C`hAfo&^e3ZsitaVT1viJKHZy0+?Z%%Q_6F_~d$?4?}k<nZq}Spb?1;
zQ`;f6Ph>|024rn5f60>egpWRkUeu)ZnC7=bO05#u=p*cWeTfD_lCfkADF=s16)P7P
zxcNxyQBiG$B?Dawe+z#9b~qReb5Cb%tXask_0$7hW`05wlfx(7jm1gYu8stt^e9*W
z4=KF&b5)&jaj20bP~*Kx<gKg$W^I7CtV`Z0<>b5Dt5(i=z%s8CLk6`Itb9@W*zlyW
zpfp|@K@F1kA4Y61t93t<Uz|=~Oy=}lkqo1u`H`OKkAHKAb6}BPp-Qt#PkDYusv0uH
z@t28W#w}_)_>g47#CQBU;1Do_50X<o%Vn@h<sc~v-QU8H6KU!d8a#XISIM}$Np9my
z(q3PHB43+Lm>!jI4s21Xq2*5cU_R(y-tnbfN9nA-<CJ-{SwfsR$S^1t!BTL$@|OYG
znk6I;b?5CNw{c%=M4Q*1%tm(GDXfOt`WatAiol+(&n^%BhpA*oLIaSs{9XPFpROz#
z3cmmH>p)K_rt*;PKuFKJ;a8UQy4wr40C<ee!4iw&=#Xmdb9~L$4n!@3Av%ak9_!Nu
z#S^5w4YrsLgPf`5_T%0SwrX|DwuhAPD%T~8hZe-sJnjc@nZnJR=xqvCZFh9zhu;bw
zLBbxpPcz%c%x@3(<g36cLMiX6hf<=qHUDM1YWEs@X&q%#qnS)*qsbTz#IYrYhcv>D
z@CKvxI{sMvO#Xn$SrxB;V`mKpp2LYaoe@3qkmHEa1bdFb`nOq{U_%8Sbp+Q;o&;Q$
ztrcQDFPjWsc7c-5E&>#^-8H0FuJt2PW>A=w1;$TziErbL2=KtaG4>c@D=(1(Gg-XQ
z;FL5pRk?Zf`?30<@5=hW+f&y1U+(#`3j=X6zsTV6Ud){~6V_{CJGG~$Yb)0HqDL^P
zBtL@vd=u#+jg#fO5hQ6D>Vz|nQZD=-2vR?bIAr$iuv10-oM%w2^-)M}7nr|d!7>Tr
znhjk7(y;Mt(EiVa2-EoaIW>Z-`J`NV!V3!mM7ewdeKCRX1PgwGmvb|lUhX3vr7F|`
zp;7st=Zu^hvA)l>GJQF(Z0+i)mA5=`RpN0h2s@peh%>U-+@?aXR$VjJoWc8nb)2fo
z>-Tm#rlHfW<~iz#u`23z-&o-!JyPUHh8+r+n6>^rA*m@y!}^AxkN&yK3A>t*tf7oY
z9985Yn3(dA>aYr8Nvo+hMQC=LA(owdN~6cfmO`;O9<omTs5AK+&+6%Y=bLpIe!Qfi
z5)zE~76}#T;vtQDv5?od^;x=kNN;~WISStQQ%hMJ4}qb__Hb1M;n)oo9M7E$eRLpP
z^27+V?51?U#bfk&ZUYx?Kgo(le&4z*DB5KrF>^1bEQ+PMJvcXkIsJkV3bAEOeBvS7
ztoYvgk6)qQ`uzg)HWsX>3EL&!RS!=*TXN_#;pQ~{uEzkmFv%Kc>qTW#B?_`oCnN6T
z#O43@XVO|<Wv04_DZ{2hJ^)RUE?GKy3#VS}>%gFqJ-W+cNk>x|_-NeIIK=g9Hu&Gu
z&sQ^hhP?OctbgnP6D1cf*;WB%uV^}=xa-j<AIdU6OzY~?>71i1sH`R=BxaHi2)+?U
zut4=m;ApoltOg{$b1%cC?exrKn9*Oms}8*Qq4(PTZRMG!C9BVN036fGD$mT_o7s(Q
zle<^nGRtHG`OOAlXp7=J$L`l~23sQR6v21Jsq|p1qLelNv}^m+l~$;q+2O(PP(%#v
zj9@=OL-=@w1*?PT>AQ;Kz@<LxGN!eue{!5~AQ%n^)CoV)KRd5C9jM2#%H|+N;)2`9
z9BY+UZvNB9r%FX18h}yke&%|k($QkU@$p#NR>mUxU6e9mx4v*POwgb)#q{i_lH!V#
z>jsodZR5EQ0$Cn&ug?Pf#ZRyhKGCVDY3x(I`ogEQA^JhPv`wzB7XQhw7J*<D|M$Bk
zu{?b9pYZQBsJ~5Ax;+wA08LGrSIw<@h5)lWckcaoV{6Pk3T!3mZ!`~*Dt8KL)(cbk
zA*2!U&kN8eR;lLAjrES4ymB0}Je*!1Yj}dYz3AYA!>OpGx?X(kN%^3OR+!1{ysC<v
zT!{FD`rmb_jXS1q(ZQMO&mQp&Q?njr7R2iv`&(sshfQoCT>Z;J&+F}fPa`J00iUGm
zj@`Y~Q&}ZWz6RApw|PAr*0Zgz{l^djFE6IMA@OkBjBeYn2&5*)>&-Tmc^Ex%WG!la
zwL^9W!yQJ=r^`GlW+D)o1J@cIlq6eaW!lw!kuJ3z5%^VF&qf$;4uhjE_s>^RR*6f(
zfpv?g;>!<8i5g%YBFff}cXTRA0KuvN?QC1>1sliKO<_jA1D`}|cNKxDX5negTP&rL
zy9(0g)9VD6(T>2Ik%mr7s^gACy@9U4IqOVFhx#*m#tJQX+>=qs@PSS-Gr$-D#x#?_
zn}+^Yl<gbMgeUow+(I`jO1&u7l<6SH9NIXTG7xt7xKkVlb|I&@=Ma9&MCu646G&x)
z5ZU0AysD$Y*1ryQX;V_N65q5vd=pBWd1`Xr+dNXTb1T%nIUf7~BSKNR__veh(+8>w
z!jP053`PXX!1x~qQBn`;XNxTx0t7$FoE+>=QY6}Ev;Nae^?#t(eiaFuHI}cRW}=6h
z-DB`Uy@Wpf_-jA;X0gw(!_Y;id)<+txbp*MKad<BW1B68EpR}H^sGW~Cp<UXMYo{c
zb#mTe5T&5y+Hs<E0)s%p=?)W!rM0hbr2!<ckeDImSIi7MLfzmzUAkahF{ls#o|EVk
z+ArFQ+R7rVND>wP@^dKIv_dbO$2PW`eqDzb$p+C>_w{wtwkj~R#My&MQ_7z42n>7I
zawY~;FS3U;0G~vU6>gU5lv9t6&{rRefcLXizg0knVmDUVYiFkCY}&*zn6CiR!Sl`g
zrU{Cqo(Sa*hT8Yo<HhD)DMSu{EWd<c1DCMO6F?Jtta<?RCA_B2RJozFFl5U!m`?s7
zXt$$H{ci7Z<Nc7gy}5}5SbsUyJ7LjafdMyN0IvlJa17j83FoYw@TaaYZS!bh$xd2T
z)9DRrU_O8U=Bd4vL0aAM3nyqk<?gZELgQ}2eRtuh`>pAA^}*!XzflR`fnKG2wO9jG
zt7clt?9dGEuIW{dCYuO=_4NrQab;?~YuAy5_@w7B4icmA*=9-xGn&y77?&c0#&^%O
zRh|e~JRIXWYXI@&`T5PJE$uUY&6VSi3%N*LhtoMV89ucTl9sd$v#`YV;xN%<G-Yji
zQV&yzwDkGs=~G~A<N%g&w<O8KO4A+>+ey9X9izICPrGvESr2=nNxO-i!PdqOf_+yR
z_U}TF<}`+|3F@I<&wArIxXt+=szy9Ycv_hm25F$H!%cUjCze~SLsc!Ud(~A8M=jU3
zGqI(wHlEl)V<IR?D48xV)~FAn*cr(L2VTjROxO(ew(g0Srhv)O(Pv{d<Msp*b+V_%
zGxboJ2A`AzZ;EnkFoZHpJIV}AuG=T`5d1PNowW5PDU(!H6oJ~M^rpN-E$fFiBbmuX
zjdPhm(zKPNaf^55Q8GiqzPD}ca+uadeJH+?9<_HDd9r#Uzlongzv^ORxeV#Cm~d-&
zKYLjbm5Y$K98hRKQah*ySd=XTgOz^@%CH~8GY{Jtap{=L>*zW=-jDWsFSIaQ<n8;l
z6i|;?(zgemxmun<!51<^N;sD!Qs(9#DmRdx90C=t%(l4P4^QOc)FgiBK>WESA%m1J
ziu^%YE~=}C^*g@)&q&HhCf%7MHA1M3bay9wvHM_=1PzJFyh?0#7CM=9SK%$AMA-t&
zicvLl5rZj3x2&J9i&<2K!zHxg&FMLyW_QE(Z)|Ijf&D9nz(x*+n8e-wX$t)5cl<wL
zoS-OSflCkH`J(cusVY)SEfH89G^M>Fuv{%`dZfo__zOu&?D-?-+QQ_1x;OGF+^B=6
z1Csi1CA;%yF6wZ4ZiaUnD_A7VZ3zmgpwWe6S4wvzqnk8~2!@bstr1!fG|!<Cbfi9X
z_x;<lCu3D1aOi*-38K10<bDC|fI@*{I_eJ4yFfYW>b$3_;W4Wi5IfFk&Df@Z<H<XT
zZ8O97{O;HF&9l|??<K-j`SbUupMFhJ5UMDFwU8X>U@AxbBAUf7m6Zk(O4RDcqCYNO
zbacDvYEuT6AU~I)0P|Ay5DIOfNj@T;=t<<5mTq7PzyZhjg}t{%wHr$lxa&E#?6+Rl
zOB=P>b&mh--J6B?9OM=JYh5Y$+i{9)Q|k8$3$%4PR#u)Tp~g!%t-Eb|R!8%=@i%Yt
z+MgLbj#!o)2lv5^IPEr#WGo%-(qW$c3D5ZLb8am!C(a9)UdQdoMNH*PmojibM8T)5
zh|Z5nASNv)tJH%!ljvs7$tL&$bF%)AgLT=B!D7W#`KgN6u~UkNWsp_qh{)P|{mbP3
zY$wZFvW!&*1I0=OM$p}@>5Gw7({=qhr+oNn_e*>o@!1gWU*7Q`O}=^?5OsG}9;eGI
zD!C)@Q!73vI(fH8Hqs1uDvq`xIY8x^V3s`$H~gJL)$}{1DMV1J*qr$HJCEisY_+W~
zP}B~eg8lzME1zuAPYpd4PzIKNkXl<%hJW2y!0GAPnUd%kz;J+QloB}IN4?d2AzIT8
zJLK>D`0W!MWK;D^w;w+8*yG{*M5}EYI2-e#@vg3-A#=KL*B$&%J1_|kJ!<ArI%$KD
z@dnW{vB_NdTN$tTI6Luh<r!9B<k$FKrg-iF&?}-v^r6F;wr5R2`(8ILs0VGj@nE(a
z4Z-S^1G?NIFqXj1!)nt09muzOop&qg++qc0Z@ghoec^SEYu_;q$Fs#iU)c0+v~^&-
z)oGJk!{`wB5Z6U_aMT<D4O$RhBg6{ir#DTM=Jyg)_4DP&jE^SDa$ZhedJ`XOEM}`4
z<!)QZ`z3u+%N*LRYO(zX9a0ZFV4Q3$fR2oS&(tO<0t*NoEXoPy89*ams+5wfQ5cin
zQlSFbb0>Ozp2R8YvHgDL#8-uI*nRf!k>7l{O;3paintW^<%BPILI}+I0l}AH;J(I#
zktfn$%_gBvvV66p`1R?$*QSk=UKcRuvF>vM`5pNs{5osb<=ESEO+D5wng#Qy&h0dL
z6-kTt#2TPUJ}YwmP{2br5BXWtfaoCF)MNu}zH$5tz20T~xmZG<{sK<)vWCv?yo%GF
zy%eT@(cvSZscQoD4E+mj)@y&jSOaPKeN1i=uI~4eV>VIHX{$4K5!d4Wohe1uK<Gh%
z55%NeB~U0ja!}qBT~JN5xw-?l7BB`bfJ^C#lL6564G~Vd1XRSI-9SL5a?o9&Gb9>l
zw++tRpj00GTs}3%HK7VgQm9!756jH@8Ml}kP5`&D=qc@%nP#7M`xBq$G{DY<gKlI9
zTT5`@`)LBHtSore30gV(4T@Ts&si0;<d~pI?PB#;nMLu|mfnrkTHB>>Anx;pY<_vX
z{0o2~Mw*X(H-<ZECmlj$GmXA;r80l-;o4S=o8<7e=8XK$&ymvgw6-_ew(aJY%^BlS
z*d7T)J_A_^{XMon^DzfwR}C>+Q<clx8S$VKTYnOpc;ByjUHVfhkTkRx`HLz_!g0%f
z1g$`ytOPH~W7WuNjV~l`QLrG&h;#>~W^w>fC=LxV?(j>D#d0={q9fV6zeuh@sC|G!
zf{DMCb#G5cRI>96CN)}7LLVOtE|BYW3p>a7l_JL}^QG|f1`_+48FT4q<@OJJs<iA5
zW_0l&Y}69ZGlbj(g+<P1;H(K$EQVBM48PRSb%}rMUK1Kos2C>fs50<PU<#Bd7{>v%
zx9mn*HM@tS#+&0><DRr+-$voN%eNBUi5?c?wc{DhMt1eooD-ZoMGvS94DQ3cj~aSw
zm3Cz%e3;=zpBe-nXk_Z6a*#XX!@fDDQI>K-T}@b)=Sgttk+ERNxxQ(~p;_(X9x-{Q
zt6ZDF76p{;D?N!n-suK`I(b_pW4Hs1JAr4bqv#wXp>0%%d7}qSQNs(=wlc6IC!yPd
zw`pFj_77DC{_BseeCN+$!cUO=G=KS1UUPqNn7ZoIijWa$tk$wo5A}O<gVKRvy(=I;
zJk)tT%3`u&a(8rAoD(CcT$s_^X>$R!)?M(RCFSD!S;D1#EfEB){$Acp6O=!$51}={
z%{(xg?m23vK&1QZML;)P&gPKdetUtRzJo=>k@@|*{poAxqWlLR24naqi+yIZBzAf*
zge0nVP+WkXftmS#cESo(D+^rKukW2*`n*t77EFxpAP%x^(&DRA=^n&WQ%DE>7_ib|
zpY<%BSwVvH1&c}ATFt#VQ>x227t5`BC&qVPE}u{73W>MN0*~W*`|`awHsi4Rj)a2}
zfg(-a9ZLeyn1{at7u}R!tYm|OflwH^w)Yc(hnkn7umdf=y?W=3yDtM|fuA`J@o?wi
z<lx*MN&F$};{-9+R8grba+izV???>(a^kDrM?qdTD5(MV^^R|NKzlU9G;b#|V;bZ4
zT+2)S><H(eT}<%)6}lkPJ9gu|gv{iI*zBPqUhkBrH{rF$Y&MZ33C9X30D^1en>pRa
z^UtN@kQ53=W#dIUi#@-@>W4vEILb_IW1%tnd<viUxgJH%@gqg=2<Y_@)cw&eWV-5E
z)1SHB-<`nTqCN_1F-PgKsP;L>H*gG5p}Sj5Kkh2Qe#{ikbQDYMtD_4eYt-j#h74@l
zTsU`G_rI^_yf_vxuh|@$1HG{IB8b1Cr_mxg+goo^8TG70cJ`~hA8uM{H^kUEphP;`
z-;SbOSTD+G2da*;mBJQXx~(t!X961-!^>tCCfk2SY0vjQdmQVjuP+~Xng^I#@Dv$!
zjP}iFQdzW6&}Vh6y*;hoSMH-e&@WuO#=uUqK5-BIaO&~aj0-m005rSjheUo_uyz)C
zjT~4e3OT&jFP5hWFCVQ(*2bns-x+Txv$P1)8fo!lai=%74Uy!`>UpBz)e?Ber<q!F
zX*iO2jcbR<tq_!c*cA(L$5dXFdG)CkRlSIG8Ud&}F-Z@zDSA0s=H-!|>jz$@uIgF$
zQthEpEWE@>&fbXj0CzIsprz@y7;|BJ{Vb5>PIeHMMJzr1j;ZtUs`1w{y~(*9A}e$|
zxqbUmHVzH-ra~}@Pi6pq?>ZcE{oGI(B<?y{n0+}rzXh@ulz~r}0y{FgFozd515H(R
z>c{--&{@5sF;A{91K}0odiZ&~@L=3&;5nXsqC68vRr0zhP;swxOm|Z>Lx8Hqr8DIt
z1Z#L+Y9~E@FSLx{b$wtbUA4iAohF(Q{t*48e^yd{T?hm-a5#B`^1#473yKlKPAx|P
zc(o7bZeRc<rGkq>ZihyOH}J(~H1@%cLoSId`X-n!N3^zZwbzzLU~OZQdPKFKt5_NX
z$}Hb^Sm^5spwFqbiPk-*s8y$v)^)B<g!I0OXLM`^Nk%PR<;=)mxS2i=)v`8mHw-N;
zQewa8awJ*hSW>cfu#SKx6RF6NLFARA`E<WR`Ve9HbW#yBh)knp+Z*f^2EI7aJ+nKf
z4@{2_$MLns<Y@T7i0arzr(?GWt`NEBQFp<MWnIjE&dW33fx0{zI$^0ZZN(1zimx28
zTa1ww&ZfX7QzV|)iq2lkP8Nu3Dkr8O`6*Q)hzoqxEz&!>zq?yST77V6(%_4QthInF
z<|!J1DNY*8VaM2lk?6SBZeUV*TIs+-r$p{;zaRGq(}7J?@8O-hM^U)iLdlYz*RP|_
zF?P5HJbX5_LqCsh8%@=gvo4KKFY)h5e`?5w0(jij#-g+7K2*LZcGuT3DDT;DS6{o7
z#S8IS-426(VFm3vVl9$4)}A9wK6Xt@cZ%k6I5m<MBVK*9Q_wpghTZ;-6qyZ$)ivV=
z&YL_Nc{E+Un~aC|`(;~qjhCU?Q1^wmJA1p}KVx~HdddHhyl4FM-1$fHp7CGF`~O$*
zcw9vz438DwJL}VW=MP6B@e`;-wp7xu7g-cUH2LRhc0&O|v*p_l0V5B~Q3vV7{BeN^
zI-D1r<yO_K^51sXYrkK`z*!1#!BTF5&g>jmYU6YgR7vh`B-{vC!&!{)>60ZB<$dF&
z{0%|UML>|L0o2^E{higbrn9Pw@+d4TN18&@FYQh6>_2HxbVqKk*6&a8%NZ};m+=MV
z6y~$OB)TN5DFuR~H<$hdPm6;ij7RXp`NI@o2b+iD%wj~^m^|8}KjWffE@X#me%P(4
zp$b;2yvQi0!Pb!l&HI9C2tUjTO<yC3rOCqku4OPk0Tg3X?TZYOyBTJ|d>_#NKq^8=
z7lMD|ve|bW2uq=kB{g<HiRfx~e>)jf(f>HodwE-6pFUg~rGyd_OWfx1{z2Pt<?Dpy
z?G4ssH6cWEwnMi#)iOSaIr8{Kuz!2w>=G->@5tgxJ8X~~i?E$ycou|U-}sm4hxw~l
zKjRh%25@4Oq{X3;^%PuN_gm?{otjNT_s2p92G<g_s%=F~UOz79%30c>+m*?-zRM6x
zp=~!D#jW|_T=BHtrklp)*5nIB)`mp{qx|BISEbuq^Ep$e_@7#n>y4kwHMj={313Vc
zzNU}u{jH^8I|*Y!$088B7KBt~^hQn$ClH?VCjc0Obp@g>V=s9-9^cQ;`z2jz_jBj?
zXvI$I!goZ6KKh#lw7L0P#IrI;GW65Yl#1m7BIi7OBNMba10;MdJhZetsutvCXPuPT
zh0bK;G2)sCq2Qs8<@rh)_=#%dlR%e)-+wDaufVk3ifTugAJa7Fp8FyZnMK4ouJA}{
zodHpWG~&!MJ$RSCp>ha#*cgg(E<N9zn0Y!DvA-cy4YVn^ESq^s84{0ntTAsgILTFB
zE&X`?=~VDx%hSMFHno)XaOIWf@T9Gy_XU=K{(=d3<Ur%y-9$wT62=hiHy2Xk0aA_2
zt+%y_Ae|CU$>7X%P;rEgwocaOzR@zQi34J^)E(_q1;3KW3(6k(`Hx^6sJq!BmIZ3&
zY_=t1!CPOhXR6$<2k~VkQ)cR5;(un&d{n@^;&N8H_?YkAvDlt(-3B%wv|oL{BHXeP
z4kCBQ5GGj48eAE5xZ<nVfk!kPjji8XjE_?LO6g$6nh_)JpF7@mf`zMr9tE@*Gl|?-
z?I?CJbzkhvF;r(Z9~0Bk7TP`QoX5-3$LrvZtrcO$-TwV5_P$E!B%UlKr|wf0*<!5f
zWa;u{!x3uq0S;^s>lH3@x;Y6X0vt7If%Ws~-@Xkh`5E1xR7P7c21cg;IBX>~Lj)rO
z>L*dSO$Z;IK))xVt{Rd&(%)*nGY;}+K8N#fAnLch8v{6KY)!V$A7BMc?y@T>8S4=-
zY<!+<S^KOgLh?U_#PdkRc&pIf4)|d%{OaiNc+Yvx@@>hEbdIOF^B1FTU(8I>Z9y99
z6uy9LP!f<7wabc|3uM!S_Fx_r5_~$4cCNmeU<|hD`p3<<v62@w@O>*EToRDFIv6By
zu0j$YItuzYlV+OcQhKrD+X0a~5>unCw*z^-wS(dZmmH&eEbt3i2X#@zd|y}TBf$ZS
zLBmEF6Ydm1k%aJ({}DKJr))wUP@Ylny<n>AsC|0)O$jB9K12|*0unl-7~UHT&{g~E
zBi;`sXBGfqcjVXpYi@7CC5%Hu*|*?QI`<)86pxSmK);GrhLbpezEO3n?A|maVHq}|
z-q+tjTSkV!rRw9;K?Lyflp(ouTzR|U7vH&GnAMp9<(|@6>yp2P&s?z|pdXvO;{L*2
zw#FmB+RzCD7a@$Db~Sg=GJUiUgfMwoueR9a3R$s@-{jv1aVfLnySKgoQZj(%VrXON
z+*!!59JS4c=iAwiPO7>iI;9lBvVFjM1-a)}v+R`_&)Baf!+B^&NfOSw*xuUHxdy5J
zY90kP)9NA$Ms}HLiKFeFLQ2P7D$@*OdKZ7d>b|UM@aGUH1q`koNP1ZUue!`J2huFM
z=(3q95CbhU>6J%cL+{Wssc=TA5K1lU`<gDNr<dtK_C3%>%$~+ALF}e!=@UtkmcO62
z{5G*hH5L+VDrS-%bInXSq01xlRTiLg%lY1=!Y!lJQ&j%gyYWXr(NNhRoqx12_&Io~
z5sSKAc_U>P7Vvm@KbnjJ#=p(o;N#zu#ot2uF$kN5W@B#tJx=o&z+Kpwo2nrRb3wbw
zP%x?Wd<*IVZW4tM>o}nBAB>+6{O9SbSs?e0)0D=e<1KI>8(2>aY?b8M)_ITuJ7$nP
zApVeDaDzT(Qw?GI>MA*4G`EG}KXWSEe5zMcuhj_KE0uLAtI^5=aG$oF`OvOTUl5Uh
z(#nqx%PhBAb`@MxqX$y65VM_gr8-aJUN`UHl3OTt(!+?K#Y!f)i97DML2mxxb(t~D
zNB?qIfj`eqA{AnlRfnzS{5-zLAUwz*VbRc_og`mKW7P6vnTpdPS4BRl0IxZp0LmB)
z<M#PHBosYf@r!#HfKIws@&&#pFFzL|W`xR-A8b$u`r%d=GCdSJN9!Enmxn`O>|pWS
zL-P(>NrG{ZWZG8fh%`iqcpAMaf4oWk)#8)^sZ4K3qvM}!T-$uXrIod|@uBGvo&5Dn
zl1Ygu)}!TcNrkXyo<jE*1(}kF=|2=g)5h2F^+FEKmA{H$fe94ES+|{b%cNflPr|4Q
ze#bK3CXpp6&RQoFSCmL%o90O4>)nNVGwM8V?p-c6I*fWES`{h;8cb@(<1d5<gS$Ak
zE3pq{D43x*S8X@3SF!_|Pg^m2+XC4Mh4vfUA@O>*)R^@(T-)2uHSLc4cMw*iNCa*c
z%G3zR1+TUK01UNy!H1Mif0&7W&Znzy$=}>JJK!>$<&_JqY*!`;xGAw_DP)L@H@F+u
zEOAl~)hLcyhDUMQm8gm5xY^-yb{4y{NEPNs8O+XNXUIQ9@2DyzrRswQAVYZPLSVoi
z^b+J3Do3WGktge!&by~AtX6OAhVaYBr%d4Vs!bQ+08hd6Qp9CSv)e<C>BE7fU?xmI
zNkubsK3<eK4rS3aqEVR38W^pg-++T;7b(Z(N<z75<1Y(rk46?l5-BeY%)8%5RRxak
z#@5!a_J2A3c6OS3Xfin)sqCOHdwLDP=3Act!SyZ+1<FEM8=i$crcFw{kjZj{;;TJh
z%eOpLfbz3Zm}Hpp!u3j4)?*3z+~C+;95o)!c-k~iaTe7`k{icnmGe>ocOwYXmCO0W
z#LCJ`CRP4EDLPc_l{zL&Ma8WnJ|toGIb48n4c27+_sL&yB?v}wA@RA<-}0#Pn>&#^
zd?kKJgtNwM<SGWDiYwv%99YKx|GEKKvibBI2hAQZ@Xaq6euz*4G0wedT(sO9`6i4E
zQq;$7imrGC&-aURTV~%A&=6b(o+Ol9Gq|l<N0q)UL<d&2EeVsO+5f#d<0IMNPY_5i
zfUVICnnOA59cgb7mkQ!7BIzaiDDY%&s68&19}n`qvp&UMW_4_FJ?yV?eFOpaMB8T9
z=Uvom)>Qa4OkLD1FpOE_ue6rE^~aJpthk&EFw&fIYKh7&DM<q~3Ge0{{We?k_FPOz
zJ2zSVwlT_@sP}(qg&>l9g2VYNI*{bvu9S6F3PM#hnRVcuc<E@lArOo@5#zL|sxV;3
zqDnd$aTPjbqGV-v%PL|0+)xCRtydjvGk<l!3)2*d4KBA~Ac<KsTvsrOdaPuaCgZ4K
z&t~hb#9!B&RSh+kgNxzJ1@5|JWKy?O;?~#x^*%96D0&Nwh5saA<Wk3;l6apP)PL&{
ztBT&C_2=9wz_S%-Ef7kVqyFu?7>td~3-kT9`Q-9DS>&T+TklShR){!|Ha&<GWh;yW
zAaFZhGo{ND*u&cBcHf;+)ZID_fQ-N5x!`H<xgA|maA(z+nX7FwS8T^0YmBIb!)$CN
zWhl#WISOq|Tn^S#C<_nl>ZE`A@;<hcE15{FTC?GP(n1ACim3K~h1NTxq{a#{H{+P*
zcl>6dKU}BYsGX|yz;Op$!r16}{$AY^2iE#4`<=+{TjNcvS#{T4-C(8V*}gZo*|{~h
z38mMw{f&2m+o}EMM^&6JY>lmRw2M!g7*^I5Uu;`{t`L?DFQ2&u@9A?$`Y-5iw5=MB
zb%*NHm^&se{d9L*zLdYX5FRBTRMsXMwdjF_B!;)zRlMg6OThZ(L<hW-->UuB#o7qA
zKE|}~(fSBBu_c$*v8@GDiom%RLYY8{h7+4Z8OWsYgo!0$&(n@||K67MH#;%8ib3Rv
zY=48qPImh!<)&lXePz52U)Z!5h-@LR#S<OrlFotxQW?8=SMOo#fGeK-A&=#X;x_LI
z8vnX5pLaLsCSYQKrZxW9C42DohTO|4s)j75^lv%+Aq8|CZ(*e694QVj0`!8J0FN~F
zk2_e@me@+bYE^mq;H>_ouwd`w%-`25z~kx<%OZHDUb$)f<l@5tb0C+qc)OHOy*<mj
zgA?IRUd}vNmF9D5%F2e1!l($Z9bw)Vv5+fyox!$RSERT^JGTK{wX;u5mOhpc?_XWO
zMeffo)ju^G=s&gEzbCUA6>#!TGn)U$6jfEr0+02p*FPE)5R}-T)+gXAb7(6;+qz`+
zw>>Qp0zGDSpXiN<x>xwUwI=DEpO@Oj`SP@>aH>PTmO8UHhCeVJ8%hshvp74rr#DT(
z7SW|ozaBrh$cB%O_{lo))rnJL5e_v&K>HTM0v`>iv5%JbJ|DeZk6tgvt_Jl{nBwWH
zhJ?#S#zxU-Or-)@JXBTIVn=tqyrXy=E3M|dG9&XeS|>9i^1I?mBpiG7O@?&>Rc$qR
z16<*LbPE(D5vmI}VdVKXolK$WYzaAecg1>GveT_&A+|XMyqI0jH@@;y^nw)%`ML(;
zkqf}Z2aR8Ylza&071WtN)2U>wAmJ`}XPcTRrST@ot^QghNF7J%VcvB6M)qjd#{2Wl
zoyJdFho)EOl7=35^|FRClQCEJ)wZ*#@VYWg&D96CuT`VYdLHMmrWb1`aII_SjM^)!
zdM2CW&i9I5>&j{SMfU|7@XI=$`Ri79UZsFtC#sdqyp46$L31J3uRG)uuM^6qI*pIL
z*8Np4=(Y`ly_3bRDpp<^71k8}VS{4<M|1^!G&@_vg(x_45iHd~vMZ0jVmVCCuEGL`
z3)53rBO`749_l1q<Xm~@ZCk}yy&<JZ3qPg|T?Iru!MLTK;9v2Z74TQ+ci=Y)mnr~@
zC=|RaqfO9@r?pAfN$q<!;bYf!nSeed51Bji?yt+$T0dy6nRulxq6?uA1GBW!!@k!-
z`E~e3z@YyKgQGdk4DUI|7bJA)+5vB{c#__I-x_aHQL%w+sYAy^tLKklpxE36Wns(X
zOKG$yc6S@V>cVqwp?=Zs{*Z_$<nRO(BPVwAXA+G$5bhdCWbzp?g>%{y(_t5~ANS{b
zvGEtU%KfU}TlaRz?Qp9Ia`(1Ci9Ah@Y&H0nbfpNzaeWec>?hlQ>o&$OqIHMnVePCE
zrluX@K_6+)rHQf-PB2=RvN>pZZYRGHO}Pwq@=~5RrA;mvx1sx5e%|*ROfZlf5&T>a
z&u_ew;Dl^IVHX?)QwqP~Z^9H{jv!@w4sQg}FnVZ~atXeC)%k+%3Ok@eTQQhT=;!@^
zpC((QWT10%%~!_C<p+Eh(+Jwn_e~yn4|v?y4${jH?yQ5mUC(6+mt|`WykJld4Y>DH
zZ-!9GeA^{zY-RyE@oVsNGO|R1i#R;u7Xny}Pp$Sl;7Q<SzKBoG4R4=!&`*rbk%xJN
za&p;#lPRBQbD>gvjtcs6aJHk@p4y>xgv-c_?Efg~T_F3-nSK@cO>^8k+DVwxi9}P@
z<WG=oFn+)gZlufRsHn^vdEp}V5O|mAF<ri|MyHMtUK|TRbzwHPelufKTJe!TTGuXp
zt0Xr?ZPSAak?|_YI!NE;u6|(L$}T<iqpf$kV5U|5!8c8ozX=AzadoTV(J0D~jDbgt
zH6<!vW56jN&-%(fiuxk)?fYZ6bE{Ny_NqTp4Kg>Z9tZA)aMSQCrdA#oa@%e0Q6lSh
z$=(aw`mV+2m`xS<q(n_gCVl~?+{IPvJO0Q6b<)HBl1i4==>Ryf`g`No=L|S}o7m#@
zY7YMdRU9u|zNHO;T`VrAb9;sFgLktcoJ}%>Zdg)x+yj=q>dp<o+|9YepGQUcyY0WI
zz2(FWS!8ru3QaOJGQm}}4@G9xU6$GOZ9E?VJj-_!=r5empb!$2Iel_eEPoqbY^(3k
zJ+V&f5pW5S?Y}LWfHamizhk5!iWvP%J7xSYn92BGFq83LFcV;9{$Ee80_D}vRl2WU
z4=RT(U(dqxV}z@z>Q`k=3B(imate@2R;dEk6D>aoI9ity&#DbIa71RNO=(1~?PPt{
zaN-G^i&G3PrSGEFOTh4;cSq3c_%k<#9gZ!h2xDQig^KVP?G-`Pe)!gas+SF`!SQng
zZ-+ciU9I&zf@NTQf3v?vO#4qW62mDTd4G<&Ar|wme;h@k6#HXaN2QvJV*hd%j))gf
zH^%D_7((O@AFyU<%(L?!z+@7M)|_i)lsKA~s1pq^C`6oZ2}qeTcG`#=fT(}(dptfE
zz|Kjb!gO5VV+xe*c*_{3NQ-Aod<FXo)YTZ~3cwS7yENV;G_`oE&Pg+4Ll!ozXYQLW
z>F|HGeR$eAmxf&;Xro>HQV3-$m#Au{WhHPlI~6K1Xq0~N;#=UI`J#MwXzaJx&+_!!
zpux;m+*$LbbKvi=@lldw1Fv$H^9U)o8?HH`r`r26Y31U6t2w>_ZdY;G=n7L1usn!R
zJGOlA3g3{TJ{bLwv$D`2QMsnqV`2IT)4$m@$9uLpuF?Q(T0PiXi*4v49rloejub(a
zyPpQPH}=Upgz-Y-GYL0!qmJaLdszL_%&CR1v)XKE##OlQ&bvTvS_!LEq!kc!Twy?S
z9I^TJqQ;F%(}{5W*UX0$tyx_LK-O>^tGZD4EIrVRl$mEm#wnb*UN?zhALov!TL_bU
zf!3};cQ=Hio!!Zg^yO?gFBihDM-I3mQjzB~)=(ran;cV}Gm#_;n`9&U0gebi*>|vh
zc5-&_jFOeFB#c-YBVfMQYq%SoN{2u4A>ZA<>@Ez7JQ&>Oo^>4*H^V9bfCKYtmtTpE
zTg72_f_)b))APQ26kDMs1l_>+=Mq~{UXV;X<pf&JN99=E`s=$jO{2lqS$kGh*lf5h
z9-Gg{1sGQ~v<_@RT6q4+e!<vfJ=Wv>@nR%6dj9MfU{`lC1(_H{2TA(DxvM%l(Dr+u
zYgsmS(vSewjx6B260R}~3}TV~0|rvpG2FlP1~SHf^{zgfL;nTJ4(0zTL2|(H0CvXz
zfypuyBy7+=2SyH5cEc4HBhQv%O1Zx`cY`!w!@%_UP}gsNF&+I#vSmOrZs7h>!{FU_
zf3So)g6Sx9Wk+ahqfERB$Q1eOhSmfQrZ7a>7-XT~sLtv$vx3->+AI(GK*I&aU@0a~
zU(YVy^1O+1Z+uc92~#ylC?Mk1ozC#%Ik~wDPbR^W34ns2FR3}orQof6$FOP{za9Bn
zIfIo=PGKmmC$0xmSPud@P5h_w5<SV&6K=P4$__D#ra49?AtD3Ma|b1z$!)V})2q73
z#i+xH0wm@a+~>-&@>D1@20o>=36?PaybIG7&HWxstziYEDts}J8_J>AFyZ#eDO^1s
zw${(I)=b<*32eTSLt+c??hHZAvr+mMdp75$;VlLvEg{Hp>Hjj$FnX%J#6I|;GQ{A3
zkcNBkXszMk^kMgZxO(UC$hM|^IGju}vCWBX+jb_lZ6_UDGeO5TCbpA_ZQHi><(%_8
z?{}Wxf8G1qyH;Uc-MgypbyvrXDmw1Qk}Ky`)9z#Bvl`Ai0pH${tS9fAcph}ly~)VP
zib?}!b-W~xzdOz*nHc8Ylj)B3tNFcy?doRB;#F?fS?42MUhg<?YCIPOjEUu+5<bg+
zO86{)mGCJ649x$_<b9_3e`q~iLY56-uzoPv<NQPLXk`pg?At1}T0v0qiuhN6v&0o+
ze*Rj$(_n!v1vQ*_ugBF6EW6?EqX*R`K@p_Wc;MX5tw9q32YBxly(7!#iAn6r7eP>P
zyYGurR)rZT<FSOeC;`%dV3C64DJcg`{&t*oSc1??KKDL9r%%RaB2wlaEi<rC%-(~~
zxrc`Im;@UDe0Yw}`reyg|3f{a(Dn;Q#X<JkqrqgR2TCH*Zfi(+^2DwfOirgqfaSbf
zsSaE5S)NW0b8i77AB9iA56Av*^k#?1uQ)*V=sEe^DK*BjTw^PMpCm~Wx;eQyEL3bN
zif5Gs6XfJnc*Z=3Y4Al!67vzsg-AQtFcX{<`BG5K)ts0(rHPorAxe&^<y5Q!xgk8!
z2Amp$ovOH4MwEP;36~U2OU|kgS>dXpV|}Zfn0DRq0p<RQ4@qIi7Agu^|AHi0#cUH>
z2UTAQe2hai`iT$#;YvVQp)v`7drN2gK8pIV#HRdPdn9Yl4j7O@ynYl@2+S1gM99WS
zXAl!*6oZ_Lsb3`Jk5*xx2=<APt&z^q+&LGP!&GTj(Fbt3QOD9D)Ik$Enq3MT;sPHL
zXBBE7#eTEh&OR%S@*LdVlsQEz=NA5<`-@^Ny&TvF*9|xzjvws3tyQd+(+N}U;QRBi
z6%j}PM&=qU7_g9r`)cOdTxMyH<2T48`mFnnLDS>e@!i<OLKr7|=++tO!M1A=y;}(M
zdBT+tC6S^TirDD>pwW6tgILq@8|V6KlT9S}Et8-6;`Mguh92KX!E)}aT*X9AQ3cY?
zLXvL3ZOkAbbRtmAHj1L7WTh}Gb}^4#{C;SnDL<jYmoC<22}XOjpE4L4_w{w=gx|N_
zSLcmJ_7YULspx1$AIEnm$xNkX^t_}=h6jHDH%Fs~{t{>ZfCt~BH(C0DZLF58SB-P;
z39&8ye1mkU=Gr(Tu<bD><pAc^9c>+D{nt1{kYG5#e5(0msTQO1w}obEen(axRQ>R+
za&l7gxY0IV7IqO_Q@>zlgh~U4OzS0+9ZB7O#^%vu`HEZKv6qmvA_HaWvYSSiWRNY&
z7#S~w3#1EpZU_gznFIY)|ML<Gqij)W+)_~;$LJ5qZ*!D6TJPz(Ki%Z}ZC4U#;CCop
z5QdTglw%HuM(fxuspEy;g326OG|*GIbks7?K`*Z5^F36gJZu_K47^e<&Hq$;jL!qc
z=tH7N`BT>Eq<4Em-W!g!kz;#cCD-E{1R_v^lM`Q4cieozjGnf5=e0=v^YUt$X4<y5
z=SX!KxGEFM(iG-Rey$r{(89Xb%!jY$W}mwQPU>oNkcnX2m77)fl7eukktP&Ro7yx`
z%@JluZl#Dl$>$?R*mpR=J$Si(4Q{FsGU>g-smH31(Mk+e{J9nwx_SW^0$k)A_Nt%k
zNsafQIncYDGD7#lsyDkU?cz~1Mq+G(-DNo!o_S6#^M~r|emnW@Ro~*xJ3ZPuGJw$m
zB+-bAHpf|v#C6!ee?Wg3O9Ppbjf*C=BjYt)`vuoizN0#e5oUMIC4XH^u${^^>!Mec
zGjI{zjFWY;3$<VXtzw<e7-f_K9JH(AHaZkG%r9FFs7P;PSABYFPv<Y#b#S?$cpqUx
zn_|9^!Hbpf5*SB{C~Fy80?{U(qbOPcgo!A0H`wWt*eP>tqpq<q*Da(Hh1Pd5NkVx@
zIJWE&`|O?QEUNgI%3cj}BgI1lN(AK|G(l1g^0o_}8rtVg<!}6S%W4ZQ>UYn^d79Xl
zPW@xrZo=@*TNirp&83$Ol-V08$1Z}}R-wld?CDru$G@%GuNu{RCGcqXX!#ri_PNFL
zZ9Kn{IM`C|G#P(|=pUJjR_q>c8ENq_zNGJhKPz-9Md6&|MrSC56a3OzM}!7JyoOBM
zC9Rn1!31LG%%$~=PwhHVSgSNB-a$iuq?j5ZJl9U?dGy6=vml%@dhA{1gVHdv;yy9@
zSj9-0ZAvL`9ig9Nzs`O*+Ap{WFtzT)>5Iv*fwiDyFMH(n^SsN&xvW~HE_{WlWHtaM
zYGsfcE(l*~7W&V-23robsVoJfI8)wE6ItTWY(7Db+$_FOXXNeXbdoJB11XAIN_7tU
zTfnIh`Tc7Bts!s9Pj}0;jVH5cF(oXQRLQY|KD4o}VEfF6vM*-q#JuV2fP40lEG~|C
zb!V+W9%Pn%NsgOnNRQqqNDoC~FnJHAFE~Y~TVLFD`998%k2yi{aoFhEZoR2cBG72f
zT6(-JX7;8bpIX14YZTR_eO=n$KnkOgj+&3fk#6?~!gIlh^fz32gJ2}n^n`1)E=H#Q
z4!5_^iJ!^azYNG+Q1oWu2ISGp<MN$`k4ACdCLBuy>R#TdCrUDQ(D$=5luwoL7jxDC
zXys<*^l6WFZsgZ)7s{V|(b#&_`oz>7zOW4rM&2M*rmIhAbq?rv;&}q_q0oYmo|)f%
zI4|iQe4+`v8MmS(bndsEU0h53R@w5qfHfO#{wFO3h`sJL1?Vy40IqD|wNp_8b(%!Z
zW@_I~_xg|Py|tp)om-El#~(e99?y@2j7v@nM@|GEC&AEi=sVYi;1Uxm&x{uLCY~@w
zoKnP(gldMbJo_M@iQiAIjq8lp2A=No<==g|8jsiBB#5!rkAYzFM~Vi-=H!I#2+Z&(
zQi1BB@;^(f%)e5RBO4#)3r!>(dgtihKi&bVv%bs!lMu1|Jt6rAD9e9(fh>Rb0?9v_
z)&3t`@R_>CU+{k4g~~}M5N2G*5GZ|`$tK$fe2QPTNZFzUu8ABJn{}UkL4SC93ul{!
zGhw}!09uE^W`20q0NooG@K<`mV#HjxMTD%DA~|aLRDegHbzITL<%Y6Z`}NN#Hy@GU
zPcEMJ&}@*pY8gPC8j@z2&&QMS!|#`N=~q6@z54s^hfh3Iz#&)x+GNqm&A|B{biz6R
z`x0+eZmwku4--GK|Iv^?7{S--k68nipEZmDuN)*+d)OXiqLUl#`pl3BWQwSPCptCU
zrUQgj(;*aOWgoWHQ&O>!_1oE(m3sW6ufE;3wHPXS(zJjUx+<7q$Db7p=o-?<qkNN0
zXmpDX)u7etWr(by?Rxw)<?f!DXp{qSiePW(M*T6H<CiGJbqNEJdhcK6ISwiivfD|V
zr-I%`_?c*6aBI7*I~Gs_s*Q=k+_O#rE~j0^=3<BIGQzoxR<DN{f|V~MR<Bp@XIHK4
z)*n|nFM9wrD-MFodjS~dD%5UGhIDNy<~r^hd3V0kF>|lSdVb&93+YQ(@e6~!kso>=
zpZ%kkAq*$3$p&~wujO!fSF`=P5$4nD&2`xG>#C251`q<*yC5BlE0FzrkYbvkxMRVv
zO@+|N`7PVu4`=HK&H8JknK%?*r-n7ziHvdO=KKLoWS9v0K4OEPNYc-mkd{B<@6oXG
ziuLAS2i$xK{5D0L`BDhb{3dia$SY1-hvBAjCV0W&uAd0`9S_<_MV<W<P29)KQ|>)=
z<%r<!z*z4_nOfCMkKz`-uW7_Lsgk~2>tdauTmv=rw@=z<32d~xEKeHf`5A=X$Ze>R
z_|AaH<aBawCfVa2<UsVIgZ}!Z+3m$`podWSPB8-cb23nQuf+BJWRVRg$Y=U|A0ef8
z?l49X63<)E4a^zFUO5@n<nk~&yYY{WwVz0%>rVk*EdBt+!=)A2GQtrE_oLeepB+sa
zHi@|JnHrZO$ZS4q;c)f!k;Z4oOCaYQw$*@aOE<)8?Wx2g){sTEkT7xZV^baxZ|I`2
zIFpxz&a&>EDCHPEBC<=GpKTa__KRV?9luYABULrzX%eov24j`smU~>s5G2jn6<N|P
zm?NDwphLvfPoA;;Qix9>hLTfTqnZidY^<ln&t1-MuBnEfFS6vtH7xJSHPJT6I8*~b
zH?p0U*RU!)d6<k}Coxf99(o@oXdDc|_5r;5Os$jM>B3CjYjd6I;ST!BH!nTAoDhr&
z`=KwjNPQn9uv}vj6#^FhlE9A^{AJu=a}8BOm&^LyPqm9fP!Opv;J;dc2Thc~W_oe>
zF12W5i48bV<<aV2c2KnP$KcttqEG;CMP&)cL+Q@S#q*+u;7YTB{i@vRlcL;d#YEc?
z#|e!dXM|~bl}|40>b+yVJL#Fm10opMD6E!R#d$sfTwmQFo~lXCt8KL7ism(n<Nr)G
z2-Yq2Bo1JC+<GaI3Dsd85H*&|e`9oUT>s;Aa@5v*F8zi5F6L;llAwXl?iB&x|A7mZ
z8oG(+kPG{QaFhoe%R)89@^U$Cn<l%=q}wyZRoqn1maED8F(?!;LOXxbN`HQFQHX9;
zo<gpeWsHYXUx~Y4VA}n{sfW$paSMx3fUij>og^J&!q;mQe_U0vqp%#}Y`*70v(V-8
z`V?1Yqv|>C<j6Zx-GLwG`>Pf31ITVwL+NVlTYg=23~R!(%%+0ZvaI`7t3JPL_QOOa
z^Oa6<;B0c7X>>hO^Vv9l-)yfn(Uy;JTAcZC0pZ)Eh{?%82SlpFZdk&75F7ZsSXuP?
z=}0$_z3@sGL9x~|7~@PbxhvRg%F+6E_NK9TPQ#@=&)d7@_GZUIGjyH;Dj1YU2toU+
z>g8dxy)~DXUI8IqdIM(KPY1fCK_|}}fw2X>8mVHafAV!V&CldK6C3m&_9JknzkbF4
zLbo;<eqR6km<KZl%m1QV&$OjKfgVU56P1Uxpo-r7AO`SqryO!o>NODHjE<Ntb#eiT
zD3V{UAC$c@mUf*l&i{0%x0ap#rb9m|qe73g9<K@RSz!M1p)nLzKW^S!ej!gFmw+j{
zrMGEr+p`0_yxIB=%P8lNhd~}*m!tt`#59FAO87<yBbb01kh-_iI`dGJCD+mJ5P&Ha
z&HBwK9i=b5Vc4mv58(59b^F@$Rmb<$xg{{h@W<VVggJepp|?Q~azTo}?M7BUi5#Q}
z;!_9FiIi<V;qyb5e`+zDi-@@X^2r$(!|!lbp+G@_6CKmYWDN!b@T*!s#1kVxcR+v^
zwWdnqYIaTGFC5CS^}Oj#I&4HEQBFoMhC%qbWDP=70a2D{q+j&EjduIFGjS}iqr$v5
zep-;ZDZ#Y&4x*8#TfjX2TpsOCoNwvnFx^kM?2&;EVt&<XzyL4SM5GNc@BXf+7U?%D
zfhomu7;}h^Lf(@c6B7qhDDa~hkb|A;v8hw71EF6vYkNwX9$+9P8>i&uj5t0mW;s`>
z^aHl&*M)p4Qjw_md;$f~UD_>K-5I<&Q9EaqeK!EdMNO8a?gra&EL2R!#sJcQ>Tw}p
zh85^w%*V%TfQO3YxO*b>@D4(l{X_cU-JZ?C${ub*0Y~qL=ZTfbk048YK)a?F1ivEp
zwM*`Ohn(>x^q)u*JS=Zwl`EHHc$Df&>gFp}VvN<|TFcy=jD?Mm<x1{ZAs2np$xR`9
z(lxS&9cObv#s2i&x;vy?c0M6zW1Vkomt=<}48o;dE02R%&|5v$zoHKj2Nh@_C=0~R
zq7XVHXrGCw?vaR%2#6e60SuqZMA|Nje;xJ_rfae?8x#@dwwoccy}ET?G!vv>ORbJX
zX&(v*i@64d9v3ew;9y{Q9vF)Jz;|{wJ(}_ox~Yi#R`23Kv_lg%$Qqn;&Vba~6sLtj
z;@GXjElh^J?D1w3^wvTGOC?HyTJMir{N1R-`n;B~q5xp}3uH|bK$mdIlhw&5*jEBK
zL0w^Xr&iJu;olP9T{A*gxsjC#xZ01k>v%@?^zw0g-hwQ!<{iN>n~cH{HsCcgfbNRA
zl%G9?MmsP&wHrC9Jb1(T){N&_uk+C%Z7^<0qaI$1$^X-}Fskq%dl;iKFvpq=$!*=3
z3=2jIQVp0taZJkuNHFnr8NPK9Rx}E70^66Q%IFEf=BY-SxR+$zQen>0EvOB+PxX1|
zD_a2gYOtbQjDxixAwQ<nrCN?)#t-ADOrR>*7S?UgumLr2JlK7hSXW-dJ-K}x!^ce(
zxE@Iz*)*Fgz~jMx3VVP8*UbT*cMF|u-m1}Ggu|thTUDL`W9qN87uyJE>&W(J<D>4r
z2Z4y@Ft`{rI3C_<U1^7o!36GP8-)jKclG@pZKI<&%cPo39d(WYwrqSimk_so7vn+)
z4Z47pW3=bS3f~A(yc)ja3Ia<c@_F(H)|%*|n|$R>4JQJ#J(6g%_r?;05bNF@pZ+wD
z0NljWbDMhrd_5~(XSojs!T0qj)>|X)7yK%udHRP+?VjWpDIQ;Ibo@YLZN&TWOyTxl
zcHndouZh(y<6>Cg+<ah7WMbd2#k&x`24P?ZXc3##3iWgIxPZAJi8q(5&X+^aV3uPw
z1(aAPqz&H+RVc(jcQ?5TZ5^4s{8_JogD}q|c(u(2)Qbq}8u%g%^o+vwm8d7%VfxKc
z7pqs4v=v^a_E;g(kMhI_RkT{uvz4WV9&Vl-H$e|38MIclKj&QL<NZhuYc}fW__|Vk
zNOnF?*RdEVCGxBn6@+wt!J(JGu(HuzAEFfe(k@u+@oER;w8F{kT!_~ea`+Po^4M?F
zh8qV3Q1XYqi>Eh!)XdX;Adh9kf~cc$Ghk1$uW$E%l;L?GPif5N4ehdlM2>uH;Z_qB
z+zP{9EaWVk_Lju>y-rekF$rh)yuVg4m<p0;W6L?kv@y?SL{*MTW4XMBUNNA4?h_6y
z`K6GGs8$LE$tU(+?50Yr@Me3<YS|QQY#7=IXo{xN#a0T0ubGlpgI%NbXX!WahxsAb
zv#2EfC}yj{OL$7!C8tbM|CyTAFu<jL<Rx8OKhdvx!|{IvOkK;W!{l-ClZGSxc(+u8
ztTl8?YQPF+H6JEixN#j%by7qmnN{c(p+6p}Tz}ni+fY$_{Wbh1YZ-!_aD`#Ukgh)u
z&?GGgW+5$!p3A{({N;N8eIYuKP1!<)r!C6^M=#<=J)&0%M`oLa2CE>f;8BE=p%)f0
zi?3NGXI&O_OqR<BjEq;?mIJ!GAX@?teRW$C$sK5k5E{Xw-L@|TgBDstS?pS8EG0Yp
z`g%j(=@Xu-YV6{@aFVIM1H4@}ZwciCWY0=E>k_x+={z;h;Dve*5S4yk5p@Vx^(a3#
z`XTir4{9f+?bp(Yny@X)Ccg^=sqW<9H_g@L`<CaAQEQc@rd-ET$xusjEL5~@bXp}-
z(MQd1S4vftX94p2xdimdsiIrGE;i^`K<o+8j);~!u5(&+$LRC0tp@jsRV=A|KzQrL
zvK=A}KVyLj2!f^B%^!W4H529496B^jf@bH5JgQ#SLb;L1R<5M$U&54i4X4^jy<pw@
zw6rbtPW%-odD$3DjSKaxRuS&3Y$s&i3&ysJE0CP#Hf-@a*1vkh3+}Gx>YpID{+yiF
z^}}tYdi;{L4~zC@o~zW_!RS0_2Sl{(&xRlT4mo1@5_4LlZ7){(LLp0&YY-n=r%&Nh
zHB3G>MWoO9b9tHzBGo!!Euaz4c-_!k*siucK+FzWT!UGftt?dtGblrB{~|O(m`l49
z|McS0%dVx=seboeR&RXALRoDEqaAsWK7-iAE>zV-li;H0@(uduy>j2U44}^-oVaO;
za8)LbrzcX&3sN_vbs-vAL~AJjuoX-0g^JW!c}=_Kh)X!a9dhlQp>U0C&SbSlE3rL*
z?5AwQP)?BeAspF$99|XOY^d2%&{R1@j(t^X*u@3yh#gupnutAUBuwX<zmVGEFfCQ1
z&?>@GkVi7UJC5lhlXY44KH$nnB2lnfK;QRWJ}+7ij|1*Rjx@nhh_3VFVM}z~b{f1|
z1O^WBtqH%=8HKtG924O>J-jf5azPr%HjAHn`S5%n@24j$kPDO7Aj8!lH)$g5g?E(5
zUTVbQ^-7HKt=Vs|_p59Yvh1>hkYy<3It#t<O8`T3M5s1wd7Ug2C4eaD{bn~ZGOg7|
zYj3Gg5&`NpiTpxAVXdB7=YGc;y~Q*w01ZvKDSMDZx;z^-%xG_URNHjR??m5VvyM>r
zjzcV_1LN4^nmbBcBC3Yg^@qa3yo}B)+n_d9QrW^HsgxU8dE}sE^23G2at=Xt5=}<z
z)b@<pojzJVC#_H_3LpXV%w+fbQyAGoY_!b8H^m-r)1s{$hIeQ_u-715n8;OU8I7-^
z`tOO=_N#QYH>eb?mbofFQQN(9(~f@@ZEKjbupP}$`9B=ymhL7*Gb7P;QWNlk^TAju
zIIDU;y{?Q*@OQpE&eZsF@qQpQjuhP$L4^;kQ(UR+JApeDO#-wV%_5S6u<8&f<n)7F
zZPr6cDAPmp2*dDW;}yoZxVVhBC*lO8a21F|oB=9**ie)`gYU%=MZ&v#;PfTpR-lCJ
zPpC@M2#P--pnmo$qS<PTiyg>Vy3sNog~XN;Qas>sZvD<MV2?U&<Arsdb%^C{onRp}
zk-}=kJh>tTkO1JQn!C+xNZFMTdDEZ8Y+j$z&8Yy`Sx%UihW;i&o18&zDQJeiizRkj
zc#s;<GSdQhY5MS`KW75_q7gyBOBL*awo~U${P@2U5IN_e2eg`um`4p*9X*?xknVvW
zVNkn<Gd*huzC7A{df4A!JaU4$*?Mu+NQy!uaq2;e^8sQ@=;wS7J6qe@5nC~1454#_
zM_b!sU;XAFBH(f~zPV++T-i?vRO8a^U<srbA~tg}9`bL-4@IMjT+FDj;tuolj7(6v
z#d3~9r#wwrl=^eAb>pg#6hU#1dr(}ln7cJ+fndP>`f|Pq>!co?j(^T^kn?AzYi-XL
zOq)dly9w}Lb$8N3k>$bNfG^PY4$z_hr%H?yz7!AKs?IriSD%sM)3A41Ayu=avXq)5
z3FK5OOE7Gso~&%Losul8!T?!vpylqZ{s8BN04wWOha~G<7hakHeA&;LUc7@g@VVKb
z7qU4Oa5w7^&T=t11h@1Xcol#$%6XcKGTdr4)_xT>C-17mIJbhVY?Ga`?A)GRd|_&z
zV=V-oF%9I*3yUh88=-7;%I8&v*=p$h?5cFQ#n0P+751+-N-AUiZKC@4mroP%B$bWM
zSMn)g|5}TN#ti&(t(g20#s`~e)R4ae&{#d+^QjaGz`}C$O}$CpgZ5zfc=Tkq>)iI$
z5W8IydZle)g5#0@I&MKQdXsQu)@Jt_#yr|CL0qdZo-fGJ<f{5ec=v~yN14}IV^8I9
z(sGg%pbW4qMQ;|E`a}809#x*SByU35`uy4bt41<j%3!E{iN@8|{T!9Ak?-Xkx$w%z
z!d(|1zz!AKhu!hGHOCR%@>c5X(rUTap=QpCxAj$uA&Y|t5k>xIppiZ`6yDiQ!}eXR
z#(-g$5_EVjQn*agn8tdST&N*$zl%Kw@xuqdOK~ORh!&aFQ$vokx|v+Kvy^Iv9f2=+
zYY_Xkc(3i`yP^Sm9La&*?<=j3rKKuIrEX_C0P57wKYVq)pR6Qh_+wn9ACo`!B#4DE
zf3HBm;gkq{CyY<79WRVdIkBg}i(~z&`YI{pOwowz{3yz_EASw0GU%WFrZ7OaUU#r|
z^yTNYC^W0sNKP`;Gkh>;Ic+j#%eeS?0dJ}=A*wAALaQ0|g#niF%DV%WF$wvmAQ3j1
z8^C98^UJ#yA{2rxu62!*z0o~6yl;3QPK<?6y+S-yYbFI<kqKsAnzBKCR0Vl2qE6#F
zZf0E-JXNguaA<m+{hDN?594FLs9G-o9**YhV^tI2kHOxZO<dudD>##}6~nO;r5~9q
z(xu%$0Hu>6I#BP#8O<jYXzip;DHbkA#FPNPS*T_3I-r;G^Bp{@|D&D9LVu4#g=P#y
zP!P}$P1C>r9E(iOwML=NXZ^rmE@zJOpZe&303$5_07ifj7M~gQ-)(Rv7KZ=ngP&>r
zH=$0h1+7>2Mo}LX4A1BaN0MIZ5(vT-v#E#|P$FIuc=s(`q^U`rNguET#geF7&N#QM
zQKv`mB=*v;ygb0#%rZCl3xM}<^RhOOks6@<NZ+WwwmU$7^{_J@MESiaaD$wC36ls=
z=;Ox$N?{XcKDt}ZNOj8JzV=r2QkC~kltM{?X1EA$&dVvm$7KoX_55@@bN+-xR{wEy
zum%oa2Rr8*(Dy#iIk~tYN3?u6`u;XvNZCviMc8>Vm^y?9l=|4BMy<WG@bp0DHfbl^
zN_;S<LVXs}svy%@DTS5|__!~^psoOP4ogWRDW`U6)tzZhiRn_NZtteFZ4)16<RWgP
z`ly%(jilPL`(mrQ<Y!mY9VeCsy#6MkCUeuKYFAeEVz$6RPTi_0U5VxwR^2_2H9hl5
zO|K>rx2xh9Qc2R8lqBa(LF8(goQ1-bJwl<9E00?lpQh^;OCJG!=JdPqs^J0%?kkD^
z;V*VjFIMFf%n0TRc(pw+kXm;(t|S9Wt#G9ivMt5gk$zKMuNYLlU`uA0D$F=Y59X6%
z%Z2KPZ93g3CO@n1i+a!qmmWl<Fl6&yJKRN3f!NcW86u!enrFbOkSnJCOrQ@=#Kd=~
z{rbvWM6TnRv^wZ!*B64L___h^;gdh7$op0GfLjm_dnZ!5FPd>>>oyDqxw707A6b@q
zuB9fch!vob7-HOMDp`maB0s||BZ{4)usKP;A%fL=ICO%;YU@l5)ViK%>%^+0s#NhM
zzrDSz-S7k6j^AVH9mLl8PjxpaA#b|Z@m3+Iuz_8elgT4^ybitOS4aS#>BDfQ(9W}q
z&NUyOEFzhxcx56GNx4O;ZQNCGm(hrN>QP!odoAtLW{YCkK=TMP8H%8dEL~^UPFV;k
zzqks7moZ-~WZ!Zd7%7$bfu@@r0SSj%LYX%APT|u6Z+wcWjFp{XtDCph3?q5r+}39#
zax`g_CA<r;?KE%k8(hEzO#*k#448qe>XZ=$#xJ=i!}Xu*rs2P#Sr7uu&9E4h;^;(z
zKn%9<5iJ;yl3TN0nKHkZ?B%++a5%W{hLz~k%Hd-r7bAPMsrNDP=di__8es8ve==s#
z;Rv<%tYzD?Oku4Za9bl{Yz2|CCAY7<wae-)en8oE^lbpnPu~HpZLi_YI$(BXXdm8c
zWFW!&`^7wIFz&=L8la!&|FIZ&%j|qVfE#c7t^HCHP_?`(XK9M~_Lj2)a4*?|d3<)E
z@~;X3ET?&)@-ZZ~_Xg&H)h;3O_$J^l2|J7Kt?~mt<1sg|NdkWgrXJD5?iy%2^?Am_
z^eZMD9z%Zs-ev$JKWO1gnxl6kufrc=etj`Tw*tz$egD|5{3H*0ZA2x>S3N>m@WC|&
z8F}cq%pAE}=~1RXyLK^eyKblC$+=Czz)#WJ`mBO^sXk9F&c>K<ZB?d@ey^m>@}9U}
zVmSm9@Dh%=`AN8%;@?asxs-6_`o@^VR*ca$Ote|g$X5f#ASSH2_gU#1T&?L1X4Yfp
z)CPhl3T+i1@713N*mM(HqqrMxwvG>7zW^<Yk`8@++yc8r1ol9#g~AqLn=KF0a&9mU
zxDRV`w9`~TFy`Sv#j0iM#<@^BX)y7~&KNPHgM96`>Ve%9B3dhal-TVQy&%yIzFGca
z%3oqE>?{EBC9ii_&Ys}{NL`>Iq4Hlh5kZW?g%>F&2_STHKuQLqFVVRh<l;VzMiQ1R
z`v_PFg*LARMb(D^;B16EX)9ae=y|@6t8}K_S40hd&sZbOZH&#(Td7r-2NTb?3ou9H
z^2KR{YpHY4`Cd-;?1AA#EFP#JSoc_;hs8jivH}1x3v?XV)J$gq-AmQbMeajhwIKwb
z!+9yHA%B?f*_$M8cX(*{a_lMo;M_Npw`g`|wdp&4$;7#FF5!Q4C*MS`OhN!tg4VDN
ziH-G-6ufMRen6x<{vxZ^f`>q~rbBKOY>#uVn->_E_jSf~%O>XA?)aGq{{WLzmM17=
zqc=Yw)<l2hVG<oiWR%U<oDKM%bnjgMy~#IZ*NHbR39BbADrh{=o#^|{Mje}He<h7`
ztTZXCk-^<ENd0~CfS^;NK?@t!^ip9j`WM&s-k2T(LUW}U@^k^}b&NnK2ELcQ#~@Ja
zd9KO!{g$Fz5{+B9>aO>Rj;k>`_AVQ|9#l90)1)4{ZPrTbV#rD=+X&G!CVj8XnUT#)
zg8fSk?25hC?MwRD2FH_$5gM-*`ULS@9<ZK#Hi~k{stB=3BgkIeDLHsw`8F3pXU<2(
z`&_At@gaPErrRx#$S&}bet4ZibnSyx`45eOP{;{BUP>{7pX(6v7&eQ=x>&RcKN}+;
z%OjN7%6J4P|ICx}Yn6$Mc6l_De7&^<kk$;_Yw3RMT7}X}OR<{qsEcPrwLyPLs9)El
z6}TSmCsjMjoBaDhCZ5hcDeQ?wb4OTQ6ECanVsv8S#^Tq=x@-fj2Tm4Td+kMhDY}X^
zoGAGt*&eg64C?wMrEnD&*Pv-Vr8zM`V+>cA2Dcs8l+l<@CKA~_`fh)mu0Ejvl!XAM
zY4CT^1Cpc3*Z9iq>LbJ`?7}6X6@|brIVi}|tJex4JKf4IdBbfwDud#j{$BgsMN(a)
zOch$5*-a5X3ggts-(r4KL4g{7F|s<PRMVL{K^$?RGjsW!S+@V>sDTw)G*sXd2A9An
zo_HCQ_(3R-IkrrWW#PR(lQ5j;#dkJzU=%XJkSzyMRi1s|p0i-qCIuZ%B?zNZY*Z4#
zj2n-KHA9(tr{P*Up@D;4j@xruyL?kw>)cVrv984BR{lJ_)W+-A!L4tO6~@SAMPlk*
zw*Ay|g>*n9uSHBE)$B3wA)~<ypmQ5Qetk?xeXbTA2!3lS$M-ysf(tpc;2BTpc}J>t
z3R$^2CLW~VN{2&S9V?=<RU?;pmXtGS0y`<Inob%Sav~?t?rTz+<j8ZTBS<vwHM!1C
zHN=t|KB`cLs!pLR3#U35G<`Gm1!&$*Qb{#K{`3H%U>!G>^4S%u=iJT!%%~L2r0+=N
zrS?tjnt5k`C~%VPTErCNi?ih{=H03DYZHuxi4rYViQJsDx*YWd+H!p;iU(jofCCF5
zHuKKEd%bV>v2S!HoWR&wp{=APRyfIV@+YVTnFrhz5|n05ljpdc!rUl^WjcIF`s*lt
z(P|6<o>CX(<BCJ`eG)wYcsL7=<>HRnL8S(z*FCtd_Pe;sp9pJgB}Px8(FWEF*Cgj$
zQy&#3(bHz*E((DrPv7L7^BUbME(Z*kgyD1p(F6kgrnX5gxl?Z==+PZbJ)nOCwLn+Y
zTU2D2`$$)Nr{UIUub-xj=uPp4mTl&I7q)(VCBP>XHL<7drRvuQ5J0|cyq|ccyK{2u
zLk2<CKnJqJQasq~9bx0Py<6J=F~kq<#H=5F&wuaCR4J1rdCDBA)#0nO3Y4*PWV*9q
zf6iL5J<#cSch(N4U0P}Arr%{m*$!Gl^jU2!lTWdV*E39eO(4!UrWfrtXVz_}EaR4c
z$P-}BYhS4lj;GxPOkO<1+-pqW`W81App}zQ&Y)Azw)z#gsq03~`Jquh=6hslXHmwH
z?3E!Jj<i4tb(H)eo`*(+L}*^iSmx03D+6m{`ps<e3PrRruXfVQ1~B7vVh5>#C`-oN
zyTdl@eKxh<gW?(PN%t5^EEzy-r;$1&L=o2D&HwEPSpvccSS6c4*4-Wre{rI)TQntI
ziS2`T`d06lKB=a%;jGhe9Zahpld2FrR-jGnFmK~nO-p~Lk)`N*Aeqrt*2Mkov@(M$
zWWBNPyHe43q2*g$oL^r>-%9_<@#~Qil?_!F<rYex%9bxv{_e7Kp)Qu}SO<D(*Kc{0
zwOcM1RY-vdfGe)UUQy!#kvq<zk0<dWnnX9L?<UU9D=JZOHupjLt}D)RzG-MY#E-7X
zsl{%&^=Woix@aF4rY1&Y5k@ACkK>#RY!~|;w7I0KQ&zoP91)0wcd(voAjTfM#xhV1
z5!^GLF<WrJ6B~%MOVX155i)(*idokkRiWZ*4#xWvpx5>q^;IIN6ZaT}G#pbJBt5}>
zZVBqE+nS2^Ou@Hd!}KR1Cq%dsf?;w_nsg4q!NBSg^vHlR?#;W>=gp^w0X<)jm!n?a
zcaMkH4Y4yoCjaW6kcz>T7J{44(U@4cRzdNR@ftS63(y#?N!)gn1lhf->szWl?h0ur
z--bci<q~=wd?SNS#^Qn2@(o4fBpIr*!xm17=<?q7?bps?0v|$<<$Fo?4Eu@tNA7VQ
zp%IY0)@JAwPy9Gwqy@c5?lZ9d!B+J8YXKkh&vgbs1IJvHPuj<B`_DOhe~nQ2Y$9?1
zb3RERK^gwxfF$<(hXWFinu(2_j_uQh3@n69oa}U;#5pXSoP?j>={Pyq7&uu!KeE!X
zurhLRassEEK^1_L;o!9Y%wXyIoID9&_<viG*gAH&jaP5JeSA<1eMF&pe)b6Pr}-9v
z{V`D>(9fSu9MoWI6<5E{MCH=S)$RxR66Cc~hMYKj=*`&HXr})3ttaR$IdL(j@+HR@
z0Xza!MZnB$JR^F1+iS==0u+vl#5e>$sR|~^9~Q_k7y$r|w18Eju$4<P-x|Izr#H{#
zdt5n;W+)~Zh*3h|Zk`cr^5fmnLvJ4|1@GJYlf8HpOxYET#LE;X0}3J4*{^WdXZx=F
zUn4zVFW<ndq1**Uy8urie^9-m)aH%*ct$d648OZnWuw&0n*FR0AXBEUjHF%B&$(pR
z&?CxVRLlX$`WfWpfo#xs2^M_ORY1B-j1h|;m?S)+{}UoYa`7fLU}LPb>TE2V{%FR9
zXI*?;aorFnhOZ_It~7Z>{Nh(DC$@yBW?w?dB|7B-b~hXv#Vy^c?r3tmIe%aCC9!ti
zgeoJCRgM%6a(NGBQlprp>j4UZ%A*y`t3tc9DI)^_;kp!N3-wL)9AoqMgFcx|oy7rX
z)^I3fN;QclB;5-;wn>{H{Cp+npwbr=Hk+rG-X((kuS4}gwfst_9b!9j+28cs9)}me
zViKyguPhG+eZf|*U4no6=ydO*L;$~1Gd%riIX@Ye11qTHc0aNLJ@-T~?GZ_H&HMn&
zzOUv1`kObN4rP<&e)%?QGAooxEccs-i3s^2Vjk?xf$|UxxWaW}Djz(<{b8>G-DcA9
z;m~gLd;q#_bQb2hySP1`DOn}Qx_f-z63))9QWTFK($IBirM9pW{bVJ39B{tt?J!Pf
zXAmu0`1SUBd^WeS4m)&82RMjzHQO__LpVSFti><$^q2wqPJe3?M4A*6SNW<J%8Rr3
zn>h*Q6KU;N+5z5P(i(f2LX>Ef_Fe9jwXknie%{f4gZ0tL>MP1&pX7koJ{a-spJ2%u
z$2usSOngj<`OQF4#|+?o+?MStYh!9}Wg6$fwnKDZKtrHDcS-zl4HwLIW9fKfmQ+0r
zSjs&z?B1&O;NSl}h5BsbUEFqp-NIGGzOI&jQt&xnPH&@nczzew<U?qnwPoJB_80gM
zU)N|`3L`%oo{&lpmY3GLYjSjMR*xfy0}3A(QPDI9E>SvZS_KTmrb9CjIwiECoV7St
z)WIpx{949nl91IGq%xY;J84dv$a<|Dz)1WAIw>Im3Oc8+RSx8w&RD|aD#z$mf_K|M
zRvHn)pvzRiM>rmvkqLR>J4UtkcCjg0DIjWa$%o4prPn7Wd?<7*ea#kSa;gPlJ|HKl
zD}2S+h}5S$v#F7I8_3;@nV6>n`<*lHo8LKr8`N$zA{r^Nm=RWc#X)!g4h%>P@EZ=>
zEt=^*#s*}<YD);S@yn#WIF`LlI#@o)M(0Ux3fqkJ<vX9VJlZpO3cZ6QqCibVrNr&+
zV@2~Oe!m6%X^HbL1Lt(gc;?1O2tYI>7wB|Em?82MNsNQYV(WTMjnsaCns2}k%0I3B
zQ$S>v8xP%Q)|cbj$Qz>%OZ}h;5LDZ&FlCT{H0cXzT7(b8HW^qgk1wy%Pi7-OIV&r%
z`GtroSD3(9B|DI5L*W9UXssjLI=j*mm**UsJKbW*kzJ1Zr2c3$`b9KA4Dz1QJkt|x
zXJ6&qVNE)1k_Mb^w>PKPvXmkk>sZ1<gpwl;=ep8<WE4h{{^xm%t>a7&fG062XzCsi
zlLl7!F}Vxn`4K5M65G6owjd#ktfhW-moIHbZxdLkTVNVDaN|0X`jSr}<~)ghnmT)O
zvElP@7Q0Q{$=7l=dpeCYy7v>-jHv$*k)(ifwmRX!)eB>-i<`P)abvMoIvUl7E$fZf
z^&ueli-FzVxBUJ!>T4uEzzcO@qI5XkQu~^jAT{h>i@f)Zm#kukYWbr5?U5rYHC;?$
zF53J36qxZ+P?V6nM%S)SHEIhvq*B>BrkVw_Zl1qT601-DguOD%vywf&KgskosY&yo
zW#7Cuc4ds-!@k%^_&!-!VG)~Io?iu%=oG^mOft@++%X|`liH;j01G=>gT*#Cb&oM~
zu(l$rL*tmpCYoKipWYJD6>N-%LY{vrJ+iLQp`ihwCfhNvLK+<2a%&&cm?>Unau!yz
zDmB(S-QIqFRus04LY+xHCW`ZD4q!TUxM$I#bBc-)op3q1N!Pbn1Hhw_w@8279rIPZ
za3)6b&g$6zfNyO8kQCpn&usynUuGauIBbJ(6r6SI2J#&hZZzS7O+)3Z&_7wqeWx5U
zE`Cs^t2!eouopSZM-!hU!LmfPrv;Dm&YQ=={1z3%80Tp0#8Ip}Kf4+nGRn>$$jdX;
zRv%73FgQ$p7<cjZidnz{pV4c<R`hDDx$GMORsuXpzNH!hbiaPPVROndLOH_a3Y{-s
zvSxi>$~^;>$6WSr0|q7W9*kUC>82B036<)WJ)XUDdtd^Wb$-Oc`fvG6beu)1Khgeq
z>>*OJZG0*tmR<-jTd(MS3!pvd(9z@<H@lc-A|gSn=;n~QUfHQ^;y`Y&Yl<$yC)8BF
zh<4dbXf=cY$jK=fo>#ehIfT}UY{{3?JQCL{_8HH%B+r-CDY9Sp$u9t29bS%hSO9$5
zuPZ&b9`BDdOk<iAI39x^keiEDOWS4LLj`sxZtZ=(F6b;2w<<A(LsOiRyO(Dupw%LL
zb)|=riM!!znRE<zTEE4P<Kr=mEQM7ti3r^$Sz<tOz>{rqT#(qlO{8Q71*YXd9HM}F
zH9qK_Hw-TP17{Ko0}q7xe5)X2AXFk`Vg+8cfExly!@(JViSgjYz_;+vS#KHCpd>&a
z7f=|WYXW#W(CrsE^4|>AR19o%OsotHjEsbAOdNDfObi?h%!DkAoOEnV%*+f-glvp#
zbgV4wObpC_y_^^WClkSmfQ)UQjMmHy44nT{(rwq4w)_4!Mk=}1zu?IiBn18&cPNA)
zv9KQ~6sLsI5JR@C{=o;hLG6$!S}VsGmIJL|>l$kxacAlA=byf6By;RWmdNXXRd*Z0
z`0>r&$k79e+4$vSBFm)Y^CRQ?tFKZ_vwnW<L3YZ$?jyk7wTGFgNky?3m06SWd>qi0
z>C5$YP#5JU$T-k^b50YKFdC-cuEFxh<LP~8VWx2+;OeIGgS)*ie7<D35p8srQZ{AU
zvpYyqnQAO$S5ETtb=6yWUR6WY1UiB9#($tb{Q=5ca$~h60<uZsH;S31z9R)@h9Q`Y
zy*WJ<;02HdCnmY$oPcA}et-S?28b`4M=ZGOpX0V|0}c;n2ix0fydM<BZ^}?=^*ohi
zs=0ZXB}YsKbMp5=f86g(e7L_d(tRAA-Bw<305Qg0!h}%|$lzJ|GFM)AYDa%_9o078
z4QS6ZMrJZ1Wc_g~>zKb<-7^B7@l_s(@*jP*e+T@!1MV!)be6j&HOIqcF6_)-E&DgK
zV8)-3JxQlLY;7DAb>6p=2I~8Z%MZ=#WbuFOWyJz2&y|=`;XNqH2=uO>Zn{~dEDF8b
zB3>0$*dV@5b3_joC+Hy+QfRB$p-o_iD*}tZPq3_Oo|3L`rdsfX8Ah~dlXMITie2)E
zK?4{n^%hdc_gWf|+gaGFvi7Nsc0K|EVI5hYApx32dh_iqkD*1;vX+HbC?4_>B&3ER
z`Y8!~@N^jVxFjT%^+p}(t3t%nm_#|Ryu)ZaYAn~H$IkOfGElAYrI=6oUYwxK3rSd%
zv!-70+=WrfOH!GPN?<#h<<mAk0-m7uet<_G1GXa}k}rQ0iUNCVY%q40;fA@9?V3)E
z8DJB#=t;k_L!GZ{#aw23<oUEMM%hP2LOg#{2Sw~8sje_Ih8zSulhMKXIV6S8sS0_L
z<*5gMC0qaH((jm$YlozoQtN&Zt#|My=tS=&(|AQ%JOzYPS%&mc7?k^l4jTZH%K{)1
zZZl?F7CuAhnq$;Si0^TL1-c3opx4awKn4<m;NN{m5He~CT_*6ukp?j>K;_bJs>6A%
zipxN!!wdq!By;)tduZ>kry*CvHm7Y5dxcyzoAePO^kGq$)*I16yo%pIn=Un3=+M6_
z)v>7dg%w8qtu{_7SPXX|r6#}wSyr&P?%Q+rr%0MH4{#PyEBRc?um4q|fYZ*e(ELo2
z1#;`Z(pe7RCQ&PR!wU(um*ITWKTQGdw}GbS){{@E+?FPIrIs3sDC?>*)`0EO%Bl{4
z?*DWkAe~W$l~Jy%0UdsrK@E~>%|?J(vgn>phXRB_<?zmT5YV+r{7W2<0MFO+>iakQ
zEm5$4tqZy>XdhdD5&G>2vZr8eGBo(K&fa1i{7>K}zSRZ-hBgJ89JVqU3k&3*3yJbl
zObyWMq{7mjFQt@99&)U~+0%4~fuHWFVmXLbQO>_lw}j~~fclRZpmHiW13(R`a4)m4
z6mu%!UNx#5#6wuQ%VA(nMchN`e;$WZQN}x?oI?$eZp}gXwq&t2ozAWx>rz*wqWqQa
zEQF87xF}fKX<dMIZYonrmgxT?_UYbFVP0~qXdKEyO`p1bE`*>8TOr^ftvvU+5CUoi
zPf2Qkf(6E{pddGQ6_6thoR(X@^go`S9EYd-OT?%1i&7nX7|LA#v9#=8mTLZws=(|t
za0VHOe+4uDGftms($(lN{1d33lI)CiV0&<~paXa_pO(V^XFFtP;HjtHd@(Q0;|=}S
z`oQ}%a5_K&#wfLw=HG$N{PEvF<Jmo%?{TK_K_t2g5}?-11bprt{TXqqiKW~BaX}iN
zrq_5OLihh4L7c_gsbwcNpMN{At1xyxv-apliK+4Zi7KCx&{y10v2PG2u8~C*8IN5+
zIsY0rRp@V55pmP11DDgmX#nv5<7^TZQA_#UlIMrVu);~bi#-0>jX$3P*jXTP-P(>$
zDC9pC`}fvQ>xj8ekR|wcRI83o%>TOW-y!_>ZDmKd-Je_V(*T#ci(mlvv@_;*kgt{9
z%DDDoi)MMGM00(>X-<5$86B%@bA3sf(GSPQyI8{Bp`<cd3oB|vTYPFbXW+E4t4mD5
zLNSZY>AnKlM2^$9T~gLs=tkCZoqC(5Rj%*%C!Nceu5-VmeJLxx=Ih-2!nt@njs;C4
z3=w3qZNzMVi=b+BI5q=JvJBRqq7A}|SEQ6wSFw;pOsjA-k;Nn8=onxt65%KNTLe{+
zatz9y6|Hg^DeIXO0e+tPM788WH|mY;5d~GCIB_&fsEEOnPuaFXw6_e+6udYcy{a^W
zx(dEXpKY)%(0@UcA=Q{<NTw{RiH|24J6^5uPiz~neSfTnN8SQh{r0zuuGBJoEPbet
zj}UN8hb2ro$42;7!u}3ZGhK>XdH{6df(~6kx)^mxC_j<dkq&a&RTB2fbh3)aA0dmI
zl<R{7PnT+jO8adjkN_neI>gzFFB9J0zM{09dBuR*dbJlowYEme`ehNfi8pALadq`Y
z<ZO(dCDAx#bLI+QzjpPLbDn0Oo;9*@fq3_2ub%*hz1!(df0PO6YcIVxche)EXVoCY
zjDZ2STJdym3H3+ZBm=mmvi!8up@nX6(2%e^5bRDHL{(YaG~2YQ;<ngyqF37GBiWS5
z4|is_^(CRxyTiL&`sqcDS&yKVAjGv1Kb@Gfy~PR_j@cjZ@|yw0)fR@?e*t_WNm_nO
z>j)X#1Ju{uimv<Q{mWLP1G~xOHR&QK>I3@BNJ6K=!_T}~Or4n66?P<^rYinSMP(v<
z)o~n7->7VZ!t(`yUg7!KYEnt-RZRjNus%VOgL6>r(u2zFHI;Pa<Ej*28hU^>9;Wb*
z8r5S>HI^(O7)eXSoVC~rBW%KZ<-+Go6R3Wr(@lQ5iu(HYcyBw~iL!>vi0Dn4%xJ!3
zu$DD+`g$8fKA@<WOYg@%E#|`^2!F5wlZrgaB>$pYEaMZ7vROEC&2JJfLfBkF++oEd
zlf3rWr;NkASg)(TK3DgFB@1tq;$|LRy6)9LE(-*>v^*nMJwG)ZIEF4D%lsO;@jd&4
z-M{yJMl&$<`^+zgi|UnMSD%5za@(mCHO@-TgT}&jLg!M@^<nu627_O}idePgea!j;
z%kE?v1vf3$LpEO}C4tzcc`xxH-=*L7&P0oqR@xIsrxGKA5^IxLj$>onH7i#7S~ul~
zUS~L<>vrYks3YxgecZ;P2?yX+{zZ9;dZIk!x7wDVMAi^7FDls8hT~KKj5`NH_>e9$
zy0VkBh!6^V`pKQs6__#Efj|>!$DdcXK46uTviHNz4}$E6=R~&`2h${=YsAev$ooFk
zo1E01o=pYH0kf4!l<VcPIIIk0A1OH?OOZ~F>Ze`<#dU4qHAKxr#K?8j!=p*qo*am-
z4hOuvy(y5sal5Q&*aQ7$#KHlc2j8nGBaY>db_03wh|BkdHsmKkt0lhx$Ru^1cY?}P
z8<2m%5Ul?JL$LmbJ%jac_6!OD3;X|`Ef~|(`-?;pup!Sl0a_l0e22hr-fc5YY%{ss
zPAm|~lfKYV*Vi086YBf+>lcNEsd!_nTPR0kBR4a$<eP*dG9?^MDqp3aFLA&p5+Ziw
zYG&(3uxyj%%_L$@__we0#>780z0U7{)%5Bh0G~xY9O>YBs?ho4s@K=6%igUGsC|T?
z(rlM715gIBzi<$Re!=|wAI^`@@CmxU&lg*n*i^E2@&eo92VFEV%P{@qetR>Z@ltew
zSP=wlePR*pN}5jydPt+=fs|Br%lhg(J8~L~63z#_OA!iLBy5@~V&!O9!S6{kX^HCq
zJ(GH<I6id~l%`F!QuscEGQ+%F)XIF=Jsj2cS}Ag4=JX#fS&t?va51Y?Ai26FpX{U7
z5z(l2`E}RPrT(}W;9r<}JyajUv&u`M_KuSsm`uGPAn8WxyOk}b;nk}aqA|Iv&;B?N
z&d=7TewlIftQEX^;zH$dB#QMpKEvw=@Q}c+dMIIu94g`?0p2El2vlhksuFU=;uGfY
zHGT}`wU07kF>WC&_nDV7Lx)pTf!Wz2=&LZ<h<VNtWSrz>@SvJ|cR5PSzVD^EH3Gb)
zVOG}(-rqH?IMz2$aEb)PPmtBWv4E=&u-a<I>;4j7Nh1KRT)=Ov?px4`?Xf%o*ohV-
zP`+z~kx7`2M%-~9$6<0+*wp1rh4|lNS2lg=Jw$EwUZUn>Pi^@;awD5-TXHgdsgRTr
z48^OC9p$KsE`2habw@`@ps6wJ76O6W=BSy84<AFX_Viswse~sXmq+Jj?MlEl+K>ll
zWDQLB&kQdWMsP9?TVllihNBTGAbA-?#hvgAH~ygL2sVu7QBQ<4GKgG?Qkpv=8a%n?
z7bfKni)W8+Ok)#Qoy59JZ6ceT5}T>?u&6Z{#9jD1Q9>#`&Niuz2E{R19z_l1mEPlT
z;n|kt4|VWy5t?1K+mJC9WZ6s`!?_q~&8CET))#Y*;wFO98X%M?wy0-e034ODWNTw7
znW3~UCzb%_Q&D4|RJ*36Dor)Y%R3^y9PRjItkjGlK?Uv3XDE%XNR2_#KWe|b%XxQ}
zHZx0{Px#L5w3$Va*azXr#}GD!s$J}UPN8s7%Tt692QK6UN@-O$qO(`q=wodWwz9L9
zcIgJSmw6I3>l8Z^kInQn0W1>90)<0G&$U_3ig)z8)zekJ=<bdm31{(CU#t5T{~8YJ
zZl~G-U7pOf_(Od;?Mf3MQEZeM>OX+#$udS-k_$f!<x0Q8lM}gUalUmK+Y!`#&F}db
z)A7NzdF>Np7J66l|8e!s@s%uHxNw|_oryVdCN?LwZJQH&$96Ik+qP}nw#|ui_ndRT
z-}j#TSMTbsTD9s~t7~^xuX@&Gho|zb`=aHS)j1G)w7b2r99mIF1s)qnn~_;ufWp?t
zM^)GB#2=l+mbRa-Gz6Pl%MuemH67W@ewwNZjY?a7Su<vJQ6e}h;&Gh6GUGYyLtB+l
z0{&fvDrHi!6=nHO=xo8+Zo(;9J9-m5#Hz`!YtGg0v}rXB5$Mm|SCT*$;MA#o?rdy*
z+&^w?FNnntp<zWid~FWFo@1~#1$>t;AH2!owAh(Qv-^B=!D5%b1S2-hFc0220O8M!
zLu@Z4|JuP>^aFe{SI4`sCdxvN>Lo-mYs_e8WNQ2_&ioP%zt+I(*Uu%BSR-_mU3s;u
zI?G>`#VuCqNzgz#ss6(j8uC%60Bc+BJ)E`s4!Suco)k9c^=C`TBU7FnLx8b&%tPm@
z%sI6Dg_~Yy3KY9b=-tb@Db}%fQpOmKi|-7gl{ZtxF}iLxf7sxYzuNhT$DLtjR>61P
zWy9(X)tHENS1g~zN-Z&B!AD&e_3|HewP2^sm){uC7iYp;bx``Y#l$+Y(Hw{H+40$X
zKnW))+0S`Ilm};TR}$CmECI5VSRC^+7T$!!G*_5cC7TwPY?~Q9y6}@$qbc8m4rBbs
z^sCjA1y)X>&bjvNyOtL$V=A->jgNH^H|1HvVkgxfjX-($%%+(-3vQ|j>{bw>nOvrX
z#l6pZJi#z}$p4r$5flPbRiE{6OEz_oULQ3Pv`0iek~I-b8ZB>mU;&;oYaU`T(*SYo
z*k@H!X)p)uMeyx)KisCDg(ak=5vefQezc_c#cQReD~S^4iW#0u$69vA*Q)0o_>(b~
ze3g|~`alrA4ugD6tt-@4r{|j+fKR6m16yTX<eJQ7f;p1RIplv>wFDH5jHQ4&%iPwY
zILEiQXOYv-=>sykcmTc3NKQpOcfKA3cvJ4@PMdDumH}Xv>66+q^~_Z*<oSQxBXD|#
zHbR$!aS6{-IqB}*7h}Ai<1uzqi<=?IJig#X3vEmzz7X_`topQ4FBB-K<}+FnkXBnM
zq6sCqhmxnKTBfBXqs@tf_!PoOp*68$iC?B{nlrjKczqzI?f_Uoam_Et`8gJS58m}v
zM!tSC^vCSx@cPc^iXcCzi|q)b1fH}y7O5r8ygSm)x)_V>fb=;wv~iX$<nRr>ox}{j
z;HvcxV<YQi#NJc4RwR_*$pOzeT`1I$u@xInBcl&EyNj%|KQAfo;g1O__0Df0U$H)F
zsPeGu5qHL$2BHCJJ9HyD^JfrKt~i4f7m*5oHt+2X>)@)vwegOj#4;`{92WK1rZecI
z=6<LlhR<XmIf18&zQ+4qy2HQvU3ULTXJ*re*Lmwr+g$cnhvkjp(dT36bw~|<rYy4F
zVRr9i^y(Mj_YziaoFaxn;l<%)NbwLC<LBJ$UuU{I@ecrK-H_ckI7kG2W0iz8U6aUA
z>OAjEV7ssn`?J6H!6PGo5lTHY7G<Jhk+`6^3aP=lv0_sfxI+p-^XEXlr{1w21!dH4
zL{hN`9|s>I8e~cHje75a`L37s=0$X#O}EJh#~|d)Xraj3RIB;JO+R{Ks%bk5*>ei`
zkr2%RCVU@29}Om`I77->*Ol@y8%KM6!w}|BZS!KBv~iE2n#x3IxojbYKAWfI0#n*m
zMN`EMO^SUGAP{gwYfrc8eJOj{vMrQ5xA3^;!tTDTW*xUfo*ml_Gt_N1y*FQ9<Tu9Y
zJu2&_HT;Sz?#C34E|5pCr31F7{4J;cqkJ<P7KR(pa4~O??XyawoV2|R2(jE=_YSj+
z%@OlEAfuK#48a0A`S$mTB>~-B>M9w@fB_NwE_}v*5HqtEEA~dYcD(8g1M#bO!S2Ph
z)uQh8ui%ZV)qIeLu6`q0)%)Y;k%71SruTCG@rf07Buw#-`v~qn;$bnQFgmrX$KFIW
zASlvOBRRrSYFmFeYY86eK|5s4Xg2O*;!g+V&dRLDd+2wr^~`yd2*+p=k&!8Vb6&Ax
z6_>pej={dC1$PB2#n|FZvupW&uYchmD`o)v^P~sLnpC|DrVjS^0S~y36pW1_sU`=4
z62QdB@}C9L3oVVmn@E9)0A{A3gm3sj419;<GAJ1hIVIu04fk2na(+=2G{zm?no_eS
z5Rv^ed2R_x^MgfQ#+6mW6(gdYph4U#lk)9r1uA3V_JxB7;K?nPgd+^#-fy2k*wwo=
z6aYg4jCj?H$6yo1m_r39qf1KIfUt;iSVh8*$=M-o5%S@g`-qD|Pzk|DC~CqL#m7X8
z76<Y1zq`44<OOQ`yggqd2C6E)qtPB}9VHHW(FoShq#V5WkjH782K(7jR99}pNCf~s
zA(zh`TeUNnWi{x2*&pyKLl)9UE+`(eslpaReEz<R5ICi;o!$g|u~VHi%KgbVhD|$8
ztTxG={%y85kfEm~T>^%50b4l&{dO5`DcprYSJ7kfw~MT~ozvhfrR7mixn@ojKNK(H
zPpqfM?O)<Q*!?>oE|?nQ_PPgguh|&T4qQOkTeukub7gq5YP)>)&6gw1107a633x~?
zk#V#3cOyf-`TgtzEaJ;P`VwseV*_{<ts4=uxrCs#*q@B8pqfZDn=~5~z9sbA+nzz;
z+iY}K!@QA|!oa6tsSUC@;0*)M<W*odk8Ff7V%VHM-+#)#ItzWTVwk}(`3VYT9q%ZJ
zciUOB&nsKPvF{DlnbBS7PeF^oci_!HjHgbLNl*T9(eno|{KmOcRc3{$B?y0FI6tjY
zD;e}d)9vFWJKK3fb(i8Dv#_izU0M+8EI>oIi=XHHF5*h}^9I9V^2{})i$6gzBl>Y=
z28JxpPX{3#gooP$_{NkEJ-$*vI&nidc9s<Kwd&4+AkUr&LL^-&10~J`Qv|I}{~cB{
zGACN51OWkHW3Dfh(+e^9?%?zDP~(q*pJMyys@m9LyEcKhwUOjNpmtuuZBC-nxoJhC
z{msV@gGhRM+SuNd`dAvB4yWZ@oF^yqq}UA$bVk3Z{G9vGlj*Eec<f7zsOd-u&(&#H
zRj!}X_5G~mrtjObMi)YK>SCk*I9oR2U7Cbeg8fB+<)FQ>FV;gVbho65r6Kj-u74Z~
zBJXv*WLz(hNPhq9nUH#Whg<F(v7&=(+J)1~J3UJ9SCTMZJEe3LHH(V!R+cpEWEmYV
z?tIzM>-@M)iymD+hs^e@d+opCgK6`-j4^$M;aGOBo$`xnbDVvz5y<d#+`mL?dff-b
z=@7~U=y18H**!XW<*GvWa9Mb{#=49x8t(0s^k`<i?;&lyU&vK;o_*weUrBQkjz=jv
zYj93!qM)AB+EI@w@P>XWiR|Gil887XjQSbgo*y~X<fS%<I{w@2DH!_5uGee~>#Lfs
zbvX}y#uyKQ&}e30S1*nC(Q}X)>Dc=kQ`dDSz#<D)uXC=*lY3e-D~`uK`uo&MGMDV9
zyc=s7U1@u|X<<<cop#F-O-x{fQ|t|A;h*^%<S5##3ogs{5WykW&M-m^_t~JKkYhjd
z&XdRVpKN@kfPTl6v<Vn7YA&~>=koSguQGyY>iDR>nYpI9p)y{)hLQn3>j!%W%Q5&A
z0HpU^Mipni8N55W@Nuu6%{eZ)JnP^@V-NKPp0bZ~aHNo$i5@b~(h)Tlx75e|^IcV^
z_kbgy(eZ}tkkI2gz_739D_ym|Je-A5LL)PrqsNYIQ-O{nv9u<2_`rnF(mb+Y(WT2m
zgBJDm2CC31wd%xT=msph|FdRoY}oiMAk$sp0deZMu6lb%`zZdcEmOgX*=-Qq$<!@0
zWYVZ<=wau;A|%fnsVXH$nkUL2?rN-6K_~}%@B*unG8=~iw~(4b)}7u3aEUnBh>io9
z|A@#<FRmZBNX;38!x$o0OEkLE1icDZHvTOHjir>0OP~_lvL<faNDdkiNm2bAAc%Vj
zHMEGuYSg1h1w~!l2Yd16d~6Y0)aQp=V}6I|*ez(5)fjn+&RKsW*38{L=E&XKb{|PH
zH(%I!_Pi2U!qc$5B$iMe(mS}N<LwnJ!wh>OJ_K<$@SKA4xK%va(T9bAiEh&_UAZ38
zQ@oCg#)-L#AO9U)egB~5`u>a_0Jz&7NHXeW)nDoMi_-XH!BYu2Ojf%fdQ{@SYx7Is
zyedWAS|&sThg51K-3xiphi3cnz7t<LW8>iTXSAvysx`bRQIRA=jlMj$EJDAG`t(WD
zhNDHtT?MDp7+Liv*T}4C<wqfG;2i<n=cUhrT&1S04xQG}-6%W8htz{7z$VCQH}z)z
z;Y3Z0R6EeB>0V1}OVa@$IWj2arW?QD-1Mu*ZVKU7R2lYUouugH@7%9T)g_Xi_6^2(
zEMez6d-)^WWd$lK?;q;`0(n;A{-8gjq&L##)+#aqg)L)?kiXTq+qvBOqh_kbr!es3
z5Ee+Uiu0~Y#e++&=;$ho0WOVjA!S1FSb?*XwFttcoY_a^jb#?k(JHv=rCwk%4d&XZ
zf#;F~!AzPE7<o&0K5!i8SLYCFgSq8&c@^2euJBTo2|T$NIAFFrSRmO0XbckAv8D3N
z^D(JMF;<_9rqR$s{Oph<BEGOj>4PXpmv@UsgX7v22|+U}*izWX0ou@vs8{D5zcX>9
zK3)Uz27Q-vEPr$FxrZr8!b)aymFJ{X*%1`=C%1?HtZivXlOw%P{?Q2bqBv_|Wa+TI
zM%6a!P?Xm+b;{IJ=5rOqtkA*%l`G&}YV1HA?I(UM?41p2D}UpzBg!6<p8Xve+v`g|
z=q5>kg0VpV6E0ZX2!L6bgxcn*B6Az!S81dzIy5DmC=_AtPyeqc*dm1`Hr`F8Sw@y}
z8JN0Md$VTvajShEDt)fO#s~ti*?6hyMADi&Tzv!-EEN20q%2zQ?k#fWv<&WP(r?bM
zf&A-ja-obQtNC}t^Fe&XwWheQ$x*#yJl5>6EA4XT=p^^5TmVFN*{5u6hUT84t$Kl?
z04;M;+zLeRALrnPmp#8gQ3zf7s{8p`^0ct%i>8toD>R`M!`kUJaVsluHT;?&^2Jr>
zKjxW6V{h@I-kY=%#i?50H5WJY3;SVWel8+^$?_3Gko4$^tgb{e8icHZpp!|VcK_8@
zwrFV)7S+%tkq$T^$;@dhhV#6K68Z5mECgRGu3gTsNaBhjE<(s+jLD=bd=Q>IQLcUs
z8La$~%T_)zK<caqv#uFcqiaGL786(&e?19VRYzn$6}#oc&@5OBC0#LJpDU@-FljsY
zDcOr#oSZG*s)D6#zluy-fV_P_ns~_yt8UD{FYyRJmH@c%={HDY#ck-hZM<U`KTXCt
z5LH0KohK~nY?`=mFz66N)uA$apZEa%A?~wsTQ|i)OM;nD%4jB~y#Gf#wJ<XDCypSZ
zoQT%tvKst#*<pJel7MRDPf^jvYe?}TE9X-ivoIuyUo2vnsimZZy&5k^M^A{|LBIa+
zU4cj!AG!iSs@d(^Hk=Bw@N<j;bck%4NHB3|_Et?c&-kxg>;7<Ww=F-m-HC1yrfppu
z)3mKMZGGpvjCK0V@b~WE{Q-^SUew*W@$3HZMF?fSYot$U;n5SkO{N15T|QBPxOj>(
zJ!2@ysMO4wEsIpIyZqZNZalMUH{AHtM6noW!0I^w^v<RfPp|sg`)p0tu&BbeASr9<
zj+=|`cln5Fbn;z`TDmdK(3Md@Mh5!SniJbmD>-0mMW1&>W&C-deruJVP(<O};76X>
z>-*#LRhRqol5JO8%qpQ-lL@aXz=L%!GL5?<jGgC@9qEx}l-6LS<nkISz~tyQ;l3gV
zm3$0vv+2M)txOtq2%{)lF&`Cx%RgHollcKFCIh!bkrHYN+TyfuKCRX1)IKg`QB_le
zAuE(%^!c8<VP8B&(R#u0fi@R<SXF=?GA)4^^?MPr?Djesj$5S+Az|Y>%enC&y_T?q
z-Q!LQO<L{Ibn)j=$&P7BMRb<ly!jFYpwAqj8Jq<<-nmzc9%L@dm<3U?ZIit;0i$0f
ztFXxtXALhQQ|b8|{S-C!y&7Wq+GjoGoq)pTIZ%Y*sl9V^BIgwStg7q@iSosc%usgh
zp03TWmq$WDj*Wofpci{<Qw~Iad)AWVP6+K7=F?=Em22%JXl};SqJcUUw|5n8%NiMA
zT30~D<K!xa4&W@P$LMPP_&9T?)_(WcOzGje3iokow9L|-jCW2`u1xL7^zpnKqqhUR
zRHys!@w~JDUd@stybLO|Y_|>JJJf^GZF{0H7`-A;#ZBav>zbVz6m8&G=IwFaZ=CyG
znNMAXTw(~lX`t=gQHZk&hL|x#r31`$aL4SuRW^EaPhSu6y@^~Hlrum@xmuJX9YN9#
zP7CvZ)=4u+!A^CDSv!+)xv}IE@_DAlKgpmK7`ggSUNhi(3^1gX7>teSpO{u~Cg2Z0
zBv5*4b~ZXrHbz!XW+GNLCOT#&4kjj6B3345ItFGYW=<9&V1z3jCorr87>r_&4W^Lv
z*#^#(#8Uwb8ew5({x2Wy29Q{1zY(SL&tGDlIWK<S9=!DBpXpd5Tvk}(v3=H_LlO*W
z-IK%sev$AP5*6zbPxQ6n$w_f)jEDz}5yfBPlIfgpUbNdWOaAVJ=?h0=A#+F+lj%Fx
z^go@xo;>0{z3=4XIrfN~O$jhxbO5e*&I8Q^?Mr<BZ`25XC%?Dn%MsP@|3;03;qBr9
zeBM6pM-qTZ(cin|rsQW7fjN|LMy-qjdEhFr*#$hDKkR4yAQKV=_LHK^aat1mkGFgv
zEOVLSnaR)?a32t1u*@$Kw*|y1*nxYcp_G`%zH0pjBp_ak!O+jj!uEiD6>UQ#CFz1U
z))@{+lq6(?0xkV<M^)bV#on|6pD}(ML|fH#GJ9ud%iY@nzmz>(0~}Qb8Y4~*s+MwJ
zK(YWyp7&ndM8K#9oO;3wem<LLZ?rG;ESuz3O3Y;(-GKsf2D(_FdwX8dAG<MUcHC7+
z2Tz0q;CP77zA0s5JT1uawS~{y6BSdlgzHz#S^;B2mB=SaP|e5NW8X=_ROj;ryPg*!
z!S2P~2|ZGJ#8{q>8%rd25tw?kXJvrGO?1kpd+Nr{>5b9N(%l;UQL6h$KBDf8LLI;N
z<HOokmqjYod-1VmVyoikezZrb1oM@t$+(FsKy+&C+Jd)n6^bXlc7p9;*1`0*m|yjb
zes7;e{lr!0#~tCOSClolx#0XBn1jwdg`wPMi<gh`BeCAvLFY~P9#hx&pMHnT(V<sz
zy}l|R!UvtF@i_<nOsi}Q1eUle=ig^cReGZ$K1Lu{;PHE!8zlt&N=`Dj4&EqItv*|0
z0I3I4jlyefkBnXS1*+Q;TGAUH9B_wx+k*+$6uI?EIGeqpf&wx))F^+CmBFI@=~)5F
zvtb4K!J=(lY<(p`e@8}hFI3meOG;p7j&5C;F*7@*{cT?6=@t>E0K~WW8qo|9+GO7b
zW_#C7R$VQ3odf64uU>dO;Q_o=a!^ZdfHXu#L)4MCUFqLaIm<}DD8$T=)rX0)6@E`6
z=+MUDr+aZo_$=NK8CGMS%^@$OJI{0L_O$To$=V|mWPZQFf;FQd9s3-U7y@Td1-&Lr
z3Ul~DAPz~cEXO%>a#VZ#;1F(JC-7s;<5wm?I`skaerg;XX%e+k6ftOw`WxmA0zfS{
z%t1N_tdoW=mBmfIP#@6=Lnp|u9V-GUsni@yxu!L7{M2D(bXvJ5QA{Lctdunh5+_`Z
zT6ms^)O!94>?&4+SeqrPA1sw$tEfy8!#Iz7*jVza<TuunZ0>ibJ_c<jdm~guBn~*7
z!QY%kpT!z<D9E;C-II>Qj+f&JCIAB*^iQpbp#Eom`x~;i4{*^jHL4~7KSdW*bhYOd
z4AqJCMi4WbuSm5!O%Y4!5&nF=_&h-il&5#}ozD|hotC-#b9p&Bbucl4d_4X;iM}9<
z<`+FO7MDuq)et0SimOw=G;g7l%)g+1*j1Y8Liu-wL0M`ZhS#6$A^O*>WB|CWv-|KL
z#;=BP!9-x5ReUGQIPoc4#m)#dw=uw*QQPyg<(fdMA>^pcQ8}mGcia3$KGMhdbBK^2
zy_z5jIgn|3Y!<FKmk57*h7Hjju=X0*6NOgqbTdHKO|_Iya0I^`V0ea+C8P7Lw47*w
z&%~PW(|3irwD{YoE)^_M832+fyARtTPlW{KE2WS#PrFSNyyJ$5-WqiJXDihKlF*WR
z#Fp3QA{TYRLgJ)>E@o#U((p>TcwlqHZnj3t!5+<sQCb+b1CYC&WNz&;NO*klWJ(;N
z;YD%b#`d(x$^6f4jGJyH#2w5Gk4C{*lU*N6XN0ofi>_CD`j$Oyd;pv2hNqZCoIz@S
z8v4qH+(jU3Dx0K^;Wqfk>0rM+MPxy5e7_tFC(`}InKF|PDXUK<*OqMzl%@&_Wt`Vw
z#Ffl(NLV3D@@-b2|4ABXHhyf_j<*Kpq}3mRp7Pv_NAo)+qGX&TCAI}DZUJpTKQ`va
z(D)77o|J+&q6nyx(H7t~`q+U9vH+a9AR&AT6JIAxO(p<!@&@0dL~2YsDVB;JY@&{Y
zi_P4}xjbcpj24b<DQ?0$474%6g)ie(5JaVg>L?bnKe3FG(2xFf*b*#zMe?q3d0ZJ>
zqENGp&g|x$gPw%~wjyy6a)azJYw|4HYac?+s33xv#SIJF69u5okM;G+zmi(e;pQnm
z+K@BY&{W|99$z@AGV2vuy&JRcM-pYDC6$_O$`dAkL8t%HVZ=qnD_Cc!ki$l)M}E4N
z^@e5SYJf|r_K9I}a>2=Zt2Tz`-K>l<zItt<JQ;fgXB>`rE2|2rV3T7?m3W<WaE|KN
zyO&Z-rz1#<xm5ru+)F{iZ@;6Y{91VL<1jMN$gdi+y9|b9i{+Jw6-Xz%<=>rOQ#Vr8
z4<UcWF?Hk=r_Q^A(bssEtfHlU$!$&2Gc9er;b<pQ!4<xcTe!btaZfJ7ked^h+029=
zIYC>O9@CakJk*p!qkP`Le+aa|_BQs{+FaYpPiyJG7;gt)9EKgCPc0DC@`v5ib-tpg
zx-o?%&gCE6cpxB`4Lr$LT0Y&+O?^H=MWvD9kC%kfoh%1Cp=6czxY0C$C=WcuxBRB1
zH)T{NciCrw9ZDh0RHRxV8SNfE`8~d5QtVB-e-bJ7b#{I_*KQZLuFYUoWX+|@c!D)A
zqCMv%s*VeAp@4~hqwALOyF?>fmucVFF&)&ZGgUKngRoA`DD8ZfAdY;{0zZ)A22<L$
z?ZU)|M&25OaU^5qvUso3HZs^C7Fh$j<$ibh=NJt_UaVqLC+KPVT5PEp5fgO`_f9kv
zbrnjhXv(nyXi^J@+<e7qhh?$=((OZ}ZGhb$Z9GQ6XY#So(53Fg(_^Zkm@R%{<e3uQ
zw+ntNTi)-?6BPl0#meI1P>qgfL@EcoOii1Mev=gnEo%FVJLR)m93eS(dTF%>2X^6M
zbN2xtU8dl|Cwy24FdgWzUg9<1<P`VAl7e99a`b7w2_g>nF)0j<3DC#6^7X^h=64}t
z@d@_;*eFaa6f5zpckd*A?%b9u@x6G_7s7;*k%QAgKRv5oeF)~=MS(g?Iq`*RiX2@P
z&OEcEW(*CgjRMKODL+5a2tj3oP*=yi(Fn<SJVoVl4Q7q(DAlqW@pw^Y=8%{2Y~Z*h
zIUKKy`(<j_;lU5vovf6idYZIT3WcL^RVeKN>ynmc@2XbwKNz(-r4bgWqG;wweyJe{
zT#yYxT*aykokTH3nGi(zQ2H58n%kFcgQy=S7fREln5O>JEbAvCV|%dx8|9OyyGf#Z
z$)zgAAw^XZl9}27wY1-Eu-TTPDKcneH4cV1VB;CwZlDgqrEmpvkhQkbtuUq|%Udx3
zJXz7@;jkd>DBI5KAoX<^e>1VQQzuHo;i&g$g|rLwR9~?Uxisgiq=mJcu%b1dnGI@I
zZJMZ;xJY49XhF>sz#a+28uQ}dM1YBuF0(}O*033?z&bWZsI2)duwI?Z1$9ZLNWZab
z?DlkKBJ;D$oO4ndqN+Ag+bAE3{;TBz07-%V3nEEZe~RF=6H%U1g-S@6N|Th?D(pc4
zsoHu4(>i=&27LjFt!=ZXE221EvSSZ+sJV)E4g9acM_U{sra@=}H&P?2<jh5FQU=i7
zmH}l!IP&&I-3%4|%^`wyImEf~RMNw>-$^utX52jY#RSwg{+yJwW{{W|y&%~qfNc$&
z_KO)?hc2+nM?Wh2ACiCUEr8TG2Anj_#mG?I7<cOugdWXl>s7v1g6UcJ!ASTiKxQ1w
z-*x^Gu+AXg?ohpaPj>z`r@M{9*IotE*Qigz(oqM3V)aO;_u&U$lK-LE-mN)?xa&=s
zkzsW>D#WwfmxawmvW3OAU6TRKj6=6j!T<V8heKfoA@$mhZySEdH!Ne&To0t0;o>CK
zUOl?7S7P}iU<=z<@RxaK1bb%|xcxsZw*|>T35(7KNK+#_`6cPmoqHX9!aFt%7IF5l
zA<c4sQU-EuI0Idna6_3H@0Ld~N#uJ+T5bx0Vds{NL2*5hnFc5wpuT!UJT#ZHaR>|?
zCHVHg;)ZXW?3-GyLL#7Hf~Ecv<Rmcn7I+gl@Zhi8Tmo|){PEwJHBIh2-H)`l$O^%e
zgLX}O^=UTGZf?#~EzHMkqZ0Nx8Lo`urV8b2EirAzpFtn-l4e;DD3D=*1`eVJI0!iw
zfQSPjnvC;5m^(X&HrG$Bp~=Lp4+$&%3uZ<-3f;xsqp;GqKa4ZV&`Ez;i73nhfjIF3
z<#|i999V0IwYVrnt+!Co;QoE)4@eUXUW+ay9}fY_P+o;_ln2V7y|{A`26Ffa<(44+
zFJifX5|}^4{}qfs17rY-H7^bL{|CJpZEo57x3j&~i+`bYU;6)`T}NaWVJ6%wWcZ)H
z9-FCBU$NMO{s*9@A(@%=p=K)h{~dyDIN*?P@V~bH3A8n_E$oE5A^XBqtjk^IuXPE5
zd!Xy|{dI#oV%yRH$-mrA3C#Wl-kSvMB94T+g<SvZE&odRkN*Fu7OaBF``4@f)&q3d
z|0(A|7%z}19WyNSI1tp~+=i^1#vz`L*d2wvsSO?c4rfO0P_XYD-H8_Yb-7?b&LRPz
z+g_(R?$m%d;hce`w~!-UDRiV_Iz~dVGdcuOd1lvKRX1(*e$)81KFU->+exJ|s?Ffe
ziJodHF-Wn!qF_CCWp&!2&%ey3SrY)R>57<b!{FYN<P&4=E+xNqm~a(ESSWvx2a~=m
zQmtl|(x~-n3PqX<!`7c|yJ$pjb(5OjNM62m!gS7dYlDEpCek$g^KDqGwMlCVL$_38
z{+DSE|6`+TF|tc5Pq4hJ$OS%TeFyuwZ|i4k`y^oojg9{j>gAQ}>fraCJa@oWj*K?c
zccFBT+(rS*BKBUHH~x80=bqa7d8D+KVq0%#4NDD^&b+(wI2(4ZOO`*0Lm8%uz!1z@
zeHNCnC6!_K33nX~?~Xeo-g0A2oCq$v+l>}7hp`2f$zV<8wkDw==QA8NjHKI;TE_d5
zr?QQVyD#p|QsoC5i)5EnF=+rp6`#gM*P*-ol#PKacy(Gf-i$m;=Mg8|1ZRFdo-KUr
zj>71IuXnCq4UV~VJE}r<<!4(Z2(@j_zi&vH8PZc*#<<>Ea~fN&@{dgH)HK)jI>pe4
zj|%BT>fvhml}yITsAX;R?M@8Iy?sQg0v2&#;BC9u*d3m4eA;<^bjkp1f1L033Uy9|
zu5vO@n%h#Any;)58`9TO-J_OB*M8>|y@**@gS!j3xDf<zJA39GhA17YslS^*kH_bs
z-(k+wj9wKV4a?24A}%=7e5umCbk4+dZE5)U<J<z2(z;&SPRlq<2GFL5er#CFd8M))
z84=*=y<T5h@TwO+o(IrPdFeUicjy?z(B@jqY-ZK6Q})!}+1e{lOPYJB?V&l?TE00y
z-_$Sx^2fDkue7P#l6I2}=RQ&%V0`QnH@}p;8CocC=y4L<DN+3bIsY3#_)aCWlk^@y
z!oKrHO1!rgu<*MKxG5FMd;m~sJ35v$>R#Ak&($dq=xFXvL2x{gMDk|}0_4Tu4H$3r
zm7gy5#H&Dm<KSKIBH85h@7haH0)wbJ7!zC4jA$frQuYtv4q!$GrvH3Lu29pk!xKUN
z=R0!T`pN03Qut#}tS=bKGHtkUe_!n~sBr)u!PBeP0<YNBW&H$~8xObl{Ef4YlF;aO
zE799GF|Go<0HxR09Rmg~kAN=0pA1xMYR!aD(Ojl>M)E5bNvH+oBxEwiv_^3no<jiZ
z+!rV2cES(5Kz`H3ndIbLl3G>IQDR`CVzQ;8n7%Q5i#)y$-gQ9*l?Lq@zb$t;)t?aN
zSH1!pNOWiCaLK06m*y!&2c%SYFRx#HSFYV=Hz^Di1?-O;7)G&zK(s&~l=>IVxzTVD
z^0wtN5D_Qe!G;iH*)*5r77@Z&o~Z##rubjN!!P_(!ZrlQnHiOYter-oOx214NYRmw
za*zp?!cdd-gKGL^`*eD%Pz*HPiF}@4Aw!ZAMzG;$IP6eO9uD-#=q!0K`@0FF<VI?n
zR!{~gp_|tcjh!1E&vj{)uFRT(vPW8e=-TAmhAb_u*;U#5UR+%7{9>%%YE}c_R*ign
zOi3Pr<ypDe$k<?Z^EtV|+I%Z-v<q2UiwB{yurvGy(_EZ@F-3(s=um9}5t83L9h|~8
zSznXGOF=!^GYvIBtrr#^l445BBnq8I)n5a~nxL7@&`dZ?6#=~~uZVB2VD|-$Rt_!1
zieJCyOIYo<1Bq-HcWm{tZ?OUZ5s6G!a8$2vz37o}3Ew|oLHQ-V=*-Z1749N`2c@nV
zo+DL@=TX{3!2b1<Nu_uIqevkBc0XDDPmiH|=4q*TD8g7z;evJHf(WvtJ(il9lRpcA
z;I@T!V%W4(_!lzrOi4|1+=8fX%<Ua2A1#NJdH&?~fp_Tkhst)aRAIsZfPIu@D_<FH
zEDTp9%8Q#$a&0X=Y$xLk1K76sd|DOY?KHwQf)Wu|SI(QzQ>5pjji<8-d^iI?&BLSp
z?525s4Q74-v(+QhFV*$P$dUa>D^Vw@sBCDB&cE~M_R|7<%RA?Z4s7X&G3KeB983}=
zgbd~IWHyaqHTRsPNcnafkam{U+19Fi+wH%;5guee_9QAx*Vr$!#{nx@<CWmgJ0U!4
z)w+G6{%~-Rc2%{Cj*g){AX}QRxv~~jg&5279mZY2!F*Z*0lnD%0gd4rN7meJ`U}4S
zs6qgFQD{=a?>1iELAojp!{D(UkW0q-xFpe*n%l1#E{Xga-t4#XfCKv1HjzKHXZ=nK
z#)}g3`Z}3i1erqBBdu#Hd;}-Lu5o*1DTLh6GwYb&I|>tWaq;p}>|UhV0x{9MPO8;h
z$m!?X<sF6I+fARlw$-nG<4!KPw8R-``ZehMz9PUyCfUrha6!LVr;}R}dTzgS05j*u
zt`F%=W3nRPR~CNeG4A75bTp2jXOH2SvYuWn7hxg0LBC|+GkUPRu?|Z=JvkDY>TMI2
zC$(b@AAHZ-7eUXk!)vA<)=OvhNq3OGh7$>?#L8+l7t-!8IxO{*hE#_Saw6yEdvCUt
z1)1!8``WI-0`kwYZ$giV8gP}D^<O%4%LyQPn=L#pMiR0o_!j{C|Fd#?fj1V7%YIu~
zHO=X3(Mjmb*u7ev;B8=Zg$3$T1Kq-#5Mf=O@y6dcY#JxxqGV|?c!S3l%%oVOQ4Wk{
zN$k(;>oNoTIBL+}gf@Hdd8vP`-5bY7{4AhIMY4GM-rjkhXher~a?WR7*zuL`JmVT5
z{e=z#<d>l+&A`UT*~Vqk#*t3?mA_%M<I#rh7pfGL9uKrE<kzRGv#Pcu=$@yKr7f2~
z)zj_D??)`-OM_opzG^bt`rliAS`>l9k)sH84?&evH}?o`cfEla$8-K&wKZa!#YZ*z
z(V*lHjbFm|T1|o!P@Hm5M|&gFcZ~!H(<@6>fhmIbb3gGmoUxdOkP}98GZtk!(1xa<
zrKVFycSQO%zIJ~u44JD9;uji}ofvXZ5Dz1zq2NB^hRj?)EtZXD5aJudO`~323a&LN
zJv{aM;7j!^lp9TRt%G%U&{ZoI%1mi`k#VWs7aXoW8ggkx+G*N~d4&L^8e0+o9wN<4
zK_v{&DL58rtESt$*tN)#>M>;fjB`*^Yo$GM=dS6ZrOpgo;k@D!<mzdwuK<NUy{?n~
zbQqJ!k~=4uwUbUyR3%LFwG3t%iRQ1ndw|+&XXWqsh$YEmZ}?2n5Ro6&f}K!VwVDsa
zS-vs&>O{?birYHFOWj#@b+ncM^sk`OmWWHPS_F>=29rccy@1yPTzwYEH_jUJM$Wrz
z)hn`LYIEZB2t_ydHZ-<DeCgh)Q!yjSkFaNTSflrkM<A`<*&l$<=NxV*XVafHK-adm
zH2cdyl)*YD2AKU`3!>-%3Nzlbecqy2bE`Y~M_t$ZSaK~Ek@I!<pTu{--9y`2S4Tx6
z6}#rv^~{SYhZxc`i)E-ydo*@by84klvlNuH<_dMnZB1)bwSsnU-x_5~SLf>z|7K@d
zd>maRc$Gb=wl;J37)5Dj*w^Qd(AiKNzbPVjGy|8+uR~5BczQS32}k)q#kP5>oPC#|
z{n0k9#2v}2GBTa9FPVW0s&Y693Sf6Q7M){vcUur`SzBjq;mo|GhevZ}`JX@B?9Zlf
zR4hWztlE0nbKHg1@^KGPvt+7e4^2t#=%;1k8^-T9rkuiJ?$lY}GMs-KGcCB^@{MVr
z;pAFhooVN--h}S0bNHfOKDXc+<#wFle$5plICKwU(|JHXQrHjyAcZ+Ty}Oi!OzV43
z*8!<AmsUXbwqi8oN&3Qe<7Yu##7A3D_<~|E24rc%>r|?X`|~3iRHsX8asqnvdg^}E
z#lkc4$VS#;<xMqnlMXo-qmc9QFbbA-Q|;khlNfyGJm?Z{su+xZW8tu17#1L^Fe+n4
zUoj1kxy==ogD)5c(BJvJh`)`U*L#tLu9OC#Qc7nEEi#HrHDVC6;b!mqVZ(9HS^5g2
zObCkeMA@&%d-#3hP(c<o${k)X=LmI5Y_ZBE7>Jn3*3&Z%5j0TppyY??8iQKLe#T6P
zx+%4U@D4^LoT8i-XkcC9k~d|nD6fEB7Y;lVOsc?Ka`WE;94Z9)O>3B%!BevAaoOFh
zVY3lPs#4J#C0jB{yjSlEvS@$5-ICru(<(M9*y$Pa*MTu>i1_6Raa^b$Q*auJYXE+Z
z0@8G{tg*;T<4y_7+i^)PqXm0}!iq}0FrU10R7};Gr}a5R)DQ}zj=eGUm^nC;#E7`R
z9J|}^{cxfHP?_z|Z(G@yB;rL@qWfw6J<pDvefiD(;w|V<l<!aA1DHC5LRJciz)tD8
zUlz(&7=4({2@8KLcU`nB87sq;uUzR~9qo~8BAhBMECt_h^S|)Vab(*fWOr!C6$WmR
z*z76NpHxkqi^$g9KrD|u8*(2c>`Aw^py}@(uDVfG0^lZWdgg<V9;SKfR)Q}V>^F|&
z2sFm;F0Cdp=7qztqhvxczb7LeW}pXuzAYhhrjJ~(uI9YZM6)0*9h18KR?t8zb4@sq
zan(|%&?n}kbW^j!?6s3|70zrNSUDC)Ye7k%F}>i{c&^DTqe0=#<*qm`S)G7kH-Fl&
zd|YIt05n&a>h-ZPo;6fQ(dmaB{WjMao7{ymXYxy`jVWzQtX7{SU_wY<meN@MT@N>7
z3G|v%&(vG#0;&|nVxFY;_0$%lsH@cnoI37$+>;=U@*5QDs323h{h-Ufr31VnH5tA%
zzgSvf41-fzLMvQZxS{Ms-|vH#b#QC;{+=fOfY1ti+(crV=3jA0YU4L~D72@+?QTQx
zuCn*-`MMbdIjnQ*R9e^yeR0G_%W+x;(lMg<^7YFDTG-DVc-V^iy-~izIXOP}o46I;
z$f}N6c=jAt(tYxUYCl;LsVIFI{PC9~@)^<{{ZDJiBA2ioJPb1~@YO3=9Y^80tLy3Y
z0an+P0wxtV0S62tyfUQWY{7-Lbl*d2NS6<~<G<PKZf%_19$GRN+etq}rDqljth8z3
z9*-N**-4>U#KP0%LMBWV3y4@obbcGs3_Y!y4q)idLX-7qDL7{>5fM9hGr!b!y)8VX
ztv!vu@}TljsFTv_$ycghdztRQJMo>p1e^+rFE@$`6}}dud3Gud!IcHQ2YGfbO!!(a
z6<G1LPu+EQoJb~N(Tv>laDjclor$#okHJI2px`vtEyOL;(>7J-Ym~ve$R!a#;bg@s
zzvMLtMV-!QVKJd&O6E=S2p^teQAlOM!6DPdih6#Z#hM!=a8(~hi)#Od`YSVy9593W
zJnVq-I4--djsDb}LC#aE&N2Ot!Ld7uo~iJBZZ(lZ*Hd(RCpp<{)<GBJI;t>~Q@NB?
z#frG*G|!IPxRa_;CFhhRhke<ApFX&JjG5vT3~#f&tAUAA4}3j{zS$lYiBzpT-*^gf
zuXxhNJDQ9CZG~rHUT>CeWc*{y8}Qxkv3}_^>eO6{^Tz>+sOO}N$&W>eECq&MJN`sg
z)KQ3)bOvM+LOgs)BVXZtDXli|QSy$eMq+!C0XW^$5k555XwkK9k3oaNIY+t*a6(Mt
zDau94^8;`XOt0<9eEi9@tj*7-)2p#Hc0sNoZ+pH?183?h#{>PWvY$;|$pEtZy<KLX
zP&=LwBr!xG>pf0FQAb(%4sU2!Pq{*j#UmOsgZ^G|@m$Ps)!FlW7J3Tl`%~}=n@q*Y
zE!0c8%@l(+IaRy~D&CEf$0u=1JdtF+0-e;t!+DKK=C1Qd#2XT89un3YMRNTc(@zVt
z-2zFoiaB&2h-PEmVMN<<Ljc!)5v0;4T{hF;%a;rnAUCvr$7nOmI`dS6r223;vF>YD
zPGBckhNcfJp1svnJp%r^`H*iRwx(MCw4h$U%yv+g5nR>!97b8b>OquRH?Fjaa`N&q
z65F{qUW1mMuMm18NDRBqEBlz$PPznfI_q_$6VACwmaVua{p;SNAV3(F;UIyL0rc4h
zY&@pw<NoD=W;QOmM3sLs$HPpDqF1w|{ACb>{KGa)m3ow~WbNe*^J_s<w!NqCfPiN<
z)({)?&oK-R-)zqvxId10?}sWAQR}SMttRgsgQobX0r{%q>J{L}3>;9;Vg*>=Wa`y0
zw6m{CyCEHko$M{XH3OX8xx_ns{VO#2UYY!~mc6jI+4jio`w}sU4X9`|ZLyO~gE3#e
zIOV<}b8Ig%5$ri%e}Uwkm~JHr!h9*j_e1lE{@(7Or<NbD`HOup8&Qb>5^bK^{0qJu
zCzJ%jt9c^BLyQQ#pq%G*0f8m`L^x6?zv*Sfj4A?s$k9m9GZWyl--!CpuGZT`0aRD#
zzIq^*L$!jejbo$@9c213Y~tMUugn|Budn4`1y-vbaZ8tiY7l5^=v&H+Xpj5mJik&U
zrjx?Aq-UkSU?}paj51aR2Exm14?%>a76i~7XuRD@26Hjo5LhOwSVl{sS7t*w^cb&0
zAhISfkQ<cHfXxF!eC6}21dD>RU_+8AFqH8c1IC^f@boe#Y1sZ6SZC)K(7^Qn7<lnO
zXV)TvDh8JFv>l;$qzGSLfE-ms8s7w4UdLx6V-03OM;=zI9RcpZYl2tSmpl_O2S=4q
z7u37|P|3m5amDI*G#j>ZVAHZ1D{lO8P8JSM)CAxx&5hx+KJbbLMc!clod?U@XH}3f
z2U8yUc9c$FN0jk0YPcEK4P;JI{WKh^mY$utepW3<sZTCwsuGVVx9R%JFE)N1)${C>
zP7AUB>Z+5XPn}0%-u*3m+vB$KT%kXT!V67}yke25utu?E|KZr6Tc94mmUgMfQ{R@@
z>)UbOKmbK#GJ<UFi=Q3!@mrdp*Y{qU+af66-d+W}4Zbr#%>2vq$?=#0D1!WpnQN~7
zS7sttNLN3h!Nig^0X3(S%vbn|dzIt)Yo(p-(paN<6?|<l+oRh#lL08r;|PQ7UK;)(
zOkhS;8dZskv9@4P|B^|-&WwmjtQ=3CkW9Y(UkxJ|82&`Lb9Q>d=43z0Yri43!1sxA
zbU@bZKt<$iWH`zgc@(;;4M_y-p9;PBREUVdE{XZH=G8j56Hz0!>HnsWE?#Wa>$Ocv
zYTtDk&C~wTY<Mxm)!pp2Q3&4B!hM`g9k49i8h|uml7t$46a?6=xU)MA6|Pw3ulrf|
zt$t|h(LKL?(?`f|XMB^D^8qRM<o-{4Cz8wrdqv~SeZlia!V4OOZg({2I|O9Df?3`N
z<B<;IfpjX~y92bDe*~uib&fV(PS-)bh;;zH7DQARJ7gvZ72&b0UZdN`?Lk`BRy?WA
ziWjrLuz|-({WG8tWNN6m9q%#eH7r_q-Qmn62U!qzNqS-yqgpGbCoREMgm4PL_xAC+
zu{8C1(zJ2+*&F@QbaE$RE}sjC%y4-Rrr6;&)BLg(QaJaTf{{8M*iDtU*T41UYzs&Q
zJOB7xWNi95oJG{tO}CZrD3eX=3%FJx5$@!ox?b*FxBo$cF|hj@1edlY%kX7%@KZZZ
z>!TR&T)f@B8ZJ5wF1F33np=a6D@h>ishK9>CW7(d1>JZo^GD+4+9xPF4HnTqZ@8cw
zNj1A*YG7>a|2MRW^Iy8Y<5^(P)3pOIl_nD#9S0{HJ3A*48!M2lkAVRg#ze#j40B>)
zPQu*>cS&lP1I972vM~QYeC8QiF?eDQL0hkC<9A@xhwos>;Oez52)MyXaCDf}J0S*X
zsPOW&WEY<yUFDThs?HB71P=9O&=FV@PA*O+#)n~!Bzbf;gz%r8wQp4r+=+^gut-OQ
zviuq2v3WaPGlqADUa$E4{25*Z4pDS~q7a;5`S9-##A{6IR_R4Euf$MSGCohwdnfco
zgmM>mEic5l2~s}Qi!H>fsgl;1k2&wJ&#!Z76x_)nR{&0LF|nk|MZgHsNK8g>Y%scY
z;S!-NConbYOl#*m+J)^k=hdoXcNl|4QctqSf@X-a=-OS0RSX?sP=NH%<?0;(*&D}9
z|AMiVNg0i<A_Aau)`Ba$^mdYXE}yW)O2OREwL-V?5EWsE=W1~od}}e+9_e{eo|fC^
z&KEQGG<V2wMiEYEjhEEf+(Y)&cl>LG*Od@~Kd0tdK}Q8Ncu$p$r&f&S?*>FVy$0Jw
z4~wk|=cP=)C&&w{7@G`h4$U(_iF4PY60;SUZukak9XTJJ6|eIW`=eC{i``PImF{4N
z%c9K84o}u6|NKX14ir5S<F9?Do;sN5EfoKa$a&=8UB$?_g`OZB3Ps&iew)<y)pkzF
zrH`a7l=_gY9%v&QhVT0PnTCCUXa!&(0Lg%v0cr|{Sq0NbGK5|PL(c{vQL(Z~X7Gf*
znN-@IU8`9tdE3^sryO_%FG7L5IW2<fvQc7i!_Z5Sym<__2M%rhdrm8nw0)DYSt88k
zZyciYG;&DSvIz-a(6D0G<ZNks*GLot|F(v2q|&831ymy21zfrwX%JY$R*_+W4Ga?P
z<129O%Dr2S!E5C0QBjnRDy!So2#jzX>H$NT8o$_@t;-(3m>0L}>Uv;>V-FEzF3ReA
z%)W*t*&l*qX#__8Lg0Hnuj@vH@RN}VmniQ$(l1M5d&2W~1mj!Wa}-yI3wwCNlcbx4
z$|5bRs@}Qb^dQVf;1hb5-GN46V^kZU#C%{ISthZ$PLXD!dLv3D4=NWQV1r58Is_*G
z=vGtpP~q0XD_x84grp;-l*DVH^7Y|ptZq9BoMW(|@_n7xT`~5m9Pa3q8#LSewH|+i
zJun6AYo?<3I$@-hSa0O}fc{?IFE&KnA63-~U~II>^%6F47kRyM7Hif?-<q=h+Dlbe
zx0w@c(0$|u#y-C_5d|zVt^q|zl%oThwuh&K4}kh|@9S-cD4Y7SN9<yTAd>k1&|BHA
zqX0*K`gxpff}7hskQ30(APSVDnEm&+y`l7M;RT5j3>g2H$?5EzzvtL)6@k}FwIO}*
zxXej8eY=CLxVOX+v#qBEp6IA;e;yNgsg(nv-LI#9%MM_R1E;jc$__A&p`ylhnl^O+
z2_ketrgH@9>L{C&gmMf{1dxy@t?xOKM9jVpK<rf_roweX4j&cRfyS@@h4;e%{GY>W
zeh>C^DX;>U5Mp+<A7ZaSU|sFc<yfHf>;QXtHsC<R9&>@$!2~H<An^kajbhoJ;8(c+
z_U2O)uLV?Y;HyQz6s@@G@(<{pB%A^SKF@!YnFhEMk~L)qOeTPf<9a>rgMjf9;0JQI
z?_&N4M=+!U8uYzv7c&O26+}V;*9#FMxjRM-n)tfBIf!a7*bjIrdPK{QP#HH36{E@C
z7gU$BlxTlOz;v40mKeJy81Dygpd`@9PdCRzjCSZv)!qY8^*|(Ilg)w?5%|o2DgY3i
zrcE3`fXW3W!Qvig)9{td#)?7Xj}=%7S##A;$^MKGgAO|?E)^oc|CSk{@FW0@9|<&1
zUO=U36|67;zOmUa^d{u~0QP;5S#kp)K0p{y%LM*uwoq;<+?fHcAAo}4Gc6$JKnn!t
z-r86t>Wi}ezeu72LR1$*dAP*!pj1dnH2TPmN4_6tQ+!d08qNzK04dRAzUQrW4h2Hk
z^IN0@Cl06!BMnf>K7+tN%_2=yNN<6IQ~e7fU+iBH5%)o0`H!=aoC<)JYNT#0MX53A
z1wx@unjO$Dr^rg;lChjvYAFngZ%mcG3;6Ae_yWO933QL5WR(j}V4Yxvb<}AA!@e>c
zg&)viQTfeez>}gXtR&qFlldAdq=r`E2tdyh{Q>PwoCvh!R|gQkEMG)_&#J#QxA{u{
zw(If!M~WVdDG*u=qQBnQ$rSb%;i@+Zn{|-Fj8cARCuC`W*ueJ-W0GXLQc;#nY&M|o
zxX1eD^gyv%$Q3{+p``xtIDfSwOJU;1x|M$hr%zKLZYu!2qK>UX3VW<?|4%ET`c&m8
z%Ituix(F4Zm3nd$*8LH|db2Hs&;4ttG#0WX_Cr7vB!KONh!T|9j`eB8fCT_FIJ6RL
zE>L~uvcH%>m<c$*aebMrEk%KJVi3+(1l|eoasStm<biU91Uu2$rUe*)R;0`gsK_rm
zokGEf5R&*QB@Epoufm!eib!%LyO0%zW9^{)w-l@$0W?7hL3fDCI;u@uE4;82t{2^3
zPY1Rm1gQLNsHLI25K6*@MGeFiiecbi$0Y+gu0>LQ^`q|JDjKi(mcl6b#usI!{9;bA
z{e#rDVaNI``3k_BuVSL~18=5BRa2EU7i*Q(FrN+R0Yqmw7)`=XvCiL1MbT#jAO=cb
z9EG97!n2#nas#Yo>q=2XoET~W7Ru|WGXjg_B{&MePU?y+g==(z0%@gyIOSCVeG{k^
zikk|69MW#dlN{)r`hn^||Fs+}<Ny|k&QO2_LxR-<sed}rjM~R^Vi0uzF$qA7k0et8
zL?7#yCI6L`Vg)oHQ2ojPV2#+8$x>0_X?Vs2Z~!IHGvGJ=RxyII0FH%Oiv&1rRO>Jm
zG?V27j2p?b<_01%#c2GL5`-p=1X>dY-+1g8Xz84Qnt1Tyu>tEg)YyOQLk2DXH4@lF
zL4G}cTHufpI3hvll)Tcva%hWzMh-+I7eXYuPMGd79tMSAL**KNiUO3PkO6nMd8z<J
zsj4M_RuqI@Ye+8@O`Pu8FINHz>e<%}5(3WC;17Q>HDV6e$`0_Wc_y;CUP%C_e5;R;
z`l;~~uG}AZOVkQLCs07k1E;vPpz^;W1m4(y2g5d^-!nA8nequA=rcJ1Pddu)oH+qh
z9)E9SKt5+N4vGdP8|PmLl*&~WLQ%Ow<z)XoC;)viR8Hh?AsLm^x4jS}i<#567m6!6
zR#Jsj@>qZLU)O)<{97V=7y0*K^4CuO89>tr4v+(fCVQ+;&HC5#Qx1VQJ`Dc8y6R83
z(I6SvQc*zSj6n1+pk8?a=YdhXn2m|RX<a;Rwz5U8^h3JT4>+v$-4%po4fhdduI0+<
z-%C7s0n5Ny$FhmqWK6oWEOVwudbF^aEH7YX1?W83`28ulr&HMY`$NDvxTL2LLWOkn
zn1~;UtSIzz2@sB%9+#B1QWTWafBruJ*#UoXOmmrnvZyNMZ))RZDyy^<hW_(CnPs)W
z<&OgXm27Sq%jOgtre1x;g|(KXQwxyxHzupg&ef!yTjw$k*KUyk{F%(X*$6hwbgc3C
zRZmv0iy!zH%s268&by&A^4{a7Kqoh2kkixcv+rc$>hoj@@N}q$z4Lk{`w6&N#QJlO
zwaGUKT8!)lWTz}Oo8qqF)BN*TlfhYCfZjM%pcx<8>$&rG9K(+>TH(4IlE(XgsCw(T
zsJibBR9YGVX$eu3?(R<MP6_GmJ^~^jARx-nT@Kw1(%sFF(%oJ6;QPDxe!l!Md-j>L
zp1t<7*IL6lv(DNHNoir+x7VJ#mR&9LHL$d>Yxc(G>jc;-frHNxZ-tBhUEjlI`z_EM
z8GWAmde^Uken31Ilj`v#4|uHc0CZpAk`x7VLHiwSn1Pmd4+zC-(q+-`wnxIEP09Yc
zn*w3OG0%&oMZ>x7>PkDk8#+j{bW;7C#Po*QPR*>JcGUXy{?_z>|F7PVZO>CyDHy-6
zy(toDweg~`;KtmwAne?q3rGYihW9;_yymWbT=q7tlB-Eub~iqfKaQL6zq%}q+ODXe
zSanLR2g-y#xS#F@HGjV=e>~5BAtl7?qTG-Mt=_FAX(P$ML(Dv0{$#)cneJUu7^+kb
ziN%|eG^C-_M<y7*S0s@C9=p1eEl<c1*^(F3fU4r8yMRfz&zF9DIB#wxp&YUAxe`bj
zW!fAb%7Q&r6dHNmwd`FfV4&1hTTW4JX@t`t4s?xP-3)gu=G6(>QF}|NMxEgBpADk#
z@Smkj=a*d^AUSto!>zf#?~D3<mSI{yl7`}Qu$6b~!%ut)Z;(tvcs&2XdhvWEFB;m7
zcT4taZoBqip3zm`ZWF1A@+wic_(tBq$VxXl!Jp6D8&jkO-)wlW)8D}S&%gsS2Mk3*
z7uYOma=(<Wb17TkjB)!Jg_qdSdY*XZDtd%JOK9i$Vx~SnAN+Ndo8}G+;JW{UrR`$G
zkGUt>9JX~2ztMlZi8LSdX!(#jK9$sbaq6LDh%;R#49Q~<g;YmW8#h`Fb)U}+Z=;`2
zY^+}M4+S5fIF_0c+aNh6qi{&Vq#7^rfT?k(G_w8VC7C`3)&@knA-;vT>@Kd~8Mxm*
zUuqVvD)9QiXa`w^HKEkmCF_dM%tscxb1Y!I5x(NFz;kGRxVZ#;rw=V@$m*jmH@#N9
z6TB>46ofZe{<ar-t#wb@zuB{|r7CH^|52nD%iHc=pLj2GnQ*;z&ecK$EKOYa0Qpze
z>OLZk8=2L+8FubWzc#yW>I(R3q7+6eHpwVAr**2_gAK}y4Oou{WUx9PziyrDv*vZ*
zGt}~m^UtXb!Z(k9=Xr~&W#XSIb`>-<PjI|{yY=2I;#UF_UxwkH`QV(*>|o`Czx_a!
zpm)B~$|)AP+q=LD&pj@|Z<kWtxqxFL;dlWCgI)0Ro*XF#ms}D)$_^$ZirZAUm}<OA
zl&;2}e)qqta5x*67N7UIKQENU@fOgpRDGd}JLfqT;l42DyA%%EHYAy|&31TJmX{;M
zI$N0GMI%CE#D%JyHoNra&m<4O0>jVP0jgS~(sy>3&yXMujKi<%QSe$6hB^S)!BEOw
zkz5;msF0dKNw?00Pe#&~-^SdBjo=k>JAa>7j>mEq_DcTqpOngA(#`JWqX&0oi=Sd_
z&#s!^9p4wdA#q29cu?(0U)RWR5a1{+li0P{XYdnT?IC_N5>XLZ>RmgfcY1X%=)-I)
zaLHbB)aq`5K{AchW>J1rLhu|Qw>y{rb>)VTkrEOQ`INZBcMlegDM7s1>u#VU-KwFk
z?;E#=YerG#OcGo!@A0!Y)xy!Yt2kJg4iD^a<Zgza!=y-MGz^2L9m5_V`{ufvX6-vJ
z-kgW09#;LY+ogSuCtf{vah+?}U=Ob~Fc*OjdL9_IQaCL3mlgb^sD}cSQw>LBCg&xc
zuj&N*I=l4d%fkIGSJ*1-;!|X%K3xpf%R#JWHC3A9sprOh6dbD#1PR+bwO%>ScAulq
z#9nrUKHO>V!Z5qKR+$f#eA!b&5@7WvSLYaRzD{}Cy{{d#ZgjqnPVSp4Gx<7~a`Hh-
z7=1^b_M8WrSr#4M2G#+%r-n!C7a6+^*wJtC{C2vI6HvQ#vlowLW+MF{R}7-SBk>P+
z{!iuS-}l=_n`Ki5XQGz|Xc|5=e^>}aSJ}PPtEQ)2aDvt^9729<7hL*vO4yc5a||PR
z9}Mifl5CwUvJX|cBo!OT{`FWi7@uE|d@P=F99&+#*p6@A6!8VR)-`E<b5#{YxHC~q
zL*3`AnQzIH$AyLJF3Ky?xbZxlkX>CgPloW+lTH@}%_J8X$jL5e@w9I7z73~@HBm?L
z@;SNRD(rsSm@B^1jV^1n_Q2ebPoHF)&@S)qubXm`tI3m#!?zdm@T#JiRhzS?^#$Bp
z^ro^h4y>Bc$FhJ2`!ti?Z&VE?oo<y2-zu%<ESz;_j_Mx;$?S(Djaq%?nmjs(ru9Di
z+&5!wBM{Z3MJ;G=tk${hK}O=II+<Ta^1|J2<ExRgU1xe=?-TT_1+EWMD89G|D}Hv~
zd_V5F6s}}EO&)Hil+{>yb0PArV2VX(D{<=7YTOXEzvl+<U5qW-1FpFf$M5B%imE0?
z>rYE;1TR;&=Y%6K=_Ya9_ltgs4-~mX+1P9@T~}Heb)8zln!o$+m!<t~zfPs7XyzR|
zv2VDmN<nAF-oNI`nZNz%#y&wqva)g$wJTjx(=AXI9EuIG7@ToZVl`j8E$aB&AtT>k
z;GU-iJ@^aw49hz_91RNl-tKd!7)E{sMwyn8U)o1kZl79Wmqu%C1)5+rt~cH~T{w9L
zglzY46p4Dr3S4aKJGjhJEp*@RBhSukSgzbdoMBZ1ua5fJA$UWOV>`uPv-bI)m<V0(
zrm?48<xdtSE=6B^GMCulc7C`&QuOmdCSXULOKJk_6TE!+_igsWzke_#T52$ExwKO|
zYhm~E3NyD;t(hi=sj}&we(xu6(Sz~yq2EM`YVFFndl3PaS||qOFl;ylBhk^+vsmYg
zGQ)#$y`pyOeXZRw9d1#UqmA}+3a#N4Ab}z>XP>C&V&y1yb-KWng2J?!|LZn(=yB4c
z;w*p^T72`7<dm0SXNBU?;>~e?P2Rx0-z2%-mhJn~np$6#ruC`dOf7Z2dQ9To3+@vu
z7lSQ__PqU^=$030Tv}62BYAV*Ri%`hp-MNZ5jueVEhl;9g41o^cR`o7BGg#-J*~u2
zi=nVDXC6r`2B8ZMj)dL*bG{yfH=LY|`S(Du224;OL*7q#m3r9k-RJ{MYYy+v{#)aV
zI0F%ks>dHt<{rISK?S4imowNLUlgo%n@P^g`^FMO7^g9lZcpomw{4R2Y{zcAJ~fm{
z!BVqealKu}u7j=sBl_(|loD{i+nomZ@;o|wpSB1I+&MoSONJz9S^ny{K(Z)f+yH9(
z8id_%ljg|(b_1u0A4;BeEgPU!@AJS;+vDd~o%QPmN>WDb^Ttt4=hW-TEc*Q7PN$d!
zuqy>4-5Z$LwMZH`>i{;}hPQQoy+gQX<NX9X88a8p%;mq}Jj)P7Tz3?s!I^Up^mU$K
zdw&~{Mr&+_d!aZ~aCz|fY+uxj4h<sK0FPU9^cMjej+Tvs6|5`H%f<p$8|P$aV&!FL
zV`HOaX9c%H;p7FMAEo5tU}56sWnqD+WWuXL1nv+-ATeuCwZ>Vwxc(;va$g_zovaSi
z@33TxqBQPDKA4CSO*Djz8u*bA3m&Ycqu^t1)CJdg4N(4+Bb<_4fTpHaQMe<oADH}p
z^CJ_B`G+)lfd7*0O?MVPn16Ka`QUuz{cHteM9G@9K{g7=+}#!BUkOwhB1b?wGrR#D
zUB}RAMXg?2Gh$d{9$f8?ucU=MlK;JBvRrwV>>*A23s(wx_k%4})bZuC5tguk3|zO-
zgNJ8sKyF6gVTZUiLK{EJBE6lu2yIGu$=&g|XyC{kf&WsKo;Y<<M+qW*;dpERY94b4
z#lzVqaCf!hz;Ttg+1|2*kRO8AEKCeg{c;h}J=XQwcJ)1(@yXOUMBR!#Xk7I^B-&~+
ztv_6@yH$h)p|8d-#-gvfp1X^pRKsAKq;D{9eRg-3+jx}nJWhnWl>lDfyPvkB66lrM
z45}7-XJR^s;j~ly=3%;B=O#IaI+<Z)&lpJ~=SYe$c(}JQYtryZ7d(Hg&w2tUBR+Y;
z-@8atMWPVyXJRX7hPwETTe2%R+-=l_U40rvQ_)wy#Ht=D$%TJ@!ModT8D3gi+q7lT
zEAy^0?(4`fweBz5gA(D#-9zE~d0R!{5z8pom>d$~bEPGx8;;{!USQ0{cj(f&KICM6
z<B*H0m;YL*raScGHNRh*%Ps(r?3yVg3k%dmdyUpHzr0l)_c^|Irtnj19IItI?d^(a
z%yqA>lD({p<lXcjpF4dIWY*<|(_yc|IWG~p_pF?pcP!G@58gzqsvD%Rx11o~$6Yw<
zrRIyf4W;GyrF!6<G)O8Xgk<lIbs5BQp2V8bx^ynaCcOLQ>MvI<Xwn2IqUYc%Op#(%
zyQlIi2AO9>8Yn7oAr42pC6%=%+~{Iu_m7|JlBL6=rlNlgO#h8N9l_dELes8C8_WE>
zpJpwF7~EQodvtO{jUo@8jPki+U=(YL;sYJBN6hDnKfAc!Eiu|u-#riitqq5|5gh0G
zce=b7v+?*kktd4eMXmQPa6}TKik0;0_#Gt?Y(UXKTdQe%W4sDGOOarS{d9S!-HP#T
zg=cDU;H2z++)CX#jltyodHM)i=vNVAUdgRF6UURQ^>p}c`1cZ8$q!<#-}FWpwqkZP
z>>~re&Zm2)&81>TkXPAohN;~YyV8#6#`^S9(<zIQ#OMDKmJ)RF0*F#>q|i2#4M$#f
zA=1>?Q#)I)GhY~NE2Ki+HpwhWttHM)T=M3~8f^+r=56&b1bJ+11)n<6b>q_GwBo*s
z+GXCg4aa#cRsMDEeTdo83%aozz1I?-UUyetE51ll2J`a<u!a4v+PkADHm;(J^KAd5
zy+devN5Ehk;Z)HP7zjM{-V3o`3gHs`Tpwyw(!Fqh^_pRcaWOw4VZ?d6P5v>X>Vxi>
z-hpQedXzxVaJzOWffXlF`3fV00@`~uJ^XId_)SJh7KTh$c_JH@#73vr&qz$4hiCs1
zqtCILBEApaa-zCL5>yr3m@<r>EX)^8m$Ms2QLJ%l4J`E2^415+H8%|VLM5u;XslOD
zREF8TNK$SzHF?Tcc?DHv1H~Ah2s!j!KBF1#PhQNnpl17Ex6|-(v@q{RT}?WGr+SH#
zKz2Qtkz|9bq3bol7ik8$rQyrg^aRYoTB6Q$ot`L6y}v)`h&0;6aD{5CyST-V$C??2
zL;qmc9lGdcx&aa78%<O+n5)zwX#pcLx2WYCv^`{pUbl2fiH#cT1rkR&f<x>f;WzyW
zQpE4hAD>m!y^p`^dyOagz703)He6xhM5^WE1heotI&aO-LMD9Y8>B4zZ6srWbr;?t
z7Y1A17LrUBk=Sl*iS{wjL$V~I6R4Wh!uwfnjjqbzybAophBdnlYu0^|VM#<c3QMm3
zM)--0iIAe=#Er^hkz~^jO-W6aI|JOO!E7>oEBX?0x}^%toL~emL8lqA=HeR+1AcpB
zebyPw7-6QV#b}BXsH!9R&LNJWo!uGdhOI$K!QO5>IMS!=WH%#urBfD28%8>$r}fs0
zDxXH$R|PP?thJID;ED6yffGC^zDVpkEF3H2D0TyX6>s}Fy0-q4J)OY30=^rbC<or>
z1EEH<Y6_>qW6$QE5FE8E)t?`SwREzn=WN!qOpIw#Xs&A4awKTEzp4UoX+z}Re~M6l
zatcP1de%H?I?1Krogf31FzJ*hulO!gk&EvIw9Ip7`K(f>M22?!6y;Q*2O_-9|FWF)
zw|2}aXh*Y#esqTM%_qlu@l%i_gq^TaYt_L%Do7@IGoem2Cf$v6VbEs#IZIX)X*_2|
zs`o)VZ@~0L;bKYc9;??P_mleKElu30`rMw4K)qF!LeHwuE3tIhTX;?-6=y`N8_nAZ
zAl`Up!+`=h<-~J|!#Ha%Ovl3w<eK^PDZFZrdpxhf&C*ozj|dlwz!?EO<iejwZ=3(1
z;YVVcbZ41aolrE)H<E`&Ng&Rw((^F*z14~7+6xB??a&>XxsHeTyF))tFIrpQ?~cxQ
zajq7L$c2|V9O&Wo%aPU0YL!-wG{vsw0{6PNb6)%9%$S-o5j;2dGt=Z3s1StN&vpGL
z@hGc|I4#5|Rj*O91dy`0E2b+}%6s8?-OpK+ZnUlvBnNYv5N`>pT_`UM<%)H@*gCI<
zNufdW*fvo)uG(@Y#4t7T%1R9Gny))?&U)xsbkkDWyDuZ!+t7lgLd2*sJRRGWfl~D4
zN>;Hfbe?9851O@BVJmj-q?go<rzaZy)`Z|zOVdI>9lwSSeT6|*xRH3H+Vm{;25IiA
zDG8&;NYJhwE<=}y*65b6Y7lDYhW~PmGdYTj$bBK>-RDN({`sCGnAe^NzN<k~#^{yo
z;;wfiedJF|U9?Mit@X+996T`%QD6x_C#<3}VbsEkJ?r$#bdZRhmbxshu{FPZQd7=B
z4~=hp-eAl@)rWWcu+YUZ1^R!1bKQ!a`m{13MsKM9YZ4y2gMgiRX5&DQhJ9QXH&|89
z%Ye@qTW9-CU`lu}+ih1)?2_Fw>Fl3Z^6!wdk8qyDaml}n4sXO^Km2<F?0xAx7J6C3
zj+N)5Nh<3vs-$g*Hs2W{!~a}Ks`skJvawJ`s~WOv7!Xi>9HjOqT0hR(4QDOyoBTq(
z5a}n$?pTJ!>K)~|*R;l5uG$|BYfIH<nDp=q$|IW@Hk_jlb$=U{Ts%riO3}V)l_(Ii
z`__o><Yc=x=Au5bl-igL4@|q$PkgWVTT>7?Mg6&3^JT;4-t-JK*~N>fBJkWN>n~3m
znXYD0WrxLEH|%~lwzB>z%;T*kFV`MVx?gvy1-Bm;V;TF)?fVz_GI+H@Z5d}5Z9VMs
zWQ)s{4$+Z@&UXcT`CpaW<rOe=!hcD?ipmm~$C+qoYLa5-XU2CoQv@`TSDM&srj0O$
zjof6hr9!mUZhE>G48v#CikM?xzAHE9Dokb@s>W)Y>A4z2UD(|IwvnXzaUeaW^;7c8
zZ#-M!jmikUNjt2+RK3J?`@NdEo8=U6zMXL!UcN`+nQKi9q$egXDb7rd{DjcswzIxM
z;eYh*Q;bpx3xPj*n<zh!8^122K|k(U&)1L@FBg{d3{AFcm+jIeS>c@BEFiJ0Ah@rj
zleYKj3?G&~?CHA3yVSpJXhDb{qMUWu(XYTEgju6_d3ENg^gF)Fd*j4=sM&MguDf|0
zHn$v%WTTy7I<dfW1V6gtzw-ASZj0Rgjo<mt_n5FNhM&Ypa(RtFbe|mOp7l50_e2u$
zhh2Bl8ks52zib)LL@v~4LeaRnO1ozzrRxfh-D|5o?4(Ky#ccNoH7|!Igj6E%2qMS*
zxcSf!hxq!^BY(B`=aGjq_R9B;a#=6FO)Eed@zQyGp*yN6zG+6GApM5f@@B67=EKxL
zX}y6!tr=4a6|u%8kWloidlyP>G0NY!Gx)vYZCI!3B6Ii6tAW)@#ur?;6-Dfbom5M2
zkCOrbbSZCB=bmo_)2Ab<)lPK2$Ie<x)h-PeJK(MfCp9A)z`P0`x<od3+iPvedeN*5
z>K*+7Tho(+e+W581~7Fx(EV(f+rrs8e2&oqwYy6z**h8lc7&}AR+t=ie=@$pK{hKr
zseLHVe~XeaKHQ<#RI#0%D|y0<`~@p9*W*^(zSyHTnWfhkO=vcG7$v0U;oBd&+*)uG
zc2AMM2aJxLXQ$R_Hu}W4Um}Hz$<>Bx@Ht}}eqpVv!24a||LPgy{nW$t@??|?S4L=q
zT85AIqYX9FJ@NyEx+&Yyf7>mU-yj4buyJ$!mpBrAi@*-CM?*v-XZv^Q!o>w%(6I0@
zv9o}eF<g|~Pj7j+Ik+HB$?$>@^ECt#$UYjP1jP3a+?6Ty6Fl<2ZJ20Tz)K)*7A`h!
zN>)xzCN3^;Ye+Uq4sI3@hlQ7emy(r(or#SL{CmPt`R~f8Obp>Y0y~(=GW!M*+}W*Z
zOO(qH2Opbn{wTft`mwdr;j&X8bRSk@mCB(cBu8$i*yGQOyQa?}*>dMd8j>E!mDt&v
z(dwc{+Ks0B#`5H?*g%5wu^e$IODS!F=xcW9Qga>3<@SyrBgVIU9YK}nl<KN+)}qZr
z`*R<Ro{yBYEcAs+K^GJd$7nxE(*hA2ef}HNE96lq0_p<lWK@J4QUFsjj?rB}fw@Ex
z%^FZ)_X|qcMW+@!XWnz>hilsNlY<8Kr8o2W!%aa>V^Y!-+V5lH@dQV*lgVW?M^fsQ
zho6D)A^50Gl#a$2TPWx&_Q#&WM%riXeS!wBRjVbdD-TB#hxWyLD^L?Y=<6rgdg_yW
zH?X+u*vpCVj!|LG*gfu%YEU|;_B~SZ<9_9K%i(j;UerMRpn@SL<7UbH_|TJBB%VEL
zm?S9PLo!MCXd~)~G36a(rW5^Eq9kkn%#&cb*+bZBvo!F(dj8!1mpjDG{qOl0IBv-C
zucwkmJgonFZMu-G7xk*nEqH0TWXl2px^fSXK_WwghXP)lVh|(SUS+twAx7rFTDt=%
zDRw7<-G)|n!fC#~LS=L-bAQR*+gZisQPw9!^w3;!rxutZ_nS93<a9W%<Q@CE<rTXg
z8P>+Q@bT&S+UZXlS6;yhfF)Sf_BZxyT(9n`K=7gxtEa<ByOD5;zsF7gZ-cagv~t$E
zH58kaq|Bn<9p=Uqb4x7`+h+^0DFf|k51VHR-<UM^0hi?)oGdqN&JRojRS&*sZqVbu
z{hBv9%#l7;KzQ+$M@w6$kJfTz8CU$qLY`Ws_8L)eaCas_S~r0c0PWSGXJ8{}oo1{4
zGY;m(h=+g4`@P&Z1Fux!Mux?B#BsZ|2X<T-q_mf<m~v|~B)i5<d~pdpb;$&uL~x<#
zrsx8Uv&6;$c{#{OJmv2_b?p>aN0~i!gHYSxm26Jz1#Xa(Y-G)CRWL)qod$)Vt0OQD
zazFDTR#rq~AckjPHtJZV-^`YtNY{}7ZxhPaszqu-9@WChV`Gf=DX^wmSGX&bvv$|E
z)bzQCp;}f6RKamtQkfZiefdtiO?UpB#`{xX!{W<Uys4Gqs9ZX{`SaOLR?YNh3f8#l
z#;*>L^_tjP7jTkE+dIAIF=^4NOUXUNdnFT=?adkiBqD(Wsly<)Rs+v@)JDYl$U3yX
zQaF#;vZv3TIrPBPAT*uQub8z-<xXvH{@OzgkG@9MCfPCcA$n9W%PznDYp<xOjH2;T
zH4u*m)dPL;dE=XT#$vh?nObyaGf*$2L4uDmwR$*q#y^~DGUwo#i9P7c8UI8(5v~mN
zAp#zw8SjsNpjLd;kR<Q?_%};~1`F?q@sBb*4aN^PS;n<fmF1ku{E@ek<nKwOC&9Vp
zgh&2CPc*-ljzP&Zf8|%G;0Vc=iAGUWC=yjnSS}Xt?DnK0NJ#H^-P4|7Ekp92kfwI`
z#R;n+8PwcwC{Tb5+7-YG>b~M3N{*!w1RR=xNlv7ysHTmSRBG*kl-MEA*`5rLj<c%o
z$A6VMNn=h}i7c6DWa_|_3d)N2PpHv4WgtRK7u``HboR?nbe44R`43t&JoQ2IZ2e^<
zjiBGj8eryBU>RCtx;2Xi!J6obnLKqy87kB~{L&CSq2evg)94ivF98jZX30JzLuF3O
z_iu~?p{*jk&q1l`*X!^Y`H4j`b!^5tHlK6<phGt>RGI#KhPJW}=otTH5$!`FQs(5L
zAq6QO*m@0W0>_)zgP;-AXsS$8iyq7$K&XxhU-nHvne%xEA$U@R7{N!8Ny=!FU#JJ(
z|I~C@l$Hd@8TVIWoWak@X(?7av#d*l2-o0V^9G#I;>~~3q3vl;ipvQI0@J>bX~u|{
z$u)u?6_nU~1bB(rVCoo+L${}>KP#<DGzvsX;r{grE4fD2Y9S@|UsQ$YCs5S?KnHB7
zdxA9H(uk<Vr&|x$cuRp+CG~Ft0Oa4`!Qybp>Vq%SB+R?AtiMy?{wCH8ipPJ~)1GCm
zF!%lkJGqAG7y&gnNnV;JO6;k<cr)gcr-R$Eh+Zse?;OCvemqeE(r9jmv$moFHUzXJ
zQBW@ecomTFQ;CWvCWdcRvn@Zvfs6SJ0ovtS@mdmCRpHFl!=WYl%b*~pxfTHR+DMcc
z^;923Ad2Y^{`Jn}E*~V-hBf->U}T-yORse6`8T2Xk<yd#@;cd;0?;mf=o2)>zxl$^
z5_*bG`lgeE(<xfdll=Bo5|c*eng|0<!!+|vOr|k!sO<08l6cCTH%q7|&+`)jB?W(Q
z)vxg@diIgkBXvF^dLe?%vg9`!kg32oJ=9MPohrviRJ?582*S9Cc*=EC7DV+y!i@sZ
zs{?;V9pfr<QXU|Ia+smgF`20OBsk200`SlcdUj3FxRBi8ne!7%&QicBZ_ooj!;=1#
z;9W0#h6XIX@1X|Lt(R*;@jr-6YCGtOlEZ1B?<<2|gwzBI>6ZTE37IEFW)uW>l!{sU
z^oqO6_v>qH^~hgQFK81#Ly<!MnLmy>?!VsfUsaH81TV!H6e#jqpv-6~M`yNK%+lMf
zRCs}GkV*7_XUd=rFuwfPnU@2yE#aZag@yk{&_<FZ&nGGEdm^X`XH*b0VMd8;eQ*+D
zPfJ@B9Ze1LiaDSilNpw;+n*VBXD>1NM*(;3g$gH&8c12Dbx$SUwLvZl4evMn4-%7N
z#gf^U+DnSh+R#oytM@scHGzJMt}4_eFERN{;w2~tRK<P9r%eon27mh*)%uKvRkRQE
z4^5D2NGOzb&M;b9Vv=b8jVi|r4b#eko<k}1$es=mEMJ!cQ4|C#8hqW-ALwgcrw8hk
zv5!f`^#U{iqCSw?Olyo!AV;Clj2D_~9@J3ehak$RP-vOu060IDsvd7e5FD5!diU-h
zdUB@BsDyf?6CG$xRa*rwpCl!}=&pI7#>24Ep6Ci!&XpMzsf)*d@^e!h@O+V4HCQe6
zlX&>N6i7J%wJMW>GAI1+Hzy4*G;De;pZFBqlXzn0%uyLM@6mS9Xyae04an4iAw?<)
zXaX0L(fo4`=*<<@PrA=3Qi+nIYGmDltM^7d@}NIZ02fM-aQ0d<R+&@Nr8sm!C11Bt
zrf!Bj7~1*mCq3Rg7^G$>gQ26`qS4Y~lUqq3TcErHlrriIl=Z7(wk0k!4&#Y*vB@8z
zecc~r@<}kc|G|+Q0FwTM7u{bZpBz%Ez2Ip`M&4aSFR-bLv%&#m_p{n3MGGP*vCZ!!
z3Vgxfwj1LNT1KR%hA8<6@_&K(hxET_63P^g|3PfhaTc`brw0859E%Bb3R$orj9L1S
zulud=0Suf~Up&9zV`fm(0KD`kB9p3x8c$k&75=B}S78;9%df(q?SPu&suovU{{1gp
zRed=KdqP(IFL=?p{F?<`_<v3R)5;<4g23uwvKOygl9a2|tyP~$ulonzl>$b_pU-3Q
z!S%?po~H$Ml>#QUQ%OY087{!+^-H!D5sa6?j&OL{`uj6(c;=dRvyzi@8zxm2gc|J(
z;Q27+RK{2D-S;!C6D;MUrKKjzD^#*A*`QykCD%OIp<Pig*F@C=Wl=$eR5<;AP)0>S
zkDnYP%i7MgT4t0b1+?#{>F>ojgHh)byao`nw9WxWsF^iym-~x05$i*QiR)mv9obVK
zWEXge#JQo$U=GMMp1nVBqry?axKds}KZZ+L!gCzd^j9f8dsPf3r8k?Gd2#-iR(?w>
z3;smEAO7OC>ibYCwFovoUY{+rJir`)`*vV#<T6bOxLSNlr)dTv@I;KOHR2utJM5B8
z1%)j3mG+~7>(M3Q)zeaP_Ietu65?sR`=f!{R31L|;_isuYhY@ON1~?|+t%}*^P%08
zBiY)A3x1aluhF8F-1Ia<s6N2Mv?atY^5EP*gik=taLHwLk$jjjpms$eXUQ<q=yDsg
zmc)Bss2Q$h^#a2WuU4+zTc{Z@p2GBT^{sJg3G)^bY_0%&Js%HEzdQV{=;ya9ywzja
zMGYkBe(ZMee>4)l&t1KmV-X$>^>9C+x85LN2-bB(3S@p9Ubh%G)QSh9lrW<p<+Bgs
zT80F-zIB)S_7HDp3&OaQs=^v(pZkcV`8kTEv^go-xV;agez2;9q&c8E&=E)WE%1C%
zLO<4MgnOpuUix6X^IgkDK+Dxjp+i6Ct-Kt8jwYkcYNnQUc|D(I$)2WgHPljL-{QC2
z)Ug+fhtkzm>5*;o^^U}?u+iEx1=8Q8GeXnsyPOA&mpk)W@_r$PV9L3*V9qGl^tf+9
z|KoyR+qjeZ#;yNViwK}z?u1r2ZtZ7Jws9e7;9G8fd=6#K+Uqw$=4E(~D(WXM(ejM9
zAVg4%ivhCk>+j1-J(y%`+BCuA(SM3Z6HL>3!Qxu9URDKB(VIJj#MOL=$SE|ml{VPY
z+ckUMy&WLBMM`>2;%)VvBi_cbOOmbap8Wt^YO!^XA%VzZVqki;opdNZ28FS*9x(qk
z$Ui+XUGtOjaZ+$6?W>26xQ~S3m*|e@Atla^5iob2Y>MN6LhCDM=X93z1iRGm$nG(x
z!^tvcJfRE`wLOn}#BhN{(2*UF&@yy0MT`AF3fOle*JPqyc&GnZ**`%uY#dWc*t6%G
z%=g#ux>CQ_28dlA?!M)=vcF93^)IW#!hyZRuf9$8Fpj_1YY!>yIm_c0I%lhyay#&?
z$Kt>)_Y;oLzO}|e7)mKAuuK>-Z{Bb+<f}i5-yPc&+V^9<O}+5fE~yAtDth3w6bxOR
zyI=y#{HDF=+SB~tJX-y3mubJPw$suyq{OuByq4439`M|>#s13mtioW<4hvzS+i=s5
z@&L2X4Z}3fC#2qEr((aS+tR1m9O<5fve0Sw)lmYr{4*z^YBy35*oU}0amr)2MV%P}
zonoO%!Zv3{R@jB$_v-N42?>swUqD8q;!tP7iKgzL$txI5deT@my>GQ(+Re!YpNo%J
z)nWsE9)P~@45^Z8i`Q<;alLe47NnS~fVdnkhk4v<c)`4h$4#21JsAw{_(7>AL8I^M
zKD!Mh4XO38rOoS8I-@9$xsqPBevOSQ<y?Id+s%l*3JNn;y!%*r&)WO-3wp-=DhBwz
zD@QM@j-lPagq;!yLK2>QXdM|+qWv`a!R9I8(ekj8=6`n_V$T{4NmG)ZYEY;)q8SnX
zxV=31A-yEmN17IP#<lQM*eJI?G4r0y)?jT||GI8GAWv^Wmv*PrjKuk@zplFJeVXca
ztvjW{^j}tf6C=YH)Y0sCp9;281Dm`>?~S)d-6jlih;6f9@tu=!+-y8de|a=<_CGEM
zN}H17YP%Oz9-w2~zo#9W>i^_6SYSWCjLSVFs!^IMG8~`vke?#ov3dT-OwrxO-iIsB
z*XNRoCCcjZQ^}D3;=v~UW`A(M948B`eV<tiJFHnqPs>!1KPtqp)`lOTE-+w;(rM@$
zm{xsQNL%tE{b+eLwRR!odEO~>*AEy0GG|H7czT2r)j_R!U+6uk*ZJe;dECNj_+!$9
zlU7rbD5SXzBRB~q7R{HqR*bkN?ADDo9P}$8Oi}AaKf8u<2B%dW<m_P9OLD_`;$HTL
z1>O6Ldc5`tWRQkJ&gv%ONkci0$BVJk3_%~>OD=WwaSgBAV&%%Db6r!T`fCqB=v80M
zg)eX1VbP)Wp7)MDQ1W_d$x0ZuNbXps{pi7XGBt5=9xKmGCgRO_!pIVdPF2!zmF(+R
z0RD3QHgDt{-W=~ZkKUcEW1h-w0OB6g@@`M>nd7h6g}?x}x#I9zpD~R}+Xbex0aAhx
zh?~SCqFH~?W%$DF^;*g4kRJj-+C`seb(<jA&UQ$*V@bo-LR9`_v41<g(=0>AzMEsM
zzZxX#tC3xruEmo$G*V*s^YKm$<5C=|EjYQb7XNP|bE5+pjadoe*NZpBUB!6^7ngGE
z_bC?@k3=?MmfO&(khg<pHeqo&&nX)67arIuo&WsE{>7+t;`$QUWggD~Dl2o5t5+-4
zItV6;tRkX3-Wv}wHu3Zob`BeTsq=gYIk@gmx+)>x_g1v@!O;C~Dqp_fGd8z36+Q2|
zayHjf)!gdRu#ajtoj{5|R3lW<=(}8SAsVT?8c}{7%u8X>Y@J5j!#T9t1OYPU*{?33
zjebslV4Zw5c~gLgoXrWuYY773nuQu1Ec~h=<jzbvET7g+f2PHp(*XEvUyr0V-J!47
z?YlS8IT(@s_9|Pn7WirZkfP*wy_m{8y)M6dOLCc7zqCYe^y;88<-U8FUdzTO&uqWS
zFLmKWgSpTC8ZZ>vueeU4h@xPf@^b0dVg@{|=0Z5dnE?KPtGliC%MF?p9+%_9G9n~=
z<^|P}lA7sTBc!*aR%bd_4;g^Aj3s7jaU3)xr@DcvBBipJ==KJ+y=(29ZiX$WKJFcw
z-_+xVY$<2A9gTsr7kb9+MI)QW2;(U8lC>dW*WnnM)0c98_M0S1-oEoC%5t*lVt_gg
z>o*i~1yuS^*Edz6ZZ0nmGHVT}z@~+-T#iln<*))>X#en*`O*F%wK!0kbVg;~JK^bK
ziYjK>E&MdnP&LH`w^WKY6YKcuj|0utBxO@ByRA=6rr(`6Y3zEbpUqo*m{4=qSUpQ_
zM$-?k8u2)tPkK|$IW&50VLB$Os`mC|`qBq^kBCUex+@T4t4uryF$N+Q#9%!0Ib>uH
zUIM&7W}E;=h0eyq`rpp<JpXSQaUNF4=qds;1dbZ99+HfOhyjVfhI<3qrABOr>`;N-
zlr;o0h&To!E-)-F&WiC=99%~m!to(CaF5b^G{{!q|G&){WMy<2?uC;CY3904Wd87t
zT!F?imIebV>3q_UUE_rFrBzBi**4L~zTWALD4KL{b9S`4N;u)f=jSm4GWa|%0<QLx
zd>qq?Qz2ra&m=mjyNHP7HH)90X;j;A`?Uhk{O|WQr8rdg-<U2d_VUZolqz%SL}2&;
zd{?ID-8&)aND-rH%!;AR4}UZqz7)}H0qxatlL)52%8KTO1;#Iv1LP&Ly1s;&sGLt5
z?RW9dRw_Dv7!DmG=q5J8EJn08U4tDu{}f?;hd7Lrk0Wsu^vSWtvoVdC;o5jTl?l#T
z`NOFCjj+z}Z@)i$N$JL8eN!7s@~7f8v%FjakkKK5IbL^uGUM#-?C&|^5hM+>rK_iV
zv)DBU=2z0JIAX=(-shKkxK+p*Z+vVo(1PS}BU%U%yUfbYGG~I1CVw`(8p55wJV1e+
zmYV!`kCTVv-}8~+W0I6d@J^6=YD7%Pf>gx+R|4pNA9|cjHY!-_deOPGsWwnyyk1;f
z{D9CJ%|jC{fS807Bu>6Z3PW_qo4S68HnQO$8JzctTJ1nRHas{`*o{!PPT|X|m(t~b
z=f6k<oSVoWW=%T#djmI)a`NFFX)m2F%@^)?TPPG4<G5bec$0skZ36TtHqHH5<!6aq
zjWTQV+#gn8<B+_Tl#NZ;QBKZ;H-FN4<Cn-e)7N_ffdAFQ+3|FB_UYv#k6(8HQ%L=N
zW!t9wm-W-F>NSF*o9p}E5uZBV#>0*p8dh9Mn_>ONcl}Y%PdkTkRN3gQzFzIqV#tIm
z<DjtBbHjywny}5K!~|rHN0Gib+7#I}V*UQ2$G`IY`3hHmqu(pB+Cl21&p7tssrX+U
z^^^o#u&lnoVzrQ{=2H`h;i%>frI_HwYMa)xDZjv^12Rj*mSIFwP)hN4^D3$;IBl;c
zE1uqu+TcdVcqVxh`VuG9*lR=w_$t!MsYLg|ru2_KoxPnU13X`~nX~X>hf#f`A4Pn{
z@S=?B4X$_(*8q|Q!wZ*clfV}}Fg7H684T7<N<#dv@h-!15(A;LYPB6W6`RFo9c-*V
z*;K3@dxJ^KSnzP>>N#)X!s=!m!>Be?oe9oZ-)*RhhlTO7LKf>ga9kYEUvekMw>N=k
z)Ym%4c{nbWKn8v%8tb%~fk|kc`H-P;XkA>c#M6<u@-{@)=@mImhR`}4R}gQbiS7ZB
zwZ>XbhX*a*u)Iy(<Uk_(N-eBzld38QmmNC#=4(8^c}cBGSl#Lc+IXnf$IEZRk?|=0
zCAFiW#N7_K;saNj?;kkiI6Jhg(Md5@Si*WgQUXnXrI<g~e#BL?*xt&x8n^IDD3~A+
zi1ug);S%<;uY%A?09m_MWJY!vh=8vtr}x|}A@A4Qukq{`%va*H73oO^R`OjatfKiP
zEFF95&jN*sDL5QHJRS3j{n3HLu9;r>b~VV-ME!{rpBHznj&ZV>IgG><mCHpP01kVx
z03yI9WGRYCS=*`;l!2^F<crgU{&a%GVZAH{t7)G2F$zVc9A<iL0Jf^&6!`fF3Fqg(
z*g~OkpJItj%r*G%fg{n%LR!1ttMv2Vs_;SBx*i^#6uu+g>Q68nazDT&63B;pI?WZT
z9^8r&ldt*IA)Nr8eIva}$FzPH_FG=DR0AAnAdE!B34uZ)NX8<#_ai98eI&|}|2B-u
zyu6A2VL2$8Mcyufv`{jJ$V6(d;z^6<_z41E9KT~G){X%rD-e(JhE2>QboTetfUSGv
zs(Rq-#50gSMNG=8)ho)m6*)ahTA~3}lTaYxykLx=8^uL58zdYZmFDSl_{E>qES(>D
zSV6|}?E{5tx#G#?^k!NEnOrAvoPDE-!D2V~)Szyl2tDWL<*3!5HDA@awv%6&r5eV*
z_UXvVcdaPB*Tt2=8swz^PUClY$$iv1-vphCUJXj<&+!&#;A=fAtOPobMNfFuJ$k^V
z?j6V(OV)EaJu-@ctU7BPUZI{oD4iWu7@-oVzFMm?!h4W_HEWf*zgLuXbLvr`ltsXc
zZ^BpUYGm?uttctMg*z`=(O4#)Sf%u`gi5c0jkbDJs0pTm7083=J5-G)sSpw9bc8Q6
z!z)0{8eNE|;Qb^uI4?5x-;7t34YdEnc&Gm1JKM^Dz)i{spwkdqKYLnL^bpngKPVQ2
z2IryLYyla_IP>qXD6iEtqCz#^#S5uN<u3>6e=DraSq?H(K?WDQNlLA0GZ6a+sjQVe
zNDHQxVCGX#<EaPqMrL?RM5AMXG-AuEftm-BB2k<v(#d16dRRYeO$)?s^U<19Jreb#
zfJ&=_&C;)GeBTk2UIx&lC^NzJ-wKjd2leqgk~TSk&#TxGCiKNo3>k|9CAW*cC6Fl0
z0vzP@(1f%%^gtsD8U^Y4$O_H`(-)`N9GIl0yQ1{PoCM6vY6mpGftC~<tfBg(VVuH0
zi+^39aUKdvCu<afgFPp#crrFzf=OzVml(O+lR$2?5t`WBDkKVqU^!Le85WqzlfAVK
z{o~<i;J>EuiNqBhwSTyO=w5<$iTlqYfnOvdpwTmc34q`nR-%8Ct1Jgq<mBB92Vl2l
zKr7!KiSlr$N4-B1-4iT$VAny&4c>WyB&0pJ1(ohF@eZKKt$b^{r~#J+1_XYPL#5@Q
zBh&YGsJ@QXk{X~`D_cGsB6m715$Iu5=GD+Aczuvi+$+lIX0Qi<-P??((Nt&R$Kw8=
zP^(CRKA*%n31ER3aUe!tBmLJgDNxC^`maxC)D?pZ4^PpdtZ<%&K=FqD+tWdvWUfhS
zG+!2N4mxn~XqzX&Bhg}={C@*hFoFDFP~>_`1Yjd0m)s2hTs{@bqXQ2D7+*koqs>_a
zpX|4e95jaKr)&;Js)Db-{z*3n&G;iC=jXQ40Fy%Kg9}KF=@XP$am5o0J^F-C2J0fo
z-T1u~B}?U>dnDICA!W64fX>_XLk844xkiE3?)MetDd-6Kf5FEC)#g->TSZ<x^?)D-
zVh~Himj#*gbG-ouMFbcJ{{^cFOj8hA{b#khZ!|9yw7p}|4a@gWID{Mp<SLygHkrsc
zcfYSbet5FkmlSJvu}?VBryi3)7ww-3Xl2gdpyWqo!OU;iQ?@!*@}NZOE39Cu4UAoI
z{Y8fuY3)R@0D_^xaPYfK?LXaN%5#Cx&;Md@DIXYPk%dBuKw_a+luqydYZ}JlzG35f
zfV_61gf$dAxPY*=;1>i6{r3WI3H6MRy0LSC*i%H}=b>~$G738XHB=yJZ*oCzcu7$R
zTHNBe+(0B4W`i(+mj&woG?e;h?9PpaPv@+8g6r_qd;p_^wu;3hwU}}%ht~ZjI29r2
zlaE-D|6}ChlboI-6H67SPCLr17HHpJvCDB4<@B^w12d4L<FUSyh#ZBeB7pAQxXR1C
ztgv_zfjz`uxh^<-MOh2l18_=kZ$6M+ze`ME`_ooVk3?vu9JFvw-{_C^JHp()(MD=>
zVk!u^gp<_PSClPa%xFiseg&1DIBNAuYS?)Zv-96qMC-=HGqfOVu0BK1llehw5AgD}
z&%lfep)VfVWbC>TK@NfLx{%qNN}BF}PI)`JejR1Oe2_W?Ty33QZ=Xc>@Ff$VeLy=I
z(El+779*N)SWMlxL^LeH{@Ga9loDRukMOqIpIa$$^AvWO7xj45sRi8Kp(~#6d*lh<
z)8*W8?)k~l(uAY5EFJTm_IsXi;5jc49QTqUM8OP8Q;b-SD_3ri^s0gBGFM`w%h~GH
ztM&Vi4+_NqWc8O_+5yV^#q4?0f)Ji?U>!M-I_%A)x3~RmldLb|Jjo8Y4m2>T>A&(X
z+`pS1_Vt6c%o04(cZWJu*U1eJdv(=Q99rGpt$5z@p35iS`VN;o+{X&1fje@a&BDe*
zst!?{b_->@<}d^952rOXckC<ds<B)2Lh_vEF+%`OqFR$pJVfoT3Kf}c`ipH>ZpFoF
zl^O$zF0ZhkMLx6GJZZ@BOU@2idafa(d8@r-U7Ie_cK&7eEJCnM23Dr5+ZTsYmshEZ
z9;>(4jSUn_!w-%fFo`CfX{FtEZHn)=b#@Y0o6`_{+I+1vLib4sg`anL)TGz+#r1Xg
zW)$F>VX_6+#kyV?4YzrHen0VzpGCI}rA)5#p%}-pS@AGM{qA7g2)LNd<NjTnYZ;Le
z_!uK47%dw*k;w5${;2!S^G(E!lzeR2Qh)C8+daEivFSHIEQ$cK)S#@w8B<&`=_px8
zGGUrlr@J`B8U*s#Wr76*Tr$NCCRB6j2|WNH!gi<_YKU0;?nx&2rgh<p3iY7N!2;m_
zYn*AAxNCz;cHtru=mq(OefT&H?%ULR&DX?+nj2T4IVZ4dA@{{cEKH)bWly@Wn*Z)j
zvuQ}rY^VxmQWp1W;&s#cth0WS0(a@cAAh9NGSYZFqA+wP|A)UBGS^4rnekc+Q?WqJ
zX*h*`TBx9}cS;_NY0TI|MEJpmd)3?3Ut5(#!*ytL>ET{1EG^Gl7rgc4b=V$0-F^rS
z4tjsCLp9VeImCPWw=h{pyeVz?m{YHXT@a&%f6!HQ`XI!D$$aV0C%=oW>n)k5WhF~9
zC>-0Z-)(S8S_&*uN?yRKT|8K12BI?dTNjYizUMiU`qu~zZeJV6x9W54`IoLPlh2NC
zv-tAIcwo1~bSSXglhO${ujr(@7xqX2;_m{n$9xqYd$$gxCkP>khmXJLd^`2EFsGpn
zg6f;Fiz;|UW{u^L<V2-?WlJ4D8R+#JxnrTUH?{rH<jwKjbz|S}-)BbnfmU*<%SyiQ
z6yrPgz7{vfp*7h&T^<UBtJh@g^rk~qxgp2b`s0?QH|`y)TU2%5SG)JTiCR+cS3<jO
zy{wu`P~B_tjI_V5ugU9MTmgwD*uFP0`1Hr6N7ZSij)K{Swli){b&MBL;Zt?b{mLri
zu@PTbgnNIF89tTYZm<rd2mD}$GlmcM@PF4$oAlYqN^J&NgdJ%KY@6eO5~Ma##UE`S
z{av_x=6~10s>Es^e6=5AzsIjQrCTtQ6LD@}*4@>S*#lba@=|@iwM3^60!qA1`mN{k
zhacTBr-A-;=j%E8S*F<xBa>}MVmn-?hA-0VmEqn8@zwh-T3bPA0>Zn$_8|9pN?!*{
z2seQEvT<J@euvLY3mfg~3<`W!svDeMPGVfMHDw>L-kBZEn2;(B!_Sv22*X7(Z$Xab
zk@4W!c>b$#%ky82+oy6sU=|g?%EQ6)KhKvmk=TTjavwDSo&HS8nWK7+M2Q@-+d&s&
z^Z{S}OSvJ+GP+Fnk0UXfQL_e774GA6SB)gHSzf|xL85<ek&l#ED8)j-l5cmlKJ&6G
zMIBm(tfXt({C5Hem4rgN>kBxMEL0+)K_QgSvd5lJ=mOeVRcGyaAq%?;X$_T2(u|Ei
zg|6U4XpO1rKaQgjjopslF2o`{=WTrSxx~Uw{J!Jh;Mh_|FtMCWsHnHSf8=D58Ontx
z{)d9#WBxKy95QhK@`vmNk=f`5FJ$X`0&A#P2m?;Gcl+NF0{H;3*6C9J_~ZMR<$_`S
zK{?M2=Wu|Z)pR7!4#%N+m;BLUHd-1k;~|>wRB<&ZQydMupS9n2FT@fqJ=~nkM!ny>
z^=RO(QH6#y)h+13_4$M$<5Z$8a}H_OO%Dvjz)Tm*e5CBVB(Rbu=E?o$`MnxEC|^s^
zN3!$ry^N5*>S{8vWMObi{RJ-{gsRmO@~e&5&}$Cx#4PjiMDtV}PBzuqKH4NJ9;q=c
zYibG{_vGa=M79|6npygD*naQPn8ruDhc5>H2PZNj`bqfyVbVc(p=rk-%4(iy%7=NJ
zTf}Eo7%}c4v#8a@5_w7jDWtO5LB_2zC)qp?S%Z8^N!u7`=g=CKDfQND4>+alcj<h&
zY4Hy5oXhJ%4WYXlt2v=PF!R$(GKr?Wa@%a>5wmG4pqY=HGEIX71M+LJUc~|teh%yJ
zj#F2VARjnjfoVqx+p2iQ^<Z72M7kCQbl2treL5vC>`8-lD*g0+XZJ1#RQ(^PA66o_
zD2wb|y<cmMTMcinpnS}L%z7T0mUoI@^b7)Vk+fqvr0@ENWV=5^s8dZknY>|VckeXJ
z!e~%Fpbbbu!Yp4_{Oap`58)y*!AKwoG~LMdx9gCfD_4tLs7n+VL397)AlSmA8s}oL
z%KH`%!O6fpZVzF`{`n#*!$(_GC#AIJtLyJSUz4y}a|ZMM5*vVp{ryScn@DkKnNpJi
zd`Z~XDx0ds`Mu;irKeEnuQ~BWqo*$oQaD{Z<5#<C=Y*&DyC6Rfy2rzsC|n=T_q((c
z{qJpk7g1nAlI=@;7ftpBA?ZOay&>1I-Vq`;{|5yQ?xRBaBTp-Pc^6^=!p4w6n!IcR
zWXAAbXusui&cHa!nb$6qSR{m4jMw>#!0W4-;e5|oj522h8Wsa>)Deae%aYA!IzSH-
z<n7&^P?gurW(G!;+RQ+<xmd#U8K>?1FKmjk@+%ZL#laZXa7xODeb&sCZuIZnzq6LS
z@<2>gCn{UAt|gs+ei+H1-4}NCqU$T_+!pmn%!&ANsGg~3o2C`k^qdKTmgXfMEl@cM
zapdM%*=#3UtUG+CDx322GM;~{n>UxsMi9OXj!hg#=uO4Ul#A)@Hje$*^Y;1|5HaJ!
zZH8i%83FNn;*mP$6vnRR$`>)ODk3Yf+SE~p$xhcRO45V@DYEgGC|*3941+R{8YPXT
zRqQLT)yf?o2dj{N`k^#`OlhF}@EY*7Z_bXpDX|ItbR2J$cw8muD2_jxPF0;*mLRgn
z%7m9W{Y78gm%i(JxTlh7-R^Nb-dZ7%>ziBA;m^5d)dYEhVS^UmMm{*D($Xjq+wIaQ
zbpL8->x0FK-2@7_7bz-g*{=JT#@H&VYq~9cLb_W_fEiwyTse&l5K!|S98m#SOrM`6
z9X@j_jSq`BVeQm6StII)Sube$l#{IL{3I#~IdA{lcXTYqr|SNBFMuU^KB2_B_hPRQ
ztaSg}={Q!{eqMbH86z9{b=(c|SBHnh^6ogIA_)Z=9RzVwU08_|YXQQJfBo>?`gOrA
z#esL|*RuKLo^(6JBGI~hH4%8Ae~7GP2Cptbm%pqr-Mi?FJg#wVDE{qIsYG?b@ACmp
z9|mqy@>*iEge<<~7kKPh+E6cBfjljhKWSMyb!F^#y!+Odxc8+#7&iPC`ORHeU4uIF
z!S4lxY8}f{Rr9QW|KPGhv$tAi2|k<Zp)hN}=-DpF4M^-Gm)Uu<{oT+UsMeM3b>A#k
zpy1H3Q*0+4e{J`Q)DLO6P_vQ7ZmK_q*^%|V4Zl9Ksg<rBVK83mtYkQ!)6@@aX*oo_
zqk^IS9r&c3&lCLx&cAz|DmuNlzc_1tAh_MQa9-&*Rryn^$<S1_j$x(=iEb)iv{hOE
z;j+zmU7eU;qa>z7EPk+A3be8d-LEA*GoPI)!&Q%;%<i_wCwQ&@_@gYpW``NIf@A<c
zk9^Z@MqLfas2={f^j&oD>#&MGXI<lJ-dJ`Eb0IAC+&`a2u}yALclCmO;~sF8$nI;R
zKkUAHgyZ^^t}RqdPC$Sc%+%ug?zkpqoJNpt6*-(POqb3}^$I7qSp!!NKwTeGEo*xX
z&*-F3WJ0>F(yNhX@03!hR52rj*Yzn-q~B$GJ&7tV<3cq48M*wYKVJzkXFYlR;9?>e
zUL@Ld@#wrDYfv76#35=HE!-p2+uuw5-yP-u%bMl+FKZTZ%?aL8zW;^r3gBe@->pFR
z$!x;O>W**kzFqr%Oj*QcL9YwP>j~-@Y7-R`8mMlP{>an{dBmput)VKr@c(f2j?tL~
zUDs|p>6jfmouoUqZL?$Bwy|T|wr!*1j&0kvPu}PGzH!cb{@p+Bv3HHJYgDbOHRrt2
zE>g9s7m;XBGpm#(l?vU<-TPzvCUL%fx>2V*_NaMfc(Z%**dD+I17<=FvDV$eo0E|H
zDX=0O9&l-9mw||)qyQI+pCmY6Val|Goy*((>~?WqH{!J$2C72_=Vg?D*l+~YLOPoO
z?(SqYFF_YC^k6ja=i?O=?6~ASLGiYmRYZ)a3H<CtZ|{%}0!NK5GQ)RI>%VE>-&yOC
zo@6(_rR`x^r9dBNMY;wHr9eqN_apsvAJWx<aDb5V1%~#6gMf=mA4^Kzrqp(bR*O#E
z-U7GANG=TfgUo%Snks)KJj-F-3D2#+54$&l!2^e<H6b2UaS0%>%J@=sf>|;<qD5Pd
zJeXf>QmL2?7`;T>9!WFYwWo6+PIYW21qtHr|K)sMe{O&LWK$T)JL)P;PShFXJYa?@
z<=FuG!hpA{$L@|#kf%*v{EzD-2k5wJ=0gbl*_vo<!(_^qq$|oBlc#xw51b*c0}Fbc
zV*0L$AJvUkhx^f3S&L$moD7rXn~TrYqm!JVvu@`@nXZ`!_oJRahW-qZVDEBqZKB+|
zhnTb>xXCy?igZ+Z9%uJBjhW#`yM{$GYF+`)ZdDf_ZXKU}u7?d_NfH!D0oJG9Punhl
z*QZIH6P<SN%*|{^z>02gt%fAzkS=lHdIENVgdF*`n^~KK;o<B(n8d$`k#>(im<D(#
zHD$>)R7X)DJ7}t0Q{g3)gKRLoV44h5$q3eg`aYNfS~ajGhRTJtv$?(=MYtuKT&#dE
zBuOBQ8G0SjQu~%MSx+@zaZ(m2FW4GGp)@3`?sz42{%sh1!xqLN$(6ulYaqr+IvQ;8
z!ZY{p(}&h<^38dKfM2dAQCYr`b@i=ZVVt@j)PL{op7oBQ*#FS}ZSTQ^o)8h5tcY8;
zfbd_Z6#E5DqryiXFJ?phxBK&&^>PDvR|RK-HhTkK{~^cAGeN;s?($=zcv+W15@Q}Z
zQe#GOu{2mItw(X>NQT=oA>0(4<G$vn@S5{itSv#vA4No%!V~^&MQ*Z=GDxl3GRT4G
z5>Y`!IYij)1cxerQ8Gj$rYf;qA#Q9oxo8OO(yu5}naUfS`TTV9O(m8ItQId|{zMP0
zgk{D<joa}d!dyA}&dr^qF^8d{6upyIx=ddzV|oaMDJaxi&6=$fn_R8RV9mnBk_c2V
zxyja~e>6**WNYi_e7B7-y3d5I$ED06WUuTpAeg>vXj7SM*Aug*zZIE4la&<0%1uF@
ziDACPP*#XxWvjt1HOcWZ0q_C>X{|`MTZ!JXO6bnk+Hw4OJ4sWtw>{cqO(lEkH)&gt
zD}t`-V5-LAi3G1WtVpU?;*kCdGw#l?X$&#>F~=T#_*#NkM+p<Q6YV78R`{UdONmMj
zoA*l&uSB_Glo&2|J8;AqFl-7(eZOhh=dq3f`S9V7!<GDo2Q3?xK`RW5r-_RG>bOBN
zHHA9L5ZCjK%2h{_A^Vy(xcbD$9IgQnav~n2=zqYvC?hiwP-zICm?aWgVKo_!iM2)B
zi1_>!7#nuJ5^e=$1N+u+NtlZKEf9{IDf8`wVW^)5S}8kb9IUq!-Rp?9=P0`Asg8_$
zO}au$)ciM5{%wo6c8dUWYyW11mE0v<W4Lqar^}9>FK1Auekl#<$1AfmoEZN!LFgIQ
zUYEKWqnz)NhN>Aiazt-|keG|?Ep21IB6@QiC?iAVEwfI*FS8aIQe1Sg%?JNJ``@p=
zPL@%o0aiU1j|N?={Hzr>=S<=`I4}~r_@Y#vK8;=U54WoVux=__W$SSJGX5H#kTg=#
z``P$sB0FmRkZSJP``{B}j}iDsk;Ye2Lvh-*hDA-vYGtvP-UQa1mu@hily7B6D1uw;
zM)T_;jjYJTuy^2^WV{u199semdJerOdx9%X-8Ho8OBQ5jA<>aqtlHbjzKbRF6kdy%
zI*40i52tJfq@ugMtJ={%%8>{igkB8p@3r)>H|)Y}(${R1btCh$z*IEND8)>d{^sY~
zD=pGmGDIz!hd&LlQ_=FGKu~NYTbtE_`WGN+mRafg*fLe`A6rP4?m(ERAt^X677DFX
zMUN_N9N?K)?{_wEtiIjNQC`ROY({BFDy{Rg+>c!b_?KkKD)13b#ch>y>PnR>ZhOYv
zmdsf4PO-n0kNlQ&f)EO(2U=7K2eV|37JepSmqX{rPU$rULiq+~8^Yvwxdkegz!M!s
z>gWEA84fCgG8*;bXIBl$UMr3(*S1vs92%bIopF%z8-=6!QK@YT&O@KXY7aOo)e%=)
z)sg@s;B9vSQ+=1A;aZqgA;#7?ViN(Do;tE_Lwt_B#^{e*RQIejQzepwZP{hM@>`D<
zUKPAt-AO@rJ>kAgg%w<_ZLiH=wB*sv@yGw26;4-F|7%vr`(M3I^$;@+8bPan1uqN#
zcUI8O&7x6$tz$ss$-<c8g*T2_@?4JfzwObJ2R}0vVg=UH^<>HRD#VDY;T-Ep(=6J0
z_YW#lfNclQw2CxXx|-hU1xWZ@$@e7u`}(wGFeNd^Fmg$J7d!?UpVZ?J`{&L_MJ~0u
z_@p<hzH{7iaoE+iTIwiK@AuATr82@<>3$M^;C-&xrY-OgIB8~Lx4{K^D@BRMS*;F(
zzS>e`x5XsSQqV+UBoA5C0}io4TYq8|a!*NWfJ0j0MGbZOiwv)j+IB#Js^TOu>vR;?
zbz|98J|wL5w=^tRZJBsLRHgi=G<C%5ys$mVPuySHN9vO^Xe%>}&R+4@gBrb_a;!g%
zexT?D5Q75FJuer>a?*`7Co}i<eZe$cv=6!DIg@hyosA}FtSGVzX52R0)HfoM=z015
zku=GJa|gBv=t&;d@ok^y>%p&I>lM0l+pNtcoPP!?TpfrcD#|RTF*IYxt!*D;@pPs>
zk!XWYINcii^epnUO18-C$<Q=j-{ss^>g?5oEepU01oXs6yZ>{%wF~Ka!eVxZ;JQAF
z!kH+t`MUzQh;^eo#>$AAcx_1nSNpIy$x@^UV9S|5JIK59yAOGAz+b}sHl)fosF;UO
z*vM1EAj8|la&T-Zw*Nei2yglqBzf<+lH6@{qf;SS+BLEpXzae`y8HkUXP@D3%m0E|
z=K)-#^eG$Wx>40X<&b?%>7EKyJk5SEAWKvbfsS>TW$N#*CL)EF5F3Vl=WPh<lx!UT
z<FH<Vnp0!bfocI#2^sKg#IFdqe+ZV`{iAM{YEhuD*0a7ol;npHnnxtzO6Zk0tqnip
z%}!8|CLl@uJ?4ekNK^PGSdf<%w@MJ8y8zMPtWvlQiB)jC+~8u&zcXF)2^y<uPE6-<
zGzxr(X5zMCSmNfzLRLd{5LIplZpGgZO_?3>1+VB;NqTa+PU{O@%^PG?z1=j2(@Y<X
z7`5}@cO)SmYWGKb)2b5OU=W>N*Az~Y(og?*I}ZO<=Y3!xU$Ln~J2IS2>1t1U6asq8
zu?J<b?4))H#F};}70?6B>z+yDBBxhYLL&&55v@8^p$v=qV#c5XrBCkc$SXQ$w2mUk
z;4cqkmYRRTI-mvr*qnJQ&?;ajCC0k>N0y*pU&{0t7BkUP{4QYltG=r=LK=@gx&xQ;
zA!O3z>H9ToBUBl5`GDqxMWyk`3Ik9=sHJrDdqwt?TUxwV*|XYhRBt?v8Rz))#li;H
z6jf1UyO8ESmJA$5XlryO&dN=@0{)zRWFPr1S=FZRmGwSL&inD*pzfyfO5VBSx5r9<
zm0c!euZB6ZOSn@+_FkS}pk@CQ;i=N}Fy%mV0yVfCyu0o|Ikg5QaaAXs;3UB5o_;;|
zP%k3=>R&M^cUj}l+CiW%bMJkP(zFkDA^szjf57@JYxp8y9CFmvc5)u%zD^uZj_FE>
zCOGTePDU|neOy_|OW@=hAD`n=>^oS2*p{^ek*TodX^>A~FQHmJLzAzIt)7x6+V@=k
z6L8cUoN%o_-)YboaXAyoG#P=y!>nI*c}x+btw89ON-oonU%F{f$hOkm|Ljp!ZSzBa
z67H}0z^)tCj^ruv(4z3$Gn$Gu{oM6jU&mzrarVphUV0AKRS0bUvAj!FU###fZ$dL2
zbH--kUvS{$##YTaq-k%^^+$)dLxyM;t@jkt=Sna)mMq@WOjACPzl{v!7V=)JaqASb
z<yPl#oBZ?G+?LU3;I_F*6~<hC6~=y0+fcR8-=DYKUp>g+PU<=Ud#!AN(RDCo4E=@B
z;sEcK|0s*Vq5vcP1#R>HRKS4u+8N#Yx*)9Me4~$?nyLPU{V*4>yYupjb=+g^(|n{o
z>ouG<8O2kahb~r8Db)u==$EWeT1jd^HmeY@*#wk#`Xe>+JAc$szkwFJMN9qpNa?;m
zHM^v~pss?|Iy;jjUPu5*3Q4UFTnZ9>cgMA`+O*hFHIPgSSyt-5T0QtlAGR3;p-RK!
zxUHc}0Yq!`e;Ge8wP1%5*|Go9kkLGI5P6FT?dj*$F#QcllkC#p?^!q<73V13a8Ala
zY%=YR<Z%+GP_t>O`t`%9aYF$`jsZPhH$`Q{`mtJ%&ax`<Q*-&$vos@mlV-mm<dV-d
z2JJjR(}ZEN)tIWSUq3No9jo5;0JlLDsc`%K69jA|^Wr}zz;Eoya<h4;|J8)C{f{OL
z^M4SB$;mulYB6aWVYL534%wOiw~KOI{nP@N73s6<f39Fv7sT>00{l6gV7;a|n7^yP
z^lbF!>Nc~zf94Wb;@7XNwma<3)wa4`Hpd-sr^SNi7i==-09<}oJZ#~+cXV6`@@&M%
zq>-wg;?>nhw```Qnsg(}^f`Q&J;Bqy7$EXypg<!!L}QZm+mp8|=NohX^H;J@f#XIb
zhy*m)7g$X6FDAh2jX7b%_wTxow-4_}ns}p5FcU%KH)aY_a3VIMS2|s!o?ph8o|Af#
z(clN=wr}Su{UqrI1#~Q(^|6;R-~E3!$ifg-$zq<J>XM6*-!WDZpxXn&`jaOzHK-fn
zyFllR$dB?ZO<X5CZXZ<jRsFR3hk0bmdNV%tT%=5u-TOXUZ@cR+eJpQmR`q4jrjB^2
zbwR(l#ICam-{y5vR;W${`Xc95fLSx_G2ZqMmb9$PBY#Wngjn0kTX*-tnU*KK8_)Jv
zgN_gH^xGoYpP%2ZI2=Cu(l@=k+-KPqt$~B4KT&JCKVianitNz7sv|=C^j5h@V#ixg
zhk#qA!3m4Gd-`guArt8ddE=}#Da!FcsYQBk#z;2SF4^5OVdH0HW!HyDXSMDrNr#j*
z*;vY9xr3F8#n55py@!m!<0K}se{Ox2!-gGZ7++Vas4D*ipvELJZc<jqEOkZLPXPN{
zHs*1MM60l>hPoQzE&Yf(gg`%fdQICyqRq5}lRBFB!VKbhk0L2u2)3WmdI-pZRoDer
zv4YgcW+!l~oO%cl7eCQNN#eC`6~VxaO}K{btn00d-|bbf1k$tjrYzLSZ5d_FA}qf(
zZ#7?~W!!~;)%`l+U)mZIL5}E?76+{B0tDxthEWsldf6mYUgMQ6iHl#(i0Iz&fjVg&
zu4%M&6%EJGTHR3VjCe4f=dJ#y?b^jvm(8@6J^HR_3+&A}lS_Xycus(ig)`siruMtG
z8@W4`_?&ZBMara2zd|?rKhC6pcGt4n-W{Id<VBvQ`_7Q{;$@jp={?74WkAH|uIl$i
zo5hV#zf0@H6Zuo|Af`(}nr=PP@IM-yO{T-Qj&@b;ZkN5zFoOwS$zaW2H$?H)3>CPM
z;Nkk5T`*((l0-c6PJhzs#Mt;)Dv<eyjh9~LQ<ULw2+@91#m~%FC)-p39p=X{MR;8+
zzgI0#N|3<H;+)n%dMvwIy?_b!hHd<$0ZzRFhpABpj7H8*KrNqjb7`E__%_n>1=q9t
zK1gWePtdX=%7#_fGSl`q4n4?z+?=VcPSy|}AK_!fDpBgc3+Yyw8<rEx3&%z12vg7+
z4i#M7un^`7%+@SKTGlikOL@>e>|O<Q&7%zo51lTg7_(^{5(!agvjD|mPaLVaNh~X)
z;WPL~<5F8kkvGR557Sb~$A%i@1$H!_6|>*WiDzLf>`|L2QN3}$BsIl}nGUAaO<^ff
z!2_6_vC&;EyAmfYST)7BGak(nMdW<>%8eVY7pFqQXSZGnG5Hla*m7)BhLr8$EIX##
z;HvW0XtyX>i5C<bRDekZ4s<t7Dg_--Aw<W8*J;?pd?#5>u~;J2UOP?R3R#tcKOhs>
z*!j3|IMe<z!SLZd7>j~NM6Jf}=owSO>KCbpo1I@Bk{hRRl=$*9VFj*Xb+=pZ(-uk<
zjE@2bWOQXHP`>m^&<`ks4j#23%zFrBigS@l^5&O41yqAUSfDzz<&bT_7rIw{^NWrS
zV|8P?a&6j=4bSjOIV8>yj(^z5UiH1_$04d5Y>l@F4gjCo!UkWYYTHYGrVIM}pf(W~
zlG0}O?-t337o<rmR&7yUr+XFsU{Wb<kNlh;19sOLCh;xmJk8o&cfV>yhlQ+*p9YRI
zrjk2F%-Vi7H-KJ=jNfa__@3}?y=hEk#2vbe!{Q9TUN*e4A{Z+7!x3aIpG8?L8}~(T
zDvO1Qf{V`fEz5QV?x&-xkbgzK8H#GIjB2WX;O=y2X>W;z3fG0A{DBgTus~-Ymem`x
zqx!$utJeVkIXrws6{M3RDLY@~kDV2Go0~P-YYOh-C4i|>XY=<|d*aQis%HNk@i_+G
z@s`}byd7cG4Ac`#4EGi1G{F^1;eVym*IcDJ^BXG)C$J-UY%1mF47?`CG?3`q*{koQ
zb8ApZ&gkW8<6iL?4zE!7JX9C5$FHlQ?nv4Q{!Iv?yrkpyriUxbgD-zPE05w4dPZ82
zID<<Mg@CL~kDB@%_a-~P+J@pSu#KNye#uwXkp#%|C~sbi%<uDx1QhS$C*K0S!|KT3
zs1w8lP|EQMcJ6<DWg;EB%UhhV#st9AFE+LimqadDG1X0@F7nG~;VvSsTOI78Jcp=Z
z#RclEaWbw8)E^IHEn&yeiuq4|a?SQ=<eW_5Fab#oXnc{IZ<%!uo}-#j6Ea4iPE5~j
zuc;$x#29Hl)Ar#rJD>WNcD&8TV;!glTB6VUre|W!Pkz{(njHRK<bz2XM;L}9`_6V{
z<fDL8ZU7bvzFn*P5lq)l#}8V9*!Y)mYzorSwRpOjcm#Ed*6bg=jG$HT)a|eO4&^H4
z@BGYH4^GI9w&CS1?>O2fsl`yTVa?Y=N}PMuD{d5{J%md4iV8zny*)v{B|fot2EKVI
zeppE8wCmTXo}B0ePR2F=-_72)A5<0eOGQd}1#0`X_x~rqkDi%<^?&tO2h`SWa9H7h
z?(Ur|SfL-nas+%^!Byug)&ntATE6fewjC{)G1g*_pJ4f27mhc>QT3qpcGq~q^1pt6
zh-v92ymf+n>@q<eb}+lId12v0l2eI)2t^GD;&vUJ+VN3VkQ$92HBL?V-sXdof)oG(
zBt$SXAu~}rm%*}qI)X9H_<@Nt9GswJzo9zpP}y|hHmkFPN2#IMy+2HrZiURso-LS1
zEr|XQn^OOB+qZpVFs0=ZHlVoa^NV0~%Pq_U+<T0b86;p7r|D779;WG=R*1x^{pU$j
zYxNKQz!ED^jgI$jV@z+3aDe}fP__V6pHyQBuo+P8^NsSFd0ukDk`XQHdtl?j{;~2@
zG1Twc>nHhPWby89kK3t0huTCM1vZwWJ?9dZ3s^Tu-3==F<w*E9%Gx?*J}*}lorQjJ
z1rql%1mv{^Q+!*sHxP8ckEJ@(^CC;bBE`vk!(!d=#-h;yJRh&mab(h0->-nx#DtpF
zqjGp?Givu}8IDqJJ<QyTf7bq|#K^1|SFf(GT{fu-xK@{cnv&k%UJf3HPL~;+7Snaw
zH=wNA8D1|!F3lOad81XgSpN#-fJ@B9{iBd9==ok+C2Hvsh7AUq#%?~FAM1x~?+2ax
zeW;nxoOkW*W%gbgjX6l7Qq2JPFfxtocF(2>eH*0^zXm^^p_#S3V!xhBGHb6mq^Y8k
zn<8)=<r*TW&-&@_dl08NReTxW_0%El?$=eaNwRDzYos&RJkCWk8mzOE>7=x*GCVud
zA-6~q{dyKY>}k}cbwhYW>)h|Ubf7l*62?6cv=u+$fPs^L*2A%frrZmZQ_vO-u^S}r
zp*{EvRvicrtHvONE+e7#!GH0h7;bQ}7IC&aZPzeNuzpqsg6V8@yg$9W5E$#&uBQ86
zxD#i1EX7{0$5ydC6cYQtyE(7_SjL%Nt%^8_y33!<KJ3D2es7MD*<@Ldmf6fUaUD5Y
zi_a~E$sAM&tnD<sQXc|ltpXXH-E{1Exnx@`7&4J<3XC+Tn7c+IEMn-$XF$6zw})V&
znq7^IH7VIt@6aQx&!Y?my7Fu|qag*eBTf^}b0XHAqtsG)cMK<!dc&Vvmm1}Hi?EeX
zK&71g?v%n*G?TTI9PFjb4cNxF?Z;f;#}#kdxr#YE33@pO?=687^=qAEY?Tw8&}Z-8
zGRu$TA1;;LvKRQM;<;044Xb?+(J)TTsi~~%sB2|Ev$T#Rzp*mPx(JrI5v~T5_;-^v
z{0^0frDaKmD3)m$i8gI6bv(G%HRyDkc_Rgl_^#R6=T;hewO^im$<y&^RLH9_1kHpZ
zlaV4XIWT3?BGn8iG$FC@3pZ982oZYNB*#Wf=XN-0fzyi0Kb|R>{<NHt+cSSQZzSb5
zVx2FY6~AT^6=!aa7!Y@*YA*;1I1@EH*4{*bDEhwpfGdu}!-fO7Jr%DFVrvr+Bx|#c
zs#=(zn~Gy%tz~z+Jt=u*%=MKD9uaM_@?)chZ%t*afdmWCSy$Y#gH`4*tc*#e{oHea
zM&`I;fx0@DIk}$SysjLJpQtZxH_#TA`DO<9*1cZ)39)XsJIe2}cIoBl((l}!=iPlL
z{d(XHcnck{uX}fcojbR+wVS^m;d0yfNSJupPQ)%u_)pLLj?Pk#53R60ighrB@3JdA
zs?3Zao?8dT=L;S6nGMlGG#$MjDYeA4a_-&mtTiYm%+Ob&SbAHv(GUG6%7YGO^b$#m
zA}25YX+BqqL<FB+y^bkJNGVWgY|1)amrgJ7Ez!5k@Y6_`t%ojr=rLbPcovb6vdVq#
z-^r&DHQt~f=J0#md^Bh9Ej%@R7H2hd<n(m0vwH%jf=|vkm(_cD{5Bq|<OTP2$$u2L
z%eA-`?lbBeW1nN*|GWwx+Gch~Ujt;QBkrz;n;Uaq*J}kBDLMqfIWn??jBz#6GLdV@
z3<YApRp`MrVel)e00i5|@9lISTzziu(oaifoO_}TGNzD8?FccRmlaJp3z5mgrdPR+
zw*$x`y;@`osWgaiRB~M(7!);uHUHTyl8a@&nt`4M-=+U+H;J8~Ao}lVkdF0#_Xaan
z)S_2ekh~YGryP8YjKvVxzr*nsh(|Z@Z%3|zK;P6@^z-``4HSJ699_kcN!Bek<!IqM
zOxp6mc*Gnc>?3L@j`eV^5_CDq;*rVz>=vR=EjZ8Ykj=avft=a6@1Yotz;%zVK;p+y
zV-ksFh5$T2-z6V&UyH-vcrf?BalPWpSqNj|Dir+X;o0nVrX~2p|9RhiK^9h5c73h<
zME&E0hpieem%iz9VL1oX$Y5~4n{-shPAf~yY=QSH!wm<YGLOnbwlmy0cn=doI44w~
z;RU%C0vwE<3_9%X<ym*<5!P-sHxF5>Y}zRTh8!4f)NfkA1<BWi1gpgh9Tyver!QfH
zsmex_sc>zZ2um@LQu2F8HYm#s;!M;b232<xc)O|QtmY<W3;lDo0rKti<G#C;#-5ub
ze83yAzXJYP_eW<mLdS{=)Ci`E#iMmb)HmWJM+n<*FP$ZC_aD2L?H+czz!{Gf2pnik
z(j%aES~0dwR{gC8(TzKD-&K{eI;2VG2K(7~^U#apbKl4C#lRaydTmH5{UDgDy6!B$
zBjd1b#K9=DuBzb+m#}8YZpV8qco2CLf<vHLyKSrAu07lNzIM4;B|0xAIhCjUI$P7_
zeLvdX3`FV82V0^mIZcBD;vK~7dMiueYCySK=thy$Q>n^f9_Q2uCZVW9$O)kd&rCc)
zeu@@ZgKD0%Mi`pEa5O?-_xKAIrzM#h^<68BXqKs{B<oS|epp`HK^Tqp^y}D(1P`7*
zv$oi(>jExYV4Bl}y3`z%tI{_N!E}46Am)kU9Ne2)p)rw;Wmf7@=q^)A>Yiq9NdQtg
zN@zv=&=FhoB-bhIBj}}R;Te}R$-|_tb%_fHYYIkcTp=p_!IUfI@7Gt1=q__HM`Mb3
z#w`*eF3Q`&FiV!*er0`p-E`h1@9$f%ZYn@p`hyfAO#M&HE?C*cdfQEP6^mmbjrI(D
zv~wtxmiOarNS3$5!d6!)nA>`M1VE@h|Fe|0VL46VKPI(c&u8MR5UsY0Y*V%17<6bi
zpYPOe6Dpv(OX%Vcen|BAbS8uPowtISKgRsWy~U`Vv`)j~<Ir4{CSw+#wwYTY25A;L
zMv`I6v2@;!KwG3O@gZ_k%Yn!iPWyR?^h-olm|0Q7v7gIwwt@!b0Sjx<1K`ZmzMe77
z*<ai<gWX*Q{Qc;If94n%LytPc+zrc3Bz-<f<7R!lEqbYqtPs$-{5IP@R!_-mtO+hM
zQut}cI0=$^EtA5vW%etGleU>P9t-Jm<Tinaj6AR4@0{fnXz^c}KSiF{!iYhs@w8y0
zH+a9Fh_%7N+@DW^Ge#YrbVPei<evr^ve_F_vIOc=@<Q_$*~vrgt`CE`5=*bCtn-?0
zsHq5s{l-BL-Iu5BC;MFSrCDGG#5^NZ)gE+>4aY|=fS@(;k^fVZ{#WzI{(rdkSlVBU
zPNx7EE<n$~#{9p^(sNY}3r$ueZ{F@5E(|IQrZ^G5Ey#HEG-PbZcmYWQ7937g+~%g+
z&*LMW!?UVR891+Fnun?bF^A`_)Yt|(3-4@@PgrzCsMwCoW}TvTaZ39%9k)UK7y_NE
z&Gmo+G7drSDCK3OpZ%#n$v~`tn81(`H6iKS_xZb3N6x}~RJqs%R8t5#5%v(C7ACNR
zyRJ{JOl!X5=i5HV@u0BM>xU99<9z((GI-3pHzT4^ZS%vwV$blSkpg*%8C0Blr<TQ_
zPk7{oA#skJ(CpvRNguk7(Cv$-ut(I}gh8vJ9Alk70~{%Pf9#|W`-kBJD*Dxl;ZD}9
zq=D<K3#$V}3F(0?L);P2ArCtp<4haWa}j9Y&|0Lt=tf)(*p0fv-H!bgL@syRMo|cG
zp<WvkNO|;2>N^=sT?$~U+C2vvV>HkrsVkhrL*tH|TQ6pQFKUft*miwa4NXOH{LgFR
zPHD95sr$Jv^rZM2Fo47J&%%ezB<x3{eb1|)7FYCvYeD-qis-6FZGxQn?BAo3<Phm2
z7Oo604P?ra+ENP?LgR_-m)?2=OLyzH5ydCL9S(mxZ1gr{`%gN4L!+sm><$+Lty|Ff
zA}|xC!6F`MI-i+1BFlLU%4f`^{7^x$k?1~T{4U<?zRDq8R)7hq0h_LUY|9?ekBMZ<
z>*UAoPxtGr_wJ6Y57$EG^f`ovrj9WP?J%x`31i-{T24-16{EA3A8miSUl~}(YgZX2
zZsTPt98{aTHmVm3YN=1_))E`l7A)hYT1&fvt~*ZQoieLFo;ZRynv|4x9oal5+X{Jp
zRKF|o3Ri4KAOfDW2qwTpvJFDLHJFLY4PliT;Pr94%1ZG4d|Z*<x2yFso31BQ3@bRv
zS*n7uT-01r=ubXtL_j2MyxFo>1>j_5%&5F@Wc$EvBx$VH)XYw@n&l(QB)<VejREk}
zeoM-%>S;CqtF5wJ+_(Rn!61>XmMwLSPPh6MS4&$30?g}o;`Nirw`Zf7UOc55mgouz
zlQ>engf!GC=0J6*xCJBOpo*FBD9<ie;A}T}j*x)=^0FqoXkvDjYa~9?Iy$Kb_tf{o
zY@I4wwia15T_2o}O3RV*-m6tjcWR{B3+!r|h|U-gJuv#z*wDN0bZWI4D41E!I&^K)
zpP&d@0JLzd*L6a_$`a=%X3_`UMU9>8-MA;V&ZW?)D3kTe^52N#pGEDD(9_o#EIDK3
z??+?oNmv>@I{hT`Zx&BYaYfkKc&_%Lcq&8%&yFEy4z#gDx#xOv6vS%@iX0G0`Lnu=
zZGA7x_y9iaEanzBc*lTJM)BbxZ)dwJWfL_wa6$!Hr*;^&Cv~Hwo}Vv@$KQ1E<h|p9
zyWHM-EC&KFybR_31D7mrVDK6geC_2t`b&EZ;bw)+`im#WeGF1@Z#7W1t6}z>mCEge
zql4$k0{r;<L_9TUoOm(X_3J<Sp$)LR>&Tpspj|v2N20?yUncjwN(5zmgT0?P7U%&w
z0A?ahi~uO>Co*%F6SB;vRhM^XTX$wN;_NZ+(LwO}dHoy{6Ya?>%_qVE@>Oc=Jcb+b
z=##!Tv*+nQk4aX%p~Hmb>rfJVfuqj(Z@CSNAIAgE4|axaT!9TEY8ea&)}!Z&_5Sx?
zZn@mCVvKu6b-Wv+h`#T2bj7etq`AMl@PSMC2K;cJSJ;AGBu=O`lfO!>8+JAH_Sdx1
znaub9Ezy1mQK2N;Dtr?LV_^S3!H4Ys6MRSx%FLE5djX0KkVvl-{KOZcbw?Tk<G-#6
zMM0#P{X{JCTJ?0$ZgBIGUZEXNW<s4d68T^xq$^kd#nTn!#5Wbe!=XQUG{nlY=!@2H
zQ1Dy%8$EHk+^`Q6$}0(@p`J)2f$TO*N8mwqBL9zhCgj5Jsphq7NT}(aT*15G-v$pS
zYi{@qN-9zPfDY)?X2S3ve=Z2skX2bktTE8neD`t2Hg!{depKW+ga(h`7v^`@nT9IR
z;tg!#dhnBOyi1d)Y~Ard5_FF(RZ<9;k_`MJFLeFb2yaYu0{YjUJg&fu(q@*CC~OG~
zt}>M*?2_13BCvcZ4SLzw0?VJ*@5k3ru$8wzzQ>M{8b~kfocDe_Q;g1Hv5S1CKa8~A
zbz40xx1K0=y==|!emXuD#HHyQxQhM-o!gL`-n5xoabOk~_L$8|k|I%lR2{k_mV(Zc
z`IDVrJ<5G^2+XgY^%=Bqp#dDm$lB1s(cVbUDw*E!JNo~}TF?HUHcB#*`FHi?8|WCq
z<iAm%Pyh?_|K82!H6(3_S&_R=RgQ3V*{HgpF?kH>m(O6sQ(cjCAw6QyC^05Mhd%(_
zaLYKYf`7`*BDI|?hLXZ{+P}(q&^2lfpI#BJq80vT+%A;7U!Pty<C!QsyoGX?A=W+<
zcX_Xhk5(-9rgf@Fu|rN=QnLXNe*=Z`5~L`}Th~878eZKVv$Zg7It`N?PS5c9po)5M
ziUkpuf;TsT^-f-p-B+E@cFx=!@wqn(v?vvI|0RFNF~4c$^X`iT6Kzo=sOMIq^i)kd
z!n^ElLFQr1i_}y&Mt&Otc$6f&?Y)Bgfr%`~prhWA{>!{TAp$~nMiBsZm!cdhRsDAi
zK&U{Iu%Y_9MNgZ8FT6C*Pc4+CWTlMXM4TgEY3#}@aE}$kl4+^G5T&Tejzon8d%}@K
zMH8yCQ4U-g>5SCef9RWl#pcq|ITahSgGrPO6z}UT>u8Y#>=+Jo3rI<6z}s4k5(%p&
zOeek4$=@&>$37#4*G$01pll|{Zoi}Kk(iKI#V~T4FqV=gU?Zi>P}iu}y3NwO`_@Wo
zK8?|+bw7_GF{ZSXqhs7~Bya{tf%(G42$!s}ch388HN~7R&%t(r&xqoG9uiK-{hx=V
zoq$miPs3A6ojZ3$mZE=G2*bHb{2GX6tR1D1{XpOpjsg%Vsyw5&3-dJ;8v_b^qX{Up
zQ!2rKlkjTB_I-t4f2b5xX4BYGNm;q{Y%KMhs81n61p&nwZFCSY$8z`jtPwmI41=@S
z7$>0rK>g=K1VSIR%Imq_`FZtBn+?2uqaW!rd)!Ar8KiwYxzJ`rTCo2vD+2?m9E8qo
zzJ2q72fTTFUM<#oo~EFZ%{SfvFIUIgmjouyH*|4%QGH2$ooCHQyEOyREoMBpw`|x3
zPhJh5eS#Ty$%n#Ebh0et2(~1J<Qu8HK^eThG8u{_{C>65oWSc{HQ@cm<RSWVL=k}*
z`cvr&x=ZGXy(adFAhS}>y;?qd4dcfd(*aW_pbs!!D?I5yc43>`SnuErn!O=%O?&1Q
z^XOR~p%{U)Gj!Uwi{1D|4E>svxnmQNWvGXj+uSYa<{0zbWy^XpdaaM}t+X2>d?sGK
zOK?mQqGcV&!GyTA+gg9K+h7$S)9h8=)z(;HT~j~ihF}Xun04HAR9|bDnb0`EW1brW
zph*&3;+oSMIVHHF_VVxj(Y*#R=iJ(Hxo>>1&FPZz=l}TcQd8rdKFH(G8}BvOieelb
z2A*ME27t5Mn;v(Fe!ulQi@k|G+W`5S*{B}CE&rS2qTu1@Z~VlLIi~5%<`#{p9%wb?
zO~MYL_FSdU_b+C`$8Gk9oR!^ra;|&`z-~i6Y}toN6TB9*L3MoBF<`S;`Rk54DXJ0w
z#CQva-Jo)ahpvyljp}l=hM#S?g%u{(7?GvI7nJ@!jpIBhfk46W1Y?U&s*)PDrc~zu
zYsFi9s(0cKanY56A2$0s%0FbY==v)5#v!|?zqn$%RMU7Qondgik-1m7N795M03?S{
zJ9I=SmI?_TzKPB;g5mHTjC)Bb_bG~30STaNI~dT~s>692H<ZtkZOjb;nur@qDp43}
zR-?5)Mzt0jdL$io%30B#f*PAl%1?r2e4v63IS^=(v9=?{xQhDR9N)2ZH8l~>6Eg@h
zkT|r0p6HZ^<9Aejn@3{r?hX3{uzJh1-9`)}9)7@nP;jk&<i+M&pXS$<#Ghl0nyk~4
zn`SQJt5ITy&_qVbFFZ_3Ggf!s<M5}%kdJr#7(qy2?5ioyzp5Dp4JKZ;N+t|oA`?;r
zIqE&b=tKE{aLudTKi>`oXLn~aF6jZamJ_rVEU=3#G+5V$%f$;4Gl<Xt29FFw*3mt$
zm>LdSzMYCyV^)D$thWfw9NZ?LOSWxy(B$6@B6T3^Fx|z^&EG_MnI0);(!0yxsT9xR
zPvkH}IlvU}r$$WblTF$~BjjV&)SU{vP}uJLm3$WCUU1Lg57l(eYuan&PcIP6#~)A7
zk+1UQi}xNO^xM0X%xM@0LTjt5Ny#YD96Uyvr@swFK*xESXO!Y;4;I(PJ18GAfNxhO
z%-($1i(<aIH{};|FsdS1!os-=*RlK{B^`VWzBX@xqLPJWxK(vm4;dKr$iIN9X>E{{
z1zU#_Q?COAFNOvtB2Xuu7RTTFFuMpJS(`dK*Q(D27QWfJAclzpwi9NB8Ibuc8WW2u
zb0p|3+*Xq{HXw&^Dyss*MrZzZ`v=(3_zRGtr<i0@bpUrAMe@PhUV6uTD0X4xxCZ;@
zemShYmc29Xm<rV|8&N#=;UWM0`y#0I@TaoL<|Q)>B2N!4NvE$kPridnNu=ZhC&6(c
zhjF^z-UdJYzxjNC_^rGu#i3^3r0+y&HyuT>T;H)4Ru5b_^N-{eMmBT)-<MQP$^<Y7
z(T3M3kO&yspnvB(brn3=z(UQa0>tBv6E6_U{jkZCB3Zz=>u6tE)iSgQ6qen<m~%SH
z_$ymE@xDjE*9cH*MyO*=cf$hos<jD!7J9=5lUSiBtHgZ))=ovtRf8Y{Yxwv<(U*Me
z8=SsmYDgC=@YxWq&I=No))*g2xCuKBv{{3*-0M>AQ7aDb3<A!wB{MN8GlbUsJ}ajs
zZ;oh--~7cUgn46MmV1gHGVg}i3On}_*#oLe!&YfmYP;Ds)T;k1U1(ZxPw4f`#1jZ*
z9%t4vUyl(1awbctGl<Zj@GHKja)^grcu)@mNt~s9I?Il0n3I>kfw}SDd}hp*24eG0
zrJW+=zLj>qwe{PK8gF9iQfQ5jL}ubQmGNOhqZ4h?QPypX^O5@``~7i;Rstbw4Y7~p
z(*JA%sXunqi_qKH#u7}N9cacB&6LWsMXWs-t&)cW_Bz^vs-yD2+$4Y8ow3lXsN4=0
zc@RAjlNd%l8R<0+sowCMZsdiXIJ4WJrcvLI@fu#t3|UKjPYS-A*WH_{PKOGzXZhtf
zm{c!hi%a-sr+1cyJS#wdelH)87-mKe9x|USKW~krw;3^TG{HHZV(Ey0aqLMst-^Ad
zBv=myh<oWdh}qC2S8eoQ&?K@1Xj}M@TjPdo_t8;af=iedvNNtnB-WTiy3J+Z@`B|*
zoBdvua-EpZBocAV5`PYvlo{76zhaAHsu5uIbq^e^c#^PZ31A(XJ{}RP(q`>|w@G3R
zX#N@<=pfp@f8dsVTb>M0$B&kS;l7)~(9dXq6gShh<tU+fiWa}Y!*X1jFX;DOPWt11
zFT5KDLhOz$ZBCOf_2p<wv680-_~2CxFvX7ghd_^uM@MnCm!@Lirn6VVd~#q@yQ2)$
zL&KKPi_*00vS;l#w?o~?mE#pEXx32W2tCKsL$9Fk=E*3oLE%%<eJzI`dtvI0fGj2O
zB02KZHc*(MqO^~Qc>VeX#N68+?cI`oYO;R~^7cJ@4bC)S@am%?Q{+*b+SW+gXzdjF
z-MQ!I;)3ZauRW3#Zj{*8A!~hG+Pj(%c-3k9Ry*KzoZk>d4yoLO&(`Ily!`C|rfu+;
zS1S6|7b@|>jQ#3ZJ5Pzu<6-v`#1S5jWAXn}vFe(CRjiTyppsyWbo9w`<KJwO(Jj9e
zKmU{M1TZo){%^I<xu%AVX7dm4O`Y1wZ$h`;-{8JEoivE!G&m<hluSdKQSS@WY~6i=
z;oV#@>}_Xow<pCXtIIV6FQ#tW9;6dahJBH7zRVxD>U5X>^)Ie3j!&LjV^|2E^5GYR
zO5OhdKl2A5O8Ou3N1z0Ke&Ws-&ujO~`UN1=cEg6TPh`4?5*8SWeE%PwSJd_47tgEu
z0(|$2=jGw*7n)SM5<NSmgG0P0M>d&JGkCmP?2kZ|A_Pa_eGz6wc_G5T&kKMV=J9aR
zwbL0BuM^Uf;O)+o2cFbNf|*mrL2;sYi{laj?gg+?=9QI~Edm3RTD3L<>trRKTN2n{
z`YJGNg8>o;s8=~2RUv~g%n(&6`{6-f_#G|^t5k4mOjn_SNx@pOfj+WE&n-D|9J5HL
z5X&DaH?UsO9@wudDU5$io?JA6C1WKEjL<u<@{*@kN*Uy<uMoZGzhw|!354^RCW)57
z8)yagcq*NQ>T+#Z7=5`&pmKz0&pueWh-y(GE_&FMX5MwOS=D|N7M(U&bjgz&*+HQz
zW?@n^m-~>VnA2f$yyY9{DD(-05CmgQSXg%Z4w<j!TBP5|*F;fg_#waUraU~jSUZwV
zey~*(0J3@5a;;5~uV2pU0tqd#ZFmiMvY!92)W4^o3k3OiyS|v+o?p%G`oacp`r@>E
zaCo|ox4L%BSKGj&%=oVP-AcG`D^}1e!mBj1?raXV6C6GFv`|9Vzu0{M9bUlWqKlRH
zzV)~#dcO61hlocQ!!6(ZQM4g}<hTLovZ&3!pc1*XjNqcbG0YhighsY##diSLFRPc@
zqoLLIg3hj^N;tV_tp)9#RQV=zS&xRCD_Co=LK6v}N+)rTkDCu2z~iyYEP5`soXjbO
z*&F?w(GneBE|-UT|CqLcnP%FXSo@IYTCJ&WiI?XzX2`x$>y1(f|I_R_(rS<VvE9b8
z|DlvBI(yK4%*ozN<K$j&?gV(VT-7YCw&BtiNJffmB1-01gpM>zZgon1OgKgfA&utA
zcHbc84y9=?a$>F~c-gZH<2q4a&u5O@Ez25A<=RnCW}jv2Yul+E7+NjJE`Z>;TEfz{
z9|&l+p8jiCr%2KP#e0WR_@@BLB+bXd>mRI93?1y3EHyxU+!F-DfgR9uOGN%*=5$-&
zqpX4JG>f0k8cPRkE%-vN+>orXqk*!CBMM=jNs};p*Akzm9hiuXbOih)avcyIQT85`
zzdhxfPw}Xm3_TN!eu&+vf2t2R-JLTXu+g47^i3POVT4(>Y}^5b!E4sHE|>jBlEi(C
zL4Dp7yieKQT1Q|+8w~U$AwI0@rf<Kx(Kg-6;xtu^k*1%^a)laco@JlZ5AUuH&~7~l
z7?%3WNESTa*Pe?Ng2yAp@paJ6zJ^`4sF3ibQ2p{z@V{Pf8|*eDSQ=RE;0w^@yYBxd
zDUS_Mu30=8shipmDk2MjSVwcF?Mbbh7&7Ds9uW`opaoZ1PyuQVUvbW0;`h6i0W!Mt
zttfGV0iZEIm`3&b+p|J(W#e&=i{Cv~+#zby3m=$zb&8H$mtn0thm<{v&rkww|B~;r
zMBC2IPH?v|lMKRPwC@*iieDCVIT4zv-BDP0Bw5Dbo<&+YVTz);{mOuFLeARXUDN)h
z@en|VEm}wBR19qJB-xeYzA<EF{PgEQ?*(9kI?#B8&8^PE&NwtQ53a4?n+#d<VV$kb
zRm^IId5mxaY?02n55BzY8#O|qWDf@xY}nU!-}@u6)|$Y|Ibg|YlK3Y~z!WKmDgQ)S
zDSmqpQ<ctn_nXf#$Q2zBR-IfvQYJe(W|<C1W_x(=3jhWQp)|np5vHTj)mEF>&HwIA
z7d3T&y_*TXvKYe;I_enTxSuM4_%D=OCPZ^r$}LFz^!Mq3h2S)jmRa6HZR>ZhRQ7UW
zw9ou;)sChOCUiUUTy*ua7DX{_o<*12h@u{#x6J{oQXw2VBKch#9Zs!ZMx3655|%@*
zj$VB&f(_8oC%zOl!j6exTzTIpq3QskICXpGrFeBOiO{AD<FNNa8!n$=F5CFho$Ag|
zbozeARnsc#)<9sU``%TGSQo0s(+?@`=J*X{)jc~bZb3XD4u%}N4=gU38vUlq>r`!f
zjbP-x2|5oGrnJh6nNL&gisA*$*2jO`TB~<s-vb^*)T%V~4$AL_TARqxsXaZkZ&Sc!
z=58X^!ENY%&a-cff?kK3RbsY{x$RJDM(*c~d$U5dOoHik;xLs_k0gbc_aHbUqUO;2
zO_4yi?Ps#*%&ZpmX*a+HM-y(z$GJ#&52u5$2M%WgM92>Ur&l^P(_*9owGv2h$<lE}
z<p5|_hDwp*%cBN$_NcVGTEn;~8Hf}3<v(6Bdt8ny@iK}$aWm}6)7GmqOD$4^Sb`)-
z)!c@m5Ure!+Z_<2h8gt!1xB<{Qx07H%dueuh^EF6_RhMq%fGv)rXnNv1916L^AlWH
zeh%f$XZ@+^;&Z_jUHCPXnz*pRh)9RL-~y<g@OC|a3=w=RCvl9JG#Mts<GP0(MC%`!
z+u<iYc9o2xq_iTI8KX5$mc<O>6NhnssEf>V9cF{*F!)SowL5&VG5PxKG3O*s4<9bd
z_yWFX>acUK-QMV-d`e(X>--2N!#<v+ANX1z<h5j1X|c||n|&J@=uQKO<|HCbTY&Sj
zuq|8VMco)5Ir@pF9U&+dhWuLWcr{~j@A&{2oA$bli|Ux&Kgu$ywoP>t`8c$g_lsTs
z$W(lSrXQ8P^+b)Gz&pYeD2<}3GsgN??u%s@Ekq3`#3_U2y3U^a5e!rU;uz2A?XhJq
z9gNjle=Ec1UeS~E+bSx`jB;$X>j1BfMscq-roiw+oM?nc6t?yeCNiV4V8-<k81XZ*
zeiGTf9v;znZ*N>Ex?SI1WHEydL|{9nRz$k%S_-laKCZ|?7qo9SiPb2mK|TXJ`f*k9
zmI3<Ngk6IYEwgT*aH>W9RfcJONYg9J1+LrpP>QJIU9ISwMpVA}V5UydKfnheqp66z
zj)M}UYYm|Xy{Mp`o9KHpEez$egx)ilI_8P1UQIx$PVGO9A$&2to&Dpok|L`Jfo#8r
z8?zoGw5*-TQ|NNGAh_C(+|35IUqd)Gy>}hZqOcs}S`pj)(8N>fO5x%eiCKu`&i(?B
zd?V_GfX$yL<mKb6WJDFeMgV?GxH#vxngam-*Q0}rUaC0NjI90JFL?29<Z{x2Y7G3c
z3Vg-eX5J@CYmx|{Vlv0~xkjDzlW2T^0oqC93LZ}{`9wgxpWjQjaGZNw3I3#YX#l5_
zngzPOBfDhO$fPDH9()zWwm831w1Yu+8&r@3qu|jj+>=!+())8xBVf2<nma!&KEUKz
zcMVUE^0Vt6DG*EZ18zUew-$Fq+Fh2qc|l5yksO|-ksHsJy(DNiYO&U$HKe-lnoA;8
zPMoArLjuRE@^0>Wb|f3|dTR=XH=)nIHpl*y!$3v-INYH5W^nRWHLG=qkwtub-%G;g
z&Fez6tg#nlu&zhd3Ah`3ZYg@zMh@tqN;utp>3bRHpD^^S?&HHbW+Ef;{BvC8x%f1`
zo{Jpo?CCY5-m}&f0)PI*>-8GkY}0MUnZ>0X-fmEQVA0yxcXd&=ve7wUf9wI`KV!XA
z4-+#1rkStv*t+Qc&GB^0&Uo}{+gL*JLgdP4!?$(|+b=r^2JnENfg30KrI|WB2u*5z
zdR|o{1T|9ye~Vcry@`a`*EB4?zBqC$CF^MCZ9?2}Vcn9bV7Pho^(of9a&MHhQo=G-
zT>R-cS#h5YN!tZJDWA`~nOH{LY_#D(&aJ_l!o<%N6}BkWaC^`Qt7YW5E16V0bYTYI
zOu@1XtOt)40qYJz(b^rXO^H4ndP=ccp8du`dz4Dp^IK+F&lgU~jd|h8+k_fNDTaj)
ze|bmozud`X4<y{zmFxv214QLJ8ph(Q@2u+?uv^5;5)bEH7F>T@WNIbhqBKXCu33h)
zox=n=KA9S++^GB$5lEwNZkJus(rme!$FQ?e#Hu$sfai<LOK+iTKmze0l~`4MyH0%(
z2d@N9FvOkj<m$I7(?-?#{K{w>2idy`!y&}@vBs-2G4%2_ce8)teS`<}U8KIc0Ya};
zhT5COWx2L~qVj@nppx^T?EuGcQ@N<iY7fH3QTGUPBrV#-(oZ&eQKR+AjmXxuUXUmw
zpBHcrKnBy<Xk6FY_yJqdc;;$L0WL=SA!^eC8TJknE@looSM>@B=g7C?-YBe?#OLl|
z8Y7FjlI{=bT{1Lef!`Heo0wZvd&G$|ZQ*vrD(KMS!_?iwpOuXVYMc^TWliH<nt?5h
z6{h~udMZ=lOpsB@x0!y(>D7|~=5@aB`%+VH0IuwSr;;I$=>>L4M@$pU<S#y);z>C+
z#-;fs9t7m<--9IdlObZp$*E1&y-Bm7M3o3#FBN^et=-n@HPC24J}Zkw3@>{qMM#<U
zi@-l?_dO2DFS`o=LEN9CJw+MIs}<{ia!ltMUFzn~A|!Slp}~vtraE0aC*cY4?%iI6
zK>CIg=Ob%gsYjz1qV&E+%ipQ%BaEn1M1Lb_seK#WP{lb?3ow81dm7vx@{*jEJqHYj
zXnpj7N!;;$=ML&SXJ>3L-@*L~Uooq<!?J+eeETdj+6;8j9<7du;>;L_2ZrI$@f6Z;
z3}5LcffNHE#J)y&8}Eqr@^AV7IUyqbr>XHjKW+5QVHoL{lD7#!mA?*(jLET)pg&<5
z>6rf$8O%t>lAIg-T|aro<vVh64)`~`WQLIMHp!W;Um?NXUu@6hsgUmz-{}4u;={`F
zzcYL)m8GLm=;1mit5X=|>+QNS#7ZE)W3c5^Q4spFH56*ufi#SMCfDGZkT9-lQTt&@
z-|jEbPST3&HQZVIc-w=-JM^Fq&PH#0*FfYKic+D&V{J^k@VYXo=Jhcp=?YB5jE2O(
z`#5EBbh3Uyx9q+c+=$sh*<h1HJMik^SfU_@QUP)HhOn5=UM)D*2)bvkj~*?5a<I!f
zp{3?xY6Ic2t~m|%^<;--l=YhI4beC#E$nMiy*xG5d|dB$S~^6Kl5{&*1Y35^dOcWO
zwnHkcyKIOEYw6v5VtkJ7c2{)-L^G+OplMf9>TjnLL41IJKAUHdHG{8n@=dAfc#P!O
z*&xshS)kr6?{9W4k}Z$P+oKj1+|~+33>;|(mGGqtYEZGO7%vR-wMmx5_XdkH_3%sQ
z5KB5$w?=OTJn8SgXR;@+d0v0K{sk}Y2FSlRxa}x-4Zr!XG&Zdam86)meZOC&i^cO?
z^~QU=%r*v4@XjMfjO~KzwkXpDeu5L8YYhF05fqKm((oz&`Twx>j?tYod%JLKV`AI3
z?TKyM=0C~AwmGqF&BV5C+s>Q&+0WVg-DjN-UETGmdNo#6UB3&}bb~`y6v*%F;<pEZ
zC`&-@+gPo%2pwVySihUupdV-BeN=ucSIO@enxkMPm5O_LtolWR3o^NeqYE{$?N4^g
zH)ewW;ct!g%xcw!mSn8Woi%Ks>0UH~XB*_kcSQ6|9s=lzsxRRs&9UwoX*Xv+>l^=+
zfs3XXQC4`HU$NpX%T?#>e;oK-6t+Ux&Rn6EW)0=kQg68+7q3k_KABI|lya+S%aQCN
zZ3|<So`aU%4rj4-XY)0bU8mGA--Yk&*%tB)f-Wj>MUQ`W6Q1y(;n}iuR;7!TX_DoN
z<kVsIbpj{_oH}^9%$u*+!pdH(7Oe$diGVzp&g#d56)0%<QAd;|`=kFzq%kHn8PGPb
z3G^4)*hM;05+#LJyIqZU%}FHkg~SuE>cJ-vYS~J<A3OE1lmN95b|lL?`OJG{HU)^l
z7m<FadxkWgFwF^o{t^80K1M_~<s@u9yFboB$-vhT0Yi;pk#p&)25#oP`~+fHgv|Q?
z0WvS4V7RINwP4~Pj2!=i$AGXf{wu+bnVI9i|C|XeTYFqFxKF<xBLNaq?i{SCNEI<+
zTOl+eN%R1)T@j}XRY@w!gD)A6O+IJuwhned9O1`Kz1WL7g0%+7$iiIMyf07C-nZ>a
z&1M32L>wwy>DN@w5X6&5whw-rMpXJdCpTzu%y0G8z_<Dep!83$`m_bz#_i3<Vd_L~
z=5r^k7AIA<JFLGF2$4o?JZQ@E-Ob103LRA2w*^*1LGZ28!%*O#deTL*DoEh8l=)GZ
zvO-mMn8tdh%*jfg2J>;HXF{n|(=Q{1lM3giun-X^JX&i+^3eK{xg191gfWssb3mRm
zJ0<iFQsiHNIeJ=#FX`@4?<6$xhiuWSWN~yje`m$7icEOP{HCfm&lv%3F`Vp17ILVI
zWMCaTi-D`H_t(7#oY^n4mY0jRr1%Yw*P<Rt05SuE|FN0OQe&GWps0AN<paOGw_=QM
zEGM#F){kAcqZf75IhbL#al~m?OEJV#BG>js_ADLHK?}KQ=7;VY=##y_b--5G4Mt#_
z&*rk<Aj^=P``5|V?I2w@e(%m#`TpQ_$NZI?Uw<k5tk|1+&2yMy#=Yd3=ax*{ZG9@W
zhk>JpqsERB4mk-5jVY;qkkSx2i+L<GT3Km%n+WdS`?s>7HOmZMQBz=V6;-=KtQA;m
zf5!#@?w$~YQ`f|uTO4YZTk3>{7^*<G*zJScm1lYG<S86s@TUt{dt-1%)o__^4`t>|
zCf^fDm*$lEd5+f86T9JHA7$BwDw3)Qfx%7h3noL!P6gUulnvT9jJG_Rk*951lvt<z
z0u6ANz{G&`?Lw;f=|W#&Mq#yIkgP9{14}gky{=;m5T?=ZZIEevB$?F-H@U-TOfN<Q
zp(&av3m54|D9Qqrv&hJF*bnA88iJe%!UWS0mi^GEXiTu3=AYrfjdw0m+T$lrq7pm9
zS0vdWf|xezn<wegWMd<7pf-6!GN=(Y;_kxWSP4np#EQRI(pMkO=IJ;}5~+?@4}{YI
z!<Dr62b^^$KN8y#GpU}k)-TK=T`{U&+sOMVi}~}Z9`KU?Qpkl;jDm!M0S)9+mRgK~
zN+JDfOvzTGR)Kz2>NRpG28#LXwHA2SVD*V4`zyqGMt;Dh>iIb<gl$2gAy6~22(N0H
zVX!N$c)psdeat63mkpLg7OmaX`sX_?fL_bdG+IatF^vyg7zL4`bb5zWx5IeAb)F2}
z$=xpC2wY3af{PJF9QU^_M!;xvhQqLwOg<$=dtwZX%wF}&a4Bvm1b1J4z-B-|)i7hw
z$&h2%T3-N^l-o4t42i1Y9z6|$N{AR}b^vmT``JsxhVt2`9k^GL%H`}PvQ4QVpxJK*
zTr1&XVIbB>d31a=CzEN`)3AERS1<nKtJWTBTcQq;u*O3{g@BFf*@AkpS+c$T^|0iO
zAgyq?`{KCl78A@4^B1?1;v>my6Epk;iv3-z;qgc=n=h`RWcrenq-Q@djF}J%`NLX+
z)LU@AtWrxVJ!=zeYbHox4sew@K$~`nqDKw4*_61vcs^W)0A!5UP&KhAUB}{pk%`T-
zN!=uG6Gq)FJEoa!o4tZp7jo#lM(p=vHTu1b2FF{3d~tYGTx3?whfycG<EFfSERj&`
zJ!tkHIu9Z$WO1)Tlql757Pr__FfUdA#2M(y#@l5R4sJQ#MT2-Hb<%PU0KamFUv@j*
z`N=)hD61A0-~T+cY8of2Is1;Cd%LL*$*aW%^z;(7j}2fzoXVwA@pS2-g5QdV{9IuT
zK0b=qp!b1OeWAX3LgVgrGlkIrLClgxE<|Ri1`mipEUwQvx6AzK+-v8F0cFXiUlV8=
zH9oIft&3B3SbiZ}sSQAtTlG%U0!8D7vNmDF!AZ@Fdxab1A|nA5mrz#gT(trd*et@|
z1xlT$MkQ0tRimjo-a!FgjE{(0MC7b;aP`L?9jZR)WiyF2k9vb?g~lFJEdJf%9aABA
z!%qsJ6<)WHq0H2s&e{-yMl1hAPxw?BJlL8|y^ue`No%To6{>&{X70vf|5%;5W2bR}
z3%xqFS)lZf;^*l_=Q*XBjiQH6rg&rUD(j*+&gK4#(7`<_m+H<r<)8W2i*Gqj>(8F_
z<4_!vw#NsY<~iPZI)Q!jYG!L!@Rkhfiw0Hw)4N$-X_MJqv(gLxX&i2J`3Z2<Ph8)=
z%U41L#kQF4`zwI4iYq^lkGuPveAl?4ergh0s;UQCw<e>!^XSsE#UvNHovkYAl*>=D
z*gSGywg)or@+o|(y})J~9N)>c_$J{NX8L{CpI8``;D%*2z+W$$C0`D@2T3B(%k))J
z7tbdn_DPJh89DE^F5DzS)`+=D-E^Iw)6M20MzBQ}?Nb0b+kDK@bD}dYZ?B~TcoxXH
zI=nnbJZVmfHg`PE(`}gx9e{iIF*voYh25b&ADd@3eIWi;7jgUKhJLrzK&!yT!5NiT
zWsk3^e07iC1v4o|nqH6A{9nxq^b0rxA9Psx+t=i-YKRP_B$v=hq+PQqb0}M7O$?om
z=9bEg+EIYw6lh2uO*Xxqw*o%(3!O$3?j$3=?$85}+|;6T0cnBCig9*9iWa4aaaNXY
zlb3}rO(=hxUT&hgNX>*(2^*Bnpgptu!1~L!x68!!4|iACWvt=0?8}l=(wZRB)+9f-
z8?E@u%j0U!u`b%#j1j2^<L95@I7z=(0n((nG&}$+{#%CPY(=x(R6R7W39s=ob!##+
z?n|q?Ba*K5>v{k+*+gi}f}$I*s~Z&MGzi@=qjnRdq;+WQ9+BfsNhLLNcd|JRpgokr
zAK12?+#_dR2R>j=Zt9uclEX8Gf<z!oN9Nd>`zskangg*C>F7#y;kTP%Z~{zJ&DO-L
zeK!DPf2bx#Cp9<peuF70ITLNYBkgDT?li%dDcvds?9Dl36%1^GnUD<GQtZJPEtW*;
zYl{eC<_hZjebywB%H@{aw_NU*wt2tu!+qO5$RHih5L+V|`=_&Q=%~a+CnJ7V063|x
zw>fU9>(emviWmoSqma*E$EA(_?rjD1$~PR34@AQ|=8gZXmHxdm`7T`jBVA_<1rz%>
z<4O~lDOJc`jObrN1vU<*|7H+t%Gj^7BmKj<(jjCG#q9<%MigHYiTv$okS7>{&tA?!
z8CU3<@D)3$;1h-4yi^yUcRFBJgv@nyMN;;s^yCiaI5#ZMNcQg@r!Vd$L{;G2eX0bl
z-R++B>n1#VX<QbxpKK|kc$g&|61qQo3Lt2aI&|@r(XSiN4~HL~SAg_8qMaxN`48p+
z;mffHSk(K=yI(73;OyQTLti-DMDgp8_JJ+?sgF`ApB0B6E=WS^Di@>DXTZMr3X<Bb
z|327c0jL~YYdm&v+R)Emao$m*nV6B6^zK@kRmO|6v|f;-Z=5oj0AcQMhoI-aZGaG&
z{XZ;X8B-e;il7aS*|mP+Bt%%p$POG-s?~|Rq%jYQg)pocYKOM_8Ol9)r7_-$+g`}q
zAMZb_I<n4$0^;;#xRyu;n6c4F8{+A$HufvDU_FT|)7r`>h*L>VY^yR|G|$M3GZcD6
zHNwlt7nAGRos}r9H~Po4{uu@EuVL;5=0CMdnQmSSp~<Wre1?8v9E_-*J|I(nPJ0w}
zJ#aI1wo_!6fNRW%GHFzBuC43EA)35iS`K1;#Hk}-K9L_jh>lOnBq-z;@niekqzbW)
z7|kvYfw8Yx3|@Ur1~D-xa;fjLu>k{zGG`(Yg8kfBm;h3dS5iv>G^l^5p+ymf4z8dL
z;nY9hWw!L_^$>m8|LnU;)mkfUDxi|=$?*DhT5*HtTcSD1Y=V_yzC3j2>o;kfue0}<
z0k{!e5-XXnT1jDGH*V|JeL?9Um>f4gd<hj8%*+iTuq&M%JV9%lpq(Bi@W?j@rf<K<
zPg0C2Z3w93Pie3L^z46!zIrIf@4YJTTTxF*^VeUU#IKul@l_wO1{}~kgmBQsiWZh6
zs~6QzPR9Sv?5a%OD{mZyWLkPU6FZuR=|})iY3rkDJ#TiRu%V{yI3ugLfSU=G2$Dd)
zwLqARx+y9@Z7N#G4CE^)Zx|>H43|^xAR!-OWB`Vcw4fsfoQ*U(@GiToz(!pi3UV5Z
z1q`4ps}S*QseA0z@iN?5CAPwZFFzc-B(RU_;Hw)ZX4WgI1n7oDpnEATovqJa@h)C)
zc-l3C?7UZT3-*U@m_6>a=4Mu!FJ1oSYUl8PqB=_L?jBMeY9qB7B+L83Uqjh;FhJ`}
z_#imKpuV*LXis`Kg<&?GG@?3ow4rQWof&`#BQpy9bn=ZV6?s^yk=)nQT1V>r;L=?>
zk|msGifa}o^uNwBv;Vt!ReD4GQr7?u%ouAsaz7@{V)_#_QlFfSWudI5tOH!L!T0oh
z(MRa77h;v|6VR^q9VDak5*80Gfd}ZC#`Wpx(9%*5z~x6!T6(SdWHLL0ZO{-Ko9SkV
zLtEe~eGjZ;dqUL!f|-;lUNc_@;VPbdtf<@(zL*50eJ}Sp{EPD~jq@n{CiD1Yj=V<s
z0Yo)lBpIAp*vWSMLynpx!{fnX{wb4-eZQLEYg>o(yjgIvK2PTCgLnc**CJCG!lFJ5
zqhvE3U@aG0J=%FpSo=dmqY=2HIqiaQxNgYw^E6OSJIJr|+GRSwZ|7a@Hy)iuZh2Ho
zEkC-aACscQ8b5c~3?f0~{>=GhxZgQJT>tn6YQl7WQSVF8J}qgOORsdi<f=#`gO6|o
z`Sdy1wp)OSo5P2}jk?So%2pAutN9cJ7)gd9U_wp|gF_8;VLo+zF{>D;Hm7isYXSPt
zk@ty&Mqq;-5$*h-9!QrxU^Iaas@QfV4^$K75B9d}3P5qUoF<jDs+~IrjH}4>=N-+S
zvo+3<kEM-4wY}egcI9Vp#PqhU_^%@4DDzzEly1Y(K6{FmD?>@DtyzOcgJ1b9!9Kda
z0EEHI6*Z>QF`h8dTIbb?weks=jdrQaOask$*`-c~+ssNBo`4u}=Lmm|pvd9@RhiR)
zv%RI7mRy18xzwFqg3;a7lextC`E#ArDcw(dh@o)O*EO9=gracHurI6bQ9Q*=n1IDc
z)?4p(QSil%D6pZnyD*WpD`!MAl=O>21sooy^_3`9j<w&yM<pT8D|h-9F1mJf7jBHg
zg4+YMN;F154Y@fWi&^BK37OZ`CD8Z9!B%)RU*Jv4M&kdE87H+aF9Y>|w&~x~Ok6Yw
z5iAQ6%fG-dCf0wzFvHZpkl%<GbRJk|sz%y34yFh7jf36)(@nSrp#uD0ik56;IeFY~
z5bQ{OKPspWmB)>=A2?Zti*Q;}QU%vdo%S?e1@=q7JaOa_fdC_8n8oq-J;!)TK{U5y
zAJG`3p*(o+P<|O44E=rv`6|oL=d2l4Q>cQJu8z4DOEX#;LNu-3{t&L0t6*@c#DPFh
zI1;dw@xOd+;ifcJumN`c+`g3vpuIco<@RaXrrcn`kiv7aNaQ$|kt|r!U8{L0So}Xe
zU`Hg&KMcSsj@$aDBHgL7eK;cB98Zf1o>dJPj)~i!OoRet_#tyYQltkol&DRpgX>!k
zhqm-8KGq-brDe9T_~}wO+Ovd%*M|U=zSmj!^WaL+fpOM@L5{a@)mQj-c31EGbL{Wj
z5{1b)Z6i0)IjUx&b&<+WaQ5pFYjfu^Sl$(m-S}_ZL-jAKZOdHCFCIKsH=On;2@qy1
zL$3NUULTb=0)r>!tr?#MtU(H^(>FD^>y?Liq^4gMAJ!1cYSQ|tkVi@0>5DjamYovm
zPz?O!9>@CvFvou&|MQYlr*r=g1jEGkzYq-5KiDM|fQ$LRsoNJiYj(J8$iBHXX-D9)
z-+UM_J`dv|sm|fictgTS-l)Mv;y>Jf?LG-4<K^lj&#SwKNv1%;!8KV(GkIM#Dz%@Y
zIGvt7iM9o5!0)~zYhsTWLiG`|xcYYVv1dA^Hr%h@&V;xQ1LG(0f0?a%?*RH{pr?Yi
zm4phE#x06kc|IRsu5YeuL^?OY2XK!jI|{x-u}A_R$YYR(p6}MCLQ^UJKHnUD;o=+S
z8<yP+S+?r^ixCrrj*#-<G#vn*_$TjBKf{cNoueV|F?I`B)&(AM93gNejED4Zq3I?S
zY!J}t!e4y&AK|^?{Z|QqAk0`uh~#^{CZ*_!XqC<Ai3!@$uGG<9w;NI>2<miY!e5t#
z83dKn25}LZ{1%d)b+iR8wKw8WG}u^*cMQ5L3=<o)O<jqK*dv9txcd^dVg`Cx3f*dh
zFMktQR3V)qPT{^{<}gqdUs}g-fBGXiRN``M%9yI)KAe66C2CUu#`3+Gy4lQBG&F?&
zK;I3$F@&bp2)v*4t#LRAUlJe+Y&g*4+doWH847a`?Hqe8+wQ2GGpQh|w=nbz#5@6t
zm)vuxpetVOK3WTv=KEI@`F7MMp3;<o?_T*84`8L3MQ3%2r8UUK-|mcjB1><HGl&gS
z%XTNrkdlt@4X|VZ3$n2U4)WgOC{iZ)_fn8G9<k^4HCtOf9XRn)D4K>YtHyA_vI22S
zS(03AY?*Z?h~fS;R(N8M(+Po>NPJ2Pe5@c+^$mX>P^&cs1!cU5pOP-QuC{F3%?*zv
z;XM;#W^sM|0t+*;qPs)-#jn^WVqRn)uRqQ#X7Q(?j+Frb&8}kGgI?~4egAXK?F@0b
z%SRA)CHL(lxJN#5Ah*V=hbr(Me$j3e>>^fdJ@L2C)F;5#*~Z&UHx0%U#ct#y>nKD`
z{)B(c!u95JDFrgwJNot6EheuXB4F=rId`zv`|n>wF=#^&XZ)?Fy;<B6!z#|2NncaE
z56*XT+7~SVCrRHr_mnIC^?)b!4=y8l=V0E@;riq=6T3Ojs=MWq4@&c0(*31i4gn{%
zx<C2>N8Y%DqKu;(S^yTE)WJL69xSFs{?wZvnjee|$GO+@n{?M2LqWWNoEE3VEsRYi
zZ=Elqnu0YxNoR=0kV#%MJgIf-MvmBD`1237F)LJnCGq__#Fr0*s!+6H&Eaz!X!uOA
z@zO9$V4gsRQDt!P{V7`)WM1e%=thfACl6tA&{))d;Ik1I<)V>M16h|1?!;3qtVkbI
z<-GtI>60VGpNf7t$%{##fgEi|q>Z*k8zv&N21pm}5YY^yYK+A<rknUjA)p*%JD@#j
zLZv!@GGOP1ntZ;XK0j0N6k18Nl%*EqUP8M4YaQ$}v%cF5Z6RrkKm}<@NjUh)s$#y+
zgeCt?x-pO!zWw5#vL>EyeM3tGTdJD-Btb-$<v&LUOo>P$#qyAPHNZygr+dZgS_S?N
zlp}?sCFH$g4|csD`A=hczW4RKxulN*myLh}LVY%1$V8_4GFu2fpFa?X(Q_%QWy1I_
z0?@)*2RWUZS=eyY-<D=_f3OB+Tm)oY#CL`y@{!uJf_$X!N1KF-=UIAAvY~HnHwK!i
z(U`L$m&50aG?fknr(9FE4NuNi1w#ZS$KGvE(=>(8v=5yPl%TtxlRE!mQ{IlL;;@PX
zoR^$e%kFjC=}LwI`6=q8>onl~HN+SZ60{423Fz>Q>0$iBLcX1DU*xOPC(ut_Zn0a(
zLgu+nU@X0}h2oI(+h3G95AMS{?|w~lg`Gqr&cm!3oW-i4s?*d=bg0rNII~lyzetDS
z)lq9J7sPIw$cji?pZ9<qNFzIxTyhTw%#sItN{?f%POK!9CM}ay>8^HoN;6Ln<xLQ=
zzWKd)zCrLzdek0%;k@s|Px8(Ku|sxpDo}8^9bKIc#vsT$j|ANst!pemD+gdqbG~uL
zb~{9VN$<VES;XwKFz3q4)|s<JW9dgXWUS18rvJ3n6d39H-N|NMT@8(}E>2bfz*41J
z%WERHyN{|qS*NAPTKJVZCf(rkv|<K$K9c6@iX`Vu!|k6qrRQy!Y*pM~vatcp*k@aV
zPuxLIOKO+3$S!DCQ@Lf+B~?s(n)B#)k@D}W3X2a%n0xSg%V5ON=1>+}v#Ky#IIdgc
zHyJuIsg}sTvzmJoR;c-*PxDm>Ft|HOU~hlrH}=YQOx1y0WGwZl6Pjr<6b~g|mmth-
zJ@GAqPNiyzW67M`o)|ljv$1~_{QXG8qwhNnZu?08rtHDj!rpvTSoNd&d`NAJSy`2=
zZBSeqX}$asXh*}qwx-<`j+uMJd`}xf7hNgW?HIY*<ustj#oGAprZ&M5V6WJ#1RK*T
z>_^m;*?zUlQoN$cb!M7lf>?L)1It>m&&a)_11NQ{%j-UuN@dmf?mM&GiG^Uy$XB16
zBXQYzV!NONfiu~zd>&_)oB8r1qR_}baE|iGQu6q8B{%ZuB8;i)Qx*~|(jD-FtEV?W
zBTU4dvJg4Mv&hkDVIe^hU?i`sFmd=|C~E_-s#iuUrLM@JFtwg#m)K0%cWesd;tw)!
zH13ApI_N#oUTEi6;gORXEHt1?=IWT?`c;vmZ-+4mVb-a@6LjLH3IC|PoLLEv9Z+}t
zT20*Mru_5s5>|gr3L$W0aOR4vZK|QAKVVAtCetSGNRFzbU-Tgi@Dyvv>cO69xyRQ;
zIPujwcsaV+oLIry0Ia^d--cRF;bu<VzOU(Su80xM+ni`ZJEubgnI{d!tZv+9@EXeJ
zN@Q^-uESQj_Otp<_PVx@2>p*Wdp&Q6N~C4mvDhMV4_iJZzm2_$P0Rx>E6m(FNI`kP
zhO_s=;DzU8OluD(Kx&x*`THZZ18pm%{a($@Ufj4}0X&?a_`FC%e0l*ldk~_ryo!9}
zak-?N3_h>^uTg*dK36Q}LpleuD8cTz8w>AkSewBShCgOVd0@}JCmY_Be({Dq`VoX@
ztMa4zRT=5_KRDqAz-(>K{s!J<<6I7H%>K9I{3s;e1oNo?khitK4HDW!n>%fC7o0Oq
zm-<jfj4kcKLs`!U%N>-Cq~-qDyUKR%S=)S%;A`Q;Hfd8J0m<?bz2SW&d8^D!_oF#_
z@0`(a<L(7i37%12dO<Cdss%sybV$hGx_BrwUOk3#Z@mG8$&I+eF0n;e9rcb6_%7<j
z8B>Hm@R2kDoSY4iUUc|$gHTJKi&26-;(~i&A8Bm7&0XCLT~#5P1;Q`SSSs*Q@Z?Vm
z6&wPa`6Vhx6El=V3EUgxctxA<ov|D@4V%5O)OaHA&*QP<MZsvZxyV3~f@$?^VUL)*
zYv@3|n8nFY>@HB`b|ssGWNxX_*Dd@FKO=`JfISld{MF%MoNf_VSFBBA)nrWFYS9zJ
z7x^SyM_O~yS|nQ#<iSz716O%`7%v^SH|cUKy0$|5kbNc!K8P={Qu}`O(Z5`nFe$t#
zr=%ZKc%Pj}Aq_R5Hc?1v+;OmFCKFRNh+?eGOlkw3<`VlAk*(Y)m&23Z=v{57q;>Yg
z(=Yk~R8zQ1NuX(Dla(kX8jM0*OY-u_>I4m<dRqGNtxHcY9sD6R!$?CIDN^*{VeviA
zCUZlgkNh+OJ3|x*-E75&$Y)#7#fN3v*=e&ud9kU$VjCn`)GgIqD=iR<>sOf|Eb5?(
z>m->V4ND-4oAwzX&j0i)(n0S2ITNG<Kw$s5&`ty4sRH&UM{Q0p(;29&7TsF<+lX7J
z2R<kL?v5urmcIa3eEVP;_tE##coSLwit)Tw03`lxcG;yOs<_2<Vw}$|S$pgc$1ZdG
z()Z|3&B^sJYeqh~3JNn^dy`wSzTX1#v-`2v5}2qoa?7PSJMQj}Q*~;kP$k9R5jgg(
z!XG{$wTvE5`lAP=-v3#){|61^{9m2|)Bh=;GX1N7%F4vd_1`F<u4XLmH=R9KpJ@uX
z|G*b0($~R=MAD`o1q>=IK6GVf6v}`ne*Y^r&IVtMeZ}Ody3vUc_AK4-DQ<wfhq|6?
zKkA|fqyJOhIk1sk`u6T&Y3>bGT-x9*x2NEFo1v!>a3wEGWD2HwYs0y#1wgf(jIa=e
zDjsKN4goWVtGEjdoy(lFr+D%;#Z<zishSK@hyY_!f^~=F>HrY<@o(rr^&aI4<ZP}4
zq~zZUjKrDvDU5>mrkL@Z)=&)4C2K$l8@@3#XA>8zEL69W1%`Hz?Fv_EU9gt+Jb8g!
zz*)bk)lIwGQD8b6rCpIl1BRi5+<wbg|3+-o`|Bcj$3P(!7hh?Wf(ea!Dc2V;D4Th~
z!S<`{U5T~C^XM;7WQI@o_iCG=ePnAI4tYn6fh<8Sy>gUS`j!knqs0_&HJkTblvdZY
zBQbPFYEdg()tcyRUT=iEMf=cL_D5MUa&{J@?Fe_{Vm-oy8o8Q2E1)c+N;XZh9^rc|
z;l;AHBsPnmcay(>f3Usyd{|jcSz9eKkPtN$j$+Fj;sUtox|cbOXtZb>i<@ElpcO|q
z?k3I>$+DQRJ{}|AnUuwAMU$M1PF@~rN;2)cUoMAI1vHd>J}&R)=mzIE=_v=_jr7BP
zyH?d*p90tEFVa@j0k&V~zUy5uPoJ0iM@xXS*y>Vvim_u^l5#R_ad%LsGXl=3U#(9;
zv^DR#&wFFO^rW7F!v=yzdvW<$N=nflcTehH??Yqip56Nw%oLZ0bRf{&35}gk&Tdy%
zeb@B^p$8q^4EP=;x8?#9&oAxw7;n)&2S%O*L()$P5g~%8fTmn3{ZHvf6K>xx;s*8@
zjI~`ItBf)b-rAZdQ^jX?<%eHuF3;Tz+x*zigDG|4Jx4JX-q9D^b*;2dV(8)Tk)1cZ
z7(4BHcdK)lN8=dSbH0_h3=<L%TGfX5VAE0<IfZq6x_53wob`t`^}3=5ccMmwl*7x?
zl1&?}-q*g}fJ=%ups*0Qm!#1JMSoH#JUy`i4`{UB4S+4pnQ^kA#rt+foB=|e?xA&e
z&nTzXdzEP_n!SNZSxq6%opdp2J+O$2PETq*i&Pd_`_vhV9V#$Acv<LcLYJM)4eS)f
zFaH`t*#z+Jr9Hl~mN%s&w_gIWifYDt?5HMMnvi@rfIz6kpz!u126c{toOLO9%j<Zz
zjMyYh6VA(>E_8x{wActqX^o9Lf`nMZW(cbCIg>dG(>tIhhZ)NLI+Y)3q0i%4Qk$Tt
zBo6HhD#q)bKy$N%gJguZ-+SjD$R@|O9NTXTJNA4JRVRuOwwJ_(l}9bJD0R=Mzkds`
z1RxO(0e*N@eMpFEGaWAtTe<?uApPEp@xj_C^nU<@Pr;ECT!TCD9XfS|4XR~abajtt
z=~!6EuO-6Vvvr0Je3<+5MXtj=LbpQZ3kP!HaCU~IxZ<ZB3TjiswBjGfd=~n9rP7w=
zg!EIQsjfc(EXP$3yG19C{3k}%0{X!t^%AI}0q5#T<a)bXJ+C_*sQ`%X@%5W;L)0oU
zs@zJJ@^GWeh-2Nl!KF4~hAx`lJP18*HOD-QCl`JId*5;nFYl+MJw{J|9z@92x#TP{
zsxF#TJ$s45TBewFdDq+m36DP=Dgr$r(`Ufx-4}i(48hgic=55@x*I3A1_dpkw>$QT
zfbo*CUq?&7x?}Kf!#A#M##LNvaO(#7ZRM%ky2<eqPU46A>A2IxjB#Ou=+v6*wJoA_
zFO%B9)9SzzMCwKhg2McX+fiT>R)ROJvR=h7!i+ZldQG}xEeQ3i=k<sG-i1pzJ9OBH
zcm%3)q>E1xrBSWuw?ZzcD^~bXE7AdM0MOX}iR=wVOy@!h@~!A9EZZAZ__Kkt;xrDw
z?%gbzGrU%`mBbMw+a4S~w91i9<|rM9Bu?Kz_mZRPX0~G>W2z~;hwpDSGTM2n1TuBV
zM|&kVy+m`jz-muN`zPbAe7%lrxFvhvj6eH8hh*{{#e`N5DT|o~7YoUEU1X6}17INe
z6hh0e2n1tG&WUj^MHQsl<(dMFCx_6aa%cr|?qv>FTY5Z}-*gQO?}{77dvisA%|xg<
zFNicQ83bLBrJkViR>fxRJYqVqY6x`@NHPX=l|CAfnNy~x60i`I?&;JQucm^+l4UNk
zk>hbG_?9dPC$kZZ_`rIXR#yma2mrPJ6VP0?4!sj82FvTX$EdKqlW&s~2*jAGab1S@
zi9EN~q_<3U-micUOIOC}On0<VEo7G4db@*GBOUOtYdv<a4PJrngMHI_Xy_j{L6$L1
z;Vi>HBPNO$bN0>Fg}gqRUN^waSacPMJIpedM-)q^zO7S|VL7QNS`TCA0K{LBsNybi
zA`)N4OE+*rCLWFb*6celNT}&MFmmile0RgO&7g5Xj=<CrO!|$lEmnw)bGx0BqtaB(
zd8G<OLoOz2H*czam~h#pR=n;=^r4!YLN6zR8^C77O?;JWHw4pa{_*Afx}EcNvz4p+
zS{3XbWCj!pR?!Wb3TQSW0_dE2F6G-2QXJV^dR#r$Z^tV^i6b}RPxr<t(Wo)@o7wVw
ziuY;Vixf$CF4WT0F02hGwJ%=&Hsu&AC9AX9$YduPjVEHv?t3a=a5kYz5?0su+YHKr
zf_*MkNt!olBCR8dMF}J{jo_tT%<(vp%10S0ovw`cZ&w*-v69DK0%#at4Be5RH%XSG
z{?%NML<Y{(;ce+j5nR&|)jp7Co<p$Q$WYeFw!TPM8;BHnATE!KzwAifUmRPjSD7$<
zR(t{>5rI#xxYS-j??)&3dG5MYrh+n;qL!5%hY&UZnpm5q8VDmRkp&+=YVO3P6fi6n
za5SVj@^L@wOX3tI1h9JzL?mOv5)ADK_g9WvTw$pM-miuwSM8S<n}OiA_(6_P)>qdn
z2@EO6_QS4h-d}N1&_?5)r%vXlt9wof*q2*4@FpN4udIRkFQ<@(qMRt7%^auUJ={7{
zswX-lh$37A{p!t%E;4~){I|+sVKQ30xOdC!D(-l>7AHrQ0YLb|=$^h%p$)~UGLFY(
zL5vG$tfhkDb@%{68?VxjqMW!8jl=c~o4jW9^#WYw<d6}9%PP%pDIav@${UXbT)Ft8
z8r9pbennEcD%$GZ#ldPcYCntmE8bwiFswgGxPLWFPD|R77g@9y6WONkuKZ0xq!3;T
z;KoS`)(|7E1P~F|dFOQ)CgWoVa$?{2vM13mD$pJ~as*}xX=^0oxbn<)gOVkY0vi_8
z7TaBHe@+xc@1;u6GE!EqXAe2dlGvb0v8g)uGlBE=DMt&l231nwHiD;pZE}ozvewlN
zuqLT3Zg{v>l`uERXDag@8v@3Tr~((MK`N)NV$03P2iQ+@SW1K!L*_Lv2>U2mV&;0p
z$>E~XuS={9Vy-M>p7+!=z$rbHW)SGidD8Zrd2Q`#9-(V$Pl=JqRuJDB5?;HhL8GAV
z6}oHzJjB5JQ^A*u-XAI7%iUobn*db58=pTQ{}>>VZ1aYMK%h^2V6CfMt5RN4i2yNw
zZnoN01DrXF9c$ugk92CF&?6&i{nr^8fgfR_oQn+ClO&-oVYrJPZTS&)R`72@1nz4s
zs40~qu&PcCGaL;-?Gbay&-j0E*@uXe5JiFyU<)<%v*yz`8fHA~uKnhp>!-H*Meqwc
zxPof_jZ+E2Ra64X5mM_}0(WdC2a3cY2A7_(7;xF$W=x_g=5L)l0}Ihj(K0Z93!%LL
z#eqmH^E!)w9T$OKhH<~o_z@Uq$PCuxMl(qYi}s@%J2_I+7^;EM_N*%XJ2;vf<~+<z
zc@LprvopO7RRJyN1TBQ1b$P@8s%l`j?4q_I>X)>#Aql40_TVoHSLEv5k!XDYEmxBh
zGT?`9T9Q0yDo2nMdxKbpv6%*6KVve`>E=Y0JMoliachGSNaXEZ=B1mo7-P)(r87%X
z1O*2I4wGCH7M<-lu9#9j8S^~G8#(EM^YMlOzOB@*leI^X0$#~VOhZm&nM((Cn;r!k
zDkt;~e(5jkqM3rfd`D9Ee=Ykh6prq3JplDadm)+2zE~FOoIa4Kht|-}@#c+?{NkOW
z4S(C(o9Ae()h|Mzl|Kwb8-};&*msE0YRJ_J1TnRCph<MSby;d9&5XS5TUz@EK!-_&
z`|^c`rkDM3bOlNsvHW&An}0MR+SpuPCWT{to(oUSP`?~@qjjdM2<wfLr|~4|7z1`E
zT|rJH)tBqDWNqaCQb3Tag4f6U8=jOtvTnoWn`zpBax7_Ao^H1lK$Mn=kGh~HHa-EG
zb1I>K3%8jzmLENaBN7I&I>CNn?Geke;VJiTCj-CMla?YC@?}nI7R{2;8|qI@?>WNf
zy{}Lgu)*V<u99*7*iJKxc1XQjivUp9?-C3fiWa5*Hf-b(N)}dv$$yYMIsBOj68ULh
zNLtm5FcTU)5QXDjJ0_@{*w~!YAEBja{THA95>zf@4Rg}KtjX0$?f&8HKELMo255-E
zBH9G%CEYn1Tkd6PWArohsu~deplOtPogYM@ExLCkWXNwU+kNUic<5OTDQAF{bDYww
zH9@wp(>#-cL6)XU!@J-t$|-FFuGK-Kd4yP3R}aoW?CVQdad>0lQaQK|vn~^vHF(NG
zyQy;G(S#yOp=x{|uhPepAl}7fUVw)mfQe;GdmZ(uWFwWR&JQiW){~IR2Uy8o6+q!D
zwY~$)W}A~f7sV<{h=T=@RtNA10pYAb%dC*|y(m)3>#c%wg5|+iI*9r9y->!d`lAqe
z*Ty|~F|bH|Ii!<aF~<jebk@fG{Cz+cT|ek#8)M&ow{&^{KJ}wKd0waLpIZd?zCP+(
zF~>rHEQ-gQ+}C^D0=h6ZEy`KHci&shMHTBd6QBAQumM@u_efqq{^QqSBd*PXU6e@^
zjO>Nqmchy=-qmdOpKXpsxJJivdX`yU{|tc%XfC>usS=VwylA44-hkF^4^ci%NofAD
zKD5he6WWae)de{I9&SZBWc4H^<wWKWATf&c)ygc}vf1sZ9DDsxeKul0`u%rd;s~mp
zS6n|`%k=%f1W(6+kIume0xeT10DnevY#;#ty9EOL$bcBK<goP8f8Uk=bR;-4CA$+C
z>t|G&J#l;2EC$tgB(?uYQ2xkdyUa)QUfCSSGK_$++m`p9xUO(EYTCIu8Y)eKVlm@}
zRBITkhigJR4JZoSrP?MwPQ@X`NI`mX`0+T&&?O_=`2x7PeY-*=@Z-@J$g%qzn}6AR
zXwlsewd;iY+I-73K#g(CDOkXHHWthg82`d}LFJbcsuXCfcQz*={8<)fJ0*FU$|>yO
z7rp9ww?we%^LF^=(hw}PBRtk4zSNC2U0&KiO&!4Oro|fR-FVwn)SOkgk7*n)s}g!I
zq_qd#;A-6SRanS6o^BG#rRKY<?L9ZqlWIvVGzEB>A|leDNx2kAj^g%lDUou9UF72G
zU@59fa2De(*$<7|2S-_!uz1GB4<hy`s#Ubs`$XIh0Ez#9U=OK(?RoxP7yc(h;~(=U
zO<?AKQ;{G6tZYpG7Z*u)&5pDM*>_3(7&2w-4P4{+Z+J9eU3_JoKQNAGTq8CK;!lI4
zuK=_a(vD&B%=4W1dZA8hPd1kC%$4erhyi>z`JF2sh_8kOWb5pi+s~KO4*e@irik8L
z2eBJspLb+Gzb@1e%#zlbr=KX60J?_DO-32a0-ZmZ!boJnd551ZsT~C05r0Ql96ymn
z%IXetm?p!Gerg}o7(9Jm*$ZrS0Zf86zuvDpU}YO+lRxQMgRCj*La43V6xO8%qi$M!
z9!_EuiGzOLcWdigNzV&26l6G1MISun`n7p~rCtHv&xWoHZ{<@va`_dg0hmP*eN!as
z<dn%6&z>Pm*WEthS0e{o*EwQKs|S1syL_iRcyCBUcUQ_T(c#8v2Y2@!J`qo+&-jRY
zjPQHIL#CIE_MPON>^H7ikU>b7=)Zpx&5}(B51G+96*2i7-o6_~;YWuq`IZgB-0@L@
zKRLV@WTk>usvakcm!;-10?Y<P5S(wHd3?Q|-#$tNp4fz##7LL^WNM*zzn*6H_`chz
zg2OB|hzJyv(NSb@4;@Itp4^QV(K^oUYWdizpO{v8ie~iwxPab!Suzu(uE$_hAylSK
zg4h+OT})6gY^-0Hz(MfNr-SLFjQY|Q6@nCt4n(M_QjZCS7s~Ig2S6k-T81Z$Q>iA-
z?sDS5hqe;q%}BQ;)9k+dZTmJhAupiL8d27%p@CPZyBpk8LgqcBDiNJYW1cmdd3Ff!
zvctaN2MsO+3(9XR<9vQBCu$=WrW@2qs8@^*iKnA~4A5kFStV4~@DRpbIKz}C6q!GJ
zrh+5=HGv{>>1BPs0<aAMbRZNsA?Zv66QmFL3yZ14-5nON8U8F?@QEq6R0c}RkB$E`
zcKb_?sI)O6cf}ZX;t&Ho1M7e~<Kzq$ZfHO-mmVF4=D_hYCJ@Vj3q5G0jQFRrp(bOl
zeb3irW-LHsB9xDB7!fgo(GCtg%M!e09O^6l)E7kO)Q8yO$`W+}PtMm5DO>)vz_l!8
zibuscEllLuSukej58+5uVvZeVtglBL?tAW{G;CS43opVl5h885MC-Y4y#!dx5LUN{
zNa{}gSSLfU7~X9wkDt80a#Ht!#jTSx31Xy0XaU9Lisp&2dU0%O<scY7pcn!R#Nlr^
zt88D*1TSu5pRXX$aarO=e=CL&#;7uC7))J5#Kn+<2?coxF8gL`ZO}Z_{Q}c7QW`hn
z7RQNyaa#<sA3*2?!g_|gcTyUKtnx?s4`cYfU{8m0kr8gT(L}QSkspIeMulYQw_(S`
z)M&+taZ++)`xb~+cL_9^0BXs)!m7oxBiBn|mMKz`SQ44E79L4AO4m-3S~>}%Pd1Pz
zHDtR0a@DEn1WidoThWG)-=hof+)>1fP95X7$_((=pvJ`o2}%_~saSXuCBvJhtV<X!
z6MJgQT|PgtO#(;Yms1!m8*q<??kopgkV}i9RnfE#hH{v2*{R!F0XRiVb>8T~hgu1p
z35KNVxN|r<AIpV2sz1ASq-f}DR81e@JhjB|I2jO}mX=K0t_dQXE)HT~47cmj55{LA
z%GbDn%xFDqtJ5n=ICp^$BZ)wrT3Nv)rz4`()*}?-au7p87r6II)s!pfh;J<{AU{$4
zlMhQM)eEq*@`6N+07V062Q0`J@D39J!-Q!h>rxTKBA}$*o;zmsKRVT?M>g-tr;XbG
zkf2c(7BkJ;!SZg1?x+Nm<R(3!Zu^a{%B6ftB$~~A?8}0e$gdrtN|^~T@hL{UfOvd3
z&D9&Kd-o(|EX$3B@X&Jap!wBA%xqN{eIcqc0b8<S60lT;1BRbXp$`Z2_$!c{g9kOF
z+Z0CUDk<P-EDON?IBA6JtS^kU!ta_TgcVV<ZqGW{*S5?K4}f*SET<6SpH}`sVzdpl
zuXT`SR_vaW9?Zn~%i~ZR-sTPiHgP64A93%ua5eX<mx|^f7Aj%aEhrx%<{VfFO&?y#
ztx&3pJwPyH6VT1ja1&MBlJfkC&fhrn^P?``a}Hln3BlUkEd8b=t?W6V{xlz3&2Szx
z-aMJ(05cP=col!DTyr7uv|U~)(;-%;dd$jtkUCqXXGuF?XsU7Pst7yN+n`&IY~yiL
z?Stlc;NXu|MWAdvISHzCm7D7gXJ)JR)diaen_NqA4PYP=R!h6UY{lxTKz^@@!?Jjx
z{m5I0v_VvcL@jvg7svaI9<0iB9TlA&V*^bsaGy3Z>ktgyQN<~`9Jg=m$`P<JoV+Cm
zZK%aodL~xioWJC(WgnF!&Vva!)$Zw?v3H#W&4jmJ(c-6FQTu{_14&%xNJtZ}*8rN%
zo%!5(FhD;z(aO}mVH7)ZK~>;#Fb%bWEM~^Z)j>+Vm#y@ffkwh*J$~veF_EbJ5renj
zng7^)DuMb|lK#|l^_J)l3WOB7(sc^Twi~OilfT|-&=Yl>>yw)D4TM<FS=?G}r47{n
znp#H$56(U+ubs`I8aOP<F4jT-7fA|_K4DF<72r3n42vFIJMPoS(W)>HN;?X`&0TD=
zH5v!}2&9v@da2p!7(BX*&1L<7d$O}l>Sv=P<+Pm}SR$7tw*@9<QDC07k`;{&+Zj8$
zN+T$yqTXU-u_1eTc=4dbR78+%JLi<}1r(<;T7ve=!R6*6JVzn=VhzkYyik_jiL@8~
zE@0iDvR4hl|0{{E&^8`oSpZakS)amSi1FPOrHZfJd3}lO3nt1xp}>0e@u{WYFd3J2
z2qOTQP(IyYy!ic0QC+aYm3&>B>jflql{pXh;<p99hIB;grDr?duh?;pg?yoc-mY`7
zAgTf$#G*;o<t~1kRcvzs^E5RVIU@RJ;%^QAaU$n!d-geH-oC55G^d0Nb>=Ln^k)j#
zjnJ4ek-RgMC)%%jEOkG=z&P3_%oH>m<REdUaNZR$bWpILhDKpGz4NH{299)%r|aXT
zNm<~mqlY-KyakjJO0r&LtVdH8o1&S86QyxGP=}zm=WL?4sz|(Mc~yt7Fcp1TdVpQe
zy;g-3MF!0*yFZOtP_+~-iWPEFJgTtt6;Mv5G^Vr-a+<?2WTM~3;(sv-Ob5iJ)nRN*
zI#qgMvVorU<vPqeQ3prfKN}Ug$6RW2D#Ju1TomH`Qe_x{wKy7@4MHQT`Jzw}!d_4x
z#<{q(_86D`KmeLh)0bHL!i~ieQ~(eBJK>mOJ1D_(U4_TfKg=r<F~|h4+{qdIVX+f_
za2}x1XYk{kZS*R=QgLy*vo|{|-}r`V;3Qx7b7@Kg5p(^uuK$^vi1%>(n{M&aaZm`m
zRp|5~OM)5I=7-me(mDWFM@BbC2>l+uT#nVmf!$tf5jhQ}#LOGV3RGeH%N78B9;j(q
z=Ve}p*-H^ne8&j=n0fmeO-!m~j3>O?H@6&{&6yl8*R%|Sm0mF0FFlf7(aPTiNvD8C
z<5^QAiX`XYfiS2(6Z8vHEs-$-Yz5fJ*;72H=hCXQf|3qeY~g~N3l3mR1}$J)Si1Us
z9~o4=ZAFU+WKPOZMey<B!hrSM1mPWzki2Q6qGT2kJQ-*?=DR=VD$!WMW_|F6t5UI)
z5Hzi_9mIR`zS>#5xhov_kBmAeo2O^1?;;TQA!`_I>EC{@+{s%D?_Ztm-9GR|1B-G2
zNxNA`(?26_5LeZ*b*<S-;W#`)UyiwoF!ul8FS#}uJvGxA=>7dbEeEvrMss>QT1znI
zmk|%J>P*fjD`?4KQ_+_c-dl{^Y^%M|*G8Cb-7E7J9j^w)PXDnhh)O~~YT4uyio}$e
zQ|d1VmART4ZjgaENv@Y&>b*2i<gv=+0k7?_BqH^ZD>~G5cc-BT4GoVIcHrNy*Wt}V
zp^@lgwIerU-l3^L0RgPVHQYf^;UObj>9cce5yP_dR-^7>TkxmoRb58G8nwU{BXRzc
z9J~>h5$R1Xfl7xd=tcj#Iu;S}qrJMy`_|Eg+GQKaqgTRWDnOoHuZew^!-p4*sJuZn
zn(sGpti5fN{3XRYb8kx~kea;eai0%O=?qX^ka#efYRk9RX%e6#*0_<=NHs>pFIIUp
zh|Qgb1r<H5rK~;*+X^hSQ0PT%*QtoZN_r`f^C)TO;X1qc{zZBI!3{;+@r0!-;@zW5
zipvP^osDGDfp$2JJ(!hx5rnulL#BkZsb2x~n?I=LT?=xm(v(RbQ^~Q6@_Ds=Zs;x4
zH+Hl%vRCGc&<Pltwn83;_C);U?s(rApnVwDT<`sZBw!I+$pkHUS0TL_5#}He`EO-G
zGr6HLcCMpGYqqu>I)*o8)k^3J@~We<@s4Hg>P$Rq_0{QIls|+tCg9HlpMS0Dkl!_Z
z;A6lzu`{PCy0Wfhf%mR=Xa=hbR)pFKf?NoSm9WUZpfsR+_vq@Tb^7X?|HC`|8_IZ{
znyWDwG=z>#5vWq}jrLL4$yCDbKH@|~5lQa3bt!OKB|iSbTBFcVDI;QZjmBr0{uk-5
z4zKddJ-Bk&eDTmKl&4E&kZO<dT~RICup7_@WC}!@A_t`KCZHkKeVrnlfpVqzud;a_
zAGt0T6c<1pcMan>q?He;diV|~=DBF~jBt7;f7##8V0Km*Q5u3ncw7_t>|P3E*)lco
zLUFikwIygwfxvC9GC5W*6Rp<E+`OgK_d-^m-!rq=*DeT6QAjn7U<z@Hoe9U$IVomv
z{;+1ORiQnPmX>lr(NCL<tzvmzD)U#Da~A<;EU^Hok-N#vtbjjc4p+U3P33EE(`M7S
zLB0B%20T{Ww4in>jb9GFE`>f^zFZTu5=2%CRgbVvE$1Fvmet1$Nai)|aFQQG9=Tua
zfqE4}$nV@#*2p?`9!BR2@8<M<5?cVFz1R#Rh_``H-yUbDcWcb!nUWVC1V3eIHR6*A
zmUF;#@eBFxUb($YX;s4*TSRG#pSYxSO-M3$W=4eeCDKgO68nwWP=(TgZ|Su4Mgf9A
z6>W*_es;|B$c=L{7)d`^^KZrCAg&bR-aTs;r<_u`qIN|$W}f7WZ@D*3n}ew4`mk?%
z&zzM}8W47cP>Ggtz1A`GEfz-^R((b}tQ{am<qkr%t>pr0`Gp-?YK*s_=}6f%*LYPr
z#lBCaMa}=I64Oifs)ESN;@l2KPq50av&oT9R$v<9Zt!jV)>H`tBs!B=bZ_<LZsMn9
zFXm=#Wq?i>V%80Um|%^XLg(KVNex(xNJjNL6MYmLkc5%o17~7Nw5%I69nIe<As2uI
zoR9UATc5u7&|e(&<mYVa$}VG=1)#vL&QkGPvS>C&sjCJ9>Z#rDYSO&4{92wcTvhb(
z$Q*9M`W+1k&8I^hM2}Ev4OyH^SJ96J{HoPys!<b{)@Z(IL6+&)aP%b`8@(3Uv0ewZ
z(dm0HIM^tkvc99wf?5~fQu;usFI)i3p%2f6VBk_FI7|QCpV|0%l%+HJ>pVjFk7ea7
zwFJct25p3kY^&amttwVd0dr7vwe}C(_NdG|ZTvtKlAy%Hg`(flfs%yq1go<*qJT|L
z&OdR1Zm&m~EAQ53`-u<$a+V%?=g%wd2034OIFF5hn>{;DvhX{wJ82fXnoj`CAV&f=
z&1qSComV^FHru2AQO{`fE4{RC)^Gmu8Vpgsl&d_|8n=R)h3X~PyrsrTG8|h~Ob%_u
z($Yi`VBMuGFKl-3!jS%srn@66yI&SD#&+7T$E!NJ)~8iI`ns?D`2+fZ2z~PLK<tJ$
z_Y8;8^v0(fnP`j;{+Es3E($=iE$!OxxOX>J^jNMpVGHUUQFamKS7wV-`JX)SV0M0g
zxA5UjIMWutG)sqT8gI?Z1!dOxpk$n?T_9%!2E^UlJ~P9-zDlnAo?k=l?*_J^b|LA^
z=@~nbqKEp>&|#B)lRA4xksHSIum*d14+?5X$xbo6hflO>K}$|qTm&hne#1RLX>&CW
zGj9Oev3s0U!21#vk^gnmmvKFPe`>FW{t`=q5D>IJE-}0{;Db6chY+eC_Sevsv19m*
zv^QV^`|d_y9yMp`KWI-XL*2hk6Pf?lG?Bdb-=>MoOpO1<GTG2siCJ$&_pPZZC19NJ
z1&;D^VE#pjMN&88AAq%=-@eW^+(&x7{}m9IMDHpUPh4~vlifOFm;8g?ozGpdj^#nX
zKJ9BtTD;O#eC+O`Wo`+TOkDAcVKd%0ELGrjtA@fb%rOGT*DXQP`u`*BJ)o)n|Htug
zU-sU6W^=jwULz~n64_*wGO`LKauE$u%6L&KBcnu#q$H7|P?=?vWMpTH(En-mdGq_8
z^FQZ(I>-Ayo{zm>_dZ{#fyc<N6<jW#=-p4RmB<-+W9HZX+>g2B+to8~>0D)S?P+{{
zX)=Q)mc7hD%o^Y|3THyxqHdE{7KSIJZ{$SY@nD(~Hhhrr-VVum>N@IhwZtzG)648)
z*ar)Z(+4avbLP<Z>ELFYu(03bv-3)K!d6FX_lHei_%jTjN;EXO=eqiNk=%FlZ$8pD
zMdRV`(A$|I%SRJMz&DA^wPY(zepVOJFZ`}-CMTaz5xJe<ryd%X_TkOPGs2%6KKrx?
zPOCUFEWCPlTH)u<!kOPsT^*i1kQA){Gb^wV@mAq8+x#mxwY0*lm0FZ@MQ^dr;V;1-
zes}BMJLQr#?E7r~#D~lK*qe0re<V{>WbgYp*3Z!(P}q02>iKBsv*nfL$)BYMW&18#
zUZ%5*Y5TLFu{z#&LH9xR3Ch@N>@%B&`uJP-u<+iHXctF1({kE!bLjJ|cJyV+qe}3Z
zddJyD`R7jeQ>+9$#0GV%oRLoPnYA`)_r!EuXKgNv;6t2hh%xOIncB&#J@+)pFIXB3
zOf;X%HM_hhX|@lOeqr!|^mkgW*IR=v2JKdVZ$1xk)<K}Xj8nOK68_muC1*(@$n<*M
zdzUTer@H4@Q?V$;Q_-nDPZ_nMl#{Xi^sHJ6?9rzKI>r@xSLu9W=-Rujc#hJ$xMF#}
z7|^L=(BKF4>aQLRB;pEd?`d8gBOl*2m-+YF^aHom(e5{UW1hdc7Mn41%$nEAdPrL6
z&aWq91BN}75hk4yRdyVMQQGXG<wTluuPJA%TbnP+Mzne}TzKb}(V<S8P|y&5=<TK2
z{oZO;79oY)nR*<~UE0ZSPhOl<)arTH-@o_R1KN=23g6V1lL~Kd(B1i#9E=(BB=el4
z4t+1=_L1te{r4e640_lmRm26!{O7Tzcj5END;zAPGQ|UviWUi}*MpCJKYrK8=<7m`
zXM4Ft6|Xt2{CMG!&&axlyxnP-!qcdF*80Q=CZ$lDd%HiE2)?{PcU|ujrrsx7oM%;J
zoHzb9-CO<B5j@|uud%y8HTxurV%y%3?-rH`ocw|MdHC`vaoJ;itX%Q!OkH~r-8#{B
zY;tKwFO+?=JUFbqcQ+%4dZF}8`*;0Y?-zsLaDyN5XNtGeU6lAe_P1);<&GncHyj=D
zym+{wL6$eE8RxQa{VkvM>7TTp+tWqIWA?7bgkF^k{b050fI_LqfHPIn#gajd&Z>4Y
zQoi=t(_wbKoEOxL%AGBBM;*M*n4!i$+iLs7&KWlyd*?4$5IHJCdxw2*HkXf$`-`Ir
z-X6C{O$Rwk#XAMY&ah6tO5gnk#d|g~zUs?<PRUke!w+Ssg=2zcls(pYSDara!!BLJ
z@Q!Gy4x%O@4)F_>n_Y9`(zu8JS^4IV^W>151GMgP3??*wHF9d-sj3SRC{Okv-w2_=
zhR5za<fYl(+N)&Eps9M@m*q0mWvEt_!(c^s(NFhD;b~@E;iT7S%!vZ|>Gl_{N|~t6
zzSXAAe4mfSMJ=`Mm<v{4!v;Ika-X%#tBtS71UqY((0OP`++nV(idd=3dExQ=P8V6P
z-}{`8iQOMAKk_9b?OW0hdk<Zb#F$cFDyAtjylKtszCg`2p>+SM-faIXjDV`Qmt$8o
z&Z8pZo;Q={hndIRK8J75n+7H@&;*T;2#no=($_<3GV^)w_y+f&CHuL3?>}0g8KNJ$
z*Rbm|tBC3C39YlA-_*lH7#*vieGD>j<m->ydxJGS6Op9X^xBHooSxmbq%WXoy196u
zLn~Tug!_q_cQUVgE16&B<-4ws4+&O+)Fd0a10{!sUL;qzyyI?V|5<x;w`zM9o0$K^
z2_sRXoFh*L3hW-|@V!uKp;nZ+^Lj3}RCoE1{CUeuot^oOpPxOc6kcBab)=J3z0e|t
zeAFoA$4tb_{X=_LAE0ORpk=k5pK>H?8N=j{(dt!al@9Up@`M#$3^0`F)o_;8R#&3a
zPTreYbhJID!^&XZ^h6fy*CTEt`v|-S(eWKq29d3EDmo>y<sgN@jlTt$-wp1r*{o?i
z^1?=p^M*CuT^5a(*>VJ5rt%)|yz=efb$0S#ipBk>;D(u!lSTITYy(@356VO?v|g~+
zi?lQP+|`>mD)6K_{*jMl{LB6MY8@B*+Dmi8FSEJbI+9KO^0Jzj>~cyqy-JPu(3~q*
zOH|be_0Rbf!9H5JTRh?1N%wOP9>y>!v^Gg9#i#_8?!~KMmEDr1jtF`qJ(mr?Q+i7H
zkW(?F<FV~c1%sz(rSl}rc|A{SJq!G`H?X6kH=4owR$B3i-#(HLxOy1<6l6Q7v-8Dm
zGET^6-Qvp-zkSZ1Gm&2Oq~SH}Y}XR!0d23YfrjVD=x+L811l@8>O>rmx3^`Q3V$|;
zd39mLQWoNnew)-I>#9)GZ>DwM%IC~iZm6Do6njh4?BGi)io4<`Dt-(a&MHq_s~1K~
z^qz42A%6d{``PE!k3xLDTa8vRCe5f!jIJ1}NhR`X-Fn%8HB$;des{`LnuxRTdp6!e
zKh~|-CI9|nMg!t-(*7wy&SJ;6zxXK(5DV|i?3z74pPAlEmu?(<^UFlCU03y-k_7)7
zbyxC}59eyc44wIQ8M@zidRfa}-t?qPg)HOiPTDbTie`Is!EQqr+KUeip>FrrBlBOM
zBv#D+ZgjstRR4yn-a2N<y#JEUB>nq$4;BNTS@Ek27WVn)bJfbbVvnw3R@C&K)g<n}
zHOMM9-ZV(%8Qe9LJ66ie_+*N3I^uJE@{_w*J97WWvhN|Uxa^wDmVR6tWc)?DAJcO}
zxw+RJlfV0y{QN=z;?YgXFRbx#cNdKoa>u4)Vop@src{1kcE0<Q?DZWroTBmBHXI)%
zaLi5i%-lpx*0&xbLemF6?~p&CP2g*9*JV7T2PMk8v=O-Fgl?$2T$`=W^Wh74kl2K8
zu1zBU;OxHEGIZ#Yc!*+6>E4y})o=~J{byR<F8t{#eNOl175jMc(7w)!tA>s_o$qWc
z2fB|4k2(kRX6yWX=IFQV#;z)tDdqA+{z6Y~L*V`eeqZ)CY9R(4F^8!x9GGeS3aiK8
z;Pdr4tAB`-W>9xmyNO(MMw1tO4!qPOK90hr>M!}OoSDJ0Yu3;DvT5zc7uBkQiaK(4
zc~?UYM!#r>1)8Le-TvxhLa5*SEb4N8%9EN4H)WzN#u4t6IR&~I?xTLG>DGoPgjrC0
z=D!wA&p!@oTFe=kjX`RMJi{6now)ycI3}}F%(k(^W-Mo)OwNfnoEm%MbV$Z7yePwc
zJS5E|vgZv7d5c3tr+2OqHa|!PH^2VYdF#T}a9rZ<*8`IT4D0KCng?{F`en{0L=X3{
z2b3&-!!Ru7Kjl0sX7nc8hySko!P?>7p^THl2tM66CQDaJ6J2f`{Ko9ibhn1zt?D>;
zj)LXgrY{AYt)gG?7@8yn&C1t##?o;NYR4$PWR)<H6=bNw^+yTO!_T;f22`~YOTH;E
zbkmt96#l8sR?ze!6{a?4J+v%2q&kcj;kGkp&%U9NRnL3P<+FFD@4!IN!aJeYSH(FQ
z?*GDo3z8VKH8Dl=_!Adx%1>21j{2o@>5l|@SNhS+H)Wz;EFOYSxI$wZ)f8y619!Lg
zcS=#S-y);VSq9V4pSsO#sbUy$Veipcf8LbH>K_W%v-2Cw`SvB#o1g#Cp=waaboA0U
z_H(m0m_<GZ@E<ts(Ei~0#eIBUjjwx8WrZpjEuV~cR_KZAJbm-tR}XUk+4vye(DFNB
zFZN_W5{7?rZMhPxLjnyCS$^l9WN1d-EL`DpoWA$`!h7;hkC!f~d389`ze97xFS1d8
z`WD_C*Se|NTqH3W)U2D+)A#`r<U1Je^39XplPbna{5?V^;sRDgB;aJ5Z`*g>d`dn!
zs&^k6uB6W^N{v>;89mh_UG~HoEGWserK$CEh`-&n+BkXI@)iD2wcf?dvE(~~Z%c|q
zgnxYQuCo3bP4+EyF)f~1+C?UO`*R^-hLiTMROH?Lb|~@ap6Hnf!E0&qj-P|(i3W@b
z^-guNFIHMEeAEbCmHpcA>*Q~nxIXAxj*NB@SDof6rXxJ{FLwopfbBJXPTIaSs?}VU
zPQNb&cWZbHZqYiKe-UL?&($Hfbdim_urYW3{(h)qJb6Ml@3lrk&52c+%aYCZ?(aTa
zUOMb`*CkGAcS;sq7tcC8IY7Lfn|e1iuICl;?=p>4(c7#4n{57lhaPTX&{%(ttw({`
zxD|f54Z#9W3?ZoDw0^`v3H;iRo#~a#Tu!+81c+jZ==Hz%?D>ZQjfW|;ATC&D0D**X
zBqSaU+Ycc4P1mmsq*vPKapGivC<aZ~z+>#P{ugQEFH^VE;4_T!|1S-~8VyeP^8f+|
z5%EYo5oQ}i2y$#Pw}A#tTtfqg_9H}L=Rt%f9SV;mDPu5L6nt$A!6mxI!loz~^!C#v
zm|_4S1tWeU_94(nv@&e^6T!!}f%KpJ7&QE703iwA`ia0gtP6|5qt{g8NUx;h8wfOn
z!U5nDZb3lgP5hf0z@Rpy+|U4aQ|1lUvHy>jVYNZTZur0u0%MFpk_b2)X6;w!|EOU8
zDHgL~5Ty;Y80-d-Eg82|yQyd#{A~^G>=00+G7*VI!^mNTAj>9an?M*i_$N>Vc^HAA
z#Ua64#_%X`59FE#w`l#tzWpE;Rvbb|!`veXd0I3QMNn4WJjlMz{QtZNgF(Tch5(J^
z5rm>08mWvY0UH0654)wrEv;=SaZ^#7(r&uZKYq3=RT;J&21Im55l9*w9*IMd(6EaZ
z#7l+2;Nae21QxCxMHs_QBM4TOO>f;)0TK2a0g~8`AxuOuo1XiR$aYW?EHsLcfhWcg
z`s|o>5B#6A05Tb)fCHa#gdTExJYctb!{&$oXeh(zF>sJ>0&xIbE>JcGc)dD-Fog-@
z2o_4LGR!iH5Qc5W5j?QOFNBH6rVnf#-{D+XxNjV=`1BXTm~H*;g8y*{P}xr)@ZiT!
z;GMr;ClIWF+VTW&k%mbG>i>3d@XPp32j6n8P1|6%g*a~06E`$U*v=tHBk<K<fXvw`
z#2yGmM1ptMy_!PsBe9zr+^{chdt$(Bg~<j^92ORz1UM9?5sK6}5*`V>&1rfK$);Ou
zM%oT1*<y1Oi87qGhNONPp-M}@B8fyIiU^~I5xkUGB5XSaykP$f0!>E%Ne7EYgU_4>
z5M0z7e8NprK(92@AR$c8AZ+23X#_L)3Q+DeKo~ZQ(56KpQ8*ldu#tc$aVYrGG(rg`
z%^)~nmQ@5jEI)@(Lg0`X5`1V5!4HnUoB@_Dm_w+Wpa8x9C$|u`RKF#}rs{E<{<9%5
zVbiz%xdR@yn?>vv!yrLaii&Fc`UZg4*tz(L2Kxq{5Y@7_5Oq0xcrAIsMGL^AzRe-%
zP4UXgNHh^mQr?!_Kv-^3+!lzq9Xj4_e7rKe0_d}$kfJ)^?Rf!i>og6tOyCC#2q`)o
z28YBdqm`96)Q-c!OH&9D_{JQ9gB6VwwQvgv^jklnv)5>iLos?R0fWR~m9cC0)2`(u
z-1hW|*;2=*iHR^_9wEgqs_Wz8dVGVpv5S|R=sw>Q-Yx+izCIgRQFuHOgF}<RducbY
z?g;!HSV{2cJYqK`774R2f=r1gfuey1h3T3g#La=h?MMYcD*pxG7UoL`ReBs2ha{oV
zYcFEaQiM2_|1rF&T>Q4=fZrZF7~uCoi$Fo*zkwSu{XyVqacDG>ge4GR%?Sh_B~bUv
z-v~6E@&_SEfk{9KanhskAjAl0A_l)M8hm6C!MX+)wFp=eUPj1L;1Vd9xf57LnP5#;
zh!)<%4bduN@SE|s#nxs>Z+IDgr-WEobp^1cu>{!qx{Q#dz`@Fk2p$9xNy5OwE1=G7
zCZ7$n;BoNq(ng?w24n@nlfc2l1$#3?BJB7bRSb`TkNyD?ftV3ngQCNu@klg=NCdz8
z`w2F*Lw^u#pnd6D0^}K%0r|XDguoggH5S+uq=j#*2tHB#4lluPXNL$s15Cqee-WY}
z5T~XQTr?;Yl0;M{!rxaBJWTlix&usJ1a$3I0Ij!w5h4jFJQp<vr;Nl95+Q!%CgM%C
z5jM5B8Js(E+L|?20pH62SJD}XixN**Cr*n7wU<C5U^k)yPlBUX5xbMdAh`s85pD>B
zLm|;HiUQ(?kE{Y?0yI2-fi@#3AfALGDIWW^Mr>#Pz!LxEk4;@{vAD_cI*Z`flN(LM
zx}C7-?b&24b!V<oLQ+D!fD-p+`gWm&1e0VTCQ;%Jzt~Fs8&)ThlB}TJFe?Nh;ATpQ
z8(`ov#gi~dWegFuJ=y%P$02M_Z~rv}XdemN>_{Lc)d2#&RFH5&1PvG6h6kWY8%dpk
z@V~MIEAxYv@;C+PT`wbm&;O-@xYmwPWAFqda5*Ie#4oa=F#qTH8f5}ZPYH;D<NRwU
zX;DNXXqdpG0u%z`W!vFzz?AnXAsLtxf<!=E9>8%^gTzO|W7kuL7-kFiR@&Yn7YR0^
z+S1%ZfFhw+o-2VxlzA;++2CUkv=#zys37!)at*1W-RmIxIhbKs5MqV(5D+^6u|sTu
zj8H?;6omf<K6o)3VjYh<P#?Sugn+NmK*F0qX>3gJCmM*IZM#PR1Hi!$gokBmA*FRt
zF4%__5@p+ww*VL?H2`a)g=99s5{T@~u&yG+x(7qt9y7#k7ANl1<Ti_gEKm)ET{Af~
zoJt2VBxp%<Q=_riwa9-(2MJPOVH+ACGz&e%u@%~&A0%Q(ARU5i4S%PB*eHoum;!JH
z$J0Yn@Bt|Z1M31=fx_<40;bUnkYqv;aFyc>kO(z#-360gK!Pxt4meR210)JtGC(}k
z1Q3_NqN@y$fZ}$MNZZl?X=jwcyzD^bOLTxlFeBh;0~^S5pyhbL2nmR6s|lnXF+e22
zw?XEFgMo-JFB2q8i6SK^3vtl_#Uk+_i;!Tg3DDD!Kzm0IRAIyp?cM@GflPxZ5=hvM
zWE#r=v97_TQ38Gn7=Uz|%n&yKhI`onb09&B^6#+hmS`Zv;Yn6-;s_&v{KO22Z5>NU
z#W2I%ED*cMrc$<?{69xQK!MUb%Lq*A#R7@`JIaJ&h97~WY&)s~;L(o>$O5r~L<FL5
zoi%uc30iAnnVHuNzKWoQZ?Qt`>mS#!0)b+gflZa+2h4y99~;C+flruX7yn<;Q^IU<
zw3!-7|7|8g$FY6BBEtJvAW8Tc8*piSLKB9I4zvL%5|N0-!(wU>Hx&jXo)(r3jY|O#
z3Je!5@I7#&J_-$k7Z!7~ZxQ&X5h8q;6&x65hZMj8P`;^A7&PdRU}X-F?fY3FR+dfY
z*+|gJXn2klhy(O3K|x$+f<QtNad;FksXrgYC8E3|V7Hua^E{l$24q-QmNF;APN}?(
z1VWRL$~bTZDa5}sl7URpz=7ZbP6!P$nHVjX{kq%ltT+GKRpO=+H*|{Kc%1<K#>|RU
z-WlE7$`4S}n>AViT)<fCv}iz3D3dT4cv2MNqXaK2u;&2kTHpeKzV<mMH5!ctc@;)-
zgHpViN45xWhRtT3+pZSSP{IgKK<WlJBnHQEfke`UVWcJ?l?fP7YG)C=jQ@CD^K^f1
z;N+>Cz}+QzAcc(s3>XGlJPL`$C=-dW%N&AB46D37RR4<t>{FCUuo)Mi`Hlw?r$lX7
z4@E!{3Cb7(Xc>X^*p;`Z3V;B9!v!Qh!V8hsjsOp#Lt((^f+K*Q%7qi+5!v33?;wdn
z!9m=BBsU+V20{UJI@|~Xl7NQ2`GBdnw<l}FD0l$y3qDY**Seg|1UC*~k(&Xzsoafw
z@wTjr-i`<Z@Mo_fvgL=A6I^(>>DGEy5{?MERuCvWl)%ntULe&BKLj*4iQu6jfx!q|
zg%6v77LNnFg?%$jK$8OZufg9HfW+6D2x=S}EHuE45CR}bF7SaM+3rSoIE4?AhP4DC
z%vxEbCSa72U@*HX`2Q679sLiuTmr`r7#|aa)Ynd~cNADW3DgTeK8R;Wm0#nliXRk=
zY$1pr_~T}BVTGLpK;l8eCj`J}s=|=?hOg412`D512eb@225xw91Bg)&0CfmMVr%s1
z!5D~CRwfWO{DB+32Z}ksR3`|SIwAtFVnGS#vHQOoKFq&8%2pS)X{+^}6<Ek@1OjfG
zs&-6MK&PQXAU`mHXj>=6ZL&VF6TvvVV`a02d^1UIAm3VpZ5eK>pWH}3z`h*9K#)RF
zX!kmHE^0guz2=P*q9CBraF#GIvbq=~ONk}@Pn(J&5F6{35Sy5Au%-wo-MwNUk^t-h
zoH#5k4zUYwFB=<N1JO56!9yaT=##}ExwS)8++6T0aY%%1d*25R!7-u$IkyDF1K$^i
zxEwa(U}wg|Z#LNfsBEcZGln-*vSS_guf^VA34?|C!~m@t2}pd67B@u1Awif>?1ls=
zfxZgFAS`UY8<GP<n<yhUEtu_;@dWS^iM4zK6M)DR1lUj<04?kW6&MFpA;Aq6a>{rj
zj)+>%DeyOO(B=`~P*F%Yc}=85NzgI?$o2FInpi;YgCvNI?Lmy)TA^+-iiU4X0Ocu3
zt%u;h@sX7SyS29aXLJHAyc;-mqZH^$LA281NFe1X<4CZWIK;!gW3dS6z)ib>3LK@^
zrWv4tjjrmdG{mRA#lxm%G5_rpu{$<!J2gv!y(Ix!1{sKnO4P&{ZjyjFL5<a7<Dn*k
zMhlPHs42h#i;_TpSu&9PTGL052CHNuo<IVF>{?2OqosiQurMqIfb_x810y8C?63xj
z!ePKN3!@A=nRQ4>>2=6>3DBJBOM?&}lU*z8aKt!*i<SVU1vCnUUrQw1>^l~XSir@A
zG~hN$4zyo*;#!#nUBmyi7D8`%-PZbdQ#YVzFjImADZxPEqXe3tI2phIMjp62*i)=?
zfB}sH3Zz1~QUl@<-L{m(Ztdc>YzVegtVkdR20V|22joHR#e;7&L)_GBn<CKMua{#$
z@~JF{SPumNc~cJ5(91OR@GS+<ADhTQ>$}U((ts5oIfye^5jglo1xOw?QH1D`n@MPk
z_sy`~h#2gScm!k!YZQd#0WaxFz$6Wd5aSv$ZW=I#6Y(HBuT^ZAgjyqtgRA60lF>#&
z0&6g9gBl1aEMdL>=Yi!=AOuFFAqLnId<fSeAsq_kwYmzT9F4?-MacG4huYFNc3X>&
z-P+1+^1P$)Z`;ZO?ZVv(Agz{x1rYp12@+kW$OVyrMM&_Z65v!v0SI?j5&VNvh7>7@
z>!p5Omph9NP=_!Q2>4DJQdomKAi=x#Rv9)FsD(MQpcZa61RHUSQ--tFpnXt~I(!YZ
z>hxgK2c`t@eYOq%7TwyQ{?GLP-3Wj^W~dT4FM)<+Ku-WP4jxggX&ekwJnTD`wpidc
zOv(WI2^tK^AeNQ>Pag)u{`ylB0KP$L(+zMKxK|Dm0+;V*D}z|D!2psw!xe{y)leW3
z$1rPo2#ABl;gHHi6dpWgSP#M;6c}j$)YKZ(MJ%YRqO@F~XF`E}&Dy#b^i13^8NC5?
z4Goy(z=6cG(eA82(E{xb$UK|<;udS$nn~Q|UmGgM@9<Z!G(lqk-bx&#xTZ3?^@ms_
z6zF0f0RymMxAuh_t^+2>9xMo%b_{S1H#`_U*VGIeOB7go!OCDeO@+k~;DcBYX|s5c
zqyVe*I06Al0?#-$yMFj97Gh)B&XqF!3k$TEN`PcHj-b}sMl5)~w5}+D9eZ3r<DcE(
zLn=T?4{+cgbs{9OejE#CY_PY%<M41V0pi|SE&g*Fbh_ZVpcWofi*DjZCrOV1TOY7O
z!C?sNr*~`>*5s?kgOcGx+B5}d29bbLI_duzNY-H82mqEs1rl82j1CQ)i~wScv{4l2
z2w=bmK-@%Ng9|F_Zo+N<e?GtaSHZX1piOIUZ4WmMv@M{vnyamF0oE>AqqIjA5(3`J
zZ30pf8V9!4Yw6<OGdz&Bw{UOsq#cV@?3OQWdKL-ZM*_Hir~?0(l7e_3JQA!4VWnXN
z9~D@3!Sy8I6vx#72>2AV*<cz0<qNDr)=b2>Nok!^_#rR_9H0VH-m)4{+(zhN!KN64
z2Jm1t4YrYZxCbbe@xP-I%ti!9<W#}o40T9g?Hnyu88{~jm<K#y<735dR}Tt)sS4aq
zW)E<F08EVm8waor^V<VjWMw#A6<`Zj2kF~Z4dlAYJzxX{V+|;Gn~#&n0o;y3ZfiHT
zVU4Z7{-gi)H3iseKzduKHXbs)&;Xm1ZIxxm)(s0f&k%J;0_M|%!q?7%ju7nEK|@L)
zD8moIW`+&BZ5@dPEmiCuFfelL0nBq~LCR~VC@{QKIIy5_)`A4+H|YWU!BZM*L9_;0
zs0CSqln+)0)L`9+0{em~CGfw~*&#@Di@=sVTRd)f0N6U>G=Ov=+R(v`GDW{O{$YtA
z5H}K@C}I0ZjopEO2+wN(5yL6K64p=$+Dm~3#g2;xJVL|aKz><E<D!KBdI|{N9Vkff
zFHOJ$^<KyVoNmH!gJ)g9zp<MfuoHF+t-#!&TEH=z_ChA0&j;kFL5PAb5RMlFTSkKR
zdYfdR4M380!J2LjgcGC)0@(B8h?`hpDjkT8V?&+)`v$_=Mw((D#GwGz4I2Rk{A(j`
zZMw%sXYt<?;K5NhJqHBFbTF@Ju~3PS*9N+6-{u~FL35g;_Bmk>#@_pK6>nEK1D?9e
z20g-Ld@{-V9lK3ohQZ_AMvu=FWk=0MVf9rF^u>|_nnQkx-4$-;Xy!0CFnv!a9pOy=
zRmemfNDKK`vG7-I;qTcdPqM1&z^$i^s>Q{R+4j*6?E2(>KU;^K;}9}6XdX3rw9fG-
z<CoV5J0gT=QMP{M#4fk1S>~($QAeF<7MLc?9`!g%k|`$^c3rc)U6uGpN&c)Gt$z#K
zjiA@z_1`LeM+Qz&R*2_46bfgYz>Wx(J*`^lj?fJK-T&t|NAIe1RNioyH8w?TK$5mG
zlykb-Pb0Kh`t#YCcyjec)*cM+iOxSHrIKT&5z`pT`CjGDh!IhB##uwE!m^d}RyqtD
z+Tn^>*fCK~p+d6PSsHEbbSF24PO8Eur+$;7=)JVQxBJO(i&QYmM*Ovinty!&w*N$}
z{aUKbR5#M+d+0M{#p&_HP7!~xIZ}Um`6!wFeG|=>0fCjH0Vr}HM+Y>AX4N_@;;vJH
zwYwB^&pu;WZ$#=^bInH!*AEu%q)g`0-;Ec(FVvm87|}Z8C+cuw=>Fb6>AX|g^^A`M
zjv#M-`qbL&qm?alQbYJ>ujFjISSDkzRXk_jU&r{9X<wIn=2n$7%INR;w++2?8gLB9
zYUXm+?pt7&eSfYvki2|@>SrtYA<g&MoTjt=2U_)mvgnBd?_~W7!)HYDw8tK@H=8G#
z91^b2HRTz_o2Q!n{V|nq79=MpYKrB1KN1zxT5y<On&;~3tkNH+NW+X<+=X0ziqT#u
zyv|FG32RYBDR;3CA}iF>qtVzvemj}|*a6ciyO{lvqsHz}nTyD-d{=orDO`1zx`)E5
zGsqS*<gnGsrSOWVkH0VK*(w)S``x0rZ6qe_R-KZ1wKb0~Fw>_s_Pp5{4Pl{Zer*G;
z`w`c=#go4rFqGk237+k1`WSXrdH-@1@$bj5n0TLMcTKAjX2+NbO($2TLsR>&ihetP
zDna&cq=Gmd@rv~41hVwI{QeM6_BMUpyz;zXL;IfJ6h40#BS`qW<a|0O)c~`Ab}F{8
zRSiLxr&e73`tD_I<KW1%xo)cNkD+Y8etzuzHF#&BvcIyS?p@yR${#}r`Fna@j~FwT
zIQ=e6AD8nz6BcnlQ#-5OwZkkmQz6&iqdDC?!ExGsN&oCL$Nujv<lcUtD7}Ta(u~Th
zPx=lT$;3U+e5|IS;j2<FRiEf)AplDScs4pdcBi*HJ3<$_CvBPcOiQ|T5!F+MYqErg
z##vRkGWA>BYHWkD7r*h)Nj_Ig$_c91<#9wTW`*cgzR}ash`(Ay-}m5}l0;efm`c3f
zOLnOXFPcR3DQcD|5yfPW!ZUOQ=E<LeTZ#=9)1bR2&d?o@g<0dyP;?(l$XC9pUi`SM
z%(MLnb4xJ#-VrU~3XiZB&nHI%XO<Tm^Km0>CNo86Zy4s^yN%1Y%d#|)A1)c1Oa8$A
zYhPFQv(mUj3&YiO0TDl~!Y!O9-tWy*ph>h&&3#{$yY~ydW8Vw=cjR-HosZvr(Rj@2
zIY^OD39~kxv>cIqb@1gY2^xB(mPADtW;F3vqCxTQVjcy#<U9sXtJY)=^oh?8s1Fy1
znYuYX4ZU~PR`z9fov1uM&oIf-&EnW+{DPwC$F}$VvBvyuhG#F;j75Aqp($OQPKZl)
zbEBikzt|~rjOBh-rg>HyS$Hhb!qUB#Z|O*~)}C_HJ>@w^<i3Uf#C_qp*Ul>$$iNjd
za>o8i=`jydM|fc8`_3QyxR;rC-WL>_E55&zD`)rO=wjOSXvgQBh3|HkJ4#~YjwLIN
zwt3zhz)7Aw=}~2_jJYoUi97nSmT&ODbB9O8h8DLiuFO1I{Z^jGly5CU#!OpZUwq9X
zar5B|bi_kpKB6$2%e>^NNG#_K#B~4t6S5DQleqFGKjs_sFiG?{-LFk3v5s55n0q+r
zh{(%7;q#B{qu$-oj;kJ{d1ri(@fyQ`=fS@BuSjlvp1hwav-zww7xjJ)S|%H}SY1`S
z^rv4BYpwJ!LH@m`_kC5LgNpCSiUr75pPlMW<ZszpMAtLBACpn+Tzc{h+E?({WwnIr
z=^oh@uExfC*3c~1S^H_)-`<kldE91^w`bl~9I*ZnGym!06*F!9j-#esy^bZ*QG1@f
z_!X5DSe0ZLbn-2IR!*SSp>L5^CPg{VX)7y^e4QpSe9g7%BFqZhH$FG__Vyx~=@#zs
z?YE21PI_uqMwYNdl-Sa?M?X(P*=l8;tBy<&iRQ8E50-rIc5>ghS0hRHxGZBPGTw4b
z^|={6e-dkTf7+mhqQK|trSS^sd3{J0al<rS)_o6+THvz#Zb^yS?=P=;`NgP(Xomby
z9A?-r_^^W3^BC<DOYqXnr_S%{yvoSdc^BndtnZvQQ)P(=dL=hQpMLbVXQrVj!lX4N
zxx{!}BzVreuy`eXA7lI2jIH+ty;Ek#JQrfPe*fNkb0FQ+(~IY!tyPej({<FuC%sIO
zOWimhHezJR<;P-gL#bsyb-hTNPMi9k(Ud4s!n=B$0q6E%EOUBzIp@BLeOzE1n*2v+
z`HjB8#PamAM{#zsA*?X+so`MBm$y$Q2erU&cAh(2v~!Mnt9aH|4L2>0Jbj{{A>-%%
ztGvO8o|t2CFX-|cimZ&%xiE#pY5SIE>Z}fw-}QKq<{3FHd$>E_S#Z~2qQ$_$zGwZ(
zt&08Kr<5c=$Jnj<A7TGSsJ?zoZ+g<2+*hKcQFGu5y^bnx;3wvfJtvTS!H&o0zSRl3
zA2{Db<HSBTL-$46da|e6Ut{IifjPP=aT-Mlho`jM!^A_68m5FIqaW!gzgvDQY-@7t
zb!gSz$ODWk0-Xi9&v_!ReJcAathnUc+gl{Jr1U7X?p#as`<Tc`dbi#>9{a*Vr{X;F
zBfq8_XVSuMDdpY9<US9twPJ-Vk)!eY*2w(5nF=hik2%vJ=bqOtzTM9PlAcF8G3n8=
zI#B4*=YC9)`P^V@JEut1IB||yI>x%CYuYcPP5A)vhGX~Y(?yQG#ie&1*tzh-z5;c%
zu_{6g#Idq~MQAaz#kzXI`N*pKP3}Ds<b~rMkM$di$NCi$q)><i1B_gZ7w(Npv7ql4
zF$=GOGU44wvr$Q}LE~$6JpG)WUhhw%54SZhHg<M6uTVa6L-ac_9_XE9+;!AJQ;74K
zCQeHll5Ev7>Uqv5uc{Mkr|r#kKWA`wPU!KymSfia-12htbw^X%vfzi9cY|#=?vv$A
zp3KDD9|$hyF+6(K@u`o&RN5Q7ZUNuX&uPocw!x5O%VGmxTei{jIm|H+>mklKh8T>r
z$xYPLvPYpR1h-Q2i*yNE8jk5AKHWw*w_p+9;FVYEtO*m+CektfS<FYC(U0_3$0?iF
zGD_c_jwbrICA;CDWnfR%yB)g|Ect=_mgNf8ri)&3$yF@y1D`+y<>j!`F<i9=Yzvjo
z)adY<JnJ9TQ!<R7eWrJ<F8KmdK%BK}UrwL8MDb*9dhdR{qjaNer<29)b>(9mew>Jr
z6X}S=_&gizwD(`FgHQ9nJk@WZW;FT2Jmtc%cn6zQg>#)oGEL>-ZIR$>`R{cou96El
zlUPh)6FP>-b6G~F1_COQN$t-)_sl5Vs5)u&?x$h`&j%|7$I`urqH-G)>I;%v7LIX#
zxSfCr4AKgkzucTQ0xdEI$&cPYA(g~`L_#A`>E;dG$rHg%B{9*K=C9MzjPd!RmFa%;
zn5Uif#~xvI-3A+O+*b9Xw?Al`Bsuwj4Bduf_zS81S<YAcYfv0(%bT8IVF^o?|5)|Z
z4Q@^RaLDZXEyu^sK^`Us^K}LS`dW7~noG(uU5oCSe^X^xE-eYta_NoiY<^rM|8hRO
z)D-=+<U>pM*gg4M*3lmRhki#iKyi(W;}7nw%-y~8QRCMA!e0)LTAR!cH90#Ckx=A6
z2TgP3?9Eb=EMGW(VEdAJ{6IsV&rB<_gkZ^hrvE&9M|I{8-IxxV@yFlqyt9dy-d7tF
zbLm!JesRo^0k_8;9SN}m0|N{(#dYURj_j+Y)PXa~zI-Y+d*UjUW8~$g`{r@y^=4g$
zm>5s)vj=IIXN`2-O!6HI#tEMr^3T7FttCtL>+;n@xphC^msBzvWIo{fo%V6^ZuJe4
zXInW@i$^iARq-*wvcbzwVS;r3i2BpL=H-k^Y38V0O|q5uBO}YN&6STzdu%)$)pZ^p
z8Cztysr7#OT;DxGt2sHhh<&VajrH;$N4xv|8WfOeqyq7$<@p>=nC1%)ZB@%l;-_86
z_j8Lp$8BaEjO8MF97<R-e?F`}f|sq6{rD#?=V0(6<*%dx$wcBwt7HQPX%l2}Vxp4F
z`y1wuzh^NWNw&=%|HSjLwUhh33IlC>o0URCx4uELz1*3zOKAbu4q6|4kg9Pwxz)_>
z?)@80u^Ju^?&bL$DrkM+ecOptsdX&PQPPoYmn8375}9V_Ts-+G&C_2|emAp9UQoiB
zjQgGzrh%~;@2&JNC4A*H>T7nB`1M`#M6A#JGQR>sL`!@2a+x-(E35He%G6_cZ}D4~
zqUK(ORlo9_6*xW7A=~~=C|_qFF7CpVU&%>}pR=i*Ig6y5@25{jpQq8LQ+ayAg-ez+
zsY~`}p0sCiY%{SD;mnh9B*7My22VY@?DspIy6~!J{KiMWnb!+_htpSG3imE@`>2%o
zM6kc7FTKYHhjuGh8eF-jg;lXGv@Me*2iXp$P0JqPfC&%p-VNoixToKNb@Gy}v(GTI
zjiGg69;<Dp?`XIj8FM4@+JfIOW5<ig;gj6t2L6udKZ%Xa!y}|=dJoGMv9CW@Exvk5
z4ZX}^2vGX88aEM_39o2!#~zx$W8>SMYN>EX)%pOVjw9++;R~Xdg>J&(Dc55by1EG`
zr(E?cAgN+69!?&myj$ua*B<2Qm%7hiUmc8z8C;b#a%fCSYAh_$|GbaCW=}r(R|lDM
zn2bH$Bp5u^|G?FDQPB31pHT2gj?^dGK0{beF2ylhg{L3H^J6_dkHPd6_2~<pH^f7~
zM&yXd%ViggwyMA$TDpO^cq2MRDdQGa?1QI7;_ly+hU>(3ahcp^{0i5{6i*fj)Lk}R
z%$$hUZL4oMIdB#eEz0mCxh|Uapare#RYr3BpV8ej+$n#+Rf^fsC-WDsbTHo8b@pf6
zV$bgwdx?2zJB4y%d(tx*jC8q~?5zaZrPn+IPjJODC&V#NPOn}LtTtx!XZ%Zfkg@u{
z>+uJFJr7Lf<3hE<R<(LdeMGM>74mx=`?{P7#U6zf9?0IXGfTA0$i;t}fo<;R7u3r|
zlPN8JmQ+8Mom5B;xdnd0Zf6>p<yn|{T&32{B=wpqj*uXCTgk}|75M&z+k4XEj%VGi
z&CT7Z7G({fT~rMU&^Tm(<guEq=2g6qvZv4>j@J$+`WwFa{Q1!~1-beJ)B1*wH&hRY
zEAu$L2<p!^TztT&4bi2dc(R^Qf*a8kqR35ml=l3Lef>gP@E1*-4n28vP@;#<^vcgG
zYRsmG%pp_e0B7(0>Bbk4eO^}`j+eU~4o7?_XS(5Vew=1Lw)=HiVdNQd$v)EX{gdt2
zZ?`<J>zsLdyGzGPt6YBS#x?m#J6>D8%MOYU4$PlBWpaMr+2!a95to8@MO;b2k^8-h
z2FZ;lC3gE)IUaX8aA<Be)F7<>z1v;?e)BP2*|h5xW?C*ccGF6h#faione*IeRWXxC
zB3)c^-q)7z+w&?x&sgKnN|?gTpQhhFGodK<kJ^%d1KLw*I;xA?e2?CVC3r8bFqT+d
zeBQp7QmDJQ#=!sK(1A|_fs?ak?g8@OuQz?9Aj5Irn99z~3cSLJ7g9aY3eGZpb-zhS
zU$Wg=>#SJC@!8|A0<+5FnMYD6^1~x3Mnb8|_SU$WJ*PDhQKwdB8BvN<v8RZ0eQvoo
z;i9AXd`$LP*E2~eha_@7Qy?kmPf=M>JT(fhMryVU1-(MDg=Ex9ei{+5Q8c}<RG%J3
zY4)A$$=BLL@6J9`@F^(uOCP#bF?s%Cc7DyQXZ(lD4Vt+;Lu0!d&NUzUZdK>O(X`w3
z&yaNZEq8urIHiTE%&z|=(|6_)Q{&k4P^>v^%XetjA?j@lV#?3@s<zB!bD5YIb?2zf
z9J*zLG8g?U!@1|en{_+}qDnlqJ9o*d(r2ztkp*9$zDJiwopFIU%et>{N|0vu=miY4
z&?vKOVV{1qXfCH=pNy3G$=AKQ=lnXwK1w#PDpv5j4@at;GaHOr-qlYZdRmM?{qb_P
z`{L<gmqphfx6CFYz0B{v*yUF3a_&S#ZCFv^t4of@6(@%&?`yNH^ra!v8|dbsFo!<Q
zaWhvkjR*CcG~U)AsyML&R${g4$iuv5>504OwL@6?-_-sojWZhL9xmVO0|^mznO*xT
zYBSEtwlY#MX&uv6)Kb#nkcpdP=gz(yi>6&pjNzY&Il)NzQ2U-<jd|-XnaO^h>{yd{
zB^l4h!I4QUogU)8kpZZt2^ufD0Q0^VbhihH<h%KoR9KI&+eyA1NVw7^O8tadm!9S%
zm8-zRA->AO;iwxKI!k;lCmm)n5tyekE&(qB^!vj!TMvaszIAZ7={Ndx#`pmbm)F}`
zob!cd)XRj-W6S&90~%&l`wrx3U^^N0_lOm+56|lSL46I{m6THFubG(P*6o|6sj+)R
zV$TG5>O$??_fBzfNtFTufuByWn)l5hw6kE^Us->@pJVwPQQ{|k0TE$);PmK&Jyvz^
z*;<~&pLbArA>hpV_Vn_5t$V+hF^$+p1d6datM*F8%{$K(x`z0TpZ_?NTT${g$uFbn
zZ|xra-w@*dxZ2(Gf3I^pD}Gv*r^f|mRIQRPFlv((OPws-FLlvWeE6%z6qTr6`Lnkt
z1I?wj*YAxi&&ml({u`y#&39-uaN!?|Dg*1AiUd6y2wtktuT~rb=5Xw!0E=M<<`CQa
zg=b_EL66|ZR;@vvuRoubZGqI@+faTshU<Wa##H@z4+}AtDu<9yO?0|{Ri!UT{WT1z
zeiYS9mN`G*$E27SA@uq6Z<`<Fz;K3|x8^ht|Bh+)JsAofGYunDhRD57Lv}aKq{w5C
znTH=lTtVS8`k&IY#<)4`7F?cqz=QsLWa3tdzq!uac}Cmz7X|{u!J#38_^^e3Uuo}#
z8+V>jf2c_HLLW)MA3gr@TWXO|b5{n7fI3U3geO^|l5}|Gi-AUpSl=lN0kMa-I*E(?
zVW-Y396tN@%y&vu>L<*5xjy^gny(FC^5QO=xU*C|WRqbyYeH#94xr`Ky-!&&)%OVd
zAVe+tZU4J7F7E|g$AvmnBL;W%PlQu>`rR?%Pf_U2ZDGd8-h$gyg0E`oCF;oZT$>Uk
zykatj$hYVn+!{Y#bNf8yF6Vmcv1)C=+p|)B#-(%xn)?g<E_NO{Woj=mq)UXxFALeu
z^nQ`6lN4+f5nev+u;Lq{by<LSA+o}6L3BklBytFn4(AE|b7wNLB7t9O{6-1GZX1?E
zk78fKJxoEicg|Mdb+j#N@U|^75WomI=Q^gg<Z_aa`kXt=bolT~p<?kNGpXNK{j@*K
zU!Du#GlQGlI%>mdj`J|Lzw)L2=<xAjT0^8|*J99QWN~eUv(hZfS)hf^z%TDPSkh&L
zX@)P=E)^Y)<oU!Gf-Yq^v@3}7c*)`S<C-(^JVzdAj6n_l4S#G4I;4*r=P5x|G0;EL
zZej?}CqJ<Hurzinl85%Ce;tE!6zw6+@ysB)(90eP0x9j%m${}Kbb3^Sj=cH4F1cvc
ziyo2XFDk2K1@0rimX+Q{djH+cJr*%VVtHHh!l^bA<$H&fp_44aP}U{J?GQ}l_It`u
z6ke|GC45R%Fq*@a;&j_-h47aU3n^gP+O=ws+*1=7OcrDqI@{p?7tOuP+IB{iJ8iPd
z=GE8RMJr|stYv~%A=2XpZ&rrV6*+F&S}U!>zoOh`f2j^lik>PL?Msa4siowN{@cv(
zYC`Ga9?_ae@4lk%S}5+iFfN96<BO12l+7!CskfAmuCg)|s^w8>8CB~G2voe%Ri)}n
z^d;X(ll5danT#y5c{ILI^!-sIi|3plB88Q!{c149X|dB3`l4s5MBYY@SH?h3V~d>C
z&B&81FPs&)kBeM|zCYt|t;*nYc|b;Sckl65Dd~{9-GvaKt@U-S64@I$Wush*_Y=iF
zrf4TH`5mGkzU5c(XHvFX#6~0N$_L?m`F0+1Gj$pB<<GJrs^qRi3K!1Myc8-IRv|18
zhPi%=LTB9i1fTX!@%tdG@k_Xp`SP7UwZAb}jcV)Z-+r80rs}Hw^Cip%Sp+T>f6OP<
zKd#oDJ2`qs=ggN$fmFhkr2VbE8KuQ6Jy!*TQ}*lkX?RanzUA)UZ@>Jo2%5`PT>boo
zQi!}Nq~Uwxkq6cO$75g4Nr^Ksk2fd@pIy}Wa_6Boi)I+pd#+Q%<Vx$x-z=xbEM4V=
zO3;6MCsuy+jQ9SG`7_CJYPx=J+DuP(n-gQ=RSM3aP97>ZF-K~1CF=K-R+rp4jZDPt
zBJ$s8+UhS{p|7mBmHeUN|5w90R8M(6C*8Oql`QdtJXoMr`1_^vkMeWqsft&EY=1|8
zu{8`)V3|@EV`~V|vmaeif8XDXJ`|Q<c1MH5?}^Otm-6#%@k-xQ!G&NB>1y-yE=>Il
zr*nQwY3FIo?{U3lL%wD6H!R@q5Z5awk-H+AdYVcs;l2)9Cs^aIP#^gu>YQ`&<R@ik
z2^GFaWRsep#9bxneFn@EoFm_n8C(<lJYES0P`~T_c;1RjQxU2YWm$taV|>IWMDs<;
zRW)Xp-KR6=6s_sZX6LLl8(F@b!^hL7b4%EzTd~xMLhHy~U+rt9UIVsccGqg$%diRT
zE$hr;r&Xfqjq?Aof8VKH6WrvfmL~OnLDbLn|Bf+yqa9ZKJ<vp;aAIrub@6xGP;7X}
zzB`CzJB5`)4U4ulD_J5G!mLJmh~0bhbZqo}xk5VR<{w**4Nza}WYRRz7hz@foDl1(
z`Sw)nmk7m6@thvEDf#qLrV)lknwr^*;RuQq?@yog`lX7-O<ePD){w0TT22q+Z;Fvw
zzRQchl=$IOSE)NTz@7er#_#GyO6jMpjETM!H?(hXkL>alxu&Z5?bogaomC;TV@je-
z!>VFVug+4&kQRE!vwC)gDdj9^b^S?SJ=Gsp^nuECl}h~9g>V{*N_PLN7yq#82(v$#
zy7*-tCG(X*CUMVsGV9bXGja&yReFz4yTA+E#TkAR_s~p>T(J5>QAuMfT&qD(GCQdx
zD!jrN&+W;+ui=>3U%GUK^iO>pn%+vm^qurFlgo)Ve?3q?J?bbpPu^y0QKj9N+HYGl
zSR7votI?>@%IGhprTk6HOZ^#<5BR?5kug4#`QZ*v_G#fIuI9)wrHkZ(L!2R@{t8TK
z3^JdBxxT7Dk9~1o=FzklD<NuDJ*)h8VD$rvvVApyl+#5`1>u*PV2XsSJ5<b9zcHO=
zOOJITJg4$&$>W$b)~r<anhYyS60xI8iBbu355%W`l0y_Ay0M<rY8=XxbCndv7gIR>
zd53DEf)T8P46m%%OvHo8muP1o=Q}BfBy&Dr91f(^R*I*ppdH5Osu|T3Q*dZIK-d^}
zb~XTxL@~`k-{sgK_1)o}_2D<e?;y-LCKXUWkH5OB?6j*ol;Vq|cmq#(J|e304wbe7
zq-If5T(ewEaUpu0o@PSI`9;b{M#irJq(pKddyBHu<ZE&!^M#0`l#|A6AK6ECH5M#K
zFGputzfzzq;%9Zmk=fi=>7(8T&9JOAenPvbW|EbM`1ac$K0I9P?A_$fa)G9IiC>#k
ztMcO93a!a6&eA7oLH96HfjM_qf;=jXM(7P4QTMv!1NE}0CQbA!R?K~kN8*fV`kFP3
z`7ausWA^YPoAEOmzCPFN=fKZoa5&6EK{ie=+u-3>#U~-+=H*VFSE;k-Q-nU0wcbuv
z8JmnV5JLW@{vIWGwUy#tUMmITE&=3kmAj@_^+p&k8B4NEyX~icG56>DWzyZ1d-1IU
z`udLN#LLAZ4qH2nM5blL*Oi|#8)2psFXQmbxht$1+B-&u&roOIPH*K9xPFG+<DRsv
z&?A;hk(7>FHsvx8^+uTDjK)t!-F+EuF=Ax667+lNJGd>+^lB@M!lGk5f%V!_g?XjZ
zh)9&L*$9o@YKp)IihCMjb1Vicvcu_LC4>U>X((3G>(kReR3Soj{Ivbe`FD*Y91eKA
z8oy4hHYpU2A@627olQ}RWlf~krs|`ny?ebmU0s|%Q{*M8N%#}>adt*#{c{IAl)0}{
zTTC(;>X>@Sh%&u-+sI|0pG6`2g?fye=~?!HGLcB76juGWf-W8nbUo?V!N^~`(oh}^
z5;snp@l)+_orDr}zUE=6-TbTO(?1by#3!!3U1<iNv5@H|Sg%G}*W8^d!|vg{Cbew-
zDYzLrByJ)V*(|0S>S+F`V=_E|*nchO)d%OUfFJ1=A6dWeErAqu9ktDci%QOfBn(#_
zg4I)olK1{F&^dVX5zP^b(QsqFODU1^*fUOtpEq(R8=P6*Q$R@bTzImt&*NvjUHhp2
zKAo@v#p|Ux<g*3^=2>)I-Tr5*xtU06-+~@iwInN_Rw&ebVCf-XuJ?So^GLZ~A9^pY
zaUvjAf#1iM;XGrbyc_eWTgU^y==Y7<pX0w|#dgn^<sQeab002hd>_*1v#VIixY*cl
zc}iY_+D+}azQ9@2OC8d50q0A;%2gU=C)^a8yKZGE!!~h^{3hVqM47r<tlo|C%;ZFe
z4)dN-UoRsT_k;4<itiE$KhQ&SO^*t{=9s94FdAO4&j_5CVWhtFZq!rRoso$-+mhST
zuv_-hw_e_$rS5Y<A^9Ii7=k5{l|7t+cN=AOcPHxq5r1q`rv8c7T7HzhsFaH;W9d1C
zNyQ#9FB{pb_UvT;v&#1^MqOj9ybWEL=YKCf=oK?LdqniO6I-mU$xEvw|GN7O(PMM+
z>OKipU%$2YKE>u$D<UoT-V%&S4at1Dr{IK4DmGY>E{?!{iMmgn+4rX79eh9vb=UI{
z*AJTJzQaC-rTif}=Mx)#j(p0U`&x8Ftx5fXcPt}6Wgz{z26EO(m63{((u;?3+oZ?1
zvke~#wvsxl4}~-f>*Kw$&ifdB`r*U85JbbNQf}lCn43uVmHuqq{nn>Bb1@esxcyJ-
zsMuzn`sDJ9zct{Lq)w+_O(FL5>+3cp8ebBEM#j#cE^f&^MX2pGt_Uk{{Qg<a(*Kmb
zA=jnS5lO4KO6xXZvS*TRRoI}r)Bf0f-Yj~7LT^*lvza|dnVMEFo>4v?$oRzOvX<jh
zvHlW5ZYy_cZd<11tbJzKu?mB(o1Tf1LP9Y%D!oNCadN2*51GzY2{y_vqw+0$o2X0J
z4ICY=3z|ulH-?>keS%y!)by;|fZR<~K4SgkU7J-gUcrceX^cGm=*=<V($c^scB@A|
zI-S4fgD=dLR+T)L;7cq^SPHrsS~t$msH?J6G9g^q-TjHxvv`(8*DcJpyNuESsgg2e
z^?S~M)$wtt*^i6TOS{`MQr@sDk5bAdC~-61(|#G`tM}-0t8joV&H1GpEmbKWHI4^j
zqYl43ZR6#A;O&{`=gD80AHHmC@ApayKJWU{hg??0J#oq=Y4EP?;h{@1Z5}ssoVbO3
z+H_m_y;a5op0Y?MTIniu3?-#rcB$y%Z_Trcbo#wwdWyA~$+P0F)<ZgG&xGWp>9E+^
z+*4SCrOQI+2G5t}eoRb$<HjT#c*ec#^ThSkmJeF_rXIBAtuNyrklTJSreFt;TG+Y5
z(e{q#<L$3cx(8Z4d(Cq--2Q@K<A<ny_gJ1t%^DoL-}bQdTvh-AXOLvybN{$?>F^o#
zD?U0ZIasO8<bfOC2BQq~!N!{%Zs+s&YLoTS9(6bO8k46H_jZg3EBKf-^G-d;8!a^9
zWBleOlbrX>+P>pgMwZB<<!<cu=NkBjKF^N2>L9&5UwK}x36U^a4ZG8I>{N)(yl}!p
z#RES*#`Vu<-q*U-(ya1nVq~&5>(-fb{+e#dtsd;(l1`-ZJXW}J@WCD--vgyABMP@|
z#G8d4={=Y54st>dj$1#;X&%|*{nNQT`y0=JAZAZ?mpeJ$Zq05@jCSNvxOVPkRL+w<
zGXB|@wayvcG&kZrSHSF)*XSZN(H2A_=y6zc^h7rH>u_0V0g26nIi#xqr4w@QV-I&x
zbfCwRsvn=c4zqd5jLpc7m)_P2JXMkTw1YRU%u0rl;%9t*2j95Sv*p31{`j0+CAKyk
z!YwG_Lz=1FQsB4V)1KMS$xjN}ZW^b&xDqbbntYL^W;8*WDw}5M%o1f#f<p&?A|m7o
z)o{FH0%KqaQw_WN)S(N~UvDbE$1w$Z#(hjgf6=V^%5**Xs3q~p{y!3Pj#KRugDD0_
zXKlK_QjPeu#lPK?XqF2)2)Rt-&g*v8k961`p9;AyclE79rFq7@3bh@%)9TEVIqwq%
z*=;<{hM8xrYMsj@l%3<-{ya%OT}J5S`xIC{(4^_4&oRrF_Kl0*`lOCpn&*MtyQ};Z
z+C++$Lc`*kxURI`e9@`@*}2-1(Aqx6?|u)s((YRZsgHfr_q(!0b>o9u@9US?TtDZM
zy_?PCjdM3)<ctLcIkSUqihPg@r7HM-e$eGvn^#gzOND3ZT_^6R&(tRJ%=wB9A_wzS
zuele$a}4^UDbp!*Qtn*Uo~Poyk8b?9RvHnJ_n;#S4j7tMS#*|3626T4JiPm*mQ!qy
zyQnbj?pg2pzAK5S?3vPiOfQpEjP#6T6zFuHv@b=t+v_)d`}*T^`yWadvTv;QU@4R}
zFI8!LbdFDfX-|Tco4(C)yWBug_kvTknVo0I_NTPJwzsgy;k&B+pUU!j;34OI^meK$
z%`0@YWsMOBZywKfXz8PW`u{O@P7j&A@57zkO!{Qowl&$dZQJc;nriaIC)>6$*|ux4
z{p9-fJ$;Yf!~GBJd++OB*IMrVuoHs8h6=Iz$MSUUXgab)GR-K>rD^kvmI;GZ_bBbN
zm2H}K`uWFKe!BJ|O7fQTI`IIkLUpZ>jmO>bIG>I#aicFHZKUq(bm8wORo~ApI<CWS
zlq36%Z(d3XT#j-09A&<pdIxjVlx5m=J#cPj#axSXIJGVIzQv=w6koZ9(IBeHiZ}=E
zQRj@E*l=cAqPqSxqMPcfqb4^Dz1Xuhu37yVQpnVe?lhA|Ba}Yvfk6id`-I91#OQ0Q
z=T9{%yJ|R5!<P*ryo1eYu<VIshyUqf_g`tst?r(Lmz&Y1lbPI!?;_>qjIr|U-7Fj<
zI-EmYz<MlaB--fdzs*>C)k7Zi8TZcTpxnEQqlpx2&S8B{TkUBR7AhiOg1fMqWl%4W
z=|r&_^Rz5Np6o)FEbIXp+X@Juaf=_gBjx8xvO&ehvTJ6ziqLanSYb1lcd30bM?s^d
zs)*^8T;2Wi7u+eLvH=D34jPOo{EcI3&%aEiQ9P04(0*{)QB=;2aIi_SY^>G_?A#oC
z_-^G0+si+a(FG5loi2`=I|TD(3tAvayDRGP5jKrAGU>=$Tt5M!6q{h}$XcC3uO(Xj
znIzhPI-e4Qg#v^nFFdqT=aNp+l#@A6+Glk!7qzt<k$*LG8K2D#W(%;a`C@~_QiY>~
z_5IM9Wo1_%gPR1Vhz!L+LTd(IK*O4`Ceo7_lEe1btVD`h)wNAQ0>qJd7GYn1JiYbu
zuV8P=jdQ$6)+zu=BB~VZ-ly!e3U!@hSZHGyH_QFY164|ysIj?>(O3<{S?NU?)$^-B
zYxm;%=XshcsSLnUDhFrK#PN$clFg=Ja8037x15zDr?J@FvRvLl1sCz0X)H+2MztAF
zB&12wK;P=_9xm85QdWpUW}vq&bmtdEsq(`pA6gq%pEA%ce_DU%PW#NCXrfgolZS#g
zi}pK{PlwIe1qXvE$!ZwGMkNJ3tzqskNe{9zOPeIGX1Q1FTrf0;yz*f=$)GejQK2f_
z-MWt|eAWIeeq=paz1zlF`rLLYEr87lXcM_)OKS|M3ndM2q@K5HI9d&k+o@qXj&*;q
zMH__(*#J-x@y;NsTdjQND;vLO*u;jae)W*YMrv!{==-YYR5D>lbkU3(%1D*XY^wAt
zqiESVvPvwj;of^b2CGrBcxG6BCs!HofPGGRwaONrI^NQw8WRgMF4V-Tf&cu%<~P`9
zZ4NbG3%l9l@w}+YJ$t4+j%U^VjnDxCfq`to1|O&({`WQ7u~on%?nO^sMvR68H-e)Y
z$M&?zCd1)JqGJ3NE*~ETlT@=|rgPZ%s$r*OF;VhyZ_S`W=y+LIO_#_Hie6`pkPV)#
zT571SI#x*TS|V~E%jKmF5sS927^-$T&bq8YU8@*%xHzUuwo0}$3XQIL6{%dCVs7ZY
zOfP_eJMHN=7aj!EOf43M!yuYO<|~lb>n*_Q$&r|UJ0W0;WUxPpUnA$rBwePIOMwlp
zLH^n#NlL^6>6&UDvPJZjis62+VQy2nLW?r=Ilt5-Oph!w-B=KGgEXqziC64dxL%<~
zshb$h2V!Oj=GDJwC?L;OFK4s7l-DDm3I;aK7awRR@ai3%zaQNES~YNNWS?OMm9B>N
zl}(m3<}$%d9yDt!j0nkuNuJ`U-{D$BC<mxJD!#nEIn)?~IAGDkyS%$+K(?HNq0f|W
zw&Bc(fg}lXd}-*FrG^f5eSGFDcw(ga!VWhQ3#^55TTVK-)-bvO_e~9($x)3dZ2%{1
zq5RUR<8*3g-Jg|ng7|wHV~6FeGld~2rfjF>iV*K?YrMtu_?pcmlvD#jr~tZj?Bv-#
z#Y)D7cx&|r{PcJe9qDYACg}Men5$fRsztF}g#_W6M!h(yO?X-b^L2a5cGG#M4~-~o
zXPIrAuoCJCu4PDzJGs9&zp-wmI09k!8ogM_51z|t@mU8Z&9tOW%}BkbTgNltg2q~N
zWe3^*S(y!2gXP6sMd?t%s|t4e1&<@drktycLPr_B`vaoLj;ZAgS5N3UMJMbdzwgH!
zp-Im~Q_hj?`0F}MbCgi7(Um=y&MlnhhOK;-_G;~wV*zMky7V?U%3<p>q<{xWj)tC|
zT4j+mPZ6T{xZpXTc37}c@3ZFY?!psfgm`}u=N$*44%t}aB-ibq0=PjbS==*ryx`h{
zK!>_k-i5Uq0qbu~NPLwZT_qkNe5G#3=tv5yo(a8|98{rb#`wjJb5@RONVZX=m1{f|
zn&rmG_07KWO^V)*_6zqODFEzUS7?JA)l4d3pN*R<&oU7rk`6;=XieSMM~8&_q8_Oz
zq#Z6jvJ2PLH`sjITo0Qtq+{R4{tNKwdE1}44Y*p_B8}qHgc<XE-Ey{*7hejfNm#kj
zRC`%mc{ZG^Z%UDq`SBd{b`uvryj$AEOs^SHsG~i^P$>m^p#{HLaR34sZk5V|^6$_B
z{zsG>levaNHB2Tq1>=J8iG79NPVxhGQU)xXxeE543kJ-Nj)?2D+tpyp1qs=Z%P1u!
zSk9y+7@BrWycef!-S2liH4rLF;oic{#jz3QQCj9Q+dR$q7_a%l$ctbN#+QycwfE~h
zBekf19MabN6*3ewlmhc@hT;7x-1EhH$Kjss0jnjxJc-E2a&2&A&!NLL3wy+ht1oc9
zi;e;PDFmS&_R8ogv<wj8>&GlbNJWDr6%uN`8VSsC_77o{SefOyI>d5)85Zv13!~D~
zgx2?9*Z`S!mHc{bbs0InTo>*JO3LKihOv?>Fs!_*RXy;R2{?0s*0(hvL-Y8n+p1K$
zq~qT6n-o*|6mNCm!qEi9e83qx>z+aoB3c}ifXi>=SV#t7%T*V7{dSyyDko2P{<TDH
zY~R)(eM)01;fURndO}x?Lw5_u4&)8H{RHr!IU`YaD3oe9FPMQS$pS9;MyCG_xXy8B
z8+??!-pW}S0B*-kt7~aarvbYlqawh~@Vq0t*yyZb%hb<$RHL)@uyd)x$e<;u%gb>9
z4xwA{d37Nff6D?Z*-#VTd3X#7n-A72dC8~)dZUyvgYOBk;gR<6fY?wUsCC(-(9oC|
zN<(O3cqh4=pIA7Lt$0}x1cv6%nn4-Yy>`NjSQ)RtWMC-m#YlI`hvm)vgW+J7b$bCF
zQF+U0Nip3VWpfCze$82GbvIA%O{e)vNcPrC+5UYYvpSyZshDt8>E_d*meqRG*%1%>
zexi2LJEeq775LoZv=}$pyc^`}VfPjWvfq8di}`x-v6DElwKZE?o5javw*rQXnBupY
z96kgZ@y(p}Fss{{0!HMFK$~&3?VSFFLarL`mC2_V!qtKs2_GuQ2mh*<1JC&*4{9wU
zt6%i*UDX22a0B)@N8lU{3fs@lBycI0fV<^)1d8e|aQH!1`oH3v7iJ!#r1q=3u`D0I
zoagk+AqW23lI|=!z54~sr@dvt_U^|gbPeF1x*cc%9t>W*2$t`2KB_vall<Gxv;07p
z{JtlS_hQV958WRAPpO7ev07)p^<6%sggvHghy}y>Q5ZjL9<SN>9yjIE&GmHOI_#eA
zma^M~UskQ)n2rIT#V`jrQ>E;?-c5Sd&6v;B=f?cUO1j*OW03_jv#;eWDBJ&V706!|
zK4y3>4rsTN+yu-dbrw2S1RplN=PS}L_)Vu|IJuF}faar@e<Kr5g}dF}0<T&y8om5>
zJ8+u}d+?On>wbe~PK~6zY+yV+`Acj&Qt?O+SLFQ<sQuqh9VtdMv!uJn!S2ZN%TriF
zv7i_ivOO2+M`kVf;~k9mhvX|c;L2{hgYY?j;G;KW$2N2>0%!im^7Y$wEs6-bFkB%z
z#ox~vdI#ITE!2N~0u1QDrN`N)zl``524@fcNlr@2DdaXwN>b`l@KM)@!Jf1i;7j9T
zg243~W0oa(T`H2>_D7k#9Qu$I+cqxKwv&g%qS!9c?0-d|McyJ#-dm~z2ofbf-D^)`
zUcDdW7%aD5vuq!-y4N3HiRR(Si;nwrANK=WHW8NKMDQP!<_ArpbMR$9mWz-%zz<Np
zAG+(WTTQf#MCkiu-AM@Eox5KCqP(nm)H7;-0z2<w9lS93j(p&4-<4Kk-l?0?Y5IV@
zaIc^XV#rjY$4dFI!n7iQ;q&58&@lK55}vPl51xRx1XbFvx@q&o=%OHXUTeHji8&Rb
zQ7M>=tF1uG9&bj`ffDEm$-)xE36XtkrnE3RWy&(qTNTcD6528mgg=NQagele-%8_P
zZQ>MP{RTp;QLSBAb$=%RR31|yER#YiLFLS~G#6(q!E7W&x2_`ubiRY=r)8&$kUa93
z=A(U;nNP%|ax|<tb%Pi4JpLKI@eXu<af<|G_9cY&q=IQk-uLxzB>KCfBJ-hT^GG>9
zA&2M~XoM;$seH4)TQOoo`RLQ(M-=XCt6#dj==hK_V<x|UI&s~p_z*IqCq)kPx^r%)
zpN=4}#t=v^^bzv`FN8J>16ZmSNQ3YyQN5XkZPcZ_)9L#oSa<T(P)AYje7)()Bd)7>
z{^`skCU@>OxQ)mQv4?!P>EI*MI~HGP!3ZL;*nDd7F@fl&e5+~XI|g55!C1rZ%z2<`
zqZ!3JHeZ;|2t%>zeD3M=BgQ+f)sRh*OVK-T;(#C_apGJcc81!T`xzr3R7lDwhj~WJ
z8s!-;AoxABOJYmp*Av7W;oEO;9*~ngJ!MV28XG7AHw}+B(3=gQ%A4S^rwkArxWG>K
zCpcqeMb%$p2w)y=+wfp34f*g8V{hYnQ)Pu9xS%o(QhIYS4On<1GYz?23+Vr#cfrhx
zEw6=^b3p<OgDkXTFtx)qw4*t-BR#ZZk-SL_f7xA|c0e-^j9t0vhn>1WIrb~G;NrU=
zI1V^0|C(qa)T_a){!8xy*R-R!9@6fDaxoC_2;cFodeH7lw*z^t7K-0R*wcg?ybW<S
zAaphq%o7yM^Q({NXFgBpF3*nyZ+Mhl48>jYYZY%mPzaAWICfxYXZQN+qqsks5U$hT
z;%&8Sn@4wl*v;SEJM7mwkM{n^Lf9WL*<n*d*xM72qW-8|I7UC4x8<%a9$o!my3mY5
zn*Wtwb3W?&6Lt}81v&MvT`4?T`Xh8<ZiPAxd2RDw8$3GtqjX_!g<TGzY{OlPJ(|42
z2Vw{Vp~OQ<+tk-;k2W2I!ognKR@ZKiKCh60sNKIlBE0^AuIV2&Uhx76yMJu;JMA=I
zGrb}QVt0pa4H0jnTuVKgy?)({79PmnnYzY)lzYY84DKG>+V0+Qy7qeXdxd)Ee@DF>
z`1mWllYK4JLHzL(WgAsM_P?HA|3ysyB4yZt2b9>PsZz!3hRx#@ivE;Rgvpb)n)8j2
zKNSRxldz94s7gmjv(l2*%h1x2yGiq=${oagQ<W(j_E%M)5SO(bh9o0*%_EV`BeTsT
z)y*UKH6=k9AybvZN}x2S)sak2;8Rt?lP0$zo9L$*M=gj>`JLK;j!+wqX-;`e!Zj<?
z21s)slXe!w5{PKVEtn(e$StDsyZlFeOwII<iiqudN59mo`5$QMKfk0?#HADar86j`
z;}PRb;>m1WDR?6)sHGCjhHLkDTm^W4WJoKLQ70hnVYt%qMrSBalHiX}xl-{)W++UO
z9>#b7xgCDmgRD!{mu4cvPLLbMa;0sJ(gzf)NVMY1hc#U}TSN8bs>qiT@Q0(#@ms^!
z<sC_z<JX4I_mEwwTO-#ME=V8ZUxwfIAZ|!}ehbJGk;cXk4e#!Ky`k`l5Kw4Juo_0b
zVep9&P%<Q8jt31JjVRu*`Gj=H8j@Eha1W>NG2U>kNNkc`#y<?d>_Od-KK=HW7XnDz
zM~e5@Z+M@6`pa~Y`3*1a;oorIFh0fjD+Q7O)WY$dd&GOxH|#4?-~^*#2sTkkT5*#I
zWef>5!~s=;0X1B8D$elHJSw%7c??^+Br%12*V1Ekq9i3uW%iQPd4{q-ba@e_XtrD$
zvPmj#C9bwioUvs&bft8*LK+G(GytuJ7-NokVuq@+tgJ*SEmC2jdtw%wGD4|@I%8vs
zt|((+vdUN~Us;xI4qho$St^?<qdNV9WGW5&f}#!$edAAE84qQyvV@bowo;-p&`Eww
zj;2a^Dd)VdEulp*L1My5v3_FujWSds=td>b_RlwE5jydZQh3ZlQ}qm4<<I%YZ@eN^
z^)$YCz6f0<LIuLlgc_j~p;G4eOzBMVOnHYK#azWg#eBu$$s8`#^b+>c`jYxmw-UF~
zZskLjLp5yW^iqV<$dbrXxe~_t!g-7N{dvs!q<M{b%@f-byc69Mz7yXQ*b_-xd=GRF
zb`Jy(dJlXLeh)YgY7cA=ZomV@gV}@FL-_v7J<0ul_bm7D_cZr7_dNH|_Z0US_Z*Fx
zzM-okf^vdVf=Zp=JEc3t-;!2kI^{b>J7qg1I~6-cI%PT~Iu*|IHgh)%H}f}(g>r-n
zgz|)ngmOLAvQ<BSdDV=RjZ}?P{7R}zol3e@wp6!Nw$y}`f#SddFrfO86POoR1Xg(|
zH7bFchv)n@h9r-kmS>ZetCN=R!xubRKs}>#XU><NC8|{Dc4XtuB$zpwe|rq+3oDqA
zC4oIF;m&FxI#nch%;t-1pg2`{ID_d<X&^CGTyFD~vC!@arXebM?whVmxix2HZev5t
z;vB3mY3J{%LhL!YBcSl}gy1!hTAD+0C*Kg~o|9|~aV%W3Mt3M$vq5ku)S9M0MqZWl
znl*6e-Vl434Y)(Sqx0qL3^kOi&OdJm_MCldi1eHz@(lvd3au)k%tG)<haIsH=H|Oc
z#ms%>lR=s3bB|D*lbV&9IX%ulHajvq-aXnqMn6J7PB=<9mP5Luy(_)5xjVkYy_57s
z51<Ob3g8Mr4q$r2einH4e}?pB4<HRd4PXuU+8NT7*cH{4(e<+{zAIu=)=0rf%t+2i
z%1CMJ`<Ap*KIkF{h6TvZ%Pwl3o0{f7vN}FIIy}Zc!afEab<gr2gO0V1w2qgKmX5iP
zxR0BUnvV_c`0v{9{O(@v;O@fir0$09sP7z~)t=d(-JTJi<(}z%QQkP;klwhT^`7~k
z{hr~TFYjXS44;Ybl<ubPgnWhH5CVdTa;0$ljYC;5#Mlx0*gk<qc3gQX_V5u?D)yCe
z3`@F%K6x|O)MI&~gsD&EXiDlhL(v~v(}+|wOD?t1L{_&HS4$@L*ivJ<R60u`wFzk)
zTD3j~WAmsC6&6{^ff8J#d<*xeELIkTR0(;;`V^gB28(3Yu~fdIEE{9IRH~v>RyIa?
z`nkar9QL_MZ2*V9{-@4}I}2A)!m(*vDp3*W*eu3aleIjRb6nSw(9DV;D&g2lKPvs2
z1uE)O%@An$=PQc{RsXM4cytR>`3xBr8Oz_ema6h;yz#sdI#UD_1bqZ!1VaQ<8Gkc|
zGx{^e?Tr;p6fG3Z6s;zWx!BTE*i-9M>QmiP+)}$)4guCfc5IgPRD{&Xl*m-M6vpww
zaf|W&am?|gagA}!1KR_<1Kk6@1K$JK14&DKH*`04Hv~6&H+(mKH#j$HH*7a<HxxH!
zH)1#8+b_2yxBuO;+``||+~VBwd?vRjZZU2->N9;pS9%1-1cn5rI{tPHcl5s|t&DVx
zcl36Qb^wDNlN~)BBOL=B6KAHICYu(UW}8+*#zN*orb3oNCZ6osY}u^Y>_#j`Y(}hp
zDb=Y?Dc!7FY+I~b?7}R7RiHVT?ZY_GG|&>v`jTpt0yPfLK1zmF|Eo|t%|bhQUps5U
zn0-aY9*aM9!m_wVZH2%SFMUkW>UP<`DJZjN5-_)_4Y5bn8&9sOUr}v}%Ir(7cU$qX
zhtV6+ti4^a)$EmB!SjTmH`}lHsZmF#Ibo~KSZ;P-@xx%4$<%IT;0(=^wmr&Va<TT_
z9%^lvt9GIy&cQ@)g=?`tZN+o3S9b;TOtvYwu{P5ldu;+-(`ira2i+cFFi~Z)RClV)
z51blj+6$kWZd8O38h2L2-q#1)2O-swa*aza)8L!!+W%Cj6FXx`H=R3+J5xFH1zUr0
zz}jFQus0YQEDojsn|ng}ee<L9!}H_wgKdx7=+7F-8pxW+>dP8?4-t$N%<c@@7&ja?
z>^B@Y>~%C@wqQ16wyHL+Hm^2quG6XqmTH#jmTH&kxof!V)|S(k(^vGC^;XuF*H-wK
z`B&PP+gJRS{Z?L<Usm9j;a0+y!&ao0rB;TPhgPVUsaJ}Zi&xIi*w2u`I$&O~4;Th4
z0j303pDBVZz?fhSFelgpj09EyGlCsFv0sp1m|lopgkB(CNMBH2SYN)jrvq<^Z&7a<
zZ$IDS-y$~p0w)6d-lN}=-(udf-hRCCzmT_s-r!!)U)bAYH>TcuiHxO|Rghg$$O#5!
z2>NOXhOYHtK_d$P>RLwhxwu2pNB5oQTJ#<HKtua(FzbkpRNRsDdl4<BRlm|Fl3Xp;
z392&E$0l~^T4bvtK8Fx)Xn^AAf-?dSF7+YCCqV9EtJr75OIUn}xGw65sx`)VknAki
zYO(HG6;pnQ*CJUJZg&u+kFYe_=t4C)-spxkIa;}`=}MRpeY)4y;#d`Sy8qll-lDN?
z>xk5xtT(j63wOBp%!_?^Ah7=BaNj>88-EW{{||zT2~)2`D-QM{8lWGK|1Y!^19T9x
z7xQn?P0DS^dB}ChWyp=%nc9`wh1w0jMXg1xb*^QumAxf;o$5mVg5kpcg5W~`f_dF%
z{pqtfVtFBYL3Uw!f#!(dMeBv@#p?y*Md^jvoYbDy9@?JV9@C!H{-Zr^ZE)k0O5Nz)
z7~L4$nB3^u7}*%u046s2HpVuFHl_ss3JweQ3yur+3XTd63Qh|42#yF22u?U0X6<-7
zPq|LHOt~>TGrKao0Q;V<%x=}r)vnbp)oxDCPOeTaPHycjUM*g&4=oR^C@m<hu`RK!
zN-Z1f#p_n<hwIqupmnWvq6@nV{0pb`=5??2hjo<otybbzpmSZgCA%fNHDEpP0{h|%
zcW?B~?;(L5+N=ZItbN|BL-t4cK(y=urGxq>+E;a<u<XIZo4F?ep={=Dt1I>=9e+}z
ze(YPySNpC+=H0`q{a5`!BBLIy8;w{0t~Ah<YFDVy-!X6A>g}YC2(4Q@!?9CuL8oo(
zo5)AqK-TVGfYB)PF6h?7UvTR$_l<%-yVIWDqh?n$_qAnLX7iP1AWV1s<+g)A_11vb
zt)M^i=ZAbx^*^m!yT`^?zRgK~Z|be7c5m*>9XN01%iXtE65{P(|KBLLs6wMdk38Ai
z39tVNj~73302Ba5cb0IPaHw#yaEx%4@DJfQ;c($pVC!#oZ}w>RVD@BokJBFawbhN)
zwbkw6)!_}WGqpQ)$h^&ci+zKAjeQHc(tDJ98hadjqJN}+Du1keU3leuZG823y?;e|
zjeg~Nr+T-1$9mU%=X&>iM}Aj)XL@&hCwe!07kUqThj<rxCw(`0M}1d$XMJ~h|N1WT
zPWx^H1oD3%b_WB=Kn#!t`~c#B@DKX#1Rxa%0g`}dAQK1%5`ah`eQTh*uY0U}sCx?d
z3k(DOz&Ox*c_6$myeoXzz5Th;{_o++=yvN0*zMl$-t9gFwm&96hA;O&dOrF;#xHjt
zZo9AG9#I21pe(i#<3%i{aphstdn|w}TwL5#+yu5dHYzJ~EBTR>v^aK?q2C`~o>7kr
zy)me1*K362feYFElE4MdTdUdKVa&|`|HB8c#rj;F9o~JO{tSG%C*$z?f8rh><s2B8
zPe<ARJQtwP3k^yL9?)1g3>%a=Dok<&3@&Pvg6Uep1arV((~PB38kdg)h%N$#3*sDP
z5&?rL#xIGTZ%*;^x_C#h)@vprOTfgETD0Q@Rd)2~^djYBpe@TO=aNjnN67lOu%zM7
zd+#g9bA0W(*SoDJB5we(YCkd*)EWVU4>+y~7iEaj?E6^1R1b*d%aP5y;DNUWz~sr;
zLZV{T0@@tRq?g1lt33VhF*uVQe;2i!y@cKV(4spY#*#uF4bnUZ>sp)2sw8aV)W_<O
zt;fXw`ETPneJnaN((-49Df`7^oH_hu(8lhg-&5dT4~LdkLYOj2?qC0(+X?<eMu2!-
zMnbb<h7NmD;regn>!B33Gwif0w-EU5#|teM=M<v}mqGNs?ZgpWXg@+RzY$IQ7c9c9
zYjWki`sI$<5A)Y(pP}hd{<WZ2t(ND`;lQQ??!3xZgt%-a@GWyr?a})1RNh;hmeU=l
zB-8hg(d8Co?Og?Jr9pfN6!{ob0zho*mAav)1F_}jo@XLbBjJfCS=h>uSe(|*hRj~h
z%2gozYSNWH+>6e#i}QX@ih9YMw4iI;^YG!caDqcvEz$N+Z<Uf`Y=h`lNXar!H0@4I
zYg!oiyMyIDWT)kx$T1DJf`~*3w1OCB$+v|cg&esSe@}Czp=<Fvcr9)1<pIVtWHY|$
zZ=Ujdoq%3jSKq()4d&mlUHNB0u6IU>Mv7SSBB?MI)bHea@WP2gG~K2MrKG311mqth
z<%b(%Ny7f^S94EqulbM+!{`EJQP@ogC|`xc5r!BeUZfN0Pf#<_$X#l^BOiUjWoJoN
z;P&Ng(5R0)<GjK@5k?X-a)5wMjs-{c*U#LXtzu2u5J=T8*e^6SDGom>NV06l+^qx9
zEYczrYt<$(TOm(~ybQC}l0aef!0SIl{r{}5Z3P<KMl}y!#cu2mzAPQO9+E<?Nh3VL
zpC$c9tii@K=T2LfkxnaFGYk*AQ_Yf3O>wGSw%|JVESmd|SV_T6Cj&6m@y565SwywS
z)v>F^b&r7wJYe&zxW)KIP%7iQWP5<t8#k2#uP9#pgPr165|oZ-`ott#j|1s{Wn~?j
z5X`|Cp@fsP4^C~ildjVdzgiIE^v{`Sz?{OnW-7%TH(x7UzsdafZG-H$*@bh~7$$P|
zw|cJ@ZJjFUvBh{jlL}a%Xp`-k3pLAhA7Y7B%W?T@!bqhF_7X<c)h~ldmbKw3u<Rb4
z4?%$iEdK#Vur`%FR=skL>ZU$370c$i?@9g0foaH4jW@XBdl_w?>4-p=-6cYn{=rj{
zTi#2U%S0Rd@~nV`?M9GBsaCSh__5I88KDv)CpLGNU(}Pq@`NjJU}<9#7q&Dx1GyY4
zL-IXe6UsUCRY)^D_m2#Xap~-L^pyXoYQwFLqUCZTY$?#QWjQ1i1M<W(hATEt6h=oA
zSj6H-cLoYh;p-8n{xNqn6)T=9AFEmOh1}psDhY5?CYsArTc_Et^_5#FD){%>n%eEr
zeXvX$ThZ1m&&g;4Xc-KzUB<)A+dAW#+Xg20FC6;lAI{B5L(R!3ih_+#-coO2R!s)B
zx5#V&aA6JY@Qxt#xK^dnQ$SH3+5M*!XFOfc_EP`${q}GYX!3m<A+~RS-zL6(=)R&$
zGE4@(>%F61A@U`{wui|}W{DOiq6$QYn+fCO@hn`iQbPmF8+hO7cq~j}F+SiYn~&mn
z^8pi~0JDFEk8S2~h0TF+@fy)~DPHn)AxsZnVx07O1NXfkx-t#N{9B#o8aJjmW`3zx
zc~z3v^ND(b&fBahcv+K}>FDhHES&to5Ypxht|0&_1==1(uZl4RjBDY~{j7fso2EPJ
zeMB@6%b`Hh7YLUjeyTiBn?oKon58;P_-fX!>mZpaX_Av$LexCmZnVL5?UgaMv2)^e
zs?7jsIh=oj1NkoK%6*fz(@bh~<Gy`~O%cwtc&}jDZgOo-nq50zK9lbX^AWHYj*`I7
z>U{zgb69*bq!|)d^5(q5%$TIQ-s$7^3_rM%#ev1LdE3`$^MBlRsUt*5BR7ZY204<l
z(v%^g9L#U2D)@Oenlz=Gm<83;a#n@bc+@oXO9mecH6nJo-w`V=ce`QuG5;dOtXls`
z_?5}NRuZzASC_tKhD>1(mid8d*3z|K<vG%?qhb@oGdbknHIgWp!gKB7&q$+e^<r1o
ztqRZ%p#P(VZSL#(@=+?NA+py0XfxA*4D{N>XFOWkAt@l#%a_uQ>iWm0*8Ohc{lx$m
zfpO?NE6hE#V~VSc>15s&i=Eu=P8X7@G^g6G(~-2lFS=Jo^3~g=u0wo;b1nZ)v?rOL
zxA%)PY2G(tA7)CsG!Da`N^)}YhS4+q8TA0$lM$6wQ$(tyPC%VnY4bmCzgzvU-OsC(
zs!O;91}XXddj`JeDw{W_#j9^zeu?UxR*XJu%+Uq;@LowkvY0b_m~#-1GyFIgcpat^
zuYUXB$KF}?>&+(jMVj&RChyhSMK;T__roi8cC{_xmf+!Dhed46EjH7e@dAI;@iWl$
zfSomvzh%#K*7iJ}gkT2JgKgR#np%ILI$Q3UzcmUXw84O!xY23ZtsS#lzC{K*V8Nd+
z!&*lF$<BwnE^&$z;b4^yOm@OryhA!KXSru1CbnLEQz;+Vo!RcRG8!cF-|nsAmP!HG
z%E9#*lek+OH}mWJu`&3YiPFXM4FJW(sxdgS)LcKWuT2bet%t+>Vf+*pwd?d+ClinD
zFfbJ8dg-Ly;Eg_gqcWY2WI<+51_P!s-Zb&;{X={5n}*ZfBzcvlBLN9ib_%k+J5ikJ
z-=aw3qqb=9&r;W*8W4Wl9jne-PnqdbW@Bxi_WFlyw}>Oyub44>Hy@@i14QtAmk&a`
zWSbQxXYBlMF4keiS!OCKW(sS%-(n`xOw4PbR+=tSf1mTGJj5zzqA(ThMU*_BG>Imm
z1U!JKJ$}a0KRecjqj@E|Vp@N-2S$3p?Z9qVo!#O~J7*ss#vJ}quWBD)xtWU;@W5gG
zaP}jT{^nWotgU7wsJm=<8F2k~^)vn~l>5+1(TT`UfsDoOv#gOoJDjg|W}su#6w~VK
zt$5iQ*vOxoRfzddy$i+M<|j6~6as=R!Q?YF;eXm)Aq%ZAe%?Px@slh!yZ$`2cRTyG
zx&N~XuUag8Xshvjo`th4o_@8pR5B2O$#m`9r!8hoC~CYpAl#d}l?1SA+5^yAzqQJ8
zmU9bnhQo3p6Hw*;fP#a>bA&>$&t=hM#Khv3z4DMzN~-u4ih<IP+F+hVJ3>LV;rJ?^
z%1O?R92*J6UKf2!op#g{P6bunJsh77*M+PVt)x9-UdX_&G@K<NW2rqkZanz=1)Hm=
zs0D^&;ub^u!SLlzaXSDe^}}K(BThIRW;C{d!1@Tuh<16`CjT7@k^A4DK|$J<--_sH
zKgTF|0^GEvvR+!#FotAyHNa$U$KF5IDm5K&D$1*l0GC5+rFZwFdw&z3sUEbczZ*l5
zBaG;bZvQ00RaNo=6;-!_)>3thJUS@cBtAseXN2o(Tq!7>ux^37PD+oktuDTDJQ~D0
z4AFyP5zXXYZRa7#P(mq88!TAq#qqo@G?wNI{}-sn;D>Azp-!&{kqi@=`GV5*$)|;S
zqh+q*obyjY$Ue_9aQ`u_Z@jfQ%qI<#&Y(lo`sHvb_kOv#yYVttp#tmHcuRr=ci7}O
zg=V=VC^Dg?84~n82?kE$WwXuhY}>_tm8)hr`5y-ldWWej@zJZ!NEGF*o##}5)x@mW
zLm&!&R;HT%HY>j>ty!9CUOa7c)mnSAm5u^;IjY~D87L|V=F?29ZFiaoU-)G)?YpbR
zr0zlWz;OT%NZ8XM(63AzHG94)t(&heVXo_0*6eYU5@iSX4Rn(P!%BbI+sL?|&Q&7x
zvGG{NuH9MRUEFefJ-~cvtJg^PXXO^caEG0<`m5KeFh58!83rFh17w^0Srw=NB_zXe
z00Da&Iue?deMg+-3yJbH{}6%^+6}T%g=rQsIGLFp9jj#O&9xiDH+fQ(&)^ZmgeA=P
zG>W1QVMlyagvt&ce}_k~(<33|vUZr4!rZiuV(qGsXZ+IWt`7S9QzleLyY_nhnOHS4
zZ0Z3naWMjfZ1tq&Ul(vcu)=$>*LXa~O@mnVaj>LuZo@gT-^YKbh~%EcgEMy*+A)}q
z(qY(0Bd>W6(~0lrM+tHS!BE0(mZeRuXMs{dFzgV5pa~F+GC=9{WSc4WeYMBeN=k@o
z_Q`g*HKX}Zf1a^Gk*FQN0rtwy9=wlu7;31Zdi}L5LtjqDPUZ)@oL}tBp9-e^a<}|a
zZ6<a;R*y6WmDH5Qoa1z?FR?Sf0j`uh#klWeqAXihqrV}$zJaG&%m9X#xLlh&*og!A
zu5Ct0gl)N*Gk`T?Og=Ht=OZysKHso%dK6xjE>kGYb6}5aU~IS1f5AL$grT+TJ+j%A
z5SBUV`!P-UpQ+vZ3(A=qjuA=7x}TegInA-(odPwTa;=s9<cLV3TEQ~<b!*b3=5q<H
z7C|NEo5Vg$dZdls3}~-rE(<~3Ys)2Eu(YzYOXeYrP=FkpKAzNC^5$C$Ux<<(hmdkc
z{cfBsBM)5d#9;ke+1<ka>6RzYUK8wjGL;&Ra7PsHU%l1b!uTlD<Uzh^UAXCzZYXN%
z`_B!RxgLT!RW{koqy)ZdA%dExXr3N(H|vfdFUE;c=)(0C>t%u(i`2@<5wrXoir_yA
zDshxItN`%eq$Sj$k7MBMe{`bFDRl>WO$2S28Vua(FpuK8B{HNd*S8NG`%`vb_nsp-
z=VGFis^w7VVJpdgXje>Jr#77G+GAC_#rz<loP`E?o!+#~ZVai-hg0!ghA^D38%$As
zB@BJ6`Mut|M_gf)>A-MjvB=8frZJNEZ=K9?fe%QPXDATZryF|fLX;Z}Zn2h@{h>3w
zek!#5W|dbtmslZJCpA6$-z}HRmb`31lQeHt4^*7emnD74M?x#G9vrDH8uuggq~Ye>
zdWfb`Two!c3PloJ5zZ=}>zqxjPq?mB;W9l6ryo*RST?J!`>cBU7o6dqwBiUTpW9Sk
z%y58>ZgWA}VYIe*g)RBtH62JbJrR7`SKkJFk3zJYr^@;}>PxUFoDE608;5liW%(bg
zR^MlOT~y^yF*4hw)8<Y8E|1Ud;I7nR;^k{ur|FB9_*>sNKeeLcS~wwf7K7cX=|Kl;
zH8$~&7XGAC3IO6%_rI58NgOw<-_ct6BNjFs_#NSp7zmx_4B)?qa&R%++|?G~_W`X0
zmE1-1h2J>EEtSK3xvV(%I>9gqby)Y4G-bp3cWd&lV_{wo_Qdak3Hgd9DYnt8Bw=3|
z{Rmr2L{c;88kCfiTFFs57d3=WPxJq};3<RoKtbs+SlFpn3wVV+)Ryx9CMonRPZp!e
z=f(~mUO|=VFjTltt*g^<KJ6|ZfSAqwKPdz&mP+BuGRETp&{_KDo2MTHp8@k7sG%_+
zRlpF*dg0CKk@_wM`#{)-bsK@_fg#^Y$e3tEIHo!qj#E@OODZ&4{1m_mgZVt}SC+l3
zEwof1JvaT-U|dk%#>={&2)z7Jp*~G&zc()HUhk-*=u5;VSW{W{T4qofqV!vwq;pQW
z-8?~Yw?9bm)a13MQl1;on+hxk{uU6MCS39fVQD)3ssji4e}pHBhcBki8{1~aW$un}
zy*oF1J9mUMXFZvY_Rrm_?tP1_(`x56M`#Te>sR+Xsmn}YJsJD!W_aeO%W#yo{spW1
ztw1ylA8{iv2jRE!Z~rG5zYg&Wd+AC$_^0!%$Nn-iV)r6!-?S*#+EEP~pd?KPr=T;Y
z)w6PR{v&^ejFVTu#WX>Jl$&9;;_I3KmYe7P(m1sfrlsb2-;Z4LQh`Q;PKrJ7Y>&e@
z0zPA6(PJk9sO*O+igHKN824XQ9_qYs%X)?%+<jcg++P)Ki0s*vM{aml(h8zw)jA3$
zoLn%eP6mlox+JMJ?A#iU0doxzi;1hQ)l)r%Vnhfj+q$ZLi@T)fx6P9=D-I_#dgMom
z1ZzVWzjm{&Xs0w0hJR$=l~Oji@Z{%gWh;Bk<&F~qo=gp;GaWq+C<?gljgV#}<Uvx_
z3N_Ym&m8u{YVh9P#06Xtk;Pcv3$Ae?nz-vv?-dP$FEK3H=IF)LK-u+mwQn@u504X+
z)O`H$ewCVK&)<gJP=YJpWBKrgq+nbU=pfKG@xI7E>q~Rmt6-~IEDreHNQ%y}Q$p%2
zXPMk%FqkqKZVF~uTw$#wUc0Ch7|}?>Ycv#FjnzeJh&W@nZnWcAJiVVF-4BYlic3Bz
zC>lwaY@EuUE)7AX0OuiOUEDFuTw0!3|Iwo)!drvs(K4L*dB+3cisk9-P04M9ZN3?!
z!+j*9_tS01U5tTGj*G$z`)v+J3Fs&bn&bLb!=w5u&<+p;uVIb0QR+Y3;8hS_su5A<
ze?GT<*eqKi78eSG<w<DUn8EUS1J+t+sbK;s*nS83>KUkh##lLs`jJFZlHbn}X+*r!
z!k?A7=Q*w6k$M}UD}$1jlS{9-Ag9hcp;ob-$!Bwm;TeCLinHfbVjnPz<ge>-&u_3i
zGqp^G#j)oCL3W&Zx+Nf&{Lq|AD9y4UAHteRNKjt(XY+yxG?e|>13LvBX2WPgeW8Z<
z6!TM{LviqYRtW#6sQrxDd=}{br>KQy{a-94E(Zn+kgE%^SczZXBh%5Wy*#78EOXH5
z+I-2Z`ZBoWH?wh!_viZ&#V;&0>Rb?ps0>NUw5aH}+^}DNM887AQ~W1N@@KkWtBZOB
z>zC8V`}IpeV3!xalc$%br=_Q-*XBv)7w9h)1wlcMVNxVQnnxhWFDSFKBi2ItWZ!PE
zzc?oyFn=y<_i5C494kQ_z3@-qqYsEy+%EeKebMfO3n~OrxlQyB5?2@S_&^3tZmJ6q
z_%*vOG$wAr$}-E%{A?1=BcA<?h&LDAEDZLK$*psIz$z45?e0Uq6SRH}!mOTt=C|pZ
zX>?qm`H~Jmec_|jiV8*Fyki^fPG9`sA$CmsP5@|Iufa~B?CmZ%rwS<fIDGvw{bJdr
z?RW+Y+WYcH&xW)6zsVt`r{h-jO-H)9_{>7nLOws3|I`AqjMunFuc7UbzPvJYJN{h_
zEgJGlA5zq=J#<)()oJ}pI?*l(ekX{svfN77*rhxYNi+ENU&_lg*W<em(eiJNhIht}
zU%L&!Bl>}C?_b0#(a6{Uk`C0H9<&HSdFC(Ngk6z6e)D)iHH^pSyOotx?ZFGM9ETPy
z#IF$tYlkcEnG0S-MsLiW@6AGqO5PAs{{I!(&@15Eta8N0&h$@nyb@oFHm*D%?{Y&<
zPFioQzZqEzYsT0TkKI}cKUSaoT<!U?iU6JlUa)+LO)mcnZt8>f3c4QP(NtOWFy>xx
z7!ze(NBTTpdMtUktUMl<O{TQ}9tt85hz(sr{*77u!W|D~Os)I{a~e{x29o;fC$w}h
zS;<d4>&eMUwckRbs6`mO%31j-0Vd#m;N=-w_$Aw)uhs4g0h}W&N}r-PLq(6($G$HJ
z=$xkVWsPK-cuh*}R($2IKD;6U?*u=B9>u_98|#g6(8HyBOc%bcBTbZ=zJ%LVZl%c;
z!ke&cXJ@83$I8p66XQv}ByIT9m<7eLIwKVXC%rrTR4HJQI9M4k|3@YFX63f7OjXCi
zL_qA}$N3jTS-1z&Cqss$GjTD!wrM=T(wy0}KV8|#NlTCab!|M{q4(=~TkhAH!Jdtn
zOxf%_V#U8n<hvaZlujFi22}NiwJ;ZWtBjjXuAKEl!`P`3r=bf&qmuV^Ke9}Ylh1eC
zapK&w)kI%5cwVS}HW;0l-Q;rFvR)ffBt=EZTGWNSzhK?RhK4>P=j(aqL7|%i${rQ+
zILfiQ?xWW`E-zezmFof!e$D5&gnyij+5_?HHR%ZPwps%dytk%3Ct^6ewP3-BcVh%-
z8`qg7W91mu-T`8}hSw#sHGu;;*4D}`J|XT4HU8$_OWID|%41c$=`<wsF*xoJECTSj
z%iPOD(xtgt$URr%{54P$>rk9P`>f4A!qr~tRLqup0>*pt{bOalQ!mQrV*Joa^Vg};
zp_7G0A-dw^!6^AA?c5{ib-oMK@ZgiU9+z(Wb~nLQhyivjJB!neUX{ii;CwP*t?6Q8
z<%7Let;@x_cS<_=rO9z6%5a6#Z3M?DSXz)TFTv5UZ>?`sP_nW;O4kd(p($k<ABJzF
zK0Y;Ixy>LDLtE@9U&EFmEtI&L44>=`EYuTfu^kx{96C>Uqz;9Bcr5VycdESPdHUFL
z{<HS$W?Ccvpp<8sPp6${iSprfZfyW^dK0scp>bkTbm}^PgA&>J<(6HCMZPwFod)Bo
zv;+as!f)=nMH3qDblqYg@_wp^X?;?8DuL~aLrs-?y~siBDHdP6`QnD)b#}jJQA|s{
z=`0T)38zT6QLWN92qT3itcmvr_Bf5vRr=<F-Sg_|s-N&b4R6Cv&N^P(7T;j|muHVP
z3w$_pGrL8Hgbg79M?%8J3*1dct@N4Sd?aWu3*?rW_EYG6bUUFywCKVjDW-;4$xrOw
zDv0apqRjNRcG_h!B5jvdWX|g9*y7FFv05}j^cfk#`1?~z<kIU$rup-<T5!w-F5wDi
z+qd2<mHpx6tQn%9<$K~xc`x<;$+^H^q~yf<eSh(%gdYY|52F*554k5gAeVZ3$0e?k
zQ7oo}#%5-dh%+UCTI6Y|%I0_z>hWP3L!agJsE?L|w$rNC`%iMS#UirSS_~zShMarL
zb!=j<4=s&=BRO-j&gD-G<d_ZbenaAJeY`KFf+S-`Mk`U)Xw%P4ga6Lcir2r>f@%^O
zGEs$C)l6kPa}f?KzPYkh?s$i5J=`}TiHzRW^aWf@g?|4Fu-qb?w~Mx$&QXOJz`Hq@
z&)9SIzBN$0bkEaa=oY?xsq@1{Q*m@x>RCS-kRB0kyv&31Qh{MwmUzL>skeijcoCV(
zE1lmA!Cu#&bp9>R<bc0QX25$%Acxi7rcaeHM)k*I3U<cX$m+7lkm}?=FalLm%&?Cb
z{Y?Btv>m7#IMZL{?T{$isOw`O4r+=fyI)*bgY)$~3NRaMZs_U%<$Ap802Oem)sWk?
z54BsTvVS#Nb)SFg3%A51B`qttO&4x^db4?cQsieo1zs?C>$8(;s=Tn58sjUa@+(oQ
zE^MoU@t<^6wY)zePe`QWXh36%Pg!uAVrt;yt6l2`?D|3t-Z$_udUq_~FD_S_oWit+
zPLFqv`}x5RrzUXJWNQQU;`=uxAzO_uFR(mZ`8aN8goGQXIO*MUwHu-iPjrp@(>qC!
z_Y-<C7kE;9hDhD4GdkC2LY|j@|8AOj!O4zMUp=#q3=*yq+AS)x<c7r=2RX&iVW_Y(
zcLLu5t~OuuYO^)2p-oiI1@~XJ5hX>Z$6d&<TC<q$)Izhk{DuL}GxnDJlGc!n_*kRd
zM4FnkL<XUjOfOm%R)O^<FM~|)8BHA*(Q8W*B+o5%>fbcixJ#PG{=zSS9KG!UIamt>
zxuK4K4i5GoR|lzj!)@p8Cl@PSmIs>NM7s0<${8UF-SZ1(&$V=umuZMWv)LAyh=;Af
zgv-ftUPNb=5^I?Zk$&LEU!vV%CiF(u=(5k#sWW@CQ0x}0PoCNAx%J=S{(scdH%O=a
zTFgeZO?Ki9CORZ65X1==M{BEF(Q$~m3uX}_Kinn7#puhv;%8=x`<QxWO&b`lD*8kL
zO7ikKaJ$#pfsYVmXR?03BGPwv(JPFm1)$yYbFTeSaMH_lSl%Gp()yMIekR3VV9g4m
zmxp@AI;?h8xtTr%*{5rAT{BWO6pi)Cw=9~73%!0pwx46g_X~qQwW<o$Yqq6G=X|lO
z3Vv}yXP++-6{eqZ{FYVNS(Sb2G5M|!Xx*mAyFWnd*E>86!`C0DglqUG$Oo>|^}B4b
z=H;zzd+u+KKjeB8r>^8+Kp#pbUU&$)YvoKSU74k)`o{&=s(q_6bY2R1`6)cLwNsBE
z)b0#oYT<CYn9QyxT#s&Rd9#}|c4s-XZ}>5Ddw1RFM)qJo7ydE>y{O1xQ$8^dJY3|*
z*Krxg@O-3kre9@@ljn;`S$-THDR!{z@61E5_FGFfA7O}<OHrm91gydOJ~u}$%0CW^
z56#!=O|(lbIwgSp+NEHhHJ$eF?-9bZ`d-1EYkuv`G?H*$_7|txjRoaSw|H&O3~J~6
zCUt(^4`9ZBi~$8<43`_r&5m-w*6cpM_ZfWSR2K>;kN!)5<w+c}OV^5INIa`MAt7$u
zEak~)xH5bMbsLxa{ezQEs^ng|QPQM-E*2@Rq*(fni|S~|;QJNo$<GQWFpHp=H+=pJ
zr?C1bdTz-WJUs6Bh@R}IIWbfFBB{jRz8Mt-t~BfnHTch(K8na-V`c$Z+ge&#TA5j@
zw{hQHtvaNtYRS4uS!uLY+hR@e{AO~<w@KnUg|qYU_w{y=^c!~&)SXVBw4ndP*#-uY
z@C#oE9L+k!v!$@Y&hi-)2iA(9A7codWj3U%ZdQS_J@`Mu!mbqrT7rBBFDUY`bYAQI
zoP?^C_8y8bINGoclKve4j-~+u|C~~qS6?nSwU3dY!F3u=Q-w$7dY5*Bl#W_%Bycq-
zb5cY4C`;bjUMO}B{>Q<AGh&DNp@8CFoTqVtE@=0J)5B{n7SRi6yk`LoNQLMAL|B<W
zc~hED>K`=Al9yz7xO6mo#DfEo&X%ZE1==_m-|f4^d5!D}^%2$qbUpN%Vstl3)K$Hd
zBB}}e?^y@Y81%F85W0FWm@#@k{Z_|jFp4Z(VjhN`&T|-d6RD(5^BM${<aBsv8yZ9(
z{y;q2^Jw{rcYgz!o$ju?k&XFK8=Qh>iia?$&7$%xD8IT@>hSI+(yxix8^#M%MymR1
zW<3fFu~dFlb8yuMWI|M_X=3?`>Gk4MmTJXG$86GEjn}AcbUeD8E;}s0#sC=!$&Dh3
z2{~+Aeo0NlIf)XZ!Hu|b1FMByzvuLsDHX@)ilOMIzF5_A6ida7jxJL1@_f(E8_ST_
zQEVS2d;69_i4-a6W0HY2HfXE0GZ^qAVt+0J6n$SYY@){qG(nW3ui5$<3ctVNsMBb~
z?A9o!9j+GePCe3CB&uSetXWM?YD`XPkDz6Q?mw;aQ3piS8+ybI{LASX8PM(Qok`*y
zJ?VhyZSYjQz&phKz{kqG?fCG<qC=kIqWq7k7dJ*Jswum^GR(Eq8SRjlQ2sVhujn;0
zL$K_Y2r&P&LkP2RuYa&{SA?A&TH@;&?hgveAD?q@2Y5S9&72?XCCoL6j*7_JN$97h
z91LJ=^=#<SyeZwj@^k|Z&C|9+d78%W@~Gp6zIzpy<iy^;LjTz-N~4M|NrCNUUBBry
z#OE)IT~mG$i4cP%`E~oi_1&1i@L)1Qv$N~OqfN6O5X@rpT3mCHt!B+CA1FVz_Wnzh
z9fP7hH=>R?{tnzi*fV^~C??{9vI`;n(4e30@xDUmNh#aW=X=inH>V&KMwo&*fiekq
zpY)*i>ev=0B!3Afbb)ntG;v;eHsM289=z8>E_AyYPOQKFHXK3q{ga1j@!rSQ8n$`5
z4$J%oklh){;N1EDwEeGn!jAj0_-@DNTEe1w+yvnPIEB1be=Mb}_UM?uRt32pzuCte
zR2x2Hs_NX}DHt{#>|&Sx8J(@J(HiP8Bhp!HKMPenuk%XIT6d|rEmdR`s)k}%+j4Pk
zZB|=*ny)iVbJSj3yGE0n@mN*unSB9$vnDnKUNIa{ruhlMg+E)xLuns^j|g=o$3TAk
z$etbI$1rlqja#A@7d*>ZC;nw`$zXNAh$bPYaFBzN-{tu{lVIv;<jr$I<o>XWV2gBQ
z@a>YEL--RKOYszIY{es|)Z6zZ8})1q#(*Hh28oxk%+mdi7(+DDOUADRW`>ii=Oo1d
zoZiRZ*|1e2C%=yL)lam%H0dXk1>6y=oS~V+$ZEygK6rliWd><Jw9mYyv%3?ROp`Oz
z^ZBUTETpctIUafJXpIEF&;K6)en5f0G1szsu^0NpiycRHCjC#nfR%x@!g4R`1*~-c
zO)n69%nPnQ>;?N-FJQ-t^8&$t>;>(qf71)74}Y{h{x4o2VEgLS{*S%D{t+)w{s&%g
zHCxKs;*-6g`(W2;pWp?8Px6B9m#7B_*hH=KF)yIH(d*ywg1Pk|2Efdp=vu|l^cuw<
zr}slg(#(|reE7y(n%zwEXU!!JSJHcm-ix&Uyt%}-2kVZc*@x&oGDpkuVDE?1pFWyj
zpnv1~SbSF=>7V2A_`IB(k0h?I&2#c_>Chs&Mfxn%v3-3+&yM-NGDmde+Arw)!pF)M
z`e%8W7un>jkMd>f4)^gfxexcVZr+xMI2;`vlmF|+1RVLhGO8}x;^|01c9&=Wp81=@
zCjjHKk5agI_I(QXQ4R}d0{ai242*%hW`D1zQDzT!KJc%n1mhgs%a!b-Px^D`1`KU=
zIgMd^xYL6pX9!9f8Mje5&cVGL+&B9cg$KCPgC6e0pqKWtaN01)!7cx-lZWFteE;E7
zh;dGfamxPz3i~*GkV-X9`Ll40D>rh`%0VZUaGY{x@gUV}obqHLYni>2+aU`3IDa_E
zm2BbQ7zd4%axZtjv6qu@FL%DNm-1oZaTM;O9L}Jym&&$}^0|z{K`Qe;%7=xl#r9D?
zEN<nXbM{>dCpp~D)do2HI1WFa$~kw^Vgq+^Cn`PMc?+xWf9C8ZNV%~mFsxp4=P>&z
z{s4u26dvHX&7I8L3GSRdhxWnR`F}2OENyic9r1JK<KKn9HSc4$>sYRkoX4G&Is5`j
z@=mx^%26LZ6M*hqB%P!Fx#~@J!;gmf(F#A><j2DNSezd(@Z%MJBF#^f`6>FH=BH!)
zbcLU;@^e*wzQWH}`Gp9-kmDB${8Elzs`AT4ekIGV)cDmhzm^Us_~CMaAAhcdX{z$W
zEq)}-kHqOWPZP~0`H?a|Lc63L$0Ph`GRcn?IT>mTVuWj~D6vX}A8Qu*@yIkkp5r7d
zvckoy{P;8{Vmil96j@0V(=;{t$uK_|<0o_cWPzWo)cMKj7C%|zr^0nk7s`*-C(Nmo
z<fn`Cie(~2ekLE~XKMUxn16mVH0Al(Xp*0$Vr1jAEX~hm`Pm%(7Wi4pCtFGJv(x-+
zou6&;a}j<n$<Jju6Xm9hG||EuKOZmi^NBb=pQPUuKcD93v;2I4pD(87EtzlDIBUk}
zw=!?kLYZHv6#0cF{TBGeD8HEJ7c29&o|@*D^L%PwYV>k3!7tN%oqv9*{lioIN~FZE
zMCrG{uf*v$#jhl}vB~i(wBHK-(y^j+Wqzf?r=vp$jhd-S?OILpt66@vz^@kBajcf<
za8~%$Dt|i5r&g@R>Cp0P(*=G#Ouun{y~uB*_>E$cPe-UVz2JpwS+EOe!33CO(W2cb
z=Lz!4lH5?7vc~EmQ-8iz@cWD2a5Yv9^L+XIbUGKA64y%QNGp~IS3*;fRB<YjHCr6^
zh}hzjc;igG9Cc<aRnMf-STTg%!AMSDFlwgV#ZoO%5<9)+$zm$6)MtEdV=$E0#{79_
z!Jn`@t4u6klzBr%p4$|)g-mu=p%O6LirJ<<7ZORbLPxM9vwzD2d8MqPcZ*y>ha_&)
z8{H<qJ}<FL1+GL^ps=fh1~*f*>zo#Cve}4)Ek0SRk}>FwL4(?w$WB^<5luQ*Xc!{C
zkl4jos)ejrHYIO*;w?$8p-QH84aTNdYZ!CNscSUL5s_9WwrPA*78~R9XRI1~BkH$m
zT#QgqD>tVzC4ZY;C^2W8T2WM&R!`<4fhln#AdNM%Oha3cOKWi^B}y1$m0Uork4?rb
zQ;f_VHivSBK(V3G2x}>aAYzYtLk^)d?$YW+m5M@Y%V^`_e6HmY>85NNxvpL{70lwM
zw(5&`9d27opj0VUIk#delyU?Zn@(AiD_vEIUQn@RtAF}f)@Le3vXanr%n;X3$t{+=
zxg1O6QhHZ8<%=53&5%tcHM)Gfj4`K3Hz&Q*Vp+TpD^Bw&T2CW4H8nY9sQW`|b<UcS
zB_jD&j<M_VMzwY-pAyHJ5|a$ZBR)yh7O<<*_Oy#vx4X)APqwB}B~^hbQ6whJYr{Hq
zvmo)S6My-fe^P93MXiQPDDO9@t5K0vnO20vDPOAC6bB6|eK}I{#jE0KSdwza>snhS
zlZdPIld7uBQw$mPnV3{9EBKn?>AYJL&Nl=Rv)x|K>C+xxHJLLjy)kiE7z>wTZgEH(
z2=GGDU{<7dGyamG=5~5qqPospGHIGkCZ-UY?0@-a)DvjRTPC4KYxQRh!Aw(A@Y-WF
zwJPWjF;$_}tO#ZpyHp(VL@ctZPcE+dQt52jZ+Eu>&XzaW3Z=3pRncZ^CMHd#DRn{<
z2wSwKmN@P7x=R6{Q<K#&RYkpFc4!+dqrlWu$kj1VBx`rtjhO&Xr4aZ$5^a>R2f}rm
zO@AVk<SngOL26U@8cwau8`Bh}l}s_kXiPk}(WiIRtv<88rmYuKHG3wQZrHp|vCA!q
zY86dIJrQoSOzNCJ5OUPYQDNOwQ!$Q7N7Y%@Xln+CN8PG;D|Vhjp%*H6;eyl|Vd6fK
zP@&+NLa|9ET_~yQwwyiVE_o_ClU!>`seiS>R7_lFY%y2b;d1e8c|EV8t!pf{Xws1o
ztFzv0R$*t9s#wr4X{d{>p=8}1i%c~%0)yWt4SIccNvKrHgmmVtSDy2G@{``lDNi;Z
zXk?-xi#}EK`21#bdAin$Sd>XorKCw@r8y?6^SG-4Wg};gIXuR&v!zlwjIlygWq;vi
z{MoQLAlA5Q!kjP{$(ahJw8tIxTcbW16D{Rjd0F0-^NRzCkk@OfGDe%*70_3$QA^e9
zRA*)N$(&M`%$swed?GR}QMV!`u_Ngd)nbgf8e^LAs9EfES9}^{Mv@Ul>vT?=rqo)A
zG!$_tU15DZ70~CRW^=M)DA}f_41bdup(fxD>P0>=&l?qL)#{)%uJSeINpT~WF@y}6
z%A}Q!j8GtMq}*nQPvptu1Q~^>8gQh2dUq<T3$>#DYSS<Bcp_4FDdgu(mHi@3OrN(z
zEDd$q$YVlMi-f6bRVM1IMg3$jYKZC?XVK75S{miNTU!kAY^jh%8<plY(|-oBCGSgR
zy*_auQfSsw#dyRmO{L?~a!jNM#O*O%*xqCWwoE}83KtX=OEcsPG=oW<KM)sAwt~{h
zaMU;ziv+`lsK{?B6yxfUp~S=s9^14*owH<oN_8w|j4Fe6t({TZWU^eaAd2RV?sP$?
ziRUbOW2V})W<{l@S1fhK1Ak(f+iy@!hNO*DUZYp1O_7E&)QB6R3Q<bnvS&2nn0eYT
zm7~=R&k#3Hrz)Y8Cuk5G!#c66U{dQ+S*ge^iRWdESeuxVRT+CCW3f+q6G5dlM+aVJ
z5AsxoM%1fwl>AbSg!-GIAdD-Mg|sJP$R)jcbJedCmztBFc&=;~R)577xh)&A`m*Zj
zXrbjxD6NS`Mj~-*12vl`=qW|YcB?vAmurfyqRl(0kGXONwb5m(YIO~b)@#vNy;fJ*
zFV0xZK|fC&^y$k%VJR4-%XCoUh@>J_CLa?TM0N>d7TN_V#$XV}TCzq$BK1y%qUFhW
zFdXntCWCr;aZ+82GJlhHZ#f-siKNDCpkc`PrtJBw+FUHrsTmMgiYA%aWl&8yT6AwL
zYoe8aLo5;mrkv@hFd~`^P8CJTf;^Q9i9N2QFK#Rd4YedQ<q0#*V#RE6#{y<i%<s-m
zg+xy3i{hL=JS}b-osC>2=CB14V!H3dT+WEB8kN#@ubMY#Y=7o-vFcE%8Y-`p7m}#7
zjKD=zFJ?_fzc)>H8Ie+DQa7Wbyi}65@Csp5%Q$Jyi}L1X(yD4D4UBeDmZzJzwq+~Y
zV--3#(}_mQ>TR`J%7%b9S;$Fvis?$--ptTtPGm5t>K3N%qKj`xmv*_VhFDUm^4hZb
zVx{1$2V6E~Mt^H&8VaXYAj~`EE{#gvipd3fXH6j$D^1NhUHW3NT0*Cl>os<#zhKJ5
zTMci(rYyFYpt|H}CT(@CupzEZd(xhu!0NIZg?1Mcl4;dqK~!T?c!CTQ(g>82DYZQi
z64a_vw@8xGOxJX3fkN#JOsQ1%Y_y>W1l8JUS+<aIiGS<ay4foTIYRMZCZ<p-t4V3S
zRn+7P)N(PO-JbF3>(VKOTcr(aye*?Mtq|vmI<dXsblbfFudq1fwZ*J;do<V(d#0kk
zx=y0B*VFb^c`_MFL~V&|LtJ&47{*;{c$^idCShP&?u;kus#U52kHuaNM5PY9*_Di{
zV~UnqDSy?+Y*v#oX-k=GR$Zh(*S)4ZCW>i|>R_%BjRjoVSSz4z$-~)TmgjK#L}HCf
zA~a1Z)HY#I+?onnmC|G`mT?(035~N=w*&*Wye2J?iCh_vQ#xg5Dg_0#dEQoaOlC{E
zjIEJ0@?1uN$n3EswL+mjX^q$fa#ysZ5;2;L&VLbWMNCyqaMGh|393n@Q|T*&CE2>h
z88E0k37<GrnyPt?F?lkWYbk?;c+hHB)D<G3$|V;YreZctp>9*@jKZoYA58ifYttxo
z+HCnqNGHoVYnr+%Do~k2C3~}_FgIPbx>7lvwAmb5rLAFC`BYVjO|NO1>ZWQ%uA)1E
zw|`nQ@iJO=zE`~=i`$;g`ZU^t-q}jWC+!NJ(JKzx?2%C17i?*gin>5hFgmP$orm_L
zu&WHhj7=ZUhlMSdydf481ma988!IIgmP8;ZR_a7{Y1*1^1)DrgAnLHIGHJhCEwT#&
zYH21Uba{NyOr<GoX;n5=P+Ks1eN0NyYJW8oZb!*s7RG9Hj;m_+YB*jg8Dk=K#$%$&
zYw{vrTpMZeqAtDI;|(RG4u`{@b=U-1QQoc;CAAr|LRnUuymd>=sA`Bb1-0GD_)J+*
ztf5TER8fUY94pleuA;zdcd9K~i7{>zW~^zsN|iRc>Q?(y!l@|BVga4AVl?K(nt!mp
zUavXo8JA7!rcZVPtx}=Tm=rEU%<tDYRn*pXol($Im$Q{bT&W34owckWAuoB<vHG;L
zs*;-OlcJh1C=w^MK9xsNH05PlCgg3XlaYkkJ{@;O5(XtJk3gW-l=5C@le$DTp=v1H
zmTXH=Q&xi#XEUSC>ykXR#u^YRqJJt|F=z6|ibAC;+OXNZlZB8gOZT!kT@Qk4rs;1e
zT@Inrs}y^uG(kfls!-CnMWLwMvL%IBCE(dJT7$}EvAdI|vesKPnPNdE81hW2yoxZB
zsVOz~rYTx2HndTr(j0Y!^E&yY(#0giF{6_SiDT-f&2LXy^&(HGkqk+gR)0+)HzhL~
zMy_$Fql$<+Bk-uTYDYd>76@ZLxvE+-3WZI-!=|tZDkh^)>6Up)MWt1lR5CHGE)fW5
z9iA*>awUQ`v&SvUIA!LTN~W^KM4_nGY-vRjHf=zj%0=`-rA@?S>KRdf(kb>-?Dlk0
zZT6;GX>TNCRB2s#ZM2ayGJgR}qmrk4yU{7q+iG=f$mr7QoisAYiB!^Ntrj-hZ3?x2
z+AFfvtu}9+ae5}p5vkl~abz{ls4-E`O9jbvuqBUW3?`Q*oD5k!4p){&+5s8?iLy~o
zLaV4oB5H4)7c-Zdre@NjN=8CrrC*z}*-FX`6B216?ug&uGgXSyB7ZuYRT-Wo)H0bg
z^+>>!$tE)~o7S2Vs?=Vm&MD5foZd*)q|~JanK)gu3NA<0W)N2uMYB}nS1XE%Ml7Ng
zt329#OIPQ4oH|=Im<^hoZn51Nskbs7amZqH*fQe0N|(2`s>yIV5SCX0G)6D$r%Kwe
z+8NQ)xoQwd@<n?q<A1ZqqUx4XY)MrZFE8VCG8&(L$`_MUNAWjWKDth6+&NEhN?SEC
z;-n?)GnJ!SwbNy4`3&_^Y^o8p#l=k<jSn53Xwupc(RIP>txIG6ibj(Ps>L2%oiQ|+
zl%QUc(Psi%HK2>;Z1h<m;js$jF_ppK7n{92VXVMwxb)N6n15u-=(2`Iv5YrsXa%iq
zp;6VUG#FWmVLU~TiAKdH#bmx>OT_f8Y|80!wPF&PUtO~b%}SF{oSD|-GG&KW>uTmT
zwnivm2#C@Zzq-|m*tL`CidXBGdFfsiOLz*pN<pmFdK{T(-6;{3-QJ{Cqz$;tEmN{+
z)hSx;veQ=enSUH%hu>-UsYPK)nO6x1#pTI}I}j74Oll@%niQmS)3RhR@5o6SG>ENc
zD#AwDTTTgbex)#94H~3%Uv{#Ta+a+Tm&M>3&wn%j_;WWr(-Z1{yE*j+bL*zr>zuEj
z{tHu<c=oS)-FIt$?5v9>E<XR9TkiPU{vU3rb|*UQ_kTP|PG7O}#n-z3D7fU+vrqn=
z;fy!q-WUJ2{pRbgbzc6^-eso<&$%kJJMMU>;ri<_AKY{Plb`<maqn&TRPK)l+cR$|
z*RFXsdt+IzAO2u+d;U?&mcY9YA4+X_wtMW|u@iW|?9i?_{joj%cTRr!OO?|`3Hhb^
z-d@|SKYw{RiSRxBxn~+z^Da13d(YY5e}0wq^-A#fmUq3!$8h(tFIo4W^Yqxw?Oz?d
z?5xi!2h-E}^bLDz+fIJ?I~rZv?4K`t|Mgef#s;r><=~Glvo-tIbUxF3@dwMkv+<H^
zu6h%Es`<^t(}x06sr;GIKmXx9-th6yo;k#S@_*o}lkV-kV&V$R{wvHAqp!YpdhZ!e
zpRoJnjxRjzd*|+z>1Uo_Tl#w2iJ$qyk`o7Rztk!)b)I`qkau9q_=&xT26?${S3LK@
zUGn>+gS>qkpLz3zZwJ<1>C-vV=tA?&zZie>z*SMx3+J42`O^~*yb{`Xaj@5`*tPBS
zM}ME%Vfpmv%E~>LkT-Vb!l}n@dusnpVDbdlnZhfRS8Tg&{}-Rxaqur!pZ3DzhR@zn
z0C(#P)~$OkSo*WVp`Ytj_az@&amTOTt{#8+i*IdhKRfdD8G9eak3V#oMEJcW51#(;
zj@v&qbkgZ}D~vmrt-bS$XCC|GcV?NVu75jy*F|%Gr<^}=Y6D<^eNSx}O-tt9`vZtO
z7lm^t^A!DX;a5czpP@MSn;?#6<>B&|DbAL6Q2ehHXMZEqP4Rz#evT*M==%@ze1Flo
zE8Bg?09f=3F;)&t^Gj%N?VtlJrSf%xW59CI1y+D=%6}E;0llCPtOjeyd0-t_Pk(uD
z02{$3uo(=1L9hi3fvsQ|jDS%v2DX9ifCu<s2iOS&KnO%Y3>Y8*QXm6z?j5;ZU^mzU
z#=%}N0rmkEPy-Fn0v*r;126&;Fary)0voUc2XF!xa03tU0w0(Jeh>gb5CX@7<G}G?
zKR5v#;NCQga&H|axOZLBAOo@>2Y>S1+g2qo#l4MH1=FAg>YxFdpao6@CxMf}r@*Jd
zDd1G_8E_gn9h?Eq1ZRP>!8zbu@LBLVa31(PI3HX9E(8~Wi@_JbCE$zTOW+{*GWZJk
zD!3F}1}+CzfGfdO;A(IUxE5Roz6QPyz5%`ot_R-&H-H<#P2gtmZSWm%3xBv3d>7mX
z4uRXj_rM+CPH-2v8{7lF5AFp&06zrxfggb%gP(w(g8RYGzyshx@DO+yJOUmCkAa_q
z$H6baFToSwSKvwTYw#QJTkt#Z6nGju1D*xH2hV}$!5_d2;6?Bf_#=23yaN6N{tR9P
zuYtdS*TG-G8{lu?P4E`@JAZf^yaWCL{t4a%?}7Kh2jD|617;!n`VN8^61W7m!FJdI
zm%?SR6CMMX!!Ec2cEgo$73_h%un(?=Yv5YA4z7p&a0A>3H^I$t01m<}a0qUN!*B$S
z!ZElFZihU`hdba-D1bsJf?~)(36w$^ltTqn!d-AT+ylqqUN`~wL4OrgLk-kI9n?bu
zG(r<JLkqM*8?-|QbV3(&Ll5*qADo1K7=S?-g2%$+;PG%jJOLhnVHkl?7=v+`fJvBw
zX_$don1gv(fJIn>Q?LvxunMPP4c1`;Hem~%2v341!%x9a!&Bg?@H6l<cse`-o(a!_
zXTx*gx$v{_bMQR)d4G65yZ~MZFM=1tFThLS7vY!SLHK3(75G(nDZC6`4zGY$!mHrb
z@EUk6ybgX1ejR=TeiL2~zXflAH^Q6X&G6gsJMb2GEBr3J4IYBG!|%a6;GOU;csINU
zejnZoe*k|7?}I;rKZZYnKZW<hpTP&<gYY5vFnk0)3Lk?%hkuX5U%+3&C*ZH(lknH@
zH}JRcckn6rG<*g=3x5xvgU`c1z!%_)@Fn<1_%eJ2{t5mWz6xK1e}S*Vzrr`*-{70@
zE%<l%Hhc&E1O5}f3*Uq9!w=wxa0bpIfFME$BZ8KoHq?$f&{DJvb)sX?a@2)Zpl-Ah
ztwKGh7xkglXnze_i`Jp_s2^=W8__1T84aL8v;_^Jt!NmHpiwl2wxR8ahxlj*+KB{6
zh(t(?7$iYbBtvqfKuWX=?M8dhINFOQ&_1L>YNSD0q(gdSKt^OjW@JHDWJ7l3Ku+XB
zZsb8;<U^Clj{+!&Lg-j@96BEDM<<{ID2yT~iee~^5`QR(QYeiwD2s9^j|!-WN@xm|
zQ3X}eG^(LGYM>@+p%c+b=w$RM^l5YoIu(5eorX?FXP`6DS?FwZ4muZo7JUw#hdz(a
zM;D+A(M9ND^aXSY`Xc%gI*7iEzJk7rE=8B2%h46+N^}*v8eM~~Mc1LPp|7KFpl_n<
z(YMeI=zm6Z6S^6F8+`}ef^J3MMYo|t=yvoybO*W<-G%N(_n_~id(jWj57B+-N9f1s
zC+Mf>e)Kc+0D2HTgdRqZphwYT=;!Eh^b7P$^aT19dJ_E_{RaIO{SG~ao<`50XVLG`
zbLe^W2lN7Z5xs=|h+amopg*BMqgT;u=r8DX^nX|M2KpO%6TOB0j^0M^pnsr$qIc1I
z=za77`Vh^aSqw152xCm}65NK{aR*+Cm*Gx)3|@}A@Cw|GSK?K;2lwJWyc(~;Yw<d~
z9{1x7cq86~H{$_3h_~P&ycG}Q5j={=@HV_1^DrOpz&o)33$X}`F@q&oie*@i6<CRP
z;eXwD4<5&R@dVz7RalKRSc`R7j}6#}P1uYr*otk~jvd&EUD%C1*o%F568mug2XP1=
zi;u&{<Nf#qd;o`W1V?cU$8iEDaSEq#24`^&=WziSaS2c1GOpk%p2js?#|_-XEqo$A
z37?EVg+Gl?!KdQS;M4Hw_zZj|J`10X&ws(^;?LsG;q&n4@%i`yd?CIFUyQ$iFTr2L
zU&06Rm+@EdSMjCzGJH9{0$+)*!dK&K@U{3l{5AY_{0;m~d_Ddaz5(BeZ^Ad@Z{zRa
zTkx&;yZAPI2;Yvshws35;=AzO_#XUyd@ue1{vo~({|NsW{{;UO-;aNWAHWadhkx+H
z_!0alehmK{KaPKae~F*Kzrs)AU*q54-{Rllr|{GG8T>5%J$?>9kN<#Qz%SyL@E`HZ
z_!ayo{Ac_sehvQxzmETk-@t#vZ{oM`-|^e{9sCdcPy8-^55JE;z#rlnJWBw91QARK
zSwh-KJLw=x$uiPOjv>oQ7g<5N$$v_+iu90P(nnU4HDoPWN7j>mvVm+Qo5*G|KnBSc
zGDNnLVKPES$r#y2wi6!VlO1Fy5fC8}5iwzigh+{u$ccg|$u6>+>>=Z1FPR|wh>EC*
zhG>b7=!t<CiHVqrg;<G=*olKUiHo?2hj@vPOcFl{kRS<>W65#kc(R|IKz|O9Fo}>T
ziIF%-kR(ZwG|7-G$&oxMkRmCODN-gCQYF)*M(U(NnxsWeBqx!R$*0Jt$tmPi@)>d(
zIh~wA&Ln4%v&lK+T=H4+IdUHPJUO3SKrSQ~k&DR}$R*^9<V)lr`7-$m`6{`TTt+S@
zSCA{oRpe@N4Y`(FN4`eBPJg~ZzDcep-y%1V8_7-NX7X+F9dZk~m3)`nMh=nN$@j<|
z<W6!IxtrWWzEAEYKOjFO_mLlwACsSupOX8@&&UJhLGloJm^?xrC6AGxlgG&~$S=tg
z<X7ZL@@w)N@>}vd@)UWRJVTx(zbDU;=gA+)3*<%e68R%}nY=>&M1THFUL~)QzmV6-
zU&$NfZ{$t#7Wq4Qo4iB*LH<eJCGU~<3HuxPs|V(yQ#P@`NoW5bgJSLt7Qns_ayCsD
z(WsEn_^^Y<iG;>vghpgbXgt<7|M&d44+4un3lT5m-Wp}wk%g*#T>UAF+FVJ~#O&<1
z@132!eV&MoOWAk`fPY8lC1l%o%uBe3rjuy;8cny*^nFf3LL*g{a!$fFDq%Z*1T6V?
zq&$*8BI%s0?0pFb+veYdJ|a8*xa{-q)NnendQ8lIAg8)~Z;>wZ+8mC%JLYTtQ*k#r
zpN+f0+K<QG<nu@4?xS({(YX6)+<i3eJ{or)jk}M=-ACi@|2Q||?!$3l_y0;9NNsd9
z4m=tM9*qN!#(_uUz@u^C(KzsE9C$Pi{C^=1{KU`V|Haw;e*iGWfOVHapam3{klYFt
z1Tr}`IG15Z0v>-jIW;i~K0XR_baG{3Z3=jt&3g%W6h+!_SN9w_Cz(4lIc7RDJu^vW
zCUazFa$n>k2LTdtKsa&-5+EU5;fx$YxDNpZ<pw#FO9W9wK~Z-_U0p?YU0v8kR~HX-
z-E}pY&i_`=1OltyKF|Mr&-4FjYP!0ry59S(_pNFOL=b;O2+>PWM0R0begW?l-VTCr
zq(kep@`^-9=lYtB1c8d+c}nB-`p#vfC5|9?7vcG0YkhYo5kUmPcr!eQw|4ZjOvwA$
zP7p#KLBut+HP<(N*Z1~|(02`ryA2vdcLZrLAM_LYw&}Cy_m(Lx!1ED;pky608|!ym
z-TxRt@aKO++q&uX^E-*RiFHsn!FcVA`svNu57VX+gslzQ_IJ+go;|21ngD(X?k6xU
zd~)NbpA{rb4om-MfGU8%fBXL$eFfidpyp|Vjch@HgntPh1G(||5AH&m%_ph@h{47|
zTY%(l&(PmhuH`B*p5PNUf_$JK!9`Inv<Z3x_&b03PH19$cWN)uLP`*yBn1?o$0sRX
zFF`CH{&Hp62rZFKXtf6ZI<^2gg*190n?QqugYfnv{8ElGo*)H94ZT6)a*Vh|<q<1^
zkqnd$!7-vpkV2H8E@BMyRYI{s`)2?68Sq>I_swJqK|y;llsiz&P%5Bkp)^3Lfl>-(
z5tM&1F!mIb4R{XTa)QBkYCTbh@BG(^aDEjL3#Az9I^JK2cwRR_L%j$;13V`cO~gYz
z7W(3Z(J=P)!Ow6%jEm*QRl$4RL@)Gb!gDYbiEup;>7QRp_~<<1zn4&#F|C8&`tcYE
z^?tY)0Iqp(FNHDXP|tu83V5fJDT9qr7ejwN19&5bdI*$!c<(3t4vY^49GjqD2G1lO
z3vff>9*M`ooN>b?#j7M_#Q%qX<Xc4N|7#qE|AEzg{!8t^_iw<$z6QRIzy-H~3@-oQ
z!0^A1O@V?UgI~nmd7Qo&u+0zxBA!SiGKegqny4iv5R-`o#1djJ@ietWE7Pj9(b|7l
ztpVE^j5c%Qa=395iTb<aq%bbZH*WB+zi>4UHV*8)vHQjoH+I};zOnK@JjZ|kiv#R7
z5`RU7=q!2*eNQUM4RAd}zD!;xKc`};B5DzJmHG=$#jD}X;=RNh;OqFcaCN|S3a&2%
zX@Yrz6M_L@mT-gc+W<{KWx)A>zXyLh13Lo`1%4is5VRoZ%^+`ZcJTb*_k-ULiGs@p
z*NBkXkXE=}3i)@aCA2H_K<G_TgXoOt%P>>elCT5en(%4iJHx*fJH#`^=f!`OL`y0q
zyCvUCv!zr0*XIAl>&XAo^~td7w)7`ink)~l8UMp|2DIqb;4SnTza3V>2=IU1I?CWm
zayuOgxlBmmUx6+bx1csdjbKD#Vh(SHH7Cak1+`M~E_GIEX-P!FfGx*@n=Lt5FIQ4J
z@*>O_N~mE*$~bIBdieBYwp&3aTN6^GDQtsB;j)-h)ox0M^gSw7R%)t!TqFB2GA%G?
zr>5DB8`wYKxtYOR)W<M)B%yyH2&Gi#a!P3zEp<}3IORGhG^LZ$l$4gz-4l<$kUvNu
z>4b_2XiR;@<YN~K2H86k$4p?Ko;(9p6tTyn(CcGS^=R}un}W+|_UKq&jZ~p(u&j>3
zCh9R*Ga0ZF7ePp!3WZW^;7IbgoN|Q{9(4wTQLMnc63TThctB!-KrVk%NZlT{+m&Q6
zc9?^=Z@XFII)5yCY;yDgW9Zto0~_CcK6}#s2Gr10U-NW{DLJS72{fv2i-;^*+g>_-
z;d9cuI=)Dl$$qeBtBB>DdUDa4_riO7c{&rNM(>8SjvBdiU{h#>t}8otZU?NrMT2h$
z8i6kqAtqu8J6JP;kPd&*Ln6coyOptk7GSJ!Iy``w(SRI^`}>95fT3=F=YYPJ`qRL;
zRojltEniVSdToKTTp`xWHMUrXT}vG;Twiu<_Q<~S^1ecw&SH(VS@kv>&2RsCBLBdR
z%_lBZKQ(pg>FVV9FRvZxiIF6goxN1%^v)RnRO{&%#y{CU^+bP_%U$rwGlfpi$TJs9
zaL7QE4Bq7T108noNh5&<S}qWfLIt4Y_9z7yQ=`DIk{*n-$EQpJp+d=_Y-Bi=>tZ<p
z81QJQz}q}II#^wCYDVq4!u%;RhB-KW?9rx0uXi1~a^g;6?2?AX^R{n(Zt0p+F^V{L
z*`kHDxz)9?Z>@i5$(Y}>W=_@|YAPelVy~=et0);6x&GnWX*0&1TF~>|Lv1TFj*l-`
z-#TsY<iA{eZ<AFY$q!E3URN}!C)M8LRh>P&F#m9U`+f)b#xbDTYR=9G>2NF9?N%mP
zENPtPn-(U3vfG%=pzMgKWQ)l~{0%r7KyuJI(iKj4Fh74lMlmG0Xh-v=$C2Y-3wMvA
z)y0e1nM`TRX0+yg<VJ%t;`6>@w_m+}a?O)FVJ0igROOpV>H_&o<l%(S<#tPeWmeMq
zX!FL$*>`?ixTlO(l`P^n#h0{fVds6o{+2~EnEczQ{pts&)*Rl6qrJ`KXsQ!t8Ve7G
zdzLK_VqJgtSFtdL^a>;b4_uua?e^gQAqnCO5An~VK;Q5pV(og3)g|zl^KxTpOYVv?
zXHrQ|i6tgxWM*6jDc9Q~nHae>gr8;}$*7}ZZE<mtQ!>-sB@3f1mKeHt22Yls*T4WI
zhh<-$&QWf#XqeP!u_98W$Th~8<44*PQbx>8FnNEX<yPA&r^9F)s|dG7sXUSpS*R*9
zOf9DqBQ5buF|{+;<LFW14MK_e=H?Vk7dwQ#kJ=fnU4cSjFe8!KQ%l^rtsB|n=Gcv+
zrJ;ecz*MKbpnG!bX_%=3^^!HD60g`&T25Dxd~ZLg+<`d?{&yyEg$RalcDTbO60<o!
zdxd}dwI*icNPF-WnF-vdeAZ27vhvaBHh;s<Rs3VvI~EUqL7nHf5#fX$;3P?~btn~L
z8OgEV6Rza!$SuZ(!cjsNubVx7%HxZ6t^R$(m4~LknxE3;o*iSg=~LoT^ISzq<nAv}
z`PiI2SJ{(avFEmZcKJv4i__ccXFY{dzSw`&ZKE?P*vA2{J7Bs3fU5wgj8iNFCn=|0
znWPIt!hr6eVp^JB$C6W$6+uEq&E)c4-`BrtR&or<Fl4lS0r{s#;<Ygvm<#eL>Nw05
zgVzoke6G)&g*v}}f%=d_+5wtG9iKdK1Jxt#?io#c42<fXU57rg6(9a76E$>H7pQ*`
zpY3N*E_(FnLx<;dU3l&NO|7l_pJnePhubY!BEYLEfa3t1-5j4_ZUqN`_RANvnBy4d
zSbz>4CJAFBY)d`8;y`uo^NV{sx3IVS8WU-iT0CFL#JB9wsWl1PM`_FV6g@O$R~xUm
zZ`-u;@sI4bpIdn9p(A<5XmbEROAvp&yQ91$IogyH6EtZ>dF#@{SbAEZ`~qMU1S=<4
zyiTkW(=OzM8=@|pJLJ7W&Y5wD)uSIauscypFSTr79l6gt8E9z$T6!Q~qTxLuE#z?)
zCm5!veloDFA*yE-+g6JLcde{mF{Zm`!Az@8ZA>gFn{#^i+UXY&k6(K1oN<5m>gU?e
z^%^}Dj;MriI_dP%g&(9^gk%`Tvj(7@20SAO6UI|S35O(uwM?8O(Yu`pyWJtEAU<mQ
ziYE`W>o;v)d#!cRwYBw^wxF<ow|lQi3JaVgtNT_jHdOQ5n9%b5ulF_HICX5@vASna
z^f^?-)_C()RZO{=n|Sci<3E4nJhv1gfI~oQFlR}4jRQRv8s8>AWYas*Hg;{7t<o9I
zFE#vpiFY;9IwcsaWf5S!1~67Zbc{1p!!XBnpL-g<dMKqsYX`Sf_U)T^?dZWbI*y-8
zDgEQ=%N<oc$UZ-NZc9tA%kHiiy?%PfGD9JGe8t|X6)&BcRl2)<^{9WAu8nW@)OU|R
zeZ6CG`P6xH%ahs?*}oMWn)1-D1=U3<(}0&_fSMzKnUXL<JcC`b$0s$9UnNQ4D#A$l
zu;N(SvFygXaZfDWc&%mOYfsMG^66{)E|E@2Zckb5!?ih+txKX9at_j;Z2si@nYBmP
z9Pj@N+w;&g^1`xF^*4X#@7?|Tc~xeBd<y)|Ch8RM5xg53=6R&Uy%6n>_RNVnx%f_<
z^0^~xj#rxNtL0*y*Z`jLIqEdbrn`SO>R0?GQu}9~^q>Q!PG|cj&i?u5|8%7|21Fn8
z>ZopztI+37@x|~w{lCG5>K^;USQu3|_!*T3>uoGy#c{3MAB=zbWP2AqACtjU1j6BD
zzZNI7m!<1hHB>jHTj}`xD~I2%FUpy)IY;j21Ik`<Xlqwb=F;tBZA?d$-d<7Mbz*)^
z`^cSb2m5}=N#tBM7Y&C)Mt=(Mh{6#oqJ^Alfp^4fA95m}tK@hTOj1X^|EP;iYhcHX
zQ#muyCpz>|%EW&P@0VjzOfx?J3cYr{+^9(uGE7*6Z7Z*?|IyWB_zc6d(&ou1l+=6w
zgd?a}$TmL*`-mYDh-851({F)}c5z`H_Q>GKXoqi!X1LJG#~7j5Z?BxcrOvD`sPFyr
zXWm}tI7S(5EOU~@2OGEVUgTZKOitOdb<~yTn?}#>diH-()s>BzHId}mnB2OR%@@Wo
zZrv=ZV+n0$BJ}6ywd@NM3bU4#%{!v#pBZ^ze)*P49v`f@7~;Gz;0ml$NUGx?LRcg5
z$9X)R7Mr6)kHv%0_VC`-Xfi+Fx9X3J=YIX@ir@BVTG%@;uqQ99Ift@d+`2Jd5-C#$
z^V?bHJLiA;*!TbZ9Q*yIt|PK%kNo`nz?-P@g(8JC(uSo0+R4YBQh|M?^M00Sc@P(Y
z_csDaLL5#2M|93Ay&?+JZbCMcarvps?3|C6R(*jS?Av$7cQYQko9bAqH8X42OTTA7
zyYzlT6e>VUq(XVoKxI70;w(VJK1WPrI>4KAO9_9C7fC0#8hapl;Sjlp3FZjY&{HUW
zwlPV-Fd~s;>^Sy%xGDMb?lxOyj%iN+ZJRAYt5oYNZ9I9HQSNk@n)#&n3!QZ~Yif+r
znb@51Mx{0}b20lAqYTe(q`Dr8F){3i?W5&kIJN=$c^bgYf^ox$0BTlJrxW`!1jwWA
zac6%BE9gfDejHaG$}q^7pZ8;Ekk)Lod!M&e8X`i2GzoSa^<Ah=o!>kSP`O<)lXaCB
zGi+5Wt&&7Aj9t5c>hRUs>yvBo;sJTfP5v>^gCw6G03a>45T7E5u`0S~IrbfL$f<l<
zfuqKuCC$V85-_Xmxx{)`b#4DgZ^^nGP0oK<GE_AxTGoA|kDYhzv8t9c+ukhhnVBq=
zMpB?5m3zm`dF$zKudpv~Gcag%OBQV~Br((3`pndU7k_-_;44$BBjV&bEHX}8o&X-@
zW6QnA2o52@=s`}=zs@`VE9ek87nqh{vypk6{D5m_o6URCR$)+i*Kl2S?+bo@LJxnL
zZ?`3ABFGQXiZ&k?mEk!}1KaMg6g|N<4r6fpuwg&}kU`D|3c&X;zk<~e9pwB600T-K
zLd<=l!}WnjxH{JG!JCvA=GWl}`R;szduy0K2=K$a#!VYB;^6E_9V*(absClW$V3hb
z-^fkvo%-0N^%K+WDoy+ZcWx!MdkB9L_%;4V0BHn{eSKcj7t)~r%5|~ZLwGnJhucIX
z4k4S+4+~FJdl#lUr7qUYVPN%M8b*JvHPNhzkj+7HnUV1h4f@_()K;o^mb}A;EvyBT
zG)6=ilF&PB$$i=#8{uPqb`x7K?LgrZOfgCwSc@X7Kz0GBz$XajfeMKAkdl9Tz$eQM
zey!p>gPXUVp56bsvx<>(9;l_GS{okXSl;;fk~TC?$ZleiwX>;q?0py%pWQR?RE0(^
zv(EAHO7J~E0hdQ}?75#g*r*U1CjDXEh$`^@5Xp?Tu_hb%KAETlQWx|Ux`lcZtHBpC
zqZ7R^+p2X6?>~8S2Iel-#4~?Pl6Dp~cf2Xu$n<~A;~odr-0fJ?zm`CQpAG&U?7S35
zITWCjbf5m|9>kIJevzn?%E0i@M;H_Rz_Lg~IiQ8nNXtlzPUDvj2r1DJp#DBy-oT4@
z!Jf=FO9QdT#~x-rmv=`3&$ZaG)A-lJZFh*doJb-LhxGbu6o8hq3)p|#>=*3vKfUzh
zxfy*Mra$x2Pkl4MZOmlfXWwMo&<2!_MqE2Ra@7&`B763k)hHh2pt|F$0TNz$6F6Hl
zW1spTZ0DBUyNR*l-eN062crySN!}Mg*0M;DHTv${dz(If!#*p=H8#3!N70H(=V)>v
zJEvCzvQE~_raEw~<jjA9!@m<11_kZwt=Ul`#k8_BVRdUK<Phf)d~75Jz24~GI>1!R
z2y~ZdUmj?n9&Y)1#~SuE_HQklDi^FmYfuCVLMwp_3(n14w_(P!7rR##r@R<;>Trmb
z-~3E-YEC_hybP=17Ir%O)=%te-rtuUU{A5<&-C@}N9q4K+}nTSUuWBZ7bfi4X&P}P
z|4%FtVw;A*aVTRD^4r+$tjnnljR}u3l)5<PaE5@s`RJ{U2acnNDQjj9WJsd|uUy@;
zJhhQrKqAD>y`M!{N9Qbl&cH5wxF&>r1RYtnbPwK4A$kXI^7z0f93OG3o_}L3hV-Wb
zzKm1sj3I~eCcS@QC|tzL4t1Q7Onj=YZFNHCmzUO-e0wo1N%M+Y6%DbOy5`xA#hX2;
zM)u&=(i=~A^du|QbP#Az!m7QKmX67EmMm_W{>Ye}e-7kl#U!G4w``uWV!Wfp9P`TT
zb(LFw?^0<J0mDqtrBgn??OPWOzLj|x`#9ew)Jb{!!VG`GQcY{+OJE;~-pkln4oo&B
z6$=gF{8IKxr9Rcu|HF`B@Ipk=jyjYHFoFkf@J|B_93Ma6yJ4LbC*8M1aGdZ9jd~Z|
zaE?xpkNNuAr=Q!j`8YI8s?@8ZOE<Qye6I|Igq`^aO_%qN*KY3Hxvch|q-60ZhH>d<
zc~6&Ln^k{2``M331{@cbg#_&Lgr8D5-W-CI4%2IN;k`c)3qt<P)x|$i#JJ*EBg68H
z;i{3DWc;LLE2>4=iK+Sg5Pm5WO52<Jm+&@^muYkm83$VRj%fp*QR3N_Xjd>I84NFS
z@TPDvz)QjKV*LR9Fn#oLK&3{b!FLU7^kbrP2^W96a${r(?87E-3UBGz>6Q>#ej55$
zge%#Mf^V9%a&@RwrIN;x;riqx3*sTt9IY^90FH(v-HQGfsK$XOcr8nm23TBevAQK*
zA-QVS1cyNyDhYta#TMsW>eZ097ul4i01<~bC@%k~Us@bOfcS&H+wcqMg1CN%{-9Pj
zjZJ@NFGLx}n!$a8hOp~$6N_aAGA|~vJOf3dp!8_B8_=^>)qB0{Q$y;4a>(Q+hc1X=
z%x3*0wgl~;WQ{Vb0G}i5G;#{qkdTXwAOjQA<P^3DJ;#2EV%cdzRQ}WB81E8xDoOdq
zNnwl&N(l@qf<d41+yBj$3vismkh`c|kOzMYd^=nC-}mTf9lM|1KM9@Ww|POuyywWb
zpnLFJwty#LcXGR6Fdt9S{|QgW7F1$yKXUMEs*gHJIEW00c!st>Ah!1Syox}s9G?0?
zZo~!RI5e00d=$<FxwM}wT(5U$OkNlh_vTmC6<LgdOf)cwr}iuul@=ulQig?x$kTs2
zTkNT5hq*kjD!FvUbg^pLv=R2a`BnP9me^Qxs@0KXsoE5$$xT?v{$_caOc<J;yghF#
znwYLKPf017Opt^9kpExcZ-9IRXF~V(Q2-I&(qLqqVzJ_$TNI$Ql{?qJw}0*N(TA$S
zv=LG9A|$mqr>9JK;)y1g%S8U`!gqh~{;;h#HI;hy@gjA&uG4Gs{>kBd<E2wCMuPh%
z3IJj;a0u@eVOu9%Nrclev<Kqf7vvZKJfVu2kCs3F1wv<6ov@qJV#L8ZU1n3pn0<W>
zqdZBd?%7w6;Ljf+(Z(`EqCq}a6I0x<?_mE3YY&!1-rz0pvKzp%Em#&lwo8A2?XG*I
z`IxWd>s(^&hW(Jq*GKdgZ@=;HS9;2UM0G+a5?jJ(MWiK|y<-)mHzwBPPdL>vp|v2R
z|LRp#Sa$RYj?(^5_7z5nbzQ$fALVtXl()U{+Yd1wc*m%MIz`BcXwX4{^4?(r$>F1r
zGql0y^Z$sNnpTZpY0=1k`{;k6+uxnr`I>hXI>HZEHM%R7lWEsx&u*MA>${22A8sSz
zo5xaX^vT%|VJ$C*xMl%=9pv2it^C+y>Re8|@$KJfz-KL($Dm|#ryL!QVlpedpTwDR
zRcFrBJli$3CN(KW=`7Z04A$(Zuc%V*;oexYUT?~4AjcP__g$KkXGwpKanaMIQhV$5
z+#;OuXRrm-#~{%(VkA*}Z+A<{1>abm1Uj8xz5?I2oYJ>JFZ6GF`S#(tjgPx~Ox&KA
zVE7X}yDG=OwRicHD+wY>z^B3z<|V&+D6i10p>0u}Z)Z%LIqmWO%PUKQ#V+CGq=XbC
zFK)_98eQ6u?_~d-XiI->dhzUWXVT7_XjI(R+SRXS^96xQbr4@r)Y*GZW=N5VwL%`n
z4-D-b+ts+G+To6fU~&T+HFk||61i&bg5A}*vli?bpF8l7vxc$hGnW=6DHJ^HFz|jU
z^$*ZAH|D<Emv#69X`dLlaKpE%b1H|E2VcVN*F;n{b6L))&Pac$D9D!0X3Dc2L6j!X
zW}j9pPbpwiGjy_uFpXNCC_)nc25-ZH{HnU_W9-FhFhCq(g^xmc+b1O^m9tTktQx&u
z8kAf`W%#rbG%y|1Pzd-1;~4S2y|%m9xZQU*%K@9X__Vb6`1G_TDtit)VuUp^P#B|*
zGKr9kzX5lo$H#xCv9woPl>*?^>ElrSHnUb0rtbtm_&Xo8k-rh3#r+4gVZKk{d;q8^
zAw4|-=I(uC?}QpVt&SAe(-Bt1J<uDu?)ZdsRy)vg`&O<_=Li*6Gu4~PbvqJh4m={n
z5V?c^tsX23tXX);<koVbP|9hZb7;d04V@G?JohAoF)4rlvN$AwHlPh-r{~<h-4JWj
zt1{UUhDa0pH<h)FwHD~)!C@k;S{^S(;rtB)ogd^$LPBKGq*hB>)BeDIxR6d11?lxj
zE>${FEBm|J<OrnKi-VQ)7%F#9VWb$u0=U8&L52aYa?WapOJWF<g{q`NHY>}j7HJ~X
zCNUE8H}rq!R3%4qT&J>k6><{hs21432CK0b_Z@{Pe?bxbbaD<rC{*5qdAC_OOhfMz
zj}wh<l33cDRg2`U8%joY(TdO@cLtj-O{0}Tyhvk}tG$#Y<*5a%y)-45Pn*l#t_q9F
zUc#njIn<mGjbTWZKz`K}W{7W^Jinx5T<RirZk2yl0Sc=O*NI1?HJ#RMS5a^RTf%8E
zaBM8J*|Vd~9#%fy9jVtxrj0|Bc9?y_2D(GQ@_q!mo&MG97wryjEe>nE$6hBY*|(*n
zL#q%4+jH48X|^+nms2)xZm<ZWEi15t&H1tZ`btSv`XaWcTBG7DF035QTimsbjh?88
z2E2a?n^5JUBDK!~h<v=N0#;$z<0FTE2h@K8sl>ilCh>bUlK9<{_POsYeP==I;%gPI
z_S`+o>X%F{q)zT$b#mcA@1eC%FZpR+PS);4Z?K>4edULBQ?P~o#1>P}!~8}ZMN*7Y
ze)j;0gJK+#pi?o-$?$zV@Sm-7r*BAYDBOQozNW5gb?32Sx5=SQDPgrLk5MWQ*TqCI
zC@D}hy`m{|OkH-3Em2RU%(~uF-?8HTuXin#hgsM!CplyA)<UqoiE5~|MTnNN$7bqM
zYeuzPc&}?zgoImz*<v06m`3|orhAGAc=?xPf>TxxB_29tz@C9>k8l>V4ry|<EMkAc
z>X9qoMY2~?rWjIP%Z*K0oqG>-r`1s>`&()pQ4A9voC12%QU3j#Um`}UjnaD)(FqXO
zrOOvycKZD@c^<If&Wqeb(Z-OrEAKkw`<y^&caNtiNw2GxOXL=tG&DDpO(=*}1@S|5
zYK<`n$*GfXzdgcibmz<BCb1(+ji7%9dIhJ)je9eqeBP*O@D}+2K(=$4-rYkK<=sOc
zyvZwe4h2|x<M1qx+(aAZ)fH4}HIuiz`Qn_)4qC1ZrRk{M4f)me?57sXu7&P0r#M^^
zLY-va*gCD)l5C2z7B=o*{8&to8WpbFFeW8`(x%ju>aItXVIsVXB^&&XOy_@H=Jq1Q
zPC4Xs93-c}_YnpJ3vTXUp!oWAr-{xK8+E;T)|&Xuo^FdWj(3^;eS!BxZDyRQq0u?H
zk!+(CQ;Q7EFfR!j@1-8WUn-(uLDkT-z*M1&_5%}RhfFm>K&3H?*l#Rz7v-0AnWH>K
zD5o|nVR}i*c<K@F2Ya|s>PmlaZtc2W^jMA~5;5Lgy`$Zwq;Ql6QYr9x0P|~rspU>#
ze4Ld^Iql}MkfCG_XHjBwGRhby|KPeZAUHM&B_zpoQS1wG>;;8MBX&@aFb1v8#tO*L
z<Y-Y~STMuz#4!Z}-%xyaVt8Nxr$d9c_-6r{nS&<q0pl_>AE+VV{%3!rqkOPKQ7=&b
z>eZwOqaq!hEsBu^{O+>Mn1bl)IQH$h&)9!5>>s0((*XxwOq9m#{SH07DqSg}7={9`
zD3g1?NBwTC6rWUwP93;Sj`W_V$dS%aoJ)fB{|#_T=5QKPE#Fq7p8>Gu4J~oN7~_4%
zKOW4eNOUre)&(naN{WAC4ajZR+s7@wRaun6j<%?z*$;2cvsl;<^pS?~FP|tLlL1&p
zDI*-=v2AUQYI!u^7!f<`N%pxOJEhmlL`vnvS6`hVjxdsXJzo|*Z*ZW)gS|9Fh(7?H
zj$e}$Cn~|P-~j812l+DK5OiE_vCw~hODqhCO+fLCDI!qCu62K(9Ftb+vC%1}pqN5^
z4tqX~R)s5_fT1zkn9n-U&v7P6U~nkNGJ+Om4a``%I?o*MRD@;L?jfJiSal)cA-)|^
zssnJ7`_B6j&E@1e4=qPDcRWJX1rK}#spb3i>C#A^Nk9?aooLk55@mQWQn7#2Q}HUD
zqnKp|-q)G6t@wWn0<?iwO&;dXHJ$$LjJsbDC>1>XHBh{Tx31Yb?US831yf{Z!Rk7*
zwGCC|m$Z-vmTlFH&#tOpwNVtac?#CNPIQcHq4wev=i$*5YH!=RwXJRI7HTiP;ew;_
z&j)V_)!g?SO1uj;{F@H?SL$e-|63385B@{Zp-T4MuRnhtyh9%R4Z6w`lcKwMuo&mT
z=qmnfYVd1xH9$g!4fO>`e*8FqL060MnlOTDr79pJS8!)P^1DI4a~Mj@FE^utn$n=a
z&``4^E~D5pqGKgFp*cG^I3(Dth|4HT&Yku!zdg>{l%@+6g=Ls+`LoA0J#8?g)@1-~
zK$5>kiA3RP3HG9YS>vWYO$-j+#epJTg?RA*aQQOTjJ}5!HTSKJ=l(-u&roLkO)H}g
z4iN=Q)M8VnCO&mUdu<xkoS5M<xHMs5!oYNkBg)WKIk!HWqm+G>s^GrgN&NLMc=*54
z-rbxP6dW3)P$=Tl%RIU5t59QgSx`_&s6r_Q>fL!AE7@0n<5MPP0Br#Q=?S)?S=Ccd
z=;JNTX*yA8KtN`KtzZt&PY{HV7>~cw<pn~08u#5Ut|KA_o_uwZ5D}~Wb&8lpZ1>lB
z!^ZH57!=^I3y4@`AdZ6Xbr3eV+)%3|+K6Vjmk~3G8Bk^uJwzwhG6J4vK^_0rL;F;2
zgcW*nhz_`aw8U6wYlZh`6W!cXGu)eD^j!FDf{~TbKb>pU5~JWgj~g`;+Uj8@Jie8f
z12fgbI}gH7{V#88A9z2NsN!IE`|;EgF2KMBYq%C7h%#txgx;CZKa*$yC~?0!-U@N)
z{9(|2u<t=0O;o^qmHscO;ct+}|EJ=YKf5LZKuTgv{NEG&UtEXydq{{g@gIVAyefo&
z%n)Fq<xXN^;a3kdA;<#Lxt(3S_nJ-Q!fzfi5q|68Lc}V#5OEwXM4Tqh!tXh_0M7pb
z+kL4|mqDNf6ahDvk=zOsm$&i-N`EFz(lp)Ew9vh@bfdJCE|jhaWordliYy{RQ5F$d
z1_eO{chDJ?#ZesI6GeY6<2vH_oOv?CQ=c=_=Hz|nCWV5`%**|q+_T;D{lD*g+qnsa
zD2fW9)=&(UUsB{QM#s>vC`t#NRAW`G$-E@$m0XHKGoU@MW1xKzJ;A(6QGbjQ+7B*h
zU$Tgbqyi~Q`&Vd-7WA*|j`?E4GK%62Q&hruPgi^A^-JIU1;#ExvGqVlc$y#t*5g52
z(=#x<!mJd10PSN?R`d^bw5O(Ot6}};Vf@vB_7#h$`BWv0B|=*{*gnvuP0IN@JQ@If
zZ!H>HGVIk*=YjrZGENa*_<!^R7Y}}1(iWcmQ-C6X@If8^+FDHRU!tyF@0++-c#Yo=
za|5~g<O6phi``U10Oftt+atVoV`S>n%JsBT6(A@76SsXBrkDOT#is)J5A!WBLF>CS
z2dQp40`X}&fD!WfG($LNraxF$;ZjoMdWzqNi;+dhqF3@M<n?-C;(t+oIma1K;6Slc
zPtc?sr%v+jqE5kbiPKl39n@ABn*}9$+WbOjo8jI()d$aQgkpxmLa{(`-_8=Dabx}i
zJ~}XO6}j`@q(uCBDh2K}P!v#4;(bjS1rDkfN(vJPZHkgX-3Vhk;r&z+%!`9|HO$K(
zcWCQ)OQ>ELFNJy<S$`9DEW*Ej#4lvb(f5Au$I$}MrZD$Ym2j_udlld<g#HR>7lRy<
z>Eqrvp<V>_6v1(-ob<zZDcto?D&d(jz*z&&5gd6iCIPx)xSODeVO;7LH`%dB_(t5F
z2lhfyv6KjULMSzrL>Vb7l||)Hc~k?{M72>P)IsVgvV*X9dVeaFO81WzaHH+MQSaAx
zygIxcchIjpe~hr+cK`JR^$ztDxljyBM0woRjdr0A(T{ZMjjNWsy5V{Pu5TF&Gr*i;
z{?2pq?&E#OkLEY<pW**mkRuotJT3TEm?|6=z9pOp$O~8z@OHr4f#PXbJX}iyp9}mh
z$Q0BWbR<|5Tz?n5KKN2dWQZkXPsk^s;?Ty>M?*ggOAMP8wkho8a3;JZ{Al<^PNFBh
z-=Il;A4m|i8mV=9z0R6pvzTSlNTE=`kh?&wB7LYoRjAJ}wUo|iGh1U-uC_LptF0BC
zS$z1D3$rU)+h&$u{$v=x+g8Ml%!9R0(eE-Z!`dOl0)LR2xw-PKjk)PPkqtS;l~HJo
zxhtwEx1=nFeiyARbL2M6u^L+OTC}DyEvvCLUEKq#CVH<jAM$%B1(iTia*5h%;fjS}
zp;)A9uBas}BVi?MbN!~n&d+{s7;8lO`mx5Xk7a-LkNOSu__O9=q|3se#G+#xkY*iv
z23L`?4u5~T0XL#!xREv>4e>5p>G#lc91pi~;7D5-IXkzcLJkvFmt+?-wAc)D$P=@0
zH$4tdfYl(WKnRyu6d{+%r8-J1qUiCS^denaLs`b$>-ZT|$?r236*S*}68{!|gim)B
zTg^4-2ULXe(f6=cG_2L+TT5cK+2In4XuVEvm4A`7qI=R^df!s03O|FpjqZZxt*1~H
zXk7`n6b{9|#%HmF;3~v>(QlB2l5=a>tQmTpS|#*vF2|Ihdw8J`c0D96#o5qVQa|z(
z-kWMZP%91$5Q<xJ3p+OqKkzxMWJW{uN;;R=B4Vv9z0z}rE<r=@5Gu{yZ_!bdK?Or&
zx_|Oe#qIOm?)G++!QI^M`DFG+Fz620OTdK0kusUZB4w=>GoTY^=m<Q$mfj~Tu1N6M
zG!3OO5$Q_H%n0-Yzh~maDtD?@n^?Stey!ESDm7OLE?DgmSPe9pWvx_%HG^BiMz|w;
zCO|AKZMQJhlYc-%``5KTJX>q~bo+wi^M6Xa@RLZ}Uy!WQ$j}SOxP9S$4~M>fdfw5Q
z8#bT8FGQrc30l_sHM0fQPl1Ltm!7^nFe)T8C|2b+AUSYj1}W>1X>nuz%I2-}wKKlj
za{o)S=PVt?|AFz7RgS_GHcoVYc4_bH^f5K-SejkC{K3$p$DUkLcAwR8boKlALw`qN
zp0OY-;K0)6&EFDhC2{O2KoCTQ!Y(3<7<66Cidj1=w$NiEci)Y_$I^DR1$mi;le^!+
zmr>d~G!ZW42CI1vVwj5T8N&*Ba)Ozso`Nd_4fO%muqq+Sq({3vf3l#am-lYN_~FN!
zatl)Q)$KW{3Hn(}@Im~e!p1Mhcz<K)f%WHC{bg-#YGz8IvM5;;vZC(Pr-<__-=az8
z9O!}kR!xvh*NS>h724a2{Mx~sYxikKyJzuDJpr3Xuki+%O`vf?;G30lS0b-?;$>2p
zP3zuR2eVdrzhUkNYf*tWCcbQHiv-e0`Awq!-4Y0d(~<l!iH=^#_LSJPv44^jmpQZi
z(o5%l*Yi+kUWBW))ddB;JT!QAY5j)Pak40ps=}6DSXHp>*)!|g4$UuIFbPwL*J}k7
zB8Zu%V2@aeI1tuHT@HE;s)sB{=4)8YcFqL#dWK=@FzbjlDtd9w%vLx0MuNU8HmGtv
zixgE#nShS%efu(6H&&S9P=AO5wA$c~eY~uRV~-{!@U>c*C_X|GSoj0Ff(;-Y&`f?9
z?6LxArvr7FoYQ--h8s3zWjSLI@JSDJ2*qMyq|D-PF%O)rTr|2Hf9a`ebtx1@bLlPL
zom;fc^VPPEGfKwBk=<6kaYp0A^gD+9IXm`tuGFeC2bo2K4wbg{v46Sq_eSIoH#aZI
zMxIA-h1q5=*;w1QI~%mG#`_h-vp!BDVl}aB0g+1tp=*~4U=uX3R}mUwHl&N+pilkl
zo_pR;&uh8x$eIt9E&lnjkMYTueutXQJ#e5UT4@qOik5u(!uYb?XI{h~>|L~Z>GHm(
zQSs?>sO9xsjmZN0pnm{a+{MWPq+%gn#qJjYk%3$mA&m^9!T&MfcnDSETVX$R3WGB*
zJW%Fx80fYi9(>`ImhsoN<g9NNNfef&jVopqbkERgmC}XG-8~t4ZD9>Q{mui|_qWA_
z@VpbB*Xe@77e5T{oBzm2Y67vlB*>8d0Vv3BhzSOZSZ$=$K7VINnv72uIBbMGK}SRc
zHQK0HJ1o-aLMpo3B^g;YuYP0J=1lY(oSK-hV1AH7S7_i3>Eag7%Y2xJJs%x@)RQ&*
zparj6WLBPf9@l84VXCNZ=I$1$S`w?pLp#^RM*t$Q4c_B`DAkXMgG8h<%>mn|%W4XZ
zMc=%*DnzZ8Jb%%rmxFjbP9G8?D&C5uuq6Z8hXKbG+nNDS!`V^XP6RXsg4FTo<}pP$
zkxH%iOMwP*e~V8aG@uXklsZh21+@Sj5fdLp=vze;>vyVl{syfJ|9D`}+jTAfaew*(
zo6McArgxS(MS<(^x4X}J&)bU;XhT;`>KhTUX_25Ss(%ZYPT>DMbRK`QMH-1>s!ckr
zmY<-Jl;S^TITxPj+j0V#(c_|kvLpw=2O1-Y1R1$*jZ3$PMM^viLCF51=k_P)wA<xH
zzd`EZ!RQNFkt3D9keaQA7O8u(eRX;(Zn<56zB*om*4%7Oj@_)IBR-9zuK{*YKkdIj
zO)%2e?tg>{uxjr>mLmk~%e-GPKf?OSBnnPjPcYrTf_o)y?`9}RYWm&OY)y1{aOIm@
zPh6?b&8Zdg>@m8WluS7g<WEuY^qhZY`SSzC4V8{qX;6(gMiQGk_kH>UA8pWGK{e2J
z0&U{lESy^fKZ=ALLwDfU4-fggtxv6(+32&bnSWNNC)cHK!57U@MP;74X@dBb8{`mz
zeqNX&YoNs?HRFuib7HkYsnrVNWy!;6V=~^>n{k_vBE#6|1-KdQo^8>|f*H`Sq-8{x
z;0VtT1<YD#F#l>l<eWzU?GCj}lutu*#mQ|;lsbCeUH#h^n$V|MbBFCY*y9KbEI)G4
z?|*fKJwVe&<n+(=5~)GE<$k%zY}0Wum(e0R(YIq$YDwyzzeRce$`5Uri_^jkm5ISL
z45rY@=s%g&fP;<dnp`(cYrmgJ;a!?^cgoFqS}jV*Fa^(Hnip8~TEG|wF=01gWC=#%
z`-C8kFj^`mpnN!q^60_%tq9Zm)oFL3*MIAstZK5a&#lA>iyGrn3Um48lP}RFBPm%l
zL`HShyouesg_DPu&H{4H{mgGPHWjTU8ALTu`zu7CP%0kiX&`+T(yUUigEX42A}P8r
z1VmUxw2qO32Y+byTX-iPf9p}S4`sgGUNtg%?*ez@{LX#+wh%ms-^2I<p8VSd6n~10
zXlMDWkKj-7V~-D;^HKC4pf7k3Xl8(?eGE8^@x?vAf=-LXN?#_zi2bRenod%<TW*Bj
zDx|?jwzq%FibuxA*3;d16A838L+<5A#(u4eqW5@Sq<8Guy_Il@xACt7moiT4h_i&~
z3c*#+ojq73`9{;&B@vIgVmvpVXn)wf{AK+6(*MO*&>lEIIM6P94i7#*f7WRI?me?d
zE9Ql4xHlk2_u{DxG=c;u4eiAJ_+9)rJi_O{vLAnrj~rXN<S|r+ipNhAc@z2{1Mh0e
zaA)5ADY?*}5FtkF&q36*5}5at`h~FUf3I%uci)YQ^A$-pJR6raIqut1wSVIf-HXR=
z6-Uuaqr2wkCSYrmEP>I|z4Tts)0Pc=`yM0~(d+$^$AV;tdzbh!5H2s{E@>nQGI}m8
zQHw28nY&JJq^ITbcII4gQry>L-OHtM`KII7YG>h}FXb<;PfLi&iqL9PCw45_VCfk<
zbGYH!3x&C+jf$A~PzXKQ$A8}$C^4u_Mz(HgPtU!_e~QsWCMMC;M_-TBq&3$R%vtkj
z+u^ICkOE~6;4B5Xg@D|Y{!B@Kr@+kFvs%m#(I_j6bZuR7SC+w(<@4V2H|I9Ub&#Cz
zxMzrsnE2C8YvjqYYIdO^B8@cfm;56@#mHsTz_#Bx`1ePz^LeJ5j(;7jklQ$68vSc^
zl{4DDdfwo^3SFFG7WyF8Q7#V6`|--DdF%UQ^6UBKS~hFg)AQo8%8sW$qLb!ShRd~D
zqfuGw@%-ieXHEHUJwfkT>QEuTAp)y>*6#zjvod%j9p|NeX}e605T_Ib5&zlJtmIm3
zV6myrQAKZ&H7eyIBY$F1NSaKUkWvDKLtN%F6F>57=ZgX%Hx7@BNbmE^rJDvyW8#e=
zV&Zioyk7~g`SUR@!yqJYQ01Z)lEA)m35YL>NhCf9R^c^WMx?-j8}#@T-loNcMYepp
zyu_4_f<DMJnhWyi9qxE(l;P*k)S}EPfWv6CArDL(VtOZc@qcQM77MgmS|6ty^$gPV
z_GML|yC_J=O6AKut7&(0VQi9#_$owB`*4CN=Pbu3m0x=9DJl5@`hpw(luKjo$Dhaw
zY~>zd371FUvu%|H^p-fMsrsiM=ftSy0ItCJ<X5m1pI&IWkvWKH_meqDt5r!fJ8&M_
zyDME05zPmQd4Iph#XJeVNKX3<oVp}D-NYyO;(D<07Vi(t=gfJKWj5p*{_wB0`cCe*
z9=d!dOuv%Z<y@|y7Yl^`EP<YRVpDbRX=Ih>Cl(~f#Oh``^JXu;G`L}(JS-?OG)56`
z?klQp4qEBdv(X0gmfZ`h`c7<X?X@SxMMOyxQWDeM<$snL>x=IyOx}$j%4bE|s8Uzi
zL&#B5W3wC83gVGcyjOV&kgA;06Wj8?6!0MdW6JOa8ecp#PrV;OCzoxVcYNN+rS;{@
z9Q#zlpcD%l69knzEi=<?`a)24k7wkr%bWK8V||*fi}zTKBvwIdJxB1od(_UESx<iX
zVRaVlXn!S~zS}@jYLFAhJopv6|0K$J9=&c#;R$gjKcVoAp;x}_9{p&?33sNmB2XZg
zC#0z|>So%@(i^Ww-MtdU{PwjSC&!x|MU|a-(b1NQ17p{nDMsM43ixybpYeXr3;f8X
ze5=ojr?!G)S8bJWWT)ubnfC+%hD^M)WT^PLo`1TY7kXSh&cKkg!i}YU+9<6l!yr#=
ztmKzZTpEaEl{~iM!TQ{T>wdHQFC!TRD5g&q7n|(4cUxq_BZr<ju9Ix>VPWP1-%`$>
zu|Dp6+fT4W02E=y6!TJMuE!hL>~7DVpQ$Q8z4CHjz32G0cdx0nQgsIFL_fXUU+Zd+
z?SET)aP4b<LelRJA6k(RVQJc@=H70Bb{2wvpW@jL#scSmvD#{}>N9SNn#kR^wF0SJ
zYLTKZB9--?kMpdNn>L{<&yOxI&B@3S@IplLI6b`u^1kJ*QDDa!q)02LH_vyQw!hwz
zX(+U@fwAInX;65Y_2lyTU>g;<nE5?$ntw*+Q00VIshSHc9IM1iWfr?x?u+;2Km!|L
z_kH<tW}$D6nFGi8biv=!(fg6}xpYa?&}*fF#fBVv?o;no-PJRD?XlIDo87JJdY9b0
z;>%NWOS7u0Y}wTY<<f4}vFum(9SBzpFpmtTC)%8yJ8SvQB#n_a=5LsNADf=ukbh>J
z8J)k_y)G^N;KI!pbC;feXlU@ja|LM=*To4|OKqtuS{yGUaxI1&CUfev=zo(&a#fO@
zO{I$vC&W|lIDCCzNarioxEog`CFWqAIXWUDMUhyZ8ZL2SoikdjhqTS}b&acY<3YT$
z&nnbtgltR~IyCHL?QR_08LbM?XnzDsSs(LaZ$<!@zrksPR>O%gn0rq>{e9A{Xn?Y=
zpm|Pyesl9BqYDdj<0FlQ{C=(@KYtE(dK4XYo<>8f<Q=pMs$_NYTNLtu_5^cr;nvlK
zw;gQ!=NjM38?l`u*_q$eoR`<!bV(fj(8%c0oFrW;qD7);IV%W43`%kH`+u792!gyO
zoIRPjsi1XnXGv;-!4M*n2B^j2L~Ufwko<ePFeA?-<YGV($o*blghpb!KLBxu7oo)e
z3W>wO2&K34fA(V+o0^Y)mEF9)`_m24stg>bj7vU~otTT`{KB6c`=B68q0j_qwTxv=
zCw}!plnR6r6(-L`;m%{+mVZo_KX)RgHGoIt%jRyS_}ooNmrpFaAz$XL`J8+au?WFZ
zu#RF9(R?20-|G@FUw<qS{(|JiiuIMvBW(4~>h>iDJ#gkwL`0^<r8FAE@&X*IH-tx;
z6p5_K3S;pc*UZt;I#*qNb9K|^U3hJO2B;WcuV_c(tBTmXJRH;&qkkp1)#<a)_&xa=
zX+jwe>c|stg6OA3oFIJmU<Xc8ZgO%5CVq+c{EV^kIV&PX07q|?iy~5D>Pz)jtoK7(
zSy|Fm<~WQW?B}dO8{L5pF3Dy`aqz-S;Vlrr7D~aZz62OTxxC4rNOLhILay>1yk)*b
zfy?C(9(iw|YvjW#SAV~I$1+nM7Cggfh}VZk>a;P;`PKim<;{B!qr~$UQA$b0*KhaD
zEh&vw<+LI8_&sq_LQRiLc`%VuQ6`99Q<?k?&RD6<J}s7lQOKs=ZGs%oNqJha=g*vO
zpiSwPne_{vXq@v@Z-vWjub*#IXE=2ET?K9U$c&6A$c|X~Jb&i*#3)B+C{63W8Qb>f
zQB};55l7vB|4);1oS>-$G^Kzhj#!44bEY?=n%y#`J6s|wo(e5upUKi^a;(MWr@CuK
zKU`70%CKK0imCEk&CQgmO;OtN<U)r&S2JgRevD@Ss;75&H`?q26Ydtd7P6vPV+r~V
zT6?HRCvh#n|9|yigVPMUPzEt)5U?cO(1odR?muu#<-X|aJIVSpjEi%(7G$~#jMhqF
zP-t9Cl2nO=A*M_$%t;9d(xov+-`~;Z&U2L(@dPqeUi;DyGaVvDG=w0&V}#~c%VJ~r
zoK4kuuhQ=Wb@Qz!8s3eK01#^C#$kr!82-ZyiNW-P;eV=}^#w^;kxHbSTe+>?wJ1KA
zm9Zj~VSjO2PIk{;L*YaBmzOBS5wa-eEIzxf$F5OCC%t)JedVs|<X|(Z9vgEerxlm<
zX3py9KdB85=i;!=`vbj;=iz?w<9?l(%J?|Bka$d9gP;EV^KhN0AS=G+#imhl(8%g%
z3V9xUynn;<T8$~LL-u+{j%pYBySnMZO0s4iWHjl_QSP@3zhMb{LDZ*#ej41XL%o%`
z1Tkm5>)zU`(PVutS|v$RXyOtxiIsUY#Ivocp4q<cFj_*)$+NaID_#;)g?{wgw*+kK
z8qk6$!$&&b8zWyb%VpV9P8gv-<2M{ixdB}_iGQO~A0D+D9LSuSnTg+ur9W7&j)C)s
zSQfAC#)pt;oh?C6YqbK~n1`@HiM?0(&jO89LW5B=Q)GNp^wW+ax6)*;dZ~$wzh~;B
zE$E{(jdJr?P`tr}zQ~M^8(R^hvm>d|mV*BgOF!+IML)jJqznVijS$bqJJCQ?SrT#f
z(SLGT88oYB#OO6VfMmVf6Ag&KvY9UcQ5Ml9+0@S!V8eP&k8hmb?RLh8PU!zxLvEi2
zkRCi-m##2*e$I(g*0@cA012Cl$BXXjuQ*gynMMl~83BAIdZw;gZ9ru?y@hlRzH}%>
zPJ?R8B(d3hy4<0XaCt(wMpJfRF-jgU1b>7mLMRFs2~C@9gQ?OuKKO`|Zcc`fZ+#Dl
zP24{HGl|jDe&3Y)-}2kh|KRtE3XJG_dZPK@fHOT8IgD9F_@}OPcTeqtk_>YWLIDBc
zQHn&Hj(%bP43HwNiqb8@<4CdFsZE8g<mWu&DZ`W5b#1P!@_d&rI5;kO7oY-%$$#_%
zstE2ENJI|SaI|2h$oHz>HTfP*?`p5hh*dKZOy|FTJSA4f)Tt{vkVrB4{NT9nzXU?6
znf$|n7YOxU?mrKtjv%A&_19@CfZF7*GgLpd-CyTXiPWUO&Zpv$#$Ojusi=^80<v&3
zWT<JB4Qh2%57h<t3TlWNgfdL6q<<E1JuYZ1hC2CfhyI1!3?qyb0Ihzw&w{=M@cb~f
zgll!dy$fb9gYQn5SqI|-T(6R<g!^)C))4fy!%Brv>xX%_Q_lJ~&na&_nMKue^p^Os
zDJd&ZO@r)B2@<G)-VPWYg7G1$8`e+yf3N({)-_TVYQ?lwd~4iXp_;0Nvr)%Q&g!QA
zTjXWQ|Dx{rVPF?&h~miW_5Y(KWa<w;{u+XQ0elBR8&Tnu7``K^DDw6cF2wy?34vc!
z!MBDYC(Udsn>!5^ayjH&3jH50qQGmHL7)W`mywAD6a_LkFgY@pK@S5Te>FHZF$z9D
z3UhRFWnpa!c%1EgcYISvy6DWDY6AuX##HwLmO%YT!p6o8t6IXAZAn!1V)bTA2??pB
zk=~Z{-bf>jWYZhz+4SCf!e&XY*l&(3z_7XZ?%j9)xbOFJ=1iaY=4<m!@sR-p089s)
z0RdvBevx#&-@Xz6IEqU*f4ahs7!f9m0U$Qw{3%|KBL%A1hXGi$8Rxsa(TLl-Sj^`i
z1)y}TFO>C4SLD<HkhcRctHtkexPSSXwd1zGW6$|<0plX-Fnl@A*ZIS#(Ze0Zr{VnT
z*q<=$Nko_y`Y8a)_uzb0DC%-N`1HMR<MDUn_K$}hqcPwGUAWGQfAdvgPs(xa4P7$<
z5LE#%r#l=?j1HVPybXYEKLCp@5l7gwal!D90L+_#aWcoE$<+8IK#K9@>8S!d?br_-
z@#C5e(_4Okvxv`e3AnS9uLj_K=n0PhIxZs4L~r425kO$#!F`CG;{vddxER;}Oq`jA
zH2HDnOPrt+^R>|9e~<^k2jJ;|!l`Gl1F&L$ECs*fYC!Ql5g-rkZP50b^4RAJIP3(k
z><3Drr}A|Oeh*~(O5vP;8vVchz~g`v!|BhDA_Ps?4`DwS`$gC<#J(2$2JEHSFUG!R
zU;Bf|76L9GpD_MwK7J7h(1V~Cxj=6|{}ax?2zns_`X=@1e<ggtjLVJaXFSFUxIG`=
zh~pDLJ!%CA*Xj7S#KmChzd{e12kOvj&{>G<_!uq*Q!%VMJl;z1F6hp;V{nYq!~j^y
zm*?wozdTQjU<KxLC2R&od>u}gpdUeLzV3U#!uJ8s`GS^VyhuFH09XiSV6B*nrL+tz
z2W_AokDvtue_#j%Kn#q4-1s=)Ww;cG^R=Cz2N-az0}O)%$c~SXe>DEtAG<%$vw!cI
z2IgV60i?ifkb!m34R^q2(GrwI$L)8IVD~<HpO{0m5(C(sO>8Ib&budxPl<6-O|B&`
zA>X3})Cy`Xc8C9gdySq;8|YK$UG!H>E8}N!*qy~(f6BbWBDRG+9J_PbPm0*0WknrD
zPV7!Bx;W2GDfk-p!&ZKF%_^%_NMSW>HJkYwUgI7HQNBi5CR6lB@x#xfrtu#TLXUxR
zeqPLyw~{hx1z9$`1l86oLyfa5aK4pP$d{3|H6`S+u&A_JT308nE-ix8f)<WzSwPvz
z85MGqe^S*eub4qjq?IN<4cE<YYin7$aN*LHwzm0;T|+G`L$1a~i@ArZtmJyk7Cx=v
zs;W4R*}~&EgabFm1zXnY(%KTDwoFzE-R(?+va4<<dTg=0VoKK-$+w(~gRgN*0mfO@
z(26k9h)0?!A((1Kbt|E4B{0&Mh!P|mfYWOffAtHc^>fOXb}g;%;%X`Q{Mgxaqq3vA
zx>dZWwq^A)m9=>xe5$HVS~;^uw5VPs7A>43?Xb1!t7XE**=5Vr8j;i>ThP$C7LUGY
z{0BIOM{ni1%<UVywx*%6maf3Kv?7JPp;5tc`%qwHavsMy`DV2>wKZ?fT~MW5Ja=A`
zf2vYzKm)M4)yhe29gS`6O{(hUre%uN+#)nEqgqzOY39^R7R;n55}u<WN^51+RkGSy
zL*2^3=86T}YQ@U+C1{pTEYU10uW7N!DpgJM)ar%8Mboit7h(Yu7*7I}08n2$OE#;t
z7M4|G@yisj|Lfhz+%<L|RGK$_1J{gQe+6G2ll5JFwVvm1Ev9fUx|`=OR8$k?+$1Wo
zTGUn$6IAl#(M+QfzB+b!hjw0jQ(bdY`P?PSiYi58Ii{<wb@j5=b*+_ktrk(8wj4E}
zh<@yJvZ8*jpt-iGt*LBQt!RN5Gq$l~VCjlAD=OyAN6%o)8?aU~81q`7#2CmLe;Rl$
zmd)PB+`_P}7>hZ~B*YY$&G6y@)^9bqTjrI@H<~)vDCbrvSId^$DiAEG@8D#uxjL?{
zbXJ|BwpLj`dsYL7W?0v)44$Y}jk;GZ?Y1;ZEUmRd30ks#wPN`r^99Y-m1^O<c}>f!
ztD6P$@^cL2c~g?-O<6ToIaw<KfA@|lU`plCiRcZ~GVOX4)0&%4x#$La|1DRai6yWY
zQ$%8lrUMbSUHnX&PzZWrp3Nzz=>zmNG#=2MiI)3S?1I_V%jU^DJ7n{h)y%eYOIudf
zw_9bB!M6I=l}i<KWqr$+=$F^DmoHIPRwx#imo+M?ItI|R1&bG!DDiYHe_1G~60e?F
zwyup^&COq^G|M~I%${u$*R;zj=Pv6UJEc-uH><2pvZz8@U#7*9s43`rC2t>;wR7gk
zr2A2uK$ufv+%aZwk`Q==j~`$&wxiOG9agDqu(f89+QP}La}n9wE7QS}*$rHErL4Ye
zdbOgVj;o(_!&>`eJ3Yr3e=2KM49Mix)>_3<bn+GzbX2MZnETwK>K4($`Ae7cHY;z-
z5QVwQU`{G(%Sy3IKOBw1bEDC*Hzw>FUQOYbcz;5GrU{D&3v;l1P6^52JkCur5^qMw
zz8;uSE3f0)NHnKj(6|5%OrKXdV@BoN>6I#@NN!nPi7h5PytYL+f4@~(FBdc}Yi<%X
z&R<enIekXWVo9Y~CtFb0jyGV4U%}Doc*jA2DHuOI?FcASR+r1*lUX!!!`PP&GhEgi
z82bV?LgUzN@QS_MYp?Me6bJ<4d(ib5>v~@6ml2bh%-h5L+?|8EHn8$ux2o^R0pXIq
z!~0LXxMTxSq0ov}f39s_xUhN6N_`l9ryg2f(d<33xAz3M`rIu-gR)Y*I=n*VUoAFZ
z4&i+T+J=WM!7Cb2mKJo3tR+edN?3d2r5$$lyai1PPCR4p54NK%i+5aQMoslSo|PTz
zTI*&}D7TlBZaCS#{aTDW53d!&<7qC%M!4X5;hwQ5Opa}Zf2X3S_HyQ*%paKxl-`Xg
z6=KU&E-S@GY0kmwQ+_c0$UU!RY}d!AqIpo&vZl3aVe`87#XYJ9W<#-ZwQu>rkpqHd
z)+5Yqhuds$)GQfjs}q@gDs^~3KC7X5Nt<o?g0|q+-c?7tn<WKYkKKnW9v%By9QJO2
zqZ>Aioxmdse|yI6Mo*1B3uU-HzvsF&FVTGaz72c}oS%Tyh*MO7>e62L#@O+BN>L8i
z<HeUK&vQB7Q--xc#*ao2W;=Rs^?S&E^oJkhq4n*(Des@!do8l!o<<D$_yah~Adh1$
zG};kN`|W4~OSEF|BRIYfb>^++9`qvS=`7H=&%#VHf7%CG&k}Up!j|>z?dw|>?u$1F
z1~(53Y#tQsi=l@LSY$FwfZG>qxA<4A@Nd!LxV6>41r)T%iLqqys63u|o7M<<gy(R1
zCAw#|UcY+mvkh;CqR|jcLArD0$}R{8F^lV9%<YcmF@GeF`5e5v1NBTfJy{blK&D(d
z$s|swe}ob~EH#N`lSx?IloYS$xXFaLG|wz=n?0F`j%?F?EjsS(z5*3IH7lC-(ZbK$
zs{Fo!CxO?)3W8U~M*QYi^oClZR#8~XdpCSu+cbYFNg>1(2d7VG5hA9PH&(VcC%uBl
zcXzfdSlW`;B}rMWX#RXo)G%eHNY2flFK%2&f1{bs_96G!UB7g3jgm#hSmO0qelE-f
z^+B_r-oLul9uOg2umkWbJ6h7SUMX3p6*ji_4fM4)R>|9|78}&HcG2qL7KzI&E0ix-
zy1YWS0shiFpqf8VX5u96OXkg*xoBB^qjb^K*-h<B+c&JJD3`5PD^@LAFuQdAlImK~
zf5NHV7%zOjLn|;}m;zVus<&su*Lxqs)Bkvso7i9KFz#3*`CUH5ddjbB4GKQNFBs^A
z4I9>M^lrG|q%CJc1fLjFZFIRd^6_cMoXGdaXA^vyd<w6Qpn4W&@Py;%$}IHK0~^jj
z7yB+nr#S9%U4^c|485r^SvX|fdo3@ye>%Ln7Nb&pGU&kilOLPjuS5IIJk8YdTL!FA
zd9;*`CDi^k7ZuNGtZuAb$JMqiTTmfstFCPmFD$EGGMm#71E{XWD6H*P)iATCOh0Lc
zT)lkRqS6I*vzuBPW}<2JO-=PPYLtyaRqafgVW!QSyRc>^y+keUSTeJ?QnhsKf5(c2
z)UK&hn4;PBRb`82vgNf)X7X5fVyu^9s^{`n5OY=`J9uAJTYBi4+BtwqmMjy^YPK~m
zs%W;gaP~3;n`hKD3x%zXGfNv<1WQ&l&f-<ByS#EH+oW|Wl}^2|Q2?imt!U7wYO1-O
zhPqYCnkufF=R4*b{1x-9_7Bz@e|pj+oC7bhQVq>U;fl2@Dk@j3X?7(`hS;9A#mnnT
zXVkYY<5t2A%Q}T+0=;MXa>uF$|HhV%Dn(aaqgGYJ735QbDV@brsyxIpQM_F{cyL+S
z5i{yq1e1w^r{`&3HhVJdV~5c6Cbrl=mRHVV1$oMK!Un;refmLQI*UOAf2Op0LJP_Z
zBr2=9f?eU+&%tZPUPE&l6xIA5)?%5`%{8?yo(bVGs7$%0TVZRjLzS&-TCFK4=XY4;
zjoeK#=|a(p8j;_sUaWC8H@h{9tp%-yOYjN2eBZpORmeGh3!>mRv~*cnZJBGp?XIbu
zGJnd{%BicgL-3xlRq!6Yf2L+GLF!1dz0Ii4V=uycuu`xXv|#Nntu3paydmbfb<oC~
zYdpw!mLNE0hUI;d&b6w!i<S>Am)ho_(uU<tWy=~DzyY*)g}(0a)Yna_nv&A`<x3W;
zYG;&Ug@SMB1Ol1Ku}ra{r)jCUMxc=`Dw<tY-n6`K#u4Y&s#n$4e|O0%s}vnIbsBXo
zrgkN!b~l#s{0V9c8(cnBI0V&}t{j-vpl+0?21=W{WaW~jb;T%e9_wnGg>zNnvCE;Q
zsav|RxU70EEam0K-!*K@ue*hv9uIHZzyNak{p<GrhWCJwZ-dVY`_@T?a+Zux)-t8t
z1Lj*pZ$F#Z&5!V?e{SqssJ-_?cnz57QGlAqw0mIxYL00j$}p#!Cegr~3!LQkrzR#R
zF9N1kv2p<KVCxsv&nX(vv{g3FVF%_dZEKVb%%9OK4lhTD+WQ;qn7*{BqO`JU-q?+>
zqeU~bvS}_(9ky6qSGuf8yx3~k&%M%px^f8j@&ircT~aXtfB6u`t?w)7`g{!OU)lv6
zF;Ccx4>tIKQ;6+VE7z}RUAMBTYUR4t73)`4K_t>j=g*gFMIx<a{(Om6q;_hTEYUjE
zYL~XDN$Z-hWX;%;mF~A>rH5KF1@-S)G74))@xi8S)uEFfb8iKI>x5<%c3Jr`6b<~a
zD+Xo@HL`Ade`TIupGu9~LOW_{3*$bO*!I1OabC`!YYw1`7y3Wgg6_W(N%4z8ub|P?
z*0@NtqN<`rTsga{aaP%qnmK5Is8Q>LHQmZusotuW&aD^Do-b*fdxf}j$;{~ut)hBq
z^=!O8%vv;O_PptI(d_DZqPF_!rM0R?sj9NHtfqQyf8`9ixV(|q(IOlyLYL<C0qZ?~
z6~c=S+Yp|Kn8rH?tk#l6qU!d>+4D*$AEGX}KtFa@op5fEo+zF<9k%Ovt->_!#<OH@
z{zj#A;s}{vmiJi>xO=i*sVxgIqsHEzP%F58Y&%w~1xv+!7#4rt{S?Du_OH>i;F9}n
zThSRCe;&krR>Pb3{>Ed@Pux#%yFXgXS6*dJq0l-%O0U0qtsez&KO45U*kfhBV9dk!
zXU8RZoaX>Q@n@cfMn(SAsZ<jA-7}mreNnAo;q;1<DT|8d*A~@2yYW19hP}H%UOk<p
zdMRdJ`4B=pOdcAB0-wUriuh9?-k;}>>~rAle`9yTmazz|Yj4-X&CB%@cad-*4wr%l
z@ov5sTifRGD{<I5{y7fUjem{9_4#lk4rTdT8LoX2ha1P=0!mOeZp7i@@jLMjt{Jyc
z<Jzx5GnhSoBo52Q&%j}IK3t6ZHUmvQt;>god^ng7ZTVVzKD{=dUY}2I#9=Fjb0-d~
ze=+1%4CiwkYVhc-7{V?b4(3B!zIH7RjlhUQ8^+;D9F}2dHasF<qR)qheAqkwF%Ad7
zOdJm4l6Cn}*5mL=urZ(JXL$v-n2^MrB<uJq<$M}}5}fM<Q4j-JkN^ST1AdUgd+5c$
z1(x7gg887rp>Tg%Iw>uilvd-E14Mwke^8<>)EY3<2p%DYM~DGWp~Q(tbMQC6INt-p
zIIqE}C@!hOwJDIyL-S%603qxhxXhD>eJH%8xTgoV3E?^yE)U~U9*+PnO@d{(w7pP!
zfWBlt$JcvsoXJC8hW8i6z=G>}9Nqc0JSL8OZyrw%hRToNE?^SIbuQeV$H!BEf9Sw9
z4opobUy{VFy%@$wo>soZTc9z9LmpBZL*V=Sa9OG_wxvLsHxJ*F$Cl@TE0004FnS92
zufi>(7zWQXz7@}xkx7syMv3LAOyz0d@u|vlERd%ogmL9-efh8obm5T4X*f?^auR)!
zJSTf5NqL`~Cga9am(0t3Un?F?f3|=duUXFhyqe4do+iFmx<H?>AcG`s70N@{R~pXu
z3FI~7;Fd1jGP<8X6MRnP^^C{No2M{Qs2#~;@6U5DHHl*$Fq+4U=Xx^VE|G7UDsaGo
zYbWr|<Tc}ef}<0f_g~LK)&AM0#%HAiX;~hQ8~2~!Z9j&R%wrtR)1WQre{BN8kLLN2
zDro$HxzTsf-01tKxxttCFdd=1CQtnR4~$>P->3e;1M?PUUz*Q}aRLE4|JO$OW&mlt
z((vh)&3rY2xHZK4LC6$h{@j}XyU$F+Oar!J{Aio=HXh7aS)%cTGM-ex<*4fQq&;B#
z|FZ`(gT$;G*w2Q4iwk&7f9*L4!qSdt$o<~|1Ax|YFa&MN5em5ebr=9ht^bU}e+SA8
ztRcK|OyBnVF<@lodYt~4|FbrJHXo{%;}a#sgl@JB@Y<>D;a5kkg)f&{3k`AouioF!
zDpgKz2Jn~9e&15sHhmjF`LZ3;&4Bpjk>9t>oPo;#UTya&IwHvbe~xFsw1Y@T6pbi`
zplAjzC3!Z`1wIt!5_^!tDv+E=?Th~-2MVpodin+S6ZVrCpm;W)BkQTli?)$TT1_S?
z3tw}n!>y7<+jz%*GWFTw^~FC<**c}GXjhSFYW<Y0WIfwkyq*1I+MX#}r!Fa8kNuCu
z>x)EFwifLwd7)?*e@^ehV_3*~+#e8I+4GAwO?dL&A`$xuu@#r~5?iNT&3;lOD%w=E
z31b1MVmvaKTFvTMz}!Sxh^>@`?~g}c&qL<Nnu1~dk>ereq4Mww?f^Bkw~zu8^h|wr
z`fK^tPnNuZVfu0Dli1-F%x6>l(**2n(n(LH>!<3b?dIX+f9c@spDcQs@iYDzn5R5e
zQ<s#AN;+6D1JEzfFHG=^`HaUHZRdMoKIyQ_bCZ5y=6aqlyyv+y;ifLZ?n<66-VuN3
z*n(aCzt(~z<1c8zk2rTPc`toTUJH)FTCnF|(1IVQbWM3{%3GL%O;`)wB6qT%V7Y86
zIcCaRQ<KHpf2Ss=Y%O+TIlWapd-{Un?bxlSEYzL}DPkUqc>Uo$F4<MIiLA!ZMPzl!
zkyrzE@s3ur=VQ&>#P&_2u~d86UaSRY6tv(+JU$+qA8X262c$gNVTgIR4_@AFnsAe}
zfGpZww2RjQEJt2OPfp)~VeZ$0qD=?1fI5nLZ>p~3f0&|OJU1q3!2)JMUJEc*Q<J5e
zN?zc#fY*)vT7YK=uLZ<g#9KTb6WnC{Gwu9b$@}%>&Iva)iQSbvUA)5-)c>=~YXSP7
zvjrtD{F}C5`+r~ycH{Y3kLN`F!M0#R+b7wA-hZ|Q%nob|E<a!km>s+=V0KKcXLew>
zV3IAse_B<r1$b;;L-xCW#}=G_h%Ko9V_QJ}N*(o|+5(K#)Ou_Sjycp8FguEN?Y9Ly
zmIYf-Dk|QNZNc_~Yyt1C<mvh^Yyt5<pau6bJ9rwW`~TS%;92;eY5|t}vw0ohZNc_}
zEx0#t3q%Lmg7uSZ!Ft{n(CW#y0LzEB1()yRe*w=Wex^;#UW`RAh36^TJFPg+IWS2J
zCTzj>f3^h&WWJB92Q0uOtFUQ83$PYqEx;7ywcrnJ!LEaB!H&Ew*o2|q`v+PuVGDK@
zYysBXNw#4BiZC&L-WKebIUD!cp7+~%8Sw59Tkr>#pkNCo_6AM>#<t-7O&9hT<MazS
zf4=j8=kt3vP5AN3iMILnd|HiTf1yq7gg>-@z8<&RyJsTa@3$P1pIkPnj_=2hm5;k7
z`O1R7vk?0WzJT*VcwAhlD=+v$`QBZHF?JoGE8lm^B-+%I%3e4yCjWKaem-nDgyyXi
z^^<wHzi;J%{Mca!@Wg5Or!4;0$O8Q-e~bS$vLODH#s3;v?7N}ipOyT!!5xbD3Tbn4
zB7HjEW_CMbu@H`50iZPI420YO%;x`I2V4%JD=Bnkg>Hw??Gbt+LQhiY4G6snp&!3#
zVZbd6B!z*LFq9I8lfrOH7;y?CAz>sUjD>`;lrRw$CWnQ|j4+iDW&#ec(BX><e;va@
zM<OD0BpukNgpQoh>A-JN==9(>j6E*#37t5V5IQje7!418okEw-Cv-*gNM-in<;d{3
zxr5jzokDjuD)czhLQg1<Zj{H^lM;Gx$w)MhdmtqAMtKsvY3#E?p98<xyM?}x&=(Q<
zk|RQ2Iw$mHgnq|Jo=^;zC)Satf7d4rL<>|0ol#*h>=Fhu!eIw~gV=|K!!Dn27^5`o
z!Darqa5x|w9u^LV@EZ{hV_3sUFZO=na9TJ#A{@>NLk^!X<P?T*IE;B2;n^8V<2Q;u
zuFeR<m^)!lLKyaXgkc|k{n$r^;eaqaEDT44;i$hLfN(Y=j5y+XLAddof6U7R_rWrW
zMEt@?LKsO#g^?_NBf_Xl7!3=f$%44zX<;HP#InJ1OGLfG1kR7(7mE;sOgdx2qzk_h
zVbX(NKlVvs(w7%;NSMTUB=L(yj@u@LNnDrWWsez}!jee&gsEX+Dk4lpd38u7uvR36
zsgy7^5*Mb2g_!3V57rW4e<mFfjyUk^5n`E*`h}xWpD>H%jAffk?^Eizd|(C}KpPn3
zlM3CCD5I1q<RaN{$dndGd#$;sLo@92dh9B%d9^I=4U4_XtRTdBefG3R?QmL0QcjJe
z*V!-dMusA)u0YtK^o?Ykv6MaCCDJ7Z6Rsg$)R2q&QjTCcr7;9De?7@;Jgv*xI=f<S
znI_<n8KjPM-$+d3x27!4Xf(VkXE)0fnIX5|Fl0;Xv!R??+96h^`?E%=C>RUGNAv+f
z!tE8O6@lKAO6Hbo6UwkF-LCNTYf|xu-tUxYMl+mKB+96RD!EZ+FlpkB&Ri%Kx226v
z&!|D4O6xtMxIU<le<d;rnXA*TP$y#Y-XMmS)y7g%lU$wc@TENZVY4W!PFpivw7*}H
z5tvjdbC1g1l?X_bNx8tOj-)z+Nu{}e#Mo)~B^;8ZC!+8t;~ANp8xjk8GAUa+>WhWd
z;dIa~N*MgZB9UKVbEHH%i)5r%lk>^LUV+N$%EbG7)ZUEMf2uR9)ftC4V>4;EbfRa(
z7|{A-{VI&BLlSd_1!}L%Cy4Yalim)WNG}*Rqy=fWq1*5FjEsr`_N<fBrZUoqO4M%&
z$1R4e+UfJ#I$Wb1Cr+z_(qT?7OD4NSqXKigT*Tql0i`+?F-S4vBq~izq~sDwN5YjB
zWHqDa{zy=*f9#dY!zQsItM!{Qm>15~0bBpjNYrV}1$$OU5>ly5J(SHj0{Vc{lo=N2
zLt&e&e>fVD#N+|3Ol1-Kwb^heY3Yx~MLk*bkTjM`JGi8w$FESPhvhv|l{!A?k9)gg
zZim=sGY|AQ!qR|qC@xNSt{&#Hk(ALhtW;VY*?7P^e{7I)iBxB=INli<O(sNvjK(A|
z2Rb-gr!*i?b}N#GfIz2I1Y!Z3(jXWd@dOoqtwW+P`K5A?S+3AYBQZhP6cst;IkUqd
zmOCSUlhi7(3s#M~y87j@h?$coB65>HmlDK#60wLV5{rZ+wjPJd-RT?=1zf`pPfTHS
zwyOncf4d^2?1~G*LrSw#7D;=o!CuZLFv)u4X|p)c>+B1tq&bBME0I0uk;XhaaVFe3
zsxaAt>YOjE4}1JtuPUSp>W1w@YPCEf88I3xDS=Yr&L~52le5$3)acYIhmF$-H2$Qg
zQ;;!)1KNNk;tI%OMzblUN_zq#=PI#d$gNH&e|;g9GdHTx^oi1fOwKIOi#+{(5|K!k
zQJ8fhMXzVXk@be15k*L0?o_w~CV6@&HLCK)1eriGBDZ!&&CXEPoCswM5oOL142xXB
zPIbI96u=sXX^cwbCcEFRw+UiONyHfM_2~o3V8G-Kn=~Pjwo4W;^jM<tKsc_CD>9Ds
ze{kBZ5ewXg1Sj&kCGjCaGL^H5GtQ2L+7JzL0k7K54RIM67Dren)yf8ChO|}I+vy8L
z6PZrCL!V4>{^6uK=2Mz`eaeI<qssY1+TeiSYzV62qJY9>$@shhSt#jTC5>l;sa``o
z<QDa(<ymo5)ioIC)vS&?BIa~lBaH}hf5VDQ4C|&wE71me0<pBfClB<673Lm)uc+IX
z>CYq#(gB%Kkco1Rp@4m;FX(dGMs$(Bus3c__J&20m?<Pp4RtHDdWm0W70Z)DLnC@i
zF41oqiX?&>iBk}f+OorvlvJ7Wa$%8PDvG+DE?GPm%ql!`iC)%|jGG1iUYSB2e~ml*
zTBSf_bDFqhr&Hl{7&8ftKBFJfM{VYwbj&JWWz!hrwy-hB#gi$W-X!&yx^k+{XvAo7
zgl$2^usyDqr8_%@ZJL}vk#5I~w)o?+Zm}p5O}d6MQI|d`PV_|l=JY^PAGF2vmQ2v0
za*n2CT|ToY5K+Ykf=;Vkpi~+;e{)8X5|}%a3d5i{nH%y&1*?KerJZw_oZ&>LJklG`
z$K2APxYKNmxy_ES(UOb^f-$kYGZYdiJpoD1uZl^NDd*7YgrRfT@3eNNOkv+>!l{es
z!$zrFDoQ$s3}R)lCn~qPLdirbmCQ&4W~pwNGf8uCQMbYqwsNXOg7bJZe@dM`8B~ip
zHF9q};PR$osz@xV*7x~6oiU{@Y|i$YM*Q-0BJS=S45pmjDVv~2oCx#<L=GpGNm#13
zs06kyc_1^?tx}kMQhB-`+b^r6H?mrpb{my)OHS2mNOOX4OyN!RsFV?--<A!HIMY(4
zC?`#)vOb@-D~iW;hco?df05Y|iR#T}al&d5B?SRaWl8(x(!P{j=7_5^?ooGKq{t2R
z$daCJpHm+bD9rXzcVuwXl@3Ky`Yx3t<4QPlQMJ)C6pt$-0*^(?^=4uTttaO9M*M!4
z#~w^%J?gaC7<cCSB<{}Pq<kor;J938uT`6rYoc5_I4~UVj}FH>f4kM*Y);bKA5S=x
zdY?J$8djPTVNuvC@`@ZIwy<tQrAa6}*5Rz)Gaxc(`a)?>N5tc`jd+|gNi-6S*kYbk
z%sc3hd9CuaCKvHqG-)oQQ<;<!Yzw;tNo?l@T?$1;8C7HgJ<()WB<NHcvw{rfR6NAl
z(qe^Z$j+I2VsS$ze}dN<z1*Bp$^Bf86J>e?c9BADG7sdm0#QT|?+D0yoDo}ml~n7M
zi#<7iPG{D{wC1o<V8~^SL4Cv)=uz9d5~E&kJfh<gF>jAeX3uIkm$}QQxA+G1fq|US
zDOMW|dbQ4KjVPQ_e{?96R0y0Bqh6QOc^pwA7x25dQME!Tf0N6H)ake=8Zc!fc%2%Q
zJFr!7#r+{&P{A2Q-C2`aFSGewa<6mMNV2PE)L?S^60(l0Rv^e~!-1^aylO<%)$3Pe
zq)}Vgl{HJ-N1USeuqWf;Tqd_jVeJ?Zm=)PrPVE;dd&EkSYt*jk5M&}czeK5s$op-a
zAZ{4RnB^h2f5)FR3+!T1*c#HA1Ic)oK_GW}Bc7~#)HtM0qz!SgmvaWRUZ1}=A{$N^
zjB>BFJ>bN+r9D2mC=nag1_E7z9>-{mvkUB;CK1cYM_mzFR?wvpxioG;GGkU~9eSn7
z5y@!1!H|<PWEJM9!Yz$)p6qB=rFVrDj-I4Lq#QOXe^sHVvm<LXDI#8-R3+$2gzVXH
z%oNsht}Y{&G{=KFjJ<VG96=YaorDlVumHh=dkF3hAz1L>!5xAJ7MGm>!QI_GxVtYd
z8{8$hLlzcUV7a{SmG9pFzN)S2o$k{;Q`0pwb^7%AJ=R?1hZ>O{UOdkB0|ZI7y<Dq*
zV%C#FZm<jurfB!y47T@#G#Z_N;CkkK4>8?IUqg1hIz|YtKWdpQU1sk7C}-x(3xT|Q
zb5J6_I-UQn!2X+Co@z%ScZ`c07Be1agDAj7C6|(D5-;&i&fC|fL#<3%=03MxaFD*w
z!(cMp*-Iy3nqFfr!LB=czI?J?knLRHZW;mk{wY!J*Y+HRGV3{d+*|>B5~sOlhEP$=
zPJ*GT!wlQ(Xodk85K0++qbTX`vG-fQh*5xM(=OjS{)5G_0c&`F$Dz4Q&^(Ft*S`Q~
zNS@bfNd-6YB&u(2#C*<`l)0(if@t}<i!|3r#-|FN!D-Plb+@w5#@Cnq@R6$@Q^$SY
zZ81jBiZ@47q2+W(*ex$66?>PnTtKTfW~Ky<%gUu6auvO&0%#28sE)AQLfa+Us0gd?
zrbJasdw9A{5TK%866PG&U-CjVnIwR2=08`q>ZcTeOQkj6l+q@u`RAD?EnEdPlbxhu
zV!v$bMCxWYGDV=<f3mNM{3wNj>s@J3xv7EF_(sc*>iVLNtKd&s1^8)g>Q9=ad<8=i
zH-jSW5{KdO16wQ=mCE<K;Frq9v32lo+lN1;P3m4st%1+JOf4pJdht3{apV30g3!)|
zs7CtR$q!3fgpaWI@7?ykPb8{Z=o<z?GF{DAV+(q>Cr9pD?R4_h2M-G7>@=n;lwDjy
z1lpnVs3NrbR2+F11^-HdLM9Ww9Qf0I)7B0&2vyEzv%>*3ckqQ=*JRfG;>?Tbe=!lm
zhp+TeppbV&u5K+i>t`k@Ma`f$pq^JQz0Gy!EEg|jPUJZ=U~ENaO+NMm+kURkS|&c}
z<sQ#Lert}D&Dnf(So_p3u0Mg-3y9cnl>wl?uETuILe|IbmLeow&GQ>^%hO@y^DAs$
zbX)t2ehKE+eY~#;5n{V`VJ3fWrFEKU-XO2X7yso>(+|6)f|2xxw~I;i48RuV73@1u
z&uZ?jTN{@_XS)}{)Rr%68CHd7OwsSU5M|98RE;~jd`kSUEdbq*wu}_c;D7i_`xlf4
zEC^629GY=~q_Sb=c>XTR`04|N&m95m<-O-+g5|{HmpD-#6&~nuhyE}RZy5q8y2e8*
zF37`0BXL;TRgyw^@8nV#7(X$w|5NVf$|NiDSDz+n;LgJl8Zv$e9k}eEj;1I4Y7T#s
zTp?ckW1qhAi&PFqTl_?`l>K`(DHkWlxkCOyR~j?rw`3Gb109=&?JCY8rp{*3!emWu
z(J3rmfqc1G>0Uu7a_UBGW|JTForJ{<F_~#6G{Y2&ghvHeX=!{h0jOxe=fAjnQr5N;
z=@fW$=DH$-({F-j68qiga^Bd`$^}!|T{Q;3)RJAw41bfLW4k~FN05(HhOlPfO9zOR
zP0~iEO3Q~*opgIyQ@Tklal^pY6EmgZAEd8v^K%SN=G@;Lr)u_1u(3BzrYa7Y#ir8;
zIn9iqZth<F{6KR-0#tZ08Ge>ERkonBzW$|Y&}mm?^@+OIYD5FDk;=s_7FqkUz*o@!
z6y>ID#8}V@duQm!yU(?+_M)9~Y#T3s_{)pwQ`Nz0)>+Sb>WU}9Mbi8H)Ug~7jkDLn
zqM07zv|+@GeJ`~2$r`QDP}YncMerw$_2^@lF*ggSX*Z4y8-UMQxK=ah;~`(nD4bB~
z-?WX9CAk;M9xHp&(Yji~{T!r6s2bARxf<4%DU`jpbTo^#jj;#m*O16x+6=qL2h^!r
zl-O36A5|G>DQb!}#T=FK`Ge5}VnHb&=_M4034f@cOe|v_>0}s}NgF@z6r$b~bq&4L
zxoq1lTp(561(4D3vg$7QHyoMuT-i9*DslnayH%rBN(zsQ_)<)pu2MM|<gr#F!_5`>
z{>+|^sgAGAWn|_}I9qZ;ns0!?^H{Aj!bQ})48cyJ<bn6*Bf7LBzqE3ozh25oeqUHS
zgZ7Jbs;VlB9@cvF@=02Kd#j32O4EFiDO>dRLqo>o&v~GH%y?|}uiVF*HVi+_teFym
zgKC;oKFnZLbV(XMx-Wmn$t%^FrA{Uyrg=i9QK+ShxDRW730et+Hw7xQkwpK6s}bTA
z+zQ9MCEBDjksc5~ej_X?6#4VQCQc%`mbrxMmVTJR@pGw;Xt_&B!H7N=YqxF9v|t*K
z+pB4&Xgzx%Ik5NU<;bF_L_<%WtC+Xj;#j6SLSL^Jv}VNXc(xSW>BVewH&G2C{5B2T
zG+j7Oe0^NFYHz+TE7IiV+jkpf&NkZn=$)?53O=5!W5ZmjsW9XSe2A+#X$MCi<X&W@
z$B|_3EJSEIIL?P#B<1nJlb5^Nt~zYng0pmhj$;7Z@z#C*k@d901S#~7+laze`<ay#
zczk(+q^p*|a<+Fo!|GtItrKzCTk3ywN14vm$P=qxzzfwtRk2(AF_~ctEV}lz4T^EB
zmWg(F-Y*gjS>l^d;dJ?m6^r{5*9Rh0eDqr{5Ieb>l;Eq3$KgI<<;UBH_nz6gHV22(
z;(%DEqaHl3lW<vuAN+3?dcEF$f;@!J%ksuHvJ2zyX=~IYS4x2&Rmez;Y|ljxTTO#&
zg(e?H;`<G*6V#Ils2An_Sd#zK8+EbrgPQ&0LwTE#D8KW<QW3t2=-xc}QFD^XvT^vF
z=kA4ehS%ct*i&>$)O}o2yBwrnzq1<*tP7eUKmkUF*FG&5#67g^O-4=wqe?)_>0igH
z7SCa6kn&>=x$pHN?;Z&haekAmJob|Ch~iDzuG=Vkptes<%{C;yEB!XkbG*%HARss!
zIgN<5wW3I+qDyXf5IilF&342~T(0!W`L&9_+;LtK9)MwpW$3dr%nv-Qpe_Tun#dyI
zt()Y|zw)VVtwla<SNTvZ-m0t1&i3=GBQHWyHo>EDN1w2(>u~8F#pQd(N*qmJ=d)XS
z(W6I-4?dw^o89uCe;WgWH4{|!0M}Pvkr?a(|KNDar#pHCQ{p>%&%1Y*6HeJF`ws3O
zlZKMnhx({74t#%r(_Mhb>{MXtBgcVw*tr?LfXZK7;%?K3u%34u1d1s1#zHB6f1xky
zy6xP^Q&2{F^f_?G2CIqurE^|r_<wX`EqUIMgFO@Q>d$M!0QwyC*FWE~ppO209pd-$
ziy!8Y--{ogQXfw}1;4*yHAel8YHv*c9gRE(-^I_N`pxCD|IIP=2Mmp0SXRHk^aC3|
zM=^ej`JB1>x$rlXIe%AU(S>JxyImA+J6&|}-L4_bpH#%JsNYTi5~L{q?ui<iVqTGO
zypWL~-0n8n_)(2c_B`rkdXMVH_aB%7gk)$@XnNh~8&W^;1V}PoH2SOeSZ}!ecqM?J
zfjaSO?<c6obHnGHs2U6S-&9lj4YeO6&1Cw|D_?5+mG$s$=>8yYrdWB_81P?y=?{!%
zg5zgRPvFx3VoMj$PhVaCe98px@!bHQKl6Ai@{;0J^iSCyvkj+e43XzqFID`Cd$>1r
z&dEHUG_szcn=je@l6#mpG@sa-<n7PbUOM_UJ;5^#fO85DN}p$9FDd<^dl)y=&q;2`
ze4cl{H1b>BINPv2$Eim1LFq(Y_dDys*^oWQf8z7K0Hb#Kt@jvmyc(c>Jow=Ml8zeH
zdgv1&VUMW*s&e48F?t5JRkxY|{)B&>2}uUZ=wE#SoQYtJjnB=mwYufMp_Z9ol?S?3
zQ}A`mGy}wJeo9}T1^!^te<l4Dlm6=)i?7%OF#+-={x;2Ie0_w?FB*IKn(-R@uouwV
zjQRCZy>njK<YFJ@K7Vh*&LhFCk9B7(Uf=y(;B{~g!BP%+rJwCzp=Jt)pQO1cLb({N
zxoBRwI0%zxul{mi_HaaWe~9Q2Q0%5t?BN;f#ua!2)N!EU1O)dfoxk>=TfvO>m+dp#
zs5uw#5LtPl@{_SQeq;FjT{A(}8<l|KKJJawa~2Oi5wt7}Xuw`ySGWE73lHk{*M^u+
zH@A0mW9R&h2Yve+L#!&l`QD=q`1z}5^0n8F{``G<8x=p$+OgKK&wjf1wrwc?hggav
zSi?920<Qc1A4q9*pTRl$4V}*$F|2GqXz$*}#ku1->J5z#dMBolUsdn?#?d*}4TBFx
zC)U%X^j>e=ouk}P-@gW9iu+~vLO1r#F>dJZ-<$>k!A5;Rx9B<P4eLEN7zg+%-kZGv
zJtw+hzQ;mhU-xnfL_PC=4N$*`4f)Jt`Zhf5D`%R2QJ!_lOC?$EuS{v7mbr^1nBx*V
z-`UcFck@xdQ|tcv_?7<m=h>21vw1=q(eJ;~>P95xFwlMaT>p+$l7>zOk4~D4PWBCi
znqG~XS2rq66+_ogSCv#ZbV(KMP|Bc$^a+IeC7}LG@a53Yh!UdI7?KJJ8Q&60oj=ds
zOGyre*$qX_<urUJ*Nx`Oi5&9F7z$h&3TPh+zR6yEImz)Rmm@6aLs+hWd=8y_F3(5~
zE>BqPhu~yeu~*lC^0OCsAylv9a$ctyzfSr<6Bfz@(J+0l`dN|D@@*kR(Ug!g{R8dp
z+Z~9$DFtWtw@)l|gt!D!^s3St_`FiAs<JcqSW>h#Dc?Tx;J*0$g@rx|m*%tLm)A_x
zwA;V@H(t}{(#$}d^HRT4YrU<IBCU!0&L|Y3oEN^&poJ^?D+u_5C-hl`_%-dMLdt9I
znzVgd1Ud%iCrmuaUy0SYZl+i@N#A748TsClqNDw#)Blxz{?@Qp_9pZhE?rRQTU-Vj
zse}+*CmIR5(08#6T#(nC^5&srPQ*?EHK79j0&xq9WYT0xWRheGWU^!`cGSvL%5=&!
z$_&cXjd;a)#kj=)zSUbRJS$u){Jkgr^*!7@e1N(Um*_1K9uY1Pe)8L7yky*DeC@Z|
zc-pwy`15b)@#b;o@%i5_hmwY-hopz<h3JKnL+l|Z5OPQ+!~mka>99$$Sq15U_(C2a
zD3Ab%B%}{Q3(1F=LAD@lo9LTzn@pS5n<Se$n}VC3n}8z(0}>8VfQ&+zA!QI-$Pt7T
zlKvFBTZRZj+92MLI|v#i7$OT9gfK#iAy$w*2oWS1q78A_JcG<b#6v_O{E#MyJLDRI
z1Br&HK%fwINEO5pat1LpjUZ-xjxHyKM<=I7r^H34Kp5M<{m%KLU?dB5aXj~snlpnS
z5T2ow6bl-1c4iZd&QM{aB8m$idQ%%$PE$7gzBZ|x_GtK3ZLGc`8+H1Z=S+0Taid>w
znHcB`5)xva)g+t?;xuAyoCOyZ8)KM<v}z;u<r@FP{#=xHi!U3ZP?NNgBQIsdDu_L%
zS1L%=SGtOQC<r8@LK~)@l7FI%wgl+|3YE0;@uWkM1pzK`Y*R{JU)T?5AIyJZ#`T$p
zV8-Ke$qx((q*BG3hbhLBIR7G}uQQJli4e(Hk)n{GkaJ*&rio^Ve)2b>X`>mNVi;o>
z;}~NZ<BMbThSi6sho*<Qhq#C9hU$hvL!jY{p^M?JnB^giA&lYhq3~gaA%$UJbZB&#
zd5C$qY^ZG5cF1=4Xy|B|bm(L|a$9M8e4BN<VjCOA2XljA!<1oc&WxV?o;bJKFhiIa
z3=De?lYmjfOklV$RTwAC$(iW(<t^RqyIY=H%v+XQvRjc`ei$lD8b%MZfDynnVZ1O`
z7#2(k#`+(8D9ivR3iAbEC@@JFEzAst4^xM6!$2?$m;#L1ng7=P2@FcPP4U0rpx!Vv
zm@JGDW(6aHX~Xzo?#}FjGEwS3{om!i4lDQ&Rzw_D7*=9x^M*GuO(yZ{bSa4j6K{N)
z^mx%oiJ*ocZ*rRKcroEuj8bV0R82We)maTJO@&!iIPfH&_Jy@5>8n!0Pdqh+Qj3HT
zJas&I`QZ<Og*gK9a-|=58!~K)bV~>{m}g}w3YJQ-f5#u@wU%mX;1uT8CqzxDzZ&@h
zS7R7atSCa1fJZ)KeGQm-Yf)&Ikf|$KQ8=f1REjktGa@0#M6^>Rl8_8j1%Ld6T59r9
zDzNl5K_OtOks<$8?xS>JDJJjdNHv|0vg9)4%Jz9tIZ*|C>awb`>Vsbg)dp1u)%8m7
zOYlqMOX5q_ODbkcXRK!qW=LjIXLM#3X9Q<jW;|zZXN*ehXHaJXXQXHPXXs}NXDnuR
zW(Z~yXEbMKXLx5CW?X0BGgvcjhcbr@hn9zghgyIQnk%WRuq&D?qbpHEd~14ZFoM~Y
z-IdZ+9R3VW1%C_YfWL-+fD^+78p6H&z2dyWywbdaypp`4ys{9a@E33zI3An}{s#UL
z{vIv_e+6fN6T<nPROZ;=6mT*4b2v2|7tRSshcm%R;DT^eI6a)8AsrzM=Y`|g;J^Va
zI4hhSE(%A1)57uL+;9vyGn^DI+>rb}f57^a<on5&N>lHYrZLB-q+K|lXwC8}`3n07
zmzb>yS#r=kt7(f%vet|&1!(@>G{%15B~7b;WkK1#O>0nP;nBWVtDi#w(X_%ogYGAc
zgThNLU8!(ubk;(P`V6f<WEBOP^+1}TGXFH|<(t+-hkWg+6Bo2qIrquc%a5(WbANPo
zWsj^;><hfD@$HMWr+r<-?Q_xgCA>l!r}&nXt8(Y3j`rb~ue@kaax&|~-KHs)6z;x@
zljj6na**fsx%`Tn;uKP5+^5UTn|2AJ$dx@{$;`*e$0_EYl>H++m41-FpAQ_E?VBBJ
z?Qb2hUZP)yUdmk#KVh`B5E=*`gbM-_p@?8X*dfRe`Unw(4}$%Y5Ag!=`3aqEioipt
zA-E9Eh&Kp%#7Be;;ypqaA%yTkyz&zErS--4<@Uw!W$p;*jO@(p4CsvS3}2I5S6Y{R
zOzceVjPA?^{{+W?L%=`^_!l?<90AT)lNOf{mlKy3R}z;LR}hyKS9y#C`+;M@q2N?-
zAUF{m3C;uufaAg8;B;^>I2jxb&PM)3#vntGDac>Q1Y`s<1L=>9Lx!y>J!T@)kZ2vj
z$RK1AG76c6^h3rXLy@V-Kx85^5}CQC5IwntX-pMB4ER%%gyoV1nWWMbrKI*MS`=~8
zkGWXBQXd&Jx8$r#<+8+9pBS^)<-ABm9s6vFtKOr*rK!lP-Z#VLswg_$&BGO*O0S4d
zYy4|W&60%H6cX_(mWxYf;sbG%D%VGuaTcqzR6<MC>5+O)=2W+$fCKZ^6bDO!>Avs8
ztode_5r7{jS4TuBCwEz@SW$Kj2g(=~H{=@$shQOrhi$6sn3p9=U91y_@<4wx3C@;<
zPee94hlFJcI;ROkuT&~Az7?KgoE)b$Ltg|(zGBiaXE0|lcX|qK3T^86nCjT%80T2c
znA6z5F~Z%KyHdM!yXL#^ESW(cLGM9ApjRLU5I_jx17U;MKolUc3nEKW&~p$q2p7Z&
zLI*K{NI-%hR1iIg0K^Nz0<nU~L82g(y3Cf?me7{emcW+8#h#Ucm5G&}mEo2CWAjtX
zQxoLK%IM1A3RI+9WJm-eGA7b1G9oe{GI4C0Wt?T6WtwG~Ws+r)WtL@y9BA)u9|GDT
z?PKk|?IZ02?Gx=i?ZfT;?c?oz?W663?NFa?pCKQJ&zMiI&xp@}&xB8p&#+Jbu_bcC
zXZ${3vCpT^XVhoV2YTOqKXebdAG`0pAGsg6pE$M{NO2;pj*({RiDT)XV(F{3!_^y8
zHYu*1Uchq`5)NRsu&S+FShOP%27+0w_G&K{ZjWEMQMZLu7&9+^Y)q>#v0W5u%(6Eo
zUF<)`YYZi*{_Muo7C}&Bs?{s6L&9uDz%uwzhoH<dxo-R^XyI>fvAmFIC%oL_R%>9#
z-xhXa!dsp+TjMp?{eIDK4wAMwYe%^Z)m?b*7DH}YQ6AY)XS>jFEaWEI#_G2^B=n8(
z$aJ+l7+xzj2Yt0bB|H|iz(Hz~Zx<0+ht4-#w7`>YBD<i<H@e&8FZ=5CbHD@lgTHi1
z$OoG65}MW!Ce!e+u(0r=cS@{jS{iCR9p7bef%(fHvyfGSGm`GdYqe(@3xm~rz_dH>
zmGCpHFQ1+fej+2S;YWFMiQ={C9v+D1Hw^8(<3LVe?B2!RraY=Jy8KP9z7ubI3E7o<
z%eH#WD$e$Iba`OVu?Ja+HUJE|6AJBkU+l?cWa#Al?7B9^cvo)>P+y&yKHC4iZWMXN
z4P#~eki&_JnTs+5eD3$Ve=d(*WI@T>Zg%sCs1_f5Ji`!UK{DEuK1M8wklzV>-kIKh
z&UO#RiE`h(F&vBZW&mwHlkJ9U0xar`DL3@{=nL780INFJ8N+lSHc*JM<+UvScleQr
zO$n)m`BS?L`OPgjz&8!;$LJ%|V(g>eF~jt^k@cp1%JsEL8q({75?aX;fH6v_d#}(`
zofFX&Xptp!Nl2*i=!tQ+$9kOIR1K{4BL9CL;5^wq-m@N4ianyW>G%l#CqMZE8Yc$_
zk03W!vTDIgswcv=!2g?^eC&(nLDqkZoUlvA<m(_Y3y8#e!LnTYW?U=TZZwXiMa@4v
zY{yXJ_~qNoKMJ4a_NkwL#`9ty`1JGZ=kL@r&vNN5DMg7lACHAWAp0}BBRZ%E)JPaQ
z;d8y(1Ui#zYP%SpxbuC*iD@RRr8AHNECo%PskGU{l!GMLOqR@c*;CtAh(&G)`-pFG
zuDrBB(<`&Pvb$M9PG6Y4Me8m8rCFjZQ}^je>!$Cr{V?)6(`3N5th&%k?OhSRlfP<>
z?Vwm|HFurA!Xc5Zo?j;!2x%f@PZv+76#qES(fDXOyi&P?d>`OPZ6NWekfsF%GShqo
zEFQ8Qh;=ZMSo9X*#rN8P3Gogksm|4TAt;$AR_IRa3R%((zOB_P<6pCnu&65YpD){G
zJ#O9jT_r=J6OTqR*XCKKJz*fl#_z!KDvHhQjB=^xe6j5q%<8>LzHzj1vs*ns|LW!i
zT@Uiw>hxxV5e4TV%{*Nar9S#;ajJ&x`#OzMc;x;rsm7OMV$i+}V@ZD6!uZ)69&oY-
zT|1O7zEfg?+paI~dYXITsLn%S&3OInj_xR>qPfx`jMHhmB$D)?_<7KR3YF3G$*)wx
zGzRPsdXIBm504$gW!g`F;Ew-2hCAxoJzVc1D}bYQMALr@;D43>Efm%e4?F*ND}vv*
z5m}>i_T)m4l;6}Yi2Y17PN!LG#4_9d(22iJWwiEdH7A>NyNtAkbmHOF?XLZCP*=1B
zvW?NL?@Z&L@Bcmc|2gIVS82~|_q4lajRVURRRn6kc=QwvnKZ2@4UcRYkiWuijC6l_
zKm8}4el%X}S<!ywR~9OWhyS1bHkodVr<q|l8nZb2<B37UZp^w|dhDP*>0qw+XTnHV
ztkG+{pcb~dvZz_edcjOY)G(_Zkt%HF<?3r~?W*Hst2DZ;qpqzP#jMX~4~!MaO@rEW
zEqCTvN)5RIJBO{~!V@gGg#}jsg%)c`>6ig;VZG@{K@E3u)OZ=mDwk-NN6(mrt<Z&V
znI(Ig#`HHsebu(_{VAO4NwX|AsY&a)8PhS^Vjw%!gE8I~^8V?0HrCTL@eY@r`$bJb
zP*~ZB47B9i;-Z>Pm)rP0Ffl-%D4hu}q~Frhu1aZf(b~F4?XR=koyZVrYp7&(S6fSn
znrpR=440kftIX&-XRS&RwH~Ow-_e{N*x4!1&~5%Mvo@19nW#{dlvHI<S6!FiZ06=5
zr{KG~eOqUx6;WxFxLi|Wtu%Rmm=|@hQ#c-OIiK*Z^0&3Fpu=T7kd!ttx2TjT2og@(
z(css1A5Rf>v^(vs4N7Fb02NJCeMl7pkKYdqj_O)fjTq@Qm9U5d6B#2(LH<R7wu6Mb
zk!7qEN5rclmDK`_?gQJE?WqK;k>rA|3Pc)}It?sUxj)pv<0G?yCv}A5W$fQFn`%p%
zeRL(jedT$)WzL7dGJ~s|a@EI_HL=1X@XC^B;b>VgFZ<ZRcT#>wIZ5Ba{l?xf`aq0U
zLM_%0CJzb9%zE+j3j!_9_DTlIwuWHof4|%1Y>N{2>gNgecv<X6*{v%K*S=MYumcX#
z>Jk?Vzb6WB$9^ETr!2N?<#)%df9q+e&dhRkmN*~#dumz$3K)b*EZHKi){+L+s|#||
zZ;B(?ne@0DKwzcerP>|T7B~nb!#}6h$g>l5ls4Z`<Y^&c_z)LpE8E0FRPXMh(V%41
zW;(KT_4_L9_Z&(16QGQU?fvRhb927wK)LmFIw4f2z14LoFGv&Anx^YKuWYa)U<M1*
zWVWo=BxC`qzKK=&u0-^2rE6=Ir|Ey=a&(eY?}w$%-YURsFkr<EY!zi}Cn<^Ro!@m=
zmy!_ev#f=hSeg~LnfVuQmTiloSxJ+%7eu;RZFEnYdna@%;?v}RTQ)Y%B`F(mH&{El
z$~pNetj$~vZw)pyX(Z29R66|5T#K3J67Tx43!4K3!}Ze2<`Oitn_LqVnJTPHPsy6f
z%RMyB$nONBDo-**J39*N+s)@9<dn(|FWR)mS<7rlvZr;q86A;oSLv+TS_?^f>H?n9
zU<+FiGNWc%3tGyYt*55P?*LChEh~b4C&`>wo#b>oIi9uEwfQ|dKas6A%~#gZSm&eW
zsQ{c__BQU$=BFoBl(Ml6rKhSJ=qzeBIxEhXulOU{M_`+p;d_y`h6(eN)gE&Z|CB70
z$ZrWw6r79L*>!k|JB;n69ekIYgKjf<Pi*Jk@j<iFjGhv}(poK8J?Sl6cckq#8*G0&
zE3|&Jgz9GKX^K?%9=DHN&C+9`D#+_vxdRm?nTA}Qjrk2Fb}pwGEu+6-GF3K}8GLTX
zas3tX1JPNv<z`?7+1VFvl`Q&v++7ux@=B_=wIc}Wz`)3hw1Fngit%B4!&sx%@5cp8
znwhs3ANAfWVH8(V%rEg)xPhHa9!3&TZ^Pf%lKuu2D-Ij!Pw9%Z)q_+|4{HoEFMy>a
zB@$6HElqpLy_?#&#l*t#%t8w#*3lw2*5AXWPfz=*VWM!Sh1YmWt){vxKdWJ9Ylp?*
zObd7T9$RWdeO~;-_`GsOI-iBBt+(e^UYvENdbq;Ce1j(8c%==qoo%*InVY`ZUi1Cj
zt!Ci#?%r-<Wu{@;v|vXqNYTM!3uvDESJ;v`D`?R&s}u;|N>6TbuOBni<7mwFJP2F)
z%~W_n`Z0a4(lATBk++MdimBMca5BQeOs0v5h^=JIkwi~hsH>>Fw7R9F(@sv+z!R)3
zd%8c_!b@QLegrgnMA)FQ!xNpl^i2%7Obcq?-AyX;=cET&?p3Dom6n!Q00o|7Q<~w<
zgqrip!%)Y}hE|iSj7ClSS?=)S1a>yIw9fJ}zNXyY7S>>$liJcu19&*;k#q7c;cSEA
zX-X}fmFw(2Y_m3z*MRpTY?*mpSx-;Y6SmnujzKhEuUXIX-hj6?x8#GB=D}}Hc=#yk
zE)mg;N`>yXMNK^sdocVEh}(^8C@gy;JMUU+t0V0?yo7*FDzOr{^485qoqp35=mfcd
zJO_Wn+G~4z+oKK?EZH(e8%j!D^p}tG5UmsKaj>gJjHITqLzds)*+1Bq8mawRP;2z@
znM`Y;&m1R+PbQd67*8{5Y;LWuFEh4N9xVUeeq~W7qhi3v+~v9m9B-yAT5J_3My5|q
zX(g;z*LRltYFa1{9#?V}_S@4p*l)exn{(N5Z=4(dty|k(Tk7FuF>#X!B5azU7}F6F
z>Z)t6c5*g3xEbhehiyueYgQ=eB{!5Gm)n%vR*l;qv)CEVeC2esxwr|uAkvy`h|J2;
z?un|%j!Wh)WOY0RQYvp-!aphq53-aT*;O(bO}CU6l$O_3=bI@yc&kc-o%Rlg1tX;i
z=vxd3#<vEN-tB2dR52TJxLWKqw<aCV?Su~|u|QMTb!*)g3pSa|2%Ct;Qbg<OJR~$H
zYBT(Y4KNl6@;iT5askJO6RBqJiFj*mrDccn8hINmP{V%%OM~Mq6HILER$c4E_O^`4
z?ra9%)->x1z8g*!EY;RpM0$e4wB{?xwObjQd}oj8vFhF|C27ykC2P(mMwMBA<8gp*
z-*SI!4cmLitEo}1r9^Ht*<h#YG+29B>ohAENUy-$M#yScs=u71-pc3LQ}0Ay!CgGV
zUiv*-th1mIC=n}mSlo<D1-+369WL_z(CN#d=O(JxN{nQ$s-iSn5pvy4m}3&Wwdj|2
zH7iag;w6Aq+FR={3OMv99K<K@B+a<Ldsj)U*JkRxxZvNoo0O_~;#qd&yr(%k%Whv@
zE_htuqCg?w+>>**K8z^89rN!M?DDxo>{^42?k|Uc=du$yL~G*Pfd^ae?VGLk**4q*
zEEB+HyCkSe?`kXNA}cf5cRRHh?7Dumx8ez-=n}Svk}E%s@(NdFyN<6moU-q=J+Ax<
zhNf4FuYGJj>Bp&CtIG6RY2s!$`M1h6&fd{_UbQ&E+(dEL8(K)Ya(9`2hq(%Z->zL1
z8i@eT>r7S-0tKgex!D9USngszeGS}Ef?IRkr`6cV!z^hPgV^iwm@cFCL8wEU*;IUV
zQ#*3dPsJW&bsaU@>9bd4!u&D2eQ$k_kc^}M4$cUz&xBVAp8>b$O@`}x2YJ_yEhdQH
zQS-rAWbvZr8|to<;$By@lpU8R+!#j(EdUaM&U)sCJU?$~x@8vykQv2|B=DXW*MxV~
zXvvxFIk3|CBcqH)SWxl)jV#!%4fJQQDJ!#K9Nqn-ZYx2@Tl{DZIYfEoac~ZZ0XG%m
z$A8XG&)3)ftkodXN&(xh72oQ=i`k-gJxbBOJ`ls(d}d{vyMOzFw9DG<zAy{G3e0iW
z*M^N;zEQbQUVF${bs)W13em2mK&(0{gYP>?#>Z_>!3e88zSVR4qxCgW+pCRsq3iU)
zy%P?^oF<w+%z5si|CG0o68yL}jpCN&j*zuF_1-@yo&h6o!WRwpG&^AXPRU5`#g!xW
zHio_FJ@$vA$1H|3qni~!G+>VR{<?VnObI8weyQDY?<y{>i%nPHpf*~irK<G%_1PN-
zpVJd3#z+y9^<v5eYs5j2@KGa*8->$K9Zn@>4C6pakH9of?J<>1IP{8q(IX*}6^ofz
zfvZI>f|;M=7M;QC^CMC2qgI3l`assNF4N7&2vLqtg@4X^#3Mt+-vdtnlrm;pe5gqG
z8?C&5Zhg7>mt?YFaO@j>;u>TjV7E??gp$g$vXGr98Hw^ukSv=c*4m)YY@K>^i0>8g
za<%I1C$qQ06MT*Fl!L)z40R2Q!vC()&G3D?>{apSgynQz<*u<sN^gjty9M*`3Foab
z*^3K@yCw7RwdJj`+KU5i;cn49d;zLwsg2pxd8^Ek<6md`rmpImzF*6kag)JA>K~4o
zmtw8$WOCQo?ZxlH`4}U|pO@e$E<+{q$TJ5Rh~O#p4-o_>%{+XbC4<E$j7IgS)^=}H
zi3(5lj3+7L26n&B1Q+@k+2K3Aazkr~T#`P?pOERmI`k`PlI#Fb4l}==`Fk~;?%&$!
z_d{*I=QI_pVQTffe7{d#iZcQJo^xHWHkcS^odb<SJU{;U9P1LL0G!j@iun_)SGu0n
zfr51zPyl9h>VN<8;YzKGxlQX6%0rY|7n<;k_xtWi2<qdsXIPhQ@(&zt^gkK?s4O)9
zdt5-mgxtn0Pqgg-Ky$y#;*M0YsQe-8#F2B+^d#EuQM>6zf%Epk0Xff^dY|opByvi*
zcjA9!zEMP$rvn$y6_I)Az_OnrvNav(J4wA?ZQTIlt=^nbJBwoTA;q^IS&_izBQ>(?
z?;`>7afq*oSUplVf1-rHhy+U}pK~?EWQ@mVLGLWg8&IxB112}JxWirHAB0mH7B%gF
z*Vkn6e;LcMP6Z_w7CX9Pqua)Fk6mFMmcl^{&FgmTT@vPDmY`FCbP#m-zOv5qI&-}3
zLh4L3b={Zm3|Z&tp0h9d;iB!&?rJdKnew|1A`3A8Qv2QH?rLn_b-~z~e7d{QQoFGF
z<yyimuxfpAs*>I*`OmpIfuW!#Eu_^0-#0O&k*7kF<PfHGsYzWp!lR{GQpP_yPdBNo
zY|D%4I?jMd`&hWdqvcw1^i<6=$yd-|BPIH@lsg_XHO8Y=_Z7M(WdxG)meMVwRi$hQ
z?TkvAQknWj9^iHQ)Rl4R*1Cc)$6-mzXdF<pku#eO^ZLtxu)#mctJexwWtTIfZVV+R
zF)rvE4E6anG#KQgF*F$9oktPm_44rHD`kk6qWc*6?eF~|TDP$eGDSX8Q{?2~FR$E&
zQdA=hsTre4>OK!dnEt{LbQ%-jFn==Xd6M{z5DtnU>Hk9FyqV(E6vLTMtRy**5(})B
z(OyX|JiLFuk0!Z>0?Ud)lcb<Ixi)b(|DHqn#`9?}2Nh0Wds97Sf7H)ch`%w{ej+bm
zKZfq)?@$&q3EuC^N>HGCiVx*eow1(`*4{Dl{Gog%hz9eE!TISEQ_pVf{^ffPG%(_4
z&2i^zC8}^v`1&F;+L)--aRI5zQA7xA9U8NAP!ns{J!Bf65q1$XbPZnN_;;i~ezao%
zh$Bk-n}u$mR;XJx|8ySb#~<5J`iaGE${ky8fgiFAkJ>(SK@LcxCHv1Dvb2p3$n4ih
zg`O(W8w)fmwexvwB;t9|1`+AKjBIF^&G``~IJC#nF(<ZNde0*-nn{UCM-8Ygd>5&F
zBtIM<$6m<7R7kRwt^yfjMzxYT&m>I^D^<F3=X$!fr9Yg==cW-xA@1>e3CAJD44unG
zgIDSA=dJjP_O@=vEMsp3#OgRjD7&oqydi@psgaAf9vypiGN$PvkB0o<rV`efd+ffd
z)BDzms{Q+{zN*c8#CX-pJ;0XWBaUwVo*T_Xdg51^KR30P_&*w}KFuC>aUnELDrXse
zf)(<->v)MxaPJ;b9_X#G3^-nKO|aRpd<%S^+<W$z)<BAqE#6J4&;CsT0;f5D1dex+
z4+9S1t2hVn=_`O#_TJz{0o&0Y?LS63neA(6H2N{hayQ!zLl6IJAf{L_I<t_o)5{#}
z@#-kfpzS#E*tf`?AuwxDa8pFA8L$+HRC*ly@$~yWCC<Gf&OIhm!^z!O_1c$%``*jl
z#quV5bu#s@@jKE~5^$BU5cmDr>HgTc?0+g%+VZ*kdOq-Rao=nH$8x!Xn_J}kDtA)V
zjN?6_JL#S;FgIydo*upcJ<^@qqjFQKUs&h%qFe}scQV)EoW5$Sc|6Q=R`&3=Y(u%r
zmO>Jdd0tY)1qx45SrUCafq1PZ!rzK;!gU-`bf9f@Vojs_3mceW`nmj?y%U`qBOOFn
z=Xh5R+Y1|EVwm((GDfk)<Z{)o*Ov9JYNK&m*3RMqm(_K~qNt~YMB|sI&tgT@WJ2(K
zGjDval{`f8?!M3-8**~xVx1D-nMAYF{UwN9+NbD<ha{2d?9r{5IGY~slka}=Ocvy*
zgj~OW6tY9QyDZ&(o#E5&qzLehz-@W@#!WMx-7E95?TQgFM}~V^>1QO3_K@58D24(A
zRg6wR)oo_Qv+ITzIw31tN8kTeVMrqJ($l=75;l~F&isRO-l`6EGHmjOdS|aw^YgN2
z{{98kR*8ZC;<;GpVR5VZpvv?yUclZdA_;1roEMXl))eY}EG&U;*`9x~y2I&Oo7JRh
z&w*nYDtIo>)SooMQ}x?)8zKlB&*WZ@!%H;+vT1lt>JAR976NYJkW}~*PZf>y)2GU)
z=NlEsC^=f^<|aH^{pLeNw9?JDh-lfHkceoBo8|~88*Gv!TXh>0nsy82q-`*utuxX_
zt;?H?UD_BTzx!=Whf7|HML^r|X-(L&fKP-=sQF{cctq5UOlYhw)fpwXn((KHnHRS}
zPRi|qJ||^(ixOw6f7R-^m1c0=)z>+SDe@nL3;RJ0tmOvXO9bU7=Jqirhdgu0xP~sv
z6W8(w6kA8L6VY<4IdI3&lKVH(%SXw#!UfAzn7k&B61{KZeRW3l-ML~L%)WUG*p7Z1
z6^kYtUm{o?I+C6+J$YilMl~FRhE~ggj(`T7x+~>5v0+_47>(U8xit>|Sdu_A3i2aq
zEBrhpqVcBc{P9(GU<iCEzcDBSi-SXrn<HvTnT$x--3oGh7rS`7Pwa@siAGM6Ixyi$
z=ZM{gFI7XbNlNd4+uqOlJ&$%(j(UB(d%c&a?jy=(r@^^*W%#XS&@q&6chDN3J);L-
z1j@ap&F<2@B2C?D*tGP<^ow}hX^RtMMReeGd7E#8)y5d5evsr|2rc(V1VKY3N$$!*
z$;i)0iEr8-l4hGAKC&Ml#V3toOr*flJp%x4Q!OI5piA|op9y3lsDghJ7&QSY|9foP
z5Ef;?l}3uoti-Ca#Db^<FaSf0ep6zZu}5a)8Rf>Uz^-HR4Q1G)rtm;=?z#}nQzEF9
za_ZZUGRo=p<aSjvTKes;&cuQlid6V=oJ`b(1rZ7HZ`9;|f8kA)Vu)ud2vVePD2SSg
zw=VGGi90ZVl`3Z$yJ(Ir=ualM#vmJ;KddsuY0j1^yBm*M5XuuzI0eWP#_`pLWXKc7
z)0;Et$Rx!RnA7V>gB7&m-KHdj<cI{L%BgLKRfeHMHHu<cF7fz7q1$xMT!Mk*p6>-S
z?=vzaCg`kU>xQ31P@O3Rv-Ll*(RERE(GkUl57Td}!I*=t=C`?=1zY^}<tk~k<86l=
zhn{90Ec-t<bDROgk=r=i(c3E949?swfh+P3v`z8CLz&xb&ipOGD+;Hy*YRjW0p{eM
zA?1uX@v=kt+t6)Jn1JNJm$w+6aU#-L4A7XaIIH3HA<(ub?1g7+yA)E{kl~T4Dn@(Q
zcH0&9$}|2xzP%sGa25l^x(|DA`@){z^55dz#`s8yF#y>yD#KRWAQ-TX0i(YS^HJ)g
zUXME)0*0^6QEvV2zaVA#)B^D2hnHsx2pdWz4GvYaEhp`SemY1tS)5@P1nj%Hc(<ag
z#-2*K7q$H{IB;-rZ$%?lye^R3H+1>1nvQLDC*~qRE^%E*d+?!^ay5JR56ZsZC6!Rx
z?i8mB3qU^T(0zv;Iq?<^N{Eu}D=3VrY$^UQx-fh}(`Ir;#xL1UDa;tuot_p%vMF<Q
z%Eq}jS$V9u6zSR9<Jl}M932GF*S_jbwBYc0+;^ND8p=K!p6uDTuO{w?uN13@6Qx)F
zsLCS#C+1rVWS4ANOhdm<5u7f{cHH4|Qixvf09!`UAs06-j@b?q{01Zhw6YIZ4{??u
z*Wso4tk-ALRSWV4FK`~ae~GH$b=+^KTApq>jufkCI>+;bu7NkbYgn^mmAhzIT>oZ?
zapH;IOFd>kJ(F|;^D5%OnU%jh?{I;x*WRjO?*6@2ozqnU3I^B&Cng_iU?xsNH0$BM
zK))~2<!E{;F_hEUDMF(?bnE8MM@bJsU|*`B6EXIHC~?o;KVv+N<^6Fm*Hy^ucWq=3
z@j}$#vHwGSBfox}u1Zlb@F)5C{x}wod7f^6>x9Pkc&egGLEFE<9qt^RP{P(3MTktR
z8dm6{VRyC0oOQ4{F)TRe^*NY3D`f5gmO6(<Iu}1k&D2!Up2as`)7m1Zs&1afZ1|b3
zi=NVY&g*|LhgQTq2pIy!Z?`P$6^W!(F)4QCak!$-z2`G=46{z(bg5Y?BDOcjGHrzi
zAIMkpIX$VRd*#jyp4Obb46M>o>@wwivgR77G}p&dAMC_03$;nkGo0&#8Uhnn1WtEh
zFT)9}4J)KNeg|iF2%Tzr_qK&r;VYmWPEdf|w4<YRX_p#GfTcbtQYXU4Zs^XW^}8T8
z{GaIku|s2aOo1r%c-ew8&0)OPd5dW}u|@|x!?2uDnsqKLkMQV|YB+CJNk2kq#?+qS
z(5Yn5UACPq|8WucZS}~>4UF_jYTdj-#4>5!oKn{ICRdGN8U0Nst?lLi6Rl9w%P(#o
z=$OMUU(<X2Cx)QY5Bxcdpp%}O*$2hf^Z3pB7k$d2D$_5yeqt(zjNFeXX`d*^AaxJ%
zr~AK~HuQ<vI(5!Tv$~i17Qx^6=g6vS0!?_h1Vire$J#0Swy8Fs7+`jfOz}`FdyXzo
zp?G$y6UPNGNxY-w3Ax>)XgsCy39TKFGR$6km2HQkMFET~8Ec((txC)|ih-aL!dxOL
zEkt!U5~H2ZO{}m|hn9pI_qbbrH8j{|kC_L>*VlFg4l{rA=2})Uh3S-A056;iQ)aue
zPu#gu|55`McV>!UAg!UQ`hk5_{~CMQ$c(G+OQ+eLwj%bNkKJtqpt5@(Nil&S)e|^#
zw3{63iZwl5-=940igiY=FN`rhlS#9BHb5wb%HefM*1i8X{#kx7^aZ8}*8bwfGZdAV
ze2=L=C;N(D$lzpS5R3Y78QV?PJvYNwLAy!(4$68<tal&L4eSH*e;yO4Jmifj$okOG
z!H@nIN()s_J3&q!&G_=)TF|9O>i9FFnk|&o9BWbtN5dAY5O3Xf$p$7$@Z4k)Yp<CX
z7I}ux$3dRu3C%_ZhphLj#@luSk@*$BoSvLrInKi;U?}^6fswpUNu4Ur+g5w2Hv1_j
ziNCgsXivxk;KucMnX#R;5$r3=L|<jF{<K%jsIJr2-(u4XzPe>ts9P*10NcwV)>xrk
zR4byS><6s}t_%JGPy{C#e@Obg_>1zS0jXYtT=4j(+$i3EC0_TS)7bU4{)i9xXLt$i
z7t*3p99PPI!`2lLh-!$geIRM<qKg8AjWcSlmC+vnxHLGRhLjh|&(6VaZgh6Wi5anx
zMNM;=l3XJ`T=vA1ZWIsWwt6;^Az{~UUspG1VFi8WcI9z=?6k1R9g`_4ChT3ixLAiJ
z?A>T#r7}mDC0e?!A{NkiNfwqRJ#6)s{a$25-qXizrR=%f8RLNS7nYj#CrHK@5lZvH
zgh5#VT9PTbzPG2b+47Dxw$A4I-Py&3&5w~S{A_M)IgjydUTh`L`|7Xu_wP4e*U^^$
zsu4BShQX}B`Dzr|H<;{ByljAj`=^mDbx}}w0t8+gO3(Y`(cS78mIN*^Y`&i&2NmfP
zXrx0;lwEnZv=zi8`>ZUcj28Klq3z>@=czzH3+^^#F=|!PQW&C$w_WdJ=~Rey)2f0o
zak{k`hVbcjd8@t1zlb#Lp107RGSj*H@)k{&4FBBqkx8Hpit6-Z0qO7`n{|~1POIuG
zN4rP;%ZES#B=bK6X;1Tw@))5HG^%A`0mf>_GRE(z2}Meed3@OYeOg`C+9iGmT$7L6
zjo?)s?iL=0JusX7ytOqWb$eK!YhNM$u1OlDY1=&K(pM|SFVZzVG{MGm|EJ8WxhWm-
zu#s#ZZsdWeQTc7_=5iUI_`^5q9XNB1Vdq~DT*%o1n-s0zC_i4o{9V0S7&CvDO|Vf-
z03Hc?VXMPMncIK*@bEMTAAJI7=8sIQtDvRx&Qg{0rOh7cx=)UQ;Th3L)Ix0;OoIB%
z@l?~Ze0#P(*+qLNhtByJR&#;Z9%Ymo)4ukzie5lKj*@A(3<EpTyI&iXEDLr6A$Z}_
z0icr>1`cMFc26jr3&9UP4R7lH%`k7pXD6wIdK28a2$$1|{j2PoPyo(_kfHGUf~{Ni
zqjRf25^`W{QQA`i04Bn`^DorNY}a^?-h=${@@DAC1b;I>{xUZ1{^d<dvo=T-s^ICf
zslI}`;E8THIQYw2Stv_9)Lv;3a3)J>Y}UTFKHU6c*3ZXTa`XDv`t)sG&N#{6b56P6
zPS})8_MK+~4-Fc$0GXHrI_2JR!e;5jM#2`EnEYbxKI>h9M`Il@R7d{L4$B#_&w4+M
z3G@zRC!OzEPg;qYHB$W!_i$s3W?hleAo}Nn<Gjh8jZO{qfpC8sD$Q$sIj9w4CAKL@
zy{#nWy7+^LlHQ>?I2w<C<z2+eoc+oVjCjiJ{1z;nf0G+Qz+J%PhR{C0NPm8lokx)D
zk427;#D8n9Qyx42dQKFtp3_86)tdOcbu}TsB=yJLdHi<Q*ds1(?C|w!?XMy@dw8+@
zf#0^t#Gcm{t@fHhW#OjJk-_d>=mvhuWwOPuLK<=f>!X~rzxUFcLxy$`-N#*7o^_Dj
zSEQaQUl|(r0iE;nJpk;}m0|ZO@wf|4&Gn0P*+uUjqvn{7Yjj&2%T~rkZ@=-n<Bkn$
zZ6@zC;khL4)$n6cWI3%5Ez|ab0B7h~e>8Sxf?Fl7xC)eCT%*mt#4Y&iNoDSm=t=mA
z!imvh@}l;F_EJ|}Rg>co()TKI5g0<6U1irgj&uqFcS*;3b&jK*qIXfp!gXgOox*on
z$KG{kqn+Y+e#dBa^A_R>9b$JTS5RFtyt-XtHzsRy_T)PCtd5RRs)*sHo)jP1tMH~p
z_En26o9Kr$-!0TWuF-{NpCHbd$XRkeEvTs(+>TF+vU}igx%p%uM`@x_DvQ!?gr-^S
zg0lr6^*Y(5chf%&p2(Dv-5KU)Xs4U_DwB00#mdLaU3;K<Rb(Z*X+`dilW7q#5m^xS
zYtkFn!DErpMT|~pPT8DGcBE+c^Au+sExjB0#q-=6Rz7lV=jneed>w8AZpWfx43_5g
zQiBVBk39KBN1`I?aFon&+mKi1e-fJ}H5>W?Cd8MBS2_a&>jX|_$4at}E0-T<lw|EA
z$Q|dyVqJVfqsrn3XWH#-%*jdgpkJQ)R)Vy?V-5(a$v0qwra6iDJCeA-9p($)g@mFE
zWAbps;*=>QWJikzrvBw0H2z5pnT&P$T@spZDA!Epy7{JOp_WU=FtNHfI(fgfGwL1S
zD>Zj1J-1)MIrm;1ONZB8|2>(HufF^HaQv^?DFZZanajfiOw@$M@(1<rd^4gDd)8t*
zm@`&IH3G~sV#@-IkWGE2%;dc23ss|-U3E68hj1Rku83H6E;j6%W-0mPqWvxH5+L)b
zNz&KzeK@n}HuGYP=;D(QyFq+j^g58!$v0knPY6Go`le4rYvj1{*7Tn@(`rgyw0Ou>
zblyX}Q@m51lR`v)MTw(Az?R#LdqGVzKHR{X<uoexjPn$$rddV)x_E!<`3z3cZGvkF
zrMy{<m<)KqgATH(%Jd*8O&OgF78x%V@k6j%vt&iYW^-j>*LcXt14@&FbwJ5u(yn@z
z<b%)qa3a%fqR8aWEJ(J(WcAB`I5SlR9@=*J0bx+rA7@!rdgX^vBqv7wvbTReLH7)&
z#PRpINqvg^q2hGns+&hv@%bF*f`nq>c*q11KEl3AClHIzTp+YQgtvdn`OBE%=y`MM
zQ*+$Ceke3aDw}y{V7&eu5KP@JR`4;fap~Oo(|k)Prk7~*)F~2Ec6^WXhD-rwhiR1g
zKGU@{EZz0*#Yf59&`fW1mg0f(Ci@6I$5AWoI4k29qk^1e4$-0Met$tM!;`Kkqq`{$
zP2pR+CO3)-H+EwqDFn?1PIa6<vu<I6B(#+9o)R2c1OK!tD8UiXX#pMVFNcZ>y7^YB
zc6$c|RlQ}8NwVUoqNd3n6bUqD{xwd0Kb_08`QF+Schm02E!QsT%jMka)b7d8AmaHi
zqqaBbZ*INHk><rLcJjAP0Yxdc1v}X(*>7VVttcd`6MKr@yQ1>!#4uB9f6DT2#df7V
z)F~-5Rv-3`5nT@lG>i4YA-6<5eCT|<?fl;vK#}!65f2C&*z{QP>&DXR(!FeKCDy0&
z?BQnq8htd*lB!k;7<Y*xOnX%so8)M^!;`#j(J5Iy{&U<8d6JVl%sT~>{C9jUjm)?X
z<`XMxaw_+@x*K^3u|t{&0#|J{KVC%7-xFs4yUWdNIO7H${z@bW|6{okSA3i{Zj3${
zg<Pyqxm{Q(u9J)0Ss>&#7ah;Xu5F9NU0*=`)cE~mXECx+9E}m&0Xm<G2Hn%CoWFDW
zR=-#=MbKh_E3hh|Y|}=NC6=OWtB?=guPk2!%@GX&DV?($+MOFq%_!54Q4PXX%QupL
z9DiV8RC)j@oaQGRuA~6w>C4#f9^Ox55xO}R;UKUo$$DHZUrw+0FR3b0>H`6`pMLlb
znIP_Tyx&fvJ-pg;`Y{)6f(X`0AH3|D{U3x~c_5Ts+piE(*2=zQO|pk%Ukce%N!CIV
zrR)sukSO~WvP@;IWDVJ7Xt6Ivg)Eb@WF7m&V7_zDjQ8#Np67kvf1byjbDitDe!puu
z=RWs{)XC)#kMg@yyiRkC2E5>J)@n7f`>^$@z5Dh6EPfEOZ1*gfy_q-5=_VDt7(MhI
zXWO|#u$zMp<}q{;zALb8s=B19rVeBXZ#W-B*Gw7kcI0$1Z*?%C9|@$Yrp_r}Uh&vJ
z7<(0OmB;Y4Lc(rim#qh1d41SaDEmiwpklgZdP~TF_x+$v*UD~G^4@0$*<K1Spxvl@
zsh!T32-jrJxqy$@?o`zVA1l7{E#Ewbc`p%}KxhH4nl>j=vIYE@znm`{cvmuF)Z^6P
zfZJsAcgUx!CYo@dh-tEP%e4~Oz0ydSXEor>_|oV$!Rm@moeFhXFHTiGDI1FE$aO_$
zOohH&x?sS&NnbpgAG64r$FS{&w%_>f<6GZoZh&c6Y4loTfTsxuTU^o3dkD2dZO}?1
zcELNe_!Y_?{@l5uAN~FEJBLb4Gk`&zrh3VCJFd~<z)YHI1MX;VvE19L->V&;#Jz(Q
zgKm0wMrK;Vr~5N&_G5+MZ>FE&VH9v<5pd%aXl^p*Jt*MDD&WQ|fMpcGvI$@h3ShYe
zu*?Ej4gu_80W6OImPvpi28zc;#fQIdL40V@vLCx5y)+`dq$<6%z~-kNRp%C^oG`rG
zM&3r&#<35l5LFdj)nBn?d#%F4(MVb(y<+0L$72gOBL&V*feyuqPZOpSR?BQ2!HO7H
z>2&a7nge$U=X9$IQHMxCJVU%dJk(IIVV3Q)d50ExF8fQ*n9Vb=9MT}v*J~(PMOLrf
zVBX}oA6e}kZe4FBe{nH2zn%`CJkQoq%}J2H|FN~nD9`ctL|2o#N1=4faoI{)C$_<K
zCw8UONe-pR3fX~);^^HIj!p6t<4u(lN=-!<D@wyJxa_aY<E*traw5J#C)UdP*tO=u
zqpz$*HjS(`H>q~<*+Xw+N7zQsbKp;PHtFWKvyE4B;;V6NwSE>&+aq=Y%}OmN8^q-3
zS7M~-mmaZY*Uv;-VfE~za5d6j@t@fyeK>@+tIuQ+?n#e;-w(o}rS_E_&z5pw%|7bl
z^YeQlMU+<Awky};)v`O6<fZAmM;cS(RNkhhT3<it1i2;A_m4nFIi-e<^2WKH-(Mhe
zjJiYm#opucFQ~bk3^;CQN&7XpMT?4NiN8m>m1aD+PPt$gIX>~;UBO#pf0A93%B6QQ
z_qImvmtnq+q~duRgG2=eGKDX3Cxlx33YGHjaLj&R>N=JZ&OW+FK18gC&Eh-K@vzu4
zNqx^Qe94I!-SbH;ToC^K{*7Ph=b~x^vsE|p7DVVA*;hX)2+0S9+X!uJ=H5t@R<F7>
zP<Pz=SX<J)J~^4`${P-8r^Tk)%ls_b&nNX8I6v>Jd46=U^pfYXO+SaFhpMZNW-j}_
zB>$4_x0g>FxHa>rvpqZinXApb>LH=>ODcgD&$|0rg$s2qSo3$UK<~`ozc?PC(s*wC
zWCERSdx@1|%oww^R%u!DV&X=g_E%TeW7|DnCDTp^Ot-%^e^J<45Q`FZ$vub;ITQFm
zyZUU^LmflCs8?TZX4qw1&v3{n<YKoC^}KN=aK&(R25Dp-BT%i~XOkK4o&4piWW1NP
zlbBAzrQaOo9<tNfZu@K@j5o@it5v9`a{le>m%l259uyAN>MAC@f7{1slVHjlX!d*K
zgRN+Dywx)o5lQ{pv+gq~Ej1lt$pU)E1EPO@X}crHic(!w0RK<<^{pS1XH8YRs_!s7
zx7rpjco?<!Hx8yVtXOSZ3wCKeJ1L~1`^BgCkJ3*g^!Em?K!(+FqpLTY=9;*hGM&wR
z-7??y#bdI$blgW>zG2&8u%A{}7;>yt(5vmIKIK`K7Uvb}Y?T0?!#oc2bix9rsQ32H
z15B1^<s;ubqxQ>%Evsjp1GsM+waF5L*%t06FOGMdNtpzHA?!|e-tDaJNZ9c%#SI7n
zyY*lxb2~m^I47^}*tfnU0IfJXNDBmFNq8DM2C$DL^b9sBwE?%G2W!^jy3Fl}0t`%T
zz}*cD44v>~+XR-6Pg0dvHH{Ij3^?|!8&-tO-c|#VZD%b&pNHkcHeBG33h7stUoB?t
zaexSi=5YH|l>!IuZcxKBu?2*DfPR4O^LvvRf#-3ZRXLXIX%Sc>=ASiUl9Zo5>Q1*T
zO~)OP=hWlow&0e5A`8uQhOvPT{QTT{hhmK^jzrwkIp@S^67Kr_FmL>^d|fvI7R9r=
z(=@{m_tCb;CUgZkl?e<ym@RYES*1yXB0_Yv-)ogA4TSC&MkKtCqPMJ%6YnxNzMt@!
zUBsVdK<d+crk-SA$Z;>%wevdrMV^<tt_aI8<tOAkJomgX4*Y#|Gj8dJIgxn-h!*Wf
z%n1@Q`3ahg3`sdL?~CazF1hw}DoPx;RmbwP+%eUg-lTZAPs89MbJnuDc$sIZT`$C)
za!N<b?FdUXkM5=Ymvh7T_DJX*+PWxI_Kb%oMdG3xmXD>BO}8c$eRiKl&Xs58$M?n@
zKR&%U!PPg(#HCw$y&|$zoiRT6I$M0O;6%{C(9aF!`xHz}?7HqK_77pMcLHb<PAM1x
z^V0mfR~`0_hvh_S^8`^Yt=^(?;J-`-F-do24+K|DU_=fM9M-wQSFU$yb7e$Fm|r^X
z{9=Fdp|TI9Y%QjO)<eHXw1lrp$9YQsN<J9Uf^#Uk!F8nN+~n)CkQGwrHXlF5u1^xe
z6dKxlpIy=3n;<cxQS&olIdWBAhKV=io};D7Wtywnap(Pb&hyV)Nuo)R5IYT^nL_-!
zHM55SHlqX2%#&yUHgq$LtyCzYMO^cB<Y5g)v5@O*Vj+cdqj%KiJRJDlsTAeQgEn@t
zKQoVeAHl?NklzCn$D&(vT)~nzt>vZG=jL8r?MHDx!!ynr3FIdt6J?VGw8r+iU(DND
z*)5}8%y-4&!FhqiMX?q??UxY{llJ?Ee5^0dB;4B{FV-R{JD1N8cf_BHw*6EtM_QDv
zhJ?`N(@}i<7b&X^<ProOBCIruT3#bn)$jj0BzXK~>J0~T{V9%T7v9tGUp*a%+0o;b
zw$@AC!dMTGN1H_(G!^qHFu&qI!^k8SvZ+VbbE^yJfryHvuio1m){=35%sW8>G5S@<
zJOBC@7>2jc+ZjYl{g|q|nxDF&jCK*<j11X9i((EP8X0zUh_dGEhin?!g)~d4Hw5)s
z7^_2+<DJz4@9zI3){;nc!(nsZ(uq&Uu2M3U^0$<~h!;Ep_*k+c@&N%tBptpP^YX!r
z=mSQGgb+-k1!>v&&Ew2>2=TL)i(zz-38L~#ynaYJB;pd&*v&7x32{f<sn*SRsKq{S
zVhVxL@-hOnafFDAwbz-(vhVfrCK|WokI61oyE{aDP)C_W3sACyWGX%n{iM+lwwI1`
zYpDWV@d!)l;TA}C295zU#lRC7;`^(7YA=Xtukvv|zxavadd_g0=>d5P_8&YZbI*9B
z3?dNfa#09%Yf(SXNd5yWiZV>CcdxyKBf3ccOa8^3dwg2&DQZ4Q@2%V;!~Ws!EuD&o
zQtGEYch_X!5QOwvyfy2~;aq0444!`hES3%DyjB|4l6!p8A@p=@K1?d}vkM>Vf0>+$
znm4RE$)i~;pyf$*N)sj|;=Ov+$&JQ~>cZJ#AGZoFmNHzA0W}$*&V;+W=65iZhfiyW
z;)V5Riu=w{NliUGXE=TdIPeGU<}T*YW0rZZ1U;c5JNWG#8%5wlgC@x*;U=&6_kVn+
z{n9#M_rqU%UU%D5t?aUpzA<-|PRbzn+_7wxv1J^S43p5^i^P00rTTSPcD-tk%=>*$
z5--4nX7BsRaq0q$pyJu^zQsM2j23}!XPjRL%lAxq-Ul&o170^ZTvWdgvF-JYfzdnE
zQTPiEA2X$p=S+)`P_KxTP-n8f+jRks)HAw|s<DSYQaI4%eAZ6Cko`bQ_{YAFJnrjw
zM)qfvALYNC)QmgwVwZIxF(u9KO5_H1wPW}lLf#oy{9G`*{rmZSuAqJNpnT5+F~oW4
zK2P+1eugF7paka(F|aQOM(no=*pP*_1lJnJngNq(4%psX{vkI`+-ae7LuTawvdSpu
zRY||qn%|2Q)7e|3s$vF5zz*A6P6R!GU$OGfA}_Id0`q$tHzj!<5VChowO$t%PN+AQ
ze46qCHomYnReV7J($m~KuUc<K)+Dy0>4tywj;5DnP1qexHe^kZvD^7*VfwW1bG>TB
zKnw-?C&FAdjO14pz$sgXo4UE;{pI?PINA}_dNa82X@QVJefWqzHX8>}Kt-y7CS>E`
zuz^aOvkbjD=V6Y0@hjbMwNm&XRf}M1OK?-Ru#7N(D!TES?BMnVSnv1wUNl^N`)30;
z>R=}X5lED-?K!f8DHjBYNCQukjrEZfLHLye8+l|+s9c!mDpPbe*&6sG829)RfkxFW
zbvT<ss*DNQ<XCJ)1R1D3MfQMgp28ftjU)rNCDtkc-nYU@2EJuPb`T4*3u3XQL1vJk
z11W%DSQ<1ADu5Fe2nEU+UJpR@UL>VKdeIayR~FVfkHh^YxYmuH*gpF46P0B5JmRV|
zNf0nY8YElkN@OxTSmC_VTSHZ+SJ#q-xC%)aP>S!Np?0nt^s=~%G5f6oJ>HN&DB$3<
z2RWFY-LXXu#kCl?5i|@dFr0@=0$9IJR;<{>^^(JoO9o(AK2HLXMr_U{xK2&7j9-ag
z1lhPUaUc0UpUwhD0NT5TvLMz?>xhDWrwoZQl*Ln0(sdpqRz<y=(K)h5W*r<mGH_yo
zsz8B9Fj>xyGafbW4&SHKWl1EX6fH?4yYXD%c~15(_9EQY-{2>tVdl~!{j(ras$i__
z<acO3Or}|42PppzgYT_gkQJp6+v`xEM=qH$MCvliI3CbEaOFnw;>f|eK(pEaobVg`
zHRNOwb~i{}!#Ve1S%ZXnHy$@{ryjFn0VR#smmQ%RYW~~gxfXA?EMf!hH9->dogLGl
z{O<Fyrn`QRKu?vl%Sv3>uv%7L4p`o^tT_(KOhK;0+byKt?MCX{NYcQ3r@rB<vf=cQ
zTDKc1b0d@p%x9^=dfGMA^DC8zWpLqVe<OKr<lqo+%@rrykI%b5Fb^35&kmFir^^i1
z`(;1BP>C>u-2qzcu<0DvY84tuM%r9)6LWbN2j&eMhZQQ?z1{eMd@Kxp{&XNQ_Z<Q#
zmUo-IWTTik_2~wyZG#nZVdKg&)3WJu_k?|0d@#vNvQwhKqH+3V$682%$_MjV;$LpE
z%m$jhbH(KWTquXXyZeW?>v?2vJFAGbO@jHy`XIYM*8@bnFF|R|vV2C8wo?TuHH8Z3
zp|oAlk;`*G=u&Nk>bAduUrPSE*|k~h4*Kf<$A3our7P}Y&KKY<)fy@nkV-cjs1Lk-
z1ibZo1jrF@9Iko|$N^xTK}hx>Fg+jwLgmAjgBAd66{QcR=dY_F^76S`&LB3-LxK7r
zHiyfGEfH}2x*narLagz{1BHRdUtQgQNr1R3x;VU@G5s3!b^BtB*In3EOAxB6hLNfh
zz>`*2+}BI6tB=0VTYdvp$>U_F5(eg9X&nc7VhQrZ83KtycJo5iWwJBL|G`=E^p{J2
zU<m`(PQV2s_v98_FlkY4cAX`!0j-_Pue=wj3KeOKV@qOQ$CSlX20h~fjpM5oxu#)?
zAlMz@|L$$>f2TI{zfTW;r6r!M$kYP+qA;Zt2+S!%xflrE6Wz9kP7%*LAysaf#619X
z6|WetBCjkjlvgm^R{kUyRJqrKTu>_d3v1$_R4f6{fA9}aSNzxMRRjs}oaHwNj?XYL
zZaeXr4V;nx*F0%@9^MRK>gvfIe<o;VH@OW~5O)`_t-92&maIms7OXmf*6`*3s}%iz
zD&b5479ltY3Bcs(f1cl&KJe%C$eCAvB)<dJ5^G7!2scu8&!bl3No}!8)s)n>Es++;
zm!wn2D@k~hcmzPB%21UMsuWd$GJ|&?xRMU{;~#;pB;Gnwwe18~#NoO?OGV=LJ_u9X
zI8p_-JpDD)+&9=Hl^f<OD5wMTDA*&;*+5I6q|yO980rc#d=SLb1tj=hAIw)!hX>Y(
zQkG@7x#68@h&<2pjI`y?J%t(O6wa-m3ncG+Yc%kNAaoly7r%BCp@x8zbQEQ7uigY*
zbI=Y;bV~?<;jwoiy9)|f{tdnoz_?k0BT9h`<8}SV={e{sd2_M8@s9#K>y1k*+PvN9
zMo_P;0nVYoTH+xLm_I<y2t<v_P6~IQ1G}8X9v@7WJ?|A>XI@9%S6u9GHeiqDstd^c
z)i-=SHdrqX`Qj_Rfv2}gp8gw;&DH<vk5B)9rN4O)o;GHD^^dw$hqwKNRaQ@dBLh@b
z(dNmZ4bm6yis!;x;g#_L#Pm&`tYiRZrGG^XyvmfBdfpdL3n;jdhu{P7zDo3|yrcZL
z$jjN6#IreobTMr{m}V%@vepW>pQWD^43JZ9B@j~2xIP9Pes8{#8Kz)*0|EHe^X$U^
zjuhqw=Fwke{x0H#`HLD;;7m}9jhmXQ+Euj|M6Q>H*5GsSPPT64Y@H_~CIS9FKlp9D
z#wiv0LndVF>Oac-AyTt-=KqVh!MhqbFz#eNb^uE}Ua)}5d1-)C2d(UtbrIq|?Y~8k
z-;j>*2?U5hM42Q|jp*0tGIS-n6nz0MMoYh2c=*|3C%v~nZQGJ9`@DuDR=2}`HYhxu
zG8}jF9a(aGvdQuJM2-(xA~U$_iGlyL7dS;@uP0COL^KThyoTDnx}}2avDZNxik}U1
zGIy%_o6P?cNiFyJizgs=oNS$PWZMS12W;WW<Q}h{(~A4IQjtFPL~=yANm0kgkb}+*
zfhtx?sK*{uq~2johs;_wnKd2IQjAKI&Sv!dFVD(kg%Y#;xxoXG(q%{D!H%1F=(EEr
zf#&5Sh`=~|=KaM?5(G%NrsR<!kRgzn4L?a>OtS`6;a=ZG+$O<hB8#zz`%mtZy+7{#
z$blTtfAT)Y0jo4;r1KZnzRxSc2?(V&jQD`P0IR!(^2qQA*pV?JUVyy$H&J9u850><
ze>wxFzGA!LpklLPpQ7<Uu|LT_`Qtwm2NA<Qd3N#zQN}#-;y<tt``@Re@V_8dovga{
zKUlz>!tG=}ktibnUlkb?XEMVxb^gMC3}~0!ts_3$Ka|t{M9lPeQk1cE|0_au6Lo*#
zZAS}~S7qu#%Kb^}$@>3H6p1I6$=<(+Fu%cfv38|&nRoSdDS$)vOYG6^o4jy4fU_3n
zP3@%GpQLEqX&m-RCO(FuUV_Sn%*$}rgI+tW^(DD<zmQ8876B5&H;04MRzA;w%LvSu
zW4$Vj!L`^MDKlADz|rvw*jdE}@beP$MgL30#3z;f5J*%4w$x#WX&yDN>yuQAgil$u
zZ61T+@X>5X>2(DKaz)jWE6SQ&QMGVIfqhrpGxC2qf3-^RKPrJpS~ACsx^nVubikcM
z5qa-0C+{6aAP=lT9&ipd?NEOM?p}cU`Qtv7O3f;7RnEbQZ@trY;HR-nv0T6T&A%)F
zm0m$^Wv~SJH5Z@wTIl3|bdBVh^<3pn$1o?C#!GTzG6x|pa=_L$*EH`WHBrQK&yD{_
zlFAnq@jvZ61DgUO5Ag_52_a$-MgK^><naF_R%}RYr{^OoNY?}ZA0jBYjsM011Zcor
z!#(<MGO!2_Zsac_F#DnNr*KDn>hUH2=s(N6?f*)Q$)QPT2f%;IeDmSH|D*<ANxnST
zO2OaSX`IC4%=h_P;_eQ5D>!ap&#s~HrFgx+h=5%SM;MZXh9rlJhl-Qo&VPa2`FAo-
z;f>l(%i9TkJ{<Z7eIWO7U^gjORw73gL9PxJa^MkUiNU5p`Tr^cAuxjjgFD;SU)7u)
zz>j1(kAO#NV{n%-^05Qo@@pCVDyh!x-ztrxxcdl!y1@GQk)st6?98`URfy@o8ds0y
z{y5nJp7VPpF!kZCxU7q_fx)f@46!pFU1$ZP*WXHis{jQD6gO=&7-Au@S@2Hd*<GK7
zubT+h!!p{37U<#2Ckuw3`+UQ3;4a&|AwAUs+~*gvRb0G7MOoIv!_znUiKfn-c*~&W
zx!d^NuRU2&65kD%UO$xh{s4UN{zO&xoVM7d{#5Zu`h?s{A=*ZJ?+7aYLKY%;{}4a}
zPKAjeE}d%=Pyu)<nWg!3ELJ$~-u_Qi$_KLPd?O^jJF{6gq=OpHx(LRYtQ&eIYVL*u
z)%U?iZPtYoz+UUGJtO?aFTo%z&uZO3_J!veoiE23)&&R8-EI~67l4Cc!Rttg??-Cx
z=3nvL%|NyyQ*+m+5c*RfGj3r+8!L!)z#hbY&RXq@Y-t$8y>9c61h;-zXSm;jr{((c
zx^noK>m74FS%*be^Zwtxl2myGeBcM>tp9C}3@Q<DBc@EA_o;x0?@Rzbsej{Rw{EEI
z>OEF-R|IJJcA9m8@$d5kf6m`B_6-d8$@fX|sq!)I-k3S<@O=((dAynx+!x|r!#xk&
zNsOGr9)TZOU$MSgy1oazs39ta{>3V=ig^2{*1uat{12}XU;cUh$RP0{2_T33E(1K;
zASSgSdepSV5Mges8UGRAf`8+*waPEEu%_~AX^0M7CnJaz>`;lo(qZ*s#{-2fkAI>B
zZ+!k1#;V5uXSWZq+3f;S={E?n+d6C$yl=4uHdUX|{f3hRq!cV92?3eG-~UAb%q!vl
znBShKEygWS;}IKL0plHhyas+yD)C`E2}j&r0MpwvkS*+R^ud2I4cm(SwI>MKyzkfU
zGKyT!IJL|0g*HD_bQhx~0rB!{CGCPTU`31<8hA<X*326u7w{P==+iBf;h4Udci7N(
zSeKSj9H@PKMm&bXfhFg}C&`QO4Z9r{uj0^wJ0f#?am$@}y;F-dC*Oo`-GCCv+dlFc
z`N~%9OY!Q=rayEUBBjeTo|G;lBoN@#tJaQuMY?Ro#gfmW+oo_B!RdhTfZTYIGu>vS
z3w}Hu`RW-%yi6{^ZCxZkSYsw6$u9x$`eYfj0qG?GUX1kqZ2-T045}deh$UMKN+HrZ
zg6rGCfn0AUzd70Z312yaI}Duhg7J#+lJT1H6!=pE;5|;D?Mr3c9&mg|5uY$xM{wOM
z;CY<*mIOap0Kb$Q3M43#Zosg%Payc(0Z2ikgma`f3|L$Eb{@RC+0rN9WD{J-P@rlk
zjO-=)EPT&zo{c&~hVm~jG3$Ngo9r!4GF~W~424iYHs`kFMvU8cXbxWmzq>gOIt*qW
zGm4qQjAMq&xBZ#GjRESS-#it#x(+1nD&Q$e?N{**-!r5aDkwt4j&AZTK8_cMG$8{v
zCchRUIFkVrE|4zev4l>@2*wM6he0&?UDZ|!{6+vg^ApO*@r6D>#J6~`P!X9Gg&kHN
z!9pXCdX%=&<eQpp1pK;4|NA_i_cvjU@Du!U$>;wBg@7c$Tte`XmOvyEEW^NWt-#@#
zphRYzP><FihXrs)3QP10@P&`#CAjh=;4OF+WpV9ME-6#H-ARN8J<2EDCY6_w-ZJ4W
zD9S2LNu)R(I8S;BVKE4<cp+eJtB`v~Ov!PskgV$)@wFE1&{pAa`C1D{MupQ?M)+o=
z`&@>F>cIi2&j|RzAG~5KzwZ=HCfq4{M>n4I`e&<<i-aWTYp?}1IWNlHNwEw1dg%)U
zzjUleCKDZQ9qDfCKDMLl&~sw8ZWU^g!V+|m!D9p`3bM8Paa`_&CVb)5Pd8Gqs&v3b
z)oyEa82G*2(6)K{>EoXfPrJ0Nqy3Lf@BLhE!uw!@?X!ysGJK<|0DF4t__U8HL7||v
zvH+)H9RbzsT~+=pUI5+S2>6WF3gn$eKMi77#c3E)KjVq1p^>}YvtCeZf{fna`0VpE
zh+}oI08M*CmUGqQ^G{P_&A@}x$pyw*f$Y<kCTjOL<US**E5guEE0j=@awXP>&I@br
zs}KDa(sa*NtMYg4($T@&xfzbWjMn|TUX5z~)aVL<X0@7Z`}=uTy9yMuTn7f#?e8Y}
zoTv;wxl5kHkKv>1JGmZr1^c+9aJE4WF3NQ7-y)jj+~C`=f&C)dW2Q|;j6U}|CAf~9
zP`VTSTKQxDg*N*E5$eIBl7Uc2;JWuu4rdFy{g0NOHf1qVzuQZ&xPPjD?Oq-0*pawJ
zmlJ26b!k8<k9ma<V)FO(s^9i={*db5KdGW#t^h2wHqnUovEwzlcBh+evOFC~0blF&
zv{w`DmR<{g!|O`_o#yEP5{w!5V~+DnO3{b-^0~UND}+q&f$!zgMN6NvY1{5;l;10V
zk}m4b$EdIjYCkTAjOwPR1tQNRe(JQ2Tx4HAHxFGUq}jEH8!};cKi&ftHgizxuWSEg
zjG%ruA+`PBBiCE-ecls4Z;K)w4et7$bbY9(d0qH6z=}B<zjXSH=zHe=q-8fsLs8(d
zZ8-tbMzs~(yR@6rN;>M;^<ziOwTgaV+p>e&gIJl?aZLv!60ev=*6e*O8ketGGzw;*
zTUXI}5dpQP45jq)(FOS$W(?K4mriUKDNpmPiAA<BaLDo*g?AdX$ntfED6=fNIumH{
z7c?ohnBpeYRhgHV;$joljM;Rw-d7}T8HLVWZ+SDpNoS&vt-2SxO}V7`8T@+|TG2Bl
zpJM!rW(n-}JnySNcBgDi4)}q8l*I5H0V?~nzm#_4@N;PRdRYHkHEwsYF?r|Z%2JxE
zoXvavn8t*9CIY>MHQvQ*+3fSHe!bpuY4;sPf=!&cx{c6HRfUUMRv*xEV_)Kwayt9Y
zh`gu&Rm<n2xh*<vZ(1D8<D-?$xvE!Se0s~{v(r->F~s)BZ_)P^9|;E23S}M#Iex`L
zk-r`|axpBP+!l?C)$s^<y*QwF;6U@Pb?p`r{q&pBW_(#4Oq!}xOU^ylsDFA!<loth
zGY${9|9ardNtPe%n}ZsvEK37D*NlI1MX()VV{>Dh)byYqTjoR3t+N(LYD7!ly>m$I
z>{?~jo!}%L4pz;&UGnHL6?KmzAYc^z6_5yjthB^^UnW<HaU@OW2P*;b<!D>Ibw+Q)
zeU-M26YepLk8Qzs!ZWU09T|83c{aklVdBPi^polYka~hYIYj$7(81sjg9VqS-4Q>5
z4&JnE>C;5*Ugb5luX7k`j7_MQ<LJ}#tGuJ~e#UMYF+y>o4`@^V_QterIa*D<4q}pr
zegMO~Z_Zq<EPHuP+ve)f{zc*bp*AK>4_V-2a?{Oo^A3IA>}n6l`z*OpcFqA8p=(1z
z<1A6NN3M=J+i|rQp&Gpv#t=s^6zdwF8M2%Ddwdf>RVjUWW83D$!JuBpD?j7Q@KLz|
z<g)V5Bcg<!OAL!g`jy|RF+q=4VSSFu$Hv8?)wBW*%Ex-#`?#3~&{fR(^TxYLZSPs6
z?N|PQW;y|layYMx{B#z@G!^}7yl+|)ER9|?zn&Gmd3+458MJ$~y+E2?VY?N89=@q8
zGEUvEa-=^iv@^1f`g+zRSX;7~ki@I7O}{AAzZnYgpMWMgAm{bhiw~2KvNmDA_qp0k
z(meG`2DUNL3OSpP7lq#|*exF>ocUM>f305JTk>HGmL02pPshGNO=g>_Qz;G;wkg>{
zII|^v<M;6<^Ub3JgW<FEhvU^`Rqy^*b=`i4xH~}s%G#El_v|`)cKfg^@7oC$P}c$P
zfkLP$A7V;-+~mZl7S>6)bMIq7lUz@aEGlkEzA1$feYdl3lT%|^2t;8n+AXIpa#38{
z7up-3_fzRQDs0oX1*5SoT|ldGfDm(AZ3ZzgXlEaq6wa=uKC~;Hu*madJs2QC&DwCp
zd)yO4F>RS`KL`$C19W>l5FKBnv=Izu)q}WV7&#(=T%-0zg6E!KNxkp-3CBT#ErNu2
z#55(_b7K!Oz5yq=z(T96v!^@0!AWp|oi@OD4<-?eYW+4Xt9lNWz7B3k5nK>zr3YMB
zg0`y|scW0SbNahJ^X~))RseVw0CwkzM+x3MvLHkopjSq%L(_T73K9@!Wtr0NIYfyP
z1jg5XU}zqzRG+!*9ryIywrFs-?sr7OXu+sr!j-sDS?1qSlqiv4tR5J=1Gu(SU_UZ$
zMiZd7$2KAA2k6_9fGXLD6``qWk~;eDAhoyQ1k=co)RPn<T25#Osm%x^#egI<<wjaR
zwg__j5(rfv3jnP~HigvvuE^{gL#Zl2bcOkMR?dDexSqYm0F?Sj66h-cG(AX8KQ%CD
zZA=86lL``y1(2wE2AD?j6HTA%V$w8g1Ce(Fl&uH>w;`b63y88AoM0FD1NAnH!6;xh
z70<tLlvepH{0T5iO<SkD2NTWp0VH?5eom|&LF>Cc^Y0u74zO{Y0&XJ{_KHG!V61~B
zfgS8u&SN0qxzj|)d1;jm_ZTO3jM6+!`yj`ppO_$!Gt2xtopM`P@i7E;$rvE1cz08~
zZ7|;6j)FI_K>-Ak_L>X`l1vI(EcRR4@wg?P99nrgI|_#QhHOESU(h31(1v#NWDi_%
z2ZZQyl|veO1s4KZuYxvn6R?gG>A{@PVIkVG=u%^PoC^k*TlR^vGWljw+K5<mGC`W<
za3>qhv2M$SW6NMv^IIV#FVrQ+@sNeUIL97zg59Ik1`(kJ3EDdSJ=lZ>d!Ys6*4Bd2
z-uQAj`JA==Gbar86el*!2#PH5JW<R7>f*<=MZ1L-R6w4(?;~hmHv+%CGhkqpyu`nU
zA*sPdSPj&<Vl)tRhxoTl$}<}ngch_~2S6M=gh66djB$zb8h;OG{{0lL5{0whqnUxj
z%X5??LcvwK-?!plt^?DFtzqZ36@z)teh*KG1pRF@1ZY$oyDDm{OI$l<4&qRK4-5*8
z^_@dykgOa6r<D|NTB*BlB|1I>wOl9x8j40i-oFIdvK_p6rmcz*7!EoL$}@<rvm$QP
zi&;6H4<_LB9&GFovA^jRr7Q))GQ4MR!P^N1a67z(H)qpnk6IEiq_AjwZz2}ZjTBVS
zU$-C)R)H2X1Rp3)yVoY!9$C<$-GofsSwVjrY6PQ(?o~;I(|?2AeTN1x?-t*H7cgGT
zc5ovIGw80fkTf!YHscou5VAVdC!t{y{ri>MK%~P#4R5P&bH$5mlDMD+8(A{|cxp`Y
zT$eCx+GObj;SBUq8DzdYqu-e}C8izJFx}Z8KN@8v;fPxbE^N10!o78V%uf_c@^DND
zB$*^Q32_;1ON?*PY?=U%>cEcjI0cyI(Y8rmI!W@;?e@Kob)d19#np+9zatBFg8hU5
z5+AbA9Eo=qA_kG!H=c6jXs|+?viWtsceR2GhiU87mgGRS%ZCN<jr)_-@h*YR3Lg;J
z#{@)qHAv_{YyB9|0XSq^N=r&7*$8N4(p**qg7QnbNhu_7>-Ryyp+GiPKMoKZm!k}V
z;0S&{4dVr-`}BU7pZ85UIKm%>)2UVvsW+WDxfGgY%unR&t%{*<_C3U#9?l9Q*7<9E
zNW;<abHAT{9z)U`fV<D`iktxHiYxYwP2)6AO92ZuXH-OONkS*mf#CqqC(zkTw0T|v
zVZ3L-V&8b^;K<Q1g|nkx=adiSE=Y*ho!*Cyork;3ut8Pg68FKNqd?RLq*%EMfP$DZ
zI%lIpH0x;&cXb%EX-#?(L6bBn1-kk?NISw=T+$L9X>~Y!Y+wYo2~U9S)xAJrc;j9h
zLD()7ea<)Ypz&$ZI{kfa@o(|jesG+XJZ(iGb&^Ik5N81ZCddGnvP3Zb{S+uwi3815
z5tu<grPlMKAcE<U28ESfEqv9P)3Y$?=03Hgw+y*I!GZi57jXReF{Ir$3eimycsw#^
z;f!dV>AvE`AJFroVLp11rtk3CUtr5ID~zJpGepZPw}ItwcaUM4BD#LOr<mjyw47-{
zHxY)%PV46e@R1Df1F0<o;MqIpCea-wnlOU*v14E?{M@=juSDL07HnEF;Vow_Y})9d
zNczDMp|C1lXmsmSHr!119YgwlOC&ic5Bk`1aA2{}8D}v@oFZ9C1I;9@3)BjIrqDRj
zgv3LLz`bko03OwfuBc=V(aHu3*u51Wf|@+%AC+WIBFy?O$H>u4I`)yHA7srQIwirz
zee}#1vmpmJ>(_d1&F6mSAKVtbIj*AK3x`zuSiLF!#6Gtq;Be%+h-NRSpQYpQU;t^b
z9Xy9T0zA}3oOS!WEeD4(x(D9Ki0%BsdH?J+H<)6ep_a@x`0;0+uZ`ZQbx)!xvJ0fx
zR#qF7k6beZmcyX4vB3DU8Q`qSY%2O2&crtx<fck6h;%djOObKFP|!Uhfm5O&)FPmV
z286(a_eq1@@Wa;$u)Z5!FKI?x4^WPR6oXZTH5)D}6Wx)R8i!*&vtlI*p$$io0Q|}x
z5bQ}<B@zY{K~i}daK26j`0akaa%QfW1ZexAz`Y4(U<U)+;Uo>(G=heba>wv}Pieu*
z8E&Kv6(?*|XbTz&q^=V>{b}pGS86rZ+WoR!Fx8{Fh6LH#h6In8x6mH_xF-?XyM^dz
zB6J^RFqtrF3+gh)We83d+>JQOH!41ho?bD5kO6(z!9aoKiCctQ#`Rj5>I*nSpT4Pi
zpIw}eC8m2h$LZ|s)sh+|*k==<<Pk@o^bARP1P6)|ThDe=Lf>bXyPjs@IHSBghtn0J
zxLB{qo@)LhU)>>kFgQsXv=wFuw#sC5Q4EQWZaU58n$&n^z2+cOoD0iU@e~L9>^q8k
ziPmZzU>&gCpVwx?W%`9et(SOvYG-d{uUB0wZu_3UKd7xLM`>5JC@>%n^!GUtjSd2%
z>(;;#VOQ4^w_5G81E{}2L&?gN?oME^GN5WeNv8j3X!KIOC_f)g@crfawx%;bv-Zok
z*=6td2J)nznmYR#982`~){e2lMiI;Ju3@{0Mq_i8cKHb&`MP8Wj5630jf%iV?ScMJ
z!02{F;~93>B%~qF9=}sSPEa0_=P)KQ$ZDpoo@E?Sp&SX&FB8!NHf?wBA)5cUQFOk~
zz_7$bUneT0(U^TRiI6nEYb^TSrFPqr(oeqJq0s;XI#HFW#gex4kwO_56C;hKC{r%o
z0*++Djsz1OA;d%cdzOO0U?><=Z6ZMgfA<1L4E{5e(e*XN`jmm4M5(_0^F`6^_p_70
zWTSDl<nZp6d|;p$82v3wG+?ZYq#0WVj`*B?_<Rk+)n7ot=_TPubC3C|xSA(mGGF3J
zv`)J6X-YxBZO~{`^h8%M6n(11l-hf$;S4uX-foB<|CD~VC)m0strxHxmfkVj%Jus>
zg_@UHp3<%~Wf0OEPOc}Ajlu9rg_|4Nd}bo=FVlN9omn0r>Cj3DSI+}XW(=}(cCy~K
z%cghze87-tcN&}zIkNJPB}a+o(z)gOA=t@xcA<A_M++JyxchTC(?I%Ke(k)nc9c43
zy1{tZYKmTc!XTo8>nCv71@=~cdO{yb<B$cQu4a^e3a|$w4QGZ!TDAD-0J2*!G7QPA
zcmn^PvfF@P`mX-#s7PQ7cmvQ8QG-=)Anr9SVAYa#^~IF6ca_S}xoc2!F!I!bS(R%I
zMO-dOeVhk?7D}R1EYFy-ECA?x3iJgfaYoDAW#1YH*GZp1ESeSVv)5xu9K6hpxErMh
zvgrfhpxcwkL2&q~1rutX>4pk!-&_hUPrC^ES*RztLec*DdNuv=FRwC3s5m!24-{Pw
zil<=kn#o1H-HY_%yqw<7%~mid70B;ea@lGB3G}z%;2OgOwUS1a%sbti=JZ3oH?!)(
z4$M!vGMpepQ_OhUwb2_41S0?l>iMY#mEpC5Mm(2q#-MC{`@DA~2mofZ=|{a?;jM5_
zh?>tHV8q_3RCuiRz2Ox1+PUGbDVE?U{fLTy&jZebn|jn=ry3lFZvl2|h2LLRo%B|~
zJHlfD!&T?B)z@@^;Jd)V*(&Z!`4nc}!1hotAn>*^Y@3VQ7fBK85f0bP2+Sh`%%i;*
zK3{3qfC8vM@K+5H+3S<^g}qk@pShDj*#y(BmpL|e8I2sShM|<rQv=K4Ag-0Y$mE8s
zwqUPQQno(Y4{2Ji0M2`rl)@}KW@9wd1wQTl6Et^fHU-w>`<?lf6^YtGDJR$0sqG-_
zQWt#!KwN)<nwa#dRJaTspM^mi59<NY8L5me)o;pKsz1m8hk{#c%s?g^8AViBeHwT$
zboCGkH9P1|`9kk67mdzp-zqKoJKw-`Et{NgM(r`ccV)b+{AJg9knn6TYxzLc`T?&8
zPY!a5SNhmx(nI+C`Gl1R>Jn!oDuxDND?TK?4*}FEz{>nMY^4~sf|{QO-B=8S3q1)2
z7b#%LB<|EQ3Y_Qne3*8`DJdQ5k;#UiL)>sS3uKml`f&-aj!VM_Kp7Rm?d{XR$n`}t
zu(Sl4zI7G?J);Q}l59q1i+I-^;E}=CEzmT^9)Ur+OfV?nQI&llwYXOHH09VD7<>s!
z7J0#v1Hq!TwZTJFoPRNG2Ak#th56$e$utEpJrDA!ZWx%pQw5;(t9ixd7*j5pXhMbK
zTU|zDhhtBc7*Pw)Y^Q=Ic?r}P3q06;3JgxnWEnB-_LBk0BIG3E9@+O_@(j|$metme
zM@1io;6ji3Ql9{tb1v{2f*Du!w#%Hq@Y+uxkUy>uWI%JR0)&2TIR-KywGbf&P#c5b
zz_GqaCVUtW?gJ$AJ-zv><TC#;*2FYZU6fIJKKQtmo%3er1Ton7qafJSK;OH}x#-FX
z54%i>t;~shkY)iHAkE@Hn!WnK1%aYT^g@a-1h0T#OU!||x=<1GOa*ih15jL61A`BS
zzE1NL_J)cgq#R?b{0!cyHmsF2a;f+tsbiOWb3tu=U2HmI$?0EW%Fr~8=;6M55ZF!k
z8|1usbFT4}%9`=k7_j>qWKOfcQvBez)=)2hDGN2PB}S+v35eGEfzgdh>X{WgRL};%
z><st4MS$7s2|U=wV=xek@Lw=vn4fA?QAy3F#x8%q6SNJN7OuYZ(^n=Q*UzD)8w0>}
zM*^dZUli}PHCo`ZJ>heA8Yt>nU_=A~jGP+o4wHZP=~@=(nbm+;sCx~z5==533{0<s
zQAuvOD{sw~{55Ti+h+y_g$*ug7j?JKu=~~X6{k>Io+~OY5HB{@F=Rt`-(*q6GT{yV
z>V=EdXuY4<nMG{H)Qu$c*-|QLmpFgePOlqD?!$+0OY}!wg^m_OEi(d*F^63*mZ~N9
zsg18fX?AMNu12NkxISM$L&n+W5a$eAi9X*(BPN6OGS%jds47Y&Eh)!_4TEVG<!ZZ0
zn!KS4NSQ$Te5ToRjVtM&CeI+tj)Yi?rY^Z|MbDVYMB1Sb8Yq@;)35rdgxmGe<+++e
zyc?Y9IwhP`X4@|?B^!#GC6-iXXI>asSJwqV=$}|d1I0Xdw^cI~W)Vk|H)~>1zBD~f
zS!*lh7}yq?EEjutmZ>qRQ?&fT*V-3$-8Ay2^q~VUGQ7nbZ4Me#7nK<}KAE9gdtujh
zC0XTI`;c~t8g1UJnZ;9?CUGi+j+A3^+j7#OTVnkfO0&v>{WlBiybsP&G$u`oPM*78
z3B9yK(&Tj*S|rI7s!(xCrn*ZzYPTWRc;rSsm<{}r-Ps+L+U!@@dk|turV`m5WB3r!
zzFr;k>Iir6EfF&)S>tH0$;j;}yJ_s5rNUn=h3o{{kg1xsSRKRPn$?ddz%TUYi3#N=
zp&2^cj9CrL^}4v^M$Nd#Pjsu|D`|g@L+d=n8IxAk)00_}{o7Z?BC9o#mep;`GTXNU
z<v*Zoz=sjOe%h-ufwws2o*Hk(W7d5;XRybRy|v>?{hCspEpoCw-SxI5Hz|9$@S{tL
zf!ZadA<kb5{UT!mdu-KsMN+RdbSHIBm50n7>#ta<e$0eA+BZ19QD!F_`ARVhT4`T=
z+}Vot*&Mn$;}pPW9yp@LY=BNNZgVo(_%Yc`m*=8}OzD2I@}b+9*|qxkR(*tW=on?9
z>PheyNj9m#hx0VTfw$|Fq2KBBetVr|8dsE(CyfalT7+|<d532c28CB>!+X$$AJOlg
zuv6lz?cRp3xCyNki(W6VLo*scZ1e}(SBj6xKDI8Ip=7zGDRXujb1Lrr%DNjROXXAO
z!4s%dosPyk((WzqO7XrGEdBKyyDB<iD|LdAI^o6LM~t(#8U-W!ShhFJcfT&Q!_f-+
zRc8%=&nM27gi|FNSQ?Mc&<1h{^!J9)ntx<j_216=dT^GiQ4rrJyX5~6%KFMOd#F(m
z+1ESge>hA2@T_5@phDmBwEv^bO2*lnje>(;S$_GS%S0XNM}+8Q73R0D)+x^M^{Y`P
zc9?gE&p5k(J6#e>m1uR**n4Kc?VDDKYNMd!m-27^W$7r;Xju$o&Z-2y5-E39YrGty
zC;xo%`Rb4yw_yKRh+a^E2=sI{=>+$&{?8$LMfv%USNEUb7V6(0qPLbenY1b>t7p4;
z^;)AKwkNUK-ze?1Bt1|ksv=uB88vmV@jjh!b$r&Iuf1;t0~aIL$Nb`zb&OZ0(`*xh
zet!rF(Yyc5$#Yd((ps?pS%_ZO(|ngzZ3%0Mes|zS?xf?Yr?|CvKXkn@2RlW3NrhV<
z&FmUw*MnO*@iHqg7eiB-2Y(27k!6=_Noi>=HHGjmJKz1Zhdbn^VCssBir9-u-6@_%
zc@_irT`F78^R=gTH&z}tn4nQ<eeR?(W!hNDVld&X68c<3eoC+LwQ+lDPX4jgAt4o!
z{;Y4%hr<$2@{dh9LXB&O4e-HZtNzClMi^by8ejA3<`p^dOx<jxXND(6{59jjSHP&N
zo}y<SXsSTEJp}a0b5e8E3Dh&|8XMYD?8eP5YH=ACjj4MkLt1@L*=z)7_4SqqbcAea
zOHEPxuNfIn-;wBd4$)Kl*z4&(5;GW*neyX{$8G<|G5O5k@4p-@&T{QFb5pLjOQ93C
zFU`8pD|_>}eIKhiov_EVET!H=XJvyD7b?pm@APC;e40FH^L`d}Jn-LZVEkZlGh|q>
zfBNdoWJ_HK9i4Z&os7t|qPWVt50P|hh(`I2+Y@JvuP@4k42z|LC6~{3n=L*JQF+v)
ztwPAj&-Fdj2xXnMf0lLq>J+~2zFl{&v}yOzDGOm6^OBU_)PnrTl`$qa!TuR%gU^YY
z{zVZAth3^cD`+=yNgy9>hutUaQI<9Fsa&nD-VS0lAk=om`g@1_95!gala{#Z5S`U9
zI!uK(klMn^P){pzjOb73nl}l16lW!j22zPp_I4{nQtw1rx3lbSHm=Az&VOMM+oWjB
zV>VD*j@U0^^jo(vj|Kdkx_?sd_oc>b@HnNP9%hn-D*b}gmI3?nsw*|&e2F4eZ+DWk
zZTGbW_K;42)S$emb^oQ1ZYI}zb{lCj6Eo|yD3cN)%0y|SZn<BgG$?}-N2)|+E#qUq
zETFxpvn7Y9;3=M8dQ^}6+}|DpW%e|mb|q&whOd7*q?Ijya@PviZp`uiQ>U7p`g{AV
zA(VB=0a%^Sl$SBmQ59M8+^#uNe7SnQwY+1JrShOb)5&4!K5m~!>j7^oLo$UcJ0@$?
zx*kJV{?w@S8sw{5%<<**dn%NPcOWyL0xyPiIl_p(6uW|#n}tuox>w_xVRhL2;Ta<t
zm+e5iHgQjaIqt!FaY&%r_~DwAm$mhU>$p+Ts*l4K!|mg-RQM}E#P))Zjm0vS*ZEfb
zIk#bRFTvD_Ju<hZNAl+*r(^OHoeGSX7>1iaTN@9*^Gu`_{+T_mKFyPx4xJl8#M|`{
zJdI6#_=Y`0^f1`O?flw%HKD(*G0z@r%ppvnkn;>R1C)s<jL4R;&#b3H_W{<~z7Rb^
z@36w~OOIt*;Xt(U268@sDkj}hw**5g48&SI)jGw6Q&+ZBr|4>`a`9JgIX7<erLIs7
zzv{6TuL`ka*e4vQ;gbb<y0yJJ-k%tvhyGG8IPB;Ck`7k4WHwCIvn5bv^usi;$IZ(}
z$0vB`KGC^=%RV<fb((Jq_amtigI?B3*SP$wyf`nII@Vhg`wSs@tI%DvF$Xi<6*2$h
zO=gllt?>HmdG}wc5rc+`$#y^&M$<=es4CfvIB^pCB|+uQ>E5{FG{sQ!^X?YK6h3gH
ze1&>gy1}L)DP*d<hu2eW*Gqg44o?($5$m<iPSuOdRr~c#`Qo=+ERHC0liOv|gC<W+
zANrW=Q5dR^!S*5@yZTn$3SA}nQnv$w?q6^%)Qdf606kK)?R!?*Ru^TLFgf$B6e>Dl
zKYVE;2pJ_-!%-;q;Sz<7g;Z;|7q@v|aH+o-prYxJb>f!`mW9nl;{6}kFIspR9u_ME
z?l@R|@-nkF`|x;5IAlw679m@hdbPrgr0M?ine<E5oA>P$u3d`#{6)X;^gLfGu<*9P
zCGL{-khN6wD3za{>Rm4l2;k)i?O3m2j!0G={Q-U+bE@eIzo4`;emUIhjaFNb=z3bw
zhbvTb3uU%#8O35wmsnUNM)IX~gYsssUK&q8Ve+M0GKyy|U-D;`7{U2o4)3`jR;WSC
z@C$M372gyG%f;AxKDc4z*L$8+v@;s4`_>|grg9GP6+#O%tXPC*pHt5U{Y961ma8f+
z#l)QD_RbuC`vGrr_N7S8*N|iu;8=0~Dx<Y@<K>9ki>j?*n>5zAxRfF$usE^5zGK~H
z17&++u?)=Abxheb2^70fg7t#lk{&fFC~Pu9Ey3Lr{&}%wW`3DPR0k)MkC?*SRO297
z(g*g~x_L@;DoF}nfqwk26<u@4b20OdMz|jEt-1#<oryoo@c0eu9|BnK_mg#10ngU0
z5u*b(6W5BBGJ*XO7R!kM$v{jyoBG>YyhGO_qFo=%`9TL~MN1vKfWCTY#c!I)V1i4M
zYpDIwcR4Ilv&8)UBSnlp2G=v`%+UxIy$!36qOw`uJ`z$dP)UTEqH3%~m8jUPk6Dp9
z?AwWVVx840&2{q!h&Gfvg;F~dZ8q{!N*i28)X;Xe5#oWpBz4k_W9(}^3M6&8REbXg
z`VeLXc(KBJd0T$LO){{T=!C7_g!sCD-HIXb-L^QxP|ELqJ@{ZB+*b#QlXa|sFNuxc
z4r!I0#U`Z?{fmYbwr5~-v3NvsJFRec31nhJ^e=g^U3PXA-#2Ny!7wM7y0&|3+wu6q
zV;ojE6<WAbj6tgsWcGfnVrE#_*djVWxb<VV4H^pEPR^b~`rhrs+BWSe_9HYtp!VI`
zUR^hj@xD$J*y54HsvTS0MO4xDDaKH_VFp)>$##Fu!ool!Gf6##*HHX6wWOkdi)o)<
zD~>HGn-(-Uj8>eYnl6T+?Nb-nwcI16D(c1%``gyN4yXq)XiRMK1*+{g?GjEMJA9?!
zZ!;ZFxs0Sn9j@H+YrVvnv^>LccatZi0~`f{*q&NRL~C8isdG3^)3)wr{L_SF24D+x
z&Z2E^({BoSl0g_f(M_4Q9J;dg#DzN+q7&}6ViS;Lrwei4&hJg-cIaa0!G#uiDI=R^
zOR`9+Z1wEDNvhJ1hU<f$>yEU*w$YhQvwR*waVXx(3lb^dXFsjDQof^;1RaiYP}9Jr
zIO)3^J(tgr7M#F#!#@+D%j_*Nc4608g6{L#YkaJ;?c3#GL`Nd5Y1daSqbz%suEPMw
zV;lh3;Y=c>g{`3%_<QH15r`{gCm!%M@tWj-!~XAJi<mr_!4E^3*s9sf=W%(*)B<>@
z+dtW+4@o}8Nj`3B{nrwqUg#vdL`urG%?YfnM06s_%%-NIC5Onn;;~#bYbU-r=Z;KE
z2Jebet*K%LIN#j2B#rkSnq?_<<e}Nf9DZ(PB$dVz+CiZKTbSY41@>a~k644IT_X~&
zLMhXzL!ziOmbdRXa|>P%*vM>UYpBihihHsM0tlVJVq}3#v@yEeJgGdFJPbx9iK81q
zzB<5cPjg6<2$`sySgL5_jiBEq)ui$Kpc^B_F1v^#fogywH9dRl&%fVy7i17#pZIz@
zZ8>{o>!|%MWO7qY|D%-O?8$J_tb989(>e(S@#bFynby%~+EjZq=*;*gATIDkn=k7s
zN-Oytt?;r}(xSveq^TmhXtyqJw9LrqdhAf!IA!AcDInx{Jc5|D8`pu<bfDw@@0fhA
zNLX<x-?2%w!YfN{cI>ke^QK*oGN8JS0oaJW#`!MbF6V<+*gkv=1m`)Jz(|tE2P0l#
zQ&7BpX7nO|8CQxVj#rsT{B;}w^Z<EaI+nRAb|a|%*rYj1(q8>DP9GBsvTSVgr{n$z
zFis>%X0JApj)EZ#-v(cHiXRYeEZ3ZvNlkZ;dITk*iaFzqeD4-LXcid%>jW@y`z?j1
zq4K`iX#X$7jNKn0GpRF$H*MOLuZT8iGxc=^xNnT8@xL0~Vf`*=+Si3=9df2kAq9Q}
zX6FNvZB{I~SRHnXAsP4sWW@qVe2gnjC5deWB}q5D%J^f=^v;@Q%cS;Pxw@kshD0l9
zjmy0cW%{&9_5*CQ`gUfDcRs+h+)h}IO_`KC+r>$=10t_nY&x-dG*C@7A9Pm8&nA1U
zj_4hTaLY1>V^?es?k8v4D5$1?T7}97$^MUvvZHp->p0eJD8<9UR}=k^K7-ZX2$HbB
zt0eSlbbLvv)$w>s@-h+-;=Z0a)`MHFbgzV7-%n}B3Z|6unRh`~F28FZ_es#lbmyDX
zr;x;C4v)317aO?vR&N@)PvO_4#@zuSth^rUw>-u-`|{=LtOAoz$ac2xw+t62rn3X8
zs@=Dh%<8H)0K^pO2E8sdn+>NT)i$4Wu}Mf>Y6?l5u{Bjpx9d^!fL2XWgI0>@g}aO3
z)2iu45bD1B$;KQAs0w=I9yGf9XD<Bn%2t5DICyd-bSNaI{Ch%Xa<T{K!A_9@(oCqk
zySYtYO<$1^?mQ=!qNtWabW2sw#diJHQcw4}E`r}>e4ArecP@5PX0PvA7u)LF5Wz}K
ze|bCgE6P1>*<%V{9km-J@+xrr?Un~SoqH!fUl&MqtXHpWSvBoaGX(3y@RNX($2f*h
z6~(6gTJ6Sca-(!xT|ppcmJ)l*kzmuUvfDuQf*%1XLX*6b)tW)x{%anccvfbEkrdmw
zELc~u3t<Vh*#oW2PCmxzOGw#_q_k%s0rigi7qZU<#nIuqLAd0wyopPpRuh|6#6a2#
zj8j*S=~YKjRZncq<ZbeiP-2QQ#Q&H`&)u02!ww(&V`A{n2~(*lrRp(=tgHqp5-38_
zCWhTI`k@1xY0CB^1U=v#C$T(Ue+ugY9h^tHD1#<jC+XoK;SnSesAfL$av8OzGinIS
zqr31j3X@>LhQ&|NzvQ*PUF#Og(o`gXKfh+)l40B8bjY;YieqNqsA1T9v!j!cnpm_~
zSjT!;z{Ml>chN`3_lJ!!hec6^xo@|db(tJ3LJEQ5V_^7)%;AF|6Acx$p1ukCdVAbe
z)amHKl+q_AU65HD`@RpkSXMgGaD8~1xEzz8@zey+R{Gk#I!X56!}d!iM<@HN)K3OI
zeY3KqndL-q_@NU9k<=pfHw)qv(Qzo-7PjxUXV=dh8A8Xwx(WVm3j5NQ>89`>uC)!E
zLz&XxBpr?)1$%G$Qncp8rshVF^hHH0AjHnHkDYGc_$F^|Kz5w;Q=n=#&q`vPGc1ah
zghvvrZb>!K#Yj5rr#XdfzhnkJK`oa|u8$Niqi)A&Hr)f-j@YZG%8*vA%xErePyK6E
zj$}By8BqmsjhYL|vsQ|IQ|(t`lH3ly-J$~?bmAxVfd3vrNBq=}1S*2>jzw$wUOHm0
z@zjsd0;FUnSre!a%Iu}g#C^bNLgXnBw;u?2Q6M@_ny)aU>FK`~O*?ZPbLf)H0skg{
z@>ipuCP$PD0W}}%pwJWahk&*o9NqZY^qe~dj64^Ko}nE%!bzNkx#zmk2%}hcJd<N(
z#LyAh409LC#L0P&LfbGo6I-XS`t;{PegJlo#HQ+sOX-L_pTPF{*}6X=5xrRCF5h^<
zd-U&1wx5GDS+upU9uX#bVow4E>=`njAg=!Lj@4B+T1n^DOCQg56<6OKQx|vs2p(7x
zr1^f;NkSMWeP2CrFay0N6E}``ZOy>^Yx1Ax9$x^hYbmhuUdn5S<JUzefrqH>M;+_p
zQ}|bY@SY8py@5z7JE_KYR9-$0&I|A|d=+V#l{#1k!RrRa*(pN0@Jop6v^Y1CpUbGI
zR`IlD%bqGrVyMP(ADQPd38hbRGi)aV*%K{gCaZGXs^m?;_Pxn-`R$ga%;DGIG+HNV
z@2<abMSsKFMGQWkW1k9bl?d5u=qmzNWQ417cq_rOCef7In{OvK5OGjYKS^o#kCxP-
z1n`N-%>U8$9#By<Tf49#!9Y+%L888>1c{=6WJEwkG72M6vScJPK#M3SQ6+;UQG$Sk
z0f#&y0)j*t2gylt4nq#Nx{>#s^L}^Td+u8Qzm^NCH(k4){p?V?3+$OJ=f{mjEmubc
zlktMxxi7lk3DN4K1h(m=O4d!wThcbSAghOc{7XAyi)cIevfsX*;dpu*#>iOd&kv<<
zv^;siyY8d30Z$awg0DOvr43C`ayyAUF~43zbJ%xtSX0X9P7^4B{AZikchW^y=8_Cs
zo|qYKE1Kt{ntAN+30#VcjK3T6^Kw>QwgINgT-luP+g$kpA;MhQjDR;+HX#(6D_anj
z&6|t}$1&zttS@5Bg{?DCn3$_sC`|0t#_Z0fxa#cPT}c`dYd*}Vur(`Yv}uRfAB}^;
z*LM`1eRogjx4wMV#Q2c#mpQK$!PuO4N4n4P1rRs9G;6$1$R26D-<N%=@qSyjx_OAO
z^##m5Ve3<v+L)pbsI1tcQj~Q}Q5woRw&)XTDyHZoYAUv<62%l#l!9W4Ey_p5#}s9v
z;$w?SP`WWi?@_w3MMbFY7$Ozs6Li&D98()tRDlwYDN02RH+I!$Cp2}{Wa~F=q@l`U
zi^@>wn4)x4|K+J}^BFUOTVq#u_FP<17-}=FC<(P0@A4Q$5l587P+y)h!cYrNZJKX?
z&X#KuYs{{068n<P-XzwLo!YdKf~t#g$wt-164^1KB2%Ool`B(q<_V?{LA6n=Gdn5H
zB@mS!=MslXk9YA$S;V<Sp`?YTY%tA&Q+k+Yp(!s6pTN|04BzD`V+^0*lm>=RXzCH>
zqrlXdx&A}KU2}a~0)OMidsIh^OAZQmc}fiPQDmyayw`|e-&op~-5=)?juMG?2|{7x
zh~gMKp($6)tiY5C2J*2d=$rT25+u#HtFqBer7hW;O`e~#DVjXLWd}5Qe$7^F@@&km
zYuZRfsm2iBp;Tjug{YPoVm7KJmROGBk0HKA@y8MiP`NS052)N&Vkyc#hM0zeE>E?X
zSC|pH%_~d@hK-&b*|<1jA_}}*(i^j5N04sZ_?%7Cv;lp~27dydk4lOmW}=c}e_9aS
zF;XH^$1oSY9&YU}hc%x6PFjCiw&2c7o|FGy4H?a&%$}IWo<&`}83i4A{r4CQp({94
z)TVdlp(HcYST<hMsFBB}*UqA-Z$=$@y*KPrREjf08EUu%n60y+b`+y_UyVSfe}-+A
z7@l4B@4Md?r3<#g{+l86U)_v*7f${Czt;I*soVot4JFZB{QpI>68Avfe?b8B|HKw-
z8IJ$%r<(tg-Tyli(7*fYb?H@}|NE4Gp8*`bAyY8Iq4)jN#~IIFI=e?AMez;FV`(lz
zWwAZkcBe(km`44}uJuaT*<mAefACI4IbJFr>9rJT$QiolnpFbb?LBSh<n~0oE#bET
z4M%|Hm(0OJ2Zc41Xx-c-Zo+M;Y*X?J+2C6T$KvyPr}gH~J!M#&&vLL`b19bUVemO=
zM=kQK|Cw$z%iv0G`Ofj#BdY<MU*ra><}KaNZwX4UCQ`LLrT?-tI5Mx{&RfpdM``~Q
z7qD6#Fz7e$xMs1&19>q@(F_keJ9delZ$54jDpZ3S=5bsR<>6zBesSsR$ndx*_eWao
z(5#xf!(xsz#Xfrcc61`a@wLiBryZAy(LKCAmuAo4POb)Seg&VXGwieQ(%nJg%FbEV
z6EtCpb*V%73o%~1UO3}G<3;01;}6EA#$CoY1?2>t1T_WGg4qy*K_jYBvr)g%uu+>w
zCz$i}rPI7oJW-rcTv2>c{85(_PF*@}O_xP)O>cc_>eSR}rqfJx@pMe|CP6cSEI}-R
z2|)>g_NU8Eqv^`%(e(XXE4(XQ)SN5))ZCTYUO3Tr#ihj`iqqE29Q7BnhWv**YV3oU
zf)oP-g6e|m0y%;pjzEjR^q{ezu|Vx0?Ld*hjv#4zh`W!gk8kIGxvrPmR_dC?g8IV4
zg<FD^<CiYd85XKM+%9zSoGK)sa)flp3Y+Z``o(gIYExB&)Eve8kd0)Y=Le$cR3||w
zM?}}Yu+M6{gcwZ_&sn_>*=|=5eWr#9(z;1SQnucGjQvn}(Z%Ir*4c+dI?0*DzC<q1
zi*vE179SEPJkw@k^DVw<8(@fyT|$a2(~?d^%DGsqMPeeE=ja^jorP)3kYo^%=O@Or
zr9krga&{}mt7Thq75sn3C8L&9$*|?E{IP|^bkD?TkCd_X#Avj^q({!!&qNV)-?&HC
zSW88|$TIZFGpNti-hPg*B79Y)SN!hW%f2(77PASNZiGIRr^Or#LA>0pxo;gkHl?5E
zc4O{a-!nA*lzyRGecuI7sK3m0POM^T<zq*g&)m~K{;r-hSIbS;w&w1NnZy;!nTc+p
zA`6?AAFN%hgv1<43v}p;*NjIud)Ki-dOLo+K_OIe6a8XkXlA7A`zLLi+*X53$x_L*
zirZ-7iq(uu_f(;XWp008afLb>vywK$+pSxOwYKl>OR4Zir>_*Re4NqmD#N;2L+KUT
z=%f|5?oI5fHI(aZwE1$SYKFZl02^k<_EYMU_npnPm9Q>pyQE)IMc%hJgI6YIl8Rca
zlAvy>bZ^<strfEwrQPkw_4-7HSi-MJi-%EH=`f^W;T^Zq&Aeg@Uj&&8E_I4ZGQUoU
zXi8E}<ULDxf=c9#IMw;3)236kAhuwt;6bNyC*_yQiab2(nG)40g3y`V1gb&Fg1c)J
zozq_4!W8}B7wv8q-Se1E2OpvMp#J7jS1AZoizMZl(@klPCIt_B%{!fE$8A{M?g;0K
zOU3tXi^jJl#FDw)BRrD+?%C6c$`$9ZE*rzdZl`tf>}=cAJGgw(D(2M{>xtz(nfNV=
zYR>$74Hsr)n6~q%BhjX&*h!e1^<_vXjrmedK*9Rbg#xa{_XT8&BbXEGm7TZOEjpnF
zc~$W7<Z(Ioc_MP|Wxvibut~^KpN`EzF-P+1yh-HM(o4*_+mn=|U;Z*jvphPdd&BXQ
z!Bn5kHsMkyc@AXCw6bQCns}xl1a00RJaOigZP!wk&0ykG!7IrQi=gE#G2Oy3f1CWo
zGE9?aVzcm^hqP|_*jy)VMTBjexbi2+Y)-H9UWJl{?y66ecdDezCtI}pCw+9ijSV`)
zW^?6UC-sbE0ZVs(OKp*AgR7Nc%uG+^`R@1I4#Fd(>#HN*w)x90817(j87)t?njfuu
zUm(w(*7mU9yfnAgzoUE+x64()g~=?)#5^o`h?yvu7{N-Bq8WtDgub7=q9mLJNt~=M
z=)_zrxP}?*)a&f&l;|w)^je(ec^UGO!{VHWm4fj$)Mk@!vtaYWrrsvgX2K@crqiYb
zLcO1ha=+PdG@~e+^BJR|LS#o<5n4kTb%fY3qMBuDQg9dZ(`wb~$M;F|oOAE(?8yxX
zJh|3CXK!6Kv&9fzX<$VT@lQo{Kt!w6cX0)vS-qLr9q$`W^?gbK*3<bbTlpP+rs?zd
zv=J9fmt<y|P2U2}256eQSZRYYz<%frw`w4;%-dS6+Wcq`5gX_x%yzzuoM~i?w>2yS
z%Egmeqi3E^sdP4X@^yYJLSLO2iD#MbMQ)!ppV`B-0`cVbBdV}XT}rom`zXu3(#vP{
z%Q${U%z-X9qO{_SdndMhRvVUVH;Kt0_b}@i;1G#lqnOT~M8g1Q2;alz{Fx@F7jx@U
zK&*?q>x~(pk@>~O_%x>;6vGnE63?PtrX6nJgFh%;>DqEJ2YO>fc%d=5Vm>fZH$r>|
z8@ly1JN!LjI{4!!E|`pKKeOBS$e0)*2E+Hfc}PI*&9WFFP9qW%Ldl+_e9_ZqCQ(b1
zZ~U>LPMJmcJ<v1{O~38}mXy#DM>@@l4PI?alwB_S;F^08s?h5_xGO)CsC<7NbkBQE
zu>L-k3%lh}0;)p^af@Me2NNt=WWv}*Ail%#=8C}H95Kg$-}u7b#71@WBNAbZT{I$b
zi|7!yhG(HMv#<9g(H&?+4+VZTO1d|?7fO<RDX9Zf!g_h?0hbF}Xnygghj*c?>Ibf{
zSYk2afOQiO@3*i-HI5j8NIXi*r8Hr>Et))45C=#Y8W?84F%e{5aUO{`1HRl`JdE%z
zJ~vXjBC+CCMeKGau(@KZGaI|dXE!uLOh8Dl$#&Z#-SGPq8YX=`9yPaTJTAHeLKGds
zNbMQV7TEz2VAaFBPTy65s+nB_Dc;;9*!=go<vu(1YinJS@r8@>6kgW>w;FA`#MRw=
zvzf}Br1IY{Z006c)}V!!=ngdq%W<ma<ag@@dv^n@ML2_M)}cO4WH5K*lYPg`!tPMN
zDa(BQ)QS!5aI7(HpO9Iv!7fFA8h5T{$ILDHg*)vBlRnwCTog>4xVYfm-ZA4rfistp
zWT&cfxfmDg|AWT`ef6=sdBWG#CSk`B>mUmqkA&^1jjy|pB%JOHZ9=1OiWiG&gv!gC
zi7wtl(6z)8js@?fJ9_I~L$TQM=G8snIuIU1glE(Z=(kFx7I4fh*TdH;pK*NjvRw$~
z$qn+-Pg*k!wP>SWGj>4>zgXardNHT_)~-c-t?2yZ`-fb5(J5vRuidY-%OyYFauiHG
z1y6+*B0RD93!d1*ALlFWM_ybq)RoAJ=nypQ;Mj>CM!C@TW4pda=JF<LgvFG~2I&mz
zH~|siKSgdp)b}5vUwMc6)Vz%^OB#1Q6=wOCK(2Uh{CN9mQWnFm*Pq_zWM+2dG0IYS
z>sUb<QarIzJR$G%UC^4c65Y`qER!qm-nzS9v1Sg*>W)7;)R|d6s|R}t6ND<$2zPmo
z3x11dPfMGm*+omFDc(V=(T|_d%v8Li|5ou1e69X(*Znh(MYQ5$R<2r0cR^>}7@40X
z%iif{A7A?+>ny->or(YjzNg;E!>f7gz)#E*^Q9G;XA?Dsqe8R0!vlw|foJE5aYV)z
z)nS4l3%xoeYE?kJ5Un2J`4z9VJqU%>EkB>QF-an6%uRfrskHpO9$cIL+w}yV+Fh>b
z#e_4aIa!F}QF@j7VaBh{!m@SI%}|QdgoIVzJs$nmgZ6t|=-;95m{BHMh+xDzKkQA^
zqH8fT*H?)~WP0ibkO54F(|eS*`u`-O;~!*nX#N`+xCw*|A8UfL^ODT$715)zeo%~$
zV(Y^D?s3;rKgR4+O1L?2&!wnY;VIThk`SE@IgbiAqt!D!&t`?Dd`fY4_T10Md>6Y+
zoBE)Tx@GjlgGrKY18yQ3n2oLn*N*?V=K8nmiB6aXuL%!~K{EXw4RKJ#@=@8<D1-MM
z<1U`5NNj>#!r!Xz^+fLvT|Aj5R%^0XBYM0SzApR6_2xgW1O9Q%fhU#h-UYEc7gc&=
zE^0$;fa+)2h4z{E{23{X*xmaKo>-{yjnAX$YYy4nSqHzi%Zfw>y(nuj;<EAl&{IwI
zQ*DM`H8Z`zPmhDR%N#b5x%j(Bjq0Zl$e9lk&#!85a3^Lq#>JJ%XhteY-nGl{nbaN<
zl)Rgm2;MX@d80;1&Vxk*c9u{oN@(E@65vA79Vsqo4Rr~YLQfA`7YAsH&!(YNBG@7q
zj&<KYUK$I|AB%btA}!TRgqfcQh9;6z8^SY`?z=tE6dO4q@fP+#I$nL`7XBQI%`@eR
z2*t&3dqJxhDL(#EI45r+ZE;BA#r=1FnGTsj4N3&KO7WNxev~`+_Guk&xjf?1St^;y
znFx-w5}BZECu<PM*sUV2A0Xk+`~*?B!<%bLXeb9|UF$fFvz^CPe-)nGX6yO5t)k3l
zJM=@SGLYPo8p7M^24Ohi$kttBiT694ZZCE?<99gizf%2VhG~;-h{wZA$M|#G*T(;Z
zBihEm0Gk2lRp*cF9QQ03Hk6q2-P-S}-DZu6C$^kdL~Hnyp~U+>UN>I?@6fMGu+X-y
zaD^^woj9UFW-Q9hZ2aq@h=)jD0#mkJ1KRa7(+BVwn9>bsNBZ%wM_^g~x6<(Sri0v7
z#mySc$*@Hqgz>bL28#KEh!-fLI_7@D;Fuv(LY0>TLd?05qAEu0_K;wOu2clm2gh#y
z#OelXdduFwLfPTS!I^=-c}-mpKs2<Lj0`h~<!`Y|C8`dPPrY0W69>1jo3*ozgqIv!
zRxH7@jqtUx!Po7@DRHUWLtI3~^<bEI)^@cK%vv_$v?M6912Y8|JounZ3X9}d`C^w*
zNVm^|o)O_$j~YAz4(cJhk9|H&i{TsLYb_rE5nU!Tb=py8E=s9LxAJxFP*zD**9Q=`
zUQ}+riQLg3elK_;*OLFZW*5<tD*_xRa`$UtIiOQDCUJRQ$NE8gaO$g*wa2zTQgUor
z=DU$SuO!u#hWqZZQ4L%)(}#}DNcY)UP$9lY?-~&*y!w$UB8Q1)Gac_+l-m-J{z65#
zH&O@Fb#FvEj!5d}n}&cPyZ_<&@Iy@EAYZH2h=yt;(}$#uNcTIcP^94i{p3p86ZhN7
zIzE|ps@#ENW*CD(ZA50ko12UHsoajh)MM0Z5cC#5H{w4@^tq5I?FKwQ^4&h3NWE)@
zl=hU)?{k9A_UrarQoA5HavDG{$n*hxizTYgk|^KhBWjf#E7Uqsmu~J|tDl_N062g|
zw4{lb7Gl7t$`Fr~-MBoytnP5Dz|Gy$;veCxbR7AKZ1tp=x7K-fx$^3htEGDw?opJd
z+^_uDk^L#&28K{0i|J6FNJdYkJ<=?DsOML7x7Qi2W?7|Y8X1R5Wi)?AdVctbU}!X_
zase2i$=i~5JJh!ExnE5@KiI`E-Glugg!V{Cg}Ja$!T6UAA`#~l*-?T-%BY~VLB}61
zT&R9dZQqtS1{*pub^40+IqW>_lR!W7TwT2EDuH+Ow3|{fxph|Qd&DU&-(!lhrvMq+
zlbNM_ts0O#^QD-gxBC+R$#g(%WaItL96cC_rq!2HK_q*!;)>#QbKv;2ATE|FAVCsm
zo-@Lj-3<!JM#aYz&kDmA7QIM`@7*xB9S~-Q_kG9KX_t7>@xD^!UUNIA4kO#USTn#{
z*9SXm%qK^EC^-{h0FDn6a1stMX}N$d00F|<uIVz|Q@mH+P7-GRZUaj7r{IvOL>agN
zSAlxcn=Ps5=Yr-9)WCII)yiGHwBQ97DPF@>7R-ukKhlA~NH(tlB-_0QXJud{ZfX<|
z3}yB>rgH8-yz{`EWp-bXvXN={qHbBMw{3Q>70@_IV9`W2VQ`>cGK@s3kCs7LF48ho
zWuMglPbgdO_Mm8DR2<W(f2;VVidwFe3Nbs|_r^lAJgY(o78Qh*SqV(D8;FZZKF(bI
z<oAK1@QHf|S=@(@cuf#5umBvq!-Cns#f>GTkY8#lZP34q<gbf|ZC<S{&i&3DL4UYZ
zW{wc)iT$XwY}e}ohhcxIVZ4jqX477T)aI1c%R(H4-f25WY$>_*t5WKX)Q>3}sk79W
zS?5S@UjiMd;*+H}AbjjjMp@leEvG_IH^2}Jhi2Ust={d~9mF{l4O75mu&dF;67$f-
zNELhar;5e&<)C}6{;BIZQzSXMUl&Y)tsB^8fD00u?SxgZj`x((Gdmmi2F+erEwIj`
z&O{d>yNm_EL)AeBkm1=}Kxv=61K}%17(ZO=;!o57L&Om#j2~w8SM8884nIF2Sm2}n
zRUbsw|F1n}R<2{eq=H1WgHF`d0cybC{I{36B$ZU|W8sIfkS2L7QW4G(KO#u%H^3((
z^0l%N0R?lk+v?!DvQA{56!5HoY<3@#dQ=UN9G3S;C_r+U8<VyI9u~j`ct_KKDI07o
ztnFpQ_Dz4Qo)su49bZP&Pj(3sHJ=8Bb(av|m%}z`0iOCmJJ6iNHkxvB%3{@N?V7ir
z%gt>)80#y~b~fVDKcM(Lwa*x}#JS(zR>!Hq*%|gQW8;;NDPsR$BQ9-7sMIvx@8L(_
zVQwIy0wJ-&KeM;rY0MFjjaLV@cw5)r6YC={{Q-6-g&5Yy3`hGhYfaGSZod(W2F?@s
z(DPm2vf}prO0eO1gHS00p%TB7Vc7CFEB(oTLS<XQClv{mknd9$5%<K$6~*>vLr6tg
z`d6&<H|+NSIde#?gn)`dw6B=x-N^UZ{NtVtM^>?X9}XO*zeYqS01sjI9pppP4??99
z&qjnpMHvFS1=D`0%<0293qr+*4X29GQaR!R;SgTH$--wgH6(?M{*^*()Bj1!nk*8x
zI|3N$RYhd8kQpPe%>WNU<6#SR8=w!^U~_>R5_svP@iG|*9}VCrEh|<`gl&X-?{_2{
zn#iNX9l4)S(x@u(m~*Y7JW(AfDrqQ-b<AE-x%aPd8QXxv<zLYPP8a?}3+|U8vUwj$
z(1l6@RI+hjc6$sbKyx&i3vbn7uuE{YZoWGi{6t0X=<zT(d^$k%g#vXDpi1OVpY{RQ
z)~^F|u++WisfkqhCiC7Qdn6W1ipqs`;N~pNZOVR?>Syr`eGAJ-5lEpEb#rj<gCl~U
z%q>6}e<ByxFULWU9$;IhS%-O1gts4dVw&_M+p2!D^rX_ZdjExuR0s|r&C2}_X<G=1
zjkJ`>q@@<5<3r9B;KJ(BmL0vNglvWU(H-R0fQ+%b7=tAQifX3Y6w(ltcft*9j!1>>
zZWL7ZCvtc6X%cjHwRaPD<LyCZ*+u^yx&hEXVt4oJ-?6)!y&t>o(v?U_TUy+ZM`(G<
zpY!rrHhie|<qwp)WjjBbeJD(&aBub-sVn5|WmJ+WNMi?b=)vNFgkJ*kF_-V0V$7Cf
zOq+mU4_%4bv5b*&_T91MBr3`Q50SUCQ3*ZU^AMhmN)Flg@5o(kWHir#>5a`Pr$#ou
z*xu}GUzqp$gQz`H0FvsS6!3flx14rzNdLNy^siKDZcGYK$&jrx*@;PkeEh3FB>&~@
zgZx$_mLGXH5LT*|6{~-wfP|LIlx76AAI7F5b>&Z)v((A|LrV3yKq->D?-xrSA*67d
zha3Tq$Y5W-$D2z<009y<(d&Qpx*XiyYfkq1^R<@BGh4%L8^m;HPB@#MklPI*WzO~&
zrwoU%4YTl(cz+Nq{!K_TO_e6i_~|GJ7RKA#ZLJ_!U~HdK_G6{`7m~U&O<m`vk<`VQ
zc(7>0DTE0}i3cPgcDi!?3rg=lpuo=#&>oiQQ<a)<<R41t&QpD?V)IL6ntp`_)P5=o
z<N<^64s?Z?xl{(a60wn*0`l2!BFtY-4#{UH9S_O!eO6u#?mdmAHcYi4p)7r6D#qas
zQf~79e!%E<@UqN+_vzbEMRzOG+3)Q_aI|m)BoW}vLS{_(&FSQmOe!=MPle<_^{;M0
zatNlSnd;wY86?5*QSLu=G4g$cvqg~Vr^CbILL_Vp7Ck)>51lgKme?vsWDS2RE)>&e
zyC(k!%s!Sbq~!Vm?@d+b?uUyVW$Ozn9F@qkcmzuhvJ=69iVXmpA{97m1kXD#w%Mb9
zW0}p|$6{Z+_iR(S=m{ZM4w*|bux2Cv_sICWv@o$!{bv$w<-<Es_xx{gI`z_On0&m~
z-{KI6aHqlb`RneEMyuIZ6K~<wsQ6X&GVx=(4p_Cx41aChNBeo4?w9jc8U7s{AGIcz
zpkiH47cDsomLF-60xwE42U|{Ra}(F4dm!HOy9Q-4N~avlg<i~Ue*YSI+k1z`?buvY
z2hK;oe*nThT?OZQP<*jQX3OrNT?&4ZipAMJ{@!(pgueNzue}y|5k_$pgQ=}#aoB^N
z*unM#Io<Q9@ngf)W5~&$*m#Ejk&|voRT^&}W+;FIR&dJoKGe$j5PZzgb_LQhd7c7$
z1U%D+usGk0zxQ?`t@fS`72GC%O<e4P8{<@4f~jKxvVGQnpQ1zJN;B^2-8abAoQ|Ia
zGXW%H07<kLfn*t1;pqPhKsw=xbsRmM(=B?Xnbsl%^YhP<0wXwYz}yP11M3gJaco9Z
zYbaiAzM8j58AYosceVNC7*h7RT(nFO)+|di9es;G!>!|OX7xSFcuWaj90!rfuSQ&6
zA?YaJbf1S0d5F=pBGyuuVwErD`>ELLSq;q!>D<23)K`3Gnxv`wa7B0V^``_|NKY^{
zFm?F$K3BDOFV0H&y}!|}7Lrwa7m2;wEI*4kJ|nY1Y?$j|{s&zy!=;Bx+6OotEB5#@
zIfM}oW<rw4M$141Nr=v`*~-Idd-UJ4pH4=17t)H4FGIDw9D55+hv?RUN9&N*vXE|h
z%ih|2$IW87o_zR7N|gdYXx}52@q=S@u@aoms+p;bxNG}_&9b^7M>zjZ*h2S0_a3m^
zKfvrUl}tEYxYA%$J$gYO4S{DoY0OI4=H8Lt{fd0QS=;v8)5+~jG;zg<GcY2ov}H0&
z!q?}7Sx=|9FoEA|e`Oz5|C=#3l^$<$r59-_jA0>lh|v*Z9~Kn<1en(Fk%g!G{&j6V
zXM6ueT0A2}3tfIGP8CWEsq*bTXQ&8H;oYr}I`wdbxQzHxs8LKP5e1|D4_``H?EBK)
z0QRN(!O5V%3hjn#7GAqQEYIF&%)Mrxv4sYAvwg;LS%3XO3!Q;bSO``=nNdqE_D=ay
zo3rMy%R;Gd&qId@cW;jw65hLC9sN+a7r4C^B)@#;6I^J=E@JFLMgAva_VN3S^_}>`
zSRV^uZ0-g0e6@CSa>eSvf^(~S2+f^+#@L`h8l=sDDSPD$XR{^ahlTt#oqfE>nc9tZ
z<q*}{Tll|N?p%l}%~+T~=&@+@6qZ7qxuoaeU5Owg!x#ip5lV_UZ&!5dWd3CvvQYlx
zAXEhZf&euAA-Q!T$PNj%-(BXElT7_kpnaX2@q4QjLnn#3y{$$Wy0XK2?*r|9P4KW~
zIZeCWX1S5N;P*?dsSTV2fnh4VIyglNVXF&6GDM0i7i<~e@x#mfp5ZjoPM$IRyLAjX
zX$-dD-J;*``)m!$!1h>;G$x~IZt(#U(Ee6qKhpZ53BA}?o&Y-PD@o;WNByH`S#c?I
z5tR2PrR}zIu<bduvo)oE-*2g}B&Gb>_m<8qok5_ObLR>nPePPet)sl6kibLz>*;HK
zdVP8?2m5UM;C&A=aYuUUl8N5YrQhJl6F&GB!>(^3;p;&W((QGlH&NMGg2mZx=^0WR
zey2Ichc%YTunPxB*;Kky+y3%;;Z^UI={4coiy^p2!Kd6oR}7o8N0vqqO!qi*FCp{<
zU$%CZ+V5JrWH~-Pya0*lcYEEDGKWuZF7RKqTl%@znU4t@vKyNGEiL+6%3)~nx0DE^
zPc(Lzaw4U*rnuBpLp&KKpQ-VOdAi`4Qu>&Q!Wme(3W~`?>bu8@nHl`oy?H0Q)uf+p
zc;M|*cXX_eW~ASMB&jAl)%k-x$?(>xeY8Zrj8%DW(#fP`DH`I>40{FeLg;jL+>4Dv
zIk9T&R*7Upl8k8C5O)tvym)foG2*H^Ti6B<J~|b=a#lZsO>z6^q{wl0i#4~(d(;;X
zt>&>zKQEQ(^(ze#`-S#C{a~o9;ZgN5E}6$zN_z`Q0o~7Nh$=~A=h*Rq@H0}j!q*z>
zAFCcjKl-J4KmJ^&mcT-M!+d;08u{f@(-Uefk3ALeLaB)tim;oMk*b?NSfi9FobDIK
z_RSA=QVOI~NPV66z?^wNeNZZVki8)GK{KgW#vnTeWkgLTl{FY-fvI|PN;FYqL4LQ1
z9Ib+PN=c+3dO;cVH)m#~lq{TLD!ha_8n3mQ7Z0XlN{px}q_Be~1s+DtR9*(v9p6U%
zuJO;WQyFsT9vI#FtjJI)`{``siO+4;1<xMy97dnO2c;O05H&KQZvl1j->}5@74n}B
zH@>pOWDItj236_Ntqu8yHAOux5uLw4#TLy=<^*1~$^=zff1+%B@5^t!#@hKvAeyXF
zVtT|V_qpel$w>7u*@`C>Zn-w{F${tQ>i%=#{-ri_^O2O&XLZkv-u|pDxMj57bl_m+
zhrs~ztSY@zYm<4}eiaw3g4H`qGddJ2{3}+!*(k?YA29qrZ&Fb7;3JtAOLbTa;aLgw
zJdskGOP6gF^873!uoYn=7sGU*|L}@`o``HkevyQnPm9cBd#kn1PICdlS+n@+K1yK)
zeUHB?Z9IHFU1;QeY;U$!(@7A(l2lSn=RAO_yYv!mk1a8M#`;z8PS2>%J@@3mGmK&E
z-?Cb}6?1p9j_M4EGx#WfV!spoYq7`sg<;YRsT1>j0z`!q>?Rv+{_J*jD{4Akz>Taj
zeh_O>R^3Cj#+v6Au+58)VK1mqpY!vS#-qDfW*aKWoKy$;g|`em9{C>F4IQL0M^|rA
z&(AULWJt8hJf5>&JK5<YASh(M$+QzJF(LC9q9OXqP(St-uxhmHOv#{8^ftA!U-dXA
z{%u<O9TYu|^J^VFUfut#l4j}nfV99?4yDY>Aw6oLt=?&en1F-QU*=ce*Bv<M6EVnU
zu2?N`bWJb=I{e%6S6xaib3(%Njq`Yp^cB}6)dG_y)+82+C7r_cwrJ6Z{G=pXq}AT8
ze>I+by!&hZx+e$FE?AzBKzR~%dquN4J;LA^=^FGfLzV2&(P<$y_V#bh3f_E^OPc7i
zmcq^nbDCE>IlC%~@j_H=aS3EgcLt<|ykeHoXFs<HdbzvuH99>`vREtUdR70@+Kiq-
z>aVinqhz1?6}(TpJodmaka1mO#R;#SvLg?SJrk>MyfW1JUVvXV{yU}NeT5TeKj#W~
ztxu0Z0=Wl#-VdglH69?@vZ}5##XWuzEV%i8(E6JW3F%s{n&GkEjK4Zk6$sJ2&o?gO
zvG0JXE(KGKeKNJ@w%u5|wz}q(3z&>{7}xA6`>)q>oc#=0uL*a8|5<cw%e=a-p_q(x
zEyq9XyAQ?Ey#Z`$CDpe%qy85geE8MmN_yfplv&Yh(J@VpS^YNq)PtgHt8c!-^ywjz
zExYQ~`dMEOk$GtbpU1&oGLQQ$)~Y(U1zuHH&@lL91V5K~EFHXY?kvq0AG)iT=ckY0
zRa1N}g4)0wD`~tUcsXtor`S3w2*RB;V4Y!Jn$hQVZ~>U}aE+@|Qy__Sr*P2X+xRhv
zbPeO5lpsm5gc{&a_F?_zlxKLIiuF~6{{|Hvx(#x9%z{78+i``qk-lxzteQW%jq&ij
zHWiK=O*NYJ*-&JQ@l1{H0jPa`3L{-b8s4yDvleo>^w7Z_>Pf6`IoYN@elEp_jVP@K
z#dLLh+tu$FugqK)8pq+1n+&ONmmoCFsG;v}(>&U&7I<LJUpi*{&}hFeWVDugIsCxE
zomYdZrn^tqPt2>TL6pCf@}%V?S&8)bPhJ$h{bu%LS&L9-x;gHpH~Erg;e^oEsaTK4
z2X=erMGE+he5k#i4BAKHy-B2AQ9{w51z$WCukPn?xI<F+?m%}nx$b!fITGmP`FW|p
zl|Gsy%;BH!WD0DZB&j>^aCcJBOTyQL_SdB%+*i~rC9_x5MUkG9q8EV-d<kpUBBY(o
zQz9ulFK~k-=zO-;@#1s7M`+#Id`H@{fk)Go+hZj!fSZfCn~c^9NkeZL<z7i0lsgO-
zv3O`+9RO<?{K4Z-1F-`<WA8gD*;J|@`{~m%{N*c8OVG6xwGxmenPbnBV0;B=8-0JR
ziB)zWhV<iYr!!KoKMNk2jvN*Aas*iCQE@Hv?_u-~4-ZyH!{&{>C!=ChHi{;7y=C;A
z^z<#AtA7DYVM9s2r<%d(#c==Y^i>$lUFe};b;mg{3H|;8W&dNK*()mQvKP#PfZqMu
zd0zM~kB8T)vG7fRnmZ(^=d-;}tX=fA|G|Ja@+wq-^Gm5##N&-A^M+xSNd4Nyx!VKr
zg|rUC@#Pf0_OxpkbF9`3NGopvVd>!JarX-k5&{WVwhoZwp3j5SNu16jOgbo#$eqs~
zJyCqlHVT+bo#xUc74cc}NOlxKWa}o$>iK!SuGV>z!#&}jCF^xK*i?-YNC~%U#n#W0
zOr6hD>FSvWZ^91G>$_<b0pvyrPfy(hs$mvW9f3>6D7(6*F-P7+e7;pL%9W%#@QzgF
zcJ~>`C*SlgDE0PhBVbndq5ih{ti##ipC3E~{{i+~o(f6Uh56fHaR*h{?o`_1^S(+y
z`e1#Y8)=;)v@u-1EbX)Y{nw4sNX>88O0K&iH(#EucRNwc;S1i=ty&oktmp|3Mlbr2
z&fXeGB=uJ^N+xYq0ysl&K?9Mb2DbvzKvhw!U*nRN9Y`njxlO^iL+OjAB}CO1bKqpa
zl-XNA^{IW;_D05Zq{WV^K0%))Cj<r*-;y7?FmDI|0`KIWpT8|82<kw&l49((ly4I4
z8rOE~JPkmQcU=W&Ik~T87>GVYlJ&*u;i?qW@CpeWz|7V2dHN*(&?gS`(V1@Hi;iqX
zd{&*%s!j)ld=ZmAv+CSV`^QX?r+>^WO+m~w?P;fC|4)7Ig4F%AY27buOTax0$8frx
z0YoDG{#fhiU)74oi#Z-(pYREKod=c|a{$#rC;zC%UfCCYM?|#0_<Vh7*Z6(a;XHyh
z_QJ(QA$&no#Q(D@0QvE%7ZtE%y5yy!DwcYGHWOF_aS8Uwz6jDqWdG3kLqB5<?qj-N
z0*z6KMmr&|Hv$LFehxvG>I33t57_mz&&VRKabv2a-`BVKzf%VQO2TPOeReo~)`&#<
z!n~&EH}Fbh;1Xz8zE-mL)jne^a(|rNyRa`xxPgd_%1Fs?58y}@Zh<mjaBCoP`94Uz
zYtMp{N`($1Uh$}Ixd^<%#|o$$+o#SgKaUv!{T-}kKn6hT%m2~0eDS4-5#;wbhZRWx
z;>U9UB6!m?46%Ej35G}yBBPggA5O2zK0^J!MN0pBgc0r|0j^0D^=p}E5H-LnQo>tD
zNLJq!rdsv1OYT_;0o}*;6;)i{*Uj{h38eWMo9HT;Gh5M;R(bN|BBlbec5tJC{RI?8
zBkvyd8=Mnz=QPO;x6N(${x*<8xzg~dV?ye|yc&6uS@)Fl@EM7SDu>P$G4ERN!{+b5
zn*O}HRf)Xc)Zq?!-ESyX16>woG5n#@$l)%zHkh<*OHN}p9aXTPCVjy#;Ica>6AiH)
zeDe!{MNg~bfX<MBjTB1O2B35FJ9twmU!zepWo3P}x}V8nIlQ4WFliI3Js4&We1!3g
zna!&uvJ`{aPmtMTm%YyKYleb=0f=hc6-4H@4!;BTm=JiYto>!ti$LRRSfhvV$4Nz@
zVs5{zf*F?$L9qBQUbEp8A1VNLUQL*FvI91n1{NLK7m4hN1PsB;Y8@VsmzmBhlh*;W
zS;K*&KN$^w@L?i{w9Opue)3k8jsnm&6Ky2$VZ&{otK>S}Gx{T|<UB46)XHtMBDR))
z7(@%gU@yn;gBPwA3;5|@2CrT<0VwSwfX0;v!yk4I01h4Q8g$S50h;oo8^G*6rhsO)
zdO#Q}EQ0Y5q`)Gm1(AU-ryGspf-6+W<xJ;g$v20arl~mub-4YmVrBw2G#TKRzIHNX
zNc(|+V2;8HZrP9@G7~`c5$2c9P)1bQdSnmM3o&r|&A^-mEP~eq@|{7aQQrGD@VMLp
zBudE}TYJ1=jrbt-aBJ;~!uD10j^2TE8%hXo*kY7SN&Wqk$fUigfEs!Dh$JQM8Caz!
z3TL)9LrLCXR7M%PhukPS*!vFoB~u3(DNazqdTP+|-u!;=FY5@+nXLK!(TJCBKon9i
z?2!8TUXJ1Eo=u1R5rs6uTVw!so<48`?5&Y%HOPc5yz1x~=9gj0px)%ZyI}guUH~?G
zY0w{6gS^$ZR%W}*i*BCXm(6x<6UI|uQ<k(N2NXHzN;S``G64Hs&oGB0u?5WDj6uxy
z@`N|$77m|>6dv@m2MCQEXJ(Oi=XNq!a>8>StkYF@L;DIJ+}=}IJ^v6U^gk7P9kg<g
zsXPx??LkZvYlBfHC82SQQ7Rb8!WI!PQDCVkkD=vS`QQ3T4N10)2cj9JUIW`fA`8N~
zC<k6CoF7(i^o)}FTgQ8l%uvnxm^ptFqEP!xrG#J7<uxv*LsY3ShzIM8)pY{EtMvsl
zKK@r>(6;NI)g2FjpSsOJ{=%^j;(FTTvd%fbLyIhMrW~qln^tDviL8oSzgUemn%5+k
zHZw_nzyzD8vy(7r0&6y1cdf1y1e&4l#RUI3*khl*55yp030}4QtIjm<IyuE}MNk}C
zSiQnJ(MTvRRrt?U|M5xnL15`X-d6G;1srz>LOCQ9*VU`T;7I!4Aq;{$2L_)n)5B*F
zgj`Uys_`F)gLDW)pXPZX*izF@SLy0bc#%(AuLsAF;9ktiFg&>U2)rM(W-G2U8ZI65
zLax`qE1kjXl($}0oj%j^vWj%w9$tl8n3eG(TmiyIu#~t&K)qL#EzOl4xJ>$gpJVhn
z1~OR`;>THlC<iXBO1*ezEwwz6_3DEyJFId{-t%8A-=@gc*L4?{UK`^$bG1jtDn`ae
zzWOK|K(CWl!;=()wk<ri<$ZP%x5_6ojwIdOk{t~>EA&L#@MB#TFMljkAzMH=J}SEL
zNEd})@Pusb!x8$f+$X{9vI_c5qeZ!-XSDsG;K;a|DGbYU;^m!(7js*zUoP-}bAOL2
zkn)zTeS3CT>!rFP`d;xpTaWDzUbtWpSp}LV_646aY)_WgckBAJKbP2Eu@B?PGrje|
z+}zyewf{A$D~&zB`6yPdJ!G`$iujS%=sfbyv7slev9U3j%fz!kHNV_Z7dMA{Xk2eE
z-2`p9j<$WvN{B3U$KFp*`nI4x`m^lCrf;)&`dj8KPPb-gRc!86;G^`nJlD3R#&Xou
zRkR|`ow|VMvj5;j6+utDwz}coa#yczVq%`SF#Dl6v^{)qYS>%LktLn}OGjPz`ypEg
z&of@$<y72>dF??CeYB@kb$XS1q#gRaiPof0@JfQzlO?GvhM6peD)E`zCD#uORap#?
z;=K7w!q*O&QKed@Uv=#}t}Org+pmWyZ$u2Lzv)z4c0BZbBcfF;s$D&ffB4`HR;7Ae
ztNMBSx~ln@@(+O_ynv6h)o!a>{n(jWN$S*3_gaIfhYbP*Umr{DyVpuXEiR15KES^_
zx&eK8AhDE}s%~*<e9B*4+v=Me12N@E;g{n62f;(t8E4E2lO9L}-F8oJFv&(yZ~wRr
zKGIIUrDAk*D)XX(pG#Y+{lVS1<R<IjO*{$vh)Oa4j3chQDq5wu-+N(a`Acy&$A+nQ
z8~2KA<;Kve<jej_OOb$-{%bn-RSzw&QprJ(Gl{|@6ZNuCS?Nb43hqLVQ2OAGO3k?K
zXv+<y`AVLzhs}3bjS4Ah##K)ly-5sP#WKwK2sX$G`Xq&+b-mvDotT$c{C<t`;C3`g
zaKVyeQcxSjrI7UQ0Q)bm->D4VuZ@?_9TkXbs`KWnmE=^wB_9~>^a}nM)W*;0-$KUF
z4vh{=(N~WdM+6v4gn3EC4<%456xW7?xfV0nT34xwNHv%WHaw`hDI%4qESPxfV6Eah
z!#R5Kby=yS0z36}8CV9h4-6w22U3%~f=z=KX6aKU=u#6J>b5z3x~dLa9$G|;GahvD
zJg9JBecM+(ojx^@PliUCjlI?w-(Hh}J_a3i2tHvT*jHtYKSwt1J!XQx7i^&s9G82b
zV#+J{Yv4ljX;|Y<Lmek(&6<MUYq)lo{GeI#fR4yc*kR5?WV$_TxD&fVrUxeh0^D0#
zk_MTB8}HW{H09N0-ny%hjW3OuP}0>11>QeA65bJX?~%ZDGiFtXD<pmSB+G$|&;qOC
zLgQN(hu{qkw&5bqS&zbVq3XN8O_op9NQMblFDQ%F#&89qS#3j1mPHo@sRKVLS_VDd
z;A3O&wzQyNPp<sVHfH&hbxqQfVx1vG0sWVeso`Uw%j6rU!ist@;g}jwrpHiYDH)jW
zcCc&ED<Yaxp+j8{d%)IFs@5D*AB$t)QdI9B5g)rK#_-^Ed}TQKtmeV4S6+3q?|e74
z@|fxvh7}U7I3yjdtQM@zQRkov-aYE`Wr5j<gDN8BNxwsIz6qTfXJEb_9Z_Fu($BK7
z>hJ|SuVCz32DwvRV36{bVTtaZ^KfcspfR)Ncm#hiM=C?z4MAb9>=!1`SShEydPM%0
zQqfw!P~$hp<>OCE{`Bs%5M>y=v$}4?b6lQD^H;OC)OeX<TP>aIqa>P*Vf8}6XT3dR
zep0S<-a}suL|qr3ES{D>b4lWGUFh6+wL;tI4fWlTVW}JTt^!|p?Yx#{Q!P!7)|D=_
z<p#eE;d(PrtGG=spP&t}Kpb=9-STaQm)=w+?%Ik5B6{A0m~hN-8mdR+UXRF?D9i!_
z&Iavs4cdv}ZvPr;?+xut6T|-u;Typ4FFZY%QBK|pRN$AuPy%1qHpdb?e<(D;jm3;N
za3k;d$fXvK4t2s?$kP6(dgUVHh22h3|CKZ#r<wDlG~@j<CMv<>%lDqQ-DRDOW@ymP
zCLw9iHZU2tqE^V5tyM$?{j8lkY3CJD#IVIv-W(EEaN0W11YS{95Xico!3N+J;c<h`
zInQa2j4)$PLqQH!poC+5mRbQCAB43KtLBm(4X0+;kPoa~14(zElBfpkWu3$@G~Bm2
z9||C<vDK*g8*`dG8&@1n*?FGgRnuxvqXy*nOf;E;AMe~qbmA>f6)cZ_#%bu$T%<-Y
zcIQ6^=Do2_$*!3<IQ`aZBt@cjJ`{{k?Tz7EpxnU2b)2e#5|4ERufIT7+@)5Kf&Q|8
zmwJLQv<ei>3;7qE7N@NP!%#y`Yr#T8c`)SMge~gB`~|Fw*ai?O=TPc$%&F6LYL&*8
z)y5X3J8y=Ko;vlefho&lfnp^K>I7rUu%Obt0WJ^*?)FuU02z<tPNe{7`k?@(T5TY8
zZGJd^L@q;D9$=d_QFGdrg1u)@iVbFS?Cp`+C0SHZ3XS@ePH(9_IPJY-eg&uHc5@EH
zKD`Ho!K#6y!@oR)$8kWRac=Qk^%S+j=ZuTFNvS7VA+ARa9cPV}$Bf6Zr>>1a)}jI%
zPOw>u0}Mnv%I%V0b{1z2gtjGqRqF$6%f~xRmotqUer@%y@p0Vl1y=R<uHjBbKAqoe
z4_{C+eJT*zqEgE*+n-4~qy0*=a^4{F*Wpu+UV@<u29e3-k;%cQ^!-iBwJ#JMSNo`B
z#j&KT(NcAo*t<qNp~e?v2R#}Vk+t+4?(SLRJ<;j|5FMK{yCqH<k@Z)w`_jBY)SikI
z>BxZ9JW}w_R_9g{v5<K+|6P*biH+ekDn<4IsnaQ5ymb{kRYE*f-aOaW?}wsMPtY1q
zHr1Xk7BR0DkhXxSDTmqfMv9{^xcgryrjcg|;#JhY`$P&dKhjtII##r{Ozm=A)nO;c
zt;c|*W;$3QTD{=#!I?WJ8af`8(_i?0{GMpgC5PbEx9<)BY5veg*y6n>m+xf{Gi*1%
zzIr&LPKi+3(LG@FG(^<rN890X{?n;IiB5{C(35uQ8vvAB4yku9ZJ}WeRqv+nj?0l+
zr5a@j3=uUwKPuS9*`ksS_)A)e>G-O{(ZvgGhCH%ResMGt+jc)~I^_P6iETI?RzOj<
zdeVEHb~!#Mpm_D<NDir4w)<1GbelAfEYrP5BB6qnoF#ze)v`Y-+)J6*Ox^(%qTL~L
zJ%@sW0@W*{QfD|FXQ6|&@-;ynOV?v)$5?@{_^SoGLctOjn!Ua2LUt?tP6%um>;wT$
z5>Ekh6vefkRC>Q?mv(NT?@FO9G`rA0^oz^TGT^p=IoEpqMCvfZjM|X~-6IV;3r9p1
z%1$co=8<;12zWhXsOKW^B+6!YXq>+`!DoBDeudxeuVe_)@p3HK4oc+>VmDYYt6#Zf
zaH?t|+Az`vH^gc07?D530%WsaWznbY-+;+Y%)zZaA#+a&Dr~(WbEL~OL31v{;whIx
z+3tKYbmUlmv@u@4!97a~CUS%mO_;Z<MY}L-XM6aU&4%Pyf(0n+#92ZF8ep8;F>98j
zg^+lS%KDe$bD^JjLOm;iDGVZC+tPzn-8RNSOdMDA2uck;1wAt<r*OnCIO3TWo{84#
zuvdPqI;_;Yma#PK0RssWlb&6sIVB=Bx#iAW2lS!o3|}}rZC9)l>`N7G&}BB`xqq<E
zJ#1*4y{0X(CahMlZ)z={T0xY$4iXV#9K4YpHoM`spwlzKCI;f)mDv`>Je;2al8LWQ
zkToc2Zn@1d*zH>A;%UV*L9TbA#zZ#)91ATLKr}u&-al&ebjHqWjCIa=V;pREbwet<
z4$qnT7mlo675fXt_LU`R7NO<r?Ap^!T9zc97RP0p;SB5$4aZbEv}QuB;NBAwwqv~Y
z5WuKagaku(jGgnD*Z_#_n(+ct@8dwW6V<M$N}zCzz=}5L6pEq}hdGBGm(z!miWe5*
zLoAazsB}~v@w`mxkd3UjJ99&wg2Z=TcLR&TZE>pMNZxU`gr7nsjbmSOrY7zbI=$!A
z6>lZCmxD4OI${Gg{+0N^F7?)qaYQwXsu;t;?Ocuew!_~#KFNzJbawlSxl=3_%?N<<
zIwO;SJ>+96XHi0DW=}C0$nvd2I9TMi`ig6Lz=0%einLZ>0rrsX0yUmqT*@tXHPY`y
z>n?YQC}_dHergg`DCs+x<dz)z%YVU(tAR+3za|a=7}f5TbR(V=i{Ua%<y6BV8WB^Z
zlW$1725iS^BHuD|w4Ua0=zW^7%%NUYb@){H!b!{clX>=KKSIJjT{|d^)t{+V)O~|Y
zUDqfqJAyxTq_C=6ppR3&EMBHx#8=pzX+!S4rQ69+Dxy5eaJ<GAUt3$%;e?*GW_vY7
z$OiotR^%&Y+zs~8!kQ!alidP|{4UKYA8#g8^{tSECOD06Ufg2~e=XpXsPD#Kz6;7+
zT^nEBDcJ8g45!+v0FzcSfybOkfSvrkYnDMLE&Z?$%GD?Jm|WyZZ0BK?+6<MG!(PEa
zw^KBhwNHYZGWa1{hW?1RyKgvM1+L>m!rTM_kg|zd#qKvUEcq4XK&K;^?g~%uS58JC
zg)S&?Z5%nW><zDx3Mk*PA^~^p8He|K(as#~0O}0_W<?m-)N}-YqFWr4v(p@E2R@mU
zs|S_}_?G?!m=UjqnBH^p!@4--y4%>e<$I%L5+Y^1UwvLnqa#`lDS*xI_a8Lgg-mQ_
zoB-eEIXf@B>=C?pcf#UG4-+693<beQdwJhVF2A5w`w0fM`C5i0Zch=u1j{eRFn9sv
zC!Tcj`ONx0rl6iRXpbuKkz=b@eJkz%*y?C_lGFZ3ME(qjfT7BZAOc$XZyI@NPD%u^
zfj%mniOu^7X@f2a2-LAo(UB<;iv|5f&*r2U*SEp8(n1~;36@E2Z}t0OsuI7eL=+`h
zb|6$${!ob++`q{GrV;^xt2*#&LB1Lt)42{lJv!Q(CvKj+nf{pMC};BimvNkW!PxXi
zQa2o5)K-Dc;+<>0+=sPpC3BOM^zYpEo(jS(MM`KYC5w^#JelDuGs``JkH)TL>DCK1
zky@QoyX4z-7_X8{P2xhE5hT+~I(bfw-*@A%^Glg+GDs{2UTIgM{`KW=l8i%EZe(7Q
zSyr?3KfiY1Np8o_e3N=6apzL<<DKYRD?ArQ_)inr3~p`GxVlN23uteI)uT!n*QKFT
zYBC4O=+tC7*)<z~ZN+~(o$)5jfRwJ)FmtPaP5D_i`UJRPyDa0cyKft`YI@acbU%#F
zc3l1u02MlgKPmb3n504S=&13bE~P3xn>|%NngaApYBB~I$hU(m?hVgMeyvNrONggy
ztRbgUn^gxtXf=RmAyh5KBYGBJBj1jWf7aw{togWdZl>p*5ub4K<40le4_5xDBcprS
z59@*GUPkZflc7j_^nh<gi|t3V@}AOF&X^!7OMWt^e8jec>&gf?k6U{fod>w+M~$&%
zb*t+Ga&{U58~|;JV$~ZP88lZ+I2Gc)Z}vw=O%EOYri6UsOg^MqBEW&h(L5Zxh^UQ#
z(D3So(R-l5oUJqjZTTK(60!M+V@~<Gn=f6#3NRmF1;7wkA?RN#00!U{5F+3e=r<Go
zwZi{-0SI2<kW>B-T)xOc3v4iFa!)D@q2doM2g!bmAXtB2*khvAH(f6#$o92F#71!`
ze+lOG4_Oi-{kV}Y`H?GML#{RctgeYYK@vi187wnQ$~ag1W_<G2P-6;-@(Ig086ncR
zk=i%IlO;oq627Mo7eY6aFOaZ|*6PhpN;qCLOeXOSBn>>OHB_rNF?n~Wagc=NT<d*b
z!m+}(kdpeJiZ6r|k2wd+)E#ktBEwNCh%MbPbsVMhRXI6M>Dx>@&MY$O@lnd~O^Hl$
z5GnVmaSdNSHxq-2$*ixjwj}zzYS)vkNlR6dnMg}-CF_!wDkqCWJ>c!+L_Y0)ULVIW
znbjl9k7a0%EI(&j64aLFYnC|Is!1Zr-s(hBF;MGO|C2vRDEIJkoQ(b9<tUlCV!?hV
z;^t5z1&R0hRt^&Hi>>r_jk$Uix^LF+C)<;47$mciZFGjLXJvs;d0IKF6?OgGt+S}J
zZmdGTo2C7o9czz&qk}-Il*^pzjfvFPmw%JVt>)rubyQ0?xzw(4<D=c#<|}j=`7+96
zR(xtoBIefG*b^3ANAU*9p(HM+GqRX4Wm)LwLXu>Yye~5#xouL$fm-HqEA>@>@?%%D
z&Z_VFD;&Mj6>^R6^X)7Z%U`XezBjg+;&@uML`I#pgGxoNXeL9QBri5Zt{5givjf?3
z+Qr^7Q|3D<Ez#ccnG6sa!?)3$<m7|(XOZ0>uGJfxBn~x_`-alp#N$$$NLZ$7CHi3f
zwkO8V!}`VUCb##-Sd`w!SEOLb#I#`;e01Z+BBK{z{o|K?KOTpt&XCMFn9M@XMHy(h
zj-$>MG9pKvF*4XvL3=kM%TQwi$qemHeC0XyO@CGg6RF>m0X4CTq@H)q0>O<LCePZC
zb!M`N^Yzt*PjDO*bgliVdK>6PXhVD<iEE2(Iupmv1TBdj+>U*NyAbaq4%Z(ty4Kwe
z)A!pm#C|#SZs3;Njwd~&Cezo}zpm?8vtOe)i5<VKq~7T#Sc!5km;bkU^e0gb*Zv<8
z^_l?vC1|&|^BE+)R}B8osrqLLqW4X4k-hZ)uM&0Ul|%%MV-bd)v*mV!v9uU!T9G4Y
zd;E7MNs0K6dPqoLQt8c!&9?eKKjNqR*857uU~;nh>zRDE1fG@D@ERZIM=3J1q0WyQ
ze_j|0{uQQjdhdRZ5LmiMu5C|e@zuw<;LlI$j{cs#$zktEeDUu$uRHsKPv!cJ(f1A&
zW#7{ZCO|5cI%nM!#nvxt8}c<j-yS#pv#8r)Sc&13RX%;j9}uwq%Dc$jD%xe}Ck?ZS
z$&0;1(Z<@qsM{PtlCoy`92r}OEAH^OSub-}+_G;KUly)VoxAn(-DJVVtb%h>1sCEU
zd6c}-yY-P%J2LCr)!)$MBioWFJ=KqwL?W2JDgUm0<Wv&dBR|XI7F||f@jLO6VM$nz
z;VcJD1Wi=H_v+v3;O!jQ5(=#RY=5b~=4faidAP{qktU&?$j<+A?0e9N{Nm~L8&7iv
zIwETtD9sWJZq#ePZ5V9u9I+fB9ibcH86g?bFpGZ_@+kaKz~alrr_kb?#lXd=Mc>8P
z%bKydJa_ML3Yrxa$aZGisH@y<zQ?D<r}^np2e-&2H*T6ss@yG?a=Gm<v2iC|!bFfY
zJh<(v@s>HoMk^E?ORH!$tMh5_X@9);QPWO+R)bYNQNuvZK(kL>N~2QE{L-;Vv)d`O
z+5}ET?mBJ`uJlV|+#vq6ImIKUB6TD68&VtE8-g098p;~#8loGR&0hU4s@^&-%IA9@
zmJpOwDM0}h5$OhLBn1Q{m!-p{OOTFRK;SJBQj4@mNp~+HtANx}ONU5GcklAM0YA_8
z_53yGp1J0lGv~~`uxHNBlpC^Y>ay9zt9HKW)LkH15YN`G(^PsY{IrJEgFT8B^^}{{
z>FFkG`csp<hYO0ZD7JzSedD71VcmQAJ?Ls%tE${_b^5|cZE_8kf{$qNDm|m@Vy!66
zD2TtNKZHu~tM03UJiu*8!IroxbzFWu`v4O9Epuplh0^UqQi%c@iQZr7U%A<dQcldz
z&(YT?DjwFkSHOuru!U6Bh)UDvN9wYC(?Vyj5DDfK>k5BMMss#@v*jh(=EV=u*-BJ>
z7*}5Z;;wc2jj#YY#JeKrmgN0e{|o$^;<tNfiy?}56CEYe0-#zST9h{oNzN}qN7{N+
zm59EgFOJk<$s0t&Y%}N}Bi|JB+w)oS#L(}(Q@xA4GrfbnKYCYqH+Uy|CwS+2M|pd+
zIX8Q!pL{y`a`NruzmxYTwI`J)aVIG!g(qK60#CwD%1`P~l1|_!IVZ&@ktYEsO()qW
z!6#Mq1{gJrE`ZU%Jjcjmpi`OH9Gw9+Tb(L4ebS<OU4w#b^x%puX%&IKM^W;y%4*&|
z`otPj<v%XHZtC!#klwvw(m@3qrmC{>yABBV|Ads1zp3^=u~Vu1InKAv!)ekrNK}Q(
znNMZ+rbtfA&>*|0KeBJwZncuBDq_5UTw}a!oOc$91PWU1S{2`qgpLG9kvNes(o3?P
z6*&IQF*fGTg$%H-=<Kt3lQz~H8<b>^46d$_?h|-ZG?q;pI_1<17_2z#3waYZHcmq~
zvpfbHRwVWrycrv7rq!ihFcy*zg#MM?k3PBK7cQwUCC8YnKE$%jzfXH|->+KIBt4gV
zfM!KyA7DOl@k?xyL5+Oelaa_#+>iG*G$~>%E<ukhPwW-!(Vw7C1W(j3-WXBL6N~~z
z7ekGCgW<)nVw5mY3@zq5#tQ?(Fk=KUIv7<9DTW^7fbqjfV3;tn7%dD1h8W}OSA&hm
z7GWc>LD)uY1vVC&j4d$EId@F4w-;0c_|*h^1$udUd3%L=g?stA__zcZ1Q~eKco>A!
zgwpuZ_|pW91&n!&d5wjp1*dr>d8UOWg(UeT`6UIL1e$o7gxv4V(9Y0F(MjEHzAJUl
zCw%77>p1!O7f-*+5B+z$pGo&ecwAK6N9{1}aP0`~4@2QY9d}pcY!z1&SLEsB=>UZ!
zg(NwBxg<q>MSb~k`EdnN1yQ+rIZ?%W#d>*fd2fXig%df3F!8%y0y{6}KXlAR=Q63w
zr+pN^=f%4tGauj46+OaKB0n95p!E{oQJW9yIE{{CVoWTj<rCBrB-Ik;92DqEUg%b~
zl&{E#{wy@p6}C&R>h`uYs>m2?u?NhBgp!kcx^*p8DvHM1)=aB~#gbFI9W5cQ@5fO0
z?IQ)qd0CSAdyW@1U4v=)A<6f;dlsp8wRi1zWp?>?advsZ)N|%t(p`yNii&2DANOIA
z!nvO-y00&qSq4DO8O$67qIlH>)cH}o+<e@^i~@|p>4GLgGXgWhQi6n^Wr3dlMSRzM
zkqJX<E`H*k+PXIJ0r6q+U*c2ZBZyH%t8a&It8cIGPv5Syma}g0(fgK>yevtB-6D&R
zT<f5(iv>oKlDp@+ixz1Yy)5&*vX4uTvyKtR`N!4A8OL=ZefJ$B1z8dYd+HX=`B5A~
zki^yQ%<j3K*dG3#-5!<h0-#&5JGYyrd!*Z=JF1(zd#2l@hi}(|{k0O@mKE+8%sCjQ
zr&HLe>sFAY)0J<7u3FI}Ej-b+D2PUP+uBxD>gzca4(s|9q@sVVSi4o#>q!)D=sFc7
zxP3y8(3$Sn5J2&YGKO#2y%(IMbBHK!gIW~b9QIs&WfvoePBQN)1#%23ilD>dcEweF
z`lg&^)COIJ$U<Ls6k8=x;Wr)opG9|8o$cbQ+C*FRor)?VD~0qG4HTj6`t5owdhG@*
zP!|1MJr;vpgIuT;)JlIze@Tx<Z^?khfCieNpP&cPORyr6OCMVObk<Nls3wLf5dDRm
zqq~*ra=-tt)Gfau;G=-%(<dUpFYh${Xyu|`U#nkhiLoiJ=P}bq?Xqb3)iYQ*AqCTz
zVkN(qNM`Qr3AW8hnfo?|vMEsu#^-Co@^}SFBC_f;76f=JBgfx6eyPq7%QITW=_GEH
zS(jye723x#q@nvQ$uJ_nEA?B5_<y#Yp_-h>)+>)0Wm6X@z5zlfu>HP~fj$&bW@vWT
zQgi@T2fs0gV25<*g?~g+$EGGf?3tTJn<fNyr|OmaptKtysisH2>Ao@DSMU}VG|J|)
zZa|2gk<ELdI0f5})^XJ_3U<PM&(_K4N+i^#Dp|hy)UxZ`^vGqHl^o)~pUFFGkmuzo
z96@?67y2H^xCwZ_fAZID`Bfvm>M-E|rJtxOde=J1pK^Zyl{I}5FJJ`3SuU3hzQlm1
zzNW}kM1<NzZVUAYHf4C-4qjBu9}IlKseji-_T!@wjr5NFAz>Fhddj-!6M4t4*l0rQ
zH}lN;caGoFDY_57>lk@k%G$44!AEZ?lnt{a*LTFq9P0wi`euR|xCQs9^pW2>k`#Up
zyM*c6v06H0-zkXuGYqR7@Q%rc2RxMr&bWhyW;Ce8-6C2yW*(7-{k|#2pZLp5%BmNY
z2zz6x!S?XkX#^w#km=Ryq#YZ|($~J{q-m5NdYF$R_@hqYMz8Ul>Ni%w%*7#GCu4R5
z%wdbG8tDU!28e31th_Y(#_q->&a$G^*fB<nAm7gp`o_4Qi}RL;H0!y*=a4htv&BvE
zxNJEjzRI}^L$AyGO@GgJCL;;u(isL=vSP*kUBU^yna0j1QC-#&_-i#*V}G`b(;kdE
zMV0qZK-G4p$TyE(LDZ?&Y81y7Svhh~HbOnbd(eZx_0x5YYA=GW#HQ0(dX&q){da$#
zIEOT(OYy}ByVy3T#URYVZp(HcNp*0OPrRyeTz~!D%K?~a?N$5^*^+(r6ju34XVPFF
z6Rb)XjyH6KM5Hp^u8%sQ%70#`wZH7e<>FRm+APs2qzG-pnzC<C71+CoXSy*1m#6|m
zzuL>z5=*ZijP`cEAS*&B(~bVJb@lvt3aM!`2D^md4O)M3F-xbDcHXF+sY9Sm(W=zp
z0A$<YJ*7I;o59R@NOA?OdtQLjOJ^XXe|#7YBGkK0#eR8|l>agy@6b^@kYEJT)qk0a
zp*>1~@?W|1rR=F2KE_yv^yu&IIh)3?Sd{1&h}bD(>4=CVOVGL@s&Oj@B?eZVUsN?c
z2wIo9sN(LlZoIO@07<pVh0eY<3ac=1B3;xbY2V$0FQ`hots99h&E-IAKXGX;H-%NQ
zOLI}s+5=*jRjLZBRagBIzPmSG^mFR4ZoGZjFPU%D@p6Wov_&<6m;(+2Uju@P^$TA#
zF=g(nT~dK5G!qLAkg@p&e*I0H({*U|(KJc*>7`PD!YbY+xzy+H2cIs;8Qu4pK&Gb?
zXTa00cC4w-<b`q6Usp=rJea7k-_~mK*-AhDTWGkSNK$R(hq4no7MYPa+B`eMY5qe@
zYtMa>hO*yL0a3ti7vY|5$?MX_6(5F*UnQ{0CbCP4d$jgWC*V>zE(#y60oN3q(;qaY
z(S=`{6Z%giFFnin8YuN!zEC@gPhX1QQteohYV`}7oIw><moC)?qQ4(xU#Q*OX+1@H
z$v#4BKXY`!J`p~=*>b^-l?+-ZykI~7+<!uG$u4D8iurRvZo;n*;9Zb=suN6XUKoz6
z>$Tha%{15tAp2$Yrx|0IV7rS#!6R0Xsp@_Kt$osE)oi$~(Ew<0I}sti(MSG1@#y=>
zv_<gO$Lr8x7kjJH_}z(u!o^x&1-t8cf#CY*Y^UNMWjkKi(RDQx$*c;~{t3PU@VR_i
zd-T}>TY*S%TED(*KKSzzXxEz_l4^aB5kTJ`>9sCmLT^u06fV>{5*SD{H+I@au3A+J
zeWE+M7-*6ws3`hUp9p^a<QJ-E7YaEheIM?2Dk)EzTcj=G%%Z+jyr$dKZlMMO?Rm2r
zJ}jhp4_t`)krS4sRabiYDcBL_1zqY%&p#@9sV6WAD*AEgO3`9k`>9JsH~ghbhM6eN
zm-zE42*n}i3;CKTl4|3ztw#{OmDK)m#g)0sNz9N`2VHeY=pQ#(*}SOSeg{@!E~d-y
zxnJ}J-TY<cZ<6YVmj)#7v8I25u{-RD4*}g%0C;r9D_B-W#$c;_=9M$~N88p;-LM{d
zowd6q0&1NItBvM&*(42E<+($Q=(!jNY!U-WdaAm2VXbH2J;VbUr~awu^l-inEW2uS
z&ZWUp%ot5=#+yu*fY9vlhI3{9EZR%+Sd9|uB~@*X9M71s&TTXg+_#CG0WQ4e%0G(j
z^{+dx0O^+?`VU~^{D&srHA7N??C#SA?7h)!Y~-gAG4QW#MR;kY9^3*N0Aq&h=;>NO
zgJ2HueLW%5vHxHc@E*Nt)3GqvJ@~qwyXn{m7!7<%@4$5IBa9JFShj}RF@*;~$zUQW
z3oqcA&`6lqjjo#j2TNH>w+ma>Uk<DClpYtZu44|Ga>H&H)-D*wu3oVzw4?kpEF6}y
zzy>dX7Ms;YE)c*K%f-VMEaC0t;%N)iaF#NX+k^6vpJ+oyi*Gc%WRneE*VhcIpbNe(
z^up@y;>_JvM~(Lx-`%xFyXHs?MjeTLnAzI<EPcGpN|dR9yKpNXd9#v$yY^;2FtZX>
zox8f0K00P4is-w#FdsKFr~lZ?g4YFOHB%g9s_-2n?ZmV{0$MDrKgV>nA-}6%^kmeZ
zC7-lT2hi~pq7Fh@rxWRT?K=+ITBk|>Rs^rB1~;+@T8zf6_XIbRSDB8ctaAo8G9oO9
zCk%*BzYm1~W_HyzR0rROBFzk{YiJJ4I&cg|r!__uHCaOF$EKm9?XPG;QpcusM#-P|
zj<z0bv`R*M^Q`qAq_s*Wdh@RRI+$*iBo(nFo;W2seJT2%nMw5_#evAL&JQPLe(y?A
z?Wv~36NFE)pEdkPa1%j!*p~79Ecsz;Q%VTm{ni7sR-h>`g#Uiq!R=P#_dadZ)lqj2
z?nYQX3tP8%@5dYgdls@j_ufx%gV|tI(s*=a06%1IOj2W1xbJZY_$#k(rB1C9;Ly1@
zPA!u<orxxLZ=SvpNSzg^M%_B#tUa_hJLNE&QLdovH9x&?CKbQPmx4U-YV{{byJ;}m
zBt44C2?j`LO8ufs!CXFCF7wknX3e+M!#VAxUXH5R&?1qeO@^b~nc^W`V`<!LkUvW0
z!Ryysn^K8rsY@GQj8bTKm;Se|Vb)Bo{+ZLB`}V=Tr@f``*V%(Hmij-PnJ36;4#0y0
z###@U-ec7Cky|&aOQ;SSZ0M0y_9onGhqDo;#L0jV(P_}z$H)l#na68UeHtXfWf*HS
z;Jy=)!Ki<Dsg!&>pLoc6`_0pex8lgTQUAcw=6AyXff{Ozn&iaZO<Nv4jmK2inn1_w
z8ag|5@s{wKi6@Cq=--pSBM<bW+M;Q32pGWw2q(!r`L{}1)&o*0Wm@P@;xT*tq8v*l
zEWiSRB9kE^O(yCY-7Mel3Hk_Usx9XKLQWJKsgF38?QS_<lO%VK^WP`?9h;H*tl^z{
zr~*B$Li%$oHR&>>CA8j?jK`a7$6$-_Z-|Eb{E}IFEJ^110~0(T9Zv!JsU)OrlRYD(
z1_)J1ezml_ubmm3dE31tcZL0a#1{RQp(4O^hA)olztN1N{#JnQDS`-nN+E3IM)jK@
zQb9VsNIwzWdABM!sJbe?UKKoaUF-q<bh>`jbeyk^DjjvUlWl9c-TJKx!t}q4=e1ZD
z<$o2*+keR8?WmIr=Eh0X<Xha2c$a3N)6Q7Q@7C{HFb?joF4yTeECbf~dz1O&;9#ht
zu(@0ct6N)0@WIajmYjL}Rf4VvsM|M|f|O-z{GovORNq<SA$g4MF&UV3frYs5yw@+{
zTFLHQdPZl4vvu>Lqo!8`*b$;_ybAWfizf!h<um>(sL1r?OxL@$|Hjkg_+sbE!ROZ`
z#l|$geFXS)Zf1YwQZ^&r6JI@W6TtOOa~r-;8710vp|VwKVx&ULsg_kCIQ88^{uWSg
zui?LIpxWZA0$2EaFvSkUhg>2s1(!vH2foDVt&<?f8J_hQ3rv6fr;Q8tLo>sGXZZ)A
znd9JA)zzL3aItHJgAsN)nIJWs>OiX+PK6KnjBpy-O-SiYGz@c1H!!@CKG&L$i=7vD
zbI}zQVN6Z=pw|2RaC<uMKJ(vm>@S?mPoXv!v1PtrY1vt4Kfhv;>^A4$H?Tcp7#~;Z
zQ?*``B_@Bd?Q@Alo6((~j~Bao51KpN&u3O=<bj3j`M)!1aIWt`@{ff5wOCidZ8LB{
zuKbre-`I3iFp#QT?Vxjmh7xjCaL<Sz+=_|=!^A%>wu}--4ZoN^0k^hrPtKFUr+2vE
z=GR35Zhpm{^OyB{;HQXm$UtZsL>E_T3m|pgRRtrp-l+w`wI?r>&(HTW4ebCIW-pg1
zPnVxZA2t$W4gJas)ZO;~7E2DItr|`YA?ced#72H)1>A4;VZ}|YXpp0!z@yeXx1hvr
zf4{h?A1&N)q6?X6+7v!9QU2cTCXKVeurScQ4<ton`Ge1cBm^xS&U#ky_pDqji+av?
zAy;O<9w$+*ITLjT0s5!Mj&{x$!1{R!OlouXS?bvO<-TX5wo<o|k2?DJUZ01i3)zl5
zq<L)xVuYzLn0dQDQS3j0-fTFLg#c?S>VNUaWmpE3Dyc^Nua9^UzcK!@^w;$yuqms=
zTG&r^X24@l0wXQekJ=-~C^z?SYA^co7!zFug@FPW(z^PKfG>HxVn^n}n;m?w|HSpu
z*ifIWx_0M-cPPEe5%Q86(`+UWXP!25HRryBEV6x!7thv%W*2HjYDPlTbbGbcb=7rx
zAzT{8n(l1EY&GoUY*FA>cy4wlwoUeQHmRr0c@K3UU3oe~`nGsgiQ@|ES;krLe2JkT
zVCebE4Yw5UZ}l&XimCJ1!2rXP{bz2uNv}3FHgz{4n_4E?Ca;>coBP;osH!&fg&k^z
zUK)Jm93~sl4Tgk3LPtV`-wOxN&Bknv%%&roSKy8-;OP+;Q8`IH#w^s3)iV2@uV1o%
zJhm458JmL*X)-wPd^R>}D{d=pj<5p|7QR-#_xc~%W?5z_WT|DjXBlNV%x822MMEBO
zCxcNWF!0g6Xvx3(!1WV&)R7f~Z7<JKqDr?fzb%7fv2c`-I*&RpijSLzTX0jDQ7~P|
zM8HINMo>x!;0LPm_2P>xb+rmY(NlD0q&1d$gGFFy<06ouR;E_XRmBC~zgx=1QeXW%
zbl$LhHzl=Mdg%MC+}DaNNh1V&neWW<v>_{6rad?Xnn(Rse9M(G1J#jL(jSDm?Kdi+
z&9(O+J^_~hfL&XoSRsC1R~xz^r!)UtTSqc3|Cd!PTe@tLFIVuw?u!Hzi>!Zoepk9C
z>G8dM)^oY4`I)@xudnEt0U5V=B5n0Nh5dNZA!!>q(s=5j7dDC!@v}p6v?{9cN<%Nl
zRC~}xLo!neoapr-<;Eoa0<muq^&iLc4>iU1y=+VTU(gSs@-k1v+y*FD3gy3j)D5V&
zjrf*4oK$aTlou)#=WVN%mmn1CZTIn8RCUaWEz98Zap;hG!-tbl2+;S=Ih>4)Q5_Fy
z)%Rt~OW>KIvh3as@L0({o<@4o5yF8Res>~<atEJEL@BJUT8H~HN1z$A-<+(z{SV6=
zAxx5Fs-69zO*-jyc$RELp1{~=Rju$~0kodNV7N?@;}4sVvJgu;#Q~1F$4L(MnIdh1
z0wc8_7HK{DeCLeyO~rwi#1Rmi=xrfRp{5Mx+re;!{6Vv5{Ys935V)dw98F#D4wFZJ
zSO=c=Ew2wmOzE1@tQuv|#IKfGVTlsoew@YpS@ftJI1AQ=Qqw!?d`0V0h_<dM*cF;p
z4kszB7A{my>#KlAfmZg{heuXYjlWi0e%gRb?@;rl$6ZXcZ9@iVA8%ZK)*waiM4myh
zrcs$q@^~e8uUYpQK&W+0d?rfk8TFFkdOT7u1J~O)egKQRd?ry$jcyZzCah@q*-De<
z-4@JwG8C7j;fnaknMYNXBQyjb*YH`9rq82r%i$V|uh;Ncc`lJhv!5e5ltA{?e<+=x
z@4LV!f__sv8Ce_PE@|#<ff$8;YdTpAoBQ-Kb2hlDSxRr8s^+i?#OL(CO?u961K!Rc
zB9O4y@2f9OY;&74hq*G2EE86lvhy@u_Z1G6=4~piICE{8H~LBi%g*|$ihXqYDy!BK
z4qqbPK6dz;scDi%wxQbQGq=`Ombkzhh?%B;oN%NEZwJ5Z0_lc-=AajW62Rp{O{us>
z=?r%MPWlg*0x;n4i&-*pfff9s%#v`V4bKJPAbJp*_V5yodhG?j0wphqT!9SXOIM&>
zsPPpg_iL}{OHk8iSl*TJej)n`%?D2)1}-_-^^93BIZMpzR4+Afvho500-y%d-}$bF
z^C(9sTsE0>?TCK&KaExKmFT*Mf4Z*DwH?9XbZ4zbs_uty1w#H3G}E~wbOjRY61xJW
za%^6K8uX?)FGt%n^8!k)l!{uwTq%VECnvhpDO69A;}XSacKq!U<R88;cLll$SHA+~
z>PcQvrJEfWUV$PPcCSF!;oMiC1ihv!CKI#c{3}qz!s-<WAcZ?!p=$J+uBc|rj*G8Q
zQ46P6C_Fgh6(~y2|B6b=?D)!@*zkp=D-bc<<O)=xw*khvKx>#(oL!j==-Lsxw8oi4
z7vq&RqBwvHYXEgWq$<v?Y<AwcBYcTMgf47ea@KZ7`;hw`vV=bKGRS%rcCirjVxVlS
z7X~s{g5_mj8Yr7bMdIg$LpW$Tn6BD>y|%e(V@`(EQC|3{Ogjx0{7;I8W&e{B0a*M$
zF&<X+PfCSF{F7o~MgOE^Sn5A10oM3WN{0nqNkgAtng68Eu-Jc69IWD>lmh$sPl|yR
z{F9Pk$(IsPHUx(?{HsiZh5nPGVY&aLL|DQ<DIQkyPfCSF{gYy0CI6&kSo%LHVd43e
z5%L(juve1JwXPtoOP35t!-F)hBvZJo<{EI}r-4^+<iAR1IMY7~{EqxjvW8pyll0(o
z|D=Z;?YURRzsbRpb0sNpkgJwmyuK>2P&K71Neil`awQEydtY2h{Lo(IE2#ns^!@|7
zLVN!KccEPWfW%O)f54AWu75ZcC<EO5;>Co+%M8=5q#eD*f67pC5ML>%`LOHjl|8h(
z`I4?+<{T>j8dDZJuNo_Xu!Y%wHWKXm-_+^gcK@s;3Sa#v5y0>LlcG6<|E;@BJ%-dP
zYM~18Cs#|5zH6uUiu<j27sWqofkA?QHj34AytENX!_ds_jQvO;4$8)%1E=faQAy4I
z&euBd+NP`$3Pw26VAtVPP+fCqB8&>I0|i4JsW4KwAavLqnhc|dyFrI7py@C?I4M-f
zeC#tA{7{7oS&XH?h~b>jYV)xqFbd)Tt+p6TgAu~%q3-5miC{Ry2<mPzmI@<>OF$3I
z$CAOg2;c{0_)!in6b`~t@y`q3>d+&z6nVb@t_VFcE0Ms9P>EiorAWvE=zBeeRu}Ou
z(Bb7NKXzWhK`)z$#4iZILD!m!#4d2aE1<n*A_)uPaL|XQb)Oa<!9mBF)x|BCaU_%(
z_VPu+B)dQt=~0(+m_xhyI{Dgw^7mkDMHyb82L{za59om*7We{acBrFiUGxHI>oPFb
z($69L<83t4>j2rT8-<_PN(t1=Qd@Bqo#R@mX>k*fiIm0CIW6&91(d}y)h*~-Ou=@q
zyaMbVx)Y6LgyD`L<27q>bf{}@7bmr<e#>v^`6NSB^JN9MM#h#Em<+Kcnj~Y*btcT`
zbY}64ZZ-N=+%olBgXr+f3GQK_2kT@g9g*)Xan)Juklyd0SvMl`uQ|Bn&&f1B?+Vg*
z;=9DQW`4_VvG`O$$)H$togvCFXG_kOeJi8m4Uu}r0j|32hL$IR8>J`ph8z(pqZb#2
zG*X(qKBV(ozE+kM0lcp#_Px8IOT?X<hPyP^o9&FVPhES%gEu&H2=e>RWIv^`5(ZyV
ze2kJuGLYZ~g4#ngcw|sIK=@B_?$#4Jj;(%ATvlHaQmUh8;t`aR0U^Y`kJ4TeIb}!V
zrU&N6wdVF)2cTLgRAwuz3tN_c|IOa=di!4s&2OcgEqQ_Gzcm4IG-XrVlbgOGY0g9@
zO0n0cLvmAFA%ofh6rMY*zND%&N1}-9tiE_Xlt)hxw^@COd#I0u5cI6RggsP8TnJWH
zU*R5_BV&XhtFII%<<WD*bJjB+PU<5KgevRVGft`_B?Of9On{T(2#SEQo{2BqJbN@<
zOX;7ed*h64x(T54PbIqUPvK-v)U5gwxA|iYU+_%s=N864q^h$~tXx~Uo(5V+uKLVd
z37)Q6p29`cNB0mvS<mQ;ZXXdM`dQB?iYSg~5L2vY_Z)5=c_99BDdhfr5g_Zis->5a
zi9h@bS5t2jaxn472nGw4U3z}_jw{5Gps^FZ3SJvs5H$nnR9i{z{pxf0f_lGk!%y<9
z*0Rc%0$G#mMpWJ`l{kKL#pN>x(lccAK~3#w^5-<NQnM>dhM2H|8JB&+Vr)0sq~Syn
zvZ=HpQC>j04DDMmGD4%PJmN86eyQy8L0?aXoor38<FzSTy5rG7ih8QIQp?_bK^gaC
zqTVYs9oz?SBYf8r*H#i6I{lwx54t_}H6bO=ZX_pm%jiB68K-wxN^kzX<UWHh>A{jz
zC$!68{?NlcyuO6zCWMXjC;H2F8K{sZFUS~*QD)}v%IO!A_x||fAI{?nOq}=a`q;nB
z1hlzM?%v*ez0Cb3^f^F0MR;NbNqFwD3^`~Zn!*Rh-^0JKZ?K*I#amwKE0G=v_Q$Q~
z-Q(=z%$VKWT+fIK+92{HdF!;i--l-?F@(-ElK76+GLo1;6B{*>&~2`62KNzX%oQ8Y
ztuPt+6&9$w?Emf4%0Rj8|Ln`mD0#<ltr4%DcyGUND#Iz*k+jhcG8V-sD|HRj9n3Jq
zYXnG7n3sva%)FDNJ&~|(N2!0w>@#`J9e`!<7TqfWjUs)<_X}+XndqaDfw;S=E^B41
z$~uKO5;fA*3ksx}KozaUo69%)JpEyQ8HzIG@7rA2?==;yogRK^ulJ5A$d#Rwc$&Pr
z^0T<t)vfFz29TQh>v+TWMq}6ObiQCTc&w@ta$(RpUciu_bVLOiG3fkJU{Z+GLm4?W
z=$tMf{(zKR3CT3LRVyIQN~*4ctQg!16hH`&F6GYt5kT;fmM9_b4Q?$8_{z{pijby9
zhoDrEG}*IV16$Ps2!7I;Pa#gKNRRB<(}69d&Cv&eGkZFJR?_CQkQpT;W6msq8ra$p
zIP;^!GLt5(|BQ(Vi4ZX4B88|S1qYm`1SX%73acX>2AtakCOJtD)sUFMt=|ITk4U3b
zkrablLjvOLq$qWy%7C*m9hWk4TfkS2Zu(P5lp3-<cecppXivabjjoA@)FdgSL>c)(
zz}JtiiJ5dJF=SH}NuE91J_tDLOE5Kl4lz+dI_1ui4{YVy92E$h8PQ=yNY9&SLgxhv
zbIrs^A<9VfpmVCgBoC>u3bJU>IaFX$kn~U)i5b}XA|NhK8l{A!7}$yv5a%aFsUSZN
zZtVydehyI?*jf=lNRl$fheW9$S+ZvbUm+d7KV5koo@Sf{d1ZnK2AcMl_O5%knPdnZ
zg*3^ZANuV10AJHJh|j{N*EhAFL_b!_=#$L|m5qAOKq~QMGrRPDv_oB>A+(rvBzm<g
zVm`;kt}bFy*O8?rp`lY^etPHm&NZ)Z;xY`JQL!u?S_`y0_Fid-S6FH6E9?ub9##(f
z5^IQ+!D?cavAS3_0BekWj@7_IvGQ0Qtm-sV0;?LDLi4q}jsSDva#+Uau<TJ~k!*yf
zMqZY-ZvIo9_!VW+>>N#%yrLnU71sTD0%h6kvH>}pd;zT_cFuTRWxMQ%0bQGtx35Im
zQsa6%Z@{wnlxd5?HQHE1pU%bK?37!01uN&1Pt1R*)uh`5Xf)|GX*EG=h|)58wXO0h
z&?21@osFG-otRF%6+^c)Q4^ytT-qfXB@ib~C!Nh#9yk4^{q+1^`f2(p_$m46_{sVi
z_^D%FVDvC@7;Vf;j53%dWDI5p>2MCdh^_qe#4bO_#!PjDq-ThuXSma5p{i3~uqa1Y
zv7kh7ILR7Nt+Ld2Es7Y{wacv<5w(`6oF0EZe$C;Nkj%ZJh`}e;p|*pSf5%B2a)eZp
z3wj0@?T9Ob$2A@5s%6**%*SmVimIPaWH}70^{b)P2GvG-`+A3a`+L#7gS{h;!;bxq
zXvaZEa+>$VNcq`6&fp7!5Jd<f9wJzMWjs}mery3svqiJ~NULBJSvrNJu&@77;8yVL
z$5xt9?wclbO&q>nM?_P@?91`{w%)3ZP17%&@@x7GR_XV-ygeEdrXh@9$ww6bTI_G1
zWPm@k4wKYL&p{0=tq|}1JTdbQFfL43F4$w*+dm=j%k<A`Qkp4d*|Xcfx0k%nvX=|4
zJQ`phvRAX`u}{7iwU62>+27n_+&9^iQ24<^+Ep6iqM-9VDExcdEsJlw-FIQ(LTz^~
zBHpwKSk&_(KihQkE#7sF@M`n52q^2&v*+N2(}mJ@MTj%a=$TR8l~*XcEoiRrp=>}8
zcHgm3D3WKGZZ&+rjld$a?ANo-XXB&x_bpNY^AyJvSc;vYsl9Nqko(=67P)VV-lV>1
zd=vC0^G(H@k8cXzB)@5Rllvy2tgCjSw!IcrJLB2n+2`5e+3h*t+2%Rz`OCA%bIKFx
zIq2Eti8|^#`f)UQ)Oj?0^y>(HB=JbTHTuPmNbUc$BZnvrg$EuCJR9H`;2V$}U>y(~
zU;+ljH1B*+)K$=xCySb-tK)R>nUCy9jW&vIU^<lBh?u1DdbXoC|Eq&PdWoq-VfsG=
zy%+b6*?dLEQZ)A?6NM%|Dt>!~mlK7iy8L!YZrvxAOclXn<MvkW0u7%fdW<cdDx$_l
z&N?R@{2lx){O$amu%=jR>}#z3Mp;J;XAi)~F~MdPU&E$HRg|wwT2QTnvb7eh(T6$|
zk?C3$<f7YGtmy4Ys}=Mu3S|pF48OL^5o}L#;w*>jvll*Mw=AmEHMm!(I&8W6%<iLG
zzFUY}wOg87h8r}@0X@7{S~L;jFb;Q^SXkR}mv4wM8Y?!3R2hsHtqr^1YbctU-T+KJ
zD#gZ9*NfeS8ycpN8#ag4r=x!BL2Ld8*G^4+zDRU1*ppX<jv?1?AH49XlxSnHi>gSi
z%cv21CTPv~%(YUDdpyy^b&;o7t|vbuK|3fVac0<*DzB31I_ukqMI>@cnv?9WMV0rb
zV&{8rQlJ=jsb2M0z^CROEBT-X(@}sJrxoYG><3Hkn$0q+iQF-}H4D=Kh<kU_5C0Zp
z>lynf#XmJ!3neMZQkAbVw0^g8r%1(${vMD2Mm4%<n53zb$Hv<E7<MOE1HzyjQf@G&
zTEEk{BPd_VIZj<3UVEE`%1Jp&YVw2rqmf=N4WeI_3D}9c@ihalPB}NMIe7oktEpx~
zevV%BoE^N&6TFZ5L+%GxQml&_%@Q4UmMvb>b>-#8nZR@crIsz3grG^PyQ=IDyB(U%
zeBz<F0ZYueTo2Y+`<T2*V98Ur&2!^SSm6Wfv<m0>A1k>OyPqQh{NVkqCLC1PZFdt~
zby$y|JejfX;lv3mKo&>V)&~{<?DfsuOSWC;m2_nyj8d+$TDH`f17sE8^qN02$}P7O
zHgu@3_Z{Dad1MtonMn_4);*3*PbxqH%2M%a^Xh-0z)sC%`q?*W03ns<t4r-K%G~j{
zy_m(yaVoKdIS;4x&QZ>Hbt{^O5h~siTyvbyj9E_Ae2V?5{9+`g(yRa}^K@$|2gXC-
z$FrYJ(`hy{W;A1{(bYAJb=rfQ--OBJd+NHT?WJtf%}kIGXFDB3vpa&{sob>)i&ajx
z+(O0-)(qCJA4D9Oxi|S`NT8c0)68cqxyx8a#nxTdPuF(WNP$(+_6eGa*fpC2*#i!r
zs>WZ_W;3=4qa$M<*JS{oM!$N$Aiv?6`d;M0^#i$6)`k|zi8Lpt8dT-nLF~cnQ!bz6
z#{Q-m$@WNW(JDuI&G^VT`+CE=$~w!M$btO9`T>!cS-LHE)yR0)8sR#7>Y;VlH?m*N
z!lF(VsCkOFU-)s#v94cxHYrk_335lM)OE5yJWVyr4VLLCdbkegzo;Wyv7xVe>)?Zn
zu44H*mGm-1B6wv?E3Zi+b$r4#FGwOvbbOc9ocjyG!5v#`MumtqUt4>cPanjg?kV<@
zt4|IT*g|t>eof1$u2bYy_}y_ULuKt8jA?(D3}qW%(&RrCw{<j;j$b3r3-%MKs;tp~
z`H1P1mE;s3sM*4RnHNRt2Hzt5?p0N7W;q@hX``E>#>Wn|1W(QK9i?QZ)>-mGFqG)Z
z^c)78Y|XQMG^eYY7jfqN-KU&SrWNjGe-&4jkw;+S>m2jK>T5*P6jUq4s@|Nhe3keX
zRp0n<<!{?J*W|BQ`^frI<_$x;Aq|H-`YJ_((f&}%)N|wuz`qLKJiKx{7a*=KU}1gI
zTsl656o1leu;QChk*mmh;9lin(llS99Ft%YJMSc@36N{u{}j@AjC}||J|WK19sosA
zDVqac``JxHkj)Suc>8?Kyn;78P3{+WWyAr`&%MpGi2cVu=SO~!ZSzF^a(XLbl9}{d
zBP`Z%eF~BW91$zeFC@esHOS2`9R8P+Yv$CnkDTdy$laWZG|9=RyWuLX%)1|)aGbWl
zdps2voR-a^v19l6qr^*I%soaG2_@d+g>V?dBJZ&T(NY(&7ejV!D|*_m|6Mb+w6Q<)
zyOH0q33i(nHlxXI>j>i%gdt0BLFq53(;Av+ZOC>J5CnPa6g*R{{wh_bEfA1vy);32
zXMvW0d|+5GV~DlmPSpuXmQdc-gZR{VM?u=66WITFHqv_4^{!<Jto6_p$3oNom@%ls
zyhK}V7_vP>3Q&6-QC4N*6BT=pMMD?r7;-#~=_F@jDY;F(GD5u&|G`*We}cdd1>E}_
zKvY5*ViH8w2QI{eNFBQAMWwI_sPVcPgGcG)hfiBif7%)P6<K*9A{X|-$@i0TIPLNL
zOdi<kNz3vi?lO?*o^#;Xl&+o1q}+VFZ<Mz1hNi1QLPh<nkKXjES=b@?ueXHKHW*g*
z{@f16R0Fq46<H-$R@%k8=H@ukfh`V+4{5KD<3d>_Q$y0XAOEz1N-mi(q+1<7Y9(gK
zK8h(YIpByYDfLBzN_vBFQ-+))1v>x1Sjrjm<LXc^-_Ql08=Ky7e@=_BEfwPa9Xm{@
zf!JjWc)I83Kj1&p{OX!#DGM|Vi`y#jhTBa$Pk)veVIr)&&fp6k;B<igLk?hz=O^Rf
zmU>#&5r3D7c=uch$KivsMUAlLhWhRTapfNanM2QtZmEnRDdPnSy<@(%@vWILxWRAZ
zBQq&gAqHs+{g%+)g1t|=UT`Y$mu2R3#q&yG@laiGy@8P<#cv>$prO%Vg*X^Inz+D$
z@gs?sWyW;Hn}AXnsh-dtPgKN!vxT~*eQSAMsFyuFB-tm%91JB%bXyb%OpeD=PL$fO
znlVgd&mN>@jRwFJ$#+LtNqx!*l>eaBV}w`JVp!c(kZFYhF`oOe^XN_%mLg-D+C!=4
zUdgPE)xxYMaDh5x#}A=mDZR4e1zM2eIYnhL1l}>gqms%P0-w+Al{&fuuhcc?_jO}D
z3W^@v$k83VM#ukHEqY8oVxVLLmg>U>N{DIY9p}b)0ZDM|KgvlRE(2I&D@M(i24nG)
zjgqUZJLARkj#~^1ybcZt0+@6Yux(z)=vQi&M5o0#*jD@-svbS!#_Tb6@HEQC$5RDJ
zE8H0$NiEC97!$)Mo%DB{gGZV+|8T4?iI&b!cf^FUBM#i!&8*aoZJLJznGd()b=OdW
z2fRQ1j8)*1&)uao=h3f!HR?)qGL<}uH9z%9^?MOL5-lPY@Z^wS|G`h4;sg88o}rC+
z<7`E9^%vmlwNY7%W7eq1TF;Jn?4%2Lh_G%GasNV68ULEve_W#LA!4(g=GMDmKTvk+
zQ`DRYrjZ`lM?h>9c}oVE%G47=S$BxI|7zn$>3S(`)N}oPi`wY`nZS#al<t&l#fTfu
zGJ|}7#jgPQTz_#vfL%k@M}#uDjZt^`5R%d>IN>dAprRe(v4;bY@HW`WYre{8K<7$#
zh?~-c#LMUrccq)}>A??^LG;MljN8FOdE+r=qa_{h7azeUVb9NxO4ef>6>4pOl6_$<
z#7}fuQEiN8WBfc?pPi*hOmDibd1Ne<(hHXGR=AZbN)yrk{~>ym3tor)bL0<TwJ1yR
zmbktXa~<en)c?8of1U?{-qhcd(Yi77#g#E>ha6FePG#?Ya1~RR)WjeR9GEW_g*WN<
zOhHIY!+^54#d&cBIqMD``(MtI0a<+nSk(^BIX-?*vekznd%3tGMiTsh0_#sk3-$nz
zrZPryYG!p!HVo0Ge1bdc8l`zQfHp4ji^-beXr8`m=~X@%23fM>_wZT|FIfCz5YXfK
ztRDsGkI5lYN{ADs9ovQ2*kJ}Z>_+qEW)+qpv;z%(wt@f|hGKuB?Ume5EURgglwSK<
zFBG?|uWNT0?NWvTo^VBD4CRjfI>i9^Dm?_bf<5=OzC8+5Wd9<w5tjQ32KsL`O-82?
z^xt+;?khKPt->-C?}2No_J1H)+z><gzm6;GuHhI%CMxhbBZOfw`l1<nIG;26I^AMz
zNjdLUi9eB7`Nl8R%NDSsZ543A6!HIKQXiJ6V|5>0x_eru$#$v!#{Ugb|9?aLPuGrE
zH+9FbQ$&}xwG>48Li?*4#0e|-qEjAvh35777e`-OAQZF)SU>-(o<;bl+39@?;D23^
zQ#qF{vn#oMpZy}s((SS?pV2EU2`6HY*6dA{g}OR9?8*yK<*Z%99Af2bz2)3p0UV(f
z_q$x~fcbk%VA>vE)WTm5l%<zs*GH&v+YTFCOwYJ$M*&__jsOof<X|*CzR|^^CyCs-
z4hKKdgBHX9jv1@t+g<8V|L-osT~1JJ%Z?Sixs1c&?}naNG*e6id+2D|WTviVA)oHu
z64S)VV?9{Pqy*HW@MA&n)Kr*THH!zn&|MY}yht9d*NKy^qpwpYYevlt)eMVL8c?nx
z)hvfDT&QPtR?gSkesaY6&_P}sCca^A)A@nU-*IdON=qf`W?XdIei_9T@J5yueuuAw
z$2KsGm>Q}W7LjerkrGeDim8uSrcBz@lg&Nr^0v?GdRCYIR-%pc2b!+oR9@KB#|2mp
z36DK}E^LkngSpTww}mJ3Ikwg&*6OoQqiLx@72i1aKC82HC2lJKHwRQy+I}@A8t^(Y
z6%PZ^<9znW1NZO=K1Wn7{hT0&SZTJz+&uOh{aueckk#j@wC?6UG;OK09<a&aZBh8t
z=s^4%kG841hqoZB?LO13tp~>8K71QJwKQ|29H*t(!gEdGr#zA`3>|J1w^LUiT1`f6
zUu(nAGXB~zttK%Q|Fr!*obW?IM9y~-!ZJVL#@zStP(Fs%qo;7>C|}&Ra~tw*)GbKz
z3ntn~)6=JIOtev!;$hpCaEnpCq;0)6i@Q-2kYu$`p8M?w+u`J9;sM*9ZSCbL9q^ms
zEWBwQN3Y&gc?l%WX4t2<dh*TXh3E1}rY#6mzl4dWZVR;W|3JeBUWV|GN`Bma*;YXd
zpv)1$3-_zLEyWYI@3-y#KoeO@BE9TQT0AA^g2QQeBtI-Xs^)l&_`Ln7P2~sr&sHRu
zd>6j0+17QJvF+$JylbpH{0+n0Lip}a^zZ;t$gw^5tpio<j?#DQ@~!^&omNSRCo)@`
z;>}4iFH!{ge{+MWhnl0POdS$PImQ_<<IYBtkXxPJZuMs_GV{cr7$Ncr9OgCbI@oXZ
z$8#{PO;f!Wj1dxznN_HEx^vL*_i0G-sDEXt)Qe<VhMoh9_n0@L@L67aDYen`>^WM7
z_5+Id7}$907Jha5(>137B@*@5r@Cf9x|(He{5qH^nfsOvsWs|PH>X9L-g^WHv|0T(
z1ISzPi3hD)@k+*SkA<VmeIt)B9&fpjuEV(;Qgcv|w_FCjR=x~##BzlaZyzFwHOsPI
zm7C=fkGZ@V=&lu@QW;pj6O#Q1u9U!sc+Z)@+Z4CG@JQFIK5!N+sQ&nM{3WV3{CT9@
zHX&C?SD891bi07dsK;5%z#ZUeN_r#n!}f(3?Gw2|%eSP+RQo#kwqSS(MVWs8J_%Ti
z&-uMw_O71nI3j2h{-Bro*D?ewB$lZ|gew+w+iG~4RDZ0<*6<@#f6z&L@E}q-J@}e}
zwv8SQn~wk7;<{~zul!E7Vbq0uu7P%j-8>@W^zJmfx$2iw+Ua&UKzMfsb@cqU9iPOH
zEwCVv=-zr*E#7)$))p0}=eo=r0v5y?i}$_5In{amQ?_Ft4QqOb&Bi{`m6Yh&VyzZO
z9@(^^!t~_#?jx<_3!h1#wnVBCEk|B$++lhJf0;wTVpXG)-unY*36Fo`cEO|JC*BdW
zU{SUwiW~t(cL?T2Xq#Eh9WrX}HnEzg$~f`+e&pQb@lW1vcr;AA$AI)0!%EH_-US}`
zyOQ~JY~fV{KaOPE7(dP!N~iOjeO^!J!@l3P`XijZCxS$cVz1AkXaQD#R}ovL>QX=9
zxstm8r+-C6li88rL^JG+bZ+y9)15sD<mM<AZw}a`J%8%&N{{)mrC5F5eZ<n%{NK!^
zTr=NU@Om>ZHh!C7J9%Q+BgALaxb4V;@Q|I|C&Oe6rLmlF%lI$k;1tqV0&X5GiY|}5
zaTMH3zTq@CN#3{lds4M;b9Pc;nf#VyYn?<N<J@FbU;3ZPvc7aC-w$6N_y)U9WHh(c
z74-o#k9?y{ADz8(y}6w3yzz3`<d(nexA&#(``IK*DfQ#D>7CEq6)3_e$n}vTxoK`~
z>bFzut~vafl<yPj6>-br$IbuGRV}LNPOnIFNuaA5=Tf+t?eCO9mXg0mH;wKsrO<WK
z1`oB1<U*!eR7-C6id22%53~*eyVQz+5AJ|UimNSw6-giUQi`O5Sc>b)Z?b1gaSpjO
zGuM|=jBOw(uKJ%gz#5fY#%YkwAI6yCIvx|`+{>zkxlPt4l56$s)>4YlYo1<_?AE`;
z<ls<F!njK*!>=iOMVx8|qv%6j)tc9C36oPe_j;+YeBanBeX_}RI!qh-GI+`hSj|Ch
z?0vRu-8d4v=f1?5MBFflmqgycUkx2CS);M4Y`E*5t5`wlZY5Af;%+sWMA$GW3&m-0
z-6S^iQ26q*R7@iB?pp6CD_O(teO-|Jfo{VH6t97w?F?9JyeY0TGb2?$lBTF7@ZdIc
zQf9dP!(X58(8;mh)L?rot05N##L3-}Vaw8fBr6y6Y4Jr8zxJa<B9HXV8k3sMUGYQU
z{IKr))H}^*b8K~A(#~(%Cv`ogA_ryFj1mp>H2!^iZPDv_<E=EBA09ql#--Jv+lUAG
z^QTkq9%z1?_xjF8|8qA`Z~GRCcw9JS>3X^<2a4GIXQnv!e`)v_wXM4QOMusNxulNW
zz-LcCEL~qU=0g#m=n#SMhY?HHF-)mT*Wb820sF*qq;b#fx;7u#r_spK)`@fLsqc6i
z-;y%<<MkZjoVaw|t`%)^CYVN3>2w=KY<Xz@{dC|SmUSz<b1%f_I)km(-!0Ufc)O2y
zi-uEe6u_X@<$88>4PiwF;IDW4q_$+gtxX1sq<`D(BEf^Ig%}|?(;o?NqY@9P14g*j
z`i2q0H>$yEd7SCf>w)fzjpD!CUC(^L6a3+af26ND?egCG-KhIu>y_6g$=a+)lN8=_
zgWYMG(e?@7W;{gAO>mGX`CGqSeeYk#H-0=*^8MlT;@smFpAXW&@7p_bg!gAfBp=}h
zRxe^`Z=oi93-Rzbb^3Y{p|~-gkx^dnT1@8r$Un7$WQ1qWa0B1;_)t6uS~}vz$9L#C
zz4@ENX;*{h_Y&>{Yb*aA!n$VT%oe;q?Hsi~CVZ2xP1oSyN`;uDKgU6BM?bz*DcHOd
zxQgge410Gd`|e9BaLh~Wcy?ldiwZPhe!fuB{PUDV`Zw*?Dno6TtM6MvaD)=;F9#z&
zzaj1y{MoqVUXf9I?@WspA&<7=YL4%cZ58m`Dy%&t!ZSY0XVQZlQ{f{{bV5yd156oy
zLkPCgmX4m?x}huM-yNts?LP17&vorApWqgQ2{^TlYd~`#PM{)<(=LW!i=FZ}gsEj`
zc|oLU^P2wx&e`YdQl18V9!K%l!Al7~-I=_0+Cau}M08h*1-U%qX6moDF*kwp#48!V
z@JMkVZm(afK=hp6FTLTkn@+>gHgRS}u<Po_c<%K*2GLW)DjrkgwRw{P)3w+x%_!y3
zT8`-Pi3UpVJMA)%ccXqy`OX9$i`1z*8!=BWp5Ez3b@_n=>VF(0lLB<SlAQ=WiJZ>E
z-eHk=XUM>Fvxn!UeSqGm6vr7O^)~s(vru^q^6R-7?|JDcpf@SS5e?{lJum%%HT!U`
z0YAzV{}WX{&j<srhi5u}8g-H>4xXO(S*mjY0ODZSr(IYLhEql8M$}HNROb#5M}>VF
zb)H#x)R2XLGwQs1yCh9&RygyFJ$)}(<2b$mYx(57Gxy9g2iuv8vCKK|v^ul2#CBR?
zEQkCTR+<yXns-E+X(LSP7M&DUA;p;F{^R&ntmPuMa|vU)=f7~$oOs;4bG?~1$ONdH
zb!uCNG;Il6oUxniCG#G~pV!YEts2iYZ}4MR8Nh-AyITBbQ!K1`;|X?E?N9T@Bbh!v
zM_Q|{qB%sZLkf9Ks8}2Q(w*AaN$AFXNbA(RqidDn)cH&LwfpYWVkpjqSo-v}<N5B~
z2;cD^xjnw)J-JUMnRou;r^g(}0pD{CC5;xfaMFp6wZG@ar%=?uKmI0j39a2V<n;)h
z8{tp<xC5Xf0o12=>GHRm!nZ3PeMk9IN_BxpptoVNRsP%NkHMEZeX+ye^TJ=3wg>fK
z;LQGE7mCE?jN<_+>S+6HS@+NBf?SiL+Mm-eY%{AlTNrz~nF`A-KO5>9A7JPh%NM%&
zFv&N)Z_y`!Yi48j2tK?t;f^zt6ykfzId5Qpdq&~ou{-bFL~G#rS<w+{GU+@e;ki(s
zO9yp%&{_snpRzSoC7sK=Vd=<E6qVHagd(!58Kj?xD{s353q5!IBsP!Z5F-AN+nTtN
zY9|ETF3X_*L_SY^{9NoIFb$j&y~E9TFugfWx*j0&<<<1WIAQSfSwsRAj=T)vm#5P;
zqWJQ%ya;tFV)}qcnKuX)DsuYJJD%h#_;L8D?_<20S+6Sx4|oEs^quecGWZb*Z>dEI
zQ<oYu??0ufzqYU~+0XoxvA+9M29klhOsC!9BR!H~{_XvtZ|9eLuSB$g@26t%uc+RB
zJapZV_Q<eZX4sq>l5y+vn=bIWCh?x(d6bvQA}b?CYRT`jf@GT0AB#gvNg1F=an9+u
z<5YqX2FzpPbS1qVmoTv?U+u~7iY=+Wm8TI=_RYH*_S}qR2fLCT<dS#j=l!D0uHjrW
zeRqx0^co@l1DxyDE!U`>0crgIaCsk)J#M-2;AU3K3m&3y0*iM7pK!`eIX>ady%T?R
zZ7$%^D_n{exi2J7aHzfzJqcnpW&2E!6GUtJ<n#5RccPz37q5|ixmo#6s1K*!l<PC$
z-aE<9<kZ*jOmBp@$e5B)<4}~|{fx_RO2+YyxfECBouD2O9Oqu?{ZU*oQ-ECeUA!rk
z9_jrSy5BcaTJ%fFo(1ij;yL5o3t%6`pL{2_buBr7WeeA!MfW#pb-=nQ;TBF)3;7y8
z)|BSPwSWgV@PnpI$#39fm~xL2wn{%6C4VIS_}R6uEzg~A$OYYXzWXDP>G#wB@Y<!t
zpOM{>e)J3{rbX!!iCO^VC!&EC8{iWepY)Swc;zinXR;K+u?K|nfy58U4e=ACC2L8F
z-xYkhW{4O3<%S{Q&oB6Kfqc$*aY01R6xxAo&cu@h9xX<%NH+rLUJ<Xf_`M=$co+Kn
zwkJv2yWHQjo@8{=OrAJNEh>E^#sMS0Nj-_D0}g-V9o^8EX1B&$|4ng3()5lD*rIwH
z$hAfKHfZw;;a;F*A2~q_`4$C9;6ok~S)O-hcLOx;2EF<GPU&-?&F28<=OB4g4LuU-
zQ0CvaOCNJwk9x28J#&_~RDc7otJT6x#PdD}IeW{TnY`Z3v}@|`<7bshi3*9-LvmZR
zW^K0KdJ>3Jq+KugzOrTSNmhts*QyVc3Kin5wz|%Gl`<5Pqe5v~2udH?<8!}{n3XTR
ziMT5i++*rGidzjHDZ^YUh@dnkm}u!TGZ-bS4u!O^&+2U1j^Y^OiM6V2>3h<zk(7iA
zw{UGKj8aYGH+<hHB}C93yl?!?xurXLZ<^r$5q8eOokY=|9|RL~VoYq?6Wg|JJ3SNI
zwlT4tOl<z*<d;lr+ne`xU)65y+uDD+Z=dRWs{2+~^}XkQ&*#{Oxc}v^VK{+44}9I!
zb@+t$4Y~*Dxv=v<!ut}^>%HmgfQ5&69zya@;^7k>Bw-*@&x`}S4_0(g%wO?M&Ic?!
zB*GB1e<BYMnGiXF37g6eu$izWJtdnioL?scr~YbQXg=Wi5KIO;|I>N+k_oLJ$k6k6
zVfp~;^PT=zbx)83iVr@0u=GEr7Wl5uDSh8BWLr?H0Dt?Q=1rap-4>iK=*7Q{4){KV
zRUw3bkv7FIj2~cL(EXqULU8|yJwUEObO&Z^s$W<?AiQAsL3f7;{3YDPX!&jzu(~OK
zVg3NO_8AD`*`$BKT|)puy#ML7Af1Ik|0BGR_dq7_4?+3%`CH_VZ{Y^tqLIIaDSV4!
z{1)L5`VAls4<*_Pg<$>?CsG(2H%w{5$_y1JW`e9~LQ5PHDZGOMX~LTyN=bwk8y3pU
z45KKh5;ro8ZbHqBkQP1u(~P(tnN0*gEoxkl6<JmUZbr-nS=WS~8EHoNChl?gOaCV(
zk;vGfP^P+XOoA9B#i7_n(HcLJL%-KS)QTk&k0ArNCR|1lOGJ0WuqI@6u$obvKdh0(
z`(ZRADugrRZik`zA(um2h%=Bm`tdJ+vXf+oV%9+}hkKB$#-0u%_CsHazQksQ3e>^D
z{QMI4gA{8y>O@c|R>6d!4hcrMH||ve0yPZpXMSwJFcB$Em>?oa?J&v?C29zs@K)Tm
z#Fuy=H1lVCY=Q){6Rf15QXK0JYkaiHkF;TIQaG-NOyNnAWeLRi2%Vo-u@S>$q=c=J
zI)YWiki%?+$W%gABm)vKO5uq_9I;M?Us}Udh*gK_cG#VuTO(9R?qhKZG0KF`NN$I}
z?hsvl^Ni#b%qE_S-Iw?}8`|+RJvK#x<qFmli0TkrCq9q8ABNr`ne}fVww2(yf_aSe
z5#)}omY|po@)2%}JC{J3jkqCt9sYFn^)U>dSa_HbHt$oAB7~?S{D9&YGDX-TMJQ86
z#P5QlicBhaNk7GN<4e)GQSpPK#fEZcOW~;_qD6P79ZPxt{E8O;u1Mzcg&Rdxj3SS^
z6rkqD&hnQNEy)ATU?0f1VEhUGQ&2y{RSNYd%qnlC6!A~Qr09O0S1CU?q3$o7+~87_
zHe@z2%slb~qd9ao;R!{!In+j>l-z{_B^PX~0D5s-MV>hV-QQIr>Urgg&@Ko^q1<`a
zGp?m9Z3N(7ZMnFL>Mm$U!EFTu2WE3<w}4P{uC}7R3vL@e`1ez8S1Dl|+O4>I-e-#+
zIDt?F?K6B9-*CduMDOzqEjZf<qkfXie6>LLLgot;D_}Y>WX0g~ClKA9Hn!mP!jt`p
zHiKq?>V+yRCZ9)TL7g6)Ee4u_XGP-+Fv~NaaX#>5#hnmzo`JI<@IvVf+$%_#p#ct5
z8$NXgW8{k-xHe$X2};i}-#}?atL1XcNHxHA2Ca*o=eo~W-4JL6EabZ$_%;yu{^A!Q
z%!`?!I8eU%fce<|#GS#kKzl;971PhFp5Zvq{$TbHy#DeN(VkXoK(G}T$jg~wuz-I0
zek#&FZEwNxgnugNJ;UEXi2oDF6#!-gUB2ND{(v`N3^t$)HslmDAQdxY9W<aFG$c-?
zBo7YzsKWM51~s8q%&4GdW(i9MC!xorwl)=y9Wh}Dz2-8NxHwSuFS*g^5~&QN@&LK9
za!uJ1s|`2%*Nm`<-Z@5B8+LYR&|g+2IvHG0k4tUq60ZyrXlTzEj`8a_G7Hd)VKlfz
zJPx59nPy~`%Jm=68nq?VaUAV%x;~ql-BdcWkY!_<nxrLa8@9b)l|6V&6gG5Ch|Yrx
z#<+}_HY9uDw!LeN?&DuqBR!4umN0B+_M&Y2nv8iE3CA(7``nD)mgs3e!S(ysd?;L+
zpy7IiYCD(sY2o39?u=11NCCG`5xs~;AvG4XP&|<XM&dOE8hCE-5kt|&FdD>eU!;5G
zj7FBIXd$HsW@|ti+{wR9jm&Fk*8>DXvWDtv@n|vIf9)D#)=F#eyJ5Hc>kh!ySZffe
z1?mok*P>RS)AZRH>}o)|p_TXlsnK4tJwbHCEFU~GWYeHi3jq%u)dJ8<!Y3$qSl<48
z1KEaCwNMo(-oM!l8EVZ=zTe?^2Xqds8=lu9Es0k^S`Vz$xSgQgVL$u38tB)`Rlq$5
zyBcrQ5>#Lw_dV5qK7qbN!|e~QF~sZrjJW+RdJ8Lh8$xaiU2YqGatn{%KVr+Mg_Hhw
z%wIA`Dj!mQSi-27o+7{zTL*(MVr+BU!BgimVGPZd)B}VMaaE*zud0Kp4>LbxPPlwu
z$u`SH+5@c)g8Gp8wzC6*4%%XGqa(f!W=_OZ->rkM4}aGuj=u<wBtArTkqo`E7XvL+
zcEK6j7%gOWK@2^WmqicEYf$>pt6Od@d|hAk!>W7Lw-Fz3)=&WV-o>qB2Xi03uFvj0
zAFAR9@-+naA-;==7K*c=kAKtF`UATUPuJJ`9$!ZRABwY>^WLu)KY70)4Z3f8Um)|M
zZ$zB;^<6ml2oU@h--5oNeEH$`EoRX8qR)fY4?-Y(XmjYo<ApQ(7sVFE1?dZEc4SVk
z@`Va7f<RQsHns;q?gus1JGHfcaqYpL9k9QJdBOWa><2S7#IUV?QSR~C4}qaS;^NqY
zNzXrJ%k%-E1F!n8{Z^94cR#r9sEwZUtq+Y;2UPXI@x`+T-`gi3RG^n|TmGWtf#rp3
z{TIg;!v*;Z*?MGmul~0EMe_sC3*X!4_t55ll^(e3(LgUCu&sZA_(HQD=DxXcVfVtb
z9&o?q>mk7Z>-{gV74U$}FY^=Phrt&jg)bxy{y!xAi7otzH2g_Kz9|YtB2$otq6Cr>
ziAIu&p%jEM1+o$e52G5xa2eqd$x|Y4!-xunrT&y5O$?I^gw2zZAumQ&4zuicF@j=B
zNEIzbIqLu5Pa)<BTA*qLvgZjOpgM<n1`_1Sk5gbELj@8UiqMiqhKUBk)TT0$jem3Q
z^{*kV2qg<-t4-7pTS6X#(e90|p-@An2~+L2>iw-D%!w-3uVsY4DN{kgj!fS#)|<2>
z(t>gp2wj_YLD~^Y*RR%_u_R_g;fBl~$gnAXLi!R0=!$$ok$^zy>9;dNLJ<l?^$znD
z!9tNcp&$;G*!qMbibslwG9v=-m>NnJjVvC<xrK!yk4J$TDzXI;Cz44TAEqn<8z)tW
zQWEAu9575eiLBYLxrOJLJxuNts<ZVaPF#nS9_6v$bPLuoiSkDkN{|SOV-_X3RH#yZ
zWQ$-TfcCv#Hb1_U*bb#RjHh2WKfOhK4!KbT-!Z3@f&dvQOuXNC3+6J>LyVUKCsb?;
zaz><sG(Akc-+Bw-GTB4CgMuHKFbpF<$%14hOupZI3vNcxhm1RnehYU-)`!9?R4+f~
zfC4I%uwULN7K=DoG8BSThL}{!h*S=hR8ol)kYy&7b}IZvB^4gGRS3c5pGaCX9JfR1
z#L5+%NNy^j=|oE<9!;_<3F*XJCP5vCHXK&S%oV0Wq&hOPgYHDl6_qJB`NKTEUV=?2
zD^qroh)qIPDPoS?RYKQ^o-1aK<aXq7=gaIbR??{9phBkBP*x($gyKSMOF6CB<ihW*
zKwtxTO8l4vt`nD~^h(^_4y+SdYq*XqcdWI9_-vStbQMX~$n6f)Y|xrSTYQED$86Tk
z4~~TF!jH_vH7T!z)#1|}#MzJ=ve)6PLV?x@_#a<KelVx5$)0_DiV98)tugQ<eIu_X
z5ZICgKMIBec8HkMBZ-g_YIjhsD6z!}0Fv#IZIdr)64^fzh7(MfJ;P;)lt);vSkvUp
zV$*i8nIm|mvq`2BmQ4`Tr1gGW4@c~fG3Rv1=n+-NL+-HE#nKX2Ck&XtXi6o=aSS`v
z`FBXF#jEbnU9o$HbV#cu+z;c_C0CG~C*1CQy&`%H{it<KloLNSyl?V#S)%Jl1~8mr
z!txmIBilu^5q~~>zXN?mvMkgTZ)?Ky81^FL_fe&{+Js_R)Q_Zn<lF>lS^6&Sb?4J#
zz>6eeyzmYqq~b4ssz4#C$X+UcVyf_bs$e6kXw*CrDkiDS_*^lC_(XKJcpTBF;z5Pk
zM0hgksG^-x$3)(upHU^~RAg3P*nl{tVsb_5L~6FQbRpTIVnt9H_MD6rMv+*Va(x+B
zB2<y2rQ%8=Vv+Pj(Vn7LB0pP>)=zAO;6#+hSmt63Me;eL(M0BgaVogc_`3XLg@rjK
zD{NC?x)K{Ip3!VA!OB84#d0cWD}-GME=B7y*F=`a?3JIb3b<72R%p9ot$;GYoY`o?
zReqC#HkG{<?gt4{@KK>Fk+3o0s>Dt4v&xU}B9O}MWqc~%zDs=|A{7l)I2&`qbBW8o
zs-U~Za*K#6GtC)NCvywo7j2aqtMIyJO68)Kp{by{#!D5;DN?CWCy8Yh&z8YcCvXd!
zDw>x$&v{a3jOIC&!Ko0q#sO_2yUHnLG;^wdezl2xR}!6b{gX<aCsoFL1f?pcs=!eu
z^(VYd6kL3!;9h2RM4&1>ujD%C`zPD$Cto3fVoVvuobnO&ZKhQ&P8p^O+HJg5v7Tae
z8ONOV5&muV(@)<*tx~l=QC21ViaBKrD$ut{M}=*r_9`5=Sx0$ZW&FUO9GqM~1%Wa_
zt5BR`BAjW)sA<Zm8BW=0QrQ{SiD}x28R7;?I<W{4>diN;_~d-?*@A<a8!WB#<UG^E
z+6Fwn=;V^`2bT@Rl_K)F6tkl@q*_60MHC?AgR&b|FK)hoY{{woc?(xBcD|5>TsBKO
zt&D{{*TdEuUagpgl6?RKXYq9<mOUSHcJPLHB~VW$W7e#J%T`c(R_z9LC0$R7p}_WF
zw}H-9d=>N|L%yN*Vmtj=oriBp;YHUO?N+=9!nMHkA~}_^&j(w$uLP{ic+cwHV0h7-
z%Gwt+gLo_mS5oc@+-Kiz=(&F(76u#`cyV-wAm#}lcHZ!FM*@f?_aGD(Qr}<E`5(l{
z0}Jk8ewm?J@q+>vJm1LZk{A$-3$d@iT)zD5$PE>DkX#Yy0OZ1*C1^ften9&~>l@84
zZw~s{p!5AbS->!xa^UmC>>Jc2g*m-=Ak-GxC5H(jbD`1|+sGX|gnc5{l~kW;{s2qj
zKhf*TZWLG_09tL)UGj?{q=S$fk|(CuKtCygf*cTn3(2d$UB3S8#0||8+iS3&ba%l9
zi0~lB1r99LJac+O@x<~Pbe7vao8^M}8g*9O4dQcQ0E^#)zTO}`QSeD1&Gf<de}XbY
zhB9S@GXEBALK$p^6>Q2W7KmcnkL4)lkKH4|tTZkGn4z<zWA{n0Fh|m|B*z&KGF?S}
zVaZlBNlb+q7ZFQK>n~;eGj3uA%aW8fC}VEM$daZRiBm8+ZnnpW6G>h$V8Oy2Nzam!
zHgv%BH11>e+4wIOv)H)MV5(++Dq{q;@?a#BIW3m-V7O+l28(o>X(U2@X07Q7mbV#X
zeZ1xXP+^9b$`(no-Ctq4z%=>6h5WkRYxA*1FB^%wJ?X)ifh|86vD|B8+L2~E?q&wP
z-S@!kH!e4rvpfL7_*(`UZT!USj*&=)vOZ;bD3ED$+>hKp%mk59aa?c@8EvAUF(gf6
z@0)XCm~k}I<+vmHZ%Gq5M#*tW@-(i2LdG%~0LM99(wsR}W)D7LAk%b`X+O<|JY>X_
zp3!q$bPqLQO2@2<Q9bR;9**)bI@4mBQE?!Z>1Zmh43~1xnhA9p^&W<EMr+@i>7O)j
z83g6AIi~wGuf5OLv7Y_BX4#DLY3Ae3#lJ00^cZEwrHj)%2Rh8w8ST^D$G!KyUdLG)
z0$OS8#aWO2K4x8v_~Yuu35P~qOyF_%;*dkrr&K?)UynU6CQxZaW~o6Me|u?r^JxdS
zXnW#m2WDye>S%|;Yw|0wXeOm<NHiqX!tqC<jl}DXH7wPFlT3%|oK85^vQ-U+>ccBg
zd46XNQ`aYGd{;}#8kaLHsRJz?p1`}213VF`#`DX|CwOWB^CpcNwrU~sru%i*8hmOw
zSyS`|2pYl*p}NC3^${9qZcNsr>9u<wGw~6vj|soE8&!K`qhU&YQw6^DRF#2xUHQ^{
z#n<*=SCg!z#uM&^G~FpX1Kp*l3YzvXS7Wdyk{iqMh*z!lQe_24dlY!`%)nOz&|ioF
zk37}4FMVQ<MKB6j2A>eH2O^l>*F7&WvS)&)#A@PBKC_2^=)jE%ma*;_amNS@W9l4F
znAo%VCdq5UPGH!>_(sU<OP0{tlVpwM>kn<9GDflu>zC?3<hi^V6MHqSCy?whox^%Y
z*UMucs|srEzk0@S%fxrw+T+PUO_2?@cL1F^%~FO9nfAcCk$t`UQo9YCcTA<B^)mMz
zzxEWr0byOt($L4!gX%fbcaps(>IAMS%y)#nzIti#1ow{aIofy1&p@D#&W2`nu&F+0
zY3c;?g8??`R;PQy(UkEzc~{eEL%2GHSR=5MbMk|yAJG{Znln|HGqDfg%p~EAFW^i!
z=1kt^M3GBG+wSLrv4fx(k#r<!Ra~>MgQu7naj09<kc-A08gYhQ^N@>E-XeEE<1)2F
zE$J<DN@%58Q?bM0$ja!M*fDdo%H-zA$mp|lNYBJ5nK*Q4Thp;4C>c6*zHWug{A@mq
z?Fh$ZY=>grOSdP(#WD$G*8ijBqOpT9pD1!7$V6z)Tpc*w0m0H|X%AHH;kD3C#xZPc
zKVsSOHUD<roNBu=<#>yP&hfsA(Qc{C<al2@T|?~3X4oHEyxf=8)cJwg4|%<)HyPxR
zx29)Dh&fpQ{CF(t1pQ#Xv0aTnu^-Z^ku5Mfa5)veU)_=k$Wa3+{V8rvB`xS(nS)t-
z$7egttt>vWJ;yTpb**@B<B;?*?ZdiTSC7X!n^jjaiw|C+Ypz{`PF0CC+s7&Iw>Z?T
z)MpsLg!h_mRXR|ySxsDX^saCsk!M7qauOJxrBI7T?ItuJSGolAo#($Z0{^Y`e;VK5
z(A$yisG1|Cx00QkfKwysEj1^<OpcuD&AYco3S0dB@kQ$WDhJ$F89Ov2_sM|O@toT&
zE_;64?J0F<ejohbM(Pu%TVEcu{9cy9YuVkCFz7t?^qKp_4>Zq?iomHe%|2k{!Jfc#
zwdfjs8RPHk=HKZgxh6@U2B@K?JS}d>?K3}krRgl_dtXexyAJ5QaqaqyWB}`?1VlQY
z?Z01{ceEN+?Nrxuc&IpVJUXYnG}<}4d#L3uoxWP9Z1_%|BMl(F2ox+KT!;KWMgsW%
zjL-i$JRdwAw=V;ed(B48{@Rb$F<_j@%VwkddxG|;Oq%8}=jWm&Pba<ZyCvIa>zJ%5
zLhq9=ey6q1+O^M%1nmxX0+^Q{=kD+Az-jHrI}@}U>i{p^iYISt#wnK{-ZsLs3}ST8
zKDyDrHx5<(Y9IXm);J`Wy99H$^eX+K$BfDP`Jb*nTzDM_02(lUY}o#>tM43DM7(b_
z(RGG9?;W$i?q&GHedc<1$=inK3$PdUG8FOx{Qdp@>-qf{Woj6E;O9g8zmzA6oyC|c
z;L~*VyB*cTz%3PWVcciI&rHZFtw>*Hy@`->A%6R5f4kd&AtJwxE&QjRMbYq$C=glb
zC5EX??LS)|hlle(s`d}#e_j8tRwxj0X#2kzU)+DMs1d!X3mKRE%P`W*(A~M$*2Hpd
zU<D>JGDnDot@%^XfAv2OmA)Etee(y&!tXO&Lmu8j^%%>F30F&@EwJg8F}d1zptj$j
z<!FvOTAwVxSniDwvNy3)AfB9PgU?ttI(VEF@((iRvbn1D40Tn55BRrJdREPCc~#S2
zibWeNY$67w$~7wLxv)p*Bg>|FIgAPl;(+YQ&AGiQ5?$uDqyAWR>3<7ueb~5_PIO*&
zt;itr5#KxBk|N}TR`<Bjxn7I0-jzk7nEj1Ar-5e<4NyRiJS4g@0Re?k9a4x`jxPS|
z#1<G5V0lc%8Nk{YOnst9Q$2E9*;KmjDJ-36HcpJyuA`z>dJ7NN2ROsb1irIX1N!st
zw$j5aovxm*aPiHy=w<7Gfz7IcT?IEw;c4-K!1k}v^z@mufcg5$Sv!=TJFS?##Ye2p
z_J$%!kXz@TI>}=e9Z7+=qxskVk7@P9GJ&%O&ztHiC?KZeMqwV&w7O3#e@VSt9hWxO
z>)>yi!M6qxX}Yc~AO08fiNuvzKy#{l+0Qh%^>KJ{ow(pT`=71iLmVhHt!j!%W)h_L
z*r|ZN>jQ(7f2K<Md~G1L3WWI1i|wP^6K&_?B>DQ;vYeItE_S(Whdr_TXFDt9*Mrfl
zqM5tj$xY@N+WWh2Iwn-{3XX#ABUb^6jiW^)Gj{dRI_J2ys&aVOSJ8HNKrU<vQh-8h
z9Lr>z2GR0ZMplER@NTa7{=JVBd(y+E%k4Bw?UTsf%Rx8~Hbr|5dQv99K|iw##h1Dk
zE@|7I(I6;A^?DR|U(~66nm0d>cBiVPihP>IZy0nBj(5FTv%?&q6I8?QKRyfNDLA}<
z*Ct_6xN{Xgi&d2Xf~@}m&<LlF`;9rB<7~5>r}cbX<u2Jx#D}pj8YV*pX>kIH0jBNp
z6G($Ovgs15!>*K*Qy`9REcQK5nXGe!dtXOP6YajqRX>kAvnSQZD5~alXsjImjm0eb
zgJp6tj9@M}y!#jZgWb@fjm{Tmu+mT=A<0a&;F)AjF~f~T$5t)CEPrvJ=s8g77$RqX
zJKhwZG9jQ=ik+x}<W2j>d&!`&x5QBF3L-5DNf{GLO%+V9fp+gW*n$H}kG+L8tfWw{
zVoNRQ*aqjn`fgbUH;ZTGu=I6taymqZcT_ZuUXP>b-j$tm|I>yxTCa7=P#afQ6j0(b
zzD7B&QjAM@+Mom~1*{m6dPs~iXp&gEad^6`=Ot?xq(h_Dv*MYC>|~UhZ;M_sDGt@g
zh1*U+@>zAGQodI<qYa%D=FRqL{H_&6M_de1%WFD9DvlE`)>eA%gsRypmam3xa%MqK
zW}R2@HEVF&Nf*Pl41@Ex(>(JkiTv={Q7M@q9GV>54OT$bm4l=+e|I&_XF>G!Dw(2r
zW_{qYYpmja$#IyXxm7WMp8`Ll>%E3Yvw6ySb7Y@0PtlW3j&!F_DvS31bVHx!<Rl-g
zCUZ50iS4bx>OQf$8!Y9n&2OfaO{s5xSe6aOds28(OFNFtK!Pm+XPkImJ4Be|j6rW(
zNTXRFw*wh5_>~q}D;@$YH9<PAGy7&+G3#`<-$|;hBrUrTVzc-Vz-7}0`*Z68&T@*H
zCZ=~ZK_=GUcXP+2X@5FyN2}Z8R%dI@`W-CXpQrD+vW;5oDw$XNDouxQ;!c>fhPH<{
z?|o0F_y~QP#;H3vpUY*O9)-k@==%0JiWTd*Qv*d+cDH&??cB2t1etN-Gi+>3mQ;!n
zNlCu-UNT7u;wo}6P1(o%PZcwP)iZ3W-*s=|c$zmjJ<E4nI7|F2(>(M0d^a=VTlLkG
zz9g(@Rqx_Y99Q#LM;)iAB=cw%xZa<o6)jxTXf@p&E+%z6L&)Qv@aM2{><=$I<MQ2=
z#{fN;42;Om+R|w38w^n{-n}B){5kBVqvb2w6T5Zw3K@;4xQjZdhYl@zYCalUinjR{
zVu3CqSk^X&Y};cx?_cw#I`QZ62BJ^f>LrN=_-i`WSo{qT?t^3Ol-av$z5d;Dtsd$F
zO;sQSoJ3C2``&-H>usxtVW)eNzw_FyM1bTu^BA9NGp`lzvbx0nmT#ar1pCZ+p6pX_
z3fRN=gg0!oufA*aPl(lHgRSyGdfQrm;okC1nKWNXnMfQt_2fO0XR{igzBlLE?j3?~
zNSZaFSP7or{(08|Y_j4qE9b1AA>m)px*YS$dYm7*ms`KlIS-ESwpk@W_{7wP1UyYe
zFO&f>3k9_j9Tg)7z5;8w()98jTQeRdN8tuF)an&B71XJ%)8xaVCeHG|bjuL56L?6C
z;#JWdotw_`Ibie?xvjm7+ga4;>zbXG`ybAyl-L^FiHv1f5CvK;T!6uCw<75(BWZ%M
z^kH49nnVlxQOd|SgT9BoJBwmF;G`R)`1t7{Gw*It({Cy<+Ln<3mv@OioUyAYgRfm~
zk#g#Jy_LR@Y@%0bT+K7{xvse{-}jLns*KK<pDzpR;%v5#B3fy3k741=ou3)cXC_~B
zt-5Lg9=3UZfvP2~6{^eG9_sw-0wwPQs_{c%r+|mN&iN8mgsISa5dMiS(AFhPLem|`
z1V_*KJu2ORYqNNwPC8$@Xp;7Xw_>}k)8H!ke!edz$D3x~Mpg2bPN1c`eZtpjCI+H%
z-4rssPhfGb3cqd3ozdlWhUQV$`lWlf$UUX2>0ns)L;kphc5m6AUPUL<fAm%Zveq^(
zuEd9(Kuw@=Uotvmp19fv>XV)#<s&YOuAlW*AkNYsk~2V;s(Gc#tF;bZo{QfcrpDY<
zC+=verqZtUTt`yN4?S&`n#ioX){L@tm~0oa33pX{csx+;%=p6BH@Rlk8w#BZ=Ob$a
zdfpI%>63FJ{vfCvKnF>s5j``c`x7deD#uxzETdE-><gIa+lW>H+iVoC=WbN^T`n#w
zKeeGB?sORVhg^;uj}D1Ki0?C<b4)a9e{@_>x_sm_Ma~ziaYCGSH@PYt>U7;D@<@Ia
zMw^odnw*!e=3SPh?=wxks`l51PnD+q>c!t6>+RiO%^%!Umy-uP%-(vm&0+JAm+2H?
z8AR0H4{o2T>cpOaTH8bMjs11+ine<M+i6KcRN?ge{H*TgNrmgFq=Z}CxtKp<r--KK
zp5ETF#Y+AMiTHm`O}hwt(-CFP6Ka@Vv-wY7s}_2L(f*Vj@_{=wVUV)$hWJ)^*krc{
zW<u&?D(?35`bGa>T6!eAQ0<vV3oK08btomiU}V%=4c5j3*@KItg1RIDtZusRbrXzR
z0eO2(isr)Mr{b@yC5R?aL4Fso&G+364!VPy?ajLr)$u9bX2~lpMZUuvE*IJ+S!`2=
zmZOc|2clZPj{Kbt2=~V68GJPt&$!$upnINC5+_rZd{HfH(4uXh+;#rBnUuaoLr}y;
z5C#I{>{r+VCzoJNi_1gsFYT2-G7YPT3nN=CWp8`~m`!Y_&hxl97AH53Sk4vu!ad1M
z6Meo&+B76FV4C&I);wRiEfv<kwY##*XFY-DF>Q2N)&a1^<!ywimHx&!Ap1gIR;=yn
z%d@w_hqJ6aL+^k-f%R4o@S*aHjIyYxX!A21W+XR|4C0-3U?uN1y@0<ls-LH+CV@Tf
zm}Bs}{MvRjyY+)H(?kf5o4B0-Z{61>UHBy~5W?~<3Fvz8Eg%y+evXYmijEXSB{kBE
zk5Lb$_L;s#=qHO|V!Ov6R)yZZTdXdRS65a}2!uM*q*4=?M~=zHr|ljRNk@+xY39>#
z>(K^|!Sb#Q3BE(gO-K|zSb7^-rHsVu7c<xSUp*b6);OD*N1Q%46Y4!Z{1ep1jgw_W
zpH6V%xe>l!@>m7WI-7dC$eqO{qc2x<nMcg+`?qu4J-?UM$J;2uh9u@)zhWH?cJdgM
zFhGe$!!)M4shWwZ%o|TFl?e-P>?Z%){Duoum^i$xokdp^VxN_3(q(mw2}Z$4+t{WJ
zOC5_%`Ti!6t+$yB>hwgSvxH`3d%F{h6_EGy@vAP2%fX1K&d}#3|4mbyvrU&%9$EgJ
z*kG8yvu<C>AN{r=OF>sgnSibuE?EXPF)%5F>>J+vosMlfX~yR(vL|jodIU+Thb#gd
z75n~v68|dAL5SuSS7a$Mkg`hJCkmEmVpzI)O^}_Iug5DuX?E=jqrbz?+_)%EqXWF(
zX-|LMlN4<wYg6#CGeu=2drmwXSLRW6T$ewrkEPymcdHUHmq`&-trj%X^UY_5u)D;N
zH!fyQDlltYZSe_(R>0EessnemD+#~~1Y7~iZ)|YqNLfI>&dOS}lCQR6tFm2|`_-av
zW^rfb2QU8K=he}BoTZ^{G?R59&lxQ;qYF%PMSU8_O_*9oNsVe^8$VysnwP@i^WIo%
z8=VD8@7aHQT;EW|{nAcmEq6pJ-@tikx4z)s%y4Ttera*^NSlslfpPc`_Z={_kf?mn
z?sR&q8V%j6wjPh)dukZbIHI4-x<^ZIa};$mSJ;@Y-9s`PvEr9@qm6;1@034-zmQ<_
ziHm*6!3#k?V&3rKhuFn8^5Zt_K<KE9!u-kASXbFW)NL2n$OUnl`Ax7V51I9^at|GH
zgD(_BBbQLD8!trE6}MuGND3fe*s?xp641(32n+LePxQ_C^)=(qEI>ChO!bLqx;jg^
z<llxlnLN?Ex2D3S5ol4c>xs1oB2V-6F|<?j#HUufV0Pqte%sSig5Gj9TP!*sGq;st
zdZ6m_TiW%$_{53R+V|6P*7hiDTa~h6Ee0xX%Y=|Ou1UMMAn}C+_CY{ICZ02a?s(>?
z&M6l}v8vH|Js+h=!e4ctR-nwir06Z5U+zhnr{UhT9Z|Gp`~;=$lkjvkSpxVyCfzlR
z8*grAkH|qY{9&!)=GharJ<4}U(EKB-*NA_4jY?rJz(Q?UvdTpFOdciyYE71}N9xca
z4AGRcWq;IEYLpZqb^vzAE|?~wW%JR>%wdkz?R6p>mwRETS<<_32tl$~ocma;R1dGQ
zn?dZduZ|%*{L-Z97{~1x>oblF*qbRzJ31OUc0lt#W>r4*?l#Uf-9=PaPK0?ra8?#F
z`;bX+h01!6vHmeW>F?T&#9oGEI01Is%UNlmxv3NYuhMJO5~wP`A6`RuH*GwlpS7=B
zyV8yixzodm0a~pW!R&R!+ahz{HRQC(SaZb(6r(-_q8+^4xZa($8kst+qO(<EZsyDA
z69bl}2|m67YXo71Rsz>I%lu5&r|u-39`Y5me4iI(mHqzU1wM1p<3_qvwSzH^Rq|Q3
z+NCu-Us?=ifc8XVkpb)SuN>ii;r5m7C-~Mzd!&_4awT+DA)QOqW2nBJ;FHnhho)`r
zeIf0m`rkM6b+jSV)S$emHdnE@sq~N)0uglz%IwhljsjPone5xDlF9%%EWClSsQA3o
zT@V8;nr~B^MWN;{eS3j6-g%cRFHUmZgwpxp{*+Vzkalhyai1z%ci^kwWiC@Xyez&<
zAv=eP;4JOV@SxD8!{hmL?`^j5A`;W+h@vgB$^3zLy}>{|*Z0KcIrb*5>S`9$d6W`4
z2o#!*Ec;kqck=6Q%>^D(kmCs1$?bp%E*sc~O$=NUyGN4xpb5~C<oM>cZQbo+EYeXe
z{b*@{0WtqchZMJ%gSAr4-)u#YdZDBtITP$n_=;Xahc!tX^@HND_WFywUGGlm3oSO?
zxJPl8x7sDirWPAIS41RFcOB*1Q@k3qcJCAJYgw`+NL=EUDiEMtB0f_`w0R#oHor_j
z5*(f8z05`7m2JM*khtJ&>#?hDnBzlkp|J;0wAx`}bs4BT>=R!9Vr@9+_7ji!2%=nW
z5GpUg{ztgwKO!sdS-E?Z|96z-McV=s=D+Uwk3Nu3P(m-&fr>m3uY`UZ$`@ei!|ty0
zw8o_h41Wi@o<(X*Fm*JGyS^!nE6u_7*m}x6;8VWtb)@sCCU9wR^4b#mj|D}|=;Cd{
z{c>8U1e}M$QFL#N>X6*-v9m>G6lql=G?v7&{KriSg$ASS4|(Z17Vp!^zi;pIS@%91
z9Ube>re}#MQd2r9ryBEGN{1VcP8!w^+K1xHWbDG*<iht9DMAMY$gpXtysKIZz0#0M
zKoLHA$MY=)0w#pKk1F~d^RH+-J(#Piu&IuQJ|=+|R^=a-l!F+#ieXoTXZC6OD#G*V
zZyLvb_oudw<)02_29-ta6kfpU6g&QIIAY7k0XvQEx;OjDH=&e{EXl0mC)OT%Pm`~=
z6<iGb<1USLt*sLM(=f7rR2$jya_cLMz*SA>9Fnd2nW6F$Lbv1|l(tER+WALfkA&)n
zSe&G;$Gc@eEhHyCKCY{Gxux=I3o5;BbF6mTIHGTAv2`NMLC%LQHU*<Qhl-NlgpE27
zbt75=oq4svR*$lcpY!sqcj4>P*BJDw$PM4~(t#yIn6VYzxO1ohLJUND-x=@=ph~Bt
zSMrz9S8e!rTf?BC2GokoD5-#(g248Zs?AJH+v@C@CNz8J57aN^<a%lQ9}+=3eR-rd
zb<%fHa8ZghMPwMm$Frd`U#D-=^M=%9%y?=Q-J9G<3}p1&)&*a2h|``$ce&?ZRAuF_
z{+>-K$M>o3vba%CkR@Qum|vU++O1!wcmL6#p769?KK&k4qK1?v$Wh|4UU#}ZC%P+|
zc-m!%);?{FU%9>=zvV$)<*j8)cCHvo3a_U)10Odbs7%6)$hX*I;_SNR0V~lgDBGx!
z@jEo-E;Rk-mgf!AJte`x>!0Otuo_*9Y1i3r+eV^eprGNWcx7$sHQbzmAWh+2k!H9z
z2@o|e#~Z5}Dp>(`<B3s~(N2Abv^D*AdoQ02-wk(@<+Vm=e7v{=%W@jH;Uzw&;9^9K
z0eZ|hd3iIM*3(v6jOIp{g%^k%=XU)k)w-mij;4%GU>PVTa&YrF&s)k;3k!3Gg1&7I
zi1j1(j2U&Q#kmiBfsq21QIg+CNE406D3e5<ec7mu`5_55-aXp3wOq?G&Z3{!zuV%z
z?5%A(8chV2t}i6FmQ<S#v=k_G#`NvqK@(-J2FpJeMeuQ>45Z|6<k)F+eekum77)|$
zL&U+}tOb=Mjgo~EK3Z@uGPVJtL-R41-TU44JYKi8iqn*)?-T&>l{xgCbRi*O_myRd
z{A78vlXxViEzUjrudv(H<9uGtm?~{GD?g%s(6;O41J`$aU)jk4a6*n8F2+>)?88qg
zVc$5D=KDiBLTUBMb1+`Jm&H*ER2tl3g~-L9;U{rF=&SrJo`os5mggdAa!4@EWpQ4v
zMPH-zZ+p~J-8P`eXp|v-lYi4S;VVAzT2=ND$~&v=i+fo_zOWglw+LaW`a~CVHDB#(
zviSO!_CoN&lH<gkYBpapdpjhUDX@EA<E#``O4go_La;O58#Q@>hpNQ=?%=YYYtAw!
z@`Nr5ao}THsXn7}aS5bKm~X5@=!3O!@#y&L&;BLW#tJZoQp{Byg3;}^^fEhHL%uh`
zWW3L3NK?eW>nXi(h(BtUrNWRAyue5!hPzhzO}1VKN1(7x;cjno9sz|%39Se$17~iB
zn`h?)!0HjQb1pB^Ixid=)v#LL+@Ot!ny&){uH1mQ>R3^U_l8A#8!I9F=w+-UkGGt$
zXV>`4I3S&Y(@ZnrONw1%zkddqnpVA&pV2e#-Q>E?XSA%y{iJ7aFpr;7FE!vQ5PkIO
z^SESm&{LmSp3{+(Qhh$zmNI7R)~Tice(>T^4a$0!N1<Ue?WeWclj@H(C*RxAO+H<^
z1=+gf1sAW}LyTEv6&557Wn(_;g68}@s8)SafQUJjJ4?Uq#`{A^s`HINtkJ4i7JKFJ
zS*}E*9w`ZM_q4%N17Nur#gXrQwilLu-#smPt6zwHav1mI*&g3;{C6+rvseZx$t&&7
zV02U4frH$f=U;cf(m%6ESy6;}ZWS&gx9!ks&XN8%J<6WVyy<x(o8oi%e{9cnZm@{B
z0QtPeUUlo90IfxP>Z!3s%*1pq8o#9Lrl+*SWqPH$=XrICNUdCSdUof6<C1zb*gnqA
zQwCBSa(K1-w`t5vhYekD<4b+T&d!pic7r`DL`67O>-k-8+j;X`BtbR$G2MVYlCY=z
z;D&pv$FfY#%8UF7>w`Ou{N)CXymIC-@Vj86=#PJ}Z@8B<x0-#+-tJY9s<-xFe7aRR
zgN~;$eyiK%Bke1Dsy5zki<9U{fH?N8TgtKg)E#H+?h3lmq(_CX!lMCb)HI&Hr+omf
z;;zy?+L*rb4Rz_ouO)y{8;5O1r<!5F>3G4D!pK#i%iDd3XO4RdnV8S6f7+o1*i8S`
zO197rtL&De-Cl&??E*1aW423Ws)kY~uJAf)pGCmjDUTy=|Kf8bZ0J+NmgQt}eX{I@
zwrb+!bY$hE#Q^qR)!g+_wh}enNRPA^S2~`DV-*+=MFIibXyBHPqN67$_oTu?kbD0m
zq>Non*Q;YxbJbKOBg}VSt1e!^s*}2l!leBRcQ{jRdWYx;uoDQQ{nfiMC!Wfk!bCOu
zf&;8w<zCGqU*K(gpF6k-X@pyZ8EZx@ZG7WiQIp-bCXPOw$BM8a?3o6#GRNl3p2o<b
z{;uikd;F%#gE5R3gZa$PPwuJuM)iI*aax^j`h=M&MYZwPHDPSHpf&(>?pkZVB1#oE
zHL|73B-z$*)i_LOIu(;b9B-TGYQ=RYM5uw1h|1?N8(H^g7iL>)$2YpCI-IDAbV}no
z->>;^Y%b<vZRMZGj`^Dja?UvPyMH7+ICA>BsHpT5NgIPecDs0sQU_BS@qAN&7HG=h
zYX3Uo-gY8e<|5N=suCz&C@?lwQTkU~0UPi_A)ggJbbEgi^HCJJt<!e(VMo&*6@%U{
zm0R=nN<1yJK*_rx3QB5Fw7WxYUgvPFhKQTu>aFRUkVu(t=0=nA>LU035SAU-h3VCH
zXTa!s9YveDEz+;cEuDkdX;{^H;vf(Q?l$ObP`WrXRQ5nRvKDv>XXCT>;9>N%4s&d`
z5Z`-F$d<Ow`jDK&p-qSuOh(+|Rq>uK>#*n9RSCw39sVofd5ybQuR6#yaJvwZ5>&Xk
zsW~YLi;9v@5IeSN+cfahyNK(H7(9<ob2Sk9Ir>_jG1o9im{H7$mDH{xwr8ufg+_CV
zPtm6S+;MnT+XkFgv^Gu-&A+XL4ReVxE$T4PXZhYeYO{ijB8K=XX`W;flFvp+%OJ1v
zo~mYT2hNlu>-hHY7%RYMS`W_FrN<R{?jVY&%GQ4`#vzTXAnd4#5Q00U5H|mOZr!R-
zHu$H=1`1YuyxwGw?q>Wn{f^h`O_;C=o>%?lc>r^43E1FUvQ}Cb>ejY@P4q{PDJY@$
zh%Wd2LD4e(^Imuv6)-dZyEK(Qaoz61+Mz8amf7v6T%)^nTZ%8x)s6*NzUg`Qndj{i
zm7ff;teEt7RAQD<q7Q?@bE-UdI7dQ~$+G)zk-)QnRZ$Ka1e-j*BN|)HT&Jeq!)31&
zLb<s!U@z6U&kcO2MYvM5*IemNwFCNgPurb$_;9q<Scbr>w?mQfyuLRl+dMF6=QP|i
z-@cUXS1?-XHk_MFe%e6q*?O)tEvAb@=ydVfn~KL5_FL_>FT_fHeCQADTn^db#$upX
zb|kY`ze@0yLm<us%~-LDR&2Vo4=bvc+0mT?tN2qiPt|uKm|cXL{CD-&nP%75>V10A
zbYO*5w&lhKSED{q%2Oo+DG$F5pTqQ;b+k?Ri`Ta3jPtk{7H=hkyHUCP^C@?{@y`?a
z^kxovlg5?45Z~1@mNBvCM$VvOou{_<<mC0&w!FJc?aCavXCFNC_v?wGhs+w?YTIid
zi4>kN^}aKOk_)e1LU~JJ9(Uqt23lMumht;)ha$hO<)6zu<xUuRSes%~kQR@MxRzLq
zHIo|KpQ`XSE=J_{3Ui;K=@L3!BBJ}M_lCylS1!wghxpH}x;;}1>M?h4iJm9;?TcEs
z&xg*>x*6U)Spg*^ZJK&YUG+C~!kD~(9H-9&ef7`h3!{>e%l4PV%CV}9=Q;fobS^%{
zdRB?^17Xn#d+y5L;6de+U|V7*>HT|?)>4%sf@%g@nP|AuvD1wEH`UOVm&wbmRUtSf
z^#@ZK!ev%tFHrVUA&ACKprgk5ZfVc3butC9eYDHoYWe3E^PIfx>U!_W#;>S=8?LC|
zjOSIwc_KRZ*)`<qC`uPxf3%*=h|WB6{dVAL2#oC|O$nukwe4Es({9FTC>vSbF)e8^
zMZ3*`Y{&f}1!%fj+tAJq8J+Nh*1O}uF)y{<V`>itAE&IB3a)tQuj+9eHCz8IdLOed
zWmm>RpXqDje1vZH#i>x((Iyp0@7<A3h|%A8I|;XVITMDAcG^BLVp|USnU2w@m{i8h
zm*zOkEBn0ggpC6lGn1cZ8y?R+GfU-N)@MwO+gH4^oix_OAAohdL7&G4aoJxff8^p=
zYnPNg8C2^Bflt6e2+uNnO4-uWVlhrt^6+yK-W-qrHZ%I>z3dk&Xwd*gPajtMJ;3Sq
zS-)utvHIN`n-8b?>SsIx;onwQc=A_`_f5UaKKzGb#$y-A3~UBs`ty+c&}=P6{$P#5
zbt+kKW`%+)Y+)3^5Iy5seJ-sIt6fi!FAAzyN#RW7P4LmzoaS9peD&ugwCR^RZkw`M
z8Q&ooflR5XYES0aj3oeb#}e;?=yYa>tz>XXNDsBvb(^^w@ed)}g}N4+Juklw`I?9h
z*Mmy9;lqdUlKRAEF*q)UA{=RvX`(gG&P!@k)R;EDoIOF=OtYiYGO=4@f6}s&sd@mj
zYOdYUFB}G&zg_qV%pP(WPUG7*r3dFNjCt_H-^>~>?HubYw*lY~n{P0T`Dkz-S4_cg
zuxrcCR5Z(8!jel!r3^{{CA`empC4hh8#fJv$E+4kKxNB|bV*<@Z9AL$4bH1@jkcG+
ztgnA8jTR{$R<fwtqb+>dMTE%II~U*`V0f1=dQLsOm5*+0-dn7NPg#0?qXrxt;SAZc
z*V~w(>vPt6vjZBKFVjM=*Fw)J`fws53z^`n84F?}_d?g^Xd%Y=&-jXQx-H>a;Vb!J
z?HmrXP~`>X{SER_uiW+j%)3IJ5ntaN<IL9B3IZ~#{2D~2%tg-+TD@sM5U+c|)o=Ng
zj(MNC=!re==X>i$=w^M1)1&011oyY7DI1G?x5(tz`GE;AnJ&>QxAultLhrt-Z=(^a
zGH7S+_uS#SE?tq4Sw2D=xf=ySb65;#hvt0hfrnFWF?Y4wNiY4(^wY}NW{EcHeGMc7
zIz~l!m|RxNU!TaM(A6MGBW-o_GUF34Qv$K%IZJu3b9%_0U-ffKSLHg3)0MoZ+h+QL
z?AN|4MIe`rcRQn3S^C(o^ygE!uBk_;M(8zyu((UgW_~&BbtD7nwJu|Ivt{1hD4bO?
zLkaJ>&*}xMg~~{C5X<kNq0}c5qYdL_2Gc>JDO$0_W+^cU^9Ei{^VRhl8_&Rei*%1X
zo6$z4u&jjLMlp^%{jTc6<J_w4tVhifb(-hgY(TK@Z;L3*;0W@I%|g_`5VW5C#=Ygp
zD3d;{(!HMp=e1+DPG3rge|+^~I|ruVkedKA^0J#Y|Ly!%Q~(FZgD=2E-FVt^)!7oQ
zt445a>o(F+**5)h-E*gW)wQchM95NZOt%=*?N$v8y$`PQL3my@dVgVf8Evw4tsQH!
z1y-A8Ojn!Q{<PVwvbWo0TzB7t$JYk>`*G16&+{>IhGpp|w{{-06E1fWP><4}FjfT;
z*?m6p{rkggGMo*$V?3zCO~(;DB89g`)#x8?{5RMNn-rusUVU;{na9|u8R;=@v4@S5
z=I99{tOoEWU!}D{|LSoi4O-?{R%e?l0KHl*8VL%zI;>+w{q3yZ^46jBvpddDDVw@d
z1Mb^i)w{=Yt40#YO=t%$RYXYi>npXY#k_Eu)Ovqgn)KUF3OTGD4j^go?`Cti;c+37
zGx2f%J>tLO;(SKDNE6*F^=2&!W#f^ttWTIgzsWiq;f>+5OX%g8#yt?tXv-FY2f~Q2
ziJ)S{{m||&RvHFwKR0as1y1B|b*4w0&&8j8n*MnNlzhz|j~WmbHm?BJjWO*fUvfB*
zKdua!HngW^*avSEDvEORHzvUx=U<O;w?|OFLNxve^~jTRm=M$-8OryGM)S--Si`eN
zY6>8*->wm?|9t!Wg8qUIAAJ#i3Jgx9e-SToOLpQX_^m`pk#2*t7{{>K%q~w9z%Nep
zh`3<ABZbX3nAa&OG4nD`vv$dLffUYrN?JKQGzSa!li$MW!T&(Y6h9H#AzrK`x+jlY
z^A~|o#RXVJU%tM;<y#kOgM!+bRXzFuLr|Nb-nn6~lW%%&lJ+eM?s`FT6R_g{-I*4f
zw69c$SW`i7d_##z=@BeYafDl9rJS+qrhqK0t7?zmp_4cVw)5F<_gy5g@o-Psw5_=C
zk$c{62&MhhUbnfwm4<&SoIY=Zs+U$>&lc<p0e4d4;wszQkM{$Kso<dfZ4$|gTkS=j
zw4-B1c%Cfyqg;9odjO}FJuq*7%YD|AOX@w2%G&BI!|D2p7fnh!SX}|-E~ZA4(+Z?z
z=Mtl-o49Gjp((6n=`-zQ8gnC$=)6!1=q<PD)JRT@tzFgi>A>Ks?;*~lP9iS;(7ClK
z=79(MOa(iz`V4<7UM;tCJ1%4nfmBKhr7$$RtNoh!cL`#yJy2BuA1IpTU+?eqDbRKG
zIi#s1Pmz2I7XCUM7zdp%VPjZ;yxT>fTV~@koam8LIjg<>UNHx{u<F32CXm$9K6)YL
zr`y1Pe)L}3sB*|8KB1iV!In=@x;G8GKmdM>Ze+Psd`jPqd!TQ|{K1%VQGw1oN#=^B
z#Cj`i7Tt`2H4vcC4}^xIOFCZp+Lg%<PKLFDQV9MUJx9O}_ad~Q<IR&T^Ch1}m2?yb
zOh9GniP`dBb@sX`E+s_vmlghCSH3!9{<(krfWHl|2vJ-=nRm7ksm53fkQuquCAuyE
z9kV_wZBMC@Ms94YNn(0a^mW5VX?W@akU^;8Q)qO>Q4uWe0MfH3ju7<MZ(q^S#aZC7
zD1TxUMh9ak<|&e+swvsIt&v16qxJ3i#}IuZm5}L9Gicv_{QR|tEMvf6Pwj-&H|cse
zFKfeta@y`4v#@{X9JT`&0q1p=QY`#PDH_AnX&mV(-TV8z3VqgF9f^2r)EFQqn|KiS
zT2!}Ojc}ES3mmq#7KN)uPf-+21kloSE^I^Ewt*7R68v<+61v7)>m1N({E`Ji2JDm=
z@l2TC@rdZXm>DlPdld2pPHZi#t-TopTxw>bjlCK126rsy7eU7+C7oI_Oe0rTwh~;i
z-<MiV<_<CJX~!C#h|Y9{TiaS*b_3-{7|P3tEDT*=0gJ-GZ1!?}@L-9^z4tvDvQ*_G
ztwKqkcfD%_<2Y(kqJ|8L-x!-8j9k!`*DN9FpC&~uMdI-+b}cdi33eEmO+HV7b%e^x
zWob2Q*rk+-zD&+5Z1h+Xv%x20*$#RoVe5bHvR$miTal6RBY%E{qYI(OcQbFKm8npR
z$G^1y252*eAyBzsq%JXuO}ZJmwx_uc7x)aQw5Vmz5q$MAf3o2s$^}!Vrnrz0dc|SH
zP+Mf5BC-BO3;AZbH5F*_sbGe{a$=OwY&%&(iu88}J2}1P`mFC~D9OM=<U3Ai$}F+K
zdq^6(fuE?qZLaKexXlg2A!||2CPl4bz1ym{eF3!|y~bNH3^Tn;yjP?2fZ3g~^r*Cg
zBcurF(kFym_+UO+YkE_SCkO->b<qQ}XvP!c8WG05_##OxAxvmk7<=pY+q*fR*T<vV
z=RF3z`5uz|PsI75zZWybQwZSMT7`uOj{7<uJN|LM9g-ZG6WV~*BGLHq4LF9{XP7k`
zVgU>M!bUAPEp8Rp0&(&@sRZ~x21(rw*<{HKbLP-A;}X1v@l=}eHo+h~^1~()USbXa
zW~FOdr&Jf~MqOI=Oo0xH^h?jh{2{}=kdI`K9PLnh`{7JLJ7319AvbcO)UPW%G-%?V
z6>PtdE?i_@&kngG%E}6>DLB`Rb4&VauL4-zr<nm+>wg)JrD%&Yt5-lM%UES9Gm}+X
zyp~u=k#9}zg<o{*Rw_owRYggscQ=U~%?Bn<pQ<Ox{Z1zPZpr8pnd-yIJ`sem`$K`(
zpR;Af@1f)4U}|J}h<*$Vj*POIH7VJOTJOrLMP_=!fIE~M0kgz^4U%vhs4L9NL4cd?
zuh${1uiK3J-5XhB{{w$OfWPlqqNKe#-5Mv8edLmS?6=2@51GnEOS_mN)FQ=CV>h#-
zE7f*r?Q#|Yt0IE{*%|W&7DUN{B*XJHN`;mEk=a7O(IYoM!wgd|r=p~Qqy%l&x5~Dq
zqY~Bq_^IMdbx!bdb3DKJ=Scc^-$Q_#X-Rs27o)_}rS>Yrq#iX{_+E=n97vBtc0xKS
z9}_&D$I<QWuhmcq_e-vY_Q)ciTz#A5@==F6Jd0h@7mo!<(E-r)_u9Gil5mR*%#Z*h
zjjK$-FHfrNe(|EPUqE|X+bpg&NjQlp=I+zAo69!qTOI3Lk6l+Pf|9$cXJ#R}*je^}
zb$Za-ewiPEQWI!7hR<_kIV+2dtMQ}nGj|(HvI#usNmIs6Tv(!uF4<R`8FcR+?hc>E
zFM9~-w-gGSZz<C`Ja>UxTU#fl^`m>%X7Ze!7qmfyiK7#|UdQEXd@W8#au|Wf=1WpF
z*<Y{Y+XR@H&uaCnq!P&ZD!F36@ZTc?f)N{+zC8yYf4n2e&K;aDw*I@1IRADl5$yl1
zmB@eIDLvZs&xiq2{|bnU6q$dHOn9NWPE&6VS6<y$*{#`HoSrsBWkp5$h6Rl>;SCPK
z0K-0Tqku9T8Sy9>lwDeBb$$@@DBDWmeo@z^7DUuJYQtYt$eaz#do$^+1lg@m*<RaE
zUAadsf0X3n;N~lR_1qjDzL{Sy9|+!KrRRflHtb&6elQDbO3tc&qkUG}gKzA%!1}ra
z8KMxEz5Bx<nV-4M)ggX0Ug8Hc@Pd|`B+XgQ9j^)ijt~`z`!!?l2RoRjm>*mAaT<c6
z6j$CW<xROMF*kj>^izAIS`wHee_zW?QmGGwf5c+dYI#P;34!4}5N!v1zusvvKbWzj
zr|{evo-ul${`h_td7Aq=T%IMnKHS{u*mc7bikh`=j=fJFsq8W1If8lsosh4(Cq6WL
z(t3YFZoLzax<`-NqZEm>uJ%<m3alL~7jZ_0ByNpW{x$bHU(6JPUR<ggY;|RnI~Y&*
zf4krcHmdopE_mnfXdF7>FYgbQ1Zf&^`_3I~8SLy9d}0qe{$L+LR<cg=E1Rfz2-mjJ
zXk5|Auh8pxYfXk|uKZVnfEgtPd&=0V#SY`_m(W|Vr`I-BWdlOKHUozsmFZ{L%@B1H
zC`h1=rNZjhpxc$Pbf}gzM5;nc{)T4He~qR1x)5aWEEH#E-kwf^J}2bI$ue#C(R5<*
z%GOWoX8(gWcHKzB#^`vJIdhEC9fh(hF?BEoY=$HZ-cTiry7tDY*Fh<Eur#f#;i?5h
ze)Lddg(wycE%7@am+gy}CccO(aaXfRcXVjyhy(E=n?2<<)YG?GDVZQ;{oAv|e>~<H
zY?ZQ|pKGXRGUQw+Ls~wx$s}l)*(B02OCjzlmu1W~*N5REIho)Y>?2*)quLrx0#wln
z&_uL|OYK6`z@UQqQADvqL3IulGT1OS(&$X;XNkj%$5E8xp`ZG%!+-4`nPGO;yG?-J
zpIhf41#U^Ge4@I3IM0Y5_EPH*f1r~HK;E(t;_CKNyHl2iXg#KJ%@Ak4{MN=b)Hmcf
z?5+7s!T?(EB3QhE_xqWUAaPeC9&bn$t;iuM5eF6&M+ke2YJuTk1w%-?I~vzJwoV!l
zONP<}q439h@O?kCd&lj|=}T{Bb$maROS=sHm<8t%X`Bht;190+m?$Mef40c87R_^}
znmul?QuVGUS`fUtk5Tjp0u|~>>G<K_ZTiGZEWq`g$u7ah-j?^-g;Qz4O5B8D5rcSo
z{4kQBI;s_15reh%E89s!s9}Va2x+3umPVvk4AXSh^G`pIn&q|16xOBPmcMY}ib5IK
zNqa<9P+VGP>eW(>ow1Tme=(OfI@P+b2z$No9tj6G>}}+vrQP?KM_cqNUT8bBfgLE)
zw<82rmT-%$2UCI65~!oJ{L}&4-67joMo}fRj%gRt>b^#v)oe_$%9`5jcgUX8kDoyM
zciVgMgVmlDo$61f`LgKnc#ct{Goz?RES%}H-JCl3w%`~e_w#N%f4ye}q)G(H#+Q5}
znYx>><bkV$EaMfq7j4<u`EqY1<eHK8Zf5tD_H4fQ1V{B|1nm7oVwZ)nyKJSDcwOt7
zr?lvD)it6u_{S;T@i;HHchk0f_x<$)Y#q<GK^Uojw97s%!f$TGUVi<UX@7HQ;%ohi
z{{k7$`w`V3L!0$~f2`AlK;r-XEhN5u`}RK{4e_^c-@bkO_U(TXrp<5PzJ2@l?c29+
z-@bkO_U+q$#qsOgw{PFRef#$9+y4~&-QWIy5_|Z+)Z-HVhySd{b@KGQ2Lb}T{O2z=
z*Ctc^q?OcAhhGd_s3*3WO*2}=F(cmP5o!5KnDRgZ7i1X=e+(4>lZS_ZQRi^kqqGUQ
z!^2qYqZN5eTC^crFwL3#K3o$^kvJ$-c>yLgz}oBUrPmYJL+nMYg^@+-1t~@AXzP(L
zAIH(=Tg?2|+>E`t|D)#77p#BH#(t!gNX<%ym<yBJr}Y%%8?fvTsp9V3G#jTJa*|(F
z8|OA`Kx(wSf6`iaMmAG4GMi(R#mMag(O%r4_N8Q=Yp(p3PGGVU-HoUb+qEz|@w+kz
z6?$WHL-#_gpvu30|Dhb<vZh&I<yKRSV~N0r$^llf=gwHl7C2JexjpyoGH^gIorcW&
zd8StwEv8rJ3ST*iC~qT(Lls^Rm&IBRDB?7Oc5<}fe=HAgjlr=4)<N<&fG?XuC?Z!G
z|LoA}Yfg%;b%j?bmJyUe6&e%C5J>HAW*A6Rkg4LY=PTnyoJh`YEh#x2rB9Grpz@ue
z2lvz6FrA8Zz+n-NJ$E6H<$}`wsPoji4Pzw(ZdMY|TEZc~i+#f6=HG%<i}W^x@N-yS
zX7!Oee_A^4!(+5R<4L2L7k=CXtR@*=j`hN^Zu(bha5{?u=_n#@ia}g}FdTTAIntdz
zV<4*zLO<)V`u>`d&SQp^BZ9?=ilrgOWAW$UV#sP(^5oGd^vncmqZi9F7^XCz8{TU%
z#@*kAl8@*#*Z7TUhGD6%4(vP(+$@OSj@Z%(f7F5ruZd1w8X*qF!!!;0GHaxO`Nb4N
z?@)O9BvxSjz|eJRlxhaTP;nl=vDuWrU_X_<bVVRl(e#!uCR1C)?m<#2O})Rki_Q`T
zEJSQC25=7f<qFx`9Ln=Zan_o5LDch;NS**z`MLf+$d1jA^cXi@WOT)dMinWT#lLd%
zf8bLP&7gwM#eiiU?63fpt&nMQyhu`GG)sbVue#>o#p~+V8G4{|2e2c_e!13KkUp1S
zuUl}SHdGHuW48hSkBxOTM1tiS^(zzFNlY768*EWaxAmuSHtM~Cw6=qz7e3ZsXBzO1
z%(y9Mf(&dygjG)Zycc%Ibg*()FTA!<e>#HaIe+rCU#4!RBjB<mv5j8nS|j}aK=0ea
zrY-6JkzqDi0xWN*4!d)5^htB%qo{jW(z=~M9GMMSHG3rv1$S<I0RGt2_bSVrT`5R_
z<_zEh5V@mA5?P&6;oG_GVnuKi#$3XCbngOd%}r|)NhaS{?}22I@(J5E{!aUJKa33$
z*jK^u-+vy{K#n<50@ZI*#M3{u51*Kz<ih0XGR4}(0F~zkhlU;wt&oY=;Jb*_JF=fT
zZkC%yvX#PdmkLJ*8U-AT>Y!_vDMtq=e{N&95rtPUn=FL`yYy>3QQtSeR8wd!X1W&G
z#?N(leDc`_5xBzOReDPnSZ`UcoLESLGE|>6;%2ov>(R}JAc=e*4icUkK21x|c#w^0
z0(QAqyN>~oUnH<pUWvFE#%my@T-p0?feOSIk-q~g)efEJ8Bl3;j=QsXM)m{afBRnY
zZQd4&+q_sD2v-6XpP|EfQ|RtLqn~HpP%B|}2UAHlaAGkZ5O}8TkK)5a=-&p}S_c^a
zsFZeS<do21XPHoLm)mjoFKC>yR(V7$_3QlvOa&j}?ZDQQ{6Bul@LyL>2+x15oEIq;
z@=0ds!F;T%*yc@J>fl%!!cG1We`CamT2X>b!C_Vf#p#GN*d(XYyP^xoAi`KpNLUO0
z5yV_9n=>#{^D}cS;-rw!;4;K305V%lB=$RBWs@<!^j_n8wVaCP*J(AEOP;3<Et!vA
zf)4m5NYZg$dB4PKgY=R8#z?Uo-eFxjE6Z?8Tfa{=1slYNw(yFitV0-Me|2r*z6|8Q
zO@2!Yo$(dsRbwh;bb77s_oK{C#AAcgLXjfs%JKo(V8vrbw<)zPk~eCrUz~+9otCP2
zQd~Xsl>#HdOcQ)Qz*h%og!xUa5gG7cTU(kYmzVXywwHfXwY3Y!HV$cj*gNgX)AvT~
zvuIogJ3b#}1&X~pxZ|@ke|ZQJ$6_?Ottxa6sp038JjnidOL~OYp~h(+9jE<~ltN26
zVx@nFAAW(C0h6s`=wv$GRN@;Pi3T#<AUQj%K-L$3pwf6P$qqieGQD$W!l?>nRjWye
zv+43u!G7jAthEqX)G~QvU0eHh2%Q;<PP}4l3fy>v)6zx^lC3ane||(CI5&ysA}tlx
z+5~ErrPDmj_32@m@^XO2nQk^6N>G)8eqnxsxyi}?OAbHAD7pjfZg;nrFDC%4^cE>C
z9<=+Mdt#a%4C*-WE3A9cl&i_!JrK`%*!0l+>3(QtP$~@*Z!l7t+bg8EkGSEspYUh1
zAmg%VR-2WZahCk=e~5CWU7<<26;D4@MkD@#Xo8*GqzJdYL^}uq+4rTZ84MDb#CbpH
ziK%&7UI)=uP985%kvj}4t4&9Exml66F6p+*v~EPBz`(q8?@!!*6~T?DH(WM^Aps@L
zkXi@?ey6j2i3N6cBQ@6_thyH>(%s;UB!%j3Ur^6Bn~=n#e{$4F_ok^Zt3+=IXTd{w
zCbtOqjox=V3Pz_QkGIyY+IuVfGSGQdehU@glZlu34Q~+ns?$Kok~oS!Bn#$e0+y4a
z2vnvZ{JD}rGRZ0{(gVv+aD*L&7*d*?NNG;^Vz-gtq;Qkf3w}m{!DRJwqZWS>Cv+@~
ze_f7H&P4I~e@4*&3u}9UD?5EKxbqUkdU@K*<?}C3sYAj=5h29%n7;|0V_ftrs_>;y
zuOTYa3iCT+KOX7gQdO2e6n|p0V?`xr<KyQAE_3%Ix+%`{Giy`v^PFg(>_^OMHS^z<
zHDf%jFJMCCS*RBJcHw{nP#u}rulZ8obAQ)g%ZcZ6e-XT@GUJNNgnEPa|F+`gm9J+v
zXJsJor2&%pItnE$q`bde1I+;5^-tO_Tw6hn{*+?y77Flv!B@63C?HA!E_Ua7#FZ58
zd(1WpPS*flaE`Y;6R(-bj8uh3fZpxd+~A(MPn?mE0R9M<$Wx%#g0HQ`BE{7b$G|MK
zg@FJCf88wGym8ZRs2hyk-tN075L8ZQLOMF^O3(O#98qEQcq`c635p$lz~=S^$08&$
zs06R=^#wZPJY+4>SWUF*N3;KyMlwABt%so_*j#{qB<`wQUjBSJ^+cG8Qkt!OR(_%=
zT0)r4fr595Z_dOb`c?p>?}$8oxfR?ugzs1lf0qMqalP~ElHdyuNcs^Z%pDsRA!k~k
zs~ButhgPa8BDCcI)|xLB*I)0|!bKS*B@>FGxwbATEj`<$51h2$_cH-&J9Y6_$kqq;
zZr`%ik|A<W=c8-GZ^+P*QLNk8W&?d=#OOh==O}}SJtVtA$t{0arV8VP($0Wh-vwv!
zf4M~$J}CthCOy4|&rx7UA0y{D8a56_0o5C%HNmZ*uphgf(e97ey$hFL&&B|uXDqi6
zUw>LAWQ*63kxz4+pa@ap>r~<ZcE>b=rl1V?T2D_+3d*XXJ9KpOhdUt@hx{1hzp92z
z=DthjdBjir;t_GvS;1CbPx)8Y_|+vJf1n9*^4i3iN|)ymrsV)Z2ROwJpEz+4ANLcj
z-Ua6u=a5gXRpC7E7#!uPALgVI)og~+cmx?YrE;@EF|k3t!eAeG9%M<Z5zhC7_F2JQ
z5lkEX?8c>zapnfWq;Kgc1a$B&#kwIRoSc2Mcz6pF55aRo@Nh+8oI>EQ-QolEf86I+
zVtSsO3&yx~XKZ<A&knE;+XEz=1pPu~@X$k8iu?uR=hZUr3_PbMkSr_>Z;Dc9wrv5x
z6`h?k!gG3Z@UhBr1eOWmUNV!I5XTI%A2Go0;QFXN^4oAMv<PAxSbAjB=x^`nKCkPa
z{7ljyyNxdR6xi4WGqXt1#wl>Bf3)J^D9F2E5vYzlyui&c(APR5V6U>-qU%i;i1F6S
zhz>|d)6R}3I(0qUNv~DES$@K;S{N6Fo1_sAj$sQrNhtzw8cA0T6@$WpWW{e41{nhV
zH$VcQPz2Fa!`6wWhkV_urn&V_pOAZvr`9G|QakL11}OGLi%{|viGMUTe}qJxw<Jvl
zr%ejMIfx7EGA^UvaBD4cqK_xO`qlN0y>3RQq|jwf&><RGMsyCrlA@T+$xOtJHt<73
zZ2+Td)yJ6C^Mwu073!j0scU(O)T`H?v1esHXzQM6;@8-drDmcJ8H$A7xT7yz?QFl>
z)V%5yPl^1S(G70=ujp<}fAO+MSw<V$Oe%_nqAIe;WD+8bGSVVMk#J?GrsD#~5ISYa
zmq(Zc4Ph;2fRjLp5Q1j0Z~!5)D8o`J87%4r7`Dq>Q~2BP(7q7uK|I@xi~35MHzv?l
zsn#SvUizvq&+{>{h=V(sUh;WOw;r(_`EF-NzuCn>4YGw>OlB6@e_Z@57{{Y{rI0E5
z*`DZJ#Un?~+96$%96Pi*NoW&csF=$nqlxB6Mv^dTOnRh-l-4gyQA2U+oWVjFSoCzm
z{7WXs7bC;$5T#05tSu4c^XfD2-C(Za6;3g8kC2*7T+cOnCxvth-=F$|&|=J+#!~mG
zhJbhy2O&;M!(c8Be+j+1hMf=`eWKIJ|8+q~IJchc@I9sqO1QJ+2M9>5(ke|`k%k+1
zp6namEYHjCM2+n{ji3!W(t}li#GvmrlwLazkj&D&aBllvlVwe{9L7(JkC}boz{*PD
zn)6U*z9J4e!Hk?&I*V<lBUi$pt@Eo0@E4D=B_OrsM<h-Oe@<q9nrYuamMX9C2Hvlg
z3*AD7>MRo1Qv6_3w3!qxk>3(0%z@?;UyK%-xo)Mu(4$+g1XDq4=`we#B(Q2hF>`X|
zu$PbG4}W=Gp$ana+{KiQNAUk{2%-wN21o2x7u1Bt56cYRiEftyOgchl%iRZ^Gz8ZI
zH`sQGF<7^mf3X4yZbZMeY*po6TSAH34Vg^EyM3MWZVOR#;a$G$q*OzJFFFNgpEY#2
zVvQV6OPN-+GAK52{`SqMH(vRuH*fWQ+C~PYqcSxV57}9J(w2tvMqlK<>baTdx$egA
zC~tL`rtWo5f``WqcpA%vHsYAJ<51sOCjE79orNs8e~ckUckPPCx3~0;tgWWNxBd2+
z+3{ldjxqVBW)dFwMinLtDD!j&pR$c~u{`g|LGJcMdai9AE0EJaRxYS_;=3rM7idrg
zD%oSjMDYF<&zFgq@z4BEM7!3hS;eIBPhIVvStQN8J~Q6IOJx(Lvxmd?o90n~*2M&V
zw(Y4De*+Ns!vKLYIY9rFP??f$*u$URysU^8`?J@Y6BnD|XJsg+$35Sjy1Q!0-vZqO
z*#pqW1%jLT3Sn1vRL`o2TGgd}dkmEAuP|t01<pFTNG<g8I8|q4>;|?^^_K_j(E}Do
zAcO}UfLxgZ1{Dz!bo(1KGn1c&&yaeu2^vKWe+3*^z$M=Om|fG9F|tJwb^a`kITd)!
z3;9g#zav6e1lCvOKLeo;yHg#IOB*QHJ&9_*`k>4L6suI~tT!saPZO}+;x?~F9wHVA
zAG`q5^YEL0CMlMo5$4w$rSO#np*`@<sec~&H5<RZ3du|x9&dk_kHX+clW*+FIurT~
ze_8MLXX5-;ZC|LJY+aI_Yi@Sv$(V=z0w1(kJs>BCfQY3D|JMT<;wc(rA{SB26@c~)
z=!`(1jO2lPospiLE~={<9vk)gOethFXTwDgKi*AJHn~QhR>XmU;0t}i4F6ZLCz7=b
zOm7ptkoz@M5V6ut^9a(pCY<3a{Bs2Ge-|HNUFn!`^&NzQjqQ&P#M6l&y+-bVW5q}B
zRqE>A<ffqu%}mQP53jdMvY1|>_L9lP7iXh@CErWmXKeJ|N)3S6qTx#A{xxROjwm!C
z`=j8!H{`4iCt+Rg!8Wvi;r0u+w+xit1yf5!(IBJ72(yiJF*TX&TX;>shc9q#e`R8O
z6@irc*@-bb{rHZ}w4nJt7~~Y6FkuWNv6AMG*Ks8~WVY=OA3==h>kBG<tCT(kq8Bgi
z-+!?=mE89}*yRc6p_uLkz~+;)gw)6%H=o6!Pv?u%s%1i&NpLofBX>@C5I6j8BF}3r
z{}6P+SAUj5F537XsYf$(AZ4jWf1E@JuZ*SoA~O54kxu15wEs+UU2mZ{PJbJ0{)9MW
z#y-(~{XJp&Vde-B1{p3k(bt^&d*z3|@ob0K^o~EE32Eqy_TDqUbI;^HHQ2A3GO+Ta
zX!6`{1Lc~#?+@#sOy8-b_Qb*{!uoWHDF6PSoP<7As(?EuDs5^o%xGNce@;|s8IY3k
z)E-rAgbHn4k;*xO$jr&>X1>obF%qvy2Llrll@$CxInu!oMYs!M<0Ld#OLHTfM4&F5
zHXGFmG`p9o&#!1to^44~)rS+=kC9juHfUIQ3#C}5>#Y;4TFG@Iz8of_Uyfg(j~V8|
z9aEQpe>bGw|0AT-`>Rs4f2>iLv4;JQCTz?e4;vZvVc{`A(E{Xcspu5VsT+&X0RTYQ
zLIiQL=q?d5lFH(8mx>LxilmBr-WVtxFjP5d8CA4mu|zV?vOP1Vbztw1uJu*j*5+z<
zcKUqi&xMV?jQhkG(;|+$FW)1sud4}2%P60>N0ARgZ_dndy2*XVe>>6J;L#VsT8T3G
z*bGrWrg%*AjJbu`l@)hy%e#g8@f13|3K2EGjiBbItK3Yt&B;-T#ASH1x;uJ&F55$J
z+uegY0EtG>!if~C{tA4yj?P3n4;Kqu{oPz~OyQ{UF5dJVua$)b6hSdP{)7J2R_DBz
z=bP?$+d*y<E88MnfA&()x<f#3O$-vOwpg^W{TVhDUp<J?CG&AfFf^!qM4K_lG98HW
zsZx1ix$^1Lcq;vu+a%E2<Av7iQy~Gaav9e6St0j!nsJ+vfic9WcDrDkvZ?;iJnZBv
ztHFmbvO;J`8|uTu1G@qQTF8cEY3thJ=;SA_WHrtY?H2pte+re#$BkSmFU+2aRVUvR
z*;2NSvi6Q5H1`S%WL2i{dmrfjK;tuVriOPg=!e8!8YAcc6Akrv$XfL*sA#wb7B<F4
z6V3nv`^OEA*{!Whznj4$h|6g*0&qlPV<u#S))OTRx1R9mB`HE$oT{44m0mUnUJrzm
zLxovP$z>#ee?{nR1V~g;L)J(PdSdk0Ktu$c-`+(WL4--jMF5#fat!2r3rMP2CX3%+
zxV;`v^un^fQK}PxB}75|QLC%+0f>Y_@;}`K5CMXT2@J4T9Xfc5grZl;CPI*&PhjWP
ze4_n;G~UY73dSkuWDqdlVnr_;%Zw5zV8Q6!ZG{dce=s7%1LT5TqzN5ihe7K5C9oYe
z{!KHx!DGR)P7pyznZ#S(T1$gqM96J1GR35>2imP)SA^t03#DO@LJ%5~6^RTmiHl)}
zfq@hymGkg}%G?2T^;F(=KglS<DbW#a@zEGX$NlJk5dbKQA>RqhHiHC}S#&7mK^A-v
zGeT(he`jiRg%6qZF$o(Phm@YQy|+u1sga^ZJ2QY;h;;JLlq;fta*CoHgFCWEJKft9
zh;8*9+d}jUYaq$1Y}L+p)```slNyRe`~+PfL*a17Q!_^lDU8J0BkC7UN4mF4wU6lt
zzWdahee>d9uGC>7hYsc@TPBMaH?{)*Bh6eTe_}1llE?r_2z%A|(|<u82_n8b+T#@^
zs>?QM0soIDYi9B8+knwcPKL~}@Nb+F6c?xXw2K!H+G0$e!<O}9T`UFH8!Zg^=U&eJ
zcQSS~ge1ZI%Ux3@EdIajkI5OpwBx7s(j+{{QamcSqeft#m>ASSY9Q<R4bL7O!8C}8
ze;M+U0nnApv+08g!w)(5u$!2+=H|!0Jz$z_)|YUaFY1L{e?^%JjDG07@F4gtaf`Bc
zOP;h>Lb}wiMHslV-DLMaoBHu>Ze|yqDwVFUt#J-L(3Qmw^G)F(wMA3<=F4w-QX&1a
z43L2d5)SGG)pH{P5ZTvuW?Pd>jW<{jfACUIlK>;v9`g~ql6vVz&gRnpg65y^tz+bz
zMp^$7n{di4l&<8wR2GMXRoWA^<2#zlA;OQ{&SAA#i+2F+Xt0>q(3;=swBXG8A=PJy
z<P4gBf>?{xYH;p{-}8BFH&PcF!A=R5kp$@4T_{I^MSz>z*zh*LSZg#Jf&<b&e_gXB
z6TZnpDz;*PX$xVIK}0rLr35~#MF_|DMkzewJ_au_ad>fr=v=NriKW;GN5OgW)rqMA
zTd6e~HhZXD;qvV_mQ6yvyufWk11?v2(h`>^TDt~f$`xXhu3M!w>*5r-OCmR&%5u;@
zTdK<SE$rTfdMIBWkHDBiavDqRf5fAWOkd1Ju7TA}AIlQiSF;hENRNf3#^rNB?%q{U
zV=LC1Z&)TMr6*wfd$iuH_s8X;xxB=*4LhTi-5y4Ws!up#?rB-!{YLJZLUvFYI9u(9
zQ+-XUJFO^driamF#?PZJMj(Hq^>!u3qmS2MDUQRljX4|1v*tbCH=(4sf8%7P*7ar%
z-*c(c1PR01XE9&I_j2@$44|ft_qwCx4IP2e&XjD9SS1dOAGsn=+Ce2q0N_%&?7SyW
zgkV7;JiuplG!853ryUT`*|J^BPV1nKDea}(!q3@<UN819&Y;WW7U$N$$Gam1$$y?F
zzs;p3*8)|YXorD(q0k@Je_JiRot$YOv(fS-9w+RBpEy|)sP>!0QYo~blQcE&yU{o1
zF)%<o*MIwSZMB~a8}62_BZz2v7o}tJ9fOmnd7h4zT`%7c+#g8g5UZ-Hx-)o9ZV5tQ
zGaHnK?`YI6H9Ffa7Aa<txed;@>ct-KwZF3W*q8n}9=bJ6WvF-{e`kMzq!b;94GhB<
z{F~wV-`{42@PBJF^B<!F`W<3;_fM*8|0~rmRH3Am)lhwskc{K;MC|pD20Irc8Vgh$
zFwjIAexRApTWZc1sh+7?Rk#RMs@DEUQdt!iL6w&Wtm1|A8Yn3sX(Zb;^h~_ZzisE0
zM9VbR%49w#r1rdje{J&|<v3mWM0IM|EoDCFX`1+6WTC!2Q1~-uWAM;(<}KII4j3wl
zq&?`ao#6vAC&#v@Y4xP8Lt60HGiu<FvFRTLE%H3ZCi}rJ*$_@!(Fqpx$ew0-k~(GB
z1U*bfjEL;ugK(UP_FDzBnZabrubNl}9%5(_SiQb#42?bNe_83h^P;X=)km_)cS3Lg
zFR*1yVt+@IeapIMz|itj;x3Z%Sc*shgCK-{M1WOg^P;`{_*TTYRlrDe7gltL)Q2R#
zh#MR&LSq`v>5y}7PHs!M#;9w<su$l%MLAKvpR-C?<4yez+UG<W*<?BL3jv4-0dTNX
z0L~?1(UiI5e`Rb&8T`n@teDgz0AvT)<q>mX*mXE?2EL4QF?`E`l!1VM0#=wI!eeG%
zR?MfPzpCB0gkoHfwq`N=YI7s&P`G;<2o+|Q*agZPJdb?NG+dN3CXEg}f{z?=TuY;k
zKbaTS?VU~@gO5M+_V=v2V=KZXSjOJXL6<!FN+I_|e~SOg&hmZ$H%$TeyH_yR!W`7h
zzVzW&p+DpyJ+b56@%bpJi=G*L9(7$OfrT7>8zQHhp#Vf2Y@A#nXto1e4|d~Gd*Mk1
zXi}<Y0r3R1T*5Yax#?`X6FY-R0?Os9R>5Hd<N(s?*&d-h`ao1zU4($Z6;xfgup#Pz
zJKW8te<Fwf98h9XTbgW^hSZw8ArJ29L_BFPJA4s`5v?tLV_#Jvc?*GcI0aQ9A!?ko
zNKREIlj<LUWh>5DpJ(C7a$Ml=*b7m8@auY(<?X^AlGy~#u#QEH=$lP>0wanfaLibf
zTb+cUggsG87{(*d<(ztw5}ug^UR1#;QbE34f2*4K>7|T6ao&pO#c&fm^-(}^-Y@vv
zi(^(O@y*lHRvY|E@l+X#xZ#a^cRNR1g)zIzVw!lSj5Mopk$Sb~_mi9>cky}0alCF_
zO!=v-D6LA3*yum(;Arb~AH7k$s;eLcy+!>2gWk$HctI0Yo|Gj~_KHwEH|(_-*t>1=
ze=bP=m|RI<=^_qT14B-R9CzI92|vkw`sJS!c`Jy2zd)Q$AZa2dfzh4ufoN2G$N<#$
z7u%?ql~pQe%~0{1{H@h+l5+p-U{&)j;y(pWfDP(?v_wt*{<?Y<h=ahv{X1!?$jX39
zU>PY1LWC`sEKrgtV*xfx-OG$v04sG(f9cAAKeQs0%&em|mW1WVCFd7!#}zhE*L*72
zrb8^FIS&45(fm3X$RXz2r>V$>45<f#WE(7c8${iS7DPEbFMWM6ssW=sl%cJ*FoYmr
zqAbT!9DAffdiukZ`B4fl$dd^T3HLSCX4MW!i=U7MYx`tpX&PLUV+4g-0scige@AyJ
zAq{4u$S}KERWzSsfk`b1utH>317%XnlRgW;(%M3fp*O~-=fR0-WxlFBBkQ{;9BSD!
ziwZT2rdU;yh@O3fuDy3O+f&%Ehc*oi#Q=|2Gd1^uQi%+yQ^B_#Pak(X6RZ_07}cDV
z*2CuCFP$iUFKQ$Nr+fSf^5DiYf8Z*>Y*8`gxQi#-@^{K7KVD|IGj3{R(=1{L0I?-C
z@HC(yC<J@NYc@GoW&K1WGfZ-~@_RoT`4j<Ne3LdqEH<<JFp93C&^n);-%reqqLeG1
zja*?mZ6r`{+ad@=&&hIj$=DdQ$W~u)gPQd{dHBv(%@nI8ZISf1DWuj^f6zc<n>;z^
zwS)%RYCK4T*bR~rDz0^?7^5;(`qlL+5j=x~Z<a={Wue+1npv9F({3Lz_QPIJ0KL(8
zU#GhJ)D$bA2Y=Fn#NH<qxI)fNz@!N85=?`{E*2j`5#K=St_L0LZJqeWirmkJjm+?G
z;zuVuTj9j8yau+lP)KG-e?}T`S?3Id%yLM<rMH?gV&1+?LJ@OrEkSudX9p{gS!cSz
zEoT$27tGt=J`CFD>TW1FdN1s8RrzALzzl4a@Z8q(UWvP(b$AoU1f6W;RR-Hzyp~~g
z`phnKo|}=*Y@|wSkaZWxseT8$)Vht1ZpTx!D-;f#jY;Xnc7|F-mz!e;34h?0jfl80
z*X_0cM`}_6iU0RE6Z!V-+y8vDUEjWa`}XbIxBp4lioSjO_U+rZZ{NOs`}XbIw{QOy
z|H8L#-@bkO_U+rZ|0$%vzy1HD{PlmSj;8z%|5+U!_1R(r1O%S^uOj5dG%f2aF|^??
zv#vAUiw94iNIOOu?F1HyM1RTryrTRfDmD#7VPOF{3>9c)N;EkUXrDqs?qp)khkVr8
zpb}y-OJc|J)-Z7Bptu1Cym59%6p9$TvvE(i&h2Kd?TNoc2=dBCUY$^eMOQY5-rX<L
z>C8vCJ6|rxcQtYN$LL>HF<`*%ZKV+%@hNC_4PSthNWMbH<xCh5&wq4L_Y*jv5H(@;
z#paYwZTKE@5j5dfO;DIthhk_)qK`b{)}~$PiXJN_+OIA&uK3i}SQ81g4G5%K9DR%{
zIB>tezk^~|>?lrtD&xkTB4-+ua1l-zw+<bQf(oOriI0qdp!+rYM7MfQ+5&`9MzUTE
zS8p}KdZ0D+BTMRh<bOXt5Kl5OY@(h>qs+UKEwihR-LEB--&{td;{0CTPWy}+A^o1&
zh?#jn2<kgtVKipDgy<}J;;33)NNaVvexX{SF8tX#SX;~tR6iwLUhWK=IR+o$B|Hal
zV5U~SdSY1hq8@3N1GgRKK}@M7{ZbnATp<g@Rbl&DOWmwPMSsn1NA>3bGOM$@e8UN;
z_U27W_g%7<T<V7k{2(rJ-@!wB8>nZn{6gKjKiQb8a>D6D7f*8$G(8&+FTa9ezM1ai
z1l=i3S6hk^n|v`6WwD}Zy~wikY@^wzvo&2^cbh~YiU*)&0XXLA4uE`j$jU#5b|g4-
zJ#m~w?A?!GOn-WT38m}=2Ecb!K;o}6B0{i|7yb0<;SI=Yl8jpJ*FPlcq}CCmKuwX7
z%C^-N_@_p3X!n%Pi{?ypy4B}dB}r8Uj)3BWHB>&r++HhX4}f5}$LeY!^4ClVYPh`!
zZG)mq6-<x`fjL0pA(ynm_j@Bc2bCL!8_ap7R9CbdEq`4Kr2IQ#g`)6^u+1Ru346eM
z@b&L|!o+eEHrti12c<-p)5mE*SZ-S-(iZKsMpdgqedX?Tn<s10Q_nRZbbCc?Cwi?_
zdzfeegV-_pBpks!;=yitTdahh!0Djs8=niPi0Of458dGsAD9Fm$5--*rR;woBrxY^
zJn{2`gn!v9RwTia+BKE4xjKW<I=-Z^PFH+ynpmVc7qNEBt)e+0PlKl#9R#W=`aS)%
zTUC^kcNf$_Tj2TU{c`{yAoW1ZKn#%J{Mbp(0hnq;1m^-%+d``v_9;CaR>IRGzB%-d
zghifI%06Ign6zB;bhti!27)BowIXSWxh$5~RDXr}jp>50@FBfSpsLsdu;8Gu49xn-
zu*=}LybI>|y$voB9yhjl17Cs#o^gHQP)t;IZ3ZWopTMbb&$&jQjbd6<mKV*OYdK6A
z2}mUh=2zr9(}9g4OF$YReWcex5PoUfimM}$dBSeHR>L1)a&>bevX{}J1P*I^p_4!H
zTz@oU1M8dfB9IZG$x(k<wI;CPbCn6-IW_8eIL!tbt@;lhx&2JnYFk<H)wdS-Iqmya
zFMGSBFpKM^;tR5t85qZLtZ;yF*zC(Q>+<}NY_<Rsj9k3zVDPy0#Y$1PN6`&WKB4B}
zin|}gFBoX%NNK7_PY+Q|%RjQAX=pd=rX+%K-p|cc%nvYxOD2-@m>N&6lt9<ipK=l0
z)@+cRw>_<!!WNgkXa^#HWxkF5d(%yOOM(9@I8-ocz%&At6#{g4QUrst9YYa_3>fuZ
zU*ybi(`|rI0K^{BD3wLO$!hfu_H=IY4>RIR_ow<3{tJ=e4UX|37)|bo#lpg$zj{CI
z6?BEDz>{cuV5lL=LZ_kjLxo;V<#@b;V<Ek4>3>#;jp92gJEM(%)Dg{<c8T1jK04TL
zf?cTPhER73J!EbzMjQnRc)ty0vJoa9CZJ<a$qxdFth2%q>TxzKCo&tQ_uTRf!wpwW
zEoJYM3z(w*QKWo8=*H0I@q^`bo!i&nFl;Ae-3$Q*3c?<0VUIVG!=~NPLgO(6`a|$l
z48j1nv$EiX6WdOI{i*o;IfGIJ`s_0=){)ct@pHTN*-k|H>CH)!D?xNNLq9i6#%(v|
z>2z+|PA+ANhr1erS7{>Gy~9Vspx*0BYYPX#MXihN4w&R&fuJ-n{v9kkWw}r%w3@!W
z9c=*Ix%WkEuw4sgnYv|)(QVX@9pVv4N^IjN|31UOpt-?+Nn`1{oasV`mA@$AD+9e)
z%5QyAkL0rV4yPA69rn*39F0dQoO*+5a>ptJIPF$CZeRCq5;<QSn^j*QDB^mzmYJ#S
zYyXem{QTEcgD(Eht`5K#OQ7zg>r0_GZfYtt+0Gj`E1YStu{P^XHCH@M|6G2u8+nm4
zkEX9kv^P9|EpIO8crVdUN8HpjF4xz+5L|wJbbnDi(>t%N6I@n?z_wHEuxmA>94Y}v
zb`$<^e?s}BaZW48GqHF<K$^ez2w);A0fu?H!3n&OC+dj>+HEDXdak*4usXx=N$^Q>
zcF;+Uul6~<f9JN-Vz?UAUT=kK0qzMCCVn@|Y&W=nFs^r;*_v~Zua2}>SH{`R_~e(h
z$vyZ@WxMiD*lqND%66AK<q#u9CHzWPZL?RD;0)p2C^2bHui1WIrh9zgHeiFm)7v!W
zcdUzN|HAfqTbD~85j1YKX^hOQQ=4PkhcA?^q2+~tP3kAu!DI#OCwIK-H0+^xD8M_M
zexhK1`KM5sAIhLTW6AJrt)dKZ`@zzX71034hWqikLPbSrd4PM%J6#&_?35J!L`=wj
zr@Gx0z6!sA67mXz@&RdvSXZwur8|l9V#R=DcNE7-`p&%kT9U}#8s~t0H9%F6&>7F0
zS30+bahFl|g!Nv`zv>;X_pAn^$#&v=oQA!BWb%x!q4yeo5d`@3Xu7b<7A60ecOQuu
z3N>AERX(s?OO(Lhx}5O2PN@wZH!8o1>kg%-?dr-W51p|;RcGua5~gWBLLrEl%;0hw
zn8l=~Rya3plSLUB{8StAWu>!6t@ZsbR}cw6ftM}y4Z|#Q$JBIu#r>H|XRrhjNRYdK
z<2Und=1^K)Zy9lX{DhbT=-3~#kf`YS9^C4@e1Se)whj|qxwl>~7`dHqXw|O+DNOoU
zoVF|>ejDr+zMf#gZx@mAxzo9hC{VA5pZsUzH8U@(N8(iB5KbwL@OX~Cw;OjQE?{?l
zn>mSE`6l?Zi2QfhMIHESXPFkC*E*tqq`Sh-ofOn60l_o(S-4TZeoc5mO*XMEt}OlB
zO$yB+?eBWYxQ$F!&$8oEq3Z7mAEsLI;}hk+!4x$hGN#(KS~h5Oi{l{vn#q5j!<#%#
zXUmOV))li}qQ#cwT+Q~oJ!ykQ+o7WzpoAv6b39&KlNIE5p2QAe`RO>2rjXiy&26_;
zxmltTH6sXOVxEx_SG|6*+(6DB0b0`?9o3)X{T#ljw8Vi#6xS5(HbY46{U!4l&P047
zySQyn5^plDkP?lWcXXi8GOeqe>-Gaosnk%D9OuUi$20=I=#xPx;t15PCpRfB1T%fA
zxD!oyG7Y2{Nfwjuxl|9;JIWA$NBh;#+b}+_ks-s=Z{<1R_aFL`i)x=l+QT$8btehq
z_H-~{<|q0&8`@dwQHMvmc@I@?lzbn`q8r{gDEOR#JL|dgA@uD*C?yiK=)-FrSjq6J
z8=Hd;C_}zgrHV&&a8dVcif0J#B|Uqy36drlX8QM(&<Gr9Q3J0J3m^A?N2@P$zXU4i
z+x+JWWBMRdcZG@Xz4;=CN^?s720)zXbS2~2#{6+I;kwI&?@>D^LW?zcdfaVdQJPur
zpH(WQy;omigePsL+F2LFXS#1lNbm_NAxaj^AnzSbob~2qTFdc)FRekCBZ%$TV;z&@
z35MlL?z{FV<JfZ^ljTW&f8guRNLj`ombh0$4b4)So@4RmdzS?)&dN$KjgGco*8Oo^
z2ov(xZHi~?btuKaZkwJ3K-UfLN=@sfC<<fH$#yFQxvu<0_?y9m*Z!ufJxt#6;R^dX
zxfs=Tq}tJcSnsgsCTz%wvClh{#hcwqH>mvb6F!IKZ|5jUNLG1&(fl|NW^zntHZn*t
z&MG`LkPZn+dzw-0IX<i`uAFE`bxa#gO<%2b(6ZF<n_m2}w&bFW7s|$$chhH^{}zW{
z-QI&)-CKGp^I65PMAs9?q@GXLxzn+Ue-y|vUWy~GATPZ!2z0>asz?X}Y(o~Ic(}8+
z|GA+n%IG<_BpKv?WhK&dmD$;*i}ll5V36G1{O8G&wQqC$E;BV&>#*!^&wHd>Dak1v
zbp;1{L_B$ZHT_{Dhg(ZaL_uSr!R0CvDM-hm=;EihD~TevR1n9Zm_bU~o`@lS4Clr6
zd*_tIQoACf69m)?_VA9`{u8~fxT%B48@a47R!2Z9U6l%dnBpafH&dQJmCUv<>94(q
zJdZgtz>P{JBTnY^qOy|XNN)r89qsJ>=a~%s-vS-C;?usn)%!C&l3zrQT29wk39Mj~
z7kELpx5w}YbM=g}`kx?@Pg|K?W0J-~phWW<Mm@lVg1?bdBv|4JYX}KSD{<QE6Q`QD
z^IvbJs5Y#B=mqCXXA>`XQ!1;;?+1@y-xh1^ktMJR+#$KP<Rq7|e3r^#b2y@#s$?1-
z9+8$CoXy&=AD>XBX)TI->d2Y+MR6=05EFEwWddgY<d-?KPhJ%sj8ZU<v$g*Y-E;<>
z1%)rMd&FJ(Xa4QwctkL=Y0C|cQp|MO1IxBq<)1Wvy5HW7+Gq+3NYOM+XMSLoBW8pY
zqDr<Mz{a(hYyc{jYcgpJ4$F94`_;Rt+V{>sAp>jLQ;5_)GooHI?eZ@xXhtd5zW9f@
z-T4BLNW=x&aJAP->x{9^raHsaonSUaM3griNdoE|eLIeHUri?kYRc3phNE+V#GB$<
zE{^wq;;%Yge3SRMu`xM=6iz(CYjk5Ls_~;G2z>cJqfRJMUAkZ4__lm0kTL99h`rKB
z%Cn=+euh=+hz*Al7>N*%7)R7e{TOh%4Zknyw{5${{#_N_@^{XpCkEEP#pPX?^Nclk
zXywsTZ8QUk*(`2*D|~S?(n!O7d_3)b76LGT97R<4FqpdHeep1GdKTwD*D2oLvj`~K
zmRu+D9x#aVdFDkH{PWovtNs|Nmyd&QSWHF$63PU$+a|G|I9qS9d9t2)SZ~TOGC<XM
zoL<;;ex5z8r8D`QnnU5Y#=@kSjn~le%#=;=PuAuWd6f?y_464Dvub;IvWmPKS!hgu
za6Jk)P3eW9T+gekxRBYyfD-yLx^QCEt5zYttxiFh#Q6L{f@k&}fLv+8Qlr{1Mn-~U
zxL>O*Z`<*{mo5c@kf^AFqd*n`ysxe|UB4=fiAanN>FJ2<CCZUF1>SpcUv?PuH$$j0
z1MOz<JpFxIqI=FipGo3a-s9|d8XK>FzcXiPBCP+Cz|9iQlJ^8u(07Fu_&oJO9wg@b
zsxfIL9H0KQZarvn4&@V(3Y||jbkTTe?}`6sW*EJVzL&RVvdLswmhcYO(Y%X@ME#&5
z=R+20LoV-;A+NiF5QU{+@!{-++GFe^qf|@SSQG!cJ-DCL@<)p<fC%(2pg|0O>rl|v
zhOsvE9|$-h`IPE{J0pj4*l6ai=2G<NjJkcpI+cXg5h}<}8q>AZ85gFC6Xb70_0KPS
z0bPY7M7+1^`)q5tSKr~mWOsOkPkhnBK0BkX2!1S6tLWD*hAg!TQdY*q@6bh1oR=3Q
zBzjYgkN3^=L2414AryX-T<3&;c#iWUbC7Mx@*}-mF$4cAS-!v^(}ubRj|MHt63yMu
zFW0>|cVH?MKn2ig8}iigGYYi%KsMjm=08V)znf0thoq9b@1eq8pf2tRNqR2sqY-Xm
z!jrMoBrZ5}@`U^F-9h=p3lplS#DeUv6Fn2mJYO70bAIYmgfyUDOn2UYY-~!p3!r=F
zdc`nde8C<h3|;s)ce#*P|Jvntu7D<yO5pq7ToIHzHhQgTMlJobx#eANveByKxY{(g
zaax!!Y^tanPmg!dw)$V}+*6PzQTr$OvTdWwc2$>c+qP}nwr#t*?CP?OU)i>6-~Y^9
z?9Ro;#>7U<Ty#W!ZZlGUC(rjpKKXb(dNbtR^(Y9v_8D08g`AGUPF3(_24w|PZTvQi
zfTEEYy&>7#qD#C?7Ra>yyRtaeKc_MA*wim$jxa>^j55t1i8`O61TT{sU*i7`QbS38
zM4P@bH7hgSe-p^p1`Mr+M;(LNC*bz3bUp+tIf4m7JPTt^M)h)kC8C!rK<<USVNFsu
zu{6n0TKWlYaI^y7{jpm-e!?%_`o?&xt{1J1OL3w%{P^g7J4CNEU(+JvpWNAK4@9C(
z;jrgNC?5Kutm+S<U}*e17y3SUH4*!js4%;1RF}?n=mxY702Ao#gL<?Ke8QxBw%$Dc
z>=!5Wh89_tSXK#tm}CD&E=Z>v7CVLHVINs)GVQNqb<rJE0i<iBbLF3Pl9cq^<o4IM
zPr=c1?b?J0N0I`1HPt1WobzJ%AAKuD5ECTWTH<_?k1G*@*Qa51oYv|J7|1tXT@C26
zNyrt)pZr9ko<D}I0<*Sy%8XB$4c5ybcbtXr`h4i*wuAeBZEb+}d7U#&F6|>NBNGwS
z!s&c5fnJ)RMG$8OYOcAUyR~-BZHTMvc0Ix-`BMr?Gdl<trhC*u{Bz&n>Hq{QGj<ek
zGsBf1<h%Bbf7@KUntFYDRIJ*DU|~8fzef6FSzvXzA%Rxx+?gi4p**7KB&OvqC#uTr
zQ=~dKJ5nuww|RVaWXzO4U7LXup1Nj))3X9ZZ48<FJnhwLUVBueay|AU?51<Tw|X4|
zznp;+T)nwMj_4Ek`psckni;lokMuh=RhzDcw}`iE<Tf*cNmAiI9%x&8#i2)m!fJ_5
zxxOXTeBQ*Q!>OuJ<WI>t5l&CoBs@<I+DaRo`b({UmY?`rb6A(!KZ$Lw`CeMdMX1-?
z8#znbpFE_5?=rh7Rjg<T+u3Q~BT(yu;%3}|^^a8}2)OcP+1p;0y$%a+E|koKa9+0I
zHO9miW_0`7M%8m~RM^x{|Gbm#=68c+uSIsNPyx)&#wp?z4Sm2o64a64340VsA8gkj
zrorTY_3DQ$<CsCK9zGEv)^Bbol)rSJck%NXw+TBTGyL9oPha|Y8eUemX{zmdXJu6&
z<*L3;M6CR&*qU#^Sp(QUBM($MPV6&Y%BTTRie9f>!mI>cm<@s0NMC<(&%Q?6w=!av
zAM)Hm^gZ9;<Y<pdRTMH{P+L(uZ2=Io$2iu1USFm$Th0uXD})K!R#0BOBRMox4qAyu
z3`Q=BBIp^Fn!5Z@qwV~qJa3PRdOtTiwQir60KIo3V!v-_JxRL}{XR62E%(u`coHG#
zam0QV{Rk#vS@AUyE#SG(<=0tSk3ko`CI-fXzy0053_oYCKewMgt&3jQ^?|VZKGU>+
zAC&baO0E;nrLKJ%`>lj)IQ82ErsBZBc>PEIMHySngQ@LXqO+!upv2ik+#YY~8r<(Q
z5ypmBuZ<6Z06xOCz5sP)Y8fAqAXCD4SAu9$Q2|jw&j5HMP-Mz@fgAlW*_M;o{#cu!
zv&RGO5BY7+aCJPn^=0mDD(*aIFa_X$goPzS57lSC>6)K=d^uhBcBxCC{ea<bOseY#
zl6DM;YnDR_3~cS*Qe!rMa8{NCy65eZFnj)K)L55ke*6yXe)faa2dk}TP}tF!<8fJo
zElQ)+pp*d-f$pDhuLO(WJTF6|b;Z5g1M#!@W!PBmi$xYs;5Hn@&Jhy=E_nWbXlz6V
z4|W9@#GJeHKviCTv&Y%=>@c?o*5V>(q;_b<*_r*Hv`>E$U=)hShm^FR$lWtsq4tN@
z;s7!mF#it{H|Q0gBfI)J%w(b@rYnkTL>}Yp4P8&NHl_S~!v9QdhE*6%$r(=2suR1z
zTnc(5M&*KJNJoK<11|#%M1IJBtK%4@7ZIUL*F9;mB|6(QjmLb{Uk}3!Drc7@;fYpT
z2H|kG%y-7K(+s_rpk@20Ss<gUSPVh<(}vW^9f_p-B?6*_D8G8ehQ*4WBCZTo$L_0a
z`|77IKh_Rg)LRk8vMI<2lP~z^G}gnf82gei&)%*s7m8qeQ6A->Bq5c5pP86&f6;Sc
zh*n8eh+u5ulfcmp+5j7mH6%T)+2K>qhZwB>=YjURd`1M~-+0w*VKy2=P7PNwt#gce
zuu-PG7cy+LuN$>5GSw4RT0Wr8Bv2b4eWKp(5i%#(?qcqKB&yB{sgTB^{8Ylmx2Or)
zO@m#l6uf*yh|t!yrv~MJ4|(so%>qEm+;iDb)TLYz88Mpj(!fRKy8V9J7nt1M!*I_>
zye0{1)UgLcj|27us(;FP3%z^5O#R5WAk_^O+}mXTwt&84?Nk}0Li^zzZLIEWK)LE)
zTSlXJ5ijMJBXxbS*5z+YwdzlS7KZZ8g_1U`joJPkpQ+I0_gY(jI->47%>ZaXm%oe?
zIo#m3ae-)PR<rwZ#K4B30X-lo?x>7>sRA#j%0ayWMh?>P(;w#pk522k9#8FF?>qGx
z6l%6hDCz%8-f(c%nxrow5in~?ZdA^@her6?AA7{j=bt1+7Mb_FEghgg_fjYQ1s_ZJ
zP=1C~9+RrFCW%OaJtWCte?X?Ks0TVBWtHNk6624lHsq8Ohv((Wax_0Vn8@u8HMXjZ
zL!&gsV#0F~&g^sGV@B<Dshj&In!aQAXrTT0m;dVNlDoLs?PS!TWiK|B_$5|wzJ8Ct
z@a`vsYmEt!Mlm=yCp2oQ=<;_^KnM~VQzrW9xL=S>=z<7=KFUjSe~iCy*mpN!_AjS7
z`}n!k`P|&$Jb>SsQ>D4tEW)VKO-)RfIV2f>sH&hRF*S(V(qNQ`f*qPE)v!fH3gZY$
zC)VzX^ecF%%BruRQX=8s+d<(qEtIn<JpKc{GkL8OFmSDy=Yf00I<XogMF`@MIfEAB
zN8v%DAdg1i>UBI|f7;~45$}f95#>K+1vxwuv!ilLnw%2pgPLGCBEca6z{NngcQt<1
zWe)#|zX36ywuo(|66P(kn2*<9T5c=JYVsOsIQ=NIG7)3J8YAEgpYX2?;w;N&UkSu2
z|BHDE`tHAf>zdB+w$WM69pgXQTAh08wviu=CpE|(9S0dOe`!Y&A`WeG4WteeDT;0@
zLTgpo_%dJC4P2`F>Z`UbZTm^7QkB*YLL(!xP^@gT(o!KH9vE0x5^|8qle3A}XUY4+
z;(pz8a!JVIW`m<VTB0=j=_u|#!`V0c^-XZXq24gs=zg;!Q>n6}Mu}lhj~1o=Az0g`
zLhVXj8soy8e;GfLbNAf#e5WIBN7`<;ebK1lbKkbfSD4jGl9kzQ59p2Uy#XZ4m|tt&
zc3X#w$34l&$!{(<jR_SBph5hlB&q=))<Ws9%ZZE2xxTsK2du7gY^-j6gnxg3W0s_l
z#2uW{K)fC%%iGPIloQs14V>7oJ;&$%vEinOkG<Wwe>GI`1KFc1kOse%s*u5Oy&8*D
z!gfI_Pz^cwZL{&n)VW$uQL$WAsq#J|L;fYa*y7i2I(h6c9U#x&!|{E6IzBc=LH;8>
zx<4+vtqbSUlAM*<kH;_Tvd6mj$=bS4i#}wsmxWug-GORu%usi+{~JLG%8D(&>Vz2V
z@WHc1f33q2bF)qV@&@p@*5BWspAEs|VDPh|uIKr5QCvR5lcAk{Fq&azzEH-I{L4^E
z#53^h!8{`?+pw)C`;3l5@$wXSs9+?8G+A=tjI}mXP3era%~tV==l+dKOdMcp<rEZk
zf*i6poa?@IcN>S#{r%#EcWf1KG86l=_-f*3f6l&lf41Pshi>VV`;}lDN<>=aWg*Zd
z`I&uPwBn5KWrw3l6+90Tpq3>eDxw%-+3DhTqyb1hsH*nH!seXV6As71^{!`u8^Z55
z1wOJ02(yH;%_w3qb4<TVmTnjLwT`4q5(2g<s4~&P@EtS^%RiEpE7V>xm)3JgNG#$T
zf4UM<C<bhM2F7jQmpd~<pQ4meW?3_8Sa<Cmh(uH>f<q1k9R@8#t0g9(*_RfzCXTQl
z*CT6tfpEBTb^2`M+grvbt^-3U`;}*iV^JG1c2IphPz3{FNEDJ#z$Rsl)AD2uDhCsp
zf<g<qMe5{+a<bb@n&%tzx(E1GO@L)4e=OSg>$VjlMGQ)Cr24cB*cXr<MqG*pQoEdF
z<x17@=&OiLJm&^iGR)(OcQVaylmcUbMbpzX6=v7L2L+Pl<|r*49f^d3zD(#oE(#A`
zIkuX#PAQ@`QDG8xo-2HcA56O9N-~IpWM8vP^I0=rAz_#iW`{G^WFss^HD8TJe@>jH
zLs3N_Bo4N^9n)t^;RfJ0Xzf4}r8&|n%NHwd6$6bss3`l-{Ur}Y67mzE(^pZnJuPlJ
zBJa+#o?jTQR6|M=8P0j(bj7Y;u_y(Wt;G<L9V=jkGtDf+5K;h`XQo6`VTW391aiC*
zrD{W5TvVBYSxM6M2)#*rQ<g>+e?bw033hlP)xl^`r~3{u3K?RFNXvimy~)7t(IN4_
z(l#ch0|!R67ldj6J6qOjbXKc~AT2=+C0x(Y_gP{xphclmg~Xd8pO>b1=f___8|U!`
zdcT7Wj7~2>@CEL)pqp~0BW{l{V}vXP;e@d=$~qTXf-jz_jKq#rZ?xPdf1Zl|zDsAS
zFs3VDd)^dx@P9+yO7{;{q$;MvZJY?yuU@Y3K!;mYNi&`1fVbe58(@wNonyQ!jZ~{b
zs2nj>5)C#i+5&r3%?X}O@HzKypwAJ~Mo6zFPK^pzr#HqCtL*8a1GGfjPUc0fKihz%
zl!Qk8Dp8{emg<`glp-Dkf6BEYJ6#WQK`kg6DOz}4dhjyy3Nvbqu-#l#M3b#4M96x}
zu+3#4&S=~RD-5qy85)k-UxA_~RIEnPYlXgvBVOuvoAQ9efOQ46alHD^^qn$6wz07>
z%N6I`Xelt}NPckl+Ex13xULn|{+ZORqv>r~C_qi39*ha|=in!%f6o=N(I(Dg1XMZ5
z;i7!B35@0gSow`=kdZXo_GfW-*P!wY%jdK(d{BkibBdkxs0|O?Qn<Er5Q$m{mwX`2
z)<amosM8n8mJ_OeD}y2}j+IzLiHV<W<Zu{FNvdi6vJmn7{0Q=EZDoVY2zKVA_0Wh%
z_AqrmQOgQT1gVHcf3v&m2i^aHy}}FWbuy|+FYiVg(fxdhikx1L^mzDwdwaXS7Te(^
zj~8>3IWs*qA!dXbZ2}!CSh_admc+c=!T$^Gc}@GY!@CmF#M7{DtTrX+4Llxo3@}>%
zcF5)A-+gl3C0~n;M3gGUYi>32rV;hx6I!9B2*n5|Qk=>xe;&Wb_hX#Xju32GY+DZe
zM@A4hEW|yI@MM1kRwGT+UjBx~fBIV=yoL6HBMr%3RVLf`*UaUX&Gt}PD5FdQ#D?rI
zjN`~3H^MsrzJQvP1&89Q>}s~sBIEeU$#1St2oQ;KmZ9x!T?QYMen<k3g5A!$oA)CW
zb1f}T68#V@e|S3h5KA^Mp*cA`I<V(#hWY#Ie4{*kTMeYYV%E<ah3Zro$BI&oe!eg6
zkdTnkg#S5@M2X8-?PF^>?X&|snsNrYUoxPE>#pdS+?b1`Q51}FF$rrgzL(?97K;N-
zw4<YP%zoFjtNQ-<XD-K2vAFC!4~91Wl>Ooao+X`jf7_jeno@>O&(1D&F?H`yi`|d>
z;6zbKsmz^h(S5!N1wE*hLW7Klu_WQ^9fqLeCP`1YD?cWyb-JlE5Ni@?<p*)TjEgIy
zf7<Bd^6<wJQ0QVigIcLWfag`eJYIY=CuVdhCkKGS!s8iPa?88AqKz6~ow!oH&h78-
zPtEy%f8M6^PI^wwHa1{}>hH(30#!5&?;k0_Sw=7WZI{^XhioU4n&`Axu#f+9EqzW^
z-`~9=M~oiI47a#hSsypTTdA^veO_Vpf9F_Oz8x>?<{sMhB&$ylhbl!n?5at5_XhbN
z{3pZJtpJ8R^fHI)35!VD<96~0iWom{%yzRNf50L}jO5WyPVy$(T9q!h2XULp23^uB
zy2|~cmOe{K>`V@2?~_qG>Lw2lmu~1L-}RcGW6Urw0e$-Xw|{11rw+@*supD8)vd7V
zKf_keK~k^zT1*czAk1g;_GbOx`HLv~9dp*>;^G((;IFtAYkJDi!Pc71XQ4OSe&`Ib
zf64lKl8e{*%JkpaB7;8~KVeW8J>z;fWm?Y-wbbV3=kIRvzb<>kSBxeNVh{QQL5scJ
zZt^la91K^xub2siKDfo_luxj!)G`@T6%B{``{4nf6UFg-jcVN15MUnPZzth|pXrcS
z%ElD-3=~>a)B~Y^JV#R{>7dpfC!YyFe^1o=-dp31gzu5X{r!J9>UKKrHVs<`|2)IT
z9KGKL1!&u^e-D4XY`+kG_QZ@4cz<fYT<sL!yg!;hw)Z{c5_UW9hjgQSWU0eA?2ZQ3
zlPOc7izaq`e18!39cNiDrLMjF0P{$*N^uP43jHr8#{d1jBPsuHy(9nY=zzSAf6Z$C
z6J-hiNAJjV%@|Wr>@j~;*O@=oFIT<3UFGH3nTD`eF*brw5wH=#U=Gks-4?6^U>w7A
zQKOgwBw)c&IFgJwA&`<WBrp-<6~<!`un;NRhGuxD*Jnp=fUm7)^;E={rigyZ+y0@?
zWM`+D%B45IC%Ve|-H5o;|Jw9ce^D4d8(g&C@D&qmwe=$Wo}Mo>{VO9s?A&Il<I({)
z9@i;IzZx_3<PJ_7D=vQCUTHLZrhy5&Anc!~itESIVe;h;8rJIE^PzAC;2lx68PEnD
zbD4^d(i*aD##6VZH|03@hDa8*DHQ3UKqaM6L^RV}aJejg$j?~qeGhkLfAV+kjEh#m
z8oIo%rAyC>>(ZGS=9t(m=k41gf-PjtEC247SnaP_){0Ke;ETF`WDBPBml&WRVT6Dx
z0TDYIb4q)~@`vZn*niaS=x6o34lMTdkHP}?`qLjR0>+P$vnNkds7E$AbhUoo{DIxB
zvwjzMyp;erQ|U-D_9Ehlf2<9YF)Y`}E}tqHSfM|{u1<1dxxL^{flzA;4-kMB?h@><
z_u_(`2Hc1dBoF3DzYLhJ+5B5N{O|HwL2YDa8Y)$$^Q&}Tn(iv^*O%8dTa;yu`us)D
zYG1x?H3dGDRerY~#0^e8OE;n?pwxg@6F)SLb6KvD+O%t|X`3I1e;j1|{$`z{;?nqK
zQ@@~NM-(DNE!e13#KRP+Ttlpa9RhL|*pkq8R)=Q;KJ5yiITWL59gm`x52OvG4LB(r
znh{&#>S+FK>*EJ2sPnivb^OzKhnq8~L7)k=7ldTMx`rkbMO3P6zvsbOcH%}PBZfhr
z94fm}EqhO5N^V9zf1WNSA}Ceg3!#Zgg;D}WjJ6v@n~0lBnNqzhRmhc`K2p1@0s-5A
zv4C_|Dq7?>z24Mq?MHB7lEhLPK|{VJa7_BUH1I_RM2*A*;VeynI%Mh80lk`~iL?lC
zy^jH-(mqYB3LR3Sz!H*6K3$Hu%YmR!$403_?r@I^RnGHQe_0jyupioj@s3E>g)j)o
z<u;E-K6Aqp{%QMM`9>}O@5wexj3g2}7^+b-z1quw8B`%sRm26S4Q&m|OQ(omykA#%
zGK~`NyNZe-%WqQ!Q3dcVqf{kZ7RihSEiRFzi-2pxW_k-kL!lbkevtxSn-xI{-KGw4
z49MT4a%iThe+Ob8T}xx`QSlvlYk8$q<k5_l0plPt7{<0yDImnKzejM2lTk?%fzOmO
z^GcnTBL5B^_R|RQxC1M3rdVbFO|5o0w`Iprlk_3X1=qkQmgpxhFqXk6Oa{swK4ldx
z$BD^ZXFu4f<#Pz*gUG#RwUojuEm4%g5zk-+hEswre{m7;sMrTPlGVn}+=$}f3RV~)
zPQX4y^18KQZomf8s~mj2R4chq)ZZ#-UKuzC8*7E40*YpXsAh>-F@ReMxR}sME0I1=
z;{4vZ%(Sad?imoXBttOTCmO(tO#(TSC`p1Mh8(BQIf0Q}I|+n04d);h^dRC5QAnv`
zv(heWe_Uy3n<Kgx=9&G4u3?R=5yKuZq6m^q?vl0F-FX1K!2Lbp%Wb~CERP-k{!E&S
zLuC_o0Fwe%Nvotq3I{J8=1<UDZT>fG*Qx=k65=2@ld@gF)C)BgI(^0~d_@aW9KJxN
zOwigUYeDD2eHDY7ztTMkcbNsY@4=Can_&0)e-p3TlG=^h5WkdFNehf9L`(u!hzLsv
z`psqrULfy5Z=rfo*9XkdI7bIT#jXLu_?Bl#W19F9qK0P~w?q}|puO16xAdoHxqN6g
z-!-=9XodIn{B3iBXN{Y1KM=Nku_d!Z!XN}M2-+HXkf=mdiZjF|tbk|M8|BhKoyk(*
ze?Pm|*Y7t2w(E^h0Lgx4jEq0AWLE=0pfd^SiBaSJ*wU_JTit%9P|G(|VrUcm**7HU
zc#VyLC7D6N!m|vU!3opSJZv^h`4k6<3gie?@E~EkH)i=A%KY^tss;P;cb_jW+h`$y
zR#GB3;ytQx-Ygz)GU?7I^X`N3q@+7ce|0eB%~^)FFAEZz0zn0?6rdD<0#%7Lh#iJg
z6F2__K@OWR!}wAXeJ@6(X08x-G`HhR`{@jBXylUgpD~Pf7EZ7^S*re>Gz!b9hvM)}
z)$~w3WgTy8Y<zy07!}SYEH4%4bV#(cfU8zLEJEk?M3x2nab{nWFo~T)GXMuOe?XH~
zx#IL%3-Li{OJX}Jq4_KI&(DJP>p-+)Mf%0awQtm6GG>G2m}N4iJ(u5qh7;1`ukIWn
zDo)B{^9vE;9z~dgY^vDUdHWSjk59>_2H8d|5*I|&cE*kJgjKLyzG>H3CHAzz9hV0?
z0v{%b69;(XuE|J2hO!(|4cHzvf1$#Z0@wVYw!a1PbKC-TzlHv^L7&C$b|A29x-+tK
zjt+>wG(WrK);cGrj6IzGE?d2&>In0i(50C?=EmF_&P#8qM}YL$Y0R-HGAWn!*|;E<
zmd^5{AlFwpjH1^}N+J&v{!qKkzWB{NIH?JS(w<;$)CtCJd^Qfxj^KLBf6@7v4P2WR
zi$5|p^Mm2<!TAvm?z7rhgFP%tzOrmKB=*I(zs8Yr=vaPLz}gsEut;=oEJjVQB-wd^
z-+4ioV(p*<3Nn$(Q*0cyT+YSwhvTdG##tWgZW^|4^4c2F_@{yRdy4n6>nZp-Nh~?H
zQgCJT&8v|zMUEr|v$^rof4C{7l1`P!*a0uyt!I1@@hycy46733PDgO=Qenc9+W7Om
z$liIIhHtqi$4z$z``}=UpXEX!7oQA{43~!2dw)|NW9L;ZjqnXpbIsIglhv>*vNfmy
zwZWrd@tpmsFJLTW5|g1L@%_hY@y#Eoiz+_GqW9qAz4%P1ys@q5e}|pzs%N$=u;Ggh
z4_lf0nX)^P$t5X4RFGL|8b9NbGyiL1*=v@^r2bv!v(I8yb!r`rpGC)Q(Cx;$c+nW@
zsKKXUnu)@;lu^m-NI!hAltPW3YPI7gR(-c`!MOZEiahrP{uyLSf5cbN=;DniOUkI(
z+ml!Wx1QEF!YWU1fBR=WQ~e=ZF!*)is5@)?#4i{C_*s7B!DOO1IE?>-PYV9{f|M2o
z#KO1tX?2ir6|Dw;!<Q<iUQ@G>+5SI*A0v>&|Ngd$|NQgM|M}=8{`u#hfByOBpZ}Ba
zB>(fzKmYvm&p-eC^Upv3{PWL0|1$}dfByOBpMU=O=bwN6e@~&B^UwdEjPn0q3j7)W
z%YQ5IR|k0u2LginZ*}w*JKLGo33#gLV?QU)#$IM#X6EMX9}|4zpseFzDmp|O8A$<+
zA{9!?f~ZVtfl;r(#Yf>p8YvhP6qAFH7*dK7(A1$g{UI;~f+!MjiNiIAJ=wBm?iAU+
zGcxioE-yV}e~8g4iWw#x+(T96omG8PSA2cW?>XMr{sBMk%0I8XUmPD4^v|G9&g}Uc
zwLkJ8A)CE5&CbU-9)C<kn>$}l;Lk(p#?Q@(__2c@>rEYsiVP=TbZdzis=0vTb0a~H
z$mT+I6@eH4rEB)}Tmg^UlralVA;njzkNJ}`LTF*Qe^vRwvZPd1u0gpgQXoj7bcg6C
zs)R(y_Cl<z1#jq}P;LIrVY_r;<cp~uJK&qe7B*Vo##j!Ys;Sn3dY~Zy5aH@tD~Lh<
z8XcQ9cRK-*fbKk1Cjh3Mps7%rU{1s@tuiBQsCIwxlkXlXS$AuyYgXrt-lUDrzA#og
zp+8_He>Idx@x0`K&wY91E1ysverXb6PdPtEc{*$9rS6z={edQec_65v=Y4yQkxOkt
zhH0DtoOGNC2DdP~pW0uh_H$avvJK(^_ecflfg*5da%JP*2Yh_o4uqJSZqhw_k_(Ho
zmcuMg0U<U*!{L<C>@YcRKykA;0@{r`;0?3ue|J~Hg_|!aewTA*)_Ki}CDuS)5VyVp
zX~<QhLI!o;(98PYzb~}xZAQw2r6~_W=YXX)ps#8G3djNe+MmXV9zf5auReF<p}ZJf
zfJG6J@MLi;dfwymJ|}UX`7CvYC)1-Vca*a?`r%>$g9|h&Hr3jQD|iZm$MC^i$~Xa8
ze`+e!{Eroz97rG-ST++1Ed^~v(nTVg1;y>$-wb(UBG3u4nuhH+Sx*pVV&};1IK+5F
zD8Qn%h^puUo*R6rh`?5VlQ3}eU1y_Ld;(lJ!1*B+pnolPY^`_B)ZqYiQI|(SA$MKU
z6~DpcxkA9X!u}!_^aP3*C}Ga+wA5AYe{tkWLDiWHCpwp(@d{b<_HS3yZbnc9W(4)a
zi1<^+SMM6#Zr!X#22@<o?SeR_B|kgr`F1H@zu<AJXo4d77dQY82$%>EQlZR&<+MA$
zdnB9Q!lM7!eZkjqT>VaQ?Z2(zu^oub`86dgBIG9Q%rE@p+Fo2s0!jz_S`OTefA4?}
z^b0=bRlv=M-+NxaN$;imxw3XW3eFiwz~(#E<%1TeVkb99?nc5vab@B27)&gFy+H|D
z=21-X)>WjKOR89MX)QM*Y<1A7D{*Exff*PNENEeg1|8HOz$JhpAO!)+nJl)0rZS@|
zJiq%LsN~7r!wD&i4+0!A(u{D%f21E@mkbAsvS1WH-L{&70inTZ$Wf|&va$hU_(@$X
zg)1lR>kGR{$#TLp8+$%9pifG{GSmW$QW=c-0Z1u;3-WbfQ*pIFYGCT-Fkb>F3uGBb
zU=T=W9cIj4)bY^lH%tyiMG-LDDZcskH}1Q4e18PqVu~+Tp%XQECYpZ_e=#)oA04bv
zZB}moVzqP~`h{A9iQpkW0SutZ{(cqYU_fu#H7Sr`rU22v5Ng7~E~9-9IqwG>`mjE^
zDSnyAkbu+I>|u=6ZjwRXs|QM=L-9_=x{ZrYZ$uI@r6&wjc)uPp9t2Psb0J!wOOPG5
z08;=U`z6TmN>lWz&!F^&f2`*Wo3r{?Uh3=ZW9OTe$!Ff*ptP>xPd7&R;BCJOC1hGM
zG!_X+7vXRm+Wrez{rlV{P}laG4b4V+7rqBVEt=t=YE+}U^CFFw;~+(+Jnfzl9fcQP
zTR#$&-*EJK!H=K;zNb)y5cnxGA_NGc2OQ_@y{D=wncO!SidgKPf4BM7e;6GU1F8KU
zX!xO=MoD;_U`n(D?1CbQRj_k#gSpq=RL<Lk-KUq{G=W3zV(LKpqJ8bPU~t7d2~xg_
zPZVZ?V<;sg6e>dumhh5_45gP_<{$jL{pL|F=`pzEt+As0U-S4f<84R&LKWaDD}WOg
z8rw?)KC8c92nD<xe;3H>cJJ4-ED6I!op9wnfF71G6v3qV@5`&I7Ei$ERAJXqrLp9;
zTQD=v2;7#iLQzVfE~B8$y3Fl>el;bd9AORal`iTH{hp+U7i5-zrc8I5I{w26jD-Cl
zwgjD!*k|~judA>tkRvFtD*(#PEIs4#?F+8J;Om~}wfF4Ze~NIYSyvA%I$NXW-Of{k
z@MSkJvZ9sm6Eu(*3`HVP02+8__I|yps#+rIYK2Ig)8b)ZkFua6V0TR-g1X({U2pnj
zQXB;u(JGjcEM(&EOfhq%H|xz#Xrk#Kf_zpu2N0Is9_u*Z63;m1F6TsONrvJfN-?O!
zugzko=BhJvf4!gW#UaE_54OjLMuQ#xaw!?@l(Me_$F?=-!H9q*nukc`%|?jpC0^2a
zq%$OYiEMI~qL@UFUcK!?xA%t9gVv!B9-mNy2Lc)nx*!9BHh}A=2kH{@Z@COlTYWyT
zQ1`*lhL8XjtoQD8De!PVkK^_Cc|mRKYfsIp#OvZLe;^ee88uK<jr=jmtS6k{q?pjZ
zmwzP0_$vtiBAX_U!O^?=_RzX;Xz8(%aX(!XW&X~jp5|Zkp?9r2`CZM?!+HSvJ=uQc
zmf!n5QuV{{U^p**mHy`!Blb=1pV5jJN6nWLw15d89dugALQZ3#=lQV-gk!9JLSqg`
ztSn!Xf8#S$3Jq*4Ibab5`a()X;=&`dZtPJUFOkZUS*n0csSlwAzvrR(OzV;r#THs7
zrqyHqMnBDtgPkRvcgAYgs^hw1R(r|c=|DdqH%z@3j>&Bx{~v!K{Gam$0?hwtM4Jwp
zLblo&(AQ(Fj-T&_xG>{E&g<iey4mJwyV-VdfA~JymJ4STAA78LP*L^lm#Ve6dU;su
z`c(Ube^4Lm|HJ=t6nm@xJ?a0(5ah44^Kp9bj(Kr`P&0ny54|;^FW__9SpI5mY+&*l
zB~*1xrwS<ES<UpC%>_ApW2vyJe4Iu1`Qsu*mE|GLlnic&#mEXpwGr@Xc=tDQUF19@
ze<k4t6asi@Fbn5fv%_|zdciX5_RZ-}$nfq54&Y&Jyt>TYvgYUTS>h9SJ!+HR{`XBY
zC_3)xL4K&lAD`U__U4x7fz{WIv3eC*=czvq5}e!GDF@SQozKH?hiicoF)_FD!A-L@
zSfF|FH=c!drL-^@+nYs>S?cvZ{ul%&e=iE_Rb%|1vs=E=O^94Zt3(ztC;RHU-BOw7
zw~W=)=+E|!eZuA^BcI4smCeb0;hittrBwSDme9jnQQEb4NLpG>bLsbFgw4>WC-4m>
zJ3;iw(eg~GFnVkaDn&YfS#qZDvzkuxej7dqoh{C~ibuZy^;`<bMv1&i$Mk;Xe@HZ6
z5a83K0?fLug$ye&0|X4fUcscWDV<a&wNjf8pM=x8@im6{1>Us*S8Hs^yf4tR?Ny@z
z7tC9mLw|3P(v%FS@}kEO0qhyP-8Cw`G>IB3VI5OA^jq|PUzjt%cXbaK^0+vEh?HD0
z--UL;vjhMyOm)$IUppDMY$-wze=uVM>S|QgOAN4W@9YhMeFB%&`m!k{t_pn$=Fc3m
zJT(TD9hKE2IMK~VZ|0sy^Wl+Ws3nV*S#D>eNlAI=G`B`fIqwiS6tYH%XdDss^uBrg
zX6J9_-KJjT?ty_76l8|GcIbU7qn5U0?55_Ik;w`3P=2jKt_BGU$J1yWe|AFN1ai!g
zxRGdW8!PSYLoWd^+!>D}4AWR*IhmGuE@JukR~1W3V128Rs?Um%P(2LYe>*>JNUCV9
zlr3Xym8nvx;1Ef&vm0}uG*HynW!!RNyzDmJ{PM36`#$I%q*7_bfc3So`f+i7arxq)
z0>0UC;<+)p{$%oxGGL4|e`pT&<GU}oU)Y}7w3V^ters(s#;;?<=icP`%8lkRKS|Ss
zaCtN0#82dw8<i^$Qxmx9FsZnX+pNzVmr7gU;FF<5Gbc?dE<mVHI5d=`K$-sM1&x0u
zYeqweY_9JBZY<J!7rG6&c}KLg{Z&Uc54A<~daNv8c)$%1Vq?91e_`x2qr>(4G;Y)N
zWNR~3w6UI~{rW2|?u|>)lDXk^nWdF8%BA9)RJa2o3Qa~l&i{euG)*mMVY}X9>9AWn
z$!;$xwP`0bQNl<$sfG^7=w9%$7P&|d5KJ961Cr3c{d%>Gb56XkN>rSL34Re5v*5V{
zbL+iC2~mns^tg0{f4J!lUwD7=5FXN~Bu#8nQ-Z}@@EG1BEt4~RmiLpn>iuZC9wIdS
zS~`Q*-sr^nRmn=73NluxQnjz{8wP&3S|^Mt{hN1ly}Gfm<7CRx{ARpmY-ZP<L{Fm;
zB0w8q<A<i)>S29e3f*{|5s^C=--Z7fia8SuioxP4oNurnf1V@E8$`OWHQtSPaN0&w
z#QoZ6LDPKUeaF4Hh)Jrx_Hc8cNvjJ`NP1y4FQv#HX7opB{GmTmL9Z1AxufIH`X#sP
ziE`k@E4Sj;I-WYAyULiOYb)V$s3Ba)dnyba;Tx3kK(<wC>Pb)N)RjBY#W~U_QIVq2
z)z#XxtcsU6f0gYf27NwT{?9L8!8w-tS8&(GRVMc%-fkTpG@2vDy3Uj;)rsO_k2gH>
z^dW2lGdp9FG1}8_0jy8{fGSBc3t^uIUW{lpXK;Z6UPALhFe`+ue5Q9lU$Wr#?YOG?
zF&Yd@u6N1}zI#I>7IP!foZBT@h=G@F4^(ZxZ&;_vf3%0odGn@8cQEg1uOOOy-$Wf3
zf;#;HnzY-n`_n++%RoP~lEs{cmuvmSThwpCrI(j2I<KIncsWv3xHmqnzl^#ocrHY4
z4#+@dN`@b$=|&?5uf-&+_};Y5eowHYi~%tslCznp8xH$--S0Dqj4k`vHY_q^_7=Wp
zAZaRmf08YuVli;V&e)eWVY)cDoHrFieb7E>js<2G%^f2da`IFy>;}NS@+GygOcUAc
ziaSl<w6HXpB^NaMMlrU1pXfcSdYA-1^D}bfJx4m{m^X4SvhB@#)!y?I`Njt<4f+R4
z3%I>Q#pjGsVoJrl2pMe64)?v@{>ZPy2O_eMf8CjBN_(TrSTUZu34Q8D9htP9I?#Y<
z$ZS@e8t;ICu4|)_t{u=ec&S9)Z?sMO?&LH6PY74>SJJq=i7Hs;;VWRJE7aG|%?(d3
z?tE^B&d3#)oblP%o#zeb+0O)yfU1|z%Dfxn94IJgVu(JiqZg)(1|NlSQe&IGd+G#`
zf6NF_gGekn@66iC*+L{w%-k{k@&06h;Zb^@<kymx*UlS!CuTd!*Hf;|$H*+z(hB~k
zgR?Vlf@w}g%k#x#9jufg73}Kjo=wNsS4`pg`5^YZ9<sX$7${W#D-KXGd@oG|1CF7I
zT4rMQ!f#MfYH>6Ro-+ljx~{1G_hpmof1cc>E`aR$-yz5PKXEuz<TBABa=`RvITck%
zWYp-?dAJ0tMkNsq_+i0WBAC&CJ#r)_<tpC87`;{6Y)0^>c3IgK+JAZ<AvDED*s$_H
zt<v+-tr~UK?k`bU>$Js-dQwHqxl3Iyur)ek!dT>nvY0@Z*8>s!strvJm&$Q*e;9z_
z4g?Tj8|T@w_GB=sdl8D+7TTyF{rTR{t%3GNYZ050Dpe|NHpKw0tH6wREy|LvH$mCc
zMltad;%9RSZE(JMvt_lLf5C3xM-JdNqFNbxhs)CS%lb4-T3SPMZjkBHF_w(T!I%k3
zgIxI-m-r*B>>!MR=9a00IRH~wf2gzEn8>k2HraIipG-&Jd^svvoa$d;hdJvVZ?r0t
zDm13uGHIOQcoLgix|DFoYdNzl6=<1Ck>9qwhfbVf`hAoJ!%s;QFWey5@lHKVvmZif
zVP4*p+%VYjhB1O-#*ezbbb9oV0#-XZ<T-v;8m?*VHRewr{Aldk<7bPSf46gAF20us
zq+KTlvR6j?+B0Pj$%Mq%@r!((D0ea#Bw&M0AY@t>4w-6jF;=mIGB74OYHpjpx|ZX~
z4ChXscf0*W)3w}tbz0F1QRmNBHt)~w>u<RFpamDw`lK(X#wo#1TmIWm1~g^*uc$^(
z@KdkP?O62i$~gF=zu7y_f5S}w?lRPowi=SO3K_IsqG31>B0cw@%!wUHa|Sy8@}<H~
z+@~i4>!DFA%FZ5K05VR91k+~d2>3*m2iaxiVELHPH(p*2Ena`guJ&+??>U2BsMMz4
z8&(p*#dX|=PEoS?7%#PXJ${k+jf_)G&;4~%r;!MS6|7GgfVOv#f6=5$bfD;C`xA`i
z@tK(R)~lzx;#YIzk1_v?R!psaKm(>v<rkML%mZOJp|?1Hf_77ix*UJ-M49ZK(rqg_
zGHv71br&(txuZ1M{bWA*&(?z>#=|5T%7Bt}*QXIgl&Ba4bItdoxg#XRU>*lx*%ikD
z{-A%Orxm`u)%Nd3e`hOO*>us?F45CKSqqHtsT4Z0<KPs_=O-*H_;!X1o>6TrE1@^s
zQEWDrW-AV;3X3MpED!F~3JQ!oFDlP0Qd<rQi3o+P$&4wcB8xB1L?k2D)amo)HI%uq
z21aJ*J7JfQ4Z<OzY8;Ftk#y>NCxxk=dUXv#P^*~?EC=3(e?h6zA%RCix;z)zr9W^H
zKK`ZCr0i7BlUY_A56H)pDVYcnRDcwAsSP<eX3uRJZiQwCkSW}m1sF$#)#Ah;M2jt^
zv{D_c2~U*!wL6jVZ+X7w0nfUR;2<U$1hc~GGIkq@1QeilMiFKWY8HPl&dO`M&qh>i
ztnH4#!RA@Tf9o^BF1<ApQp_n5K4*wdEogn^NLK5<N7EI*AIOeMR`lBSm8HkiiAdBJ
z+#5mi8J<_hQIDfL@x#PAZ}I38LiU(K=WiaZkdh`t775Ok?(kN5>p9q#?g#v}*4Ed6
zWA_aFS>L`Ww`xNv_PVjr8=rW1z?a|}6gCy5WHbdgf43Z%ok>o_%T*6U->mg4@1~2w
zpHGu1=km0`v~?ECW}C-00s#Y{15ZO)w0yQ`Xo`FhWrd$HGa2z;a{<Jx!__H&!9R>1
z;{6AAhvJKppkq=B*e-Ch^ZcCd4@Uybaw3uuIdk~SIu9dtF;uBvC;|C8&%ESq?JOgX
z4)?;Ze?X%KK)S9&w5H3;Njco<S=$%~GI@A;Ykq%ZJSWwf;&}&dtLuw=`Exjfp;+NW
zi{3}eMtK8EyMc!tyXcQ+o2*815LUaW?538I>LtmOr`&9^cnFEfMv)*;AWB>{yew8n
zpadxckPI<U<-kbXyTc4bqzJ67d=MRw?UC-Tf8Su=q-!+W-IUT(_@l9$Ek>|t3zTs?
z18~L!snH>-iHAdAkhrgbdkz`{Z<~FUI_kZ4!UJGEQIQC<erNWLJWHJowMH-mN_LJS
zJ+NNYNoS{&*x;gDXkutdAQg<60Wm^UVMz%!?Ic~KsZ82~5**74;mvPN0fcofDkWcQ
ze-@6x7@+}JDJRL#JXrxaMAW2lWP%bt#1#;6S{R@cIJ(6((jPuQ)dF!G$c=#E$WIbh
zNKB&^KJKXBD$p2KND%#4U<E)_q*_u^L9wF5_B5LJC<fs6e1d3nbTN?CN|B?bIwl5T
zB&OkXraj0)o<eAoy?wq*4{A8ZX`sHJfBg6U5FxwN=F{_9|BFjW*nt1Ol$>4zP0`Wp
zYq&e<dofgPMR(1KslCA`HQsEq-OTf>ZM5Bd9<~9iWv!Nm{1CIYvm2fF>1$=jfSKhi
zw`h!Lu>O$p>h7_Kbtkq*q?mcN*l64rL-G108u=nQ3fRrc6ae$*foAar5*TWkf3~Rh
z39w^BI*V;sthLA`bBcz(avGGFWA}*UDV>2-;yW=^=J|3h*o%ihJ&k8wMPQB{=mIMX
zYufdi=%$c#T}i%$e@nIXQu;c>Zzf;AhL_yzN_>DQR#vDvR#<;ZP#OIJ9{pqjHg2OV
zt9D@GwH05SwE^`RXShQharv#ie?U^6#HKBP64h;I6$DvoKRMmsf{uH;bJ{chtS6n=
ziP(_^pk@>L3%;3<=S#dkWkDH=Qm*>Wu`Ofzt}pNs1?}-Azlx0cTv}qqzYFVEU$jiO
z01vsS>dpj?9i|(Z0;#X8?GJo=4g;m}11Ml0X4nL_Fp?w-Q(0trV`i=$e>0?RA&nL~
zV>!@&yy<|k(DVbgukmIZ-9T%<1TtWkp1f!#;YGDe0;!JLMx1C$E@``?-33nrg{=`Q
zfP_Y&g?$@MKjnUx-r#$y9+v}%b6JTe;orf5mg$N9Jh}=PuIB}Eh}#B2$Bof-;d+Fc
zN~j#mjJN1UUZ<l~V^MGDe=&n@#zW$y>-KYRrXZWjk5Zk1eNQlx`^{3G*?l3FnUT$_
zDs1u2z*+HuyvCRc>~mV9##e9Q9@K#A3_1~^Uj>&If5_dFX-6#+cH4Mwm0x4+Ql%w{
zJXIT-AreXvyW`mbE&}AzKr1t~Xl---ODFkNa<t~wZI;|8p!<7hf5D;4<G}*nHzpe<
z0pL4^oQfnHv{_tsrPExZTY&;x5mq=eK;ONGz{+Y60h&W@0~LJz{+cr?ve#l}vz+4H
zf=KR}6=o}z{rc(j1*SdBK{Lg3kspC(X)LPSzI4sn3`p&SBKV3+?GGNiaR5R_TQ)yN
z>m&S#V%l2-8X?s;fBurAYSiI6poL5afp?%?PCrPRw%5Rg$oK>wc$x@ouXAk2R|fqJ
zK0ckz@sK=S7xN|kEAZ|yd(u#B+-Az{-zvaNG!iY(rhYtoHIS;}+XNf;j8y(YOB`F^
z8H4sjZ|m8&;w&TWs@Y8D{I%ZN>??LmWi5xP6|)IFfjjz$e;LlSlSx)u%Gs1Lz(Y4k
z%NQ#Lm#7S<j4TRorV1>t?7K34p&_o}4K*1nsq(CJ`FPe7>OB}9F#sw&m9}abuR}xW
zG3Z=cW;i|PAN?-E$PIae%!+ExF%vTYmdUX}!wpEB5p)Le%G<*2xNF);@#IR*@SJlS
z`1u<)M&!X8e`n^XJbM`jzW~{L4}{A-OZPPgJqA~u(HBdExsL?vgZBtZ6QrH5^jb1t
z&Bdn~cH3C|Jne-3t2CHcaY*$uMW@3}({Evs@LcGDT5cqQX`;R}U8S!)z>;?G-0#!H
z@MzQI=^$cj?~no@xHkXBv5S_LK+wC=IiEqJ-!3cue@9m(5{~l+XcyTp$W-a#URlN2
z+J-i$!b_MEx1&>T6+o&B&^5@pH!n5n2@hP&bbW#@TImo~<Hy(%6u>|&L1yBm4fQzZ
z&}TB}vW8tG?91FisL@2!r5>X9B+M8$BK<43dtyS)<7}3<MYq$ieQVR;Br7q-`nTm6
zntQCcf2R<Ry8_Ff5eeCt(&tCMh{%=60bbhp$g7X>`5|3Zebr(WdcIZs=dddYt!#UA
zmWovDX>w`%C9Y1>TBOJfA8$;U3icj9;U;JpsDTCuR09ic-n|{QdP6y&uQ8<wJ^l(U
z?#63}oFPtqy;{A~k9&9M2Y2q7s;{KocIr)Wf3|$}ZRlnANqRmFast#57#vFg6amSw
zHy76co(HER*|dPg=N{YgY->7IuO>^E0P@)sIqBn?)=yHyd!gT80^Yt$RXD7Z4Ywc#
zegZs`!v+bq0pk+c!UvkA{0?<ur5nj3yL73Pf0HBQbElZz)23K~<aq<$<Jun-r|x(a
zf6Ka6x#a7tZ>?3kI7bQza#$B@pBBYPI3+x7w$N0@<k!P5z5BM`ijM?H&0x%`*61e`
z+jnuxY<~C@Fp8#R@*v*L2_}7O8Ttn`E(aDYUs)WbPNsAt7r&_g+(vpwi>?*$^at6n
zu=<N`ajk?HUTY>-^nkwxkR{O7{-L$&e>iZO6_Jq1BZjnv_5mZx?96^8v%A_emEn1C
zOvdg*Pi>Vj`n`_;sT&i~{P(CuBEm`F%^-wwTV(DQS@0|TROD${`hHBX<2_J2e6h}d
z8(w?<53S=!#YG@25bYvosy<3M$F{%$u6AaWUxp5*$U%Y-<^*AsMry=;Vkk2IfADS)
zbic*0Y+;qU;JF_0`RUHO-qT;)0M@=>r$<uB$6U*WtFMuTIbJ(+7K`kQKzhkl{gK&u
zw|VS4b9Dd?4X&~lNFJgbNTV)oz0Gxn7^iB4D#(7YQ@;giOyL~to19F>7}&OmN)H+t
zM<;<tK3M`Hz+1AtrzaQ{1FG2&f9VPP5BhB{dU@YTxx^2u``=#Q*HlMqhO!bY;{~j~
z0LO>_gdAumq!wdN_=r@XBSVnjLt)Z5WbQ!H50XkWEX1o?c17-G!ln?I+DfiVu#C4C
z`|P|jx?{+x?S|i)A8&>0@$&E5zbpAnyTOKgu*CZnvBXi|>B~C6pnX#|f1{i5;V>Mz
z!kJ*UP-p={o(L25LNNwTi!%vZOUshBUbG5hHzh7}#WkcT&p-m~?bHEm?nC=Q*R$^M
zX1?r85yA62LB(ej!jfsO)eF6{<kz>w&(Oj!p?K712Au5VD<M6egLA;O4Y0s!^s#c&
zVwmv4e@rt9%yE;yKV2Qwf4Jd2A_0Qds}XI$0z@-MA0Qge9JF$rLp!bPzt8$==8Id@
zS4j2d!5Wuc8mqKY`D+3@+%2AyS@fZ_`3O)_(u{P#6Uigs1-VG$;1!7ja}gWvHEXu;
zT;`EnoQR6B2u}KZ<VwzOI(+LPwEVRNB&Ax2$RR+<2~$8NK3J-oe@IQfaN{R>eIN1F
zQbwgb3_?1F5eM^B(AuKQlZd&_jL^v%lo7c0j7qH<qQZ#v&_jU1WQM7G2pHZN6Hd&r
z>{Hmc>$}a&_}j>Ir_s0`Ou7!n`z0*BZN@>mc}FWQInw#?e7uHwC*+98h3fBqdgs`7
z*aluu<q<cPi(?OwfA|Nb-q%F=)CPqpP&7nAkMofmrHG;iGF}=`egs18L2PMf^z8W;
z-|mIW&gjrz9+RwRlO~x7G*q<+G(*XbuI|4hrY<1+kmLMK3p#MztEF!s5nMmJwkjm^
zwK7z_>@wI>H8fM~8;<kA5px?FQK($1__;WN8l{0_k>rC<e{~1)qME%Z%7i1b)k!Yb
z`R%^CS?%g6WH65*4k@udj17z}{Y==>!dTAhhFBQzUD}zhJT?K|d=8+ne{3mYp|mGw
zsam+gL)L@BQ-!^mtn?%nM7=RK<O`BjD@52PY6UC_1p|<fpgJSDDW>pQA{W4e@@W5D
zC#*4e;;pG?e-UV>mzsW^y;~PwF5z$UbrB-?3>no(YTMzlQqWVntZj<E^|NzDJN-&2
zKS98~qHZ}U*dm>fD@cKeB!(egjU6|Oa7H#HmuIv;v{6xA#_qpbc)T2?tsQo|v5IL7
z#Oo9A?U_*%6u+YqOy8iI62~A%><n-+8pc@KBKFz?e<F=zN*oA5E<-{(5-tjg?x^(I
zp2Y@dm6*iEZTy9<YO0!J8eA~RM|t|}j>w{99Rx)gfRN}ZY(xYBhXu-%p>d2r=z>zs
z<qqcn8PL+*LExWa(&uBEA#aE8;>j&)smVXXxPTTT1ow9k2#ACT$I+yWdO`<eYg%aG
zb1Urgf2UtxGJQ1DA-G~ykM4Y~)p1lMOX964;&vawaY|!8)I1QIcHbZ9i{_2jB+0M!
ze=)$rL;m+#laWmC7@cL`|7t%zHno+x9`5dbx&7o7yV?~UX={Tg?4YAGiHz(R;Ryx_
zjx)|&0aBS-^|>ses!bK8R7G@Gk-~>URSIoue+5OZ5<saMc;5iuHUQxb+<fuWwDWR#
z$#XsBo3qG&eR)~u*mzgB$c-~?;c~+Zn7#46hDzJ@*pKu_mZ~JLRlPYpTnZCvT%#`4
z;7gw5fHWjZr_*M)%^J1%wHMRc+Lq^(GaTvhi|PI;m-}m^j*k9ikRsoQ`S@eNYmwQ0
ze@4#KJqI60i<^yiTaPmB(x*|RR|BlSjZW$f#Bq`+Rcc{vu7El7$k?{F7WC@sDqOAp
z+NZa=`r>MIbTkqG+y7mjXNQfC|7V*q#+!>vZF_BQ%jgLa!Rhd?ViW3tMSDp4Y~ci1
z$PGykv)~r7jm0RVYzY!6e)thh+T!B2f3UYVcU<!C?Tw92evIfJZEfv~c^VLh-F5Tq
zce$r+em=fl#6_Kt(pcOx-7XAwqnPh@y>jMTrqL<1!{)zI&|4r<)`O}&r_-B?bhZ}g
zMX7@?yc2cOzP`M=)+@V^e1CM}Iy*ass59SneSNo$wcG7{oyUO)yiN;m9$yeYe<^P|
zd*JCNHG8^4<%F9T80J-|h{nVXykeXj!<3lfFVZM!t;zZfarIuvjh^6tr-@Q$4m;x6
zZ2p1+l`2Ik6$-R*i&CnT;K86!A=VqA;b3L`bh=n!_%Ss%KRGP|BJg}nyy5@(gzb}I
zV_jI-5^BF)kNLmYyQd&cg7!i5f9-zTdK=TWZQItgF>TwnZOpXo?rGb$ZQIuQ{=0i|
z&R(22v2h}HFD9aXw-p&xnU&9z75U`&o5>?9ot2<u5FyX#!42~21t%9-`qf&`LmQ5L
z7I&~dku5f7tO#=oaf)<;e2G-axnzklfG9m<lxgN0#tiCh^w81Y)Y>{afAuIejYGfr
zwM2ij>GJhkCdY%xzdlHWrx4vJ!^WY1Wq8B*z4A&UL}M1L7$HU47@7zf5J=}2?zK-B
zT!d=q2uy~W7ge_*1E~_C5<`X{MTJ?@VrghJJ<(d9tSh*_*{U-F-a(2>3^&OhJ1&E#
zArT@_C0jWB+}OeBmMpG=e^GY%rQu|ojB1hoD}Cj<Q^?XVIM)r%R|G0K^H78kBmfx<
z#Ye0F23-=SDuX=LZ{O6^k>vsDfux8?5GSYPdJja{(%*Q3{7RFMR70(SxUF24urOM%
zxTH1=S~8n6TB|u_Y{=#$Rjt8bVJeOu1wdq_MC*^t=&#C+04Pi@e@rZ!UUp*wscMW@
zMhzvB{t1Z#HBt@(382bvMm8T8r<e<OM0wwdBF%Y~*ptu~D+kG{6ags72nfaa2{Bt1
z30gTnc2a^Ar3m_~wORI_mH)hT+CIJ$1oTAa86i4)r@zR2OTTf%q4_-{KwuXtb;_#7
zu&OIL8#iD})@dw6e}Mr46*G%}EZSF9jE8gW)-&n)h&j;Bh#KS@IRLz)<Km2v{!|_X
zr&B!FH!4bmM)BIC_+U<guK$H+1ymhpNKg2v(X|q?n)*Fa1JLu;^yM7h=>ubylbGp5
zu~4Ndg#C(}tRTRO8dH@|20>Svn6%#qjvEk&O!+_|KwCVVe|1^58rN^x?I^M}h2TM{
zE5-DUZ9X&FsnK_(h#2Lp96<75iwx2ib7$Bv;fTudGt%IM3I8(;{dd*`avKbAgiOgC
zsE~`m3Y9V01G3>rbVJHLwKa=>(8CH6HV~0vvoYXL$87?{&E-}av-i@vgzIb&0*;9`
zz*d-oZPaRje@;az-mdsF{;=r6fIdc5mRIkVQc?_MYATX*YCeUJ*W*)4mms$Dn<X2e
z-|YFyv9wgCM8{U>IjxJ<X^8!l6SDIFx_NjEOkts&K|>~1bXB%^OSoybV1rzg0X?tS
zhp=H7cH7};=iGk#D`N)(f^$e8=ms?iU%@_yK=i7re-trL_iXiuRVHUFWUx|?2sdA7
zX82&JifhVI1^K+{Rq4aE%SCxw%z-y+Feg3KFaya_ptMyXFgqzc4Fg@c$wpmv9%P(c
za7v+eq}-D}JY>ndUzEq9L4An-1$7ksTl8Z<C>}LSlD_gA(_RXhvO^lOL0q~(gSz!q
z43tx<e}u3|P#Xh3e`)Ix%xUT|Osny)weyBhG-87LE{yW@7udV(wzc8nLDaot&ohlG
zHF}>SO5C6$9o=N>;7=kV$53PlwdlzBMy|s^@des+CuFcJ`xzm~_bN=OVEjt0Aa-m^
zB4<7B-8T9|#|%PvNm5j_CL0CXG4NAWOG;DCe|Sk{X4+)f0*7DO=A9stw3JkRbj0vU
zW6QP$_T!zU8ek|8Y$UYiH-fg@670XlsKk6kJ|i?}m%1sD1`O-?#~FFI8!jqQC;(&W
z)S{NUI0OSBPi{i~_A<d$6_hsL<VTGhiLynr)Rie}e17<q_(nzr#`T)C<M~}(U3SB<
ze|SkzV2pI<f2anH35~7T7sJyC`rs>qvRVW`%ws4eLi)R}$T!ZrV;AQlf4Ki=5LP<7
z?EP_*dPGbSWO2O0?Ybr^f<K=-oyS~sgTcp&7&bHm6KTTut;Wd0620#=>r8#vkx48l
zw)fMD;>v}G(&fQlIb0bZ*R1!*gvj|}e}7>C*x#Rn3Pp6Pdgg3oWV9{Dp@Ye@8+X;Y
zY-ef7jg>lnpd2Ghex_K2$_;<4K4UJ)0zbyFDgD*%CtPHP_JZ$z2x%hzXWQ$zXyT?M
zhnbI0Ztz}XwrwvZi^ol#9vdXLwe_`V<~|(;XoeQkQXTd5sfAP;GpAKx1e2T;e@k1_
z*BYr>-^$r-oX3{j8J|QUKq$Zxq)cSh-j>}Cv`K^brMXlw&XQpSHu<YOB0)O5G+9Zj
zAOwU8r5Hv!!TptLPT>=tgeO$GFdxcw>x7FZb|O#)9142c{%Hb4nhF~SM_|I3xrX6K
z&(#2TK#0F)`~9i&8RVtM0V<VzFh+_nXn(S>jOHe>G$TR-UO(?EV%hc=pX;_#1D?ch
z_WR=7H67A&k?iXbTz=<p!?N(X%nCLA#&6}m<3vyp)QEv3uq?Qc9cQ0V1#+hm#_+Qi
z1An4|UkOlaQbfh#QXMZesNeUvbI<vq>>M}CVB@T$1U?T$B4*H1WJ!`#cUf5#*?(=S
zx@qwC&zo-D$E2v!Ev*(CLm06?S&K5ffyki&td(owAi0K!T2vR!dIKI$$LU5QC&t`&
z8ke_`JubS41l-{UlCXosG^sT&kC)BczQ&`VAh^RGyf+;`5a1Wh-2L2vB0;EN2AY8W
z^k-)<MjKV$h}%(^#O_xf)G$5qV1H08@x^skxh;=(#@15{Ev-x{jHuVx*jT?8;><4O
z9&jYy8&~qA*G2#sDxUhS>6VeVAy_|S4<kyb$Ch_Z!LdYf3@%sD<LEnzKQdNm@5>67
zUFR!QCm$ax2iyGS=I24@^On;=Bq#_g8yjEXQh|#LRrI5_dzBy7A>^WQ>VG0*`Bb5_
zgx7A1h{y6X)ka$yW2#^%sC3B3^7yxulM|ZNvTMRL=Fs~38vb{_XBT5nm(ROA8=aN6
zh6lcl)sp>~#lcArVX8$Qa>8H;$hL^8bZLqe)#X-LyA9?VYwt6oY|{R9=lE%yfMNgJ
zqjCK_R;c$&)4DB>?;t3MmVXv=oJElymz!%mx_0&PqhZg@0kGI4zmM^+C#}$7MLVUh
z7lWPzN50N~?u-qEhPIE({eofDzQoAPJofVPLNx5)>&m4?54Yp>>^<FR^IntMY`o#Z
z$Cr-NH6a6@qg?F{=<m7S5<Fdhr}R6-q2!6BOw0Fy2<&<GxLj1Pm48i&!Kop`sQ=k|
z@pZDKZI|`c2?}zt+5X%u^gTd>-fB8;I;38+KXVGIYR2%o`Mm4$B<=;e9YviOiw~B=
z>F_77m&LhSON>9KMEMqftKMw-nqGa_1YDKv)0jK$JuYL^VGl3MduE|GV_(8y%L^RE
zowC2uMyM#+o11l@j(_Bu5b^-dV`xZxn-%_bf6!b5*yHwmaVxz2{ht@9(Otzh)Fy{Z
zZ?OUX9esZUH(O6SE)Ec)=a@`rMp7wLwcljkH`-SjH9nhmz23_D^aBTZnbLK8ESf(h
zC`^i_P#rOzCXdCo=u68Xe?4Qt3W&p@mdEu=i-=$<Ox8#p9Dhr>^!uu^yX0<Jd5kG~
zDe?XO`Ydt1Tsw@-#%XQM7yc_xl2Qhv1trik5j(5?z{$cLs~8!1>@dl;{PEHYP4Kc_
zq@n#+boldm`+NTBKQ}`IMzsLmmaX@aH%BB0Iu!i$3A(OT9CfR^+MY2vd@hT-HOgJ&
zQg2pT4Em8IB!9%yd|qb5o|7aU|6W>l{FV7NbW=>;x*K}_?K7?G_Gw{fSEE(VcBl+?
zu~H}U`0&8HvbFT(#32x5Hh5!*IQRkoU!m{Y6wlSl`ue)I&KMh{`i}d<tVGrBu2WnV
zugh87{VOkz+ttTnmfO~C&thliYmwf0BnSvDr+p9S$A1%#-=&w{UDx~5XKj1?dME1n
z2g4HVsZ-xtX50T_9`(P!C_m%>ttkJ0wGL#R!x|n01fJ@@CwQ0XUX><4|C8WZRef^5
zcU-kzdyGc2^z;BAW6~4XmIOqB!X#zVOkYZwl1bQ7>%jtRg+y#}>jGMpYp{h)ke~!q
zbjeyWvVS<0`RriCk^S%)%bjj5HBM7})1NwCRbO?}j3Z8w>Ex52Waq{;NuAGczJ77n
zZ<mn&^#|y`Ur*oT1K+2Hzx8voy(V#zICIYJ#J@dX3GNooI}cv)wrZd!*TPbc=>QS6
zAwO38Do<$rh^O}LHr-U7E^L1JUO~ujp<Vpe)qi=h>Q?r!%OsWW<~w;<FX$diy4WH%
z3+{W=6)xmaIWYBOr7YIs=@;Q)*m(Zk__~RnjHFQubr;PW;hYVh@6GxmkB@MLZ)45Z
zcI~F|-ioa8*}kS@bnWpRT7R#u1c;WJJ&m`n9jql_PytfF8J&sgT`-F=rNuBOuGBuy
zb$_xxcY><|mICRdQ9&egL0AT&*|F?wd<A5NpC6XR6{;8pDXKrv<hwCikOJBc*|#|O
z_OB5tj=a3=#&W!Wg6)6vx=Xa|_e?70RNCc+Gqr`ykXYj<Q80~i8m!>ddm0Wr7-n@|
zcYvW^L8<shFlr*nLJ1Qlhs6_>TDB(Q34hL!W0Qd=4OUnH`O@IuzFQiYKF(6QCA^`=
z)dhmrd_b>ZvCp2(Fe{cXy~m@CK9)=~i*qWwk24s$qXmz9Pib)4>A%`o8k++g1j7@9
z*>XuLuMF<+HF*i+hMd*CoR?9jy7!3Bco;x;f7R2;w#hS}#FKF;b5Sl6l`bl70e}0l
zz)k}u$9g1T$P2J+4nG?Y&A7*{kOuY*chnENr0HG`bM<&Ma>~Pet3u#S3C)#7`>RTu
zoo)8jv)`tEfKBbY?Qt92lgM|@<{}fSaxs#j91=&z#p93Nj@XE@F3?`+7dF|01os{B
zMH;8@p3Q5X=DGyzbNUZfJ(y3#+<#P%6bghS6YYS|hlBjAX`kO+FnLt_{Oi2Z598hO
z#ygioHLu)4hKNu;XASu}QL==u*<yR^b8ZA;MpQZ>LnI(uEp)g8k+jj6^rwjsDBMPQ
zm@t4%g$`%8sSZW0TO!GQVm(pIGjNNCfpj6xjVRvVB2e7^HvrSQtP$J2(SPDkE{uGq
zEJK-~{I0xy@OpGDWv~kPZt|-Exr>SN3{|z&mdbsJ0OEPGN}I3_b%-WyBL19;iTo%?
zCDiYrQ6c|$^x%r|6UnH__Y=eDSuXJs(S8(<L}sro-;Fm~0JMZ;M`#gyd(_k&)!O*)
z;22PYiU>^kT?o41^3*ai(tlFyeA?8}H!)2Gv1mHf=vXCYw55}6t?q8m@4lFQ7YQ>R
zr2{SxUO{y1pQHc^N`fY+0Ekn6RY|21b{3Ii=dee#3RW{==jzdXpbC)H?V{JN6J1o%
zb7_q^<_~!kCfyv5PvF&Dee`?9Ldh^h41cx0P#e)40x~mY0o?)V8-LeOA==FkakB%l
zQ07&l-4ONu7h8ve`(D2J`^Px0uCO~?9Ra~MeqjJISQ&5d9ZI>fr%X@FJ@5H&?0>p<
zERFdDtHs4i*tRzu=kEC9Or|41gnc95XOB{whT?`MuofR#6}*G72Syl|fpSqsvT`w<
zxc}gX_&M{MSO5)tzkk8oO6|-tr;-2zbqW*ps8V&`EgJ5y7&mGeaO~c`qc-~QO;4F}
z7EjOCl5M1QFf!QTBFYu1-E@Ao=r7_?;4jz?t)#55Eg`32e0jb{($0N6>O2vjCgDbW
zC5t7857;?}x}{&Ry0I|sR<s$Q!#~wMHN9Kgb}yGEQGKcyLw|l3ad{Nadc;mSI%kvA
z=1Mawm!lRsBg-QkawOP-@2W~`0?}%hWZ7A?r{tJkw^PUH(DfR7C#pSY6Mek~N^uP2
z0+b0C3lU{cA*|q+fErf4srjTSK<?S$h0QpJmru;QO@rw_m@!e!>9SF*V^Rh11#pEB
zRFKNB!9W1f7=JDwNwaX)CgSD5Jj2BRLl=-xSJ9U$1`rHuPD{_&ZiQH&vXu5tT7Xpq
zFP(~5o3u250cB-#N&z~`Xu1%GuL`2?@dxet?C#JoR>fg}%v?*;vIm1RR**UX8H33~
z0}zEA8Nr*<pE;_Na?dg{nBnyYwL|sS_!}6gT5cfq<bUfAEf&O}sr0Hxl)kgOrM_Pc
zy+Fu0jC9t5cJ?*P9DLt0zNH*rO^!Dt0)uY-L#IbY9o>rFi9dzxc*sj&fu7-*Y7T+a
zV_9G&p^8MMzrb`lgb~s)i}xq@C1FyQVn@lzrnd@6MtF?(5#$LpO)rh(v{aO;S}E1@
zfYDH|vwvS|UxN4<VOyUi9~}OkQ~}UA2ItFLLmYF_`ijCA5?INMXwz^INmdpK%Bjp=
z<gnqG3CIjY#v}Xuorfd?+B5)VTn@of<}5}owYXl=mjE(+@=AJ>0izgs$2aX)md&QG
z7&pJMt?%b;{&k3Q^)s;VSBs(RZvSEUk8+y9{C`F$GPwvR<v+q&!Hj6iNe!=Ml(Mi&
zBaUX6ung9UHjVZbazmFcL%)Y-ErQQmC7~;0XHJm|oNBo?CzD+z7;z1u!M)C*`TI#2
z2FvxTQhZ)09;*2UjM{cOv6y1mD3$)Wus&In>gg<)`F}5@$D^X|E;&%s^=0sJW)GKk
zPJf)u7LfMSd2@gl%vy+N7ZxU%8uc?qzK&;=w0vGAF?>@h*DS^fJdm(gbLaGn^)AK&
ze^S9quVSi7!AhGXq7p4e5fhEQEl`oK_7#d0`rk>&deUK*%oQ$WN>EMC?IzLUT@uO$
z&KCV?7e*U?vQt26c^vX1@gj>pd+c(@_kRuDSI654ulrCgp#Pm>xk?<)GRHk@LnYQK
zAlYoq2XQh>{due~tI0iO@ASh$<>S}iRZYItEWAL^pe0t(PX1xUIKgAiYO)8&F(&=C
zFP4wxid~iCyH$4XiCZKcGNi7{EGN61&36Ar#;ajU_0$krNMV>lWWZ@hy!==W@qeF9
zxhgg}ZtUBSgkvo0YBV)RofLz6&=Vr|YmyOwhzxhEhCUsDF9^NR!$838n8W>Qv6kyt
zc&A{QsQ}k2L*Kz62-bk5q;syn#=JvN<=_W%OfQx-vnV(JnQRFaFjn8>wl9d))bh{A
ztdj4`BtiXq5AD5IF@=qrd_vI)ZGQ=NAY|uV2Ol4g?gks*q+bU{lM^wcbi(=hk}lVh
zfo&YQoH7(20;y;MQEB0V_K(<OR3tR0&GcGLBiCtOJs0de?;axSNvB<OdYqC}&etUN
ztVU3tDJ#_AL}wt2c^spZkj8GpA`wCR5qpy!(mGes%-}t+5w_bL)kg|nEPvVyW}If`
z90Q=u*zFZrt3;uo@?n{hU+cX5){w?Qb%!FPI7XlRSKB6Zf?h2=3}$@VMU#u&cqKLh
zI`b=@bN*xYG3Rj9sn=B=qN_Qu>xj_EYJd$(`v*MLn~2iFxiDUbcjn+d(jJ?uVO09m
zsa&DI=Xi-S5|+!bbM|%MsDHgKa=G<HGKq!!JEw7F^}y(zg_m9C&1B)u6GirsK0cp^
z?Xl#U&a{4)Yr4@g{vMU?ObjaijgRY<26EJV6p>I>=!3Us1r9CVX5rF}y$&YBP3eNj
z+-!KvA%DRZNQG0+FK6)vHsb}n1o99{+GagJ=$!AdXD;vRo$VW@9e+&Q{H_A(uJ#sl
zB(`H}*~|1k2k_W$_n22cI#=8dtUNIJ&mEZjFaMCvdaSIZShT+riQ+%@^T_d!PBs)Z
zu5gaL_kwbYpSuV5I#9sIha=o{Ed9(8!mKlyY@bhE+r~FzoPEEG+P#U!dpx@g-vV_P
zFkKT$jOMCbEUUPKCV%PV`PaXmNyd*DbdXdkZeE}T#&=?Vd5A#RdI3KbpkFt?(wpK3
z(OuJVwKbU(rl+F>6eN5)zF>tV?~J4MfA?cxlhJ+J0%M?V(ZtUQT9`lU<F@+Grac=@
zI%c73x`PmQQh5aA-S2hD-_|HzFU92&hq%hu$+1tJKOa^yw0};hh~UY8%&%kle4;fE
zaPY#uO>*O;2%N*&c14-bUHS1$U7}R5aYsfOWBJu}X7g=mYm#W`8$1qZB_i&(Z_D1;
zy=i_m+wKRhQXNArqi>qWZ#OrHT3Ln)*s>0IC#;9je}jLS&c)gNxA;8eN#J%L%p0RF
z{pSCX0<nTf{(tW;d;iZr|NNhi{o|j1{`u#hfByMDiFDIH|NQgMKmYvm&p-eC^Upv3
z{PRE4o&4vYfByOBpMU=O=l>KoVgLO9$(!Z>WvdJ8fBA1)T?XB8&Otzs=l{p?6q(x5
zy6PUoe%o4B*FINHQybn<6b`7vFib=d3!<v5goVngkAHcp=s+#ih!TuKJ$%YNm|L}Y
z>YqNld6pri?zu$e<@q2su$C6OsHlM0tQS-Y{Ouw9>4}UCr_Hp+F8+(#6?xMOheV2|
z25||qDK4+iWv%V+@9!?VsPelC=O4a<^w7BiuWw7=KOqqkWbrF!HkL^anqRpfnM%X%
zrZ4G1aesPFyx=IKr)<6>h_mYCw<O4X5p&X#wh-Y#Fv7=2x6U}DKnyjt!zGu8vEK2o
zX6*e%Q>rMCKUj&p1YVAjH^Jg{hK=BjMX<6vzrLFM;eo4_Pi@c(KjV@?wkPFbN*O>i
z`p_`+MWWZ!!)^a?idC{U@_AvYOU=Y@L1>K;^nW%clp+k}?$fVngX9Em7%s*L&3*ZP
z>~IJ-`W|dvM)_mxoRJZl5|I7zfgCYF11bU~EBLK0PM97G$We=MK$WX&siT(@j^Ih@
z6ysQ}P8@&NI)mxhy#M5YN<!kve9XStCl#_D<1y9|L*B1@JVg+smNW`w?23%_Iy45I
zWPj0V^yyaRlC0B`D3?)8KA^-n&5^igVnqyu0zkIF&UF!B=m#|nH`Nhg{O!dbl?dzm
zrKm1TeZ4b6MW}_mj9#e+e$e}~4y~Q)1E6mlj+G3SdAUidDMIC1Q88TrNhs+6d72Ys
z?&$<NmOh@a#6K~>?|ev_ezr6}<8N#QO@Fv<CT@lPI0&V5@e-d$L`W^FRy&D}-zgNv
zN;rhtcrIBIQqu^CVQ<KsA3>e*LskdJENBaU8@y8=>_`#q`I#^Zt;lA+t3<HHOu5a$
zOqP)2-w<QEF*?H-3dk?x(n(D%0r!Zi4fS^jHD>N}A+|0tx>UXYJON|ozXiUcV}Id^
z{heRlH?J5!mOQsLp9;L)xtJtj-hp38WG4sk^W<tJ&Rjy9D=yGf>kVG5A+fI-n>*RK
zjVT0TfX*^Wd54UBWiVu(j!M))GJBss7rkFxoBLLOWIB+^*}2FHgG#}%Jc68U429cb
zF<EAzCtXv>GbL=QCl+7)@)u=FK!4)Y&xNpUurq=GffFE4(nTUwB;MGRHU*xO*zR{Z
zFKPx6(_<y`X6HQ~9QKW2^_Aq^F=Wn1Qe6W^lWgsfG$MVB{MQkC@|`0oh?5d(K7EnP
z@`o`?{Q;Gw9f8Oh+@4yHByMJGGlp7*2V-LI-4`S0_qkTtN5CdJAJshFOn*T<gP?V;
zrbwTs#9WR~O5>Bd$aghb$mTa|%%^}oF+-a04F+=~dN7DD0DF7FK2u%_m75fwX;A3S
zfh+5>R9mo$Y%EmN0)jq(P#c`s0^xL`b0@1qwJ_?tcX0WubWY%jqFU~Egj77l9WHAT
zASusY!B^Xq;JtXs%-57;et&)LC_TK^F_N(*5DTuW1+-k^=Dn0uZV!cgE@*Ea3+=B>
z_>afzQZ=$_(VfpGh->!gj%j2i1yzCUnpTD|w%6yem2V&Gu;*R82X)FwFU<R+<1XZl
z&h18K@w-O^SC4UJa<r2h=C3ojQYHH<@_<DU@%pebZjnEPlS}mZzJJ;=n%?b3iF5tf
zBCJ<JI;+T!S%paDWav0V1nUGy466dq<NeXM%w0I%O5YclCQoJ8k<o<LX)NuxLrMtw
zu(X|_*<YAg41_~L*8$gd(V&Sn0h35G8KItV7IN}ZWSJPydlQo+>>A)oe+bC~bDKFz
zew)q?nqQ+ns3!>DW`B4zY0&BY9bJQ-9gh1QA<-4|6t4yT#+7Mi;{Us}aH=uN{M+Rq
z<=XJhB|WRZ9rjoJBr@6zux!|?Yyg>7Im<i}p<N`QlllqD0vIF~ao@mt`&Xn{SGl&}
zWNN?W1D8rU+5w^l8>&Ni+D{Q1`g?gmDw4n--Mrz(2yPV{$bYB74<q1(jZHTLlnpEt
ziH7JK&@Gjco<#>g%_VMp0NI6op&#g-x!}D@x*@5XEgsSoAjNj!xVW3r38vy0PR#Pl
zzKF@m4}y<`n4~?3Wjx47Bw9JGr>+LFv6*l5k>NLgq0-_9q#WnD!N@9KrDDzaOR3kc
zQe#C8A+TEd&wqx64<Y4&1J034Rw6RuG^`jC`bp9A0jS#&!d*s;zy0Tu1PHx8B_y*A
zRpWVSBog`=1#0%GmDk<WSP3;q{WaU8@$>}e#8?RetNbfE#LOW{h5!Dvel~#+D?l7N
zyOu6c78x$;H~X=?`lxFBci2XmERjg54TPwBH0u&;=6~dbg%EvUQIVD!5gpp_wydN2
z^Z_hI*K7utDN>U&(BrdJSwXfV!Exh^9wU-}P9R2?=Z%PE_JubFs}F=U@B-*8J1>9v
zh9h;RqHIBu*<Fw*;c?(7R2mQ$j}s;y-*y=9CU3rRMhrC?mfn~Y|0pB862X80t;bYB
z!EZ7-*MDqM%oXEjwEv9~jQ@hkIR8ab{T=0(`WQu^7{Sqze-VvfOA2X4z3$g1qn@;y
zBdMyJ)DU;jA0wqz+tiWfa(KQ|Gw+8C5RJbyS@79dxv0O${)BM51k(%taP)Z3C1f(b
z|Fz7h5)|jSyZ6jy<0~Wbs87}Rql4B!mU4O9dVhryI?wnBC(a`y@VRXr9J{7Qar3jG
zWvLB5O(>}MCmN~MjD8mJq$`uohDfrTd1D2!2KFVy_Bt8DmO{NN!|X4CDt1<ghqU;Z
zF+*ueJXa}8#1o-m;e`#7%?p`1ny=`*KNP|D!5_c?8HjljAj#-*nCRc3u|u-CS?XT;
z0Dot(pFjMrt=5l&#K@m^!YX-gf|pY`eukz+hZ@K&PszO$MI|j1yN;iYiWC+=hi|+G
zU%;p!$<3eiIU}sq?_dhG<G4<PnX=%u6u%I2{Gmr5fGY$Q=YkI{x<Y`s)a=tzh0qre
za(aWzKOl8D{K>-Nm3-<&A634k<qdfQyMHC}ENA=(#Qq5gaspz?=glJ-r0R=?8GX20
zOKyB7wos61eYRMY5U{BvwaZx{Nn_GYrP&g_poUX>A|xnxsUg!y;u7)qjB)!G^*rZu
zcu#kp_`Cx$`1%HVJyh&;Q{u}VP^y*1v{Z2VGK+XBD^FaGP=bQNSpGA;wgU=0M1SuE
z7r4>)o~Xn>lCrs;88N3m>(+n!Ol^MdBrhB(`eA&Su%3%#+gvDTv_PUqgG(7=LEhc-
z-9@cN@n5_T@8Eokv$qh&@L^q&C@CL_V+~;b4w=M3?O2CrQnV0OW{^?+1TDTvw+?SV
z?{8@>iC+Vru|Rb1_EQfxmVW*8tbcxAKc$iIEtSD!oW)gc#gW1`u|J0jGnWc&LhU!q
zdBBXqgtk-tV#d4tN*`j`jxY2Tk`-J@_rAe_t6X<)T|WgxX1}0#?ut1#XpyV)he+AA
zR@Ar}`bi>k-W4s6+=J%BLJVLRww;F<)_zFw-OlM#_`WJkUh$P$1>)q2DSrhL4VLBJ
z>x$n$y?b<>%V=G85WfQQ1Q)OVG}%!_W5;un>u`$S`hEL9R153S2)*GBb@sPCcac@e
z>j2>$j`f7E!F+9AwfGTzgDtM~N^S$D%`js*P`!@onR!%FJ7hzHanT%|>!we}vcIR+
z6u$D{r<}>;w)allV9jlOt$#wJ&J=URoD^>7+yJjw-0ybfHyXQ2kAqCnomi3Zb%^S}
z#U!FmUK}<1WVA*u_7%4!G_pUG9lkP3bjCMhDhOS}fg*(hq}};69+wFWl2%PLuVSo|
z*Dc%~e1xD5Y{ran`rJ`|_W)|xuTb7COsvN+#cpXGkJHSKRZE-<-+y>-_iRNgqAV|I
z=q_K_h&@PwKcB^&-n%r+9ARq!m>+GKiN{Xc#K7S~FEDFx?4QOqyRnvA>jYe@_TV(b
zb*Id;8~X<oema@)R)-b2SWrkZo*s~!(9z>5BhV|BIEbJ4t7}Zo-Y`GxR<M5Os&?0m
z?=y^V@eXm1z<sp2=YI@NkJzINBjWtTkIpY{kiQn{ml=ywT@#J-0poaP)Ph%3S^!Yz
z(Jy`(JgU2eG)Rnu23JZ@hL*alltGs|;}40Wl^)@kFodifFv%sM!G|5@7eN}}<{%RB
z7oTEHvarg`I!B|Tcq{qpU$jFu)TxL;DG57o7p!D(se)NT{C|=C?b@Wj_k~MrvS)@c
z$K}6JLUe9K-7b0cO4{TC7^;xuhe80y`#m4cJfKAi7tG2<uBt9Zmp}W6f_tDTCFtPu
zzIT+>MA|rlY!rdSE8cLdCyQlp;+9^E^4A#)A+#le^e1VVZIjWBQ6aNj$8*1iK4B0|
zdL>es9^qrSOMg5yk&~Iysy!J8(k+=LRET1<jM6q#dOHd1Ef*@8=reD?3U+4JN4jhY
z;pclHs-F%yzK5D;O&+!_;z4DYEPwRsyTM1RS+5vnN<H_JB;$!jJS#3+S5$bnONEe=
z{UU1KN({uUJgBC+Wn9e6E;q8NZpo`f)kvC4aV(ICsefYoJ=A!YfwlSzS^Ed^=n%a3
z51#Us)@|W5Uzkrg$}6l81XRO<3_8k#XagPj2Q@rskZlU*>0f39U^u-9haKyn(yAN4
z&8T+g!`63W_ba8caf9;lI15K_c`IFE6NVvJavuKSy$CZ>&uyh2e0NZ5Ts6HNm17Jh
zO&+OBTYqes?;R7o5&B$kTe@?+mne5Ij`ig&6=dt7+O~?TZ16Msgjl`u1hhhzfOyGj
z%XZ&gS&TNg0zy*fgRK+)-!5L3;hh8y^Cq`;wj8qb5q?Iy;De)AVsmGKqKzuW+wIm!
zEC*K<;9{Yn@YE`$#_DW*-K6_p!NqNbCy9z1dVfyrUh|=~zWBnit3K{%3zx2x{;|j`
z#MSiZ{aX=x7b$in<4>~(Hvu*3_?fSAXv@8-zi_c~Iv#=^oWIZ~_c8Med&p*8oUGst
ze6njFV6m5#RJ4^-<!1>tF&#N-9GqfCwgSRoTLiJH5^J)DRgny$Hx1xzjP(uS_h|W(
z(tqAd#B&l3=8$NRT=AFt;&Zz0=5J3Mr_KEq*rd=~mn@lF>+g}(<dN@)P#4D=5g+Th
zHHZ|sic_@QCE@}^VFt}%TCqzTo;QAs!$hu8V=og%rOhq3`K4VX*jZvUXju48;<@MI
zc&Y=&&zH~PK-fc-Fm?H39nc3jRpFy??tj<L3wkG`(2d83p==q7@^`${v8KO25J7%W
zc|j>d+VvpaYJT0@yW|2*<(#MQ*~<)Ro^x+e|904SBH9@Bo&9L&_D{zWrnHH%>c9^D
zS(BMX!_wZv(>4$w3fz3f14;ZlrVRfM+(&V&iY<e>eO;_&zQR%0ZV+2DS)kh|V}CxG
zz?Ve-p@BuepQaFClgqw!ff9kF-Z#=wHs_8O;jxUQobkf$A1zc_prK2u-xb_=<vA)T
z6y;3?&wX6D>Y*|ibGr=jQ|2-P9GmN7u3{&RDd0TQfEG9yi5O|5sLev&y1!xORZ^Q0
z!-(Mkvzmc9dK8!1>g5ji#mjKgihqVZh$+G^ytSkR2fTzSWP&@BHu4k^l~&bPR`=4g
z_K{WI-UU~<hKL93QNPqPD1PjDanh|GTp|kRaqw3y?nR>9yUM}ipZzr7)?FLIaTA32
zi8p)o8TaTxfVo+Rw*F;NS)gDiHQ(kAyId-4=7^I5E1CR(dA2mLLib*PEr0lFUXSD8
zgiZzI=6Z%D$F^l(-+~kT+8fsv5ZXsgPv7iHsKAf06kwYV3lv@aUDnoc0<lb5!|$JI
zUV(Ls)$Uq>v5$wgRkKEt`Hdvwz3G@68fW+avHZvXye5L?@jt3;WO~$Y{qz_XIR032
z^V{~?ZYSetUF86Pr6CJLM1PEsODb6^Y1b8~iZ!UwT{^ePa_}q_RZXoJYJ+kl3!|h(
z66b?SX|RH#62eH?F0~(Qy<e@{aUDOzJ$pvb<>pth#F`ytc%-qI9o_RB^G-i|Walsr
z-BhrWb{p<53wA@jvCY&3_%;R%{0Qm$NK>>5O_ZX)xTdg!?*v#=p?`p2tw|FFlNxBs
zLW1T+QnleXF<}{nHxRRi{<7u65u$}~sfuXqbHVMX&>Np!wDQPb?d_eY`uq^F5~I%0
zOV_JAE4UQ?%2!3kmy?y(*^JE(8rKOUI|Y(wk<CCI?Uj9ge?p`z!IOE%YSYix^?893
z8^N;^Q$dH>W-Gq!J%7#azbHQ;u3cH_41c=A#xOz|Nn#PLO$ZEpAEV%4+2c;x({&M8
zL?f>VgHX_51k7SjKW{II>TQ&%)%nLVO_aKyG7pnqd(n&u`xgEXGwn&Yf+uJ0h9~q#
z?hj|Iv{GFuf=@{16y^^zhED}j9g=O$B8nVrBp^1DuUlX)wSQ*7HJooa_sCV!t4ee5
zT&Bi`?4&^%gP6e6ILr27Wz%xN#Pl{^(kCmooKA?zO>h?hg{>NtgOx;K>E(Hz(Az&$
z<E+`c^>GEBzE%kp#bFCgz8(ERSdqcUSu7H}rj5LwXRTRpbTIP_C(2#aLxf@XkPFzT
zW0ed9OZR%sLVv`5ac+GtByq?ln^uf|f!=+>)$(4OfiwG~fYCun0}Mg601q2XuNir=
zn3g7W;q&G<Jxx^$<!p|v);0Wx50iCsxj^bjMWtZdMo#>OQ#{<vt>`v!28|n4A7dC>
zI~0bbqD|{BV?uB&DiBbueap_3<zj{kRbpjv(qveFM}K&U2IK&+1`h|f4}nfi9(c_b
zbClz(Z`dxU>t;%c+dx_3))7%6?np%g!3A^VWYg7cOQvL5_QX#gxXqLbjKdWEwQ$2^
zWvn7STuGP!GO|&|l|AU)5N5T4>bY~es(U_RcWlCNVlpw7#HB95$W1ybd<Gc@Kgt2U
zM-|)5*?&xp;Yyv3^z3DwQ(FQ4+cPsQItCzWUwp1wk!Cg-K)7M)qFOE0mm<<u!3t43
z_WcuddR;HrZe<9!PTyRem`ZBsY@$o+6A3MA$Fjk-G2Wa?5lgmGkg9>5JuuixQ*7E{
zYI23$V?5J(Wl7zt=|fg7+~zE#8G0N`2Q*6~$A6J`DNQ{zP0yAAi>qSTRm%7;EBUa;
zQ2=<bP?#*Yi0`lXUY6+{#m?TB-a3@G_nOP|^LAHFdV!|CIss#WZIi{+!9KP3wgl<R
zAmy^JnZGlsAxoJpTY_OkYUDu^CUv@)1qjptK*dkzlAwo<-fZWyORj0J`AQ={CXBs;
zpMNXI&PZ3@AkK6&IFjdyngTwLqJ?^zIQXYgo}LaxgPC8vS;|?b6a*Bf-0&E%#&=vF
zh6I;p&nns3LxuArjuB`v+)1q;bC%qn%}v=zCdfD<gb*~ps|2`;RA1X;17dB6f(dO|
z6%8cM7F4Ko98ogle&2+KCBP6g5LGW*5PxtAK8Ep73Vble=(aN*O1E+3eDeupw48(|
z`)P%(TUR;c&WLt+@Md+ok|z<^Fz5<Z!jJaqDTe@s=uFGEj#j<8gshhLA22;7+vt_*
z2QMb@wS>ZHf%ZvK!I!@ZNiEq+Q%v#eeW;EZ%nmrMg*y%#ln<|kZNjbL{7ZF)G=FRT
z#jaoY-u#Z;>@nf_u3^S(IimtNbVN9L#wYl;jnAqXSl)MnS{~mL(L?%<WxBl1RGC}%
zYcIcNljCvDUimAxh|3Zn!xd3nh_Rull}09dnJigYDo2k-C_X5jRL6uUtMZ#FE3;%@
z=CDY#sxXvOX^V<Ka_{>)l5>!2&VR3=b4}o*ble{B#x~Mm3%vWAgkbY6QwGl1DqBu-
zr0jU#hvUpjMBaOZ_M{;T2d=2%HM(#u)}3ru89j!xa6eWAW_%x*)^IrfK6YLk8TJxa
zIzw@!4L^Bb7^aTYXYjF#;mDODOb)xvIXy5gXFI%!G^(9*bhmu&mj9<!D1Z6>Oj1O_
zslp2d8Y#L`i_JEC>C;9$b;RtM(KhdClIKPtxk(H%5h!4b)&`iK8V>Ume(>b<X&D`l
zEE5~|bXxDv1wkOef`y5ssdOaGuR3pj_m<37OSL=AdJ1nB2)G?zd>hxrTy5sT#?}5w
z(gEivSf!I{5pbH=TC*$7NPj9+2^Fd>mY11k>PUzkk6sFVe1{qsc}#fV6v49q5@cmp
z-Sh^=xijgUQ00ckqiE5)w?*Nu{2~O6&GdqG8;q?N&^a8Aseb37p%u4JgygGtL{7vN
zc5Z;8Lo`$7TNj_~wim;&z&#h#)&mqq=kca-8m+-6=2uo&*9|0h9)Ed~EHaD`mY8#X
zxM_tLFJF)nwsbuyVvNIV=3?Vv$cOgxmDkg%cw;CTU36ql`|TbnkHyMobr6c9JL~V(
z+4Er5=w3p_N%Dxr3apN+w%5_w2Uf4`FZr?O&A82Fi4F5#WJ$&xwgaaO`6=XoGV;DA
z@Xy|#mA}us4W7J^YJWejzas*ip6Wbbv%K5cq-jDW-A)FWvRuPTl_=;Zg<FNoXLmZ#
z#|!GyVsr#tPi{ntGMKS~=pajTaOW>9f%Quc)!L_RB1#m38Me4{LV~+<G7h0o#}owr
z=`$)_*Zdb<zN+;?yM1)<+c)%%zd4M|=5$ZgqRvR-m|dPXqkq4L@g{h0bg}Ka0@8d+
zM~`N+Ha=&9c=`B6nOBL-o0TTX+myv~(usA;?7zlRvec{epRaV=UANgi456kS+F-?`
zAEa!*Ap;a09ML<PcG?;mKxbn%`Wz&4*ti9lIGw{!d9Fo^=Sn@ZHar-Plc%==bx&UF
zu#QNRfXzCB4u9j2K>E&LGyWUQhFJbk8?Zh^+6^bTxGb#VMq>zp^85<6hY8j)&n)$<
zrmoL6b-kNv&oXDLg2kgERhLV)wLeV6lUgY^$C!)`!4t;zVPVG<OZYy~J1?Al4#*J@
zB!1reyt3~rOtG5}RORii24;VOdXLgjzVFzf^zHDP8h?`mCHf*{kE~(%p)RjMq7+}*
z(3Ul3Yh(Lmh@Yv071MlXACXQRo!#9WZe9h8eR9RMBq4{~8d@R+F!!UMQ6LDzx76Ez
zaZT3EjoJ)VsV-Du-w!<d7hs%mgOrW+T(MW>ez)P*=$T!6Z4VFVx)FDhYFQ0^-_s9W
zzmQja?|%jvv&SlN@sDgV$nC8l+`U3vw^8mz8V9alb2Oa)l%F=1b-3us`K(pz+Pp_o
z9W#-S#w*^mHPXfy!*V7Lc|y~0c*q~yni{Z7XhL6W>P<}ND#_i)LKCBakz5RkG5RA6
znjs6OxYZW3YPT7+J|A|&7mX3@BImTNzVbaNF@LJ-4AUAzK>m2S&iPXF{hyFU()lrr
z>waT-mc<8i`s0=E<uZ0<cg2ce`mnZ92sR)Yl_@O~u1X3M)_JL_WJw?xJtQ2{KhdKK
zx{p#AF2GqgnhCH@UcC&Upg5+`iWuk!TX2Y;)tv>(%jc&EYhZ9+sp&IgLUF41Cw$`;
zxPNQ|PIr|&x7>e3B!ny=;T`Vi@|1#Qq}lZ`0815QYe8;9g#>2P<cmhg(Tu%w8m<$b
ze3T<dL&Sqj6t0YSMl?7m>T?8?;=xD)DTx6h#>BIm@>EJy7+D1p#}scesm|Y+fxjFR
zTU5`!x}0I=o@bR-Vo3f@I<Fj+)f@rbj(<z}>;)D_`w!%GWp*D_5=2#-ebV0Yz()dz
z<}m-n{iS6#XrU~5giN^1EtI3BGh{NGBX;(Y1+vt>ONF}f1uUNC>OA{_vlab8h$-H*
zHZ)<`tOA0e(VX$PPAJI6Wk+;7Q(?(jUGr0~H@Q8opHODZvcS-g38Jt8?|Ml)=YJ7n
zItH`LV2YmzdZdeP)v9uh+9zaXnd_`LiqwM4Ume%VfZTwQ2JK^+BTMUPqqV<+l5cSY
zCaY*Xl4@h3*<lIOi!wzhd!=BRMa+fsfMHOh_-u*G-YQWQ6%fwO&IcWDCau9z)2Ik-
zTQRDTBzYFc{db3ZzTkQa5J_^<&VN+$W%I-<su>7G0?v^-`JUu!hmP4_*3a{@xLndw
z0O~SQGV~-s0Rk13&w66Zw3+fAC;Qy<Xo^hq#Rt)#kpz=)J}z{ypldXjwg1`xDIS$Q
ztcM~jO-5m(8v~1*pGmgwiH+SLfhHK3Y1fxa?B}=~2)vFXRms+q2XjeQY=5~rz_gf3
zL5?U&Oz&yxT;uldyyO~t(Jf5*(9BY(X_a_^8rdE1f1W|TG+J;kF-7cqA&9|5RHh?t
zVikFXt3dDH|AZnxYe;Z0&*8@{j}W@iB@Cvn&PkG{=Q7fTSJ>O;iKx}F-1pf4!@Z}M
zpf;2~=lFukt6f<GYmJ5KHGkxdj%0(&dQz5yuoo%gQnvhIgV*f=AF20sd`KlarXTut
z#Y)x0Nic8!`9@jZ8me{*nVhrdYoQ;$E-;_2gN<|N$*G@qqz@|RgET7-(M|rMMz;>i
zu$H+kEz#ihv5(HK7q3&1+9T{4GcM(O15jMGB=uTt!}r{@Z%Lhgy?=Av>g)F>)9~Ie
zHKX`lkkERMYfB>06TVKJp9-Of<26JwLIo#B`@K22Ll2)g;bNZxuXNT7*YIT9KS?mN
zMv7UuvLp$UzshKoz(n+@(m7)v9mj?J)0jG{XRUXhpA#O@f?4VT%VI8IneA>W9ea)!
z-uMRV#?xDZChM+iXn(^@m+bZ19cfc}{VRjS`8AjpUH}>YQ1d$oiSN@S-1p|+4my|>
ztEAnpI*w^N5W;g@&f#-z-OGH^)fIC3-)4p9cnM&IK!I7>)fmmWzwxm_?#=r<LIzoL
z>mh0tmjR$lcAQb}!)Opy7#i%o7x05LHO8CA0#R9`ATt~7aesW>-+HFkpX7$}!>fa!
z%w{o(oHl&qyJ*SM$ppT^Lo8k>5fJ5@edpI^uO<9aUblv0DX{y^+oQMIwu86cvecS2
zwAx)<PaV3#=V_`v4eUJh3GsL`fCQGezgh(W6Ni+vSj2zQA*d3%6h0%eMA1|p^jxX>
znjE4!AM_t_0DllMn+hl{Yo%(xkG?)tn*@YC&e<&mR)kcm3HgwIR_qx&RlbgdVRhU&
z(iVlE$sulg(_}?RSx=KaeV%5>9--M3of+VwQ9iQ#Zk%x{lk9Cs_Ihh<<+XU|nYf_M
zC?YAe2`g0<UO}95DC7T|^~*akTU|HYS-0?b)@e7ycz>D;dJ`txR3=^CU(G2Z3K@AA
zKt=VZJ%Wwk75P(LH^P?f_P#T@+W`qp|Am-&mn6WHyxoXA=}Wb;QEli(S+;{Y;Y1pX
zNTXl@{dfOK1wuiH%7w{iD8h=@^L$2zSPLRIAmR)iO3x30M&QlhV=yX5W<20+pQnuX
z4ct<JSAR;i!mx0F3S-oUJM1GB&fYU>pbA@_S;pv_-&OB^J^AUHV$2v20Nx+<W!X`3
zljd5f=Qybo{iaLErrx}TDv_f>Aa-2_(kj+psaXg1dLfiA4o-`MHY~b`dOAOCd=O__
zc-^RO@Xr5Mh!_XPnpy4Ie1xrwB5q~9UclrU&wuB418UmkL*S|aTEtc)n&0R%nwYkX
z=T`EGdX412c-~gp3g#`*(_mwR7dQ!7B{9~B-N;BP@E1^mmLCXWur4Vebv%Mn-2KEx
zjU*5#`QqN+uaWJhJT6Umq}2iz-zVJ6BkS`ze&MlApzQO4^2ZyW2%?Dz_v-xnEl=lb
zUw`?$8qP0*oPOd^p?U%pPDr}q(9CU3pK9PNxo!3U8d`&kQ_{0I+SY9b3?2+EH24vl
zIfa;qTl%Zxek9w8eQN~3oCHQSD<sLuBXc=R!1#IjPATw!OdVb8v`XJJ`$v-e_ct43
zi^<Yod?(-7O;F^t16T^a#jCn9gA<OU1%H*j6PZy;{-PhlFRi#VUa+($5F?aVO-jDW
z$l@pt^&v{IG->@;8RKczIC!B0k5Ii6tl~Jv<lxmTIfZPvVb{PYzgm&-xOE3!%wK+p
zxlsyWnbYzyLkVEh=|B6|Hj>#)Wn`#=ZR!VHG|N~uEdp%vLegbmGZa96;ubV!tAE4v
zHTAk6&lz?-&_etKZBHCU;$K>SH={GMKU#YA2yOJ9qWaLlfeb=wh{>qZ+Osv%w3z<O
zAqvJ+#Hyl&CW;~t-2D-+>{_o&gpwL!k6U<d=t18?Kj$DQ$qE(F1L#c$rc?<Xf4Z!H
z*;8bZzfe(g3t+~R_&#Vt;1OLZDSz`{O1Excz_S$@E5jBi7h{AD7=(wTr!I}O7Ch+a
zuluu87Fgi)Hvlh^4cC`Az29ZAHZ)~PEehwIeTD1-J_Zo83uz9u`!@25T>PX*wi_FL
ze*+zD7XMOOOnzx3s6_sWlp?x;Xc2a0(I)~F7TRh~a6avlB>LgU6)0#r=zmPY+`_G<
z<iMD3UAjK5SyK)SYt6MyV%?tw?=Y|bor=J9+XXU42w}wsUbRDS>RGRZmi!j><@$SY
z3~qxcZDc>lfPF~T;m)*dA=WF3!;c4d%N4;X2Uy}1rgbd5Ko>4Fq>=-9Y*JPUP=;<~
z;)&U*B_o^qQ~uJ8{f%Im^MB=RifroqzqoRTy7WH|K*{uq*Hw2p^0T^jn(}$NbgNiQ
z)S?q0)n<o^Ml%|Y`$hf>GZ<JCz%1qdvpi9eRFHY!omr}sNFk9^B;<}%HG?r7IT0TI
z*Y60ta2Vu$P6y+0q}?#u(L}8?HMffE_bsQVEvqk1b>(vt9OyqPkAI6*sS6Uv>*v~5
zK2}*Y<<jnNjtkDeDx*h=3FZf{6y_>B5^1f4y--l1M0W{IRwdXx{F!+oHj@lf6}tgz
zg0hg#cp8vZA`1b&Fgl^YHbNLwOu~i$0G4=`&|;ouC^j?^D15m;Eb@zQwYxPY3Wzu;
zadu<#iSl)jvlpQZGJj;8M%=OYpFnbC%v@D#7F-`0tD^QF@>hiiu10*EU;Q<I;(@=o
zHYSKZ2}6Rs(wTFL_pVBod{g_vOX@uWO<85^o;@1U^h79HGd)kC_VRGBGTSri#?msZ
z{bI|%5fcQT2qYv`(Z5F;F`a6^7>lm9nMS9Ta5ILflhyNBVShVias^<0p<mEX+M_fZ
z?F!2T<OJFPEMSMiW2)Ep%$px7<>TL>m%=4?i850l_6wi5?5sa(x{!ES6+pa4u8%>l
zdy00z2o+`VO}syzHJeX|Gt%EcLYBZAkSH$p`QBC*mRDIGVYo*j2d>ip=>MgmSeUFX
zWPE6DiGgca7Ju?P(D;!5Mt}?qbo!M@7CP0M;*!=G8!<`HSB;xn$5`$)>?cLgxnqkM
z=L-S@N&Jn9hAIH>O7RK*28xZ+fQp>`9?a%{9W>w~-sBhPqTUrNedyYUuW>nf#`0TW
z^s4n+rsBaeKaE_=^yU=M6vcrI(b0ECNn7)udCnUtAAkQp*676<J~hRgw<T5mBERZu
zSzW=my;gN66nr4O@A_kx2!(0=hf2o@5RvwN)j>e-{V7a1?$#a=#7jQ@iY&9*>X|t?
z26*M}53P885!?@4eCKI?pctk}e1~D?nS*{XGLPWQb_ijIkce^a1z^4)mwPnqt*KPD
zADKCOuYY^}M4C#%6USWoByDf<iy5qYHvB*m3*;h7;te33U%?(WutZ)Y#19q6R6B3|
zIDq6A9l67;$h!Z5CvYui8M_s?9#wn@lfCt3@f5oSmKVK907hg*K=`6bD$f|wF^eBW
z7Z{UwnWqU!I|6rsgnj3jvw*)ax|%a*_+DSwu77lG;Cs}6H*uh!z$^#!?Fo)N#0x*o
zGsRE=)8+(qidF^nM4Qpf;oy7amuGipoFz^|yIw^3l-tm&SqnWZ;}~U8(a)t>_f;%(
z6rP>oW%o>+;ei&`!;*&tZy3()L_DxAe3-!FhfoAlQ6Vt$x&3_cK|r99^xAARy`E4n
z8-Gt3cmpRs;Qd9==hBSAYZhYqYUTyjMuOXnnkjs8teAF;&D~Q5Nzya$@@;DSQj#DN
zRW5<T(YbiFezUyLdbTY?O#y@;^#J794zyz%>_AOHJieNhK<L7ehq~iR9}_pqB+L>7
z<&6u5LeIgMBsu<wR@mr$#oP?1$5-l(u7C9{*c5Q(LGWAc4qNE4q4)*o1!If9?18Ry
zsOP-1KIQ&@vG-3gzBS?F;M?xrZQHhOYqzo6wr$(CZQI?uZQHi_ZTGyt$>ijmxj30j
zCYk@mPS)pYRjMkfN~NBa^;B_<aVu;^NB@9{Ch12KB7wy@qeE?TV<Sgj6LLD+G=Dqm
z=Zu*31vK2Aj_2elE;G%Kb9MFofD3GTb)~vM%IR4f#W*P`UgIy>5WRA$Mdt$JH?l`t
zk6QbZB(n!r9Qk3qBYJj#k>z8fe8NtE1qyJrEgb_gvO7c=+E2vcdc>Bw4@PI%K4|<z
z!hScf=k@DS%CY{LcIroUHGrA**MG|6ST~yErQVp#GIfDB-Gwf(u)pSQn^AyrME)hz
zioBM*d-&Ri^SN3JgOaw5H{-S2<zrq4aZU6!;9=VPZsB>1C4=?^e$aljqTA}6S00DN
zGj_>Zh8uSj9%^t!EW-<Hdkh}_7nrG%L1fuz4V*am)u((Lz5vDoE+_koM}JnUuULNf
z9fKUdVWE|QBkJD9m)i$NIBU;?=nolp&ru>V`*c}YvO@X@T3ddIi=+XrFr*Q5N4M@>
zN`QJ`7iuHO5_IqpTY2?tRvkC#Z~ZSGTZHrPXM^3<pT8pzi_EK8DG#Gx?Y=-L$HQkI
zB+lIyg#G(8O;4kGG4BS}XMd-sDDU|%9w+)D-#}Jruy4P@zC+CYc({>;IGsOd(ZK2Y
zw-~&&w{wyF>`$jLg)Uw&Y%CTRx!E5nUhO?;I7x_HC}KbgeY~I1ij~!nWDt^EAt*e^
zi5tbCq1l0#gR6UfDSMw3Q^a@Ik3G<bqeC4YO4d_&{$ccR;65GELw~5)o?58Isew8<
zd$7B#|AJ3h=-XR3P1cngOO@wUI6I6wjhEGp(-iY20ocuYL{ZMBw8Kt=vKRo;zG+!q
zf6C?bzAu?sy>R&X-hhM&;28w9`_-)WR*xhki8hL-dal)cE?3kN@Yl(EjvH~QzT~CV
zbmf`XhuoaX9NC4>pMN&xn3J*N{A&n(f5kxS+wf=PYV$pS+V4&ksd;m4nA^qoxc!ic
zkgR%g{CegSunn8-qKliyu1Lq!7QBGW_oj8Ux(pZgctzBr|H%K@S?!h1L@!z%rYSkF
zGkx#;DJ^wttdt`|jl_}T7UJSR%aBZS)05v7S267kpktjkkAGPL0$>gSYci8~5%lVm
z*0ukc@qv6_GrRvi>)PTd<a<$ODFDPySP(bl>A4JmAh&z<+C4C`-PP$MX^qh7J|y{X
z;Y`?2bvx8DqcG<Fkeh|g+T;1HW-9M}7`x^<b=L7ieVoBy;c-BN%FZjN0<s(I4z&Sk
zdi3`zFAc7)FMri(H$;ih{BN4sCbJ__`;11?x;X)yL47NC2qU=hVrbmQ$;0yb{6}4!
zNv}SF-#I!}&nI@_xQQ@eN>0f0x7lB$Vz;4CVI%=BG8wy`sm9N)`*}P-<{)63Tq4gM
zk5i<KWx5yCkLps-i|(`+kJ8`uFMv_8!h}rULERf3*ng@BmmES?j#B9uEMEJ>b!+^}
zuXlaD!E{CKb3UxC>FF4uvRRS4yfyaFJ-C_C;T@3>0t^4U*5<Z%bNG0*>v>hbv}-5_
zR2kRj!Uwklz(*TmCtasz^s=4iFtZt8xHDpp`HZM~Ndzkn+3?ml&lZ2f>ro&XUmg<6
z8!7H1H-F|Kt0x1;jLJ9ESs`!ovDrtQNc`yLGp17e3cdW>bq|L^wI^G_WHDniqUNcv
z;)P;sq0M)ItqqHZHwbSt7OM-f6DD+|_cFXL_+IVkIF%ofC=<y-oH7nS^@7tFjnp~e
z#<uwpb3+rDAzXb9>K<=vNd(l(M4p6<XrLD0mw#SMYB$d98`b=RAOYF;DsZ&*=m&iu
zI3|~xjXp9Pj;O|zq_%66IPbNUaEsi?eS!TZUd|25qBeL`qE9<Fi3f~dM3ow?-pJ?h
zL+Id!aepCzxZD?E9QJ6QLHff-l71q7HD3UFK!v~a=4_q#X&+nU4-r+7jBz#fO27q6
zuRd_FZMT0!qUUE8&rF0V%xINHdY?fQNLs|7+kU`q!3Unh7xZa<0(Jdqb`5;)uK<Bu
z?-1w^Gda9m^8^t3VWdvHrHcJ68f%wvb@4~$(u6QekRuOb+O*;DbXTtCrF{|Vb|d(W
zVM`Ryi_HtZf8U+q{ZvFS{DI2!LJOp|a~Iu=-!Xqv>cuW5g7cW`YE7$#2kQ`I%RrPD
zbpYb{w7=T;&@-uMfk-BAh^i`<<Bxr$?t}_nC&?~MsRv~W?@UsUl|EgN#d!asl0$&-
zT&8Da1H8!B96PY1qqNh8(iT+y6q+3`iDAV>5)Ec;FeE1BFkbC@cwMT%ioE(DX^t7s
zg(iRKfnB*MzBT`7@*Lqdm)$2ik0x6=TTYJn1Xj?`Lp=^+I0BUd<1eL;YwYO%Yp52I
zr}qjcu6y#`biNW2PAs&|8@~oIrEZeUESitT8r2A>YE~|@9{Y?xveZj)7eo(o7gMqx
zyce#3MG%9UrT#dk{&`wlqP2T@730PclHh+W&^5IV#Yi3yOs;?NxMqr1%vzoq0vu_M
zC}VNsz|!m@!6=w0SoNi;Q=?O&-Catlz{z6_wE@tplJ`D9Z}cqm4Vm*qyylB}=f1eu
zQ*&}GXb9Cu(dNr5vvjim&NA5KL9v^-mCWmWv?}QMfg>!Rl_LaWwITk^Lv%?<9PWQ9
zDiRw{lvrM2{lO9Q8*y0jjMVcf0cW|cwt=6B=a5^v5IY$3@+o5XO}XZ_?tBQMdDEXZ
zs5ywLMn6gREp!=G2xcsw*&y-LSOlUrq#ag-APcH;TR41_oO1RA<&tTXp0GH5$mkeK
zcXDh4kPTf(CS&r+pBL>Dd<BI(Z0>*c^SrUc0!|AL)uCKYNo=Ce^h^G8q-Ouzu8&qF
zv|w8}Cx}!ek)PeFC<NTv03<@Z|IgzBjpB}3c2G0S7sLS%<|=u`pYL(qFRwPs#`~y3
z;A+AVq75O#Fi|>K7Z9(rH)`sTq?neWbkW?0kcQOv<I1653$?Q$E47mWJcWPWbZOaJ
zIb^~I#J0B-ew%!EZFY(T1;${j;!#+r$}-x7)Gv+}#uAK*NY)92Oiz4?o}`rIR3avz
zsH;R^j3VUpF}&r*KA6JMpq=rxN0VMj1v>^~l<C|Sm}Kr@xQ~JT#0P1z2JRug+S7oL
zz}7!?Tym0w<EbKrAR34JZh(L9H>aOrhNl9{e!!e4;Z0!!p_EKHJkc`p0dgUycwz7!
zT*2}TWRGz=r8MI(m@@Wcj!>UR2z&1vomA_V=<{;kIN#>q?Am)LY6u!W<ZX$Ita2(?
zC0)b@xTNINVRX~s=Le6r)t)nVcn`lL(mrbPh>x(|PXo8J`|j<hCSHGrL}FyMhUI4)
z=neRq9_5VROv@mNqLQdcN<p`-_o)5q-kHeHn`;-ut)B3S(E&`#8=D^(jnruhJ!ft8
z!zU3omsHAW?$E<F#RZ@STy9vR0p({gcwoX{*QTd<6r@VLCWX;~c)rJY`wwmaG8BrE
zc`{{u4<+egvl7N`ed&Kq*R0~DD}fh^wzqA)4(iEDNvZ+y)Oc)WxOVvRm3xhdc&<Wg
zgo3`nni&I{tb_;5|C%?jsn#Ygq5Hv$xRKy3^Pvz#GvY`{hg#iqvCh*)RwiH<cchBU
z&(S>wBU0vBPI-4fy4cNUe(55|eqg6B!RD4cJMmGLs1Jdmvi^Tc(Yu@y_ypLVS0rLp
zA`uG(^<$7|!?0c=HS!mzjUc3izf-lY5?;{hSDhM0qU<fKS_0<Ph*RXHEw=NFuD$U?
zu0-XkMn$tCqI?3kVGDSWJN2?ruSFD=AOk0PI=LDWxWI{mns>=A%QkNFzsNIN6j#MX
z2xK?c3e-N89q)e`c9FFcoJ&MnFYIGbv3A}4_PY~)Ok}QvNr-hU7WA|W+=_)dxAOgr
z5xzoh6Y0KSF0v#Wctd6Vl)FA|N__6fy}8r+wi$!kaFN1Ao(MxB$Z>tD#?i$|FAL;;
zWk~e!u3}qFTOsjzxD-=5%G_#5GXrV`?!xdt<=2D!d_8~aA*g<ZjC1(V<f?a$lehi!
zUHuKsYC1lG-aSKphZCk4`4c7D1G{TsxEU5viNlyOEy>)i+VkVHu&kF%>kT*AW8R9g
zs1cAlTEey^!ZD}UF10a>ynwpv_L@rpW|bE<=TyC2oNOl|5^7$e;r{0L6)x~O#^<~0
zM$Oy|KOuk6DPLhwcGFFQy$y)F4~Rf0hLqqx;`W^=!Sn8mxP7WWCT_j7zlKn}*N}06
z&{_{48f=pMe02BKCDkPIF%7Zq6Y(TDxL7oJMiM?`EVy*oMqPb0Pp0jG5(Z`>V?;6k
zCWBzTG@y0@pw+&v*||Kc{YaY9i&AgmE3m-5c-nvGS&Aw@??zef*IGBcOr9qsxV`&o
zx>``gDa;#Ah-otov*N4`=vr5VQpxHkDh`nv39~~0H{x$_3!3ATJF|H6kX#nG^DEHs
zKO8_w{bE{X`|T$7;d3x<^_{-z*9xb&nmO(V4s&0Xk5PoRX1J!Yrtas*i@tr5O4Aol
zAJ>07{OrAM!dJXGD5fLRZwRd;qcl47n9ezZ85MqF)II4~mI&d^fFnAJ)Er1R?A9we
zp0huV3;ayw;INrjkiWmC26T1bS)@ydDO2L7R}jCAfuJUEd{F`@rV+7o?I}={W%2Hl
zsHZYy(-RVfXkbq7gDCbE%%L!j-2;1OE7pJP)~h^M({qN;i79`d`D-q2<)&EXeLm#R
zk*@UWs%`DZgAJeOe0@}-(en<mO5a2L#1{#gL_|(<D@)WSD^3557?i45LpXdEk7ws2
zSy=rAO8(@t00^uk3~`pwKEDkYe@4*x)4kD>h~wSl-eHHqu)-e_Ff1<5jSI6vC<cGP
zQ?~lfB>m3&HLKOCM{Fqc7fYplGqY<^Zi8ppV!7=j?KQWDacNq7mpO^Eq9QUul1FLc
zWcWhP`UgMS>R4}kd~xpw^j+c}sw$cF>Hp?uF@*o)hqjhXD{Jjhmr*|!fR9_+Bw0uC
zYdoa}!f%JKcoVMH<FyzRLYwS07ZiV1sEtxteO6h4V(<+FI1p6uOkb)<5O7UWp(J*M
zO@C!lbG)*e#Sxcy?o`~(2IKKmN*;1CCGW`JH;?>g@B8%QWF@3B-T3-{w~x2IX8mR|
ze%|s}Xqs0(yYJ76;*i0Jjvs(3l-z5hk`qIQ#fsxmp}_|j31d-sRL>=w)_H%mb*k{A
zliFz!kEKf%Foqjw(<W6%9nfK^)ZRZn7*eEr%=l*WTy)H)AH73EA*c}G57yY1EmKmY
z!Ba|u4T4QFqGMwAJ8x#2mygmgg`sFCg`tEnL&=DSwiQvg`8YV-R<DlNzYH+p)Gl2z
zr_p2nSRKBn$@K*qVY}x_G^~G#RH#(K!of}dSIf8gYVCefi14=s)iDl`(uCefvmR_b
zBFJVdlCZsr$#JV@%S(Ybzn`Cn`P~SqDs6QwGNF_#%%ZEq0hmY$R1Kn3Fd5pwGm~r*
zXRL-!O)~8w?Ru+=5r5v#(9_hEHm2C@6+X^KssX0_daF*<z}+>l@j8EcsYPRZyR)II
z>r2w4S}FnVc2C)9s@qP0(WbVi4@eK^=-CGHpPIn(8p9zXX3GLCIOkeOmqCX_K1it)
zVX|KixCINz`Dlm|NU=5u^1WPd^G;^7KF!+n0=vprZ;pBuPwhsVR^jv@jW$ssA;Vhq
za@wCu0|NtgII&qcxOjiVO*R*GIYc$I%AHRTx0;>NihY5xSwrHYs7t?Wf>sKOf;o0V
zw!ENLAMI^$Mq7mhamALb*a|6)OOy<bC!iHk4KYWqo6^ke+;jl@0p9@(H=At$#ZiaA
zTA<AA%=fYJq}iVy*60F5k9fz1u$~w+cvZ9YE<={H4s{<c%T9kuv61Q;a@GO#{oJ5t
z+m5i2SA%9&d!PcgP=h^B{t)3@ZTh%V4=CW}7FAO-)AYP9nHt?eR+&nx<-??;q|vg{
zQhxiNuMPn$T-<EWNq=3B<1IZlt(t=VeS^>ei2vSmrn;^5_z65ci)0JZiAjOxP~SO%
z-Fg!|lZ^ff0d9YxCXPj%;THKdhh4%dU1DBy@00i4i@d7S7FRNCqU-gHTi5eKEmS3i
z2$t>n{kAK)c+?R_;QMN~!<^45tJ9}$NNfA>eL)tR64fqZGIlHkYK{m(MWzHDY$4K%
zK?|8d9gmz0#0nCCh*b)!`JziDmPje{yV1(rzrVl>Yqx(b?#JVT3LPCi{4jme$%#+r
z7Z;IeHgtahepu1K$TM%f4Wlf3H3|q7sXBaNV>IAMO%l?rC=QnbpC|m~!N0Hv#D>uD
z@MHZF_Viu#18`&TU7D4i?Ts?GmRi#Z9)7isyv>fk2x3vK2P8~bJO#@_*K9$=pfi-!
z>5sqh+xdS=4QZ7?%*z*N=-r2dA`7^~<jmFm#IfV1J{zJK(R{l>P&n`^I)|N-2+=<t
z!ku3fY2-<)JH#TIW0qL{lN+}k*hVYg1=7E@Y@@DO_a{ueO^8ft0Z&j#+JJCgvrYn5
zi(_D=-r&m)r~Sn-ekk26cQ7yaFSjegNe_W&T&#bcw_d$%_geQcHzR9kGAnjWUe%&&
zF@wxte5px*(z>S&=FYt_QKL`5mAV=G3wY?S&;WIvkxXy6BE=Bb@W@yNlvOA<R?3pD
zH1$PRv<eV|^BCElm`Zk`2zW#rU6P0d#c=#}k;@qX5<yRtwjLHm>|AThzH{&%b(0Ia
zV}*ZoLg<nXurX#RDz{d}Glgw%`<ipm+6hy$c=H9+Bw6p5j%eF%7$39T3^QTG-v$m5
ztDLVoA*f3Pw&H@WlH+0nOsE4|3flq_2RL!ma7w{Yx}}{#R=bWg_gf_ENl{iSC;`aW
zo{+_%ma`f-F`Aea>{XX8iOr1cTSD-j>A-(y^+oIg)J`}5y_rK+_+4>QI^#J}OBmj|
zX{}X|{5J3Mapar#=jlH**MG(=sKBuk$oOj3k+1Q(G)aGT&i#JuMOfT&0&8IntFCcL
z-;5Bp_M)l{Oe6m#mAD^XM0pK8sgatJS-PBX$}><Klm$ktj8MZp<Fq^MbIcWtXg+_s
zxus?E*0g+;_X2;wNgiR8tn`%Xd06W%Nri^fDwgTLV3XvGzKZ8++Fl$WiMH~Vc1IzX
zgwHMQc=&6fx4(uct7O(Ds|1uIo*JrX8pO`onDi_%tT?&BAe|JdQM;xUe2U#O5!n%3
zQn?x<j|gC=H^AjZoh0Xrzis-riX(q<CzT%60I?ZMuCY<c!WlgNv?IX+n>18xOIK=p
z20<&;+3TB;t~pJjmj2)yaQG_k3vTtm+m65C(0UiK10e^bh`VSBPFaJbWVs8t)JfzQ
zUyM&&yEnH;2-!%rO<0q5-F%hi!Y}@{@`iCw-xuq1r5o)g0A%#R+)=ciEPH>sffPOv
zPY5+9O;iH=@$s?JN$O*)Q<c0lIiE<bS<$Mntmb9HGviW1H4VFV!Mw7bl%7J?Y+(D4
zyQ1bJ00ojc4WWp8__3o|xn!uut3rutx+sofqSag+BB!iyoznB?)ozIk?;8diYLb}$
z8^0337u;qh@Mj5xB~08d)P8@oytYQM=1)Xn_>Q525@BiQ5~&0In0V3{s|FixBI}R}
zm3hdB`6=mk#SXW#cA$BSWY`GQjXT49&F#P>KoB`-r}A*9HNMBuB!dtNNVYdVZ|d05
zN(cCebEbF>+r~>J3N+X%jWH3dgf(<!RVG~6%6Lu?O3L|4H*oW2kQRU8u#Bp4+27lD
z&~uwec-0PrEb{HmBXgQu+9K2qu5W2k`7Cy0=Ge&$Z?h6wNWO<t(8dKqKx&R!%*ZB$
z1dLcVz6Rp_PB*iyH)|#La$cGUo9#~9KD)+3^71+`XnBI#$tg`L5p$7sd2Vh`YLT@I
zlrnEphY}SU<3iE7TNi&<f0>36vw2PmS}v@3UNAAghquP-W~!6F6=4~gSeAtluh7D2
z)tOOyQzR-Xs=B5YS%Rr&_+VI@-mO%#W&thrk&ofx_VTCi-7=&Sowi+UfKYJMf&7*S
znm>WG+%V$q)ra(0QM4*Ra`_K}?a@Kiar{CirDFH}h?r#ywGe+IBQx`ZOhcQSiv*P^
z1qPXgG<}|5<I-kUvF3g0?xbNnVIfe-61wSPY!s7#>^II&_{W5k`KXA7tAyk^oJm8-
z^2Tim>eTcMlfyT!MIv#DN>LHXu9Af`s@OJgaw%1+39lA)iY{@aI@ObdPzGrXH@7Sc
z6-i9>B?(zN`pAEk{9WFw*{4~aXz{O&XN|gL*3B3BF7MTArH`j`0_7@`eKua+&w;bE
zGe8pQ`T~~cZ-3|1JK<Rug5O2qON}0UtE1K>kuu83D;j-**f=f;FAry|!@e&9V_&Nz
znE%bvyjka+Q1RvK>!fQM5ops=vv&J$Ht$&ySdo_-JimV-z?XtmPZ3Ef9<Y*hLMc`5
zDWC1;i}Qk|5>1?aCwd}l7M6ZO3cT<bJ0)Cdj4N++l-Ym%Wqui&%qX)q6M3+nAd69o
zOq%^dOew_-4LJ2m6PFmpk1Gr(m2zDg*+9xSZIbHIrHCwi)1LV$TRx@%!`7WeV07>R
z7O_GlghhWbz}&>9)WG?zn=$$^qjv9icYPH;?Aj)&xX8-oc7v;&WT!-Vq@k^CXzhFz
zC0yU$s8sN$O0jCWQxw`k26t3cG5GdF&mPxHNsK63Zxli8LPc$rc@PfNVtt)|Bh@<P
zQY7<$_e&O9??dY<gJUBXS(2(;wTk!g39!b;E?$4J6lS93^xt^>B&Pga`aIHyWS@S#
z_QqXyqC$t1?C<Y0NadHUO-|H0=%#1)12xA(4T2eH7x{>2QCl>h7STa&n@SEcx_>WG
z9dI6;WZ4Zc!ouTozP|PM_jAoY{x`#MnrQr6<92p-7}i>SbVG;^+jd4YOqh5$;w&;L
ziMW3?hYX9XNHksSwFdy-=q+*HneOJWNFkV^#-^T`X?ovGZ3F_b@rjhs6cCV;c^JaY
zzbu?w6ONz6{nlN!Xh6Td{0dSE_dd?P!rpd{Oaci-B_o85ty5jt5e=f8ods$Td;?du
z2?T$m1foL;p@#B)Jpt~t!{+CaPEJo9bO3)&zB798gZ4qNozl>$CN>!h@vu*TA1nG(
zKc9nTwQ+=G4b0710L9K&IZnVIi&A9VxVxbb3;x$%1NVa(hfER79i-r8ayiB(9uW!q
z1~b`QBACIuQ>Tw{<thbADbGjTrmK9(cs7*92KtyMW{?o?40xEkg8@7@Cn}^F=~;iH
ztZ>eW@mD;;hXHXYTW|cy*Tg~OlpzbyBGRP{ItRlTzC%2*xF>u4ppsN+g_NJwh{6(z
zqS-@g)3!PMpUt|1%}N(6Qi;5sR{43yUOR&<yWbGE_pJ9ied5m}UEv3qiaL|j+M^aQ
zp#M$5!?4+Je_?)!4(-x)YvSO~-!*^FA%sw`CZjXb_LH3_&bW|^tOQlHH9l<C?3kFi
z#jbbaa`d%@wY0|g^TzrcF=$}sDUR<?leAN_i)z#jN)`3Z%}+Xuti5NQH>yNCTwU*j
zQB|nHE9t3XxMF!4nwp&^|Lx#UcD4^?bhx4ceez8Fk0^y+_@q|^<Lb3=mWF=^ASf6!
zM%WOKk1$6MZ@;@jU41qHU(S;S8=KF+kq^yCS%EQQSys(i1-KOGf6R*JX{T>DrYC<x
zGS220=s!cx_aGo$^MIJ2n3{PUPg$rW>T|(MSCp?UK1zIj`Cu%t+9)@<dx_ZcP+1d&
zyPjX2ekyBT3fL}LMN$^Gd;ouyx#1aGoFIQI$L;6(MWjqXo6Y8wDApCtg9-ip{`wGT
z@&er4R-dL%KW<sg*1DThl+-0B_9~rUT3K0n6*9hNOQQS{M{r<|eN8#e)Av4Aq`%>t
zh|C#flC^B%=GgUK6xgyK<oUMM0dg}+=TU*+>C7;|M2#BmiybI`8i;>l_^e1I|7{fJ
zu0bVQHLguVESDK<G1Xu+ivRKV3-FV1$Qf+VUZh!O<?lK`f4P6a2`>?g`~CRerua))
zIjN6;I_x~a;eb<IT1vgj@o7aX?{!WD!KbpWPr$lG^S>~zEwp2iuXzz^lnE*Um$&{$
z*#L9m{QNwwBR5QrMa+L^6z}#EfZ%t=A#n4i+p=tVtzP7kg6cc}-wKEwcv&a#1o=PB
zDPe+D*ZgV!xaq?GS-bt7xqa)^vuFuyJDj(pL-?A)roIFYrjW~i6`5>A$Bqg8*#kxJ
zZdIpkJvlkC=awVr<oYHMAT1QD*1op?zZtpzzkd@o>;KnH)c=3eJ0P9D>;KBZE&Lxj
zav5ILC2ATYepWTNjkl+*vr`>UGG#2vrkdPq)M7^~6{VD9*uit=v}?gYNd3Q~Bj&@4
zf`{~JDMKWsg2)jI5aE;vEem46Y1<-O@wlCD+MKpOvU~czu5VlEzwfV|Ofk!CEc*Rs
zlDgN&d#k_rFMWS@%yjtIM%Y^$Vr;C9a5mRQocv!0y3G0PAya<R1o}SV+%P-bT`tj!
zJf`10A9R`&y)Qxst$DWvM}O$MHB~=%e_bx;Dd%DwWV_6WmokpZD)JgO9to_-+^<FL
z%H5-oIKRkMF84TvRZYM11Zbj<4!=A8bU7q{W-Ojqv6Fvu!12l>zk?lm*uI!lte-<V
zdhc&!w8hTe?3{9xiVtemqbnPy^UjlBmaP+VXO8rALG)aG%XhPN*kfMB#ms?*-P^W1
z0K6_1S^Uo4R84dO#>3KS4d>1`X=eyPop!J}3~F>Jp?Pi}0>48|M{6BUYP;}N^B_q%
zNB`6c`-6Wn>O-^}XOuU+8#6`!5Xmkw)bZixyxn<ebYzv)ZJq9n)V^(N?`A#}rcgW$
zGI$A$D<f<E3=CXmKC1l`L2sf}gW=Acv=f8i?aKtxAUmffz&jn7k3D1nD^b;cuUl2z
zdK2vhH048bq8wTS3lkT|#j9qkiE;jY>35b|DWZR!U7(Q7&7BS%_Y*ti2HgCBet$fW
z{+v(COkbbGo;cs7W@L=8`C2Vh)_*f>r#Rhex7Rp*LqgSTYvt74ZUG`Dwput01|0uz
z7(6(dM)7lB7A&UoN`<d{(B@(?c9l(U_2VQ6;biw8Tb((>CBXrOso)F0OV$P6Wl8$s
z1|xs4gI5RvxBeYsl3L<Jr=#2P+gCr$Tg)zA)>oT@va4>Xth=L02|~H{%)hYdeus7E
zx3IfTN_p+)h{&4HI`@PZt>b^rw70%eH3wG;P#{w^6N1>QgsKzFL_NnS=QYB#(7eW8
z^a2nCN!ep-RU0LeJ+#Z8dZ+O&OH$o~h*f`W7jIbZtD+Qhgx*o>`}~DGFUU+{&Ex@u
zJm32m94^@%IT(IfA_m8pwlFcleRGaMhXVye3L`HaUnU)p=>^$&+egjKdznwU?_3Lq
zfSd}BCC>eUyDm3`CPGv4Kn)?2hwXyDA;Hap%rc6Cv+fKX4|`gD=R8ecZvrI((@=k!
z(~F8&{a`J9SIIIew}-`IMJj}lOC=KiJON2ED6)9am14~XsbfN3q|64+A@ad_HTc4#
z$;<nGie0Ux2QGK(YiOCQQ`^M}R+X0|Fm_Lfr<<_H&K@>EoIwN-Ckjnm_0k}&>_xiB
zw8qjQFPM+j=hYupdQ{f13%NvJtdW0CS5QR<^lPT^#`@##GZ)wUi%8b7qLP+VFW3?H
zpqDH13nxc9aIJxr8Br1!<FvZi%B#G%5_sGRWv3aR9IINFNP4-?5M_&xVM_vwD`&<5
z5ye-Af(A;X6~Q^Uh19Q%Y6P)m@{VI!i^|YVDQBz&#jD2SbB00VCV81ww0VCy&*B?B
z9}z#_<F_>63l&9RG{^gb6VX6*P|*OdM59Z>)&9*uHAAi*ci<M0j+uMA{r+}Y1Q3`$
zOUY|}6cRJ&V;aSbuwX4zr8XT%U!pMsos$^*-(|9HI5ltZ&EV>k_B4eyr4p|~0i!&^
zEV<zey2}dc7&5|V6XDi1H1U56H9JQh8%bcks8zH;s9@u~ra)6uic~@izd`XL)~bY0
zH;|8Bz*<39&*#Gk?_S?(06GWnRxj|{#x}nczLHtctypJJj}e?B*|63?PFX?15TT93
zpGM8)WDAN-<|Y}@FHnqRZaO0^y#xmAQc{o(8sql_C8bK(q^w4HgPwnZaVB*jE<t5d
z4Ifa;l(VNNE8|JBN7iA@#68fk{$QxrG;E}xSUzn%*FE!B?0ibQ{oY&0iD|{GVG0>R
z2QM9K5Q}Bu;?(jCQGnVHcuMe1^7P6bf72j0#VD88i%`oEa$jb?pRW8%22+F8qc$P=
zMs%n~yBDJRZso(C`cZ#;A0EyIb&gnwJE+k_W@81rf|>2Yd0IbH5WH64@^X6t$KY5s
zF4%`&lqIIAU<@v%ncoyhJjpbYyqrLoA}q;NnXHB#UKvywP??+>*B<<rtgbd0*H+YW
zQWkCbUTOoT>2*22oJZfs!hacDiSwwmgNp}y(6FX|Js~5SKTUrrzv-a;{dF+gZyLCl
z7qi`-vw3xG%U!H=d=W$k(>}jg&=Z7+OeysNX-qM0Ofh`2vO!AH`-htzQ&xOEEnnJ~
zx|oS=_(%pvdt%}(oK-FXlUJTlR0GalUq=H^`gVW|qK7Dm@+%qS^@)V`>%#Wt^3>ZZ
zy`gVxSi7L#G6;Va{a7j(h)PJC*~+kqA(-;ol?5=pj`2`<)%sq3HQ1P$CNpFXi?)K5
zm222tbLM8m{>P{uy8>4|iVeN$_nVX%Whhq8@VBKI)A!Ux=yw(YC%^X<yeWvgUJtcz
z&$_*C6?n~f{DyjnW|Oc&)q&cjy8+yBoKN3T>zEF6^=5zdQaC0wpZ4exlYtTL=g9Ca
zkJd&rR^UxMLMj)a2ZlCJvyAOVkpOVdi$Fvstq$>ZFy%?{wNih2!~MjMPbtv{oA(7D
zq^GiVsyQ?gDMFY$6pb#Zc(Jm+AT2@EDydE0S2Hp8`@3HOw#!)#k4Tpvn0y4mCm5Om
zJ7Rh=1Vw+ghJGxJ3S-6?_9N3cz9=bsM)NxY#w=>L^So#48K8HJs<rqmV!uoLlBPSs
zp)&vjc90KBihdrGIoGj3sX`@01Rf~+=Ai|154gP?POa{)7gDd=Q=>5s!ta5hu=fbY
z2$ehr#x4sx^Y*85B+dL5ADN&&TbjS@x^?loY4d-33&QQ-b$eDZi~Hz}@p;zm4LmX<
zJ)k}n{1t>6oqc1-L?7y=acey>rF&I_<bcM0e`!NqlM_4*F@NE)BF7gY$8nb;l9*~0
zyMpQwAjiyI6>C5&!+R9xca8sj9d=yvT?e{+nn&3C49;6j$8cY)jyO<IyuG2BvM=2f
z4?=%*6uv~ROz*%AdKT5nUs<X^L~T8vo=pU$fB&jMkIN&HK<++~9~I~vZ{Q@0n`LYh
zgpj+k^|qHVZ}?&j1?+tTg(J|H$AB~Kl8fk-?Ia1S6rh5<kE;X~j7S2RR#Ia399tAV
zGtct@w%tS#&rS@rb}>rlG2x%jCF^AilJkGW<zbw1%z}i9HN#bG?>>=>Rdrvw+nx1V
z@t`_;l>I$SVvV~oy^7-kuj8TWGI}I~Vnr*Sl~5A5LPgXH?;M`rYziqXX{-QFixKM^
z*V2Sh{zu7Mk2n}OD~4D?-@F;OAg{^UcT9X$p^ht1&@e`wtHV~{={$@9|IC+E7|4IF
zJK*jw@Xt#Rq}z@4Rr<gq*;fm&Ff^}TYT{<JEI`D1e4>iAqLti2j(vU*pMpT(H?~W~
z3T>{8Lnkj<R$&;G5*W5xakU$qdRQ_&$BOq8#?IrQm)WI1fR<k6WMOFvqeGnQ4n!<h
zBbd6J9Ym%e0G0@q{P)~2F?Bg2`v!lMDns11u#!b|ll`_!^M)Dc{TUYi#{|;Ji_Cm3
zj)W(&6)gAU*a57(`UTrU3R`bQ%hwj;iCrH3xS0$k17j3MHI~4N$wefH7V6U~TmM{q
z$==(qnuvJICP65nB|Kys<K~Uu&8M4SF~5Q<2}OYh%&biVE;ETn3HT-}M%91L=*6zI
z&G$b38(c(}Fw_X~f$<FLI<IxT1s`$`exvaoZ;la^12yMDvnW!cbF=I|pzT<2BlFp%
z^mLm;aA1$b1#5Zzn1ZG?qvI!RF=j$oxCxx==WH?R;iFjW8du5g1pA8!mzkXK@J^~h
z$;CL)RAcYG6NI}G0l(1y>KA|3;}&<kY+=noVQ`8i#5eTxk->y+xy|H;S=E)Yu|)7y
zCpvdoSHCVGjc%)ACAWn2`ZZa`qYtA3q?F2IcS$Q$ZXWZd&-^DfGG^F>KeP0+Y-Oth
z{qY{B_i>5*u34>LKFrJZw6$`!X2xM5X{*~QGs{(P(Rft#QDp?(-gSR$zK+0PE+&1O
zFElw&x+x$&F=iNzJ4)o!Qqrqe%%@ujQ@VN{wiBtR1P-0ytbOrV)vi5D!Z$ff`F8z#
zkB;C}cW-Af?9TT+<Upb4VC*2eUlX#PR8f2>qT~JDL$j$1N!b3~58tRBiDjpjsgHqF
z9>%kZsb?ALSjxI|{2+gt)<vDBm$Y>2oZy*y?T|~5+6^99tP-mlVJu07Kp?ZYCbg1d
zV^KK7i106h$jJ+PdZ!_VrrD6y@2RV*0;lPPq^NBEyxzXW<7R@nU%_2J&jh89C=|}G
zLQiHdj~HLU+_^o=8_~k2dFM4*Jv^nuznjXV;)|*%a^|u(0z`ibc@c{6<{vzXKr>#^
zZoK<xZ?#^l2)fIBb@9u1wY-mPULnaj2~iJ@xVXDa-wtZ427+Q-lPsIWu}!M8<JO$M
zQovdu)TcWrW=hTC>bBYWrrQ90Nn%8;t_`zTJ5G3e*KW!{aUkATh-fW>6i<J#;4Ea!
zEMAwFORoMtO<aGd_%KVHCGU$r%@rQ$>AlfA?mU0;%PG#D>gVx=^nRuAQiCOdWQrB`
z1vJ?4`RV4>YrI?5VY*jE-6sW6{`9EzeH;{AjlP53zWo*P8xr-(w8&ZDd8MHB`>*34
zTHWnjGcpI950L`LXD>;c{}V?EAbm2#8iFkdu+07c9-Dt62qgLc{#C^P{PWNM`k0CT
z`RAX1{`u#h|CLCp{`1d2|NQgMKmYvm&p-eC^Upv3XPOlM{PWL0|NQgMKmYu%!nXRK
z|0e~K{Qt>G68s<kdrnfNg~JXI5X{^Er2e>XTxVKEXD@q<`ki*SbzDu&TwQstrm>B%
zL&!w`O2dDwLUu3*0gebwZkAS}B-C6=E)}iFTwu2;UJy^IBqWm-Eo_a)A*G`F1*T-X
zzW^c0l%~%(vS!uY>ed6u$=UQ0kQaz9h%A(T@icR@aO9t=0t{wz&E9_H{XAx$;=Mk<
zK6BO*&HCwNtl}^I>>hC6_#d4uYN`UNQ}=%yeaU}-(`CqM_P1O=$F~gWX1eXohIt*T
z+Gv3g#l>Xo;iaZ^n@3q1yuzf6j~{>-oywz!w1&=SXtDjvU6D$CFCOmvDXS?dwy8x^
zhQs+hKG9(!R<cO1^ziZXDfcslQl{YOC%!piMX(VNr(7B0==6EOd4XA6HVWIFtSYs@
zpM`&nRC<&8oIXQS8zApkhnB^F1s5>?Hvc&je5Qi|FR#5at;Xi;v|~EJplO4^DM{*J
z`wgG}-2&5D-J5&O2)*CGm<S4R?Z#Aky&PW)Ps6hI{Sxt%0&f3GiF%3*U{T<&e0xCG
z@i`g9gVfKw9OFETZo{@oNrM%9AC%?UQs#g7A<6xt&TfqNo9*ZEaeQXCqr3?0p~SZv
zF(n~Ib0O9QALnoPyB+nqhrBLXP2);$+1B5J{EzVswThNayZqZ^+I{7{QU&@TOY6DP
zd%@1jlg*G%ANOsPPTk*2Tk86q9BeALv8lRk)7eWC+Evkb`Oa#(>!y5nkFmfC>%f0C
zD>j#D5!<&cN`0aji7+mHzVVK~y3t?dfh77@^r<M1@?G2WwIl>Yl)j^vq9VXT(qdMB
zD3yE_sC2<JA9Ykd2{^na?mrZOjp^=~t#~SdTJ{T3F(dK&p7j&O1*AVoZdZy#{4T`n
z^h~{6?wI2l0$T~uBn^}4!b_wAwdsFaX5Qg_E^qR^FXD5?r_PmI$tYSXSB|J3Jn67N
zv2ao*0WPS2H!Hhd?UeL!-OW#KeiOu+QPfSmTx@3V*dyW<jtM0TE|JD`h97a<vZvs+
zx!QCbJ%hXcjZr^`wnos#Fj;InBVT*G4=ZuL&b|FW`E+H)Cm65`$P=6+tRa6F-C@(y
ze}-G7b-x1wGpp#X8spa2Fkju7>wZM;A=Sut{<@rnOnTYP>Htc_R>~oloq4O!bXlhB
zV8fB2KreCbj98d>X`Mt@%ysKzuL&Tl0$oUb)aSMu`6X;_e%A5Iv)-E`Rc2iA5CYuj
zQIB#5U0%B&UGmkG3M+V=)Fpo*n^a~I5`Iy4egh}(O8xqpV5JjzER-JV4j}`#tU9;Q
z^fE=p2SXb0n9V9u{}E>23GaLbtADy%g3E=X3@$~87g8NYU$@mfM8^alWrs)=&11ET
z;w<xxtXt{$2Y=DLY}***3X@06z0dC_%qtaM5Or2TKHxy6ED%BOJ+XfXCWMAc_3x74
zx_)MSY@yd`j;-0&Woj)+GAD{s6A_Dhu`*Eg`l;=FNiSfJlu%XyI~jbRo{~$w=klA@
z^WefMO&qv^KU=&6)Y)#MYp*A6lwVVlp#8O}GyV&=2Q6He#}vxnwSP+R@|TLAYl=<m
z7K(uDGbBb2NwFad$@+iJC{^uFpT18Yf$mO7g`fXPzkphm{N_xjY&<W_{e0`ESgh1w
zkUasX?9#-5r`K7@#}wb`E|J_UMhy)CSB0=lj)ITtM~a$e+Rydx8LCtGJo|b#oqcMW
zERwuSbY;G%<`<!3(%X_Udv==l{LO$T%Hk#)1MFB}M1@KpS!I7l{3Vq1Y7r4x>14kI
zNnc@0KF~J<!$lRvMKumS6xwo-*yjpY>M{i%p7O6aZp)M5MqKVW2AUadaAnX+Pj{eu
zYU-j73%O^+43Oc-s7P(vq(O^RRW(=tY{+#~ZD2lN#UR(EKRotGM|9xf%~)&f>0q5~
z#$5$SfC^7<Dp`N}VR@87eGoF2d?LNBe6e^Hs=7*Mojek|>9LJRa(5?l*fypr_FPv=
zx*VsYV4!lCIvllQw)0JZg>iBFIEPub5=U5WE;EZzF$DXn%5w{H0}GYXjwE-F&gy9E
zSz^@8lrX*j1hu_t*Ia~_J{}7Xs^Qe85YC%k26VoX#jbyO(1f|Y4kacO@*QXvqjm^G
zcwGWHChpWL6vQoBN^;)mokEflSy^>1R~0(BO0~-TzT(f#vvh@d)WywuWqQZJ#I)}i
z_L-}T16;h&6clk$d@CWFe{)cZ>ztiWD}&=zp@Q^WD##>+K(M%fMG5I*1*t5+q5%S*
z5x9=>{-uAy`&QxJ$SpnT#UC8lan<B@S@#a9s?E8Duf3vpGAKMlXi8{EM)*PmH%Mx8
z6Ubu|b{9FUQP7KB+Dnp-5HFWJqXoWH@l6+{GcNMZeKtlQ0(}b%19gbQO*{YbUiRgp
z*D6PO2QGtmfN}s6tVwcCbSIE7FkD!{9MXA23_O1xULGYjc+i36XI2{H=H@M^Z0E`x
z{cNb*$7(ZXW@74eOIGVog&~1Bd4Du<4Hs!7Vp1y~Qcx=_caqpLaUsXZFY+F{j4iC6
zxsQ8-E1hIkckSl|!1qu?tG40O$*y#q7Mwt*ch>dv&T($90q8c`kc<dt$h}rNtB|My
zvY~%Qz9rRuZ-wU`;9KmtGtEw~Tl&tO<#?>tjmfPYAlj?kelYrDv*lD50U$_M?FW<g
z(D$IM*<|xCHjhwTMxVFmi>!XM(+%I_0Rd{W&t*CZ)-yhG^FCf@-MEuKze7X}eEI93
zAYDKz49;|}9y3?{BmG7K*zR~W3pm7d((8X6U{3I37k1D^NoMyOmpM}_j}3$<(GgUz
z0E-E4pLZEkPhp^)HaK&ikoN2RP4WDgY%x{km$v(zHqA=OPbER2m`J=KMinFtSBjog
zdhA7`=4)rX4x->NS7TvKj;Y7-!_ok#pAr{d6V;IG0)a-60ae=lbUw!>9tHiI2m*iJ
zM>;>&y{V?8`%@j^D6(`(2pw$+3YCLoq~_aN4J=8nys*urz~|HJbhHZ?#zJ;um<B4b
zNp4gy2$Xtcc+v&TjWt5#xAX-Bimy-izIJSGy<wm*ll#J^#*761)kp3kiCGH)-+L#>
z-vnLNi?W&Cgp5|*ipy(0wqrfOfiizF)BuJ0`3kM^4C&2w#7}{n)Rf(2_G1{oPF({r
zB54>24unn`%mK1r_<3hV_)!(h*i*WX_5SnFIqGaO7b`By=h)+MlA8Xx;y14)(E1n*
zBs%SLu&!#dg={EP?!)9cn+VJ}$YX>3!D|XIBW-dJ%zDq5y5h&PksHj|BHw?R!ZN%a
zcGd`24Hb@*i_I7Bbs#bNT1_wezOzu>=*Ae23BTbNWo}Ya<Q4u|(O7JvZ)^mA3)w|E
z4Nut!lf)ql5i&GWZ{}$>21-^ktY38gl%!>uWfRRn&7$j!o2*W;RXo-Vry`aE&t~R?
zZ!ClwrmjRX$?$#tI?pQVGthrr&x<(wNO1+6y;~PEOkuYiq@jqv0Prn?0ot782G`bw
zh)J4W(s{nUoz6fjxp^Q|h(K)mn6Ld;Hd$&KP90f|W_F*++imQSwp~G0Ec(xZwMjDa
zGr?h_eYmq^Kbqe|0EDlDDTMD`s^zss>TpJbKvK_i_?V;z|A#U?9Poc{&-bcvqc^8j
zpTX@p9!g4uK<KPshFh-@zoPqyTzUS!%V4X>C4S-feBq#QzIiGjm_%@Dzo$nEO*__~
zwdfd9>Dl}RhXqi`-RP0)xETs}AO}y~6hR~JAjO@mNo*iNZnPiHEtU@DVJ2oRGJeb6
z?XQoxX&#pf>s#A_K%{?NxuNmC-YeiIp9`rZnei_rE8=C&zq&5FQnKlnc!{h61|V)z
z?I8sw2ta>d$6-uoAa|$K&yuLM8!`NPsT=rAk=^`e;o_FkN`8Gi0uQ#cf_Z0<z{-2h
zFF;d7-|Wakjt+o?Cvj=MsVMOsf8Dr!CFL^8Ay7Mn?lJ*|A5ecOrzmQh3F#I@rR<7n
zR=FYn4fGTQ?DotjcdWpOngRmdrAu#JazaUNF@dgsZA++H-fG5oL>?1iZ9TwmfB@Bg
z6gx7vfLG9U50oGMp?%w|Lb-(5@{uL?eW}{vG3kM+1v=lvTxfa6d;I$iDLop?le(@=
z^MCO)ga32nfcAgzzef(h*O}nSI%2K$eU&6?opxOkohVR9r2X4uu*gCzW9?mCIE?)5
zn=IDanBHT9+eC<k*YvBgD$9PQf6CMtjGOcBeEAzIysBKRu64>hk~sc9&)W}L{|^!W
z%cuZed|d@st?-zczu&Rl-><VE`Fp<rZ@1G7lo;95@(F)yE8Gfi*T)gKzdoO6+J5zU
z9Nc`v1K4a`UmFDhz%pu3y?PxzmwpF!%z``59waQR{2Lc5D|(!~oWYFPz@kEuaetaJ
zMk1EcC@^Roy~=_=xfRlx|L(M~btiPNQTh-PjI@+v0@=Vqgb&tZ>6^Hi_^dcF+&X@#
zekB;zmAiiv)f-FztqbRJQ1_|-9B8+htWZoULXD_1X%+!1(!NT#JMKoSIW0pO?!RlZ
z!Eo4d`c<j=LT}X=6?H30b?sOjE{tc?!}_c8Bc(tIv;SFM-qsE;yg0?tvcNm@tM|3O
zQtk%fSU-x9UUx{tIKXU%02QZ7j-4OJ7Bi^SrY?WcHP49Q;9nW-u~M@O4p-Z=-MVA8
z6I}tg(j|uVm<ZsFhTG)E9f}ekFcMRvdCUW#4$7U)E9|MgZWjlw_UPBW2zJ7&yDncu
z24qIcR2uQssKrBwsG;VBGWz$4I<-fum)@-$N)K#xAvxX%{TMRh{Qh!CU*{@YT4-j8
zlbL_m(o%L|%_>7bD24YM-<BYsFzLr<gdJQcZ?v%IqiPP96Oz)WKs}<Mj!ICaPV&}u
ziiwba%#*yV*(j>h?k1renC8b>w6kTv`mx;dJ<e%YbW@`ZPbxcf&tWP+Au5o8aVwb%
zLIuc?x*jR?Cjdf}_&LwUc7fzsK#TjHw>5v3`My4^@o~h$h#VBe$)F`79^N7xP~&I*
z<R>4HO=<6rxglUo-rAa%6J*jIPrH;X*eomQLIxk4#_>+-k$8S&>YOA?=he}o%P&G0
zQZWhV6KMd0`ERr6gLi2ft@#{t-lx<27^z2A`FFkYNaeV=<~V+RNhqDGf=*<=HZp%N
z59Y?@NsCH%=K4m?V65(!u@v*hRo~9n+cVL9Tn)YsA}p>ihgh2zd%oaeS5>JWwa2x_
z!ukknI{<>Z@j(fE>Y7NQ_&1oi9a`tP(K_KFs*1&67^Me|@8=spm^?^%;1`_wpAl<8
znUMl?9(#YX@YTM7+Qa$+0X236>a~Akc#B%_vsYC$d1$22<w_Beq8Ss~@KmCOpGmwA
zAG<^?<Z081H4_Oo7K2rGgg*l?GReOc6eFB*qfz(D?lQC1*^b?!<ZFGxR|{W^Zhv3%
zCG@$^jIHrN*TN{tQQ7igi?^<|%gPpSXi81z$qxsDk5y*FO*)!k3_oA~^89~*dVhx+
z9f{9?T>u~n8}g=2=Q_FeA?|`d$Qa#dm>rM&E+Ki;y<qWCZTW~@Vna%fe04fen4gcv
zqS6|)q{4JJz{B}@_41}FpE4dZrU`EmM|((y1|MnZmybRs{oq{S79_Vyu8yJJxv*Vp
z3{hkLT#tLtn=!7t!o(AxyXAje%N_v&F@kj{5bP`pI%&(3I?QByjQ~arToq26OlG$$
z1qjrd?VV&%bvNVhdtfR}sb0XiQ29NRPks2e%%t@tR#sPXHz~L4?PR`ilQU}^Rdc;w
zJ0*yaw4cK+2yz`VvvZ1TK(X_E0y)@mq(lVjVj`zZM1ze}lWpAFE75;L0mlYOf=O(+
zt}~#IW=;&tM*(#0x$2DX*LUA{A`Q=@4uuVio581LLc64s?R;mu&R=iZ5>iq=`OX*%
zZ`Jw^j&FVA4oatAE=vyc5iJ)7zzOhte<0PKBmrmlGT<s|hbl*R7gpm_wuJZyP?1Cq
zD<o4TSek7ihIR-JZiRoJq0hK$E9_79@&LRZgJ!<kO={dWkWmLwVMBWo<qFIi3S(5;
zr=Y!;>J>F$t?lo5#nPs|L?<;`grZqAICCz#-IS4FqDQ|6qs(0ZzAj7=o250ZDrF#0
z#`J-T%36KfD}GH`w#?T<(VF8tnf2#-hp0nvoc#bFp!cq1!qR`4JE;1-=|Lk~1tM4k
zmAX*C%f~(Y;Ea(vsYNzU3R+9d4dbJ=Ez9U-=dfq=F9R_Dhux|wW=$hGV=tpPVQ?y<
zm^7NdAy~A55bndV9aD;znzo9cIQ7@q)_p{5;GvACE>NJmVfIT?@9)h~ff1UBMBLr?
z#XKhORh{ztUs`{~f`rUi#wMv#FEHj@HgIsG_*PMWU?ugR?ngb|b8Zb;D^S|Je@0Q;
zwEXolnnHi`hNi+Nu!~Y*Y^zVdrusrlO<Y7c7$e4G;p%H}4_ETJ{Se!;{{S8ApXwUo
zw9yHCZlS;t(4j|Bo~s|nBo7@PF5x|*qwhF_))ilFJ)VE@-hxa-aEP);*=JV-T9B8q
zpoPA;*sd#S%6rk+-1^-vSs=T)Jm%>Mgweon<W=gp_KzDg^~NPGP!p7=J61$b7+>8g
zNyl>cc%Wp=Be~j|@12=+X~TNQ`yo1vlE{PDPcup2b(a==zq}ct*cPaOoadJ`PX{NB
z*DqeTCF*~+gDPVVPUd~n=3r=tE31aw`9x1Y&Y|<0u%Z(Qa<gMcD-9hpvwhr-20G0U
zw>eW`V|qO(d*6)X>7OTzHJha%v=D_G1rid{qD4?Vtch^ujoxle6go#P!t<P6e2%Sk
z0Z$8rUk)(=!6;Y6ad5`s3^PGRpzEViqgTi}u26pq#N^V{6+V7GUTav9h*9BCrSRO!
zTqA`Ywy*}B7Cd-JOZDS)KFUREwH~PaVSd;X;cazf<N16t%tXL0=zT@OJ}&d{IM7!T
z{@;juhj3wds7dhJwr$(CZQHhO+cw^7+qP}nR)2r@EasVIZ)TO<NmY)LTI3)D8UBL^
z?#F+UL4V8`K6<!kKsD?Sy2OIp^Bm)kd4BQ7nEys@SH!rtua4V$YnO2|O+8bLIjrnv
z2fMoHJc>8w5-gfOwfDnrtHQD_nMic`W$&B4hWCZgOgu?V0sFk@`4wx`@qtt{C$G|x
zd;ANI@hyzZ<p-Gx|Lxbjf+y@Mh+W4xq!52fojf-JWM&J)z$VnDV4!E**LKr#Qde`}
z@~ax>kIa5lZl-pf#-S`pt{%1kjf);INNLRb$9IfS#_V%d6Y}HR-r{Nz4EuG{`<5&6
z0nfAoG=u_nkDYDtHy&=O(GhgU|3C?5*M*$ve1B40P*`}+lR0K*MA8G+w<rouSf+n5
zd`zBjWLy#r%H^b*^P6@8ziO&f4pcl1aJwRoM+FZzB+S&L#h4er0Cr^1Q&${uz3pZl
zasl&q3lG6>8e0-2Y6Zu4uR0k|it6`0L4LDvvAn9(vW8c(b#^e5IW)_zJJxjfg(Cc>
zGuDkvgx7(Y=MTBcqBqyat2HHXC0Bp4je!U<K74h-U?3??Eq>FmbrXFy!;6Yx7Up0+
z(7mD996oD;5P-PEQ^6`{3c3^-9+u(ps;T|V0C1{0>8|Swd&T!Fse&U9D<LNf`_%gl
zs<roK*L>9UzHMKB@vZMXcSpchUm&^2t8z+hd*+0Ve;~gDJ1nwX;*-`gr%HeQx_6h=
zeCAj0ymX3Sa0*i(%d}M8oP>n55WqTIvd<wyj)m6{I)mp*HEM4~)^?T$073A#?cDud
zIY*#Gxdjr)T7{dI_jPQJ>9vpP_I)w&%>QAj;l@*1w;iwFmv;+miI&S4PFjuLr2W*z
z@tH=4_jwZAJe?;zg#Tw?*L#1!UkfB;hS8=p0u6#d4ci;eMo{j#gx0QZ2w>AW?gDk;
zX=8jJ-&Q0=dgW+5z3ft9ytWF{_sfLW^~<I8+7lOdyiQ%$mqE_=V7izJcU6n5((@Bu
zQek#5&_tR0V@sB_+L0jDwQ)L3<p9qdqg}3|3sa%A(E6_y#R3M%u;+i@=$N4O7nVdy
zMT58|3m2O!5JvHanCI21t?YaXW^CFqn%MC!*YxKX&$}pXwA~E>KcmD=)CtSB18}H$
zesS{&so3hS)YSyJQB`#%&#{46o_=_?6eBx~yhl~bOLo7R8A4^V8><2io+u|04*K*l
zFxVRD`85$1h5@#oFYkXvoM-DJG-afi7{u4-hS-Q4w~?-0vu+B|1vtzt-*At*%E5My
z&rd(WPTwzRp;~*U%Oc<{h+xDK2h6S$wU#xuXe{}^R@sb!1j_U(>ZyS$kqpU1L===D
zrNadYYZJC$0P00Y2rqBUu0OysgrLnK_+Sblh(M`cyL<P(e5rq!%b&L<-|k3M3s^2P
z3|eFz-PpC%GV0=s2OO_kUjR(%l7Ot8v<;)mB}=ed|A++>lROOU&^Wj4T=zy;L@i}a
zs@q%$W=cD~h}oQk5Wz^L4w<ULJRv^#LBW8RQwgVA_J3NDBUByqVE@cZ@{8_1u`|9Z
z<%>cKm@Y81XL)~eY0-5;)YZYI2yx=6<_hJkqQvS&q4cnDN!uKeU0+-)M!_B_@kv1)
z8~a`=%g0Hb17%>4Zt4Rf#qotd6moIa<l9<K0wB#GGLim8gRHY)<oDZK0`<u9Y9Ei2
z_W(^mvcCmns=+vW-=yYTc^5^IN_?>Sd)s$Ig3k*z{<QT;&hUAEBg4Y4YY~(P06mm!
zU`+u^$MXSQc)Qr`PL`3(e1;fcU<}OfEsdRzQxF3Sqxj@28psIXfYkWm(94EoB5l}D
zFA+XN8(92IWn5B;Oo9iaUVO>$e4qfc?~aqO(VzJ|BDXpOH5_#PI_H;fuSEmoY;vWM
zaqjv|Rt_H(XAIYWcd8Ikq*1`YDkrjt-dM{S*-1k?pS2*rJS)+FhX@q}P{7<Epo9W8
zTqzAEfJae{Mi=8E8<vT{-L=f!Q}FCVOn5v-%YXn@rkQDPlwY=|Ox!!eE>-fsVqB)-
zo1XcT=Mu?uzh7_dg+c-WbeEaA$;EZ){@&<YYV{;t?|LVHZCJZ+?!K_Obzb{y8C*~l
zl~qPg(&nmQ!~#&q-EE<U)CdD92xwx9psbJ&%0y;=#|zvWfEtCeWd+V?pRe2Dg&wCP
zVK4xZXPZ9fd7sNW^;|3~GZ+vX55W8P8;9c=ViU8c8*^0d%jfw}aqBr^>KPM5iEdez
zFQiBm@(7}TfU;>F8X*pj`^o-RnnSGZ3OkbxC9H~Eu=p7RTf`!)8&UN~jVc7;Fh^(u
zMG0+dTE{qsp!iDiwb8BP_4USCn4l2CY<dYbUR*m%@YsI=0ISex4klUGolclElfpPw
zS7ChK*n2$J$I?i~DC90f!BXG~p%4#Z)S$*45h0&{1kc*(y^ohG2n(y2H@yle-?dU-
zw6e)y7~01NKQ2QCuSOO&!ZAlUFTQdUoHn~()?~xqBR)+zn%KK#oz4+U6af-4KsfLQ
z(P~G4fmvp-;i=p7;a+$?o&T-WA#Sc;oz=I+?^@TA=3^|`TQ&qI_Z&@?Ac7qxB8uI$
zXQT6fy*qmQ-kLFUj1owjZt{QoeaE?d#mJZWh~4T*TMmJ3*+Locq<_sduDX*9%0zG@
zi2}e7*6Q0lBgQ4z_+CerKw6TsR>vBtx77fGIaF0&^j=yydEW|ZJ2Be;z&7XlW!-$`
z^B&o{aW&6GGrpRf|Gd;WUR^$%&5EwBAjZUhZ`d(P!~~ojl`3NZKfHr9B}b>kA*(a4
zbN6eo5sjmd^Z&%ivco_STy-K(6U;I`ogPU__Lh6=#xhceGRhXJft&=KmU1K8T{KTh
z01zU?nY^!VRqAx6*d$Sn{*sT=YKiPDOl3;o38%8z0<ATrXAinA2pZtWk$kZQHLJCM
z`X|JJ5Z;7Ziy}F4>-r&94ofUrd?A$5XHtLKb>Why{#T(=;CebHub{>F(;%1$XBRh`
zZlHHo(O}<RL29(>B0>#(OfdQy5<fedAY0vnjx<zlSws+l`+jLtCBfAjcHA%ojK`Z>
z7rag}-zDMV`Q8Z@_7hn1?tQ6Cl2)95ZS8<xN5x4e*YG_Er2k&97M;yDw1{-q@<6iv
zpOps#0k@L0lX?a|!|cauw{rhyf4i+ah8Htk`8DSmE&LSLPF=_W2YL7vZX5Yg$H;K;
zG9^K-+Maiu?-~1ttgH&HRv3g;2oJoL36JgPRprWUN62ADL4STnLVN1IIHE3pa@_RI
zpI6i0^uF<LdSAS{LNr~ft^CB=n)0)#>hr!^uWuVPaD-8XX;of+h14%Inoy~bOoWG9
z;y5F&;<tZ0ww@Tf$k@q{u>(^l>$V?>8DsfGSa>ac1fvYDz&N7QQnelE-}_%|>c-E<
z7}o@VuqbVIWhu=)ubF|X<1&+fVv=qLLfKSR8DkWo1N$ddn4e3!Jie#g5k(Q>u8;xa
z7;H0nPt5!OdH%54`(}z7)Az7p?glCBECnQFRAD8Dh1L5mR4xVq9g2X&p#HC!3=6yX
zGXOZ_ZH0cp;W&{(0F!k^2J!*`$-pXXo~yORaH|Oz2b^7b;(oI$`Kl3r9tj3!Q(0L1
z#E>ZUFwhe>9MGLHIN}Z84W#b)7W@{KT;#HoQ_)4ra}k2IriNzI)ZBzAzq*?h2q>71
zAf%qqu0&>YPuaqED{~po3jzRYo@~@h1G}1MR7NZkU`>>Z?_n4tH(h^X6#s8|7K2G~
zSK}&hH4I%#+YcOP4u*JtcGnhOFPeL;u5P1ErMreN?iC`WzSv1snK&AaesHgTgzpbo
zNv0GS;_87Sziros<MVtNgFI2QJHtjvJVyo;4BAXdMWN{aP}*&E-Rt5chW8QTl`#6q
z$e^k{u6${r#`zTQLEn*>WR~NdK`*{=3_r6)9AifXaqMeY0A;Ly#EBD)OkC|}oT5_$
zh%f<+%-0$;7&oPPF+wIwMjRZK`&PnCFWi^t-(Wy}TmD0NURk|eu5GL-73c-aYJm^{
z0&wAxgSzq1TA)4S69JzA@&3!j*1OZsHN&@W&7!xs5CXNWu&<#p@Qu_#7$QU@V82Xg
zjV_ry81hJ~hTIQ-YI(mOY_C1}+yv}&v$ka@0YVV^<)xpqc&!s_L8d1H_>DV&e`<OD
zG@V-xHC2jUaUeuQY~hNdMnnOc0}p&jj$dI^CQ=}xavh?YVpq|~b2Gwg4;auzy<D}v
zot+I2FvX*Oh{xNa?uRy|-Ntu^m+|c4s01m<L{v4av(bouo0M|y<AYLVC4W_Y6w^q_
z8#ynmvR<2%d~^Wfn5nHoFNM;AxY_Pg-9NyWmv7$Vmfdo_2xnf~SC#;<6vmR&BGRZ#
zTbP!(;JdH(yy%2DR<K9_i~75A<9tvcQOb>Dj-R>V1MxuYcYA@H#m&h*X$&#HP?U1h
zmfza>&KWF!AZ$bqDMiE)77JNo1xgS~LfgGNiAY3$w8RKPAq60^l9Dm!jq{Fl7x4%7
z0KMOA1aQ{2`*^0YbF!M3D3tC!W;1vg3%~~6OW4|l5*Ck%%Z)dJwx5O2BLuD_r^YzW
z$J1d5exTd^K1|2y>y7WGaVG-Yb$;RzzgojkdJQmtqUxIRf!auek=qM}Z1YK}Kc0;~
z-1hiC!ePf6+i4QAI4owR+Y_jUdBh@0O=pM$OhOkB(V7_rzBqPKtsQ8aL;s9F@Rtc%
zP#nZ%?*B{47%}nxNX9Fxpf0%Vo1+hXC7B%-VZ)9%vten_Q`6JkUyhcAH%!dT%)a&0
z(=eugqYPt=qYjq0(-L>(*<9qjx)%MGOJ_NI)Rr+`F;RWUTRvWWG4i}gz@_2|XljWg
zrYva!@<^jy6lCm4@pQ!++Y%|V0BPJ7Dr)|V2TSLx5oUYUnU_9@sV;ysWa}6R@B#wi
z2*(8I5FZX1-8RL!{1tj{x<R<?0GRFt6xthq0073E#7DQ#IOiYiHZY1xr3Uon9L~6&
zys)7OUY>vrnu0t{QNyps&S0B_R050@iZOMi=6~$xSU*?{eq--&8JEBTw$gLPA@K$}
zLgFtwE-1h0N?UdWN2iMAA<K0)<hdFmo89zHk2Y4HC?z;WorIIZ9egrx&+MvoKN$6Y
zPshJ-8SUUqn+sFD8`2WgQ<}$k@ZTxKvf|!(Qtf$~Z+9xze?hUE3qJ@c1qnC?f+y5g
z1)qEddy=2T`_S#JH=Z(cexbF`EB#*_tH*1#1zb-=RYT^7K}=?Z8AK>YiY*q$!q4%(
zI2H~_qQ&BcX?&nJGz*7!o;b|vJ8}zu-8q3@xnkOX>J8kXF6=77ppCX0-X~$I{)S~|
z3wY$vrr~!%I>@$U^R8TIxj-7H)SYJsGWvgZSjpu`Z~>RXp_!%r$A1``UswhyTbx;s
zBm}k;J+T{zSB(1KC;q~7J@|rSmu&`P)+X8r*05jUzp=5_zyGQ}%)PerT&xR!N&ppS
zjCW=A7-f}wseRvkDLNkWE$o0W!=?7DTL1k~G5h|NcLtT>wSn(oQLqBB-8l|U+jWP4
z!u#Ryx_f4ud?7d15E%CV7M?l(Eb=qd<Xt#wFVzG>u@hS6k3q6NW>c;7*qiMK#t*Gu
zMY0Fi60Ovl+H@?fRh;t4=r^5zJ8Cb~1V+&bx$uvK>f({>_+GOw`hO0Q=6_|ev<Aiy
zQrWM!J^HZG{WP#_u6k^vxmX)K_5v`GXq`G{SKweI-lG0d<@%mUHnxd1f<vOpJoBpT
zwBM_<JR9@KvFu=hG$N0{j2p#o$&8q`hvFCaeN7C$yIpoAFod=nM{ah1o^K5=MDxm#
z_&U(!W)jlah+OOP*jX!Kzr#j<;>p&2qFZetA_r5aFV}+Nm#6ivxyf0@BMahhBB1&S
ztL+HXN_%gwmUOyB(_Hw2*>1#F-U?X+P!^1$_etH+_Tozl#ebB+;|D=ENOD_t?;gDp
z3<VR@VEf?lKB8W3Ay_4UP#2P;^~u~(`om0|@th{}H7CNd-wIyfuD{RXwV}7Q=opUd
zW71rIUJu}h+kidZoC6D+U+pZ65srIKqx(Jq3vS6zT$X!m=WVYbH9g**F>yRAV)cS(
z2MUpURo%g~X#2t}=8XBwv-2ak=mfOG1wB&YwUN7zNF0)F&6-<(Ong<^pC~|@RXxeH
z(7ypDj(gzH`#uG0yNia_|B$!4)QnB^$D-(w2ABJbTzVr|5_K?nHU5lPk$9AkJuJ5Q
z2q=6qN5Q$+6^=~^sPX-w+8qS*UsYuzmJ%>zOe|J2p1R_V3GY1yKI?FcDtw}DMvO@w
zB>lBE9)3UR+y(c4o>F-`P>GO;#<%q-%N&T}jY*Mi-45ZB0q5U2t>wPxs%Cmd%(fNk
z#vFHAy9xeS_S18QSwQZ?8Gpx6uJ%6e=@#But^GS{7AtKcbuM^@EE?2`FD}(SiW6Dk
zYmH`&|B$bShv}N$R|$){s-AW^16Mupv&9n^ZX2~F9M>y<eLhZZ9(#a#J)={1_d1of
zQHzC7BXCu5eQof1{ao|FNnPbQu!6rz;q~{(hS9%AU(4{R`j7UP)Lt@aykE5}HV68C
zBjs}7hI+NrSTavsid`%+6<1v_t^QvQcHc3qo!6G{_Ij$h_cVBq=aje3-X{HKdl<4{
z7V4134=zf79{aH)iHmg(g_6GkJ-gp&G}UBYp&U1Q*ZXgKv*xNaKEBs<bZU9u0GhPA
znPX53q|%1FIT@XI%~;~R_@mTIWM=Q>Y4mS(ujACyQBM;zj~%S?+Dnz}-k*IcJ)i8(
z4=KYvK#4J==5lgr>B_1xUwgxn*mD%~t^uj~lv4PAjMeyX-CW}0qq)a6mM=-2iMU%2
zRo88Ke!A}7AAif;8hXZNtvUvK7gI#cYkR5BK{zSf-zRew%RPr{Te^TDDG`(nGUExy
z*0<{!qyAzw{Z}UayR#<qs8*=$Z2$S(uFx-@H199w4pti#p62=HXTpH80&Xs~%um=G
zc(H$fr&PS|BWo&-M>{30#T&=CZ}0diHGes@bY9u57aK|%U_g_Embj(rTZX;YM8}<r
z?G?TJ5gD8F`iAV4>9=>?>$|y&^){CB?N19zv<a{K0G&Tl<0oZB;nI{~1|N0Ke>K4C
z%bk9)Nn7vVmA_`Co4k)y>g|ipt<UJel(8azEgRTE!<bJKdbj-|O~;lu6Y3_5>U&_!
z&mm2eb>8Je{P}7-YuVd#-IdSU-OaSvKMEU5MkWV-lNV*f72}l4YyEPw+Ruzl?-|z4
ztAROn?Ad@rgngbX$S9bbtn>QiXAZ>W(@A#~`8D=Nm2svzKY^~qy<Q!ux0}az@Be^*
zXBC+1Vm<HuRoj_SZ%m`vsEtX69d8zT1Jn4!{PT-4`gw}}=UH3G0--_wltWHIGddCy
zI-4~Xi9`dpcjx5AG6kc?V)sb@mb!r7Gk$cpP~%7v1PcEVHSzW{A*&N4ZSK$tmPszl
z0EmJvFlH6O6)-J*rWQR|NHUOM1f=?Z!l4MojqlNNd-bViHXs$yLTPtAW-d9_v*x*-
zWEV?}xISUleowep(2HHA9f(l^S9`i5XylN`(j%PCFC!VnhJ~9JGZu+Lr}Kyz<wep2
zRqia|dSoQ#f1i)nR-%0*5!&<iw^zX8f~cHc*p%5J&EEYfTa80S@SsHhq}0EEL})dz
zv+xpoR^c-SuKKs>7mr-H?ehuSY5a1RQ^H~Dz%>~Acj);%?iHWCRO478^P}9d-A~+S
znpLc@1F^{Qjk}NK43|2e1d!*k+20>*@K6cL>U}Y_Jd3Y8a&Bs0-deL~+zZ<C_E9SW
ziW4v)Y;0AC{k7D@V<)##=glF1p6syGHraSG<F8=%j>3Ddpt2l47%+PP?<_>0p$)s=
zGV5_zzz1WjJ~$lPZf4tu(%DCX8;lP+npr*^EI-cP=J&XE*$?^_FB2hog^<c#wIc6>
z!7#1UeCbOeE=;aovoO&bI;l$7i?^sayn?6=x~7z^Y|r_vyFirZq@V?VBaH`Yod*Yf
z$7hhevR2+j-$%sD@aUDD!p#$>-hTAfVA*$dr;8A@iXbXsY*mvTlYi(K@t;#rUw+Pn
zHa;)pnOkfV07y3Ct94J-eBWiOLG00NP8={_9WZwfniS`IVbb`pT23+BYg?k14y<<*
zZ+?H^Q?1>+ap-k*oM;t)>5Bv}08C+2>O51%2s>HhMC^X9Qnwy%;U{|g^2iMF(pMU0
zu-NbjtMy`SZA2R}>s^lxFi|ZW+h~d%nPum}R@g%H9MBoixZOT{ZOqoZaOiPS=@&;v
zymQnFSh->fI<F8HTP}a`Xa%itB(KNC_fFaTjyQz?*aR<8$CXHb#*2eMa#t1>IJnpY
z;5rpL1I~HQAuNits-Xm9$P-KxmKA3-U5sN28s`-4))xP+_o{xsbjEl{DjLYCX*-p$
zu){@|QXmT!#=ADK@c_O@i0{GeXa}Om`wBb{w)Ci#85h+=tXxTE2p$JPP*3OmU>7^t
z;S4cRn+shqWdP@YBa{;$sUit$iWe~)C~5?$Wz4_WdJap?J1u7N0mgVl<zMVl>mw%3
z6t#+D!rGmnoFTsh{n1<}&E;%$JVw2DY9WOSBbJp(oF$G=XhJRqrm`y_74b~7EB-;5
zA-M#cBOu0FkyH!^@mK2ra)lSv0|aevyNh&dO^ho8>3&{+`JfdrBqOy3RtG3i*d}<r
z?83CxfV6@xmcENGxPKapJ5P1-CGC3r1e6e3fWwhECuosK60)ol^q)8>NGPy93I!2}
z#FPW;ED08aDFVuXYiT!2&5sty0EPmiEN*+&vb@!*+m`3S+GOVgjbd%42x6zS7ND{u
z3r03|;nDPe+rNuTn*I6sIlZvok}IQ<q=Q>00$4z{m@CwrafV7;nOH_qkyX$Lhyrec
zaG2J!hLgDJ7y&YbA|x-*KX8;aqv&GrXn=UevY6x1HKqTFq24;u-5bX-bJ3W}fm@UU
zC_p&`RiC2*1n%9(A7*{2OL`-EfeT`)6b4YGDxA!JR?)fMD2E2(cD7%7>BhL3dHa3W
zx!sMFYh{y5YlC9A7y!i9K+7>TTEPI3%^;h=CClz7QI&B<Qql^acqx3~=`i)kT%!9(
zgHG`adfsdWK#gJKR!D#%TGav|3IbHlxd4Os4e?89_|0c?kajAp!iaNS*CBUW=2FX5
z*E2wWU8{9^V<EsR>vfeo?r-01R^p1arOqdc0fj~kkQv01W!n;I*rXjSK9><GoxOEA
zJOIjgLMZD5&AJknC8m3vQD<QK2Ta2EpuO{sAt2LGN!8<q3g-w!LoBM?{BO!hKd*`0
zC_Yk-9C7{`_+r?<SIG~c_I&Kwk%ah0KmsU#a@Zsk`&gVJNI5k`mO-{<?M86Q5e|}<
zs`asoGM=2B3;|Rx#1qp!B)iYbrCh)1Mtj_Wyf~uG7dkXZ!7~CN4YVF?AoEFDr_#;G
zpm&gJJO@nLHOAFx|4dhnltcBH?vpK0^VO?BVu@PQ5@x28WLi`t%&|&Rxh|d=E{0Km
zO_I}zVtp&>W2juwMbu}LK4<%qVtSC11mm?+yUxI}xbf>6p*W&7!l$%A$Ron-Vn3Ar
z4u0Ow*t)NCJKcL`%&bjZd7_;QzVe>In_fZ9(N^#L<<@Q4sJCKSp4P2`Z9WwcSr<3f
zs}pe6C7IkHFOEsuJy4u*6X@Y1t9#^s4iozpaejc@t{<diTRpdtr0R-(&*UpS&WJ9N
z69P%l){+3FSb3Ju+is_Q$lJfF`8MBQJkP4cfFQg^oS@+UUW)_tJ<osOFWQQ4&Pu(z
z=H@P|C^~`40^?w~@`sLzWf;R}LC+Nooj_#@@pZ9;(7^;i6Grxx!i|y}TWqC&TxAhq
zSR9tHaNP@wy_4hMJ13|enTOgrh^yHot@L&XY&+P2?V(8+rrifk=lt~D)~N5&e_x2p
zDM%}RmE9^F9$KbF(`+!8q&<B3+|%>TlX>f8;9YnI*rX>rppw`e9FeyyilEt351dx>
zt<NtRHqi}vQm=$UakVNPaLa6ea}x?N!ukU^N*b`)dl1>VV_0xo6O&kbh7WWi;EI0$
z0-=acxnuQr?e%X1_xxj<TI@GR)9iYl9o1RL{d)7Y%@)3XmF)aiKn>*|DkmhirW!MM
zzt;anwqvnL+EEdq7da!2E-8l9-Ux(u^#D<=MaFF^l7#~a2rxyICv0MWBn{{7ABOx(
zOc=#vbBur_A8*lxDG>92QIJz9`tmzz&~)A_9(36F14@6AN4o7+-%xd$lPBMtlQS>s
z+MoeN4StOg1&2ZnJ*T)AQmI$~OIghmq7;k_a5gw0n4qc6G|H}t-Ww)GtZI6)?tkK0
z{<Y5?ok)pWS<-bY``&JUPWoH3A>*1U3z`Qxxd17poeY3VF;^I!MlA>!B8_-yoNj7g
zp29hdDv-_yJ+172<6S<VlRGn!*)r&vnXMpSw|X9KR`STP4KX#RtpIU}QlhMYDa9cu
z;5n6m-UmSx0ICa77<C!T2b?vevwHq2cWf+YQRpa--NH*&bB-T>HyixwEQ3M>q@jpj
zM6+-t7(B2D0U!awEs}1jJI}j}4$wR;8ufEGzonprLjl4Le``^7)?Z8L+S*vH3MW}A
z$cT2JhyVhmvaeez{Tx%N{p}N2I&uK)>tuFcJ_d6Z?hWuZQy#EVSI$kUaBH9{U*6{b
z;LLnwGrFb^l>C){`^AT3C)Pg*)HwOSRCG{8{*R(Fk`0=&E!O(xubPzQJvwCUJ!&21
zVGL)Bk=C@w#LUcVW@e^gHtK*A*W{LQFw!u_Y&<r!{x3~MzcMaPF5mBg+jjfvDV?T6
zs;1NRV={<YU`^LOS0JMI;v$o^RLN1bLkCkuu-?bYtFuRctvYfyFHedtAA8P(Dg5c<
zTf*P}Pk|{B1Jo+V49WZL_QYlWeti6NB61=f6)Ke0ZU>hJCCb{&+$<eE3bb6OQlUmo
zQEDM=PI+N1?=E@9Wa6aJ#oc}G*~J~-!rGeqpQD3=!+xy}T^l$>o)g%%^Bivu6&4m2
zSC<M^UvaU2^TY>1YkYis8~@+8A{iOELk>ypouczq`wLe~7PJ6gzVO_DyEO@oBvB$k
z=CZMF`tL6v7dQ9C`8k9dOsz**4ej6fq-u4oev{Wri$J8Zz-uVF-uT2kEc<Q-1~=Dh
zT4rWuo4c!PuZe+!fuz1ZzZBG^P@_h*@}tkU7Hpk=!U!FDA{OPE=m*~KI|C=7g03$}
zB@7aR5C)mXqL5VN5s3*?<~j~Vi|6_NeAj=Z^DeKiH)~c-r2Ch0Kq4a}CFMe1Z?>}k
z<MaG`adGixjmQVS4>U9Fn#~3n)R1VH*M4R<IRrl5VTzPWq$Ipt6;Tj(f2mL-z$NYQ
z`r(0p-FjHwNbx^oGP}KUg$x%YguK1EvDs}5HX2Re1M#J@3}wv4&t$lgdmH-d?)U?I
z$%g~T^L>(zN_X0}A4d}p68H3IXl|Qr!}EUqKGWeD*4KjBUwJ+TaVk3~m)8v!Pe60L
zK<jP~LHStc#%j_WfkjPc(6(#n1z~Dgi}D+PZIdcVAjtzwHQ#&1J9LWbF_?<VK2!^(
zt3@RDn3D{-QKUs}w&>2BKk{q!nm*+Ne#S-u#PPjj)GYs+{+8U{^1OcqrDwiMQ5t)S
zqvd+uZ(X8h2Vtx$mX201ET$6MNLL1do|ckPpq^5wP^nIcT8t8<{-Ds>^rcKk#8Q%f
zhaoRXaAyKkqEh_SxN_qX2(u-zPd)O+j)ysvm6Jbt1WT3RVoMoIHs>2FGD#4UwOegI
zWcRI`C0@6$acbtjzqiA}@w|?i<N1Gw!M(k`$E|Z`N|>ADW9t`m4SXlfUM^QOq(29q
z3UtH(AtDjb7T*viSYCA1l{Q`I?8;z&qoT*HATuS1N(3SxPUDvY1Sk=Le6+E9dU`+t
z=ib*jz~QdV-{%papP*e_-4kWXIJ}-ecCBkWPNCKHe=a@u&1o44d<>{v&gTnt!{c#!
zyScv^d+t>#$3Gu}uN6r3y1VnQ`vFXv5I_v{uu2jnq>1klZgN%V{fSFs&-UkkWC+kt
zV`_;(3K&Qt<{&`B2$3oSp*}8+xzVWgSOVN)V`??0g5h}#G7eUFiAkB8nr3@_-|TEt
z0hQp(P)U#|D_?Zm^W?)<hi*n3^{i1hR`w*xl0mlsr+^4q7|aPnJv|LKB08lHGs7i$
zJHe$XRmk9#L|_8WCBDT)0x~3j7eE7<)Uyz&J%+IN#{bKjm>Uk2YE}j%WC>U;!6{%`
zZ7P9KKAud8#s*?>d$K^yilcyJ0LmFw3<4su^NIaV4){IM*K&OV@1r&eoL%^d7_rS5
zWtLmMjE;vr;xMCI(OM*8o3s$v&8O$*=V72@4!NoNAz^3~$r6TDb;{6xI>6IBO@r<)
zDOOq`quDeO)29k4(60vl1kYDRjXvDBYiI@FYCzM|EKxQ_M!skbhy(=O{x{!Zxj-cf
z-`SF-Ahe0qV9UViAy9~!00|;g#!TI`29B{UvJ$bQAckqC!#g!e9vAS}LURP|*>GI+
zp+!^*mG5h_699#W+>Aqie_=`$2rY8rwHg8lpURXdQ`Hd|h9X2jn2|2DCz96N2mUR%
zFvRF4lG{(tjr{Mn26!PT6(-mUj|L*MYiJritV%32eM<Eduo{6@u6n&XXj}&f+zOE*
zDVlgG;>Br*h01{fMEbIe7i3DH83;~3q0g~D*<WmbX(tzcj)`}F$5`bQv8Se#!HR&C
zBo!u8q#89sZ9JW7O(7^uG5rO4wr*Ku0<<46L;=XG5oRPD&|dgR5~{Vh#_M&wf<lXW
z%Ghaz*lC1Ow074uk;IxoIQW``xY3d{AWi3;aRe}e$YB)+7%LMYmPW}OYt*LUebK8*
z9VgZnT=Yaaj`ci$=r~!K$$e1C!b4{aK51zxEfVejVoGaq*Ul1k-a39*v(lK_wEJql
z-DbmL-3MN=62ay5z^)I%ea)03m)E4qG(?Js2@|2nF*{y#^pUz0i&y*#W<J<5wE3?s
zMTogysKSF#mL6T)HI^P3oQG<Y6wxd+P1tt|blJs%#>Fmw0R>8vj$qO3U>HR_YK*Lu
z1qhW<un@R)6|(?*2@15=K4hcOq?wV*Pq7pW2#qvrM)luR(Jc`*X%MQ`cAKt{=Li@x
zl_Dhp5@h`nK^)<2lyOp25Niy1fXE=EmYD$20ue9}X^{W`p~$tH0&J^1tLNE!nb14l
zar!xKU(RBG8nojL3JMxRApF50BJ3?|90)PeUpdLU;5-MrOu~2C|3>lh^76T9P{lzI
zDWWAX?J39%37m{;=9HrU>K0|)x-X9>ih_<v#V|*xwg*;>#;h`8Cdx{oceL^5!&4V$
zs-3aC@uqDauy(kvHS>ZLcT}pxM|LbSOz-{Ab<A#mwy{u)q)>Rj<VxvIH&Ci%fSMpn
zM27&Yxc8k97AxGUk*)BgZjBcix<ICI#X1wv%OP59zQ$6qI=H_P*C)g<M3e@yA%pEn
zL=uv!-_wSEqa2UG;{nv8lT2Z*g}4gUV$*Sj0Hwjg8Yfz3jWw^}c6G>uR3_%KS>k_6
zM~ZZRDV0JKEp|x(9%dhh+gb!Vy&i#5`eH>OMAL-+w!p2qKEcPfvB6e_N}1qyY^d$}
z0s5*h>K|Viplcmow1m03xoEH&fi^A%NL3NKehW<`Qc`C<1c1sAG#kC1h((GyxnRO9
zVOd;K?{Bt=-4EgGGX_<vC?_0I6aeaj*I_t+j_{U@z992Jg@DC!JPs#Qogj5W4czie
zThZ-y3JoPfny9LVM_?3EqS>75HM*L}q>Y>IK2PDwq4=NRXYWp#5{}7}n5jrIB2QWm
zq|Bo-+u@xj9+wJy8of4K@&B=fo6V_PoevsA{VyaiMk$ekjV>R(5f~Oy@%mO~+P<WJ
zP=~;ED}Ma%onI2q0|*i0Zl2=QQLuzF{@!PPhb$R5WOUChC$v;LUCv@2%A^|D^~6;U
zg0b=m(1*VuP2vEI$|+Eh0;@X20_o@dIVeWSP%J~nnAem4!~U1H@+TfcH4?cB-NfnN
zUzrWwJD^gOLvdO2Sk`g@>bM#>oo1tdiCSA(Tv;+D&Q{TJ2?e!rJ<+_3tQ2DT>`W5k
z2`H(`AHfOru7vH0*!^XMM=z6wNg&ax|B_a6n(1sOpQpqdZ5gWtXyZ!Y94?2(yx~)V
z8n8=tR2JF}Q0qo!KM64*7TV4*3M#H>vJ?Ute_(ju2Tqjz7tV>azI1{ubS6@N7k??1
z#`>`KjxC#@LP|-ZTsfT8Jk|C6Je4IhcN75xk9<@sDM~I%;2mKwfDp@FJmCrn;OTM#
z?5k4G{z?6hP*Nt2Tt|dNxne6SzgP%Im<=r*jZz&pu*L1Eb4M`__=XqISR&_)g}MgB
z<%`>Mw-Z(L*~}40;DX>n`?HyUZumM&gw@J1*sf+*h0Z;c$(@suV8LBFfez2G=sd@?
zg@<18s;r!x1trBnr>pY*e3jRIJ4ONdJQXD6sB-0T`<eI6WMig$n_^yWA@98+VUdR_
zD_B#N;YnUN1-c^cj*1JGj-E4{l$ORP-b4sw)Nk8_%8VYVQ_o;~pKy487zJu{nN{js
zo9yfJ>+YOm!ZNZ2>dp?YbEl}QzY3mtgLwcZjY?1Lf#GwD;x@MEuB+^+`r6F=AvV9<
z%Qf`0hhjAjwF!qA4&p;*!vmw3xL6Eqm1^~-_RC(A{a!C2tX3#4UR?NUjjneST=d>e
z8q{*9SEk*SVZ9cMV9X<bZ~_z3!TNsYNOfK*%A7xEXleC>HC+*dJ&6!2iC{wpu@NHq
zVL<{`##ciLE*>su$^=j-is9F{T3m8T-tdFK+vOXFoRQ7pIYwSH3^0@``lYKef-26C
z6oRZ8cW$r=)Y0K#%jj9yVuz5(+Qac^yP%=Z-vBUp%<dJK{d$dm(@UEuytM;Q!WcK9
zf|ZIt<fDkWIk;ZSV4@0kG2Xr!<a8XE<FOe5D-z}Kv!c`9k9niJZZJYdzc}mhCk0kE
z*2611yC@K9hJ=g7dBK7|?XTFM>)7Y(*KN-mA8Z^r6Aupk<Ht9A;|7kMh3^(O=7fs^
zRhp1CLR*vSGA0s#R)GM0#(#H`xcsD^Uu=!&rVJ2?af^dkx@JZgy9yrhmOiV}!DM+J
zIj&TwVkKn|%`Uecc@_@6apcUBodej#q@lut2AYWqv;M#hP#Ss_VEiEvN?0szZmL8U
zUHq%e@bRDLK1n<;tkj7@8t{esC6>`>*e6+b^~rl-*gU^~OG~E@oK3t$sq#^mtzS3T
zIP^ymGE1<S3!zE7Qj`@2#0$;QqdeIT4UoNdVPe3+Ww?K%N^u=*AAM?(&$4?&J$Gav
z8QzSQ9Ix@#!JnH2YSo$cKu#YtR19nX^xJ-~hK7j2S^q<O??5!q_onZv!J|uuGTwZW
zd5L@cKzu}hM)k}JB%p~l*eWm%;n;_tI$N}j70J7n)N@;{v1FW~qA`B@Yt;Q!IN<$W
z2>x=1Z}hX-g2MWgD`I45VDQn#%7HkJoLez;NZxY$!viCDMn;Ap4Zg1KkeRP9Kn1~)
z62TXj@aQid4CO$S>hWs0gu{wjq(GVjQUQRKjZ1cat-GJc>wSK8!^#?^Y5SA@`sVBZ
z_xmGn<v^5ha3GR6WA;1bn3E~hQ6kzHyLlOV&C3uIkwlD&DgsLcX(1PfkVLQ*mw`$C
zvqW!Y`OfwF%`)kBIGYgV@>k1!*I%Q`dDrb+>5bQ^$lc*|GU>m(FG479*7zIsWQZ%}
zuPF_G)S{HQ+k)+}9=gx~Nn?p9!iCS&k1=fg%stJeY&m=lGBNgMn2J^`RD~IfGAQEn
zw&#z}?RHC$%$mOxc6a}Ck(v3o@Sn}0p$P$WnLq8TgTi^%6DG^e*4!yr`I~aB+JJ;n
z45C=r2pjJvlz<D2)adt4RW*;fI%RB)V27Q5_Pe`Ix;33AXD*lBM%O7cv}P&~*SinY
z;NZWKfeC@UYv5=1ZsAVH&-?<2OIJ3#ozcWv)9t=Lf>sm|5jj~Ai<m2v44C=GO5I<u
zsJbtP+r`v<wIixz1dD2a{v%`Yj>}1EnIC?eQ<KKbzh(UpSW5?{|IXE9VP)k7zf$FY
zQmquo2E|<egXuOy$H2p9@fiUK0+CrzbjMJWuD}bNqVE(~g|2h+yeBQBeS<QfazfIs
z=LOB}dcBZ%q4eM_Duw!_=hOPpe{tW0P<}+11y~9fH`o8lv)6sE*Bg<l;Ak7V<012m
zV#Nx=Qq&JexKWGA>LAY>we;@|aC^mnT(HB!3oJ~KDgqm?%Y9EqT|9i^)vovBl;I7Y
z#`4FxLx<ARq47VwDgxw^UBIZ{x*7sE<82Km-A|kucZPFK;4(A?C9(?ch^0USjjAeo
zFL;yb-Dv#J0I5idMbh&LV0@qB#60CaGaqO9b-H%}lp~fue@RE{{PX)N{c!Mq<xxqI
z!+V!F2c{pb-*A+q+<Km@-hF?tn_}_xJSY2STa_U%0kK^brA`rpKp=b^kcUbgy=X!X
z$M=RePj_Zdr?Tf~p>tyV&VSq6*Lx076J9sg`qr10<v?6Y)yr46^(comSxsv0=IGIG
zQRMi35rTa&n_hrTpU#?dZ;B&-qD6BqL!OK-Rkl<;-nYHTlm<&>vg@C}hem>Tzu#w}
z2<}!6RR%p5vi656d<s&Y3gzW$blE*NYF!fo5@rpVeD(RJsh&+kEw`o_@z_0FlMDhz
z8*Hs&1$X>Km~323Hhe*Hq{<SOigf9}sPEQtj2lvva;z7j-yhrC-?I&W4aIet%W6Ij
zOJ;d^{8E=4;2ZyldzZgyZd;=j-GH{WY+iil&idy8^Stf)CZ5H@#HY!hJ4xO9;5vVE
zmIPM6_Wl5$DnBYi;$VPr@%HLQJ}!HEd*g!KbVa!*G&V>X9W!Pd2vtf$x@<@Vi6T{c
z6NAp;aTq;&ZKYj`LT}c8O_(=6QmOTy^-6=xSvXb_dhZ;$3WipKg(BittZx6Q*9q4|
z^%>F1zx+G>FakXr*pl4)1V)BVm_(48OqS;hyjqQ+tx&1rXdRkVrRHa5=l_F-l>`5$
z-u;+rk;_Y~AO*W(wbD3?psz}YDhqT(cft18MXXMnkjWWUeDnu@N<PHAsXRR=bF|Jz
z)&KmpR;T}#e&Y0j&&r{ju(Y(4BZm?-;%}|L_$$sOF_<!PMb}i#_9Ro4&8e^8d5S1z
z_giV{z@c@GjP=B|s^4IAUwxMAeS2r+z-9RJd-ul&Je8iWMssu5XKm<cxN$yyK5Nwx
zqDN|{&Oc(5=xEA+yxW!)#nb^}r*W`Rf19P=^O%Z{BDBoPky~Gyk^{Nvv#Ob&o0T;i
z6BE-dy;7xO+jBo4t5S^$WJw5|FH||5Mr(fOH@3C+i&rp>Nl+=QF$<zrqoumj>^L;$
zYWc&>x;9e1TCt*g8Avq0HewWMyVZK@x23)JNoUJ}&ccCz{9jJV7=FFtj<i^-`Ahga
zKGtMu6X!}8AY!PlcQ}vTy7wO4+^rUVq=1=29X^cVpUEr*!}F!!Vd8$6|KvCD;dq5m
z*L5F;<NwZw^Fd8JhDpM}!#_<G93&cgPSLjgCaS+}>3?mmed8(Yrwjby+h!0olNYMK
z{a=cZ|NqZ_RTubw%~k&&bO2(CLiGRuNV)&d=So`O8Y<?izhEU2$_+&gYZ%%xG+m=B
z8I6>k8yOZTG#ZRunoXLr^lr$-qZAE@)L5v9h$yUL4MB^DsZ~e~g#{XdhGw&QZ$8XJ
z!{_-k`5CTH4*6%^U}mSgAG4fyo^#%_JyNPTsNy4kijFG(-({@MZ(igiflvISL{6QS
z>9j(O^C@NRZ+KLm*4h8_`jU!pEO?tJ$($pOgH4h1FXt)Vx3D`NTs6<#E!O=vv|j5p
zD56uPej=PMY=vqDzB19@t>$f(xtgau7sAPx%e}+Nw}8maP&jsj-HnwM_0Cdot<PEn
zoo%^)<hf2~@u;jq&z+mxvB60yrzmSwUP*q$w+L+1rwA<nqfAQdp_k1>>W4Wq{yTL|
zy8APMv!<=vT;@`+4c@gZyGvVfA<YZ)Ot@-h3ew5%xbHS#@SZEM6r4MWvH=?txl2h?
zN1STok3sjRl`vQP%GO9^7+?Rmlf%4lD(E_Yln!wtT1Tl7tzBm>=gx+YX)6#;RwbpS
zKX%Si{M7g-lIc5w>F3!xtZwJ<Z^`$A`)8e!UP;pj-OUa8Xk;Es+c~|RNBk=Fh`s?>
zP%^Wk>i1tV)Swk;3hDQN4c{X=Q5@DoHRlZ|6X~0QIM1k9OBwcp>;)G0k(3H=CyHi&
zIGtUEAdW3p?|N!d8TR=+33z8?O`wPl%pA_NH3T+y!uff1_vfQm<~hb6Ecn3>jNS!s
zGw~r8Bb63`?&G7H2i-)*8H$5Ts}+A@;s-t^pBCqhuY9a@=7Gn7M}jwI`DSfXHIMf1
zapcE9ZLB@6g@0~buhB+|?y^VmDNC4ty_7uDsC(H~!%c+;efd~im<#7(_-swJSPa<a
zUttllG*2Z<Ep<M71T6k!-8F#72g6XFqAJ>+B-*^G)NgXPeVFoncK7u6*XeTkM9Ok*
z-&&>=Tyv>4cUA_y%|GYEFVov2W^;-;Z&99C;uUVcD&fnAx}6G!BDnt|KoUoPfhzLG
zr;=d%tl@77P*fWaiq+W;C@p0Kd+w2Z@^!859skbxc)D`V!OI1ee0zH*rq-@n{-bc^
zVm&>T!cL0RMlB|xqUqs%D`k7<)%RbLZ_W8?;HnFESxrd>WhFNE;fIq5gc3$zI~*}6
z9MFHylOS1FXeYGx>A38YPsh%Go~*~rq4#NlGgtC751ncF8cFq5_T#HIw4nj^&4ykV
z?t{wi>aCvcJFD+Z)!Q4+Pq9E=qIA}nSbV`0W~n|i_@xD&SFCbTdnV`O$wPc(I{>KJ
z+Da)#WEdB|W;9IYyoLchY<4o<fv{FWGF3TLdoH%QRHjT~rn4@^+sCSZ#sh6|yn`!V
zx=OGTK*l603FMOSRN-|DWbP^xf9%fo1~!gJDE1Y@TZ?HpJNeOLJ+2p<$`f-zBJiL;
zy2zX6!`lvgJ?lWm!s=PsoCMyaSo|4lnGR$SP+%7N5+^DW7qlS-(zqGd!s$>w6|6sT
z?ahD>*W)dzPJ^L~KspzHPibDxGpeWI(0Z=Jm~K_o5cYkAn~1zY@W%Y-wMj|lC7~P#
zn?qzH7fOWTise0Ob`1my3Y?OKDLKYcKKst@QolF+)E?<X*SUTI=gp_hFU<(Q05^eG
zir9!4!cTF9#RM>ztw!PaMb$WiZx!({KjYlFZbu(GneSi>{l+$bQvcP6M)Z!z#8RKQ
z#D(C!A*yKaoJaO$W273HkE?2FDby#<QkhOH#GaSD;r4+|0uGP?0V@JslFi`e0f>~I
zgLfQ3?(ZB2jfdS;aDRac&FEZhRM8b?VsTkX|K?*@?5xObe7)IyH4P$mPJBU?(GWTv
zJZ#0o@;H~&SQ_4c<;2{@L@D^za%~;P5DIs;G>9{2uY%<R9viSV0uJaku5X&uVV6>5
z>1u^rCHGDQt>E03gb_rX1C(gukOFXxM=yboMk0}%qw+WVHu(hF*Qg%Gw+#9awL5EP
zfmt8(z9L#z$fELR1MZI^&KJ#xECGbNcgF(YdJ{MTG#00ShZORSdA1a;sZ2S#IwAJr
z><8B@=!G4Fp*kDih}pWQGG^<l2ErJIz~=y`j7>J4c_mA|vhVw}6vT6xay5^7fNI6K
zh~Su<kXkI%Ylfcm^k+O$hP211pHjzW<^01tK0*rM%Y<6eFRe$s>>?-9WK__Nr(AOM
zu(i|8T>-v-6rPYZ%)xO(0o-wfGBXIk-9wmf4(_p(#b`Ql)`E=4REjfedc|0R^6is6
zm!PSIj)Y4a9&S`IqSOE?hZx(~`MY3~5z1Z_oG%jRDDu)d=OSfl-qJ~(Q-Z+j{TOW<
z7^Ptf?_;G&?|^~RWxYo6Yjx~h!QSX9=VajEg8o^5YDL!>^0bZ@H1Lu+*DQa&kd2gF
z2hS$>GZ)_*2uf93l6ZS&CK7jKE=%!ycuA0u$}dLdzH$EfIHxp~@@D!S4L0V6n%6RG
z?rdh}r_qu|n6(hEHB;A+K2rZ54Z>cr4@6r^&oE@%T;<62x`L(ZZW7*lc?8NF$Lyt<
z@nK7UnQNjGOm7i@z*B7;89|b*U@Oq0Iwq=Uwl&hUUB$zIV|iR4c{*2QR&YV!byTrs
zvQyB`)}Fv`1fFo{REL|^6<Y#8Q{)e@M#(qiQ*q3Y1+ruINirg9+DdmiY9Ix(hLC<5
zoBYb9Vww}uNxe&9a6UGLNprBt@5#)C6FTpIo?)Wv(OR+~t$VmvFe9=40_J`}_77*q
zJX=97-B=@VhAb%dRT^3Se?H5%Z_61&%(xWRz0BSlsZQw~%$A;(<_yntcK;??TG`H=
zc^yIMVw6B>2`UX#9T`*zZtV%@4Lh?WBwN_A?qKQJxwgD!4WxVCehQJ_SEl89TfZEC
zr7{i#y?2#UzAN2C^y<lVjYiyk$%_s1<zlzeKtYHt{_D@J90k2@0K@=Hcyi;~2Yd=O
z{?e+uTxvJlV@zz0S%Hh|m>15}j>1RNoI0A^BpPRga-E1fA}BZn;oHcI4QZ5!3dH_4
z&9s}pXvN`shTjSJY%&gFX(!%;@LAY@307z9ti`~{IihamGfoLVy4xC4qlOV&G2jQN
z%$P%*?=W!nv~D1a1oZ2^IkM3Ia0|igVH7mEM=81P6N^G9r3k|DC%z{md-ZP#BLdLv
zZ|&$3m>H>~kxSIx+LRODqB{F>k*{$XnswSEK=3UW2mw#HNR-RL7prIrxpDP>)so$M
zt^^#DVN-hgL;H;(=38)KNhBObW&K2<q@QU=k5FZ|->7*gjq{B6@LiRv!>S$(0WU{i
z{jn%Mb%QyGJv))e145uUNK065EXhQG4+S|<lu$^v4??cHN(XQ$4YWP{n{%OXjU5Li
zps~Jh=I?=$ZKS2LF2ua~6@*fM*7XfNXdOYM7+x(yxzQFu8*?M~QW#WgHh3TKf-_A0
zs$Q`CT{#Zz!8U)>1pNqH!vdYqIu<WhR722f8x;h5!UKSwtjM2Na{wsJ;pxdcy2^rk
z4$>;5n`sZP>~M@+flvrL#m*6GRrczhPkF79L^gxw10g7+d%8<=@bXT7OrmlNT5&zZ
zU4JHCJ$(635P392!(!RyTiIbzo*HI3pMMTR>az|_1z<~vNts5f4)hxwg8Fu!dnWgC
z<Myc>PP*J&?0VqUac&_MOhe$mX(bv<kamM%%)kQ@5}(X_E5*9@nCAx|z4GS~G;^>Z
zHWN8hqm20#^=&Y#H@~}oE1}AVqXey{!W6L}eGs_@(dQc6frMd7Az)(o_NE(C|23|N
z#Sr@qLaxR+Ltrj_E`Hpr$=Kz=TvWO6ej<i>+vB=gXWKao$W!_f@TJ_u)ag)I{VTc~
zWwhE;Z`9W-J9l4+{<~XPwBkQ$ajNI)Wb7B%`<3>_D5g)DUaIbY5n-2bMIb+KMZ-p}
zi5DC0<=R$;h+VvID+!o}?`Y^mT??MIub6Y)i;ik#HJ9y2QpY0HU-(oAe07fOHlW{}
z%W3f|2^{q7%l@0KGgcX=&qJnrRGm?WR}DQdhG`D&iSF22pr2e4%rOuRdVbBN;VO);
zg?lxXO~cKxbq-&DaFeSaH-=GJ-(MWgb1~Dkoy@osLm$L;+WHBRaCoMjCw<qg=XT<E
z4GZQlctHTJ!77Sc{j3)2o2+-)09YaQi0A|%xyG?Cc%O)hn{jMToE>3^M(&4fuoa26
z&h4LBZU8(Pb|Zf>*DRMy;~Q9|j%lP0{#|@UySwUV+6sPumEUi~xu&IUAJ?ICMX)B|
zk|`tltF^cgP(@);czIVPAC3O1Cg;SJV(YOh*wG<EE~g~RmI9%SeIz1HifqVm4O01E
z?A=pvCQcM6_%F8YWG47x+s4FpGO=yjPA1mGwr$(CZR7s$?!N4O*xHA!+WRn7{d?`|
zhwgK_yXtg*L)oZKgyz)33+mOE-}hTt#URd3fDY5ttu=ck1E)ZLfU<D;!G8H@+|4Hu
z9SN@wanCjH697HquTY4WYLJr7g%guFt)k9c^oEWibyetV(QHH=!Z%DQV_#<fOCJq<
z+XdXefQ&5i9z!=gt09$kpxl5NI?kE+sn9pO<Ky0czM+h&D>K2Ng6uUM0faF6c|?Mj
zj4Y!)pZ&3=5Ons*G`1+!iC>VItg;vISPC^O^S!YP{m++MAl!eio0{Q|l&H%kgdLLK
zz0DjqEA7wQTC2?L4vH11z$9+zU3dcv^>(@$%b5#1rLlgb&;F&9P2w4khN%vZ>R_Om
z<>eQDd!Rr6OJh@^9#R3Z(K{sLoI9hCo;iQaRY&DylHfvPe5-oj#i>8eztD04QDp)z
zApdofj-?&U1gZlL5u9P6LF&kCUd&2FTnCK(9Q#Rq=Tg!`$gW^B?3|xC-btB${u(bJ
z*Va`YjGQ$=Zlv+%mAqT>xq~0I@7h%f%$!Gmy(7S&I#g=h>)PU7duf9WtYvp$n-!ks
zr7b`uwPTUTrPq|ocQV(`pXK>Oc#)ej@#b-MS{c>(Zt3F})da8Z=l60t^{~kulQd3+
zbnlHFU81$F?Nl^FBA~lLO6hGJZ(Gs_MpV|LZgX>04wn30D&x7u&hV~wcsDQb!@mlD
zeh;irVH&e+z7=`t@W0jjLO8Tn98hi_v5>gh8UK@txv$~)A$5|?;(RcqDSrb)rS*bK
zeuC7r4g1Qlz1ok&62$T=@z=)5&9P=KBdp0sv1_c)ZS4&PMvDvfL9O5cd6cXP0pV{F
zF*69Wd$eC05IES8IuRA(!SRojyUc2T2)C^^eMDsMM6(RTJBe9>*r|j*$rF;BM#K^J
zT6f1)4Sx>Z?vCjkWPl0{7pZUpdE(vH4A(EA9#8D;{#@4>i>9sBz3?)AU76g}OOO$&
zh)nV$&@O$UkYWH~*Xw?VYNWjrF9`&5?JCE$gV3eigS4uOHFzhdY&@N<ySQwB#vYW>
zO?46Hl+580xS8RT^N+XmhUcH+Cf;C-P~jWFgs)FIkj$1J?%k&Z2jNnj;E!qw0=-A<
z4I+rfkBxKF`Z2hXBc2QcL`(BpCN?Mj0XJMu4ry44+N@mdvay|TI3TN$JSRJ(P%c5-
z820A<lZYG639Vay5&IZZF9mOZhz}WXwRVf2?mSE{8CYF~{m$<7TBEx*^jhieRg{(x
z)WXk0N-wFQN?nD;OAVqba!2FKnfi{>V={<NBg<eO>ap5xk5x1p-0CbA0@b9QVkYcO
zL^$NvQm)|N-<XcUc1J~0s)Kb21Cd7TVqX42U4<vuhLrMyArO-un1SGbL7XHrR*+~s
z`<#qm<fY3-zEoN1YuS|W4Crsr4=i96B)8@=5u{&8NM>FDZa|U0yO)>2q-AT5ZD$+;
zhpr86R&VK9Km8pAMxYm=lt`^mJ@DDt7&v-)`0d4vBXU$FqlT4!ESZ8Z1$MOd-sWa#
zAK47M?A$F&4BgwQe}$|$y+n>Re;k8B6{Mj|9d5AO_$pOyTz&(16%BcRgiudc8ZMgS
zNKCMdB;gdsKlZKOEHD1ahriWgynH}_=W*(dif!-zZ#T2d&USMlXrNY#>4psU>Ki<`
za7)}AkQ%Ez-zdD0e=c4QiS!Vtk^!o0Sv7ontCWP}!DF9Jl9K;qu%K=%e~sjn0FyxY
z*E#vlm1jg}07cW(k*T>QT&G270doaQ>?QSH)nkYtt#s|vmKU=)$^Vx@`^mEk60mM2
zzKp&B<RRekir&UPYhNmkYh6W(^bLY0sUwq^-tb}l3?jKcdf|FE3|ihd;;^B|>I%Mj
zqNUp}gwj0Z*VR`n!GQv1f7(9tMI<(fd3~0Fj~bFx)parcvrn!;56sCbBm0QXp36^{
zIuEDwj58-lOLrFe)V=JNwmMFmJlwl>PfeCRg2T~{8+)<b`Kyc9sd#bz<^G6C+mh@J
z{>)!X?D{rjvMS8J%)H;Z_->%APu`1EE_ruVZZ$1?B^*>S5&3&Bf7Y?SU`7O!q+*}q
zGXJ-0H+_J_|Nmdl|MSm3|NG;X{pX*5{`u#hfBtu3#P-iW|NQgMKmYvm&p-eC^Upv3
z{I7z<|M};ifByOBpMU=O-$j}KKmT8vQu}`>uhjpa{*Us?y;N5Y004vR|EgllbdS?9
zb>8tkZh!82e_H<Ze~4eO(8!>LTklhxar=#(*h^!=M1x336$QhA1FKz>n+n4K(J#*|
zt&ms~!~h>Cj2YT!5C&%$3XVUF$QDz3v64(?tEu&?dExByQS0h0>vg}$*s@4ba@FF|
zQt~)fw|vX>`qkUC^SIqkcWT_7lYU(7qKZ3;_ojxkIy{A<e_Gw1=~G)b4E9*%^=`ns
zkSKRwt};=|7sc(OgDVB#SNUM=(x+du4zl9?+|E>6KJ}1I`P%rMmCZ{xQiL^=*3z=>
znl60>JUtjWG}p9mKW)=>zky#DPBqeL2Af$?MSiC@wyUvI1&M2E#ht)y|L&rj4w~c2
z8ZE!rm_1vCf9RP;>e+ye7MI$r^yQYo)rrZt=C=fZ>vjDw<u!$<LfomkxHkD*e|n)J
z)iKvf1T#ed>_a+_wtt!pr|is(RW<n?ZAi_6KSq>K;R0X|G0?}H%>wo-Pb~n0*(3uy
zvR4}JO8~nMw`g=&cWJ=w$y*iO>v2qlND|97yVDc+f3BA?Z}5*)WR}&H%CXq%?@Zy=
zI@H9yf~@*s2n8Cef#+T)fxYO_FCte{Dy~N>BvNWSh<JU5mo>}HdQd-QPxjwjJv<VY
zfe{23vS=gAl8Jm_vj)zhbtab9t6-_${g;8V*FEKSnsHM<PX{a#r>xJU0H3_nz#|V7
z2DZv}e<-3ey(d6NnP=fcWd|S)j6HaYPfoLad+rZ_JX<f^keAdyb2+hUg{P$gB#6JG
z&#ioU`^RA$NqT@biW6ko>)`vG&UfK?K<z_CrvN?(9x>;#<NoX7IHup{Zn{tvy7wTw
zbtj^UAlS&G&|e}Wla&d+o8eRX>hr2};!JJfe<{C-0KB|ci)FxzsVUg$CDv=|i>8G)
zk>O^yJKEwOWL|Jta0o1XEGs0ZBVU!w-u65lqVE7=S5K|3745rrr#mcS5)PRggrO8?
z9Vp^W`|?CS7gH2^Jv8>)!Cux;X^k=X)y(?EgGWtBw$2z8HEwhd;x!n22(&;(xTYj1
ze}yoyrncH=?+*l|_2aMOPt1C_ef(tE^B^4l4f5l`B|Q|yRu(%tPuGSLm>Io}c4AqU
zsAA&LKIb)79Vme^Jcqhdgz^Ua7p6<;PDJZ2UCYMGIW3kV)nEsh2-ca-nM`nAv88~x
zU?hMSL<W=zu^YHKpEs+^jzuV;nO3SCe^~jTPE*^NkNp@DE~DJ(OZLw?gG9PD0!+yF
zLFvjqm|n@=@OT5`mRD0->OZz^?Tf5{i6eGbKi=8t?i#s772lMmm@S*YQ_IPPT34>o
zc;DT!(1~gPhF*HXD)_F%U=$GLUeI(u^#NJ|5~xd<xmz5TEe;DftZid8>ra^0e?Fy{
zoE#QhvB)wnzoQXkFmEsp>l<|KNPDNk@O3bO@^b@$tH+#%9+n&En~{y!t#_3yE{D!#
zbFUSm5j|rbFohuG07}0VcmY_Eh!ENye~YYwQ<P??r`6u_uHP0JzVaJ)NBO27h>Pt4
zJfnedRY>Ii2JV1mErcj1Z{#YSfA3Aqo6S@Ht+zy{u1D@ypZlCF*s3|P0l@(%aS~K$
zZXEb#X^vf#K{fBqhwiJ$Lu*^k1|!OnAUxoU{!uSwfPyq%3Ulv*=FVT^M2JQHn*;cp
zw4r9U>*xN1a~mC43BVB8us={_9$5x{)@s{p?LIqJrTOcfU*`>YY~Ax*e`hfJ$fTA=
zFWBhXUsnNEcI|uBq_4{NXKDyJ7#Rw=&<s_mT!twv_F_idmeSS#F2CEW8YR&tSA9y+
zcpGA0fG^g5wS@)*AR_o>Ia{$&TnR42Rbox75S9g7)7b1=-f$|jeHno-SGwP7Ihyjf
z12w{@>HQN|k;d9;`^m#re*+ZzWrhxq{d4`o3$!+vR5ZhS0dbP~X06&)1_FPwB3|1D
zqm?R^rv=mp!hw}EM~hn0(@p~vFf+iD+JsG^9OiEV6_LVcafX+3mQEPAZ&jd7wJ#D!
z2$e^p<H#f3>WYzF@3RUDh*_Dr_|YU$h77B@)zW{hSFU3Sf~!k4e+YYmE`sJ4kOd}G
zpnl(=-e$B4TH<?vV+pod86V6cIuE*s#J8@ZBTvzpsfd#>N~2+?T~nWn0DLs``eq$p
z1(nF(xX0CmHdKbIO;#nkNQXQT&LKeW?uZrw$xEvcKWx$0ijx&K2Q({pwRt~#j{O%A
z#6|@X6!O5Oy%V%Ae<hYLzK*)63pVO8x53sYHewlbNeU=>=nXB(>En&Q#*E<vP&xBZ
z>Vqg-I>iUBdADc*Q4O|nUCsgExe6vA5>LE@5HRswGBL+u*IHcwD+g^bURi2L-<RBG
zlV39!tH(ccHcjqYT@|+hF1TTOR@k^$d;4)Q0@kc1`kx59f74s{)yZUj14$+<N%>B9
zX1^D^s^q`&^{6<Q`M-H_Hk8LVrbUuHA~XOyMm9h<)D29ghR&0-i)(SD%?^iEkP_cB
zoJN24JOvyo%M^TpyJmLPiQAkF3#vu-*=~$E;W$~Nu5ZzH2zIDlk`o^2MlO@V85h^P
z-D?q~@8Vr!e+c4VjhrP(GX~y9lz)h}J@+w8T#k{XDcy<Aw?TB_`Y3vu^fo@*<nyp8
zEQ#5OLZ`qOykHb>w@>gpuf<0{*}HG0b)TvE3$WHvSb5Qk+AORn(Q~%EFO5;9w+A+=
zGK>a8_}D%yfkVhVEyz|`!ElRM-EbN-42%=}puy%Ve>FIXS1VI5+Z*QBZkNpqZre^(
z->*|uQ2KjD%AISnG6`wSg-)KsT59?ii>TAxI)Q0=iP>kw!WsH@2qPpX_<lx5qRWPQ
z@?WF$aMQFK7ygQ#ND>esA-x$iqZ13XsOhfj>(yVs9^bEjND|uHyqwooffMWg)}|Kb
zmbTw%f8gJ$-)<Shx~1ac;1Ni#ito^djlM*-5$~5#_BOf!EqV4&5&GaLVAhynh2!2{
zOC0kR{C1c_1=mjWk67Q~no$e%0!hF0F=w+$kbNgtbnX7EzvPx&307MDRqrekN{^o+
z3{^BJBJ+B(pH=86$h@!gau`}`?-gOW@*IcFf4z@JKy|{5q#QP8OxIbZmN1(hVyKeF
zuTYqUexjk&YyKzfh#;URfA*nqMJ>sqF}7qi@b;~62Z8uE5d>VT5F7jjT#`c?UO1A#
z+?0dYPvWb9A*_a~wjKWmbo!)EIt|hZ&a^@fNyt2Te<@h&VB$@n|E2_Kw=4@3#*ehk
ze{Etc8N*ET&!<La>8Z>fhRHL8`SgS0!<lRi)unZh-e3aSPO2mdq7w;2--#kPVUKsb
zgE2>i!?7u9eu@p>TOMk?P9=}!)$i||+LHC_HJRlUb3)vi@L|=HlU_pFsuRY>Mrzhg
zexSGuQsjPRKY71f_Rm4o5KI=6-pIP6f7K7|Cr4wj2kR;HBxxZg2sY6CRi`1i-leq^
zKpX^OF_j*c1=EZYZC|35)>{Ja0422u-2h|&avyX8hxp7z@x=og-bq7ldf-ZMJTLNq
zy8W!-J_8?X{#Mmbsx6Q)?{}6e-fQVee(NO!R{=0iTAYy!m|G7>Jr^vNms1MQe+Ew0
zg78lD{vpe#6m8=>lX6P4oKo1Lk{vb$wO)EtAMUK_wecw-)t?R)HKKZV`*3Ic=FRjn
zQgWm65E?Huf;4eJQW)G}WM^Vo5=;sBfdH|HCZ)M1{dJ%DwJ}}R!D3c5Z(RqI9Q3o$
za8tRH9%E)%yA}<%clQ2o)6uKMf1}Ip(;W=<a+fL;^X^5;aaJ3>E|WJ{36jt`q%;3)
zfy))4Q06I@t~D(DaX3%D_SqD5|4h`_M|9EvKiD6z>LTDW^H$Fk0W0`xwJWcw1?H0L
zQy`X}KIUlmxdnG6%Bq*8n=hNMzAo^_I1>Aw*Dn~eOOLWupVyffjgeV@f1Oj;#FB7V
z&8D%-hI^;-%%Q9tP>0~!_1tO^XHwJy&frvk0u#JhDTkbU?-jJoh8Wfd*nZ5dh836(
z%@O-nt9(}vlz-%X`Fo1#xuEtlB|J6j@h27a+Dg!U<Tke*8@O&BO4t)bKrta5ftM-e
z%G8hykfaaj|2O3G($kYje?~4x&LQ;yh+7^zSc#Gor^tsD^iiV>qb>J7kMgcqemAwx
zPuD9>S{<$AzZ1UKZHu@vz9XfD%?C?J&z$9S!ZN;W@2ArFOb9F_=6Ql}bJ&fiqZaD!
zjLeGQgS{M-F;H$0HHb`D`orYmLr2hBgTs~FZspV)v+w?)MRJzwf0@QKj=o<{)Y2{A
z-R}L3%^n#(5Tn&2N#_mnX&_m``H(>bEHbht;%}&jU}3c!oD><Ea2Vvcq@ffrribch
z@ZN)5jr=%n+j?^JL%cMW0Kg>omWD*2Va^>@rQCapjbni+h6TZbd7!i~S8RwiOGFQO
zNh2`5m7ozDhA|t?e+GpMbEpU=Ru-)(($&&@-}KG4!&D&@J{exX>$sTUIDx%v^#RgT
zb7M}g<H=+nQg70>l|kGZ-~<vdCA1;b50F8<2%uKP5CMxK4NDXksu?zc5z`Xc8rmLw
z{Pz5A|2CP;v8CCxpWO6yj(=L@?lDiptK7JGZf5g+!xL%Ge|hn+Iad`fjZ%kV<&(HE
z$cj4@7KlLpsTwC6mSu$!Gijc=z(4!_1=ZDIwKhxN9+@_7n@G%CN$)|W_k7%3^wd{P
zI?W$QT3Nv+PlS(Tug!2o3N;HYsRT{SwN8#}i=3kO+}ibh^N})LK$r~g$M_m)&E)$A
zWwhLR?l{`ee?3n~0CGx<3&v@uJ-`@-9fV%1pnBM3I9E#kx8l>h?Tz-^aFsXCeO0Do
z=+;@9i1+f^8fg1|8S-THDdcg(F)<B#8B7@HSZ7Sa7Qhm$K5HVqk(8Vi!q07YIC<I%
z)^oocuB4t+uUX_epJlG>t0*2Th)b8bW-mA)gb+t3e|@hpCnoSin7^ufUp$sBoI*W9
zG;rGXHmiZTV00jl2bx~@b+qXy)Te^tD0g*iBd$fiqhdJU+$E1fqQ<&n62aSaRQpzu
zCLJB>+>Hq+X{yrp4i%XYZeHb5ZEZfG4QG|PS$6Bs;>bTLgvET96W{VW!wJ#TK%pkp
zTS^iQe`0-cs+Gj*^-b9r%*(YL#4+Z=tGkq2&vyTv6{I|lwB&o=_38)<2>BgB!lC4i
zyFO?yZ2L7Ia&#7Zt__vPao$rpD(g@LTRRvMk$x9bSaFat1e$5qsZ4wDBge?%GH($#
zcrkW9oH(pbhu(w)4m6wwH?4_laq}09zB$$Jf7ocnBr6kUbGkJRT0=KYL&H-Mv6>yX
zRj?Oy7U^2^E1;~+!A3oRy#vV20#%@tfmJz6<{?nYUYa!l5x!5%L7@{jgr8Ky>MRR#
z;^ltscW^m~&I4?bV5(*H`G|FhtW)>VhtJ>^L8hC4OtYdPQ(%#(QQT7dp7HjO1wo!(
ze<detPZmOibsvznMaj}hN~8*A_s-9k{T(Em0HFt7ky|?`1`6|wZ`xxBB(?2b@RTto
z*+G8d_n54p(GlA1fn%g2?GkrxeDDH*Po1J1#K0f8<vRtaarLfA-MWw8W(}NbKe_F7
zoiQM!1r~k2JeoY1`o_iZxxdB2y%vJue<p&=XeUPuVWKiqkn`6q05Eysq^>`!oz3O+
zB5iGx_ious%yY?*qC}&>Fp#nc1Y^ARe=;@gJG`${eusL!>N>7^%E{STO%wGsV_HV-
z__>u}SQX@#IXG#6&h&HhM5E=rxal5cQz3JbU9K__FFha=K62hkfK)RHOm)DTf9v-8
zb!cYUvv?EUF{W4lRTR}mQbHdn5&$GV>->EG+Qqe~-um-(H!mmU-mhz)seq8E0c*+4
zahVKGk^X{rbmM6PM1s^T5igRL{Zbe&M<n`_J4=k{IU{Cr&scJVSelZfGli*-ykFq&
z@pMwp%30&t8DYbou5Inr^o!EZe**=U5;r>c)V|>)@0IFov9~lJQFxPw1Jc17h#n^f
zWzF9<D9zIxe2bCm9Oj@-J-y2nyN8|=_o{bcU?*eMw2f}?6|N=kDBb^n{d*xFS0LSF
z+8lLr`JL!nH-!w)x)Z^%F3y7a<>YtqDYR{~>2WErmTXO)-0W_0lqFlse{ca058_>7
z4JvA9v6FUjNmc~4L3Lo7OJmjzr4W(TRItCb<wV{Qn(I!~x*;nQX*h^y>p4n#cl>>7
zNxNv$s6((w?Dl6CJsOQgTA{fulrC<b5KM~w`x4v^$!>Zgh3-vn>UIt4bMl-o2~Ssr
z5!FNqMixUGZb%U5uZm1bf1Dj?%_@P2@5#h9_hEvHd42JD(>biGK=o#8Tc5@6J_(W+
zJUhrCYN)(;!A}j+q3prm<w}1OURv$!qnL{SE%lWU*(5bP`N8|g$~}V^*B@gqUfBNT
z;w5Enbm{up$LsmPe7xtb^PSa-xHQi`Vu&kH4Ttj_q=VR-$o=hFfA*u7?7B|%zmsUw
z73&MAh`x6aHu@az``RT1;^y4_Y`ksO)1F+`XAm3pP#(Hvr-J3itPQ|!=*+J-me(<t
zS)q+{)zeID4!a@v1RmL7SPTY<jlUjy3~FYtM-b1G)&NW)K;}^Yvmc3ViV^?->wc^s
z4)Bh?UJW0$g2(rNf8|UFoaeT>T#S6mCSi0);&7D?#K+ZKD0Lc4J0dd|6{(*hc)BqX
zG5`_gViQDN@KN_3wvK!PRa4UC41NnW=QcYDFuvx56DX`<&Vogp2`84FDRrSKg!5@l
zwLIE>8C=-AppdRrn9}S%?%{;f-*F{Omppzvy^vH1W4la+e_1yrCZoArR0Y&d{63U#
z2B;@c7&IB?%)7)zLu!4;*&7+mVm(s5Lvx$$#gyyux=d*T{D!9Z5M<aQiADv#m%DRl
z-qPKEt|88(8g_O&o9<^q3RsD=&}k+x9Z;E)5~n*%rw+~4*j!`lkp2QAmJ|<<ycdD6
zGMJK(GV8NTe;*)B8X7p^L=r&rl+L(?L4Zepn;P*va<F~3kgjUkeyZg6nF2d`{pby8
z>Sqja%dT-B+G0)_daG!_JEjE)aQB84O_5MO$z<2Eo?B)+W<9;Q1N=yub7VifzCx}C
zOf6(6A1=d}x)0UaLDcJ*4fe(eAK>rh#E>#R^z8@%fBJ^rTcgFMPE?#Y9``|JWyc_Z
zhT_;0(PinrOH-@SyX59Vr!<-@2&?wrA!lpmQ{(O$Qm@^=its2{MmMtlUp`{@zuvL}
zi~rA`G%k8U{^u)lAjDreY$6!{vjaak0?#7=xnx4utsb$$MYhZH3fH#Bbd&Y^f30i1
z-g=#Ve*-UHVY9GeY+@v=e5&{;t?_yKYw=#S?WWV#OJT>Mc0j57<&lBvkFBNDVLj9N
zMBK4A<_ohL@@<2j&XQ$HNml#2$8H<KwFJe`w3Fsfo}9n?%=N2Xo$TN)b`UetM26wN
zj@7NNCi<Q%eGG??QW~c=#g|U^ykb|SjEx*ie?RbdNVGv3=>BNzC9FC>+^npG$mH;0
zQjD*O$NVT1f%ZRfDaGq|GO;<L)B#=7mVNL_s2d<tBE<Jt)HYEQf8<i6#3#1nSWaYI
zn0Im@MlSdFbs)4+y{Z1={uL-<d^6oc(E|OjnwUsqf9vIaeWe6D9zr;0(HQ4fj|rlV
zf8WQ29I%3I4M8o7ZI>TV?Tp+d0eu_Q&8Y!w)~s+`z4pt}2FTP;p<>CA+~lk?rHw@i
zLdO^L6*o8Vwq{2)D(9Ku?|9@3CjuW8<m|?EBrN_=?bpx0hcu+`{+JOSvYVy3o#kzB
zPEo6B6K==*39zK?<GjmorkLp2DVdrMe|NTAs&G~GUc@q3|4Vwf6LAQS&p)PaxO?j;
zzyD*#v5}K5oh+p92IXGpmF<^+pWTjKE6UVt;yA`I%;Dd^+#Z8{zp@%FkJ=eM)hYy=
z)2&J-JIjJ!$gu)#NYwZGKJ2zz5B(eQu4ZLXMfh(IM4RLAW)dgYk;$1?a_x{Rf5^_9
zR#>|-7kZQP#k+JaU33S?ay=<(27+(1+U-$;s1sO3)z{^?<FNR!mP}e<hOiT|tx)TW
zl?!#M7#cl~ZJO_MkhoxRQvCQlUXZa&!po9e(=kw^1O;pWQwH^-#_Fb{Z|52o3<{CF
z*#<VRnjuJ6wwapH*Zs~_?EQtgf9!h49+^30d~dZ#Z^G=Yhtb>`ka7QQith@?>$KUJ
z)eT1`@<15H(+N_w1#e#zT+=0q7K8a6aAr1H4nJsq<Dbu;^}LZv$}bsYjVE4PEy;OF
znJ7xzo_a7{vWb&cV9jME6ir+H<Qq2@X-3h`s_^M$Ui1+(28H$2P?uK{e?0jh4qG2;
z@T2=i<J_M(FZeAuZu4x^J^ePwPN|V_P{*4lE7GiBS{&FH<2$!f_n1^)?RW{bP#o(E
z)$)MZVBwHi9uX|gCxKk7<!vcfj_nvRc2P95hOv$xDAjU9z9hLCZH-A`4rxs?P%BXi
zCOhWq0`6O<_yNJu<IDUte{<5f?{hY|H>X*H!zROUYjE4XVv}N1FWHVp(jfK@!i{+(
zdMW4I_TH;{f5qPR^;jIcgz3W-H>5`Z562IV=!kN%;81AJy9bgXo_L^3&3&8o$<mqZ
zH01~luOHk4#zZm`=7miy0E-;f7+A_V4<pz}K_SYlcy~=u*oD`-f9$_~zb#;I_Oj+!
z+G|Yd9?Kp=BQvtcA?J<TXwHsH$|ej2qUl*8iUy$8x7jEEnlp<gxbN^Z`s42@y;{Mx
z5$?mIKXD8z<&9=GC+>B{?t2)a=(P}7#g8v42ctE+sho_VL|Mzr*#pxHLv#Gsmxdq8
zL1Y`a%1`bQQRq~gf83p=bcR;zcnlbB#Vzf)rOjBM+F}&iI*gsKFTReGGNsUsZCoK8
z5<!`Lu;<D`1pX=BTE;Cz?=wk)gJ{}3oGPiMOt|(6&AMmp2$z)NrNzVftu8f`XSOY}
z@HJvb;zeCU-1SoIYwvE(f52x*&2<|YiWe>3Msr^==iW!~f7u7?u;Cs-|K|GX_;&8c
zZJx{>iv#NLGY&O>@z$M;zfG>i73{qw0^9SjJmuGPx3J7v`?PAxrd`o0{QBBY>OYeG
z0D2l!H(WCCzp59Xo3^j>a=t<<+*OT3YOrKvgbXa4g9nqgf(M>P{NJ38kz($Aij*_B
z8bH*j7{$vpe@0wzE1O1_q!@zMX1C|%?&-tdJDhT@m&qRYmxC^*-s03zNyG!e3E9=h
zMKf}29L>N;=QvwHm7WnL=__X@lzpFkeD|#Kx#s-x_2%`4R`p33w%crEUyWj?xzhV{
z#;KF7=f=venFWN6K}1EZA3SJ>)E|RVksZ&2MBB`pf9vh<Wd5%kD7UUq3Kh8o0n4#P
zszA#n1GS2RdU=YK&cs*M$P#%GPh1iVAzG<D{8pT;5$M4F{*4B-PwkG&;_kybrk4^Z
z-t&gnw{q^%__X6gm`1<ANS0ob5hk!rIyRZ!@kBpFVQ8KT=U1Qg(>P~C?PPyV9tr^u
zz9w7Te@~QMKvLemCsZu(m1ze|TQ&RnqfxNYq1&C}ik+FGuF`}+p%`osb?fc%1?{I%
zBi9&ghoWxB$0M2j#9!T8*RPY%pf0)EVul;aB<d3foP1Vtnb~N_yj3Hvvp5y%mp>pg
zup~yhUYIG00q8r#Fv7CWou3}peV{49>wM4Vf3~`;N}f_@#Phgt(5_pmdpkzdqmdSg
z;JywCV=}fvhYj;Un{BZc2Qm*k<Xv~aesapw3HZ&Q;$bcqxv$0i^DpOmr}!LUtdJ^H
zBwp7+D6Nvem#ehTPoJmVwl)#rvRx#<hhw@g4owTQzfVplww%ce=YZ%aXyf-rk+OIi
zf52S~FHocn{j>&aiL9RyXi=l7U&Gs}@0Ygfj9dwFO|r0nIoTlVg<F{rr{uO;7ORlE
zjt*mz5ph=cTL__}UjoDpLc@$%YZuQ0`CHElbkP}|udKE_&K_6h2*)*4t{Buk4oq21
z+f-KgiO%iHvYf%;p?s--*Eb+-4Kl|Af6dv<KXzj$d@j$Wec#ueknjZ{A(Tl5j`FLn
zI}}N~)VK>4=lx<G2s^MkPiR<cE>@xPud<4m#n+K)f{{5{qMGfQ)dRCK#Djm+`4)sh
ztTiHTl9I(3O7GO4=M(i^tje@1{w?7x>&?^f(G8^w@JOC*q?2o%<C1H8;4x~=e{5!c
zqh+%dRowCTWvK{>h56N_F|HL^+<h#pjT%_(Jve{89kVqfEyK5QhYo9BH_RQXt_^D5
zDf{~pSC#kLJ!<1!Hy0xX3W_rzv7ixmUhj)4l<(m;uJ0>coxDI0Npj{#>n)E-{|;{`
z?`P1#*E141o3+p9>;m7L`jIj^fB1?43M|<`9!MeVZiosH!lVsEC>|sacSlI3J!^)8
zMF!thLPo6Ndb`2r)iD{0Zy6tNzvqLey|Vu(JlU*rghG?#Js1<Z5GD9W9rDpA7R8t3
zFN8ca0=V@`NAkcOjGhL!k&NxZL6ojX=VlL0i*B4|O{&L^j++Og>32rOf4Gb|+6A1}
z;Z2SAA@-f<SbI@>EOn`o(S#(!oLBhwtvglCc9(oe$h*-=5LG`1c|4-esorA#dN*k(
zcI~)`3grNy+G3$>2b7@K4OCf#pI|a;QQ_+_LmH@-zpZMT(OI4e3LFm@s#b&EeA_tT
zPB>z$KEG|8ktBYai|PBPe;G*caZIfCgq(KTC8u%LOhjpzn0Pcy^bXb-a=UBP6V%(W
z%*a1)7t7}G84?`ZS8RS4J1(xt{Ag(|qw~^x1X}mMr=f^ux(=Z1w?AEbPsI{xW=tQ$
zMS?A^*2W8B%ttd45Oa#~1g*IFkcyRATmpZ$Y!2Lpu*E}(T=Mq#e<;3q4h?f)Q|Y}d
z^e}&ZV5Mc=7;I1D^F4M9Q{4`5)Z4bjx7zwre_N|V{45aA%w}VS7&%UTd?;qzpZm4)
z@E586u|9{wf=xR{9^%ZIe2VkABf608jA~{U<nl7r0A&=5VankO7<NXY+e=|Htw2<b
z5=0U$2DV-zTnaZxe@Qsg=?RpLnnw%4uh$1DuHgDO>_MvHIF~Nkd(HXE4Bub57m+rq
zltFERFwp!P@uQ(nEhupJ!D~0)aj3kW0wkmIqk?M!IVOhbxRIUl+4{TnzH!y)W7_xk
z1Cp;a>Xk=&y9=5c#U|S$7xxGPf}&<y($r%4sk%4%>y-__e?UM%s7INK#(jAGwEaeC
zsq>9BioYS*%akIz7i0<F9X-(?u8L0D16*QDMOk7>Jeou-i~=uJF`MHU1=B$~1|BVh
zWH%cosu>UErXQIfx`cEZBQP-2Wnk<XJ~oEerqAozd0D;ZZaZk>{syvWul+d3anjkK
zO9`9cC-SI;e|MzcPOd@Nkl1Pa9&EDLKELe2?ErXt0<+gKdzU0FC!ZDe&XnXfl;NC4
zdl6Xm2qz7@W7yTatl`a?<%w(=5G)8_Q47p=6Op`G-gIO3?8@}Io|iplr}t%TB^A&W
zrzl!EN+9-`QXx=<$Al&b#6UarE~pO8#bItWX726se>UrkiHY8Y02u`4p|WYLsT`#<
z%f4dXpl1U{`qy1&Bk&OQ*!I(LKA#Ens;A3jmcn?E1j9r(&?L{_b0vNB{eE6|5Oi0k
z4ELW@`%H#p=!rXDa&;(jqel`8wc*T9Yw(SBsfs)NH?NWsQC+rv=?UpMd;pQngEZ}U
z!ERR8f48RizmE{F+#btMuZVh*q*8@u$xI)4HVh;e;r`0dL_i0SCvn9$vGv{Br)RJm
zJYR{Hp`n+lv?*XdPVQ_N#(Y_)%tmIHj8^Iq;rzuI=WgF}PaUBV=ZQ4>364|)WDE#v
z<MQ2F-?}5>@;x@?8`iV!!Wn4sotD7_(LMxce<C}DrDNcD;qz&Y%8T0cW`E{AG=Io?
zH^QWFFETuo5<)Y~@2R|awRLBPJKpT04;4Sj=7f9nQY%zf+2a`U1_s$*l=K6kp##Zp
zZ=iKOxy5>gb60cYz;g{~@5hX%c;8A`SuB>L`27tXeLGYsAhtU$`V3>~oq3A$)rkr5
ze}*|l>KD@>2A0m8vg~*|)pSPpe=lQojpSE*u<Du?b6ZqsCeeg*9M4$okw=v&K_p82
z^&34_0I%)@@98pPkN&uoqw(24PkYS6%Htb|N49onrVix`{d)Hd&vF`IRJ*dI4$yk6
zb>6VXZqwkay02Oed%oyH3&av_0MmI5f1u{1=looltfwYO0eg1?-JQ<hm4G!lgtNVP
zj7p)$EP?p@OA|KDAGB)K;D&P=#E=7f=(;0P+_q(w_2-^Dl&Xw?a^;V*23jqtW&7dT
zE;kh2RyaH{a7lw~_3oH(s3rOB+D#SODm={Iq;VUkTlu?A@x&PS(_ub;TOyI>e~!Sf
zAMoJkX{qXhT6A(&e^#(vFE|{39?n$yShH=q%T+=qs#rM(1gNw*@YPF^WjCCScw4iz
zS$*G}h-K@)j3R;T)SG74S~&l;Q}ETot7=#nkmso*CJu8H@L8gv!qRzZ`7;%=+=W>2
zgZ9vp%FJO>^O>@k;h1&Q{j-2se>;r>0~Wl$KWf9Cg1h?*;pywCxg_8e*m|vTa`pS2
zy<5`TH>-ck0ksJ5XVC5|d;9iOrkH8L1o|H0N6<?AaSVqXjU%6Cxu7*FeXT*gq{bhR
z?g5R^>Qr@3*CT#VBnRl7=gCwMfx!{SP;!dTu{?;Ccm?Gi0GlJPx{4Xge+kzY$Hx{S
zVu<(lHwfB)NzzB|8U*2wiZiwKRy2Ff&ZMmacOYduwdao)US4=@7s}6Ygl!i*U+>}e
zm7JvNSBKTh32j^Ycb_*$@*$sTPJVQ0;nt6u_m|%8jlq*B$D6jb%@$(Wa3}T$OSZqO
zBbl}drX=vdpYTbj$3(tff1TZ(ZjW1=o>x1_y>dR-&6)NVr=wlI8iiZLdX)1UjZnzX
ze`%S$e#(YP9ZOQ!%d3x1(fbZMXQqYBq0synX&Jv8+3R;`Z7mQc(2swq;%TICV1Tzx
za|Gtg@ukTSy%6K^y^yFC?H!LkHZnSW7=phi89<QZp?u=`jHvq3f9Z@L3wHShC^1;h
zh~OcZDwhAob&mKgfW@$~ILJwnrOba@(q9eYGer`_?|X{MW#zRe&z!xF*L!_YfFp+8
zQ)Jp40UA)&X0G?XOU;RW7Rw{_=ntiBzPvU`KAFsIgV}M45X)>6$KoS<w~J5XrtU8x
zEVM4-9UENjOHhbGf31F>mx3G<0<VivbKuU}L1ndy@cmS6H?X4z<MJ8Dx}}01I##va
z13@g1fl$JJ6G$Em%=@LU+S->G!(HX^R$E>L;nPPFlJm@)9G<CS!IImFaOd6!94HcQ
zo=^goovpq1Wpd)f@B6+n--=+&&qq_00Lp+hI|$WKDGSWRf2Eh7r*f;Wm)DA$4Ja@|
zAK5lsF`9qy`BM~RU9>JJ?bRuW^~Ho<E6>h$uEul3y$b~YA`!MBece!CUj%c0*4RC$
zrX#7jx$U8U)P){<N??;?wvd-2561*%bLZ#$n&z`K%@AAWt#jG5mInK1c2@I<RpQ+W
zLb3mQLhgy$e@+NcuD@E2r>`YjUcE}#?PW+~(W-?OlXOKMi00BMS5uIUi7TC9IM`L|
z8k6C=<zcV3_qxqzd`|%HAWM6G$Z|xC+<J6bOQs>SlAW<qrp$3>6ZgG*TxjNt<@SMW
zXYUQ*J4pk}aP5hyOva-9RBL);)Z4C$;{EF^t;!ccf2m)Z#HH>%u<J2uUi{@gI`L%+
za-K&1B3uU7p8vv7zC=cwm|Dc_I`0q#4Zs{d)QR+E0Oxi!&`c<YUJ*;Yqbv@H2a6#D
zvvOPZTuElJZ2kJ8S#IfpIavRtuJZJ8aSTtvZTU)J^Y?ge92zhABb%NC%vS%}5bWYz
zLf|{`f1E}a`}U;Uc^84D^{xR|xG+`esOorNj{0?$zUihX<Z&gN&g5xw=fvM9#O1>6
zBHPycv%^zA$~;I<Sw}u%A0%=wfEYAeFbOQ&VR2vs4V4>v&x62h*AoS>mgv!q0a;?Z
zIu<icK6QO52tZG2(37vpEAi8#L|eAl@P35jf4q9%f2exnMEcm%TDelQTPb8$_+D~c
zxefPRSz3h57b@)(_$Xjk;`QN--mqwk6y`afBm3BGtDd>>T7wgHT32<s++uDpF+0KE
z37yCF6Urpj!^6rbz(V$#o(%?(A|!Dn3*ZhBDu&+I9|1~|zy)CoS83ZI6!qU+HlsyF
zf5n|&i6Kc$q!a1|zy^Vc2;$vWrxVx69XI7nm@X;s8-6h!3lWBF-Jmw<Ji|Nq?>YA!
zxFtGotM@BlZ3f9k8BmCiA|T9W93;pPeK4%)2!7(j&|71McQ~wpF|4l<7CS=qiJ@Wa
zivdL0>3Rg?qP!iz-$ecd_QWrgJ^2~_f0}oPr)BK|JR;x$YRrBafh*MbVUVRV9GC*B
zx7%Vr?<rm<L*ZyH_<}|0xpMR!Qs3MHpY~Pf9nU1AzQ5$mJh^>L!{fI<6T<noCDjr}
zteJmQEuVCMaW(l~o&#+{^MRd-i4@!H9Bwpr&kYd7O-%?rKZ2qmmxeT4(+T)Fe{!=)
zs+OQ#FLG%q^@{sc#1*0zt!6^jQq8^@aO4H*P=X7-)Sjh}ML~lI15H`6y}lS+x1rwo
zHl}yJeyF@NKW#s0Nl_5~s@HY=vp!M&9bdbCEd&lPv|v{AuID4dX^x%sBY!ow!He?H
z$cNS8{L&nS<RG929=unnm>p1-e+R@Qfd&om0PEg>fc+uFCWed*j|;hwu(<AwtXg6{
zno!EhM=X1}GsARg<q9JGYn^66U$hoM*j*H(3UAjlhl=s$9k$+Ec*Ev5i;-F%%Cw|v
zS7WVV9~A|moc$5;?Fol0_#bfNmnE%mv0=MHTdU3b=a2i99QX$wsnzMrf6`_8&+(p~
zbHBF+@LU~Ico0@0D?^KX!=yIq0WpSjRzr=SA&gO*j!1#io^(pH_74`rR=;Tr6osqf
zOj#6?I2G4YX*hI7qqfVH?PL@^NP!8E+y)1|xb1qglDri)mHOrp#*hJOKnAaAZ+KM-
zWR$Q!eNnnx2_pOs>seJtf6sUB78y+pO+LJZ{c2plRe0FMPFD;WvUFOsDIi6GixzNe
zxY7H5>&0Y%{4zstoJ*+1&Gu8>t_9}~TyTjdK8(l~Mtj!yC^PIfqpTlVi`J2tN_yQ}
zD7%>WWa?V=$)nEaCmbJkG`YaS*ZWh>cbX@!?@(EaAgU{2jPRcof3ytct3wqA6Fxzm
zJz-Q3+xfQNHRHmvMW};S>$J2Q6I<IG5s9o+EO-b{o8N$~IWpO9xz3o=bK&Dj$5#qH
z;0{PDLjeW!bXFB0)jpp03KL!5FPtEjBr7X*3Kf>PAO;1#1zgAXq54Wa4ffXiEy0?w
z@DK<z2&&O^b|R%Me_a8+x9u9eZL-JKpC7j!VD$SrBTQtV@`kEa#Q=zc;lT~zY5R?q
z|1&>k(_-md<PQ^TZqXRHJZoQ75IrFgk(^c3?W_WMKXSW1U*mxW6fRJvQ90nqJe-l>
zC`GiXgduN+8hTNueUs?V^(n~)e}c1eE(dmCRt3|CEq{^Ie*lW~V3cLG$@wsUHi0lE
z*|LJcF?;u5rdr1a<smxRkfLs5MDVE5L%fktI`wldEt9w*I0|yGI<azLP)!L=p5w88
zBm|r7hO}pCmVqmK|0AT~kiG<r*R<(%Ox6QDlA$F6z$?hjEG}J>W(TY`fQUt{>hk&;
z;>j`WcUcW5f3nNkLTj{G)-5S?aBIEbfW{I6poFW>bGrK@k~^fR2VvY}iZ{i~03U)B
zqX07Y(nx9U6?bGT8+yD0Pq)7#r90qgg<*hE1FcwJIZGo+qDP~1YL1%Dco2m;mDd!r
zgsH<ewbS#Nkxm{AS3o~#^b9=F5RC;ldLW&J+|sO2e`pfh0*IhuA%G6fD_S0jwlAMi
zT54n2!=*B55#Nc#zjqKcx0Nh80)hNI5S~fC%rh`z>*Fb}u$ZaV4J$4@#8?Kanzi>*
zOYhY?8_|VLtRiKoaW|`_o{4;}utG{mB(BT|1O@>?khREGnsc)2r}T&Tbt9HC9-g0>
z**WJue?8h^o-fESNg(%<2T|8oYJV@aMPf>bhZ>II7WASLM~GDN(l8=6rd?8GYgbeG
zP8A$Lzq8r=K>y3&h%8TfXon#Ic4#$R%r~hFZ1HISUbECW^aqrc9D|qfe0*TZueS}3
zN&zwr!!$DSMTfu6QXaBB5k*K`jDqyNqD)ZZe}-<t@)@D%x>Nt;yg~nftPu5YQsnm5
z(Rs;ej+=gkijwRQnpH^0QQpKK59@`1G6Q9`JZ-q`7~ohqqR3exKC04<Ui|T6NIoZ1
zI-n-4tDvgdcI`|R5j5@=wCbEdQuThtx><>D->JypcU~&?*CBnlxY%acy1KK7jNv&O
ze__iTSIp~e?9H1;c(`^JVMJlViC@g?;B;EcJN?DyW@VK1h6J<O9ulHF-=onO1yQVX
z%D&J*YQ=lZbr%u;t9N^X{(?WYb4S3o&gelTWt<gu>Zha#u$IX&9hdP0*}JB+4#Kz#
z7P@A?>pd~Z14CDieKxxjTL1$&F4<Bne`EXAMm5W44WytQba1s^<D(a;=IO1tWt~(N
ze8GT=yY%Z+Zo_l55dU@4cAm|Z&OaQPVgh!9rP1la9vuyjm=qRFoO)<7gqlKuVaN!=
zUw`H6bb4ME5|@Jv{L=Br2p`W6+a6><bHLkZAB8+)a?2b>;4W}?WU=w=^ZBccf0PHQ
z2d)3)i6H7~?Naka|GH~wai6$Mwvxf?{8~Gl^P!<Qf#fqE5-s?_tq;jo61@G@0jZ1_
zsH>Lt-(qpiamS?Q`{sO`;);|IV0Ae*K<6Gtg9sNTsda80ARt(MW*7Qf9Xom59Xz{!
zU7$``41=ePp+%#}WmSvj79Pf2e+)-J1csLnn!s3^+|^_dZ|*1Q!w}ABaPY1%f0&R~
z$ND$z?*2I8yvnFtRNhK#seE4F#$!H1=MS@rL3z*Kb4SJ(brmT#o`3SrAr}`+lhyuL
zB;9U&h7I{zeQ2hezC&q!)H*`;@jk^7PN1YT&pxPL$wSR!vRv(HClTrLe`<Ki9vFdu
zXT9X~$7>Si)Nsgewmr;g<cn3fGTKN<fP}Eq2)~ygAeF_zQ~z<>pA2&({I{M1B+~Vk
z@cY=I^7WfxkqyJDpX^4--&XHXwBMD|F-c3jfIT|uijOh1u(HI9@4@L2*GIq^pR{K?
zcX_kV&gaEzFH&lnS@c^Xe_vjU8RHPWenc_{B5EW+kaxd9xUmtb{<WXT___NFy1O1s
z`?Gp=u*;~SXU8~2{_OO(!!}=q3Vy}hO5NZg#4HVrz6iEC8(0y@U6G+2F+}kDmCvQY
z;`0KCsM$*D)d3Cv(;0Q@%b_id%heAt<dg=9T?x+=D=eRz&k65Ef9hhygE-~f_9L8W
zgKPfpIBnB3Cj=8UrF~*js|9@SCFhM>C$jtZr^3+R9-cFq*K`)rd~N=_+*b}~XEmyh
zprD0hpJDoztgxfnX1DC!V=pV%iD)XQ+igtA944O#>?oJpvA2$9XI_3s9j|(TY}XT*
zG)xcsZbm%~<YD%Fe`RI#ZR{u8?Wq`%SsuHKSr*?fYKmKdUT8BH^xYvWyzLiqsqvIq
z&#zaYz!T1Kg~}+RJ8689?fU@5Eu6IkNzN@u!gTv<R3-cB_qbjy``;h8JXUna+4lIw
z5#gC=kOy4cBcxrl0lLV^-S?O1o}P8vDygI_A+_&>#2bz4f0J<%S=Bq)L#e~5kZ#8l
zdU0f>a~G|PcEe3L1Z5QBaVX^b+=PZFL57TiC%D<A2_g!};zz?*x@yyDri!Vo%#MhD
zGT&KWaP+yUEOPm-TY@Y+7a`8riJM)$*d0Q>(Mg>K8F(*g19RWg5K;q1aK!CJ=z}&X
zw4U4TI4x&He|Be44{y{FO2+)jKzj0o!Gptl4KfP9TQ3*YF}*DGE4e6P^DUJ7W1<`1
zlPVp{ar*}=IMIwR`$uBpvZd5C2D#oQ>lia}a1hfozTHd=IoY~v3jV+E7xk2g@VOjD
zhvlNcYQBgs-<Hgyt<I=wjs2m)a3w`bcw$KK3N7r?e?Sy7$rKHYpOBS{I(0hf9KKU<
zImbi9KSG>-w_X!mZH*tr`rxzDjcDxP!@57IP+f;duf}7C&UNHt(Q)m3mrQ0eD{R*C
z@*7>IksxCG*A8e{dv`w2=}H^UW6m@PPua955|GV~Kzk-;$#Xs`M=)>7rc#MgY|oGD
zI}}%(e+QwNU2R>84cJ#A4jEywBO`<J_UxJi(5>os+b&}Yervz3$}u`^vQE7cpVt0>
z-lMa&k_qbA_x<?U+Qe31d_qwsQW(Q)_-9OuQTHb!V&Q0Hju)R&?Rgb9*OWEe)orB?
z>JK1t8ClA><AhRm|8{MnrceYn<7wCryj<hsf4WMU|01jU?PB$uYws%#QV%+1UZ}qR
zZ2OfI-L7}aXZIItbme+@0Qs3a9d?*tbgrrb1#fezQ15IWGg_7FiTU!rbIRtUs_01W
z8J*>Y+{<3Kwmqxh6a`ZVG_*hPuu~ig$_G)qhecq^Yr-BM-jm4VCIBs9r<fJrE~!wn
zf6e5<UfO}4xZ_<HH`WGx8Xz@PNxg!J(_U7`AsJ!r95e`;t5g6C5cJdcN;(TfB7?c-
zD?_Suejdp*G(2zF_}Bqlj;AQ`-GXzeR`*dmqb^fu_f2M2!|sgy)T*?f4o+dnw!^mf
z<VH#7<Ogp)XQx$vaoE|H20LIi%^ckSe|!1t>SLmS-KDQM5_V5MHX$0R?tZl@z2yNl
zd(|0s%Ov(oQv?xq1?Vu`7gb(uuo}vDkl+ZO+hlxfr00KIrw>r?SsPIi*kj30fMjwh
z<Br~6@-yiUZO;td?Jef*S5fw94M^O8(*S^~lo4b-LLE<Pfmme|O4Z5l+}g>}f4R=X
zHx^^%xw!*5UVd2pnzH<^azW%i1wWHS#>cUl0Lk=+AT=Jn`(yLubqyuU-F9MaYj|=h
z2f-*(V5kvnbvuNzy5Jm<Is%EHY|XU?sTribsx1!Q-FaYhTjAXsx%!@%v)3SA_5unC
zHIP=*sQ9&dQ9C;+jdnmwkvZTSf7DLY;rkdod30&f_!AU4Y#wIsqaa-)DQ+v#^@EU`
zFWx0Joq$$}lwTy;#K75v=N12G(~Frm+(5Gz0@PCJjM=$>m!VnU{CRRqbN$VUf15tJ
zg#6>aEu|wWp8q?o!;vqJY)d&HU#hV)ntwvi4bqN#9^Czl^Y}hT@T%?ee=Q$3+Llcz
zMO|^1c5FjMJV9b3JfQ$THp+kg-A^I1iS+29URXT~u$_Orai5y8@mQAWU6k=UAW(s#
zzJ9hs6UQ)k8_s#);O66RW|T^x_eGV#=K#0+0<J3##q`L^WezY%5;vL7t~$sN+&XpX
z@r|jpB=p)Z^SC5H0LQ3Fe|M-Zn~*JviBzQ%C(;(@;W{eAk}J-<)?g5TSSZ7zFE>5m
zIs>|*k<VVvbQy5!(#c_(3E0oeGlh-b1r5%<oQt`9ug9*$OB+)V`3!J=2@Hl9peRcO
zRz$fvLv*JxKZEc16rnhHtA>0X1Gk;u#go}Gs;vM`hii&Ph8~Fre{H0tvJP6!y<NYt
zz#*hn(*v3apDO9?E!e{F5QZ@t=yjxCR}4>iEHJDiu{d>#m$za(jiVb^i0xDq4ChVA
zQ8k@tT3I=h?XaS~-~R`v?igGN6LkxpSSPkmGO=yjn%K5Iv2A-|n-e>k*tR{f^*!Hv
z->Uon?w?&<y}NgBf2>utZZ_6)DrY+KE&AP+AV;ZbSAF7iV4$~=x<akOx|r6$z6lSP
zYd&A9%@0b9C@5VeP{RJDGE5|G&8pSyU9J7@-tVLOX&=}k@>gP)!`(I=T3$)~9_mAd
zx3p$TO=!BoNJzJ;oeW=x6JI1s{N{7H(S7`rl>{0)Kr=)#e>}|oJ@zCQ0aA|jP?|Dt
z(jVJpx%PFpkjhWK7%Msfs-NbU30Jj0G^>limnUWe$B`Lk3Q%UbxkRtlR80;mqoOW~
zGpSorVK~54&oheJ!Koh?tAHe*^zxL(;Z3i^2f9A?490nGtn5xuctaF<yI$(?bGg!#
z(FUBfZzQcff0Qp89*SoWg)z0%l>CPms51?EFTfci^IQ`KtQsJdW{9dHrT#S%P%0eJ
ze-_e;|Lbzj`3QVh_)7xB$mPub{WHdH!$<sg%kO(NZ(}kS3E)t}e95>7s(Gaf8}!&K
zj$p&&ugpzym$W1(KnRc{`7do$Gn=WEZX!e+*YkUXe>d72k$>!gJa5sB^T|gq$=_&b
z=+_-Xn<l3hIp*IEKfMcO9gC%8`5V%DxXkUVCzVQ0-w)w`VZ&mMsnZ5z&(OkT<_DQ_
zT9o$a?Ei;r5WvXMj7ZZD0zogIVG>tXeG*?IAZ#~}`(E*4?F^$y9bPpDp<8+wQq|#j
zJx~VbfAB*=GcIy(!l<bO8<>V}tNuSj8GwprBfzw?Hg2B;ASSeMzk1|djT{tTTeHIQ
z`nrR67(xg5_MSxJZqYd8&ub|&$D9WXZ1ij>K^uM;P1CnIdjS69&pEp_<wLfS<2c6x
z6Q1Xe%MXCj{2NqKDYjc}4;;)JrATzc4<146f17#157Xsh>iZ^NH@?6QwP+dkDpK~=
zloiiYqf1n)PctS^j!TVdaivWO2txgMn2PbNKqF;F0M&4w^;e>SBZgG=MVvJ7o^ZOu
z5);N1J_AfXVnr2X!EeM2)0UixeATDdu|3CGw2ygc3>WHhiDqbCxk}4r#%Qi8F>-_%
ze^MpzgcgSIa79H!`dH<>1k`p+<`wg}za<A7d}$pS{V5ZgET;D(#mHgTV;!}Wf0^q)
z0)w&WkStp(n~Jw&Fbpl3NlNGtmth-jm41kk;(-K_Lv#WR?mVE|O{WQvFbA}Ke+{!@
zAMb%1aIfcY)f|<UN&+*RpiqV6o@T(Re+vs*E+AS25!HGTHm7!|5BK|pOCgM}loS9z
zK)}CDQyClAf9jn@YZVUw6^qfSK>O5aKiEi@m_xS`TjJTOyW4O_{l!e_QEoht1S3pJ
z;drwvc@gs3cfv!7CN-AUpb`c02Lp%;3X~}*4?H<5b!r+5%nuOza4J8(1HNIjNvz0%
zSbtH&{~vXZ#Iygab6kURB+zIbx&3b63dWQE0nI9!k%_*+I620``kytWXL?*Qu_hl>
zXG*7$Yt1vc?%dm_)>Ja#kW(5gUE`MuZ1I!vNe<kF!c9F8%PkYhHn>m-o3br!YcD=C
z6_As1ldT7Hu8PNMNj7%`c{+1vJPIXROn=EH=6~DfaZqS5u07DUNE(PsAQu=HuF|Zc
z48bgdsR{uOzycgdDt(7sp<0ent&fNbk2)hLH2`Vpcg0|)jJwol`d(ZRSAxZYZWskn
z6+!gen6RRK$`(`-LVQec2^r{ad_sLcBSLj5*q>!h9(mA$S1h}{ne&ml*aG1ANPqAP
zB^xS^9aPsxjcHJhg(h}4z)?GsJgo>5&jEgoQCT=@KV`=pC=%Sq*EmGv4fzweUf6fJ
zhX{q}hJu9WgE<#Azd1=WZ34cqp8>6|EEu>r3#Ist8cNmz1aKsiLS0=6Z>zt{>w3X{
z>cN}-QX%s*lpAzqeHAZ)eJe}8=6{dzdBhoa_pkH=PY$sp^h9E=2iM0;$|P^L`v_*+
z5CpgJM3ormhXaaZv-^Y!d{XTPj~!V)^oTTmK!7F?<VkZu)&CS**|G!gUNJ5UEX5)g
zMT^0Tp{rpa6KGr)*j`|);QgTK{GAZ<pHTqKwA{J1oAN1VeG|xk{1BPq^?wpoMU!;*
z*`S;1NOt@w0x515Q0$-?p$fndL0bO`_ysk1q6MKjy11Z~xG(^|%}+(PQ+`m{;mh+I
zfxqi{_pkhcubUfVc3lb9+|tExh4h9=DDakmmJ+x5<!?eBXn#1<=PNJ_$|3|FZK^PT
z5>8JV_G2FHpC<rJcZ<q}cz;mmTd?V}t`yFj*am1Fh!zY$(TL3qFK)VU>Fe_K0O%#p
z9UUkXWW2&G>He6iaR5JVEJMq6h0eqzb{XV?dIT-QB|_^81765!ueSV4T3&t`!o6z(
zQHg^b@r+tf1(QURJa{jemufGpc-=X!%DNK87G%b43jV+k0AENfH-AsVoES~UGIYj9
z1jP6Z4(jWe{)j}|8TP-}^i_MT7O@~yt@aqqyN}<p5q|NLQK{%cr^<uOZZPSWn;V@k
zSF|{edElK32YdQ<;mQ65%*N825<W$J1ZOj6KF@o7WEPKXi<+@wqy-Z~8uZ`i*Ij9*
zP5zN+tZ<N`Svh4&!hh8O6hMd}97dhjYdkXcgpLf(<e!x*8g<dVmMColR7on8<S8^+
zkAms)+|k<~Y{L`Bci}5>AyE_w!$P-VTrfI&rQWTYDzcrikK`?ls6)7KmcXFbk&Vxq
ze;v;6q(Dpa#;}cG8glUF3r`wpo_XKcuPfxqk4hUzG#9rID}S9yKt<4mG*H=$`UQyR
zt|TMGd*Da|YZLxLi-DJOpvAu<4a)4)aF6T#HhjpruQ=0`b3)`=h4%#S5iyw9qs#MR
z&wPQAGUpFZ{O|p@E2ND?w1gR+<3^g}wSUs4e=3$3trM3&6@+4<0E1xh5DT(o8obsy
zwb+jtSJ&r|27hy%pu{*xzKm5R16Ter+1mNqHgQb*v~bLLVxyT;RR_s%g39Z5!Sv7>
z%;#P%s8{kXnR0M7Ji~3N_r<TFY0Gi1nW`V_eg>@~x0s!0;wjSS*MrH}2t(ZPMQH!!
zP_S?s^=CimT{8N^A}Yz$&<UvD14H^DlE>R(wog#w@P9#jL_}3BGDvFe69K7IQ<2PG
z<S!!LTT_$zXVB3kEN=HTp0qT(-nn=%VlI70&g7o9rTwTWq&?vS9`;T7w!aA^(C9Sz
zZfZ7o4Og;c#Ffa@D=0eWo%AhS^sdbL3d-+;jTR&J4SfLm#S3Li#RW?JD8y0)0pvY)
zN(i$Jcz<)g9+(gBfF#SF{H^nmh-F+cY})JB@jT`auVj<(cQ$SQ228tP$_f2XCT4CI
z{%YNWgkcZ|Q6yr?oWb<yrt$7Lk<D#;NV&6q3~rI$e;opxv7-XGP{nBoSxwaz1lfQJ
z&Z`@f=+iilv!pTKI7^$-NIz0*qZrKxRuL>~dw<P0D2oxP;3YuN6t=_`>g->b_<3jb
zoS9`gXG^;BN?a*olEH&gW-D#><{}dlRt_&P!}3bn@$dnG<^4<@Q#xA@l8b^nMh?u1
z+zX16l2vd)1Gh*&GWC{cXNsNb%qL%Vl(xZ#TgtVCK*uDdtaj=vA9x=Kgip}-hpeuf
z^M9jEbK&LY)2=vYmxD*7=*YgbCZ*pw#+(={1t9>GXyYy<&XAWn<?n&L1}HAEd4F;`
zBAM!nC8Odd1g~*9ffvG<>?hW7J*D-CAQKSYu#`!z7Wyk@%CyUB^5lX(iu4Qws}Q??
z>3@~E-9$D^4bvO##Og26fFOep5SKUINPh!8KAQVlGvo<Q7%4I<dX&a>*9jHd6B+HX
zh5LqX_vBY5BYU^S@f+4+Ejthg33qehVa6<TX1hK1s!v8Dc?bO}MTjW=4gvUWIU&8n
zcYFT|rFPjaF`4-a##$~Yi48!e2=l@mqTrnhTdcbc5+!u!yqCjXh4XlhHt=R|b$<;S
z>=C=}Y8^WC=$UfQc~qRL5ue~MC+iy$YRstjD_qO?V&7METFsqo(ku5nm+6v%?ln&t
z6gcW(JkGf5;9OhA)!4XHX-*QBr;mbJ53gV&ro#W}lB$|L_|G`+YQS+|U$`slJ0cQ;
z;EDZskNBDO3c;a1c68GSCfz6)?SGuzkX@_==BGXHoU5c?#Pu+tI}G(R(O9&=9HZP^
zDDhXBDKv7z8#T_j(pHQZUY`v~_0}EX?&oC~&KfwQ7rsDC4zA0#A$o-yM-v{c)1qRL
zFryS!vcoT8)a||cDrvJ<S)D$mfd_B%vmnN=;c_dcmRzaTU`wz_MX^M=Reu&oW=H-`
zCW#^<#<dX)KhIpb+*dGs*U(n30Iw-3<>p2r)ZXcfx=)5NbPAqJn&U`|t|2mt&n#(4
z|Lrsm6WUihQCLy7Q;}xB(v{~~4LRfJ>w4Kg#$5NUF;SWS=9t6z#VPdP$a#=oL^Cc1
zw4>i*E!|KM-xG|lN=p5&-hT<);WU7fDxQj}>O>zLTdpg1tqyy!t=bt!^^_T**`k?m
zk;wB*|A?~n;>p9Zc$&N5U<(BAoK);6c`oVT-We_ah*w?5U)=eBE3N2#LJ#LdS{^(|
z%8%ZbfpuRNs7i)PHtk}6v!|)om0~t@M_~64Q3`eWl*RS#>KfAWqJI`eF5oKE6HC=!
z#`h+~YV-s?ea^K)C?A->s881~4X}mt59|Ewk)$AemG;P~Pa5??wA365^HrKZFr7G$
z=eYzPMC}F1`RaZ@FZ>=))6u79ofa+CgEUd>D;+f&v=$p0B77pNb2w(i@$K7W+KENP
zpmnpXfKfw$K-dvKpMPZ~bWd5!#K$%s%?_HpC2&t0d5&&66cl9dM()uz*M~ot4jlQM
z3p-oQQm>8-H!3bUuP@7tEc27N&>@Dq*Qp<B!0S)zRK_1_c{ljIaQH_(oY2VqA?&qA
zZ!~P8E~oCozDL3fyJscEYn1mg!qizjr$pmZ><z0&;;9ouVt*zuYtFJ5=>w06Xn7G*
z*jZ%QNU_RZz%)7YAx}~BcEZRCg`L_~$=zA$Kh8maFK}4@V=`{Dd^7nBcDeTBSN&xg
z>s1G>qQxNlj?q@jb5`JRFH5Uy2R1u%_{opC7sHfcjZY=7?`Lh+dlnpi{G?ovlaiAN
z8(k5FHrblG<9{l?2>%BSuFJ!7@H{}+upwz6?Y*96_PdW)n()&fi7{m@5kFCnc>y}~
zv$+(r#zEp@9%o_4x^?@V$KexmB?GZ-lQh_7n>M2XX=doz|ETGumUy=F4$*vMn8_N6
zj0YtWVnlfs5QOI0&=on<h~yp3`EP0`CG3+JHmW;Btbcx)`q6lhsdmf%6UhF~$=!tl
zt-+YG`y5pVktJui5jPN*7aGS4F+vn8&FQ6I|7zKLQhV)bQ`a#A{J6Flaco>+;@)Q(
z${>ED(|PiJgWj<<*KPEja)5{g1Ggr01BaE3h&<#!I3jq$qIR>rrRX}kx87gMSM8HY
zs@EQXCVyw^J)^q%I`AgchdqeGrb#;2-yQzBQm)#Nh-WJgW8?+B?nUQ5iOclGR%`;T
zPiJ}mPVCjxcK&-M6Z5-E7#gd4&C;PLSZnD~j}^y1Tdo&YA{Qxgl-`F9HiD{<WEFm&
z5`hC4h2)*=`98&&3p0gCD;|VG2RAUUUJZ5Cet(vmwf^lHelp=P95>`}{;o#ec_}hg
z7i-N#h%b*KVV&Sfue}hrs2Jo-jM0&B`3AdYMmc^yOo?XWL!27RuVT#=mf2KrpeofI
zgsc5>4ip!Lkkb_Z%u14BGsGFf-};JmwArf8*US;)Lpmo}5+0&hn0Gs%G#$rg0Lbvg
z<9|r!PR2#Zcb$6m-uC_C=tRplXuJ9uh*%%+XkuB2E3X*3Tx2+T#^l5i!vnj|l54sE
zC)YbvcF!i&92f}>7)L>ciJk+POk`L(2ZZiWb6>h4uPtq#hB@dU!a+onhi#D78wDWo
z@r}CA_;(N9?{ykW9<=4MwXxi+{@Pm(MSo4U73CL>EkqOVhBfAkSQ24_igYi}1{xv7
zfc4Hv2cAFxmYMkkg2bDnoXFHU|2oQ4ed{bFchOze<yp!>Mxd#??2;!;-EZ5J`tQ*g
zPPsUMo&8u<)_?1}_&6S{UA}Z?YlFwfYG@5vXQ_-+4@8L(B7<*WBO4Xkj4bZE2Y&$G
z$)ap6n)e}b4$KI`qE82k?!Qj6uB+hSM8t<jD~;^}j@9KF^uGPV2VIzJ|2z2kntk5s
zZRU2rfY1{-?rTV!Z&rVFHCnZS5~L~F&qW%*vkdop$i4`x!7K(fM%4vrFmh#<W5&k1
zV;P#H0A2>trm9@qbwa+b$ZFXLX@6#9*V^Kxg|#k{jo7W`csaj46$ML}RtWQ9Ow<up
z=y%AC72Gl$3UkI=BvkkwS-ZPB`~3EoO;>_a|9%0^A}q!VyVZ)|&iRdP46S>Z*8LUJ
zyx+Mlx^(|8X}K+!j>O`cK!_cUVO4${bl+@2QNcZ%P7q)YPtFd1{`qg{ynp**D9aPu
zj?o_`w@6xf-#2|k2vuNIf2DXVOgE=41$|MRlPARpChtTYuc2S@<Ec&YAGk4kaa$r=
z+~&iSwuU(M);*_SM?+q>2d7RFFtl8zFN~pwX~X{Xud#VSebH-QizK~W?n^uN*LxSg
ziRxZ0Wf2Tah&V6hW<I5=t$%xigB!X3E}ll$%NNl+^Oj1iXu>j)Fu#6<(EYF&dTmH7
z7_obMjjo6Xi6Sj}fXZaVF~1mRO3V|h_MJQP)>%i^<b-vk@3flT^+tW)ZMr~V1EI=?
z0fy0qv)=Y4l2r)9!$%lgrPp64c+=~5;lwHB25|n5S7SE^t%I)?{(p2HpFZ%A77dS6
z4@b%cI1U9dqu7Kz2s4>;$Z=s>S+XP<FlW1Q8kA%c<<*6{m1#{y3~nb(+G_t}CvZ(R
zZZPiiEQfu89#6&E!s{B?JHyeqgzqnurO}@V^nd++`Un0u*2L!h<=gc+rub;8Ha7!}
zl5=wMSMS8+|1}^9Wq;TZ#^CxylElK+iH+6hwEB4vBX@dU<?lF&)Iz__g&?j5-@%M&
z$YzFME*R~?b!fXQ`a&AR+gBy6t{*gLXrL<5ZyKCyzxqyQ0%x!oh6Xmy9TCpYr>c&}
zdBx%5Nhr7#Xin$PI%$Cr89CqsELZfuZ8ymg2Oq})_RRCKoqrnl4;yQi*9v@@HAt|>
zjk$dmSQiuowpJy(z*g+5h{_O~%JI`kxUcgW^k0I&+OQG}(P!^6(P{DUv<{}GBX_?+
z#@-_jz1KOMa|?<~#Zv#_c)6Vdos<YX2nnG8y71*8BcArhWw;g7N=pCUD`I~l4ZrW&
z6nQ41X0d2_OMh>~khN|0ZnP}REY~yQHPqX9f^{cll9$Q|FdQCWS`Grt4vKoN_$B`I
zIN`<hyw>v-amblnUC@`rz*mCZ#~d`T=L_SKsUa}pO8yMh^?aY#v2X6zfN|~n&2#B8
zr=vfE&vEkE;VeoDng|$GWp;uls6`Z&7xrA3FAG#FS$_!^si~wR-^9f1|G}QT7~aPY
zG6-5kg1l$lPcu03I#P@0tTKbSVR`y_Nn-KYXCc@nA9HU=Ka`-_HuFk5ZT6*c0={FW
zEa#QjD{1#Id;f5k-lJNkU6@G{B`JzepFNZpq@*iush@JJZfsf908s$t6gXmz%wIDc
z{!~bKCx40LKpz-@6I_9446SYitwB1Szo3C)&XJd1-zz0>M?048#SV=L#ta*ziO`dJ
zvG_rchQ+!S-mBL0mPmW>rqNAeztv1;4CiS~1)J+WFVg|lT!rS2s-2Fuk&Zs0ce)RS
zR714&Gfds=lAkrn`XA=HlqKmAP~}qWnA5QIJAWXz8w1@uq2I}L?5tOQ)j+PMX=HJP
zgA_MH$PFukjN`|&z8?hPHL*hZZU?fz?46ooMY#Nozn<=U^3UeKa}sdmAXJfk(sS_D
zT3`b=+7G;1F&=bFKfp*Vi8~6jTLMrn2+FM-5~Lg*0hJ0Ffhqzs{_Av-^op9QG{G2c
zA%7F%XJ7wGn)^owG1Cvq?x;^32g=sWbub%IR$jRlNOlx-(tUzvO2ye%`ZDmHf+$(W
zo3<fEzGv>+!n&<IYLaD{MIF_E^4%o5py%>?Ls>Frj?oUfDYOB))vJgL$xESm<WeM4
z5F9-G?(A;jc41oq>+eYtGxWvahKMSYw}11~o4Z`|!v~A3p8H-RGh5c(wfM0=abfG^
zHbob`%srtXL#&7f6q&Mn7i`_40Pe5#j33wTJJWRrZ>n4CkY(kZ086PHiY116FkKI?
zn0w2t5TF~bDQ+QHBt27dxl;gCLphgH{=;mfR2d{O0L3P;3pora;0<;WS~<B0_J5__
zsX*86YSVlo=R{kIQm0W}S8!;{5+w$fY#m=DC!0T7+=+*C!T{ZSnRkYs!Eb)z;Hb0T
zyDuLPMD-Fnyh0}=wSaqr>Xe34iDn!bjTDKyKi`ZLBQDqS0td@XHGd8=6KdjNL$fFl
z2mn@x`49||1&JY>!MFvZMawI)qJQ(wm>$N!fZ?ysBr<VZZK8w_M3P6;a~c<92#!?O
zGQzZi<22FL*Ijb&;5#UOo~j*XxycUbMx#LOM25ssY~gwt&n=O(P85S&TRPT53ai8~
z*|1aYPxa*&Jq&(JW;YGBOBYHncy(dDtdhBw!qw1QHXw*(dIE;7UZLzGEPp5PPiwFJ
zbB*ua(4S~Ko$z!-Z3#ofydY5^*5Rs*y?6hHFs%5lt_*pOnT)sWaAn(V2+=KZLpaTK
z_wtHDG8(c)N(<GHA7hCGOp?w~Zdq088KOlSM+ncBN=E-8a~X1viyB^LVM8e2k)tbR
zj>XJ)6OOP6z!^H$<O%UXNq>DE%<Q~$ndkbd=+jwMMCF}lF~?&@s(?p<EQvyn3mU8t
zKz3z(q95(~<~gcG-cscJA{a+&Bv`WUuc{!bPs-R%k?U(G8Y4&{$0Kd{2WL$}Hcduk
z0-UE6ngujq&aF!DavSvoOcp3J3(rlKa)-WAXe$`u(K5eMt#*xupnpxh^_z;Wcic?v
ztN$Lku~Gzczg3KD_K41)Fs35~0Zx}NjGKOOsp)nY{#N-%6qUOsOo%J)K2s<V0GJlm
zSEQRi6+MTrda8Pem6tX#?X;p>Gk-(Uir!j&!0+`q`D1k@j7M_02A2uyFQkw+0f;_`
zSi&@`qw&VA(u1BYVSh7*!hln(a&)uxshZP<coPkeW)b*O&SYMs`MyQ7J$GPomwakr
z3f{mQh_6WIOZ)N(rV`O|()@7|3@VE>mEjVEC+gm=3x~U(+ix9r8DHTScQv?Iq!Big
zvfFK<&TCe0>UIO6Q!4m7WFz`Un>X&0!W*;3@UVbVzs=OE3V-Y_8OpYzIW$pCO<M~l
z_X2>pl0yWcxJ}}$ib#{tz<{8GkC5+BNW>H&8X?7Geov@71-89x3wcD1Nse%EzORYW
zWKQ9N;9C?Ml0SEFcn_N8onpi!5E+j*Izm_ppc+_PUM^8sM=XYk?K|B=;gIvDn;hFU
zi0pumW>Q#FV}FUq$^<sqggj<5+RaRG`+ni!_d2a($(qlMmJ8C8m}Lk#MPv?GXVVGP
z^qd94p+4$?9q`Xttn!Jvgh!%2Zg_R}FMAlBZ;>Ji*&;@gH*f%Jx9YBBe~;EqaVCzO
zmx1k^5EE3;<FnRSiGg>Q7fL&fgi1?>RqUU_zGqEyGJi(&Q5caFG}ciU{Op_?%|mbf
z{)(wThLKf<$qZN$LxG4A_T5Kwvuui!KsHM>4?s~epyt=U$N6p4LCzHo*JQaigwe_D
zJHh-&hCdV`E<XE35Vhvw_BBu^)B2Ii7G{8CdrXY+W6fz!Y^Y5bJ2&3DJij1WdAJzi
zscgTh?SEbE>NLDZZbUu528}*t6?!KwM4hZvG`{ff?u$BWMjbX`AQwE5@f<}f_V)an
zIm?PnR>-URb<6BiNFf=U$3fXLS?}PCosg)v5oZR0^`PaqrRc$v<k_W}U_a+?v2D(@
z8;`Tje}RQfClRfEGs25xPo-fIPo?=$WUjbstA9I<iTFL#yifK9%XE~j`~|AU1tBtY
zq{=^z`&fH*dA%<`KI&-&4RsMCVMuvG-lXWFLP@j6K15K>_Pxb1y3sn!Lfh?L#t@PX
z(6co1heGQZbRp)meqI|?3?HXo9EJ*(wm(U~Oy7m{hPJM3Nq!D7&u2>bAOK<$aY*sl
zB7cWqD?>sU%EtX>K28*9@!DR_n+972bBMlfN=nK}V5LG)NGAFTyO~etG%`&be6Qbj
zCj_qBV)$nik%*&_f)omJDXjVM2+ko?yqXV~O9l@yS1{+CY3K9$7TXNpk%g^gQFUMr
zlr$iAcvN`r8OxfUl#?EP!#4f!vOkS~BY)cnx++E)@X6Z3XloSoi?*Den>dW*mt&tM
z<5qH2JK7aLE@gjKy7%koFR%9;tJ$^_H1eQ|qlqy?z!+Lf>WN??`9D+I6d}LGZE$?P
zOdmH$hAh9-OX2SWwOir(e{2_+fzt9S17yOSu;A>B+ap)k11sW<-qcImV;%s%kbl+y
z=Q>q4F7c(f#1wzUH9reXi+V>K^kn^J70x{}!p6|Zi(ZalOZdgqu0=LIIV&EQGPGoE
z74iembF@)9g9@!tiZqmmjZ$oA?O(b$&C2*bI&#M>cB0yUIdWH`j$uM0|Hf+bp^q+v
z@v}<jPOxB;sC#$neGNEy%ayf9|9?;kq!`j_{)zILN6OdWnxT;7P3EyGmP7u=QQ8D$
zWk0$&`d_0S3q;tNG#BkAjWEL!Ju$t_O>SY2otr#3DYf)BhwhSGA{nL{iHop-b;rro
z63x*KP9u5@T)mYBr9{Sy)lmgW^^^m~+FR#8WI8an4&P^xDD`|gzQ=gerGK>oXkvgy
z5{jDvTCI74XnNhp9_`%6Pxj?5ozBLGnSRcvDLC&aR)t%nQQ(h6(u>^2qsA=Z?g&yH
zGeu1}257uG%u|Hjq3QOxkK|GUK~BC>Z4q(+an$e;r~ddK>_UA&2r!<`$mDeNvK3J+
z6koAtIzNvzqrDbGB_LOO3V#g}rEa#B@5T3LtNRya9_~qNw=Cl)&%X7kQ5i_I?7NHg
zy9xJ8b!59L=Ju>-FWmQs96PbDJ-%P{?+XLm7UW4jykv#82ykk7wGdI3=&{ZwuZ=7*
z9nxXQ`OQ#M{G`B8w7dV1Xj~16F_^e!L?w(M@)exx7fmz2@8f3=Pk*#XqAD*4S{~BL
zUP1Rjr1Fnze@pIN*|VR=)dMGiUJUU^F^)xp$*7yI-$2<~xNF+CW7<(y<+8_Ce7jy#
zJiQ09AgCEyqVOU3-)ncfj#y+0Q4R?fQnFTIlXr9iQ7|>akn0sG9t=lak0v^Z6h1#6
z%m+p!G7MI^LLi&0pnv1hQ{=Hs5Ly`B%G4i(|0jZ`@nD1V$bjUrsW;(Q@0n50s+Wm{
zh7X=6r@yFmw!LG}?{fa-YrLLlhn06sC7$wDA%q097*ch#pY&Z-=IO%KH9dH!D5psI
zG{VBtl`KK(#3%<#&tJ99M$mQL6>|maeR0qH*q%gcrW+PBhkt_1!4qW)2+6+j3>J7E
zH&<PPm0*09FeL$b0XR?)#`29y;L{+Ah9!)rG?L1P`P>FtvWAY&5VmA~7<;KE?;3_P
z$wr@W9sN!)$Gs)qUHp@~-#K4%?LP-%e3iH}cc|Ge4oI|xg!wGtFf2*M5{9UZ11bZy
zF#^RxXgZX{#D7iP5GtcUbbRrseI(`>h*+#d`p|r-G)qWax!++x1{)$GohN(0Qg>`Y
z4MBz!TxBRRRKAB4gvH>YC{nlp08KQqF%*=tIGC{*rjqbd02>M`Yy*;Slb{C-W*fMB
zJyqj<C*{pf%2&a%l5IQwYx_v<r|kiBPiCyR!`W~^27hb_)Oj*MH6lL}P<a`vA`WO1
za%MtgGnW!*n`X%EWxcV%D(QgA{p)Y@mOgIe$Ix5xd&(Zw{F1xCO0ozWB^U=vSqxBt
zMbw=|5gi<WV;Crb06uT|IRKm%fPEqKCu{ti_|JXb*B~AmzvPJdlfTijKI3EvtI0x5
z9H9w2EPw10cRrjyA3P|39Y1MQ`pl+#3CLjpcX_NR=I(Rv52efch-uG<)q-v!s~CHK
zTg+r2$kM7MZ6%>vA}j_-2nB;LEHULttWM<f5q18K^nLwK9gC~W9s51~t)jC<5LdG&
zI`HseO>ZNsHppTZ>g33d0>Lb$ki2P&r71Zg?ti%qF)ncU4WVwhwXT^Qq5S_S2q1s`
zKZ1bCG$`92@@SzuG2xS3VF}5fnVFf=jxmKMC<I@lR9sj@2yy?d{A!{NZ6at*UcF^{
z&~=;8W~NVn*en9`{^&WcOmYkyo$<eoei)BTwQf<jbM4S$B_Cr~Q#;qu$t}EE)lLGO
zHGiYB<HZKnUJ%Ya@)VgAZRyvwty#Br0HFT_h`ufS{)#~$k0TZ=rR+<&=+JO*a4@*y
znm$T1lYjL3EIs+9rZVEjPYo0$lR|kBz%fx$!*r$z#h|vs`D@D3V}!%IWbIa^Nku@5
zfe>vzmBT!>E+?a$26$k=0rb9JIXDR%tbfiGT|xfYYQ5~V-RKEz{Al#+)qo}wQ--wX
zFo6>+WtW)5(VQImH8`tGoo>|0;NIFM%nL{&6HOv7j}jS0!w^5>4M~w;NOyx9+Ouw9
zv0J|ISHwT-Riin=1@!-dxY_ys!am_Kx3Cy>_wJTtSM!!pPT`Gho;zIIymFsAbAN5<
z>4|ft_`$MKb}x(~)CUr07LG7}35@sJ5*v{U&hK~9wX7s{4;l~$sLBT`?9WI*R`ah(
zB>lJZK$#}>(nmm0k0ITkf6e~e*45TlFyJ%?d>7Y^VSiNctzr4h_21R?<L^4F_2h>W
zN$VxNsA19ou?)|LzsfA!L*wJ{1b-{R!YCggF%)<b0-4LOj7WA0Wi8YsTte9-u2KQv
z<BMi%p@IA}JPAn&D6w@o$b9f7^<W-IvHC6bs>im-+uLiD1Y$5vUdsPM(!Un-`{SYP
zH8(fcf{@$i(9DToXUUes%sOfJ*d~ic23j#_%MY1SeWiZwEPv(t#|<B3T7T?pD+({x
zE_Z?tvI>q+)DNkc+jJPAD3Jz<8jgV^X-8u+xC3&j2PkkPacPqDDY)HsAN`bCJg|I1
z(7%E&QnBZ`_JJrZ&fe@Pb3x?YJ}s#F#*U~aRR7Njg9%E79M4;IiwjIuqS_;h7t>ww
zcZPu_4FmGVPTh(qHwz1FgnuShE*?P`8(%~ff0*%nn60J)Nh0ciq#-GiK)EETkL1ML
z#%mFV?1;K9+`W<&5)Kx_!o!;{)V_OPmSu4qNaHrgrlxiR?J0`VC;7m}+;qwY)^Zpl
z4-afryngg#nWcPHhR=HK3LmUKgK7AHU>M|mxsic^AYr$UVV8Rs2Y);uw8m+NFm9@7
zTH{PBJ%%hf-`(oLED$2t9_At%;gn&TbWKxqc}<kWH8B$6G=d~J@~;1HOail57cONn
zm&iU(1Utl>87HXcizuHP2?|bCE2#XN%$@@|jR~v|56HB-0TElCkBWsm*eB)<j*gB_
zb%>yu@3GeFFId}iZht*TsSAz`N%EbSzgGS|%XUEwaZ|^-8S)*@iuwJ%<4>F+;JEt<
zxl5FH`)izynRJ|mrZjRann5J9)n|4~#NUcY#seKO(umC>zqlCmiv!#nu;YUALKMU#
z)R*l*kc<Nfxgs%X40({=-?^u+%@~@KR4~u2CM~S2me^lOlYdqJ;u|Y=5`Ik@8B=zP
zg}->o$;mNvtxCmgZI0;u*+ZqZI2n$P6MPbNH}oC8VB6B;xK@(xgVHyS3&zCB8NLv^
z^Zn1`JTi63gPxwTH}$-0`l7Pdrm&~1Nh_vx!%~&TQ0L+%{aERqPIs-`s8TE3$P&Pa
zz6@~hg;`k-zJKPq2?zM-6XAf}@EQ4OS`D=C32>!vMM%wopcqsF{(6PtGnNt?wKAzl
zEkOdjD4q1xUf9+6M1NuhY7XArB>@KN;+wU*I3woGHm1j%R-FjAY9~f_203;8KQF*O
zUYfx^UT6GA&LGXQ9+v8SKharPo9d1b<M6Om8iC>qN`H22%Ji58PpyeO9TCbq1F^~I
z8Mg7F^RA#cX;c(Q*fCv;dP;z29AZ2m0*>kib-q1e(!I6|a~biuk2cHDRT0gzuYS%s
z7*iY*@b`fvgd|{3VOBAZSVnpHZ<dORA>=O`8*~@eCQVWtCyW6$c?^W%<l}`?T6b`H
z7f5pV-+!Og7Tp+qoQ`<H0%u&g83Og+nfERTb!uVkoD`z5wx~;4a8ui&Y|nx*o&35x
z)%%6fjDhMj5Rg<x%pj-lAsAB<Eh#kG$l<~<iYwW@tuL;e$O)80xJJ7`C&xhxa<slw
zL!AB1o4fDK_HoX(M2hdKG}E=bF;fbyX*$;Ho_~pV7S@BdcjphzO#{d0#|&Hpb94Bf
z6gn3}_ayl++jwccl@c%0m4&)zP*(8WPiw76o8rpz!rHWXccepCV6&SXWb)m0N#=h)
zf%)gM(QMOcMUM;5=U}d=x6fsUANwvgy1u?%=`By8Ob6b<?a}pON8syr=XDomyBB<y
z_kV;Qkmy4Q%bs~LL}B2)#J&n|UOWfHwU}l5KAmwqdxQU{XS>%?#ekGJDpHXPg5eT3
zMh4Kp!v2)XP$u;OlVOe7{y??ezV`wO^^M?dI>I6c2pN*f1q#cQi<#%a2K7I^hnzVx
zoaPvUJ0Csw-9+DZaCU*UZF<on5%NX+{(rnI<MR6ugUx-0_Rlw$0zu+VkXW==#sPFe
z0eDpFeTAO|e!*mRkQS|w0`8D?n|y)K42=872-tIrlNc#xLRsa@13@eb6R<&$;AdQ?
zB#1^85D>q9e&?3I!Sw+dMx%i8xbpTQzbEC4%u~vM^#qk`;C=1$#ZYoiW8~@kc7NBN
zFamE4@u|vl=VuF+hw`?Nl2_g7-;yMgm_x6H$)bc9Q;FH!Z9NpN%{i4Gj8l85*z|@Z
zvWaLUvS?g$eyBo8r@-<_Xsu-BJSubCKU4|6&-a=yojb!HoC0yKS8Pme2%CQqi<XLo
zaCu5>#HuNzpaN)qWy2=MtW`pS%74c}$H%4F4*mGsHxij(`>Ygm7_1A1T&`eFJsIN#
zNGQS%Y*T%cQjI`alBF35-{L!_p*yC^*R<D3^>;T_`P{}Ca`Hjc9LKLuMt~$TsQnSl
z)u99X^HqE*Zd4mLw?6S#;gs$x<b-9=8$?3pui|op*a~NW%b0D2JhRerVSh$@hp*G6
z>I57N_#-5U_y^)skLyqzj>0#g_47|ND%>!QlQh%}k;mM7iYPLuAnNg+Puxj<XIR&F
z(NhBtY#(nTHX?--umBcVpjqX1D16bI{n<tQWuN)+X>sE}y-da<q}N}tS{HC26d^*-
z+hMhU%VLWOzCY4b`vGM6v45J?pQEbi>}Zv)o+7A!b#~bxrgOyZFTTUb#54y{(%$g@
zfuC@D@~LEMw*X34sspZuf}L?jXm|j51<w$2zoCwMH02Emr7q9_-oA8_CDfJwV&K5m
zGR#b}r+`fEbWdZT`#|efeY@$v5|GD-G@C{q1pg<(%lkIK|0wpx_<z_FsM&pZHmUT5
z8zw1ZVi9QlKD3cx!-EEJW`|Nr50JnJQ=SZX&W9|g5Ts!>l}EzC`i~j+lKueJG7Lfy
zctay}FZ)nO9Ik?~<@p0$PiXgueGp#eY5R1`1pyZ@5iP{5cF6rvLm9--XG~x-lO#IF
z+TgH|N-$j(FtbCi%zy8ZpJvdj0@=>YPy0_@XhDeVkDVnZ<&H@K8wh=t5tpL|!cUt&
zcEfj|{by|YqrLlv|3m$z7N%xz)s-1@H0z55Y3=A2EkDc7>G6x*;4rq)o5C#wW9Kqs
zvDAPq@YuoKQpf1tSU;%L-BBQ%cdM1d%D6hCj!(X!$4tTlHGg^`{=8xe&DT4(`p=MA
zK|(A@MP13Qn9ZASL!MC0a0}6cEq-(_Zf?!*8)ued;1z;x2TwJz7={Qb<5;t~6y|a?
zMd4Cfo@oSUk=wWKzVjcBKK;o3J$jR+L#7h7gbTm?Pe=PaAoJ>XMp#9o_2{HyiepxB
zIfRuwc;jDX3V+gV@5>}Qu9!)_DV0nUZyPl^X7gsuJc1Z>Q*>NZ%Y9<aX-Nn@<_!<>
zR)a^R8@)Oatc)F;crrs6p^=%@7a9IglWf>>02RDovZ}^RmqkSeJbx`N6smQ=;$|*g
zmc}qWljszLc}Px1!JNcK4SH#SE&2~C(mWVQ8oteXn1A&a`~#TnkUdccC_Q&_XU{(D
zEXW|hPjqmdR0|<JEw&YN7(x|2!uZ7xvdAjR03m=I=wXX&QWsu`uns0;&me4v5gAx$
z=`3ar4n(oEM#^BvcZVcaAMrx&CH(V*^^58-7f~q>0&(dBM~)d*_Z78-NchO}b5ZME
z+H`1o34cQfq_hIpX+@)$Jj+;tMm;E0GzVRMJczYmj&T*Uhl98m2JwQBKG*w=NM+xR
z9GQ`QMWmbc*DLt7e{oTh=8e<*n?4SzkBIKHJ6BpotA;v&OqlRSoEbF$Hktn-CM+M0
z{E#iKle+Qqm<L8oJQxmm%5Kp2$g_J)0BuC?iGP#utRLgbM^{&r2$r(Gx?;MN>K~t2
z7Sz^ebjOaqmf01+CHvDr77!@J55|<7P3Nbin*BRO$gs6Gr8Eoo#DwFS9A_laT_{Ep
zN6&-TtIm`E?Y)*BD#@Kw*sP_+C@AMFCPyiv-3FHi<p}Tu?vnDO%F#EEGy4Bee`|Hp
zjDNpc=tEJnF4>PdKTTv%p{XjrsN_#Z9RtTSy8yxUTnpW20zf_RhgKoHELBt$H7kzW
zBxV8hUm8ITZ73G~OGR=%0k^oiM^NHTYXmE3LQPsf0fseWonj*uQ;>sGjpeokpqt-f
zM8NfbX)7ajp7cD=JwzL_*n=Kz1CK}%7JrM6sm;{y=v2$Dc?<(X=ZdBo4%Nl5edZI9
zvSin{@%&$!{9usa<q&ZZYWHByl}p==DL<B?0_CYUA_6mH=|lo+u-6q^YujsVDM=#j
zM~*Wyi<X$8WEYaJqn!5ndBs`{_}MPhjF{jJRC`J^dE3+{Alv`TASP**Iy{xtj(;fj
z9Kiluz)^%2s!2tgMJ&ofFBE@;D_W|rXvm94Yfhgd2KmngV$E-+lEEiF`01FcBs$`l
zMrE5?ehqg`u9J}hC_fC8lV}AbHzqP8lQCFqEO%*jU>=z=uyrz$Uk~U6nPk2@hcZ?7
z#p>?6=aA^exqIRsY<H|spQ_0;NPnTdK-c9wLI9`lKr3<oUZH?7tf_MVA=8`G%u;H_
z0;Dwy;xce`E)SgVWyQEcnM&9ua1H@CrJM0jLX@<&2+W1xSV;_5tAF)>g=miZ{1fBe
zRSkn<zvgB(!QD8ARXV+9+OiOu|CgjmPx8h%sJZJ3jk4xuewN%<a*)pf2!Fos!<;Hg
zXnFjq#8y<{`-)DyYnOt{k2B>8xg3rMZO-k3;7B`D__%f=w6aq%{SxH6>!-+D^vKzI
zgPqNGU^*tjTyOZp6pSJbg0JZfP}ZB;CqDl2%k$~T_x-IU#}O33<9K;G7ufu2RTrD}
zoB2$BV^vXdnCt1MSPFNt-hV@Q`f&Ol;B4;GviAmZldw*Vk!}`yk7q<QVLmUB#ih9!
zH@xDhcQiQ}@aTX8BYdG<52Ffd#H{S>>e>`XbPNQX8!EpTISx6-f%*=Wl;9m=D&GPl
zR-EumlPM9@<)q;m_0YEDO?O^_>%U(S4rd6U@Z`s0>`HAi@Y$^zFn@V6tDlbOi?UWp
z01Tf2t)itWm|LD7x0F2pJMt%|TD<>Nr;${uBb^yiaj6XaHI)47&uMJgsD}d9l@^(D
zB?12(E?D}0LB2e}F!g-PcVL{2a*UQcpOz09P9PBMWVM7kDqQuh`Y^FULaFX$aB661
zv?)XU51=Ypvy+w~IDZqB5#dk(_Yz#9PZk~!qh=%yNNyh*;lr1tHSs1QiaES#V}8CB
z6yuG7OgV->6tWhncD%YP)Q`p-#uGcXo`W0gSL&&P12;XMIF5U)Z>z@spKN4T;uyD6
zz|$j4RgP+ojqegD9$rIWByb|pM`V2@pQw)#Mys8s2V7Vr_<z4%Gk=c>iu>(T8#2IB
z&Im76M-IrblpyU2mWQweRp6$G7&_uwL!2WpbY3>HmZ__I{cm_e*bM2Vlk7;X)iCFb
zl8pL(QoyaBO*=_gLy0Ocq!?+bwNX0MYOHA6T}^slqO6k`4-7hp-;TEpGG0Oln(U=L
z)Ue0&%gEq4FMq)#xQ<vESZ4iAD^**B#E!^Es;$YrDArm}KHfC)&!<2Cg$~hrOAx%4
z-9r!@Hum!|FD%N|r%w#UbSfkAITu2<k>ivEd2Hif?|-B3L}8FK%PGIA*;m}qU9DLL
zR6?%z1Z%ls5ZLaFU>8*n=EDv;&##gea>uj(YtFG&@PBXZhZE9)1Ooqr7(Su)i8YvQ
zyu0x#Eo&}?1`?iXYk?4!HA6f2pw2&0lA367)DlS3Mpp+kESv4pKTB&N<^!Ss*e_g7
zOP|xzo^oI#c>V`0*5^@-X*vI+S%a1_d@)BLB)iG7QeVe1Gb1n)WW^FQL_W?jpCSr)
z<0nH44S$8Mna1Bn?l_lV`@pFnv#~+~i^Db&TArd6&t7FVF|pIL^=lW-i7>s-quQ1o
z_Eg=0gd!~uE<jo&ccxvcMc<0rmKZg|!4{~5dp!r*nuuIP$V*HtgXuVpjV{JZcO017
z8J>we?7Y&Rc73lfcfG(XdB_r>$fYtyp)o~82Y*G_DV_POEU)Zl$_k=P*0=^uP~4zT
zlQTk#5y~AYVF$tSV7m8BU=i8L+Cqb|W#POcu>dX++6Aa1xF_Uoe)n<c<SJ*A(8BTq
zJ35jnn)4qFUKK#DqHLxooz>Wf@&Js`^xG&wV?efex_(>uBNIeUk#n0sv$&qV+s)<I
zr+?tTB8uWbSnD8LAHT-+WLj$Pq_$a`s{wZp^qO%<%+Olw;M+T)5v%OWRjlVqWo@M3
zgOli|0%C2{Xq{_G(kyD$f=$?@!2VJ)7EDI13(g`WQycLM{EOA~^~F<#WM;5mOZ|*W
z#0k(M<p|T{im8bDlQ#$8S{ntu^)UFkn17eb=0Tr}B=?ief^oK`k=Z_fzl7AsbhT@f
z5JimQp7n#|I>?5=EMhDC4YMUT$fjTPjtzRSUE&*ER7ktrtJJ0e$Z4=tu!h$PaE6T5
zL6>K~m5H3oK6~jI{8ae{9e@j3t@gxzE1b$wDG7Jbgfe<2sMb8|Zzwo~E)zWgX@Abw
zr$he}ds|SqBwlmg0)`_ZQ+4b8<YZcGA9t4CB(UzQ(zUBhA&0Jr*jHGJq{_MR;@eb8
zh<FVZ3{s>VuF>IXZ5Jl*+`Z!&EX0^i!o&%=^%!f8I0tck(Clu%*<%r7vXEcf9IL(t
zleze)xcPB#)^EF;*U~TInM6Syl7Aspb3#GI?&RD$Wim5vBht}sZq}OtYU9k^@nguz
zw4*>LLPh}OpvB$#r}=^I{J+i>(&71u$mu!=ef2|4cshQx1maTHk(wjiq~78Y3=dP@
z<_cBws>b>`!B27S=E!Ewd#A48eFV86W1|Gz2stj-V)1&ALOHr{y?h%(Lw~WtC$?YK
zVp{6cfWumGTzc=(O7QKUNACofGInm>;%KN|=TkU}{LV%KMF|SDH{-BY`XIImW}l{n
zgUkS{Zhg%h5T-<)xa&=C^<~zfi1;nAehcF9y>x-0k`=dcogvtu_8tGkzA18C<5h%p
zyX?20Hk*Ng1-eB0vhA@zmw(&EJ6Hqye+A27sr9yde7wB2P^NgDYHF!GIXpl*J<S+8
zWQJ(fIjhoud@zKJ6HY)sjd1@uAUlVM-_pj=4nMpMUA__6T97V@&my74n#~T111D;V
zlZ&$D+2N~dzjW*L{Ad^@8%pc&Z@~gx<MX&5rD_n2AO#`})k9F3oqtJ++WHK=gEMyB
zfJ1i^aZNbd&yaI*F7m*~BX}Z8(nb@)e2l=LSk6kKS#v9}XgLGk16q@C#pRTB#xY>0
z|3U0ZTjMxzqtVytgK#)NwJD75@QgVFp2Z5DJ3YQTAA9kB%~&YBf%avvg#7N+mNPBA
zE%o&}^R8R+EI9f2B7Z~4ImQ?vAoED5s)3v<)#w_PA26-UvtJJeA+-^`qODu>6VtY?
zUB#%`j0-1Lw$rX7nkm7E9+(rC8v2U61gY7Lp|2|6x0j!fD|*jI0jt!mywY^?Np%cY
zTI)auGCC-xQ}_N(_XAHGRGV%)N9MdYh~vl~<^!ha#N33DxPLk95XXO!eDUv%`pE^q
zivOi3s-QHrPzRachn>Zscx7xAA59975hrxV^}misL&=IKJsU`!aYN$%c`1xWrlX_t
zVFbCuZy}*2zq~k7Eqw`L(Yq45DTPH`^y3O{oQc*p$(db02Clh^=#V6=;Z$Dq<sT>(
zd`1dNT+FtOJAW>o(AyZJSa{mDwI;#+iap*aB=Tk#6xdDtAvt^f81%XpJQXX?<$Tmy
zTvgk1?h-HXq{;c8zgz-$6mrvdPnrdHJ{n?kj7BMsF%}|P6<c@jeHc>;xmK2jHA;f3
z4$e%Pz>Usvj+En-FDMs-Ps+0hhPr-Kw)Uop2_BZwZhr~_Nu6Dqv%4q@kz?=ET`;Yy
zO8rGLsx8N|LAq}_p$~s{;UHtyUJUd80~4n|lc#oe1%w|1vPM{ZPVNvldvBVA4Qk@c
zZN)>fW`-<UcH3f!M^gT8pS$>9z+bEQlk>GnrU7n~$%(=odqGyK<S@09aSY9Wsp`rS
zS7vvkXnz^fv0qY;B`fpy?BWf09Cvpc0#>D6dF5|T1iy#JKR!Mvb6oC}-tuPl09RFY
zql&H2nmgwJo~0$=m?UB&d|*zFqFiFl+92yL8iw%w*0~d#;PZ;*^>-zWUsJ4%D%Ps$
zpH|2?>lInE@1>`Mcfl8d+MYLS0NGeNUvNskB!B0&>%k7pkitQ)h6mzqVzJdrP37ts
z6>n?em~pd2J;(IZR8f=NMyoGpD{35SY>>h_q1%e@b(>n}<HHsI=08`OnT?E0IgRhP
z4?lDGub&ijpA@~I-t^!ZMl2*~C3UUHygO>k9v^ua70Q5_TA50S>&6P$1l8&*g&<na
zdw&F@c%YS^QUT;a(?@rV->pZo@7H$ISSn+lTx`g;tZu!>43U|-F5QmspQ<GY9=38|
zcXsGclTH95$0Wu_*=8+$BZA+xpD-S~)7l8;g!+CyV~Bu1APkSsY4jCJ0|Jd{kbydK
zd}`}~V)2fWQZd9S5Vo<1>f@j-!J`zlRevrB&5KMQgg*IYK<qk@D4t7rwc6x?Tv=Jk
zcAt4`?*TTM!+bAkF_R|`dt*F!C<@;fF&A%k@%9Q8`bnU72URwm5!rWm#^u?A=qTss
z=F>iqfo=!~OkbvGml3FNT(6jhY$4lWKm7ibq(bQcpUS7Da{aF1Tt7BbbV6jDx_{s7
za6@Qpl&jWmN2{r+@%op{Ro_+Z6JB2QjRwMG`uRwVp!T86eBgg?t3L&5YaS0;<E-xQ
z|3cxZ)i3fosVs(X@#`*D5WB0#N9rn&mmi@CqnFhGSGtpb>L4iAT8H1d4pc|8N(S3l
z^MxBFBH`XaO*ClRanELHY-?$$dVieg%@*)o_Xw5qQ3_D)I~0xT!`r_eM_ts>)(#q{
zPCeJE#(130Yl79$RvZff3SNJ?$-V<iI1iK$@yw*P&|77HBowbyr4{?2st@X8d_Oc%
zZN6IIJWyw9<)KRv<<2Z_anHv4f8QJMohWyEweW1ISL+7uCmFx_aztM2&3}Lw!<)l@
zyHH$nq@|^Ol2LM|E0bYb9zyE%e3`Q$gCU+wCo4`j2nB{D6YRm8D2^pj3jY0p%vX&%
zV`gyk|FL&hv30}_gXm9~`GlF7nVFfHIcd0IX2ynd!psZ}r-3F7Gc?ScG|bulzfZbX
zyALbv)qU89O8#lU9&7Be2Y)1M{4_Qd>{5%tOK82AxS!tbqmGefB{t~%`Qd+@wD)K8
z#YgMCdTE5l)W|5nY-u8ED?OK=L8Qv$hBU1L#CE{HTV#WetGfFo3>*v=g}tn9H7GDw
zAhI_=c-lo8hp)9iA&)7s4)Nnt+cnFcp$4sEXU!Vb@8$x>^4vt@mVd8Mm}qBfb17mn
zhr7756OUetL7IZV>JOnVnyky`viI%byJC>W4~0K4Nri7k6paDja4|USo`!7?wd)Nd
zdvD~v*xI=64%21iqEqv<1&=+#cdHy`XZ-4Cw8SJO_I;a#-MYuwO)uRiG^$pLX99zH
z70&sn#qxHT6vXka(|?x+;i>2(Ofa{%d#-?&pi>d6A<hYYh_n<zEb!!&HWG_vff_YE
zm(7+niIv(~?d#&<&B=MQw38$}lR&p97xXM49UAHp`D;<4V@dtjBzJFty&ekNI^Aq5
zKNE-~)y>K6?CnY8@loL;?wa2^Ut$Buc18ukOYp4lgu(=kz<-Ny{k8n)T^!oX^-dFX
z414e}7wxZ?Bed>d#05M+h9*90(vu~-j?Cib27_s%<3FzjmC0SN##z<W>Pl-0BK8U=
zNOzUYBkSsv4Bt6A9J}tZA`5&a=9Rz$0$=xKzxC3I@R^jIg_bGxT-K{8Kd7HB$2H3B
zBkqU*xR)1-s(%X*a}v1CfFc6C?;x2X<;Lgq7O19Q80^?258L)>s)7SGaB2<T?|wQv
zASzOOCS)|6zOnK`Uv-`_5&Au#0}vnTNe8boB%wjrB!n!_NmNOYuWqhW9y2FPK1G;;
zAM^PvjopaL%Uk8rs<*>joJG5r@R8r9b{Wa!C^!yKhkp-n(gFSw(1AMO4|4kb-6T%;
zu}8<Uu*Vw$0p~a?Ek$i@Qq7ya?-x$uFR3mtEMWFsHX>WtB!(>WPo_2WLgaq-`N&YA
z=O#mNs*iUuY1J${5v@=9x3mCxK!(3xUm+S!oYhUwVNJO`3aSHO|4?$1k>R4(6j<}7
z&f#`64HnyV3JZT+()d+6Uao(Ka4TupFT;1zxEL4AetGdzUCqh|J_9jG3>%2N_t7>*
z)<`hZ6oXBipNql~G8pvR3|bRGH4LfIg-aA3q7~JIw{+C@fc(ns;-X=SeW?o>*gr++
zLnX&#O*=+$Q3tU$I96nZ5VAVDbjItCAxE+%;sby-hmC)jpg@tYAAGui0~(sqpK`37
zCf83V&oS#;kB~Cdsg4Zs+cEfQ>14#;Fg-O-kPvP5Yg~6BHI^6lo=gZLOPy!97)q&4
zS_O95aI2R{Z-(?yG24JuwN$nUDHW$1Y4s}7Id}$U8zXneg`3Luo<$ZRkm90P8O=+v
zSTC%Ns=a?CB5Qx1_7dG%OE5GfyUasFNm*xzOlsU0#!^k7L$<h_n=0YbuvAhkf5|b6
z9ZyN4r3VvFF$NJL@uP9-PrDmkRxK}H&P;dF6Gy}&G&Lg=tuXr!)eYVpj2j-hy%Xlw
zJE^z|Z;@T$L&<O}IEFR`*+^`Ci<)QlMrLcw5MzH~=7w41-h_0s#ca!UieyHG)N$9<
zh~ar1R@w5Lek!?<`XR5}KSo+-_?<4eNL&t~U&-f9fVG7N1IO7~y3}d(ED)Xri{+U`
zY8(Eo;p+@PR5_e-U%j!uDr1)|<4YKl{b#8?&UtUhkG?lpZ!u-iD1A^y&0vJ|w$GgM
zZbE-KI|=D<v2-E{I`S;#4>fg7aavEE=i{?m*1;Wh@HosG?e1O7eE}SVYZ^S*@IgZ8
zIO&ou!-qV<u3<ihAK)&g6!7vh0S9<rj8UlcgS>ksZO<dir<MjN)jRQ>xHn9Y2bP0=
z<s6ntA+;!Ev1LhNnfFYrn+zp*3kmVY7?FQ}UV;GTP-nfbmxGy`LAH5mnpu<sZ@*U;
z6GJ6F;E_`Iv27V0j2Ob^z92*>fa~KRE9QoF*or~5$g?`>y_`#ZX95W)Hj7DVY8b%&
z$`WCb*h{Qxc)%Q=9QVz5dliObNpB$XzhjNNSCk1q2so+hlvyKS((iC4r50TrQ9XY>
zF2$JHSPf1Yg1u>OHZiaX=fxQwy?ds^w((QV^m!dLI6eI#%X*htoPD)`68lo!7HM&n
zY<1X$PVv$JFh^1kLmj~r?C~cr`rh3<y}Z0#mTG^d_gz#Tnx)qj32$%^Cklxy`5THj
z+riD}tvus|%sw{Xsg(gsRTfgYa&CXgZ&CBEHgyeCk$J?E_jN(*sq;sKBsdoKeJL-F
zufIro6xSs0JA$#1$?&^%Eit2_Bb&#FC7o?_U^aOC3A{hwXq$YQ#$UlH07&F{LjEzB
z`~+XPw<0gC+c9^-Ddp3<H5Zif0a*aOA9u+X;53<CL%d6r;5VYUJh6fVm3e<`W7^cD
z^e8)Zu{6_Tb8-rIhT;#UZVmEu+wC{b9}~1;;-VR;V~T>FzGBc?^>se+6@{-*qd*;Z
zclXf(e6!=5FxVr~#?-4u)3a?`X$R4zp|L13gxT>6n(@hqtQ?fk9_s0~Z9gaBH{I_b
zhL42bywj%q9Ow6E%YBn=e|&$z*x;5RPz0h7yJ#=N-q~!z=SrPIVQr9hB?i%K3h(yi
zBpfgr>2ql&Rn<@pj!{etDhOsl;JFoJ->B?NB}q^himeY~Fo{zc+UwzyY)8$A9~HVC
zd+yU8WsRoxrxK>L)#!I8n}`_E5eu9j%$^hwX6L2T=;9SRcW!8-#<qVfb*VaieROro
zG1?qA)|dfL6l`~Fy31+7CbK_n7OSe_F)^s#vhKeRQ&MU?wf2((ae@Tx!F;eZirrq&
z!+ue@n6+?CLN6?m*fB2Ed_VC`6n<Fog&ftuad2=L-M8QBeaHNnK=>MtV{xw+@AMlv
zusns6HnN;iWtwc-U&MdScd5?sc3he$;Mm<S7O{6ihapBm%H3V_bKTp`m@*49ho)ph
z3SL7s6hg=W^1?^xL=#Dx46*I)bO46PtGFW@25Qs-hmnyH2W2^(QJ*?j(DMOXyWXgJ
z$F4ky5xts=;s-Af{`PB8Kjx~-S$)aRD|~<i3o?`a-blR0DjR<h0@g%gg!qnPigAm^
zC^&XXYfPxpB@wcK=5)62<@3%rWx;2wKQ&TNI4CSkYS3}TXETN3mhp;;!Ztjc*Eo!_
z{VK+vp(yL0Y1Vn(hq(YL)&!;-fjIv2wbttGV&c~oZl}IIrmnKK&5!L!p*vBq5pqPK
zxS#eH*_^9C6S;r8t#*pS(Exq@JUt%>gaf~Oc7HlD{(l@f27t5{RTKpP8WR!TOricW
zX`Y*!v>2dnis0n$28p?hnj!$;Lj?c?g#iFB|Cvee7yxi*0RT?_=ERo?0AM?VI#mV!
zMo3ud$XY2X0_gs(!veq}Z2^$~$?h+_|C|p1q5up4@n3&?{_ZOP|9@gl3LyU9_5UQS
zWH(j<0Lb3{Ye?JL1;{(~LRWK3_z1N1HL~+@>H2ih_uYpGGDjC9P72LATvkODkFrSD
zPG=T1nP%4HtDrg7aSRg@9<>CN7{WWy0SXcwq7zb2<<QZl;ODYam9}R4sZ!sL!t>tS
zrAj^V42OTBO~Zqp=LX)TbAT`3*89fm+qMYu{{KPvI2rrnMA>=bT~U8%4>TT)b$X{{
znom#|0{NVe;|MRrK1c4=lsXU*Q{Ui`7RwVB5&oR>y>h$SNa)Y6gl|8H6Xcu)`RtCb
zeo&hRbs23uMexKLqf^gfRLzy_iMl&-RD8I4?i+u-JJfHlV|PX6<VE`2agQ*6xtq(d
zs=Y(I@JJc5jY~o&h4e~v!!p#p`Js2UUN&nrpZ+qXrrlmp-EP?Pi+TuYrJfFgKse!T
zfS!-}q^2d%qcW!!T*sVMa_sUU>_h8g%&)-Md%70Xu><)G@%-blH&tr2G|g@f*1{6i
zK7)Un*~rM@bLe!oRfj`Mq!rDM^wvvTn87R5nQ~K8$1o+))mZUH&`^t*%kn;Aqjrp+
z==~e$Erz?lt2ga<4f{TzyS?`&#>$$uRcRYE$R9e7r=EW7C-(U^lmLBjHoo4wiM8I#
zZ(`pw<btVa+z?Yz4a9d5C*)i*jz2=Temj3yYO<r-mC~;w*Jd=H=Wi07`wm273{ARC
z^KK8U+yukw9^psw2w67o&QghwK=hDqKWXw&Z_MdCSi?R;2^hxPo`^p9T;Ol{*lN18
zJNF9%bhmpsU2B=UN6%xHF*Hg}nbiM^=X&%x^APZY#Lde~DnhEUKuhi~q?b;{9}$0#
zyiGA*_RtaX2rKcWBr~ei-p5Wq9C!^shzZX(^zuTe`*A`#_t5wpv~&6N)*<}Sx7Y2p
zcdc+gRWCfXFJCJ0Nw)iFG&0LM_++2Zd@qT=-HYGF%|I-8lYRJWmWyL>9CDj6z^AdT
ze-+(HF0KxBDu~nT?0RYkG^m@{ifn&Q*vWA`r-GS1n@39Q-FZf<ZO|v`c28%q2OCux
zV%dWZGsS>2G#O7a1eJmMapeHknaJXMY&K!RLMt8mr#x2l1G{bJ3K!|za1Tzu?~j~^
z()I8KZoMyQtvvVB0|h3tqsKyVwj!r2+aIO9^?HNXqSGZ9%OL)Mc9+#c`ow>?tI}d^
z0~kS6x{@$Sr#t8?IcKQNeIEUt+!5W-W@snIDLoLYjst6286AhFDl4uA;tO)(_OCPF
z8bc3S)knRsUm?4awKhlnw%2$DxQNF1A|z+-!zARWvp?|QuGqyvxVsK;TqWavET%j(
z&^oth#Tzj0m0Rjqi(3K@mS2AY3V#Kj#d?4Bjn21iJ$S4oQj%=`O<`|o5g#@-w4R(8
zA?$wl+!go%g}c49N0A|5y0_e!VSH~cflo45fZBMR7SK!EsmJRG-qx=h->m7iglEm6
zh5xmZHa5o9fbAUnOTOn9gSG9sdfjsOCwtVB9UsoBk1r5hKfB<Jl&^o=bXbDmM`dWj
zV$j&27ez*;SVk96H$w?S8H1Ae2C3@M+91_gR_JL)iuEIZ7w7!U8NL#JIO;faqdhbH
z8I3-^m+TjqU3FAjJ1jk?6xy;uV$T`f#Km?|Fh_OZ7|5~0_ndNn#q$n>vI4Mn`XX$3
za-H1HiDLYXtZSgTq(*<xZHIAl8QWYu=5Li_no#lR?|upA#MIK}sckGR8<nT><^64q
z5SL-_UV)jONJM^V1jA-1QvrRBQ~&7f6Sg?e0FbNn5nQlOfvr@bgOgHGOqxW+jPmi9
zWT{eV);R5v^n&Sy<fqvBZTh&rR5?3!ojB69IGJ<Adq!AB8l8V)xt6sn$9&Kig>k>o
zf-6|HsFdF1A(vV@q#GfZEpdWQc0y*s?-vMZ^|+ta<173|Xul=+)PKa;U(22R#R5OD
z&2<cOnt~Uc4gxn+1G{@+I^RlFCAj{Ys{rkY4n*6i8NG<7uLax#U9gk4adS%7>+K#d
z;#-VslQ)UGLHvJ)KgTKeY+OXOru(7^Ii#uEg8VETgK3ME%z=@FCN~U=Noo-jw`O`l
z21VPy7L*-Up}uHldJzh-iq^JXw!%BUbh6>vtsNj`&mWy?Bh}blG8^X;Um8}Dg~rKV
z)DaxVZm}RDg_LCL@a9!VPfFSZEO!b#JDz{^+bSg9#4~@I0L<P+9@w4euIe4p4qX&{
zB|US-x;>JFFgfe1zIH|@B~w8|56wUm!!2>sA*FGfyi6$Dkk{?=ODpljB{M|I->Kxj
zMl*VBT*R@K1I=oD3%Px~U?bA9K#~Q@#<^t9VQ`yiajkK5IqWisOO@4OpeHeg$%#@7
z^!G|BjD~;HpckMg(bKFJHE!;vOlj%GLoc7n(%4I&7pH{LjH%cn;Cd#jR&zB~so#o`
zWtDw78lY)fG@ou-ydG}2|21s~2qf_CP3|f9zA&1p#@s7KBxVQz+Yo?aC`!R)Lvzn-
zgDn)n0lA%Dq<R4}4BN%*pJ~_(^N;+rp#+>BoPB@d+A%lv6f~Q<cuR0HYKYHfPB}zE
z=D{?PUU`o$H_H}r=XLGBwc=NBh!5kk(IwZRad~Dfo!#FGesP({3i_4gN?6D?*P*<C
zvjY;PiI&r==m?F<5T$Y}M>7K}WaO#H!Ac;~kn8;V^waah;<1)~tND307H|7OlSvpv
zktlyIMM|*<G-k#Ut%@iL_$X!fyTslu&OWdrr39Y|w`#EGaeYR=Xw|f6Gb&CiQUc?h
zQu^EA*+rkHbpLjWJ<+L`QbE46@ll%13_)LMsBZ(AlU>}az4gkzr6sersMb)b*@Z>u
zxTUaZi<M;6TX^BE2(75IqJ(6Zg%UAwQeJ=Bq+wzb4l0v;;fy>v9Wu4M4n5MHLEAM{
zcAQ)(2Wc6-XHSQH{x>cY?}#&(9QBD9-leTXqT#8Mgu3W&K;0*wTC)TVt2>eR12HlS
zNE}F_da@c+pn1Gn$YvoIox>E#IWUb!eSx<82Y;w1axV6HF7d3c!`y}r`7b?KRX2Ze
z1k)|SZV6xS@Q+o-m-1;<B{@8KT3d4RU+6^?l9ae~Q^~5(O~EShcss0Hdsw1U3lbH;
z9si5<+4GkN$u8rlij(GfQ@2OttHBSN5=y!GBf*C=<R0j$&y6CmR2bH`%e&`|v?cYP
zIO_<c7y}W4`Rm~+Aa+bi|MdAS1?hi)Z+AOS^(wz`e`@*xxjcm~ywaXS0yoqYaA#G^
z3t#A`7Up}iFRXxlMoqH2R<bGvDSMb5iDpCv@hBuFw++*y4f7+;74qNEII`O_sIQN|
z2;e(Mvw>{giwghBU(A2HbwI#7X`d=t&&{p}sU0#oaKx#owtWHV#A%c<RH=U$lk6y9
z>wcZi-5qEIsB(Iv)r(x3Cw5@qBs#Hv-X!g=C;tM^dzR!X`P5{ayno>*`XdyZGZaqD
zD~uah%=+%ed*LXSLfgN1FBaZj7&NF4a?h+HBUTud=B1a;uw|?-p2G~YBelq#*Sxl{
zh(o0vg(Ouks+pWy!<*uZ;P-#cEc&r`db%Fc%)@Qy#sXa@rhpj@VSQ%*9p}gdo1`PF
zQ1}b0bVwbddu(k%FPA-C4eRzfC;i#(M&Aqdupm3c+g-Dc?Apn+MXkkREME_7h-)K>
zflk5leTJsUdsj8H7=xo@Rl>|R>p%qM`y|?)pki0CO7c)w0npk(r(}Og!&{UU#Da@?
zx8(bkD*=r&QEZ_yEicSE4RVxv7mrT5xk^WhaV;`o?v#=J@)7qE(RpOMW)L^F9r}u6
z^VFNvR=%4awGP})52`uIYI6N|E|~FxEmaB5Rmg5GLX4-@@`=XsM9>IstlH3GiQebY
zz7wB|z6|au<@8RbLeYOGh)XTJ!u^DSDDoP4;0JgaR=$*|0|o13uo+$*ofmc0$O*FS
z!1q@w1*vQ)a<6ZdbXBsVtW24Rt~aKlnz(%S@^=Xa5q8Al5*v8l5}X1?L8I*15>uou
zJ<>yy$Q$uU*XcczLI)-Av}3&8jXLJeQhNqoko%g@C?1+D5%qt?Aov{zhg4UrXH#bS
zP*KAuD`R>;c#3XL_kCTEOOSA<UsRyqqW+yVfQ-3FlOUQE3(D&tNscskm_GIni?le%
zuFTsxo4=A<veF(!;dFUHP8CjUNP=--?EpD(e^dFw<;cOmsSMtEJt8U=!^R!2riOXm
zKoDKPm~l}~3p;-`!K{$v&JEf<eHy}&agQsK_>X&w)-vyHv~p8>tKu39#~P~(I@%%%
zCcOqhF<E#VSy)VxYFz5<`5FYc8L|Yd2`OqSlUFB#g=N%bc%-}6)t{+ks;XSZVdm>R
zPuSqZn)~V{K84CZO#A-0v?b{kqa^WglW3&LYLndtuxNkIy&5w0s6R-%hsS}W<u;@x
zP=)ETz77do%R0P12_LJ3zg&VJ6KK*)YQwC`WtR*|9SOvSdhi~`!WEO=G0)9*2Eq9-
z+$mmYomE=6>vm2L2Je)&#w&jdjV)E8>8hu20A28)%!kla@#4^iS?QuxRl}mtOJYJH
zlvFdR&l!KGpb~!ZgIWgwbzDJ@V1TD>;Cvq`q%5A`^TTJd5zN6way1K;tA?fIzJM5f
zi3=>09KA(}xCBi&COEBSEe4nzX~~ajoJukZq5S}1MFbZlCXI@u9Hi_My7)A(DabIA
zFcAq{F;29qIu_lUAz@~G;mF`v8mou)BsI%*v-^J-=@~&kxJUoDLD2U-pri8q7rZ7b
zhbRUzIiPA$sOnrQP2<x_#Mw8yh`4Ugr|eY3JYnWu@E2FNgI8XEb5MD5rTOH+eojHR
zq5o(5lV#0kGL0C|k;_yh()c9t=8I1=BJp`mj{aAV#sPfEi)1mTk|J8ibk-<Hv{rH1
z{D*&}F?h05k|L!QgL24iYt3Hc3Y&K^&HylV{_2%S>G(J{A89TfBYBz;sP|i5OCo_)
z{m542D?hI;PtIGp3i}8D&yXg2LWTJ_&kyj;iK}YEZ!#$v9(SOhKqqx(KkziJj}zN{
z6#O&i5!3iVJ8kmFHB_oM$J$}LQ1$_cvf+Q2Ol(w61FdFfNd?;YwdV3XiaouZSwHnO
zSJK*sK4yWQ>nwDvPvgPClg~5f{8-Qxp;$6Qt;_KWyu9I<Gqbg|y7}E5pMwgO(1KlT
zFNxn%Rpsqu+@&>i7CYnsYzWlPntO|uF%3|kY|n$gf}@v!zT{4RrSsn&WKUQJPvn0T
zKX?qlu5DbYBn8!qk1xNPJ)zT5jLvYNi5Uc`4T1NypyF~`^i=FxLro8_rJP$^G2gw|
zE*e~EvXd(#crF%v@BXzT&(EQkmwU@w96W3r2!^SC<;|eRiU4imnB+fwZtVIL*YMCZ
z!}f6L4!@0bb=2n6m-l*OV4#JyTfu)$Wd3HbYQ@Tixa8HHn|`t*UJ8VzJ)P8DP$fAW
zm3?}*d^^&3DZ06^)_!}RLq|ZPJ~U)UTdWy}nxG6WN_WYb(o1ZO$GPJ0eUBOIVEP5h
zq2;rX6ux~>@nRCVCVfAT4SIExUc$LC?X4B);~(^-78;fAyT{wC5hTV<>{x%oaaqw1
zUNYfur|8hli~wnud*~j$;nJYFC1x2m>ChaNuWq~H^e<!5-jE$1k&R^HYBDV##GWWl
z88@R$EnTG{rD!F#78|B71BXj2&On6>r@bw1g<Mtj<9q#3%Es#uSj9oF_YDM=Mg@`P
z(C;@_?rJ@bTPs`oLR0&b#JhjyTlX@X9JA-?X-|5TI&9D_XgcK1QWL!*+h}rRsX7#;
z5Kye~09AE-cA@C!mFSL!fq(&=Uqy3P6{CSz2h2WMutdTaA&hu=;Wj`7TX^D?nF`6a
zmZ4K03EwgHW9>L-EOQ2Qe$PXn+RY`^(~!q$F4HUPoW^D%LoHw^oOgfV#M1YhIHvVL
z?+NAWKe1DWz0c;rzz4LC%PiyZ-|~}a*2ClwVem*)M-nP*0eO1E0ft@#W{oE32uSym
z7Aj6LkFjB~QV|_NA6SpXnpr-*Nw=K^QViHu`B|dYQh7|;g}bR*+@|-=Vf~G6y+xTk
zkm^2U`~KR+KL8qE-kX1i`64;fn`pAm<8hr5R|V8T#19uv2~=+j-0x&pmAs+TOx%HS
zx6=UxR|}MS_<1<=Xx~x2x1r>`ORh;7N;4%}b!G~&7d~&@2q&vf5V}2PWAa<0>6na?
z7A3LO_YXKby35dYGPzx`ONhNcwdk=xQrpofQ6AdKoF*&vI4FN-A@j=8PGzqa0NUpK
z)<Qh&^StrDXK{IXu_9b27qDyGo3d<tpZ5$LfgqZCAH=@yabXDP+9)Uome6u!&)A8r
zrIgqzq)JlQhQ*NY@=#5gSr9B+282YV^fy;iiBWO-Coef`Oy&rUPB-&1m(hDB2lD*-
z*f`Ja4INSYCiQ=as_F)zu@{1d#mgO0@7B}KDasAaKGcP7FQ*_>6j(NGn7>{+N+>Ts
z^F_W$r;sc-l@8d*CgCZ>h3GLU9Rcx~QF<^E_~h;=9FROLv^{&3BRujm|Gm{uML(}7
z?Dz>vN-8F(XE?4XQ=Q6;)bdGJmA&2|ysx2@7CWWJ3m|{axl5+mFq}p{<@Z9NPd%-6
zp8GRLXinL#U!@)MaS<4M#SLo=Rpus@!LI??$QB0^F_71fmsm^C`BkG-6dPJyH^R4U
z{p@#!ws^o>W#5SLh8KeVRj={R4HO<=`!Lb%$gS>3Y0t}wLXuCj1xRvWCfI<w!!Gze
z_KneN@}qy1v8-?!8w%U8d&0HzSLfGdl=)K%9(A_$P0N;^@JY`kGHF^>e6b0KV}G4;
zZZBdRE6_le2&*!;?hc}FSGp`wkZkFIMuEG@8I1U+zVe4<z(;Glil0z!z(6Fi;|EW^
z-&8TK3~3&fHIC{8V3_Pz_sU(e1zPaJIvTd9#4dkWS)ru(M3TCQh#YT|m7K3-+SE?5
zgl_205>x2y5e;;Xj4+v85z9I!1dMz0@R`pF!`D+W;6hH_Z04_~E`(BOdy!?|Ta$^N
zJwqeE`AFiG)o>X1m;K70Pc&%bVlmWH4+1|>)F$|C%?=F%tV-TdH>U-(7#tgR!B=>S
zQHOs5VoZrQNSJU+{{#b5ZEeg)7@IDkdy0QXHAk88SR5@-6;HCuJgCf(X~xGG=$7X<
zIW}bCj-S*>YD1SJJrA+x!7A9ascLk{UIrfc8jt4-s~8H=K)fwlH%td2wgc0D4kve5
zNkyX~l9c9@lCfSSEZRyr4@g9zx*sW$Vo84^JoeZGuNqM7Ilm?+8y}-6^cheV7LtF<
zPLYvK*V56uL@&?#vzf&1>A-g4M2d@ENmsLF52Cl;6s9DOM;0GxW78-t7e;Ls>!^6^
zYK9i}-X*5(D}l~jg5UBM4AjOYsx9fT<H8{YpTk!7`sJsrb9ZA~NM$b>O&i^=6J&q*
zbUPf=fJ=Ds@L2YU>5o9z;`3EXf^qJF?!ri_cxOe3|35EmEGwtv8?dzHhRpivQ$+TN
znnq^s$Bw*vE1Pi8G_8U8E^nhK-3jx?QAB+e5YF6zppA0l!Qb(F_-Vk5$)rT!X!eg>
z%dpC#o~>zYR_2h9fj5HrX&@bQk*9w!v8l0uC^?qW!uc7}sP_OjyJMW3uZ8?L196N>
z)9!@7xzKGi>9a``3kHat$9z^(GEMvV*8+iVRDV@J3iZdK#-C8(yPxZ~;iuQJLcvc<
z%4`86_uX51c?7a9Hga!rs#h?a$`qxU0}C^PKz8#B`kAmQ>Qk)BFW*^wDGq<-+$oi=
zcE$<2iGp&@rRz71L44?D#QgLcp)_Z6mr{2=SlXI?hx3^4w|Gu+-E}N!BRKk=y?&Fk
zyug4N$D6^eXMVqzf#WMuUhtPC{Z+p;_wFseJfLjj=~--=8DI8pvK-`Qg;q=I?Hy2O
zp)*iLyUI+DB|02Qr$Sfq?2dnEc&dDb-<?|jaZ~a0&X(%kp}|+8s$%wltoEGwM(3Ck
zAzDLmPD-NP+?JcJZ3>@jn%B<~bu(f!GM~J@f%f$mg5%p@-@!u0Bmm&_3R#}-!g#fm
zN4+!bLms*~$eNo5?SdDc7xHIRhHO}jLqYu;2+PHFb3t^HI$Kguga3aZ5d^KK(H5tW
z5tO;n{2SEmADi3kPxcVC#}Y(oWoyf)W{i@iIE}c_=Sv5Pg(;u1FmH={(|Gun-mkA*
zLNM>qUh}(Ysbg;7%=osBxf$&AYs+(uw9D%Y-In_^r>)QaFHFA3PL2$`3LVurdIig9
z3{GiTwXov~e4e7qsBnMUI6lpZikR<@aEl_GK0}j4lWF2#mr$C!H%ZYkJh)*%-R3f!
zc<9nlsutk3I&K2Zv*`K@=3JJU_l@SDtRQw+G`dp>+X(TWCNxoGQ5ca`zQpJ=Be_es
zeRtWO0uAa##%d6Nw_|m$S;~xx@*3kcw2MW{qL$zo@n-#PoJ)V83}qC0IH;^h?+^PZ
z-CLY2<~(hrH@>~8R_msXp$rn8p_#2i)`5783~=4^G3xK9eB)vm2d!$Akm*Skixf}J
z4gHzwST_;!QXzzntwL#Zm?=+KcMwOg%%bf$U))3A$F$MNZ{nI>A~lG&`as3<)m`l6
zrG?oCyPTE{sVaY)HW&DvOhmevMk;%$Lig`MQA6PvKj+1Ln!n3q7^#a7`af@Uu>cv&
zQlug;^>Q|wex_1BZnB!5-NByxq==Rry<VL<Syfq#b8P6$`@())R0M)tsiZhZ>em&e
z5cQJId)=BQ57<HZKv@i3)V))|GclMQcU_Zoth{lSkcEH6J%l^88}?RK<%x5t$n5lP
zEO54Wp8qv+I&)ZESgpaT#);~JgN?0DtjDls$57Lxna-?e^L6d3_LTF{g}Bf|upyU{
za>p*(I76+6sw^Iz*O8qMZwtv_T$NM?p1BxO(ohIP@%rVf+oqdc<ru#FPy4(FdgFCQ
z{Gv!cC`Er)(Lfly3szZjDhK@%4IIMmN;*W%o!M~FVX!<t>&EZm8hJDxL$)Ee$o7b3
zG-J|~V(@cP3MrNn@l<pUk<lk7qhy>g9QcGVxSTe33C?5WY}p&lpx)wX|3{6x_G!0O
zPV)qVO>zg$vq?dM8t0L)%SD=Ug0$l~GejCVc}9On)d=g}OM-)F43tR+w7=J<Wf>=-
z4d?NdL^B+<tHp<sPK)P^CW3db&{80H)=@Ugo{n*hnzWwD9kbR^3^YQaE0!t&{090s
z44a&%gdHBCgrmo2Y<dVPX$_Ohsi<IO4@#Q-u^%cD6-A?Oc0U)T<rKXb&v@DCKT0jk
zw|jp+2BNRGZ)};9fDL9x78F$DucUDk&(g1wgKXG;%bot{iG1jP6z_z2JAt8b@-FTm
z)iS7bA6?wEQ?RU{!hF_g?ztFq3!ZIgzF0ZqH#^Yb<q*7DB#|@wCCii9-tCh4w~0|a
zq<%|jE|+hcKHxDdED@E9&2*JC6Ov=rp*VjP3nv(ci&v8J)J+~q|42Vv=%L)}0okRf
zBMt^R3supK1b?Zf3+7Y-#?g&WZ#+G&KR0mpGrxfgyeAt}hdp75Zty<{-O0t9vqgN=
znQ#Ob!8%N~YVvq!eruJ_u&rnM#&|E2&A7`@L~uYtmfb_ylwQ=1H-AF&^<+groppaD
zuOK!?COgR4E?|8cS!pG_8L15#JftLT*3h=0iSCb{+e4hC+dM0g-q#aaHySz7($FJp
z%1*YAzQEUNuSxOTCSq5dmpJJg+im_7nVK*c#NbD8bI9Uk6M^8Sp>jC0(xdPDzo5@D
z>Sy(gD0TTl6tt66LsF2h=&0VoRPleREJ`7D=`Ae<i`(%?yUY7D8{GK_j-xcf)fi^B
z+k_UK4&6ZaJkcsKEm<>{G;2tTY5Gd}80W}dpA^({X*TvqmIuP6oXq-qM}fT$8`u|t
zLfweh+W98eHD|nVe){QAhpC;ccvKjp2w#BYe2fz9)T<pu;=bRpxfU&;&{}_g5R^@_
zY7R_g8FDFKHo94jZZ6?iGq{kKE$SC}Rw!EY!dU~_;JL2w&11kR8C5B)Hn^^^Bdp8S
zCmjRA#*Uq{hqYLyp7+d#0-aOZeW%ale%5bY+kHI97rrsW!Gk}|V!W+h`7wv8PW_2E
z=v2et9oJHQLE$a<jk@)%)X0A_K1i!(Rz|<j4^F5u&637#($G_b##YxjQ6`7Aa|R^5
zTHdvJFjFc$mhRKSr|1*;up%V5e?EqmQ|`LN^`O(&EnmGXHO#sh`^@4X*zQC(X~9BD
zYzw+?(Fb?X@xP4sgMR{k5>vdW`Cs?>k_WygV87^3;nfYIQe#@<rO$uY4LWhKX#f#Y
z?=&POS@D)79mP`rerp!QvK}cRqfNQqlV^WL@s!C%D&mpS#(bam_fX0$UA1j+^AKUB
zvuz<uFf7cBBYeL#Z<|)MaaUhrww*O{EHcAX;`5E1q95rpmwJbL9xb33Eh$)iT7Qgv
zieUxx&l^qSJk8ua=6ru3;V17$tBC@`;|k=(Ice>UWWtMuI?bE|64@USd0iQ-o>MTh
zdoYVyVpWjPGsu(t4#lZ)kqF|`EuK~6fWtVoC$&^H1dc4YcF_Eoo|~QG%{@QWn5Bm4
z)<r0mf#1coiL4?1sA_%WNn9V+<3SkEh({ZwkJ|W5BcUOxNOga1azsj42D3--J6@2x
zFw`^uZJ(reM3O_fEJDZfc)4)i?sz48G14_N1}B9@km~7(o*v0OeD;P*%(wf4pxS10
zF6E5W@SJ-Gtl!0H2aZn9kJDb5?E#B;CbpyLIy>)jH$1e16D6EGZ4jK~LB9~Vrhy<q
zP1pS>5(mqQ62gBe+wbs0cR02~YU9m5?uk>$<Py5rDiZN29jjK(4~S}#96pBG^a+<Q
znPZnhex4I!U9o{3uSULN{fn{^RG7r^=pVbQ^*+vuY4tb|>&_vkioz3TRFqraL5-J!
z?)SKdpW&_N33sdCJTvuoqsq&pM?r2phCw(H5N>2(V48nI6l0JVi;gmiWN?v<JtC5{
zF66~HM--D-WHG8P66ETLf`g@Pf*&Em`?cJHi9;bTml!AsasfI&W~QkFZ%CDd9{;TG
z<$7u0#fsaWCwrB6o}Xu4e3ZSe<{CoN3w~(Y%O<swr$|6StMgoAPARPLw?{K__6$~6
zwD6MOhIxO&?$G=+AK~|JS}FD$w(uOCdN_U<@c47{vwI>Rz~h4dFy!!hwQ;RU2&V3R
z>EyOcD17LIE0<@aB_KH*pa>uMdov3Eif6K%EB$Gn0SXfig#7Dnvv3zkirMySRgha`
z7`#v-)1<oDrvvxfKssjmWj5$Mzy70aQA@v!gP4B}<NfmI2jb%mOUm*1{jl;YqY`-i
z$2j&M=t3E4eMCo|;GPqh4u%*W5Cy6v`c)y_*MiKw?V8076YJ)J_H?uAmjoL2wcn;+
zgU8$=#2;a<{C)4ouY8FYv3)~(>-iuQO0BT15zTjK^<pk)@{|>LuoGtK%m-^ew2T}a
z*HnL(Dzt6}P)j5zX@4Np)K*A|dwAX?H@w{k`fX(}_XSGgY>SP-w}o$C{J5P|W8-((
zmEf^3l~)v^`=DWd)8buX-r^S?;w8TPK?cRgTseY46?$4+H4fvIIX-wfwNLFhDE!#y
zCq>s=xQd!#St%ijP6;)q|Du2JGwCpLD%XEho+K}y?%TFu$Lh}#5oI}#b_DMA=6bKW
zz=JCk#A}lMvOtTkgL~fPk4ikscDbHyO}~pxpL+-D0{&nGWb=RA4TAhO_hdx;49OHu
zTL<h1os}P{&0llIR0HlGH*ZQwXNcs`P#&RrA4_W_91?hxF&$hVmp_So{(L$G(r$l&
zECqPwbu&WT)UK!MKc6G}jsh3Qx)Oxn9-1L|lm6G>jq~dhLIPKma5*p^`F|SKQvi?w
z04R_D`RAX1{`b^&{`u#hfByOBpZ}ZG7yt9mKmYvm&p-eC^Upv3{PWL0|EpWqfByOB
zpMU=O=bwN6F9D|D{m=iOvd#ZDe{X*(_>cekdsFPRH6sAP(DC2%{+&-lB{FbhN&j(k
z64mzX+sQg5ieO=nC5t1ulhjV#P?Xq_Kt0@N-DAO8Z9E=;$%J2#e$hSeV=7dk0m6ri
z{r4h){Prx6-0h}#XaEkpWs>##A4{^uNm<-{j7X9huAe;5vKji+`2{-D1R;MSzX_U)
z<qaR4x<^K){Uf)H+E!Fy@>_hIzfC931DWTu2wh+=8&2k;zI+HBY-2dM#qFA8H+h9M
zO%R53)lUEUnK6zmG^_PfqO3C3_F;O0XB};HslIyTVTr&Gy(_W}{hVUKKRe#`lJV>9
zTz0M=?zV1Yu3kZF%-Q!Lq>_JU#7C^tCHmQq@2}Sk?$YyE6-Q{HjAu}hU68IVW{=!j
ziWFI)%q_K~U2b}uR?rM;^+yWK(V-aUMlzOHBLZAT70}EIJWpc3@tRzO$xo0~p*He{
zjm8LI8@?qb22aH-&FeWa@OTy17W#DIHs@|8L89VjUe1#vQvuqn(b#{*38L%rL7vxA
z`r<%+h&h{xQ8B}Pjm4Q@fZKgJFMV4q=RzC%*X!^$PT>6+uWX8tooIs6@oc>tGG6~n
ze4z>Xm(YuNM&2heeSCSTBbhl!#1*!1pD8f#EWMm!A@FF~m`Pq3V;g;ODm+8dGXQk9
zc$7~yGGx@6<QGUfo9};V<HW{P$U-wq5k8#?<uGcY=_X4VgnrfmZzN`)he13L>ZY}a
z(%%x@3H=Hj;y4Z#6}oaIi;%hKNE}hSdStwlc)c#>vJ_%AKpKT~4YI<_8F{(R*THS9
zYA1KV+z&EzaWWJ7FXrhv=Z&;5`K!`fc!kT;(TFQ}n7CJl&pv<K+Yk=sL%(*wdy)y_
zNullOMBEN+#s;jvP6Qco#p5*~rBLd&_y>#(z^skPtfx_)#6PGeb%@=e%2wsA=+h$$
z?VY0VqTjP%uHZG%G`h3y{a1cpsV_4)Fuz2n;nC#EA?Csm`cW-2BPUmcHWok+sZ0v<
zp8Y2o#c3Hza=d?-8wTsEjy@RYuaUu$z1{8FN|;D=FdS5A^cGrd!fxkvh{dI6G{PLe
zxG%tSXd8&OAS;CAT^F3crPLDEE&B!-u_ZZ0zuNkBu-krm?c{kbJ@Q4c;+q=^I(0u)
z1&LW<Cz#b^03)-&<u<wRjj-LBKCdp!mjez|=_Cp9uJ(To_ow#xJt7&Y$uquIK6uU*
zMpOt}_+dVR+_CeWN^Sx_3haPM3r};Iln{*|FnzP1x1xU*x{8rMJ$yj<+=)V8$+C5y
zn|rzdb!VgVAD{2;#2qwE7W(P56Cgx(=DvoBiB~pucJ@IwcEtH93J6@+(P&vKRAYgK
zci-2~<=THnwec<t>CP$jdtQg}hm(0tWq0GkzVt(|8KEa8928r~6wxchIp5Q2+s#f?
z=bk?>TU@lN_QXpee5g?FnJrxSNZOCkas0Ppo89S5p9QP_KgA`GOppwq7y6+a!M>3W
z&U25gb$zJyyO$T<w)}3!fie#9>L+)Zi<=hUB4&TNoIr5j^VzF(V(G&Az*BDr7rY+d
zW?1o<StFR&GD)7wx+1Uq%nCY-27L|**|}f<af)V9k1^nJULSgU!1kv63Y~1ODk%Td
z-W*vp{mEbbJmgX(e6w_xH-S=vh!z2fEl8bla?qON8ayAR=Jp-l#Pe+XY;#B4l1W6t
z(2{>l1u-qCzpcl^K#UjynfypoMx@E=FCEAZ9-EK0Ga5b}RD@wWkr}`sScoJBAiyg~
z=A>F9I~^&;eh72?xy<0tf5+d3i1VeYBS`5$2AUvHfVYI`#o9Q3ki-QRHK=?vu(k$c
zvJ22?8Amer&b9q^%6N`6w=#wsbNpMqoHKuxBoLJVC<GiZ;1Ee~Jl5IqH7(+w4EfuK
zb}#)`%$tLJG}c73bxIN3X0JSc88_w*0*L{=3iv3sIQ(-re0(?+mXYYM_hkC!#LrU2
z(n26F#To^L5i!eah%`OM!ch;|Ha7dy)c}W9$Kd?{)=N>m)=&lFkk!`$cZ^KP;}Cx)
zsG|_hBybf}02q`R*w+>erGiDewNFI~{@I4fuD*zuo%)fsMEZ{?&yNa;ht$pwZ;s9{
zo%k8LeDi5qz5pH%ohl6FQnfm!nTlY2sNx_fVMvHIkUox*;5xV#?w-V;xRVu-iuid%
zV|iNXHD@9OQQNUdr%O9>RZvYcQZaw+BCXORX9-lOs!UlcZV<X4R*MwRO9E~Py#=Qg
zGQRzzLL4=))$hlmM39{cnr#s@M_*J;eq?-l#pQR&iFHP<JV1F8Hk2f90sk?}DBo9Z
ztsV~SR@O&`_z~6Sv%Ebvw`I73X|9Ba0KZ=#|7CDh$W;Itic%0FS+JB_{n&rYt+}zt
z-ix15iWZyqc=iIePt(mRd-fyIa(9Pr*U{CZ<CC5ibN7$0Z#A~?Ww`~D&>Bb-)djyH
z*b(7TVM<KE_6Fc_M8dYXz;XKNNMuq&cxZfNdXWeBR7O-dNtH3!(5W%h18!z?9VUe<
zxjy1_z3wr}1bp#~9nZte<#&I-<mvgMaDg%Q!$*O+HpIy8Mc+LYzXq4%>`9z_m&Og>
zwI*^G5kbBSqTHsqcHGX_d?o%a`)w&_V*80WWA{AALDbAJW`u|~k_1_np#+)}iNa9~
z5k~}U|Fm8+c=i~=oo4v>k*Hw?6zqX$8Fn>%+&S>uP*Aw%absfrW8Q!9%8(eG35+Lb
z9~yvD)3oso<a-C0ti)=Bl4}5`>JRp!sG}Cj(=nOA2$#HhjsO034!0fF^=$dse$KIJ
z(Ut3z_;yXdyMYm%l^tG$um}(^k#pvi!LuPT5%dBB)PrpU>G}`0=_?==vuE-oPv@VM
zl-zB@tAzbksfeF=vwDAS%NIHm!Rg+|&sPwuA=u2x<AT&#&}`s%R3aDfjwgcgac(6{
zlix(mwV1JJXZcMJb5~Dq_^aX%h!s4R`zZ1pinK_sLOoF*(H2$Vz#!wmztHAGL!Gi+
zV=4a59P6o29?kC(aiP4N@i{=r`Mr6)g_*#@WP9;lH3eD*PJ(~LfrU^7J9Q?H3{QaX
z0g7XGn;;NaE8uIbITT37KmR(vT6y5M=C*B4)1MLJ2|*JpG5|&79HdPX{G%`cKxe}j
zZF@CRi*g)z2pnwH56I2weH>rCy+(QN_M|W&DEax>ll(SkipMSjHv;351P!mDk}tv`
zTri$-3bscFkNtm9VJimq)<tw7?ceq%f6j20yo{*;epeMf3<t3QAR@Uf8o4c6%%zr7
z)Y+ln!Fu^3xOJU4H|X@bEHafjobSk0LrhSx0a@7(4v!j~E(*mJ{ILGvck_X}EntrK
zZR<&@S7mo;Fwxiev&!$gU*GRh(pwckFF;$2a(hJs%rSqe6WlLk1@GV_7E${lzY*oF
z$0_Df@LHKB{U*qz*scAF)Q*6p77TL;nyi0FTRwAvwe~RY?>$YVzk|*A7=Pqo;w0vw
zeINhQe2soqVRkNby6`4g1h)hHe)xDf;^xir=A+j7LOk#+r?u@Y1AHXS(EmJX0grvi
zp+V%!fSiAc2)JsLT8WnZN~?L~-&k)_$F&Z>1A~JUVj7=COtwg@IFC*t4b5$-aE&3{
zua;?5edXAKZ`ysv6+%Fksbdcmx$Kf5IGu1QLNf@hP>LuKNLl+`E2kb(6N4=5(-BVH
zr?1J2AGyS-N&GDu3)nP*8l4sNg^(B4srE6vclUpvs!aa7+7KhTBj32yl}Wfv&}}Y*
zr4ZsmIl?QzaBMDr$OXv%Eh+Q<WHrNwv8J+ek}nMej2Fz5I24emZ*x$&`z`e{a6Awe
z$8)yS7){-<SN61P0H*+XmVm+?6(*jGLOn>t9)52LrP+fN2}k-cy!%;VwNJ-ljQQC#
zI$eLHavK)-i==*Lovb<Wtp)V--R<vlO#7b7@(LPHT?CN|TtFolY8Utg0yWBh2Gm`+
z{yOuepNEb44zf3H>&(qq)u#do5+O<ZVG<?v8qxIHYmC&v)Pj6Tu7o`MCD@AvssULD
z22BM<%!I^|y!NC=^=c>{Y;UxC2BYARJ$rwA_ZSu#2zMQW3}50s&+f5IC=Ff*W3~5<
zTh`7>mO6-Z2BIBN2*zCWwg3R!1*%ssR>tUqk0g5+Qls8y_?rsLmu`y!uSHH~2)^zn
zOdlV8SW|Cz7R3LiaF8f*C_w21^DZE&fyxNJ3RXo8<tV$xVE2THBfk|>PMW$@tN(w4
z#z=4~-~~Q22LadeD1hs{L8E<D#tYL3bs@4EP6h)O2R0dki3$U#-H_<@O{~63fEbDY
zj`htZPk7HwAT0#JPbJmF3M6sA2eu5cL~Jkn{cB>&Lx@I!KaHCT3|TR_PsLKdMv#a(
ze5LYwsp_jqe+TQb8TyePwV!OpuTXy&P?2P`oPFrYD;7i@!hH|7JaA)VNQeZ25Sp^U
z1o8_&r8aawID8GUO|X^vBG-q-WIfZKH9BL7m+^a$`rRi?D)K4Dk$;a1>9$Wn?k$Qu
zV{S<+_Hi(ANOeDe%?wckzkra1O2*W6z~sIaY;VLMR<_91)=*xs7IRw)e&&DcPTbe2
zuYc>i%<~3GfheQ}X$^*(F91vetY61@&;%2a1Ujo1%zQnkdSu5CY;Wj4hj$sNzs%*8
z-ULBG#lY)v=bHW5)9mk<kL`0E?Vxu`TKzrXMFR211YC6n0A?;CUr`rSDT2uHXi|pd
z*uL@22_A>~P){)|QAyRuSq^_k)Vze#n_;^%$-S2&4nbiHnh(;o08+DVBowwlg$az1
z1#Jb->e9+w@nO=+N(deYf7y=AWtEmuqSTpXV&Kv>^Tn*c<F;07{2}iNYt^5)WS#_9
zC8WNe2DShX0FHxjfY)(rf+=D0LUlg0{(E%kQ#cO6t(M9)4Ri}7E*F2^JtSW|crIT4
zxAW<KOgg30_=bIl5%o(7eh7t+3%Y)jz%qb)mQBKBfu7@P`WzTa?dda`6qrNCf%#j8
z{fh}*x<0W|7KMV|vu@kgDd;%%^ngR9=C|NJ2H(rz5dj(GGKAi~gHa@a3IG*?E94Em
z1H*(cD%h~y#Ph;e)AfH~Fp%AZAk&^RS&iv=4n(C)syuU8D7nSog~n1>#eN0)CQtnF
zSe8s+@i^X(lSFz9{e*}Z41oVd1-Lt9;^BdBg4H6i`_aqK+Vo(Z3HmGy%AGQ(j;12&
zb=wvPYn7R8lE{X^_P!)%GGQ=$YW4PgUjB@vP3(ydUl#W#mLY$t3DNI-S!AXGz-p7D
z16&YS=@5mX4h2?ls8C3JABL??{sbxkKUMmbtm+Od<Zi>#G3l_VtP`N($mtU|sO5>@
zW#>QdGRA)lvb?f2K$jp~0)gY&v1O3(o1sE|VLHu~p2!izzZpygpl%<<`Q;|RC%)NF
z#`K+)5!Jz*OB{ddDM@J(eya(w$awL((dgG1%de5Y5*Mb~nD4WxcB}su-evl!Pnrvf
z8$=ZOhWG>?_sq!rF4B%n0-g*-KEn_7juHwAj?PIML=i!-&k%lZ-&OB>YcBJAums~*
z1Tq;^%jh!rpi$OZTU~BSj!?`d6USio%Ea!VWH#M$sRe)gqd++Ytr3j!9g_j4gU&)S
z0V+^%K!8fXSz-eQNt+7%-Bi$cfeZe5FBon5>@9WjR3&r5RE=OseC20Z>%%8F)+#9+
zl)y-<oaS#|K3t|+S+><=AJ<?)BJW*er8)mghkg4kveQk{vK9r!!QNMs2gfKxXYj9Z
zzlKc+;{<;`Tl1~ufq?EHRRF38?gj#mQA7>Iy<meqm<ul+GwJ&W(aBNZw~rC+Z(M=E
z<b3di#z_p>z+8Jw{k!xQx+xp`X_0z@vjzwZ#t-L^vn~6Z`1ZYV=3x}0U{03VkX5M6
zF2d}268Qq{{#x-?Xd#H?Aja9FPjuXPc)Ett^3i{aFm!QEkw=D1s+KaeMpRD|9kRi5
zuA7^yy-80SwtFRqiT4<ELFk%BB=W_2KgwmckK)9SnC?Ru*KPV$u;}zaNe+j}${j~_
zccVht8$Fl8uTtfx1&cw3ZaD|`Qz48Z8U6L*iwJD}p&PE};1!>>^`EICqBxfFrkJQA
zP~CrGn5je{DD+VQ#K<HVNjP2>jce6PJi%y(0EO6_y%rC`<nh?@p!*9K$ozm9`>ZNf
zUj{oxtuM_hD4*kD9CpWo_1UHeKZIzT1}6wR(#8ZmWfZScIE3P;++8T2V9_Bk95Oed
zCb^;@0^zHWJ4kKdb_Z-sf@`I#K9+6-1Dk&#+TH|{gA@VKQHYuS-W6;WxGbzgSTX2x
z0u4zyI&z-?$s;hdXQ58)rG`$Kbs;6b#?gcEa*jH~nefnz%$2S$LeD#zRi@C0^^<7b
zYR-(sZ67UV?!79F&EL11WL~P#a_>!sU&i>+SN$6(4^F5C(^7X>N*PYS@+opbD-wSq
zpPlzM4&?c}rPN>i$iNV|OV|C<sgGAHI6;t2mXK|OtSW+Ch2)If9V~@Ul|54ts-<EC
zScYH(pp3w{w(=aq7Vv==RKP&a%)%b08zbm@NMedeKSCo0f2opk8-Y#%{=z{=;S5Kw
zK>z!)5s)n<pm_2>82hH^N}uS<8>fHcq+_FF+c&(iZKs1y$2L2*ZQDu5wr$&XGX0zR
zzsx*MJ=Zz4&-v<Gd+$}XRtZxl8?XqgWL9LH)H^nbkD@iM(o7t(RF1H-N1Aefo`Xbr
z$ET`;HoRqzkX-oN7AK6mW>NJMc)FS)?LSdazxwnC8)a_hV>y>?-t6Gpqql!ZD3qAB
zI7-x3pBE@VK3Y=(ykjo|k`y*6CXa&~CTAWce}A+6+Iv&Z8$eIAQLreZs0=OiQ~Ac>
zPc_?ZAcL>b@9&TU9p`R9Tu1Et*z;SE8?Y9vg*Z#`15>G<8Z#%*67~R~!$Ctp3@!!^
zW%?biuFx|}(ednONDh_y7!`ly?K>xc7~J*&2=`1+14S8V2TA3mTnMKArNiHnqht%1
zIVL0=g$wKM--gQRl}1wZi)UD|jikDqD{-;lSSoFP?T>FAbl_*m)Jh%`chIVg8_~*D
zR)$F3=qO;&%G=Z`>X@F|pY%@Pzc*_w(tJY>xBJC$=px+&so;A?!!dui2+_LfDn8KL
zntNCdaZ!y#ouuycA|<6a?|7B@+xQ|Q<)LY{2fZ(m+s?ar*%e7AOdV3llD&p_x92GR
zp!9V+*nlO3MgpOL(5Sw3Om+i`RVcx?La-516FZzl0?M@p7Zw2P=Wk6<JoVKG_}l0S
z=S!nqe?XoK;PVlO6s&(jN}8cE0EcR~dimA>XW6YeJUY?Hi<Pjwk)(usjfsyk6ayKh
zXh#knX=@rEW>LW(Qa&At<bJ@?GEqlED4T|1#7K2nvG|lZ+wL?Dd}$TF08K!$zjV8Z
zYru5RtBO__-7bA{px=YWYkaM&4)tST6fB$i_!V0p&Dmh*5x>&+#`U&;*{8)}ljQy;
z$76PRD|x4;9A0dd|EF{Tg;vP#bz#E3m4OsPLnty>j6e%sLJ30K?+gYCn>emqymCW}
zX=AmB-c&^eu<;iHZg>HF)Lc}siEx5Sy}YD*K|mctw5fB6F30K?*S681Od-PA`f6HA
ztSysNZiWRrQB4QZl2a9bRcrp*6dR_4NsUXHQ9+YAF8h%cMoxLF!(1(k```#E<0*K{
zekP08egrA|@-^8@8u|KKo2;++3wcTUp3}#wcVg4)JFPq)mEF6&@o2IIe@CC342APg
ztfmbyG-PYU1=^kkUAg`MW?u+IQ2-QJgdi~~mG+cMhZYSwdK1TgMf0UQTm&3c2$eP`
zui>u|aYr`N5MOtpAAtM2wjA*?IGw1!;2H3O;zLa2`SxkVtAQZt;3*o<>h1%7qE$pV
zugR%(Ptm)b_@73HC6}F7E!;O%V?N7>pub-?kvi42Z`K<Je*%IVHQWP^2l2=w32Rs#
zB-@_=KkI@DkP4B1^GX0L5HbMToU?S06Tvi{ZTI3VRY{&N>{K*ONKP57c3W}R0l(ov
z^QC`xQk)H%ssb1@N{IWlA3RmJ$2>O`9~V@kAcBT1<_v5l`UH(mb+;3X&QE*&Va3El
zO1lNhWv8>^i_ww2ZfN}+iKDG{d{^qjCUtogyktG{jsZr0_KL2J1`6w_r}M$fR1vLs
za}z(F8u)^5MR1Ek>eGOWoP6Z2?G1`|8~(87ORX}#E*ZGtyDf$s?P$9ecVt0SNGM1)
z6cil=zgS{8x>LwH8mb<6(r+bx!ZUhu3nzO#hUaaaONYe^E6Ahw1YH)E%Guy*ZhoX^
z0uTJ{2}eVJf8m2wUP#@;^)2#x@PxnpZm>mRt;gGiHYa8kB9MWeg<llpRQQ|IH>0TT
zujU8s%?4h_O#|nfBbalm9agG6#*2#qF4PnOAjL59G$4`crl3Mq>8|k=Qc&^B>w{}%
zhILmlysmn{Svby|&G3qzU&{u6)d?70jeeIS`r}4_ElFQlYxnwl^Py9Bq?0QvJtAKu
zn7Q7ABn>JPat>C83GxJ-fGy$}@Q%^|OEb?4dktq5RrYBKhJpTXAH6T+v4ow50O0(6
zA;AX|Lcpy2MX4nscyer+=%z1G+__h$N;p_X<wC1>Y4x<OVh1;~8!tqNAQxK)zwvH2
z-?bfo6&8%t(FZTAH99<cfOz!LrlwM!2h*A6;7eq{sZ&A)#oG*tdQ0wwSYz-X$kDc?
z8tk{LFC*Y`;2<M*cPz=9J0$^tfDrKrc)<#&bpOz9JSzTuaz}>-)^3~oZ@h${rQFU(
ze5E()RF7>lKeG0a*v9N<twGWyV!H`(tBf~)76F}?`Xa?n4q!v{arcBmHgp>CcY|4C
z_*X%qM6h9$TtP1|hJZRzaUvfP{xUeeFV-K#|0oC$=1b)&#2mt|5l;pkg2v>hQG(6_
z(_y934z}>>Tc^G2`DRf$@nM@$AOJ;Ihe&$%^@RA|bE|ZIKcQUZbJ8|37)#W^+6Xa!
zLhoX9gsHFwStMv_0M7)W@{hg!NXl@`kyQUAK|RA|Ky;a6AvAUF<&Ktk`uZCQl2*_&
zH{o8mGnWYF{%i3AFmP5i*Yjl%MSVfevhKR85%|^DjnkyKKN|gRr#DK(@Zf0Mb;a;S
zf0O*_>ON+ehj$t12+jsJhakfQz{!b!1A~}GSVy5}wZ%Bae-?E54)(sd!KeU*8eJ=7
z(mhCw>gw0-Z~dq0H(@h~%7B|Kh{NVH8*ShViEET2qT+oy-HqDkxu9~RR$t(;*sJzk
zeeNYRb-&3Y<`F^4KLwWEDTeeomj&==+rbt`3%#Vgif{l7E~f+<PP+*xS~kOfi^nXQ
zpE(8AhsFW@tiXc>m*PTO#_}4-hWw$sy|gkId+_z9H3(cHzNrdoK5j++STp%+XJ$VI
zk&^0`BTP<k@dt-SH-^L<smhl|yxj8M-Bv|V6*hssEn7Vhp9~}A`0nap*H7qMzHYV7
zneu(cU)QTH_KA)!gqC5B=!*A${WVu={gi@<bGhcG*RINnu8PO*zTtB|1%F9}QZfpd
zlU$Q+hmx=vj{$P7V0C1@>Pue$jbIRoIDi=y(iOfBZV~1=lEjV5P)|;W`8&)f^!3&X
z3A4r&m$|;=`Tn@}qiomhRUsJTpTUl=^OOCmW^b>7+@U&oA8=iMWY}ka;IWv2KYECu
z3~{;`DkNlr;IpUbSPnQ;MsP*oB|xpMMWNf%OM;te$nkMO|0piti{GG_X{VQKyVQk~
z>us6V@#Oo2FP3y3XNJV(=dO*jjAxPOZvC_-7(yP-Gg28iZoqOkz<-niolVfd5e#1#
ziY5ex2DuN7N5r!^2LXzI&fzYjQr6R}?s54I!Wr#5Lj=U{X1u@lkBPG<oDh04jqDD5
zoiD0ex)0+6r^l=@4?^VFq@93BKiGbM=8)PDY$pE@0C8Cku@>>B?#F89dQXjLFovm_
zpyndh#XbF&gvZq$7;hwr&Y+Of6c*?8O~CnIGoI}MwO^m1L)`Cw13rx{E&J~$AX}&s
z0C}G8paEToPy`qmu|F&<0Nhn{tX$kiQAjN}Agqk{2hsFGfc}e@_3n;5^tmX74mQk;
zZ4JB==iB?NRkyRj6W=Y_`1;e_<veLch3~5YECLEUalS4}K#CwF`0@`e(#>2#Teu+c
zU<@$RrJdrd*JAH~J=QCP<x-gzCZzEJW7ZZ+vE-<6C@YwolPTBM8`@7pRrcy<<zho7
zz(Wr)Rd@OnQD2Cazv2sA#FQeGopvW;{dM3*G)>x<?8e<6pYJvCskVmru5}wq2-=Q+
z=fKuLuj^)6Mz4cJRSea=2c}fg({R|n;6_a`-8rX%;oSj$FzY{G*q)w+K#6O@S{|Pk
zjt87?V7#f{um**gz0Boq5r1SYW7T9X^E1BbZ^|&fgeT8j0y5Tao&2F=WGPSpVCbsd
zv@JQf7v3M>Hk4bx;s)Emo!kFm&~Sob!t`uqG~f+owBp;NwDB%pJMPtjxrNgSVlp^O
zo(T|w04O4V=YxkSQ(<JQsswRmUw&m*t(Aj2^ROa?mk@C?D7v_1iNVt|T<r{|=lNcU
zrg``%me1EV`61bthz-$&Swb2?fI;ShJLTVk6$<A*3q>WDPPLxAZGQjPOfEWq!{R?<
zPnK!ISH0~fePZ3t!p4temTQ#9_qm*bqXEeCezoa;KZFAn!N8EYrln?jcUYk2o)eFE
zVg7>cbw~7()<Gc4$NacMqg6t`V{v=Z>2{u7en_M3<o-e>K%XWO-s$EJL~9o!7n4Px
zdWL)OU6M`AOYLhj5#+nM^tCe_G(>Ic0y4&4#<D@56?;0nlNhw2e)pPpg9t#FkhX<O
zBU8zL!3+_sChUSd^_RK{>hpN}q3ZU-KqtjcL$v+=9$ZX&9xC*Y6N8V@zsOi!PGD70
ztDFz4CRn2X6D*jb0RSv$`}D|L`Wh4@e*~-oo<T*x|LdIX!^npykaWVAT`?ISVc9x|
zCrUPZrrqDrj|cfw(J6;TI0tN7h$hG094g^|^2XQBXwZlx@-b3rEcb9m1I$Ia+xh#`
zsGkkNbHyR~K9mxV0wN@$LA*N%9Gp)<rKAXN-kIPVHs#M^#vCU@&Aj(rLkqZm;zr#4
zV&u`P4ZCjVy}1`ME@V*XA%;qr0u-Fl$}1Vv090aLVc*+xL3+!MN;elXuNRo<FZu6(
zXUGyXDAaMVN)?2Q``3=$&c;e!t831KHNJJ=Fbe)D-TpTr*rH%Cr|A0MltvtG5-EAX
z_WIB7q0Ak;IUAo*YW<;<AXM&JdU|{>#4P71i8~|||9uwP5MsX+$XN7tXe&45mfi)d
zEM>f3|7X>a(bzt;Hr*eXq{N{;NNXm4#n%5iG=4ytgc9|uR6(r-Mu7>588rk3>ODkx
z{u}U20E@|bTu$GY;t?~{t1Q-US(umwz3#lq_hPUK8Dlj~AQ!~V<Ii6L?z;@=x9O$U
za_?U=RC>gM7>rywfzL_Wq-BS&ixJJAAs%>vN%d*`wrtIo#ZQqKJS$YV4OQcR3kIpu
z10xrk*Z=Zt-+7f-{9oJ%ayHi*llLA8E^5E_r+y=w-|oA}^Ult{H4!GWRU`>O-{io+
zD#1D2K$*hZ1m-95a~(D4|Kap@{XM}?<<yb<H^{Xg_lGRA1<>XXWhbdY+YCQv#trV%
zFl`B+0RY*u2Zqo#y#btdBvtEwNCWd<Xq30B=Bpa3#aRLB4<ULa(i+0lEOEz+wvTu1
zCnzh*G<=?5vE&BFZS;2EB0*mv{%s6=^BvnFFFphO)XdlI8QJQuQS((FdSxdG#2=WE
z^y#K-B_<Mmo7Nn_H+iSmDmH_*8Z$y&818%|TR0kkuP<&ttrpZ|{$@^pz``Eb-tc*U
zu=Un!nn3E0zOUiS4Ov<K0!%arOt#RR1wa?vfZO<Wt4%|A*Y%amN;=#!(mC&^a_+@S
zeHzv_pMlVvAXwIy?C~Z--r%@Vw+0-Rvs4;q`!3T<>Q!9B>zvGddX)>*DRTiPT@F%(
zAg)k;6p~!PeXN6cm$q7eR!69a{tdDpat(ozc6b5?7Zkfh&MF{OkvRm*mQa5LV{6ml
z53}t4smJo9#nuy&^wX_wo%=3rf2B7+%vD$BA)xCKyPtgi%$$yxuqObOtx19&8Vp(*
z#m(eoX={8mzS`g_-CM30`3oE9fpC0F3QCe=utX2I%LywJqUuh6AqLCN$1p#^a(a1Y
zF;1hRi@Jy@t$z3DZIz$r^2sgY?65=5%;&7Ldm&`-epQutkXmuEjatE>lFR!=6wu<U
zg=nPkOA!~=j|%Nc@d`y11)|7bBgf(I$O+NsPi~*<U&~%k#ZFJU+4r?R!j>@dQfEoh
z2}e~DSLX`(A|l;?ci>_!^cnGy@i-vOK6qiIztE(9P{>*;603R*G0a7wRvXtra(B^R
z^2TvLA&%03Q>VKyh&Nai*gBRcqX!&K?DQk&-nZw(DHN)NH|Imj(8=1zwqgukCRsln
z(q4j6MsUm*gcx&wU5NyT$55mngbR{|uYO~ao$oiGHxK)N@r#OI6hJx;hlXR$g`Fk6
zqTxfnGNYd6h*YaA66YLErJEOr@t$aERZgau5xc6oJ_;>^6#7Jm%E=HjpHw32WPUZq
zZf$a^i>&YoxC!2JRRelhN77{v(Z&Q|`XNJR2%lURIb|@*p<@oiqd?hrLx|*r$2OKF
z7kjsIQV*nmYAPcrl(MszJ>pzlu`0I9TQZL~<f`q)BNiN>Ce0**h8c3ia#sY6;Zae<
z8kG&S{XjC1gZ};ICNaZ#P0<=KY6@f_P)5@g@O@6pTwtmlQP~y7YYq|w8GtY>_(?{k
za)E=3`}&^;!hfiZGdJ|pJUa8pl!K+ZLu*Hgm=526XK1zl-u1MrAgM+JT!W^%V60Tz
z#`bi(YXm!|Pu`C?sT88#vm~)DSLi4COIqFXBg>o9-1ofWOAL~3OcbPJ9)*59mben5
zfMgMVqFEsf`bUb9qsQQiQum*kSBlag2Z>7~2MI&9%)ozHVxc2?GMM|=jvst7+kJ@Z
zu7A>h0fB_|wSL-V?<xq812mV)UwHlkRzLL5f2CzCtn<qp2x4GBU3F8d5US2KD?5Zo
z*yYs->Yb~6NUQt0pzW8R2qcDZ4l18;ir!T+GQ)d(XJv-k?Quc<v(4I_yDD6OgvkVL
zWk4s914du-&4?ugvA{392L@Kl&2d7hvMt<y+v~#1+W4AQD~Skd5~3Rb7=n+*F{3n_
zJieAJ!OtUX7pINpimt|=94WN4|3om(D6yQVpQtOlc6fO)^C9V?vx$_W+)7_(`og&B
z5g~1qoW>=^q2U%oOW?o;Rf;1JqoR<o(4@glZ@f2#3({*L%^aAP)&H7OP5vvOr&5`J
z4VATvJ9OOtjUKLqkIL77tpKUvHr)Q?7|u9@iZ13iu6*v5effX~bf$xTBAv~9<Nad5
z)2i+rv8*U56Glj$l1KqKSPd+yIT|e5_8c*i)cY-Y*<3PX($V5)+tte#L`L1c8#8I+
z!<@t^m2@~bK#tSpuugdP1Oz|eO4Rdz5cr!A`F;M{^U-d}>(OS(=EVD#<1sXw6aZ>Y
zs6T&IY(4<C1WKQT2ap{gX3pJB&!EKTa>E(6v%lp(GE{n(N5SJbh2yikp-b>nIZx16
zy@W4Ky~TAG+nDe>=7=21K;%H)n9C#Z?p}Z<iiiLsT+ok@^vo9`F(<kPaur^GFdVor
zQ;f}L_n2)uFt6@L8x7Nbyz6z;z=Fj#)dNAZ4R+)=EPXT^>T8D?1kX#(%vIyl;c~CU
z5-aA@vspvb?yJ%ReGCXerSFlhX}wdO0*ct(uW!{~H`D7jNypt0={=E#?|;gv2tl_0
z`v)!CSiH<*nWMjjn-q@}6TWDFuiO;6oF0U0`$RzHxiLMzugzmU55%KWR=-ou?%Tjv
zQG&ii4~mf(PHkaT5jF)2%@ucP9GJ8D961a!QZt{YYlmw_wSDUOoDDPeVCJEK)3SPs
z_;mV3IyxS+Q+&705KUx>BgSdT3Pm~4eCCBA)tK?&**fspW<Q63t~L*UH}7F@Za$A_
z3FIZvR=0$8B-S^iz|F7hiZccnD{+c8S2!YWI0yzr{Iq0qucti8ITnM8i~V31(>=4Y
z@H6sEhJPdhR^n3A?yo%}AKTzVZP3ONtlwFpx^8;h&6x{6Aw6pH*y?L%=6u_yzWUmt
zO`EmQh{OeB3E{^wq^mW5xYCL|(`HLzuoi|jX>l_3iyNRG%m;1b*>3l$(%r(!`?7QP
z`JP4_FMn)_6$ZzYBj^)S<v4BfX$-c8gSFY^cT?OzBS^*ubCn-8x#7xVu%4RP2`HYJ
zGB<<O{08e9B!@ieh{Aa)4{c?}c1ZJ^KyTg}Suv-=c2bXu!WxKw$8`ChqA>|5ephg)
z!*BP$J2vpGJ_r52;KixAV0M#v6S0LWBu(Va%=mZ~`wx#7nCkDHK*pAFCJ5DeZZ>7A
zQ4sg%&Vuj7<j*6y+}gR(d`&+N=WLEYEC%m5%OfT3(m;n|Hrk$(BJV$`>n>VK=`dC<
z?o92J=Xr=_Xt!a1G-*H_TYjd0d1w0j72x?RTOrs(lpRxc@^yzGoWUcJGL{Uz{rLLc
zhSL)r!oik;>@)(?QkBt>7NE62CDDmvL;uVdr2S3@!A-y%0?V|yL6LJdd<(-r&E9~W
zrG!P&36%(vcs=~{h6&*ucxZB9X3dx1!H{Lr*uL|C_1_VHI6h{N!3Dl*f(Tw2y8fu?
z7LP53K`}}yFxM?~YBW4UpcCyMKI7V$!B2;@fwNt|-aO6567j7r+!|$xr)3;P^4W8#
z-!BdUzGr?o!60+?_I*~LsL>wc;1P&$7Uo!(bM*7Bi*`(YosN#)DhS}VyTLy<z@l*)
zYg$Z=&qJqwFbBk}iD!B$lTK65wBH^4SL1)meLJ_>?o?yG9l%JFoW+e(6Mr0(|4Zvx
z`Q|p1_P-en@H2+a5fzY$x%i!C%m$Qpc8m^{p~`m7-t^n<s6p_1F|%034foIM^cKIq
zG@UiZca}{5GV`gj&#6}Br&xXwL_k=KGseB?{OP-Yv)}Ld1;#td_>P!(`2LOaty`-5
zp*Lbo*vg7=R-0Ge;nlz6<&)2#n0e(T9=PJbz3px|_>)9(GygcVyPz1tnN)v_QS>D~
z)AuY0Cpie6v#XbP&09%rD)ZZNsN+}p)X4eo4&O5nIzxoC<4r5sIk2S{Nw)4e6r-v>
z<$1h+7zc|*hrh_<k_V@TwfzSi)*$)cT5qYm7a*hQ&=1lyGo4)<uR9D$v?1vgZffAu
z9b;N@`#vc1ot*K-2lbOi;i?CQ`~UOV+W+_BvyR{YTzu{U0|PL@LgaM#SQwWO!UF!U
z!L&KHMD;iU&J#s9vZ~)dHcpyLuQ})(&{o`k8l0Mnlk{o&bCclbzww7~Fq7b?m7{}p
zQ;HNQ^+oT!P=%0yfRX*FO8hB<QD4Qh@Om*a!tCq{cz4h?(bJdz+I=Cj(UQjQmF0EO
za<QiWO~#H)I_otaer2{gD~X}w`QBQ|&F^C6E#|c9TO<sw20j^Zo3a>NU*~;hc6~g5
zz*o~+6m&6C{<1KeRCIJiq`2a;j`y&yOi?G*dpnEPQHtY_Ga?vpIt@!#z5bIeDjVsY
zoHK9#ME{wy>ApNa99j1xBv)DfO`-GZ*~HK~>TsMbsfepP-4K?8W!#`~G&MY2R)EVE
z+BUy1!5Id6Wmi3*Ts_H#+k4i}#j!bml2ROru)ysAqlK<7)L?QaV;9n-aX_kV!YT>r
zu)G}kye~2+X@GeWvy0EwP8SctMjHngCzYE|a?zSZQKp+oP?#7!XqygYHsOUXf9+zU
z6`2!L3sW0^4*`MgQ}U0v4SRFDzYPZ%3YbV(FMu6_*fn~eyByZfR!gh875MIdvhJP3
z<M?zlBff5Nb;;gRWUgsthrqgGk-3hI`&s;x$$f$%FAORGhzUMBG|m(ea{!`ulVgOO
z)pLKhs^?w~{t9aoz4frm@H8u%`{*a{IRD<-(){G!(SrQ-eP(rMc`+%j;MPR_7h96L
zdJjUq;66SO5*_Y)8Y~!zk|t+=J`MMusk+#UNWYD4H1U(F#AD2m_B@+T80Wvb4EEoI
z0#9dWujGE*c=%Rd3rMhIYvZ?h9$xQri#)vA&=pYwr4_+cNFaN0p(&L329NfC?t>@2
z?Ya?pT9wnTz1F1imheLt>qo}z`<YN<Jqwz7!lWHZRR0QaYg!Hd`bHmrZk#|*^V6qz
z!Lohz#DD~)opDhHQZd+Qz}VORJ9Ik?0ujQUkW04)kyOjx@U?QD)BzdkU+wycfJzSd
zwkJhS5w)b1gZq4pY@e?Gsdhd|&tqnQ@^Y*Bsy19xZd05|LD#0%O%Br47X<|s@UHb6
ztZ#V9^5|ICRS06cVQsU2C{OYLgY>o-zyKLlQDr|c>80|^sjj?wTQqyhs+{5r5_?H7
z*0#b@+5;N5%Vt5#m|a#8LG;^C4U3j_1Ug@bXSyLKgnx|QBbV6pG#?zCA1}}E#H9Wa
zV~7kH;(M?_ffW^@n4Z#2lxkvYF+wqWnLXvas&0!|SnuF~?_qU+6Gil4kfT-luBMD{
zk!F|&dcy#q_EW*2kxjAKf`j{`dJ00`(veHEiZ$B^^kuwJks|jCf{vTixCKgchX~{~
zw7MrIZPm{8=pqNj-)v<=7m<dtn$S6+39UrP-n2Uig$3LFXh^0|M|&VpAfU!Q#sTms
z2sU8M65($RxjwLeMwUPW!Q&zw6Jh6V^j+)V$^9Q@PQ3bybY3h=N@cXP{~)50Ck{2w
z&rB%6{t5L>ET^$l`;qr_K)Ah{cJz!=vyI9MD~42{Sq2&Apm?pbcv0ur3uc6xrmj1J
zvwZL!(|ZY|xEcH_AZY+|2!*KQbW}GoHukL|&9LyKAK?~%|68s^PmS9xqM90X>ySUj
z(Ot~bHxoA`!MxGjM2g_2EI}vRn8zJS=gFz&U-9Z+gR{4{CPY>AGpmNuLrHPgM_`JT
z%(HTHkv<34UI+>p<JIX(0YhPTxfy>DA%wZVg+J|^((pvA1i3K~t%1CZ{4ej(BTLEF
z4cCVC>woWmx9Nz3z7JiP{mV6ob$GcI`MpjJeta555F;Ap_Tdrt75zdDK$OE)66E{D
zt+mL1RSV2q!I>Nbzsd4435Q=!RJUK6nZYu<R;vnTn+u_jBG`P0;zT?fZt|cD0`wRQ
zD$vUWPQ}hffJVXMJp7@?M}1%>m0-cLk2JC{D9$;5)SnObe|TTn9j{K?4IHd<gaYg9
z6+MiIs*wM8fl-$EYt{qDj~g9yA~J%4{zDKn!b|~lPyr}>#2T<r1IDbw{3KIhOFuuH
zI^*kDIs<aW0v>bAx#r&PkRuR2^j59is*3YIVg5^X+nssq9w5g!K$ioJiJ(fa^jjAk
zIHXd4+u*w4PU<edICSf2Y;f}E-jIoQwI*+45!x|vxL)ae^&)GKgeMp#y}Y|@XmC`u
z<}AvT9e^_%%<kFk@Ave4t0Un7It^ME$)=MHZ^C<hrUT6;G&GL7IXDd8qqqIdw6$-%
zt&WFx5V+_=^!slU0OZ|Y1=ROqXX@ATN^q)w@YxX7Qmp!LfiWJ@DT#+;!yX-^BqBbA
zYXfx=i@SWC`ts$s_2G;r?zb`H<RkjX*{-wcHZIX^0?*?PlM=7CULlJ}Uu%xXwb8g1
zy*F#O@6S8ySC5LG>oU!47lMT>?ek}9X`AAJ+A^YYl{pd3)qB#hJv+yi#DjQ;*fy<y
zz2~ypb$Kv;ZxEa7_Wt*{o?NdEJuGC=pXNk1DC5Rz=p|6Me3Z?Ap1t}C!4AgR>ZOxu
z-QRIw400udsAI5Oyq=;}I-1-bSGgi)Tke<p0_|h;NbmR4=kHi2kDUe^lP-Q7OG>x3
z)t>R`+814)@tN#SE@ekA1aWK~4-%JuQ{BPLtkRGo0Xr%u8pKNEXe7h{6B6PwSHar4
zq?pnM#SY7blb4WBE6Eo{-3Re*grSm6$DuYp%cl>*``YrnKt9=T*hs?xLa=}{YV`(9
z`K(7+;83zi@S_Di<J`$Z3>Qh5u?j{8nX^<ulo&oMHs~B5=RmEw9mDK$bEHdume6qh
zEqsX1(@neM6NkMMjI9+qZtC-z&l>4P;I)$9=rJc(?ui5<b5b{dJ$eVC754tdtIkN3
z2HYUfzU(_OzyNmO*BDWg6%Py&6982vF^8qO;<iub;S8QezY1Fbf+Y&I<AJ03s|_OB
zt#^!Jf)9;Ptw|eRjH=mSmQQ?tH0g|f+ruK(b3-nD;Sf$QkgJq<GPlg!2NbB0xXfMl
zE3n(nrIj}^^qX~a`|y0{ht8(u+_4kRsdH*K!`jcC@X%{&p-;r)Ykdje^G3G4^61yi
z)%q`&q>o93@{gF7B|I|0Q*=iEBuNV2S_bL~atdr{QiZf}sdzUqW~Od`QI0CCK;pA0
zZUC!jL3hSa`i1PqK!;-0$%&Y3@WC&|%)2O;jMpBYx5KfcD1qzl70(S{&1{rW4m^ZA
zZs6HoICXQ1uSn92mS)k?nNVDgVqn>>PGA^u*}z^&^!I7KQH!T`EZ!?8^(2OLlc%7g
zn=!iLMq|o7FA=qJ)jT?XGRsD6%VwOZJNUu4V=~oyi0&7B@|Wu;pAp&IT7i#Dm?f>s
zE^9XRD@F^7R9H+<MWqlixFGCLSpRPZ(BMtp#8?V~QYbx4!l|Bw)3S#VsJF8XN`F}Z
zLQuimrkTsFR+`U;O6Qx6*uAaYd|xmPXXK1sAk0>n29J|Iwfud51{lV+3TM!7-xUJ`
zFbIFxpMqJH&0B1Rb5>~KLRoW{OPdi?k_t}4gIh4Pf1740?KQH#2X|XMwQ{yy+EHR+
z^4@ztI-J5V9>P>&R_T#hBcMe`Fg5(*TpM(W;SyiJh@oSw?U=K;P<m03y~pT&q9(t3
zyPRraPW&9XT7O7?uznipqn&`!N{cNeRSblo`d%JE%ZJx1CAGH=MH&czLb}FdmVDtM
z85a9RVU+>B=DKr;E4*?`Ks-64)LM6NzoEBJ&|Ub>sQj35bQwXj@b+{XIYb}QwlqF#
zZ|pW9p(tZJnupWj{o5{r0z+qoN7wC&&P}dTX{X)hgIE23{Wf_XIyh|pyQ)sA^8q`E
zUf6K8XAscrx(!j1?S)$}j+xqZE$pms&#dnFw_zR?grp2ZYF-Ez$@6ewjBv3&qOg@9
znWdbWZRTl8&Tr~^oVam#JLebGeulSoG^p^2<<qeD<0_l0sr@#2^;A?BgDwiz+yb*N
zoH!j#dSzXIj6~vv2a<k`E@8y1sS_L=FBC^q0dmxY4g@IZry@_EOs1yJ6P3Fu3s>j$
z+9H9krqv#rD9W7j+7#T+dy{H>T`uHXw`o#ZtJSHTgLbDKQ>YZG{8L#e8Bu}57!|53
zS`Y?@f^Zx0Lo%gxpIHB^f9N`|-!6i7oI-Rr#4-PWVt3q@gvtBe`*HmaSg<C>&B6_O
zx*c0~SvbI#R6azdu>&7)s*1*BhlSQClw$cOqEo{poBJM9Es!9;f)>Ze_x2NsJ`gw?
zaOJ<2-ZnbdJWPLEyfjojJ#$f%#6i%2`w|4zFo-Z!u&LV7sWsMtjB7?5|7?Q|9qvF@
zh>kgbGnj^*DrV22P-Q<A=E`=5V$v5Jt&iFlT$z`4qP0Y%OGGAjs{Gy9BoL|m9Bz7w
z&XBKH{`r@h{s{IhDtHi3B-P0kJ#Q&dxLPc%Q;K=fFgqmqBKF8_(Hwlglq$`*lb-$V
z%6vd!7bs$T`s!OI0#aZ#S|Dv5l;@9pE{NBE)L>nU?Ncc#;_`Nj9rNJFL@BdFnDnEn
zGZY3>MJbH&E$u@@WN!E;w;JKzii%nq<IP5cyIvryB@jPXi1>`BdUxk^+Q>ASK_C;;
zH4$`uip1|dHd3867LAb!0SajlqfOdHiAfJdt&nSul_`l!)*9&s#H4uid@zoE$K8s5
zC+6V8uRoT<^HV{^)xebEYOti1SjX)k#?6hh2g2C%6xUu)mDaOy%Q1R}%IR=2;X;3Q
z=n#3XQVG8K*eSVuJO6SOxZNKlQTY!^<}s$+n#B+ngYSvSHyxcXA*6Ax8#zd$j|gEg
zKbQkV`VcNwL(`W*W1w+4`FMu$dd4Y#Y;%rQ+d|1|z2e0o9Y}DcCVdqJEDYK_iB|TX
zd3c!=C&fE0%7ih+0!htY7i;S%JXcd+25S(aTdue7yT-{L{B&W*iBAMo@}03<<gjua
z2;wLxyflboqToW1bdYpou;iWcDij%|z6l~Su&xlQK~%!Ku#rX*XrdT7GAs6ft}FMN
zBB`@@zX@T>QY3DewQ93C$#2oOzpwk^dd-AiE{@!7jmMpmnFYv>FF~6RVbm?sv`*z}
z4ei2OAjD)i0%UiA!W`_;BGW&5Dp5ft-x02XG0uONwcK^>xVxUmTSKG_JF!tv^MDJ(
zishUo$VhP!5i#T#t8SD3yrgD-wqkaDv65la%Kq(w+KpSBA6SE$NFKH#7_}lu6pTZr
zga(^94^P`jtMb<1eQF<+{f@t+J~Nly@-@D&7>rEEY15o$3L3lkmO^z?6vzzVNSA@F
zGn4@*PDuEM(>}!W+p{=a4Q+SkcmG>-ev=E)!*}@t7GP8a0?7i+WUJACY`vaT=U*xJ
z2a;8FeURBH?8`o?dp)a0d8A8K%4(ivWX?fC2<m7OIdsCqp~q}{N(zQFS{2&Mw&%5c
zCoo`i@`&H2CcOwbS!?fUR_Z}de3d}=_;Gm1rMt;axKgZ%3z@_q5jU=10$rKgj;M<8
zJD3~m0FS1jgeV8cffww5Guwd2)Vpc2{fL=>EWLfdoiM1dYjD0?m8OwKsWcXZ%710S
zk?x3vWw(K3Y&R}y?7M){V&#^q#$=fYi5g^yp<Yd97g0i*u5Epz;hP_!`I%Z=YEX&!
z<oGJ*w%P_9ewg`O>U{67PfnU7$VwOJ*z0rO4T*!-upk|k#Hz4=@+*|eUn#<jfNcfK
zL|Qq8yE&!`ILhd|=D+NjzOWJhh+vg)mh*McF@_@3)+ulpA#a%E%^tY&icTbY_jMM)
zxK)Gs%@$(G-p|cM2B<4tfPe&m(Kg%Ag^uJOPm}CWck{Ml;<_HzKca!UK$V{!cbeX#
zD#g-scy9Q6`LG**%|tkaAWPM{pcm4f0xi%UwyJoYae`}27{E2ZIm75c^lIWdS3V1C
zq?LzrD3Rz3HouYPLF=~{X_OHQ@xZYuPNo`s*I%jmvpV`H96am-rE=D_GrN`zLwXe&
z$%yX*DngCsPfF#vzi7ebr0c0+VZmbq42Vr#9FQnu!1l&}#+<`m+D5wCcYf=rn^wE6
zd~V(E)c4KR7dHpQazh=V_}W9b8RODSKpU7s{;}`whE!w<XlM*`Zkw0q&Ab`nPpTE?
z%h1|#gyk#|E*=||_wMcO^2%J9@=jW0^j7>K#>WRP2?cA4CR`IK3Z1*YjcKo1mKa!`
z;jyH0{RM}Aztc4%$>=@uS)%n3U%38tDO241t7)w;GLG`wBIOSZf92f|%55<*lG5#T
z+Q7tvJW~tw{4$U`Wxi^JlT$j5CTE|q2}#V+nMg1m(ZROIrtDK*xP=uSwN@Qe^i^RX
zUp^Xm-z2kM^<2q9DI!uGT12T@da4|rB8gHkkGNZZv^qHMkVK)Dr!E=@?>C|%73GQj
z9?^IDj+0?9-IOCb_$ipIA3is$&9=G?*I`)JUtUi7To&Ft924Wlv1BD^0QxnXR4a{@
zF$4|@R%F3cmNJcEWh-igjn~EVm+&rww|t@?B(@e36Y&d}(U~KMsoCbPzMW{#lo$C-
zX&&}}AS5KTh0_$FZrFnXp+)$O=T9n`<tjA>E`g~p*k?>}i~CY}f&{8pcmmv)v%bp7
zs#ZNIbqpfP=UG>^cVXHbsRlEmnP=yIFbgSQeF()jC2S$)1QQQL2Vp=R-*lEmoaXTo
zH*jj$otg(YIlt63cyQ%<_G+tGTGKIO@U~5V+%`B^I`FO1GBJqFj6_<~y!ji+wu&ST
z21<`ViJZ_V2mFAgmrf&`U4-bbgdXE2W{d!gB39IbXnBw0cRt>`^TKWc@ZmlEcbck7
z2Dh2|d`fGgul>yAB*OMb225Q}eFlFk4h_w<!4%7c8;Kfw4^R##r@WJq|K8_I_VP`C
zu#ZAR7M>QgZ2~H%^k}2YGpso9S_r9QFSCK6GsN5g@EgGZQwkz!i45=eYG5zETBQpT
z<z;9$Ew$;_{nS%cL}bUkM6t_QsdI7^k0%<|A-q?`dUL+MG`?|Jzww&nqm?*-oh;K@
zxK)u*6c$MQ07)QotuURXU&!Aa*esZTWNMPhL8383n%wn7@V-y-hsk*!?;Ic3D4izz
zV+UCiACI<4iBvW3lZI4*Vo{72BR7U7q04waH@(x@3GU#ou2vqNWFlutM5{chL9L4&
zcZd;uvM_<~5sL9>_0;dmYc2eWwd*;$ypp3xYBQLfN_*iDqsBh$K_gZ0z$C+e%mf}j
zLf{=W<2nyZiQATxGw8g8Uj&S+Y%*OIsq4v0=Vf(iw)2^I<d{mOOanGhwsM)OYY7NO
zQo5A#__=_E-~6QS{N6+KX=v)Ye~`?`xltxLV_6Tx96BSS4U^gfnOg|jp(>RtY;Z;i
z3U$ts**p;2LlQq_@nO#_1AumaCfoyiix}}BEb1?PqRtJmSp@Ag@#G})eeQhN{Id0r
zjQU;|hL-K{t=895J6W1H87Hm~6)MV4AYNZksCAZOZiadI;@SG^QltT7zlTIU(4xo<
znC<H0clYA5a2_6e+6Cb!8yC!f7NmoB;r)i^^FbuKnaoHRivw94D0>xuVbHV^D7f-x
z><D6eey5E<xNYLISRj&L{yjN;+)=zZmtdiQvrEp;(=L=&?}?|%^8;@f6En2ghB251
z0x~{Q5(m<sO0j(4-R5IZzS?_QWD3Z~TdbQLqfVni-V?ST9{WQ`>P`~f=AA{CS(PU)
z6qU^m0BO^3r1tH=Hz8PmFw4~SD8%_UnRFx_>+K><r8FbS{a?^&pc=eIvt2puJP(0b
zeuyEeb*&2{a?9RteTeskt@gtQyIE{((r4YxwW|4EQRuz0zqFiq>?RtSNRahmf^@<v
z*0t{6M@Sb4e~xXw6?M12yrWQvXN;=)>n@h4Bm?%kV))*<84uHcEbl9;`Cp>TAFiS%
z#;wO3<ZYu=FnR>hyWGx<l+PZpkycuKhF9tHs1ElzJ7Q<V1>(|`np!`vCT;5SAhci@
zced-Zbk`}xB71;{p0Ee$6CBXre>V^Rlal(thf@4BebPwjJ8}$(IB-p}Fp{tsG$+(u
z9U>@5P7O-js$ETgb+cNL)zjT?u3g^M$q(+s)5I)%!mCzB7IK|+qN~}Ll^bGzH@>zu
zH3di9bY4EyAG{D*`72UU1L&FR>DLT@^4@R4o28~Q%Y={oSsX+EdDy?w4OGSt_)$-<
z$>+awav5EwcaU|;<8;`MXS(HIxPSWI)^(YBdBXiVRaxeL@%5w^_edIPJy_Eiv52OI
zh<JBCByf0GBu9iyckQ*z_<pfvQJKh+c%uY^@RePZbsb#I&wTr_p--V6S^2!1|I;jc
z+S)~knj}XkLaG#{NWs25pj*&wn6P%v?`J^0z%>{&(VO`vtE`qZ9UT{))T?9y!2@*J
z0%M@iucUN;U2h`tlig~I1PB?g_wVa39$izjmmBjG>T%C=i4U6{H<`F$0-jJVzgK0{
zaLYP@*PHT7r}p%s(!V}C#oJXjMJOey3M*t0MuqahM`ve&wi$UeB~oNhyHIVqIygo6
zN@Xu@!>nZ|dkJq(v2^rGjBtM{Fs?XfEN?P~1Rk${%XSv`eB0cxHD0UqU)<#SKhOEU
zp39R>U%ua3NA)UE6WkUFky}E1yTP3OMFpjqJgPP6HRbWCJe+*BHFb{2S?9Qhl;nJw
z!|#-G`dmTBKd53}Xp-6&n^S9_F^~H5x!vJ}_l)ij!{3lYi*(pr5<f4ADUFpdDQY#~
z(Mp7WjyJc<=O<CkSI1Q%SD__a4{n_G;QOHLxn7r_wW7hRc8CPAYX|xZpN0P|p?tB$
z@sg3>?2)-BMb|Va@?KGsskFBt%|sa<JIJ$Ryek0z@iLc#4S|>hFVV?@4YwdXyn&`q
zg5DIQPZZs;ziU;J)!DEya(QTIbh_CA^Q`xOm?W<2c3J=DPxYGf`Ll1rn@~uAg?xLR
z%U@NFef>xuxv`PTxUg5&uNxv9pOf$x<g}QxWi#MdEV5V3%b87q$2&GUMxz+SUdK12
zzs>J&VNAwS6;_iDB)+tpxnJk3I3DkNnm7BDtez{TR8Y{6aA#kr!V*+5O5%xe;2za~
zFTb2Sb`$NHBw=7meJE8QT83^OusYC5w0s0e(Mvd|^-L=)d+z+=S}cgOQINw=Oj#nx
zHTh|R6YC(2>7_l8W2PpFFPvCQjpAicHzEpFf~%zF-}xpgq{lS={3Z{MqSa;kI%kg;
zfO;oDCR2X8;2rKVt8RVv-_HvTW#q4a-Ei})q@qe*t&?PEc!Y`4aH?QZOj?+R7p18q
zQ?`1|+%o*Y)1UI`{()z^pZyu+<>Q1H?y^oTjqyQ`mhI1i>F602S(S)9pbfjLIvQ8E
zHgF+MKF;EPGEm{(1E1n~=}=OwAp`{pr?vku2w2{J!J{#K)aG<Ji+(Sm8xfg*pjhI+
za$A3#H&eQ@8F`b+Y0`TtUT1R!maBxss;Z$a+3Vv5m;^-JU&J%X{&n}K;Y1IDl_C#N
zrl<ESt=VAUnm)-{l}3|0nfq2*W+LGS?_oQ$$m)7pc+>&sN{`Gct@k#_IlHy>74y8x
zyLEG?&XLwtQ<pATX}-fsSah_1Vgv;T_g)EliO-GeT8_O~Te(H{VFVkyS~~2!k-c<(
ziLSY_`TAp7E6c+sGrJTl%SJO<q0yVvEf(jsClq5W86p%Ci-Z7|iuJ@d94qe?SBmTt
zXm6e6_glLZ83Ec&gYKs))z<aUbh9-<dG?3Zp-pR~=MvIoyCZL~{FY3A$3pKx+JV_L
z{Ja$L%8{^Qf2q{B%I8lykmj&4Oz07YTTmstNtfBJ@MduakO2mfM6dW_Iu;==ym2Pk
z4B;33KJTwR3h~anYUaWBCJ1ECA6++XT~9Ik?<-Ef<l8(w-@S@mc)S=iBv&q92_1O$
zf8P+w!90XPsZ6h|l!<D8kF8vJ5H%v6J$wKD!rL6y6}WS7jK(kG;9!tKAb`gr)ippX
zHCKVfD8KIDQJK@MP}Km1=$`%zXkZs?Z0VlI>gt~l21d|J{b6hoymv|rLn2@Fr<7Jr
z{E?qu@uELfyxNv+BR9e1u@l5bE>E+`*#GpyfauX<w~@LwA+bk)qw8GlPdgPAd9t>o
zOm#|j-?Q4UqK+RcsD<4!@&RNSqby3nKQ*Vp|1=u?kmZ_-y<*1FzaFviyucH9?1u1&
z_^)0p8=rj<@7k8fF`o`e%4BOLsnsj2%qj_g1<2mg&Dpd3txF&*ylAT3Id-|v=TYi&
zEz!;!bGqsJTYXo5_a$dn>gqL<g%9m;zJ^}Q{Ms*YQ6rd0I6daTO9dh7f*ZnhvDXZ?
zLJlUug-fP~)G4NiAjavd_Vww-N{zw;+j_ouBM`&F5#Nr(veVbaxe}rn1x1XPzO0hD
z28;sG7rKxg3Del4<2k~$GcQg!PXS0B9Lrankt!s~*40aYM=zL^UopUAUlbKMQC46|
z-)Au@(J_)LN9}l$s$DgOiIpY5+?lu6-G@3ttM`$1O*|<6IpvW3*U5HUw)`(nJQ>-(
zv~*riJx?g@G(Kz~M39n@9C@M7L#$%c=bS(s0+M}i64v_1o<Prz%Ln{KVtEaaO{f|$
z0*yh#qf`Zd`Lkq`P{oivCol*&vCsdr!ExyH%+_9B*-|86KNzX@YvYQ9*E0pf8c*?`
zeT(a;9{96v7Er+|^7kk?WvZ(u8A%}ShFyeYZALi;JLgtWC*c+bk&Lj01*4EsPgBAJ
zf%^a#M%xpHd!W|X{KQ0|cekCc&8g5_1;YzO((508D;5x0zI5AvfwgIIcd4pXo{z+*
z6I)bj)cP@!s9s=(gwUymMNXTBD3jf%lr9=t6t3h47Y6jfP_hxiBq8xj6nJu&U#$52
zw4dmDJi~XtdMl~cLzHmxxh9NFhUYfJ7%q5^$4JDgq)`q{?xEGXh5^HMnwAXt_;vzI
zf`b5mZHgXBmT_uRdu8((wWt3Eee|)Q&vH8~9-|7S0l_n{&&uY^7q4Z{Zx$7$yv8h>
zRGGV?@5gLVd3-Cn3}?uVfvkbUZHxUYX3C0w_r+5mc#E*+L?zwO#_;ng43=0ZpZB+=
zn;dN=GZR;Th*||+_O?Z|Tfg^)u50JqCBe3Tp>^q73|({L!{8lsyorZ?7HhjvVSk!R
zfgVZV4}7Cfv8+-W_}Lj|wa?|~+mB_x=8nD~&Z^ivvkfxLz_}9Csr=pVjCF`iVn|e`
z%>k!Z#Wo9;xMzzJM*8gO*ziSjMSPxtlk*87%DNKbw{?=`<X~sleZrEIJ!^~Vm3e!A
z{%uPFd#M=@uS@ke$=-fCi3tS-$epRcs$y`pGUJN+CnnCe#8(49`X7ydZcOS!F{{mb
zZ)x{Mv+jPgl+fI`b7{0rnT|ASV&R{!<KL#vCU_T`gON4jmJg|2A4@avbs82t@R@In
zNE)2{RV@#>SX!!*UwUBo38*t!*P0D~wX1t`8Dohprj{H&Dcg3hh-+*4?k9RcsUwls
z>BLHDDP1*r@2B1o_Ij)VE3H8cC8KhdtI8#6;Adr>)UWZUNq_WNRh{)cgw`U{BZ^8>
zA#Aw6JV9ETA;AGAym@o-rrI<0<jf|=!z4`0r%PgUU~YALLecl878rl9euLM4)ic}K
zk#Pcvp2$4Un{CJ(Z0u0;YUFy`sqJ=jNsE(iWf-5<PGo_&LWCF8sPO#QlGsS>m449e
zmzZ~>z=edwF-1JKuZ4sU66&BcH<vA+F({~xP81R0I|v&~`iVs3K7%+Ez0ogebb{Et
zC21vfv#(g$ymS{)yXfnR+%`{tB3ZZ^T2?ool&FA99178eS;1c6`gzA?Sf2!=16O|P
zXdY2{4FeHQp(OM6G`QrO!Z$QNS+jc+ZQNJ=fom-9C6!?vuFANRCR$dH-MR}WMzHvC
zE<d-@9G##2oS@v*p1z`O1LAxO3;`ycgd$_pQZuSE^+VWr(XPzwW!y!7HQQSKl?JO=
zL3+UCJB!nO?-SS<Tfc{;&omPLU7r^LcTGz+MmN~^7^1$fa1Waz843nskhZO)E5RVI
z6rGz*Gc-8pCXW7l{l2^2_+4OhHI&f~P4gdVdLiO1RUounPS||Lt1f08tkTrDU*M(%
zK$u*Lp3@HZQf$#NVhj6!CVh91JC$e{p;x7(p~?I>KU#Tu<&24l+=(x*H4(r^x+aeY
znSIk$wes#e<KAQ3lH6LPNAa?es0KwFv1-W6kQbjTQa<Uw-6pfz4&u=95E#6D!W2LU
zq(S76vZxDs*~X-vRUaK!B2Pc1Sa9g_f#M*3V`ERGa4YQL!EmyF{>_stWDmND>@B=$
zrfU@DB0F|#?<F~N<G*np6gpyA)*M!^Mxd|6miT9WEAa7-Zq)UxFV^qnF9ckVJCHJD
zB(fgI%liVhc&;+$7_HepJxkIT{`@7Nm=sXwQ*62d3~E$lGa5FM-drjL@7jk8msJd7
zVd1#l=cl}vW^V_7j$>bb6zUh%`*cC3VC+yul4jJ2#C2+E<p9}+-H6_a;~71{0EZ;#
z)7>n%t1ZwgLw7VZrY5cUz$cx>&V6zvTh<HM!zQ%6h{dsh6--MJ2>iAay+4fH!)3Hm
z8pov!1{=Gmoi)Z}nLUbe^GmTR7^>BV3grDFaxJY}TNt~4H}6^1w86-UPC>pFno2I_
z788PbIKMeGxp_v7t6DN<ItLlKxIeadZ0m%gEA>Q>i^)$M#KZG^a^`X^NC=4f#u-O}
z!J@`8RB*)&1{Dzf(o9earZ^(%dLyB$dEe2;z3;Y6Ec&$&z$+pfseP45H{|h2Cf|m|
zvAxfYcMF|=TTx}Z04fUX+U=SUG^0;x{=JwfpFobU%PZRf_0IiaC+bWxWfhWv<I-}H
zY_*82bQUHx!$VXu7-+*R@+KLt&=>x<k)uN@OiZe}s;Qq`u2+X4lraZQYXe-%k8vU}
z3l}-{5n8dzv<|PnV3qAhczcSIzp}fW_82R5+fH$RVdTV)HwSF88)Yk-9?Sgla<WVd
zKD_F%SX4=*^^|Z_baoEwi8L5F8e^VKIxIPkyS6>$=A*p#^M$nz?#34Vn|jV-HRPFo
z{ZO_W<lP+HHch@&C?Y)tnVytn`45SOJG3<I<g%0N#?M@}?>sVkZ)Ups%*0-Y{P+~n
z?*&bNOc!!Tdrt|y!Z;)$0pPIzlzQyU=?C<z%86aQQPd+74$_SqV`6~{tyT%RW3^%C
zPFmg=oGm1)P8!I&$_e5sq|=Vjj?Q5I#0AE>i=1*3I=nbznFBwPl?Hh6xinFGeVxuJ
z#JevV^8{6qAm}YC!7$f!{U@iiglXZk9~4G^pN=7Fk{T+0{4Y+<aZ4C3R?=<Twr$(C
zZQHhO+qP}ncE4@g^PMwu1#<(n@~lesuKbDHn){X|dB(#;=EqcPNv$8vW8R99l!o-F
zciV}0eB&#*Uk+sYtCxjfrRZp96hf0Cf~Qr$l=?rzY5^&1twG8urr|Z@xsPUkQ-fiD
zF}L5jyNGl-Y}hKH#^2CpBpy6I*e>M(uZ}me_X%<U*t2{?4Q6jz{BCnn=(3_#E0pc)
z^ntD>uo&3USC!KACiC+uCkjbw;aL@yRHFv9<fW-rYIW{;_ex&l<1PJbv{iklB<(F)
zDu6jj>v+ss8GWTGW6B@mRAe003O@pW7du5qei(V7lroC$74`a}w%?J*z8l@{^V>aI
zPi1RVNHpY<P(o8eRMpr?NICyed>#|W#8@~CEL5KJqd8rgj{IbN-k=M!5@6a(YBCIt
zGn%a1g+wyS(x9o617+g~cJ-r|t}2sb`adEspB!BN7iE=zCSMvgFmg%}Sz%{?AiF;%
zpTlehCLn5@EJ_=_?ujYm{3Bg&@XSi5tYQF3K(@bN1^b{i2*4i*TB=R>qG_dxbQM%s
z6kn}HDWtIe<U@_-xN*Dw7H)r+%X0gCzE?UqKxun-D!2efYy4G&MNLu2$8@{KlxS(g
zr+7w{-kQNCBInS3WHr>62h@r_Ke-V!fA{MItuU8Sj~#5V<8-~+0;Mb?yEIn*hpUyf
zI?{W-uBgb0-hS@KNO_KrHGO9H<5`z&Xa%g0j5UMHN{Op%^W4G9>N+Q-nm^&cFxV3n
zjN})ncOb&_86<1{Z=ssXj+=7-s3v7|KXv}9erZ>nJ}2NEKjNBQfZ^bU^#HTke?my(
z*<qffc;~0*XpWAQMI6LPJ~hkxW5g8JiXsw5)JjH{fU+f+64tTL&&@7V==eRq&6Tdg
zUwmVuXXhNEG`$0n%zFK1u1+AjB~?<IDuI!dNHr2EwmTH5;!uRBBnPCF`s@krs-~nP
zyHZqgBi!;E<}&mdxXz7)mw})ve<?(W8W)fQ?-dsdl+_&`_pXkELHB-bCY-K*(Z7wT
z24Wb`(<-CGSKJvrciwJY9s8U3AB=3j8+FO?v56<p8rTsrObd5(jjyHj1-`nCulW9%
zG;!CBC)<u&?1cG&*C&HZik2*fog~!MY`1|x;Rd&7KtIc4@Q$`0r@pR!e~}mIMox;|
zujx`V+Dg`yz(K9tUlnFfo*B=xoM~hFZj1E*WoGS;ROJb!YSc{DYA{-DMluN4Bo<N_
zRypL9MvH=L(D2%!_fmCDp&(stX)cbDNUgI#aDh)Sp)Q_~Bl%6!^5Kb(GiHxpP>r<g
zsJTulsvA4+2WgJi&iO@+f6k~T^-OcY@QwU-l0nrFMOYXKg|9yLAH?vSb)NB5qqt56
zC3gK0HL%k^2-~G`Be3j0^|?&-v+KR}!!r5d2`UVXAY<^uZ`TEk(697^vFrk~gQ@1j
zAzB7b2mJW!Z&-CZUq1W}%K+Z+auG1HpO1hnrKH_+Y2+{*IsRi9e{{1>B5wcVE_gN1
z*X;pAIY#MJrJ7*oPikfhU+Z-wk=|&RX_*Ns;X`hbDpQcgsiLFUUdAL|PQqq2uly3r
zs5XMYt&Y;HemZVlt!;Yn+O%{vqsUN1hdXP%X~uP{;yyE2vXbS20tnvH<KdoGiUg&}
zvCCDL*W2TN<@~|6fA(I;SGs-d)Bi~A%rA#4Hoq|VUbAUT^9NLc8$8@|QT4IQn4$hv
z9rL^{h8?OnPJ4@G`ZF9pn$I;Ds!o3TNuZqITG(yPuWF-g<9|Wxe7#(K^t)f5WH6%a
z#&{($@h}W<wWD?n<POX;k&5rV)!FZZ(VwBTx|A<(%NDS$e^M7iT_vA{xF}lWDmJrS
zKNX=VZB&E}6$mxFipT&pOWVqv<C<4$%c5reZW3f->7cD?_JOMm1Wl9PIlpwjL{1h^
zFQC;xg_FYwJbPy>e1Wzw7A3HW&durns6K{rvi<(vCA-qT{M?nbK6~>V1fA}GGTChX
zZrk|1GQY3wfA^wDW$d+wWw)Qs@Mbi*`0L8m?e;R<d!r}XNL8Y_CFeM@J=NxuRp$v9
zH%vqSzBzM#xpsH_{eDr-aba)o8`*e-G=6Z-Xz$P9>i<IB^mLq9Q<LWd=y*#Z-Rt7N
z6P#sTwy5yvPoPMw15y9vAX9;wnpSEPDDj5#9cjoYe+X+<R3X0xB>jyP-S5#!d0JLC
ztexqr*XpF{Y0C+6ywCp;NjFGT)I_c>P)I{yZoV&|Kx$DF_MjqK+Bzj|{~pAi2d3Em
zdBcC~u=<=@J6POl>iqWq#jK|Dz~)-DegB(pST04V&QzW8qZKU=8;ejmVe}qw+SR7U
z`&fl9e^eILWK~cr)GU}W?8{^PJt1!#@9kS$M`?A}!+bT@mC;K6WvLAe{3Hbi?suy~
zQs~x?OAT`!!>D;+au#^Q;$gcap@4$b75K`ddnaX9BgLj6fgC*oBDWHH>=18xG<iK4
zz}f^`2@6jvT{q$-D*DO({ajb5MVs2{AOop+e_IL4n*c;YrL=8O@sn0GTgbF)_yF~_
z>A802X!*k0`=isK@C!5lo@=e?y}mff#hkK9RPDcSUfF?crAe=V#k!Q0CiUk?h-<UB
z`z8a|g>A8e6=DP*6XeTJ1*#V$kHGN0b-uuoZr>DNwNlh(q%%#EvR0Ig?*hBqSNjA4
zf0tvma1XAnS{y+V!_!EJVoW7dlCW(df|X7a(ri#%2e=U?t3+LsLY_coENx|(N2I@0
z0FtC&ZG_mQO`1_p^k7+_f85CB^|rX%rq>gpkwR6=cz3}al1PR1x9MGBzPSL|ZqfN|
zE7tjLGxqsn==rnFvQ_^^o_~++C&D~0fA4mP5wUJ^%P#64<PsmUa%5a7AbEEwYE{B?
zKfwQsbTWiPg8lWxiNS~Ky&d;Qi4g@QO)O1<RshJA^Xh8k|2I$xc4MajNu0?_IBgiv
zvpaYx0+A#oz*30l1oKF5f=c5@4=R*$`|PNx)n85;=|a;`hBTk7@u$ZYV*rude=S-8
zxe*b@i277Xd;n3Hat;x!p3J2u;K@||-pV_f-jwvG&z041`GA}E{2=_y@0IxWORMu1
z2e{@}l%JRjKG~4siGDGnrD~!Xe!EC4qx0ed)^3ydtYsl<ggQlJw9ZNX!1bG2AH}!$
zdEhM1snUv$>9<0R$@9lkk_)Cle;aR^271+%i;h#XK8C}QTCfYNv3zGuHS~`+J71hI
z7J{+uj3~hx)fAIzK;-AoCCdm7zcefN6hua@I)zkH#j&hdxe5_gQjn1!KW#@~aKc7}
z%hdM04g_?sd#Ren8Nv=-BTIUs_2_6_-g%T&yyIsussHadrPM#~;97eOf71fiX`a=-
z)cbCi<+D^3TeDqSRico)HIZ<w=iuWAR1svf?bV4XwZsndSHVIXZAx9lPhWCyRZ2Zx
zhn5!9HL-{7^53RKySglfb1HB-QcE{sGn*uV$|*34pN}~gPl(DtX*7@;byDEp6dd`K
zL_fxqIGWKx;hcyU+r1c=f9YnB`O=2M%0xA($I;QlN{;WQoQNYy<lOfKXhY7cn=hpP
z=S>HvH#`eM!{?$H@}4_}VtMU@pFbG=k7zV(zV@hPvrk4}(l*WFoV>#ca6TEOE8;7&
z6wx@9iBhcyX2%z1iSY1Hg*+a@nPiw2k(*^dhx(Sb)bILu4vK;)e=ZrGD@=<wuM5j#
z-4@t!UXi5MA_~2Ofl81YI|-Vp5FDHP03zI~*3ZPaYYHWvk01gupm_?KkbfCjMZE-6
z$H<Lk)c7iqY3o*^6=uq4E-SjN$7D|<;_zuNP8ZuwTo)%CC!!Q_N`8=PgttI#<!ykE
znxmKIvriNK`9|}Ne?k7g$swcum}lR)$3&kqSg31vlUcQZaXydBE$HSI-(O3_p6$~E
z7ulGd&qkHoFW^l5<zQB<lfv^|MP((c^!1<%P>q+|_4`e!gzCXMG_8bIX>@NIgf|x5
zKO4Qn!{wX~RRZ1EQZ@Chx1qEsn%%<gc6ec7B@W|8jgfEMe{3-+f<O}#ceMbejhbYX
zZODylo95GelG#)}^t}L${1PRzWX<h9+<bpyVW6C>ZEd#0Cb%piz+h?!H@L%0GL}w{
z#LzyU!S`?WwoV7o)RppYimcKtY%4LMfUY!_`pKZ{Cq9Pjxf1`%s=g0|?_yc$ydNcO
z*rC1KM+j4`e+gtcKTGKisi-TaqM9fem3;IRR+Yx`9!bvK6sCh@3K^=FFX~;p=N%4I
z0^QhKQl^|u8w-zQCy|!(G7Hz%>8CQNWGP}{IrX9+4WSn{8v2z0UckofJAOyf49LMO
zY<4J8-Jh|v#mA#js6U5BbGa{YI0Sa4srVp)V|X7Te~CUp2<a>Lzee>K8qvNB$t1gR
zy403EWs_;$V;M6nZmm?VN1PBQ&OJ>_FiqSoBQ?>l)mpI}CzF6APhoXk0!!8y$Z%Gq
zz(I?i^SV#n5Zke8ea?cBEX%XgO>RWP+U(OEwM#3Dg43W#BdTaJCc5NZ{}+VD2z?O$
zuefWwf3#R!@ulk;xK(N8=FyNzK!a?kiTGw}tNkWH_T!BKk_o=k&D_+R5+ojQDq*WR
zVT~dV&v@@80<ZzGfsKd#LaV%#xH#c-aM{utXNWL#3BJj3fMW&ARqRtMCwa(ps$rFi
zCCXRh77)%jvo#Gzz;X-z8d4Lhro2E+;pEwVe}|yfM^;g(km6p|n_zY#9S+~@p%0uP
zvWUXzab|GW+*8inEzacWf+Lin(_5#YBF&X%1VhcGJAOy8TAss!>c7U~V!$@LG8#r&
z;B$e91dNN3u<KazYlsozk&J?3CP0C*9rRK<1%GWmAA%=0qRu%RqVJ>{xvW{=4Sf9^
ze<qgWq!mj+RwJ|%o4z4e?-Ucv{m_I&L|h8zW#YmBUL!by%9S{tsH&UnS>K5`^)bMX
z0&^H364?Qsv5+-)L(}wYg?Wdj<*(`?z{D+Vb1F4SlqvvnlK+&k=Guj0=608CBc2ZN
zaOuwMzFpGPNKp#d$~0e?baDd4Q~)3)e-sSRZX6?9dX@s01GR7$23-yfwbESjJ3M!+
za?@selk7La5c*qIdQnnWpo9py$4qHjHoV3D8;jgHN5&KX>v~DiL@$l-P9}=4O>J3O
zr1#A%?Y<SG=ZCF6pxij&x>*kkJ25cu>6_K)k56KfK*oZe^iayIL}MaJLEHSQe{GDa
z9q=Lmh0~tKtMzoSjI0z6*U-@@sDkl3MX*-`a<dU3gHxSK0>mW{CR~>sQWPJME0=Cx
zb~|6VahvGU73|(E{D;DzNeD7#KuP12`_<bv<pdV>m<X2xwQw6ITKZPHxK##F%d$B`
zBRyVT+7DgJSJQI3I!&G%1{17Qe`pNYYL=Wi?~fOA=&fmM6tq~*A8X`@h@G#}E1p`)
zB+2O9jN=AN7b!o4pr@=ge6VTm_-X%3wi~K>Uz*^75v_qhYJoaW7uk+>(gp-wJYYFM
zRsc!EigoQceeaj<%IV_~)!E5OD3@n?blBC3g$ph1cX0z`TVS0y^oxlee`QHew{+`r
z(ZU_nCO)3X#cNyK(ofCf=<JoZkVM=MPb}K!Td1cDmvj9ei(=`kieZIJL}Fq(sI&Jg
z5z?!gbeiF*cP<5Tnw5=3W?(^+8r6E5U1#WPZF{c5^8F-wuR_qC3K@v8aAEhW^w&Yc
z%-#9zKECJR-cs#Q*<Z{4e}^qu-nYu*MKMXQf})0>x31iSWwTy5y+UF`5kOU*ILHN3
zBOu3B)HDW$MPp0HNMrFhhtoTRcs$PO`@`|f+}vU<3~p^mKy+Y;nnVUUB=qvQ<^1ed
z>3U&y^xKu0uIFA%jFkRG9b=x0!sgyt;11Rflh19BlJWl~g1fG6e`!)fRB~K1cDoD4
zpt;y$P3lgy@GBC|h7p>fWdbd!bg@hK-4@pN*sYKjkL|!(cQV9_h6;xe(p#6(V&HZP
z+4cV}pZ3?I5Mx@4XuH!{hiP_Q(_ETZZ2!1db@T&K=Mkd0W~HS%M{?a5Pvv9h>+-|Z
z&VK}9tI-<GYPCMUf4U>4hr+yP=Vl(?dB8N=w&jxgC|ynxH=%1OYhFqG$;<Hr?G%>0
zNO0w9f^Pu^c9~AXIW+(URnQ=0YNHsl^7IP>Cg*PHHUztEZa_$#GV(Puo-<`>+Vspy
zMrL3@5Q5hV%{$pJZKBB6NPpj3l=sKlzR6S2^N777rYP2ke<gf=kB+FTE#>2x3GDyj
zPFyT6w1~8rw_q$QX|$tF?}&Siwbj0m!-oab<rn8D=>|w)CHYNI3abbo6}f0JvddHb
zJL_c1buQR6IIT*p(d*7?L@j2*!3vE)=GuR-(-H@V*oQ|*xR=h8%;S9np(#}sl04=1
zTC{-zY@SMZf0?K!Xzm4$MNo(@zsUT*o@BKubMDmBpcv9+k*a3h4grnd^~(PqFGr$o
zkU)Cz8VheMl*h|RG)?>J^W&oTbKf#Sz?(AqlkGsdErgnA=s@^tGLXf*vyTxyu~a2-
z`=6?p#K-9I$xQ)4Q8L`QpLAb8<vZuSAiA8Dkseg1f4=$)L@k98(3g_OH2Q50Pqn7d
z%*-%ccZt;eWa6U}VIiQt-7hd4A0x+wP+P#lP5~C?WP|R{HwcBQ;fYjXN0%HWpqS8`
zS;XelRhB-6TbFRm5J`8C`tYHUs7kJT3V_SGS-21P-KeKTHza!$nXWw9e+Gh^fH};1
z4wfhme_M#2f-90M#?V66w-!e1mO+N=1WzGn>Xl%-w)=nKJ|L}SMV#|dU#6d$I7ED8
z+nw~O_hG?SXow<ujt-r$==eUK>VE^3|83bPxO1O8HJ?uz`2IM~h7ow(YlJnxrzsl6
zq8jJCq}wAJZ4^Zy2eD+qhJ}Y?WapH$bx64Se}uKDLE~uyiW~u_eu|w^+*7i}kcLDh
zsbB$}-+#T^20)b?a*ZvR&yf9xalSWNq{M!)AjwCg7-Zc2*1+K!GWc?3Xn|0pE^Zxq
z(JF-;k7yzfVmdv5u)O|D-Te3IYUEv!vi06vZ#2rBFUiUcEF}(Tu3vP4&mJze`E}+$
ze--H78x4Z$XI4-sps32})-bAR|I1wW{+N#GIi*a|Z5x$otfGnjAh2fS70d8bqf5>}
z!0(kZ_%wIA6z>}Vcm`Pg5!wK+mUvdXsuV^(ewg=lKHs(SJvjb6q;ybUi_&_<0$V(t
zVqUI8IS?IC4B#DMiiQRSn%cTj<uog#f3M8#z(o8F6sp9o^4}Xas_>O9q4)mI`!=*e
zF}qqVsRSt%91G4V9%$GfLfIqGI>Y(i)}A}iL8A#*dW>3&W`gP31F(kGDQ~jLA{0`x
zIA5p#EgI*4W4+>nL=}Q)bbc@@tD2CVlQ_<sHr;>EN$0Hbm&`A^9|nt}O2|6Cf17E^
z1^4ldg92LXJZH9@-xnFp_oaxn%{HCWvG5t|L4~q3(o=@SrT<qJV`pm=8e+M^N%N2i
z!^=US+kP+IzeL3c5qJ|Dq}wJR+mZnarJa^M3>@qVE@xJ93l>mM<<<kx-5s`-GnzN@
zH;TLK3U1w|FXjBhRf*F)Ud9-;e}JN@J)*Kh-&O95jdeOv&OfYm1{#k4mH-<%#2j1)
z^5oKvvi}9%FTcML62EFGvlE9-ZDqS_=X?dNH&L4Zi87q7D`n@+$3){zsI92RX)(Hi
zoHr2iU$Tu0?Y=X*{oOr@hE7>hvx_N<9%XIMp{qTe+SIgMC|PEia}P&Sf2k>AW16{U
zuS-u*wsv61nR60NkxRbSaLPzF#b`W$Jmxo&3EcsN9E2#QV6ZSAhtIM?ICnzQ_FDLB
zvd({Ok^B9a_v2-BbLO#7`0Cw_;f9^>DD`kz21|NC&A8}nu(7;ireLE|Z_=9&7b3-~
zF`d8Cn+J{m5!!jWBYX?ZfA+g#=e!*wo$>p*S`iy3`Nfdmt&ssmi)2q5k8^%nRd)`w
zUT+&(eL};iVMO3jxR2qRQBpE$2$ub9*B4rj1fY_l(l(R|w@a^DPAoep5U4)Lb@ka0
z6s%g5jP14eCg0M+(h3*gf`X!_2QHyEa2_VRTeS74-)K+^fhDZKf7c=n%XE3<QbzOj
zj>E$RigQBBcIyY>ohj_A7=9!w0OEu-FEhGCyTFsOeWAMGB{Yooz*LnwD6OQxerz}*
zHS7CCE#rGXJjngkMOw4Ud0DR;adJZ1z6c4+Si)SDuN)~Hl5*_i<fA3wInT;oU$Dp>
z^IN-Xcge^yp%P9_e_yI=&&Vdr&nt7#>&?kTd(<>u;DY?(^{hoF88PY`8zE7?`vn;9
z_o)?ux)eYb#a9qdH0b4#34w2s+b5BoNR8r8|4X+ZfoW|)X<`}i5ij&r1Ce(6om!>+
zul>&72Vq{diZj|OPIUz(6>)ms{LJ2XB&?s@NAi&=NbaIle+e?d5T1DmwF-;h3hML0
z^&X%$<$db~tI#ZR8)KPuhaY+FCj7O4Ncx=W#UV|r5<C}oV{qv`8Qr_p`nzf>F0d#>
z2@-(>CeX2`kOi$3y3TsjZu;&;p1s+PE92vvUAE<Jot}=C3I&x)5fa0K$l%tvJR~*s
zBr47K$6z;he~=lH`ak9g_SQ>DLcblI=Qy+yrl<nkfFZEqa%L7Dg4dq(9Zb;rG};dl
zgb0e(TApGmwe8bCFlS$^O`F`S1g=1YcIE^_18W1-rs&h9>*|gK*?%lPC^`I0h-LWR
zHf@~u@1jO1g#)&dbpn?pH?m1vxg`Gp;5&q8X5~Gje^9E{RfUR_MtsUdE+)Pv&enzK
zXhq*6BT!EA-6T+?yph89MI|Mwy1nzQfgg)AMoCM$(;r@#^e9(cECPawF5F7Ls)(sn
zRDEg)GUQI5Y0Ga&AOYX0>;_R{p_JDw{>On+`5CGg#218{`4lCby~be7Gte)#e6pV$
zT0bGBf1;s(IRz&P-Zm9{!CMnhuf0DvGhGWa!kJK+y7dl@ox8F9kJcwo%#G?`*r)`W
z)DkK}#s}QfKdn0_Wa@igm+I3kWm!@SaB5J&MLbPX0HR4ALzMoxB!2T}`RGYhl@}Iu
zdecQ$9j?=>^QFD+^)$Uj+$x0wc_`Rv$6bvqf2l^R$oS|Ipllwh_xZhfN_hEbwj_}?
zG>$w7h3*jy0jrUY2PR>9zas3ieF_w>U{GOnpiSr{xu!VZYqS-EgjlyN87$d_=F&m%
zlpgR1)g}NjjRd=|$hRM*`YELvzUu}u95e6K9LKZ%b6xm9j!m7G^5+W7h&}2V`ZcUx
ze-0pAm~Z|6Satp)#2*i|_oNtEMTOTTlDW40;ZQ6{PoPAG^~sySSB?Oa#gw)DNF;N6
z{lCw49&65$@$-u8ZC3C-2Hxd!I7$L`s4F;yWIL9EQ|Z=qnZvw#<K$RGluJ*jB+t2o
zwt3*aWl?iOP}30hMKUvMvN`|zYdVdtf7rTIF%@ig)5za;dc795#Q#Z+KJelrsJ6u8
z8F~zRf#FUKD`$j?HlPuc3m|X3iFsEh{3@xDyt?4~D5%UK&-Zz4K6cmK(qesaeax6I
zY`O<zV%Ha|-4#ov(CfKFc=PHL2c^ac*Di`5_Dm(t`(+8&u{1Ti*H0W{Cs$Xne|||U
zaaHX>C{L?q5o|_y>1HLD2LqF|f}K8S#`)eC?>tfW&kery>i4B_U>E}@M*KoRmS!?B
zhtB%nbGPVx2(DgCouNGUt><4a|N52OTfW&nv}}19jcuZw_8K&2`gc?8akX}E91l!F
zkssk||B`$Z27|L{eI=(7!RDUue`3N$)m0WOo1TiI7g<A&CK{j1p;e~@-zhE9=o7?j
zOMQO*w<PY5RKw`HY0C7S(z-p6k!1FKQblEImi0fdF13WMa^)$*Kv4SnLK;fQEL|sW
z9bNc;fhphl@`v-kLYnovB5xj2&djisWpkT22{7c+ofcAV)d5^=ob^rgf3^1|@7m#e
zo&VgGYiN+*;vp6p@jMi7CGOcCf!2S_&>YKMIDb<6$1nA=UB>~cJVWIQs5;&A-j!ds
zNG`EJU4PX`K4+O27&tmzwXxS@;_5mbn235!x?i38Y+1U?`QHEJ<FWty$PAi#8hq9=
zE68v{HA<%A=$(?BNd5sYe--F{JVY|3apZqep`^m*(hHqaxfoz@|68+{WWHY<=keM!
zs!7u)%u}$Q^V`<8l#}Vuxu=%E{wX3*Bm>D4l(2`y?KyF#-lUrVaW+2R^QMR9c6YeP
z|I;+lV{+^7*Y9bjg?^L+ztG4(ZNgvq@m(1s_fpDCpq2x;Ld>!Pe-exI$`tDz%(VBy
zjn#@B3N&M8@o3`geM>syuG1q)Rz#Ie;i;D>%Ai@?*i<4H*G|<uAYtFFg4u_C(&{G$
zv<}d-VYoF)RY&#CJ?Tq6RoXNQ2OIJu%M*iS1JPBL=b>7c;0>dr?cNE<h*RFF;5Z2k
z4akT<1Flnl#&_E5f8HbZ+_SMubBK~nVi?TbbFNxv-?G0%j<tH3HhInpej3w&H8q#~
zMD3yl-I8kLzHsj|cM(Ywse%1!P_VnWbFDBZT#+{)k8eCp^&dDdO_!o+UbNs~Iqlp0
zp7YgJVU@C8>f`&Tvn-f>_P8NL@tf{FAST^bxf+L;$(Q%Pf79pjf|bUVdus4H$P52E
zO#D@|i^D~v(Gb;uLPJZp05C?^6JTW+Xk`bNjcS<L&<G+K8r5Z>F+!cH9G>~HUO#Em
z$s(hsgf|%EKKw?D<MyLMrrTlqyQZz-b-*_%K@vHpF;MLaHFQR51KERw)x)-c&mn=V
z`H9nWEd$ATf9iUeAB!sd%NLdX%JnIa>-O;v-~8%IU!0E}wvC((B0TTDyMPp6cF+13
zYxzc?77drr=atwEM5~#B=h5F)(Ptwt8B4Nz)_wTEG<`dh<Rcji<i|lnIryJ^<5`(~
zr_LoXOh=XmYa@`hv{xR3hww21eD-4E=dc>8mka1qfBXIzUHUSu`57LOG!oZSxQ2G9
z=|JKiQn?f7jk}*Zm+a}&6Jf{_am|Y(PqC_s+d;46L_C72`pM6!qtUQ|_4z2?husu5
z_Exe<IDF&O>?HRUt$m?}mO$i;l(cfOmR7M|^|WNip@RL&1wMAM^Y+csp)_l@qIajm
zIRXagfBS(yx9qL!fl2u9Tc5{u6m@@3N}0YyqhPwY3P=elN3L_fwD74G^SML@46IR4
z+(HFM0QCs8Z&oOfALker7WG(e)oJz4?@_u0Z=+eKXsc7Ab4>#g*2b&2{ZSIVZ{pxM
zPneHeR@E}vP^lC|7_2LCf`<}TZLiRlw^aW6e_A3FshQUMu;yB!!WVEjCA5=xA1l2#
z<k{cwzG3PhnkU8Kbs~c#@{$%6iHme&%v=8NdwB(^7T;YHWXB*28p;u&Y|{0A(=P7x
zagp7q#ZPj(*?#w1JNB&s=%sn8p|Q2~<XmBwj*6}i;wi_<3aZ$^@xZy=pcwDw8Is&o
zf4a7AWI0|tv)h+EY0ismdD6@y06YC7PY**JdT71l*JS?#_V2DUd#<mS1Whr&Ao>3A
z!CUE=;BAA0HtYciq<SclHHx{aB3@P=C%{85_0-0(a*TQJyF7zw{3LT8X)^&TMwmfE
znu}@XyI*(w*IiGTi{&J;O{byyXoa8!f9z2>IJllRh3|4;GUlXbR{L+)egT{P#{PP{
z+p?pIjw=1mmq6qndOVJ)fl<z4^L$B0?zr51K}@MSPmxeT+UXuFEFXuV;;bLqt`pCh
z)=WJAOQnQ7Z(la0AcHAyA`9^?yy0xLzKHV+7TPNxg{lkLbb%hZq*9H1FQtHlf5Zlw
zfvN;tGJr^PRO?%zQ#CHlQu2ai+lhJJRnOj5dVh?QrJmf9U~&Z1NpJ&I!EzRhU)Pno
zzj78jX{^|L=0y`sO2(1}0XAkQJ2r-ovMhNjFgbIQxGndSx8HIh@RuEDZ<U^&(bqAo
zJ4dditX`@M-p=$yrumXici7xwfANMKHx3VrN6@=9s)dLtZDswUgu=?FHciLv1GD~b
zl*QYQC2I}<>NI)FxVLZ*)AmF`P9rs)`}E;72G1RjBELD^d+xkUF%>Wt(!=8rOw5~t
z$eyf(*!c`XA00B?*;%QD|G-b5w*H4y+s_C7a=U4>#IGv-K2D3l;>BM1e_P4%+6f8x
z-zPrjyZm2>#N3erbOHhssUds@8KihvIDe|iZakO6((z()^8QnH7Pa~;E{{{kvBdkc
zT}oc`FewEhwE`~xTom+NvS(M)`gMc|F80Mam8gY~=Ers5Sin-Cx}>#$m<R6HOgU!H
zyOO4!U?`(bU~I^nZdyNDe>??ciy*qW&QB3~r|FL-3%mUwRfX9<kslon70tL>DHYX1
z-zy!eiy{J(>PMVyOKF15wA2t&HJ*z}8^6)J<`>ucRLC3EOk!N6U~<)iNo=E{Ugwrn
zJ3W`%u5excC*~yAL3D4#@;!pbIfDc_!x>qbZ_t-dTezHSh5m<<e{u(+wzF(~`FxEu
z{R`^qahFv2c+k(lzy);A>C^Pa4@vowjxRhkyFS$JhLhmouoWZ;l6`!xjbrX~q*P(6
zsZ!9y2K%35e#71QADN6`OqE4NLKHVoy37T{KoF#*f`tn_o{4YU_Gy^TS2*x?l{4pN
zmFA~Dg^37tna}K%f3fk(dcDa3%`=7*mG$6s9hqU?HjAk_qBa`dr{glKX<pZjdMUuZ
zwk&(zAI+JaZ(60ZA1HlAjUpT$;?fF5l`xE5RO)|sdd>fA4gksnD)W6lnK>1+e=pVN
zyxsEj*BRSPgDy$o(6ybcM~`z)$KY$6t&T^p><XH%=qhC1e}7k?0*g*CH}oDjLuA4(
zJd<gPHL}ci<^N!`_wT{PBT!WU^6vdCVFWJ)B&&(I#CBU;f+}<(z^_%9nA)^7Qs_$C
zvLh+f;HO<=HmfyRz$&Kb$mn~XX(oP!4>(lpH%yUvYG0N!!!|ye`N#d%%}V$hk!oO5
z?a4leX#lE2e^O4S*e$kPw#Ea`oT4<GUb0+aP)8vRPq$vgUvc<$c9qiPbssNEP78rT
ziw2qwUV~}RIK$?6wTGzwy~AjQdT93qcuV?k%p;2Z6%S~Upsv|;@!Ya=es<0?yR2zG
z=eJSnIYg?To<=tUH5k@Y;K6Ats_BK<!y?&Bx2EWke+2`V6c69}AuNFeKO?6Avb9Zw
zcpUx|Gb9H%V1t(Nek_HA5%2fbd$D@&y}D%~Cy$U37QbI(Q<lN1f%JZjjp=PmCgsBA
zKuOH)dyT!l1mS+Y?J^W?@M)!LPYa+m;7Ju&U=J59!@||;&o5wZoA7JU(naD_Dp0wo
z12k;$f4fzn4BE7elxanNmN=gygzx|0O?`ld=|)wr?c?KG9Q_<L0siEH{L+O83!V8G
z^D^Sfgwo<xLB&K;-ygS&gWr`4m4#)v7)kAEuV1cwfp^}m)*tq<_enlZX;}un7{yGZ
zh)7j3q<gyg`0U4N-K_tsnZ@BiO{m%O*!r*9f3dC?x3|M!eeUtc{u;(%vWb==f=2ky
zw&<X?>7*7M$glPsxbZk?xfQP_%+Q_f2)an3*D^(T0h}6&_*6NLTaa?){GXf^6PR3Q
zHx!{pMn^(CgW3pKYh!y<yb<lrgx*B|!>uRHI^aU$xT*#k<JuB*<l>I2b^qX9dq3!x
ze@MtA5%GLjmji2#A0voOlB$-uJ=N;{KB3BaZigy@POqo5yD!n?E4G<^Cx<^dcPhWc
zRuZyTKgT|dQKiJ@7I%E&?Y1Qz-(-uYsZr5-HAO;koX1wRTSh}F<b`FVPmT;!`;8>G
zc4ho;fG2jp=zm?VEo^ooLO6WgNXZxwe@Pz$DGGcD>5gN2=AI%Mr-lUmJz(%{J_zv@
z&E0QzhimCQIm7tB2(6Q;1+EIMDui%U1U<R%eCZL4?M9<Jxxm2uy#+5hz~xX$vfAxG
z;d&Kpc3ubXgTT?))sL0Cr;om*_wG@pcImITyfAiK6v->I*EuXSQdH54RC4vAe-}&)
zeET^eJT?SK6r`YslD(5lbGq05^WK^poyuf-ZEQC8A}c~81@&qm(DCUvys9!JsC_g8
zRR@U2>&-l3l`O4k5SpCt^LIvP@qZxD?t6llZ$6L)z#l<n3N!C-Yykp-n$^yCm#gbA
zm`{S>a-<~k+a6o~@1wCV*md)8fA~7QT50KMc{YZf&mc-rNGQ>}bWd~$JVz6Y?UukT
z+e&^GF{NcJs0w1UM6e-036ZNby;j`VEq+B6lFL}m`+cFncfRyb`(2q^2LwOaY?DtF
zBY_0D@oSp`44vuYk9mU%RB@i;*uWZX-$@o$Kfy_7xqoASr*rzBsBV9wf7%QJ#ugYg
zFC=l&Nkj9)VQ=k*AGCqT)a3DZ*VexiIZ97(IZ_g9_Ir<iFJSKYoS&m$I&Dof?Iykb
zdlGhbzIv+wH+E#;$$gECU^;6BS{dP+p7q<%fR_h^5MOjx^(bs6)I&;_g{9g4No6y4
z8-s-HJGlRCqm<?5mGLmrf7-1o(sCRv!x1}b_es-cMB^kd`J-c{DO{rLSV}|%3Un$j
z^*e9i^(S`h?H#`RKP+Qoi3o9!P>z9sNgn=KrGV7^{ByO!{`~FrIzN|wD`&VIs|9|)
zlJduY>ux(9yYI?R-_FFEZ%cLhY`*w?34g2_{IHV~9G|oC9YKezf7S|bJHeYj1gUZY
zl$U$RQjFa10X3r9p|ASUsq<TZITSU>WI5Sx*-hJtb05QW9z4G-<;+JX547d~h2IxL
z!T|$@wYT_J*l3{;azzc{bI#&q7Kp3rCIrS>YMHZzasII#Saw5MQ7#smeRCUB^S~Y<
zoGA)$Jww9B?@lFxf48jOY_`4c)|Ow2f@w;NOUihEraw$GyFSBVRL_r($Qp08GT(u;
z1$MCLa7Lja73;PRkl**RSPFDznztKqR8-blO5Z5D)`WMuCq6Qar~}$*If&oF*vU#3
zG)yRB%O<L6lQf6?XhJxB2SVU<Jt6BWw9lPGQr+Gp7YB-Gf7{0C$6Y9CRTLztsn=`6
z!Q9(3`yNS%^}Z*#$)XK0;iCu(Su4om*&~5Ubb%1St%p9&ab#snCu;}F_M@kt+Hs(D
z$Ed8XOT_qp{IhO18%~OfK4uitZLX>qhXNK<C_aQJOx43pj=NfGx!!P-*EH9g(Nt0`
z`ejT6FAZrFfA_f1SVWD%t$Saa5^Sh)2r5#NKJi4uE;v(Aly&y7M<s7d;0(C>gb!ln
z)*?=WWkr`JNk}wiWfypSL791JLxjqhNoK&S*TF1+Dmwi^P#_>GID3kYO$^t6U4pl!
zmhdnQ*2|Xl0DAM3Hka%9pD@47ws*4ZHoG}z`C5slf95V;f@aVNO}HBPEHktUsx`QH
zMn7$|ELW~A+HuRJY-{YEGQRmHo+zW(gLLVm;RAV(glP!oD{yRFlGLz)En!O-iQ(A%
zV}lsTAeE_U_wbQwN4T{UuhtX~E04D!zy8xhjD-4lohrf#8qi1u09{a*aG+Uow5PYM
z*8I-mf3>eR1xF}suB*p+6aHPhUQhp)t1gSFqaVNPAYF%!0%d5jhp5Y?hc%KMwmw^7
z;M*k3&J6qlM*^gh5vXOnr?~`3tOokgN1Qz2LAi)5@6-0Et%79u6GS!tT<r<Hk;bnY
z7Vqs8s9vA_&W%)}vIIPE))Q5rxcICRC`7p>e>oXAJ;&FrFOCC=bB@w%behwes(zgr
z89ANz4~6rws@Cf*20w);p*SI}Yl5V#sY)4pv0_+E0W&f)2`@}o!oWq{<P;00m)-(j
z^@yV`Di@d)#G$e%ypJH0JW`z#0zz}FCqzLCfD|Q%E-~#1jgGvX-X_osjGB^wM7)nW
zf7a@&g*GX2Nlf*dJssu`2AacDw{8Y1<4zp0*?!Y|9;Q^Q(QmW3z7>;6%Ht_~<xbxW
z;QCtY$3Dk}(nK0lN^oYGrZz#bq@>@0tVKMF0CPzQ`L#F#>iO?*UA&kWPa#3{yzo_1
zDmw0y6a3p4fs1jPVz+@P)2cg!ljVAAe`2$A$s#L;zJgyUcsXO`EY_`XlyEo;lFi9)
zUTNXJ1q{6PullcN$-%<9UIGW<=g)S3{Z@!;TT_&*4+9b)s(l<2`srMTYSd=jxhjef
zKpR+5r?4LCs8*bwn;@f1JTGbNd<%yNNny6zr0_<qj5Wk?cnZBa_gSD`M)nwbfBKC+
zVCGFjR5c(9DXB-)O|+mtUeQMnhedyJa?RN}?t_C)9=(40zr#x;KTmm09W4kX@v^nH
zDN@N?K3AM#&4n#M+fyv!FsVcDSa}YkfF4{@N7haZ5{d|>@V71O(a+S<QE^4PgpGoV
ziVGUZE+e8!iLgj;C7%^(?ktd_f2(}b#6xjBLyHs?tY($8j`wPszZBMd<up~<Iq!o*
zPIknO`%l4NEPbB@jq7boFH$2-kxVO#V1!YlL42g@R<b@sn2lj}tB{&7-RYrDnjUYc
zX-KeSEod;)jH`=zf|Wob&`CVn88Uf6N`;{qdCYqQSaUpp3;V6z;H^;$f2*mfK=PpR
zkFQH8oh66r+`h`Xn{S=bYj;lv;IWcaW5@ir;h7x_5czVb!@^toN|Me7#7N^rq-y{~
z^DN3zjn=gES?m;;G$kS+#t^7>aBS}Ow73G|;K8WuSWhGC2qIM|u{`1FBOD^qHwqxH
z5!c1m7nSO0Q`6VS9|r5xe`r>)aa5zUxupLbq}#umNUh<y?t>v*7Z(`*klSkW`aDMN
z%eq*xov`UO3?Rv6@sS$!n&7uoTBxQ=Dlx!6tE0-um9(lS8?al%yj1`aPo|NXX}-3o
zWKghP)dL$Em%5_7(Z==`kz0UW8d<*60vQ@{oj`Y4L|?sCJ+FW5f6h_|Sib|bA0rYG
z#jG#<xntJ2(W)+!Q<si?wesnwEmKwrkUX$Zp5Z{Wk}XGLf-s>o_vN(`GOfwxLrcnP
zgbI_C^t{i!Ikpw1m#)k)O62<#a2xOY4!;t=sD8W96+M)|i`2oSqF2=1mqIqRVvQsJ
zz4m;K{%F1yLGfJ;f53CCG?S5k<hL14tNM=h)S1nI_U_G-<***}El+n*YfyU+g)zop
zO-F<h4)mh4T1$E<{gRaCk!ggpAU+xoRvY1X-Ql7ZtFH+j76>(}9O)~+^iZ<l7!6ry
z5;UhVNuE>98Wm-(XAQ5(-Ap&L1KAUAz{~O)pHkt$sZmc4e*)I}_nFSrlZ@4%{h@k`
z@F1#Ch!LZ4V1VnYvQQ0YD8U$7YFcQ48!re%m6nx~Lt17L&<Z2b>&UW1+J74#2~qc#
zkKlVK-R)BGn>H);r6?`AVP&3{p+ZBUwWK9130m{FC}i@3+y-v=SzI~_4TQ(bs;rLj
z)%q3IGx0|<e-?)=+#}ld;?0lYzS|PS3_&5<no7us4i5yh!cd4pi!NhXp<Rw8ROFpV
zhi2kb#)}h?JQHR}kePm4M^%)Hqf<}Y)D;x7Kx6&$wXx@0<VL5h2jH87zv<5My4-T*
z!Lg;8Z)a=Z*JXY+jclc+woV82A&kKBdSLCYVGe3Ef1q+Pm8dPfT@YD>Uja>9A(}5=
z3wu*eRN<Q=OqYsGr)DV9pGhf_V3C#-+Ahqth+-*~N;1~<xbji#gUvV#e@!UMYw&`F
zH^-)IdV$UDX)(N+#v02DZ7sxaiIgT%r2vZuUPwe3RKk?L<EU*Q8A}q|m9tiq6fi=p
zR#{P2f3PO0uVpnYs%!~g$17SDLjNUYex(oidN1^qSDx2u&r2S3S+gxoD}S;6Ny@6s
z(`bj$q$wpuX<AP9)~qa!U2-@y!B)=+E#-#$8sXIE<ow!k=4h}Gok#k%PUY$`xdx{i
z-3RLaPY&Oy#`TJ0)24El)0ajzZ%>7%+0wIwf7MNbx?ZczAZ_(t3m$(8a<-ouRODq+
zu(l?E;<ymVS#_tpiz24iuCa=*qV*HQA>nTOKNBxkt2r}g(^kg<MflrTUKxL)ZXj)3
zEwJ!+*gynbAo!vwQGuo%XBcm-R1JNj5fYT^Ov@Nn+o6nqUF&N2_GOl}0jA+^PT+^X
zf6X;^v%~<i`;j-m=A>!O*HFsIrD~fQDpIPnqpPe5^=af{#keKPNa_s~HDA%jcG%TZ
zyFXo=o)&AopZx2}zX~hGW8<8vwiL9q7p0O@I~%K&YuPZY$-$SlO!QQNBSp+qbOV_Z
z(#PCBmr8iGQIxeRD?@qw9YlK_3zXBse*-Z6EdE&CR!2_$F#IC$kNyCSjblfLFF-~A
zKQEXI$Nj$x=3AgHIA@)I4|h*<Gf6GoMh&#dGKO+j4DD}enVFrvK7XcRDVc;iX8#lh
z6G|d8O*PF9A7^^z|7JCDzfRb2xEoJ?a-SA?gva(V7o<EQBE{t8gr<R_evPc2f6fR#
zI91kN5X3ME1eSr;kWi{XVvc6F;;-?C)LxS?w<V>&;G(+H4c;&cSe#Tuiz1Uf3le9B
zP>e^JU3c_`G(6}=pB+QWf*DYZ0ssI|5-<=36yzcL0ErJoO?fa$E4e38*b^q}2qkI?
zEq!Pe{g4$(5-s%xeB}@Q$a&LJe~qq~UEJS=#BPc!GEmk6G{6M}0YCsm;ODAvB9!8z
ziowkz2`QuSVV6;Ai0$oDV`!FD?%jJHU<D+Imv5jv7~iNzw?<(;?u=SKaIApxf&f7j
zK&=Id2Np3D;KT%QU=D&axNtxKKpLQ;h~q#51PD;?2+?<i#C~O@Z@sdnf7;pV{!4-Z
zspF3Im|I2_8-E7!>)aJ5+4nRUmx~BCt#ZT-?o9<y8=o;j6yQX77{DB470DsVE<WSV
zAOI*0Xet2X(S($ySyb&(;?LMit@@Rinvg3NCQ)b(e@M5i+Q)B=+;3_<cJ}}%EntqF
zeJzc~f`xi>8%9M`NbC0_f3&=VQb5sn9i}J<q6VlA30%k=kmRQ&xhB47zyMXrC2}+*
z#Xy~n{fm6B#9LAPz->ztDAWdqY;PH{gV~#j?;v|H5J(2ra)3uz8lW^FO2jv{M8mZb
z9Z~;0sAZ48B1<Hk`(o0ArC3Advnr^k-z~UXGkGnF;-~UDQQT$-f0Ouzq@Y`?3V@hA
zU7wc?vIeZdBm)@(g18_mjA1h%vY>*O*uJ4>Wpu>duFJ+$9jj0rN>aO{VP-o8z{&gq
z+}e^Rgmi$k!#F^UBt*3*9*vzk^OG&~z+xT*j_DsLZ0C~ga)k}2k*G$KDYuy^(d0|S
zuoXct?t$)^4@|FQe~=go&_o1bHQ*Z%QmR{Sf0=u``$#oEI2pzev&Bg0T%Y7Ic?wm-
z-M%9r|9Fya45*V&qX{d$Cqnf}ko`b0P87&@bBEN>mAjiGQlT;HbHzDxBvFDH4@w8-
zWz!llM}TPx2!PhYH3sOZYl*2#s=YurAKL?YS)4%79BdH(f7rVizr@_+e4zSa8xYh7
z!V+Tr<lS%i1GPOeh#+(8N6(qYs^raxc+$04i>(mp0ri@b!TF(+3i2>S1bic4Jyc29
zyQ1Qj)?0Mz_?n_NB1DeM9nxXQ%otc+rKuv3ACeK!2gMeYzQ}Yh+5w7rkRGytswTyi
z8RkuV-X&AWe?J=tG4>||_AgrkKmZ6B0V=>70hNQ(hH#gVedFTpxeQXod157WIB_{J
zbXUKrUa$X%NCc=6R0;8Y<Mlit6%HgMOc!~mQqLIp9*LxmqZ?Ei!h+RD&=@EcpgDjJ
z1ZfP2EO2$nnxXSkbpCw_q>9tTM%40Rkr}IhK|<}xe`iqefeArKCoFDX#O49n97#y~
zT*6SjYNCYeNm<@Kh@c|Cf0Ny7<?>{Z6o5xp;E6!_%}RZ}+n?ig;=BXLOJF5>tRs;H
z+ud;_JAP?fo#M0sX`H|2!|Ti@=B#MurjX}NkEE$9ZTZqTqK<&qV}7%d>+6rNMFL)l
zKwTIqe|m-08?TLw2e9(&SoVOvF=M)%?zAi9ymL5$9x<`7|EO_u=R>Gu03qsb2z$;;
zW9~m%sgLm4z~~K42JP$7mp~M_5+QsU(3*&cm6)%WpVRt$82a+r@BqI86ik14L%tZR
zRLu)k7ZAF*^ntw-DbrpYqbcC|;u>4)i+Ji&e^X?TcyK~+4Oj!AGyo8Q5#g6axm<s8
zGrRT0+bqumlqL>i1+yIo*k%gPAhCe8B9OQrp4Gc&I1LTPzK6Cic>kKZ<o?<seL!dj
zTHvd+3)-S@Alw52#tzm8J}mM&&zY<;?wb;P!A1=dg%6hx;%GFcc5Zl(0YJS^aw{}%
ze;Q6z*=fr8O+H<8-gBPB>&Hn3(h7D!S7{SsmEi$HAqXC9_#_4Pp*QwDxu<wC%Z{3b
z3)laT%BW_=ED%9}WNkTvmSe`!>kba1+t=GU$1#)FoELQ_XE$I3c|jX)Ra|WV#(-k9
z6f94uk~co~KffT?T>es%IY*8bteHU6e^efeB|rfl`{dykMyIEUly?7s*V6Pww<UMU
z6I!+)2am_L9{3d?FccJMJ&2?b-)4G)*`0jm>t21PQn_&9;z1d>05SmJ07e1V@?jU^
z(Ejh>f1dND$BOiB(=QR=j*wQu3b+8;AjiQN3ZO*yxmwn7fuw)&t<C<jj1L~+e_`Qs
zI2wW#;(*9iV8?LFh{o+=DQvouSCZ*VZkOniC)E}pixetg1Us-J74Iv>2155f8~g51
z)oA|ljVEUk>1JFkJRbiBppbyj0Aye?tA<<H8XW^Vp0T*n_=0WzZ2zkOu}WAWvj-~*
z9^*1{fdFWheA8>kT9f;3J%vere|SD>7<k<Pt_DFp00Tro&?vlE$nw0rCHH~eCFg@P
zsg~6S<Pbxpt*CW30Eo{(0JQ|HZ(t+mSflww3#>U`_(v}syzD<W5*_dr#0CIkIB;0U
z)^15?dh_z4^JJ%wRwD#-a(vi!;M!o00K>eD?ui$41_r*@C$j4FB{lKxe;oc;GbRBO
z2t~#e0TCcZ4=b4ae#2dIzcjk$f4KzN#?}@bFluc8+eJW7@evfD%fR{q7ct43tmfP)
zO6bUSt(`mUVgC(8k-QR_;R95_m&Ob$THfKeEjOK@&UBranw-HJ6i>3B3Rc_##14=E
z0D?v=5&&%{nH}%^8R)Lhe^-P`<6_<BayAs1+5b>M6!5XxxN=y*{tPwwkG7xlo#~%*
zoSqp0MOY);hEJifU;!Tk;{jBN%0l=73_GVanGMQgK<mXb_6ZN~GJ~sy=wh@509psC
zWDhIa&+n@(JH9esa6Z+NG#zhX93iQI7qo?Y!2nbMA(G@+xr1lNe|^DlYxM`JXPqwG
z&(E9$yq&Ltl4wLj93Z@KE&vGg(_f4nfS+@IS+cn9$k`CWEpF9KYCFM>IKxok_^>@Q
zF|7Rgtj+yk8a|1_!MdB?HVK*pD+7aCf8xMdE&N>hmE(@{=xKk|4MA*R6#Xdd!6^bV
z6o9D$fL00;FmT<Gf83t`@r7PzPqcZ$!MgsV!zO7&dk7O45ObDrJ^fFjKmn70{f=~t
z?`|JbsTk|(guT99xC4F!__$am3<HSV%G%I)pM3M$Kd@otPyqNp0R~|VdsG0nOW~63
z!oxa>G~%PR_+`dFN)s(Rb?6b*ikpCiMGP6B5r6;+4@3!Mf15jB(5q(t1;#s&@Z#Lg
z=_yBGLNbj=jD-$pZQbhyhqspNA4%@B{}{UZsv$<uth{po8&Fk%I;PJi5kUa2vwiDq
zZoe7HJbH!~XLe@COe5?Y6T_#3!o$27%Ya*6`x0K;+^f%2Bc2DwJw}czJSe~r;P#RN
zrOtRX*WF-Oe~+$k;?(}-vt^ysW*AVjg?0D@2@m^jsMlDO-snEN^a&(a3K9i&uzV!5
zehCO73RI2@Aqel}rN%z-%d&n6+TKZU;n>dn?GnUqb>r^q1A^JSXe{M&hKGHXt$yqm
zm)}%w;na{U1^*vTzNx(uu8A_XPTa9=+v+z?$F^}|f7>=Y={OzRwr$(?i8DRlGrwT=
z^{%a2d#zPBH4{3gFQRlO3I(RxCqd##zTx#P&9&xWIMP87M|EuP{<0auil&Am#<H>Z
zWi>nBZ}xbYTWQxuY>c&!)~`2hFQSa(9*HBCAo}bgEX_q#U7(VA0&HY)?;s!j#9~&a
zs%`?Lf5*GGe&e}#T)VaN8<cM8<w6D0gaJ`iTY|$%U%*I`<)9)l>uYXQ)-pc3)1FMj
z3j^CaVqdP@(J0a}!qL<eTrE8eU8H}B$_hHnb*FvzvSW!M?!l?TidH03Vxmw5nIh0m
z3rRL}06IX$zxw0M@Xr{vv%7bgJj+W4m0XCDX7S{x>VK@~?*%T*|0G^$6RaUSyP>W}
zix+jh-{9~F_~%0N{3tn=)(}ngj;)c8>QELk+x`;1d_8%9OAP&*Yu(A;>zkYVqR&`)
z&}A#DTEyJnH-(p_A%ZO=AuUqD<#$e7L(>f$o^i>jo)o;sY(NtB#aCujROK1^7ue9j
z=O_N%X@4=7q%S!ordz%fcLfy%YupP~AcAy;B=yEO6}Ff@w=PRiLhh`{-{?LB=l2G(
zgfe=y{l~n+_RBpBJ8yF9$rJDg!IUx7N_V~Bu;6Mk7OZUS4$Bt8(emBvM(wO1uYmL~
z&V5lHKccZ|xBmrR8B7KJm?^0Ej1MvD3fV)cJ%321<XAKb#AVYOyqM02{i2qbx*#mU
zaCYElJ^Ov9G7<6L2%5&Ui>1fuWqaHdL-x0TdGlw=sF-TlISQP#GA4^FLIhbRcFam<
zQml`z+RiD9UWT_|p1WCK-kJ0&TtVbNqC!FT)-n3~ocqjX&iE>%3}^JCTpTU7&{$+p
zxqlZxvJmz{7`R4}9u4K-mVq+qODHn?=uA<H)(%0nevg729=5H#Ci`twQ{Zsz9w8nv
zp@bh~iHQY{R0<Xcmt-{nMF_uU%B;cZ;F57Z=}W|6a$rZ{Buq(1sHm%RJ_|fuO~rp+
z@Gqd>+qa1jix@|{4rvXD>Mer&dBmb$;eXIPm>%3cXGF&iy67eGrz}U47x<T+*?RvC
zj&ei=PeNbknu_#Vl^((oNmT(%kwMlxgfXQ3Cdx_kcR+;x1&dndyQ^WsH?rS?{NnH*
znOVMxf6?<;!G#Qbubh0|W1JG45wc1f@QwhqMNxrUACW{;1bDtA^NLp*{ikA-Uw?^h
z!mwvC!fHR8ec^SkNUL>^{~dX)2PJO2e?h;-_n~HiC8QK;DgRByM|BXsS2nPUbPNjJ
z<?mG5;z;7L1+N_Eu^;he%Lf{>E8^a&^IcYq_&~lz`W3FxUg74|OY4o5W{@R>bq5I(
zI1JPxB9P=yKuEkt!@YU5ANF1(%73rOwjNmPoqLF}xEVAY#S!&sHy#1JM~C0xTEK0a
z49{gn4u-<J7gKnfykX^Aw$h?JE~KBRcjj)RX{Qe|E{OxGMntpleiNJ?k!ph&GtN9d
zc#q8f>wlvSK-xL4%su&ham&NmIeCCx#WWW1;j*hh(}0ZbOtw4&bz!~%BY!#;)I&r5
z@8NQabzym3?Wo+`3m`7%$0s7c=F73h`k!d~+9p;GmvV1qwceTswt&EM6p9?t%WS_j
z^PaGDzTrI?3!>Yfe$Ve7W3hw9)cgeI$o}vC8>V-^_5WM(oM>VT3@fy>L#6wZEb_0U
z5M@+tCO;!6VY`7^L-+r2dVc^HzXwjGUrR=2`Hmj)cc1%+5TzkZN2n`Na>l!^c}Cxk
zp4@V(>{|3r1f7P+dfrkubexM~Ba(K8M;hk8Ts13uXC9SISZ8#qPw$VCo#06)o)5f3
z;vK!Aq`#dRX`a8E*uvDq=hppHlN1mrz>>uZA+!laoVqglC#kdg?tjCFpt=VVM+GvH
zFZW|vlUj%WeLNx}<n43L37%ufn#IW&(ki)Kga~BmK2xgbQ^oESq{1c9(P_zHHf9Tl
zy($!Gva%}v#IjVW#v?Pur48YCPU|J?Wa}_f?tO0ZJGeoNynGDOGof4W+5Yy~X#@jU
zpHOm!Fp&&xyrP#U;(yUPoNrV=s>W2~&nX_de5&yO5YW(2%lQLXi>!=D_#Yw9Gi3?l
zC`yFnIFUpA-;<d9E<02in)w2&t|U2OdZ1G&BJyZbT13#u%Z3QeEzXiD*#FJP{5M|`
znX2s)lA-g^#2Tv#t2TA36c27)Nnj+8D{NniB1cLSn2m%j6n~d)<;a7c@y4RYIhqaX
z);rb*QZ}LE@$Lz!ChfLBz+h1`iCK{+T}hT-eUo*-?Cb$4Se}f^tyyfC8D+l<zmxx@
z30oEiAtOFH%w!O}Fb3p#SlZ#1LuP#VOnTf;am;w84v<eRhL=_LU4D$&W4rbQc4`$K
zv2hX9_}f}&D}RlF1>iPzLb_m%{UNFMzRcm6(m%hIVf(j*&24$KhVy1mw>tY&N0auD
z6#0`*%}&^V5NhBI+M7`D#K{>;HZb2FZAGx{ghaIeZVZboYW$FUn6a>3jy|kiW@s}|
z+O*qLh)WPbue1u6i9&J7uj3})xwHqsu;ckHMfJ-&?SHRF_j)M|%`Xn+w>Qv+EB#k4
z1$u@lJJnpMC1Br30*Gmqg*v9i;udZ8=i7MqKcYaH&cDhcmq)x?z6T3UwO0lrd>nIb
zh-J^r;1?M|btAf2bv8o4(5>f@znL!B@J<=3{1O8Zj3h7;0u=rbgE0L%+_fHe$$?9#
z{@~GyCx4c43Lh)9?XT~|EBV3(z}u0ng#-hSjz%UwzS=*uxEnk3#5-?wH|%UqNv8D~
z5{SbNVg-V5oYH-E$(xZZb;w!6exn5we-KqYa7|<gN9O(uH*o*+b@0y=xvuDnFhb#r
znC5p9cUZi_H#dUJP<{bg999SSalT>C;s90ZvwuJWTjVG0I%_2)i33Yddef5uj}J_@
zoj1Pl@Z>U7Y2q!<=b_E#G8@xdkaMvspm9<(S)L|n7?1)oMC50pSV(ryi0aHAyfOW%
zL`BD`Yl>*)irWuPmj<W?-YY~%<$1DRuHGAD`R=QPhe!Wg@Q3FB<>p%%{Tiqx^Dzg!
zi+@_=M6A(QXnix(i#9^Mk#CvaxE|$~`psBw-c6BBqq@`q0vCa}JjQ<rYT3Aq_Ta+E
z`WorB->=>j&Q{ZVdxqx&bHR7Vh+5D2H50ev`kDSHYzG{tJVfhhA{WLS!Z`9rwaa1z
zUJ*Dva%$!Wm7|XaA1GE=tpjNjtEC~xvVW!N;_$V&99bf=I{9tHR4`0NAnxtMTOiBR
z-f3P(bx%a9L7SMA258P-=<yGH)rhzs_~9|H^X&1DRn=xcv)+~$d3R$v_F#7IOi7$>
zdB_@D8&a+;k*b3E80}g*OEZnnh2-O*(>R09(91C#J_7rH81*l2U~)NnPm8I{q<=)5
zmiC$s*sPlsz-QA-xDGJoFS<_{HC!_6I-Z4L<P0y1i$wIZJ<hqMjTO7h>4(2OjDM&I
zYGT!1Rbj3gYd-Jg-pN1vQV$;(b2s4Gq`e{J35~pCzsquq-1*Qj<VH17`3if`@;quW
zb!njAX`6M0IgAr!>nhEK#1PRH|9?dApj~_^g%GvDd?jREp!kZhFtC@FwK%(WJsJ8F
zA1UjhkAWvG5+Wr@V<(yQZshU`efc(x9{>X49(3%445UW+XA<9ZKYy=XZF~{d^WL%7
zrJt=bOm+1Xc`kz}Q@`<*j##LEAZ3r-S5yO!E|R~T6R+P=6&Jb^M)Rql>3>QGNrnL;
z%J||5RSDNInN*QfeBoVRi~I$3?w?BZ7**;}iC}kGy>TYcMfI@Bmf~4B1JedwiIfiS
z<Uq)9+OUr^0wy=(8=L;vj%~u5AERfdUPUa2XJ1W-uBRp3Y_}T*4Hq{(97lpRtj!z~
zdrGpD>N!(U^w$hKwrBs;UVn)2eniw9hQfKb7@QalOi6MnNU9Y2slkN8NiF=0?0NdD
zA=CeQWNCPng(@zp^oe>WYAABHUwzR5VqtN*H}!_Bi{k{ylko;T4Slza1ns<$U6|!t
zp{%kgNqo=^^E7qQHdqXW)*qeZrUwddj=t>vmAq;rD-IbDPnBcR8GpaGsYywkaxVI2
zD0-J0CG^kp**6OSV+ja=ps|GFf&$zwK%0DI4K%VHJSzSK)%C1c|A-~G)fJ_T)t+Is
zR27Tfn4N@hF@BJ|e0{qhM1lQ9j1mm24E88M-4U0MFn3x#R&OjD8Y7X1rxxjit7-L(
zYdMH_VA1ir!(a0qVSlEP??mtM4jTwgl==8lZr@+gU}NLBF?@{+mSd)<|EJO@X*EQl
zV->l>q*0<lC5gaKkPXVhPdhc9y(#}A@6pDXRqf2x<=SOq%2+j07+W(`yjbxPV#1HP
z-=oZW=fKj;Hz2Mi^3X(xu`!&;@Alab*45@;b8+mm&nEdzsDEQEVnX37DT56rv<@Cy
zL)*Jg25gW$-O5rcequ%Sixe?8K!2#Y5k-@ssq0V^1OF}`3pxE)FO)RYT(3uxCc_&{
zQC&#Z3=+;`7Q&(6(2K6NbU*E?0!KN5RAnFPK<$G;OGhx|`+%Kdot`f@`J8Mwo)kG>
zo=28Gx8%_;LVsqd*yPE=Os2**oT=%7V?~h-1@R5V&}K@@ZX9iGR`)bkct4{D0soOF
zhi9&@7k4(7hxlT)H?p5kF1(u<!`q(i+s)5-!~H|^{xH{>H`PZEs6r1*;HMN|h=Vc&
zWN`bG!-OUDH6Z!iwCQB~`cw#O#^talojSZquhr6kG=G@$mi@Vnuh6bs|F(gA)AND+
zlapqxWXrcWQYZlIqHKXE2G?lb7(v#xScCIinhABZ2YTals4n&VdYF~Mo}|eS|CK0z
zPJF)?`G&7{{K@WAVh&)`2~Nxah3QL=LZX^ZO@df$#Oq&?m9hl>J^OKsQfY9s)(J*U
z4j3IsW`B4;^GT!jC|Grrcjsvj=CR}Y*nThYssf7ID3jWwEwpqJPS~yIEq`+Fb9j{S
zs4~>>@bt{rU(5@RUF*0u6KL{zaCAb}=$gW@RP~nSSZrOE)x>s!fOUniG|6cs%L^wy
zmcSvTo$gWFm$~mz;qFK2=FeCDm>b^`iT5nC!+-OIsd76F@1sXn^RGymld%MTz(4x4
zgb{YV9S`50N>v0@Vi0@4v+Cn@s!kd4E!-{mUrlM>bK);Yn8?~z&;%ZssGVyJ@4IoV
z1%++vZhcLBFE6g`18H8a5yR=X38M7vzBP(#j|A}3YL{{{EU~j>OyJSrl@9WgM0}x*
z2Y<Q5+2W<PWH`W^j7s^MSpPz$qN@;%H`r|~;C3GU<e*$(?IxvG>xuvRU(@_HM^nW2
z4z;cMT8rUl9>?CXFy4vD$<Fx9{|(0<L>~^Br0;1v#`UZXf&%1a9oL_-zbGqa2rOtD
z-JE7#RWt<u%O1?Vxe7|F4qmG;I)}j(gnu3Xc`N^_Vw<K!W)4GR9EB)2i6g^1w?~BL
zH`3Pgm)hRbShKta&JNl-+a{P6JWqdU=s%hR924p7`=k0NyBe6USbh=$>Yd@7$lT8T
zqoK)EhvIAFoWfc^sEd>Q{zfTzR=^}y?Oee~?J{P}bpN1d?Gal>8xt$x!y2ODb$|b;
z0xmNGHi~X=Q=t!Pz!fNzF|n@O=b$Wh+-@vgoQE<$L&{o$9*7SyEzNVG^;PowGxX$}
z37v&=(RvaLVUnWhVA@C|KO61&;}w<Fb88x|CEb|34Wlq1wcug5ry9q>ugEQZcB!j%
zuFd6sl~)c53++xbB;tk4yPzxx3x8wwPuLuxQk4WY8MUZ}kv&dC@G}Z-2SZ$gQVi9r
z?k^$oP>%b2AF3#{I<zuJ`^u!{7XeVhZQ)hV!^ZF*1L7+oQE7q#&V7VDsVPyoS~oOq
zFQMj_y7!6vbU)ZzjLm7F+iCIU+Dlo5{+>mR4~`nng+^~vFdCobsgZUdw0|5YdO$#?
zkyv?@B>p(7r94&JuzUZa8Ov6U8~5-XOop%0xOB6{tM;w{?PX(;62*ye7)xb9HNnN}
z@~TRRH-zL%@Y8-!<W8|!DvUTh6l7s&rXf$I_RkivE9Y8B=5O=0w^dl_R>9Vk&9)Rf
zEt+GZ=at6cT75om^Bhk&y?<FIb1W%B_>5&kaHU$f0Ows<8tJ5%BZ`>GV+&*Ez&XS`
z&Q#MUvou8+qn1cGUJWP}#FBoiSb8bClZhob5T+EB{yp&!F9vfVO6gDQp?#J&&k}E>
z58UOPos##jFK@C<BHjP4eLfbEnV;A-c1-hwUE}gE-XlG;-g3)BIDgSt!qBN0qG@&o
zG0lpgg$@vIGZ_r9D+29G)`A*BI29@ugC-JPY1g9x*FQ1&XI{mB(56*#P4+IrfaZQm
zRMl<6Th16sZ$FZ)eYKuQyofo{wmr~R#OK=PJe>BV)*C>t82X|<Dj4QRTcL76O`>y=
zQe=_A1He~CsKM`kFMq$du>Va}fvRQ5Uy67lBiVM>{CN2<#2dZvNwKqvNBV0k$cSgr
z#U#cQUQnAkn8xzf>-K2JDEXhb+=lL|IIZmdt@d}Uds+tp+GjJvo4S;00-t-!eGqsf
zEdUILfKkod61gH}Hl$VEJC}vg5_Q|P3ovwGfQ_PyBo1f4V1Mj>cJ%jpY!fyo6s8hn
zp$Gu!r%6*lV@d4+w_sqh!)HC50UQ&hJMz%IcYLaI{1>cMtmu;D%Cq<lt|c>TX@G5k
zr-6)R9{dCcWz&r6s~8?W92bFP!W|;E*#+_z9Ef9>`s*-fXcM}IOf>@ob6}8@FQ(|-
ztqg#?8i?c1u75+sg1`4LRD4)nn9;en6TN05Y`h-2%~p98Sc|YM&XHu64A+KN!pe$S
zNo&OJU<gBD-$59j!Y}$3A^rh}S*RbC$<{BJXx#BtXwy->WcU~R+_%ub)g`E%Gi<8o
zrq6BPzni1~BwBV%FZ}oSP4G~hCiF(3%vSKzz-*)?Du07mC`*b0u8aowQ|)+h9j);}
z6N)9Ace`8meTZzs=`#<TABxlA6{tby`&IFbz)Lg48;?!DyKiQ?lS@rB9v;wlDsHOu
z19G=kocW6{(@}@qN9Z5Qn=pTIf620XPmOTV>379d-ozcKR0D(Ie+uT2>gPzttlCAc
zrT|&&t$%0aUnj$41&>^`EjC@r+2-Bu@BBT%Z{DB2_fEaP!<u}#rCR^8bU$~w)_o>^
z|EFw>7v}FWBn=f3VW>^|N!RLe0eN}ot&g_%(D&~NhX~(8eTOy=zVxM}=I8!S*NqZM
zbR;62g8!yy{NRgheAVuEiGa!LzVaS6=fwO8fq(srW!>Pg8+W<`bIng^o|k2M<m=q#
z>frlc>R9-ddhuaJx|MpjS>Vq9V{wSM<l1nbthdCwPlzh4bO6Qwr6R*#QQ}4SAKou$
zn>W7=_G4a>r`u&p7jiqdjYtj=coJB|(-ayKIBH=+<i*0|`^`9zDu^MHa5|*jdSBF7
z9Dix$auGM&$rd(%IgkrJZ)!W%+&#zg3_c&IWy{rZKrVJ6|3l5Xr}h;v%W4l?Tqd&K
zU2Wtlu4drn-sJbr0=Z9hYxd?7!CREzze|5BuanEb$uvb(?jSrFV^_g0|NYN$$+kyp
zFrmz$&<vHrwln=$6B0oToyG36n6Yb&-hXi7iN!USXS%Q1IiZYp^DXg*Th9^y<?>2*
zX6SGKbnCq+I173|^NotF(@nPg;e<^;Lfe>Fu~X<ELuo}n$OW86av!FD*%o{$d;d<}
z@j7CRLs4KP>^i@cY79Pn7mZG^Y~0i@d{dLpM_*5fnX=;#qAFU;s-iVoU&j|lEq|#A
z&U`OXOvqY?Y1l}Jq%Cr`{e9*C4qDxA=^9c8eT9wnn*pY|Ob_cpuV=0CHQ=r&&Jawp
z5djHOm{zH)`{yQFu8L8&ZU0CBgckR)`uFpB<g2Su(2_f+_mnW`+_3QIx%O8ob3vC3
z_RV8*>ah34LPV*E<skskDn$t5)qfKA$Yb64&nh(ginM(QBPj69Zq(M)2agZYx%uW(
z*wTCZn@UIML)QFA5-^P|h3a2)VL^0fpb``GBTRyT%9jFyB(h&z4a>`RM&ln05|%*1
znH}uwD_?H|b~D7E+!NANMPO1=35oEgmrgXtU`}JqWJHl766mz<o|wHy7k?-TF|wn(
z7D)-mGYc0f+^Cb9N&Js_*ChvrIpnqN!a0{`Oat1mdOCd^y)TzU=FA`X!z~}kwdoBc
z?HhmGOhCy!A7Qhvk1@_f4q+oeb#fX7R}bN>3*+i08V$dv<N(mERzbp*;@&k9|Lcgs
z@OU@8bfgv-k_+L*c9!V_`+vZHl7Wd%MoMEoQsD)eW@}vVmVkaGmE_^R(1oJ_NQSX^
zW^zWF;k+*7<@lnjLAJOm^yTHb)K|TBpM47x*AMMXLD0;Po!6CK!1Qi{)7ydl{W&P?
zNl=l)5f=fMB;qKovdG2^QAckR{pKO}yAAG?K>_ZXNgKmPc(i-PFMqs}$)qcE69O{K
z$O!ss8|kTT_;UkTw_dr<A!;RJ%=5~#71K6;aCVKsy@M~6EpeY%yG#*d8#)%vJx!_o
zP2@PiWP1QuVAQlpspaukcD)GqZ`%fSbFYn`gZ|^>!q}55+Wb6M(2es<PWeRw5%-I5
zfUNg63uDmR)(^y<>3_Y=3lPHiN9=-EvVTAf8xK*riA}U{SP@i~l~<vZmEMSp(hHnd
zza*0)nnjyflXzlNeh+R?Y$z?3cs!NZWF_coMWc_;QS6_(Wpq-=tC~9mFyiztV%r)M
zV388+c$+o7PxbsF_T8~*YI%!*vmj$*d$M22x*&lL8_>Nb(|-~p<tBvEE?hnDtI+g%
zPbTxB`X|xa>kT-%GusAVc3QfbBq_TP9^gMBlqqS|oGCk@D^NJ;w3C3X`kK@~lC$A$
zJ~q!uwYlk!N}^V6)Q3s4>LNHK9;+yfz0rr?$n@J;l@rfwjLvm&@rTB-mvtx!Ja;|^
z?odC2U!G$D(|;Vg@9U_er)@1F;7m7Rw!3T)V8#*539|#o!f!q$)X{J)q5l*^`hA{w
zZ8~50OE8YOHDnui)hkVr6%ij@s}#?q_nfn_;rHxD_?cJHbUpHEi6gL{FD{Y6Xt-QX
zTtsk+ta<5o#Ysu|8YTdULYowUF4<UT$KncLbLC}o1b<I~#$K*%7w5UlkM5sm+(F-y
z6BoMmrv5mUycvuyI`NcH!Eza}Yr{;scY@N{{FGS+>EY}(18Lh3d7l@ANAkb@kS=ss
z^!hpt3lamga*7bULQsYSLQ$5t#Iqxfo{W>0${+t67r2tQ2q8&a2AR1u`1~F$vTr;Y
zy!9%?JAc+9!6k#(KJY=Ll}dQVWUD8{DGtG_ST=mZZT8tUsz2IagR>yGT8od!?JpW#
zLWK%HM4-VBFqBaivG5#DYZl_|x7+(?J!Z4~W<hIT>At@i<!v`LG9WR;;Y-b5VIY?E
z8qf1wQIUP`pSF#}PRu#t%JmpD7@{f0yx<Ar%zu6Fy%`Y4jzRW(iSpCGIV#H3WuWAp
zqMx|*5y2BhjY`pUq-7>}u&rsDp=evILfDbH>#w?|6{{mKGahi!!6n$Ha;6ru?DilP
zjoStB_FORW$Mn#y*6?%9TfQD=R>xR1Z$y+K87Cp2M0%BKg`lYr6abLyknj=M5%ePI
zwSTp7gUaK)+4#~*lLTbogOILx@4EpmTXG@<8RDn$LOmz}6L1-jW4ytM9NN>!O5&3&
zY7#c9t11F072ZIbTq*Ad9s=#S{!#4B&Digm_6Nl5z`gaW-&>=r06qN7Ue`WM-9b}B
z!aOh%7)eB(HE;iR{%Y9mDXW6o>uY|4Zhyq?yY*U-w_kc;w2tO;MkS<KxlCW+DvUW%
zXQ0*>YQv$4Fi!ZOGRHn5OX#&|Y1*t43~dQOI8KYcOA$)Wd1Dg&zu_cHDyxu^7`BvY
zUGY}==*2cH*{y-|C!T5%cOo6(Fc*d1H}vWTg#Fn&D_!2Ojn`K9_BPlrfQ2O#wtu3`
zMQ8ljdcJIej}%(qAdp4YWUuaNJEbby=g<zZ)#-jZ^(Jd)4KMCv^JXo7Ae~h>Y6($u
z!bCfm4~}FpLn}#<UBAJjt$;VaHK8_w9<0v=08h{3j~Vszb|LYLCrT!ha$c0umc;YX
z5CsFgKab76+y(oGkBbiM`O~PiDSu_o`StSyC!F3OL_rX5ZJnd3HHuYk&*ZXnrx+FU
zx0Ru=h2@J^N%e$|a1i|;qm(?tUSvhQNF-Lt>;WXrZ4j>e9##*ms%?~*`EYAPfxrnZ
z`f<+zj?2yn(MTfeX^vcST;717!~$H=HGhH<spYSJ218<T34p;t<!Wmfu75QrI$wkV
z7<WA>i9OPT$?h9lGZ{2mA_Gy9MI$<G128O;R9*aZA=ZUUTWE>yalcjh&g*ZSOC--E
zmW&P59W-`g8KOh|{ib_H?q?Cc|LDf#)E6-t&%l7I#&er7!UCrVTB3P+z%M;bG^D$r
zDpl0H3nrm0&^49|p}Ts>(tmG1mdp3q7DpgrvlC_%gFYG(cm=B~{;qGeUzXEfO{GD6
z9@zOAa)mz6Y)?6HImGM<ER|6zP;D*JG<BVB<j-7)(f2W5G=@hJPDHp6yg9s!`23*u
zaWWVsNXYDH%vqwqdcq%)QFF0#x`<x%G8J!mat03vy?B?Tj>pn9t$+9CcO&ge&5kIl
zqN8xeL2X}fVa0lh`b`7NiUKc<5W~bki;#{Nn?G7t?>V{kp9?JhNX}TL6IjE6ftf*&
z{7Y_xB|^N1NRftsy9kUyF>FTolg<%2)^sSY6Yz9O=Zq5T$Y(r|Ti$*^OkfCDQxJq}
z?9;>g{0?eFazwaWVt>m%75YEVf%9w!h6z1kV@MC%o%lw0P=8gngGzAB0B_~$9t}b)
zA?F{&G9)GYDHOQ3SDEdR{^wKwZ2QJ#=cn%Jf9d>uA5X&WzBi*YU(MGwRJ`?Y?I?du
z!S4|0;8BmEenr!G)W>8=D2r!Hy|qbq?(2$}*dO;n@Ps!&Jbw_W_VNy5O{u*N8txl`
z!C)tSxCWFfqNB=Ob#IAjQ>OSz<qJYqF}8KJIEP}fges9X6<~`XnC_Elu6>)i-5M|_
zu3dB!z8Fjgp;h5XXiw}*xo0>St%F1LA;&k&jo?Z}Rxu0B-rQsKBE-^cZX&pww&v7q
zsW5&`J1k09$bYW&AZ<Zc-l92$-sPE-KrF+evE=IihS)x$JMCi_qfXMU<pVNB%7{#v
zC?rK3J5C4kPC}4Xx0x;S3{x6XoY@R<9af-0S;b4NTfz5X{nP}fl`U$bjMEAG4sIg)
zLUo7UhyIII5)~<4G98{8j9PEP-6iHGP{zDh!8;(X@qfG=q%#m75KCh8L)qqq>a`{e
zS)Vs>`rH@p$c+n8M)M>trrc{r5tIfJjua%ceFc{P*C)b8b%+&@S)vuOnWZPQk{xaO
zb1=|7!aAuuSLZ97XNb2?PFeQm;dnt<Hmu@tm!!pVLNYo*$DW!IbAm@xN6A%_JAh`)
zAiRPfjepK^MwB<W6*~e*CxHjb_axqc%H%;^R?Kz?*MFF)KYBATtbE!Knfigp_7+*~
z(h;qS?>+cC&2WCT6RIp&>*%=Bc@Md_ilZO`r)^+AN!VY#1~h&%|M@Vw_uJV9nnex?
ziX~dcX>JYJhAg_+OMM3XF^9Z2nu_|P(INazz<=m2C}V$8R6;M-`DZJ|9`J6B!dR<U
z^yy+*1U3~yr)KUN0h4LVL~0NRS1^0(?+A21USl(<pU>+44|T1(B!UIJ=+RX!;1&FD
z|C^eh4%aHjf4&BKAuJ3dd~3s3lXm-%p`fgY?(L-hG-|cnH~a1X#}yil(?$+V@AfFM
zAb<Xt1AZJQDf%NV5t*00appp^ZGFfkiq2Aqhpp#9czw<R1-Aks)Dr*L#jID%mWMB4
z<zFBDOB}bpPQ+ptGRGDD$qHeF2}RfS)2uztk^;ps;na6bfRt^p*Fi2}Im)^oStT(=
z<&~uONbM}RTGCQ1Btmzuq{O`3#ySRzH-GE0;H$jb?RQtw^%y>Rwj)p!?RO~@uv#Qr
zJWFyGH|)o3_@U^E+gP(*G63dZLE~pFcx(2w{!T>Ku>(sV&SGF_4j@B!G=v~EE}E4?
ztAzPAVOJ+g34j%he<YZnp%2y{onJ;aq7#$gu2$0|u&Yf`krYckx-1bq)}Qo#&3}57
zL=I7ipRKs(j#+V>Q~{M?RUNGAh<8ZC+j!4Ti#F;j^u$>Wi$M8AIzubymWQ!gyph!=
z$JY<k_#*SYQ39qZLf`>b()YeMB^wDFC<AnDo6B3!02s{Ap3Upl+jyypCikvhY@t8~
z;y#9e6cPU-Kr9ZGW}1=&7Yo#)xPN`Fl^n<?B`Af6mO*WpFIDN+Y=18qT?Dr(wC*7O
zG&tF+;XOF+R4@y;SZo^}-Ru({77Ke3iyUEfZiVzDaO$eRHX@7(T|IG`OScaCu5cIc
zeRP|gjHhZYB2v6r7p_8jra}Ds4P@)t3u(5I?1!Rxj0AUf4R8$QS%IXzXMaS2gD?gt
zU?7mqYHf_I&)NN75Vv;aKkd<85cJGe2Ao|1ca_jhNwAg^6vJdGDf(y-X!Ou4ZN(?V
zH%JSA$#|oW-;Fo@O)nDkgLu~Ac`K8>1pckv=2L-UVR6ntC?^siNy2G@29SZHRmMwl
zs95z|PvS4LH*U=Q#Q1|oi+>=O9HW4RAj$EQX1jQS3160_Lem>xWqSVuYF}q}6X*oN
z)64Pc#U=!MWEnm5{Rw{Yr!{v{_g&m#P({A2BkwdOvKb(NlK*4C44F*|A^vH(WU^hy
zQo@L9<_h_BQG<w<=_|NpDJNdPKQ3CuTfl`RPEZ2*o?$r(f>vkNT7SGF#>3Q<j18sg
zuDWpqThH4?d3^(=eYv;=_eto^ZLsCKNBU!05KqVr?l}Vgb1@gRtp6ntw<035G%mKS
zrpzIOu1JUt<xDarCIi7mguykb1`y{LJ5^Vb86>ri%xi@!9+?DM$7;1ki-(@FF}dV7
z1vS5sDLAN#JDODww}0vVM8=yxEaD8Dybdbvia#2y`!;?y5*|1-^M`(XF^+u#H4ko5
zY?B|0*1NzMPX$4m!{CD%YXUJ!3i+)h0L(yX30AiOhqR}U)cp4`Sm)PQU>}0ZN+OyH
zKciG|V-yzcy6n6)vy9EVpT_i-bu$poAcsa9)FXM@ArA6=sDEy<fz~`xB^Z7L-iPyQ
zH^jfS0sF4s!&BX_>(#<Bv1l~&OA)q{O&`IXnVLXw{j~_oz9dkP#3E2v0cuzYhxG|i
zE|MZmy$oH=5W3TpGqX9|i_4<)x?N$7>SUkR8Qm2Ux{2vl1Y)U*{?gguneV;pkyixY
z{{9RX@5D2gPk+MjKH1Fu2~Ag&Pm%EdiHb>#u8ItjA~_APOqy<5^P*-!EcX)vp5Als
z6Q4izzg?=TJ#0^}y5i+`0j!SIZf0#{*9GF!Ezedr<kIr#>b~#gOADVrL4~M?4WVme
zs7-D@Lp840LZ2hgXP-(-rB*7k(7(`XGWb-Hc-6ppmw$rb**-EdS%)e^t6>|}dqo}~
zT50hFFn2jxc6hXJW%e9H#XF^^(9*FB)Y9ksBD|n4S`L?yFfk&I6mLLg<#~&3l(4uP
zVU5Fe#qol|Zt<{#X&<sNIo}|Wbmjt}&NQ>@*D3Bi1ZyogN34y$A~{0-tqT>`7Ni?h
zYhi)kNPmMO7&AZwH_WW@Ro~vAk?1Z;*g@~*a>Nzq>kHbgNa~y^Bhl>y=_!Cc8v|%4
zRtSB9poK`IxgknZXWy$ziko4?1W&z<_Ny_sLKIF3lZR16P=y9PDdwDjCc-Td$hL(a
zMycC|McYC$<k2pi(x^|PVuGhs#j+!1&J@^m(0_5cs`ITo%;bfQ0ebzh>+6#k5~JJt
zt0=qAyObU(b{36s{&sqj1zK)Cv{uONEhmAU!OOwViH7*Irbp@KZ5480{<r(ufBG=W
z;)Fc%5M>w?Nm~<C?H{$t0}{3BflG{V2+Koaqu&hip1_h-5efO!rLufdky{y>`It4R
z6MuqzJ?j<pxySH<ajYWFU>iHhD8|G&pV9(}>=Bz-m?5wqJ1AGQwy(47JZ>*WY`&kw
zERJ`?5F>3Jh1>qIJimuMXHkp;G5IRl%>PP78;XO=^HatG?;tGby10c-#IKxt9#@V!
z^>%eM87=JqlJwC5C6X60My}spGSS<l`+rE|5IW%fJSw)*qioBrxt%0AD-hm^_OWhs
zVl9fya~B17P3oS=^}=C%H=G*yh^y^x3AOFNYr9b|a^$`VVaj^a&nz?HEPH(r&E5J2
z7b_Y4cP)7C*H`M^5^F?`rO7t+WGoG+L&1y++c6+A<_2L3@l54lTZGTak$|+k&VP4T
zu%B8N`zN3LIu@jue|@WU>B%J;amp|&>>$e{q8q7$bLrd<;%d;P5}l~`Es}7xB%&>4
z(5-XzlUN_c&}$Z=O_+aX;?y#ZWk92_-W23utgh?#k28iW`C1wb&JF>~@ZPZZ1&pJt
zOil4hW=5ib!HnA<s081mHl>ecFMnzAz!j${?8n}N+p9)Gt*WF+HWiB3Bp||HF49pR
z5zBoMp5(L6uf6<izqgtfS)#i1I!8DZ8zDt~&{%5C&$I=EP$%gY*QMxgi$l_{i;u_a
zuI6rp$$jk;5<djiTuCI&QMThK8Sbkr%ND9f%1ak=t--(;HPnd?PIYK8hku+}KP0`j
z)Y|*9SVF7|#-hx+!=L}@Hv@k44!rQz9uctW_zF;OzdFVF?^3!P=Y|k5k#AByV*io!
zz5Louw6-dQK!_dxo8=r<vosr#nb3a@2T6cy!MDXN@CkX9!~Dj%=E^IBs7i)ZToFcw
zB5b&%1WiwfS%{c|`jWtZqkpKs>DN1sv7tfmB2670^dz$BR+KHi36(J*CM1ljVxzEB
zJ060(CnkLJ%vIZ&ic?OsZXvEOj}BU{Z7M9oWAbOPyIP_*46q@U#CL=y1LHiF&Bz!S
zw%AZ-6b#28_Q85+=}u~DIsv%FNVYEADz=TL?R*3)1*j`ciE9c|;(u##ZHU0We`$%4
z1^qab)c9v=vR_}8k^Q&Z4?~%au65yv*z;fEyR=d362SV#A?`5387G+~4DaKG*4kCN
z?GM+Fm>FBH-V+ud(4-QK`KKKuO)=TWsI9U<;c66!D^<=q3ZRHGK~Sh{|1gM>R$K-h
zM8Cfd=)b3)9YP)PA%9k{3FN)KlJWW@3C2DY#U*zwGGei=e(}rB3e?kZ+qW{u|01~B
zCrh@OA7h)_fKl`2dw#H@!y1MtD+A&w<&wDvU?TErOcC;dLxeI(<0{!wSctl8Ki0N?
zo^pSPwSN3Ut;G4V!=Zm5L6Kv1k`W`%5Ir+ISbRt&uF`PO-+xv0v6({Apa1jr&=O)Y
z((`w{<NnIX^@3x_^lcGRZ>XP66K4(#F3VyV8_9=H?0BE1&nT3?={MQurgXMl3?AwJ
zWbx0Ru5f2lg;iCp&jj<^VgDGJSd>Ay#uz~&ic394q*S0QHGKS@nkdTV6Yl8r!YaN~
zz353@ssyzCCx1M@60dD8uKUiti0>8mHxCXqrwfYl)=<97s~;!4#gC~f?gDghg!UAt
z1S!mv{x$S1cY!bQD%j5hhY(r&FY)(V9g;_|K0NQFeLO|$G-x)i*hZ!osK1fzPl(cM
z{faU6-*Xy|_IjUZ=d+UwmE0GW^5piI@HQF6Bdm!5=YO}0&5|5&DjpPvQCf5=9i1Lk
zXBOvNN+-SW=+f{PGQMC}L<6b6WH9Gqv!hdzBW%c_CLz%K7;-j=a{6rX&Yzr%wZH#6
zWAHDI<d?A66YL+CkI{c%_4#B?+wqSnW2|V*-2ji7n)6<wq2CzBU2}xa*_!#=aG$#W
zNsxR}JbyO#Cgfr!9D)a<#)PzPpBungo>y-C5+R<T1_x^?0Up>u>*G0;+r;!9CGD<A
z<U!gYjDo9qKoJL#R_hiSqZ{Dd;QfLGF#q}}N%I|eh_-_@P$Ja)x_f(hwn_LosYuQR
z(GJu6XPO`@NE2Ng>TecGQ&^|Hrbneh^a>NRWq-7Dt5`zcLclaBoy=*TD^5H0+%)Ot
z=rr<=;*3e^dMqx9MWbToky;^b@_fE@>#Mbrp@uUbHlB+~6DJ5g{t)jOz+n*dhZwA0
zKy6pZD{b-<Vi`)V?8%ElCw}@Iqb4u7u?&c%`4PUdBZ;odnv6yrm4$&Oi_%o-^Ub5h
z_J0(Br;KZ%QQ7n9_cS`NbBFk})Uqke@O9*SIoPNBjKnpviaRfKQ$&CBE-ECu8V7nZ
zh5Z&_^BurH|J=H%L{;>+(ac%1_QQ-)7h-NfX@+@~ZFLMP&t6}~kgw8=Mw5<TLO~e9
zB0@x=MY?N4;1i{Y<q<!}z_(M>h9%obcz<@&<&DjLGxs1=9i%9vCow*v$skqtR@*vW
zY&P<O_QK==>w^p+gs>vD=Z`7w!7&JGeVow~j$raZ(i4WyuUkatP%Q7KJ>yUt)CGS~
zK?+J4GIBZOiKUr^pKd<weELajFZ?mo)9Uy1r{}mNz5fm2I4LB|Hl}*1pUT4VDt{Uk
z&naMrwSO6vFs<st)cX;f8D%1exFSwYP_g3|r9I{y<D^s_GJqe=D}$yW%yTGc;FTj8
zy9N-x_#chfx0m%;cf2f*yjT<@_3OV{v#22e^L=g^X+BFn<)BQEA9l5@oW^{Ytg$zc
zOK4)oF6Kw#LUyT2k$%{cZ%DCD-G4QD2%55-b4As=$#{5b4KKh^6AFXoP<(!WfukS+
z+rmthyX)3Ld*!>2yaO@3CoaAla8AU73ZbIG(gayDBR)Q{qf_;H12440^F1TP(|(_0
zut$yk2Rp9nQ-)Lc=~n4vOl+>7i_ZA3G5}dugwx+N6agyS*{T4&K1O9R0)K=r_V3eC
z0Deivc%;X3F^aoG--Ra_GYHpl6Q0Gt?uZM(X;r5f2Ngr{Q|^fHMdG57REqjnv5i}N
z)}06bFkPFaFc5<WL|aB!5|h(pBpzaf)AutrqhoXVa>>OvaE{Mi_;cxgnsKWxt$((@
z3d*=+L1kq3F?C}PGxs;SZGZi%-M7{>V9h;Uz0Wfp9w(@~tA!R{ue}`i=h379E7O1V
zrMTz{v~a{wDGY-bHWYqIBB0!%!^?CFt1`FpX$&r=VTksP(UQv3m*ON|qwk{x5wD@m
zrY6g<!oS`Ix1tZA5|hk;N@+1G6`_~tmUSj)0wzsdsnuEq_C_JhlYe|7JE8H!D4O(L
zS~1ABT`lFmn12`KaSpBF<+KQSI$Rhrzms;EzwY$ETyiN~!Y~7`%~ltYx;qc^n3+8w
zTiDNYh&92#@&uoE(_arpx|@W!o~NG953_&bJKIV8H&~7gFV8OySQ5dkQw3B_HyrR0
z?_QmBE1;K%qj*k2@PENV0=T6l%MmWB^R99CWpC{UkFL4`fh7Upwr`C!2x2(r5nRt6
z&J&clT$X*o-oi`Af`)@!wShjbJ@QhY_EF2QYnV=t$cl%y@yn23&-DBg4xbCNYr=7d
z-G+=(CAqiwy{OKx(%v%-)k{aqpyd&%o<@CQVs5KINOnkkpMO8DEqAes2yvse^T<w}
zrr^*%zxoCEL^}gyycml**Ssjd2{w9VNX-YHqXV@M7J6lBIFWF&oR?%Zt$VCbMMja4
zE==-{S?NhrUhIDPgZr@m7DMUz0Bm9yA3A=2WpA%b`wOX#RHH@N^SV9tq!y+>9{oO1
zK=6M^MMWIZ*?%#}&GwKwjcH1SaE3U1Vz20J*MvIXgU#y*lwg`j9f{!CL0ce2wn`3x
zCxf7+M$8mXI97hcTo;fj&r7QX{wI_aFmTn(7g-7k-$a^=pk$~`);*ZZen+-DWQ)Li
zZxFxx2c10rrN&N*8sQX2QcBoUL%>`4vSWM$FTP4K&VNrMgV;anSxOr`J`!x8T;?En
zDLIDJI0AA|)UPpsfspA0{l{oV1&MD61^Ikw1PQJ@{!o@$O&>74kaSl>Xk(P~1aD9E
z=t8^*%*rUgS3d3L!TBD_@QZ`-1$-0V-A~S5hsJeEn3bWqyHFp`GssPckux`4vKOhA
zB_(l~dw;Mnf}No)14@AMw@8DX#ZN$=nP>6qofU@!hstJ2KxE_gO2V8Izk1k`672qu
z4A>u#^klm;KRyAwE4=cfi7Nsr-Um#WjwfP2f$_-EM=i^UN591Wa+asj6(q`V!PL$s
zu$o#+*wUoPl6yuDbE&xhr^0m~=#nJ8x*0TN`+w5znU}(#M=_BuNfBv*wEf#TR{^Ds
zwefs+IQl#K3RKoB6tJM$I|Ae$>>{(z1*u<%50Duc<PvzgX);@=A;wTBqXP^{3c0!q
zDy52Ek#k|D6bq92Xky_bID`gOEvunQYC{rxv&fFKDGaO|Vr{}QArXKFGOUrIVC`W$
zT7Q1@w-(t<^MbpOZQcjlxVc&#)9u$2E^R)dUGv>?73iFO1i00t1$J-kYkXbyjn;$c
zV8&V^=mDcv#1uOexm@LB19a)36DAPpD>yn4F+s$T2$dZ%zpuI%9Y6*!s+&@ybuF9e
z-Urd-R3#cS$P@RAwVQs4)o}v#*NwxCZhsk%;Bs7%g|P@f<|9gU`%6H$K|u)v^<Gmf
ztJztcAKW6n1ZPPT`%U@rHsC}RUZbn`(w}Y50=pPKVF`r}?Sahotr~-j6UETq0kw->
zf2v~z$km4?nsj*7ezNgdVl(&2<j)SGYYnGxhYW_LI^lAa+75ssI215nV<2hC%zuW#
zgO*6DiUsYf-;a9vUl>TGzfSnBW0|)z1bViyEA~tVqP(TLR0XQ_8E0CmrKgZ@o>*W=
zlS1nk1QG?&X0ukDHK&VTXOfMgkc!38_aA67;7du!D{`NI(Hp>ahR%>4p8D%fbUB(2
zu7+Oe<zEoj$leduQpCgAR6R5ymVd<Ufr5X?2Ns>7dSz|&m~*Bq?BI}*T)QB5%q3xQ
zx4mg|w>|sze&6wi5q##dEB1Oz5&+oSlsc{xm4~InkM<Ld*7Pd%th5+oXR5f+4jxH4
zBr!s!tbfF=GW>lamF(c#qh9u#k$3Y4J$z>H@;(oHLkldJxU6heK9|3TzkeQupRbRK
z_d9uZxvd%z8fadH+4wQZQY^caYq1Isgh=$V;qr)U@3sCe)t6d(7vCN5=}t^Dx}NEB
zd>&jaR<Tz56TJjlqI9oP-@0&V^Np>J&o0#aP0Hgymj}iaJ!GfxAA4^C#I5-YP(|u8
z*uLn?fui&6*)J-c;Pa-zlYj7b8@KB#1XY^)FYa0$IRkOqe>jg2F1FZr8%^cz^N1U)
z!se}9N?@agj>?VXcJ4t*f(1sX<X`Hv6(AiNd+7E}fa7HqYWqfOy7%k1rpvY|I*eue
z|7SZ7&Efyo&Ld0G<8U-BR8eNka+HJpu>tYQ`g(+8vi66${<N2Q4}YGyd6>Dmn~AIY
znq+mop5d_R-X@Phk+Y@VB6D}UL5OM+gI3QpCB2WyN6*1zCcCw>4Si2rTc$f9_sZPd
zHXu?Wil4v3uEV=yO{xpvs>h8UmY?+LCjbDgudk2i<m41fkaeq7EjOP(z4_?~`Ll3w
zHKXPQezSM8E{=~Q2!CB2JaKPFNE9SC8(ZW%`0Z`(uCHr5C@QY(USHeaY;XJR?e69c
zfIhjvtMz&(TL1h`u%m}!7*$frH!CASkLB90^I#;3z8ZUao-cc}*YVzPQ*;NF9JEeU
zpHxm|XSc1-ZTmg-4@K*MmFIeaeP8W-5$09{%2_1l;#PBC4}TBhZ~iM@kZx&d8G&xD
zlNva~I2z|uAlI%~0la_*u>_P7^oz{wDn(&{U`64;(F=lVQz+jd(0)R*BBt4irbUck
z$Q1vQq5gFw$JLekUrAbccsMhCG4}fU{Ygnl$#hj!RgKSjo~okIE9UiMU3d33vtf3^
zYsw8Qdxy98LVxu|j4EBKOO^UUD+v@_cD;-Sh7jIL$W*$k%&kCRwJIH;F)mKQqkHDF
znQ~T(tA-rdH&3<E46a-~@Y!tV95-?>YS!S#m%KK5;(X%W?ma!)4T5=l7p`2k!2wIT
zwgk)deAe2uIv5}S5AQ$1WZX+p@XLIaG6DKqq$TSoO@B0~gio|oaR$6#th&7pqQPQx
zvYljCG&HV2wVS_yL6KdIgF2_p!9m>Rm1W1BPtabn;`HwLQpKn_+w4F+16|%^hze%9
z4f3BCZ-_EAcDyAU9fSChA!AmG<e#QaYh6A}EwgHuUd+j3oh6vZV7lE0U_Q?%;6SsZ
z|NhHs(|;g&U7wzw#yNt{m81IAW=bbnT((qRx^lj{u`{w33LP;qG&{;Nh=riZIExez
zqI`pz#U4)@g7y@W7vb>swgR-eLq{KjVj9=2SSA^RGsQi^0Bf2DhtQIU0mFl{3uK0=
z>V<Vu)YH>DWxzfZ2>OXZiAhqJa3VrRWRNCtdVlr&9EZb)m{S9$*-8#3;C)SCzvB2d
zfQpr;P+eW+tJ9?NO6BMcI(B|l&DRVu&DGY!&HafUm~&+paZ$X%;DQY__xqCoXRGaa
zs-m}IBYN6GVoRHs;n?Jr%b4)u^oIgB0V*VFoj_GY_6KyMSsG_wG;VS9y~XXeTl1a#
z&VQr)=!76M!f2bW0%UlKkHDI38t8Ant01b;E_tGi?#=nNpRbSY<(#p`N;FvYJ{Mu)
z*x1ia`-8}lTpFet27gxv_nUX<80N?*thcv!B?e4Va3M0ckW8^WQYXFgDD^xv5vJeb
z$|=KEi+iKrSce4Q{~={RDd7>7;|7RWWq+BXfCVb80frs1MOw<B+9eni+$RE*Mm%;^
z<Z85S@LG>&oS`=Z1N|PKT`(p;yL=(&YqOliPf34plEz4pscuVco$2W4z4vY9Y!P2x
zTnGyD@Vqpp_!Ff%>$h!<3r6)kZkP&u+>%S<;4u5$e0}wSc;nbBQVXQ@^)2#6G=K1-
zN6=WA6d?CriHdB4g6F~Ys?|l5|4Wf@J;akKO2U&%76J1s4Sd>t6Y6^sWX*(JDWnVQ
zmM&Gp&8XyI$%9kMQa2-StV)AeH^%eBc()ol{G2NdgKAb~ie9HITaOG0pgN~HA~2s?
zlS_-Dv7xK%wuhr*5l4u$D67mNynl)f3=B;7_VW5t!@M8cki<%Lqi=chI82njG0@ll
zVlC71b02VgD~^-8W!wKlA@a8($s>|UBZjHwjLPOI3rr(v)d3ZjO~Z8K0g5PqxkkOJ
zA7G<O52Q1Dfv_YQSyezDw-WJ0VE~^&@zFHq!eR<Rs(yk?Ezk|aGex$w;D64Zv*MZK
zftaxyj)#$33W<l8<|vo1fhSyILZ7?9&85##!02_MnzAr0gPk1o)LU614H!U`$IR@B
z-`?Ja<~=cBTbmRH&*&)zPkA}Rc590FSG&F$QP)`M7WW$?{NefIwYjr&jR?#7d6A*L
zqa#s{;??PK;#b~#!MTJn>wmDvdoel}7q=@fOoz@!>9u`fXA``G15Rm*;R;<uJ2C|X
z?A@$166rodL{f#4T%>5&z8hMQjhAKDJaD<9_E0D&@&H((&^P9)#5mAvaXE~;K*}(T
zhXj6zi%cm@;0Z%#M3pnQ8)*eL1)H`D>xL^1Lxqn+-g)E%t<qr{bbshAv^RZRuYnla
z?=KU6ObpiPDGTB8)epUCebBU`|6UGtAl%d4{7k5iM)7NmVxBfoPQUho$E9ooV*c?F
zlgMKiyj?jkuEz!0(p#Fk;GV68veiJBCp!8e*YI<m>>S^wb{tlQ%X&0~sGd$_UR@?y
z5)-Ws3||CJ%-nn)CV!rlBpBO6myRw$hT24dGU{Z?2jy#*2a9#z8%iT`4h!GVC}qve
zLrGdKMdLgXLMd}EP$48G$Pc^y&|dlN>&p)_TCzNMIx8m(QtQ603BCJm-A0BAorl+1
ztXjjwBX92+&LhH<uWdz*L5Si103<-$zlqDA19;_@0`QYFXSY-P3GX_8@InBjNkVOJ
zYyDs->co&%^JzYuu%vG^Ha5NhGeFG0Tfz=+J%JPGKnYMy7((zZ?AWu1!%IIpeHJr<
z__Kh}E<&&*%9)%`0cn^#&n_y2UF2tpg?5%#Ma#|Lki8-G7p#b*rA3sUdJPpLm&4qN
zw*2rgQwNIufrSUTj}h+Nx{bp}e-1MbeER99uyt!Ub7D#dClhb7f{TA9B;Wq7uC9-W
zA<gE~e!!-N#*c=<>F}Wgu!^SOtZTryI=j%h?*PtDWO1sukD-;Y1*~F#as=&;T)PO{
z##o(Tvo~SJX@|t3jP?&S1&GY>5-0s;CXi|A#Qfj>JEoraS>(l0yd{ZQf9@Y!jO=q`
zIiXr*B@H=t{FqR#hWWX?D7l~f8{UfSJ45MPL<%}PJKu5Z_U*f3NVEC0A22&NJ0U&H
zx5jeS6h<Op_UH!n_qCGuY~9&|%FeC$(S=_8_`w4>mqBE<g3|!RNvNfBS$Q<GYTvNu
z&2k*OKnuKK_4nqz3Y-`Ie_P8-9P@OYk0Sd=|ALvFPlBvxo+PhM13n~XJCaiEm#J>w
z-+u+CPM+jCtrsQCZjdl55klc3fDaTmP)R@i%+@ViJ|l*-n_mrw6bJm0z%nmOc+t?t
zL3ZyMngiG>EDvnmdjPjG<#_qzDRxKz*ov61MMLR&6J`Lri^B><e;PIm&9>+a%;+Iz
z7aGn@!w08&={GR_2mg$D;WPT_aX1cD*%cA6+V+JWcrwco;l3aMhYubk&@6?9fX;i#
z4wBGp&%|6&(vnz!={JvzT%Qy}+Rd+qL&}rBAWrx{$mi!mKA2%8E5-#KU@J;s8^SUz
zdmhKZ;hQ*rwI6w3e}Xv41+~HDc>9SJV|qqpNOMj7y>%?8d+KsSkHU&o$91ikor2rc
zhQ;6i2TcF`A7NSg#-2(G&P={#9v+rY<TWCla0`=xr%#{4)q!i+B)8s6FTF^yAz`;9
zN(iy03Bo7}kj!^QZsSX0SPkY^%R$2oLw!TTC*{V|94#c?e_Xy7#oPwIapMMTmx9E#
zcH!H{PZJw-&TAMZo~8!C8$~RA4en`Yby>|8Zz9*-aj*(oh=Y@bn@ObHX8-WtFt=?V
z5dLgwK|?gFUpUKbPDF(wRko7bkKuRV+BKX!d4dnyQ%{A$V=MDPzE^QV2<EqdiHV8X
z?yj!?mDeRPf2;=c_BUxasfgd~yt^&caI)}PZ$gIRQgOy0`LXrDlNio9ymIO^mJ0GQ
zR1Z+nffa*P=kaD1SNjx2BIuSU=-|bWI5~olWo;vtMZ|LE7ykr{0SBC!gv&=dv>qwZ
zKnIhISfv8aw9&Cqk`2bk#<6Yd7CiIJ(;+nTX5{-4e+n9$6QKTHP`di0;G>7duv*No
zro&2gcde<h>CK_PNp;O65A@z8x4<GA8w8w|P~5!l3A}P;02c=biN)nYXv>R1u@S}h
zbgxF@Ook<+#RqqG*v?2|07EX^+%yY~x!?as%<g&yaaiB5G_Pt0X6bg~#QMscESa`b
zWvfuhf1WvWngT;%lfm=PJr^E8YP|6MbYSI51~&Aq=H}+Nh+#FEUtI@go9+Wbx_mu5
zI~Q(0Rn(&BPAM1eNkP(zZF~2@wRYm0M~>tE)HEXRkxP_TP41_;p4Aqzn4r`5C_P^n
z6VefaXk{S8KJjzN{@Pz-vGI{a(v8bz>>P+Ke`b<=Pn}Pt)pEfSmh-6-C;4}Kgz2(-
z&mQgYaBwSF!i>Hp0DN6-?OUWfa!m}Y$^2?NynIDa98B~l?ry<d0tENLHMk7!1Pd@&
zaCdiix8MYKcXtTRAQ{|U_xtZ*_r8bis;>GysqWWR{p|Ao2pu<`X05zKf>Ht{fQKxE
ze@NB0x6Yin-WaWe>GdrLcIW4RZ=Tc%4Pvevd=gQi7ohssW<$1UxhtPa8U9r(|IYG3
z*~e?r8$fU6N8I^?J=yy-n(=<TGwftdl&iAsKsGJ*9mRkIP_#Oit>D;;h$$mIa6z~x
zI*^#MajCnP8w?BkO&RL9SyfUN9Np4jf6%M1Dq7Vv=jT)Wr!3Q~4JY;%QC>#I=2sju
zl@MiFU82y~azT&%5%i|<^cKH&FV>zJ*26i5uJ%vRB~t<MWW%{1TN{Fd6`Q;DrDf&F
z@20KhgU<ifC*A(V1=sn7p;0IXK@KM^BTV31_pJXWU(=(L#EhQzA^p<?n0yBke-!1k
zG#@fOQv%~>{;U^NiMC=<q*rws(h|47mVY6`VXP2k+LNcP6<BfVM%iw`SH`Mii9!T^
ztk>fb?_M}RqrW~o+gO|O>_byHqDTKH1Z3o@XX83q4)C<rB@(&ndHeydKihNlJiC81
zU)(ZMl%V#<0COuPH#ZmZH{~k&e_J;Xu8!4}w;9JbsU^OpPh8k|`uP}7UQr>*a_Mf}
z){-&8@mMG5G`r1^&C;rC;jF#Fc@CaBc@CaUa{C`BfYMSPARODK`dKAw5V3Npm5wVB
z4&OWJ-ew$ksaUWjA<zgDOzF|4rZ@NKI(UMlOIUIgw=AFIdv15m?{ZbZfB3h92lU5!
zQD)lv?^w`-FR7rPA{vsDz@5r(Auz*p{0&xMDAEoFD&|D|{SEz_f=m?SPAig@!ZUY<
z+3?eo6sbjNX-lT>u;yw3+ixgL;ZGPG`71rTU`NSlR@^iCc>{*VL@)gi)cpI+W6aIK
z`rJpehK}ttH5$(uJXE8<e_Z>aWCHyXwyOsP-}y#umCE`(ENpD#6Tdn1rn7U16pk2t
zu%w?}0#))|g)z}EZXTEyCg2Zc?w`+>mzO^kO$w<Se$JB9{rW<EH^N<y*Bat*K>v(u
zGiA_gpKDLVw?4iUVrP(bL(T8D3ss47<7niXn%UWu&D_$27<2U%fBj1$3fFp#pd6ik
z2S%jb-F=#!>Jq3<uIo?Zh>4{p{c3z08MPn(&Z%B+Ns42RALITnfxflvmIq#r(Y*=g
zx;`hZK#lkL%SPKZrye)D3`pbU^5SA{S<okIO&=~C0h3RyVxNRG^)LIh)?MSp1Gk7F
zS=R-ZIs90Yun@hHe>4|^E>pT9lG?sUW08Q`LhLM)*`ht&*&vKTTmF1z3vSCd*&kFu
z1AwsGporp%5!BG=t{iktA|C56VTX|E=8uhA$C0(0M0@+;WiQR;|7z~y*Ew_OWgxHi
zH{+HV=t${d@h_@+jPx9a*0-f^zw6Z1L{&_vXm0voA5ZCZf6G;m<vPP>lZ3%CPH0~C
zTd+`h!F0aTf1H)cUx?)5U7AdZK%)Xi>oR~vH&`5T%7nC}>l{6Ip1sRnvg_1rmXkXx
zdpatH=BhOQG7W_o1%Y6%=F4z2y$@0zlKy;%EZys?*Y#dB+t(xpJ9}7Ou0x;^wx-E}
zo6BjMhI$Ylf9DGB>F=Tovmqg=|7>ait+J94aF&FOT1BxPUL?jAz237M9~`BBpN#cq
z2Lhwg{?SX7n}1na$rRvO6jT_-W#chcan>9>@OBvBclMTh@!d8j-GzjL2L9FD{(<zU
zvs2-)(hTJ+ta*|PXDjvsSrCti(J=0~<_)Zc1kg1kf3~*Ej(&Le^u)i3(B*w5h_7NI
ze{*?CPL})T`1L7+k(v3ku@GEHZ@-z-3Q%w;dN4ae?@nnKueUWEP)b*EAL)B9VWs4V
z!p!PD28jgJZ}=hagK8TPfE&nXWh(|3?5Z-<IuHtO0{#x8H<xVu0rY=KP0zk7`wWd$
zu6o3|e|XmXHXxg(B8k>q`^y5>oFH>s9|O-`hlIcHW^kO)iQbppDrL6)!SvQCtv_PQ
zo>p$GxMAdWj}Y(h^pdQWW8`9)Z<hRyEDXeYE7{o)RaLQT28O&H#EZK0?9@32Z^O3@
zopc#fp9ecdd<17OWxK9CRr|8hrz%JtH3j3ye+9l(Vm>@BM*_9|!*Lb@pIeUBVs%Hn
zyv?3HpI@I^(Xhwhr0m<k2xOcv?E>vA+$uaixOMcH+dejdCPV5Vh0#%lDZKa`k!Wy!
z)9yf)4Kuj(y9&+1YA8`dy>hyYMUr71*)U_#Bn19JyVVYBt)rxo0(dQty`>l#gyqWd
zf8X8vSW0yWQ=0oVH8u5PMm=ShojApe%}#!>u))?d-#=O32N03XQG5h?GT~kV{1;bO
zUxSclptlskO0;|A&;NCdBRUYeSpE5I{g^M=`i{zm^nR=hxh!8lE`F=A{|zQeOdI?q
z+&Pwxs7*DmyJsl|k?!?r^0L!8O`Y{he^aZ@P#hhRu?S0HO1e4LatV~_du5=*YwS*%
z&Hv#FQHSG1PJDlTJXM+`WXF=5V-S+xxhlJ9SfExdaq)5<CTC+XntUxu`8hJ8w(dxk
zWsRU<S*EH>Z%RdRtS&irZX?stK%l;SPf%{+CbAI&NQFg~8_K<8d_p2pI=`j*f7Dp?
zSw~u4+$!DBsX&5P8?mfYAyBBUiJFc)a^M&~zqk;X3fp`aipLqFm9lR?)FR_V;qLYI
zk=%!Jt01O6R9$W2zr(<#)6j7JQni-=<od7It3foD!S@~7dlQ-?H*>o~qZSoF=<UK;
z+>EQ0)lHxd^{%B;K89oLH0wYCe^_qHYh%l~xw)`IR!yZON?l;N2eUIGK+S2yHs_XU
zL|UtjZ~cKEfpC%Z{%QXnu>uu?>+IGuBdk2{XsQeS9zGw7rH9H2en|`5$o!yJ*Ve^u
z-eB<>FCE+Q;K{Qjd*G&7ObLn~pf16|9eag-{=^W0KfpH`iEl%fi{r;}f4-x*UHum>
z<QJ5PT#=@52;vz|+OyVAOqzluCA*nDJUr;`6!)krE3?Xkg<CXyX6D~g1}cW+7y4(U
zund<!Vgdky#%i4%3#1*$t4W4G1UjSdvt&E1%Q%$jy031k61zO`jchN6GSX-&i;|3O
zt8cJ5jqruv4gbyw;?K|je+yHvlqizRxPix`f}7?1lpGwCZ$ILB_O7)0%6HU4ioU>O
zWoM^;ti;z;_O5aKOmG|YDM6_Y7Jk~595YEA?<5xKX}nvYYX(wklDjZR?NO7fWH=pp
z=ENV;irYMIYu5`2L`|m~MC1hA8IZB-?TB`JqSF8M<2i=}xGi2ge?5sWG0zK_ZY?^u
znxGW_oT-c+wzq^Qy%Eh+{$&OwKX@dg*;ED7{npp`dzRF=#dgge%5cmi(srlC5QN1^
zK+SKe;glrrCJYJp<#DqKkfYZ*R|!fQ=S*Cm*N|)|cDup*N4H<Ts|2TSAQ?*Cr9*Nv
z6K7KP1KBcavOGghfBVswr?tRdTDpF(#oki?eH=`sk&>=3Z|;@bj?o6)+%4N5vA|a8
z5|gN5CEEJ|6{sj<4w*3om~-C!BQJ8$9N_CxBiTz0M-}AsNTU`X1R)=AvVRqb*UyY2
zljg8g)zdj*B55?0JinB=FyUK(7{YC^R3iykX`u^b#tzG~f0z-t+})4#0h*bAOGmJK
zVWg8YL1jj$d=<V9zkBZyqg(`o3M{b2-d+4%PwtK{V{(M()FJXV{a9`Cu4Pa^Gcm^N
zYQ9ge*zxnb5Wp6jWgrB3;!so!0H+?@3U&qa#eTS>S`NQMq)kwr|5+^|)uctJU3YYL
z=G-viJOm>ke~;dh{#jGt(9GK3?)p4TI{u{pgH#~2E0T~buvkc9nT7IT`;EX`MO@rZ
zIKL{adPDUyvcHB7{+cKyrYI}6dNI-9jyGRS`Um+<d6SGP;{m5ApC5rhF2nAkgW|F=
zOmvXCdYK~Ut$bBeYjaVIs6N}ofx@+M_{*C8(6~A9e|A>X#<uI?i*-~o904qK?-i<O
z-JodzPH!>yFk(dRGkmCp^Ks&_#+Vqsjy@BZ|0Iod^yvU^($y}40AC(ilF9fSRZckz
z=U=&N6&R>kG3v+}n3(uOp%w2IlmZjQfRptX_1TPcl^gup!GiBW+I=#?{5Z!#Nc%?z
ztNnT;f7?ap+nlPp=(Hh&vs0%h&A)mf0++ltUH$JUB6$(Te#68$<Q7Yt8?h*iDVLqX
zy>qc;9gf<lLMw^CD@oXKR0?7@CfXyiO}M??mTvqCL*9dXwtSL-3w~wc7Zmv!{PHFo
zR1FrVT4V&cCFawc!h9l5HwSL?KEg?&9m2z2e<==@{UK>k3pu=wY~yoRNPEHE5d>f4
zkR_?94iVl-OI|t?B3z5^@7h?nH2w@;)@9FXTH%4i&`^8uj1AdvDLg)3{o+y+!;!!7
zN?r6`ijWbIq-6LdI*)iNN;nic{PVgzz@4Dg6Pf*;^i^{(e!0#7MD`7$j8RlwJ|^9;
zf3ke$Nti2FT+^L<ocUFrwPOiqvV)F?32UluY}Li0Bf!l)Oas(AxbixSqZ1Qx_P1U=
zTspE;Azf$~Pmu-xI;vgPWj_pkVynGROk55q81<~vYeV*8%0a7)UYsLen*B{$k@ojI
zzz1R6f<$ekJ^7;_`bg`Lr7ElOU&ei-f34-(Bg?U^e2@Lsdhfs47j2km{Exm}C<10>
zZXTs%=R<c8$flQ-l_1jyyTqNtbzyzoM&8s_H*21wVJ;sC`1v|b$W%30zYQIuRO<L|
z6HhPv=+m$PVSchs($-OyCaug0=%i`n!sX`T@)y)~ccx{~XnF5nt=D|xfb`AMf5Z5F
zUAulvI=1>=Mfm<M{qI7rX7I%z%^*`M5o*ORHjo5H-m~p|r46^ETk&!D4vd!`5fOy?
z=bD~|aX0+dJFF~F?!GyXje@O$$}`iQ=Q}%8)Vh$vekZZ0=dBXo2TlMjLA%F`$}Ea3
zjHd~5g>VnMlhc8XOkKZKSz?Gnf1trGrR9SB1Fn%`Q3<5?QAxk3?Z)u3zi&)V3rKJ7
zcJFCVPKX2va-DQ)9?-V$eQ(J}WRI%u6P!5*(CdO-*8B0<x}FBo3A^oAV(Jy0_)BWP
zD-{0K3u(A<+R6cdB4nSXN{vd|YRM>^&z~1su74T$ty%1Jp10^f!0^K-e^+~ak0TfV
zs_XfX3E}N}n_xD!6kM%re=`Ia1nd{&m`0&6U7Pq7Rh_?pN!i89H!KIk(BrqAXSW`q
z2?LU=pQ1h_%zvG`u9E9EJ01F#T9i%`gp>@{PYBF&tm4H%3iM@g9^k^7I!zt_w*6Wh
zY~67?HIf;Dg_AG`_x>CHe<lU@fszijJsMa@@a$u~yFB>^KVj?)M{a6Sv8|A<hGda=
zIsBp<QrmsUYzEhmfvJ+?T*s#Sd>xEwBu?>sYvB8*sGz_x52tdZYF;ICy}$4WstDAx
zj|@L!BQs}V_+>Zb!WYWxx+4kS*l+TbCi;A%rMv6Ldsrtkb5+*Te*)d`LXEbrZojbI
zYDE^#AI*Lsk6)iUzx*M{*7l9n)BPb~xHrA;lm@k~qMb<B)7f+Hnqh?k;B&MnEL=a$
zNrIxR!FU{bUqG!##mm}FpRZz;Zp!n%mnV$*1_($Vo5+r02s*9qiamO2|EVo>J(Qep
z4+8bd)EEMrJg95Qe?@6xq=;8^yUjLQ;&(hDWWDGnXu6&X*G;LM%nmAXqyh~gk_Hq4
zZf{So&8<46yqSju^<w6GpC47dFU<ZhCOEpD`g_(GJj@RIO|8Xo{o|s-uba-^cz4Ql
zzlTKm8(mM+dJ!nQV8^2#A3v`!J-#R5yG|Vle+(u2`|J%xf9_ahFCXQ)Z(e_a5(#tv
zrhDCUlUlb&rl2K7pfT}p#W%-9(0QwQ)o&&#_)@3g#^328NSTu{e(e8o3^EklPjMx2
zD5&~))VCk-|IyIS!0!@JwKJs0{}GgCvOpy$C@*>_sDKbCsF(j(0Y^|!uIx}yCniu(
zfD9<8FOE4Ke`-Si38XA^<SdnxpqT!{NKnw>)=+T&bKHNM_<!tyf-QiCg8ko||9Ay3
z|3_L-0Q-OO|0w=GBZ`EAQo{P*^O@JryFD{3Ae!5+uVLMfnV=InmhmKx5fc)U2rx_-
zA}P`>scBm}6;@IoyeSUS<^e+Rl#=X#c^{!8>#9j`fBO)M2`om){FJ0E8Uo2AZv$-=
zovXX6rgpA1=1ziWj{_z|qghB!re)SEZ{_%cNi)Ckv2(R`rE|NPz}D7`WaIA$Z%ciw
z-Tz;B)@`>3`wsIYm{8Y^+^k8t1LN}#e(H8RqIVx-6M>urN@VYWZx-?(-5;*tk(6{3
z97-U#e;rw$Qew25V*W2?68=nq?y`BtxRS|RNr4rUe)Bb??$8Q0dlU=mootLRS3v}*
zaJ^Q$XIA4Z*W9#P^Vmy=>i2rQGp--f_i5<e-b;M*SPC>QR==+YEXSWdmMG$cE}@i&
z$z!vHkLrg%l7oaTj@ehzW}aw%p1+SgDac;|e=g7Szy8?C!8ho*&(^gsxO0c<>-AK7
z0SlLYDDjSou$`VJCgJ=fl~$|INh765)xHh=<SBVAjDN>4dUd~s-g)xfv@Cs@`S|+Y
zaK7c2_23;LMUyJ=H8cSQE5d`WtL_taTmOpul9WHZ6#>N3(sVG1qP`AV$>7sSeZ_T{
zf4(Gex*Jt_eJLJ9uO_#E^1^ce^!QZp-oFz)%OMjb&)pUFK-|`?uFt3(_@;29JM*!8
z<J9BAmc?xJbnNbU*nJPa@DhJ1-0n>OPv1|`0Tgm^uV#&z`hdkG9RWwx=gu1PNbVTW
zCm7rZ&K>lQZl&)6L^l%H!mp_Q!*A5hf6OlGm?XSq0-Z5aJk6cV=HGvtLNJYIhwA>`
zb<TkB>DD0Vb@6mo60TUh>PQ*X`e$UXW;g}Ethzjn?)xeM=|%P`)w{dzru)sr<AKft
z`E?Z=Ww*tQ7(@4XQPUS8`&kkhJu1}b<b?-!w?&6_LD7#f7j9Z2G`SbSF&ES&f2a@y
zs=?O_5k2xgH!9@qAiiDnZK5muZB2gtJ*CJ;gr7|8`1EWU<ZSWL()ZzI4Wb~$k1C3X
zSc46*b8M)BPqI7T$Cw`9F20wC>rBH#izqD4AtmTgk1u@?+t5Y~ZFsCSPdNeRHa8x&
z=u+Rz<Sz45$>;swLfJPzKBv<~f9bkUZ%AfH$(*tmPP&pFctKB&Y(x7YyFrdQd}(%<
zb2Bu#ux2JdRemj=<GyU*F7zV_^9L(Fiaj9Ps|=}J(u^5El03x1c2;-xeId&-?#6p|
z7_6gfFqdfCcpmC|QFNn-&QV=&lRj!6)i`@!@~>Qn^?4J#`Jg>U$;Rrue>RUg-DVu#
zH~KGX@c^*2zzGjy16U~t8h>;n!cX)SjkXD3Djhu=<4?NpqlZ%|7x%k6<@o;Rxq>+I
zM3=V4NS-a6LUJhn%JKr&5nRCM?3AQpZfuE(0N7KZm9~U$2N-5>n#kROyJZ^;F>a$J
z#mM7V-#7&kIqkajV7USPe-za@<J+zN_J0`H>v(o~cI6%Ewpp(&19{+UnXc#=@>wzs
zjW>-C|9wecc{@lJZF*s@7s%V;f!cmmFNWCW?|k%JZ?_Mfibz<&!GuKhHJ(pf?a_w2
zBm7jT=6RYhwF|95t8HkTFo_u^4sR4O?V~9blO14&q2<S%@$5paf144oJ!VfWWg;71
z_`wwT=(uR->t?@R#+R9Z;hxwXUEoy}&^b?cmAkJUfz-5)yRwUydueg+oeQ5IoVhoJ
z^V8WjRZ>%xC5@DfC4R#5`BhV`%K-2SQt`pirkI3!Uc4l~R8yv?!!hU>+{k;lC+%5<
z_PC4=&j$!}x<Xb$e{VO89H=bVhE!Y}!eC)``+}VLwJEy>+jo(>YyOPv)}RM=JM%-X
zSjoXN`#x{o|M>!Vb{m^h^>kp~p0un<Bb3fqX9B32ns?5Xm2JOc`G>2FZ(H)7O@dPw
zHeU$dgH=eVsLV`CQ3jAc@p{!xV)C+liOc!HMQ(sEyoaZ)fAp)&)>LL9sdzBdQ2CZG
zUHTbhY4q-;cEd;UtjH>?CA6O}oc^2i%S}G$_(MD^D!RMJ5dcnFc#EH?O!pmX)u{8X
zgSyH~e;^knj4^Wkw-QYu(-N&pgC&RB_wVcNIY$_*c1ZRva}KI_XZ&b`d&})4pBQS&
z_bdCStCN~hf0;hL(?6P58D-ol?S%$<H*|P(U(s7dehjU&vv}$2mkgptoJqiG#+-&k
zK%J3xZ_8k<&E%ibv?(h}y*f)R1aXh_Rjn31M6epb3XWzoZWHL}huW@dK2;X!eQWdk
zb2VJlC1{-STFv1=koRfL;*g`{dCFjEfO|PyIYr_Zf3Sr}o?@Jj^ogF#!iqMM<x(*2
zg)CR8CZE7oS!H4E=aR_QbIG{VccuoryWy8)ly%;9Fkts3k0lI(ZG*F4{<2raGrNHN
zuNzjv_P{sPovy92l*<6=pxd4Qi*S*9KkE9Ccuh3<?4IIStrAh3ojM#8t7V$dmlV33
zPB~}re}f&u25!SOxsxNR1UgNd2Bffpf)Kl3E0l{IcfXy<FIyKKKQxB27B_|VO}Em6
zr6W(hg?xd?QK2grYzRFQHnkR3y{;czC$E^OK85=4Hp%G+iu#&&SL5d*@$0G4b-2o_
z_U5})(B*1x>TFUR1Osu;j6pETHYEWaxL_ooe?))uP25^3Np`}bf4=`Lok`ti>)g2B
z<4O&B_nnQ*Z~5SDTP0?8yHd7A9DV<@)Si@~#-o3%!V}egZSD(rd9ORVj+cCrK43PS
zW<?;Hiz<zKB*d(hGh+exFU-e?GvA8<RhFymJd&nm#%?j&HZg{kdcoQ5jDATk2cnO8
ze;7sBsRfPIgH}(PYo>)HbuKOqm6IR`)v^@0BF<y1-#v8Ss~Myp5<b70*)-VB)I<CS
ze}>2wUxGke<C`UXw6&kHrdBWT-|}Rh7qdT8UaW6Pz$4=9A>(9@!&KALL=6i<_b&<m
zl*D^=m$U?PMkXay>#zkP3F{IK)oB5rf1{JjFQdch#%~jYujFb_+wTqAcKaU(d^4L~
zx43eTVoGB4EKeaivC!EJBHQc^#Slk3pF=yLtYB?g@=0{0Y?}2D{#m`QdL5DgLLp;m
zO}z<=VJ9t4;V=sfzO5w3k6-%pues9b_OX$p>#&QP9;iKV>EAC&zv4p_-#X&se`ZJJ
zBdtVRv5=@>;ptqUiqM95Ibo?szaB9DvcwLw5^M7qw{0_L4TG5%42s6Ij3Ap_%Ncxs
zcKX%ymTIco^JLQRAaWY#&SvSeb-QL{w2xbzZd{P^xj8SJcN))qOi6W2*MDlk$h2He
zD_Kee{3$CeHRdOTES%wsapAq;e?Va@_|h=yfB#na9WG#-hTLQA2yu4X3oPK}1D$9a
zOgtQ22^dvFjQIVQ;E3kFSBVfI&F^PN-cQ&MsZ7Yo;Cx#Pxk-0+J^T4JI*N(!+fTaa
z{ix#8ISLee-@T0Mi;QjaY;zw}Y60AS>W!)9TBkOqF2roa^`S!#eT4O~e>M7kEQ!5t
z%-v`g#dmKi*uD@|aC!=5qocDF4u#g1(eD@1M+_fXRjt~6`35s+l6_N>=aK&+txt1F
z4te9}?){-@)+c5syXZX0)$4zOb`;aSc<00E1#@e7-*#9%bT7FiB|pdfMsma~m(Dj<
znFpXSXB{Mu$0Vm}9R)<@e>|qThblzCM$Db1`}XY;vfl09eRpGQ@cdJyeIM+(<+}Kr
zo?Mj2=f&LN?$C=JAvI9eOicMyZAfs;_@sEkJ#veQTwU0afQpPf{tEmP`O?&&ZeMgC
zI`oP%BwAEUN{sksU?1zuaO^1F>&TB{YeVKpjv>3|vKO=u&<-*Te?wbd(Tq(Xg}dPN
z5G%zENy`1J%uUpO#p)#!oq%$T&yU!ECU)1Y`s=#kcK2nbD!Q&AnY4ypwkWbxSR!3k
z8+?zJdDqTP`Y>6%&(`)ZcMVal`{MtR<?rCPDrlq+s14vnSxn9%yF5JS7kMk>dmTO1
z*cMp_enA{OI&Q$rf3!-`k}XZFmmwE%kJ4b2D8u%ERkiN&FY+|@fFImg>#2C#>Hg)9
z_A2^84n5~R^e$T5`>TO#?cOOM<vrr*Wp7Nqk3kDJG1c~uH#Y-|5*3|CXaeK*NH!zS
z_QtMKSBy|`L_rLcBe}j_)MjJG;0)35%65S59K*Rv!m+Xtf5OIo17qDYK+t&i9PMY+
zOd`dEbqgmyt}>6lmIs`O2qlx+*BaHx5y5#M5ehRQs?%a&4^}YCm{9~a=#TVn7#ux$
z`@pFFyzlHaK%Q*JA7+3`1G6+7X-o1X<~F!zJ$G94#mfI<e)K!M>2b9y221K(MS?E<
z@jbqE+2F4%f147m`9-=hS`Ps#9tk=mqCSR`N0tU<pAAjev9xE$0ypw}G=gXc|D(eP
zOg5p{tGaDFD5IAO@Z#&nJ6p;cR$&8yqUrhGQoxy4R;pK}{@`!4F9!0C4g2T@R~{T3
zSisOH1=)xKT(UlWGe)OD+mrdogSTl(uYKrolbDGIe=!GFQ}ub%9ewuOj97%AziXUM
ziB!1FnxTyHQPTa_KgO?rL{^aMJ<D*=G@J7)XP(^?DSCl37Koc<p5UnHiUa^GPcYy{
zRT!y|Vxl!8+%MwHQeE?>_00~rjHP{#;+C?RR8m(!&g1&UOODM+#xJFuBa|UhjM!b-
zE7OBCf6X%V$np$hNTyU=At$cn1kJ>~Q953go^z~p(syB6Ty2i8)AactudQ!a;KuwX
z(kOSL0P>+y4c}pN_qJ$xNk<j{^!<b=t8%1qM}RuGP5*ha1A%!Z3g<sBFqq<|1H$v5
z3?Rnq1Usm43buSpzj|W0Cp<?VmodBBMWf!be~a9E*>R?yW9A+0Bt66ViJDWP_cAI_
zUBPZKerM93s^DDx3ylG}_*Ph>C`jaw(?N998aQci()p!0Bo`GnEScQ8?hDMlRCqCJ
z_!S0N(v7VId3AAvAjFkl{WjrLGlN9>+$e~cS}F)gBtb@#442C)_X0md*mX}SUQytQ
ze<xp@j8}mhazSMtwq&MykNjKkaI{%{dQpV?_jO*ZIx&}!^W@J<R){fzw(%P)?A67W
zUm)XSHf(?-cS?|L!$9iaiyya{FW#;SCo8T?7mq0TobzQJlpEg~uN$a8q*OGuzLim3
z^Ltb6pH1U7%tw^;l7u20+oTR;Lx~v&e@ynX{Hl%kl^?myV4hXmaL^dU{5U%oxqCJ(
z8I~*}#|F&?V}U1kUCI3|&M6K9g}eh2F|ORdk{Q)xoNx!!NGeK#E5zd@ci@Kw(rBQF
zL|<y=qv?lSzNLCREvc1Jwj^>KCo)OWPhLI8*h!F8;HJnY0;J1DsMk>XBwZ(Bf0|76
zu*<Or=~k?Gdzls}Q>d1os^wcBdJpsR^FB`m2Qh1**yRxO*C{OdyfdXlc!2QKmX;EA
z*t29PmZh|#<52;RAdXCaT^w8(?0AcCNt96BdM2RmL@D^FgJzue3xy~($%EXB{@9r!
z|6UhpC$E)i;|{?#&|M*C{91{we~9H)*Q`7$=^gPOE#ui1w|N^6E!kayeAwivM8%x<
z_t`<KpHmmpX~k9Q8011_I%&4&_s1$Pv~rR1JOHIcxu7L$s3I;T2dpBrrdUNYO~w(=
z28;`f?@yFkRZ0wfgk6PrjAM+zQjVqwm!t%wib1uiFsf)xYlZA**@Z#If9kNK%?U!i
z;rzAopbjc+bF8pVNWQ^L?Pva<r#N@w|8n5Y2k?IF{Rgob8?kbwC-79~@JA+TeOg2W
z&v2x%_nxNr{IA$>{DI*~GENn<Z_iz(9N`;zf6dx>#2!b>Z5c$SS$mBAlbl`Pw+RCO
z#uhES`0|@Mrh={f0~yhNf7+9Ct`jAqhnI63UaRmBo@8hsja#{gk8it@cf6t?Vono%
z3G3IQFto-on~xMf!AUKXEyY%*v4~1QFvk}dB0PG{h(TH%nd*`Bb>)c~Tb5EOrEDFX
zucTfjWagBx2=r9#_UQIys7(hIru1@D&71dFHj7-?Ra2+#!c&taf1$VbJQU_L8~K41
zFh5^%VRrTX8r)yYe~U2D!hz*R1w;72G842tqTMLfxIAEc&ITizhu_|FvL{~VNL(qS
z*tEBW)X-(zQ*kWsf#wifirljDk}q8m)2mHhyi86}s?N=>!s{bA1*6~3i>jE?ZiDuN
z;gh+9Wi})m=CN|`e-nXVZP_E`Z~CI-Og~;t^T9K`tJ@z~tE^<I2VwJW6eQ3YCB)i9
z=0ynr@k-8~ku&wQz&Wk%1XuYjM)#G~N|J{*<--bQvPCN1ly0OX!2DvNLEC`hSo1;&
zKYR$;<v$Q6VO@O{;Dlinz<hbN!m*i~GYR?rx$gZDiN#lIf58W(F(Rt_`$a2U?0IY=
znscI1stu~vCOMv7q*^q^!H_3bq__BM?LJ)V3-l=i&`K&mdg=zgP3#E(k$kRkjG<?=
zW)nZ6)u7(Q`Fh=kfkf7(dR51@S+==a;q+f)$utNKR`&`H8UHWM2}wL6$X3vdf73$R
zUo7TS;mvUbf6GbA{B&=7X+h-gX(<p@9)Ce@kyot{Cy8Aks4z1qOHRNWV^XEqrZkVd
zlG`-`NpvD?btDvBPuQO$#UA#%vh#e_8FadzuFC@C5)EP>4Tywu?Jhj64FA-J(;I-O
zXpc?qhSUAr?r<{RX9VF2Qug*66&We|A-UpGTU}U8e;y*(jr`i7W)f~f1z$iEEq+0!
zg~n|Ua=M9Z%N+412BcXj#zUxw)q|emD<I8@ZB710o!HolZg)d7HxCLk5s3c0t>zDf
z!TDt(O>2Jd$&hWUfD263j-8aXEJDRfjJJ+DUI1eFUE26sG+K*WyW7tD+0G-Dru|VY
zsa)xwe+qF1;tC!;eFGb{k&thiTJy{!=F$XI<5$-n1agxMd#iCu_;q!cyXB`9TQ-V4
z)P3gxjkQ{?`)((0Aq}Nz9hzic;2E0fm%_F8NsE8+ev3nx^_-5j^uLO!EA60ydY@E#
zR6P8S#7MK~aIL(TFjm&E7p#rLL^{rs$h5GGfBEl(fyOd32<orih(V_-SkSyG=6BS0
z%Ig7Y^SM<)>qMqGPN0V(eh5kn=U9ov3V1-Cagv8hs<^=#uqD(|`A1V)WL7{#=Z|a4
ztO-bVfug{bq5|<cFoDc3t~ty7wIC9M@ET+5()mM@9?iYQ^Qgw1OE_bZ#PaS1nfKSx
ze-Kzbw29!00H8vGNYy4dg}7o-%n~&i3osOEREtdB@k9KJY7smR89pCbR;e8Q$))Rg
z#j+LgZA;otj*Z%|l)if1=?b_b{1sf?k17tB64@Vcy0LbAt0aNB+75EwzD_Ay!rP~z
zk}`So4K3dh`_>f<TP2pE={KiI=4<#4e>Q|X5!k87+`80m8&Gj?3x;SQ)zOTWj(Y_i
zCzfWU({{sD;L#qV2+tj%bYp(^IwcOSp43y+HNA;C?hoq!`hzq%u0&MkNL)d!`YP`v
zh2{^gJ8#f(M+bB<s>*K5HHP-*!}MA2JClX|Q9Lkd$}|S$UfZr-rVuB(g}{MFf0?O-
zr=MoR1Fe%Y?JLNL*M>9HNbRiY&Gs>~x=!3DzqWQF<Dp}9yIPLZmciwO);;4ZIq!M!
zx#68(^B8{!V8uJExQR~`__=52ex)DZ8~mmL^^faa+<HP6BL4TU23~iv7-fj$5Dfyt
zH5C^}+cKG7d>m@)`E*5l`%6U?e_PfiRu<6pg~haqPGVY<Nr`uiP?<aYQNy6KftG}}
zuvHuD)40{EN$d?x&HDUX3wOQ6(jR`Ky<fKZ*>m|ZatQk6E`l1cS$`E=#30&40qXk<
zJIG^$J9Nd-25(n}Ban;3K)&wK<7W6ZcB<3UxmjTPW6bdB5i~B@o>um*f2*QK2pXn&
zjWFIglQuJe=X4!ZcU8MrLeOyiPulx!0ouUFPUB+RWq_pDZJ_OI9mx1P4~W!Y^iqA&
za)w*@6zdAb6yWfras6NPc`vG_0QiOAE!CS$!nb4an1O;y2KU@)wb4b*NrE`xYMgk)
zE6ig5MV?=I)LXGh*%G@WfBa-lYm6EMrGb%>G)C%P%QOzmXgm{MHdKw6(Oas^<s~&W
z4jOYR*=^6`h%W7t<60z%*w&&B%ehy?_hW1B{fep(@p1_hHRX%t7EUe|##?6o_<nqA
zgI|0%n;4+%iuYy3fEXURR&>js%jKMVq-PA9nHuO1@Ale&X3@zse_c~#w_Z*4?%gGG
zHS7#KSlfsFX?(V%)avcJ4Xdfa=&T>P@x=0%2E~sqGs&eumUPRTUn<Og;2G_@6GEPV
z`j7Dn82|)(g(}9n48cQvuQUc1&WAt1+y@{PB(_UpN19k&Qxx6GT(4W;VU9XP-@=*e
z!5o1nF-3%fe~f-?e=_FSxqGHW_xNGgzp>qLfGp3x4X;TjOJ{bppZ$BbeeUeQlub^P
zFv=nlYQ)=2##_In*wDNMw~rxd8BmUeS*)kd!1YYe-<ta=&An}eIqP^mC>l4P+3NU7
zvORV8hmu66p+`nPd^v9DNNndwRU(;*mJ!HYf>w!N9pfd1e+~LqNrS3hUtIx+3Dqf`
z*7DMOt2C%d3u<R-fUj{!6&B=ucy1%G<!PMb4=k|6G=9{9)=l#{;bJ|Chrjh^sNGxj
z&w3gymb>9j!5}Xcuo$S{H&pnw#6i7HbCS|&zv<STvz50SCJ|%A(_d?Hjsy}?(7w}~
z+_F%VB9#Z=f7q?{n*Qyz9pengV{P$Az|_XKIFdBdI=BrwY%=+kV<xY#vZy$tOn7dW
z9P6gGMlRvdN?WsJm!r3cZ%8F`3wj@M>n+owC}+(GrQZOIuB>r9(Jg|UCpLLkR|HmF
zKA)8ZB|QF^3I_AUB03prwu3Ii<A3GU2^&wJM$JSXe{>qupvzx*P`v9Id@)k0GIxkG
z*=ad&BY*oR6?G<=Htv$B|2fs<wVdl<>+E`XDJD{IpdB}QoGew8!0E+xL@9W5<ujEq
zFo=`DmUSoC^W%h%RG{?;dI$x1iyUHlh~OG@{Eu)E$y~$sYg1S?1JNDJqS<6BqI}wI
zl#dp>e<*7vc^auPs!dw)`+x71+8qx=-ru51=E6nT5G*O?DnC;ca$9VkYJly))g=Gb
z@GKj_qnV%szZ1!?Sm3o`o7>yxST%ZMHF4cc?ST%yUfEaNYS^u>_ndSsQ-+%^(ih0`
zCCdh{?9C$y`4I9*kO~CZ8D*QTcaEGk>pJ-6e{^WEY+rkUt;){r&q5^owLOJk)U!q}
zw=}x;;6HQU{~`5!j+^h<^EIr1l_Jnf;=9`=cBRM8a?o9nDiN}zY(kx>gT88^0cs*8
z#`;J-hzrKo2R$%>`-a$YsJh-cS<&(UzYfgpf)FWXpbOj4XUoh~o14W9csZ!JIN>WJ
zf4m&^*h|v5n>?@L5hiZKk9?OohGP}gW4I){xndrbdv=sdca6#u`MwpBrVc!fTpv%d
z*v!or4Vj+~mY)}$ZI=!ghgVM04pztabd?FREc1Fm>tG;GA)Fiz-d|wVl{;q+mIQMN
zw@0a17>)i{{5ViuwqwQp$i4nG839!ge}DizD}?$Vv=UtfEGOjTBj0{_nJ)mZK23zM
zbYs%<Qh~C!xZT|UmAWMkbEs;@;7C;699cfJy86KdI9`rIZ=MT;W7GY_p&p9DcBGop
z5q2{_;*8I$PHR{lfQ4p~j%cDQwjh8elsnNIS(5E=@^K~8CpC*EqMv1q=H$MCe*#80
znlljR(jIY3mcp6?B<S}k4HDixx}uvKmS{{)gJNEmhn4$ryGH`48GmbgUMV^3ox2MM
zaOHuK78DDbr06)A(&+$dviKiHl`oG>A4Y{qSg0s;*i7P4FMh{=4d}AGRcS`t$1E<l
zvcgXteR9)6ad$ycKYF0;R#BObe+AkA@6pfwXX<%3)1**Gn<lw~852b%HXpyCIIl*6
zUHeJa6A1ZB2ZXxIH*g0=FbVor56G`!SL9-_V0=6{yA$AY<fW7}+)2W-wv*$m3L{$)
zBDkebkt<s%iDt$X=f`n;yPz3?7D!|^)e@LA-9>^%=ebsF9>2vQD{)r6fAj<VrHM7z
zW?vV^r#ByBxX!k3v@V_}JKJ9R(CCDNd+6lI0QFy4{zS^qHM_gW($%k1S$w^<t|AeO
zqSZ<%kti>(!DC7jrn!{gU{l8(r^>fIPD$&I$ZHt?+c}jYS|d-?$1>2nbV{e9TXwSF
z|A7+Vcf+9mah%)pN3$Bhe;>Yr!e(|z^YDW*^12WSKk9GBzMU$o0#ZTLHfK(Q$c;8<
z0C$fU5o?@7o5=iEjSyM03KjR0ArKQuVesk#vP3MF91;IShuF5=gEg%R2;SpY@k5Y1
zvTMzdpY-#-vMh~$oZb27Xie;kERnGfr^?pakI(H^r%Mv@gIyc(e=Ls|SXrF!N&G2k
zM;fL$p(~sok~OMYp$BxxHLxg{@_cvg?l6qPV;(S(aU%g3PsA#tHfbcn#w4e?Z#qgA
zl{9SCpRxVyO8-X3A>2?0;~LU*Wtu+{ku-1+>X8_;`4c?wys<q5eoDV(4OT!+K*@gT
z&PTK0!IrZniu(oje=TwJDThLa1@3i=J$3wGj67lq7#m&YWWNM#X4^zFNHHd#C2T9*
z&URe<(dWRrB>vk`_kr-zg%9jdIC%+wZue`p0mB!$2R5n@{_%ASN8EmKyYSnGMqDKg
zE-cu&{c1O#D*YRyiVm<`KD3`Q=(%OS;L41#{oO`=FGsupf8d#B;EB2QWdH8VR}6d`
z?{(;;(&o0!H6ss6D%bGeJI$MY`2N9MTLlru?78vZm-EOgZT@{I?#l)Db!s!R#Cj^K
z2E>fH(l*xKURM0AWQV)NvA9tGi#qRenwHtBpP{?Fv0v)_m*0uKhB!J+Mzs$<Kw-tO
z*EpeELza^|fAb;GxLml3K76eQgP{2-v1ge4sBJ!(^F<llrF^X+OXlo`d}6D}N7S8C
zj>by&BQOki>Q!@1QxehXCc+LCy(jkE=7j}D*=6aZraTZ=!^lyp$eNQYlnjN<?;gI_
z^g<iT`1;zw7;jGj_wcnga~Y?CKtcA?PNSqPZKK~^f9%*ta*bbq*2lWBU>)%lDQEYG
zMKVjY47tW*xC=>vmOjnkdm_Uta0uYQp#6EV1u*huXxT4`dL4RphK+ZZjO;!V(lJ#k
z{$6~ofCxLY$!-2vU8I9|X3Uc!&GMH{OW7b9>RGws4?-SR5q?B9a<Gb*VDH|t)aYre
z9*+M_f8$u%mzv8TTMFl97L&wPT^#;z!Mz&Y%FtbR@ojH({_%wsLk!44t)MW3<)QL>
z5A~lS<UflcjnFaul5T{Km-Q`NF6GSUaSlvE6-AyB#J_BE|5RJ;0!A;ro<WBmsa3mp
zdxnG(kX2f<4>*5!v)$)r^8*=frSBe8OLA8{e@6N)fIYl1Xo-75MTDGA&%PDjsW|ys
z3cYIdOO69nD(0HTd0vFu++_Ne#9HpDd{*KIKb8d0)(=G{?Yg-Mx+ECSiE&6Zb{S{g
zYrnQu@5Y#I?^WiToPe1I-X75as%|E`^^z8LLJNysD3R~Iq9}zpVSwK3OVye;WGhOF
ze}%k_0}dBy4MtTKUo_^FbkwxjyIO6bO;h@zBi*|-3ALB$LaHa&<BHpvLBB-hDrC!1
ztcDCywCKAMi5ePVb4(8W9pfIB)7w5<aLM0e#3_v7H9jYX4;p_`E-gwP<k7ukvY-Xz
zsZ@LRJv_URO_afdR`+=qX-?{*cr#sBe}F6sl?y#D;eHjceS)8Gx5lFJJ8xBH7ujq>
z;W~r5mwkV)CbN_ctYB5l?Z~)Z=w;BFS7$gbgc=a^R@0aIqQyXYQ-obeU}}}G`{=4w
zS*^9yokU`H7!Vd=w1+d|ry+E|G=B!MGnFtm2^mIB?e2y$OM&_9dir;qAzg0Ye~^<x
z_34K-kxmFsNL2<oQ5tIe<9YpNh|GQcsSoOa-bl+ffNEuF9$n>#L}g;)AZKPQX|Yxp
zO|-gRLt2`HEw}Xn;&+rj4bpyL&VRJo%&j|Q>$xL(8)!H%X~Bwb#P^n>)MNfbZv|I_
zJFRwZyVXD_T<VIh?Gi+R!@cHue_JLf?LRNfDb4p0p>%F|U4eCNI)1VLUK=>qNkWU{
zhpzZrE}NeUT3<jW8&SHs#2vQ9yk@OjJrX;2c3~+^aI*-jzN!|HsdRPrudt|zw>A(T
zKO8ZvC}NvEOl=9QY6z@JMw=fP<GbG1!_}4S{R1==v?CmeOuLkw%qS``e@MfdOggOo
zR@%z;2G(xxQ~_Nb9@ber+}7<s_FmvVJqN>U69`a*;C4c-1V@s2%pkA>7)+h^>dTbm
z-y##lq?YCRPGf&5K=>~{j3wX#ZL(pdW~o4P70I#6mv`5v+GgFUnS8&S7`BoA?xncN
zPyq@~y)@R;pk1ZWL2J!zf8v>S$Iy|!+zsKXV4aJ2;KR(%nD6YutnGeB5<Y|*jNRwv
z?K~_4#HJ^`k09Y*GOse>GC_%5e2ccxXi6W~`P0<NBp)?Z7KNzN?%BtN&$j{N3d<9)
z{jAC-(W3F2!pGHQem^q=|DfHYGK4#fa0roE(UQHN*^9w6MmD*2e{skow?Lyw{LI=m
z1do%JvB>vE`oEgGI}OC8_-p-do4Sw@SG8>Q0`F<0B8}?RC0y))-0)OX^InuDab@;&
zU3)4C3h9uZdrsVWhHy$6S}V@OjCGR}sWIQTw7>wFrTZ;jFxEUQ3LC)nWEq(CSgrVH
z*lqks9Rn5SY5;G8fBnRqW10~{_dL~6iSv1Vykqe3;#IeUetuZDfAr-u>GOJ+VmO}_
zRb))yS9Z*VJ;k;PDYa2N;Fz3_<MkwA-H?qTD<eL29*cTr7u3_6m(#qEU!Ueuos-6Q
z6%w@Q>U8O1@QBd`M!r{Y2c!W?9bQt3jUtkjq?qlh_YQmrf3OkAL#?%7a+z8laois9
zYAZ9y1tugYuYNRW7h55V)?p8fplErFXfw8i?Hg7FxFqBM+(NlZYYg(y`;$XlrtaTb
z|F%POX?$0#mQlH#%Kr}e3~KeA=JFiohO|w2h9wngul@yHo*C%7U5jAcRd9V1&v?d(
z-)B{m^Cji(e|5-C^U1|`XZXsUlcU!eSwt77LP7%>mh*fUY`|@(Ts+VPjh=bEo=nif
z?A*oXeB7=GU05%$_A|;Upjk+5)F#}~Zgets=b7>HkW#E}&(xT=Diwj>CN}MN=4@Mj
z2t|xr(KJVSifLwHL8Rl;RZt1O<A4AD(cg7|C^gXQfAjD5>73%cylCfK;z*$<X|_qr
z=d*1zoKB8#la{7a^;2X%p){c+j~16UQ)X16Ls>)B)hZH*ga31J{3}-yASMuBFPz*k
z)n$p7QNr>UQi<*9h)a<7+Bmy*8CQn8$~%t53A6kWiPt2_P}203v%AyX$i(BTJGHeQ
z&7`kzf2OE|Op=G-XqvNaeaS?+;$wXKV~sk-Bg?x;j7(k=!<biAQ+~*6kt<TFX=Jl9
zaku^<tS{uQK{LZtA3uzV4=*~(={SR}4M_BiD)LM8p<-wH)RWNgxzo1pNn!g%bM`<p
zoXh^v$md9&UwignTrZ|>orBzs3^imU323-if1&=;am2DN8f|Z@F?!6Czv6-3EVCEI
zQ%AKee7qcKHY@tZ(Y@V=$H)95y&iF}#wpzIoWDnn*MD#45`!zsB!-##ig(H>Zi0Sm
zQIS51mV=aBCyE+}skX+kxh`>yomUkkGUQq~%+O^FA}eFZ^OO@|)*(+Nz0k+Ncz=IR
zfBGz<-MOj0yk_$|zI1+;Nx$DhpzQPaMPKcGi}uv?j4i1i`VI=US$fUQ`$?qlFYQyR
z{(hB9(>&gDa*QP3qAo$Ac6y?u2hKeq=BW1oTR^10U3zV9z^xLlzvM+aWHg%?I^O!p
z(>9f|_ma&Re>sT1S^&Ukgw@8$#n@>D#_7kqAAgRoJF8FD><#MIzz93l041_eaO?zn
z>=~nGXjk+C$rzjelu|-XFN?+4*n$l1Jm{i}lirzENXcJBCsB=#xOX0ic4qzGD@1)p
zqZxN-pkOwiZ6=K0sQpgw!$}WQpGu?>T~KxGfW*X;rAHA2g2BAf)%dlFfuObivfXZZ
zgMaV3pYn>UKaM-i4(z2;yM9vlxmTyuGJqkNPWLPhdx5P+{RGao9D~|ij$Ck>Lm4*G
zl}b)vl@ruXVa6Wy4ZAQ?gmK?R0<~6^CAmT@S+Febq|d*xTdca(y~K_oo60t(Vib}J
zo82`pxw(eD-O9}A`1j~s@F%g-)ArBzpMQR*7XEiL4(bc>AyE9Rz-Mr}Po`)F%Wyn~
zcZ_x(SmuR{)qDY)Gm0Sb>%bH0&vTpQWr30v52^wB(wBnN09+5X8s(}4YTng9Exd*L
zSN?ErR_+^$U~@Fc1~6Sw2F>lU?N#YJseyoHLowmy6rtVhQ7q<o7){a#FXsljB!Bqy
zV8UJgmr_vk3`uS5K?JD*y55d8h6EfHXhnr6j(H}}S?Dgn41iv`T8U$IJ`aG=eEABf
zRru}t^;`gO^Qbo{`g(8)=G)#<DEELn$M+vT?cKE|C880LmU9s{SDesNp){kY!!l%B
zE&T~_$^$%{HevtwwU=A?+AMt~s(;EJ?8Z-*_Nx6cy9;!dztpbAcS?fH<F{7?X0|#8
zP2jdQ@NR<+ZRI%F*rnsD{+U3KdLwWuOMEMpr<}0KQkAv6bsk@{_;ssO|E@Y?2kZ2^
z6KC5(6`;4(FdNMTalnwcLXSvc%O45|;f$t&K_Z9V&&`i;T=8F_ppC9EJ%7(nG1XGB
z^Q)H`BTX7l`sz{~wKH5)AS$4>5_j>T^|7c3*nv}-2lcd}YQ>L~oFgmmSwk=*V35b6
zMU_(h&Sc<eO1EVeozU)nE)uO6g7IYv^Gk~7-<HVSz-*dORHEJ^%YH+VxtgR?r7!wx
z+)15(8{`a{3~&8;d||*kxqq{;M=(f|!;|YzuR70_F_gwA69fK_zeV%&Jyhy8X)yXA
z-Nc_t#zXlRm(HCMLUx91b1$*VmYvk}I`2KIz;mBM8b{k6p!W=Zm_NGJR_4?e<!vr~
z@lGOxkaWNtclatk7NR9|kA%D&fRKGtcyguP8O^<=Pp~YU%QD>gMt>KosFf=uTgJjO
zC&{&lbJ02?9v4H({Wh7)j!*x0<X2jvK#6{Vs329I3RKh<qv#Fj!oYn2|L(iDNx@Hu
zcMHRX8Z>2}f>G>q+3bFN?b+>hBwp*v-=rd3%$KZ~huEwl7L%b=v|QqYN|^LGKXxrO
zK;Ua7+?;#aY<`QxUVq|E(C^eOW!#~a(Gr-<5P&@=Jz4G#rw<r?NQ*4a?4C#eb*e!0
zsk3c68l?*t+^@f$oAh(FWR0NgE&VIk;YuapzpcI_EtT3u;(3y~&6F{JOUNs_b@pPf
zKmV<LhKhR7)-Dyphy|p7h}_nB(ED@d-ZEAY{Os5uJ3(mcpns;mqLS3tg%+m)>%~5I
z&<XFP9G|$U6txvn)ns!TDs{IlgHKIsZm!6K)oPU_b&4%J8ZEQL4>@GDU^N_~`yUAO
ze}<XEO4olC=;GXeS|`<K?Ni3Kk1DZ3#Gha5St1>zua&4`AZ{z0@0LlAO^K@5<CHz^
zL$<taX)b21>wm}qvB-aBd;ffj%YQCjguDw|LLoUqK<zKm6#Y8{sZVd*RK>+e#*AB0
zS>+GR3)L?p<M!@G-$;<x)TV|QFI*Y&q+}-gYn6<2aLKC^7Rd1B4GoWazFe-{q}zYr
zu$~}l)w@3$vExK1DbL~|tO|}%^)=@#;hP{lFS$dEGJn<mbzTVn{T0==9*z&yq~yrM
z=S%#SsVina&-nopBnxp%+HY2afCTq{wR2ZNaYWsNz;S{F39cb91eYNRHb8K9cbK4I
z2=4B|VQ>!?2*Cmb9|-P{KyVwJ32uYK^8a>gtG2fGWosYyfnV3{>blk4)zxzEIS+ke
z%R{b!w116s4rpT%rcTTtvkMvVF(U@HSWr0%hS%n<_bvq}_Z#0DKgrT6=<Xv_Kh(*e
z&%4#JuhB64y6FIa%FegKL`37e!h7w>6qQK|MzxQ((l#f)dgTD-*EF%W1fWtgOa~@;
za}`UX589a?ZD6^VjGAH8jLE15X8iLL_*l@*E`O)Zdra(fidk^5Qyt~&t>A~4<R0Cb
zwRzP*o;cmfp1AXKv?E>>@~?GH_);8#Y#c|I+jr~f$8`zJV)X7PXl-i?-uw0|pFMQ_
za-e0h6~9q4A=bLrFKR0d?H0~n4pbp4lEZo~H58{bbo--FmS|S~Cd}~78pt(N$;yIa
ziGM5{@DFg#adS<RRFzvAf?a>UW^NChl4E({28EtstVdb%rf^!5U94ogdX@Z2Q{u(T
zF@QT5-^+`DpktCpEoato1?(Kgo8acrw*=PxTAj7F`RPL;=WF2txyR$abNQk!_TUwJ
z6u;%%OP&YbfD51Azaqz+IREP7s%sgA{eSTqR2yRs|2<nDP2&KHH5*=-v|fQ_F6|b)
zYV59zt8FXNr|D%`Ycz)|gSYgeJ~|sVkN%X5<}R76yul6s&7=*KD2cAXUU%sIawxPY
zu;}kOcy2G$ZoH-v{1$Wh?*giD=-fInWGK444D8<Bpkl-K?oBHENU*JU2wZ&jfPYw{
zdN>r@#XMZRuI#5pK|Szey6<=(2t3JD!(!}N@oblp_WT?`rDert_^Uon>4(ciZpzD^
zkAYIj1_CNSR2H@stw*xl+6}r~h88zz&^|eg)Eo{}fL<rq|7f_hDp@*Bxq~cSV87I|
z1j<^8y5Yj|9y6!k!=Q9-gM;RN=zqAPU+Q}KD^AmT7UlVmeJ}L1t;m38_6rTssx+0P
zop{u{3E1fE`yArwhj)pN{+7`A4t|trB;ojp&D47_Rh+zoBK3mSQ$r7S=2tC(RQxN#
zR5)aB|NIunn-Y)tIacv$+gM85^IIkh0&WRdUu`p~<1dN@mW@F+BhIQ4tbZ3!xpHIk
z-`$h0VafSphslRg7ebwB^)0EMWBRt5SFRuUip~(yRn-V;z1yg(43TUuFK5k<#)-1m
z8F$ZbJfbg={xf`e%@aWUaCmy)$NVoXff%LzgnncjH1`mH3X)JfCfzO6w2n*o1pF`;
z5?faB>8j&hYMRQLM2^fPxqr4aD8lIaE6rYA8lZYAs+WyGe)QD=?jF9GNxz=l<v+n&
zpq7)&BHNy>>x;vgtc>aY=E_uTJ$6nyN3Ive^nDJw1s<(+OtaL6$ZBtHv+(k>rdJTu
zpMB=+F#^u>GNdUUr6%t$T{){p`d{2ns@;yom1rL(qhMU73TXOGM}Ho*Vjb5@pLE*$
z;)HsrRQX7<6;-K6r>@uAU4SZqnxQHUC-=hq4rz>4f8%F#i<fN+Lx!ENbcWV%4Csx)
z4S|_gonpg9=;ghnMq|ew!Huppc*QljwVC?^^^n&_2h;JbxD?~xMA<X|OqL;vK4m>j
zC8aZwFo&2*+VtwK+JCahyuRkK+-Cp%1V^ffYx};Jr%=87zlW|DH*}BF_c_Z}zE{$U
zs-~Fovt#LPqfv9NG>y?aN1hDrpN0Z&xT9ouc?@CScHXsmw%L>tHfI_v(T@A5h<gm-
zQyq40HLU@!&TleIU?YE0cSoLoHHJN83_Ir6J-}1CBds~(w|_Fg#E2w76QE1aKC3T_
z$L%|?B30qW<X<U0_wr!5zxs295_Mb*@)C^XA52qe_K`KlBs9}ep(FmKwFr^d%EKjw
z>)|10mr*O5RToMqXt!HS${k08x3YHLP-)O$AGY`uFKw5l9{>E<PJ*TzHH%nkGwNYC
z(Wok-im_2ov472^wj~!n-!_q3^Lt63zE1O-a51xriQcoge{ocMp!mU2HS_H?A&;@c
z8rMng(4^uF3S<8oc;`(T?ZNo*CP@i924I;Y$bm`4tTLp^sOr1kYp?F1SreQ2>eh0$
z4h6Q*_n;7gVNhs~ixb8buy01%<m=vEJ;LexPu)q%*ni0U`zXEB#>2+{8s%vW{QhB|
ziuA?2X77B_$TEOOfw}$Zpw2a5#MVaM@h=liu_X+H@mXfx1uK_c%f97g_ZRBdEbH@8
zvIbge?v+aJ?vSZH%qV{VM<tZ*t;(V@8x-f&QnZLqWbwM|nWrPz1&J?W^P;b)W(&TP
zwc4o!n18g#3mg4YE2)kOAgKd>FNxyd%kAa+%HJWBHd{6|X5pCa8B;^>rplI}R6axX
zYYKokZMQ$99G5|A7p03RcVH^{RlwhJ7k)0U)tG?n$mMF(XGiv)d=KJc5smqCTMSDs
zF+2M?G&SxXl8%e72Z3&Bg_9WH01D(SFzXpSP=6k?4zU{$YvP<TF{8$9y;G2-NoORC
z^5a{jo%lgGshv(F@S6b20CQd<xh2EWignG@hgtwt0v$>BPygXfCBSJBEkdb2Ht+jf
z#RhQ&E-o7D_vv8^@MvQ|<q`KG1mo>~o;ljwUalNo3`yRuT!`>r4b3nnBe(u<;U5fr
z<bMo~vySDC(0RP(n3O=`EU1?!fzrZ@WGjKIoD6)+gFRlJ@{XYQrBpzL^_+jRe6KMz
zadLhr6Dql}OM05{SGSCY*axWh!GX#{iLZsW45wGTevN(o@(J|W7{IeGdy?E1C%r?g
z5GWs5O!XYpZNYkJ27@&FG=DMNvb7`Xl7GhWU*yufaPCn#?2>Vux!VN8X3`5zh|`s(
ztAAei>IS2`^%Y7}n!14;IMfucu)-`_bO#ib5kIB_FSH(T0<UdXeDCy8zRa%|Y4vWG
zOFvuEVm2U|f0JB6Fuyx*vL-(nw(609&=}nFQGiBdPHC3UF2Ii@!%-F@WvR)~9e-@f
zYxV%#6r?H6cqRC9S+4Npu_h`)_K}896xZ$%0C$1<>OD@Zg4f0CVf&Wv-?ewy-XvDu
zl!DIQ_lkPz83*hLH!e27Z@HMT7MLdPNm7wX!Z=!**<w^3)HPEC8_s&46JQMO2TSg`
zU=habWW$=)bvE2i2(h8{Px2oke}4+y%1Svv!;25|=8@?zy@R_Cs6l2YNw@2(@BKao
zqTFdHI%XtUQb{88O?RtoD{V*&mF<LDtar|3W(DV>tPKB@o6&^S8^VqVK8Hk9rM}}@
zhxSc*vvd6t{yBZX2Rqr8zuKV}-cNe|<}TP$(202hnC-(YZkuVslh`gDwSR*{Q&5$#
z+tQLPuCh4yC#3o+t4`3Sd#7y(91Sh!Em)>eumNDkU}{^HYVj$q6`v|^-)5>@mIfYX
zGc3&>@@=A~lQrUVgfI`xs?&OsuR@Flcivde1VI(exwK0Fb<e9eq9jBtDBW|A{|fb@
z+~2R7O#b}~mrcoaK;rVe(SJN&;3@zX(Y>S!FX8wQrWO$oPa6EJ4PecMB7M(fXQ))I
zjoY<doJO79>NnPUq1p85{Bs=gk)bs|O%T=-(jv%))_0xm%*e`(A?nGwn!hdqc4*0b
z#xU}p(pSP)ZA7y24=cZKTh(qG6SyxfGSJO+__%Rdaaq$M*sFPA?0@(b%JanZ%Pmdt
z>I1Exl;~De^^o8}PgX{WJ_C<ju@8r|RYgr6+|S>Y(iLkDr%C6$;wkPKlsW1vPxy@<
zw$pfP;u-HgxzcK?83X0ZEby_}*(J?AAHa${i|mi3H+DIX-p=#oyt&c(1gnJa^#Y3a
z`C3-wO6+#Xi-)6pbbmd5{`tgHo7$P8^Y;p~z>bI}ta0Kn_#EUVxc<vWyqYs``S5tS
zRc%e+Q@#H69d%IOt7zOUSBVbC!D}VAa`5n1N0P|v!3L|vAUoQ=zY=x5hT*RuHYZEM
z#-f?unI_9&^3P`ei9#wlzf~26VX#7k^c14%g)|A*N$lqO0)IG`JbhGdO3P+)aTz5c
zg7`|`l1*hDy>eH*#-<|i^{R1}&my9CXX2Z$8ld}iQnklKxmJ}G6|I-8lMQf)zJd`M
zz)C}djD_74G+m{O$`Bay(C0Vkh`eCUcORl(A>>5S%_ziITs)(M)=L7E+Cu9o8f32F
z%e*?G-roxKg@1<>&DrHrBlp)-hgBIM@UGZ%L2N?~XdcTxCYXjzlGBQgg<HsY3@@z?
zjxnJOB_R2)zh6qq-bes2frA<f4Bvo>7U@evV_=JQ-QSNd3Lf3Z!8Y}sWpYV2Z77r=
zo+|ch>}w@%@eOY{>UifW)QCaP<zOphbvnrHw-i93h=1BqtdzhahAm{Ggq^({$eOD{
z^_V~X{)8}8>AA~4M~i=`I=uV9gs0ln$l9%5^bL)T?lWLouvQ{mu}k$0g-t5ya1Bn~
z2wflUkY?g|sGPPit-sEu!H8&`T?WVOp;RF24&fW&$zlV^K;RdFy;WGRHkp-aZO)c)
ztETha?|*d=!~w@+oJH9KSZk3`PZ3l$iI!<uR!o8Q`bwP<=R(($+{u$dp`TKxOrD&A
zHI*@vB-NVvjvjVQeD^2kE|MKt-D%=!fUH(+-gFjf-Nv#E#ZTRdpK%=}`D8RFh}Gy{
zsTlb-q@1*;^QZo>4q_oZm<HwJvgW2b)c_umR)1pGx`}Eg&4e<Ody}_2g`UA|;%Fw3
zvJ#GPqZjsRxOw|C6{RBLy*<S~BQ}^bIV(+xQy-sr7Qbi)aE>OK;O6m4ieL^NpN8f-
z+(ytHd1gEQHF;EmYjvEFew|3u1V~B}k{!xfp_(cz1AtMg;kMOSlvZmewIkliw|X?Z
zJ%6?($4x!kaj<hsOF|}4#fA#Bxy-pZu?mWDHzPt;N4!-6Q=~ufmm93%Q!w<~VKk@q
zYm2>0!H!=PR4*7kN${X(yW?{{WWaM=s}oD%+U?O}o2nwNsuNoc^%(69n%7<(97}h)
zlTY0K;=W^I!i^ExAJR+WBRabr0;`MO=YRK)SU|^G7n}PcH+`7&oZqJ#--cH1rau<x
zLAjsDh`5mV!3j+Q1CQ~s>7&-KleSN!(hwR^97@GC1<v(ilWX@&sdE|bToemPPESL5
znTo^cv1rb3Z-tcxvDogCz=B6-T1rX2RmS0=QgS~lYOEAeX@;z1e!NLhk}?Rh*MHK@
zt0l@{R~9VG9>J^`5%RcnyxU;d<f1{5^+n447*RUL%(Sl7?R?{BPx|TF2Qv&u?HtUQ
zF<Q7dAf?m!Y67>25fUf5;2T|8Cxw-adZ&@^#{2%_x~x8O!s7FXX|<X@phyni;!-pK
zrmm(F1?E-AgmCnINL=O@Mba9(j(;R@C>t>Tupl%w8LpHId$Yc=nB@XEKsbCoY5cB{
zeMcu*I7#Gd-5s_n&qpnoQa@r{6NoZt_xmOjSc9^v)1yKC%1exfUirm}DVgr4+tTp>
zRGuw9Z~_j>{n~D3;8t?8iPEw2zk1@~AM9}BGArFwbNWub6m{*@3<LnxFMpH~a;WGr
z7Du^{k4T6t?&fO|kOrXFA28`mSoSKsGN2uG?n@-NA@Jr}H`LB$IqRodXvIm6dOa0i
z8&rfod>&epYXVN{awqq^`3ib`xc^-3`HhWR;{qI7zb359K7Rd3ejlk(^JhhQ5^EV;
z7}zrw?I>E|NmN!;lF*_0-G8^roIH8}9jiM+|FOx-vF*E|xOWJ@AT%O)%me+!7G{3B
z-49GgMmxoZLOS$4i1`V{@Nah859@AeSV!l;3`pm)3R7R}huS}h#p04SFSJ|2mHRAi
zS`wdWoZ67v5DX(iD)Oa?m0Lwro<)%oe=dssquXUmn}#(%6j>0fr+;+f9o+NM3L~e{
z0_oCdy0^ft2s8Asg6WDfwbpqXe{Lew$8$q7*czzsrWVZVT;;?2aChg;*x>xR{Nn@F
zhnGBe{$B0pr(>tEH8b&+wU7$~l>3R@X5^Kc)oRYATcy-Y&c6|die45ODw5Q~XKF3(
ziSoC$K?A^@3($g%W`D!DYRH#@8MzX4Z6F2=vvwwp&5umcXxe-jis+;*0kQC~Q7DyL
z1+%F@7Ia3fPneYkBB(+&hHMLW&ZWGZ+-!vwc?L@{LvTxsjiWXf?o+VzEAPjv$Ky=r
z<Pi%)a&@>&w5vc}zBJ58;q~F1^{G?iowkhueR_7KgOkgA1%Fw;;q8ZK9p`O&;yy6C
z!$|`t2Zj?;)7z~MqySl}*TMTjW7^mkS%n4Bb&ApKK0Q0XuF<8lf^;pqy#h17XvJwe
zx7R0f)LC^Em*X>%bGV*c%SEhrOGQhXn|xkPi7+(-&JWFs34oiX<PaEK7<0e=(9mEl
z2pQR=jXZa)I)6;3-P5DpqwyH$6!QHsZs{m3yjK9F2P!0L3iJqTw9Zs6{oH)pD9qbN
zpG)&1i#a@ifkkSJyyj*~yj!WW<BYI9?$|x5{m9GuaDS-p<_$`|J9ghn=fmm4(k6pp
z+M399NDO-vW{ekA4DJch?rnHbV=3FiOQjt)vf9-*1b_dw)vNdgt%zzR2g(X|m4%Le
zZjFhY$n-885{B*998xA=!h&Babg%VnR#-Z_r4BA9x+aLrIfAeX<lC4K+r_Y0NKLW0
zA+NB$ix<4fr+IB&r~6<IV8io#R+#@K&GRG$Y6{@=&)q4erseakU7zZUS)cRH+G2Ky
zmXER)<$oDb)F#-UPJGoj<3tR6{R0`XRzF2?x2Si$@(usNO*cwSJ&O+Gd4K!qJx|59
zp6lf#jM1!!IKOhuGJsBEr>#E)>ziVj=9jfs(k6fYB8=l*vFsJw-hwWXnEhJg4vo(|
z##tkb*ydhJl~Pwq8Ptq$RGDR-A_Yv>oYlN(?|=4}oS^nGLz<d2r0kjs69Ju<O<<qB
zW{(o^!w}y>tLxYj=)>+v(6UpI;)}4q4p!aGsfLcWI?u`C!AW&F+-&4zI-mGh_QJG)
zJ+P>P4gcR~AI{_a5lY_tM-Glx7WuF%mAwoM@wwIcx`SURw<qE@P8p{OKHa|t6{%33
zp?}$Q)ussJRq`XG>6y-m5-noG*^U~(KD^r}cbF7oUCRc8)0vDg3)y)>9qezRXe|OR
zXL9~X9=a2_(c$)5q?a31eN!o||1lt;wV~CNm{wCaoL~@&UIgYFKE8vyH(Gs0cw@!`
zvqCekX^<KUBqH~gBGIbPa`;k)L%<q|<9~Q3G770i<r9&$h6^gT;T!D)C=8gsYp$&D
z;&+uKAPv0Z4IhE1>6hB-ei?$=M(mSwIRHMF=y+;To3spY@Sy9#!@`Fg_dOG$SdSb0
z1}w{NG2vZC9cqk1NqDXdixQIChra0sm$2<B;JQ0DltV~v2DkX+%m>PhnyWYwK!0);
z$3*F1;E@)ANV4#OcrRpAfZXf`GhNx%b5knv-whr7P9;ZvA{{Pd%v3>ub(m77a!Tm0
z@3$9x+pN)lU07dpH_Na^X#U*Kj;pIHptVX7<f~d)aGHVq=+OmW6RI@3nRQN+$9ihX
zE=XM`6Dv4|DMo&|?zHy_kv27X?SGnfj0|eLJtvOoC8>nps$?yl`qx?{s_KL@=2MUk
zM|T#>IcD%Jp2S{oZWe+)j2}ZJrw17396F%Lq1U|lH+#yAq{660tbIAvIrVf?GBqlv
zOPb;3!_l#)Qw=KImnziVv3n@s*MN(5iJg^?WDw8MSdkmC=M43b%-F&~)_*FDux+_X
z?j7xy8!2sJiDHqLHx67g7wXIF6PPfKzCX%v{Kb0<ob6AUziG}j3?gEgzjAR{NA_<_
z0t`7GBeZtX*(jTOy&t~qmI2yMHD=CDj?E`u?6ABd$V0PmtgQSo!^TZ?NaY{s@{xD9
zB;$cAZBd7<^t`K3UQ*48WPfNwvuqImbH?uPWX~Cu7nct-+=)AY#w|8On;dCNToUtI
zmUk(|GjgR&(!x01ud+GcmK$h`e<rNAo{h|<8=TAT$8YFozC&fFl3vQ|zQ9K~_1qpM
zUahA5^>wROD||ygZa&Pr%ryt2OuJSg#EpN>vBf{`g7`KBUn(*7AAf)lz3*UDx%2eD
zzHqfMl2}1Gf?3CiIi})0%qT|N{G~5kHiA^j^^EST3PYy;Z7Y*Hk3Dz2M~(svCDXj?
z<8S^!>z8V!6<Udsuwo@yl@XMLqK|_P<);LN$QRne(*I0zB;iC8uPi%l_10objLC~b
z19p(f!e<_5_$?y}K7T?miLq%@g&(X!O`6(-V(|9eA;vrD<Kw8UkQB<wCV@Y<E{;7s
zf%6wfzi!I6ee<#5br1Y<5Bs}b&Kf5gp<<)&Z4Xh%wzIVx5bUR>vbSC*;j0t=oBsW-
zV~cJP5(`<B!ym@bymP2B>a)j_;J7)1Z0UfzU~oOZ^o36u<bShv(GHu65jgoV<V3{v
z(~eSP)Jm3O)xP<gO`PbJ^VY(kNSAf>I4}P`hheof{MX%v-XD?1QFDZIBX@@Qx*Ws8
z#tF6}zPv|pIw$v4U?R&JUh2V{a__FiR-b`b!lL0L`edUjQ@-k~(aVQO(PPQVg#x*0
zeMlzLIY|L0@P9cs$vKuP@eYj<`9@60y&!<jvdk?gMO1gIx##+mXtHLh0;PNFz#lsj
zpY+uDDT2wfCiPTWWB$OsxEs$`4Z(irYDtl=*Y3tQZcefv7De=9BmKI8+v%rPw5e+t
zV)Px$)4mV~eI_5{V>mkU?ZnABcE9nS4MagfUkT8S!GD%aF$<2bPV>?W`7UP`W~Wz`
zrNN!PaSFX>m3VFU;xt?V`#cBHP_HY%F0?ziEi?rz9iqs1h0hBd23R*2XK)G4jt7pX
zY<(BsioZ}b+UP@Xk3>?54}?}XcLyTSZ~Q8Aqqk!t7rBAKC-eosT54W8xA&-(-lsON
zn;oq5Pk*@$P?Rdb3ElVF@D|!RipQkt8WLP?GJ?E}EKYc@$_Ka<s!j2^Bn=3O22u&u
zEOd0W`}D_eZG$yKOm!GjQS3A6(>G$)9Aq@^yz*Kp{Lfs4*3f&-Zn`7A`sg@=wjT~U
zkkuKZSGR3M`BgtJofv16piF?Pn8FhtfjklMn}3_khm#ICB7iaP6&bSvtqb!rAhI^v
zp23gvJD@<EGU2<Ta{I=mxq?naPw&h}>+O$hs1Buut(6nH03AfrgK77l)ng+pbbsd5
zam<5CuZxeZ8y9)^#>;)!8HkHg!c&En{)He0zizsFIXprBw-7+qw}7Bwh6l6xU$8fe
zX@9m6iW0L(`pY<<itumcUp^!0Ik+^R<q$fcZq~x#iczkG{Fe)VyROGfaaIN@D%kj}
zf*aFnH{M3h+)`{^Xy5305{(ClDTxKCbchF(l`cx)fQSNfc~^gHVjWGr)u(#RBDgCt
z>k*fcDDmbH)JJJ8Cv>AnAhMuN9#O%WB!3(k#(GmI6e23YWgiXLtTh*^CJIRpoW^U)
zkApp+9no2jiy~FRUjRqgK7Ku%JSgF38PO+p4puk{iU=LXl<ViE@;)(;c&9HrCtAjA
z!q)F~_?XKGnW>NAS!;PN2?f}rw-P#`2sg<+3sk^!-o1{P`qGOxNs@B`m!{p?XMeTE
zth2k?T|VxdK9U&rmT@#~;45mBFX@i(Jaqb6Y`l>YlLIz2j|&{#&e=StnT6&5<~^+9
zVt_-5+R9shF8QuNw!?h%1>!K4^~h$b$<jSY+7;vj7BYV0cjRo6p60mZX^m~AoKkIq
zW%;syfbx>ZT~A~>!Mcp8fz6*?YJcPWQP7X(Ji-253ACe4VWlQoo1n4!T2C93TdPbu
zGESTO{yYzCM`+fH!Pey_$yPt+u-%x;<5|*3PXUi{ykE=9{LPKikdFp@*)6`%GtmX^
zc2xLHlK=9lw^ZhhBdBSs`jY+N51^{n(-|$@RnWeS9MC^As^mE5A&yeRzkfOtJ=D>_
zjxkKd`4tdjN53_s?0RBw>EF)EN&%?bC6hq}?tN&#`@t7yj{d9vv;RTDarDIL+>PGS
zID-klmC*MtYq1y9aV8pkq65Q4p(mJ=L;jPME3~Z1<6dIe3PS>;TgL2o1KaVN^_I>#
zb%J9CV<91PoQmX=(J}{t8-LSb49mavNoB#VIB){bM0x`;RW>oD5|9qt+Z43W3rF+|
zS2bTyHTk&MoZ8LG17<$PZNI6S-=5co3^Zs0jS82RQ|Z8c`QdlZX_q{K0|fn-C**#!
zI7pPhZ5Ju$S<{+x%7!K;WAB_j!K`@2ffk^~7O+k=?(cR1fj~ZRIe#6#?^xX|K94Q@
zzbpzyh;d_<SdmU@8UbGUUn;$!{-?GY{(sh}DF0Q!jrQT;aq|@l?|=Gm9vjhPBY$jk
z|LNg=T<HJ%{zNFKXZMfCqQCr4fwq_bqYB&qgyZ$tXNdCT$&)Al2mgKac=F`QlP6D}
z{Qu%<ZhrFQ$&)8fo+dnb^5n^rCr|!&Px<nbCr_R{dGh4R|398$v;VjL>wf+>ixpW+
zmqDNf6PGg21r?XTnhGTWGneL?3NnA-1F($&ahSuzfD;H{+6*P`z;Grc4U`U(89E*8
z4h`u*r_c;DO$y0OD4oJzX(w$;l5+T|-+MkVP^L_#yYt?DyZh~azwg+$-$NK7BtpZ8
zM1|p!P$~W={u@G)J1|;R+nD26d+TryLbwe29n1TpYsgmO7D8kK^tbgyV{3nq2JwOa
z2K1#peVe<7?n}!N;`k6s*tnuA+WGalzBZV<4v%LA42VAGyaoGlpl@2yzkaafEBqz&
ze+ExS-@x*ysWoFh>^}nYANEHF*Px}S0p>EHuU{SQ@5%}-3IpKtFh;K#h^>z+&H}IG
zJTs3NUAPGSeXrZlo>=g0LMnd)6QOs~C*Eb+JGiSazCV7KdyU%*`tn(Rra(&>=n!h*
z`C<MY?lsVgLUYSvmUl6#N5ssEX9`JH5fdOifqR(iMA_KPwpHW_)J@1SmmnyT$K~=#
zMssrR!lvp)dSn3fC%C<IDRxo@JYI<Kr9XcUjJvp1tY#dZA8Th;5YK-Jf4M@S_`M&v
z^tr-~#P`qASL46@f9?CS1<aTUk7AmhM~))f>|6{b6Mi&rrVq4^=SNByPXS)X%s82b
zjAU9o4)aztWmd*BN_b<o<)9VNs*n^$c;E#)DncdbRn&!6q5-rXoruQ~njMd#PT=oD
z>zMKQU!SYX|4Y=od{KYBRBd7F*blB>;rUQ^<10)hQivsN9VJP!iF}i-mpB4WKH$Oe
zd-1#2j<b;v+~80pDS5^Wi`(USGt?0+De36I*&R#+4<eXY;arDPXFw)cYM>|{#Y<AE
z)JX=f2P$@wY?orY9<Nt{$spa@)S(p%ocVOGz?0=$Nq%Irk=}no!Q=&Di&$&t@>A&D
z_`-^qS*KQO=8<MIKP_{Jv-Q!L7I{gKYc?nFB(JQF<BN1D_?C%K?ol{RN@PaJ=yiC!
z3Xj`mv3d=9BvVp6jsau9pjJ5@UXPrau~dj&?J|6)@x?^=1|Gnn%7b(t{V`V4e@as8
z@<#^_9EvPiXs&-BAX}O|_H4>b-=y#VdidcT&f`aq!|7U?dhuGkePYk=-6n{w%=lgM
zGx9h{_ksmTR((d4SIwI;oYxCBVJW%S<8-LhUdm;)7&9myF~jO1KfA0XW&9*_qTd)k
z+2$|MYu5J$OIsU$zCYIGE0LNSljZ5@hDAq=Nj7`2dl`TE)?`n8A|;aR#kKOCoAPbe
zRrOaJbI008asNPTQDp1+dQ-A4NWZ?<o#U$LodBE)!1){SlnPlGoE`>Bl9WMa#b7Y2
zh4Pv)11Cs;kr;RsvHM)@s^H+J-~QtE>0e=oN~!e=aSc6@V{x1OLrsNQr7q(<Ztvvj
zi2vML`kQ}G$D<r`rB)+Rl9~ArZ|IUTK72eBt|-a=5pxFT#qV<3Kz=qV0Qq>1nVz+h
zXUa;RDHwpt^^~>boHlwqUCNiK%x=@@2L(kbx}nz6;>w<pb4RPJ0c%C7Nhe7X;BtB-
zSFbmRk7Ohnjm@XIy^l_=R0*XrZH?l)g$r_8y1#!c_iWj42xnYw)Mr0v&D3O&*1+T&
z0iU6e9vaED>#J}KaNEFcuY-TJ2=1zB*iW1*H!)^}Faz|~AUSP0T*z-JFCA^u#l9GM
zfA|tEf3GQ$m3O|seBI(`TS>Ymw_r8iRFqY@q@+1@-^LRw-^FED>H_7VWig#HOKe*{
zR;+*3FWSP~M#=H}93EKB&De}NLQ~?%S@X?_GsU#UcqD0@bt!R@e!M%dbXS41T=SYt
z!WW73Cce@dIUEX>YPN}FLes*XJ74)XE>kK~JQS|x_CDTvwX`c-UFfN&BR&N`QIPDF
zXjKPR73OBw<1^Vxp{!sl{eZs7Syh&vEKz@eucy3Av;$5dYo$3~4aF0vYT{{};MwcJ
z=18C*(!BK#GPyt|vn|XRJ5y9G+o!Y`5|hNZk=q*y1R~5syC(esg;0@bjw<N~<vz0?
z-wqj7890+Uc1Q>E_kjGgXJTtQro2z=v4_5pCKJe|x%t-i)`j8X8V#1Hl9<S@hY)``
z+?gzvORR13pB80@9p(n|a8)uB(3X5giZcE!_Zq}P9eaXiy+JW<cp1+~NQyGfx``sE
zXp0eG>4$gZx2*LS<)zwo`WF}3obIr0AX%IsOfY5g<r$&VrGbj%wQ30^7AtCh;@1Wy
z#}mbrxo%5meSAVIH8};inLJK6TnT@51#5B^w4eN4aknWY>@V!5_cdw~BvhJDl&sn@
zxX3oY1;0_Rq{KWy)8|{FpAe&NB_)c!{YUyQ#IE*CsaiaxYYIdj1-iPP*7a%qo)5ey
z8X30@1(%NGxhgcn(!>OT&<Js7Id}@fZb&Q_Sv-4pG{nbKr6vbh9*{RqggSrAs)N2d
zy4fcaNE6cB60Q3C!rZJzd^QV$&NV_mqHhvA+cRY>L;^YBWL^e@iEvXhF$eGn4vQ#A
zsONkz*snfuvUXqi0)6Z4J%<L)-mY;QOV9f(R$caRgM&O?zO(ieJu!Z2!@hrASnEz-
zNH4f(FVL7C;hgO*KiI+u350(SBpDc6$Y)&5Xg}@MCu-w+V;7fs16i&dojEg8$`=S#
z;T3tVZ%)e<1{WXO$>Wos;3Mt6fG=8{RUzhy+P)b3lo+efr0OJT#c=z^A(9`0EGHw&
z$OvF>P)0i@oS2(~2lAXc0=`4+b!KJGnbX1EaKyuGbHc7ldqIlrSV@1~@km~?Pn)cj
znHT7df$kh{Sx)l?bIQ>J!6mj-s|KuoZE&y0qW9&V87{9KZB|PYHMn|nPau?=v$*ZG
zkfX5g$10%#EMNsx+c^i>^F=x-Bl-L_r!X=%JW*M<%edoxsaz<N+XKeXdvzt1DaZCG
zhtF^09Hjpdo1E}y#R`9ku|+kwCgjdrN~BffY@f<FDYS&i&^YklfmX3O8$-j{hTarS
z!0okXnkLZ}bZnaDAP?3|(_Ey(HPbW?`EVcl0OG@ea-n*FYJyy@3)*VP^j5Rk-e$Ch
z9a#jubwD%kD2%UUIqWb~1leC7v<)!U1MAnL7~AWDwhOp7!n=PHIGbR;pB>es8fZ7M
zTmvu`g`J9l>H|JKDu*4SK(9p0pTm*&KX%c-V4pk`VX?%faqHpEu(Mk0;hS8|@~nfI
z7(CsuZr%@+^CBsBh}gk7drs~6WWPGp2$}rMo=;n#X(~gHe|_eoxB-3qf=ro22@nA?
z=8Q~d@}ij^0VFA4TMXmOjEv!ejMT(LE>sLzd<foQR0i)#R0Z!^z=lyXWYzdTcv<^^
zmqDNf6PKd$1r-G{G%+$bml2erAb&A7HVQsI3UhRFWnpa!c%1FLd3;;Pl_q*GD3RJF
znxv?e5=AYPcqL*XNPt@J#l8|d2-vZO9UwN6011GUO)FL$@ARU`ij$6QS&1Dl>byKf
zrYJh&PCH54aklC7*pp<EIF94)wBt$7B<^%47T>uaKuLDo>7Mz$_s{$u!GHVVpl;PU
zr@m8ls_H@%!!itW9l;`I>wvpk{;`t}zsfM|Q&j4UWJANh|DVg~=Hh1hd@>#j6`947
zHip^UL!URr^SS7|cb<HQK06quz9$hX3^T3FQu@4|?ypH?D)Gi8gGU*rf$Fc3CS#%K
zzl@cCNBTLs-<za@`hS%CXMg$}rO(@w*<v~RhsBE+MnWI!n$xk-T*FYqPZ_3_?z4yJ
zbNSnwTRzV)9Vh6T%j6@WHNR~64f#j@viD>|<zeP!<`Btukb<q*STQty`rY#kV>rSv
zE!(sC(elo3e<8~-H;DRP&4seD&{%eeVb+}`0*(&n3&r_I89DjCNPlc!9*xE6y^&#V
zl#2afM6T$ne=&aJO{)+5j@?-I_f*1M(0uP!@%?9PEHnS!yrpiL<aMgI6y0E|ZR%c~
z-^^^PTSoWas#^w4*ZzDRC0}O_GIa|rKJ>$~XX{Sj?yHO#p|&gUa^_z}#+KDH;+yC>
zd*qsiR+D{z*~)DF1Akld;Z^3%Yt;T$>~Bq8^e0yT><`<|w6Xp3^B*W1W;T(YeG8u@
zOBfklO|@&yg8Uz~A>roVlN@5?lJ!h0y>sL*$G*XE5{~**^?66N9<zh}E|tG`<#Q{w
z*>OeBdS)&AovV5&2LG`>{+3xq{_Y~1&Gg<ZzO(z$ul00oXMZKku3Eh<qD*?Xp!~O}
zzYA@S(!K98jnqzpd*7XZU-FBZ{_oN?$E^B~^6~%w{D1o+;qX?Q>C6h6Phu`<quF0a
zQQFGvrm@}27#I^{V;qc!@iQr=#7z8w#XQ)`bTWGx8N<_k3p2pD>3)bwGZpdv{G0P{
zfAnkdUw_1m|9@ZmS<fhHuOo~VucOSv%p1%fSSdUHk*^2XS0xP+nM5xMNFJfrll1y4
z$@e9{k^H7^Pn{L7JL(?6>(ZaT7A;$(TQs$3cF}JZw=PaEo?d*0UY8dC&Em`T?e*8!
zf2#g_^}lY|-C%9VH{90n1iil7@QeQwUQ5<dtlH)+?0+H2E6hq-n-n{DDtmhSI_m3N
zn%6%2;1QMT$b*8_`jw#{m&-pLO8n&5u^%yF^eybBYKx|hwQF0N>l+lky~>`Q_e~#E
zsSZw43&|@(KP{JkJe2s+v130G$KNLA?^q9;6|;U*OS^Itt75aKPm6cN{Q6&*Z-{sL
zS`^BCPk(*m8{ZJiWdtLVml(=!3Poebs=AIA#q+bbFWtl)>bhO>(w46E%Zp+?%D?Pe
zRFBr_CWW%+kVGMeOAXYCc4bFzZ(pD2+&)RiwpEh#=a#O%ZrR!mts9RW+{^yw-!9&~
zBG)NxQVi-%LHTv;58B#xG&gM9+bP?4%i&L0?tfX+wj$jbHg@WjZQBk9U~T?)u+}SD
z>*<B9Rgw<!ttM^TMI3fCw~-qnCA*Y|>Z-;Y>Nh^sx^Z3WvgWpyjolsXi<UQ&`uc`*
zoB9I>3Pt&$O*>ncwJ3aiwy%$USG8x$-YvV<E-7yBY42LUbi=C7wj=(Y=2W@gyFyam
zwts7HOSehBp+_OElWWMa-%BnKQ>#RF6~v-K+0oe1)X}F{^T%_C4!yE%yeMJU+;if@
z?d-FcJ@3@|@g}tqS*yFIBinW=l^qm(h5V3&-0#>{-_X~t+`Z<hO|2U?)~{+>wQl3N
z?4%IrZ4LT6`3+0hm68jWOItT}A5a|Fx_@-Ld|m6&<W_A$U&w7*SGq^^PPFtpVr;p%
zI``Eq)srFOuNst=7SJUc6btGbI+S9y*0q1TVZ-KD@rs{olKZs-M|&E#9K7M6dhp<u
zb$bu(+{3SsY-!%GeB}?dQmK|Mw%j2o+V=UUTm$}sZsW$oapNJktfg(k$hP)XYkwHY
z{Cnh(nnrFNdBd=Ein_k0j$IuM9ZhVDBB>~z`$p5rroVnhqPqNjw)?^NdvCrOb;)nZ
zHj<Xm{)tw|K4q;7bytMO_L}$AaPRDRr)NWF=Z2oWo7>tpzs;`icPZAb-YV~C+p}@y
zP0`!WaeMZ5vD|}P+vYBI-TS>;RDbq;oBH-`siVktDK|Mo;z(<q|D8layRSX;fg-xV
z)dE#C#>8;#lhlShYdXKaZ}6}&d|-WxDr(>B6*|u^Ua_{ZW&O%Ui&n00*|?7Vr_Q}S
z?)_VL4c-@z-W%B2)OXaPRA@RI*Q#zZ8gEjq<tSRTW=O=jy@IkZ({!a@)PF^VyiI~3
z!m+EI!M)3t?F~9TJ2q}@T)en(>qf~d@AvMH9M|iQNA|xz$9{FSbkJxVl&%(gLOR(W
zlg{PPsO%6&CtV!-rT2dFlV6K1Pv7_8#OYeizonW>#hQx7TD{p?Ep}(M)>dL>1u?S^
z%zS``*0n8)4>8rJXjL?_n}39*Yg$)V$=KN1zHHg~Z3o;kS8{*L@;xrYy6)ZWOC^hL
zVNcw$Z-4uW1wyuLQ1jRKZ;;)1S1@qbjotOD+gcB^C&&YFFZNT64fwfZR&<X(<Br4t
z{=_@VzE(wDQ%79~RoRvO!7Jy#ahF7_`oe*KVIO2wm)~WttM&R@)PH7ijh{x2ee^BR
zB9SvSo!_VXt81(@(Tm>O>pJRooRdUuk4Vm4e$OJYz=`Jf-@*0D<pBGnIRC_P)Iw}E
ziDS13EY$)@tnK>1%v&XSO&lr<Lq>dmal?VI!4N*MVd0&PiOei8B)*GdX=mWxD829A
z9k^GtDSEt&JZ@m<w13q^)1*2}$ZL5u75}uuxTE90&GLoPI)z=yo;v5>yNB(e5U<JS
zyB+(tQLopM-*x1-$c_S;h$6bEnmUl9YAJT#B4stHu)?|Q#CWlbxAI+EHgDW^e(S+N
z|K!K_YVF#+o7y&RVE<T1jb;zqrEQyccWmz5v9EEx%G%wO7=PuR@-1z<JJ#*myS2J^
zVZR68Yh$pz<*wO#E=wic`#+FypZi?xL{qn{8WEPF(9wjLh=HzSWg3a<{KTt=B!^y|
zI4_r&C=%DP?^4%(c6n=678zPaS@FM0x@ZmUql~f*%PuWd3hEzL;l_ngOe-tsYiL+i
zSL<`1V(r?$Z+~95rlq-kiDbi$bIa?us0X^Y7!U3FEW2*QzIB@oUH#iuui38Ny@y{d
zkt|AY-MF!R+0w<!`Mq4arGF>8M5)=edgU&|{;tjP^&1-+mu=py+S$>+r)B&0#x~Kr
zUF6+wseeth2mF&ULvd7+2MeJ@zWx!dW~<jUFJC0CYJaQg{roveW4|<LY~6Ec*Up2h
zB<w1#zhl*^j()DI`p&-ney@3N=Y0>`Q-?RU@A(z6+DumemN@A|#IK#j;tJk@&|jVC
zYgyTurtX0Qia~zowu8Q&f?~tkGaJ{hZdtK-@rst!o0r$uvnGXme|z(x;?cqM{_A=-
z2aj|pc7Lwk$;;*ZuGOt8cT-PAn{WJEJ#A{~*txUn#ai&*qG<e^g&r>SI3`(jaOaLg
zUF(cNX@8^S+(-2ES9{tw9ZA|AzOQqynQTd}^mK{1{<1CA^=@rL`v<c;ZN#dho$ZRW
zY}(usVV7_0bM_wet2VUu4)Vic$(fDon%dZ*b${!+Iy*n#XO0})utl4(+cKKXv1s3}
z&0KA)vioTst-qR6VXakJ>sw1l%c1io(}u=nD;rw&Hg_M{)p&?Kd-(?TY^A;VI#x1L
zSGT4^wR=}Z92x6r@An2`bO4?&@KYO@3wwx;wmPJhM)pILvTDg{Vdt(xU9Fq<sW$G=
zHh)T%t!`e{vhEDquC{hbT?acZztga?Y2}KhmG$*2n^ut6AlYn@b#6SIvU^hf&D*-8
zts7P?THCyD|F)G)oLMPpo@e$b+m<hHQ|{?fwk=!Mrlekry#9i?UR&*THA9HP!ie2|
zzIolc=JTz)6r0+0t;ou3Y+GB~w#%PkPk--GZ(Fsc>mQiviTFpz^bOcsDH}-1uJh;5
zOJ2GC_UGPzQ?gm)cneXp;)7YgkG2(!Th6y#|Kb-<y%>f5ySr!ELqEO5CaJ|$z3^|>
z`70}ksOukzVX+4v;kigSx!<vHi|wj*WbIBx+a6O(<9^lA4#_!`u`%k)l|FH*ZGS6w
z?Ax>3A-w-4O0Tfg#k71BOIJw}b(2=f=32`u`WymN8_ho>Eg!kU?D)`f{5OkMG_78k
zKdYNoEMnKK+;_u(^?K>*g?Dz9LfE-#)lNa7;Kg@du|HwoD|5t^`xCaV?twTml$$ct
zzhU!AhN|shKQcj`7w7HHgW|lsVSkH+UCpV**{bGhvzP6EzxP*r+SVUV+D|<=Xs-6t
zjj@kh!G2)hLAEJ3bX4a<{lau$_x?L+k*wBoMa}x<UrAmu@9lc<6lKMAZF_2Ci;a=h
zHP^(bRaqUxTh1$`%h#^h+$pTCMrT*=9*N{Bh0G_mY^1n+m0D67piEMu<A2I>spzSN
zrMjllvE?s67a37F``UK(Yx;L>Xl`Bq*>CkZl^gJJ3vC7(>YoY(*GYxWp2ItuuWM~>
zUc0{I=?(i1ZdV-Mxwd)3y0z<?mTn@ulKJ;(n$Iz<m@$o2GAQp*UO@WkXptOf+|j?g
zRla`H+7^T1ykv9b^3V46ZGUR0D>t>WlFFlxier<!{{>AijLqsQAm-nW#%fM%+%AsF
z(6-uGmu$YA>{7Qcw+SSDMjWGTj5wHopWyFE3(elT+6rBF>km%M$|VYsFseMsexjNs
zC89N2(HpN>&Ba&l)jmnztGRP~CCV3-lD*)0>hkewQ#2Rb)7bbSwSV70r|6dI(Ce#e
zXj;2)vXZyTHg8vTZCUZa`5sB%#rx_O*RN`AT-Mxmi$t<&`@wDrcljYUds(u)xqi{A
zmCGceUOLgS=Sc5Ta9JmwXq%L+7r(|n_T5(`oA0^&hkNc}m*37*pS4OBBhPPU+W$<h
zXKP99PjkML(%MHRet&l7m0X9uvi*c|=0)1EX2^2q{ErCt0}l~)lKe7ZRsPugyM#9a
zj}q=?TBy9MhMiQ>MK#}J_EO0Mgrc^6xT_#N7YGjlk5Wl5%KHeX2*sNHDA`YQ^A*CD
z`Ll$bWPLwlq*nVGE6_pu_cK1o0pJb58-YjX#V748Bp;%-Z+{aS$*V)uRzx46iSEA3
zn1NPUv=P3{*dYhV`n!ap^#JoR<~qWogdanl8&T&dWCV$6Bc9kr6wyWEcMDaSO6ik^
z$uq-Dg&Ad1OoB-=MLdOz5NBH%8KY)YgxnQbevPcSMply)VscEhR-&%mwUX8xStyc)
zVJ22936r%DU4Iq&Y+$nV*+^2JO19G7B2$32IK5I7?G(vHY8(9seS4{8jOt|QUWCfC
zR4V$BqS6AzbSuNx?q2O*0iVSCF?t_|=6%dEdU@!+=wlRhMNdL#E&3TFt)hi!&66zM
zi%@;hpIA*}i0*`_HyM-^sCJxml+ahPBwp*|FrlbvjDIwU?Gsd1tl9R|dKQQN7`zoZ
zh`@tF&3cjAZ>5@f(jjst))ILsU8AXLWf;9Iq7R}!TftZg{m787;@t#rE2AY8eM+Nu
zg=_kk1CxepqP!5NYkd=YS3uksYKeL(HQ&UM6~4mNwH%0j5?hVc`p4B`P@q~FXjmxC
zqD=}T<9~xSBUCegg`X<VMT|4ivp9M<TDx0<_ero<yoRwDQ-)t6>jl&sMa^Q3fe_uT
z`aO=3@&5*+)sgq_&qCFe*`{Ws*T@R!iBkJ2w{Fr>fX7+%!BiW!qoh9%K8m#we|2uS
zJ}@_2e=;{j?{eth)e$HlGGfoF-?=gKpS}8B*nfw9>gd!VJ~I@b^4DGYcA%QsMQI%g
z5=O$-Q7znQTHmyu@|URfR=T%|VHU5fy=8D5OVcJQu$Y;d!D42X#b_~F%*@bYmc<@1
zlPzXuS<K89vurWLmCt#<@9u7F?2o-SBBwf^d@`%6r(<fWqpK=y*az5lYQE5;uUN;$
zzVE`3rcBxKIcZYT<bB!w$k-dntD4!zr%?uu2*%Tn8DQ$-Pf~SQGnSRU-yafv`Miq^
zN?`?re$dhS>sEE-8vB@-ZynIp?tNgm1GLv%%pLn!b!fxxzHOsG-AuX{KGyAuGwXD@
zYZisx0VhA_tUp#d++U(EqAy1E&NxKnU@tBzee??{<UYEL@DO^|srQ-wT@)8lMKu=X
z!0csXb(c8n%32t{E7|t*E^IgIwkU<l;Ulkp$1hZ>G+Rb5%gC~=QB&Y&U9*8L3bTGb
zjCw2L$|_ESniv1PTjbrhX6ziRPf>UHiKB)#_s-(A#yek>);ppFzxd41uNWDfRM<R8
zbJ{SgP}H|pwg5%kHy7#sj6P8U&$m$yRmT0qOkQaMo;F^I<?Zs!Kc>%bFLy^Osm7yw
zw>?xC#zqY>IP*xhUqArJzs%UAPpXE~*URQ7a?Jp~r|Mq$)>+stI%s#9s<L(Q*g*Va
z_44`NfJ5(7(+}3~ow+-<pBEF~hiYwa*A1q|p409wLJwU|(=z6-4P`mZK+XoUp3BF%
z2gf#q2KV~u&hknFlJ_SKkG)6Jiqj;`Jrun=wy~$K?*^K-0?t4zQ;mZ3nZ8O}quxC8
z;}y8iuebO=Rr)4RE3f+Zn{GvC6eRSTi>HRGi)Np@n7dRul$CsipG&-jyVt)ROFn7p
zksR)X9zUh{=nBonA&{t08w^&p0AE*rSANrf;U*z6Y)#L@?us@GMe7>X^}iIS2@BSo
zKyn*H+eCEyRvig^hcx(LKyGXPWJ$6<_ILm&(umizL+#mUA3gJjSm#>3Qi(ClYmf4g
zKJ6RQAm&oaE+LO2(4;`R3LS>fAe4Ngn5z>OY;*1XLZj`Q=Dj9y*=tpNL@~*sUwCj(
z&urg2yuWg#Fq@+G6|wddk|sNNG1KSk)c1VvN0oRtl}-tuRDyv@=SJ*z#jx}~AZk%S
zof%)5oitbYpx;a3+Ib}X5}KrjF(JR0owIV#CEkp5-{ta+59|dd_YKU-GmaOQ0VeN_
z^aubs5-4AvkxuBsIBoDnTrG&s&}Da|J5oQn(9}_E-oic$Lxjb}zmlNYL%OS8$FX$u
z52IQ0GrR)P5V??ce(?^eZ$f8d>6N?(ocb;+7*DE#SK4VArTtP=%!?BM*FJgHmF*an
z7{4`BCTxZy_H)xjXnt7eY~IojZ>e^;7rv;r`KxUgTLwo4Wx@w`Bik^$f(wDZ->7m+
z>+wY*7_m)w_*dln0T#;d>&_)(9<(h}iym&E*%1K2x+!*q|Fr<&zUK~<m<B*BpV)t+
zy9kb-$#Jm#GU|lR>3SFH$FWN4mp^E~q20&3#A%^^1iXZdn_dWtA(+CL&WttAq`o0<
zQK5Z*om_V7p9~HezcM7Z4O|m?gX*>GcA<T<*&N;0uYE<|vak6FEMuwsWTcoIe}l>c
zw-i%gH$|9&uYb=Aa}sh2(Hdxwi^2no2vG$?3>6lDW|UlwBxo%jx6&;|P(wNL<6&``
zt9p8X7|c2{{9|bs)J;?FEB4&4phsP00O8m{^rfP-3+tvSsK(tL=B6p@vvQVuBTlJQ
z3-TWFNXgmm+vGAb;J6B|!QX8V&O;AdB%&e?!{J)(H`fU1&9~$~#5d%f3+@&pg0YgW
zVh^qp$hAfU#-}_8w+!W4@D-*O=TJP7#2L&P)l*Q`KH!;kh#R7hHd3TGQ;AWpaJpH1
zY~vK!o%^9ZI0XW$e--%{6yev*@O6x6+gi*sz;_kAjX#14Ktt$;KUNYGg7yWYLdkoT
zN%n>Jguk~+2B7abtg~SZz$S7hBsUq)(H)WRA+{77A!#QHvT)(}hgWkjevrNo6u?jl
ze9<rMy4zGPQFoQVNud4l@9{QGx-A0PyR~x<`<O<s{-C*wY=E~Q)M7f5D2FEcZyIk>
zo^!2r5Y!F<lT7#32tubp>-x#Y{d^XIlli95JP4S6hyC}b{cC^vY0pd-#IV^#XxRQs
z1{`Tt<*zD}p5J(lVI<ozc=P^02=M;~Cn<otO!0zyp}!Ia`$Bl~pNnpaH~XMpmXPKI
z`QqR6oFhJZV&7BBW`hgC_!7U*E350~?Oh+jYO`{$N6QZM{Z<{Vukh?qa}o$|#H<W<
ztSmi7rq97IQJ(vZy9+~_6XFYh|KS)QzNb95n&U-j2WyW=2LS=hsLr@PgagFkHG{_O
zPPkTtQuyK16UK#3xMzP=)&b)fCtMT40o?ym*AK0@y;qR9TBm>6UpEopRS~?LN$sCX
zRkbY>?n3OsTN4LAgY728D}hhuo?&#?bx%U(d=QF#JP5=Iz?nWqSKbvBrFbCfMa~@x
zg8+C%!4)yJbg_)20@F&t*x^|UNEIcJa)O>&&RI9{EO`)ov8n#v$f20#gZ5yoyG-)R
zq8mw>t7uav98ucG0!l!_i@Q47mafK~b}J73mDb8U(i4NVIK)BrQlZ=nMV44>xFi4t
zlB92)eaZ#<o>A7^(F2>-dr1!a7ezY~aF2VgE#@Tr4ApBsa<*NmmAp99ept}%6zE8B
zPWbzk^W3Zkc`sI5jMd~i(ucBl-Lwd$B_D+%FK$5isHB~2fg^&C&LpB1=@M)z5S_-9
z+mzXqWLMM(^`15P7i>G6CnhdLm<kO9FFY@_Jh)3Y+$N=f0Q3X#9DsT$PAd!tJgCJh
zi3%YJ1Pcj)KQQjnkO64-i059Lh$|BiKil)f%r(ep%Hoqg4|ULwQDd<_xb)t{a~J3l
zveWMxV@XBB??{BU6!+?>8OP;8OwymSsxO(8Ru3w_!(L+XP{A;GA4IHM-2V_-{ElFU
zA__F7I8(9d#6$1B3qa*R1U@9Xc|+R*emO|`3l_0}^1m8et<|#*mz)W<f$R&mha%>W
z>nDKpfVOE77za5SP)0+V6Z%ZK%M6hdmTf^Q3?mSih|qoTT_P4sS>Z~(pGduOV5MY$
zNi4P_Ki&NBBqS-GB%imkIE{7$rQjJ+CktvK*B6^dLwYGr>yBdNCBj5_dnvB-uAt=Q
zypE*vrmv}Qsfu{O|AxhvKSsbEw{5NO{Fvo(!1&Y-*#zW+OH3@K$S?2TDREDiED)2Z
z1St&Zi+IoI2<>Jbm_G?(>V_u)@pr?c0tiF95Nss@@=T;j2<M_A)Hw0HQ1_&yy71Ku
zq)PBZNf4*-)l~1?yW8nscv%=A@I6o;>D1at6S56|X}-G>+MTny?EhrqJI!%h5<aQ6
zSTN2h??cuOU#~)bG9Yqq_s#@hZY+xiy_Dk`z3b;^1<)@j&oR$A&Yd=0x}&@0L{v%w
zT|1@!_VEbaCfyj_N!@DQv)zM%li<t{%;1Kk9ICfZ=*H}^A1L-jR1D;<etzPOH!b&&
z8WAAhhgB$#)Zk<HHVvD^9*HMU546uk!G#<Mq}%-P-gn>xPJ(qo_yXCEU@OqMb^-2m
zqp<7oe%)XX0$}5iQ-6#4a5Ni55r5Qs$xZg|Dlo|x`^<&)h_3`CZrqRC#T${Aa6={U
zH~XiS=ky4|Ylr2Yq-lrciKH&`_KBo#M?@&j#SM9<!QnMIwn2Yy^u0Hl;X4!TPvZKR
z+Y_!KRDYS5k^^ktpyxHyKhPQEKeKI-rU2p9Q1`VF_1o?5If~K)k#kWFX$GJpWmLXG
zx^&Y7<iH5QJ(C-Qy&!crfqCPLC_x^YfcYVIuYx^diF836YNE0tkr#_fut!)zqYaX7
z<4O<)M;M`^A(97)O0Y!0LZkI$(EjO=@RX70zo6FnV*t=#dem|E^krBUVbla9zJJHG
zyl@Ziw?LK{+#mbBSLNN5oNM`jc~?ocgw$gX>n>hR5VVeZ8fL`(q3!=@lKRkBjr(3i
zNaAAmMd;w7!BLPKYavoF8TV5mMjLCv^~vJ0!UGgi#{IMq3}`Xku;miD!VoWLF$1vI
z5-j)>xUsBrk&qZMhh9Nwf=b<el+JSKEmV<fi4qzz<YklzpPh|3VKiJ0O_0m?yRDJa
zU5q&6(!J)!3e1T)uS(OT#|5mB`;v@3*$|baSZ<}_-%AMTcZpYmPvwUi%YxWf1a|>S
zz!d*NN7e2%I-}n)#xF#DkNjct7KjXga5Xkq%Y{s|yauZ;zxKU3-3ueX4Q{>hJd=dK
z?VNW7xmCOi#5h*D&0n$14sgJjVh8_4ookHVwk&gMPE!+?)vxG=&Oa}6s!mhWm)4JL
zp(>z@8ucH8+B*yUH~km={{`a6tOrpWOd?iTCC+eDdBaMHAld&lj7O~emCajoiL<`~
zIQp>XyT1#<zp~T`rPB6SGJge?Dg-{z32dc7ys3FMvWHsm|JNa66my#`l!jMrX<Tv3
zmFutOnaKWsbpZZ5(1pSLq$0JV=}Y5A)Ux-#U~qbH=WxgA`hw@tlh9A#s}Qj?NnAnP
z|7gy9yytr#8ovKluye62A^8Fna}f@qy#s|dNm*dqiU0n=NCl|$zDJQr{}KAS;YZl<
z#N&PEbn0l|ciM~u)a`HyP_)L*PZRP6wqL-FjVl@L`a)b?V0eaI$p|<+P_Fo++X+YV
z-uwfyo7MsuU14gch^E~CmP2A5VtrXtjx-!=a7h1ArPlSQTyU<}paeZcC;zG%^KI2X
zHjuJB#1Gb|ytrNeTSal*03fsOL=FU}yii;fDSppJJaKFb#WpMb?^P39rT<&`71#VL
zuEtL|ANX%Uf7qqG1cqgHlahvLXcCkZ$#XI#gm@!;o!=Quoh-33HA^@63dOv6x_Z7)
zjgqNjOdY|P2!WW0Oz5kUo(C((SDYagAdv6|XGkumFY1=J-16@MmqP#=Db6@qC@fVd
z%u)zBD^C1iXUYru7ine>H>|}uQZJrwu;YIq@DGkTX1|BtLhKaf31;+zcFzIJ4sEQP
za>rho5L?x@<VUcx$U9@K&-!oU<Uybkd9**;J;(mytkzTZ0HY7S&9B+1D~`)6_RU*7
z(;bWMGj_`-MjkKhOaTPNY$%$^prnKDVVBKaUPou-#)+O0-b3N=7GHpP?_jIXYfTV^
zWTIfg>)sLEjVX5mYOW=K4@da`;#dGhI43-3vTyQW>j2Sw7IA+XaeowXAE6V)?81*W
zZwZ8VZ3eBBWX|GZQ7tuT6r0_HFBr_}4Q+Fc=zN5@aEMnv&8}7O59gLGDwWl9ED${J
z1zmQ9sBwT-KEbY}m1TkY{jc_}RP#+5xn=(^E;y{rOkWK2`rDf$yqwT7|0=MG|5{R^
z*z1hUvB$=O@O=A5w+Rfy5<nk^;MqZPL-1IC3wT^T2zF5S7!`{P+}Qu5f_jGF2|!sx
z@WOu!1OUNkAByD)BGn6gtR2kU0F0eEAPuK`41t_o^G$)m|7*lsGjsYdm33`_a>}0)
z`Yt#m6boD_XNJCVUIIn4e8ky${b!4_1XLV4#{_sBB&TUyoKdG52plD+3l%1rE)zZa
zks^4#A46tQdX3#?(Rxf{du)14gGd(5Tjbp72LQZPCCdbsbjyW0?L?@Qi(V;ee%Vkc
zb+cmx!r&pd9FCu?<CY4OJoT_6<Cr8m98+RA$_|2k$bh6~ekco0#cqq1C!+nH<m4Ag
zCNAhVRXnC_ob{Nv>Cao}WK3v#=y*&CJLsY4Al!^i^c_7mbusBrX-jFSk4c-V4?0z0
zy?~cJEx}gUK#QwoL?t8WD`hhWZ~WKLX4fdWk`~u6e;2*<<U#})Cc%LsIlb0ivtB*w
z9<v!z8uo7`(eQ&UwzkQm115T0qFpjf8QZm1Oc^`152mqwwq}F^Qb$e71?=1-d+=UN
znt8tnL2-@`j3DMYEn>VKsX9VdIoG)T9bk>tk7=5jl>~nae#^KL_1#Z1V%i~*ff6+Z
zQIoU{>amDcr9-7sd6Sk2lWDv3Qz15n9_u)kiykYpR5g!mAfw|?a_(>Y5xp0<P$>i?
zqfSMrF9Xf0*$gx-&O$vZw$uaI10=6SOIGIJc*pJ~ShJPQ#(p2>u4<k}?cR_n0hJ7g
z-+r_Ou`P!frr|{#o6$F|rJyW%cH|ZAh|kmt+A`v-x0uGMm}{oJ2=e(va)*Qzs%Xwg
zzKDzE=vLx;ScJK$Gh1>=>5KZQU@ROD1Yc$w$8qr4W>vS5t6CX;Qe*jsD4WD@p=d+X
z4nM9OC#dc`Y$C=&43Zky{vAX88yH{u$fw_vqHJx#W;l{TkJ+c)Ky$1Vr;FJd^)pMw
zGEq?FE}rjbB%Pegi;dj#<E2q6%c<PKD0N=y!l&TIR3YW_S-~>q?`}5vP$kTzR}Wdp
z`V*$`$Wm(;wk$t5i=`QZeVs^EB5*MztvK+GX5itfoLCB?_T__kM?f&)-avA%@-UiG
zVK`B?#3w`9ALQRd*bcuQGD?AD4-$@J{1-($l`SsmFU`eU;!#?lda}lO^sGRGl`7^h
z{%sQ<l~!!Cotq4+2!?Ux%s>prQ_15p?1s)Tb%LR}li4$mKE6S@$Lu3F6Y;EeZ1?j8
zIwe)6L&%!#yhXz-b2~d~s_!}e688j`U6puF)WRQBhZ5*V#!^%iK2?Ik%{Ee*cHlFR
z9+E$%pbUfsc`H$GyR?m^XlYCiVx~Eji5_rW_E|@-eQ!j%)Xrc{@-R&r2n=C6yMB^_
zh$5EM%4YT4r4Qvgb<tY;AtC=KQJa0HJaqBq-c7J3FlyauSk|PKtP?;T{SNI4t?R%d
z$;$Czyj7Is&+V~~fWc8Uw{E?3?aW5Nud=4Yu)%uqG?ie(?=l*utkE<)xJvv;_*JUH
zJnEZ*LQkKxCQHUrL}*Xr<ojKHNmGY)?Q~q2k_nLeF}=&y4+xuD%%Z9lH5&_04eoNi
zmXc@V2G#bP2SM=CZhZh($rujOVW{mVP~@s#TE2L;yLM8bsL3!tzPrVTMTr$2mY&s6
z3DW&r8HW8rW(v#Cw}DZNIOiZK@k-+HfZ2=-#B}o8+Dcs;c7=O0MFkOp2zY^5lLDJ=
zqbULoUp~{F0)3}ok6yhA(_X4hehy3g1thO4W2JNyi=;g8SPx(<F|i1mUdF~Uh+0h&
z3)vhJ+JX-~>(iZ9s01&;bed_PbDU<zIrjUCfaXDxQ*;hNS%V&FeT-YQit^mLmJvx&
zY8R+52&nKbOvGV7NG=Pq18z^bKviChIjQh7v!~|1q*=sI1-$`-3@)B*UKNAioM;MV
zKzhfpxFMOt4$J^gJ-7|e=xPIB2hE|oIi$1MM!dRpkQg~v?z}ccN<E*!Fh3{06_Yyp
zKyO+tbN(?M6#4|3O>L<=K@i1l`2_yvtoxh9O1aV{T0#3@(akc}bG+d9d8pIY$m|3W
zsZTz>)3xj-vivS1mC8&>$lsE;A{cbs<)WR!IkaVL+UbEdLvxOYSsnbV<o6swTT$#p
z6Gd07Udkp{cZcHmKJLo+GWSJd9?BYADEkny2DHhs{#FuG3^xO|u1n+}zoN*_<Hc>*
zx;(ViUi7#w9D}e-(&`5any#olTp5!c>3fOW__F0v6^a6MGsX#!B2_;PQ422gxYAWJ
zYluNN2p<EA*nZl3mU=rg2)sU1$;U_VcpX0-=S(B`<*c&SthQn&&U2Lx36z&iwq&Qx
zSdndlgT2+(#!J?i3`eR!D`Hq=rl@0nE9L%6ri{|Q#B~CviYS(ABSBS|j;(6bXc#%W
z;cNS>E(08BH+vM|4%GrI$q}u-vSt!CNrTR!CYC_;VWjLC2AQ_gnBlF0r>uJ#1qRVA
zuCKvcuKsU=WTf+=dj8EC?d|2#kNb;e&%S!>q?&{Edu)3QqE^%A;{I8hf4)Jb6!*yY
zvuvq`wci@g#=B0@j3S1Oa79Zgdu@NWbeJ;1cJ(#oNgwWS*em3u{)pVVCKEf#Lx}Pr
z-?$0@O{S?*moR0ajj?Gr{UoiEV3V!-tb<#pK>N8T@yDT}?A~uv8IqY6=)NG9-#1G|
z)K&xdY}CD#$+k;>X2RE6jBR|ytgD|!DXe1s=YGe1<Alpn1y#ptwTHH|kkx5<8Had$
z-!lgB?z5C85qnI2DrYQ(=qw$~li?$>cVpcI)K=D8x7syxA|={;h`Vwbr4Wx}qzo@~
zV-?G&6;2fB3Zg-oLS0H{TnZm5@}eeqQyJWKoz2Sn?0!2x`7*_^<5eH~nR~35x$=bz
ze#_e~WjFi!zF~5YV=q5pypKL4o!hXrQ#vEYNNtTeBd=_6(0mq&lRTxFlt;@KtU|v8
zK(+IesWk_51}_I$UBa|eosyXc-e*XEJL*km9Oz!&yy$OnYu(DMXXnc=)Ez4s$$T!N
z9?DqUl$WA*tZ4hQ8ciJN7l`ywIm|0qiAX-}_+&@J@RGCfQ+w*PDHG}}$76@%WRff9
ztox%X1zuBWDhv=srfkJ3+QCA7T0GMQ0B1>*IQ|ArEPZ0O7GD;J<_H<Wcx82733D-t
zJI`8e#A;Ou8Dofen8ZTm-HN_{&u_Nm277(63WX&-mDpMQ+YC7fDxsbQip6h5_9k@r
zE+;ek)ZeWvyGe$YcSX4y@V3-KmAlPmR(Bul?YQEn?tOx`Y`+VXvXq@sjU3D^0N?AD
z-H3Iormg6$*F)85zsselMs9r4z&n4s!r<%Sru39Wv(d0~r*bt@;$kJnOZ>4G1@^I#
zIxq-xe(3XM!0epOuvBl5RMj<&EK^szgi9&S@kPc!gS~do;qO^kq0d5xD(3n+DGT{E
z7Pc5da+Fxpl51(x@j$atdOQ{)7LY=n*$^92UytG_EvDn8L!eGOzaWvvNI5310T}Vn
z7SiZZWiXJIM&|{5#8ZOttPoa4HZ#4LlIS^0SbdB!`|Kg0Idil|o#hmSa@CnT`$f4$
zAu{0OriZmSFNpPUIt8ktmOOb@9L?%GIzD|ehyMl|+haY|#>pa8=K6rDBVfy-%ha5C
zWZ92L$gSc(S45$q@Izu`9xZE4-Bo^f6isRR_`vR4psGm3Jx05nvC@fZBTo*lB5&;j
zYdG~;{fHobF#Bet4+39SqcZG6FqXb7QKacOBywove!0V3S-f>n`?%E{w)(f8Tz+-z
zUTQDn)Wsh#dav85gUT}m>p&z^*EFZ863hTZQGkKTC2ucW$3jAGs<$b%1>Lsm#gS@h
zxf*XB{r94B7j2hzlWwc`aY(38-6{de5WSTdt~)+PBdd6$mixIRXpv|PioP|^NLE%(
zIbVH73K2WhpJxmQl2~8N#Fal-!=isLel=NVdm{BS4r6=8p!x30J`lo;aqH7p>{@6<
zvOUfvPL7)Z?<ciU8EI;_Gp8B)eb=pZ&ncFyhrrKXjivG;jL}|~H+B9lbdM`Emxzhi
z^3UGg4dt1^ieR%{pP1|s(H!-RxrGjeC%j5d*A$JVz86dt+lLr$IhKTBov^}|PyLh<
z_1^l*l?$mO4`|{O$$(?AHwRY*JKyHa4U}uzG_J#__sD~h$Z7%dr%`Hy&6o7Kb1h1%
z<AzpQJU>a^36OV;P*){7dOM_4(?^4ulo@0|Y!Z}NfZw7f!%JDIAT1U9{S!z^S2;Wj
ztz|Yz=8DQ?C2i)3T%1o7r0|uXPITiBvzdORSXJutb8!3ME^zsE`qd{B^w8JiY(>sv
zdCZx7&lI=HP^W5CUr()VrfQ-*c*O_Q*e1Z`Y02uaQH7G}0PF?@j3gd#CS+&l@$O<j
zU<u|VJ7$-$=u5IH<yG@kZepZk+O;#LK;z%VWOoROxtgse%V{5jCq$GY7GswLs8i%j
zoRz!O$Us(ez*Yh^#Q?GQVjQk271kLFMo<-Mv0o*Nh(%<s82vt^LUX1Jw3k6a&f)Nd
zvsw-(R!wRaweD0BG9E``=3wrR=A;MJPuV2gUNgi6n%dLJ_sybc3gM%zi36MClIVTb
z8Snds^SSZbN#<>-F;xsx5pC1J%f?DqR3}GM{I<1P15{MMN;z9+xDEZD!dHOGBj1;r
z&lS$l2u<4a&F!_|pz@&}^BIM-_hC()p<+yTUf$wpllQV>QI^>ciS!*#Rnds?@AzCW
zWffCDjiNy==&SuHT$MgN@YaY7uo{Y2N4oHL1IZO!rPhMCQIwImlqh6ZbMgL2;jiHO
z?o1w!1n|gd>(5cs4(eCB_GcHdGJsTw<;(gE{4)m}296W<?ZnYmbVqB^x(xPYsA9MP
z7Cgq2Bo1K?UveE-4S4hDg^cKFgK1^96pl-km7E^~Vg^;~JcTnbW>CE2(kMBbH^wb$
z$FelDVn40m2)rst+3$X;T2;)WPV*)D-UZa30*jWTeA47Z@C3e!O$=#lNS8qiMg+M#
z#!?w67hAQijI=1XI!NFRUin6Ku=Hm}BUDI*b7X-^Z4Forqxqa(A7~7BU3`_6aO79l
z5?CoF`D2~kmh)6%bzi7cHYYF{{SCMi7I=~TbvZUUQM5R@MwTaPzpJ|QW=@dV{M29r
z0htuUS=JJobYGEqW>>)996d#*yh1`+ZND*`T}0XTD{Dx8Tv26Z9Bq3rWue2R<}fy4
z!)7bZ)B&}c%6u>A$qQQ5Nn9aH5&Nm3a_~`HR0k#qFII2S4Aka~Z9!JZntGbdeo7sy
zX)*Uhwly!ip5pU4!5W;2R{Tx#XMr;&TfnPK@7vXJ*6(WW+yXzbocWzgl*cn`&>8_Y
zedJQ^Vm7L58rg^i*{qS1z@aA9(HP-Ea(=M6hXFT>N)#M)#!87o3|_;;CpxlN{8_Ui
z@%Ux(SFkgmv;BawLCPUJGP_7*vz5Y47RqPQU?$AWc&Lik+;pWM-fopMB6IOfI)EN{
zoJv{chxJDTm!i~JpTf#OvX6h14u;QmX=7I-xNva4(#X08#^G|TjA=32A;7jqP^jnM
z7ltb!_k3mp9j#T=EOWB;6r#zBmgL7H-OplR7nJXEUzfsQsunpE<}QpBxR;R~BaG&I
z;}~w61j&4N;-es|8a^eyBz|spD+I0rI~?9Nzh&4>K40ytk6lIA0J82tMoxa+(4u#v
ze;n`qtg!#fx^Vl`sOsa%sQ-OB)5WCH*+Y$~^^E(=-doL)g7NNx+KJ-z8lQ=Kc(TLG
zYZ-H_pV_z)%}Q|G5xJpP1(Vlxc+c{;@N4?loF?F4V?X>&#qVSlrF`vf4H!bm@l090
z3(mg7%3uO?8ybAWdk_4j9~(Uus~-LDpCsfCztME2JuW?G{CZ-z5gm-f_IR7+7d!z{
zf7w~Jtk&K(7WF!Od+ysBUU+IW8xXz&aT9Hr_`ba1KaUc<-BUavIVd{#+zhS~Jr$D}
zvbj+jO=V3|DX!gBZr?Er18a?Ul?X-qRlp+yGw~kg9q1duEIZr5w!`Z$q>3yeg7z}>
zPQc5lZ*vm3ime(G?(%utSEJeO9V1clt1Gx*Mxjmine-0AdEGBF9D6-$dgVEPPK5DR
z!h5r7oP8OKtrDnzUFgc-bJ{(7+ju$@7I=KwD%NeyIo#OyDZU&6<hs^bH_i-=qdT4~
zpATcx-rVo{;#v*bkDL@Q6`9)(kp^BTIzsuos<$h<nEgGT_wE3%9RR2=*c){KZd6j-
zZf?7D9##kCY;N9$eNN&Wo|m7Kem$(U<~f}C@0Z=JH(!7z{a#-C4h$bvpH7IL@A(~k
z&p^PM@Y@{HT|4kFltg3tW=-P%%6U|Echl_fc5R{f_Of#){5)<!;(fBn5GU+CbM<(c
zu``(C^%DB@yYr;3QOOdc>vecj-{Wo6FxIp$Ho8-QUHb{BUOqPDt7VP^)`nQ_<-9JC
zqYp}LZ>mUT+Q)1qT0ZO%R3&!-<8>Mr2V)Dz04CEnPGG7bk_k)SxV69Q3H$BW227f_
zIohjtPLT(JK634u`LWHUeVH)&{z?v%gZ6V#*V6Biw`ji)cMcuJ<0h^|**R}BKza_)
zsUdTHK(&7o^6R@7Z4Zfyrl5exB5P}>2<V>s#4t2GI+e5Z^G$WOfNiNymiDtnd;8<V
zkCM-ZKR@36?0#H%Q*@laYeji7cv@AvmN^~VdJuM=1EtwK)=m-ZLz>O!aK53C(DPRP
zyHu_k2^tGjxCXBVd=L;3!NkI<vYdl8P!Y)Y?0*`<*Zhf_q!7a@r63<8^(7{<(tbfd
zuAjnQBlcITOtMv{=Dc9v7}&$>WAXQ6J_F5{;||R~pFeZMQiMP#bAFjl9oz7G+$On*
zgKd}$pLy=-+uo*G=i9&_(?fn>r80@OAm-sQ!kp_0Mt#aj1fsqd^$=yo$9cU!Kz%vd
z-InEw^@DbU4Dj!}-^NQRg;a&`!`^k<VK5-Rb5VBW5F?!8-`z9&X+n~QkEMLa9<u99
zd!Eym8T?94N}?j<wV&CmT>}?SV<wl|ww)M^busm-Q2OTUe32=u9tJH&WF>4Xd$C(<
zq+m@GlD`pD3p}K#S&U(lt1w;v`Z`C!rhzB64lVeJai&=C=ITy-x2fbT{)=;0<S0F=
zv%xOY5Vg35%+WB)?@P#uj{#2*!(yjDoL-`=WLWXRe3P@!A6VC*+OfUwlI&6v(4e9{
z8gXMyuG#Pkj8YIOOn8tjwI^X*pl{*D@d92^J(RRW;sKT&c2s*?+Yi0y_C!Q@FsTD=
z*`&02O@OGf=wmZ8=5Gjg{NpdVzZ+8riAZ12)|k6rD(42`P?5#%%a^s*&Wvz`Wl57o
zmq_=j#5T!xMN5OKF~o#I^ihA1$p<+~TX%`j*NH`hDkE<R9w}z?LK`E67^AwPuE_c&
zH^vP683G7oQpYBNb1*$O@F9AzG^Fh)TbNsDA234TVH;*#=4a}1Q7nl<5>Q)3Kcx(`
zqV;wK!Vpjy#MiJVUdN!Ccpn(qlVOIqD(6cfW5#YPLmWrVs1VbONLmtmL!C*5M{tOK
zJyVvR!?T_h*)D8c`n-BC9<6C*VujGUaLG)JBn?=sEdte$puPsMs(zny3r9h7KK6No
zMbTy^mdPd3X6(8HUJUN9tCNBWZb|ba#6ysKyq6w(!nE61vzQLFzwgcND{g#BU1<jy
z?il{i{we(;P$}QcRm${m@(lC9eAAW7RW|s;W<JLnf<q?#COrfEM?fBU6^!0AwY7!i
zNj<>rD%uLwTGuM=i_?rv0sU5X!R4Y$EiM2b+R`_&_w{^;mWz#!m6vS8maUfK8-Ffl
zRBAy&Oz5I+YNLE+ADS-qe4dXtM`W|x1e$SRpz&Bv#p_m04f5w;!#iZ6*;eVnLQxWW
zbCM^zyN{Q_2B?j4SsYaATJxI3=5?XN7oI?RJ#^S`vqNb2(A3l?U(NPlXhH|Q?u*)N
zT8tYSE&Zua>?#Q|GSHgzKS_HPK3U3A($Hv)QA3?1pp!K5FMZ&Wf0O!TWHcnij~Lgq
ztQ5wok+l)lhnzG+@pzUO7?=mt%7xO<ekN_~lC}<gpH;&%{7n07&Wg(@Hi*hlf;0zg
zS7oRc5<X4eJ6FffYP*T~sznLi5Fm!*edMSPZ}BNbGDW|6#8d%;=QUwF{)lPqsZNP8
z9HUqktqOB!7eyBus)ots7tnh4iuh~_ZGNsC-j$;HeG-ABvqkg%T&^Li=^=c_AEK8>
z%F^gZ;X*88LA=^TA>~ODdK#_D8g?D9F{a+I^vKK}BDJO5yaHVTMAmJrMb}M;pOD&a
zL0S^6Lo+-<))PZkT;(61+x-L|!eYaDq}8mVv!f_tN>eWrb@<sXT2yx#*joU}N8rFk
z#AC#EWcLidl^5G&{epCgPbe!vx<((r>RGW|wb?0I&;<2%tyZm2RkKF2WibO>a`C!;
z<%b2O$?<%<m$DsH1@1A%5HwdMRtOotx*0@!EU8<Iyr30qBFbacFf5rWZ6hK*rT*Y`
z$xT6sZPJeM7sU@*@tzD=i<mnlqoaH@bF^L*r4*6#Ah=qB*<5w~5L7m6Y6ZXU`gMEt
zoC~XN@E30Pswvv!<?2ekb&@U6Mb%w=LnDNw0e$NCo130!gNd%VwAI~UKk+ks9d<Zc
zmWxI_Za5rDtZaqCp2d#8kI)E2O#LwucIB*NFJ&x=F*qOWN5jyEb?`jQHjXmmax}Ul
zdDSn46nd5Ma;gcN@9z!@9ogg}_3)WYu1$3m4_B{>=azS68@@Kl^JugKJMOzfpb#69
zy(PFP?W;dRnL0wv`ag4UVjAhyvGq&15xNYg8*nvX7k`n$3fZ)e8;iul<JFbICD_Nx
zMJPezCd_a&Oc6ru;nzh(a*ky_UH3&j)#yYkTCBNSuBUCINQHk`vDKbkaLCGOsx0_=
zcTnNQ?67|G8P0{};?r<3;8VbNbj?@hJ}^D<Y7>sOv57^2uvkompMtI5_PeFz+ip9u
zfn+j=E<_@A`(0u~9_KK(q^*p*Y?CM@&tmgD_<&xJx1)Y@VE+bQHAe#Lw_;Jawvp4x
z)n0<vQTjf+_O7(y{z)V2Wkj*Yc)Ng*^!qlp_MnXJA5^AHcBso+K*|mux3ZrRcl;8?
zI3bl7rRe?FB|LQ4R-^#?#E426-5N@Cd(}R9__)uU&-6VQyO_lOFkKYACR6hRP`R1{
z$H)t~Ta+>e!*J^U5+%FT8>R1AlQLN8-N-!+q({5Ol<nd%%Iw(C6+RhDujJocx%+A~
z`ReT>5C!qwcsX31054ud4hjTyAAPLkr%1ERynasPF;L^j;s-a}CB`Pn-8V`Ro=iGr
zFzk2e3YdKk`M4eGfrB8eh|pyo<cAb}y77_q`leEx-ib>J(3v}kg_}^qWv^nTyHIGS
zwdm%-llDZ)+*Is|V#fceijuO)358M3!NY(1-AEf|bi&0T1CUw|KZlC+*~IIbK59X6
zI1`PYL|<+2d3l-A^-Oc@;Z$0NkszK_YP<BrQ#)Q0)!_9CC<dGQkVmVfo7>plC%y(B
zX@mYDm`F?BB9;hIx|S#76jy;lkiC`2;+82pqoZl5C2Dta^Hwsr?QVlb*As;VmyM>w
z=s<RBl@M(x0cg>U-fqO%FJ~k(N;Q?9>QC;GBN)@hXfqv?fvNaz{hozp6M5R}l#O!6
z^lPGNWxO~Vd7`UK)}aq$Msjj#IQngRX=r<B0#Z&(o~Ngj>0~Ksxlh-&5tqYE20vm4
zi?OM(hOxr)jL&H2mRK9wm~bex&g$+p?I9{Yduge|EASW>3SeQUjkQzR&sj=mlm|C>
z!5o;lQzdLGZm!C8HyLT2csY$j;DDD|CKB#_RweIIyvNFvk-UBA@2d%3g;6rpY5nwx
zf@;<AAaYP@mE2pZ9G_e-St}(+hr?+zBn=@a=1|77VSBcBJh&Cd)Wa98`NI=G6EX{>
ziX78LB;av#JkYN;K}EHkVOfZtIodAEXGKf>qEz5)Y7viqkmD5dSsj}pi84g>BgTfq
z4AmAiT?^?ob3P}EjNXS-cktr00J@qMj|9}BXV${A{8hA-W>Tvc@g<@U;a6A=@&+Rn
zDh*+!_^wuThpPCZ63LX`5?uSqAILz~ksDyOgn$YI4ux5M$@ca@CcTdPRznXbispQk
zYAWQX_g$q%na4A{d_S>CH9<3uV6YmoMDS6(MpyIF@%o$@S~pg9*J7#h6Ep;p(TLl9
z+gyvPU6kso-<tvYR<<y^?SEni50rzICk6PZ1^RSEm~CR{d?BHv)a+T!NV!js`8n~Y
zR2c|8NhXNw=XqAd8|_yQQbKsiN~Xkav9!%gk*`JFw&N;ohS|K+KZ33+BS!rNPH~Ar
zifm`axwXefC|@xdwN2eXFqh<bq)@?iBfEe}+R-=VPibYCoK$~kGQR)8I?lJ%80D?G
z?$8oy8ePCqtt*eYI0o};qA}Y}e|Bb|u061yvTe$DNRyU!CT2j;yLNL}2Ub`O^+;(!
zT>;ng`wQ=F0(d!p_lIU@L|fi4hk}#gbp;p1I5Mi$)Qy6n7fn@6rv5m?SF!$7IM;`+
z-50a__Ue3I>C8#IG+pYVX$13IPx(ax3??ZI2ZT0tCX)Eo?;Q6Fj6tx-hQ?oxMr;5?
zaL3<-lJ0|4NCFY1!OBbW<Qj)N7>B`2<}mifF7{dd&72LpL}L@Iy>RPX^nq8D6Y}I2
zi#$Xg59vQl4M*x8<GH$N1ew0r-yet9QMfGY5-h_6Ap6ocp-u&UZsgZVF@U&Dp%_%>
z;f@OWLE~gdUwR_{ldBh6MVpORPTT_^0eQy>?(8E4kBI7y_AFS&$Nu&cF+{6^WHwu1
zK*y8j5!e5g&0zRiT5M1{D09P!V&hDb?Rm$maVmHbf7E8!+(3Y{30D5|p)GV3hH102
z7qmzMtLa3t?Y0p-9UC&u+rO?9eLK%d-MVDY@ILQ@|Ia<XM*QuII4~LWCubdSYd+`K
zh})R$vQKb?`h{ukjdEF*P8PjV42|y`HZH@w9(l;)#W$ffheehqren}1$f_S0X|J;q
zBFQEbf)s)WjUvS|%Mea=a8SJ5W)A)R20P`up|$gMm{3;TNGm}~`@FO7FN#gHbD8`7
zKlV(^F83^QnHyiG9(DU{hpn>#kan!pdhKoVFTY-H<F51QbM>Xcn42x)i}y?^KCHBR
zZ<)*0*B6=n)$A@8tW6KD_DfD~N4IG6W$d3Sou7KX_s;UGZ4fwbn&oAyz`eA$c-^L;
zwI$9p3FlocIJ42ww2^aKu%~qliulBI&u@%t3iflR#gHLt>wl8-N!n!v=<<Ft+BxJO
zN+K-Z<eMLV)M~UC9^p2DiNW)zmNw{FpM331b!A#0{MB-0`AaB^%MhRQxJ~?z<B_N-
zB7j7Okf*tbIf$YFyB8c(pn+LgQFSEo<98D0OsN7tgZEbyRw%yO+HXv}a7&9|4zs1^
zjosRyE(ci_o34_|fR)ZaK<LW{6rYIAo7)e)!mxE0ws~P2L{qaYn=`(L-;-7;M0|dy
zgpTe`N%}h{PI6de3I8ec^<iS{hL|JUF5GZ;o~};6n8S>O+9dVvd}`i3CETaf*Hku{
zb=f-te}DfLIf{HtX?HC05h+x30pr%wYWlPr?qdp@j|Ci*Afr_50ASgpUk<Gh&~pjx
z|M@G<??!wwlb_$W1%u@@)90*{RAUInP9Y}+NG;_iHo-;tg92<(d~MTv;*D7DlWR0V
z0?$^%&&qro>b-N5@A(hTONK2ZpyPv-Z$rbBT3nmjP%L)vnQGpy*XC2iCikXXeC1~B
z_tE?iQg7_HR>it-7J&YwH9>TwK7FTNWr%I2;Q@BOye6N?OIC~%cR!VThiuP7udYo}
z3)+n~P5Yhqq>ZHo;&xmIKZ`AJ>#?sbd32H1<e*=vTDVeJK!tuqCzKMd`RJZpi3=@U
z2@ld;%jzCi){A?=Wo2?3NNUH7KLTdXmfK!cWuTpkR}*pKz5*m1K99RQMek!GHn-m}
zI_sB0JFTTgd!;kbQh#XO42sP+mD=qcoAMw>uA*RTaYeojt_KTh^Y<Dak_5I;s%>nU
zlsV>G;=<w*c03%1YcV~0?>;`V6Q4X}{i@Qv6NFn6Jn%4tRZ;?&1YW-|3wFqq{C-=j
z1fETBK3Fx(lK`IRXU2iM+1Nv;En5%=-;!a?GX=$QbY1JHgxk07kGd98=1@3~Jmr?N
zU2b|^P7UAa%HYTedGYWqt&+4~jApY(wU?z3e&rodj%8O2USoa%zxGERAQF4>a9T^C
z^iV4BjJDZ@j!STf89H-oDmL_f*pp+g>{7f+S>)>UKLb`y2&$a!vX!W9H#~mtWz-$4
zrTQQP%*eiXHz#ew-FXhRauLA^tID|3WOd6H7Ia@R>G~BQaAvE2`5uUDEeaxnSKs`(
zcHQFKf?mje!Y{kD)m*6RB8>1j<;}>>ZMbM>5<+QuxTO8G4`5gNK2^+17*_Q@<AGDy
z`GG#b9RW)tZiI4SHqIZ5c37|~UFaiEgh?-896H|DVFnFbU$fiN=dckhDj(Tord7iA
z6H*jZrZ=yjS}dG=EHBDe!lDbD?jmR0#O^*UK=mq1*)?d!!vc>fIO=AEYODze4Lnm5
zYcKh*6q-LEsl_0TRLEat_&ENRjk(SF@Zm~a^BXW<W#ISvd^~?M)>4stG3e~=&S)#`
zAp~g<^LyG6afd>h1^v<C{<!xM31=vyMQ?M;bW@o=3w(y`YgJLg1fX-Z>uGuWm_Wr@
z0B`&|96l~W5tAvK^M|xv=mB;D8~XmhRr{Eb4KzRCRu@gg%S~<Dcx7>CY|+|Zfe|py
zxbwb9gdNj3iDG!l_JD%SXkntN_vO=|A_HgjOLihwMa<jkuMjdMB>_rE3|Jk1L#^)O
znQy^G-_}2RXVVUK&$DyyGh=e}2eG9+JgmEfl+;7+6;c(tSwNb(9u+pQ<|R*-4PbQe
zLk%rLY92)fR<T;uuDLhu-3n&*lK7;4V{hgzhdfgkm(pVNjqt#lZJ0JuT~SyHF+|t!
z#7(zorof{Sr1Yi5Y({!Q6mchv#{*AmDDo?e&S(Hd{eh<eT7<vnOGgU2Ni8M}r(Hjr
zujYm<ISD?_>~2o561Cms|7<#v3Z!06T*LEwygi$>>xMl*gGg9TPM9qjdmvI+yd6QX
z7uFc#7+35z0AIQS<Dd3bt2Kp4@3{>7C4Y5wX~=-f&f`W2<s5BqiLF4)<&j>pEk{}g
z@7;u={g8hJs3dLUjGZ*hJw&6hLC*)p%0rsIM)2rwC+KNR&*GNAy+Pw#p`Hi}$0D^f
zx&P^ugb;d;JjcB%8Cp#k%=!I%5KFY`utD01%!q<#r#rXIY4GJDqRGb1(Lk~4O}B0z
z;1_qyZf-bc;A{R)-03jrk<p~r*={y#)@V99q{7Y&C<>Ev5M%9bALCpX5zPODYryH!
z)_oe6Jca>NBHDDy<zbdPjFxnTLlZJTuVA0MP`;y3S6ywtyd4a}sH1VHY;X6vGDA;g
zZi=_h$#LrGp8OgF{+z3FXy|kC#qNyzSHvIHX0%h=+ScUeZ8zEZ^jV`+?z`)wt|@b6
zC|ttGkB!N8CFk;dX4DvRDoWgSw!?c!EoOnx8NHjZW5TqQs)XK-8zgF?;(u@m9I8RO
z7x2Wu1P+amHfbTUextW?Q)iZe;96Vr;YpoE*|R);D_)H@p>A<!i_ehq*6AfUXt8VD
z9Ts}mMjT?ivA%SUi70Vq1<DFZWAM3L=4qri7CewF+=!=mX-biK>`aiBiHWgBpdufB
zstQu@j5-_K2q(w0ph`MU{_?io9OD&sRvZ-|b6coiV^)p9&-#pUds2VnFuUHv#rB~w
zq<YBf=x1UG%lq6OGm_>n*cj6AM`(1{Lg?PiMsnStsIn2-xUaNP$;IV1Di6oH2m5A-
z7_rt5xd<>;;c<r_vYI+HUm2-G+}pel`{RBV9`ffl+2_)n<Z_4G;B1?9Vff0WdKh59
z-6ECjCuMt9^@9Q~;R%3%>>+#co?4ai$sZdoO<Vr@o$b#{;d>5E9?a)7cD@d$;WpIh
zeSV-rGybs;yg)y3)>o65iJY{G-(T|%*l>3w4%0HDzBp0rZ6&muQ)|I6GGXhk`gd<z
zaU0-T&GjPsiIJ9LeuW#Pg9(u)3)B&(G@zZ6#Laz0HXhPigN6a(r~>}PufY0BX%(>8
zP%h3(@-U>!#A*kYY%vP!h{udjj76I$XS^6867*EshOu^k9sa8SM?^RDaL40JK9pq<
z8@-e@?Wofdf1*$Pd*k~=<~cl*EMey2`=bpahJXz3SQ(jR-c&Em5OA;zM&zyIF0?Ns
z5afxh#*4h|z1bnaS!Ds#ZPi4IJiWd!4;uUWgP{}rwTF9-OdR49dr3)BzczVlY*5k}
zJaOid(<Sl;*Q`ziR#}&TOojOADT>wp;sWx^OT`Jw!IO`I{NX=10vmf|(gZPr#`bgj
ziCvt_1M$tYeB<2jWlTNgTdRvkquDgRLoW>8(f!<`d*NLGY&lZ3D*<>WX5XJb7Rx@D
zmm5Y^KZFJbSOrgYyC<+nwu&?x!bYS1tYd3ALHe+Mp%OB-|ACk#l#Y{2*ZqrmRR|Zh
zTt<JkOW3llbqa#opsQZ?N}Ndwe#b`oluvne+7~ulI%;EfBeuhNSq*5g!7i2v|Gokd
ziXo6>Ci)BpaMUD48JmFT{3Si1bDzQryVNjgCKDzW@mA)psGbnYn3oUC2jn>iSE>GK
zFV{Jh*VvLYJ*rqFHPS#TrM?hnw^%&A|EIE0plZLE0*aQOdbi*E{HpK+i+nr|P3Swe
zTz|Oj8W9<tRHz5IdJaUSpeI{dZsHM!-1(#N$Fr3YKuzDOY&H)DO&Ygc(d3AB2&4{~
zSC463BKD%rfvjT_7uF<3f>4mNGaJ1m&4myBaj&^^7=tk0{^&`F96@-~|HA`^(&MAt
z$9Wc2c<~m(FF;|SR`fM0fhZI1!f6j`I5~emGA@pkm80<-1`}duJ?b{Aqw!@ZUNr0I
z={{~hz_w#4pc}?I_#0FgVdCP#e&}~yuC&Ye&1pWzly<0N*1{hidAJ#kLdx{1Mhh9r
zS{Qj)rUy2iHpo!HbD=eY?=rd!m~o6Ux9Md+?*H|>ok7WvZlvvUDW^~NLFZ9zG(lC!
z_m9Ly-2P>@MkK&H=C3W~%Gr^p7iTC{$^OR*m`<Vhev&8<d5t2Z91Z))9p)4E4SUY(
z`G=K?>&72Rj~`s{*BTXSMh!XQO+PFwx+aS<CQ!b=IG?mL*HlkGZDVQeTsiXm3FjEk
zp1_jx%P}+{AWryPfbwTOxpczrReYMD>^J61Hq9<qE5^Jx)k0~nkH!2kh4<n)aU@~~
zJYc2nMj%Z%WQT1w+q(9n#4C0@e^82Q;fGGZhe*T%c&pDX7<b53HgxDVy0%#PdvcFq
zR||U`a;NPMs*Amr`dz1oYDjLeO2}N<!fS^azRz#d#WJC8$8LBduyf9)8WdT49un&$
zZ;|SfvA}Z^Ate->u0a_}+~K+o^(l(fHo%IMkFu))H?=>|KEU4++trlWBGW}LY4j0Q
zuCuSP^%N!gC;T^GxKrbVb3}pY9hT(k`Rr>#3Vc>YQY#1Vw3r!(+d>d4VFd_|@=Spl
zr1t0`aI}Zsq4$>!4VuXj-__OP?kNB4Ei5eiRzM@zET&WCnpn@>p(=A|^|k;|dwZ2#
z(_<Aic{l!<q_^zoN-FF)dU>Jq%eQ!X&6M~hGP7}Q%~?dUDO0uI|7Uz2>HRcS)5?!E
z+1L1y2D5)@aPVaRP8$CPdAi28%=hR99oaurhOzQg|3Wvuzpz50%1`m#SwQKiW4A2j
zp-HxCQO%nfcz_;~d<?L7uhoGC)q5p^AWo5~_47J=;%zZEK3xaM*Q+IL;cD{JO2&q1
zZ|WM^35-FyCB;@Vp+M6{$(sBqWc+eTJB7kY{CG(_iozA`l>Wq2Af{;i!*IMFH3w-<
zD;*^goBBwI#ZXCyCfPj&LDZ$!J}R0S*hSLBFTWh?7WptFn<UIX&hohS0S&4iInI}F
zm{ORrZ0}j=MrC-bB&^N)s)YPDC&`E+5~r2_I1k91O=0c%H2sWcg~oeHSa^E?{01g7
zza2xgA6xn`S}`NuNMdbFR!5T(Sxu7~T%8IZ0^s>U2o3+d_=DhO2RVTwFhEOv`YbK3
z01|nG#|EiC!1F+Ia<YNq9^j2I*hyJPRsZgrX=ZQg@WmRQgO}rP2o{Kx0D<Cvh;xJD
zBxU2}1hqcG)5_?Ra<Gu<l5+8Il5(?fkaBad{`2AD;3nndWh3S0<RN``;dysq<K-ab
z<m4jdW@Gz@;$`9f*PWZ2l#7cS#QX%01+7oY#YU<Nl752!_`Vmr+Y`Jy?0+>2)LIBn
z2uaGy3bOft@C3oh3qpB;zW|l+BOrm0Ug1qZzhB`A;J8?XNCj9}xOqWUd<ZO{^jCN!
zDmLSPY#i)D@b47+zaAXC|00fmIa81m5&{Nj9|-{&^y?KKnTqw_AohQQ*i8O)<NPP+
zJ@)TOxY$7EZ}4OwBR&Ka?0@UwGX1w!o_`!TSwXCP2pFR5oc~6f{Y(BE&B^u;;xzk*
z<L3UiX48Lb=K2S*a{YtY%t6BZ2+S#h2!wR(-2a$3S^jnZ_gXmry%v-Iw1MlrX}q9w
zb_89}*EM)#kS{m_{QuL|m%v9=UH^X)*5oBK!2~f0NZ1!cn76+N2nd8tL|IgnMZ%H^
zVt^oOMaj@o9X3T2If{ZX1W>Uq)q2&sq99fU6<d*t=+A1af?BKoYu*0e`)0DdbIs@T
zTIbAN&pr2??^)hJA4Kpkd$c_Ku31|D(=2)BWixXJPF;NAq6Kpo&znyl+FD^N%Xj73
zf1YL0SKsH3r{A>K%EZgr+VxrV=?}Sm#O1BE_gdZlre?@*#?qK9?ZUQ|7mmAd>}WbO
zSL;MZj&@g;O*6B#@fo@Ry()_;TWh^UgQoRvMWfqmMyOM9RO?Us+G|tVo;&%{^CwNF
zyQA7eWDaZ7fsW^BgBz(^3$%N&K%Xw?pmm{{9kljT+d(UY?3h;Bbg`;~HZzM7n%1ke
zZu=h9w${GS_I1&^NSmCMqt6NWXL>ZLqjomk-BIfzUhb$R@r{}OCPw2rX|MEh^x&hL
zJ~JcDXft!X>GQ<JsX9YDx0jhY(Db2MM*4)RgA+2+^I0DK=?v{zdL^Qnjr(|@SQ|nk
zqT1B9BSwtAVA6T?W=uPsrj=-ebL=w9^~)UBrn(%hgoehj(IX{VPx|8f+zvFO0L*C7
zM_g8_y_7{KPSg5`@m;j1Tjdz(6<H2F(hgF+ccj*tPVb~eX;?Qczmt&`IcrW!Au~;y
z+f9qp(Qeu{T2_psX)y!6)Lkp5Pm8rFZKhOCo;rcX_Rt=n>Dk(8lvAn=N)tt8Pwl}h
z>e)r>EsA?<SGA_Ax@%^p!-4+T>{s1!wqwt`xbor&H2o~?L3%9*Bed<Q4Qis6YjXx0
zjtza``#w~MYeOGo{#$nq9B}4?VVZvP2g@*n4>X`Pr0?rqSb{x3%g-7glbkSI!;^b;
z=E!S2&ok%En_Cs^-p9QQDD&sd(}TnH4JijfoB8wg>iMzY9F6K2t*_8(XhVN+CbNa|
zfsmlAv$U!7%s}l$noyv1pwe<}ka#tw<z!L80Eqhcx;8bNzNx@XNm$zXbooHAV8Z0{
zMo$_^YlmpvXsoT>P5&)H*Nrjop~Y9?B1hYlMQ`gEChBP;TGIpz($m~xJiTsV^1f%|
zEWYi55x%uCdDo%Zhq$FKgrU!HZAlhYpNWItcaG-f=xHf7=8=B7Rz&SbXl_qPL7>Y5
z2F2{O;&Rh^PEX6ZNs~ru-E*w;caBXP%e12QY29R-bWT^TuvhqkG%CpSjj+>GxE?)%
zrc_j<b<Q!;dd#xqJuK{{r*9i1Q>tjAI#`o6H~7?aq3E1;SoOa~Xp1SoKW=@bo7R?I
z9;x-ufdUM)zC)*v(pKeI87*2xn?`A$(&QoF{zH}8Q2Of-%}k_~V43ARfx#O%YQ(tn
z#$Qxs$71QvX+4I|fpW|pm{vyk?4`d?--|L^H`1Sj8!-u=GvlSDqs%rk<Bh!FywRgZ
z;&Xbu(t+s{1R*ovn33mHR-%Dv&|lBide8@l`gNyRG;e#hX^S0Ww86dU&C%=Q^iaFJ
zd1B8ZZJb8eSAvl(+PUK8<ywOeoB2Z7rc6usPulAm{bjWF5Am-Tw96{#@3q=%qOg4)
z{@J*HU#op2PDJy*x{$7TOnX&qsm}A;QkxgRs5Z5E4Rq`UEh0p1-pbiDwq0IaY&(>9
zxE1{v$usDlxAGdYY%%Ic-uLtA@cg_u{X8pHDxUN6_qC$8uE;a#v9t4c(!I5LQBgfK
z|Mu_5Ih0o;=Gu`DbLfh<@@%?xSY$`G<tIB2kBH90qenZ@5I_HNF>6}X&Y|C(oo~?o
zs%QgE8=4;x*UX7lT~9w+k+>LkBKk}_svH(EsN$dazI1pbB0l(MbpPk{?Zwf!$a}ls
zi}rL|RaB?5ju-5v1#_a2<cZ@2csk%YO`JGhxN069eLq?)4vr|gp$q-+Nz|m3vx|0S
z+itQ~Rgvgb)p6hD)NrJrMx6gz$0Ztl|6YMX-?Zw~lP)-3P)*kz?N~x@9509_8;*7q
z4M$Hu)}N|I6vf5Itvap9qlvSNbh@pe)9x%iIjBP?JZFeO9g43!lm7K;$7)d+E4EAN
z`FA?%bnUstyJ_>$j*;Ym3B_W-gcAFCO0?>Ph2@nlDWN$9opf4Wb!|Rf-KX>p@;h__
zr}~!O@jd-vU~#o5>E8M092#?Ou|en7SLV~fySj7=7Pxud=r(k$zOsnAOeii${#4#s
z{8Zj$>>{elD~;pJ&H_zG<&xW{)S#ieyX>O;zNOLR*SoujuXmsM>?ibSx6X0V>E^Ci
zl~8ecXM>)-w`&7^S>8D!mfY8M_y!t%R~LNmmu+i9`MbO5^vcF=8P+TrR#uv2Cf5%u
z6YGa{J2;6Rxv6V4f!anqx3OD^M(gkGYLK?I8-yqM@YZhP;jP_28cPp*WpVMpPrA>@
zr^kktnY8Ac?mKDiu(GHa{B8G}f1xQGyVVH&+a8<q=;+<uO!{9|&z<z()^1VpKz7eh
zKcibe>0Tp#I@R<3c69MK-2>^&qfch^PV<94+gDLcXMNkfAi3_lo?_j1z22QqfBB|I
zMrP5jG(rcndKxtTV4oi8Gk$tu?^4>9-7}K>cwukx@xne|PN&VMdd9`zgMH>kXwSE3
z{l?$=G|-CgdPc<W-s$t_sWfj!@3?3v?;C5id0}sp+Qs_rq`xif9TiW;`d;6Uj=bEb
zMr^&b?|0d>^>2Ml8nmxpX0r2V^)1Qv{N%z}eZ|6A{ie;OA?1B*=z>{&TZ@7F`rVU9
ze;wG@q_bYNG|D^N?+)4<>l+b&JlyYtpUJrtEx&r(E|K4KqLnYMvBYJE`=6=NrkQ=A
z@Q(Fwpv!0VjU=o7-d|Mx{j3So>7^I?#YK@@{&OB3I@Hggb{7xGEadf3<)t{7Pe+xD
zPe%>7w*%dJsDE7i_o4xl^XR%`{T*64cfj^mw(ll;%o`wj%&XXQKJ9hN7gDibRxBny
zR&gSq3PzP%Qa$8R?Y@f5^vS65f@I-~6{7IPfxo+pHe57dfq<&GGM^^Q9bi(!6|tST
zCu3`4cyuwg*66W>UVF5nhK8Srme502#4>yG-Z%cD(ZGEb23emO4Oymm_cNoHAet46
zi}@+@t9Dd(Ma-b&{bmD=sf|UF{$5k~d#%$7Y2k4rF8=teRhdUwpBa{9WQyMT%!nr6
zd({%}y=w1mPe1K27YOjNJcp*<4;Xa*`}R)izt@Z=vrgD}9FcXx{bo6hf7YrIGcWb_
z<k5fsVj1Mby#_k;sudCcihE~VOsn6v<Me#oYb_Q&=bh7ry1Wm7`2I^CR-9b5-xI6$
z`|GZv?=JD;;;O-e7DuRc+%xF(@q?gl<6b0raQq-~aQxsS#hah=;<SDIpw^=8{K0?D
zrM)kCCVjJba6`84CbujZEVe8e@<9#d4<1w_{_ou(IYso*xIreJ`Nfc(^yK(K(c~Ln
z48e1@c;kzqBO<hA-ryRs{HLMQBD8PuV4Yg!4ckq3E*Tt6K9M&}Jdrp2-%IGacZXDq
zX#MaX&!Cg1hUheehVRC*KceB{BRc2!&s6x+&}z|}Mx0ShZ)wAHTKw>cU36dGu!!jX
z$cV3hr2AG3uNKQ69QjKw<<fA2_C7hXA=_}1lb#wWCOtLk%g5-s%_HJs&*I9Z5jy+f
z5hhKjuiTk!_~PI7mG}OG3LhL<Lw~rdOR4BQZ}h+%TK?onovyDPy_+t0YGfoCTQnNa
z7(8R~jKeb?&$)Oeh}fd@=I*C+?$`oFVorp!Qc_>3lU+Y?H+@xK8A*OxKM~LQcrFm1
z)=!GRPFv=VuBPYfC$<rPo-p~2o^)>QXq|pvH+eU1z*$Qt<C!APS~|6U5Zz`@1YiCz
z_2W`%RX@?7-mgsE1qC}XnmqQ(RB`N;3xD~P&Yv(jE`~pL(X0}hTsPUIHxFIZK>e0Z
zE=b;R_#$z`;fp(dO7}i6wMJw=Ic;_^eS2`KPABUYL@4p)^gvC;sq2wxCG^@WQzOYS
zN2cMq1ka^n%#rDTDy3tOUQ|tMz1l7U?c-hOo<n%`V9o6_1HBuko%u6L=<354MU$`P
z&k(QW&m5DayPlX97t3#-S>2K5yfw|BJ*lcp>#cidmXLpBS~PiJ?@T<i@LVPi?47;v
zJNog9>2YyKs_N<P^l{z{lal+Z8tCc#83oC~2dc#219SfGOFHfLnKj~u$LBuUkxtw{
z)1-y3&26B^_s%Rxc71&=o_ToYi>|L%|M@P8rK)Pghz0R+Wpv^GDubR`6W>MU2dbjU
zy0vjpx3*^RVLJ2ixp7f=>4JMZk^kCUlfI~1&_D&R&y6N`EM0)-ay$#gj-^+u+E0J4
ziPwnrUTs4UTDK-{(0zVgW>=?X)Ry4r+Rv=Tvk1>((SGKVv)-czE?E#4Tl~6Z-RP;h
z1qKbDUKiN<kEhp(kEbvF!lWKvZCnhxW$Bp_8aSiYq;=btHc;D{wbA6zdzOl!_gv|{
zMTTEjBi^rDmVG)!r`PG!Vf8X;;h$K&49`_~uEukXcw+T$3Lm1kH!Q6dx_9jv{pgZy
zO9Lyui(>aIjfeqruATciT~oKLnqa^?Q?lyXjE0*zarp*~K1eRpsmrCycad1VERuZV
z(&gffORu}Pl3sPMtrqWZzwVKI8e4U(O)ouo-3~f)&b86xvWKn{%O1LZ%=xt8yychE
z_CtBaV(2f|pB|ylFIjHTjrl8fWjlUyKxBm&5UKxV7G1Oby12Nlwth<oy5+&^47w~)
z-$2z5T^A7@R@VPDPEY@QeO#RPullQ7(S`XdjN5NqnXwP`C+kb8JhCE^+;g&C>^YfO
zP)Gx6>*IgAX61%F8jz?r$je_Tf#LD|mGwvHlYiF7#l8<$ew0i5KF62uoLsq!?l@T=
zO|Cn&63=h({0`45vF_CGJG8$&x-u?WefRs^)2L1UN`r>AzhM{sJ%431`JeVTi2t;|
zarqv)^h30H`{5f0718dKD|H&S|3(<$Q!69MQ>#{sQ>)heFqF1_`}=A!@x?W5b1A?5
z4F;`^uHFfQQBkluaRn`U_(p)R6|4VWn`C7FjUuu?dHs00@%1$gR9>(;D*QuhQcutW
z*RPIK!J##6#F*sT_ghoWs?{b<TfcS(y}t^L+TXM``&IhqzBM&s>9lp!jxKzCjZTAR
zuiHgu9a<9+r)IDF$H(;EjccogJ7)a}je4(NtJ9b%>vz-t)~}5uf0(jf{4nLFrMaX{
zTURZP%)04hgmPxDGpOUXn=`y#zUZb>Ix%})B)N0ZO=9Pwn}4j3=D0?*+jg^)M@3WC
zo3!Nqn|IRZQ`Q$Gd+fbg^w_)M^;xuV)=f2HTJ9}-qV!DdO%@IMeq(0Dr%P@rZsquX
z@@UB|;%Ldn&yLg9tv4?aXMMl%{CpaA|IG$H(Dv4bEL}`$ck6qf(bqY*#KoqsZ@oK0
zStYla<aOKBJ&le&&$_LY-YK~yk}S%;O%!Es`oo#@(tkJBh<@ERRYque+go+IXW%BN
z?RK|Dl2c-v@Z64PGakZohnNz(v%HoDe0^)R_;~A`!}`*|tlJE_=)j#RYLk6iRJ42f
zPXA4M9&U`-bH|ok1a}5*GU%i2TXto~{N&mlTkzZ^*6z6byjfJg_0IU8hHf2JNWBi+
zsndgnTX)g-2kr#qDcUNkinblNoX%NX85cJvwr$9zKW^Wm)5NvgcF~$0TcXMAb=ySt
zx_chEjgJ0uceN<)x_wGMtti}T(6;jJQj$jw*#7-+>XX<O$02NgCYw61-Dc6Iy6q`x
zh`puTg|~D^_DcHWncEkLonP-bm_rN8x0|%>#~o<lixEHV*fNy{FWO!sUAOt-zR4-0
zowUKH(eMXS)Wg*)V!mV9ZkcKO6|Uh}x+!CEljmQ#_^PFI=U-Xo(jyP2CXxU3jtI?o
zE;T;eHR#QoQq^>LZE80y{BcJ<y|*%Tu@bs<4Va-@Q{~x)PXB%;RnZ(oee;skqeaaV
zyOvSmAS&y|#2uHW%Ce~JveZ9l){N9VxRNi<NG-zu88cH)MVq_mo?8*49aX80qF`1k
zicni!>N{#ZJLs}tcF^VM?9@{&W^r7rBIcNG%n-Y)QrBi<(6V_!!wvI74H5aNh`A6{
zTg;rF>Y7Cl--G4U#Z&Xq<(+uYWpqubi|e=*PRw)+LliBLU4rGDu`pQ9iiJU!lM7Q%
z6*lj{@@;V2a$@4iD^d&OYI-aV+TFT1G_(;jDog|atBcu7<j}XQN*$o9mIgx~TN-p3
zcV(!Hjh&jhsT-E)v@BI4$6k4L(D2KvLk*1>P8?BI#}dz6lNu)*wp$)Fyn1=4q2u`#
zzGcL4LZhyeC)D-H)JrsGMZl6jtO&Yvt`BvwUAMy3ZCCfiXZ1}iIlMAhxAohg%g*11
zx>zy0!iYKehqFZ8@8m2Husw9~?^AQJF#Kk>l!N{^gu0lzQ(>E)X&U0cH^^DW9!lL!
zd8>nkEnOXS`EYgWse)$4V}=SlMs>HO3dOT)QXMjzS+*|db8KDEXWaVGGzha)m}X43
zOwsA4CJ8-qbFdk2L(pZ<hENv+BH<f`A9KW2x1@Rd+^s>wirYehU|TxY<GY^t;kHz_
zVAH!dZw^MDzd7je_GUJ+S>fPBJX55oX)(z=gDxlU47yC;66(@IKKtF()aA>&gDz9I
z23=m<8tQ_`QH5<89z=TMw#;GdqD|WaF8yzN&}G36##!hRht9bVoE@D?T_WXadqdDN
zx+^reVZ|yu%k&IW9N(1@j&CWoCm6i_y+N02?hSW|L7qGv!YV57OAGabdxM5u9tbtG
zOuNE%JaAro{y_Sk&wnUr`1V7ghAo(qdRXodLcO1M|1n^S_Gr*$`J<sOy6<7^m}eVe
z>|=7>OHM#SXFeWu+4p$RMHitiriJC0x`osFMWp3m+*3irC!Pv%&%s4UAhT{CxOe-X
zGje%=&U+>h|3{t)`jkBz8eE5v>5xm`6JI==IoFTqt>*(idM^ZB_Ph}4Vww(=g9r5{
zuG*K8%a?+N75hUCp^>2+Vphx)Kkk=fkHgj4d@$JR{DVP{w-1JU_)Z1Zf*7Mny^<dK
z<f}o$>92(w>ShJ9B05xYzt@{M|M8(<?D2<#E>9i~b+Kb+h2?n`#4-6sW;I)>_N{<9
zZ@v|D8Ga<x1?srMF-;^fMC9$p4bXr78q6~7Z$X!r{}$?E>3W5wBPbgax4$F1Km+Zf
z3*HU*`S`m*mtMz0T^!qj@iOGX{&Or<CS|_pcxq8eW5%#Ck@=gY^Q&`XWgd*@oPVT@
zgkBbte`Slxa)bYf#XMvv!!+G=RhnzKi0R6|roOuCnzlmok%<bob8Hux&489@>Ws9f
z<MW1&A5&;Zt*SKL=ZkS%Xk$K}Yq<za%fHOL38V*IM^^`Q9dNEiL)p%kQSUI#gPl-l
z2A~UXXFB1DF&?gOETJ@XJY^@Ihx85~P^N?!&DR~Jua7&gw6h#HLrXNCyW=~CvJ+&4
zlvVq_(b&1MuZtYBN;70gU;Z^6u^Th_<`S^w_OA?x(^EP_>nb$AX(vsK(RH13!PO0<
z&e&pf6G?cSe`tj|thmz9@i-R%Cro95P=CrK1~e`o&j2WDq$M)f4iF4UPPQ0;U}a*%
zQ*MN7_%1&>7jy7)cTL0Ri%Gbqr3e>pvAP)3Rpi4pJw>Xas#W$|x~(k6G9ekUfd9<`
zVp-~{Eg*8v84K`Pp+To{8uC^OXKX`nrX|u^&&9E;ooysi*^$_eq8Cus5mVdw7T1I>
z47MVe3EVn`HI8X34IL!;`C=SdS;7_wEv3ke<EwJy#(cSG$^T~d!&Ooyk%!DD0lSn%
zyQ<=HUC&Us;D&@Xeg6QcbS|0bi_|yUod?UP&}`Jz@OExYS+wWb%6LBJSI*AYRb}Cu
zs=)b{%6{MWl?D2$RdjvN3)*4+CiZ)=m~u`Y94;;k5I2|a#EStWGcI`0t$Z;aKx4}z
z4)_lQq_7_+;&Qfnx@jr{N=V5k)*X|x-_v0}m3Dr@;)3MC8{|?A^lvK@1H3Df7{9^=
zctGlSUgp;IXu*CcB!z{5s6K5xl`70~Y1gS#&x8XFz_;-$$i+wX03QtS!Dz{QDYL*g
zithGd!IZwRV9I^<VZu01rF+cJ1A?kt5$GpHQTP^21lyc%c`em%`o8+e|0@k`)WPx2
zt_uEuw@rQ?J|aI{4t(F^*GrFC3801WBp@36&Vi;F63`F}Q2M$YQ~*7g+{A(wR5%3s
zvhlv+kaT`uK{Giz)pgV0R|zyLtpJ+uzb>N`e1WLilBE;!FPK;IU)KTF*cs!tB3{v=
zp=<|3$IlZqlVfx#S{}RWpgCOCg62W~`6Rx{jk^v>Kp;;py6JjhB|1KFn#oNp+Syzd
zblAg;yd_!;h?)_;7zsYOe86*zDea)#R2q~rTcBlIVVnp4>i{HNy}?&g^a5y#M+3{^
zC`W>QC`V$u0R3z+z!~5_C;GM`!N^Q=V<4;lIHuDbs79t%LGu+ka-an>$JyksLB%6Z
z#ukIHCO7zK=PTC}!QB9Tw3H8M01mx%;9sWT5;5Je6@&?z&LI<MM&qiRt}NV&M$fYa
z%~oW=aXne_B>$S)xv-Kt^Ve|e6#S+`iE{f4nx*If7vUk!et=0&nHUhP@#Zx8YjCv@
z=;bSPfxa0HAVAqMTnObFd#1tNZ}>PC%9cZ1NPq|t2@`b>@fnq-_*{@8@Spc}ftff>
zu8`4usnD3e2Cv`Hxe)q6X=G^Cy00r<D<m+63T)O6+J`R&UR|?bX8bj{dKP#5L4$+K
z2lO58bLsHhIW98*{W$6Y4UTnqJOlEN5g8Fo;I0oqfXy`_XmGZ9UkkYwh34}kM$8=n
zP3EtG=rpq??a2bY;hOLPedU%&YrtJ3&<yS_gNE>Z(|Bor4Md+KRv5OJvT9fpu5Pgs
zILu802L2ytzS<5B1CxG3PXO38uO{8uFu+$fAOI`Za0UV*Jb+{vxM9rbNUYlua!CmV
zE$yI6``@UMK(smJ0?ku6V|chHe1SeN4Wl88p==JSza@4I@SkDYU?T5qt6VU#KrRa~
z2i%hdl1E~RjfeanH&}+HClpw1Shj+KL35g8EE&NB2IdX}IBhDz3RA+pTeO3FD;J3U
zH?iMFl`Iz|yg<TLFiy$hIvq5Gkl2o~X0CjI!omhi^51YW&Ol39aNvhA!-00{B#3o#
z#br2f`}szI4U{86yaDk#wra<5xQA*Wv>Ap?a?zfm`%#K+%0giI*ThvI2p$hKT&vN?
zZ^nNhB5=z)gI!Do8?NfI8LsQ{unTCg9DF>OjSvm|H(dBc{Jy&YIb4E0C_;Y4Ji}A8
zo@d4st%tyxA`2dpZP<U9U9dT7XIF_<7>GA;SPdFb2^$Y@A}K}(PHLlJ>)v!uK5#l0
z8gR>t(K$b+3KM+e(61b!89p?IGK8rz5*ANkF5G6$TqK~(Ml9TfQ$e)xl2wRlCW7`{
z6N9Fx0{DT7lMEWpnvduE4A&%Lri6=pVi-6c$Ur+;>JVNabaPtYG+zv~Q?f9iAy~ls
zVnC1KRBR3KL}>`1s?dVcf4Q2*lSW^~X8{dYNa+ii$j};bDzg8I!2}HkoOg!f%v6D_
z9N^{yGzD^irg(D+5CQu5Bse_=b`U2wxDzB}=cckiY0Q-I6n_VOJ%H=LPPSknES$oA
zOIObrVGBiOELDIJc;KjB=60L8n!%|c`W%~>x~)n-E(wPcXr}~GK>HQJv|WWW37E1*
zozW~vPK^5<fE)%lgrJ$f(k^%hB`laIKTu=_0dR1-J8Ov07C$?h)OKfK0?3&wb5nOM
zo;CnYi5`KbU}w-mcu6h;5DJ=!Pwxe%AIM2FgW!cJV&W-I7zR`#|DY-PF=)eInHW*S
zW?rQ6G#UZ~@D(DIsBqT@Zc*B~95rG*pW9ax{tU;{Cj1#y6-eKOPYf->O$7#2k};sc
z;bjYiOTyC{G8h$TahmXRDw^OX8DAr6#D~$9L=@V|H+bbCH{W&0v%(J)PN`dx4THXP
z?B`VXgtBbpKRB<Y3&9l_ihGn>fD|LQw(x{Zl{IFQ8{2F#4PYoPg>Z3rC;$U0p(4OJ
z#WMg62};f+grpm7MLKf}iwW4S7%AjMxif@ziqj;~g(8_ik{pJjo#HKkhO|KuUm+yj
zxqSyzgu)9TV?{WCwYhbGrBbIy9#1(`h_S*SgoZNhW;Lk?L}+-#LK-igmj#WXR_GwW
zWyPcc8pmwfn1wxt&q6j=z%W!3Y8E(`kl|DIgK`CKJrSx^dFC~Rt6B)32e+F~0#l+e
z2yt=c=J_bWQ~JWPDKs^#D0Abg)WcQfnn<EdzCaTpX1+jxdS1hT3y7*hwixtueGb=v
zQxqHk%*By8(s3x=<O3or#JK=<z%zH~+w221!8Mo>9;ZYZ4T7$G62#rOEXY`kGBNJ7
z+D=I=Brpm5G-VQB?TpnZtVS^zmjz@w6un`ZaQpZiP+~^e;IIle0nL=fSidrfWqB@T
zwZR4A0*@F@6By2vrl6_<P>#)y+`MvsT?7|-J9yMQJAq^eV({tlnl2Ec)Tp)yPXZO;
za}5j?0SAt?Ly;gCCmFcr8VmVsUP(f^k)3BG;I#4);kvQw=c1a7dtZoftE)CWWI_0N
zp2tCnYr^da+5t>8>Pk!z<GKJe!(svo8jg@nf+7QMJ&{mBDxS9kW^TDa3Fe??fkAjf
z6Sd8prlN2u9z3`!LmwRZxG2|FxN5n2f~OM@B2lt^ps8#{a-va^nmLHL1iSWdKrJ3$
z0nN>%D4T;bsOFCGS~Sq`BMzJkz%KkqWPXQTC)bAN<XlBiE{vAJf7eFBUTKKfFh4tR
z+T((0Tj<Xg2xP$H<1P}E%8?*_rE?_!<brxpHX!8J<+9+}sDll+Ly?D4c7`GkCnRu?
zHxIsVqrq%a0;n@kQcE7LHupjRRB=Dq#3;aMgdUBufItz{O1K?rinwY|z-l2@6dn*E
z50JxG3^Zu2@QxAkuz8LQG$hHwM~6rTLRoA)8D%h?uoaa~JYTiUB=f6?xEQogSkgg5
zyfQ3DaFI>UL7C5Oj!k8(C=&5D-r5MU3lV+XCbkot9FSJH9fFHISPwS=B(^{gNP;OY
zBqyYI9zG}3L3`L>Xc8zW3Gf&Vz9KUS1_CSGZvhR<32zSJ9OPPAat=f!&cd=_ATEjA
zZ+PMW6tMwK1g;t8fCqxCLzr7o=g^K#$CM6wfCvr8b_|1MHAhE+i~u|Vz#_I7ygFks
z-4D+g0rD{Wu?r8Oknl#F1dfg=5cqH?m<=C^;W#mu71beQjCTscS`ReaY~EdZ(YT$^
z)!~U{f|4ia5dBihLP2w27sH)>gqj&Df^kPcGu#d^6{`+U44MyCH;oqr6M!JW*f9HL
zaDtZ~pdubL)(*geN9gd=Hh>Ue_Ct9nrD(t@39ztvH8ME|B7$dOp+Rr~CYlXsBV)vZ
zSO`wTHnDbyI-{zwX~)4FvV=Ck2Gag#RHi9wXxVkbAt5Tp2E@V1I%M>0?h7g6l_Q9X
zLw$tX;VAJ&Rtq7N^Gn>r^)h^NMcqn29eMlE#EADGvJ^fN(2(&D-x6Ff6#ay`03B*4
zc<ln5{1`702F>IWESb-PCZM58A<QknV&D`uv4cC3Hs#oVhW*eK;6!-U$m^l#E!-Iv
zA414!sBs92?V67SdKK2Q1*`E@kirYe4Ccq8A#rR#q-abA&5*`KAzWBkZ7>>+N9af#
z`Qi&RPN2zB(QrGN{zGv9BSN-Vp`LuNl1FA8U>w}|a9^3-WYz!34nwhqxqxu1(HJdl
z!ha|QMjVa}C~q;dVh)fy58a~%4(cMz1xTt4EQJ;*>k$BhThfr6v@DB5Xq*QWJ?o4d
zBjU0xJ4;-ERAyNE;gcfS9oB@hUWLaLpa)?+*~>IA?no+yWdSr4^Mn<WEVacsg%;x>
zs)JWV!ZfIUgghAyvHV7i*@*uD++!XyM4%xJ9p0UMU(sM;J<t&733Eo4_n_=8JTb5`
zT83x|Sro%zHE6hXVHUz;0NM!42W)|K3_}CT7p<CWpVDqLXf6zBxE<<M0B^(i&qK<Q
zR|k1`rHa?bf`$tp-iePJ%X8<T;WWcn7HAi4d1K!U{sU1$#n1{74u`;o*$*0kahMB;
zYC#cl8U%!yZ3IAJ0$IC+)Q(J7BQYrra(FRFuV9)m4Spt2G^gPg;KH&1IEhGSSQbD7
zP+>3A$d|bt20THN^~B*xPy~RITTX-X6Iu*z16-Z3#sm$oH#Ntc0{n-xE2;*=9*m^H
zs5YKcAV{*z7v@Q!`7BZf7XqL)97B{epokC$;j6&^VHF`DqE;geKtKyJ-z|3x8sduK
zD=Q5?-j56k9B4=|hV=qyShAEOY5y}8P!cgOTcK3o;hc2P4zq+8gLZ(0oaV5?eAyQ_
zqFELs{tJjr8Yyj#16sI_IcUdKuxuxlKcCoTNGfROg+Z&NC6M}K=LuZF?15~Eq6vjF
zxW;N<KYV3nU%X7s1QRqAxnj|h|IIrF5KveMuJZGQ4GZH$OoFg{ID#I~+;HGCpoNOP
zFux?qYIVj!V3#m>4B9bQETGBXn3Q7Fyb%WqlgkI7Xt;Dh_B9f$ayuYGmXrZma9g%R
z2sfl?0vd}41T;Gwwh3rn8mM6ZP3#Az35VQdLk`0N8cVMRG=${&qIprCYzL&*Ed9AS
z|A1(Q-Q$3U7s2^}I43UY;2~EkD6eApPmU+~rHtp#QH2KKU`62YBA+rb0#(W}0huX_
zrX5`o>;}FITXeZ5pjTxopb%wP0B&Vi`6~i^KPV>R7Y!bPJpD*mKIxpYorPy3g2t@_
ze#yfK<7BK8S3eASB#ky=hy)xy<!-~_Q#gpci6UDlQVpXfIV@h(;9JG}CW>sy*Y0p4
zVfBsheAwZT1Ikzg;}f7%7_`cE62$R#sITEd4KUxr%4XEJjK%YVMEF}}B;06zWr4rd
ziQ#A}6Ql5w%b=UEk%;B1Mp#eTF}y`CE%N0`WfEvEr7!HKvN`Bmd5uHr+lA~Xli=XF
zNTLKJ97B@qm#>rZjle}{sVk(aK(SoQU};)?<Gn`?O3=_!cZYkV>;zt%G6^sAl@p^N
zLXi(Yfe1ZcwTuoaG!|vSfN*J)8-Z-GqCe!@2z(CclC&~uslMS8DcVFv+_-!oN~mZP
z08~Yr$gmkdI{1_!t_JEGa6u88Ujd%bcFYBrTtKXfvlXF)up=C_gJd$UB4^HOYh^==
z<>&$$JQLm-c}QhqxJe4Dp;EZaK*?tWv(bH*lR$tKRwJRROaf*pJ3%RgG6|q8zY!>t
z3j^MSoEREYnFKgd*$MQmGBG?XWnx6@_>Dj$G8{LM^TM4<C=(+{qfCrt^BW;=BG(lN
xc&Zb_LMcaw_qQ^fi8O&1xTK~{#r<}6mOpak_S@Mn&x87Ka(nfvJb!fV{|85`aMAz(

diff --git a/backend/dataall/api/Objects/Dataset/resolvers.py b/backend/dataall/api/Objects/Dataset/resolvers.py
index 93a89d1e1..606f5396d 100644
--- a/backend/dataall/api/Objects/Dataset/resolvers.py
+++ b/backend/dataall/api/Objects/Dataset/resolvers.py
@@ -14,6 +14,7 @@
 from ....aws.handlers.service_handlers import Worker
 from ....aws.handlers.sts import SessionHelper
 from ....aws.handlers.sns import Sns
+from ....aws.handlers.quicksight import Quicksight
 from ....db import paginate, exceptions, permissions, models
 from ....db.api import Dataset, Environment, ShareObject, ResourcePolicy
 from ....db.api.organization import Organization
@@ -22,8 +23,20 @@
 log = logging.getLogger(__name__)
 
 
+def check_dataset_account(environment):
+    if environment.dashboardsEnabled:
+        quicksight_subscription = Quicksight.check_quicksight_enterprise_subscription(AwsAccountId=environment.AwsAccountId)
+        if quicksight_subscription:
+            group = Quicksight.create_quicksight_group(AwsAccountId=environment.AwsAccountId)
+            return True if group else False
+    return True
+
+
 def create_dataset(context: Context, source, input=None):
     with context.engine.scoped_session() as session:
+        environment = Environment.get_environment_by_uri(session, input.get('environmentUri'))
+        check_dataset_account(environment=environment)
+
         dataset = Dataset.create_dataset(
             session=session,
             username=context.username,
@@ -56,6 +69,9 @@ def import_dataset(context: Context, source, input=None):
         raise exceptions.RequiredParameter('group')
 
     with context.engine.scoped_session() as session:
+        environment = Environment.get_environment_by_uri(session, input.get('environmentUri'))
+        check_dataset_account(environment=environment)
+
         dataset = Dataset.create_dataset(
             session=session,
             username=context.username,
@@ -212,6 +228,9 @@ def get_dataset_stewards_group(context, source: models.Dataset, **kwargs):
 
 def update_dataset(context, source, datasetUri: str = None, input: dict = None):
     with context.engine.scoped_session() as session:
+        dataset = Dataset.get_dataset_by_uri(session, datasetUri)
+        environment = Environment.get_environment_by_uri(session, dataset.environmentUri)
+        check_dataset_account(environment=environment)
         updated_dataset = Dataset.update_dataset(
             session=session,
             username=context.username,
diff --git a/backend/dataall/api/Objects/Environment/resolvers.py b/backend/dataall/api/Objects/Environment/resolvers.py
index 49cf72797..6df801118 100644
--- a/backend/dataall/api/Objects/Environment/resolvers.py
+++ b/backend/dataall/api/Objects/Environment/resolvers.py
@@ -14,6 +14,7 @@
 from ....aws.handlers.quicksight import Quicksight
 from ....aws.handlers.cloudformation import CloudFormation
 from ....aws.handlers.iam import IAM
+from ....aws.handlers.parameter_store import ParameterStoreManager
 from ....db import exceptions, permissions
 from ....db.api import Environment, ResourcePolicy, Stack
 from ....utils.naming_convention import (
@@ -30,16 +31,39 @@ def get_trust_account(context: Context, source, **kwargs):
     return current_account
 
 
-def check_environment(context: Context, source, input=None):
+def get_pivot_role_as_part_of_environment(context: Context, source, **kwargs):
+    ssm_param = ParameterStoreManager.get_parameter_value(region=os.getenv('AWS_REGION', 'eu-west-1'), parameter_path=f"/dataall/{os.getenv('envname', 'local')}/pivotRole/enablePivotRoleAutoCreate")
+    return True if ssm_param == "True" else False
+
+
+def check_environment(context: Context, source, account_id, region):
+    """ Checks necessary resources for environment deployment.
+    - Check CDKToolkit exists in Account assuming cdk_look_up_role
+    - Check Pivot Role exists in Account if pivot_role_as_part_of_environment is False
+    Args:
+        input: environment creation input
+    """
+    pivot_role_as_part_of_environment = get_pivot_role_as_part_of_environment(context, source)
+    log.info(f"Creating environment. Pivot role as part of environment = {pivot_role_as_part_of_environment}")
     ENVNAME = os.environ.get('envname', 'local')
     if ENVNAME == 'pytest':
         return 'CdkRoleName'
-    account = input.get('AwsAccountId')
-    region = input.get('region')
-    cdk_role_name = CloudFormation.check_existing_cdk_toolkit_stack(AwsAccountId=account, region=region)
 
-    if input.get('dashboardsEnabled'):
-        existing_quicksight = Quicksight.check_quicksight_enterprise_subscription(AwsAccountId=account)
+    cdk_look_up_role_arn = SessionHelper.get_cdk_look_up_role_arn(
+        accountid=account_id, region=region
+    )
+    cdk_role_name = CloudFormation.check_existing_cdk_toolkit_stack(
+        AwsAccountId=account_id, region=region
+    )
+    if not pivot_role_as_part_of_environment:
+        log.info("Check if PivotRole exist in the account")
+        pivot_role_arn = SessionHelper.get_delegation_role_arn(accountid=account_id)
+        role = IAM.get_role(account_id=account_id, role_arn=pivot_role_arn, role=cdk_look_up_role_arn)
+        if not role:
+            raise exceptions.AWSResourceNotFound(
+                action='CHECK_PIVOT_ROLE',
+                message='Pivot Role has not been created in the Environment AWS Account',
+            )
 
     return cdk_role_name
 
@@ -52,7 +76,10 @@ def create_environment(context: Context, source, input=None):
         )
 
     with context.engine.scoped_session() as session:
-        cdk_role_name = check_environment(context, source, input=input)
+        cdk_role_name = check_environment(context, source,
+                                          account_id=input.get('AwsAccountId'),
+                                          region=input.get('region')
+                                          )
         input['cdk_role_name'] = cdk_role_name
         env = Environment.create_environment(
             session=session,
@@ -86,6 +113,11 @@ def update_environment(
     with context.engine.scoped_session() as session:
 
         environment = db.api.Environment.get_environment_by_uri(session, environmentUri)
+        cdk_role_name = check_environment(context, source,
+                                          account_id=environment.AwsAccountId,
+                                          region=environment.region
+                                          )
+
         previous_resource_prefix = environment.resourcePrefix
 
         environment = db.api.Environment.update_environment(
diff --git a/backend/dataall/aws/handlers/cloudformation.py b/backend/dataall/aws/handlers/cloudformation.py
index 5a6b4ee66..94bf54d8a 100644
--- a/backend/dataall/aws/handlers/cloudformation.py
+++ b/backend/dataall/aws/handlers/cloudformation.py
@@ -16,21 +16,18 @@ def __init__(self):
         pass
 
     @staticmethod
-    def client(AwsAccountId, region):
-        session = SessionHelper.remote_session(AwsAccountId)
+    def client(AwsAccountId, region, role=None):
+        session = SessionHelper.remote_session(accountid=AwsAccountId, role=role)
         return session.client('cloudformation', region_name=region)
 
     @staticmethod
     def check_existing_cdk_toolkit_stack(AwsAccountId, region):
-        cfn = CloudFormation.client(AwsAccountId=AwsAccountId, region=region)
+        role = SessionHelper.get_cdk_look_up_role_arn(accountid=AwsAccountId, region=region)
         try:
+            cfn = CloudFormation.client(AwsAccountId=AwsAccountId, region=region, role=role)
             response = cfn.describe_stacks(StackName='CDKToolkit')
-        except cfn.exceptions.ClientError as e:
-            print(e)
-            raise Exception('CDKToolkitNotFound')
-
-        stacks = response['Stacks']
-        if not len(stacks):
+        except ClientError as e:
+            log.exception(f'CDKToolkitNotFound: {e}')
             raise Exception('CDKToolkitNotFound')
 
         try:
@@ -39,8 +36,9 @@ def check_existing_cdk_toolkit_stack(AwsAccountId, region):
             )
             cdk_role_name = response['StackResourceDetail']['PhysicalResourceId']
             return cdk_role_name
-        except cfn.exceptions.ClientError as e:
-            raise Exception('CDKToolkitDeploymentActionRoleNotFound')
+        except ClientError as e:
+            log.exception(f'CDKToolkitDeploymentActionRoleNotFound: {e}')
+            raise Exception(f'CDKToolkitDeploymentActionRoleNotFound: {e}')
 
     @staticmethod
     @Worker.handler(path='cloudformation.stack.delete')
diff --git a/backend/dataall/aws/handlers/ec2.py b/backend/dataall/aws/handlers/ec2.py
new file mode 100644
index 000000000..a0b611fa6
--- /dev/null
+++ b/backend/dataall/aws/handlers/ec2.py
@@ -0,0 +1,26 @@
+import logging
+
+from .sts import SessionHelper
+
+
+log = logging.getLogger(__name__)
+
+
+class EC2:
+    @staticmethod
+    def client(account_id: str, region: str, role=None):
+        session = SessionHelper.remote_session(accountid=account_id, role=role)
+        return session.client('ec2', region_name=region)
+
+    @staticmethod
+    def check_default_vpc_exists(AwsAccountId: str, region: str, role=None):
+        log.info("Check that default VPC exists..")
+        client = EC2.client(account_id=AwsAccountId, region=region, role=role)
+        response = client.describe_vpcs(
+            Filters=[{'Name': 'isDefault', 'Values': ['true']}]
+        )
+        vpcs = response['Vpcs']
+        log.info(f"Default VPCs response: {vpcs}")
+        if vpcs:
+            return True
+        return False
diff --git a/backend/dataall/aws/handlers/ecs.py b/backend/dataall/aws/handlers/ecs.py
index 539bd9320..84235f494 100644
--- a/backend/dataall/aws/handlers/ecs.py
+++ b/backend/dataall/aws/handlers/ecs.py
@@ -26,7 +26,7 @@ def approve_share(engine, task: models.Task):
             return DataSharingService.approve_share(engine, task.targetUri)
         else:
             return Ecs.run_share_management_ecs_task(
-                envname, task.targetUri, 'approve_share'
+                envname=envname, share_uri=task.targetUri, handler='approve_share'
             )
 
     @staticmethod
@@ -37,7 +37,7 @@ def revoke_share(engine, task: models.Task):
             return DataSharingService.revoke_share(engine, task.targetUri)
         else:
             return Ecs.run_share_management_ecs_task(
-                envname, task.targetUri, 'revoke_share'
+                envname=envname, share_uri=task.targetUri, handler='revoke_share'
             )
 
     @staticmethod
@@ -56,12 +56,12 @@ def run_share_management_ecs_task(envname, share_uri, handler):
 
         try:
             Ecs.run_ecs_task(
-                cluster_name,
-                share_task_definition,
-                container_name,
-                security_groups,
-                subnets,
-                [
+                cluster_name=cluster_name,
+                task_definition=share_task_definition,
+                container_name=container_name,
+                security_groups=security_groups,
+                subnets=subnets,
+                environment=[
                     {'name': 'shareUri', 'value': share_uri},
                     {'name': 'envname', 'value': envname},
                     {'name': 'handler', 'value': handler},
@@ -88,13 +88,13 @@ def deploy_stack(engine, task: models.Task):
                 env=envname, path='ecs/cluster/name'
             )
 
-            while Ecs.is_task_running(cluster_name, f'awsworker-{task.targetUri}'):
+            while Ecs.is_task_running(cluster_name=cluster_name, started_by=f'awsworker-{task.targetUri}'):
                 log.info(
                     f'ECS task for stack stack-{task.targetUri} is running waiting for 30 seconds before retrying...'
                 )
                 time.sleep(30)
 
-            stack.EcsTaskArn = Ecs.run_cdkproxy_task(task.targetUri)
+            stack.EcsTaskArn = Ecs.run_cdkproxy_task(stack_uri=task.targetUri)
 
     @staticmethod
     def run_cdkproxy_task(stack_uri):
@@ -112,12 +112,12 @@ def run_cdkproxy_task(stack_uri):
         )
         try:
             task_arn = Ecs.run_ecs_task(
-                cluster_name,
-                cdkproxy_task_definition,
-                container_name,
-                security_groups,
-                subnets,
-                [
+                cluster_name=cluster_name,
+                task_definition=cdkproxy_task_definition,
+                container_name=container_name,
+                security_groups=security_groups,
+                subnets=subnets,
+                environment=[
                     {'name': 'stackUri', 'value': stack_uri},
                     {'name': 'envname', 'value': envname},
                     {
@@ -125,7 +125,7 @@ def run_cdkproxy_task(stack_uri):
                         'value': os.getenv('AWS_REGION', 'eu-west-1'),
                     },
                 ],
-                f'awsworker-{stack_uri}',
+                started_by=f'awsworker-{stack_uri}',
             )
             log.info(f'ECS Task {task_arn} running')
             return task_arn
diff --git a/backend/dataall/aws/handlers/glue.py b/backend/dataall/aws/handlers/glue.py
index ebeb1fca6..bcfecbb8c 100644
--- a/backend/dataall/aws/handlers/glue.py
+++ b/backend/dataall/aws/handlers/glue.py
@@ -658,7 +658,6 @@ def get_job_runs(engine, task: models.Task):
             glue_client = aws.client('glue', region_name=Data_pipeline.region)
             try:
                 response = glue_client.get_job_runs(JobName=Data_pipeline.name)
-                print(response)
             except ClientError as e:
                 log.warning(f'Could not retrieve pipeline runs , {str(e)}')
                 return []
diff --git a/backend/dataall/aws/handlers/iam.py b/backend/dataall/aws/handlers/iam.py
index 6645d0caa..b0ca420f5 100644
--- a/backend/dataall/aws/handlers/iam.py
+++ b/backend/dataall/aws/handlers/iam.py
@@ -8,17 +8,15 @@
 
 class IAM:
     @staticmethod
-    def client(account_id: str):
-        session = SessionHelper.remote_session(account_id)
+    def client(account_id: str, role=None):
+        session = SessionHelper.remote_session(accountid=account_id, role=role)
         return session.client('iam')
 
     @staticmethod
-    def get_role(
-        account_id: str,
-        role_arn: str
-    ):
+    def get_role(account_id: str, role_arn: str, role=None):
+        log.info(f"Getting IAM role = {role_arn}")
         try:
-            iamcli = IAM.client(account_id)
+            iamcli = IAM.client(account_id=account_id, role=role)
             response = iamcli.get_role(
                 RoleName=role_arn.split("/")[-1]
             )
diff --git a/backend/dataall/aws/handlers/lakeformation.py b/backend/dataall/aws/handlers/lakeformation.py
index 03234c939..e1939c536 100644
--- a/backend/dataall/aws/handlers/lakeformation.py
+++ b/backend/dataall/aws/handlers/lakeformation.py
@@ -6,6 +6,7 @@
 from .sts import SessionHelper
 
 log = logging.getLogger('aws:lakeformation')
+PIVOT_ROLE_NAME_PREFIX = "datallPivotRole"
 
 
 class LakeFormation:
@@ -13,26 +14,24 @@ def __init__(self):
         pass
 
     @staticmethod
-    def describe_resource(resource_arn, role_arn, accountid, region):
+    def check_existing_lf_registered_location(resource_arn, accountid, region):
         """
-        Describes a LF data location
+        Checks if there is a non-dataall-created registered location for the Dataset
+        Returns False is already existing location else return the resource info
         """
         try:
             session = SessionHelper.remote_session(accountid)
             lf_client = session.client('lakeformation', region_name=region)
-
             response = lf_client.describe_resource(ResourceArn=resource_arn)
-
-            log.info(f'LF data location already registered: {response}, checking if data.all registered it ...')
-            if response['ResourceInfo']['RoleArn'] == role_arn:
+            registered_role_name = response['ResourceInfo']['RoleArn'].lstrip(f"arn:aws:iam::{accountid}:role/")
+            log.info(f'LF data location already registered: {response}, registered with role {registered_role_name}')
+            if registered_role_name.startswith(PIVOT_ROLE_NAME_PREFIX):
                 log.info('The existing data location was created as part of the dataset stack. There was no pre-existing data location.')
                 return False
             return response['ResourceInfo']
 
         except ClientError as e:
-            log.info(
-                f'LF data location for resource {resource_arn} not found due to {e}'
-            )
+            log.info(f'LF data location for resource {resource_arn} not found due to {e}')
             return False
 
     @staticmethod
diff --git a/backend/dataall/aws/handlers/parameter_store.py b/backend/dataall/aws/handlers/parameter_store.py
index d0fce8c7c..815bb9cbc 100644
--- a/backend/dataall/aws/handlers/parameter_store.py
+++ b/backend/dataall/aws/handlers/parameter_store.py
@@ -16,10 +16,12 @@ def __init__(self):
         pass
 
     @staticmethod
-    def client(AwsAccountId=None, region=None):
+    def client(AwsAccountId=None, region=None, role=None):
         if AwsAccountId:
-            session = SessionHelper.remote_session(AwsAccountId)
+            log.info(f"SSM Parameter remote session with role:{role if role else 'PivotRole'}")
+            session = SessionHelper.remote_session(accountid=AwsAccountId, role=role)
         else:
+            log.info("SSM Parameter session in central account")
             session = SessionHelper.get_session()
         return session.client('ssm', region_name=region)
 
diff --git a/backend/dataall/aws/handlers/quicksight.py b/backend/dataall/aws/handlers/quicksight.py
index c468296de..f82ea87b6 100644
--- a/backend/dataall/aws/handlers/quicksight.py
+++ b/backend/dataall/aws/handlers/quicksight.py
@@ -11,10 +11,11 @@
 logger = logging.getLogger('QuicksightHandler')
 logger.setLevel(logging.DEBUG)
 
-DEFAULT_GROUP_NAME = 'dataall'
-
 
 class Quicksight:
+
+    _DEFAULT_GROUP_NAME = 'dataall'
+
     def __init__(self):
         pass
 
@@ -26,7 +27,7 @@ def get_quicksight_client(AwsAccountId, region='eu-west-1'):
             region(str) : aws region
         Returns : boto3.client ("quicksight")
         """
-        session = SessionHelper.remote_session(AwsAccountId)
+        session = SessionHelper.remote_session(accountid=AwsAccountId)
         return session.client('quicksight', region_name=region)
 
     @staticmethod
@@ -45,7 +46,7 @@ def get_identity_region(AwsAccountId):
         client = Quicksight.get_quicksight_client(AwsAccountId=AwsAccountId, region=identity_region)
         try:
             response = client.describe_group(
-                AwsAccountId=AwsAccountId, GroupName=DEFAULT_GROUP_NAME, Namespace='default'
+                AwsAccountId=AwsAccountId, GroupName=Quicksight._DEFAULT_GROUP_NAME, Namespace='default'
             )
         except client.exceptions.AccessDeniedException as e:
             match = identity_region_rex.findall(str(e))
@@ -66,18 +67,20 @@ def get_quicksight_client_in_identity_region(AwsAccountId):
 
         """
         identity_region = Quicksight.get_identity_region(AwsAccountId)
-        session = SessionHelper.remote_session(AwsAccountId)
+        session = SessionHelper.remote_session(accountid=AwsAccountId)
         return session.client('quicksight', region_name=identity_region)
 
     @staticmethod
-    def check_quicksight_enterprise_subscription(AwsAccountId):
+    def check_quicksight_enterprise_subscription(AwsAccountId, region=None):
         """Use the DescribeAccountSubscription operation to receive a description of a Amazon QuickSight account's subscription. A successful API call returns an AccountInfo object that includes an account's name, subscription status, authentication type, edition, and notification email address.
         Args:
             AwsAccountId(str) : aws account id
+            region(str): aws region
         Returns: bool
             True if Quicksight Enterprise Edition is enabled in the AWS Account
         """
-        client = Quicksight.get_quicksight_client(AwsAccountId=AwsAccountId)
+        logger.info(f'Checking Quicksight subscription in AWS account = {AwsAccountId}')
+        client = Quicksight.get_quicksight_client(AwsAccountId=AwsAccountId, region=region)
         try:
             response = client.describe_account_subscription(AwsAccountId=AwsAccountId)
             if not response['AccountInfo']:
@@ -97,10 +100,11 @@ def check_quicksight_enterprise_subscription(AwsAccountId):
             raise Exception('Quicksight Enterprise Subscription not found')
 
         except client.exceptions.AccessDeniedException:
-            raise Exception('Access denied to Quicksight for data.all PivotRole')
+            raise Exception('Access denied to Quicksight for selected role')
+        return False
 
     @staticmethod
-    def create_quicksight_group(AwsAccountId, GroupName=DEFAULT_GROUP_NAME):
+    def create_quicksight_group(AwsAccountId, GroupName=_DEFAULT_GROUP_NAME):
         """Creates a Quicksight group called GroupName
         Args:
             AwsAccountId(str):  aws account
@@ -111,8 +115,11 @@ def create_quicksight_group(AwsAccountId, GroupName=DEFAULT_GROUP_NAME):
         """
         client = Quicksight.get_quicksight_client_in_identity_region(AwsAccountId)
         group = Quicksight.describe_group(client, AwsAccountId, GroupName)
-
         if not group:
+            if GroupName == Quicksight._DEFAULT_GROUP_NAME:
+                logger.info(f'Initializing data.all default group = {GroupName}')
+                Quicksight.check_quicksight_enterprise_subscription(AwsAccountId)
+
             logger.info(f'Attempting to create Quicksight group `{GroupName}...')
             response = client.create_group(
                 GroupName=GroupName,
@@ -128,7 +135,7 @@ def create_quicksight_group(AwsAccountId, GroupName=DEFAULT_GROUP_NAME):
         return group
 
     @staticmethod
-    def describe_group(client, AwsAccountId, GroupName=DEFAULT_GROUP_NAME):
+    def describe_group(client, AwsAccountId, GroupName=_DEFAULT_GROUP_NAME):
         try:
             response = client.describe_group(
                 AwsAccountId=AwsAccountId, GroupName=GroupName, Namespace='default'
@@ -191,6 +198,9 @@ def register_user_in_group(AwsAccountId, UserName, GroupName, UserRole='READER')
         client = Quicksight.get_quicksight_client_in_identity_region(
             AwsAccountId=AwsAccountId
         )
+
+        Quicksight.create_quicksight_group(AwsAccountId, GroupName)
+
         exists = False
         user = Quicksight.describe_user(AwsAccountId, UserName=UserName)
 
@@ -216,7 +226,6 @@ def register_user_in_group(AwsAccountId, UserName, GroupName, UserRole='READER')
             )
         member = False
 
-        Quicksight.create_quicksight_group(AwsAccountId, GroupName)
         response = client.list_user_groups(
             UserName=UserName, AwsAccountId=AwsAccountId, Namespace='default'
         )
@@ -242,7 +251,7 @@ def get_reader_session(
         user = Quicksight.describe_user(AwsAccountId, UserName)
         if user is None:
             user = Quicksight.register_user_in_group(
-                AwsAccountId=AwsAccountId, UserName=UserName, GroupName=DEFAULT_GROUP_NAME, UserRole=UserRole
+                AwsAccountId=AwsAccountId, UserName=UserName, GroupName=Quicksight._DEFAULT_GROUP_NAME, UserRole=UserRole
             )
 
         response = client.get_dashboard_embed_url(
@@ -326,7 +335,7 @@ def get_anonymous_session(AwsAccountId, region, UserName, DashboardId=None):
             SessionLifetimeInMinutes=120,
             Namespace='default',
             SessionTags=[
-                {'Key': DEFAULT_GROUP_NAME, 'Value': UserName},
+                {'Key': Quicksight._DEFAULT_GROUP_NAME, 'Value': UserName},
             ],
             AuthorizedResourceArns=[
                 f'arn:aws:quicksight:{region}:{AwsAccountId}:dashboard/{DashboardId}',
@@ -341,11 +350,11 @@ def get_author_session(AwsAccountId, region, UserName, UserRole='AUTHOR'):
         user = Quicksight.describe_user(AwsAccountId, UserName=UserName)
         if user is None:
             user = Quicksight.register_user_in_group(
-                AwsAccountId=AwsAccountId, UserName=UserName, GroupName=DEFAULT_GROUP_NAME, UserRole=UserRole
+                AwsAccountId=AwsAccountId, UserName=UserName, GroupName=Quicksight._DEFAULT_GROUP_NAME, UserRole=UserRole
             )
         elif user.get("Role", None) not in ["AUTHOR", "ADMIN"]:
             user = Quicksight.register_user_in_group(
-                AwsAccountId=AwsAccountId, UserName=UserName, GroupName=DEFAULT_GROUP_NAME, UserRole=UserRole
+                AwsAccountId=AwsAccountId, UserName=UserName, GroupName=Quicksight._DEFAULT_GROUP_NAME, UserRole=UserRole
             )
         else:
             pass
@@ -390,7 +399,7 @@ def create_data_source_vpc(AwsAccountId, region, UserName, vpcConnectionId):
         client = Quicksight.get_quicksight_client(AwsAccountId, region)
         identity_region = 'us-east-1'
         user = Quicksight.register_user_in_group(
-            AwsAccountId=AwsAccountId, UserName=UserName, GroupName=DEFAULT_GROUP_NAME, UserRole='AUTHOR'
+            AwsAccountId=AwsAccountId, UserName=UserName, GroupName=Quicksight._DEFAULT_GROUP_NAME, UserRole='AUTHOR'
         )
         try:
             response = client.describe_data_source(
diff --git a/backend/dataall/aws/handlers/sagemaker.py b/backend/dataall/aws/handlers/sagemaker.py
index 1d2c76b0e..653740cf1 100644
--- a/backend/dataall/aws/handlers/sagemaker.py
+++ b/backend/dataall/aws/handlers/sagemaker.py
@@ -9,7 +9,7 @@
 class Sagemaker:
     @staticmethod
     def client(AwsAccountId, region):
-        session = SessionHelper.remote_session(AwsAccountId)
+        session = SessionHelper.remote_session(accountid=AwsAccountId)
         return session.client('sagemaker', region_name=region)
 
     @staticmethod
@@ -73,7 +73,7 @@ def stop_instance(AwsAccountId, region, NotebookInstanceName):
     @staticmethod
     def get_security_groups(AwsAccountId, region):
         try:
-            session = SessionHelper.remote_session(AwsAccountId)
+            session = SessionHelper.remote_session(accountid=AwsAccountId)
             client = session.client('ec2', region_name=region)
             response = client.describe_security_groups()
             sgnames = [SG['GroupName'] for SG in response['SecurityGroups']]
diff --git a/backend/dataall/aws/handlers/sagemaker_studio.py b/backend/dataall/aws/handlers/sagemaker_studio.py
index 1fef85ea6..a9150d2c0 100644
--- a/backend/dataall/aws/handlers/sagemaker_studio.py
+++ b/backend/dataall/aws/handlers/sagemaker_studio.py
@@ -7,17 +7,18 @@
 
 class SagemakerStudio:
     @staticmethod
-    def client(AwsAccountId, region):
-        session = SessionHelper.remote_session(AwsAccountId)
+    def client(AwsAccountId, region, role=None):
+        session = SessionHelper.remote_session(accountid=AwsAccountId, role=role)
         return session.client('sagemaker', region_name=region)
 
     @staticmethod
-    def get_sagemaker_studio_domain(AwsAccountId, region):
+    def get_sagemaker_studio_domain(AwsAccountId, region, role=None):
         """
         Sagemaker studio domain is limited to one per account,
         RETURN: an existing domain or None if no domain is in the AWS account
         """
-        client = SagemakerStudio.client(AwsAccountId, region)
+
+        client = SagemakerStudio.client(AwsAccountId=AwsAccountId, region=region, role=role)
         existing_domain = dict()
         try:
             domain_id_paginator = client.get_paginator('list_domains')
diff --git a/backend/dataall/aws/handlers/service_handlers.py b/backend/dataall/aws/handlers/service_handlers.py
index 2e5a9d3a0..a4b2eda12 100644
--- a/backend/dataall/aws/handlers/service_handlers.py
+++ b/backend/dataall/aws/handlers/service_handlers.py
@@ -59,7 +59,6 @@ def process(self, engine, task_ids: [str], save_response=True):
                     )
                     return tasks_responses
                 except Exception as e:
-                    print('==================>', e)
                     log.exception('Error in process')
                     log.error(f'Task processing failed {e} : {taskid}')
         else:
diff --git a/backend/dataall/aws/handlers/stepfunction.py b/backend/dataall/aws/handlers/stepfunction.py
index 9b2916cec..9d497d63d 100644
--- a/backend/dataall/aws/handlers/stepfunction.py
+++ b/backend/dataall/aws/handlers/stepfunction.py
@@ -18,7 +18,7 @@ def run_pipeline(state_machine_name, env: models.Environment, stage='Test'):
         )
 
     response = client.start_execution(stateMachineArn=arn)
-    print(response)
+
     return response['executionArn']
 
 
diff --git a/backend/dataall/aws/handlers/sts.py b/backend/dataall/aws/handlers/sts.py
index fe0d21d8c..d55e23a06 100644
--- a/backend/dataall/aws/handlers/sts.py
+++ b/backend/dataall/aws/handlers/sts.py
@@ -81,9 +81,7 @@ def get_secret(cls, secret_name):
         try:
             session = SessionHelper.get_session()
             client = session.client('secretsmanager', region_name=region)
-            secret_string = client.get_secret_value(SecretId=secret_name).get(
-                'SecretString'
-            )
+            secret_string = client.get_secret_value(SecretId=secret_name).get('SecretString')
             log.debug(f'Found Secret {secret_name}|{secret_string}')
         except ClientError as e:
             log.warning(f'Secret {secret_name} not found: {e}')
@@ -97,9 +95,7 @@ def get_external_id_secret(cls):
         :return:
         :rtype:
         """
-        return SessionHelper.get_secret(
-            secret_name=f'dataall-externalId-{os.getenv("envname", "local")}'
-        )
+        return SessionHelper.get_secret(secret_name=f'dataall-externalId-{os.getenv("envname", "local")}')
 
     @classmethod
     def get_delegation_role_name(cls):
@@ -107,17 +103,10 @@ def get_delegation_role_name(cls):
         Returns:
             string: name of the assumed role
         """
-        return (
-            SessionHelper.get_secret(
-                secret_name=f'dataall-pivot-role-name-{os.getenv("envname", "local")}'
-            )
-            or 'dataallPivotRole'
-        )
+        return SessionHelper.get_secret(secret_name=f'dataall-pivot-role-name-{os.getenv("envname", "local")}')
 
     @classmethod
-    def get_console_access_url(
-        cls, boto3_session, region='eu-west-1', bucket=None, redshiftcluster=None
-    ):
+    def get_console_access_url(cls, boto3_session, region='eu-west-1', bucket=None, redshiftcluster=None):
         """Returns an AWS Console access url for the boto3 session
         Args:
             boto3_session(object): a boto3 session
@@ -133,9 +122,7 @@ def get_console_access_url(
 
         request_parameters = '?Action=getSigninToken'
         # request_parameters = "&SessionDuration=43200"
-        request_parameters += '&Session=' + urllib.parse.quote_plus(
-            json_string_with_temp_credentials
-        )
+        request_parameters += '&Session=' + urllib.parse.quote_plus(json_string_with_temp_credentials)
         request_url = 'https://signin.aws.amazon.com/federation' + request_parameters
 
         r = urllib.request.urlopen(request_url).read()
@@ -145,20 +132,15 @@ def get_console_access_url(
         request_parameters += '&Issuer=Example.org'
         if bucket:
             request_parameters += '&Destination=' + quote_plus(
-                'https://{}.console.aws.amazon.com/s3/buckets/{}/'.format(
-                    region, bucket
-                )
+                'https://{}.console.aws.amazon.com/s3/buckets/{}/'.format(region, bucket)
             )
 
         elif redshiftcluster:
             request_parameters += '&Destination=' + quote_plus(
-                f'https://{region}.console.aws.amazon.com/redshiftv2/'
-                f'home?region={region}#query-editor:'
+                f'https://{region}.console.aws.amazon.com/redshiftv2/' f'home?region={region}#query-editor:'
             )
         else:
-            request_parameters += '&Destination=' + urllib.parse.quote_plus(
-                f'https://{region}.console.aws.amazon.com/'
-            )
+            request_parameters += '&Destination=' + urllib.parse.quote_plus(f'https://{region}.console.aws.amazon.com/')
         request_parameters += '&SigninToken=' + signin_token['SigninToken']
         request_url = 'https://signin.aws.amazon.com/federation' + request_parameters
 
@@ -173,9 +155,18 @@ def get_delegation_role_arn(cls, accountid):
         Returns:
                 string : arn of the delegation role on the target aws account id
         """
-        return 'arn:aws:iam::{}:role/{}'.format(
-            accountid, cls.get_delegation_role_name()
-        )
+        return 'arn:aws:iam::{}:role/{}'.format(accountid, cls.get_delegation_role_name())
+
+    @classmethod
+    def get_cdk_look_up_role_arn(cls, accountid, region):
+        """Returns the name that will be assumed to perform IAM actions on a given AWS accountid using CDK Toolkit role
+        Args:
+            accountid(string) : aws account id
+        Returns:
+                string : arn of the CDKToolkit role on the target aws account id
+        """
+        log.info(f"Getting CDK look up role: arn:aws:iam::{accountid}:role/cdk-hnb659fds-lookup-role-{accountid}-{region}")
+        return 'arn:aws:iam::{}:role/cdk-hnb659fds-lookup-role-{}-{}'.format(accountid, accountid, region)
 
     @classmethod
     def get_delegation_role_id(cls, accountid):
@@ -191,22 +182,27 @@ def get_delegation_role_id(cls, accountid):
         return response['Role']['RoleId']
 
     @classmethod
-    def remote_session(cls, accountid):
+    def remote_session(cls, accountid, role=None):
         """Creates a remote boto3 session on the remote AWS account , assuming the delegation Role
         Args:
             accountid(string) : aws account id
+            role(string) : arn of the IAM role to assume in the boto3 session
         Returns :
-            boto3.session.Session: boto3 Session, on the target aws accountid, assuming the delegation role
+            boto3.session.Session: boto3 Session, on the target aws accountid, assuming the delegation role or a provided role
         """
         base_session = cls.get_session()
-        session = SessionHelper.get_session(
-            base_session=base_session, role_arn=cls.get_delegation_role_arn(accountid)
-        )
+        if role:
+            log.info(f"Remote boto3 session using role={role} for account={accountid}")
+            role_arn = role
+        else:
+            log.info(f"Remote boto3 session using pivot role for account= {accountid}")
+            role_arn = cls.get_delegation_role_arn(accountid=accountid)
+        session = SessionHelper.get_session(base_session=base_session, role_arn=role_arn)
         return session
 
     @classmethod
     def get_account(cls, session=None):
-        """Returns the aws account id associated with the default session, or the priovided session
+        """Returns the aws account id associated with the default session, or the provided session
         Args:
             session(object, optional) : boto3 session
         Returns :
@@ -279,11 +275,7 @@ def filter_roles_in_account(accountid, arns):
         Return :
             list : list of all arns within the account
         """
-        return [
-            arn
-            for arn in arns
-            if SessionHelper.extract_account_from_role_arn(arn) == accountid
-        ]
+        return [arn for arn in arns if SessionHelper.extract_account_from_role_arn(arn) == accountid]
 
     @staticmethod
     def get_role_ids(accountid, arns):
@@ -317,32 +309,20 @@ def get_session_by_access_key_and_secret_key(cls, access_key_id, secret_key):
         if not access_key_id or not secret_key:
             raise ValueError('Passed access_key_id and secret_key are invalid')
 
-        return boto3.Session(
-            aws_access_key_id=access_key_id, aws_secret_access_key=secret_key
-        )
+        return boto3.Session(aws_access_key_id=access_key_id, aws_secret_access_key=secret_key)
 
     @staticmethod
-    def generate_console_url(
-        credentials, session_duration=None, region='eu-west-1', bucket=None
-    ):
+    def generate_console_url(credentials, session_duration=None, region='eu-west-1', bucket=None):
         json_string_with_temp_credentials = '{'
-        json_string_with_temp_credentials += (
-            '"sessionId":"' + credentials['AccessKeyId'] + '",'
-        )
-        json_string_with_temp_credentials += (
-            '"sessionKey":"' + credentials['SecretAccessKey'] + '",'
-        )
-        json_string_with_temp_credentials += (
-            '"sessionToken":"' + credentials['SessionToken'] + '"'
-        )
+        json_string_with_temp_credentials += '"sessionId":"' + credentials['AccessKeyId'] + '",'
+        json_string_with_temp_credentials += '"sessionKey":"' + credentials['SecretAccessKey'] + '",'
+        json_string_with_temp_credentials += '"sessionToken":"' + credentials['SessionToken'] + '"'
         json_string_with_temp_credentials += '}'
 
         request_parameters = '?Action=getSigninToken'
         if session_duration:
             request_parameters += '&SessionDuration={}'.format(session_duration)
-        request_parameters += '&Session=' + quote_plus(
-            json_string_with_temp_credentials
-        )
+        request_parameters += '&Session=' + quote_plus(json_string_with_temp_credentials)
         request_url = 'https://signin.aws.amazon.com/federation' + request_parameters
 
         r = urlopen(request_url).read()
@@ -352,14 +332,10 @@ def generate_console_url(
         request_parameters += '&Issuer=Example.org'
         if bucket:
             request_parameters += '&Destination=' + quote_plus(
-                'https://{}.console.aws.amazon.com/s3/buckets/{}/'.format(
-                    region, bucket
-                )
+                'https://{}.console.aws.amazon.com/s3/buckets/{}/'.format(region, bucket)
             )
         else:
-            request_parameters += '&Destination=' + quote_plus(
-                'https://{}.console.aws.amazon.com/'.format(region)
-            )
+            request_parameters += '&Destination=' + quote_plus('https://{}.console.aws.amazon.com/'.format(region))
         request_parameters += '&SigninToken=' + signin_token['SigninToken']
         request_url = 'https://signin.aws.amazon.com/federation' + request_parameters
 
diff --git a/backend/dataall/cdkproxy/assets/datalakelocationcustomresource/__init__.py b/backend/dataall/cdkproxy/assets/datalakelocationcustomresource/__init__.py
new file mode 100644
index 000000000..6c32d76cc
--- /dev/null
+++ b/backend/dataall/cdkproxy/assets/datalakelocationcustomresource/__init__.py
@@ -0,0 +1 @@
+from .index import *
diff --git a/backend/dataall/cdkproxy/assets/datalakelocationcustomresource/index.py b/backend/dataall/cdkproxy/assets/datalakelocationcustomresource/index.py
new file mode 100644
index 000000000..216c8b23f
--- /dev/null
+++ b/backend/dataall/cdkproxy/assets/datalakelocationcustomresource/index.py
@@ -0,0 +1,89 @@
+import logging
+import os
+import json
+import boto3
+from botocore.exceptions import ClientError
+
+logger = logging.getLogger()
+logger.setLevel(os.environ.get("LOG_LEVEL", "INFO"))
+log = logging.getLogger(__name__)
+
+lf_client = boto3.client("lakeformation", region_name=os.environ.get("AWS_REGION"))
+
+
+def on_event(event, context):
+    request_type = event["RequestType"]
+    if request_type == "Create":
+        return on_create(event)
+    if request_type == "Update":
+        return on_update(event)
+    if request_type == "Delete":
+        return on_delete(event)
+    raise Exception(f"Invalid request type: {request_type}")
+
+
+def on_create(event):
+    """ Checks if the S3 location is already registered in Lake Formation.
+    If already registered it updated the roleArn for the location.
+    If not registered, it registers the location.
+    """
+    props = event["ResourceProperties"]
+    if not _is_resource_registered(props["ResourceArn"]):
+        register(props)
+    else:
+        update(props)
+
+
+def _is_resource_registered(resource_arn: str):
+    try:
+        lf_client.describe_resource(ResourceArn=resource_arn)
+        log.info(f"LakeFormation Resource: {resource_arn} already registered")
+        return True
+    except ClientError as client_error:
+        if client_error.response["Error"]["Code"] == "EntityNotFoundException":
+            log.info(f"LakeFormation Resource: {resource_arn} not found")
+            return False
+        else:
+            raise client_error
+
+
+def register(props):
+    resource_arn = props["ResourceArn"]
+    role_arn = props["RoleArn"]
+    log.info(f"Registering LakeFormation Resource: {resource_arn} and roleArn: {role_arn}")
+    try:
+        lf_client.register_resource(
+            ResourceArn=resource_arn,
+            UseServiceLinkedRole=props["UseServiceLinkedRole"] == "True",
+            RoleArn=role_arn,
+        )
+    except ClientError as e:
+        log.exception(f"Could not register LakeFormation resource: {resource_arn}")
+        raise Exception(f"Could not register LakeFormation resource: {resource_arn} , received {str(e)}")
+
+
+def on_update(event):
+    on_create(event)
+
+
+def update(props):
+    resource_arn = props["ResourceArn"]
+    role_arn = props["RoleArn"]
+    log.info(f"Updating LakeFormation Resource: {resource_arn} with roleArn: {role_arn}")
+    try:
+        lf_client.update_resource(RoleArn=role_arn, ResourceArn=resource_arn)
+    except ClientError as e:
+        log.exception(f"Could not update LakeFormation resource: {resource_arn}")
+        raise Exception(f"Could not update LakeFormation resource: {resource_arn}, received {str(e)}")
+
+
+def on_delete(event):
+    """ Deregisters the S3 location from Lake Formation
+    """
+    resource_arn = event["ResourceProperties"]["ResourceArn"]
+    log.info(f"Unregistering LakeFormation Resource: {resource_arn}")
+    try:
+        lf_client.deregister_resource(ResourceArn=resource_arn)
+    except ClientError as e:
+        log.exception(f"Could not unregister LakeFormation resource: {resource_arn}")
+        raise Exception(f"Could not unregister LakeFormation Resource: {resource_arn}, received {str(e)}")
diff --git a/backend/dataall/cdkproxy/assets/gluedatabasecustomresource/index.py b/backend/dataall/cdkproxy/assets/gluedatabasecustomresource/index.py
index 07e679b01..6c83b8e73 100644
--- a/backend/dataall/cdkproxy/assets/gluedatabasecustomresource/index.py
+++ b/backend/dataall/cdkproxy/assets/gluedatabasecustomresource/index.py
@@ -1,7 +1,21 @@
 import os
+import json
 import boto3
 from botocore.exceptions import ClientError
 import uuid
+import logging
+
+logger = logging.getLogger()
+logger.setLevel(os.environ.get("LOG_LEVEL", "INFO"))
+log = logging.getLogger(__name__)
+
+AWS_ACCOUNT = os.environ.get('AWS_ACCOUNT')
+AWS_REGION = os.environ.get('AWS_REGION')
+DEFAULT_ENV_ROLE_ARN = os.environ.get('DEFAULT_ENV_ROLE_ARN')
+DEFAULT_CDK_ROLE_ARN = os.environ.get('DEFAULT_CDK_ROLE_ARN')
+
+glue_client = boto3.client('glue', region_name=AWS_REGION)
+lf_client = boto3.client('lakeformation', region_name=AWS_REGION)
 
 
 def clean_props(**props):
@@ -10,9 +24,6 @@ def clean_props(**props):
 
 
 def on_event(event, context):
-    AWS_ACCOUNT = os.environ.get('AWS_ACCOUNT')
-    AWS_REGION = os.environ.get('AWS_REGION')
-    DEFAULT_ENV_ROLE_ARN = os.environ.get('DEFAULT_ENV_ROLE_ARN')
 
     request_type = event['RequestType']
     if request_type == 'Create':
@@ -25,31 +36,28 @@ def on_event(event, context):
 
 
 def on_create(event):
-    AWS_ACCOUNT = os.environ.get('AWS_ACCOUNT')
-    AWS_REGION = os.environ.get('AWS_REGION')
-    DEFAULT_ENV_ROLE_ARN = os.environ.get('DEFAULT_ENV_ROLE_ARN')
-    DEFAULT_CDK_ROLE_ARN = os.environ.get('DEFAULT_CDK_ROLE_ARN')
+    """Creates if it does not exist Glue database for the data.all Dataset
+    Grants permissions to Database Administrators = dataset Admin team IAM role, pivotRole, dataset IAM role
+    """
     props = clean_props(**event['ResourceProperties'])
-    print('Create new resource with props %s' % props)
-    glue = boto3.client('glue', region_name=AWS_REGION)
-    lf = boto3.client('lakeformation', region_name=AWS_REGION)
+    log.info('Create new resource with props %s' % props)
+
     exists = False
     try:
-        glue.get_database(Name=props['DatabaseInput']['Name'])
+        glue_client.get_database(Name=props['DatabaseInput']['Name'])
         exists = True
     except ClientError as e:
         pass
 
     if not exists:
         try:
-            response = glue.create_database(
+            response = glue_client.create_database(
                 CatalogId=props.get('CatalogId'),
                 DatabaseInput=props.get('DatabaseInput'),
             )
         except ClientError as e:
-            raise Exception(
-                f"Could not create Glue Database {props['DatabaseInput']['Name']} in aws://{AWS_ACCOUNT}/{AWS_REGION}, received {str(e)}"
-            )
+            log.exception(f"Could not create Glue Database {props['DatabaseInput']['Name']} in aws://{AWS_ACCOUNT}/{AWS_REGION}, received {str(e)}")
+            raise Exception(f"Could not create Glue Database {props['DatabaseInput']['Name']} in aws://{AWS_ACCOUNT}/{AWS_REGION}, received {str(e)}")
 
     Entries = []
     for i, role_arn in enumerate(props.get('DatabaseAdministrators')):
@@ -67,11 +75,13 @@ def on_create(event):
                     'Alter'.upper(),
                     'Create_table'.upper(),
                     'Drop'.upper(),
+                    'Describe'.upper(),
                 ],
                 'PermissionsWithGrantOption': [
                     'Alter'.upper(),
                     'Create_table'.upper(),
                     'Drop'.upper(),
+                    'Describe'.upper(),
                 ],
             }
         )
@@ -90,7 +100,7 @@ def on_create(event):
                 'PermissionsWithGrantOption': ['SELECT', 'ALTER', 'DESCRIBE'],
             }
         )
-    lf.batch_grant_permissions(CatalogId=props['CatalogId'], Entries=Entries)
+    lf_client.batch_grant_permissions(CatalogId=props['CatalogId'], Entries=Entries)
     physical_id = props['DatabaseInput']['Name']
 
     return {'PhysicalResourceId': physical_id}
@@ -101,23 +111,20 @@ def on_update(event):
 
 
 def on_delete(event):
-    AWS_ACCOUNT = os.environ.get('AWS_ACCOUNT')
-    AWS_REGION = os.environ.get('AWS_REGION')
-    DEFAULT_ENV_ROLE_ARN = os.environ.get('DEFAULT_ENV_ROLE_ARN')
+    """ Deletes the created Glue database.
+    With this action, Lake Formation permissions are also deleted.
+    """
     physical_id = event['PhysicalResourceId']
-    print('delete resource %s' % physical_id)
-    glue = boto3.client('glue', region_name=AWS_REGION)
+    log.info('delete resource %s' % physical_id)
     try:
-        glue.get_database(Name=physical_id)
+        glue_client.get_database(Name=physical_id)
     except ClientError as e:
+        log.exception(f'Resource {physical_id} does not exists')
         raise Exception(f'Resource {physical_id} does not exists')
 
     try:
-        response = glue.delete_database(CatalogId=AWS_ACCOUNT, Name=physical_id)
-        print(
-            f'Successfully deleted database {physical_id} in aws://{AWS_ACCOUNT}/{AWS_REGION}'
-        )
+        response = glue_client.delete_database(CatalogId=AWS_ACCOUNT, Name=physical_id)
+        log.info(f'Successfully deleted database {physical_id} in aws://{AWS_ACCOUNT}/{AWS_REGION}')
     except ClientError as e:
-        raise Exception(
-            f'Could not delete databse {physical_id} in aws://{AWS_ACCOUNT}/{AWS_REGION}'
-        )
+        log.exception(f'Could not delete databse {physical_id} in aws://{AWS_ACCOUNT}/{AWS_REGION}')
+        raise Exception(f'Could not delete databse {physical_id} in aws://{AWS_ACCOUNT}/{AWS_REGION}')
diff --git a/backend/dataall/cdkproxy/assets/gluedatabasecustomresource_nodelete/__init__.py b/backend/dataall/cdkproxy/assets/gluedatabasecustomresource_nodelete/__init__.py
new file mode 100644
index 000000000..6c32d76cc
--- /dev/null
+++ b/backend/dataall/cdkproxy/assets/gluedatabasecustomresource_nodelete/__init__.py
@@ -0,0 +1 @@
+from .index import *
diff --git a/backend/dataall/cdkproxy/assets/gluedatabasecustomresource_nodelete/index.py b/backend/dataall/cdkproxy/assets/gluedatabasecustomresource_nodelete/index.py
new file mode 100644
index 000000000..69abcd85c
--- /dev/null
+++ b/backend/dataall/cdkproxy/assets/gluedatabasecustomresource_nodelete/index.py
@@ -0,0 +1,118 @@
+import os
+import json
+import boto3
+from botocore.exceptions import ClientError
+import uuid
+import logging
+
+logger = logging.getLogger()
+logger.setLevel(os.environ.get("LOG_LEVEL", "INFO"))
+log = logging.getLogger(__name__)
+
+AWS_ACCOUNT = os.environ.get('AWS_ACCOUNT')
+AWS_REGION = os.environ.get('AWS_REGION')
+DEFAULT_ENV_ROLE_ARN = os.environ.get('DEFAULT_ENV_ROLE_ARN')
+DEFAULT_CDK_ROLE_ARN = os.environ.get('DEFAULT_CDK_ROLE_ARN')
+
+glue_client = boto3.client('glue', region_name=AWS_REGION)
+lf_client = boto3.client('lakeformation', region_name=AWS_REGION)
+
+
+def clean_props(**props):
+    data = {k: props[k] for k in props.keys() if k != 'ServiceToken'}
+    return data
+
+
+def on_event(event, context):
+
+    request_type = event['RequestType']
+    if request_type == 'Create':
+        return on_create(event)
+    if request_type == 'Update':
+        return on_update(event)
+    if request_type == 'Delete':
+        return on_delete(event)
+    raise Exception('Invalid request type: %s' % request_type)
+
+
+def on_create(event):
+    """Creates if it does not exist Glue database for the data.all Dataset
+    Grants permissions to Database Administrators = dataset Admin team IAM role, pivotRole, dataset IAM role
+    """
+    props = clean_props(**event['ResourceProperties'])
+    log.info('Create new resource with props %s' % props)
+
+    exists = False
+    try:
+        glue_client.get_database(Name=props['DatabaseInput']['Name'])
+        exists = True
+    except ClientError as e:
+        pass
+
+    if not exists:
+        try:
+            response = glue_client.create_database(
+                CatalogId=props.get('CatalogId'),
+                DatabaseInput=props.get('DatabaseInput'),
+            )
+        except ClientError as e:
+            log.exception(f"Could not create Glue Database {props['DatabaseInput']['Name']} in aws://{AWS_ACCOUNT}/{AWS_REGION}, received {str(e)}")
+            raise Exception(f"Could not create Glue Database {props['DatabaseInput']['Name']} in aws://{AWS_ACCOUNT}/{AWS_REGION}, received {str(e)}")
+
+    Entries = []
+    for i, role_arn in enumerate(props.get('DatabaseAdministrators')):
+        Entries.append(
+            {
+                'Id': str(uuid.uuid4()),
+                'Principal': {'DataLakePrincipalIdentifier': role_arn},
+                'Resource': {
+                    'Database': {
+                        # 'CatalogId': AWS_ACCOUNT,
+                        'Name': props['DatabaseInput']['Name']
+                    }
+                },
+                'Permissions': [
+                    'Alter'.upper(),
+                    'Create_table'.upper(),
+                    'Drop'.upper(),
+                    'Describe'.upper(),
+                ],
+                'PermissionsWithGrantOption': [
+                    'Alter'.upper(),
+                    'Create_table'.upper(),
+                    'Drop'.upper(),
+                    'Describe'.upper(),
+                ],
+            }
+        )
+        Entries.append(
+            {
+                'Id': str(uuid.uuid4()),
+                'Principal': {'DataLakePrincipalIdentifier': role_arn},
+                'Resource': {
+                    'Table': {
+                        'DatabaseName': props['DatabaseInput']['Name'],
+                        'TableWildcard': {},
+                        'CatalogId': props.get('CatalogId'),
+                    }
+                },
+                'Permissions': ['SELECT', 'ALTER', 'DESCRIBE'],
+                'PermissionsWithGrantOption': ['SELECT', 'ALTER', 'DESCRIBE'],
+            }
+        )
+    lf_client.batch_grant_permissions(CatalogId=props['CatalogId'], Entries=Entries)
+    physical_id = props['DatabaseInput']['Name']
+
+    return {'PhysicalResourceId': physical_id}
+
+
+def on_update(event):
+    return on_create(event)
+
+
+def on_delete(event):
+    """ Does not Delete the created Glue database.
+    This is a risky action which would be done manually by customers
+    """
+    physical_id = event['PhysicalResourceId']
+    log.info('Keeping resources %s' % physical_id)
diff --git a/backend/dataall/cdkproxy/assets/lakeformationdefaultsettings/index.py b/backend/dataall/cdkproxy/assets/lakeformationdefaultsettings/index.py
index bc9e9ad7e..c6f706fa8 100644
--- a/backend/dataall/cdkproxy/assets/lakeformationdefaultsettings/index.py
+++ b/backend/dataall/cdkproxy/assets/lakeformationdefaultsettings/index.py
@@ -1,6 +1,16 @@
 import os
 import boto3
 from botocore.exceptions import ClientError
+import logging
+
+logger = logging.getLogger()
+logger.setLevel(os.environ.get("LOG_LEVEL", "INFO"))
+log = logging.getLogger(__name__)
+
+AWS_ACCOUNT = os.environ.get('AWS_ACCOUNT')
+AWS_REGION = os.environ.get('AWS_REGION')
+lf_client = boto3.client("lakeformation", region_name=os.environ.get("AWS_REGION"))
+iam_client = boto3.client('iam')
 
 
 def clean_props(**props):
@@ -8,10 +18,21 @@ def clean_props(**props):
     return data
 
 
+def validate_principals(principals):
+    validated_principals = []
+    for principal in principals:
+        if ":role/" in principal:
+            log.info(f'Principal {principal} is an IAM role, validating....')
+            try:
+                iam_client.get_role(RoleName=principal.split("/")[-1])
+                log.info(f'Adding principal {principal} to validated principals')
+                validated_principals.append(principal)
+            except Exception as e:
+                log.exception(f'Failed to get role {principal} due to: {e}')
+    return validated_principals
+
+
 def on_event(event, context):
-    AWS_ACCOUNT = os.environ.get('AWS_ACCOUNT')
-    AWS_REGION = os.environ.get('AWS_REGION')
-    DEFAULT_ENV_ROLE_ARN = os.environ.get('DEFAULT_ENV_ROLE_ARN')
 
     request_type = event['RequestType']
     if request_type == 'Create':
@@ -24,14 +45,12 @@ def on_event(event, context):
 
 
 def on_create(event):
-    AWS_ACCOUNT = os.environ.get('AWS_ACCOUNT')
-    AWS_REGION = os.environ.get('AWS_REGION')
+    """"Adds the PivotRole to the existing Data Lake Administrators
+    Before adding any principal, it validates it exists if it is an IAM role
+    """
     props = clean_props(**event['ResourceProperties'])
     try:
-        client = boto3.client('lakeformation', region_name=AWS_REGION)
-
-        response = client.get_data_lake_settings(CatalogId=AWS_ACCOUNT)
-
+        response = lf_client.get_data_lake_settings(CatalogId=AWS_ACCOUNT)
         existing_admins = response.get('DataLakeSettings', {}).get('DataLakeAdmins', [])
         if existing_admins:
             existing_admins = [
@@ -40,21 +59,22 @@ def on_create(event):
 
         new_admins = props.get('DataLakeAdmins', [])
         new_admins.extend(existing_admins or [])
+        validated_new_admins = validate_principals(new_admins)
 
-        response = client.put_data_lake_settings(
+        response = lf_client.put_data_lake_settings(
             CatalogId=AWS_ACCOUNT,
             DataLakeSettings={
                 'DataLakeAdmins': [
                     {'DataLakePrincipalIdentifier': principal}
-                    for principal in new_admins
+                    for principal in validated_new_admins
                 ]
             },
         )
-        print(
-            f'Successfully configured AWS LakeFormation data lake admins: {new_admins}| {response}'
-        )
+        log.info(f'Successfully configured AWS LakeFormation data lake admins: {validated_new_admins}| {response}')
+
     except ClientError as e:
-        print(f'Failed to setup AWS LakeFormation data lake admins due to: {e}')
+        log.exception(f'Failed to setup AWS LakeFormation data lake admins due to: {e}')
+        raise Exception(f'Failed to setup AWS LakeFormation data lake admins due to: {e}')
 
     return {
         'PhysicalResourceId': f'LakeFormationDefaultSettings{AWS_ACCOUNT}{AWS_REGION}'
@@ -66,4 +86,38 @@ def on_update(event):
 
 
 def on_delete(event):
-    pass
+    """"Removes the PivotRole from the existing Data Lake Administrators
+    Before adding any principal, it validates it exists if it is an IAM role
+    """
+    props = clean_props(**event['ResourceProperties'])
+    try:
+        response = lf_client.get_data_lake_settings(CatalogId=AWS_ACCOUNT)
+        existing_admins = response.get('DataLakeSettings', {}).get('DataLakeAdmins', [])
+        if existing_admins:
+            existing_admins = [
+                admin['DataLakePrincipalIdentifier'] for admin in existing_admins
+            ]
+
+        added_admins = props.get('DataLakeAdmins', [])
+        for added_admin in added_admins:
+            existing_admins.remove(added_admin)
+
+        validated_new_admins = validate_principals(existing_admins)
+        response = lf_client.put_data_lake_settings(
+            CatalogId=AWS_ACCOUNT,
+            DataLakeSettings={
+                'DataLakeAdmins': [
+                    {'DataLakePrincipalIdentifier': principal}
+                    for principal in validated_new_admins
+                ]
+            },
+        )
+        log.info(f'Successfully configured AWS LakeFormation data lake admins: {validated_new_admins}| {response}')
+
+    except ClientError as e:
+        log.exception(f'Failed to setup AWS LakeFormation data lake admins due to: {e}')
+        raise Exception(f'Failed to setup AWS LakeFormation data lake admins due to: {e}')
+
+    return {
+        'PhysicalResourceId': f'LakeFormationDefaultSettings{AWS_ACCOUNT}{AWS_REGION}'
+    }
diff --git a/backend/dataall/cdkproxy/cdk_cli_wrapper.py b/backend/dataall/cdkproxy/cdk_cli_wrapper.py
index 8066d9350..fccd192cf 100644
--- a/backend/dataall/cdkproxy/cdk_cli_wrapper.py
+++ b/backend/dataall/cdkproxy/cdk_cli_wrapper.py
@@ -29,17 +29,8 @@ def aws_configure(profile_name='default'):
     print('        Running configure                     ')
     print('..............................................')
     print(f"AWS_CONTAINER_CREDENTIALS_RELATIVE_URI: {os.getenv('AWS_CONTAINER_CREDENTIALS_RELATIVE_URI')}")
-    cmd = [
-        'curl',
-        '169.254.170.2$AWS_CONTAINER_CREDENTIALS_RELATIVE_URI'
-    ]
-    process = subprocess.run(
-        ' '.join(cmd),
-        text=True,
-        shell=True,  # nosec
-        encoding='utf-8',
-        capture_output=True
-    )
+    cmd = ['curl', '169.254.170.2$AWS_CONTAINER_CREDENTIALS_RELATIVE_URI']
+    process = subprocess.run(' '.join(cmd), text=True, shell=True, encoding='utf-8', capture_output=True)  # nosec
     creds = None
     if process.returncode == 0:
         creds = ast.literal_eval(process.stdout)
@@ -55,9 +46,7 @@ def update_stack_output(session, stack):
     try:
         stack_outputs = cfn.Stack(f'{stack.name}').outputs
     except ClientError as e:
-        logger.warning(
-            f'Failed to retrieve stack output for stack {stack.name} due to: {e}'
-        )
+        logger.warning(f'Failed to retrieve stack output for stack {stack.name} due to: {e}')
     if stack_outputs:
         for output in stack_outputs:
             outputs[output['OutputKey']] = output['OutputValue']
@@ -76,25 +65,29 @@ def deploy_cdk_stack(engine: Engine, stackid: str, app_path: str = None, path: s
     with engine.scoped_session() as session:
         try:
             stack: models.Stack = session.query(models.Stack).get(stackid)
-            logger.warning(f"stackuri = {stack.stackUri}, stackId = {stack.stackid}")
+            logger.warning(f'stackuri = {stack.stackUri}, stackId = {stack.stackid}')
             stack.status = 'PENDING'
             session.commit()
 
-            if stack.stack == "cdkpipeline" or stack.stack == "template":
+            if stack.stack == 'cdkpipeline' or stack.stack == 'template':
                 cdkpipeline = CDKPipelineStack(stack.targetUri)
                 venv_name = cdkpipeline.venv_name if cdkpipeline.venv_name else None
                 pipeline = Pipeline.get_pipeline_by_uri(session, stack.targetUri)
-                path = f"./cdkpipeline/{pipeline.repo}/"
+                path = f'./cdkpipeline/{pipeline.repo}/'
                 app_path = './app.py'
                 if not venv_name:
-                    logger.info("Successfully Updated CDK Pipeline")
+                    logger.info('Successfully Updated CDK Pipeline')
                     meta = describe_stack(stack)
                     stack.stackid = meta['StackId']
                     stack.status = meta['StackStatus']
                     update_stack_output(session, stack)
                     return
 
-            cwd = os.path.join(os.path.dirname(os.path.abspath(__file__)), path) if path else os.path.dirname(os.path.abspath(__file__))
+            cwd = (
+                os.path.join(os.path.dirname(os.path.abspath(__file__)), path)
+                if path
+                else os.path.dirname(os.path.abspath(__file__))
+            )
             python_path = '/:'.join(sys.path)[1:] + ':/code'
             logger.info(f'python path = {python_path}')
 
@@ -113,7 +106,7 @@ def deploy_cdk_stack(engine: Engine, stackid: str, app_path: str = None, path: s
                         'AWS_SESSION_TOKEN': creds.get('Token'),
                     }
                 )
-            if stack.stack == "template":
+            if stack.stack == 'template':
                 resp = subprocess.run(
                     ['. ~/.nvm/nvm.sh && cdk ls'],
                     cwd=cwd,
@@ -121,18 +114,16 @@ def deploy_cdk_stack(engine: Engine, stackid: str, app_path: str = None, path: s
                     shell=True,  # nosec
                     encoding='utf-8',
                     stdout=subprocess.PIPE,
-                    env=env
+                    env=env,
                 )
-                logger.info(f"CDK Apps: {resp.stdout}")
+                logger.info(f'CDK Apps: {resp.stdout}')
                 stack.name = resp.stdout.split('\n')[0]
 
             app_path = app_path or './app.py'
 
             logger.info(f'app_path: {app_path}')
-
             cmd = [
-                ''
-                '. ~/.nvm/nvm.sh &&',
+                '' '. ~/.nvm/nvm.sh &&',
                 'cdk',
                 'deploy --all',
                 '--require-approval',
@@ -159,9 +150,9 @@ def deploy_cdk_stack(engine: Engine, stackid: str, app_path: str = None, path: s
                 '--verbose',
             ]
 
-            if stack.stack == "template" or stack.stack == "cdkpipeline":
-                if stack.stack == "template":
-                    cmd.insert(0, f"source {venv_name}/bin/activate;")
+            if stack.stack == 'template' or stack.stack == 'cdkpipeline':
+                if stack.stack == 'template':
+                    cmd.insert(0, f'source {venv_name}/bin/activate;')
                 aws = SessionHelper.remote_session(stack.accountid)
                 creds = aws.get_credentials()
                 env.update(
@@ -172,7 +163,7 @@ def deploy_cdk_stack(engine: Engine, stackid: str, app_path: str = None, path: s
                         'CDK_DEFAULT_ACCOUNT': stack.accountid,
                         'AWS_ACCESS_KEY_ID': creds.access_key,
                         'AWS_SECRET_ACCESS_KEY': creds.secret_key,
-                        'AWS_SESSION_TOKEN': creds.token
+                        'AWS_SESSION_TOKEN': creds.token,
                     }
                 )
 
@@ -186,8 +177,8 @@ def deploy_cdk_stack(engine: Engine, stackid: str, app_path: str = None, path: s
                 env=env,
                 cwd=cwd,
             )
-            if stack.stack == "cdkpipeline" or stack.stack == "template":
-                CDKPipelineStack.clean_up_repo(path=f"./{pipeline.repo}")
+            if stack.stack == 'cdkpipeline' or stack.stack == 'template':
+                CDKPipelineStack.clean_up_repo(path=f'./{pipeline.repo}')
 
             if process.returncode == 0:
                 meta = describe_stack(stack)
@@ -196,9 +187,7 @@ def deploy_cdk_stack(engine: Engine, stackid: str, app_path: str = None, path: s
                 update_stack_output(session, stack)
             else:
                 stack.status = 'CREATE_FAILED'
-                logger.error(
-                    f'Failed to deploy stack {stackid} due to {str(process.stderr)}'
-                )
+                logger.error(f'Failed to deploy stack {stackid} due to {str(process.stderr)}')
                 AlarmService().trigger_stack_deployment_failure_alarm(stack=stack)
 
         except Exception as e:
@@ -219,9 +208,7 @@ def describe_stack(stack, engine: Engine = None, stackid: str = None):
         meta = resource.Stack(f'{stack.name}')
         return {'StackId': meta.stack_id, 'StackStatus': meta.stack_status}
     except ClientError as e:
-        logger.warning(
-            f'Failed to retrieve stack output for stack {stack.name} due to: {e}'
-        )
+        logger.warning(f'Failed to retrieve stack output for stack {stack.name} due to: {e}')
         meta = resource.Stack(stack.stackid)
         return {'StackId': meta.stack_id, 'StackStatus': meta.stack_status}
 
diff --git a/backend/dataall/cdkproxy/stacks/dataset.py b/backend/dataall/cdkproxy/stacks/dataset.py
index cd5fbb4c7..410d4b79d 100644
--- a/backend/dataall/cdkproxy/stacks/dataset.py
+++ b/backend/dataall/cdkproxy/stacks/dataset.py
@@ -17,12 +17,11 @@
     Tags,
 )
 from aws_cdk.aws_glue import CfnCrawler
-from sqlalchemy import and_, or_
 
 from .manager import stack
 from ... import db
-from ...aws.handlers.quicksight import Quicksight
 from ...aws.handlers.lakeformation import LakeFormation
+from ...aws.handlers.quicksight import Quicksight
 from ...aws.handlers.sts import SessionHelper
 from ...db import models
 from ...db.api import Environment
@@ -34,6 +33,14 @@
 
 @stack(stack='dataset')
 class Dataset(Stack):
+    """Deploy common dataset resources:
+            - dataset S3 Bucket + KMS key (If S3 Bucket not imported)
+            - dataset IAM role
+            - custom resource to create glue database and grant permissions
+            - custom resource to register S3 location in LF
+            - Glue crawler
+            - Glue profiling job
+    """
     module_name = __file__
 
     def get_engine(self) -> db.Engine:
@@ -71,84 +78,6 @@ def get_target(self) -> models.Dataset:
                 raise Exception('ObjectNotFound')
         return dataset
 
-    def get_shared_tables(self) -> typing.List[models.ShareObjectItem]:
-        engine = self.get_engine()
-        with engine.scoped_session() as session:
-            tables = (
-                session.query(
-                    models.DatasetTable.GlueDatabaseName.label('GlueDatabaseName'),
-                    models.DatasetTable.GlueTableName.label('GlueTableName'),
-                    models.DatasetTable.AWSAccountId.label('SourceAwsAccountId'),
-                    models.DatasetTable.region.label('SourceRegion'),
-                    models.Environment.AwsAccountId.label('TargetAwsAccountId'),
-                    models.Environment.region.label('TargetRegion'),
-                )
-                .join(
-                    models.ShareObjectItem,
-                    and_(
-                        models.ShareObjectItem.itemUri == models.DatasetTable.tableUri
-                    ),
-                )
-                .join(
-                    models.ShareObject,
-                    models.ShareObject.shareUri == models.ShareObjectItem.shareUri,
-                )
-                .join(
-                    models.Environment,
-                    models.Environment.environmentUri
-                    == models.ShareObject.environmentUri,
-                )
-                .filter(
-                    and_(
-                        models.DatasetTable.datasetUri == self.target_uri,
-                        models.DatasetTable.deleted.is_(None),
-                        models.ShareObjectItem.status.in_(self.shared_states)
-                    )
-                )
-                .all()
-            )
-            logger.info(f'found {len(tables)} shared tables')
-        return tables
-
-    def get_shared_folders(self) -> typing.List[models.DatasetStorageLocation]:
-        engine = self.get_engine()
-        with engine.scoped_session() as session:
-            locations = (
-                session.query(
-                    models.DatasetStorageLocation.locationUri.label('locationUri'),
-                    models.DatasetStorageLocation.S3BucketName.label('S3BucketName'),
-                    models.DatasetStorageLocation.S3Prefix.label('S3Prefix'),
-                    models.Environment.AwsAccountId.label('AwsAccountId'),
-                    models.Environment.region.label('region'),
-                )
-                .join(
-                    models.ShareObjectItem,
-                    and_(
-                        models.ShareObjectItem.itemUri
-                        == models.DatasetStorageLocation.locationUri
-                    ),
-                )
-                .join(
-                    models.ShareObject,
-                    models.ShareObject.shareUri == models.ShareObjectItem.shareUri,
-                )
-                .join(
-                    models.Environment,
-                    models.Environment.environmentUri
-                    == models.ShareObject.environmentUri,
-                )
-                .filter(
-                    and_(
-                        models.DatasetStorageLocation.datasetUri == self.target_uri,
-                        models.DatasetStorageLocation.deleted.is_(None),
-                        models.ShareObjectItem.status.in_(self.shared_states)
-                    )
-                )
-                .all()
-            )
-            logger.info(f'found {len(locations)} shared folders')
-        return locations
-
     def __init__(self, scope, id, target_uri: str = None, **kwargs):
         super().__init__(
             scope,
@@ -160,31 +89,19 @@ def __init__(self, scope, id, target_uri: str = None, **kwargs):
             )[:1024],
             **kwargs)
 
-        # Required for dynamic stack tagging
+        # Read input
         self.target_uri = target_uri
-
-        self.shared_states = [
-            models.Enums.ShareItemStatus.Share_Succeeded.value,
-            models.Enums.ShareItemStatus.Revoke_Approved.value,
-            models.Enums.ShareItemStatus.Revoke_In_Progress.value,
-            models.Enums.ShareItemStatus.Revoke_Failed.value
-        ]
-
-        pivot_role_name = SessionHelper.get_delegation_role_name()
-
+        self.pivot_role_name = SessionHelper.get_delegation_role_name()
         dataset = self.get_target()
-
         env = self.get_env(dataset)
-
         env_group = self.get_env_group(dataset)
 
         quicksight_default_group_arn = None
         if env.dashboardsEnabled:
-            quicksight_default_group = Quicksight.create_quicksight_group(
-                dataset.AwsAccountId, 'dataall'
-            )
+            quicksight_default_group = Quicksight.create_quicksight_group(AwsAccountId=env.AwsAccountId)
             quicksight_default_group_arn = quicksight_default_group['Group']['Arn']
 
+        # Dataset S3 Bucket and KMS key
         if dataset.imported and dataset.importedS3Bucket:
             dataset_bucket = s3.Bucket.from_bucket_name(
                 self, f'ImportedBucket{dataset.datasetUri}', dataset.S3BucketName
@@ -204,7 +121,7 @@ def __init__(self, scope, id, target_uri: str = None, **kwargs):
                             principals=[
                                 iam.AccountPrincipal(account_id=dataset.AwsAccountId),
                                 iam.ArnPrincipal(
-                                    f'arn:aws:iam::{env.AwsAccountId}:role/{pivot_role_name}'
+                                    f'arn:aws:iam::{env.AwsAccountId}:role/{self.pivot_role_name}'
                                 ),
                             ],
                             actions=['kms:*'],
@@ -245,14 +162,6 @@ def __init__(self, scope, id, target_uri: str = None, **kwargs):
                 bucket_key_enabled=True,
             )
 
-            # dataset_bucket.add_to_resource_policy(
-            #     permission=iam.PolicyStatement(
-            #         actions=['s3:*'],
-            #         resources=[dataset_bucket.bucket_arn],
-            #         principals=[iam.AccountPrincipal(account_id=dataset.AwsAccountId)],
-            #     )
-            # )
-
             dataset_bucket.add_lifecycle_rule(
                 abort_incomplete_multipart_upload_after=Duration.days(7),
                 noncurrent_version_transitions=[
@@ -278,7 +187,7 @@ def __init__(self, scope, id, target_uri: str = None, **kwargs):
                 enabled=True,
             )
 
-        # Dataset Admin and ETL User
+        # Dataset IAM role - ETL policies
         dataset_admin_policy = iam.Policy(
             self,
             'DatasetAdminPolicy',
@@ -390,58 +299,61 @@ def __init__(self, scope, id, target_uri: str = None, **kwargs):
                 iam.AccountPrincipal(os.environ.get('CURRENT_AWS_ACCOUNT')),
                 iam.AccountPrincipal(dataset.AwsAccountId),
                 iam.ArnPrincipal(
-                    f'arn:aws:iam::{dataset.AwsAccountId}:role/{pivot_role_name}'
+                    f'arn:aws:iam::{dataset.AwsAccountId}:role/{self.pivot_role_name}'
                 ),
             ),
         )
         dataset_admin_policy.attach_to_role(dataset_admin_role)
 
-        glue_db_handler_arn = ssm.StringParameter.from_string_parameter_name(
-            self,
-            'GlueDbCRArnParameter',
-            string_parameter_name=f'/dataall/{dataset.environmentUri}/cfn/custom-resources/lambda/arn',
-        )
-
-        glue_db_handler = _lambda.Function.from_function_attributes(
-            self,
-            'CustomGlueDatabaseHandler',
-            function_arn=glue_db_handler_arn.string_value,
-            same_environment=True,
-        )
-
-        GlueDatabase = cr.Provider(
-            self,
-            f'{env.resourcePrefix}GlueDbCustomResourceProvider',
-            on_event_handler=glue_db_handler,
-        )
-
-        existing_location = LakeFormation.describe_resource(
+        # Datalake location custom resource: registers the S3 location in LakeFormation
+        registered_location = LakeFormation.check_existing_lf_registered_location(
             resource_arn=f'arn:aws:s3:::{dataset.S3BucketName}',
-            role_arn=f'arn:aws:iam::{env.AwsAccountId}:role/{pivot_role_name}',
             accountid=env.AwsAccountId,
             region=env.region
         )
 
-        if not existing_location:
+        if not registered_location:
             storage_location = CfnResource(
                 self,
                 'DatasetStorageLocation',
                 type='AWS::LakeFormation::Resource',
                 properties={
                     'ResourceArn': f'arn:aws:s3:::{dataset.S3BucketName}',
-                    'RoleArn': f'arn:aws:iam::{env.AwsAccountId}:role/{pivot_role_name}',
+                    'RoleArn': f'arn:aws:iam::{env.AwsAccountId}:role/{self.pivot_role_name}',
                     'UseServiceLinkedRole': False,
                 },
             )
+
+        # Define dataset admin groups (those with data access grant)
         dataset_admins = [
             dataset_admin_role.role_arn,
-            f'arn:aws:iam::{env.AwsAccountId}:role/{pivot_role_name}',
+            f'arn:aws:iam::{env.AwsAccountId}:role/{self.pivot_role_name}',
             env_group.environmentIAMRoleArn,
         ]
         if quicksight_default_group_arn:
             dataset_admins.append(quicksight_default_group_arn)
 
-        glue_db = CustomResource(
+        # Glue Database custom resource: creates the Glue database and grants the default permissions (dataset role, admin, pivotrole, QS group)
+        # Old provider, to be deleted in future release
+        glue_db_handler_arn = ssm.StringParameter.from_string_parameter_name(
+            self,
+            'GlueDbCRArnParameter',
+            string_parameter_name=f'/dataall/{dataset.environmentUri}/cfn/custom-resources/lambda/arn',
+        )
+
+        glue_db_handler = _lambda.Function.from_function_attributes(
+            self,
+            'CustomGlueDatabaseHandler',
+            function_arn=glue_db_handler_arn.string_value,
+            same_environment=True,
+        )
+
+        GlueDatabase = cr.Provider(
+            self,
+            f'{env.resourcePrefix}GlueDbCustomResourceProvider',
+            on_event_handler=glue_db_handler,
+        )
+        old_glue_db = CustomResource(
             self,
             f'{env.resourcePrefix}DatasetDatabase',
             service_token=GlueDatabase.service_token,
@@ -460,6 +372,33 @@ def __init__(self, scope, id, target_uri: str = None, **kwargs):
             },
         )
 
+        # Get the Provider service token from SSM, the Lambda and Provider are created as part of the environment stack
+        glue_db_provider_service_token = ssm.StringParameter.from_string_parameter_name(
+            self,
+            'GlueDatabaseProviderServiceToken',
+            string_parameter_name=f'/dataall/{dataset.environmentUri}/cfn/custom-resources/gluehandler/provider/servicetoken',
+        )
+
+        glue_db = CustomResource(
+            self,
+            f'{env.resourcePrefix}GlueDatabaseCustomResource',
+            service_token=glue_db_provider_service_token.string_value,
+            resource_type='Custom::GlueDatabase',
+            properties={
+                'CatalogId': dataset.AwsAccountId,
+                'DatabaseInput': {
+                    'Description': 'dataall database {} '.format(
+                        dataset.GlueDatabaseName
+                    ),
+                    'LocationUri': f's3://{dataset.S3BucketName}/',
+                    'Name': f'{dataset.GlueDatabaseName}',
+                    'CreateTableDefaultPermissions': [],
+                },
+                'DatabaseAdministrators': dataset_admins
+            },
+        )
+
+        # Support resources: GlueCrawler for the dataset, Profiling Job and Trigger
         crawler = glue.CfnCrawler(
             self,
             dataset.GlueCrawlerName,
@@ -503,7 +442,7 @@ def __init__(self, scope, id, target_uri: str = None, **kwargs):
             'DatasetGlueProfilingJob',
             name=dataset.GlueProfilingJobName,
             role=iam.ArnPrincipal(
-                f'arn:aws:iam::{env.AwsAccountId}:role/{pivot_role_name}'
+                f'arn:aws:iam::{env.AwsAccountId}:role/{self.pivot_role_name}'
             ).arn,
             allocated_capacity=10,
             execution_property=glue.CfnJob.ExecutionPropertyProperty(
diff --git a/backend/dataall/cdkproxy/stacks/environment.py b/backend/dataall/cdkproxy/stacks/environment.py
index e54b24988..e004c1f6e 100644
--- a/backend/dataall/cdkproxy/stacks/environment.py
+++ b/backend/dataall/cdkproxy/stacks/environment.py
@@ -1,3 +1,4 @@
+import json
 import logging
 import os
 import pathlib
@@ -5,6 +6,7 @@
 
 from aws_cdk import (
     custom_resources as cr,
+    aws_ec2 as ec2,
     aws_s3 as s3,
     aws_s3_deployment,
     aws_iam as iam,
@@ -15,27 +17,23 @@
     aws_sqs as sqs,
     aws_sns_subscriptions as sns_subs,
     aws_kms as kms,
-    aws_ec2 as ec2,
-    aws_sagemaker as sagemaker,
     aws_athena,
     RemovalPolicy,
+    CfnOutput,
     Stack,
     Duration,
     CustomResource,
     Tags,
 )
 from constructs import DependencyGroup
-from botocore.exceptions import ClientError
 
 from .manager import stack
+from .pivot_role import PivotRole
+from .sagemakerstudio import SageMakerDomain
 from .policies.data_policy import DataPolicy
 from .policies.service_policy import ServicePolicy
 from ... import db
-from ...aws.handlers.quicksight import Quicksight
 from ...aws.handlers.parameter_store import ParameterStoreManager
-from ...aws.handlers.sagemaker_studio import (
-    SagemakerStudio,
-)
 from ...aws.handlers.sts import SessionHelper
 from ...db import models
 from ...utils.cdk_nag_utils import CDKNagUtil
@@ -46,11 +44,25 @@
 
 @stack(stack='environment')
 class EnvironmentSetup(Stack):
+    """Deploy common environment resources:
+        - default environment S3 Bucket
+        - Lambda + Provider for dataset Glue Databases custom resource
+        - Lambda + Provider for dataset Data Lake location custom resource
+        - SSM parameters for the Lambdas and Providers
+        - pivotRole (if configured)
+        - SNS topic (if subscriptions are enabled)
+        - SM Studio domain (if ML studio is enabled)
+    - Deploy team specific resources: teams IAM roles, Athena workgroups
+    - Set PivotRole as Lake formation data lake Admin - lakeformationdefaultsettings custom resource
+    """
     module_name = __file__
 
+    @staticmethod
+    def get_env_name():
+        return os.environ.get('envname', 'local')
+
     def get_engine(self):
-        envname = os.environ.get('envname', 'local')
-        engine = db.get_engine(envname=envname)
+        engine = db.get_engine(envname=self.get_env_name())
         return engine
 
     def get_target(self, target_uri) -> models.Environment:
@@ -61,33 +73,6 @@ def get_target(self, target_uri) -> models.Environment:
                 raise Exception('ObjectNotFound')
         return target
 
-    def get_environment_defautl_vpc(self, engine, environmentUri) -> models.Vpc:
-        with engine.scoped_session() as session:
-            return db.api.Vpc.get_environment_default_vpc(session, environmentUri)
-
-    def init_quicksight(self, environment: models.Environment):
-        Quicksight.create_quicksight_group(environment.AwsAccountId, 'dataall')
-
-    def check_sagemaker_studio(self, engine, environment: models.Environment):
-        logger.info('check sagemaker studio domain creation')
-
-        try:
-            dataall_created_domain = ParameterStoreManager.client(
-                AwsAccountId=environment.AwsAccountId,
-                region=environment.region
-            ).get_parameter(
-                Name=f'/dataall/{environment.environmentUri}/sagemaker/sagemakerstudio/domain_id'
-            )
-            return None
-        except ClientError as e:
-            logger.info(f'check sagemaker studio domain created outside of data.all. Parameter data.all not found: {e}')
-            existing_domain = SagemakerStudio.get_sagemaker_studio_domain(
-                environment.AwsAccountId, environment.region
-            )
-            existing_domain_id = existing_domain.get('DomainId', False)
-            if existing_domain_id:
-                return existing_domain_id
-
     @staticmethod
     def get_environment_group_permissions(engine, environmentUri, group):
         with engine.scoped_session() as session:
@@ -103,9 +88,7 @@ def get_environment_group_permissions(engine, environmentUri, group):
             return permission_names
 
     @staticmethod
-    def get_environment_groups(
-        engine, environment: models.Environment
-    ) -> [models.EnvironmentGroup]:
+    def get_environment_groups(engine, environment: models.Environment) -> [models.EnvironmentGroup]:
         with engine.scoped_session() as session:
             return db.api.Environment.list_environment_invited_groups(
                 session,
@@ -117,9 +100,7 @@ def get_environment_groups(
             )
 
     @staticmethod
-    def get_environment_admins_group(
-        engine, environment: models.Environment
-    ) -> [models.EnvironmentGroup]:
+    def get_environment_admins_group(engine, environment: models.Environment) -> [models.EnvironmentGroup]:
         with engine.scoped_session() as session:
             return db.api.Environment.get_environment_group(
                 session,
@@ -128,9 +109,7 @@ def get_environment_admins_group(
             )
 
     @staticmethod
-    def get_environment_group_datasets(
-        engine, environment: models.Environment, group: str
-    ) -> [models.Dataset]:
+    def get_environment_group_datasets(engine, environment: models.Environment, group: str) -> [models.Dataset]:
         with engine.scoped_session() as session:
             return db.api.Environment.list_group_datasets(
                 session,
@@ -142,9 +121,7 @@ def get_environment_group_datasets(
             )
 
     @staticmethod
-    def get_all_environment_datasets(
-        engine, environment: models.Environment
-    ) -> [models.Dataset]:
+    def get_all_environment_datasets(engine, environment: models.Environment) -> [models.Dataset]:
         with engine.scoped_session() as session:
             return (
                 session.query(models.Dataset)
@@ -155,45 +132,41 @@ def get_all_environment_datasets(
             )
 
     def __init__(self, scope, id, target_uri: str = None, **kwargs):
-        super().__init__(scope,
-                         id,
-                         description="Cloud formation stack of ENVIRONMENT: {}; URI: {}; DESCRIPTION: {}".format(
-                             self.get_target(target_uri=target_uri).label,
-                             target_uri,
-                             self.get_target(target_uri=target_uri).description,
-                         )[:1024],
-                         **kwargs)
-
-        # Required for dynamic stack tagging
+        super().__init__(
+            scope,
+            id,
+            description='Cloud formation stack of ENVIRONMENT: {}; URI: {}; DESCRIPTION: {}'.format(
+                self.get_target(target_uri=target_uri).label,
+                target_uri,
+                self.get_target(target_uri=target_uri).description,
+            )[:1024],
+            **kwargs,
+        )
+        # Read input
         self.target_uri = target_uri
-
         self.pivot_role_name = SessionHelper.get_delegation_role_name()
-
+        self.external_id = SessionHelper.get_external_id_secret()
+        self.dataall_central_account = SessionHelper.get_account()
+        pivot_role_as_part_of_environment_stack = ParameterStoreManager.get_parameter_value(
+            region=os.getenv('AWS_REGION', 'eu-west-1'),
+            parameter_path=f"/dataall/{os.getenv('envname', 'local')}/pivotRole/enablePivotRoleAutoCreate"
+        )
+        self.create_pivot_role = True if pivot_role_as_part_of_environment_stack == "True" else False
         self.engine = self.get_engine()
 
         self._environment = self.get_target(target_uri=target_uri)
 
-        self.environment_groups: [models.EnvironmentGroup] = self.get_environment_groups(self.engine, environment=self._environment)
-
-        self.environment_admins_group: models.EnvironmentGroup = self.get_environment_admins_group(self.engine, self._environment)
+        self.environment_groups: [models.EnvironmentGroup] = self.get_environment_groups(
+            self.engine, environment=self._environment
+        )
 
-        self.all_environment_datasets = self.get_all_environment_datasets(
+        self.environment_admins_group: models.EnvironmentGroup = self.get_environment_admins_group(
             self.engine, self._environment
         )
 
-        roles_sagemaker_dependency_group = DependencyGroup()
-
-        if self._environment.dashboardsEnabled:
-            logger.warning('ensure_quicksight_default_group')
-            self.init_quicksight(environment=self._environment)
-
-        group_roles = self.create_or_import_environment_groups_roles()
-
-        for group_role in group_roles:
-            roles_sagemaker_dependency_group.add(group_role)
-
-        central_account = SessionHelper.get_account()
+        self.all_environment_datasets = self.get_all_environment_datasets(self.engine, self._environment)
 
+        # Environment S3 Bucket
         default_environment_bucket = s3.Bucket(
             self,
             'EnvironmentDefaultBucket',
@@ -252,11 +225,7 @@ def __init__(self, scope, id, target_uri: str = None, **kwargs):
         )
 
         profiling_assetspath = self.zip_code(
-            os.path.realpath(
-                os.path.abspath(
-                    os.path.join(__file__, '..', '..', 'assets', 'glueprofilingjob')
-                )
-            )
+            os.path.realpath(os.path.abspath(os.path.join(__file__, '..', '..', 'assets', 'glueprofilingjob')))
         )
 
         aws_s3_deployment.BucketDeployment(
@@ -267,25 +236,37 @@ def __init__(self, scope, id, target_uri: str = None, **kwargs):
             destination_key_prefix='profiling/code',
         )
 
+        # Create or import team IAM roles
         default_role = self.create_or_import_environment_default_role()
-        roles_sagemaker_dependency_group.add(default_role)
+        group_roles = self.create_or_import_environment_groups_roles()
 
         self.create_default_athena_workgroup(
             default_environment_bucket,
             self._environment.EnvironmentDefaultAthenaWorkGroup,
         )
+        self.create_athena_workgroups(self.environment_groups, default_environment_bucket)
+
+        # Create or import Pivot role
+        if self.create_pivot_role is True:
+            config = {
+                'roleName': self.pivot_role_name,
+                'accountId': self.dataall_central_account,
+                'externalId': self.external_id,
+                'resourcePrefix': self._environment.resourcePrefix,
+            }
+            pivot_role_stack = PivotRole(self, 'PivotRoleStack', config)
+            self.pivot_role = pivot_role_stack.pivot_role
+        else:
+            self.pivot_role = iam.Role.from_role_arn(
+                self,
+                f'PivotRole{self._environment.environmentUri}',
+                f'arn:aws:iam::{self._environment.AwsAccountId}:role/{self.pivot_role_name}',
+            )
 
-        pivot_role = iam.Role.from_role_arn(
-            self,
-            f'PivotRole{self._environment.environmentUri}',
-            f'arn:aws:iam::{self._environment.AwsAccountId}:role/{self.pivot_role_name}',
-        )
-
-        # Lakeformation default settings
+        # Lakeformation default settings custom resource
+        # Set PivotRole as Lake Formation data lake admin
         entry_point = str(
-            pathlib.PosixPath(
-                os.path.dirname(__file__), '../assets/lakeformationdefaultsettings'
-            ).resolve()
+            pathlib.PosixPath(os.path.dirname(__file__), '../assets/lakeformationdefaultsettings').resolve()
         )
 
         lakeformation_cr_dlq = self.set_dlq(
@@ -295,7 +276,7 @@ def __init__(self, scope, id, target_uri: str = None, **kwargs):
             self,
             'LakeformationDefaultSettingsHandler',
             function_name=f'{self._environment.resourcePrefix}-lf-settings-handler-{self._environment.environmentUri}',
-            role=pivot_role,
+            role=self.pivot_role,
             handler='index.on_event',
             code=_lambda.Code.from_asset(entry_point),
             memory_size=1664,
@@ -313,6 +294,23 @@ def __init__(self, scope, id, target_uri: str = None, **kwargs):
             on_failure=lambda_destination.SqsDestination(lakeformation_cr_dlq),
             runtime=_lambda.Runtime.PYTHON_3_9,
         )
+        LakeformationDefaultSettingsProvider = cr.Provider(
+            self,
+            f'{self._environment.resourcePrefix}LakeformationDefaultSettingsProvider',
+            on_event_handler=lf_default_settings_custom_resource,
+        )
+
+        default_lf_settings = CustomResource(
+            self,
+            f'{self._environment.resourcePrefix}DefaultLakeFormationSettings',
+            service_token=LakeformationDefaultSettingsProvider.service_token,
+            resource_type='Custom::LakeformationDefaultSettings',
+            properties={
+                'DataLakeAdmins': [
+                    f'arn:aws:iam::{self._environment.AwsAccountId}:role/{self.pivot_role_name}',
+                ]
+            },
+        )
 
         ssm.StringParameter(
             self,
@@ -327,23 +325,16 @@ def __init__(self, scope, id, target_uri: str = None, **kwargs):
             string_value=lf_default_settings_custom_resource.function_name,
             parameter_name=f'/dataall/{self._environment.environmentUri}/cfn/lf/defaultsettings/lambda/name',
         )
-
-        # Glue database custom resource
-
+        # Glue database custom resource - Old, to be deleted in future release
         entry_point = str(
-            pathlib.PosixPath(
-                os.path.dirname(__file__), '../assets/gluedatabasecustomresource'
-            ).resolve()
-        )
-
-        gluedb_cr_dlq = self.set_dlq(
-            f'{self._environment.resourcePrefix}-gluedbcr-{self._environment.environmentUri}'
+            pathlib.PosixPath(os.path.dirname(__file__), '../assets/gluedatabasecustomresource_nodelete').resolve()
         )
+        gluedb_cr_dlq = self.set_dlq(f'{self._environment.resourcePrefix}-gluedbcr-{self._environment.environmentUri}')
         gluedb_custom_resource = _lambda.Function(
             self,
             'GlueDatabaseCustomResourceHandler',
             function_name=f'{self._environment.resourcePrefix}-gluedb-handler-{self._environment.environmentUri}',
-            role=pivot_role,
+            role=self.pivot_role,
             handler='index.on_event',
             code=_lambda.Code.from_asset(entry_point),
             memory_size=1664,
@@ -363,7 +354,6 @@ def __init__(self, scope, id, target_uri: str = None, **kwargs):
             tracing=_lambda.Tracing.ACTIVE,
             runtime=_lambda.Runtime.PYTHON_3_9,
         )
-
         ssm.StringParameter(
             self,
             'GlueCustomResourceFunctionArn',
@@ -377,29 +367,127 @@ def __init__(self, scope, id, target_uri: str = None, **kwargs):
             string_value=gluedb_custom_resource.function_name,
             parameter_name=f'/dataall/{self._environment.environmentUri}/cfn/custom-resources/lambda/name',
         )
+        # Glue database custom resource - New
+        # This Lambda is triggered with the creation of each dataset, it is not executed when the environment is created
+        entry_point = str(
+            pathlib.PosixPath(os.path.dirname(__file__), '../assets/gluedatabasecustomresource').resolve()
+        )
 
-        LakeformationDefaultSettingsProvider = cr.Provider(
+        gluedb_lf_cr_dlq = self.set_dlq(f'{self._environment.resourcePrefix}-gluedb-lf-cr-{self._environment.environmentUri}')
+        gluedb_lf_custom_resource = _lambda.Function(
             self,
-            f'{self._environment.resourcePrefix}LakeformationDefaultSettingsProvider',
-            on_event_handler=lf_default_settings_custom_resource,
+            'GlueDatabaseLFCustomResourceHandler',
+            function_name=f'{self._environment.resourcePrefix}-gluedb-lf-handler-{self._environment.environmentUri}',
+            role=self.pivot_role,
+            handler='index.on_event',
+            code=_lambda.Code.from_asset(entry_point),
+            memory_size=1664,
+            description='This Lambda function is a cloudformation custom resource provider for Glue database '
+            'as Cfn currently does not support the CreateTableDefaultPermissions parameter',
+            timeout=Duration.seconds(5 * 60),
+            environment={
+                'envname': self._environment.name,
+                'LOG_LEVEL': 'DEBUG',
+                'AWS_ACCOUNT': self._environment.AwsAccountId,
+                'DEFAULT_ENV_ROLE_ARN': self._environment.EnvironmentDefaultIAMRoleArn,
+                'DEFAULT_CDK_ROLE_ARN': self._environment.CDKRoleArn,
+            },
+            dead_letter_queue_enabled=True,
+            dead_letter_queue=gluedb_lf_cr_dlq,
+            on_failure=lambda_destination.SqsDestination(gluedb_lf_cr_dlq),
+            tracing=_lambda.Tracing.ACTIVE,
+            runtime=_lambda.Runtime.PYTHON_3_9,
         )
 
-        default_lf_settings = CustomResource(
+        glue_db_provider = cr.Provider(
             self,
-            f'{self._environment.resourcePrefix}DefaultLakeFormationSettings',
-            service_token=LakeformationDefaultSettingsProvider.service_token,
-            resource_type='Custom::LakeformationDefaultSettings',
-            properties={
-                'DataLakeAdmins': [
-                    f'arn:aws:iam::{self._environment.AwsAccountId}:role/{self.pivot_role_name}',
-                ]
+            f'{self._environment.resourcePrefix}GlueDbCustomResourceProvider',
+            on_event_handler=gluedb_lf_custom_resource
+        )
+        ssm.StringParameter(
+            self,
+            'GlueLFCustomResourceFunctionArn',
+            string_value=gluedb_lf_custom_resource.function_arn,
+            parameter_name=f'/dataall/{self._environment.environmentUri}/cfn/custom-resources/gluehandler/lambda/arn',
+        )
+
+        ssm.StringParameter(
+            self,
+            'GlueLFCustomResourceFunctionName',
+            string_value=gluedb_lf_custom_resource.function_name,
+            parameter_name=f'/dataall/{self._environment.environmentUri}/cfn/custom-resources/gluehandler/lambda/name',
+        )
+
+        ssm.StringParameter(
+            self,
+            'GlueLFCustomResourceProviderServiceToken',
+            string_value=glue_db_provider.service_token,
+            parameter_name=f'/dataall/{self._environment.environmentUri}/cfn/custom-resources/gluehandler/provider/servicetoken',
+        )
+
+        # Data lake location custom resource
+        entry_point = str(
+            pathlib.PosixPath(
+                os.path.dirname(__file__), "../assets/datalakelocationcustomresource"
+            ).resolve()
+        )
+
+        datalakelocation_cr_dlq = self.set_dlq(
+            f'{self._environment.resourcePrefix}-datalakelocationcr-{self._environment.environmentUri}'
+        )
+        datalake_location_custom_resource = _lambda.Function(
+            self,
+            "DatalakeLocationCustomResourceHandler",
+            function_name=f'{self._environment.resourcePrefix}-datalakelocation-handler-{self._environment.environmentUri}',
+            role=self.pivot_role,
+            handler="index.on_event",
+            code=_lambda.Code.from_asset(entry_point),
+            memory_size=1664,
+            description='This Lambda function is a cloudformation custom resource provider for LakeFormation Storage Locations '
+                        'as the Cfn resource cannot handle pivotRole updates',
+            timeout=Duration.seconds(5 * 60),
+            environment={
+                'envname': self._environment.name,
+                'LOG_LEVEL': 'DEBUG',
+                'AWS_ACCOUNT': self._environment.AwsAccountId,
+                'DEFAULT_ENV_ROLE_ARN': self._environment.EnvironmentDefaultIAMRoleArn,
+                'DEFAULT_CDK_ROLE_ARN': self._environment.CDKRoleArn,
             },
+            dead_letter_queue_enabled=True,
+            dead_letter_queue=datalakelocation_cr_dlq,
+            on_failure=lambda_destination.SqsDestination(datalakelocation_cr_dlq),
+            tracing=_lambda.Tracing.ACTIVE,
+            runtime=_lambda.Runtime.PYTHON_3_9,
+        )
+
+        datalake_location_provider = cr.Provider(
+            self,
+            f"{self._environment.resourcePrefix}DatalakeLocationProvider",
+            on_event_handler=datalake_location_custom_resource
+        )
+
+        ssm.StringParameter(
+            self,
+            "DatalakeLocationCustomResourceFunctionArn",
+            string_value=datalake_location_custom_resource.function_arn,
+            parameter_name=f"/dataall/{self._environment.environmentUri}/cfn/custom-resources/datalocationhandler/lambda/arn",
         )
 
-        self.create_athena_workgroups(
-            self.environment_groups, default_environment_bucket
+        ssm.StringParameter(
+            self,
+            "DatalakeLocationCustomResourceFunctionName",
+            string_value=datalake_location_custom_resource.function_name,
+            parameter_name=f"/dataall/{self._environment.environmentUri}/cfn/custom-resources/datalocationhandler/lambda/name",
+        )
+
+        ssm.StringParameter(
+            self,
+            'DataLocationCustomResourceProviderServiceToken',
+            string_value=datalake_location_provider.service_token,
+            parameter_name=f'/dataall/{self._environment.environmentUri}/cfn/custom-resources/datalocationhandler/provider/servicetoken',
         )
 
+        # Create SNS topics for subscriptions
         if self._environment.subscriptionsEnabled:
             queue_key = kms.Key(
                 self,
@@ -451,7 +539,7 @@ def __init__(self, scope, id, target_uri: str = None, **kwargs):
             else:
                 topic = self.create_topic(
                     self._environment.subscriptionsProducersTopicName,
-                    central_account,
+                    self.dataall_central_account,
                     self._environment,
                 )
 
@@ -465,7 +553,7 @@ def __init__(self, scope, id, target_uri: str = None, **kwargs):
 
             policy.document.add_statements(
                 iam.PolicyStatement(
-                    principals=[iam.AccountPrincipal(central_account)],
+                    principals=[iam.AccountPrincipal(self.dataall_central_account)],
                     effect=iam.Effect.ALLOW,
                     actions=[
                         'sqs:ReceiveMessage',
@@ -502,93 +590,36 @@ def __init__(self, scope, id, target_uri: str = None, **kwargs):
 
             self.create_topic(
                 self._environment.subscriptionsConsumersTopicName,
-                central_account,
+                self.dataall_central_account,
                 self._environment,
             )
 
-        self.sagemaker_domain_exists = self.check_sagemaker_studio(engine=self.engine, environment=self._environment)
-
-        if self._environment.mlStudiosEnabled and not (self.sagemaker_domain_exists):
-
-            sagemaker_domain_role = iam.Role(
-                self,
-                'RoleForSagemakerStudioUsers',
-                assumed_by=iam.ServicePrincipal('sagemaker.amazonaws.com'),
-                role_name="RoleSagemakerStudioUsers",
-                managed_policies=[iam.ManagedPolicy.from_managed_policy_arn(
-                    self,
-                    id="SagemakerFullAccess",
-                    managed_policy_arn="arn:aws:iam::aws:policy/AmazonSageMakerFullAccess"),
-                    iam.ManagedPolicy.from_managed_policy_arn(
-                    self,
-                        id="S3FullAccess",
-                        managed_policy_arn="arn:aws:iam::aws:policy/AmazonS3FullAccess")
-                ]
-            )
-
-            sagemaker_domain_key = kms.Key(
-                self,
-                'SagemakerDomainKmsKey',
-                alias="SagemakerStudioDomain",
-                enable_key_rotation=True,
-                policy=iam.PolicyDocument(
-                    assign_sids=True,
-                    statements=[
-                        iam.PolicyStatement(
-                            resources=['*'],
-                            effect=iam.Effect.ALLOW,
-                            principals=[
-                                iam.AccountPrincipal(account_id=self._environment.AwsAccountId),
-                                sagemaker_domain_role,
-                                default_role,
-                            ] + group_roles,
-                            actions=['kms:*'],
-                        )
-                    ],
-                ),
-            )
-            sagemaker_domain_key.node.add_dependency(roles_sagemaker_dependency_group)
-
-            try:
-                default_vpc = ec2.Vpc.from_lookup(self, 'VPCStudio', is_default=True)
-                vpc_id = default_vpc.vpc_id
-                subnet_ids = [private_subnet.subnet_id for private_subnet in default_vpc.private_subnets]
-                subnet_ids += [public_subnet.subnet_id for public_subnet in default_vpc.public_subnets]
-                subnet_ids += [isolated_subnet.subnet_id for isolated_subnet in default_vpc.isolated_subnets]
-            except Exception as e:
-                logger.error(f"Default VPC not found, Exception: {e}. If you don't own a default VPC, modify the networking configuration, or disable ML Studio upon environment creation.")
-
-            sagemaker_domain = sagemaker.CfnDomain(
-                self,
-                "SagemakerStudioDomain",
-                domain_name=f"SagemakerStudioDomain-{self._environment.region}-{self._environment.AwsAccountId}",
-                auth_mode="IAM",
-
-                default_user_settings=sagemaker.CfnDomain.UserSettingsProperty(
-                    execution_role=sagemaker_domain_role.role_arn,
-
-                    security_groups=[],
-
-                    sharing_settings=sagemaker.CfnDomain.SharingSettingsProperty(
-                        notebook_output_option="Allowed",
-                        s3_kms_key_id=sagemaker_domain_key.key_id,
-                        s3_output_path=f"s3://sagemaker-{self._environment.region}-{self._environment.AwsAccountId}",
-                    )
-                ),
+        # Create or import SageMaker Studio domain if ML Studio enabled
+        domain = SageMakerDomain(
+            stack=self,
+            id='SageMakerDomain',
+            environment=self._environment
+        )
+        self.existing_sagemaker_domain = domain.check_existing_sagemaker_studio_domain()
+        if self._environment.mlStudiosEnabled and not self.existing_sagemaker_domain:
+            # Create dependency group - Sagemaker depends on group IAM roles
+            sagemaker_dependency_group = DependencyGroup()
+            sagemaker_dependency_group.add(default_role)
+            for group_role in group_roles:
+                sagemaker_dependency_group.add(group_role)
 
-                vpc_id=vpc_id,
-                subnet_ids=subnet_ids,
-                app_network_access_type="VpcOnly",
-                kms_key_id=sagemaker_domain_key.key_id,
-            )
+            sagemaker_domain = domain.create_sagemaker_domain_resources(sagemaker_principals=[default_role] + group_roles)
 
-            ssm.StringParameter(
-                self,
-                'SagemakerStudioDomainId',
-                string_value=sagemaker_domain.attr_domain_id,
-                parameter_name=f'/dataall/{self._environment.environmentUri}/sagemaker/sagemakerstudio/domain_id',
-            )
+            sagemaker_domain.node.add_dependency(sagemaker_dependency_group)
 
+        # print the IAM role arn for this service account
+        CfnOutput(
+            self,
+            'pivotRoleName',
+            export_name='pivotRoleName',
+            value=self.pivot_role_name,
+            description='pivotRoleName',
+        )
         TagsUtil.add_tags(self)
 
         CDKNagUtil.check_rules(self)
@@ -606,8 +637,8 @@ def create_or_import_environment_default_role(self):
                 tag_key='Team',
                 tag_value=self._environment.SamlGroupName,
                 resource_prefix=self._environment.resourcePrefix,
-                name=f'{self._environment.resourcePrefix}-{self._environment.SamlGroupName}-default-services-policy',
-                id=f'{self._environment.resourcePrefix}-{self._environment.SamlGroupName}-default-services-policy',
+                name=f'{self._environment.resourcePrefix}-{self._environment.SamlGroupName}-{self._environment.environmentUri}-default-services-policy',
+                id=f'{self._environment.resourcePrefix}-{self._environment.SamlGroupName}-{self._environment.environmentUri}-default-services-policy',
                 account=self._environment.AwsAccountId,
                 region=self._environment.region,
                 role_name=self._environment.EnvironmentDefaultIAMRoleName,
@@ -665,7 +696,7 @@ def create_or_import_environment_groups_roles(self):
                 iam.Role.from_role_arn(
                     self,
                     f'{group.groupUri + group.environmentIAMRoleName}',
-                    role_arn=f'arn:aws:iam::{self.environment.AwsAccountId}:role/{group.environmentIAMRoleName}',
+                    role_arn=f'arn:aws:iam::{self._environment.AwsAccountId}:role/{group.environmentIAMRoleName}',
                 )
         return group_roles
 
@@ -679,8 +710,8 @@ def create_group_environment_role(self, group):
             tag_key='Team',
             tag_value=group.groupUri,
             resource_prefix=self._environment.resourcePrefix,
-            name=f'{self._environment.resourcePrefix}-{group.groupUri}-services-policy',
-            id=f'{self._environment.resourcePrefix}-{group.groupUri}-services-policy',
+            name=f'{self._environment.resourcePrefix}-{group.groupUri}-{self._environment.environmentUri}-services-policy',
+            id=f'{self._environment.resourcePrefix}-{group.groupUri}-{self._environment.environmentUri}-services-policy',
             role_name=group.environmentIAMRoleName,
             account=self._environment.AwsAccountId,
             region=self._environment.region,
@@ -698,9 +729,7 @@ def create_group_environment_role(self, group):
             region=self._environment.region,
             environment=self._environment,
             team=group,
-            datasets=self.get_environment_group_datasets(
-                self.engine, self._environment, group.groupUri
-            ),
+            datasets=self.get_environment_group_datasets(self.engine, self._environment, group.groupUri),
         ).generate_data_access_policy()
 
         group_role = iam.Role(
@@ -730,9 +759,7 @@ def create_default_athena_workgroup(self, output_bucket, workgroup_name):
 
     def create_athena_workgroups(self, environment_groups, default_environment_bucket):
         for group in environment_groups:
-            self.create_athena_workgroup(
-                default_environment_bucket, group.environmentAthenaWorkGroup
-            )
+            self.create_athena_workgroup(default_environment_bucket, group.environmentAthenaWorkGroup)
 
     def create_athena_workgroup(self, output_bucket, workgroup_name):
         athena_workgroup_output_location = ''.join(
@@ -780,9 +807,7 @@ def create_topic(self, construct_id, central_account, environment):
             alias=f'{construct_id}-topic-key',
             enable_key_rotation=True,
         )
-        topic = sns.Topic(
-            self, f'{construct_id}', topic_name=f'{construct_id}', master_key=topic_key
-        )
+        topic = sns.Topic(self, f'{construct_id}', topic_name=f'{construct_id}', master_key=topic_key)
         topic.add_to_resource_policy(
             iam.PolicyStatement(
                 principals=[iam.AccountPrincipal(central_account)],
@@ -804,9 +829,7 @@ def create_topic(self, construct_id, central_account, environment):
     @staticmethod
     def zip_code(assetspath, s3_key='profiler'):
         logger.info('Zipping code')
-        shutil.make_archive(
-            base_name=f'{assetspath}/{s3_key}', format='zip', root_dir=f'{assetspath}'
-        )
+        shutil.make_archive(base_name=f'{assetspath}/{s3_key}', format='zip', root_dir=f'{assetspath}')
         return assetspath
 
     def set_dlq(self, queue_name) -> sqs.Queue:
diff --git a/backend/dataall/cdkproxy/stacks/pivot_role.py b/backend/dataall/cdkproxy/stacks/pivot_role.py
new file mode 100644
index 000000000..b4c340d31
--- /dev/null
+++ b/backend/dataall/cdkproxy/stacks/pivot_role.py
@@ -0,0 +1,890 @@
+from constructs import Construct
+from aws_cdk import Duration, aws_iam as iam, NestedStack
+
+
+class PivotRole(NestedStack):
+    def __init__(self, scope: Construct, construct_id: str, config, **kwargs) -> None:
+        super().__init__(scope, construct_id, **kwargs)
+        # Create Pivot IAM Role
+        self.pivot_role = self.create_pivot_role(
+            name=config['roleName'],
+            principal_id=config['accountId'],
+            external_id=config['externalId'],
+            env_resource_prefix=config['resourcePrefix'],
+        )
+        # Data.All IAM Lake Formation service role creation
+        self.lf_service_role = iam.CfnServiceLinkedRole(
+            self, 'LakeFormationSLR', aws_service_name='lakeformation.amazonaws.com'
+        )
+
+    def create_pivot_role(self, name: str, principal_id: str, external_id: str, env_resource_prefix: str) -> iam.Role:
+        """
+        Creates an IAM Role that will enable data.all to interact with this Data Account
+
+        :param str name: Role name
+        :param str principal_id: AWS Account ID of central data.all
+        :param str external_id: External ID provided by data.all
+        :param str env_resource_prefix: Environment Resource Prefix provided by data.all
+        :returns: Created IAM Role
+        :rtype: iam.Role
+        """
+
+        role = iam.Role(
+            self,
+            'DataAllPivotRole-cdk',
+            role_name=name,
+            assumed_by=iam.CompositePrincipal(
+                iam.ServicePrincipal('glue.amazonaws.com'),
+                iam.ServicePrincipal('lakeformation.amazonaws.com'),
+                iam.ServicePrincipal('lambda.amazonaws.com'),
+            ),
+            path='/',
+            max_session_duration=Duration.hours(12),
+            managed_policies=[
+                self._create_dataall_policy0(env_resource_prefix),
+                self._create_dataall_policy1(env_resource_prefix),
+                self._create_dataall_policy2(env_resource_prefix),
+                self._create_dataall_policy3(env_resource_prefix, name),
+            ],
+        )
+
+        role.assume_role_policy.add_statements(
+            iam.PolicyStatement(
+                effect=iam.Effect.ALLOW,
+                principals=[iam.AccountPrincipal(account_id=principal_id)],
+                actions=['sts:AssumeRole'],
+                conditions={'StringEquals': {'sts:ExternalId': external_id}},
+            )
+        )
+
+        return role
+
+    def _create_dataall_policy0(self, env_resource_prefix: str) -> iam.ManagedPolicy:
+        """
+        Creates the first managed IAM Policy required for the Pivot Role used by data.all
+
+        :param str env_resource_prefix: Environment Resource Prefix provided by data.all
+        :returns: Created IAM Policy
+        :rtype: iam.ManagedPolicy
+        """
+        return iam.ManagedPolicy(
+            self,
+            'PivotRolePolicy0',
+            managed_policy_name=f'{env_resource_prefix}-pivotrole-cdk-policy-0',
+            statements=[
+                # Athena permissions
+                iam.PolicyStatement(
+                    sid='Athena',
+                    effect=iam.Effect.ALLOW,
+                    resources=['*'],
+                    actions=[
+                        'athena:GetQuery*',
+                        'athena:StartQueryExecution',
+                        'athena:ListWorkGroups'
+                    ],
+                ),
+                # Athena Workgroups permissions
+                iam.PolicyStatement(
+                    sid='AthenaWorkgroups',
+                    effect=iam.Effect.ALLOW,
+                    actions=[
+                        'athena:GetWorkGroup',
+                        'athena:CreateWorkGroup',
+                        'athena:UpdateWorkGroup',
+                        'athena:DeleteWorkGroup',
+                        'athena:TagResource',
+                        'athena:UntagResource',
+                        'athena:ListTagsForResource',
+                    ],
+                    resources=[f'arn:aws:athena:*:{self.account}:workgroup/{env_resource_prefix}*'],
+                ),
+                # AWS Glue Crawler Bucket
+                iam.PolicyStatement(
+                    sid='AwsGlueCrawlerBucket',
+                    effect=iam.Effect.ALLOW,
+                    actions=['s3:GetObject'],
+                    resources=['arn:aws:s3:::crawler-public*'],
+                ),
+                # S3 Access points
+                iam.PolicyStatement(
+                    sid='ManagedAccessPoints',
+                    effect=iam.Effect.ALLOW,
+                    actions=[
+                        's3:GetAccessPoint',
+                        's3:GetAccessPointPolicy',
+                        's3:ListAccessPoints',
+                        's3:CreateAccessPoint',
+                        's3:DeleteAccessPoint',
+                        's3:GetAccessPointPolicyStatus',
+                        's3:DeleteAccessPointPolicy',
+                        's3:PutAccessPointPolicy',
+                    ],
+                    resources=[f'arn:aws:s3:*:{self.account}:accesspoint/*'],
+                ),
+                # S3 Managed Buckets
+                iam.PolicyStatement(
+                    sid='ManagedBuckets',
+                    effect=iam.Effect.ALLOW,
+                    actions=[
+                        's3:List*',
+                        's3:Delete*',
+                        's3:Get*',
+                        's3:Put*'
+                    ],
+                    resources=[f'arn:aws:s3:::{env_resource_prefix}*'],
+                ),
+                # S3 Imported Buckets
+                iam.PolicyStatement(
+                    sid='ImportedBuckets',
+                    effect=iam.Effect.ALLOW,
+                    actions=[
+                        's3:List*',
+                        's3:GetBucket*',
+                        's3:GetLifecycleConfiguration',
+                        's3:GetObject',
+                        's3:PutBucketPolicy',
+                        's3:PutBucketTagging',
+                        's3:PutObject',
+                        's3:PutObjectAcl',
+                        's3:PutBucketOwnershipControls',
+                    ],
+                    resources=['arn:aws:s3:::*'],
+                ),
+                # AWS Logging Buckets
+                iam.PolicyStatement(
+                    sid='AWSLoggingBuckets',
+                    effect=iam.Effect.ALLOW,
+                    actions=[
+                        's3:PutBucketAcl',
+                        's3:PutBucketNotification'
+                    ],
+                    resources=[f'arn:aws:s3:::{env_resource_prefix}-logging-*'],
+                ),
+                # Read Buckets
+                iam.PolicyStatement(
+                    sid='ReadBuckets',
+                    effect=iam.Effect.ALLOW,
+                    actions=[
+                        's3:ListAllMyBuckets',
+                        's3:GetBucketLocation',
+                        's3:PutBucketTagging'
+                    ],
+                    resources=['*'],
+                ),
+                # CloudWatch Metrics
+                iam.PolicyStatement(
+                    sid='CWMetrics',
+                    effect=iam.Effect.ALLOW,
+                    actions=[
+                        'cloudwatch:PutMetricData',
+                        'cloudwatch:GetMetricData',
+                        'cloudwatch:GetMetricStatistics'
+                    ],
+                    resources=['*'],
+                ),
+                # Logs
+                iam.PolicyStatement(
+                    sid='Logs',
+                    effect=iam.Effect.ALLOW,
+                    actions=[
+                        'logs:CreateLogGroup',
+                        'logs:CreateLogStream',
+                        'logs:PutLogEvents'
+                    ],
+                    resources=[
+                        f'arn:aws:logs:*:{self.account}:log-group:/aws-glue/*',
+                        f'arn:aws:logs:*:{self.account}:log-group:/aws/lambda/*',
+                        f'arn:aws:logs:*:{self.account}:log-group:/{env_resource_prefix}*',
+                    ],
+                ),
+                # Logging
+                iam.PolicyStatement(
+                    sid='Logging', effect=iam.Effect.ALLOW, actions=['logs:PutLogEvents'], resources=['*']
+                ),
+                # EventBridge (CloudWatch Events)
+                iam.PolicyStatement(
+                    sid='CWEvents',
+                    effect=iam.Effect.ALLOW,
+                    actions=[
+                        'events:DeleteRule',
+                        'events:List*',
+                        'events:PutRule',
+                        'events:PutTargets',
+                        'events:RemoveTargets',
+                    ],
+                    resources=['*'],
+                ),
+                # Glue
+                iam.PolicyStatement(
+                    sid='Glue',
+                    effect=iam.Effect.ALLOW,
+                    actions=[
+                        'glue:BatchCreatePartition',
+                        'glue:BatchDeletePartition',
+                        'glue:BatchDeleteTable',
+                        'glue:CreateCrawler',
+                        'glue:CreateDatabase',
+                        'glue:CreatePartition',
+                        'glue:CreateTable',
+                        'glue:DeleteCrawler',
+                        'glue:DeleteDatabase',
+                        'glue:DeleteJob',
+                        'glue:DeletePartition',
+                        'glue:DeleteTable',
+                        'glue:DeleteTrigger',
+                        'glue:BatchGet*',
+                        'glue:Get*',
+                        'glue:List*',
+                        'glue:StartCrawler',
+                        'glue:StartJobRun',
+                        'glue:StartTrigger',
+                        'glue:SearchTables',
+                        'glue:UpdateDatabase',
+                        'glue:UpdatePartition',
+                        'glue:UpdateTable',
+                        'glue:UpdateTrigger',
+                        'glue:UpdateJob',
+                        'glue:TagResource',
+                        'glue:UpdateCrawler',
+                    ],
+                    resources=['*'],
+                ),
+                # KMS
+                iam.PolicyStatement(
+                    sid='KMS',
+                    effect=iam.Effect.ALLOW,
+                    actions=[
+                        'kms:Decrypt',
+                        'kms:Encrypt',
+                        'kms:GenerateDataKey*',
+                        'kms:PutKeyPolicy',
+                        'kms:ReEncrypt*',
+                        'kms:TagResource',
+                        'kms:UntagResource',
+                    ],
+                    resources=['*'],
+                ),
+                iam.PolicyStatement(
+                    sid='KMSAlias',
+                    effect=iam.Effect.ALLOW,
+                    actions=['kms:DeleteAlias'],
+                    resources=[f'arn:aws:kms:*:{self.account}:alias/{env_resource_prefix}*'],
+                ),
+                iam.PolicyStatement(
+                    sid='KMSCreate',
+                    effect=iam.Effect.ALLOW,
+                    actions=[
+                        'kms:List*',
+                        'kms:DescribeKey',
+                        'kms:CreateAlias',
+                        'kms:CreateKey'
+                    ],
+                    resources=['*'],
+                ),
+                # AWS Organizations
+                iam.PolicyStatement(
+                    sid='Organizations',
+                    effect=iam.Effect.ALLOW,
+                    actions=['organizations:DescribeOrganization'],
+                    resources=['*'],
+                ),
+                # Resource Tags
+                iam.PolicyStatement(
+                    sid='ResourceGroupTags',
+                    effect=iam.Effect.ALLOW,
+                    actions=[
+                        'tag:*',
+                        'resource-groups:*'
+                    ],
+                    resources=['*'],
+                ),
+                # SNS
+                iam.PolicyStatement(
+                    sid='SNSPublish',
+                    effect=iam.Effect.ALLOW,
+                    actions=[
+                        'sns:Publish',
+                        'sns:SetTopicAttributes',
+                        'sns:GetTopicAttributes',
+                        'sns:DeleteTopic',
+                        'sns:Subscribe',
+                        'sns:TagResource',
+                        'sns:UntagResource',
+                        'sns:CreateTopic',
+                    ],
+                    resources=[f'arn:aws:sns:*:{self.account}:{env_resource_prefix}*'],
+                ),
+                iam.PolicyStatement(
+                    sid='SNSList', effect=iam.Effect.ALLOW, actions=['sns:ListTopics'], resources=['*']
+                ),
+                # SQS
+                iam.PolicyStatement(
+                    sid='SQSList', effect=iam.Effect.ALLOW, actions=['sqs:ListQueues'], resources=['*']
+                ),
+                iam.PolicyStatement(
+                    sid='SQS',
+                    effect=iam.Effect.ALLOW,
+                    actions=[
+                        'sqs:ReceiveMessage',
+                        'sqs:SendMessage'
+                    ],
+                    resources=[f'arn:aws:sqs:*:{self.account}:{env_resource_prefix}*'],
+                ),
+            ],
+        )
+
+    def _create_dataall_policy1(self, env_resource_prefix: str) -> iam.ManagedPolicy:
+        """
+        Creates the second managed IAM Policy required for the Pivot Role used by data.all
+
+        :param str env_resource_prefix: Environment Resource Prefix provided by data.all
+        :returns: Created IAM Policy
+        :rtype: iam.ManagedPolicy
+        """
+        return iam.ManagedPolicy(
+            self,
+            'PivotRolePolicy1',
+            managed_policy_name=f'{env_resource_prefix}-pivotrole-cdk-policy-1',
+            statements=[
+                # Redshift
+                iam.PolicyStatement(
+                    sid='Redshift',
+                    effect=iam.Effect.ALLOW,
+                    actions=[
+                        'redshift:DeleteTags',
+                        'redshift:ModifyClusterIamRoles',
+                        'redshift:DescribeClusterSecurityGroups',
+                        'redshift:DescribeClusterSubnetGroups',
+                        'redshift:pauseCluster',
+                        'redshift:resumeCluster',
+                    ],
+                    resources=['*'],
+                    conditions={'StringEquals': {'aws:ResourceTag/dataall': 'true'}},
+                ),
+                iam.PolicyStatement(
+                    sid='RedshiftRead',
+                    effect=iam.Effect.ALLOW,
+                    actions=[
+                        'redshift:DescribeClusters',
+                        'redshift:CreateTags',
+                        'redshift:DescribeClusterSubnetGroups',
+                    ],
+                    resources=['*'],
+                ),
+                iam.PolicyStatement(
+                    sid='RedshiftCreds',
+                    effect=iam.Effect.ALLOW,
+                    actions=['redshift:GetClusterCredentials'],
+                    resources=[
+                        f'arn:aws:redshift:*:{self.account}:dbgroup:*/*',
+                        f'arn:aws:redshift:*:{self.account}:dbname:*/*',
+                        f'arn:aws:redshift:*:{self.account}:dbuser:*/*',
+                    ],
+                ),
+                iam.PolicyStatement(
+                    sid='AllowRedshiftSubnet',
+                    effect=iam.Effect.ALLOW,
+                    actions=['redshift:CreateClusterSubnetGroup'],
+                    resources=['*'],
+                ),
+                iam.PolicyStatement(
+                    sid='AllowRedshiftDataApi',
+                    effect=iam.Effect.ALLOW,
+                    actions=[
+                        'redshift-data:ListTables',
+                        'redshift-data:GetStatementResult',
+                        'redshift-data:CancelStatement',
+                        'redshift-data:ListSchemas',
+                        'redshift-data:ExecuteStatement',
+                        'redshift-data:ListStatements',
+                        'redshift-data:ListDatabases',
+                        'redshift-data:DescribeStatement',
+                    ],
+                    resources=['*'],
+                ),
+                # EC2
+                iam.PolicyStatement(
+                    sid='EC2SG',
+                    effect=iam.Effect.ALLOW,
+                    actions=[
+                        'ec2:CreateSecurityGroup',
+                        'ec2:CreateNetworkInterface',
+                        'ec2:Describe*'
+                    ],
+                    resources=['*'],
+                ),
+                iam.PolicyStatement(
+                    sid='TagsforENI',
+                    effect=iam.Effect.ALLOW,
+                    actions=[
+                        'ec2:CreateTags',
+                        'ec2:DeleteTags'
+                    ],
+                    resources=[f'arn:aws:ec2:*:{self.account}:network-interface/*'],
+                ),
+                iam.PolicyStatement(
+                    sid='DeleteENI',
+                    effect=iam.Effect.ALLOW,
+                    actions=['ec2:DeleteNetworkInterface'],
+                    resources=[f'arn:aws:ec2:*:{self.account}:network-interface/*'],
+                ),
+                # SageMaker
+                iam.PolicyStatement(
+                    sid='SageMakerNotebookActions',
+                    effect=iam.Effect.ALLOW,
+                    actions=[
+                        'sagemaker:ListTags',
+                        'sagemaker:DescribeUserProfile',
+                        'sagemaker:DeleteNotebookInstance',
+                        'sagemaker:StopNotebookInstance',
+                        'sagemaker:CreatePresignedNotebookInstanceUrl',
+                        'sagemaker:DescribeNotebookInstance',
+                        'sagemaker:StartNotebookInstance',
+                        'sagemaker:AddTags',
+                        'sagemaker:DescribeDomain',
+                        'sagemaker:CreatePresignedDomainUrl',
+                    ],
+                    resources=[
+                        f'arn:aws:sagemaker:*:{self.account}:notebook-instance/{env_resource_prefix}*',
+                        f'arn:aws:sagemaker:*:{self.account}:domain/*',
+                        f'arn:aws:sagemaker:*:{self.account}:user-profile/*/*',
+                    ],
+                ),
+                iam.PolicyStatement(
+                    sid='SageMakerNotebookInstances',
+                    effect=iam.Effect.ALLOW,
+                    actions=[
+                        'sagemaker:ListNotebookInstances',
+                        'sagemaker:ListDomains',
+                        'sagemaker:ListApps',
+                        'sagemaker:DeleteApp',
+                    ],
+                    resources=['*'],
+                ),
+                # RAM
+                iam.PolicyStatement(
+                    sid='RamTag',
+                    effect=iam.Effect.ALLOW,
+                    actions=['ram:TagResource'],
+                    resources=['*'],
+                    conditions={'ForAllValues:StringLike': {'ram:ResourceShareName': ['LakeFormation*']}},
+                ),
+                iam.PolicyStatement(
+                    sid='RamCreateResource',
+                    effect=iam.Effect.ALLOW,
+                    actions=['ram:CreateResourceShare'],
+                    resources=['*'],
+                    conditions={
+                        'ForAllValues:StringEquals': {
+                            'ram:RequestedResourceType': ['glue:Table', 'glue:Database', 'glue:Catalog']
+                        }
+                    },
+                ),
+                iam.PolicyStatement(
+                    sid='RamUpdateResource',
+                    effect=iam.Effect.ALLOW,
+                    actions=['ram:UpdateResourceShare'],
+                    resources=[f'arn:aws:ram:*:{self.account}:resource-share/*'],
+                    conditions={
+                        'StringEquals': {'aws:ResourceTag/dataall': 'true'},
+                        'ForAllValues:StringLike': {'ram:ResourceShareName': ['LakeFormation*']},
+                    },
+                ),
+                iam.PolicyStatement(
+                    sid='RamAssociateResource',
+                    effect=iam.Effect.ALLOW,
+                    actions=[
+                        'ram:AssociateResourceShare',
+                        'ram:DisassociateResourceShare'
+                    ],
+                    resources=[f'arn:aws:ram:*:{self.account}:resource-share/*'],
+                    conditions={'ForAllValues:StringLike': {'ram:ResourceShareName': ['LakeFormation*']}},
+                ),
+                iam.PolicyStatement(
+                    sid='RamDeleteResource',
+                    effect=iam.Effect.ALLOW,
+                    actions=['ram:DeleteResourceShare'],
+                    resources=[f'arn:aws:ram:*:{self.account}:resource-share/*'],
+                ),
+                iam.PolicyStatement(
+                    sid='RamInvitations',
+                    effect=iam.Effect.ALLOW,
+                    actions=[
+                        'ram:AcceptResourceShareInvitation',
+                        'ram:RejectResourceShareInvitation',
+                        'ec2:DescribeAvailabilityZones',
+                        'ram:EnableSharingWithAwsOrganization',
+                    ],
+                    resources=['*'],
+                ),
+                iam.PolicyStatement(
+                    sid='RamReadGlue',
+                    effect=iam.Effect.ALLOW,
+                    actions=[
+                        'glue:PutResourcePolicy',
+                        'glue:DeleteResourcePolicy',
+                        'ram:Get*',
+                        'ram:List*'
+                    ],
+                    resources=['*'],
+                ),
+                # Security Groups
+                iam.PolicyStatement(
+                    sid='SGCreateTag',
+                    effect=iam.Effect.ALLOW,
+                    actions=['ec2:CreateTags'],
+                    resources=[f'arn:aws:ec2:*:{self.account}:security-group/*'],
+                    conditions={'StringEquals': {'aws:RequestTag/dataall': 'true'}},
+                ),
+                iam.PolicyStatement(
+                    sid='SGandRedshift',
+                    effect=iam.Effect.ALLOW,
+                    actions=[
+                        'ec2:DeleteTags',
+                        'ec2:DeleteSecurityGroup',
+                        'redshift:DeleteClusterSubnetGroup'
+                    ],
+                    resources=['*'],
+                    conditions={'ForAnyValue:StringEqualsIfExists': {'aws:ResourceTag/dataall': 'true'}},
+                ),
+                # Redshift
+                iam.PolicyStatement(
+                    sid='RedshiftDataApi',
+                    effect=iam.Effect.ALLOW,
+                    actions=[
+                        'redshift-data:ListTables',
+                        'redshift-data:GetStatementResult',
+                        'redshift-data:CancelStatement',
+                        'redshift-data:ListSchemas',
+                        'redshift-data:ExecuteStatement',
+                        'redshift-data:ListStatements',
+                        'redshift-data:ListDatabases',
+                        'redshift-data:DescribeStatement',
+                    ],
+                    resources=['*'],
+                    conditions={'StringEqualsIfExists': {'aws:ResourceTag/dataall': 'true'}},
+                ),
+                # Dev Tools
+                iam.PolicyStatement(
+                    sid='DevTools0',
+                    effect=iam.Effect.ALLOW,
+                    actions=['cloudformation:ValidateTemplate'],
+                    resources=['*'],
+                ),
+                iam.PolicyStatement(
+                    sid='DevTools1',
+                    effect=iam.Effect.ALLOW,
+                    actions=[
+                        'secretsmanager:CreateSecret',
+                        'secretsmanager:DeleteSecret',
+                        'secretsmanager:TagResource',
+                        'codebuild:DeleteProject',
+                    ],
+                    resources=['*'],
+                    conditions={'StringEquals': {'aws:ResourceTag/dataall': 'true'}},
+                ),
+                iam.PolicyStatement(
+                    sid='DevTools2',
+                    effect=iam.Effect.ALLOW,
+                    actions=[
+                        'codebuild:CreateProject',
+                        'ecr:CreateRepository',
+                        'ssm:PutParameter',
+                        'ssm:AddTagsToResource',
+                    ],
+                    resources=['*'],
+                    conditions={'StringEquals': {'aws:RequestTag/dataall': 'true'}},
+                ),
+                iam.PolicyStatement(
+                    sid='CloudFormation',
+                    effect=iam.Effect.ALLOW,
+                    actions=[
+                        'cloudformation:DescribeStacks',
+                        'cloudformation:DescribeStackResources',
+                        'cloudformation:DescribeStackEvents',
+                        'cloudformation:DeleteStack',
+                        'cloudformation:CreateStack',
+                        'cloudformation:GetTemplate',
+                        'cloudformation:ListStackResources',
+                        'cloudformation:DescribeStackResource',
+                    ],
+                    resources=[
+                        f'arn:aws:cloudformation:*:{self.account}:stack/{env_resource_prefix}*/*',
+                        f'arn:aws:cloudformation:*:{self.account}:stack/CDKToolkit/*',
+                        f'arn:aws:cloudformation:*:{self.account}:stack/*/*',
+                    ],
+                ),
+            ],
+        )
+
+    def _create_dataall_policy2(self, env_resource_prefix: str) -> iam.ManagedPolicy:
+        """
+        Creates the third managed IAM Policy required for the Pivot Role used by data.all
+
+        :param str env_resource_prefix: Environment Resource Prefix provided by data.all
+        :returns: Created IAM Policy
+        :rtype: iam.ManagedPolicy
+        """
+        return iam.ManagedPolicy(
+            self,
+            'PivotRolePolicy2',
+            managed_policy_name=f'{env_resource_prefix}-pivotrole-cdk-policy-2',
+            statements=[
+                # LakeFormation
+                iam.PolicyStatement(
+                    sid='LakeFormation',
+                    effect=iam.Effect.ALLOW,
+                    actions=[
+                        'lakeformation:RegisterResource',
+                        'lakeformation:DeregisterResource',
+                        'lakeformation:UpdateResource',
+                        'lakeformation:DescribeResource',
+                        'lakeformation:AddLFTagsToResource',
+                        'lakeformation:RemoveLFTagsFromResource',
+                        'lakeformation:GetResourceLFTags',
+                        'lakeformation:ListLFTags',
+                        'lakeformation:CreateLFTag',
+                        'lakeformation:GetLFTag',
+                        'lakeformation:UpdateLFTag',
+                        'lakeformation:DeleteLFTag',
+                        'lakeformation:SearchTablesByLFTags',
+                        'lakeformation:SearchDatabasesByLFTags',
+                        'lakeformation:ListResources',
+                        'lakeformation:ListPermissions',
+                        'lakeformation:GrantPermissions',
+                        'lakeformation:BatchGrantPermissions',
+                        'lakeformation:RevokePermissions',
+                        'lakeformation:BatchRevokePermissions',
+                        'lakeformation:PutDataLakeSettings',
+                        'lakeformation:GetDataLakeSettings',
+                        'lakeformation:GetDataAccess',
+                        'lakeformation:GetWorkUnits',
+                        'lakeformation:StartQueryPlanning',
+                        'lakeformation:GetWorkUnitResults',
+                        'lakeformation:GetQueryState',
+                        'lakeformation:GetQueryStatistics',
+                        'lakeformation:StartTransaction',
+                        'lakeformation:CommitTransaction',
+                        'lakeformation:CancelTransaction',
+                        'lakeformation:ExtendTransaction',
+                        'lakeformation:DescribeTransaction',
+                        'lakeformation:ListTransactions',
+                        'lakeformation:GetTableObjects',
+                        'lakeformation:UpdateTableObjects',
+                        'lakeformation:DeleteObjectsOnCancel',
+                    ],
+                    resources=['*'],
+                ),
+                # Compute
+                iam.PolicyStatement(
+                    sid='Compute',
+                    effect=iam.Effect.ALLOW,
+                    actions=[
+                        'lambda:CreateFunction',
+                        'lambda:AddPermission',
+                        'lambda:InvokeFunction',
+                        'lambda:RemovePermission',
+                        'lambda:GetFunction',
+                        'lambda:GetFunctionConfiguration',
+                        'lambda:DeleteFunction',
+                        'ecr:CreateRepository',
+                        'ecr:SetRepositoryPolicy',
+                        'ecr:DeleteRepository',
+                        'ecr:DescribeImages',
+                        'ecr:BatchDeleteImage',
+                        'codepipeline:GetPipelineState',
+                        'codepipeline:DeletePipeline',
+                        'codepipeline:GetPipeline',
+                        'codepipeline:CreatePipeline',
+                        'codepipeline:TagResource',
+                        'codepipeline:UntagResource',
+                    ],
+                    resources=[
+                        f'arn:aws:lambda:*:{self.account}:function:{env_resource_prefix}*',
+                        f'arn:aws:s3:::{env_resource_prefix}*',
+                        f'arn:aws:codepipeline:*:{self.account}:{env_resource_prefix}*',
+                        f'arn:aws:ecr:*:{self.account}:repository/{env_resource_prefix}*',
+                    ],
+                ),
+                # Databrew
+                iam.PolicyStatement(
+                    sid='DatabrewList', effect=iam.Effect.ALLOW, actions=['databrew:List*'], resources=['*']
+                ),
+                iam.PolicyStatement(
+                    sid='DatabrewPermissions',
+                    effect=iam.Effect.ALLOW,
+                    actions=[
+                        'databrew:BatchDeleteRecipeVersion',
+                        'databrew:Delete*',
+                        'databrew:Describe*',
+                        'databrew:PublishRecipe',
+                        'databrew:SendProjectSessionAction',
+                        'databrew:Start*',
+                        'databrew:Stop*',
+                        'databrew:TagResource',
+                        'databrew:UntagResource',
+                        'databrew:Update*',
+                    ],
+                    resources=[f'arn:aws:databrew:*:{self.account}:*/{env_resource_prefix}*'],
+                ),
+                # QuickSight
+                iam.PolicyStatement(
+                    sid='QuickSight',
+                    effect=iam.Effect.ALLOW,
+                    actions=[
+                        'quicksight:CreateGroup',
+                        'quicksight:DescribeGroup',
+                        'quicksight:ListDashboards',
+                        'quicksight:DescribeDataSource',
+                        'quicksight:DescribeDashboard',
+                        'quicksight:DescribeUser',
+                        'quicksight:SearchDashboards',
+                        'quicksight:GetDashboardEmbedUrl',
+                        'quicksight:GenerateEmbedUrlForAnonymousUser',
+                        'quicksight:UpdateUser',
+                        'quicksight:ListUserGroups',
+                        'quicksight:RegisterUser',
+                        'quicksight:DescribeDashboardPermissions',
+                        'quicksight:UpdateDashboardPermissions',
+                        'quicksight:GetAuthCode',
+                        'quicksight:CreateGroupMembership',
+                        'quicksight:DescribeAccountSubscription',
+                    ],
+                    resources=[
+                        f'arn:aws:quicksight:*:{self.account}:group/default/*',
+                        f'arn:aws:quicksight:*:{self.account}:user/default/*',
+                        f'arn:aws:quicksight:*:{self.account}:datasource/*',
+                        f'arn:aws:quicksight:*:{self.account}:user/*',
+                        f'arn:aws:quicksight:*:{self.account}:dashboard/*',
+                        f'arn:aws:quicksight:*:{self.account}:namespace/default',
+                        f'arn:aws:quicksight:*:{self.account}:account/*',
+                        f'arn:aws:quicksight:*:{self.account}:*',
+                    ],
+                ),
+                iam.PolicyStatement(
+                    sid='QuickSightSession',
+                    effect=iam.Effect.ALLOW,
+                    actions=['quicksight:GetSessionEmbedUrl'],
+                    resources=['*'],
+                ),
+            ],
+        )
+
+    def _create_dataall_policy3(self, env_resource_prefix: str, role_name: str) -> iam.ManagedPolicy:
+        """
+        Creates the fourth managed IAM Policy required for the Pivot Role used by data.all
+
+        :param str env_resource_prefix: Environment Resource Prefix provided by data.all
+        :param str role_name: IAM Role name
+        :returns: Created IAM Policy
+        :rtype: iam.ManagedPolicy
+        """
+        return iam.ManagedPolicy(
+            self,
+            'PivotRolePolicy3',
+            managed_policy_name=f'{env_resource_prefix}-pivotrole-cdk-policy-3',
+            statements=[
+                # SSM Parameter Store
+                iam.PolicyStatement(
+                    sid='ParameterStore',
+                    effect=iam.Effect.ALLOW,
+                    actions=['ssm:GetParameter'],
+                    resources=[
+                        f'arn:aws:ssm:*:{self.account}:parameter/{env_resource_prefix}/*',
+                        f'arn:aws:ssm:*:{self.account}:parameter/dataall/*',
+                        f'arn:aws:ssm:*:{self.account}:parameter/ddk/*',
+                    ],
+                ),
+                # Secrets Manager
+                iam.PolicyStatement(
+                    sid='SecretsManager',
+                    effect=iam.Effect.ALLOW,
+                    actions=[
+                        'secretsmanager:DescribeSecret',
+                        'secretsmanager:GetSecretValue'
+                    ],
+                    resources=[
+                        f'arn:aws:secretsmanager:*:{self.account}:secret:{env_resource_prefix}*',
+                        f'arn:aws:secretsmanager:*:{self.account}:secret:dataall*',
+                    ],
+                ),
+                iam.PolicyStatement(
+                    sid='SecretsManagerList',
+                    effect=iam.Effect.ALLOW,
+                    actions=['secretsmanager:ListSecrets'],
+                    resources=['*'],
+                ),
+                # IAM
+                iam.PolicyStatement(
+                    sid='IAMListGet',
+                    effect=iam.Effect.ALLOW,
+                    actions=[
+                        'iam:ListRoles',
+                        'iam:Get*'
+                    ], resources=['*']
+                ),
+                iam.PolicyStatement(
+                    sid='IAMRolePolicy',
+                    effect=iam.Effect.ALLOW,
+                    actions=[
+                        'iam:PutRolePolicy',
+                        'iam:DeleteRolePolicy'
+                    ],
+                    resources=['*'],
+                ),
+                iam.PolicyStatement(
+                    sid='IAMPassRole',
+                    effect=iam.Effect.ALLOW,
+                    actions=['iam:PassRole'],
+                    resources=[
+                        f'arn:aws:iam::{self.account}:role/{env_resource_prefix}*',
+                        f'arn:aws:iam::{self.account}:role/{role_name}',
+                        f'arn:aws:iam::{self.account}:role/cdk-*',
+                    ],
+                ),
+                # STS
+                iam.PolicyStatement(
+                    sid='STS',
+                    effect=iam.Effect.ALLOW,
+                    actions=['sts:AssumeRole'],
+                    resources=[
+                        f'arn:aws:iam::{self.account}:role/{env_resource_prefix}*',
+                        f'arn:aws:iam::{self.account}:role/ddk-*',
+                    ],
+                ),
+                # Step Functions
+                iam.PolicyStatement(
+                    sid='StepFunctions',
+                    effect=iam.Effect.ALLOW,
+                    actions=[
+                        'states:DescribeStateMachine',
+                        'states:ListExecutions',
+                        'states:StartExecution'
+                    ],
+                    resources=[f'arn:aws:states:*:{self.account}:stateMachine:{env_resource_prefix}*'],
+                ),
+                # CodeCommit
+                iam.PolicyStatement(
+                    sid='CodeCommit',
+                    effect=iam.Effect.ALLOW,
+                    actions=[
+                        'codecommit:GetFile',
+                        'codecommit:ListBranches',
+                        'codecommit:GetFolder',
+                        'codecommit:GetCommit',
+                        'codecommit:GitPull',
+                        'codecommit:GetRepository',
+                        'codecommit:TagResource',
+                        'codecommit:UntagResource',
+                        'codecommit:CreateBranch',
+                        'codecommit:CreateCommit',
+                        'codecommit:CreateRepository',
+                        'codecommit:DeleteRepository',
+                        'codecommit:GitPush',
+                        'codecommit:PutFile',
+                        'codecommit:GetBranch',
+                    ],
+                    resources=[f'arn:aws:codecommit:*:{self.account}:{env_resource_prefix}*'],
+                ),
+            ],
+        )
diff --git a/backend/dataall/cdkproxy/stacks/sagemakerstudio.py b/backend/dataall/cdkproxy/stacks/sagemakerstudio.py
index a858cdfc2..491a5359a 100644
--- a/backend/dataall/cdkproxy/stacks/sagemakerstudio.py
+++ b/backend/dataall/cdkproxy/stacks/sagemakerstudio.py
@@ -1,21 +1,193 @@
 import logging
 import os
-
 from aws_cdk import (
     cloudformation_include as cfn_inc,
-    Stack,
+    aws_ec2 as ec2,
+    aws_iam as iam,
+    aws_kms as kms,
+    aws_logs as logs,
+    aws_sagemaker as sagemaker,
+    aws_ssm as ssm,
+    RemovalPolicy,
+    Stack
 )
-
+from botocore.exceptions import ClientError
 from .manager import stack
 from ... import db
 from ...db import models
 from ...db.api import Environment
+from ...aws.handlers.parameter_store import ParameterStoreManager
+from ...aws.handlers.sts import SessionHelper
+from ...aws.handlers.sagemaker_studio import SagemakerStudio
+from ...aws.handlers.ec2 import EC2
 from ...utils.cdk_nag_utils import CDKNagUtil
 from ...utils.runtime_stacks_tagging import TagsUtil
 
 logger = logging.getLogger(__name__)
 
 
+class SageMakerDomain:
+    def __init__(
+        self,
+        stack,
+        id,
+        environment: models.Environment
+    ):
+        self.stack = stack
+        self.id = id
+        self.environment = environment
+
+    def check_existing_sagemaker_studio_domain(self):
+        logger.info('Check if there is an existing sagemaker studio domain in the account')
+        try:
+            logger.info('check sagemaker studio domain created as part of data.all environment stack.')
+            cdk_look_up_role_arn = SessionHelper.get_cdk_look_up_role_arn(
+                accountid=self.environment.AwsAccountId, region=self.environment.region
+            )
+            dataall_created_domain = ParameterStoreManager.client(
+                AwsAccountId=self.environment.AwsAccountId, region=self.environment.region, role=cdk_look_up_role_arn
+            ).get_parameter(Name=f'/dataall/{self.environment.environmentUri}/sagemaker/sagemakerstudio/domain_id')
+            return False
+        except ClientError as e:
+            logger.info(f'check sagemaker studio domain created outside of data.all. Parameter data.all not found: {e}')
+            existing_domain = SagemakerStudio.get_sagemaker_studio_domain(
+                AwsAccountId=self.environment.AwsAccountId, region=self.environment.region, role=cdk_look_up_role_arn
+            )
+            return existing_domain.get('DomainId', False)
+
+    def create_sagemaker_domain_resources(self, sagemaker_principals):
+        logger.info('Creating SageMaker base resources..')
+        cdk_look_up_role_arn = SessionHelper.get_cdk_look_up_role_arn(
+            accountid=self.environment.AwsAccountId, region=self.environment.region
+        )
+        existing_default_vpc = EC2.check_default_vpc_exists(
+            AwsAccountId=self.environment.AwsAccountId, region=self.environment.region, role=cdk_look_up_role_arn
+        )
+        if existing_default_vpc:
+            logger.info("Using default VPC for Sagemaker Studio domain")
+            # Use default VPC - initial configuration (to be migrated)
+            vpc = ec2.Vpc.from_lookup(self.stack, 'VPCStudio', is_default=True)
+            subnet_ids = [private_subnet.subnet_id for private_subnet in vpc.private_subnets]
+            subnet_ids += [public_subnet.subnet_id for public_subnet in vpc.public_subnets]
+            subnet_ids += [isolated_subnet.subnet_id for isolated_subnet in vpc.isolated_subnets]
+            security_groups = []
+        else:
+            logger.info("Default VPC not found, Exception. Creating a VPC for SageMaker resources...")
+            # Create VPC with 3 Public Subnets and 3 Private subnets wit NAT Gateways
+            log_group = logs.LogGroup(
+                self.stack,
+                f'SageMakerStudio{self.environment.name}',
+                log_group_name=f'/{self.environment.resourcePrefix}/{self.environment.name}/vpc/sagemakerstudio',
+                retention=logs.RetentionDays.ONE_MONTH,
+                removal_policy=RemovalPolicy.DESTROY,
+            )
+            vpc_flow_role = iam.Role(
+                self.stack, 'FlowLog',
+                assumed_by=iam.ServicePrincipal('vpc-flow-logs.amazonaws.com')
+            )
+            vpc = ec2.Vpc(
+                self.stack,
+                "SageMakerVPC",
+                max_azs=3,
+                cidr="10.10.0.0/16",
+                subnet_configuration=[
+                    ec2.SubnetConfiguration(
+                        subnet_type=ec2.SubnetType.PUBLIC,
+                        name="Public",
+                        cidr_mask=24
+                    ),
+                    ec2.SubnetConfiguration(
+                        subnet_type=ec2.SubnetType.PRIVATE_WITH_NAT,
+                        name="Private",
+                        cidr_mask=24
+                    ),
+                ],
+                enable_dns_hostnames=True,
+                enable_dns_support=True,
+            )
+            ec2.FlowLog(
+                self.stack, "StudioVPCFlowLog",
+                resource_type=ec2.FlowLogResourceType.from_vpc(vpc),
+                destination=ec2.FlowLogDestination.to_cloud_watch_logs(log_group, vpc_flow_role)
+            )
+            # setup security group to be used for sagemaker studio domain
+            sagemaker_sg = ec2.SecurityGroup(
+                self.stack,
+                "SecurityGroup",
+                vpc=vpc,
+                description="Security Group for SageMaker Studio",
+            )
+
+            sagemaker_sg.add_ingress_rule(sagemaker_sg, ec2.Port.all_traffic())
+            security_groups = [sagemaker_sg.security_group_id]
+            subnet_ids = [private_subnet.subnet_id for private_subnet in vpc.private_subnets]
+
+        vpc_id = vpc.vpc_id
+
+        sagemaker_domain_role = iam.Role(
+            self.stack,
+            'RoleForSagemakerStudioUsers',
+            assumed_by=iam.ServicePrincipal('sagemaker.amazonaws.com'),
+            role_name='RoleSagemakerStudioUsers',
+            managed_policies=[
+                iam.ManagedPolicy.from_managed_policy_arn(
+                    self.stack,
+                    id='SagemakerFullAccess',
+                    managed_policy_arn='arn:aws:iam::aws:policy/AmazonSageMakerFullAccess',
+                ),
+                iam.ManagedPolicy.from_managed_policy_arn(
+                    self.stack, id='S3FullAccess', managed_policy_arn='arn:aws:iam::aws:policy/AmazonS3FullAccess'
+                ),
+            ],
+        )
+
+        sagemaker_domain_key = kms.Key(
+            self.stack,
+            'SagemakerDomainKmsKey',
+            alias='SagemakerStudioDomain',
+            enable_key_rotation=True,
+            policy=iam.PolicyDocument(
+                assign_sids=True,
+                statements=[
+                    iam.PolicyStatement(
+                        resources=['*'],
+                        effect=iam.Effect.ALLOW,
+                        principals=[iam.AccountPrincipal(account_id=self.environment.AwsAccountId), sagemaker_domain_role] + sagemaker_principals,
+                        actions=['kms:*'],
+                    )
+                ],
+            ),
+        )
+
+        sagemaker_domain = sagemaker.CfnDomain(
+            self.stack,
+            'SagemakerStudioDomain',
+            domain_name=f'SagemakerStudioDomain-{self.environment.region}-{self.environment.AwsAccountId}',
+            auth_mode='IAM',
+            default_user_settings=sagemaker.CfnDomain.UserSettingsProperty(
+                execution_role=sagemaker_domain_role.role_arn,
+                security_groups=security_groups,
+                sharing_settings=sagemaker.CfnDomain.SharingSettingsProperty(
+                    notebook_output_option='Allowed',
+                    s3_kms_key_id=sagemaker_domain_key.key_id,
+                    s3_output_path=f's3://sagemaker-{self.environment.region}-{self.environment.AwsAccountId}',
+                ),
+            ),
+            vpc_id=vpc_id,
+            subnet_ids=subnet_ids,
+            app_network_access_type='VpcOnly',
+            kms_key_id=sagemaker_domain_key.key_id,
+        )
+
+        ssm.StringParameter(
+            self.stack,
+            'SagemakerStudioDomainId',
+            string_value=sagemaker_domain.attr_domain_id,
+            parameter_name=f'/dataall/{self.environment.environmentUri}/sagemaker/sagemakerstudio/domain_id',
+        )
+        return sagemaker_domain
+
+
 @stack(stack='sagemakerstudiouserprofile')
 class SagemakerStudioUserProfile(Stack):
     module_name = __file__
@@ -70,6 +242,7 @@ def __init__(self, scope, id: str, target_uri: str = None, **kwargs) -> None:
 
         env_group = self.get_env_group(sm_user_profile)
 
+        # SageMaker Studio User Profile
         cfn_template_user_profile = os.path.join(
             os.path.dirname(__file__), '..', 'cfnstacks', 'sagemaker-user-template.yaml'
         )
diff --git a/backend/dataall/db/api/__init__.py b/backend/dataall/db/api/__init__.py
index 765d1b68a..369e4faa9 100644
--- a/backend/dataall/db/api/__init__.py
+++ b/backend/dataall/db/api/__init__.py
@@ -10,7 +10,6 @@
 from .environment import Environment
 from .glossary import Glossary
 from .vote import Vote
-from .share_object import ShareObject, ShareObjectSM, ShareItemSM
 from .dataset import Dataset
 from .dataset_location import DatasetStorageLocation
 from .dataset_profiling_run import DatasetProfilingRun
@@ -18,6 +17,7 @@
 from .notification import Notification
 from .redshift_cluster import RedshiftCluster
 from .vpc import Vpc
+from .share_object import ShareObject, ShareObjectSM, ShareItemSM
 from .notebook import Notebook
 from .sgm_studio_notebook import SgmStudioNotebook
 from .dashboard import Dashboard
diff --git a/backend/dataall/db/api/dataset.py b/backend/dataall/db/api/dataset.py
index 8fdbb72b7..a42b676ec 100644
--- a/backend/dataall/db/api/dataset.py
+++ b/backend/dataall/db/api/dataset.py
@@ -11,7 +11,7 @@
     ResourcePolicy,
     KeyValueTag,
     Vote,
-    Stack,
+    Stack
 )
 from . import Organization
 from .. import models, api, exceptions, permissions, paginate
diff --git a/backend/dataall/db/api/redshift_cluster.py b/backend/dataall/db/api/redshift_cluster.py
index 91e687d2b..8dc3c8d63 100644
--- a/backend/dataall/db/api/redshift_cluster.py
+++ b/backend/dataall/db/api/redshift_cluster.py
@@ -4,7 +4,6 @@
 
 from .. import models, api, exceptions, paginate, permissions
 from . import has_resource_perm, ResourcePolicy, DatasetTable, Environment, Dataset
-from ..models.Enums import ShareItemStatus
 from ...utils.naming_convention import (
     NamingConventionService,
     NamingConventionPattern,
diff --git a/backend/dataall/searchproxy/connect.py b/backend/dataall/searchproxy/connect.py
index a758b95b3..3c952f5c9 100644
--- a/backend/dataall/searchproxy/connect.py
+++ b/backend/dataall/searchproxy/connect.py
@@ -55,15 +55,17 @@ def connect(envname='local'):
         secret = creds.secret_key
         token = creds.token
 
+        host = utils.Parameter.get_parameter(env=envname, path='elasticsearch/endpoint')
+        service = utils.Parameter.get_parameter(env=envname, path='elasticsearch/service') or 'es'
+
         awsauth = AWS4Auth(
             access_key,
             secret,
             os.getenv('AWS_REGION', 'eu-west-1'),
-            'es',
+            service,
             session_token=token,
         )
 
-        host = utils.Parameter.get_parameter(env=envname, path='elasticsearch/endpoint')
         es = opensearchpy.OpenSearch(
             hosts=[{'host': host, 'port': 443}],
             http_auth=awsauth,
@@ -71,7 +73,11 @@ def connect(envname='local'):
             verify_certs=True,
             connection_class=opensearchpy.RequestsHttpConnection,
         )
-        print(es.info())
+
+        # Avoid calling GET /info endpoint because it is not available in OpenSearch Serverless
+        if service != "aoss":
+            print(es.info())
+
         if not es.indices.exists(index='dataall-index'):
             es.indices.create(index='dataall-index', body=CREATE_INDEX_REQUEST_BODY)
             print('Create "dataall-index" for dev env')
diff --git a/backend/dataall/tasks/data_sharing/share_managers/lf_share_manager.py b/backend/dataall/tasks/data_sharing/share_managers/lf_share_manager.py
index b74e34e93..22bba64ca 100644
--- a/backend/dataall/tasks/data_sharing/share_managers/lf_share_manager.py
+++ b/backend/dataall/tasks/data_sharing/share_managers/lf_share_manager.py
@@ -60,11 +60,12 @@ def get_share_principals(self) -> [str]:
         """
         principals = [f"arn:aws:iam::{self.target_environment.AwsAccountId}:role/{self.share.principalIAMRoleName}"]
         if self.target_environment.dashboardsEnabled:
-            q_group = Quicksight.get_quicksight_group_arn(
-                self.target_environment.AwsAccountId
-            )
-            if q_group:
-                principals.append(q_group)
+            group = Quicksight.create_quicksight_group(AwsAccountId=self.target_environment.AwsAccountId)
+            if group and group.get('Group'):
+                group_arn = group.get('Group').get('Arn')
+                if group_arn:
+                    principals.append(group_arn)
+
         return principals
 
     def build_shared_db_name(self) -> str:
diff --git a/backend/dataall/tasks/stacks_updater.py b/backend/dataall/tasks/stacks_updater.py
index 03bfd1005..d9f33332e 100644
--- a/backend/dataall/tasks/stacks_updater.py
+++ b/backend/dataall/tasks/stacks_updater.py
@@ -1,6 +1,7 @@
 import logging
 import os
 import sys
+import time
 
 from .. import db
 from ..db import models
@@ -14,36 +15,46 @@
     root.addHandler(logging.StreamHandler(sys.stdout))
 log = logging.getLogger(__name__)
 
+RETRIES = 30
+SLEEP_TIME = 30
+
 
 def update_stacks(engine, envname):
     with engine.scoped_session() as session:
 
-        all_datasets: [models.Dataset] = db.api.Dataset.list_all_active_datasets(
-            session
-        )
-        all_environments: [
-            models.Environment
-        ] = db.api.Environment.list_all_active_environments(session)
-        log.info(f'Found {len(all_environments)} environments')
+        all_datasets: [models.Dataset] = db.api.Dataset.list_all_active_datasets(session)
+        all_environments: [models.Environment] = db.api.Environment.list_all_active_environments(session)
+
+        log.info(f'Found {len(all_environments)} environments, triggering update stack tasks...')
         environment: models.Environment
         for environment in all_environments:
-            update_stack(session, envname, environment.environmentUri)
+            update_stack(session=session, envname=envname, target_uri=environment.environmentUri, wait=True)
 
         log.info(f'Found {len(all_datasets)} datasets')
         dataset: models.Dataset
         for dataset in all_datasets:
-            update_stack(session, envname, dataset.datasetUri)
+            update_stack(session=session, envname=envname, target_uri=dataset.datasetUri, wait=False)
 
         return all_environments, all_datasets
 
 
-def update_stack(session, envname, target_uri):
+def update_stack(session, envname, target_uri, wait=False):
     stack: models.Stack = db.api.Stack.get_stack_by_target_uri(
         session, target_uri=target_uri
     )
     cluster_name = Parameter().get_parameter(env=envname, path='ecs/cluster/name')
-    if not Ecs.is_task_running(cluster_name, f'awsworker-{stack.stackUri}'):
-        stack.EcsTaskArn = Ecs.run_cdkproxy_task(stack.stackUri)
+    if not Ecs.is_task_running(cluster_name=cluster_name, started_by=f'awsworker-{stack.stackUri}'):
+        stack.EcsTaskArn = Ecs.run_cdkproxy_task(stack_uri=stack.stackUri)
+        if wait:
+            retries = 1
+            while Ecs.is_task_running(cluster_name=cluster_name, started_by=f'awsworker-{stack.stackUri}'):
+                log.info(f"Update for {stack.name}//{stack.stackUri} is not complete, waiting for {SLEEP_TIME} seconds...")
+                time.sleep(SLEEP_TIME)
+                retries = retries + 1
+                if retries > RETRIES:
+                    log.info(f"Maximum number of retries exceeded ({RETRIES} retries), continuing task...")
+                    break
+            log.info(f"Update for {stack.name}//{stack.stackUri} COMPLETE or maximum number of retries exceeded ({RETRIES} retries)")
     else:
         log.info(
             f'Stack update is already running... Skipping stack {stack.name}//{stack.stackUri}'
diff --git a/deploy/configs/frontend_config.py b/deploy/configs/frontend_config.py
index 7b9c9c8d6..a32002099 100644
--- a/deploy/configs/frontend_config.py
+++ b/deploy/configs/frontend_config.py
@@ -10,7 +10,7 @@ def create_react_env_file(
     resource_prefix,
     internet_facing='True',
     custom_domain='False',
-    cw_rum_enabled='False',
+    cw_rum_enabled='False'
 ):
     ssm = boto3.client('ssm', region_name=region)
     user_pool_id = ssm.get_parameter(Name=f'/dataall/{envname}/cognito/userpool')[
@@ -33,6 +33,11 @@ def create_react_env_file(
     search_api_url = f'{api_url}search/api'
     print(f'Search API: {search_api_url}')
 
+    pivot_role_auto_create = ssm.get_parameter(Name=f"/dataall/{envname}/pivotRole/enablePivotRoleAutoCreate")['Parameter'][
+        'Value'
+    ]
+    print(f'PivotRole auto-create is enabled: {pivot_role_auto_create}')
+
     if custom_domain == 'False' and internet_facing == 'True':
         print('Switching to us-east-1 region...')
         ssm = boto3.client('ssm', region_name='us-east-1')
@@ -63,6 +68,7 @@ def create_react_env_file(
 REACT_APP_COGNITO_REDIRECT_SIGNIN=https://{signin_singout_link}
 REACT_APP_COGNITO_REDIRECT_SIGNOUT=https://{signin_singout_link}
 REACT_APP_USERGUIDE_LINK=https://{user_guide_link}
+REACT_APP_ENABLE_PIVOT_ROLE_AUTO_CREATE={pivot_role_auto_create}
 """
         print('.env content: \n', file_content)
         f.write(file_content)
diff --git a/deploy/pivot_role/pivotRole.yaml b/deploy/pivot_role/pivotRole.yaml
index 601d30f70..3721ea81f 100644
--- a/deploy/pivot_role/pivotRole.yaml
+++ b/deploy/pivot_role/pivotRole.yaml
@@ -318,10 +318,7 @@ Resources:
             Effect: Allow
             Action:
               - 'ec2:DeleteNetworkInterface'
-            Resource: '*'
-            Condition:
-              StringEquals:
-                'aws:ResourceTag/dataall': 'True'
+            Resource: !Sub 'arn:aws:ec2:*:${AWS::AccountId}:network-interface/*'
           - Sid: SageMakerNotebookActions
             Effect: Allow
             Action:
@@ -347,7 +344,8 @@ Resources:
              - 'sagemaker:ListApps'
              - 'sagemaker:DeleteApp'
             Resource: '*'
-          - Effect: Allow
+          - Sid: RamTag
+            Effect: Allow
             Action:
               - 'ram:TagResource'
             Resource: '*'
@@ -355,7 +353,8 @@ Resources:
               'ForAllValues:StringLike':
                 'ram:ResourceShareName':
                   - LakeFormation*
-          - Effect: Allow
+          - Sid: RamCreateResource
+            Effect: Allow
             Action:
               - 'ram:CreateResourceShare'
             Resource: '*'
@@ -365,7 +364,8 @@ Resources:
                   - 'glue:Table'
                   - 'glue:Database'
                   - 'glue:Catalog'
-          - Effect: Allow
+          - Sid: RamUpdateResource
+            Effect: Allow
             Action:
               - 'ram:UpdateResourceShare'
             Resource: !Sub 'arn:aws:ram:*:${AWS::AccountId}:resource-share/*'
@@ -375,7 +375,8 @@ Resources:
               'ForAllValues:StringLike':
                 'ram:ResourceShareName':
                   - LakeFormation*
-          - Effect: Allow
+          - Sid: RamAssociateResource
+            Effect: Allow
             Action:
               - 'ram:AssociateResourceShare'
               - 'ram:DisassociateResourceShare'
@@ -384,7 +385,8 @@ Resources:
               'ForAllValues:StringLike':
                 'ram:ResourceShareName':
                   - LakeFormation*
-          - Effect: Allow
+          - Sid: RamDeleteResource
+            Effect: Allow
             Action:
               - 'ram:DeleteResourceShare'
             Resource: !Sub 'arn:aws:ram:*:${AWS::AccountId}:resource-share/*'
@@ -399,7 +401,7 @@ Resources:
               - "ec2:DescribeAvailabilityZones"
               - "ram:EnableSharingWithAwsOrganization"
             Resource: '*'
-          - Sid: RamRead
+          - Sid: RamReadGlue
             Effect: Allow
             Action:
               - 'glue:PutResourcePolicy'
@@ -503,6 +505,10 @@ Resources:
           - Sid: LakeFormation
             Effect: Allow
             Action:
+              - "lakeformation:RegisterResource"
+              - "lakeformation:DeregisterResource"
+              - "lakeformation:UpdateResource"
+              - "lakeformation:DescribeResource"
               - "lakeformation:AddLFTagsToResource"
               - "lakeformation:RemoveLFTagsFromResource"
               - "lakeformation:GetResourceLFTags"
@@ -536,7 +542,6 @@ Resources:
               - 'lakeformation:GetTableObjects'
               - 'lakeformation:UpdateTableObjects'
               - 'lakeformation:DeleteObjectsOnCancel'
-              - 'lakeformation:DescribeResource'
             Resource: '*'
           - Sid: Compute
             Effect: Allow
@@ -611,6 +616,7 @@ Resources:
             - !Sub "arn:aws:quicksight:*:${AWS::AccountId}:dashboard/*"
             - !Sub "arn:aws:quicksight:*:${AWS::AccountId}:namespace/default"
             - !Sub "arn:aws:quicksight:*:${AWS::AccountId}:account/*"
+            - !Sub "arn:aws:quicksight:*:${AWS::AccountId}:*"
           - Sid: QuickSightSession
             Effect: Allow
             Action:
@@ -652,7 +658,6 @@ Resources:
             Action:
               - 'iam:Get*'
               - 'iam:ListRoles'
-              - 'iam:Get*'
             Effect: Allow
             Resource: '*'
           - Sid: IAMRolePolicy
diff --git a/deploy/pivot_role/pivotRoleCDK/README.md b/deploy/pivot_role/pivotRoleCDK/README.md
deleted file mode 100644
index 6778d1aae..000000000
--- a/deploy/pivot_role/pivotRoleCDK/README.md
+++ /dev/null
@@ -1,8 +0,0 @@
-# README
-
-This directory contains a CDK version of the pivotRole.
-It is not used by data.all, but it might be useful if you are implementing
-any automation around the creation of data.all pivotRole.
-
-This is just for reference, you still need to take the code and adapt it
-to your specific CICD implementation.
diff --git a/deploy/pivot_role/pivotRoleCDK/app.py b/deploy/pivot_role/pivotRoleCDK/app.py
deleted file mode 100644
index 60e8d0bf6..000000000
--- a/deploy/pivot_role/pivotRoleCDK/app.py
+++ /dev/null
@@ -1,25 +0,0 @@
-#!/usr/bin/env python3
-
-from aws_cdk import (
-    App,
-)
-
-from .dataall_base_infra import dataAllBaseInfra
-
-config = {
-    "NAME": "someenvironment",
-    "DATAALL_ACCOUNT": "AWSAccountId",
-    "EXTERNAL_ID": "externalId",
-    "RESOURCE_PREFIX": "resourcePrefix"
-}
-
-app = App()
-
-# data.all base resources: pivot role and LakeFormation service role
-dataall_infra = dataAllBaseInfra(
-    app,
-    f"BaseInfra-dataall-{config.NAME}",
-    config=config,
-)
-
-app.synth()
diff --git a/deploy/pivot_role/pivotRoleCDK/dataall_base_infra.py b/deploy/pivot_role/pivotRoleCDK/dataall_base_infra.py
deleted file mode 100644
index 7690543cd..000000000
--- a/deploy/pivot_role/pivotRoleCDK/dataall_base_infra.py
+++ /dev/null
@@ -1,846 +0,0 @@
-from constructs import Construct
-from aws_cdk import (
-    Duration,
-    Stack,
-    aws_iam as iam
-)
-
-class dataAllBaseInfra(Stack):
-    def __init__(self, scope: Construct, construct_id: str, config, **kwargs) -> None:
-        super().__init__(scope, construct_id, **kwargs)
-        # Data.All IAM PivotRole creation
-        self.create_dataall_role(name="dataallPivotRole", principal_id=config.DATAALL_ACCOUNT, external_id=config.EXTERNAL_ID, env_resource_prefix=config.RESOURCE_PREFIX)
-
-        # Data.All IAM Lake Formation service role creation
-        self.lf_service_role = iam.CfnServiceLinkedRole(self, "LakeFormationSLR",
-                                                        aws_service_name="lakeformation.amazonaws.com"
-                                                        )
-
-    def create_dataall_role(self, name: str, principal_id: str, external_id: str,
-                            env_resource_prefix: str) -> iam.Role:
-        """
-        Creates an IAM Role that will enable data.all to interact with this Data Account
-
-        :param str name: Role name
-        :param str principal_id: AWS Account ID of central data.all
-        :param str external_id: External ID provided by data.all
-        :param str env_resource_prefix: Environment Resource Prefix provided by data.all
-        :returns: Created IAM Role
-        :rtype: iam.Role
-        """
-
-        role = iam.Role(self, "DataAllPivotRole",
-                        role_name=name,
-                        assumed_by=iam.CompositePrincipal(
-                            iam.ServicePrincipal("glue.amazonaws.com"),
-                            iam.ServicePrincipal("lakeformation.amazonaws.com"),
-                            iam.ServicePrincipal("lambda.amazonaws.com")
-                        ),
-                        path="/",
-                        max_session_duration=Duration.hours(12),
-                        managed_policies=[
-                            self._create_dataall_policy0(env_resource_prefix),
-                            self._create_dataall_policy1(env_resource_prefix),
-                            self._create_dataall_policy2(env_resource_prefix),
-                            self._create_dataall_policy3(env_resource_prefix, name)
-                        ]
-                        )
-
-        role.assume_role_policy.add_statements(iam.PolicyStatement(
-                    effect=iam.Effect.ALLOW,
-                    principals=[
-                        iam.AccountPrincipal(account_id=principal_id)
-                    ],
-                    actions=["sts:AssumeRole"],
-                    conditions={"StringEquals": {"sts:ExternalId": external_id}}
-                ))
-
-
-        return role
-
-    def _create_dataall_policy0(self, env_resource_prefix: str) -> iam.ManagedPolicy:
-        """
-        Creates the first managed IAM Policy required for the Pivot Role used by data.all
-
-        :param str env_resource_prefix: Environment Resource Prefix provided by data.all
-        :returns: Created IAM Policy
-        :rtype: iam.ManagedPolicy
-        """
-        return iam.ManagedPolicy(self, "PivotRolePolicy0",
-                                 managed_policy_name=f"{env_resource_prefix}-pivotrole-policy-0",
-                                 statements=[
-                                     # Athena permissions
-                                     iam.PolicyStatement(
-                                         sid="Athena", effect=iam.Effect.ALLOW, resources=["*"],
-                                         actions=[
-                                             "athena:GetQuery*",
-                                             "athena:StartQueryExecution",
-                                             "athena:ListWorkGroups"
-                                         ]
-                                     ),
-                                     # Athena Workgroups permissions
-                                     iam.PolicyStatement(
-                                         sid="AthenaWorkgroups", effect=iam.Effect.ALLOW,
-                                         actions=[
-                                             "athena:GetWorkGroup",
-                                             "athena:CreateWorkGroup",
-                                             "athena:UpdateWorkGroup",
-                                             "athena:DeleteWorkGroup",
-                                             "athena:TagResource",
-                                             "athena:UntagResource",
-                                             "athena:ListTagsForResource"
-                                         ],
-                                         resources=[
-                                             f"arn:aws:athena:*:{self.account}:workgroup/{env_resource_prefix}*"]
-                                     ),
-                                     # AWS Glue Crawler Bucket
-                                     iam.PolicyStatement(
-                                         sid="AwsGlueCrawlerBucket", effect=iam.Effect.ALLOW,
-                                         actions=["s3:GetObject"],
-                                         resources=["arn:aws:s3:::crawler-public*"]
-                                     ),
-                                     # S3 Access points
-                                     iam.PolicyStatement(
-                                         sid="ManagedAccessPoints", effect=iam.Effect.ALLOW,
-                                         actions=[
-                                            "s3:GetAccessPoint",
-                                            "s3:GetAccessPointPolicy",
-                                            "s3:ListAccessPoints",
-                                            "s3:CreateAccessPoint",
-                                            "s3:DeleteAccessPoint",
-                                            "s3:GetAccessPointPolicyStatus",
-                                            "s3:DeleteAccessPointPolicy",
-                                            "s3:PutAccessPointPolicy"
-                                         ],
-                                         resources=[f"arn:aws:s3:*:{self.account}:accesspoint/*"]
-                                     ),
-                                     # S3 Managed Buckets
-                                     iam.PolicyStatement(
-                                         sid="ManagedBuckets", effect=iam.Effect.ALLOW,
-                                         actions=[
-                                             "s3:List*",
-                                             "s3:Delete*",
-                                             "s3:Get*",
-                                             "s3:Put*"
-                                         ],
-                                         resources=[f"arn:aws:s3:::{env_resource_prefix}*"]
-                                     ),
-                                     # S3 Imported Buckets
-                                     iam.PolicyStatement(
-                                         sid="ImportedBuckets", effect=iam.Effect.ALLOW,
-                                         actions=[
-                                             "s3:List*",
-                                             "s3:GetBucket*",
-                                             "s3:GetLifecycleConfiguration",
-                                             "s3:GetObject",
-                                             "s3:PutBucketPolicy",
-                                             "s3:PutBucketTagging",
-                                             "s3:PutObject",
-                                             "s3:PutObjectAcl",
-                                             "s3:PutBucketOwnershipControls"
-                                         ],
-                                         resources=["arn:aws:s3:::*"]
-                                     ),
-                                     # AWS Logging Buckets
-                                     iam.PolicyStatement(
-                                         sid="AWSLoggingBuckets", effect=iam.Effect.ALLOW,
-                                         actions=[
-                                             "s3:PutBucketAcl",
-                                             "s3:PutBucketNotification"
-                                         ],
-                                         resources=[f"arn:aws:s3:::{env_resource_prefix}-logging-*"]
-                                     ),
-                                     # Read Buckets
-                                     iam.PolicyStatement(
-                                         sid="ReadBuckets", effect=iam.Effect.ALLOW,
-                                         actions=[
-                                             "s3:ListAllMyBuckets",
-                                             "s3:GetBucketLocation",
-                                             "s3:PutBucketTagging"
-                                         ],
-                                         resources=["*"]
-                                     ),
-                                     # CloudWatch Metrics
-                                     iam.PolicyStatement(
-                                         sid="CWMetrics", effect=iam.Effect.ALLOW,
-                                         actions=[
-                                             "cloudwatch:PutMetricData",
-                                             "cloudwatch:GetMetricData",
-                                             "cloudwatch:GetMetricStatistics"
-                                         ],
-                                         resources=["*"]
-                                     ),
-                                     # Logs
-                                     iam.PolicyStatement(
-                                         sid="Logs", effect=iam.Effect.ALLOW,
-                                         actions=[
-                                             "logs:CreateLogGroup",
-                                             "logs:CreateLogStream",
-                                             "logs:PutLogEvents"
-                                         ],
-                                         resources=[
-                                             f"arn:aws:logs:*:{self.account}:log-group:/aws-glue/*",
-                                             f"arn:aws:logs:*:{self.account}:log-group:/aws/lambda/*",
-                                             f"arn:aws:logs:*:{self.account}:log-group:/{env_resource_prefix}*",
-                                         ]
-                                     ),
-                                     # Logging
-                                     iam.PolicyStatement(
-                                         sid="Logging", effect=iam.Effect.ALLOW,
-                                         actions=["logs:PutLogEvents"],
-                                         resources=["*"]
-                                     ),
-                                     # EventBridge (CloudWatch Events)
-                                     iam.PolicyStatement(
-                                         sid="CWEvents", effect=iam.Effect.ALLOW,
-                                         actions=[
-                                             "events:DeleteRule",
-                                             "events:List*",
-                                             "events:PutRule",
-                                             "events:PutTargets",
-                                             "events:RemoveTargets"
-                                         ],
-                                         resources=["*"]
-                                     ),
-                                     # Glue
-                                     iam.PolicyStatement(
-                                         sid="Glue", effect=iam.Effect.ALLOW,
-                                         actions=[
-                                             "glue:BatchCreatePartition",
-                                             "glue:BatchDeletePartition",
-                                             "glue:BatchDeleteTable",
-                                             "glue:CreateCrawler",
-                                             "glue:CreateDatabase",
-                                             "glue:CreatePartition",
-                                             "glue:CreateTable",
-                                             "glue:DeleteCrawler",
-                                             "glue:DeleteDatabase",
-                                             "glue:DeleteJob",
-                                             "glue:DeletePartition",
-                                             "glue:DeleteTable",
-                                             "glue:DeleteTrigger",
-                                             "glue:BatchGet*",
-                                             "glue:Get*",
-                                             "glue:List*",
-                                             "glue:StartCrawler",
-                                             "glue:StartJobRun",
-                                             "glue:StartTrigger",
-                                             "glue:SearchTables",
-                                             "glue:UpdateDatabase",
-                                             "glue:UpdatePartition",
-                                             "glue:UpdateTable",
-                                             "glue:UpdateTrigger",
-                                             "glue:UpdateJob",
-                                             "glue:TagResource",
-                                             "glue:UpdateCrawler"
-                                         ],
-                                         resources=["*"]
-                                     ),
-                                     # KMS
-                                     iam.PolicyStatement(
-                                         sid="KMS", effect=iam.Effect.ALLOW,
-                                         actions=[
-                                             "kms:Decrypt",
-                                             "kms:Encrypt",
-                                             "kms:GenerateDataKey*",
-                                             "kms:PutKeyPolicy",
-                                             "kms:ReEncrypt*",
-                                             "kms:TagResource",
-                                             "kms:UntagResource"
-                                         ],
-                                         resources=["*"]
-                                     ),
-                                     iam.PolicyStatement(
-                                         sid="KMSAlias", effect=iam.Effect.ALLOW,
-                                         actions=["kms:DeleteAlias"],
-                                         resources=[f"arn:aws:kms:*:{self.account}:alias/{env_resource_prefix}*"]
-                                     ),
-                                     iam.PolicyStatement(
-                                         sid="KMSCreate", effect=iam.Effect.ALLOW,
-                                         actions=[
-                                             "kms:List*",
-                                             "kms:DescribeKey",
-                                             "kms:CreateAlias",
-                                             "kms:CreateKey"
-                                         ],
-                                         resources=["*"]
-                                     ),
-                                     # AWS Organizations
-                                     iam.PolicyStatement(
-                                         sid="Organizations", effect=iam.Effect.ALLOW,
-                                         actions=["organizations:DescribeOrganization"],
-                                         resources=["*"]
-                                     ),
-                                     # Resource Tags
-                                     iam.PolicyStatement(
-                                         sid="ResourceGroupTags", effect=iam.Effect.ALLOW,
-                                         actions=[
-                                             "tag:*",
-                                             "resource-groups:*"
-                                         ],
-                                         resources=["*"]
-                                     ),
-                                     # SNS
-                                     iam.PolicyStatement(
-                                         sid="SNSPublish", effect=iam.Effect.ALLOW,
-                                         actions=[
-                                             "sns:Publish",
-                                             "sns:SetTopicAttributes",
-                                             "sns:GetTopicAttributes",
-                                             "sns:DeleteTopic",
-                                             "sns:Subscribe",
-                                             "sns:TagResource",
-                                             "sns:UntagResource",
-                                             "sns:CreateTopic"
-                                         ],
-                                         resources=[f"arn:aws:sns:*:{self.account}:{env_resource_prefix}*"]
-                                     ),
-                                     iam.PolicyStatement(
-                                         sid="SNSList", effect=iam.Effect.ALLOW,
-                                         actions=["sns:ListTopics"],
-                                         resources=["*"]
-                                     ),
-                                     # SQS
-                                     iam.PolicyStatement(
-                                         sid="SQSList", effect=iam.Effect.ALLOW,
-                                         actions=["sqs:ListQueues"],
-                                         resources=["*"]
-                                     ),
-                                     iam.PolicyStatement(
-                                         sid="SQS", effect=iam.Effect.ALLOW,
-                                         actions=[
-                                             "sqs:ReceiveMessage",
-                                             "sqs:SendMessage"
-                                         ],
-                                         resources=[f"arn:aws:sqs:*:{self.account}:{env_resource_prefix}*"]
-                                     )
-                                 ]
-                                 )
-
-    def _create_dataall_policy1(self, env_resource_prefix: str) -> iam.ManagedPolicy:
-        """
-        Creates the second managed IAM Policy required for the Pivot Role used by data.all
-
-        :param str env_resource_prefix: Environment Resource Prefix provided by data.all
-        :returns: Created IAM Policy
-        :rtype: iam.ManagedPolicy
-        """
-        return iam.ManagedPolicy(self, "PivotRolePolicy1",
-                                 managed_policy_name=f"{env_resource_prefix}-pivotrole-policy-1",
-                                 statements=[
-                                     # Redshift
-                                     iam.PolicyStatement(
-                                         sid="Redshift", effect=iam.Effect.ALLOW,
-                                         actions=[
-                                             "redshift:DeleteTags",
-                                             "redshift:ModifyClusterIamRoles",
-                                             "redshift:DescribeClusterSecurityGroups",
-                                             "redshift:DescribeClusterSubnetGroups",
-                                             "redshift:pauseCluster",
-                                             "redshift:resumeCluster"
-                                         ],
-                                         resources=["*"],
-                                         conditions={"StringEquals": {"aws:ResourceTag/dataall": "true"}}
-                                     ),
-                                     iam.PolicyStatement(
-                                         sid="RedshiftRead", effect=iam.Effect.ALLOW,
-                                         actions=[
-                                             "redshift:DescribeClusters",
-                                             "redshift:CreateTags",
-                                             "redshift:DescribeClusterSubnetGroups"
-                                         ],
-                                         resources=["*"]
-                                     ),
-                                     iam.PolicyStatement(
-                                         sid="RedshiftCreds", effect=iam.Effect.ALLOW,
-                                         actions=["redshift:GetClusterCredentials"],
-                                         resources=[
-                                             f"arn:aws:redshift:*:{self.account}:dbgroup:*/*",
-                                             f"arn:aws:redshift:*:{self.account}:dbname:*/*",
-                                             f"arn:aws:redshift:*:{self.account}:dbuser:*/*"
-                                         ]
-                                     ),
-                                     iam.PolicyStatement(
-                                         sid="AllowRedshiftSubnet", effect=iam.Effect.ALLOW,
-                                         actions=["redshift:CreateClusterSubnetGroup"],
-                                         resources=["*"]
-                                     ),
-                                     iam.PolicyStatement(
-                                         sid="AllowRedshiftDataApi", effect=iam.Effect.ALLOW,
-                                         actions=[
-                                             "redshift-data:ListTables",
-                                             "redshift-data:GetStatementResult",
-                                             "redshift-data:CancelStatement",
-                                             "redshift-data:ListSchemas",
-                                             "redshift-data:ExecuteStatement",
-                                             "redshift-data:ListStatements",
-                                             "redshift-data:ListDatabases",
-                                             "redshift-data:DescribeStatement"
-                                         ],
-                                         resources=["*"]
-                                     ),
-                                     # EC2
-                                     iam.PolicyStatement(
-                                         sid="EC2SG", effect=iam.Effect.ALLOW,
-                                         actions=[
-                                             "ec2:CreateSecurityGroup",
-                                             "ec2:CreateNetworkInterface",
-                                             "ec2:Describe*"
-                                         ],
-                                         resources=["*"]
-                                     ),
-                                     iam.PolicyStatement(
-                                         sid="TagsforENI", effect=iam.Effect.ALLOW,
-                                         actions=[
-                                             "ec2:CreateTags",
-                                             "ec2:DeleteTags"
-                                         ],
-                                         resources=[f"arn:aws:ec2:*:{self.account}:network-interface/*"]
-                                     ),
-                                     iam.PolicyStatement(
-                                         sid="DeleteENI", effect=iam.Effect.ALLOW,
-                                         actions=["ec2:DeleteNetworkInterface"],
-                                         resources=["*"],
-                                         conditions={"StringEquals": {"aws:ResourceTag/dataall": "True"}}
-                                     ),
-                                     # SageMaker
-                                     iam.PolicyStatement(
-                                         sid="SageMakerNotebookActions", effect=iam.Effect.ALLOW,
-                                         actions=[
-                                             "sagemaker:ListTags",
-                                             "sagemaker:DescribeUserProfile",
-                                             "sagemaker:DeleteNotebookInstance",
-                                             "sagemaker:StopNotebookInstance",
-                                             "sagemaker:CreatePresignedNotebookInstanceUrl",
-                                             "sagemaker:DescribeNotebookInstance",
-                                             "sagemaker:StartNotebookInstance",
-                                             "sagemaker:AddTags",
-                                             "sagemaker:DescribeDomain",
-                                             "sagemaker:CreatePresignedDomainUrl"
-                                         ],
-                                         resources=[
-                                             f"arn:aws:sagemaker:*:{self.account}:notebook-instance/{env_resource_prefix}*",
-                                             f"arn:aws:sagemaker:*:{self.account}:domain/*",
-                                             f"arn:aws:sagemaker:*:{self.account}:user-profile/*/*"
-                                         ]
-                                     ),
-                                     iam.PolicyStatement(
-                                         sid="SageMakerNotebookInstances", effect=iam.Effect.ALLOW,
-                                         actions=[
-                                             "sagemaker:ListNotebookInstances",
-                                             "sagemaker:ListDomains",
-                                             "sagemaker:ListApps",
-                                             "sagemaker:DeleteApp"
-                                         ],
-                                         resources=["*"]
-                                     ),
-                                     # RAM
-                                     iam.PolicyStatement(
-                                         sid="RamTag", effect=iam.Effect.ALLOW,
-                                         actions=["ram:TagResource"],
-                                         resources=["*"],
-                                         conditions={"ForAllValues:StringLike": {
-                                             "ram:ResourceShareName": ["LakeFormation*"]}}
-                                     ),
-                                     iam.PolicyStatement(
-                                         sid="RamCreateResource", effect=iam.Effect.ALLOW,
-                                         actions=["ram:CreateResourceShare"],
-                                         resources=["*"],
-                                         conditions={"ForAllValues:StringEquals": {"ram:RequestedResourceType": [
-                                             "glue:Table",
-                                             "glue:Database",
-                                             "glue:Catalog"
-                                         ]}}
-                                     ),
-                                     iam.PolicyStatement(
-                                         sid="RamUpdateResource", effect=iam.Effect.ALLOW,
-                                         actions=["ram:UpdateResourceShare"],
-                                         resources=[f"arn:aws:ram:*:{self.account}:resource-share/*"],
-                                         conditions={
-                                             "StringEquals": {"aws:ResourceTag/dataall": "true"},
-                                             "ForAllValues:StringLike": {
-                                                 "ram:ResourceShareName": ["LakeFormation*"]}
-                                         }
-                                     ),
-                                     iam.PolicyStatement(
-                                         sid="RamAssociateResource", effect=iam.Effect.ALLOW,
-                                         actions=[
-                                             "ram:AssociateResourceShare",
-                                             "ram:DisassociateResourceShare"
-                                         ],
-                                         resources=[f"arn:aws:ram:*:{self.account}:resource-share/*"],
-                                         conditions={"ForAllValues:StringLike": {
-                                                 "ram:ResourceShareName": ["LakeFormation*"]}
-                                         }
-                                     ),
-                                     iam.PolicyStatement(
-                                         sid="RamDeleteResource", effect=iam.Effect.ALLOW,
-                                         actions=["ram:DeleteResourceShare"],
-                                         resources=[f"arn:aws:ram:*:{self.account}:resource-share/*"]
-                                     ),
-                                     iam.PolicyStatement(
-                                         sid="RamInvitations", effect=iam.Effect.ALLOW,
-                                         actions=[
-                                             "ram:AcceptResourceShareInvitation",
-                                             "ram:RejectResourceShareInvitation",
-                                             "ec2:DescribeAvailabilityZones",
-                                             "ram:EnableSharingWithAwsOrganization"
-                                         ],
-                                         resources=["*"]
-                                     ),
-                                     iam.PolicyStatement(
-                                         sid="RamRead", effect=iam.Effect.ALLOW,
-                                         actions=[
-                                             "glue:PutResourcePolicy",
-                                             "glue:DeleteResourcePolicy",
-                                             "ram:Get*",
-                                             "ram:List*"
-                                         ],
-                                         resources=["*"]
-                                     ),
-                                     # Security Groups
-                                     iam.PolicyStatement(
-                                         sid="SGCreateTag", effect=iam.Effect.ALLOW,
-                                         actions=["ec2:CreateTags"],
-                                         resources=[f"arn:aws:ec2:*:{self.account}:security-group/*"],
-                                         conditions={"StringEquals": {"aws:RequestTag/dataall": "true"}}
-                                     ),
-                                     iam.PolicyStatement(
-                                         sid="SGandRedshift", effect=iam.Effect.ALLOW,
-                                         actions=[
-                                             "ec2:DeleteTags",
-                                             "ec2:DeleteSecurityGroup",
-                                             "redshift:DeleteClusterSubnetGroup"
-                                         ],
-                                         resources=["*"],
-                                         conditions={"ForAnyValue:StringEqualsIfExists": {
-                                             "aws:ResourceTag/dataall": "true"}}
-                                     ),
-                                     # Redshift
-                                     iam.PolicyStatement(
-                                         sid="RedshiftDataApi", effect=iam.Effect.ALLOW,
-                                         actions=[
-                                             "redshift-data:ListTables",
-                                             "redshift-data:GetStatementResult",
-                                             "redshift-data:CancelStatement",
-                                             "redshift-data:ListSchemas",
-                                             "redshift-data:ExecuteStatement",
-                                             "redshift-data:ListStatements",
-                                             "redshift-data:ListDatabases",
-                                             "redshift-data:DescribeStatement"
-                                         ],
-                                         resources=["*"],
-                                         conditions={"StringEqualsIfExists": {"aws:ResourceTag/dataall": "true"}}
-                                     ),
-                                     # Dev Tools
-                                     iam.PolicyStatement(
-                                         sid="DevTools0", effect=iam.Effect.ALLOW,
-                                         actions=["cloudformation:ValidateTemplate"],
-                                         resources=["*"]
-                                     ),
-                                     iam.PolicyStatement(
-                                         sid="DevTools1", effect=iam.Effect.ALLOW,
-                                         actions=[
-                                             "secretsmanager:CreateSecret",
-                                             "secretsmanager:DeleteSecret",
-                                             "secretsmanager:TagResource",
-                                             "codebuild:DeleteProject"
-                                         ],
-                                         resources=["*"],
-                                         conditions={"StringEquals": {"aws:ResourceTag/dataall": "true"}}
-                                     ),
-                                     iam.PolicyStatement(
-                                         sid="DevTools2", effect=iam.Effect.ALLOW,
-                                         actions=[
-                                             "codebuild:CreateProject",
-                                             "ecr:CreateRepository",
-                                             "ssm:PutParameter",
-                                             "ssm:AddTagsToResource"
-                                         ],
-                                         resources=["*"],
-                                         conditions={"StringEquals": {"aws:RequestTag/dataall": "true"}}
-                                     ),
-                                     iam.PolicyStatement(
-                                         sid="CloudFormation", effect=iam.Effect.ALLOW,
-                                         actions=[
-                                             "cloudformation:DescribeStacks",
-                                             "cloudformation:DescribeStackResources",
-                                             "cloudformation:DescribeStackEvents",
-                                             "cloudformation:DeleteStack",
-                                             "cloudformation:CreateStack",
-                                             "cloudformation:GetTemplate",
-                                             "cloudformation:ListStackResources",
-                                             "cloudformation:DescribeStackResource"
-                                         ],
-                                         resources=[
-                                             f"arn:aws:cloudformation:*:{self.account}:stack/{env_resource_prefix}*/*",
-                                             f"arn:aws:cloudformation:*:{self.account}:stack/CDKToolkit/*",
-                                             f"arn:aws:cloudformation:*:{self.account}:stack/*/*"
-                                         ]
-                                     )
-                                 ]
-                                 )
-
-    def _create_dataall_policy2(self, env_resource_prefix: str) -> iam.ManagedPolicy:
-        """
-        Creates the third managed IAM Policy required for the Pivot Role used by data.all
-
-        :param str env_resource_prefix: Environment Resource Prefix provided by data.all
-        :returns: Created IAM Policy
-        :rtype: iam.ManagedPolicy
-        """
-        return iam.ManagedPolicy(self, "PivotRolePolicy2",
-                                 managed_policy_name=f"{env_resource_prefix}-pivotrole-policy-2",
-                                 statements=[
-                                     # LakeFormation
-                                     iam.PolicyStatement(
-                                         sid="LakeFormation", effect=iam.Effect.ALLOW,
-                                         actions=[
-                                             "lakeformation:AddLFTagsToResource",
-                                             "lakeformation:RemoveLFTagsFromResource",
-                                             "lakeformation:GetResourceLFTags",
-                                             "lakeformation:ListLFTags",
-                                             "lakeformation:CreateLFTag",
-                                             "lakeformation:GetLFTag",
-                                             "lakeformation:UpdateLFTag",
-                                             "lakeformation:DeleteLFTag",
-                                             "lakeformation:SearchTablesByLFTags",
-                                             "lakeformation:SearchDatabasesByLFTags",
-                                             "lakeformation:ListResources",
-                                             "lakeformation:ListPermissions",
-                                             "lakeformation:GrantPermissions",
-                                             "lakeformation:BatchGrantPermissions",
-                                             "lakeformation:RevokePermissions",
-                                             "lakeformation:BatchRevokePermissions",
-                                             "lakeformation:PutDataLakeSettings",
-                                             "lakeformation:GetDataLakeSettings",
-                                             "lakeformation:GetDataAccess",
-                                             "lakeformation:GetWorkUnits",
-                                             "lakeformation:StartQueryPlanning",
-                                             "lakeformation:GetWorkUnitResults",
-                                             "lakeformation:GetQueryState",
-                                             "lakeformation:GetQueryStatistics",
-                                             "lakeformation:StartTransaction",
-                                             "lakeformation:CommitTransaction",
-                                             "lakeformation:CancelTransaction",
-                                             "lakeformation:ExtendTransaction",
-                                             "lakeformation:DescribeTransaction",
-                                             "lakeformation:ListTransactions",
-                                             "lakeformation:GetTableObjects",
-                                             "lakeformation:UpdateTableObjects",
-                                             "lakeformation:DeleteObjectsOnCancel",
-                                             "lakeformation:DescribeResource"
-                                         ],
-                                         resources=["*"]
-                                     ),
-                                     # Compute
-                                     iam.PolicyStatement(
-                                         sid="Compute", effect=iam.Effect.ALLOW,
-                                         actions=[
-                                             "lambda:CreateFunction",
-                                             "lambda:AddPermission",
-                                             "lambda:InvokeFunction",
-                                             "lambda:RemovePermission",
-                                             "lambda:GetFunction",
-                                             "lambda:GetFunctionConfiguration",
-                                             "lambda:DeleteFunction",
-                                             "ecr:CreateRepository",
-                                             "ecr:SetRepositoryPolicy",
-                                             "ecr:DeleteRepository",
-                                             "ecr:DescribeImages",
-                                             "ecr:BatchDeleteImage",
-                                             "codepipeline:GetPipelineState",
-                                             "codepipeline:DeletePipeline",
-                                             "codepipeline:GetPipeline",
-                                             "codepipeline:CreatePipeline",
-                                             "codepipeline:TagResource",
-                                             "codepipeline:UntagResource"
-                                         ],
-                                         resources=[
-                                             f"arn:aws:lambda:*:{self.account}:function:{env_resource_prefix}*",
-                                             f"arn:aws:s3:::{env_resource_prefix}*",
-                                             f"arn:aws:codepipeline:*:{self.account}:{env_resource_prefix}*",
-                                             f"arn:aws:ecr:*:{self.account}:repository/{env_resource_prefix}*"
-                                         ]
-                                     ),
-                                     # Databrew
-                                     iam.PolicyStatement(
-                                         sid="DatabrewList", effect=iam.Effect.ALLOW,
-                                         actions=["databrew:List*"],
-                                         resources=["*"]
-                                     ),
-                                     iam.PolicyStatement(
-                                         sid="DatabrewPermissions", effect=iam.Effect.ALLOW,
-                                         actions=[
-                                             "databrew:BatchDeleteRecipeVersion",
-                                             "databrew:Delete*",
-                                             "databrew:Describe*",
-                                             "databrew:PublishRecipe",
-                                             "databrew:SendProjectSessionAction",
-                                             "databrew:Start*",
-                                             "databrew:Stop*",
-                                             "databrew:TagResource",
-                                             "databrew:UntagResource",
-                                             "databrew:Update*"
-                                         ],
-                                         resources=[f"arn:aws:databrew:*:{self.account}:*/{env_resource_prefix}*"]
-                                     ),
-                                     # QuickSight
-                                     iam.PolicyStatement(
-                                         sid="QuickSight", effect=iam.Effect.ALLOW,
-                                         actions=[
-                                             "quicksight:CreateGroup",
-                                             "quicksight:DescribeGroup",
-                                             "quicksight:ListDashboards",
-                                             "quicksight:DescribeDataSource",
-                                             "quicksight:DescribeDashboard",
-                                             "quicksight:DescribeUser",
-                                             "quicksight:SearchDashboards",
-                                             "quicksight:GetDashboardEmbedUrl",
-                                             "quicksight:GenerateEmbedUrlForAnonymousUser",
-                                             "quicksight:UpdateUser",
-                                             "quicksight:ListUserGroups",
-                                             "quicksight:RegisterUser",
-                                             "quicksight:DescribeDashboardPermissions",
-                                             "quicksight:UpdateDashboardPermissions",
-                                             "quicksight:GetAuthCode",
-                                             "quicksight:CreateGroupMembership",
-                                             "quicksight:DescribeAccountSubscription"
-                                         ],
-                                         resources=[
-                                             f"arn:aws:quicksight:*:{self.account}:group/default/*",
-                                             f"arn:aws:quicksight:*:{self.account}:user/default/*",
-                                             f"arn:aws:quicksight:*:{self.account}:datasource/*",
-                                             f"arn:aws:quicksight:*:{self.account}:user/*",
-                                             f"arn:aws:quicksight:*:{self.account}:dashboard/*",
-                                             f"arn:aws:quicksight:*:{self.account}:namespace/default",
-                                             f"arn:aws:quicksight:*:{self.account}:account/*"
-                                         ]
-                                     ),
-                                     iam.PolicyStatement(
-                                         sid="QuickSightSession", effect=iam.Effect.ALLOW,
-                                         actions=["quicksight:GetSessionEmbedUrl"],
-                                         resources=["*"]
-                                     )
-                                 ]
-                                 )
-
-    def _create_dataall_policy3(self, env_resource_prefix: str, role_name: str) -> iam.ManagedPolicy:
-        """
-        Creates the fourth managed IAM Policy required for the Pivot Role used by data.all
-
-        :param str env_resource_prefix: Environment Resource Prefix provided by data.all
-        :param str role_name: IAM Role name
-        :returns: Created IAM Policy
-        :rtype: iam.ManagedPolicy
-        """
-        return iam.ManagedPolicy(self, "PivotRolePolicy3",
-                                 managed_policy_name=f"{env_resource_prefix}-pivotrole-policy-3",
-                                 statements=[
-                                     # SSM Parameter Store
-                                     iam.PolicyStatement(
-                                         sid="ParameterStore", effect=iam.Effect.ALLOW,
-                                         actions=[
-                                             "ssm:GetParameter"
-                                         ],
-                                         resources=[
-                                             f"arn:aws:ssm:*:{self.account}:parameter/{env_resource_prefix}/*",
-                                             f"arn:aws:ssm:*:{self.account}:parameter/dataall/*",
-                                             f"arn:aws:ssm:*:{self.account}:parameter/ddk/*"
-                                         ]
-                                     ),
-                                     # Secrets Manager
-                                     iam.PolicyStatement(
-                                         sid="SecretsManager", effect=iam.Effect.ALLOW,
-                                         actions=[
-                                             "secretsmanager:DescribeSecret",
-                                             "secretsmanager:GetSecretValue"
-                                         ],
-                                         resources=[
-                                             f"arn:aws:secretsmanager:*:{self.account}:secret:{env_resource_prefix}*",
-                                             f"arn:aws:secretsmanager:*:{self.account}:secret:dataall*"
-                                         ]
-                                     ),
-                                     iam.PolicyStatement(
-                                         sid="SecretsManagerList", effect=iam.Effect.ALLOW,
-                                         actions=["secretsmanager:ListSecrets"],
-                                         resources=["*"]
-                                     ),
-                                     # IAM
-                                     iam.PolicyStatement(
-                                         sid="IAMListGet", effect=iam.Effect.ALLOW,
-                                         actions=[
-                                             "iam:ListRoles",
-                                             "iam:Get*"
-                                         ],
-                                         resources=["*"]
-                                     ),
-                                     iam.PolicyStatement(
-                                         sid="IAMRolePolicy", effect=iam.Effect.ALLOW,
-                                         actions=[
-                                             "iam:PutRolePolicy",
-                                             "iam:DeleteRolePolicy"
-                                         ],
-                                         resources=["*"]
-                                     ),
-                                     iam.PolicyStatement(
-                                         sid="IAMPassRole", effect=iam.Effect.ALLOW,
-                                         actions=[
-                                             "iam:PassRole"
-                                         ],
-                                         resources=[
-                                             f"arn:aws:iam::{self.account}:role/{env_resource_prefix}*",
-                                             f"arn:aws:iam::{self.account}:role/{role_name}",
-                                             f"arn:aws:iam::{self.account}:role/cdk-*"
-                                         ],
-                                     ),
-                                     # STS
-                                     iam.PolicyStatement(
-                                         sid="STS", effect=iam.Effect.ALLOW,
-                                         actions=["sts:AssumeRole"],
-                                         resources=[
-                                             f"arn:aws:iam::{self.account}:role/{env_resource_prefix}*",
-                                             f"arn:aws:iam::{self.account}:role/ddk-*"
-                                         ]
-                                     ),
-                                     # Step Functions
-                                     iam.PolicyStatement(
-                                         sid="StepFunctions", effect=iam.Effect.ALLOW,
-                                         actions=[
-                                             "states:DescribeStateMachine",
-                                             "states:ListExecutions",
-                                             "states:StartExecution"
-                                         ],
-                                         resources=[
-                                             f"arn:aws:states:*:{self.account}:stateMachine:{env_resource_prefix}*"]
-                                     ),
-                                     # CodeCommit
-                                     iam.PolicyStatement(
-                                         sid="CodeCommit", effect=iam.Effect.ALLOW,
-                                         actions=[
-                                             "codecommit:GetFile",
-                                             "codecommit:ListBranches",
-                                             "codecommit:GetFolder",
-                                             "codecommit:GetCommit",
-                                             "codecommit:GitPull",
-                                             "codecommit:GetRepository",
-                                             'codecommit:TagResource',
-                                             "codecommit:UntagResource",
-                                             "codecommit:CreateBranch",
-                                             "codecommit:CreateCommit",
-                                             "codecommit:CreateRepository",
-                                             "codecommit:DeleteRepository",
-                                             "codecommit:GitPush",
-                                             "codecommit:PutFile",
-                                             "codecommit:GetBranch",
-                                         ],
-                                         resources=[f"arn:aws:codecommit:*:{self.account}:{env_resource_prefix}*"]
-                                     )
-                                 ]
-                                 )
-
-
-
-        
-        
-        
diff --git a/deploy/requirements.txt b/deploy/requirements.txt
index 7cd815a9d..5ea72abd5 100644
--- a/deploy/requirements.txt
+++ b/deploy/requirements.txt
@@ -1,6 +1,6 @@
-aws-cdk-lib==2.14.0
+aws-cdk-lib==2.61.1
 boto3-stubs==1.20.20
 boto3==1.24.85
 botocore==1.27.85
 cdk-nag==2.7.2
-constructs==10.0.73
+constructs>=10.0.0,<11.0.0
diff --git a/deploy/stacks/backend_stack.py b/deploy/stacks/backend_stack.py
index 6e49f0e27..78b920482 100644
--- a/deploy/stacks/backend_stack.py
+++ b/deploy/stacks/backend_stack.py
@@ -14,6 +14,7 @@
 from .lambda_api import LambdaApiStack
 from .monitoring import MonitoringStack
 from .opensearch import OpenSearchStack
+from .opensearch_serverless import OpenSearchServerlessStack
 from .param_store_stack import ParamStoreStack
 from .s3_resources import S3ResourcesStack
 from .secrets_stack import SecretsManagerStack
@@ -43,11 +44,17 @@ def __init__(
         enable_cw_canaries=False,
         enable_cw_rum=False,
         shared_dashboard_sessions='anonymous',
+        enable_pivot_role_auto_create=False,
+        enable_opensearch_serverless=False,
         **kwargs,
     ):
         super().__init__(scope, id, **kwargs)
 
-        vpc_stack = VpcStack(
+        self.resource_prefix = resource_prefix
+        self.envname = envname
+        self.prod_sizing = prod_sizing
+
+        self.vpc_stack = VpcStack(
             self,
             id='Vpc',
             envname=envname,
@@ -56,8 +63,10 @@ def __init__(
             vpc_id=vpc_id,
             **kwargs,
         )
-        vpc = vpc_stack.vpc
-        vpc_endpoints_sg = vpc_stack.vpce_security_group
+        vpc = self.vpc_stack.vpc
+        vpc_endpoints_sg = self.vpc_stack.vpce_security_group
+
+        self.pivot_role_name = f"dataallPivotRole{'-cdk' if enable_pivot_role_auto_create else ''}"
 
         ParamStoreStack(
             self,
@@ -68,6 +77,7 @@ def __init__(
             enable_cw_canaries=enable_cw_canaries,
             quicksight_enabled=quicksight_enabled,
             shared_dashboard_sessions=shared_dashboard_sessions,
+            enable_pivot_role_auto_create=enable_pivot_role_auto_create,
             **kwargs,
         )
 
@@ -77,6 +87,7 @@ def __init__(
             envname=envname,
             resource_prefix=resource_prefix,
             enable_cw_canaries=enable_cw_canaries,
+            pivot_role_name=self.pivot_role_name,
             **kwargs,
         )
 
@@ -112,7 +123,7 @@ def __init__(
             self, 'ECRREPO', repository_arn=ecr_repository
         )
 
-        lambda_api_stack = LambdaApiStack(
+        self.lambda_api_stack = LambdaApiStack(
             self,
             f'Lambdas',
             envname=envname,
@@ -126,10 +137,11 @@ def __init__(
             apig_vpce=apig_vpce,
             prod_sizing=prod_sizing,
             user_pool=cognito_stack.user_pool,
+            pivot_role_name=self.pivot_role_name,
             **kwargs,
         )
 
-        ecs_stack = ContainerStack(
+        self.ecs_stack = ContainerStack(
             self,
             f'ECS',
             envname=envname,
@@ -139,6 +151,8 @@ def __init__(
             ecr_repository=repo,
             image_tag=image_tag,
             prod_sizing=prod_sizing,
+            pivot_role_name=self.pivot_role_name,
+            tooling_account_id=tooling_account_id,
             **kwargs,
         )
 
@@ -241,51 +255,54 @@ def __init__(
             resource_prefix=resource_prefix,
             vpc=vpc,
             lambdas=[
-                lambda_api_stack.aws_handler,
-                lambda_api_stack.api_handler,
+                self.lambda_api_stack.aws_handler,
+                self.lambda_api_stack.api_handler,
             ],
-            ecs_security_groups=ecs_stack.ecs_security_groups,
+            ecs_security_groups=self.ecs_stack.ecs_security_groups,
             codebuild_dbmigration_sg=dbmigration_stack.codebuild_sg,
             prod_sizing=prod_sizing,
             quicksight_monitoring_sg=quicksight_monitoring_sg,
             **kwargs,
         )
 
-        opensearch_stack = OpenSearchStack(
-            self,
-            f'OpenSearch',
-            envname=envname,
-            resource_prefix=resource_prefix,
-            vpc=vpc,
-            lambdas=[
-                lambda_api_stack.aws_handler,
-                lambda_api_stack.api_handler,
-                lambda_api_stack.elasticsearch_proxy_handler,
-            ],
-            ecs_security_groups=ecs_stack.ecs_security_groups,
-            prod_sizing=prod_sizing,
-            **kwargs,
-        )
-
-        monitoring_stack = MonitoringStack(
+        self.monitoring_stack = MonitoringStack(
             self,
             f'CWDashboards',
             envname=envname,
             resource_prefix=resource_prefix,
             lambdas=[
-                lambda_api_stack.aws_handler,
-                lambda_api_stack.api_handler,
-                lambda_api_stack.elasticsearch_proxy_handler,
+                self.lambda_api_stack.aws_handler,
+                self.lambda_api_stack.api_handler,
+                self.lambda_api_stack.elasticsearch_proxy_handler,
             ],
             database=aurora_stack.cluster.cluster_identifier,
-            ecs_cluster=ecs_stack.ecs_cluster,
-            ecs_task_definitions=ecs_stack.ecs_task_definitions,
-            backend_api=lambda_api_stack.backend_api_name,
-            opensearch_domain=opensearch_stack.domain.domain_name,
+            ecs_cluster=self.ecs_stack.ecs_cluster,
+            ecs_task_definitions=self.ecs_stack.ecs_task_definitions,
+            backend_api=self.lambda_api_stack.backend_api_name,
             queue_name=sqs_stack.queue.queue_name,
             **kwargs,
         )
 
+        self.opensearch_args = {
+            "envname": envname,
+            "resource_prefix": resource_prefix,
+            "vpc": vpc,
+            "vpc_endpoints_sg": vpc_endpoints_sg,
+            "lambdas": [
+                self.lambda_api_stack.aws_handler,
+                self.lambda_api_stack.api_handler,
+                self.lambda_api_stack.elasticsearch_proxy_handler,
+            ],
+            "ecs_security_groups": self.ecs_stack.ecs_security_groups,
+            "ecs_task_role": self.ecs_stack.ecs_task_role,
+            "prod_sizing": prod_sizing,
+            **kwargs,
+        }
+        if enable_opensearch_serverless:
+            self.create_opensearch_serverless_stack()
+        else:
+            self.create_opensearch_stack()
+
         if enable_cw_rum:
             CloudWatchRumStack(
                 self,
@@ -293,12 +310,10 @@ def __init__(
                 envname=envname,
                 resource_prefix=resource_prefix,
                 tooling_account_id=tooling_account_id,
-                cw_alarm_action=monitoring_stack.cw_alarm_action,
+                cw_alarm_action=self.monitoring_stack.cw_alarm_action,
                 cognito_identity_pool_id=cognito_stack.identity_pool.ref,
                 cognito_identity_pool_role_arn=cognito_stack.identity_pool_role.role_arn,
-                custom_domain_name=custom_domain.get('hosted_zone_name')
-                if custom_domain
-                else None,
+                custom_domain_name=custom_domain.get('hosted_zone_name') if custom_domain else None,
             )
 
         if enable_cw_canaries:
@@ -309,6 +324,21 @@ def __init__(
                 resource_prefix=resource_prefix,
                 vpc=vpc,
                 logs_bucket=s3_resources_stack.logs_bucket,
-                cw_alarm_action=monitoring_stack.cw_alarm_action,
+                cw_alarm_action=self.monitoring_stack.cw_alarm_action,
                 internet_facing=internet_facing,
             )
+
+    def create_opensearch_stack(self):
+        os_stack = OpenSearchStack(self, 'OpenSearch', **self.opensearch_args)
+        self.monitoring_stack.set_es_alarms(
+            alarm_name=f'{self.resource_prefix}-{self.envname}-opensearch-alarm',
+            domain_name=os_stack.domain_name,
+        )
+
+    def create_opensearch_serverless_stack(self):
+        aoss_stack = OpenSearchServerlessStack(self, 'OpenSearchServerless', **self.opensearch_args)
+        self.monitoring_stack.set_aoss_alarms(
+            alarm_name=f'{self.resource_prefix}-{self.envname}-opensearch-serverless-alarm',
+            collection_id=aoss_stack.collection_id,
+            collection_name=aoss_stack.collection_name,
+        )
diff --git a/deploy/stacks/backend_stage.py b/deploy/stacks/backend_stage.py
index 72ef3da37..86a21ba86 100644
--- a/deploy/stacks/backend_stage.py
+++ b/deploy/stacks/backend_stage.py
@@ -27,6 +27,8 @@ def __init__(
         enable_cw_canaries=False,
         enable_cw_rum=False,
         shared_dashboard_sessions='anonymous',
+        enable_opensearch_serverless=False,
+        enable_pivot_role_auto_create=False,
         **kwargs,
     ):
         super().__init__(scope, id, **kwargs)
@@ -51,6 +53,8 @@ def __init__(
             enable_cw_canaries=enable_cw_canaries,
             enable_cw_rum=enable_cw_rum,
             shared_dashboard_sessions=shared_dashboard_sessions,
+            enable_opensearch_serverless=enable_opensearch_serverless,
+            enable_pivot_role_auto_create=enable_pivot_role_auto_create,
             **kwargs,
         )
 
@@ -61,9 +65,7 @@ def __init__(
         NagSuppressions.add_stack_suppressions(
             backend_stack,
             suppressions=[
-                NagPackSuppression(
-                    id=rule_suppressed['id'], reason=rule_suppressed['reason']
-                )
+                NagPackSuppression(id=rule_suppressed['id'], reason=rule_suppressed['reason'])
                 for rule_suppressed in BACKEND_STACK_CDK_NAG_EXCLUSIONS
             ],
             apply_to_nested_stacks=True,
diff --git a/deploy/stacks/container.py b/deploy/stacks/container.py
index dfc667c25..a667c6898 100644
--- a/deploy/stacks/container.py
+++ b/deploy/stacks/container.py
@@ -25,6 +25,8 @@ def __init__(
         ecr_repository=None,
         image_tag=None,
         prod_sizing=False,
+        pivot_role_name=None,
+        tooling_account_id=None,
         **kwargs,
     ):
         super().__init__(scope, id, **kwargs)
@@ -44,15 +46,16 @@ def __init__(
             container_insights=True,
         )
 
-        task_role = self.create_task_role(envname, resource_prefix)
+        self.task_role = self.create_task_role(envname, resource_prefix, pivot_role_name)
+        self.cicd_stacks_updater_role = self.create_cicd_stacks_updater_role(envname, resource_prefix, tooling_account_id)
 
         cdkproxy_task_definition = ecs.FargateTaskDefinition(
             self,
             f'{resource_prefix}-{envname}-cdkproxy',
             cpu=1024,
             memory_limit_mib=2048,
-            task_role=task_role,
-            execution_role=task_role,
+            task_role=self.task_role,
+            execution_role=self.task_role,
             family=f'{resource_prefix}-{envname}-cdkproxy',
         )
 
@@ -94,7 +97,7 @@ def __init__(
             envname, resource_prefix, vpc, vpc_endpoints_sg
         )
 
-        sync_tables_task = self.set_scheduled_task(
+        sync_tables_task, sync_tables_task_def = self.set_scheduled_task(
             cluster=cluster,
             command=['python3.8', '-m', 'dataall.tasks.tables_syncer'],
             container_id=f'container',
@@ -111,14 +114,14 @@ def __init__(
             schedule_expression=Schedule.expression('rate(15 minutes)'),
             scheduled_task_id=f'{resource_prefix}-{envname}-tables-syncer-schedule',
             task_id=f'{resource_prefix}-{envname}-tables-syncer',
-            task_role=task_role,
+            task_role=self.task_role,
             vpc=vpc,
             security_group=scheduled_tasks_sg,
             prod_sizing=prod_sizing,
         )
         self.ecs_security_groups.extend(sync_tables_task.task.security_groups)
 
-        catalog_indexer_task = self.set_scheduled_task(
+        catalog_indexer_task, catalog_indexer_task_def = self.set_scheduled_task(
             cluster=cluster,
             command=['python3.8', '-m', 'dataall.tasks.catalog_indexer'],
             container_id=f'container',
@@ -135,14 +138,14 @@ def __init__(
             schedule_expression=Schedule.expression('rate(6 hours)'),
             scheduled_task_id=f'{resource_prefix}-{envname}-catalog-indexer-schedule',
             task_id=f'{resource_prefix}-{envname}-catalog-indexer',
-            task_role=task_role,
+            task_role=self.task_role,
             vpc=vpc,
             security_group=scheduled_tasks_sg,
             prod_sizing=prod_sizing,
         )
         self.ecs_security_groups.extend(catalog_indexer_task.task.security_groups)
 
-        stacks_updater = self.set_scheduled_task(
+        stacks_updater, stacks_updater_task_def = self.set_scheduled_task(
             cluster=cluster,
             command=['python3.8', '-m', 'dataall.tasks.stacks_updater'],
             container_id=f'container',
@@ -159,14 +162,21 @@ def __init__(
             schedule_expression=Schedule.expression('cron(0 1 * * ? *)'),
             scheduled_task_id=f'{resource_prefix}-{envname}-stacks-updater-schedule',
             task_id=f'{resource_prefix}-{envname}-stacks-updater',
-            task_role=task_role,
+            task_role=self.task_role,
             vpc=vpc,
             security_group=scheduled_tasks_sg,
             prod_sizing=prod_sizing,
         )
         self.ecs_security_groups.extend(stacks_updater.task.security_groups)
 
-        update_bucket_policies_task = self.set_scheduled_task(
+        ssm.StringParameter(
+            self,
+            f'StacksUpdaterTaskDefParam{envname}',
+            parameter_name=f'/dataall/{envname}/ecs/task_def_arn/stacks_updater',
+            string_value=stacks_updater_task_def.task_definition_arn,
+        )
+
+        update_bucket_policies_task, update_bucket_task_def = self.set_scheduled_task(
             cluster=cluster,
             command=['python3.8', '-m', 'dataall.tasks.bucket_policy_updater'],
             container_id=f'container',
@@ -183,7 +193,7 @@ def __init__(
             schedule_expression=Schedule.expression('rate(15 minutes)'),
             scheduled_task_id=f'{resource_prefix}-{envname}-policies-updater-schedule',
             task_id=f'{resource_prefix}-{envname}-policies-updater',
-            task_role=task_role,
+            task_role=self.task_role,
             vpc=vpc,
             security_group=scheduled_tasks_sg,
             prod_sizing=prod_sizing,
@@ -192,7 +202,7 @@ def __init__(
             update_bucket_policies_task.task.security_groups
         )
 
-        subscriptions_task = self.set_scheduled_task(
+        subscriptions_task, subscription_task_def = self.set_scheduled_task(
             cluster=cluster,
             command=[
                 'python3.8',
@@ -213,7 +223,7 @@ def __init__(
             schedule_expression=Schedule.expression('rate(15 minutes)'),
             scheduled_task_id=f'{resource_prefix}-{envname}-subscriptions-schedule',
             task_id=f'{resource_prefix}-{envname}-subscriptions',
-            task_role=task_role,
+            task_role=self.task_role,
             vpc=vpc,
             security_group=scheduled_tasks_sg,
             prod_sizing=prod_sizing,
@@ -225,8 +235,8 @@ def __init__(
             f'{resource_prefix}-{envname}-share-manager',
             cpu=1024,
             memory_limit_mib=2048,
-            task_role=task_role,
-            execution_role=task_role,
+            task_role=self.task_role,
+            execution_role=self.task_role,
             family=f'{resource_prefix}-{envname}-share-manager',
         )
 
@@ -286,9 +296,7 @@ def __init__(
             self,
             f'SecurityGroup{envname}',
             parameter_name=f'/dataall/{envname}/ecs/security_groups',
-            string_value=','.join(
-                [s.security_group_id for s in sync_tables_task.task.security_groups]
-            ),
+            string_value=','.join([s.security_group_id for s in sync_tables_task.task.security_groups]),
         )
 
         self.ecs_cluster = cluster
@@ -301,7 +309,44 @@ def __init__(
             subscriptions_task.task_definition,
         ]
 
-    def create_task_role(self, envname, resource_prefix):
+    def create_cicd_stacks_updater_role(self, envname, resource_prefix, tooling_account_id):
+        cicd_stacks_updater_role = iam.Role(
+            self,
+            id=f"StackUpdaterCBRole{envname}",
+            role_name=f"{resource_prefix}-{envname}-cb-stackupdater-role",
+            assumed_by=iam.CompositePrincipal(
+                iam.ServicePrincipal("codebuild.amazonaws.com"),
+                iam.AccountPrincipal(tooling_account_id),
+            ),
+        )
+        cicd_stacks_updater_role.add_to_policy(
+            iam.PolicyStatement(
+                actions=[
+                    "secretsmanager:GetSecretValue",
+                    "kms:Decrypt",
+                    "secretsmanager:DescribeSecret",
+                    "kms:Encrypt",
+                    "kms:GenerateDataKey",
+                    "ssm:GetParametersByPath",
+                    "ssm:GetParameters",
+                    "ssm:GetParameter",
+                    "iam:PassRole",
+                    "ecs:RunTask"
+                ],
+                resources=[
+                    f"arn:aws:secretsmanager:{self.region}:{self.account}:secret:*{resource_prefix}*",
+                    f"arn:aws:secretsmanager:{self.region}:{self.account}:secret:*dataall*",
+                    f"arn:aws:kms:{self.region}:{self.account}:key/*",
+                    f"arn:aws:ssm:*:{self.account}:parameter/*dataall*",
+                    f"arn:aws:ssm:*:{self.account}:parameter/*{resource_prefix}*",
+                    f"arn:aws:ecs:*:{self.account}:task-definition/{resource_prefix}-{envname}-*",
+                    f"arn:aws:iam::{self.account}:role/{resource_prefix}-{envname}-ecs-tasks-role",
+                ],
+            )
+        )
+        return cicd_stacks_updater_role
+
+    def create_task_role(self, envname, resource_prefix, pivot_role_name):
         role_inline_policy = iam.Policy(
             self,
             f'ECSRolePolicy{envname}',
@@ -343,7 +388,7 @@ def create_task_role(self, envname, resource_prefix):
                         'sts:AssumeRole',
                     ],
                     resources=[
-                        f"arn:aws:iam::*:role/{self.node.try_get_context('pivot_role_name') or 'dataallPivotRole'}",
+                        f'arn:aws:iam::*:role/{pivot_role_name}',
                         f'arn:aws:iam::*:role/cdk*',
                         'arn:aws:iam::*:role/ddk*',
                         f'arn:aws:iam::{self.account}:role/{resource_prefix}-{envname}-ecs-tasks-role',
@@ -387,9 +432,7 @@ def create_task_role(self, envname, resource_prefix):
             self,
             f'ECSTaskRole{envname}',
             role_name=f'{resource_prefix}-{envname}-ecs-tasks-role',
-            inline_policies={
-                f'ECSRoleInlinePolicy{envname}': role_inline_policy.document
-            },
+            inline_policies={f'ECSRoleInlinePolicy{envname}': role_inline_policy.document},
             assumed_by=iam.ServicePrincipal('ecs-tasks.amazonaws.com'),
         )
         task_role.grant_pass_role(task_role)
@@ -511,4 +554,8 @@ def set_scheduled_task(
             rule_name=scheduled_task_id
             # security_groups=[security_group],
         )
-        return scheduled_task
+        return scheduled_task, task
+
+    @property
+    def ecs_task_role(self) -> iam.Role:
+        return self.task_role
diff --git a/deploy/stacks/lambda_api.py b/deploy/stacks/lambda_api.py
index 300397446..19b42e754 100644
--- a/deploy/stacks/lambda_api.py
+++ b/deploy/stacks/lambda_api.py
@@ -27,6 +27,7 @@
 
 from .pyNestedStack import pyNestedClass
 
+
 class LambdaApiStack(pyNestedClass):
     def __init__(
         self,
@@ -44,6 +45,7 @@ def __init__(
         apig_vpce=None,
         prod_sizing=False,
         user_pool=None,
+        pivot_role_name=None,
         **kwargs,
     ):
         super().__init__(scope, id, **kwargs)
@@ -59,7 +61,7 @@ def __init__(
             'ElasticSearchProxyHandler',
             function_name=f'{resource_prefix}-{envname}-esproxy',
             description='dataall es search function',
-            role=self.create_function_role(envname, resource_prefix, 'esproxy'),
+            role=self.create_function_role(envname, resource_prefix, 'esproxy', pivot_role_name),
             code=_lambda.DockerImageCode.from_ecr(
                 repository=ecr_repository, tag=image_tag, cmd=['search_handler.handler']
             ),
@@ -79,7 +81,7 @@ def __init__(
             'LambdaGraphQL',
             function_name=f'{resource_prefix}-{envname}-graphql',
             description='dataall graphql function',
-            role=self.create_function_role(envname, resource_prefix, 'graphql'),
+            role=self.create_function_role(envname, resource_prefix, 'graphql', pivot_role_name),
             code=_lambda.DockerImageCode.from_ecr(
                 repository=ecr_repository, tag=image_tag, cmd=['api_handler.handler']
             ),
@@ -93,15 +95,13 @@ def __init__(
             tracing=_lambda.Tracing.ACTIVE,
         )
 
-        self.aws_handler_dlq = self.set_dlq(
-            f'{resource_prefix}-{envname}-awsworker-dlq'
-        )
+        self.aws_handler_dlq = self.set_dlq(f'{resource_prefix}-{envname}-awsworker-dlq')
         self.aws_handler = _lambda.DockerImageFunction(
             self,
             'AWSWorker',
             function_name=f'{resource_prefix}-{envname}-awsworker',
             description='dataall aws worker for aws asynchronous tasks function',
-            role=self.create_function_role(envname, resource_prefix, 'awsworker'),
+            role=self.create_function_role(envname, resource_prefix, 'awsworker', pivot_role_name),
             code=_lambda.DockerImageCode.from_ecr(
                 repository=ecr_repository, tag=image_tag, cmd=['aws_handler.handler']
             ),
@@ -142,7 +142,7 @@ def __init__(
             topic_name=f'{resource_prefix}-{envname}-backend-topic',
         )
 
-    def create_function_role(self, envname, resource_prefix, fn_name):
+    def create_function_role(self, envname, resource_prefix, fn_name, pivot_role_name):
 
         role_name = f'{resource_prefix}-{envname}-{fn_name}-role'
 
@@ -182,7 +182,8 @@ def create_function_role(self, envname, resource_prefix, fn_name):
                         'sts:AssumeRole',
                     ],
                     resources=[
-                        f"arn:aws:iam::*:role/{self.node.try_get_context('pivot_role_name') or 'dataallPivotRole'}"
+                        f'arn:aws:iam::*:role/{pivot_role_name}',
+                        'arn:aws:iam::*:role/cdk-hnb659fds-lookup-role-*'
                     ],
                 ),
                 iam.PolicyStatement(
@@ -200,9 +201,7 @@ def create_function_role(self, envname, resource_prefix, fn_name):
                     actions=[
                         'iam:PassRole',
                     ],
-                    resources=[
-                        f'arn:aws:iam::{self.account}:role/{resource_prefix}-{envname}*'
-                    ],
+                    resources=[f'arn:aws:iam::{self.account}:role/{resource_prefix}-{envname}*'],
                 ),
                 iam.PolicyStatement(
                     actions=[
@@ -240,7 +239,7 @@ def create_function_role(self, envname, resource_prefix, fn_name):
                         'xray:GetSamplingRules',
                         'xray:GetSamplingTargets',
                         'xray:GetSamplingStatisticSummaries',
-                        'cognito-idp:ListGroups'
+                        'cognito-idp:ListGroups',
                     ],
                     resources=['*'],
                 ),
@@ -250,9 +249,7 @@ def create_function_role(self, envname, resource_prefix, fn_name):
             self,
             role_name,
             role_name=role_name,
-            inline_policies={
-                f'{resource_prefix}-{envname}-{fn_name}-inline': role_inline_policy.document
-            },
+            inline_policies={f'{resource_prefix}-{envname}-{fn_name}-inline': role_inline_policy.document},
             assumed_by=iam.ServicePrincipal('lambda.amazonaws.com'),
         )
         return role
@@ -293,16 +290,16 @@ def create_api_gateway(
         )
 
         # Create IP set if IP filtering enabled in CDK.json
-        ip_set_regional=None
-        if custom_waf_rules and custom_waf_rules.get("allowed_ip_list"):
+        ip_set_regional = None
+        if custom_waf_rules and custom_waf_rules.get('allowed_ip_list'):
             ip_set_regional = wafv2.CfnIPSet(
                 self,
-                "DataallRegionalIPSet",
-                name=f"{resource_prefix}-{envname}-ipset-regional",
-                description=f"IP addresses allowed for Dataall {envname}",
-                addresses=custom_waf_rules.get("allowed_ip_list"),
-                ip_address_version="IPV4",
-                scope="REGIONAL"
+                'DataallRegionalIPSet',
+                name=f'{resource_prefix}-{envname}-ipset-regional',
+                description=f'IP addresses allowed for Dataall {envname}',
+                addresses=custom_waf_rules.get('allowed_ip_list'),
+                ip_address_version='IPV4',
+                scope='REGIONAL',
             )
 
         acl = wafv2.CfnWebACL(
@@ -315,7 +312,7 @@ def create_api_gateway(
                 metric_name='waf-apigw',
                 sampled_requests_enabled=True,
             ),
-            rules=self.get_waf_rules(envname,custom_waf_rules,ip_set_regional),
+            rules=self.get_waf_rules(envname, custom_waf_rules, ip_set_regional),
         )
 
         wafv2.CfnWebACLAssociation(
@@ -360,13 +357,11 @@ def set_up_graphql_api_gateway(
         )
         if not internet_facing:
             if apig_vpce:
-                api_vpc_endpoint = (
-                    InterfaceVpcEndpoint.from_interface_vpc_endpoint_attributes(
-                        self,
-                        f'APIVpcEndpoint{envname}',
-                        vpc_endpoint_id=apig_vpce,
-                        port=443,
-                    )
+                api_vpc_endpoint = InterfaceVpcEndpoint.from_interface_vpc_endpoint_attributes(
+                    self,
+                    f'APIVpcEndpoint{envname}',
+                    vpc_endpoint_id=apig_vpce,
+                    port=443,
                 )
             else:
                 api_vpc_endpoint = InterfaceVpcEndpoint(
@@ -388,9 +383,7 @@ def set_up_graphql_api_gateway(
                         actions=['execute-api:Invoke'],
                         resources=['execute-api:/*'],
                         effect=iam.Effect.DENY,
-                        conditions={
-                            'StringNotEquals': {'aws:SourceVpce': api_vpc_endpoint_id}
-                        },
+                        conditions={'StringNotEquals': {'aws:SourceVpce': api_vpc_endpoint_id}},
                     ),
                     iam.PolicyStatement(
                         principals=[iam.AnyPrincipal()],
@@ -540,9 +533,7 @@ def set_up_graphql_api_gateway(
             self,
             f'{resource_prefix}-{envname}-apigatewaylogs-role',
             assumed_by=iam.ServicePrincipal('apigateway.amazonaws.com'),
-            inline_policies={
-                f'{resource_prefix}-{envname}-apigateway-policy': iam_policy
-            },
+            inline_policies={f'{resource_prefix}-{envname}-apigateway-policy': iam_policy},
         )
         stage: apigw.CfnStage = gw.deployment_stage.node.default_child
         stage.access_log_setting = apigw.CfnStage.AccessLogSettingProperty(
@@ -596,11 +587,11 @@ def get_api_resource_policy(vpc, ip_ranges):
         return api_policy
 
     @staticmethod
-    def get_waf_rules(envname,custom_waf_rules=None,ip_set_regional=None):
+    def get_waf_rules(envname, custom_waf_rules=None, ip_set_regional=None):
         waf_rules = []
         priority = 0
         if custom_waf_rules:
-            if custom_waf_rules.get("allowed_geo_list"):
+            if custom_waf_rules.get('allowed_geo_list'):
                 waf_rules.append(
                     wafv2.CfnWebACL.RuleProperty(
                         name='GeoMatch',
@@ -608,7 +599,7 @@ def get_waf_rules(envname,custom_waf_rules=None,ip_set_regional=None):
                             not_statement=wafv2.CfnWebACL.NotStatementProperty(
                                 statement=wafv2.CfnWebACL.StatementProperty(
                                     geo_match_statement=wafv2.CfnWebACL.GeoMatchStatementProperty(
-                                        country_codes=custom_waf_rules.get("allowed_geo_list")
+                                        country_codes=custom_waf_rules.get('allowed_geo_list')
                                     )
                                 )
                             )
@@ -623,16 +614,14 @@ def get_waf_rules(envname,custom_waf_rules=None,ip_set_regional=None):
                     )
                 )
                 priority += 1
-            if custom_waf_rules.get("allowed_ip_list"):
+            if custom_waf_rules.get('allowed_ip_list'):
                 waf_rules.append(
                     wafv2.CfnWebACL.RuleProperty(
                         name='IPMatch',
                         statement=wafv2.CfnWebACL.StatementProperty(
                             not_statement=wafv2.CfnWebACL.NotStatementProperty(
                                 statement=wafv2.CfnWebACL.StatementProperty(
-                                    ip_set_reference_statement={
-                                        "arn" : ip_set_regional.attr_arn
-                                    }
+                                    ip_set_reference_statement={'arn': ip_set_regional.attr_arn}
                                 )
                             )
                         ),
@@ -758,9 +747,7 @@ def get_waf_rules(envname,custom_waf_rules=None,ip_set_regional=None):
             wafv2.CfnWebACL.RuleProperty(
                 name='APIGatewayRateLimit',
                 statement=wafv2.CfnWebACL.StatementProperty(
-                    rate_based_statement=wafv2.CfnWebACL.RateBasedStatementProperty(
-                        aggregate_key_type='IP', limit=1000
-                    )
+                    rate_based_statement=wafv2.CfnWebACL.RateBasedStatementProperty(aggregate_key_type='IP', limit=1000)
                 ),
                 action=wafv2.CfnWebACL.RuleActionProperty(block={}),
                 visibility_config=wafv2.CfnWebACL.VisibilityConfigProperty(
@@ -774,9 +761,7 @@ def get_waf_rules(envname,custom_waf_rules=None,ip_set_regional=None):
         priority += 1
         return waf_rules
 
-    def create_sns_topic(
-        self, construct_id, envname, lambda_function, param_name, topic_name=None
-    ):
+    def create_sns_topic(self, construct_id, envname, lambda_function, param_name, topic_name=None):
         key = kms.Key(
             self,
             topic_name,
diff --git a/deploy/stacks/monitoring.py b/deploy/stacks/monitoring.py
index adc3629d3..f6cd4f9f7 100644
--- a/deploy/stacks/monitoring.py
+++ b/deploy/stacks/monitoring.py
@@ -29,7 +29,6 @@ def __init__(
         ecs_cluster: ecs.Cluster = None,
         ecs_task_definitions: [ecs.FargateTaskDefinition] = None,
         backend_api=None,
-        opensearch_domain: str = None,
         queue_name: str = None,
         **kwargs,
     ):
@@ -43,7 +42,6 @@ def __init__(
             backend_api,
             lambdas,
             database,
-            opensearch_domain,
             queue_name,
             envname,
             resource_prefix,
@@ -107,7 +105,6 @@ def create_cw_alarms(
         backend_api,
         lambdas,
         database,
-        openseach_domain,
         queue_name,
         envname,
         resource_prefix,
@@ -117,29 +114,21 @@ def create_cw_alarms(
             self.set_function_alarms(
                 f'Alarm{index}',
                 lambda_function,
-                self.cw_alarm_action,
                 resource_prefix,
             )
         self.set_waf_alarms(
             f'{resource_prefix}-{envname}-WafApiGatewayRateLimitBreached',
             Fn.import_value(f'{resource_prefix}-{envname}-api-webacl'),
-            self.cw_alarm_action,
         )
         self.set_api_alarms(
-            f'{resource_prefix}-{envname}-api-alarm', backend_api, self.cw_alarm_action
+            f'{resource_prefix}-{envname}-api-alarm', backend_api
         )
         self.set_aurora_alarms(
-            f'{resource_prefix}-{envname}-aurora-alarm', database, self.cw_alarm_action
-        )
-        self.set_es_alarms(
-            f'{resource_prefix}-{envname}-opensearch-alarm',
-            openseach_domain,
-            self.cw_alarm_action,
+            f'{resource_prefix}-{envname}-aurora-alarm', database
         )
         self.set_sqs_alarms(
             f'{resource_prefix}-{envname}-sqs-alarm',
             queue_name,
-            self.cw_alarm_action,
         )
 
     def create_cw_dashboard(
@@ -231,7 +220,7 @@ def create_cw_dashboard(
             )
 
     def set_function_alarms(
-        self, alarm_name, lambda_function, cw_alarm_action, resource_prefix
+        self, alarm_name, lambda_function, resource_prefix
     ):
         error_metric = cw.Metric(
             namespace=resource_prefix,
@@ -259,8 +248,8 @@ def set_function_alarms(
             comparison_operator=cw.ComparisonOperator.GREATER_THAN_OR_EQUAL_TO_THRESHOLD,
             treat_missing_data=cw.TreatMissingData.NOT_BREACHING,
         )
-        error_metric_alarm.add_alarm_action(cw_alarm_action)
-        error_metric_alarm.add_ok_action(cw_alarm_action)
+        error_metric_alarm.add_alarm_action(self.cw_alarm_action)
+        error_metric_alarm.add_ok_action(self.cw_alarm_action)
 
         lambda_error = cw.Alarm(
             self,
@@ -272,8 +261,8 @@ def set_function_alarms(
             comparison_operator=cw.ComparisonOperator.GREATER_THAN_OR_EQUAL_TO_THRESHOLD,
             treat_missing_data=cw.TreatMissingData.NOT_BREACHING,
         )
-        lambda_error.add_alarm_action(cw_alarm_action)
-        lambda_error.add_ok_action(cw_alarm_action)
+        lambda_error.add_alarm_action(self.cw_alarm_action)
+        lambda_error.add_ok_action(self.cw_alarm_action)
         lambda_throttles = cw.Alarm(
             self,
             f'{alarm_name}-throttles',
@@ -284,17 +273,17 @@ def set_function_alarms(
             comparison_operator=cw.ComparisonOperator.GREATER_THAN_OR_EQUAL_TO_THRESHOLD,
             treat_missing_data=cw.TreatMissingData.NOT_BREACHING,
         )
-        lambda_throttles.add_alarm_action(cw_alarm_action)
-        lambda_throttles.add_ok_action(cw_alarm_action)
+        lambda_throttles.add_alarm_action(self.cw_alarm_action)
+        lambda_throttles.add_ok_action(self.cw_alarm_action)
 
-    def set_api_alarms(self, alarm_name, api_name, cw_alarm_action):
+    def set_api_alarms(self, alarm_name, api_name):
         api_count = cw.Metric(
             namespace='AWS/ApiGateway',
             metric_name='Count',
             dimensions_map={'ApiName': api_name},
         )
         self._set_alarm(
-            f'{alarm_name}-max-calls', api_count, cw_alarm_action, threshold=100
+            f'{alarm_name}-max-calls', api_count, threshold=100
         )
         api_5xx_errors = cw.Metric(
             namespace='AWS/ApiGateway',
@@ -302,7 +291,7 @@ def set_api_alarms(self, alarm_name, api_name, cw_alarm_action):
             dimensions_map={'ApiName': api_name},
         )
         self._set_alarm(
-            f'{alarm_name}-5XXErrors', api_5xx_errors, cw_alarm_action, threshold=1
+            f'{alarm_name}-5XXErrors', api_5xx_errors, threshold=1
         )
         api_4xx_errors = cw.Metric(
             namespace='AWS/ApiGateway',
@@ -310,10 +299,10 @@ def set_api_alarms(self, alarm_name, api_name, cw_alarm_action):
             dimensions_map={'ApiName': api_name},
         )
         self._set_alarm(
-            f'{alarm_name}-4XXErrors', api_4xx_errors, cw_alarm_action, threshold=1
+            f'{alarm_name}-4XXErrors', api_4xx_errors, threshold=1
         )
 
-    def set_aurora_alarms(self, alarm_name, db_identifier, cw_alarm_action):
+    def set_aurora_alarms(self, alarm_name, db_identifier):
         cpu_alarm = cw.Metric(
             namespace='AWS/RDS',
             metric_name='CPUUtilization',
@@ -322,13 +311,13 @@ def set_aurora_alarms(self, alarm_name, db_identifier, cw_alarm_action):
             period=Duration.minutes(1),
         )
         self._set_alarm(
-            f'{alarm_name}-CPUUtilization80', cpu_alarm, cw_alarm_action, threshold=80
+            f'{alarm_name}-CPUUtilization80', cpu_alarm, threshold=80
         )
         self._set_alarm(
-            f'{alarm_name}-CPUUtilization90', cpu_alarm, cw_alarm_action, threshold=90
+            f'{alarm_name}-CPUUtilization90', cpu_alarm, threshold=90
         )
 
-    def _set_alarm(self, alarm_name, api_count, cw_alarm_action, threshold=1):
+    def _set_alarm(self, alarm_name, api_count, threshold=1):
         api_error = cw.Alarm(
             self,
             alarm_name,
@@ -339,10 +328,10 @@ def _set_alarm(self, alarm_name, api_count, cw_alarm_action, threshold=1):
             comparison_operator=cw.ComparisonOperator.GREATER_THAN_OR_EQUAL_TO_THRESHOLD,
             treat_missing_data=cw.TreatMissingData.NOT_BREACHING,
         )
-        api_error.add_alarm_action(cw_alarm_action)
-        api_error.add_ok_action(cw_alarm_action)
+        api_error.add_alarm_action(self.cw_alarm_action)
+        api_error.add_ok_action(self.cw_alarm_action)
 
-    def set_waf_alarms(self, alarm_name, web_acl_id, cw_alarm_action):
+    def set_waf_alarms(self, alarm_name, web_acl_id):
         waf_metric = cw.Metric(
             metric_name='BlockedRequests',
             namespace='AWS/WAFV2',
@@ -364,64 +353,95 @@ def set_waf_alarms(self, alarm_name, web_acl_id, cw_alarm_action):
             comparison_operator=cw.ComparisonOperator.GREATER_THAN_OR_EQUAL_TO_THRESHOLD,
             treat_missing_data=cw.TreatMissingData.NOT_BREACHING,
         )
-        waf_alarm.add_alarm_action(cw_alarm_action)
-        waf_alarm.add_ok_action(cw_alarm_action)
+        waf_alarm.add_alarm_action(self.cw_alarm_action)
+        waf_alarm.add_ok_action(self.cw_alarm_action)
 
-    def set_es_alarms(self, alarm_name, domain_name, cw_alarm_action):
+    def set_es_alarms(self, alarm_name, domain_name):
         self._set_es_alarm(
-            domain_name,
-            f'{alarm_name}-cluster-red',
-            'ClusterStatus.red',
-            1,
-            cw.ComparisonOperator.GREATER_THAN_OR_EQUAL_TO_THRESHOLD,
-            1,
-            1,
-            'max',
-            cw_alarm_action,
+            domain_name=domain_name,
+            alarm_name=f'{alarm_name}-cluster-red',
+            metric_name='ClusterStatus.red',
+            threshold=1,
+            comparison_operator=cw.ComparisonOperator.GREATER_THAN_OR_EQUAL_TO_THRESHOLD,
+            period=1,
+            evaluation_periods=1,
+            statistic='max',
         )
         self._set_es_alarm(
-            domain_name,
-            f'{alarm_name}-cluster-yellow',
-            'ClusterStatus.yellow',
-            1,
-            cw.ComparisonOperator.GREATER_THAN_OR_EQUAL_TO_THRESHOLD,
-            1,
-            1,
-            'max',
-            cw_alarm_action,
+            domain_name=domain_name,
+            alarm_name=f'{alarm_name}-cluster-yellow',
+            metric_name='ClusterStatus.yellow',
+            threshold=1,
+            comparison_operator=cw.ComparisonOperator.GREATER_THAN_OR_EQUAL_TO_THRESHOLD,
+            period=1,
+            evaluation_periods=1,
+            statistic='max',
         )
         self._set_es_alarm(
-            domain_name,
-            f'{alarm_name}-cluster-IndexWritesBlocked',
-            'ClusterIndexWritesBlocked',
-            1,
-            cw.ComparisonOperator.GREATER_THAN_OR_EQUAL_TO_THRESHOLD,
-            5,
-            1,
-            'max',
-            cw_alarm_action,
+            domain_name=domain_name,
+            alarm_name=f'{alarm_name}-cluster-IndexWritesBlocked',
+            metric_name='ClusterIndexWritesBlocked',
+            threshold=1,
+            comparison_operator=cw.ComparisonOperator.GREATER_THAN_OR_EQUAL_TO_THRESHOLD,
+            period=5,
+            evaluation_periods=1,
+            statistic='max',
         )
         self._set_es_alarm(
-            domain_name,
-            f'{alarm_name}-cluster-CPUUtilization',
-            'CPUUtilization',
-            80,
-            cw.ComparisonOperator.GREATER_THAN_OR_EQUAL_TO_THRESHOLD,
-            15,
-            3,
-            'avg',
-            cw_alarm_action,
+            domain_name=domain_name,
+            alarm_name=f'{alarm_name}-cluster-CPUUtilization',
+            metric_name='CPUUtilization',
+            threshold=80,
+            comparison_operator=cw.ComparisonOperator.GREATER_THAN_OR_EQUAL_TO_THRESHOLD,
+            period=15,
+            evaluation_periods=3,
+            statistic='avg',
         )
         self._set_es_alarm(
-            domain_name,
-            f'{alarm_name}-cluster-JVMMemoryPressure',
-            'JVMMemoryPressure',
-            80,
-            cw.ComparisonOperator.GREATER_THAN_OR_EQUAL_TO_THRESHOLD,
-            5,
-            3,
-            'max',
-            cw_alarm_action,
+            domain_name=domain_name,
+            alarm_name=f'{alarm_name}-cluster-JVMMemoryPressure',
+            metric_name='JVMMemoryPressure',
+            threshold=80,
+            comparison_operator=cw.ComparisonOperator.GREATER_THAN_OR_EQUAL_TO_THRESHOLD,
+            period=5,
+            evaluation_periods=3,
+            statistic='max',
+        )
+
+    def set_aoss_alarms(self, alarm_name, collection_id, collection_name):
+        self._set_aoss_alarm(
+            collection_id=collection_id,
+            collection_name=collection_name,
+            alarm_name=f'{alarm_name}-collection-ActiveCollection',
+            metric_name='ActiveCollection',
+            threshold=1,
+            comparison_operator=cw.ComparisonOperator.LESS_THAN_THRESHOLD,
+            period=1,
+            evaluation_periods=1,
+            statistic='max',
+            treat_missing_data=cw.TreatMissingData.BREACHING,
+        )
+        self._set_aoss_alarm(
+            collection_id=collection_id,
+            collection_name=collection_name,
+            alarm_name=f'{alarm_name}-collection-IngestionRequestErrors',
+            metric_name='IngestionRequestErrors',
+            threshold=1,
+            comparison_operator=cw.ComparisonOperator.GREATER_THAN_OR_EQUAL_TO_THRESHOLD,
+            period=5,
+            evaluation_periods=1,
+            statistic='max',
+        )
+        self._set_aoss_alarm(
+            collection_id=collection_id,
+            collection_name=collection_name,
+            alarm_name=f'{alarm_name}-collection-SearchRequestErrors',
+            metric_name='SearchRequestErrors',
+            threshold=1,
+            comparison_operator=cw.ComparisonOperator.GREATER_THAN_OR_EQUAL_TO_THRESHOLD,
+            period=5,
+            evaluation_periods=1,
+            statistic='max',
         )
 
     def _set_es_alarm(
@@ -434,7 +454,6 @@ def _set_es_alarm(
         period,
         evaluation_periods,
         statistic,
-        cw_alarm_action,
     ) -> None:
         cw_alarm = cw.Alarm(
             self,
@@ -452,10 +471,46 @@ def _set_es_alarm(
             evaluation_periods=evaluation_periods,
             treat_missing_data=cw.TreatMissingData.MISSING,
         )
-        cw_alarm.add_alarm_action(cw_alarm_action)
-        cw_alarm.add_ok_action(cw_alarm_action)
+        cw_alarm.add_alarm_action(self.cw_alarm_action)
+        cw_alarm.add_ok_action(self.cw_alarm_action)
+
+    def _set_aoss_alarm(
+        self,
+        collection_id,
+        collection_name,
+        alarm_name,
+        metric_name,
+        threshold,
+        comparison_operator,
+        period,
+        evaluation_periods,
+        statistic,
+        treat_missing_data=cw.TreatMissingData.MISSING,
+    ) -> None:
+        cw_alarm = cw.Alarm(
+            self,
+            alarm_name,
+            alarm_name=alarm_name,
+            metric=cw.Metric(
+                metric_name=metric_name,
+                namespace='AWS/AOSS',
+                dimensions_map={
+                    'CollectionId': collection_id,
+                    'CollectionName': collection_name,
+                    'ClientId': self.account,
+                },
+                period=Duration.minutes(period),
+                statistic=statistic,
+            ),
+            threshold=threshold,
+            comparison_operator=comparison_operator,
+            evaluation_periods=evaluation_periods,
+            treat_missing_data=treat_missing_data,
+        )
+        cw_alarm.add_alarm_action(self.cw_alarm_action)
+        cw_alarm.add_ok_action(self.cw_alarm_action)
 
-    def set_sqs_alarms(self, alarm_name, queue_name, cw_alarm_action):
+    def set_sqs_alarms(self, alarm_name, queue_name):
         max_messages = cw.Metric(
             namespace='AWS/SQS',
             metric_name='NumberOfMessagesSent',
@@ -473,5 +528,5 @@ def set_sqs_alarms(self, alarm_name, queue_name, cw_alarm_action):
             comparison_operator=cw.ComparisonOperator.GREATER_THAN_OR_EQUAL_TO_THRESHOLD,
             treat_missing_data=cw.TreatMissingData.NOT_BREACHING,
         )
-        queue_nb_msg_alarm.add_alarm_action(cw_alarm_action)
-        queue_nb_msg_alarm.add_ok_action(cw_alarm_action)
+        queue_nb_msg_alarm.add_alarm_action(self.cw_alarm_action)
+        queue_nb_msg_alarm.add_ok_action(self.cw_alarm_action)
diff --git a/deploy/stacks/opensearch.py b/deploy/stacks/opensearch.py
index 4868f5e8d..51ebbbaf2 100644
--- a/deploy/stacks/opensearch.py
+++ b/deploy/stacks/opensearch.py
@@ -25,7 +25,7 @@ def __init__(
         prod_sizing=False,
         **kwargs,
     ):
-        super().__init__(scope, id, **kwargs)
+        super().__init__(scope, id)
 
         db_security_group = ec2.SecurityGroup(
             self,
@@ -135,3 +135,11 @@ def __init__(
             parameter_name=f'/dataall/{envname}/elasticsearch/security_group_id',
             string_value=db_security_group.security_group_id,
         )
+
+    @property
+    def domain_name(self) -> str:
+        return self.domain.domain_name
+
+    @property
+    def domain_endpoint(self) -> str:
+        return self.domain.domain_endpoint
diff --git a/deploy/stacks/opensearch_serverless.py b/deploy/stacks/opensearch_serverless.py
new file mode 100644
index 000000000..e623cf462
--- /dev/null
+++ b/deploy/stacks/opensearch_serverless.py
@@ -0,0 +1,198 @@
+import json
+from typing import Any, Dict, List, Optional
+from aws_cdk import (
+    aws_ec2 as ec2,
+    aws_iam as iam,
+    aws_lambda as _lambda,
+    aws_ssm as ssm,
+    aws_opensearchserverless as opensearchserverless,
+    aws_kms,
+    RemovalPolicy,
+)
+
+from .pyNestedStack import pyNestedClass
+
+
+class OpenSearchServerlessStack(pyNestedClass):
+    def __init__(
+        self,
+        scope,
+        id,
+        envname='dev',
+        resource_prefix='dataall',
+        vpc: ec2.Vpc = None,
+        vpc_endpoints_sg: ec2.SecurityGroup = None,
+        lambdas: Optional[List[_lambda.Function]] = None,
+        ecs_task_role: Optional[iam.Role] = None,
+        prod_sizing=False,
+        **kwargs,
+    ):
+        super().__init__(scope, id)
+
+        self.cfn_collection = opensearchserverless.CfnCollection(
+            self,
+            f'OpenSearchCollection{envname}',
+            name=f'{resource_prefix}-{envname}-collection',
+            type="SEARCH",
+        )
+
+        key = aws_kms.Key(
+            self,
+            f'AOSSKMSKey',
+            removal_policy=RemovalPolicy.DESTROY
+            if not prod_sizing
+            else RemovalPolicy.RETAIN,
+            alias=f'{resource_prefix}-{envname}-opensearch-serverless',
+            enable_key_rotation=True,
+        )
+
+        cfn_encryption_policy = opensearchserverless.CfnSecurityPolicy(
+            self,
+            f'OpenSearchCollectionEncryptionPolicy{envname}',
+            name=f'{resource_prefix}-{envname}-encryption-policy',
+            type='encryption',
+            policy=self._get_encryption_policy(
+                collection_name=self.cfn_collection.name,
+                kms_key_arn=key.key_arn,
+            ),
+        )
+
+        cfn_vpc_endpoint = opensearchserverless.CfnVpcEndpoint(
+            self,
+            f'OpenSearchCollectionVpcEndpoint{envname}',
+            name=f'{resource_prefix}-{envname}-vpc-endpoint',
+            vpc_id=vpc.vpc_id,
+            security_group_ids=[vpc_endpoints_sg.security_group_id],
+            subnet_ids=[subnet.subnet_id for subnet in vpc.private_subnets],
+        ) if vpc and vpc_endpoints_sg else None
+
+        cfn_network_policy = opensearchserverless.CfnSecurityPolicy(
+            self,
+            f'OpenSearchCollectionNetworkPolicy{envname}',
+            name=f'{resource_prefix}-{envname}-network-policy',
+            type='network',
+            policy=self._get_network_policy(
+                collection_name=self.cfn_collection.name,
+                vpc_endpoints=[cfn_vpc_endpoint.attr_id] if vpc else None,
+            ),
+        )
+
+        self.cfn_collection.add_depends_on(cfn_encryption_policy)
+        self.cfn_collection.add_depends_on(cfn_network_policy)
+
+        principal_arns: List[str] = [fn.role.role_arn for fn in lambdas] if lambdas else []
+        if ecs_task_role:
+            principal_arns.append(ecs_task_role.role_arn)
+
+        opensearchserverless.CfnAccessPolicy(
+            self,
+            f'OpenSearchCollectionAccessPolicy{envname}',
+            name=f'{resource_prefix}-{envname}-access-policy',
+            type='data',
+            policy=self._get_access_policy(
+                collection_name=self.cfn_collection.name,
+                principal_arns=principal_arns,
+            ),
+        )
+
+        ssm.StringParameter(
+            self,
+            'ElasticSearchEndpointParameter',
+            parameter_name=f'/dataall/{envname}/elasticsearch/endpoint',
+            string_value=f'{self.cfn_collection.attr_id}.{self.region}.aoss.amazonaws.com',
+        )
+
+        ssm.StringParameter(
+            self,
+            'ElasticSearchDomainParameter',
+            parameter_name=f'/dataall/{envname}/elasticsearch/domain',
+            string_value=self.cfn_collection.name,
+        )
+
+        ssm.StringParameter(
+            self,
+            'ElasticSearchServiceParameter',
+            parameter_name=f'/dataall/{envname}/elasticsearch/service',
+            string_value='aoss',
+        )
+
+    @property
+    def collection_id(self) -> str:
+        return self.cfn_collection.attr_id
+
+    @property
+    def collection_name(self) -> str:
+        return self.cfn_collection.name
+
+    @staticmethod
+    def _get_encryption_policy(collection_name: str, kms_key_arn: Optional[str] = None) -> str:
+        policy: Dict[str, Any] = {
+            "Rules": [
+                {
+                    "ResourceType": "collection",
+                    "Resource": [
+                        f"collection/{collection_name}",
+                    ]
+                }
+            ],
+        }
+        if kms_key_arn:
+            policy["KmsARN"] = kms_key_arn
+        else:
+            policy["AWSOwnedKey"] = True
+        return json.dumps(policy)
+
+    @staticmethod
+    def _get_network_policy(collection_name: str, vpc_endpoints: Optional[List[str]] = None) -> str:
+        policy: List[Dict[str, Any]] = [
+            {
+                "Rules": [
+                    {
+                        "ResourceType": "dashboard",
+                        "Resource": [
+                            f"collection/{collection_name}",
+                        ],
+                    },
+                    {
+                        "ResourceType": "collection",
+                        "Resource": [
+                            f"collection/{collection_name}",
+                        ],
+                    },
+                ],
+            }
+        ]
+        if vpc_endpoints:
+            policy[0]["SourceVPCEs"] = vpc_endpoints
+        else:
+            policy[0]["AllowFromPublic"] = True
+        return json.dumps(policy)
+
+    @staticmethod
+    def _get_access_policy(collection_name: str, principal_arns: List[str]) -> str:
+        policy = [
+            {
+                "Rules": [
+                    {
+                        "ResourceType": "index",
+                        "Resource": [
+                            f"index/{collection_name}/*",
+                        ],
+                        "Permission": [
+                            "aoss:*",
+                        ],
+                    },
+                    {
+                        "ResourceType": "collection",
+                        "Resource": [
+                            f"collection/{collection_name}",
+                        ],
+                        "Permission": [
+                            "aoss:*",
+                        ],
+                    },
+                ],
+                "Principal": principal_arns
+            }
+        ]
+        return json.dumps(policy)
diff --git a/deploy/stacks/param_store_stack.py b/deploy/stacks/param_store_stack.py
index 560451b6b..2419d1f66 100644
--- a/deploy/stacks/param_store_stack.py
+++ b/deploy/stacks/param_store_stack.py
@@ -16,6 +16,7 @@ def __init__(
         enable_cw_canaries=False,
         quicksight_enabled=False,
         shared_dashboard_sessions='anonymous',
+        enable_pivot_role_auto_create=False,
         **kwargs,
     ):
         super().__init__(scope, id, **kwargs)
@@ -79,4 +80,11 @@ def __init__(
             f'dataallQuicksightConfiguration{envname}',
             parameter_name=f"/dataall/{envname}/quicksight/sharedDashboardsSessions",
             string_value=shared_dashboard_sessions,
+        )
+
+        aws_ssm.StringParameter(
+            self,
+            f'dataallCreationPivotRole{envname}',
+            parameter_name=f"/dataall/{envname}/pivotRole/enablePivotRoleAutoCreate",
+            string_value=str(enable_pivot_role_auto_create),
         )
\ No newline at end of file
diff --git a/deploy/stacks/pipeline.py b/deploy/stacks/pipeline.py
index d00a7db13..ea5b2128a 100644
--- a/deploy/stacks/pipeline.py
+++ b/deploy/stacks/pipeline.py
@@ -46,6 +46,7 @@ def __init__(
             cidr='10.0.0.0/16',
             resource_prefix=resource_prefix,
             vpc_id=self.node.try_get_context('tooling_vpc_id'),
+            restricted_nacl=self.node.try_get_context('tooling_vpc_restricted_nacl'),
             **kwargs,
         )
         self.vpc = self.vpc_stack.vpc
@@ -182,21 +183,19 @@ def __init__(
         )
         for policy in self.codebuild_policy:
             self.pipeline_iam_role.add_to_policy(policy)
-            
-        if self.source == "github":
+
+        if self.source == 'github':
             source = CodePipelineSource.git_hub(
-                repo_string="awslabs/aws-dataall",
+                repo_string='awslabs/aws-dataall',
                 branch=self.git_branch,
-                authentication=SecretValue.secrets_manager(secret_id="github-access-token-secret")
+                authentication=SecretValue.secrets_manager(secret_id='github-access-token-secret'),
             )
-            
+
         else:
             source = CodePipelineSource.code_commit(
-                        repository=codecommit.Repository.from_repository_name(
-                            self, 'sourcerepo', repository_name='dataall'
-                        ),
-                        branch=self.git_branch,
-                    )
+                repository=codecommit.Repository.from_repository_name(self, 'sourcerepo', repository_name='dataall'),
+                branch=self.git_branch,
+            )
 
         self.pipeline = pipelines.CodePipeline(
             self,
@@ -207,11 +206,9 @@ def __init__(
                 'Synth',
                 input=source,
                 build_environment=codebuild.BuildEnvironment(
-                    build_image=codebuild.LinuxBuildImage.AMAZON_LINUX_2_3,
+                    build_image=codebuild.LinuxBuildImage.AMAZON_LINUX_2_4,
                 ),
                 commands=[
-                    'n 16.15.1',
-                    'yum -y install shadow-utils wget && yum -y install openssl-devel bzip2-devel libffi-devel postgresql-devel',
                     f'aws codeartifact login --tool npm --repository {self.codeartifact.npm_repo.attr_name} --domain {self.codeartifact.domain.attr_name} --domain-owner {self.codeartifact.domain.attr_owner}',
                     'npm install -g aws-cdk',
                     f'aws codeartifact login --tool pip --repository {self.codeartifact.pip_repo.attr_name} --domain {self.codeartifact.domain.attr_name} --domain-owner {self.codeartifact.domain.attr_owner}',
@@ -287,6 +284,11 @@ def __init__(
                 target_env,
             )
 
+            if target_env.get('enable_update_dataall_stacks_in_cicd_pipeline', False):
+                self.set_stacks_updater_stage(
+                    target_env
+                )
+                
             if target_env.get('internet_facing', True):
                 self.set_cloudfront_stage(
                     target_env,
@@ -357,10 +359,9 @@ def set_quality_gate_stage(self):
                 pipelines.CodeBuildStep(
                     id='ValidateDBMigrations',
                     build_environment=codebuild.BuildEnvironment(
-                        build_image=codebuild.LinuxBuildImage.AMAZON_LINUX_2_3,
+                        build_image=codebuild.LinuxBuildImage.AMAZON_LINUX_2_4,
                     ),
                     commands=[
-                        'yum -y install shadow-utils wget && yum -y install openssl-devel bzip2-devel libffi-devel postgresql-devel',
                         f'aws codeartifact login --tool pip --repository {self.codeartifact.pip_repo.attr_name} --domain {self.codeartifact.domain.attr_name} --domain-owner {self.codeartifact.domain.attr_owner}',
                         f'export envname={self.git_branch}',
                         f'export schema_name=validation',
@@ -376,13 +377,12 @@ def set_quality_gate_stage(self):
                 pipelines.CodeBuildStep(
                     id='SecurityChecks',
                     build_environment=codebuild.BuildEnvironment(
-                        build_image=codebuild.LinuxBuildImage.AMAZON_LINUX_2_3,
+                        build_image=codebuild.LinuxBuildImage.AMAZON_LINUX_2_4,
                     ),
                     commands=[
-                        'yum -y install shadow-utils wget && yum -y install openssl-devel bzip2-devel libffi-devel postgresql-devel',
                         f'aws codeartifact login --tool pip --repository {self.codeartifact.pip_repo.attr_name} --domain {self.codeartifact.domain.attr_name} --domain-owner {self.codeartifact.domain.attr_owner}',
                         'pip install --upgrade pip',
-                        "python -m venv env",
+                        'python -m venv env',
                         '. env/bin/activate',
                         'make check-security',
                     ],
@@ -392,14 +392,16 @@ def set_quality_gate_stage(self):
                 pipelines.CodeBuildStep(
                     id='Lint',
                     build_environment=codebuild.BuildEnvironment(
-                        build_image=codebuild.LinuxBuildImage.AMAZON_LINUX_2_3,
+                        build_image=codebuild.LinuxBuildImage.AMAZON_LINUX_2_4,
                     ),
                     commands=[
+                        f'aws codeartifact login --tool pip --repository {self.codeartifact.pip_repo.attr_name} --domain {self.codeartifact.domain.attr_name} --domain-owner {self.codeartifact.domain.attr_owner}',
                         'pip install --upgrade pip',
                         'python -m venv env',
                         '. env/bin/activate',
                         'make lint',
                         'cd frontend',
+                        f'aws codeartifact login --tool npm --repository {self.codeartifact.npm_repo.attr_name} --domain {self.codeartifact.domain.attr_name} --domain-owner {self.codeartifact.domain.attr_owner}',
                         'npm install',
                         'npm run lint',
                     ],
@@ -411,7 +413,7 @@ def set_quality_gate_stage(self):
                 pipelines.CodeBuildStep(
                     id='IntegrationTests',
                     build_environment=codebuild.BuildEnvironment(
-                        build_image=codebuild.LinuxBuildImage.AMAZON_LINUX_2_3,
+                        build_image=codebuild.LinuxBuildImage.AMAZON_LINUX_2_4,
                     ),
                     partial_build_spec=codebuild.BuildSpec.from_object(
                         dict(
@@ -419,9 +421,7 @@ def set_quality_gate_stage(self):
                             phases={
                                 'build': {
                                     'commands': [
-                                        'n 16.15.1',
                                         'set -eu',
-                                        'yum -y install shadow-utils wget && yum -y install openssl-devel bzip2-devel libffi-devel postgresql-devel',
                                         f'aws codeartifact login --tool pip --repository {self.codeartifact.pip_repo.attr_name} --domain {self.codeartifact.domain.attr_name} --domain-owner {self.codeartifact.domain.attr_owner}',
                                         f'export envname={self.git_branch}',
                                         'python -m venv env',
@@ -447,7 +447,7 @@ def set_quality_gate_stage(self):
                 pipelines.CodeBuildStep(
                     id='UploadCodeToS3',
                     build_environment=codebuild.BuildEnvironment(
-                        build_image=codebuild.LinuxBuildImage.AMAZON_LINUX_2_3,
+                        build_image=codebuild.LinuxBuildImage.AMAZON_LINUX_2_4,
                     ),
                     commands=[
                         'mkdir -p source_build',
@@ -478,7 +478,7 @@ def set_quality_gate_stage(self):
                 pipelines.CodeBuildStep(
                     id='UploadCodeToS3',
                     build_environment=codebuild.BuildEnvironment(
-                        build_image=codebuild.LinuxBuildImage.AMAZON_LINUX_2_3,
+                        build_image=codebuild.LinuxBuildImage.AMAZON_LINUX_2_4,
                     ),
                     commands=[
                         'mkdir -p source_build',
@@ -492,7 +492,6 @@ def set_quality_gate_stage(self):
                 ),
             )
 
-
     def set_ecr_stage(
         self,
         target_env,
@@ -516,19 +515,16 @@ def set_ecr_stage(
             pipelines.CodeBuildStep(
                 id='LambdaImage',
                 build_environment=codebuild.BuildEnvironment(
-                    build_image=codebuild.LinuxBuildImage.AMAZON_LINUX_2_3,
+                    build_image=codebuild.LinuxBuildImage.AMAZON_LINUX_2_4,
                     privileged=True,
                     environment_variables={
                         'REPOSITORY_URI': codebuild.BuildEnvironmentVariable(
                             value=f"{target_env['account']}.dkr.ecr.{target_env['region']}.amazonaws.com/{self.resource_prefix}-{target_env['envname']}-repository"
                         ),
-                        'IMAGE_TAG': codebuild.BuildEnvironmentVariable(
-                            value=f'lambdas-{self.image_tag}'
-                        ),
+                        'IMAGE_TAG': codebuild.BuildEnvironmentVariable(value=f'lambdas-{self.image_tag}'),
                     },
                 ),
                 commands=[
-                    'yum -y install shadow-utils wget && yum -y install openssl-devel bzip2-devel libffi-devel postgresql-devel',
                     f"make deploy-image type=lambda image-tag=$IMAGE_TAG account={target_env['account']} region={target_env['region']} repo={repository_name}",
                 ],
                 role_policy_statements=self.codebuild_policy,
@@ -537,19 +533,16 @@ def set_ecr_stage(
             pipelines.CodeBuildStep(
                 id='ECSImage',
                 build_environment=codebuild.BuildEnvironment(
-                    build_image=codebuild.LinuxBuildImage.AMAZON_LINUX_2_3,
+                    build_image=codebuild.LinuxBuildImage.AMAZON_LINUX_2_4,
                     privileged=True,
                     environment_variables={
                         'REPOSITORY_URI': codebuild.BuildEnvironmentVariable(
                             value=f"{target_env['account']}.dkr.ecr.{target_env['region']}.amazonaws.com/{repository_name}"
                         ),
-                        'IMAGE_TAG': codebuild.BuildEnvironmentVariable(
-                            value=f'cdkproxy-{self.image_tag}'
-                        ),
+                        'IMAGE_TAG': codebuild.BuildEnvironmentVariable(value=f'cdkproxy-{self.image_tag}'),
                     },
                 ),
                 commands=[
-                    'yum -y install shadow-utils wget && yum -y install openssl-devel bzip2-devel libffi-devel postgresql-devel',
                     f"make deploy-image type=ecs image-tag=$IMAGE_TAG account={target_env['account']} region={target_env['region']} repo={repository_name}",
                 ],
                 role_policy_statements=self.codebuild_policy,
@@ -584,6 +577,8 @@ def set_backend_stage(self, target_env, repository_name):
                 enable_cw_rum=target_env.get('enable_cw_rum', False),
                 enable_cw_canaries=target_env.get('enable_cw_canaries', False),
                 shared_dashboard_sessions=target_env.get('shared_dashboard_sessions', 'anonymous'),
+                enable_opensearch_serverless=target_env.get('enable_opensearch_serverless', False),
+                enable_pivot_role_auto_create=target_env.get('enable_pivot_role_auto_create', False),
             )
         )
         return backend_stage
@@ -599,7 +594,7 @@ def set_db_migration_stage(
             pipelines.CodeBuildStep(
                 id='MigrateDB',
                 build_environment=codebuild.BuildEnvironment(
-                    build_image=codebuild.LinuxBuildImage.AMAZON_LINUX_2_3,
+                    build_image=codebuild.LinuxBuildImage.AMAZON_LINUX_2_4,
                 ),
                 commands=[
                     'mkdir ~/.aws/ && touch ~/.aws/config',
@@ -618,6 +613,38 @@ def set_db_migration_stage(
             ),
         )
 
+    def set_stacks_updater_stage(
+        self,
+        target_env,
+    ):
+        wave = self.pipeline.add_wave(
+            f"{self.resource_prefix}-{target_env['envname']}-stacks-updater-stage"
+        )
+        wave.add_post(
+            pipelines.CodeBuildStep(
+                id='StacksUpdater',
+                build_environment=codebuild.BuildEnvironment(
+                    build_image=codebuild.LinuxBuildImage.AMAZON_LINUX_2_4,
+                ),
+                commands=[
+                    'mkdir ~/.aws/ && touch ~/.aws/config',
+                    'echo "[profile buildprofile]" > ~/.aws/config',
+                    f'echo "role_arn = arn:aws:iam::{target_env["account"]}:role/{self.resource_prefix}-{target_env["envname"]}-cb-stackupdater-role" >> ~/.aws/config',
+                    'echo "credential_source = EcsContainer" >> ~/.aws/config',
+                    'aws sts get-caller-identity --profile buildprofile',
+                    f"export cluster_name=$(aws ssm get-parameter --name /dataall/{target_env['envname']}/ecs/cluster/name --profile buildprofile --output text --query 'Parameter.Value')",
+                    f"export private_subnets=$(aws ssm get-parameter --name /dataall/{target_env['envname']}/ecs/private_subnets --profile buildprofile --output text --query 'Parameter.Value')",
+                    f"export security_groups=$(aws ssm get-parameter --name /dataall/{target_env['envname']}/ecs/security_groups --profile buildprofile --output text --query 'Parameter.Value')",
+                    f"export task_definition=$(aws ssm get-parameter --name /dataall/{target_env['envname']}/ecs/task_def_arn/stacks_updater --profile buildprofile --output text --query 'Parameter.Value')",
+                    'network_config="awsvpcConfiguration={subnets=[$private_subnets],securityGroups=[$security_groups],assignPublicIp=DISABLED}"',
+                    f'cluster_arn="arn:aws:ecs:{target_env["region"]}:{target_env["account"]}:cluster/$cluster_name"',
+                    f'aws --profile buildprofile ecs run-task --task-definition $task_definition --cluster "$cluster_arn" --launch-type "FARGATE" --network-configuration "$network_config" --launch-type FARGATE --propagate-tags TASK_DEFINITION',
+                ],
+                role_policy_statements=self.codebuild_policy,
+                vpc=self.vpc,
+            ),
+        )
+
     def set_cloudfront_stage(self, target_env):
         cloudfront_stage = self.pipeline.add_stage(
             CloudfrontStage(
@@ -637,10 +664,9 @@ def set_cloudfront_stage(self, target_env):
             pipelines.CodeBuildStep(
                 id='DeployFrontEnd',
                 build_environment=codebuild.BuildEnvironment(
-                    build_image=codebuild.LinuxBuildImage.AMAZON_LINUX_2_3,
+                    build_image=codebuild.LinuxBuildImage.AMAZON_LINUX_2_4,
                     compute_type=codebuild.ComputeType.LARGE,
                 ),
-                install_commands=["n 14.18.3"],
                 commands=[
                     f'export REACT_APP_STAGE={target_env["envname"]}',
                     f'export envname={target_env["envname"]}',
@@ -688,7 +714,7 @@ def set_cloudfront_stage(self, target_env):
             pipelines.CodeBuildStep(
                 id='UpdateDocumentation',
                 build_environment=codebuild.BuildEnvironment(
-                    build_image=codebuild.LinuxBuildImage.AMAZON_LINUX_2_3,
+                    build_image=codebuild.LinuxBuildImage.AMAZON_LINUX_2_4,
                 ),
                 commands=[
                     f'aws codeartifact login --tool pip --repository {self.codeartifact.pip_repo.attr_name} --domain {self.codeartifact.domain.attr_name} --domain-owner {self.codeartifact.domain.attr_owner}',
@@ -713,7 +739,7 @@ def cw_rum_config_action(self, target_env):
         return pipelines.CodeBuildStep(
             id='ConfigureRUM',
             build_environment=codebuild.BuildEnvironment(
-                build_image=codebuild.LinuxBuildImage.AMAZON_LINUX_2_3,
+                build_image=codebuild.LinuxBuildImage.AMAZON_LINUX_2_4,
             ),
             commands=[
                 f'export envname={target_env["envname"]}',
@@ -739,7 +765,7 @@ def cognito_config_action(self, target_env):
         return pipelines.CodeBuildStep(
             id='ConfigureCognito',
             build_environment=codebuild.BuildEnvironment(
-                build_image=codebuild.LinuxBuildImage.AMAZON_LINUX_2_3,
+                build_image=codebuild.LinuxBuildImage.AMAZON_LINUX_2_4,
             ),
             commands=[
                 f'export envname={target_env["envname"]}',
@@ -781,16 +807,14 @@ def set_albfront_stage(self, target_env, repository_name):
                 pipelines.CodeBuildStep(
                     id='FrontendImage',
                     build_environment=codebuild.BuildEnvironment(
-                        build_image=codebuild.LinuxBuildImage.AMAZON_LINUX_2_3,
+                        build_image=codebuild.LinuxBuildImage.AMAZON_LINUX_2_4,
                         compute_type=codebuild.ComputeType.LARGE,
                         privileged=True,
                         environment_variables={
                             'REPOSITORY_URI': codebuild.BuildEnvironmentVariable(
                                 value=f'{self.account}.dkr.ecr.{self.region}.amazonaws.com/{repository_name}'
                             ),
-                            'IMAGE_TAG': codebuild.BuildEnvironmentVariable(
-                                value=f'frontend-{self.image_tag}'
-                            ),
+                            'IMAGE_TAG': codebuild.BuildEnvironmentVariable(value=f'frontend-{self.image_tag}'),
                         },
                     ),
                     commands=[
@@ -824,16 +848,14 @@ def set_albfront_stage(self, target_env, repository_name):
                 pipelines.CodeBuildStep(
                     id='UserGuideImage',
                     build_environment=codebuild.BuildEnvironment(
-                        build_image=codebuild.LinuxBuildImage.AMAZON_LINUX_2_3,
+                        build_image=codebuild.LinuxBuildImage.AMAZON_LINUX_2_4,
                         compute_type=codebuild.ComputeType.LARGE,
                         privileged=True,
                         environment_variables={
                             'REPOSITORY_URI': codebuild.BuildEnvironmentVariable(
                                 value=f'{self.account}.dkr.ecr.{self.region}.amazonaws.com/{repository_name}'
                             ),
-                            'IMAGE_TAG': codebuild.BuildEnvironmentVariable(
-                                value=f'userguide-{self.image_tag}'
-                            ),
+                            'IMAGE_TAG': codebuild.BuildEnvironmentVariable(value=f'userguide-{self.image_tag}'),
                         },
                     ),
                     commands=[
@@ -901,7 +923,7 @@ def set_release_stage(
             pipelines.CodeBuildStep(
                 id='GitRelease',
                 build_environment=codebuild.BuildEnvironment(
-                    build_image=codebuild.LinuxBuildImage.AMAZON_LINUX_2_3,
+                    build_image=codebuild.LinuxBuildImage.AMAZON_LINUX_2_4,
                 ),
                 partial_build_spec=codebuild.BuildSpec.from_object(
                     dict(
diff --git a/deploy/stacks/secrets_stack.py b/deploy/stacks/secrets_stack.py
index b2c90378a..8d71129e1 100644
--- a/deploy/stacks/secrets_stack.py
+++ b/deploy/stacks/secrets_stack.py
@@ -18,6 +18,7 @@ def __init__(
         envname='dev',
         resource_prefix='dataall',
         enable_cw_canaries=False,
+        pivot_role_name=None,
         **kwargs,
     ):
         super().__init__(scope, id, **kwargs)
@@ -51,7 +52,7 @@ def __init__(
             self,
             f'PivotRoleNameSecret{envname}',
             name=f'dataall-pivot-role-name-{envname}',
-            secret_string='dataallPivotRole',
+            secret_string=pivot_role_name,
             kms_key_id=self.pivot_role_name_key.key_id,
             description=f'Stores dataall pivot role name for environment {envname}',
         )
@@ -70,9 +71,7 @@ def __init__(
                 f'canary-user',
                 secret_name=f'{resource_prefix}-{envname}-cognito-canary-user',
                 generate_secret_string=sm.SecretStringGenerator(
-                    secret_string_template=json.dumps(
-                        {'username': f'cwcanary-{self.account}'}
-                    ),
+                    secret_string_template=json.dumps({'username': f'cwcanary-{self.account}'}),
                     generate_string_key='password',
                     include_space=False,
                     password_length=12,
diff --git a/deploy/stacks/vpc.py b/deploy/stacks/vpc.py
index 8c7f16429..42f04b0fb 100644
--- a/deploy/stacks/vpc.py
+++ b/deploy/stacks/vpc.py
@@ -22,6 +22,7 @@ def __init__(
         vpc_endpoints_sg=None,
         cidr=None,
         resource_prefix=None,
+        restricted_nacl=False,
         **kwargs,
     ):
         super().__init__(scope, id, **kwargs)
@@ -29,7 +30,7 @@ def __init__(
         if vpc_id:
             self.vpc = ec2.Vpc.from_lookup(self, f'vpc', vpc_id=vpc_id)
         else:
-            self.create_new_vpc(cidr, envname, resource_prefix)
+            self.create_new_vpc(cidr, envname, resource_prefix, restricted_nacl)
 
         if vpc_endpoints_sg:
             self.vpce_security_group = ec2.SecurityGroup.from_security_group_id(
@@ -107,7 +108,7 @@ def __init__(
                 description=f'{resource_prefix}-{envname}-cidrBlock',
             )
 
-    def create_new_vpc(self, cidr, envname, resource_prefix):
+    def create_new_vpc(self, cidr, envname, resource_prefix, restricted_nacl):
         self.vpc = ec2.Vpc(
             self,
             'VPC',
@@ -125,6 +126,55 @@ def create_new_vpc(self, cidr, envname, resource_prefix):
             ],
             nat_gateways=1,
         )
+        if restricted_nacl:
+            nacl = ec2.NetworkAcl(
+                self, "RestrictedNACL",
+                vpc=self.vpc,
+                network_acl_name=f'{resource_prefix}-{envname}-restrictedNACL',
+                subnet_selection=ec2.SubnetSelection(subnets=self.vpc.private_subnets + self.vpc.public_subnets),
+            )
+            nacl.add_entry(
+                "entryOutbound",
+                cidr=ec2.AclCidr.any_ipv4(),
+                traffic=ec2.AclTraffic.all_traffic(),
+                rule_number=100,
+                direction=ec2.TrafficDirection.EGRESS,
+                rule_action=ec2.Action.ALLOW
+            )
+            nacl.add_entry(
+                "entryInboundHTTPS",
+                cidr=ec2.AclCidr.any_ipv4(),
+                traffic=ec2.AclTraffic.tcp_port(443),
+                rule_number=100,
+                direction=ec2.TrafficDirection.INGRESS,
+                rule_action=ec2.Action.ALLOW
+            )
+            nacl.add_entry(
+                "entryInboundHTTP",
+                cidr=ec2.AclCidr.any_ipv4(),
+                traffic=ec2.AclTraffic.tcp_port(80),
+                rule_number=101,
+                direction=ec2.TrafficDirection.INGRESS,
+                rule_action=ec2.Action.ALLOW
+            )
+            nacl.add_entry(
+                "entryInboundCustomTCP",
+                cidr=ec2.AclCidr.any_ipv4(),
+                traffic=ec2.AclTraffic.tcp_port_range(start_port=1024, end_port=65535),
+                rule_number=102,
+                direction=ec2.TrafficDirection.INGRESS,
+                rule_action=ec2.Action.ALLOW
+            )
+            nacl.add_entry(
+                "entryInboundAllInVPC",
+                cidr=ec2.AclCidr.ipv4(self.vpc.vpc_cidr_block),
+                traffic=ec2.AclTraffic.all_traffic(),
+                rule_number=103,
+                direction=ec2.TrafficDirection.INGRESS,
+                rule_action=ec2.Action.ALLOW
+            )
+
+
         flowlog_log_group = logs.LogGroup(
             self,
             f'{resource_prefix}/{envname}/flowlogs',
@@ -209,7 +259,6 @@ def _create_vpc_endpoints(self) -> None:
                 private_dns_enabled=True,
                 security_groups=[cast(ec2.ISecurityGroup, self.vpce_security_group)],
             )
-
         self.vpc.add_interface_endpoint(
             id='code_artifact_repo_endpoint',
             service=cast(
@@ -217,7 +266,7 @@ def _create_vpc_endpoints(self) -> None:
                 ec2.InterfaceVpcEndpointAwsService('codeartifact.repositories'),
             ),
             subnets=ec2.SubnetSelection(subnets=self.vpc.private_subnets),
-            private_dns_enabled=False,
+            private_dns_enabled=True,
             security_groups=[cast(ec2.ISecurityGroup, self.vpce_security_group)],
         )
         self.vpc.add_interface_endpoint(
@@ -227,6 +276,6 @@ def _create_vpc_endpoints(self) -> None:
                 ec2.InterfaceVpcEndpointAwsService('codeartifact.api'),
             ),
             subnets=ec2.SubnetSelection(subnets=self.vpc.private_subnets),
-            private_dns_enabled=False,
+            private_dns_enabled=True,
             security_groups=[cast(ec2.ISecurityGroup, self.vpce_security_group)],
         )
diff --git a/documentation/userguide/docs/environments.md b/documentation/userguide/docs/environments.md
index 9aabe13b6..233d90ef3 100644
--- a/documentation/userguide/docs/environments.md
+++ b/documentation/userguide/docs/environments.md
@@ -9,34 +9,29 @@ users store data and work with data.**
     To ensure correct data access and AWS resources isolation, onboard one environment in each AWS account.
     Despite being possible, **we strongly discourage users to use the same AWS account for multiple environments**.
 
-## :material-hammer-screwdriver: **Bootstrap your AWS account**
-*data.all*does not create AWS accounts. You need to provide an AWS account and complete the following bootstraping
-steps on that AWS account in each region you want to use.
+## :material-hammer-screwdriver: **AWS account Pre-requisites**
+*data.all* does not create AWS accounts. You need to provide an AWS account and complete the following bootstraping
+steps.
 
-### 1. Create AWS IAM role
-<span style="color:grey">*data.all*</span> assumes a IAM role named **PivotRole** to be able to call AWS SDK APIs on your account. You can download
-the AWS CloudFormation stack from <span style="color:grey">*data.all*</span> environment creation form. (Navigate to an
-organization and click on link an environment to see this form)
-
-
-### 2. Setup AWS CDK
+### 1. CDK Bootstrap
 
 <span style="color:grey">*data.all*</span> uses AWS CDK to deploy and manage resources on your AWS account.
 AWS CDK requires some resources to exist on the AWS account, and provides a command called `bootstrap` to deploy these
-specific resources.
+specific resources in a particular AWS region.
 
-Moreover, we need to trust data.all infrastructure account.
+In this step we establish a trust relationship between the data.all infrastructure account and the accounts to be linked as environments.
 data.all codebase and CI/CD resources are in the data.all **tooling account**,
-while all the resources used by the platform
-are located in a **infrastructure account**. From this last one we will deploy environments and other resources
-inside each of our business accounts (the ones to be boostraped).
+and all the application resources used by the platform
+are located in a **infrastructure account**. From the infrastructure account we will deploy environments and other resources
+inside each of our business accounts. We are granting permissions to the infrastructure account 
+by setting the `--trust` parameter in the cdk bootstrap command.
 
-
-To boostrap the AWS account using AWS CDK, you need :
+To boostrap the AWS account using AWS CDK, you need the following (which are already fulfilled if you open AWS CloudShell from the environment account).
 
 1. to have AWS credentials configured in ~/.aws/credentials or as environment variables.
-2. to install cdk : `npm install -g aws-cdk`
-3. to run the following command :
+2. to install cdk: `npm install -g aws-cdk`
+
+Then, you can copy/paste the following command from the UI and run from your local machine or CloudShell:
 ````bash
 cdk bootstrap --trust DATA.ALL_AWS_ACCOUNT_NUMBER  -c @aws-cdk/core:newStyleStackSynthesis=true --cloudformation-execution-policies arn:aws:iam::aws:policy/AdministratorAccess aws://YOUR_ENVIRONMENT_AWS_ACCOUNT_NUMBER/ENVIRONMENT_REGION
 ````
@@ -51,8 +46,31 @@ cdk bootstrap --trust DATA.ALL_AWS_ACCOUNT_NUMBER  -c @aws-cdk/core:newStyleStac
     ````
 
 
+### 2. (For manual) Pivot role
+<span style="color:grey">*data.all*</span> assumes a certain IAM role to be able to call AWS SDK APIs on your account. 
+The Pivot Role is a super role in the environment account and thus, it is 
+protected to be assumed only by the data.all central account using an external Id.
 
-### 3. Enable AWS Lake Formation
+Since release V1.5.0, the Pivot Role can be created as part of the environment CDK stack, given that the trust between data.all and the environment account
+is already explicitly granted in the bootstraping of the account. To enable the creation of Pivot Roles as part
+of the environment stack, the `cdk.json` parameter `enable_pivot_role_auto_create` needs to be set to `true`. 
+When an environment is linked to data.all a nested stack creates a role called **dataallPivotRole-cdk**.
+
+For versions prior to V1.5.0 or if `enable_pivot_role_auto_create` is `false` the Pivot Role needs to be created manually.
+In this case, the AWS CloudFormation stack of the role can be downloaded from <span style="color:grey">*data.all*</span> environment creation form. 
+(Navigate to an organization and click on link an environment to see this form). Fill the CloudFormation stack with the parameters
+available in data.all UI to create the role named **dataallPivotRole**. 
+
+!!! note "Upgrading from manual to cdk-created Pivot Role"
+    If you have existing environments that were linked to data.all using a manually created Pivot Role you can
+    still benefit from V1.5.0 `enable_pivot_role_auto_create` feature. You just need to update that parameter in
+    the `cdk.json` configuration of your deployment. Once the CICD pipeline has completed: new linked environments 
+    will contain the nested cdk-pivotRole stack (no actions needed) and existing environments can be updated by: a) manually, 
+    by clicking on "update stack" in the environment>stack tab  b) automatically, wait for the `stack-updater` ECS task that 
+    runs daily overnight c) automatically, set the added `enable_update_dataall_stacks_in_cicd_pipeline` parameter to `true` in 
+    the `cdk.json` config file. The `stack-updater` ECS task will be triggered from the CICD pipeline
+
+### 3. (For new accounts) AWS Lake Formation Service role
 <span style="color:grey">*data.all*</span> relies on AWS Lake Formation to manage access to your structured data.
 If AWS Lake Formation has never been
 activated on your AWS account, you need to create
@@ -67,7 +85,7 @@ aws iam create-service-linked-role --aws-service-name lakeformation.amazonaws.co
     role name AWSServiceRoleForLakeFormationDataAccess has been taken in this account, please try a different suffix.
     <b>You can skip this step, as this indicates the Lake formation service-linked role exists.</b>
 
-### 4. Amazon Quicksight
+### 4. (For Dashboards) Subscribe to Amazon Quicksight
 
 This is an optional step. To link environments with <i><b>Dashboards enabled</b></i> , you will also need a running Amazon QuickSight subscription
 on the bootstraped account. If you have not subscribed to Quicksight before, go to your AWS account and choose the
@@ -87,6 +105,27 @@ to enable Dashboard Embedding on <span style="color:grey">*data.all*</span> UI.
 
 ![quicksight_domain](pictures/environments/boot_qs_3.png#zoom#shadow)
 
+### 5. (For ML Studio) Delete or adapt the default VPC
+If ML Studio is enabled, data.all checks if there is an existing SageMaker Studio domain. If there is an existing domain
+it will use it to create ML Studio profiles. If no pre-existing domain is found, data.all will create a new one.
+
+Prior to V1.5.0 data.all always used the default VPC to create a new SageMaker domain. The default VPC had then to be
+customized to fulfill the networking requirements specified in the Sagemaker
+[documentation](https://docs.aws.amazon.com/sagemaker/latest/dg/studio-notebooks-and-internet-access.html) for VPCOnly 
+domains.
+
+In V1.5.0 we introduce the creation of a suitable VPC for SageMaker as part of the environment stack. However, it is not possible to edit the VPC used by a SageMaker domain, it requires deletion and re-creation. To allow backwards
+compatibility and not delete the pre-existing domains, in V1.5.0 the default behavior is still to use the default VPC.
+
+Data.all will create a SageMaker VPC:
+- For new environments: (link environment)
+  - if there is not a pre-existing SageMaker Studio domain
+  - if there is not a default VPC in the account
+- For pre-existing environments: (update environment)
+  - if all ML Studio profiles have been deleted (from CloudFormation as well)
+  - if there is not a pre-existing SageMaker Studio domain
+  - if the default VPC has been deleted in the account
+
 ## :material-new-box: **Link an environment**
 ### Necessary permissions
 !!! note "Environment permissions"
diff --git a/documentation/userguide/docs/mlstudio.md b/documentation/userguide/docs/mlstudio.md
index 1f295051d..cef153088 100644
--- a/documentation/userguide/docs/mlstudio.md
+++ b/documentation/userguide/docs/mlstudio.md
@@ -1,18 +1,19 @@
 # **ML Studio**
-With ML Studio Notebooks we can add users to our SageMaker domain and open Amazon SageMaker Studio
+With ML Studio Profiles we can add users to our SageMaker domain and open Amazon SageMaker Studio.
+The SageMaker Studio domain is created as part of the environment stack. 
 
 
-## :material-new-box: **Create a ML Notebook**
-To create a new Notebook, go to ML Studio on the left side pane and click on Create. Then fill in the creation form
+## :material-new-box: **Create an ML Studio profile**
+To create a new ML Studio profile, go to ML Studio on the left side pane and click on Create. Then fill in the creation form
 with its corresponding information.
 
-![notebooks](pictures/mlstudio/ml_studio.png#zoom#shadow)
+![notebooks](pictures/mlstudio/ml_studio.png)
 
 
 | Field                         | Description                                 | Required | Editable |Example
 |-------------------------------|---------------------------------------------|----------|----------|-------------
 | Sagemaker Studio profile name | Name of the user to add to SageMaker domain | Yes      | No       |johndoe
-| Short description             | Short description about the notebook        | No       | No       |Notebook for Cannes exploration
+| Short description             | Short description about the user profile    | No       | No       |Notebook for Cannes exploration
 | Tags                          | Tags                                        | No       | No       |deleteme
 | Environment                   | Environment (and mapped AWS account)        | Yes      | No       |Data Science
 | Region (auto-filled)          | AWS region                                  | Yes      | No       |Europe (Ireland)
@@ -22,19 +23,19 @@ with its corresponding information.
 
 
 ## :material-cloud-check-outline: **Check CloudFormation stack**
-In the **Stack** tab of the ML Studio Notebook, is where we check the AWS resources provisioned by data.all as well as its status.
+In the **Stack** tab of the ML Studio Profile, is where we check the AWS resources provisioned by data.all as well as its status.
 As part of the CloudFormation stack deployed using CDK, data.all will deploy some CDK metadata and a SageMaker User Profile.
 
 
-## :material-trash-can-outline: **Delete a Notebook**
+## :material-trash-can-outline: **Delete an ML Studio user**
 
-To delete a Notebook, simply select it and click on the **Delete** button in the top right corner. It is possible to
-keep the CloudFormation stack associated with the Notebook by selecting this option in the confirmation
+To delete a SageMaker user, simply select it and click on the **Delete** button in the top right corner. It is possible to
+keep the CloudFormation stack associated with the User by selecting this option in the confirmation
 delete window that appears after clicking on delete.
 
-![notebooks](pictures/mlstudio/ml_studio_3.png#zoom#shadow)
+![notebooks](pictures/mlstudio/ml_studio_3.png)
 
 ## :material-file-code-outline: **Open Amazon SageMaker Studio**
 Click on the **Open ML Studio** button of the ML Studio notebook window to open Amazon SageMaker Studio.
 
-![notebooks](pictures/mlstudio/ml_studio_2.png#zoom#shadow)
+![notebooks](pictures/mlstudio/ml_studio_2.png)
diff --git a/frontend/src/views/Environments/EnvironmentCreateForm.js b/frontend/src/views/Environments/EnvironmentCreateForm.js
index 77bc5ee04..e9ec62afb 100644
--- a/frontend/src/views/Environments/EnvironmentCreateForm.js
+++ b/frontend/src/views/Environments/EnvironmentCreateForm.js
@@ -264,7 +264,7 @@ const EnvironmentCreateForm = (props) => {
             <CardContent>
               <Box>
                 <Typography color="textSecondary" variant="subtitle2">
-                  1. Bootstrap your AWS account with AWS CDK
+                  Bootstrap your AWS account with AWS CDK
                 </Typography>
                 <Typography color="textPrimary" variant="subtitle2">
                   <CopyToClipboard
@@ -285,60 +285,68 @@ const EnvironmentCreateForm = (props) => {
                   {`cdk bootstrap --trust ${trustedAccount} -c @aws-cdk/core:newStyleStackSynthesis=true --cloudformation-execution-policies arn:aws:iam::aws:policy/AdministratorAccess aws://ACCOUNT_ID/REGION`}
                 </Typography>
               </Box>
-              <Box>
-                <Box>
-                  <Typography color="textSecondary" variant="subtitle2">
-                    2. Create an IAM role named <b>{pivotRoleName}</b> using AWS
-                    CloudFormation stack below
-                  </Typography>
-                </Box>
-                <Grid container justifyContent="space-between" spacing={3}>
-                  <Grid item lg={6} xl={6} xs={6}>
-                    <Button
-                      color="primary"
-                      startIcon={<CloudDownloadOutlined fontSize="small" />}
-                      sx={{ mt: 1, mb: 2, ml: 2 }}
-                      variant="outlined"
-                      onClick={() => {
-                        getPivotRoleUrl().catch((e) =>
-                          dispatch({ type: SET_ERROR, error: e.message })
-                        );
-                      }}
-                    >
-                      CloudFormation stack
-                    </Button>
-                    <Button
-                      color="primary"
-                      startIcon={<CopyAllOutlined fontSize="small" />}
-                      sx={{ mt: 1, mb: 2, ml: 2 }}
-                      variant="outlined"
-                      onClick={() => {
-                        copyPivotRoleName().catch((e) =>
-                          dispatch({ type: SET_ERROR, error: e.message })
-                        );
-                      }}
-                    >
-                      Pivot role name
-                    </Button>
-                    <Button
-                      color="primary"
-                      startIcon={<CopyAllOutlined fontSize="small" />}
-                      sx={{ mt: 1, mb: 2, ml: 2 }}
-                      variant="outlined"
-                      onClick={() => {
-                        getExternalId().catch((e) =>
-                          dispatch({ type: SET_ERROR, error: e.message })
-                        );
-                      }}
-                    >
-                      External Id
-                    </Button>
-                  </Grid>
-                </Grid>
-              </Box>
+              {process.env.REACT_APP_ENABLE_PIVOT_ROLE_AUTO_CREATE == 'True' ? (
+                   <Box>
+                      <Typography color="textSecondary" variant="subtitle2">
+                        As part of the environment CloudFormation stack data.all will create an IAM role (Pivot Role) to manage AWS operations in the environment AWS Account.
+                      </Typography>
+                    </Box>
+                ): (
+                    <Box>
+                      <Box>
+                        <Typography color="textSecondary" variant="subtitle2">
+                          Create an IAM role named <b>{pivotRoleName}</b> using the AWS
+                          CloudFormation stack below
+                        </Typography>
+                      </Box>
+                      <Grid container justifyContent="space-between" spacing={3}>
+                        <Grid item lg={6} xl={6} xs={6}>
+                          <Button
+                            color="primary"
+                            startIcon={<CloudDownloadOutlined fontSize="small" />}
+                            sx={{ mt: 1, mb: 2, ml: 2 }}
+                            variant="outlined"
+                            onClick={() => {
+                              getPivotRoleUrl().catch((e) =>
+                                dispatch({ type: SET_ERROR, error: e.message })
+                              );
+                            }}
+                          >
+                            CloudFormation stack
+                          </Button>
+                          <Button
+                            color="primary"
+                            startIcon={<CopyAllOutlined fontSize="small" />}
+                            sx={{ mt: 1, mb: 2, ml: 2 }}
+                            variant="outlined"
+                            onClick={() => {
+                              copyPivotRoleName().catch((e) =>
+                                dispatch({ type: SET_ERROR, error: e.message })
+                              );
+                            }}
+                          >
+                            Pivot role name
+                          </Button>
+                          <Button
+                            color="primary"
+                            startIcon={<CopyAllOutlined fontSize="small" />}
+                            sx={{ mt: 1, mb: 2, ml: 2 }}
+                            variant="outlined"
+                            onClick={() => {
+                              getExternalId().catch((e) =>
+                                dispatch({ type: SET_ERROR, error: e.message })
+                              );
+                            }}
+                          >
+                            External Id
+                          </Button>
+                        </Grid>
+                      </Grid>
+                    </Box>
+                  )}
               <Box>
                 <Typography color="textSecondary" variant="subtitle2">
-                  3. Manage your environment features
+                  Make sure that the services needed for the selected environment features are available in your AWS Account.
                 </Typography>
               </Box>
             </CardContent>
diff --git a/template_cdk.json b/template_cdk.json
index c87fafafc..75a36cfbd 100644
--- a/template_cdk.json
+++ b/template_cdk.json
@@ -7,6 +7,7 @@
     "@aws-cdk/core:stackRelativeExports": false,
     "tooling_region": "string_TOOLING_REGION|DEFAULT=eu-west-1",
     "tooling_vpc_id": "string_IMPORT_AN_EXISTING_VPC_FROM_TOOLING|DEFAULT=None",
+    "tooling_vpc_restricted_nacl": "boolean_CREATE_CUSTOM_NACL|DEFAULT=false",
     "git_branch": "string_GIT_BRANCH_NAME|DEFAULT=dataall",
     "git_release": "boolean_MANAGE_GIT_RELEASE|DEFAULT=false",
     "quality_gate": "boolean_MANAGE_QUALITY_GATE_STAGE|DEFAULT=true",
@@ -31,7 +32,11 @@
         "prod_sizing": "boolean_SET_INFRA_SIZING_TO_PROD_VALUES_IF_TRUE|DEFAULT=true",
         "enable_cw_rum":  "boolean_SET_CLOUDWATCH_RUM_APP_MONITOR|DEFAULT=false",
         "enable_cw_canaries": "boolean_SET_CLOUDWATCH_CANARIES_FOR_FRONTEND_TESTING|DEFAULT=false",
-        "shared_dashboards_sessions": "string_TYPE_SESSION_SHARED_DASHBOARDS|(reader, anonymous) DEFAULT=anonymous"
+        "shared_dashboards_sessions": "string_TYPE_SESSION_SHARED_DASHBOARDS|(reader, anonymous) DEFAULT=anonymous",
+        "enable_quicksight_monitoring": "boolean_ENABLE_CONNECTION_QUICKSIGHT_RDS|DEFAULT=false",
+        "enable_opensearch_serverless": "boolean_USE_OPENSEARCH_SERVERLESS|DEFAULT=false",
+        "enable_pivot_role_auto_create": "boolean_ENABLE_PIVOT_ROLE_AUTO_CREATE_IN_ENVIRONMENT|DEFAULT=false",
+        "enable_update_dataall_stacks_in_cicd_pipeline": "boolean_ENABLE_UPDATE_DATAALL_STACKS_IN_CICD_PIPELINE|DEFAULT=false"
       }
     ]
   }
diff --git a/tests/api/conftest.py b/tests/api/conftest.py
index e2541ac72..fa3be8ade 100644
--- a/tests/api/conftest.py
+++ b/tests/api/conftest.py
@@ -15,11 +15,16 @@ def patch_check_env(module_mocker):
         'dataall.api.Objects.Environment.resolvers.check_environment',
         return_value='CDKROLENAME',
     )
+    module_mocker.patch(
+        'dataall.api.Objects.Environment.resolvers.get_pivot_role_as_part_of_environment', return_value=False
+    )
 
 
 @pytest.fixture(scope='module', autouse=True)
-def patch_check_env(module_mocker):
-    module_mocker.patch('dataall.utils.Parameter.get_parameter', return_value='unknownvalue')
+def patch_check_dataset(module_mocker):
+    module_mocker.patch(
+        'dataall.api.Objects.Dataset.resolvers.check_dataset_account', return_value=True
+    )
 
 
 @pytest.fixture(scope='module', autouse=True)
@@ -605,12 +610,18 @@ def org_fixture(org, user, group, tenant):
 def env_fixture(env, org_fixture, user, group, tenant, module_mocker):
     module_mocker.patch('requests.post', return_value=True)
     module_mocker.patch('dataall.api.Objects.Environment.resolvers.check_environment', return_value=True)
+    module_mocker.patch(
+        'dataall.api.Objects.Environment.resolvers.get_pivot_role_as_part_of_environment', return_value=False
+    )
     env1 = env(org_fixture, 'dev', 'alice', 'testadmins', '111111111111', 'eu-west-1')
     yield env1
 
 
 @pytest.fixture(scope='module')
-def dataset_fixture(env_fixture, org_fixture, dataset, group) -> dataall.db.models.Dataset:
+def dataset_fixture(env_fixture, org_fixture, dataset, group, module_mocker) -> dataall.db.models.Dataset:
+    module_mocker.patch(
+        'dataall.api.Objects.Dataset.resolvers.check_dataset_account', return_value=True
+    )
     yield dataset(
         org=org_fixture,
         env=env_fixture,
diff --git a/tests/api/test_dashboards.py b/tests/api/test_dashboards.py
index 8e83e3d54..b275bb72c 100644
--- a/tests/api/test_dashboards.py
+++ b/tests/api/test_dashboards.py
@@ -16,6 +16,9 @@ def env1(env, org1, user, group, tenant, module_mocker):
     module_mocker.patch(
         'dataall.api.Objects.Environment.resolvers.check_environment', return_value=True
     )
+    module_mocker.patch(
+        'dataall.api.Objects.Environment.resolvers.get_pivot_role_as_part_of_environment', return_value=False
+    )
     env1 = env(org1, 'dev', user.userName, group.name, '111111111111', 'eu-west-1')
     yield env1
 
diff --git a/tests/api/test_datapipelines.py b/tests/api/test_datapipelines.py
index a017eca38..81a8b4e03 100644
--- a/tests/api/test_datapipelines.py
+++ b/tests/api/test_datapipelines.py
@@ -8,20 +8,12 @@ def org1(org, user, group, tenant):
 
 
 @pytest.fixture(scope='module')
-def env1(env, org1, user, group, tenant, module_mocker):
-    module_mocker.patch('requests.post', return_value=True)
-    module_mocker.patch(
-        'dataall.api.Objects.Environment.resolvers.check_environment', return_value=True
-    )
+def env1(env, org1, user, group, tenant):
     env1 = env(org1, 'cicd', user.userName, group.name, '111111111111', 'eu-west-1')
     yield env1
 
 @pytest.fixture(scope='module')
-def env2(env, org1, user, group, tenant, module_mocker):
-    module_mocker.patch('requests.post', return_value=True)
-    module_mocker.patch(
-        'dataall.api.Objects.Environment.resolvers.check_environment', return_value=True
-    )
+def env2(env, org1, user, group):
     env2 = env(org1, 'dev', user.userName, group.name, '222222222222', 'eu-west-1')
     yield env2
 
diff --git a/tests/api/test_dataset.py b/tests/api/test_dataset.py
index 057ff66a3..dd1d81a86 100644
--- a/tests/api/test_dataset.py
+++ b/tests/api/test_dataset.py
@@ -12,11 +12,7 @@ def org1(org, user, group, tenant):
 
 
 @pytest.fixture(scope='module', autouse=True)
-def env1(env, org1, user, group, tenant, module_mocker):
-    module_mocker.patch('requests.post', return_value=True)
-    module_mocker.patch(
-        'dataall.api.Objects.Environment.resolvers.check_environment', return_value=True
-    )
+def env1(env, org1, user, group, tenant):
     env1 = env(org1, 'dev', 'alice', 'testadmins', '111111111111', 'eu-west-1')
     yield env1
 
@@ -104,7 +100,7 @@ def test_list_datasets(client, dataset1, group):
     assert response.data.listDatasets.nodes[0].datasetUri == dataset1.datasetUri
 
 
-def test_update_dataset(dataset1, client, patch_es, group, group2):
+def test_update_dataset(dataset1, client, group, group2):
     response = client.query(
         """
         mutation UpdateDataset($datasetUri:String!,$input:ModifyDatasetInput){
diff --git a/tests/api/test_dataset_location.py b/tests/api/test_dataset_location.py
index 128d21bbb..32f876aa2 100644
--- a/tests/api/test_dataset_location.py
+++ b/tests/api/test_dataset_location.py
@@ -12,11 +12,7 @@ def org1(org, user, group, tenant):
 
 
 @pytest.fixture(scope='module', autouse=True)
-def env1(env, org1, user, group, tenant, module_mocker):
-    module_mocker.patch('requests.post', return_value=True)
-    module_mocker.patch(
-        'dataall.api.Objects.Environment.resolvers.check_environment', return_value=True
-    )
+def env1(env, org1, user, group, tenant):
     env1 = env(org1, 'dev', user.userName, group.name, '111111111111', 'eu-west-1')
     yield env1
 
diff --git a/tests/api/test_dataset_profiling.py b/tests/api/test_dataset_profiling.py
index c5bed6d1e..ece463008 100644
--- a/tests/api/test_dataset_profiling.py
+++ b/tests/api/test_dataset_profiling.py
@@ -11,11 +11,7 @@ def org1(org, user, group, tenant):
 
 
 @pytest.fixture(scope='module', autouse=True)
-def env1(env, org1, user, group, tenant, module_mocker):
-    module_mocker.patch('requests.post', return_value=True)
-    module_mocker.patch(
-        'dataall.api.Objects.Environment.resolvers.check_environment', return_value=True
-    )
+def env1(env, org1, user, group, tenant):
     env1 = env(org1, 'dev', user.userName, group.name, '111111111111', 'eu-west-1')
     yield env1
 
diff --git a/tests/api/test_dataset_table.py b/tests/api/test_dataset_table.py
index 6c30e77ea..66986a41a 100644
--- a/tests/api/test_dataset_table.py
+++ b/tests/api/test_dataset_table.py
@@ -12,11 +12,7 @@ def org1(org, user, group, tenant):
 
 
 @pytest.fixture(scope='module', autouse=True)
-def env1(env, org1, user, group, tenant, module_mocker):
-    module_mocker.patch('requests.post', return_value=True)
-    module_mocker.patch(
-        'dataall.api.Objects.Environment.resolvers.check_environment', return_value=True
-    )
+def env1(env, org1, user, group):
     env1 = env(org1, 'dev', user.userName, group.name, '111111111111', 'eu-west-1')
     yield env1
 
diff --git a/tests/api/test_environment.py b/tests/api/test_environment.py
index e961a445c..aca5a6bf1 100644
--- a/tests/api/test_environment.py
+++ b/tests/api/test_environment.py
@@ -11,11 +11,7 @@ def org1(org, user, group, tenant):
 
 
 @pytest.fixture(scope='module', autouse=True)
-def env1(env, org1, user, group, tenant, module_mocker):
-    module_mocker.patch('requests.post', return_value=True)
-    module_mocker.patch(
-        'dataall.api.Objects.Environment.resolvers.check_environment', return_value=True
-    )
+def env1(env, org1, user, group, tenant):
     env1 = env(org1, 'dev', user.userName, group.name, '111111111111', 'eu-west-1')
     yield env1
 
diff --git a/tests/api/test_glossary.py b/tests/api/test_glossary.py
index 157c6cd2c..8821aadd0 100644
--- a/tests/api/test_glossary.py
+++ b/tests/api/test_glossary.py
@@ -11,12 +11,8 @@ def _org(db, org, tenant, user, group) -> models.Organization:
 
 @pytest.fixture(scope='module')
 def _env(
-    db, _org: models.Organization, user, group, module_mocker, env
+    db, _org: models.Organization, user, group, env
 ) -> models.Environment:
-    module_mocker.patch('requests.post', return_value=True)
-    module_mocker.patch(
-        'dataall.api.Objects.Environment.resolvers.check_environment', return_value=True
-    )
     env1 = env(_org, 'dev', user.userName, group.name, '111111111111', 'eu-west-1')
     yield env1
 
diff --git a/tests/api/test_group.py b/tests/api/test_group.py
index 7cab78314..c02e7de29 100644
--- a/tests/api/test_group.py
+++ b/tests/api/test_group.py
@@ -11,11 +11,7 @@ def org1(org, user, group, tenant):
 
 
 @pytest.fixture(scope='module', autouse=True)
-def env1(env, org1, user, group, tenant, module_mocker):
-    module_mocker.patch('requests.post', return_value=True)
-    module_mocker.patch(
-        'dataall.api.Objects.Environment.resolvers.check_environment', return_value=True
-    )
+def env1(env, org1, user, group, tenant):
     env1 = env(org1, 'dev', user.userName, group.name, '111111111111', 'eu-west-1')
     yield env1
 
diff --git a/tests/api/test_keyvaluetag.py b/tests/api/test_keyvaluetag.py
index 8d546cb3f..16e2827a7 100644
--- a/tests/api/test_keyvaluetag.py
+++ b/tests/api/test_keyvaluetag.py
@@ -17,16 +17,12 @@ def org1(db, org, tenant, user, group) -> models.Organization:
 def env1(
     db, org1: models.Organization, user, group, module_mocker, env
 ) -> models.Environment:
-    module_mocker.patch('requests.post', return_value=True)
-    module_mocker.patch(
-        'dataall.api.Objects.Environment.resolvers.check_environment', return_value=True
-    )
     env1 = env(org1, 'dev', user.userName, group.name, '111111111111', 'eu-west-1')
     yield env1
 
 
 @pytest.fixture(scope='module', autouse=True)
-def dataset1(db, env1, org1, group, user, dataset) -> models.Dataset:
+def dataset1(db, env1, org1, group, user, dataset, module_mocker) -> models.Dataset:
     with db.scoped_session() as session:
         yield dataset(
             org=org1, env=env1, name='dataset1', owner=user.userName, group=group.name
diff --git a/tests/api/test_organization.py b/tests/api/test_organization.py
index 47a78bcda..fd414af31 100644
--- a/tests/api/test_organization.py
+++ b/tests/api/test_organization.py
@@ -15,25 +15,19 @@ def org2(org, user2, group2, tenant):
 
 
 @pytest.fixture(scope='module', autouse=True)
-def env_dev(env, org2, user2, group2, tenant, module_mocker):
-    module_mocker.patch('requests.post', return_value=True)
-    module_mocker.patch('dataall.api.Objects.Environment.resolvers.check_environment', return_value=True)
+def env_dev(env, org2, user2, group2, tenant):
     env2 = env(org2, 'dev', user2.userName, group2.name, '222222222222', 'eu-west-1', 'description')
     yield env2
 
 
 @pytest.fixture(scope='module', autouse=True)
-def env_other(env, org2, user2, group2, tenant, module_mocker):
-    module_mocker.patch('requests.post', return_value=True)
-    module_mocker.patch('dataall.api.Objects.Environment.resolvers.check_environment', return_value=True)
+def env_other(env, org2, user2, group2, tenant):
     env2 = env(org2, 'other', user2.userName, group2.name, '222222222222', 'eu-west-1')
     yield env2
 
 
 @pytest.fixture(scope='module', autouse=True)
-def env_prod(env, org2, user2, group2, tenant, module_mocker):
-    module_mocker.patch('requests.post', return_value=True)
-    module_mocker.patch('dataall.api.Objects.Environment.resolvers.check_environment', return_value=True)
+def env_prod(env, org2, user2, group2, tenant):
     env2 = env(org2, 'prod', user2.userName, group2.name, '111111111111', 'eu-west-1', 'description')
     yield env2
 
@@ -188,7 +182,7 @@ def test_list_organizations_anyone(client, org1):
     assert response.data.listOrganizations.count == 0
 
 
-def test_group_invitation(db, client, org1, group2, user, group3, group, dataset, env, module_mocker):
+def test_group_invitation(db, client, org1, group2, user, group3, group, dataset, env):
     response = client.query(
         """
         mutation inviteGroupToOrganization($input:InviteGroupToOrganizationInput){
@@ -266,8 +260,6 @@ def test_group_invitation(db, client, org1, group2, user, group3, group, dataset
 
     assert response.data.listOrganizationGroups.count == 2
 
-    module_mocker.patch('requests.post', return_value=True)
-    module_mocker.patch('dataall.api.Objects.Environment.resolvers.check_environment', return_value=True)
     env2 = env(org1, 'devg2', user.userName, group2.name, '111111111112', 'eu-west-1')
     assert env2.environmentUri
 
diff --git a/tests/api/test_redshift_cluster.py b/tests/api/test_redshift_cluster.py
index c9a8fac73..3b26fb5e6 100644
--- a/tests/api/test_redshift_cluster.py
+++ b/tests/api/test_redshift_cluster.py
@@ -13,11 +13,7 @@ def org1(org, user, group, tenant):
 
 
 @pytest.fixture(scope='module', autouse=True)
-def env1(env, org1, user, group, tenant, module_mocker):
-    module_mocker.patch('requests.post', return_value=True)
-    module_mocker.patch(
-        'dataall.api.Objects.Environment.resolvers.check_environment', return_value=True
-    )
+def env1(env, org1, user, group, tenant):
     env1 = env(org1, 'dev', user.userName, group.name, '111111111111', 'eu-west-1')
     yield env1
 
@@ -86,8 +82,7 @@ def table2(table, dataset2):
 
 
 @pytest.fixture(scope='module')
-def cluster(env1, org1, client, module_mocker, group):
-    module_mocker.patch('requests.post', return_value=True)
+def cluster(env1, org1, client, group):
     ouri = org1.organizationUri
     euri = env1.environmentUri
     group_name = group.name
diff --git a/tests/api/test_sagemaker_notebook.py b/tests/api/test_sagemaker_notebook.py
index 1861936ad..a48f51c43 100644
--- a/tests/api/test_sagemaker_notebook.py
+++ b/tests/api/test_sagemaker_notebook.py
@@ -11,10 +11,6 @@ def org1(org, user, group, tenant):
 
 @pytest.fixture(scope='module')
 def env1(env, org1, user, group, tenant, module_mocker):
-    module_mocker.patch('requests.post', return_value=True)
-    module_mocker.patch(
-        'dataall.api.Objects.Environment.resolvers.check_environment', return_value=True
-    )
     env1 = env(org1, 'dev', user.userName, group.name, '111111111111', 'eu-west-1')
     yield env1
 
diff --git a/tests/api/test_sagemaker_studio.py b/tests/api/test_sagemaker_studio.py
index 2a165e7ff..70f903c73 100644
--- a/tests/api/test_sagemaker_studio.py
+++ b/tests/api/test_sagemaker_studio.py
@@ -12,10 +12,6 @@ def org1(org, user, group, tenant):
 
 @pytest.fixture(scope='module', autouse=True)
 def env1(env, org1, user, group, tenant, module_mocker):
-    module_mocker.patch('requests.post', return_value=True)
-    module_mocker.patch(
-        'dataall.api.Objects.Environment.resolvers.check_environment', return_value=True
-    )
     env1 = env(org1, 'dev', 'alice', 'testadmins', '111111111111', 'eu-west-1')
     yield env1
 
diff --git a/tests/api/test_vote.py b/tests/api/test_vote.py
index fd05557cc..1956802a9 100644
--- a/tests/api/test_vote.py
+++ b/tests/api/test_vote.py
@@ -11,12 +11,8 @@ def org1(db, org, tenant, user, group) -> models.Organization:
 
 @pytest.fixture(scope='module')
 def env1(
-    db, org1: models.Organization, user, group, module_mocker, env
+    db, org1: models.Organization, user, group, env
 ) -> models.Environment:
-    module_mocker.patch('requests.post', return_value=True)
-    module_mocker.patch(
-        'dataall.api.Objects.Environment.resolvers.check_environment', return_value=True
-    )
     env1 = env(org1, 'dev', user.userName, group.name, '111111111111', 'eu-west-1')
     yield env1
 
diff --git a/tests/api/test_vpc.py b/tests/api/test_vpc.py
index 028c90f60..a223b7e4e 100644
--- a/tests/api/test_vpc.py
+++ b/tests/api/test_vpc.py
@@ -10,11 +10,7 @@ def org1(org, user, group, tenant):
 
 
 @pytest.fixture(scope='module')
-def env1(env, org1, user, group, tenant, module_mocker):
-    module_mocker.patch('requests.post', return_value=True)
-    module_mocker.patch(
-        'dataall.api.Objects.Environment.resolvers.check_environment', return_value=True
-    )
+def env1(env, org1, user, group, tenant):
     env1 = env(org1, 'dev', user.userName, group.name, '111111111111', 'eu-west-1')
     yield env1
 
diff --git a/tests/cdkproxy/test_dataset_stack.py b/tests/cdkproxy/test_dataset_stack.py
index 19a30d513..14caf7942 100644
--- a/tests/cdkproxy/test_dataset_stack.py
+++ b/tests/cdkproxy/test_dataset_stack.py
@@ -17,7 +17,7 @@ def patch_methods(mocker, db, dataset, env, org):
         return_value="dataall-pivot-role-name-pytest",
     )
     mocker.patch(
-        'dataall.aws.handlers.lakeformation.LakeFormation.describe_resource',
+        'dataall.aws.handlers.lakeformation.LakeFormation.check_existing_lf_registered_location',
         return_value=False,
     )
     mocker.patch(
@@ -49,7 +49,6 @@ def test_resources_created(template):
     assert 'AWS::S3::Bucket' in template
     assert 'AWS::KMS::Key' in template
     assert 'AWS::IAM::Role' in template
-    assert 'AWS::Lambda::Function' in template
     assert 'AWS::IAM::Policy' in template
     assert 'AWS::S3::BucketPolicy' in template
     assert 'AWS::Glue::Job' in template
diff --git a/tests/cdkproxy/test_environment_stack.py b/tests/cdkproxy/test_environment_stack.py
index fbb01d83a..f5dceccdf 100644
--- a/tests/cdkproxy/test_environment_stack.py
+++ b/tests/cdkproxy/test_environment_stack.py
@@ -14,7 +14,11 @@ def patch_methods(mocker, db, env, another_group, permissions):
     )
     mocker.patch(
         'dataall.aws.handlers.sts.SessionHelper.get_delegation_role_name',
-        return_value="dataall-pivot-role-name-pytest",
+        return_value='dataall-pivot-role-name-pytest',
+    )
+    mocker.patch(
+        'dataall.aws.handlers.parameter_store.ParameterStoreManager.get_parameter_value',
+        return_value='False',
     )
     mocker.patch(
         'dataall.cdkproxy.stacks.environment.EnvironmentSetup.get_target',
@@ -25,16 +29,14 @@ def patch_methods(mocker, db, env, another_group, permissions):
         return_value=[another_group],
     )
     mocker.patch(
-        'dataall.cdkproxy.stacks.environment.EnvironmentSetup.check_sagemaker_studio',
+        'dataall.cdkproxy.stacks.sagemakerstudio.SageMakerDomain.check_existing_sagemaker_studio_domain',
         return_value=True,
     )
     mocker.patch(
         'dataall.aws.handlers.sts.SessionHelper.get_account',
         return_value='012345678901x',
     )
-    mocker.patch(
-        'dataall.utils.runtime_stacks_tagging.TagsUtil.get_engine', return_value=db
-    )
+    mocker.patch('dataall.utils.runtime_stacks_tagging.TagsUtil.get_engine', return_value=db)
     mocker.patch(
         'dataall.utils.runtime_stacks_tagging.TagsUtil.get_target',
         return_value=env,
@@ -43,6 +45,10 @@ def patch_methods(mocker, db, env, another_group, permissions):
         'dataall.cdkproxy.stacks.environment.EnvironmentSetup.get_environment_group_permissions',
         return_value=[permission.name for permission in permissions],
     )
+    mocker.patch(
+        'dataall.aws.handlers.sts.SessionHelper.get_external_id_secret',
+        return_value='*****',
+    )
 
 
 @pytest.fixture(scope='function', autouse=True)

From 50ff85a1152a66dfdc70ff9e2f546bda289c3ebb Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 25 Apr 2023 15:29:45 +0200
Subject: [PATCH 087/346] Move dataset related API to the dataset module

---
 .../api/Objects/Environment/queries.py        | 12 ----
 .../api/Objects/Environment/resolvers.py      | 17 -----
 backend/dataall/api/Objects/Group/queries.py  | 14 +---
 .../dataall/api/Objects/Group/resolvers.py    | 17 -----
 backend/dataall/db/api/environment.py         | 69 -------------------
 .../modules/datasets/api/dataset/queries.py   | 27 +++++++-
 .../modules/datasets/api/dataset/resolvers.py | 33 +++++++++
 .../datasets/services/dataset_service.py      | 67 ++++++++++++++++++
 8 files changed, 127 insertions(+), 129 deletions(-)

diff --git a/backend/dataall/api/Objects/Environment/queries.py b/backend/dataall/api/Objects/Environment/queries.py
index 34b397748..892b3d32b 100644
--- a/backend/dataall/api/Objects/Environment/queries.py
+++ b/backend/dataall/api/Objects/Environment/queries.py
@@ -48,18 +48,6 @@
 )
 
 
-listDatasetsCreatedInEnvironment = gql.QueryField(
-    name='listDatasetsCreatedInEnvironment',
-    type=gql.Ref('DatasetSearchResult'),
-    args=[
-        gql.Argument(name='environmentUri', type=gql.NonNullableType(gql.String)),
-        gql.Argument(name='filter', type=gql.Ref('DatasetFilter')),
-    ],
-    resolver=list_datasets_created_in_environment,
-    test_scope='Dataset',
-)
-
-
 searchEnvironmentDataItems = gql.QueryField(
     name='searchEnvironmentDataItems',
     args=[
diff --git a/backend/dataall/api/Objects/Environment/resolvers.py b/backend/dataall/api/Objects/Environment/resolvers.py
index 86f251f59..97c9f963e 100644
--- a/backend/dataall/api/Objects/Environment/resolvers.py
+++ b/backend/dataall/api/Objects/Environment/resolvers.py
@@ -370,23 +370,6 @@ def list_environment_group_permissions(
             check_perm=True,
         )
 
-
-def list_datasets_created_in_environment(
-    context: Context, source, environmentUri: str = None, filter: dict = None
-):
-    if not filter:
-        filter = {}
-    with context.engine.scoped_session() as session:
-        return db.api.Environment.paginated_environment_datasets(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            uri=environmentUri,
-            data=filter,
-            check_perm=True,
-        )
-
-
 def list_shared_with_environment_data_items(
     context: Context, source, environmentUri: str = None, filter: dict = None
 ):
diff --git a/backend/dataall/api/Objects/Group/queries.py b/backend/dataall/api/Objects/Group/queries.py
index 5cbf484ff..afa0abf17 100644
--- a/backend/dataall/api/Objects/Group/queries.py
+++ b/backend/dataall/api/Objects/Group/queries.py
@@ -1,5 +1,5 @@
 from ... import gql
-from .resolvers import get_group, list_datasets_owned_by_env_group, list_data_items_shared_with_env_group, list_cognito_groups
+from .resolvers import get_group, list_data_items_shared_with_env_group, list_cognito_groups
 
 getGroup = gql.QueryField(
     name='getGroup',
@@ -9,18 +9,6 @@
 )
 
 
-listDatasetsOwnedByEnvGroup = gql.QueryField(
-    name='listDatasetsOwnedByEnvGroup',
-    type=gql.Ref('DatasetSearchResult'),
-    args=[
-        gql.Argument(name='environmentUri', type=gql.NonNullableType(gql.String)),
-        gql.Argument(name='groupUri', type=gql.NonNullableType(gql.String)),
-        gql.Argument(name='filter', type=gql.Ref('DatasetFilter')),
-    ],
-    resolver=list_datasets_owned_by_env_group,
-    test_scope='Dataset',
-)
-
 
 listDataItemsSharedWithEnvGroup = gql.QueryField(
     name='listDataItemsSharedWithEnvGroup',
diff --git a/backend/dataall/api/Objects/Group/resolvers.py b/backend/dataall/api/Objects/Group/resolvers.py
index 11de0da1b..d29c5be2c 100644
--- a/backend/dataall/api/Objects/Group/resolvers.py
+++ b/backend/dataall/api/Objects/Group/resolvers.py
@@ -43,23 +43,6 @@ def get_group(context, source, groupUri):
     return Group(groupUri=groupUri, name=groupUri, label=groupUri)
 
 
-def list_datasets_owned_by_env_group(
-    context, source, environmentUri: str = None, groupUri: str = None, filter: dict = None
-):
-    if not filter:
-        filter = {}
-    with context.engine.scoped_session() as session:
-        return db.api.Environment.paginated_environment_group_datasets(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            envUri=environmentUri,
-            groupUri=groupUri,
-            data=filter,
-            check_perm=True,
-        )
-
-
 def list_data_items_shared_with_env_group(
     context, source, environmentUri: str = None, groupUri: str = None, filter: dict = None
 ):
diff --git a/backend/dataall/db/api/environment.py b/backend/dataall/db/api/environment.py
index a26650368..accee95f7 100644
--- a/backend/dataall/db/api/environment.py
+++ b/backend/dataall/db/api/environment.py
@@ -803,75 +803,6 @@ def find_consumption_roles_by_IAMArn(
             )
         ).first()
 
-    @staticmethod
-    def query_environment_datasets(session, username, groups, uri, filter) -> Query:
-        query = session.query(Dataset).filter(
-            and_(
-                Dataset.environmentUri == uri,
-                Dataset.deleted.is_(None),
-            )
-        )
-        if filter and filter.get('term'):
-            term = filter['term']
-            query = query.filter(
-                or_(
-                    Dataset.label.ilike('%' + term + '%'),
-                    Dataset.description.ilike('%' + term + '%'),
-                    Dataset.tags.contains(f'{{{term}}}'),
-                    Dataset.region.ilike('%' + term + '%'),
-                )
-            )
-        return query
-
-    @staticmethod
-    def query_environment_group_datasets(session, username, groups, envUri, groupUri, filter) -> Query:
-        query = session.query(Dataset).filter(
-            and_(
-                Dataset.environmentUri == envUri,
-                Dataset.SamlAdminGroupName == groupUri,
-                Dataset.deleted.is_(None),
-            )
-        )
-        if filter and filter.get('term'):
-            term = filter['term']
-            query = query.filter(
-                or_(
-                    Dataset.label.ilike('%' + term + '%'),
-                    Dataset.description.ilike('%' + term + '%'),
-                    Dataset.tags.contains(f'{{{term}}}'),
-                    Dataset.region.ilike('%' + term + '%'),
-                )
-            )
-        return query
-
-    @staticmethod
-    @has_resource_perm(permissions.LIST_ENVIRONMENT_DATASETS)
-    def paginated_environment_datasets(
-        session, username, groups, uri, data=None, check_perm=None
-    ) -> dict:
-        return paginate(
-            query=Environment.query_environment_datasets(
-                session, username, groups, uri, data
-            ),
-            page=data.get('page', 1),
-            page_size=data.get('pageSize', 10),
-        ).to_dict()
-
-    @staticmethod
-    def paginated_environment_group_datasets(
-        session, username, groups, envUri, groupUri, data=None, check_perm=None
-    ) -> dict:
-        return paginate(
-            query=Environment.query_environment_group_datasets(
-                session, username, groups, envUri, groupUri, data
-            ),
-            page=data.get('page', 1),
-            page_size=data.get('pageSize', 10),
-        ).to_dict()
-
-
-
-
     @staticmethod
     def query_environment_networks(session, username, groups, uri, filter) -> Query:
         query = session.query(models.Vpc).filter(
diff --git a/backend/dataall/modules/datasets/api/dataset/queries.py b/backend/dataall/modules/datasets/api/dataset/queries.py
index d48a78e90..1d1cdb137 100644
--- a/backend/dataall/modules/datasets/api/dataset/queries.py
+++ b/backend/dataall/modules/datasets/api/dataset/queries.py
@@ -7,7 +7,9 @@
     get_dataset_etl_credentials,
     get_dataset_summary,
     get_file_upload_presigned_url,
-    list_dataset_share_objects
+    list_dataset_share_objects,
+    list_datasets_owned_by_env_group,
+    list_datasets_created_in_environment,
 )
 from dataall.modules.datasets.api.dataset.schema import DatasetSearchResult
 
@@ -88,3 +90,26 @@
     ],
     type=gql.Ref('ShareSearchResult'),
 )
+
+listDatasetsOwnedByEnvGroup = gql.QueryField(
+    name='listDatasetsOwnedByEnvGroup',
+    type=gql.Ref('DatasetSearchResult'),
+    args=[
+        gql.Argument(name='environmentUri', type=gql.NonNullableType(gql.String)),
+        gql.Argument(name='groupUri', type=gql.NonNullableType(gql.String)),
+        gql.Argument(name='filter', type=gql.Ref('DatasetFilter')),
+    ],
+    resolver=list_datasets_owned_by_env_group,
+    test_scope='Dataset',
+)
+
+listDatasetsCreatedInEnvironment = gql.QueryField(
+    name='listDatasetsCreatedInEnvironment',
+    type=gql.Ref('DatasetSearchResult'),
+    args=[
+        gql.Argument(name='environmentUri', type=gql.NonNullableType(gql.String)),
+        gql.Argument(name='filter', type=gql.Ref('DatasetFilter')),
+    ],
+    resolver=list_datasets_created_in_environment,
+    test_scope='Dataset',
+)
diff --git a/backend/dataall/modules/datasets/api/dataset/resolvers.py b/backend/dataall/modules/datasets/api/dataset/resolvers.py
index 2938cd17f..29da121fc 100644
--- a/backend/dataall/modules/datasets/api/dataset/resolvers.py
+++ b/backend/dataall/modules/datasets/api/dataset/resolvers.py
@@ -643,3 +643,36 @@ def _deploy_dataset_stack(dataset: Dataset):
     """
     stack_helper.deploy_stack(dataset.datasetUri)
     stack_helper.deploy_stack(dataset.environmentUri)
+
+
+def list_datasets_created_in_environment(
+    context: Context, source, environmentUri: str = None, filter: dict = None
+):
+    if not filter:
+        filter = {}
+    with context.engine.scoped_session() as session:
+        return DatasetService.paginated_environment_datasets(
+            session=session,
+            username=context.username,
+            groups=context.groups,
+            uri=environmentUri,
+            data=filter,
+            check_perm=True,
+        )
+
+
+def list_datasets_owned_by_env_group(
+    context, source, environmentUri: str = None, groupUri: str = None, filter: dict = None
+):
+    if not filter:
+        filter = {}
+    with context.engine.scoped_session() as session:
+        return DatasetService.paginated_environment_group_datasets(
+            session=session,
+            username=context.username,
+            groups=context.groups,
+            envUri=environmentUri,
+            groupUri=groupUri,
+            data=filter,
+            check_perm=True,
+        )
\ No newline at end of file
diff --git a/backend/dataall/modules/datasets/services/dataset_service.py b/backend/dataall/modules/datasets/services/dataset_service.py
index f28d1b637..4f95b4582 100644
--- a/backend/dataall/modules/datasets/services/dataset_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_service.py
@@ -623,3 +623,70 @@ def count_dataset_tables(session, dataset_uri):
             .filter(DatasetTable.datasetUri == dataset_uri)
             .count()
         )
+
+    @staticmethod
+    def query_environment_group_datasets(session, username, groups, envUri, groupUri, filter) -> Query:
+        query = session.query(Dataset).filter(
+            and_(
+                Dataset.environmentUri == envUri,
+                Dataset.SamlAdminGroupName == groupUri,
+                Dataset.deleted.is_(None),
+            )
+        )
+        if filter and filter.get('term'):
+            term = filter['term']
+            query = query.filter(
+                or_(
+                    Dataset.label.ilike('%' + term + '%'),
+                    Dataset.description.ilike('%' + term + '%'),
+                    Dataset.tags.contains(f'{{{term}}}'),
+                    Dataset.region.ilike('%' + term + '%'),
+                )
+            )
+        return query
+
+    @staticmethod
+    def query_environment_datasets(session, username, groups, uri, filter) -> Query:
+        query = session.query(Dataset).filter(
+            and_(
+                Dataset.environmentUri == uri,
+                Dataset.deleted.is_(None),
+            )
+        )
+        if filter and filter.get('term'):
+            term = filter['term']
+            query = query.filter(
+                or_(
+                    Dataset.label.ilike('%' + term + '%'),
+                    Dataset.description.ilike('%' + term + '%'),
+                    Dataset.tags.contains(f'{{{term}}}'),
+                    Dataset.region.ilike('%' + term + '%'),
+                )
+            )
+        return query
+
+    @staticmethod
+    @has_resource_perm(permissions.LIST_ENVIRONMENT_DATASETS)
+    def paginated_environment_datasets(
+            session, username, groups, uri, data=None, check_perm=None
+    ) -> dict:
+        return paginate(
+            query=DatasetService.query_environment_datasets(
+                session, username, groups, uri, data
+            ),
+            page=data.get('page', 1),
+            page_size=data.get('pageSize', 10),
+        ).to_dict()
+
+    @staticmethod
+    def paginated_environment_group_datasets(
+            session, username, groups, envUri, groupUri, data=None, check_perm=None
+    ) -> dict:
+        return paginate(
+            query=DatasetService.query_environment_group_datasets(
+                session, username, groups, envUri, groupUri, data
+            ),
+            page=data.get('page', 1),
+            page_size=data.get('pageSize', 10),
+        ).to_dict()
+

From c4e9079d898f34e8fb9a191c48899af76763a800 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 25 Apr 2023 16:25:46 +0200
Subject: [PATCH 088/346] Got rid of datasets in votes

---
 backend/dataall/api/Objects/Vote/resolvers.py | 27 +++++++++++--------
 backend/dataall/modules/datasets/__init__.py  |  3 +++
 2 files changed, 19 insertions(+), 11 deletions(-)

diff --git a/backend/dataall/api/Objects/Vote/resolvers.py b/backend/dataall/api/Objects/Vote/resolvers.py
index d9f739872..2302ef3d2 100644
--- a/backend/dataall/api/Objects/Vote/resolvers.py
+++ b/backend/dataall/api/Objects/Vote/resolvers.py
@@ -1,7 +1,15 @@
-from .... import db
-from ....api.context import Context
+from typing import Dict, Type
+
+from dataall import db
+from dataall.api.context import Context
 from dataall.searchproxy.indexers import DashboardIndexer
-from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
+from dataall.searchproxy.upsert import BaseIndexer
+
+_VOTE_TYPES: Dict[str, Type[BaseIndexer]] = {}
+
+
+def add_vote_type(target_type: str, indexer: Type[BaseIndexer]):
+    _VOTE_TYPES[target_type] = indexer
 
 
 def count_upvotes(
@@ -28,15 +36,9 @@ def upvote(context: Context, source, input=None):
             data=input,
             check_perm=True,
         )
-        reindex(session, vote)
-        return vote
 
-
-def reindex(session, vote):
-    if vote.targetType == 'dataset':
-        DatasetIndexer.upsert(session=session, dataset_uri=vote.targetUri)
-    elif vote.targetType == 'dashboard':
-        DashboardIndexer.upsert(session=session, dashboard_uri=vote.targetUri)
+        _VOTE_TYPES[vote.targetType].upsert(session, vote.targetUri)
+        return vote
 
 
 def get_vote(context: Context, source, targetUri: str = None, targetType: str = None):
@@ -49,3 +51,6 @@ def get_vote(context: Context, source, targetUri: str = None, targetType: str =
             data={'targetType': targetType},
             check_perm=True,
         )
+
+
+add_vote_type("dashboard", DashboardIndexer)
diff --git a/backend/dataall/modules/datasets/__init__.py b/backend/dataall/modules/datasets/__init__.py
index 1ac36b783..5d2444c4d 100644
--- a/backend/dataall/modules/datasets/__init__.py
+++ b/backend/dataall/modules/datasets/__init__.py
@@ -2,6 +2,7 @@
 import logging
 from typing import List
 
+from dataall.api.Objects.Vote.resolvers import add_vote_type
 from dataall.modules.datasets.db.models import DatasetTableColumn, DatasetStorageLocation, DatasetTable, Dataset
 from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
 from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
@@ -50,6 +51,8 @@ def __init__(self):
             reindexer=DatasetTableIndexer
         ))
 
+        add_vote_type("dataset", DatasetIndexer)
+
         log.info("API of datasets has been imported")
 
 

From 1227ca3327e65f1c4d4223ca7ff3c6c60ede8829 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 26 Apr 2023 10:53:24 +0200
Subject: [PATCH 089/346] Extract share notification from notification API

---
 backend/dataall/api/Objects/Group/queries.py  |   2 -
 backend/dataall/db/api/notification.py        |  99 -----------------
 backend/dataall/db/api/share_object.py        |   9 +-
 .../datasets/indexers/dataset_indexer.py      |   2 +-
 .../datasets/services/dataset_location.py     |   1 -
 .../services/share_notification_service.py    | 101 ++++++++++++++++++
 .../datasets/tasks/subscription_service.py    |   3 +-
 7 files changed, 109 insertions(+), 108 deletions(-)
 create mode 100644 backend/dataall/modules/datasets/services/share_notification_service.py

diff --git a/backend/dataall/api/Objects/Group/queries.py b/backend/dataall/api/Objects/Group/queries.py
index afa0abf17..62233b5c5 100644
--- a/backend/dataall/api/Objects/Group/queries.py
+++ b/backend/dataall/api/Objects/Group/queries.py
@@ -8,8 +8,6 @@
     resolver=get_group,
 )
 
-
-
 listDataItemsSharedWithEnvGroup = gql.QueryField(
     name='listDataItemsSharedWithEnvGroup',
     args=[
diff --git a/backend/dataall/db/api/notification.py b/backend/dataall/db/api/notification.py
index 1447892d3..0337e6a22 100644
--- a/backend/dataall/db/api/notification.py
+++ b/backend/dataall/db/api/notification.py
@@ -4,111 +4,12 @@
 
 from .. import models
 from ...db import paginate
-from dataall.modules.datasets.db.models import Dataset
 
 
 class Notification:
     def __init__(self):
         pass
 
-    @staticmethod
-    def notify_share_object_submission(
-        session, username: str, dataset: Dataset, share: models.ShareObject
-    ):
-        notifications = []
-        # stewards = Notification.get_dataset_stewards(session, dataset)
-        # for steward in stewards:
-        notifications.append(
-            Notification.create(
-                session=session,
-                username=dataset.owner,
-                notification_type=models.NotificationType.SHARE_OBJECT_SUBMITTED,
-                target_uri=f'{share.shareUri}|{dataset.datasetUri}',
-                message=f'User {username} submitted share request for dataset {dataset.label}',
-            )
-        )
-        session.add_all(notifications)
-        return notifications
-
-    @staticmethod
-    def get_dataset_stewards(session, dataset):
-        stewards = list()
-        stewards.append(dataset.SamlAdminGroupName)
-        stewards.append(dataset.stewards)
-        return stewards
-
-    @staticmethod
-    def notify_share_object_approval(
-        session, username: str, dataset: Dataset, share: models.ShareObject
-    ):
-        notifications = []
-        targeted_users = Notification.get_share_object_targeted_users(
-            session, dataset, share
-        )
-        for user in targeted_users:
-            notifications.append(
-                Notification.create(
-                    session=session,
-                    username=user,
-                    notification_type=models.NotificationType.SHARE_OBJECT_APPROVED,
-                    target_uri=f'{share.shareUri}|{dataset.datasetUri}',
-                    message=f'User {username} approved share request for dataset {dataset.label}',
-                )
-            )
-            session.add_all(notifications)
-        return notifications
-
-    @staticmethod
-    def notify_share_object_rejection(
-        session, username: str, dataset: Dataset, share: models.ShareObject
-    ):
-        notifications = []
-        targeted_users = Notification.get_share_object_targeted_users(
-            session, dataset, share
-        )
-        for user in targeted_users:
-            notifications.append(
-                Notification.create(
-                    session=session,
-                    username=user,
-                    notification_type=models.NotificationType.SHARE_OBJECT_REJECTED,
-                    target_uri=f'{share.shareUri}|{dataset.datasetUri}',
-                    message=f'User {username} approved share request for dataset {dataset.label}',
-                )
-            )
-            session.add_all(notifications)
-        return notifications
-
-    @staticmethod
-    def notify_new_data_available_from_owners(
-        session, dataset: Dataset, share: models.ShareObject, s3_prefix
-    ):
-        notifications = []
-        targeted_users = Notification.get_share_object_targeted_users(
-            session, dataset, share
-        )
-        for user in targeted_users:
-            notifications.append(
-                Notification.create(
-                    session=session,
-                    username=user,
-                    notification_type=models.NotificationType.DATASET_VERSION,
-                    target_uri=f'{share.shareUri}|{dataset.datasetUri}',
-                    message=f'New data (at {s3_prefix}) is available from dataset {dataset.datasetUri} shared by owner {dataset.owner}',
-                )
-            )
-            session.add_all(notifications)
-        return notifications
-
-    @staticmethod
-    def get_share_object_targeted_users(session, dataset, share):
-        targeted_users = Notification.get_dataset_stewards(
-            session=session, dataset=dataset
-        )
-        targeted_users.append(dataset.owner)
-        targeted_users.append(share.owner)
-        return targeted_users
-
     @staticmethod
     def create(
         session,
diff --git a/backend/dataall/db/api/share_object.py b/backend/dataall/db/api/share_object.py
index d353c7825..455ee7296 100644
--- a/backend/dataall/db/api/share_object.py
+++ b/backend/dataall/db/api/share_object.py
@@ -12,6 +12,7 @@
 from ..models.Enums import ShareObjectStatus, ShareItemStatus, ShareObjectActions, ShareItemActions, ShareableType, PrincipalType
 from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable, Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
+from ...modules.datasets.services.share_notification_service import ShareNotificationService
 
 logger = logging.getLogger(__name__)
 
@@ -562,7 +563,7 @@ def submit_share_object(
 
         Share_SM.update_state(session, share, new_share_state)
 
-        api.Notification.notify_share_object_submission(
+        ShareNotificationService.notify_share_object_submission(
             session, username, dataset, share
         )
         return share
@@ -609,7 +610,7 @@ def approve_share_object(
                 resource_type=DatasetTable.__name__,
             )
 
-        api.Notification.notify_share_object_approval(session, username, dataset, share)
+        ShareNotificationService.notify_share_object_approval(session, username, dataset, share)
         return share
 
     @staticmethod
@@ -642,7 +643,7 @@ def reject_share_object(
             group=share.groupUri,
             resource_uri=dataset.datasetUri,
         )
-        api.Notification.notify_share_object_rejection(session, username, dataset, share)
+        ShareNotificationService.notify_share_object_rejection(session, username, dataset, share)
         return share
 
     @staticmethod
@@ -684,7 +685,7 @@ def revoke_items_share_object(
             group=share.groupUri,
             resource_uri=dataset.datasetUri,
         )
-        api.Notification.notify_share_object_rejection(session, username, dataset, share)
+        ShareNotificationService.notify_share_object_rejection(session, username, dataset, share)
         return share
 
     @staticmethod
diff --git a/backend/dataall/modules/datasets/indexers/dataset_indexer.py b/backend/dataall/modules/datasets/indexers/dataset_indexer.py
index ba3754ee2..1936b66be 100644
--- a/backend/dataall/modules/datasets/indexers/dataset_indexer.py
+++ b/backend/dataall/modules/datasets/indexers/dataset_indexer.py
@@ -2,7 +2,7 @@
 
 from dataall import db
 from dataall.db import models
-from dataall.modules.datasets import Dataset
+from dataall.modules.datasets.db.models import Dataset
 from dataall.modules.datasets.services.dataset_location import DatasetLocationService
 from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.searchproxy.upsert import BaseIndexer
diff --git a/backend/dataall/modules/datasets/services/dataset_location.py b/backend/dataall/modules/datasets/services/dataset_location.py
index f1d8b5eaf..8a4790838 100644
--- a/backend/dataall/modules/datasets/services/dataset_location.py
+++ b/backend/dataall/modules/datasets/services/dataset_location.py
@@ -1,5 +1,4 @@
 import logging
-from typing import List
 
 from sqlalchemy import and_, or_
 
diff --git a/backend/dataall/modules/datasets/services/share_notification_service.py b/backend/dataall/modules/datasets/services/share_notification_service.py
new file mode 100644
index 000000000..896094ab3
--- /dev/null
+++ b/backend/dataall/modules/datasets/services/share_notification_service.py
@@ -0,0 +1,101 @@
+from dataall.db import models
+from dataall.db.api import Notification
+from dataall.modules.datasets.db.models import Dataset
+
+
+class ShareNotificationService:
+    @staticmethod
+    def notify_share_object_submission(
+            session, username: str, dataset: Dataset, share: models.ShareObject
+    ):
+        notifications = []
+        # stewards = Notification.get_dataset_stewards(session, dataset)
+        # for steward in stewards:
+        notifications.append(
+            Notification.create(
+                session=session,
+                username=dataset.owner,
+                notification_type=models.NotificationType.SHARE_OBJECT_SUBMITTED,
+                target_uri=f'{share.shareUri}|{dataset.datasetUri}',
+                message=f'User {username} submitted share request for dataset {dataset.label}',
+            )
+        )
+        session.add_all(notifications)
+        return notifications
+
+    @staticmethod
+    def notify_share_object_approval(
+            session, username: str, dataset: Dataset, share: models.ShareObject
+    ):
+        notifications = []
+        targeted_users = ShareNotificationService._get_share_object_targeted_users(
+            session, dataset, share
+        )
+        for user in targeted_users:
+            notifications.append(
+                Notification.create(
+                    session=session,
+                    username=user,
+                    notification_type=models.NotificationType.SHARE_OBJECT_APPROVED,
+                    target_uri=f'{share.shareUri}|{dataset.datasetUri}',
+                    message=f'User {username} approved share request for dataset {dataset.label}',
+                )
+            )
+            session.add_all(notifications)
+        return notifications
+
+    @staticmethod
+    def notify_share_object_rejection(
+            session, username: str, dataset: Dataset, share: models.ShareObject
+    ):
+        notifications = []
+        targeted_users = ShareNotificationService._get_share_object_targeted_users(
+            session, dataset, share
+        )
+        for user in targeted_users:
+            notifications.append(
+                Notification.create(
+                    session=session,
+                    username=user,
+                    notification_type=models.NotificationType.SHARE_OBJECT_REJECTED,
+                    target_uri=f'{share.shareUri}|{dataset.datasetUri}',
+                    message=f'User {username} approved share request for dataset {dataset.label}',
+                )
+            )
+            session.add_all(notifications)
+        return notifications
+
+    @staticmethod
+    def notify_new_data_available_from_owners(
+            session, dataset: Dataset, share: models.ShareObject, s3_prefix
+    ):
+        notifications = []
+        targeted_users = ShareNotificationService._get_share_object_targeted_users(
+            session, dataset, share
+        )
+        for user in targeted_users:
+            notifications.append(
+                Notification.create(
+                    session=session,
+                    username=user,
+                    notification_type=models.NotificationType.DATASET_VERSION,
+                    target_uri=f'{share.shareUri}|{dataset.datasetUri}',
+                    message=f'New data (at {s3_prefix}) is available from dataset {dataset.datasetUri} shared by owner {dataset.owner}',
+                )
+            )
+            session.add_all(notifications)
+        return notifications
+
+    @staticmethod
+    def _get_share_object_targeted_users(session, dataset, share):
+        targeted_users = ShareNotificationService._get_dataset_stewards(dataset)
+        targeted_users.append(dataset.owner)
+        targeted_users.append(share.owner)
+        return targeted_users
+
+    @staticmethod
+    def _get_dataset_stewards(dataset):
+        stewards = list()
+        stewards.append(dataset.SamlAdminGroupName)
+        stewards.append(dataset.stewards)
+        return stewards
diff --git a/backend/dataall/modules/datasets/tasks/subscription_service.py b/backend/dataall/modules/datasets/tasks/subscription_service.py
index ec2eec459..033b27bd2 100644
--- a/backend/dataall/modules/datasets/tasks/subscription_service.py
+++ b/backend/dataall/modules/datasets/tasks/subscription_service.py
@@ -13,6 +13,7 @@
 from dataall.db import get_engine
 from dataall.db import models
 from dataall.modules.datasets.services.dataset_profiling_service import DatasetProfilingService
+from dataall.modules.datasets.services.share_notification_service import ShareNotificationService
 from dataall.tasks.subscriptions import poll_queues
 from dataall.utils import json_utils
 from dataall.modules.datasets.services.dataset_table import DatasetTableService
@@ -261,7 +262,7 @@ def publish_sns_message(
 
                             log.info(f'SNS update publish response {response}')
 
-                            notifications = db.api.Notification.notify_new_data_available_from_owners(
+                            notifications = ShareNotificationService.notify_new_data_available_from_owners(
                                 session=session,
                                 dataset=dataset,
                                 share=share_object,

From 09f7de952138b0b162240872f9f3a1f6d2f55169 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 26 Apr 2023 11:02:00 +0200
Subject: [PATCH 090/346] Extracted dataset alarms

---
 .../services/dataset_alarm_service.py         | 96 +++++++++++++++++++
 backend/dataall/utils/alarm_service.py        | 83 ----------------
 2 files changed, 96 insertions(+), 83 deletions(-)
 create mode 100644 backend/dataall/modules/datasets/services/dataset_alarm_service.py

diff --git a/backend/dataall/modules/datasets/services/dataset_alarm_service.py b/backend/dataall/modules/datasets/services/dataset_alarm_service.py
new file mode 100644
index 000000000..9283f2265
--- /dev/null
+++ b/backend/dataall/modules/datasets/services/dataset_alarm_service.py
@@ -0,0 +1,96 @@
+import logging
+from datetime import datetime
+
+from dataall.db import models
+from dataall.modules.datasets.db.models import DatasetTable, Dataset
+from dataall.utils.alarm_service import AlarmService
+
+log = logging.getLogger(__name__)
+
+
+class DatasetAlarmService(AlarmService):
+    """Contains set of alarms for datasets"""
+
+    def trigger_table_sharing_failure_alarm(
+            self,
+            table: DatasetTable,
+            share: models.ShareObject,
+            target_environment: models.Environment,
+    ):
+        log.info('Triggering share failure alarm...')
+        subject = (
+            f'ALARM: DATAALL Table {table.GlueTableName} Sharing Failure Notification'
+        )
+        message = f"""
+    You are receiving this email because your DATAALL {self.envname} environment in the {self.region} region has entered the ALARM state, because it failed to share the table {table.GlueTableName} with Lake Formation.
+
+    Alarm Details:
+        - State Change:               	OK -> ALARM
+        - Reason for State Change:      Lake Formation sharing failure
+        - Timestamp:                              {datetime.now()}
+
+        Share Source
+        - Dataset URI:                   {share.datasetUri}
+        - AWS Account:                {table.AWSAccountId}
+        - Region:                            {table.region}
+        - Glue Database:              {table.GlueDatabaseName}
+        - Glue Table:                     {table.GlueTableName}
+
+        Share Target
+        - AWS Account:                {target_environment.AwsAccountId}
+        - Region:                            {target_environment.region}
+        - Glue Database:              {table.GlueDatabaseName}shared
+    """
+        return self.publish_message_to_alarms_topic(subject, message)
+
+    def trigger_revoke_table_sharing_failure_alarm(
+            self,
+            table: DatasetTable,
+            share: models.ShareObject,
+            target_environment: models.Environment,
+    ):
+        log.info('Triggering share failure alarm...')
+        subject = f'ALARM: DATAALL Table {table.GlueTableName} Revoking LF permissions Failure Notification'
+        message = f"""
+    You are receiving this email because your DATAALL {self.envname} environment in the {self.region} region has entered the ALARM state, because it failed to revoke Lake Formation permissions for table {table.GlueTableName} with Lake Formation.
+
+    Alarm Details:
+        - State Change:               	OK -> ALARM
+        - Reason for State Change:      Lake Formation sharing failure
+        - Timestamp:                              {datetime.now()}
+
+        Share Source
+        - Dataset URI:                   {share.datasetUri}
+        - AWS Account:                {table.AWSAccountId}
+        - Region:                            {table.region}
+        - Glue Database:              {table.GlueDatabaseName}
+        - Glue Table:                     {table.GlueTableName}
+
+        Share Target
+        - AWS Account:                {target_environment.AwsAccountId}
+        - Region:                            {target_environment.region}
+        - Glue Database:              {table.GlueDatabaseName}shared
+    """
+        return self.publish_message_to_alarms_topic(subject, message)
+
+    def trigger_dataset_sync_failure_alarm(self, dataset: Dataset, error: str):
+        log.info(f'Triggering dataset {dataset.name} tables sync failure alarm...')
+        subject = (
+            f'ALARM: DATAALL Dataset {dataset.name} Tables Sync Failure Notification'
+        )
+        message = f"""
+You are receiving this email because your DATAALL {self.envname} environment in the {self.region} region has entered the ALARM state, because it failed to synchronize Dataset {dataset.name} tables from AWS Glue to the Search Catalog.
+
+Alarm Details:
+    - State Change:               	OK -> ALARM
+    - Reason for State Change:      {error}
+    - Timestamp:                              {datetime.now()}
+    Dataset
+     - Dataset URI:                   {dataset.datasetUri}
+     - AWS Account:                {dataset.AwsAccountId}
+     - Region:                            {dataset.region}
+     - Glue Database:              {dataset.GlueDatabaseName}
+    """
+        return self.publish_message_to_alarms_topic(subject, message)
+
+
diff --git a/backend/dataall/utils/alarm_service.py b/backend/dataall/utils/alarm_service.py
index 661eb852b..29b2e214e 100644
--- a/backend/dataall/utils/alarm_service.py
+++ b/backend/dataall/utils/alarm_service.py
@@ -11,7 +11,6 @@
 
 from ..aws.handlers.sts import SessionHelper
 from ..db import models
-from dataall.modules.datasets.db.models import DatasetTable, Dataset
 
 logger = logging.getLogger(__name__)
 
@@ -38,68 +37,6 @@ def trigger_stack_deployment_failure_alarm(self, stack: models.Stack):
 - Reason for State Change:    Stack Deployment Failure
 - Timestamp:                            {datetime.now()}
 - CW Log Group:                      {f"/dataall/{self.envname}/cdkproxy/{stack.EcsTaskArn.split('/')[-1]}"}
-"""
-        return self.publish_message_to_alarms_topic(subject, message)
-
-    def trigger_table_sharing_failure_alarm(
-        self,
-        table: DatasetTable,
-        share: models.ShareObject,
-        target_environment: models.Environment,
-    ):
-        logger.info('Triggering share failure alarm...')
-        subject = (
-            f'ALARM: DATAALL Table {table.GlueTableName} Sharing Failure Notification'
-        )
-        message = f"""
-You are receiving this email because your DATAALL {self.envname} environment in the {self.region} region has entered the ALARM state, because it failed to share the table {table.GlueTableName} with Lake Formation.
-
-Alarm Details:
-    - State Change:               	OK -> ALARM
-    - Reason for State Change:      Lake Formation sharing failure
-    - Timestamp:                              {datetime.now()}
-
-    Share Source
-    - Dataset URI:                   {share.datasetUri}
-    - AWS Account:                {table.AWSAccountId}
-    - Region:                            {table.region}
-    - Glue Database:              {table.GlueDatabaseName}
-    - Glue Table:                     {table.GlueTableName}
-
-    Share Target
-    - AWS Account:                {target_environment.AwsAccountId}
-    - Region:                            {target_environment.region}
-    - Glue Database:              {table.GlueDatabaseName}shared
-"""
-        return self.publish_message_to_alarms_topic(subject, message)
-
-    def trigger_revoke_table_sharing_failure_alarm(
-        self,
-        table: DatasetTable,
-        share: models.ShareObject,
-        target_environment: models.Environment,
-    ):
-        logger.info('Triggering share failure alarm...')
-        subject = f'ALARM: DATAALL Table {table.GlueTableName} Revoking LF permissions Failure Notification'
-        message = f"""
-You are receiving this email because your DATAALL {self.envname} environment in the {self.region} region has entered the ALARM state, because it failed to revoke Lake Formation permissions for table {table.GlueTableName} with Lake Formation.
-
-Alarm Details:
-    - State Change:               	OK -> ALARM
-    - Reason for State Change:      Lake Formation sharing failure
-    - Timestamp:                              {datetime.now()}
-
-    Share Source
-    - Dataset URI:                   {share.datasetUri}
-    - AWS Account:                {table.AWSAccountId}
-    - Region:                            {table.region}
-    - Glue Database:              {table.GlueDatabaseName}
-    - Glue Table:                     {table.GlueTableName}
-
-    Share Target
-    - AWS Account:                {target_environment.AwsAccountId}
-    - Region:                            {target_environment.region}
-    - Glue Database:              {table.GlueDatabaseName}shared
 """
         return self.publish_message_to_alarms_topic(subject, message)
 
@@ -116,26 +53,6 @@ def trigger_catalog_indexing_failure_alarm(self, error: str):
 """
         return self.publish_message_to_alarms_topic(subject, message)
 
-    def trigger_dataset_sync_failure_alarm(self, dataset: Dataset, error: str):
-        logger.info(f'Triggering dataset {dataset.name} tables sync failure alarm...')
-        subject = (
-            f'ALARM: DATAALL Dataset {dataset.name} Tables Sync Failure Notification'
-        )
-        message = f"""
-You are receiving this email because your DATAALL {self.envname} environment in the {self.region} region has entered the ALARM state, because it failed to synchronize Dataset {dataset.name} tables from AWS Glue to the Search Catalog.
-
-Alarm Details:
-    - State Change:               	OK -> ALARM
-    - Reason for State Change:      {error}
-    - Timestamp:                              {datetime.now()}
-    Dataset
-     - Dataset URI:                   {dataset.datasetUri}
-     - AWS Account:                {dataset.AwsAccountId}
-     - Region:                            {dataset.region}
-     - Glue Database:              {dataset.GlueDatabaseName}
-    """
-        return self.publish_message_to_alarms_topic(subject, message)
-
     def publish_message_to_alarms_topic(self, subject, message):
         if self.envname in ['local', 'pytest', 'dkrcompose']:
             logger.debug('Running in local mode...SNS topic not available')

From d446ff0664393507a6707a42dc6f2ba7fd1420f5 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 26 Apr 2023 16:28:56 +0200
Subject: [PATCH 091/346] Moved bucket_policy_updater to datasets

---
 .../{ => modules/datasets}/tasks/bucket_policy_updater.py | 6 +++---
 deploy/stacks/container.py                                | 3 ++-
 tests/tasks/test_policies.py                              | 8 ++++----
 3 files changed, 9 insertions(+), 8 deletions(-)
 rename backend/dataall/{ => modules/datasets}/tasks/bucket_policy_updater.py (99%)

diff --git a/backend/dataall/tasks/bucket_policy_updater.py b/backend/dataall/modules/datasets/tasks/bucket_policy_updater.py
similarity index 99%
rename from backend/dataall/tasks/bucket_policy_updater.py
rename to backend/dataall/modules/datasets/tasks/bucket_policy_updater.py
index 12844aae8..e04855d65 100644
--- a/backend/dataall/tasks/bucket_policy_updater.py
+++ b/backend/dataall/modules/datasets/tasks/bucket_policy_updater.py
@@ -7,9 +7,9 @@
 from botocore.exceptions import ClientError
 from sqlalchemy import and_
 
-from ..aws.handlers.sts import SessionHelper
-from ..db import get_engine
-from ..db import models
+from dataall.aws.handlers.sts import SessionHelper
+from dataall.db import get_engine
+from dataall.db import models
 from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable, Dataset
 
 root = logging.getLogger()
diff --git a/deploy/stacks/container.py b/deploy/stacks/container.py
index aa7be04df..ed5b929f8 100644
--- a/deploy/stacks/container.py
+++ b/deploy/stacks/container.py
@@ -153,9 +153,10 @@ def __init__(
         )
         self.ecs_security_groups.extend(stacks_updater.task.security_groups)
 
+        # TODO introduce the ability to change the deployment depending on config.json file
         update_bucket_policies_task = self.set_scheduled_task(
             cluster=cluster,
-            command=['python3.8', '-m', 'dataall.tasks.bucket_policy_updater'],
+            command=['python3.8', '-m', 'dataall.modules.datasets.tasks.bucket_policy_updater'],
             container_id=f'container',
             ecr_repository=ecr_repository,
             environment=self._create_env('DEBUG'),
diff --git a/tests/tasks/test_policies.py b/tests/tasks/test_policies.py
index c1018b35f..e84ed2d75 100644
--- a/tests/tasks/test_policies.py
+++ b/tests/tasks/test_policies.py
@@ -1,6 +1,6 @@
 from dataall.api.constants import OrganisationUserRole
 from dataall.modules.datasets.db.models import DatasetTable, Dataset
-from dataall.tasks.bucket_policy_updater import BucketPoliciesUpdater
+from dataall.modules.datasets.tasks.bucket_policy_updater import BucketPoliciesUpdater
 import pytest
 import dataall
 
@@ -138,15 +138,15 @@ def test_group_prefixes_by_accountid(db, mocker):
 
 def test_handler(org, env, db, sync_dataset, mocker):
     mocker.patch(
-        'dataall.tasks.bucket_policy_updater.BucketPoliciesUpdater.init_s3_client',
+        'dataall.modules.datasets.tasks.bucket_policy_updater.BucketPoliciesUpdater.init_s3_client',
         return_value=True,
     )
     mocker.patch(
-        'dataall.tasks.bucket_policy_updater.BucketPoliciesUpdater.get_bucket_policy',
+        'dataall.modules.datasets.tasks.bucket_policy_updater.BucketPoliciesUpdater.get_bucket_policy',
         return_value={'Version': '2012-10-17', 'Statement': []},
     )
     mocker.patch(
-        'dataall.tasks.bucket_policy_updater.BucketPoliciesUpdater.put_bucket_policy',
+        'dataall.modules.datasets.tasks.bucket_policy_updater.BucketPoliciesUpdater.put_bucket_policy',
         return_value={'status': 'SUCCEEDED'},
     )
     updater = BucketPoliciesUpdater(db)

From 1db0133cd32dd30961ed37a70f90bccc1e33cd02 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 27 Apr 2023 10:10:51 +0200
Subject: [PATCH 092/346] Moved MANAGE_DATASETS to modules

---
 backend/dataall/db/permissions.py                  |  3 ---
 .../modules/datasets/services/dataset_location.py  | 11 ++++++-----
 .../modules/datasets/services/dataset_service.py   |  7 ++++---
 .../modules/datasets/services/dataset_table.py     | 14 +++++++-------
 .../modules/datasets/services/permissions.py       |  6 ++++++
 tests/api/test_tenant.py                           |  5 +++--
 tests/db/test_permission.py                        |  5 +++--
 7 files changed, 29 insertions(+), 22 deletions(-)
 create mode 100644 backend/dataall/modules/datasets/services/permissions.py

diff --git a/backend/dataall/db/permissions.py b/backend/dataall/db/permissions.py
index 6a26b2033..1d0921b55 100644
--- a/backend/dataall/db/permissions.py
+++ b/backend/dataall/db/permissions.py
@@ -22,7 +22,6 @@
 """
 TENANT PERMISSIONS
 """
-MANAGE_DATASETS = 'MANAGE_DATASETS'
 MANAGE_REDSHIFT_CLUSTERS = 'MANAGE_REDSHIFT_CLUSTERS'
 MANAGE_DASHBOARDS = 'MANAGE_DASHBOARDS'
 MANAGE_PIPELINES = 'MANAGE_PIPELINES'
@@ -274,7 +273,6 @@
 """
 
 TENANT_ALL = [
-    MANAGE_DATASETS,
     MANAGE_REDSHIFT_CLUSTERS,
     MANAGE_DASHBOARDS,
     MANAGE_PIPELINES,
@@ -288,7 +286,6 @@
 
 TENANT_ALL_WITH_DESC = {k: k for k in TENANT_ALL}
 TENANT_ALL_WITH_DESC[MANAGE_DASHBOARDS] = 'Manage dashboards'
-TENANT_ALL_WITH_DESC[MANAGE_DATASETS] = 'Manage datasets'
 TENANT_ALL_WITH_DESC[MANAGE_REDSHIFT_CLUSTERS] = 'Manage Redshift clusters'
 TENANT_ALL_WITH_DESC[MANAGE_GLOSSARIES] = 'Manage glossaries'
 TENANT_ALL_WITH_DESC[MANAGE_WORKSHEETS] = 'Manage worksheets'
diff --git a/backend/dataall/modules/datasets/services/dataset_location.py b/backend/dataall/modules/datasets/services/dataset_location.py
index 8a4790838..2251c2ad4 100644
--- a/backend/dataall/modules/datasets/services/dataset_location.py
+++ b/backend/dataall/modules/datasets/services/dataset_location.py
@@ -6,13 +6,14 @@
 from dataall.db import models, api, paginate, permissions, exceptions
 from dataall.modules.datasets.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets.db.models import DatasetStorageLocation
+from dataall.modules.datasets.services.permissions import MANAGE_DATASETS
 
 logger = logging.getLogger(__name__)
 
 
 class DatasetLocationService:
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_DATASETS)
+    @has_tenant_perm(MANAGE_DATASETS)
     @has_resource_perm(permissions.CREATE_DATASET_FOLDER)
     def create_dataset_location(
         session,
@@ -66,7 +67,7 @@ def create_dataset_location(
         return location
 
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_DATASETS)
+    @has_tenant_perm(MANAGE_DATASETS)
     @has_resource_perm(permissions.LIST_DATASET_FOLDERS)
     def list_dataset_locations(
         session,
@@ -91,7 +92,7 @@ def list_dataset_locations(
         ).to_dict()
 
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_DATASETS)
+    @has_tenant_perm(MANAGE_DATASETS)
     @has_resource_perm(permissions.LIST_DATASET_FOLDERS)
     def get_dataset_location(
         session,
@@ -104,7 +105,7 @@ def get_dataset_location(
         return DatasetLocationService.get_location_by_uri(session, data['locationUri'])
 
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_DATASETS)
+    @has_tenant_perm(MANAGE_DATASETS)
     @has_resource_perm(permissions.UPDATE_DATASET_FOLDER)
     def update_dataset_location(
         session,
@@ -134,7 +135,7 @@ def update_dataset_location(
         return location
 
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_DATASETS)
+    @has_tenant_perm(MANAGE_DATASETS)
     @has_resource_perm(permissions.DELETE_DATASET_FOLDER)
     def delete_dataset_location(
         session,
diff --git a/backend/dataall/modules/datasets/services/dataset_service.py b/backend/dataall/modules/datasets/services/dataset_service.py
index 4f95b4582..bac79d5b3 100644
--- a/backend/dataall/modules/datasets/services/dataset_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_service.py
@@ -19,6 +19,7 @@
 from dataall.modules.datasets.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.services.dataset_location import DatasetLocationService
+from dataall.modules.datasets.services.permissions import MANAGE_DATASETS
 from dataall.utils.naming_convention import (
     NamingConventionService,
     NamingConventionPattern,
@@ -29,7 +30,7 @@
 
 class DatasetService:
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_DATASETS)
+    @has_tenant_perm(MANAGE_DATASETS)
     @has_resource_perm(permissions.CREATE_DATASET)
     def create_dataset(
         session,
@@ -199,7 +200,7 @@ def create_dataset_stack(session, dataset: Dataset) -> models.Stack:
         )
 
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_DATASETS)
+    @has_tenant_perm(MANAGE_DATASETS)
     def get_dataset(
         session,
         username: str,
@@ -292,7 +293,7 @@ def paginated_dataset_tables(
         ).to_dict()
 
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_DATASETS)
+    @has_tenant_perm(MANAGE_DATASETS)
     @has_resource_perm(permissions.UPDATE_DATASET)
     def update_dataset(
         session, username, groups, uri, data=None, check_perm=None
diff --git a/backend/dataall/modules/datasets/services/dataset_table.py b/backend/dataall/modules/datasets/services/dataset_table.py
index 32fbf40fb..b04348c02 100644
--- a/backend/dataall/modules/datasets/services/dataset_table.py
+++ b/backend/dataall/modules/datasets/services/dataset_table.py
@@ -4,17 +4,17 @@
 
 from dataall.db import models, api, permissions, exceptions, paginate
 from dataall.db.api import has_tenant_perm, has_resource_perm, Glossary, ResourcePolicy, Environment
-from dataall.db.models import Dataset
+from dataall.modules.datasets.services.permissions import MANAGE_DATASETS
 from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.utils import json_utils
-from dataall.modules.datasets.db.models import DatasetTableColumn, DatasetTable
+from dataall.modules.datasets.db.models import DatasetTableColumn, DatasetTable, Dataset
 
 logger = logging.getLogger(__name__)
 
 
 class DatasetTableService:
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_DATASETS)
+    @has_tenant_perm(MANAGE_DATASETS)
     @has_resource_perm(permissions.CREATE_DATASET_TABLE)
     def create_dataset_table(
         session,
@@ -78,7 +78,7 @@ def create_dataset_table(
         return table
 
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_DATASETS)
+    @has_tenant_perm(MANAGE_DATASETS)
     def list_dataset_tables(
         session,
         username: str,
@@ -100,7 +100,7 @@ def list_dataset_tables(
         ).to_dict()
 
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_DATASETS)
+    @has_tenant_perm(MANAGE_DATASETS)
     def get_dataset_table(
         session,
         username: str,
@@ -112,7 +112,7 @@ def get_dataset_table(
         return DatasetTableService.get_dataset_table_by_uri(session, data['tableUri'])
 
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_DATASETS)
+    @has_tenant_perm(MANAGE_DATASETS)
     @has_resource_perm(permissions.UPDATE_DATASET_TABLE)
     def update_dataset_table(
         session,
@@ -138,7 +138,7 @@ def update_dataset_table(
         return table
 
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_DATASETS)
+    @has_tenant_perm(MANAGE_DATASETS)
     @has_resource_perm(permissions.DELETE_DATASET_TABLE)
     def delete_dataset_table(
         session,
diff --git a/backend/dataall/modules/datasets/services/permissions.py b/backend/dataall/modules/datasets/services/permissions.py
new file mode 100644
index 000000000..602343a2e
--- /dev/null
+++ b/backend/dataall/modules/datasets/services/permissions.py
@@ -0,0 +1,6 @@
+from dataall.db.permissions import TENANT_ALL, TENANT_ALL_WITH_DESC
+
+MANAGE_DATASETS = 'MANAGE_DATASETS'
+
+TENANT_ALL.append(MANAGE_DATASETS)
+TENANT_ALL_WITH_DESC[MANAGE_DATASETS] = 'Manage datasets'
diff --git a/tests/api/test_tenant.py b/tests/api/test_tenant.py
index a41eab9bd..8554c8de9 100644
--- a/tests/api/test_tenant.py
+++ b/tests/api/test_tenant.py
@@ -1,4 +1,5 @@
 from dataall.db import permissions
+from dataall.modules.datasets.services.permissions import MANAGE_DATASETS
 
 
 def test_list_tenant_permissions(client, user, group, tenant):
@@ -60,7 +61,7 @@ def test_update_permissions(client, user, group, tenant):
         username='alice',
         input=dict(
             groupUri=group.name,
-            permissions=[permissions.MANAGE_ORGANIZATIONS, permissions.MANAGE_DATASETS],
+            permissions=[permissions.MANAGE_ORGANIZATIONS, MANAGE_DATASETS],
         ),
         groups=[group.name, 'DAAdministrators'],
     )
@@ -92,7 +93,7 @@ def test_update_permissions(client, user, group, tenant):
         username='alice',
         input=dict(
             groupUri=group.name,
-            permissions=[permissions.MANAGE_ORGANIZATIONS, permissions.MANAGE_DATASETS],
+            permissions=[permissions.MANAGE_ORGANIZATIONS, MANAGE_DATASETS],
         ),
         groups=[group.name, 'DAAdministrators'],
     )
diff --git a/tests/db/test_permission.py b/tests/db/test_permission.py
index d40402836..a32e64085 100644
--- a/tests/db/test_permission.py
+++ b/tests/db/test_permission.py
@@ -6,6 +6,7 @@
 from dataall.db.models.Permission import PermissionType
 from dataall.modules.datasets.db.models import Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
+from dataall.modules.datasets.services.permissions import MANAGE_DATASETS
 
 
 @pytest.fixture(scope='module')
@@ -165,7 +166,7 @@ def test_attach_tenant_policy(
         dataall.db.api.TenantPolicy.attach_group_tenant_policy(
             session=session,
             group=group.name,
-            permissions=[dataall.db.permissions.MANAGE_DATASETS],
+            permissions=[MANAGE_DATASETS],
             tenant_name='dataall',
         )
 
@@ -173,7 +174,7 @@ def test_attach_tenant_policy(
             session=session,
             username=user.userName,
             groups=[group.name],
-            permission_name=dataall.db.permissions.MANAGE_DATASETS,
+            permission_name=MANAGE_DATASETS,
             tenant_name='dataall',
         )
 

From 8d8d952e3dd82222159750d2d4a072b100c9dbc1 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 27 Apr 2023 10:27:24 +0200
Subject: [PATCH 093/346] Moved dataset read permissions to modules

---
 backend/dataall/db/api/target_type.py         |  1 -
 backend/dataall/db/permissions.py             | 16 ----------------
 backend/dataall/modules/datasets/__init__.py  |  4 ++++
 .../modules/datasets/api/dataset/resolvers.py |  7 ++++---
 .../datasets/services/dataset_location.py     |  8 ++++----
 .../datasets/services/dataset_service.py      |  8 ++++----
 .../modules/datasets/services/permissions.py  | 19 +++++++++++++++++++
 tests/db/test_permission.py                   |  6 +++---
 8 files changed, 38 insertions(+), 31 deletions(-)

diff --git a/backend/dataall/db/api/target_type.py b/backend/dataall/db/api/target_type.py
index 0eecb2569..a77e4e09a 100644
--- a/backend/dataall/db/api/target_type.py
+++ b/backend/dataall/db/api/target_type.py
@@ -36,7 +36,6 @@ def is_supported_target_type(target_type):
             )
 
 
-TargetType("dataset", permissions.GET_DATASET, permissions.UPDATE_DATASET)
 TargetType("environment", permissions.GET_ENVIRONMENT, permissions.UPDATE_ENVIRONMENT)
 TargetType("mlstudio", permissions.GET_SGMSTUDIO_NOTEBOOK, permissions.UPDATE_SGMSTUDIO_NOTEBOOK)
 TargetType("pipeline", permissions.GET_PIPELINE, permissions.UPDATE_PIPELINE)
diff --git a/backend/dataall/db/permissions.py b/backend/dataall/db/permissions.py
index 1d0921b55..9a6726bbd 100644
--- a/backend/dataall/db/permissions.py
+++ b/backend/dataall/db/permissions.py
@@ -184,14 +184,10 @@
 """
 DATASET PERMISSIONS
 """
-GET_DATASET = 'GET_DATASET'
-UPDATE_DATASET = 'UPDATE_DATASET'
 SYNC_DATASET = 'SYNC_DATASET'
 SUMMARY_DATASET = 'SUMMARY_DATASET'
 IMPORT_DATASET = 'IMPORT_DATASET'
 UPLOAD_DATASET = 'UPLOAD_DATASET'
-LIST_DATASETS = 'LIST_DATASETS'
-CREDENTIALS_DATASET = 'CREDENTIALS_DATASET'
 URL_DATASET = 'URL_DATASET'
 CRAWL_DATASET = 'CRAWL_DATASET'
 DELETE_DATASET = 'DELETE_DATASET'
@@ -201,12 +197,9 @@
 DELETE_DATASET_TABLE = 'DELETE_DATASET_TABLE'
 UPDATE_DATASET_TABLE = 'UPDATE_DATASET_TABLE'
 PROFILE_DATASET_TABLE = 'PROFILE_DATASET_TABLE'
-LIST_DATASET_TABLES = 'LIST_DATASET_TABLES'
-LIST_DATASET_SHARES = 'LIST_DATASET_SHARES'
 CREATE_DATASET_FOLDER = 'CREATE_DATASET_FOLDER'
 DELETE_DATASET_FOLDER = 'DELETE_DATASET_FOLDER'
 GET_DATASET_FOLDER = 'DELETE_DATASET_FOLDER'
-LIST_DATASET_FOLDERS = 'LIST_DATASET_FOLDERS'
 UPDATE_DATASET_FOLDER = 'UPDATE_DATASET_FOLDER'
 DATASET_WRITE = [
     UPDATE_DATASET,
@@ -231,15 +224,6 @@
     LIST_DATASET_FOLDERS,
 ]
 
-DATASET_READ = [
-    GET_DATASET,
-    LIST_DATASETS,
-    LIST_DATASET_TABLES,
-    LIST_DATASET_SHARES,
-    LIST_DATASET_FOLDERS,
-    CREDENTIALS_DATASET,
-]
-
 DATASET_ALL = list(set(DATASET_WRITE + DATASET_READ))
 
 """
diff --git a/backend/dataall/modules/datasets/__init__.py b/backend/dataall/modules/datasets/__init__.py
index 5d2444c4d..60349f8b4 100644
--- a/backend/dataall/modules/datasets/__init__.py
+++ b/backend/dataall/modules/datasets/__init__.py
@@ -3,10 +3,12 @@
 from typing import List
 
 from dataall.api.Objects.Vote.resolvers import add_vote_type
+from dataall.db.api import TargetType
 from dataall.modules.datasets.db.models import DatasetTableColumn, DatasetStorageLocation, DatasetTable, Dataset
 from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
 from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
+from dataall.modules.datasets.services.permissions import GET_DATASET, UPDATE_DATASET
 from dataall.modules.loader import ModuleInterface, ImportMode
 
 log = logging.getLogger(__name__)
@@ -53,6 +55,8 @@ def __init__(self):
 
         add_vote_type("dataset", DatasetIndexer)
 
+        TargetType("dataset", GET_DATASET, UPDATE_DATASET)
+
         log.info("API of datasets has been imported")
 
 
diff --git a/backend/dataall/modules/datasets/api/dataset/resolvers.py b/backend/dataall/modules/datasets/api/dataset/resolvers.py
index 29da121fc..2a0c375fb 100644
--- a/backend/dataall/modules/datasets/api/dataset/resolvers.py
+++ b/backend/dataall/modules/datasets/api/dataset/resolvers.py
@@ -22,6 +22,7 @@
 from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
+from dataall.modules.datasets.services.permissions import CREDENTIALS_DATASET
 
 log = logging.getLogger(__name__)
 
@@ -256,7 +257,7 @@ def get_dataset_etl_credentials(context: Context, source, datasetUri: str = None
             username=context.username,
             groups=context.groups,
             resource_uri=datasetUri,
-            permission_name=permissions.CREDENTIALS_DATASET,
+            permission_name=CREDENTIALS_DATASET,
         )
         task = models.Task(targetUri=datasetUri, action='iam.dataset.user.credentials')
         session.add(task)
@@ -273,7 +274,7 @@ def get_dataset_assume_role_url(context: Context, source, datasetUri: str = None
             username=context.username,
             groups=context.groups,
             resource_uri=datasetUri,
-            permission_name=permissions.CREDENTIALS_DATASET,
+            permission_name=CREDENTIALS_DATASET,
         )
         dataset = DatasetService.get_dataset_by_uri(session, datasetUri)
         if dataset.SamlAdminGroupName not in context.groups:
@@ -407,7 +408,7 @@ def generate_dataset_access_token(context, source, datasetUri: str = None):
             username=context.username,
             groups=context.groups,
             resource_uri=datasetUri,
-            permission_name=permissions.CREDENTIALS_DATASET,
+            permission_name=CREDENTIALS_DATASET,
         )
         dataset = DatasetService.get_dataset_by_uri(session, datasetUri)
 
diff --git a/backend/dataall/modules/datasets/services/dataset_location.py b/backend/dataall/modules/datasets/services/dataset_location.py
index 2251c2ad4..b13e66c6d 100644
--- a/backend/dataall/modules/datasets/services/dataset_location.py
+++ b/backend/dataall/modules/datasets/services/dataset_location.py
@@ -3,10 +3,10 @@
 from sqlalchemy import and_, or_
 
 from dataall.db.api import has_tenant_perm, has_resource_perm, Glossary
-from dataall.db import models, api, paginate, permissions, exceptions
+from dataall.db import models, api, paginate, exceptions
 from dataall.modules.datasets.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets.db.models import DatasetStorageLocation
-from dataall.modules.datasets.services.permissions import MANAGE_DATASETS
+from dataall.modules.datasets.services.permissions import MANAGE_DATASETS, LIST_DATASET_FOLDERS
 
 logger = logging.getLogger(__name__)
 
@@ -68,7 +68,7 @@ def create_dataset_location(
 
     @staticmethod
     @has_tenant_perm(MANAGE_DATASETS)
-    @has_resource_perm(permissions.LIST_DATASET_FOLDERS)
+    @has_resource_perm(LIST_DATASET_FOLDERS)
     def list_dataset_locations(
         session,
         username: str,
@@ -93,7 +93,7 @@ def list_dataset_locations(
 
     @staticmethod
     @has_tenant_perm(MANAGE_DATASETS)
-    @has_resource_perm(permissions.LIST_DATASET_FOLDERS)
+    @has_resource_perm(LIST_DATASET_FOLDERS)
     def get_dataset_location(
         session,
         username: str,
diff --git a/backend/dataall/modules/datasets/services/dataset_service.py b/backend/dataall/modules/datasets/services/dataset_service.py
index bac79d5b3..4488d03b8 100644
--- a/backend/dataall/modules/datasets/services/dataset_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_service.py
@@ -19,7 +19,7 @@
 from dataall.modules.datasets.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.services.dataset_location import DatasetLocationService
-from dataall.modules.datasets.services.permissions import MANAGE_DATASETS
+from dataall.modules.datasets.services.permissions import MANAGE_DATASETS, UPDATE_DATASET, DATASET_READ
 from dataall.utils.naming_convention import (
     NamingConventionService,
     NamingConventionPattern,
@@ -120,7 +120,7 @@ def create_dataset(
             ResourcePolicy.attach_resource_policy(
                 session=session,
                 group=dataset.stewards,
-                permissions=permissions.DATASET_READ,
+                permissions=DATASET_READ,
                 resource_uri=dataset.datasetUri,
                 resource_type=Dataset.__name__,
             )
@@ -294,7 +294,7 @@ def paginated_dataset_tables(
 
     @staticmethod
     @has_tenant_perm(MANAGE_DATASETS)
-    @has_resource_perm(permissions.UPDATE_DATASET)
+    @has_resource_perm(UPDATE_DATASET)
     def update_dataset(
         session, username, groups, uri, data=None, check_perm=None
     ) -> Dataset:
@@ -363,7 +363,7 @@ def transfer_stewardship_to_new_stewards(session, dataset, new_stewards):
         ResourcePolicy.attach_resource_policy(
             session=session,
             group=new_stewards,
-            permissions=permissions.DATASET_READ,
+            permissions=DATASET_READ,
             resource_uri=dataset.datasetUri,
             resource_type=Dataset.__name__,
         )
diff --git a/backend/dataall/modules/datasets/services/permissions.py b/backend/dataall/modules/datasets/services/permissions.py
index 602343a2e..bd36e681b 100644
--- a/backend/dataall/modules/datasets/services/permissions.py
+++ b/backend/dataall/modules/datasets/services/permissions.py
@@ -2,5 +2,24 @@
 
 MANAGE_DATASETS = 'MANAGE_DATASETS'
 
+GET_DATASET = 'GET_DATASET'
+LIST_DATASETS = 'LIST_DATASETS'
+LIST_DATASET_TABLES = 'LIST_DATASET_TABLES'
+LIST_DATASET_SHARES = 'LIST_DATASET_SHARES'
+LIST_DATASET_FOLDERS = 'LIST_DATASET_FOLDERS'
+CREDENTIALS_DATASET = 'CREDENTIALS_DATASET'
+
+DATASET_READ = [
+    GET_DATASET,
+    LIST_DATASETS,
+    LIST_DATASET_TABLES,
+    LIST_DATASET_SHARES,
+    LIST_DATASET_FOLDERS,
+    CREDENTIALS_DATASET,
+]
+
+
+UPDATE_DATASET = 'UPDATE_DATASET'
+
 TENANT_ALL.append(MANAGE_DATASETS)
 TENANT_ALL_WITH_DESC[MANAGE_DATASETS] = 'Manage datasets'
diff --git a/tests/db/test_permission.py b/tests/db/test_permission.py
index a32e64085..e066f1484 100644
--- a/tests/db/test_permission.py
+++ b/tests/db/test_permission.py
@@ -6,7 +6,7 @@
 from dataall.db.models.Permission import PermissionType
 from dataall.modules.datasets.db.models import Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
-from dataall.modules.datasets.services.permissions import MANAGE_DATASETS
+from dataall.modules.datasets.services.permissions import MANAGE_DATASETS, UPDATE_DATASET, DATASET_READ
 
 
 @pytest.fixture(scope='module')
@@ -14,7 +14,7 @@ def permissions(db):
     with db.scoped_session() as session:
         permissions = []
         for p in (
-            dataall.db.permissions.DATASET_READ
+            DATASET_READ
             + dataall.db.permissions.DATASET_WRITE
             + dataall.db.permissions.DATASET_TABLE_READ
             + dataall.db.permissions.ORGANIZATION_ALL
@@ -153,7 +153,7 @@ def test_attach_resource_policy(db, user, group, group_user, dataset, permission
             session=session,
             username=user.userName,
             groups=[group.name],
-            permission_name=dataall.db.permissions.UPDATE_DATASET,
+            permission_name=UPDATE_DATASET,
             resource_uri=dataset.datasetUri,
         )
 

From d6ec387e560a6d2f6fbd3930234937a69543e779 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 27 Apr 2023 10:44:19 +0200
Subject: [PATCH 094/346] Moved dataset write permissions to modules

---
 backend/dataall/db/permissions.py             | 47 +-----------------
 .../modules/datasets/api/dataset/resolvers.py | 21 ++++----
 .../datasets/api/profiling/resolvers.py       |  5 +-
 .../api/storage_location/resolvers.py         |  5 +-
 .../modules/datasets/api/table/resolvers.py   |  5 +-
 .../datasets/api/table_column/resolvers.py    |  7 +--
 .../datasets/services/dataset_location.py     | 11 +++--
 .../datasets/services/dataset_service.py      | 10 ++--
 .../datasets/services/dataset_table.py        | 15 +++---
 .../modules/datasets/services/permissions.py  | 49 +++++++++++++++++--
 tests/db/test_permission.py                   |  7 ++-
 11 files changed, 93 insertions(+), 89 deletions(-)

diff --git a/backend/dataall/db/permissions.py b/backend/dataall/db/permissions.py
index 9a6726bbd..69a7b3d25 100644
--- a/backend/dataall/db/permissions.py
+++ b/backend/dataall/db/permissions.py
@@ -181,50 +181,6 @@
     GET_SHARE_OBJECT,
     LIST_SHARED_ITEMS,
 ]
-"""
-DATASET PERMISSIONS
-"""
-SYNC_DATASET = 'SYNC_DATASET'
-SUMMARY_DATASET = 'SUMMARY_DATASET'
-IMPORT_DATASET = 'IMPORT_DATASET'
-UPLOAD_DATASET = 'UPLOAD_DATASET'
-URL_DATASET = 'URL_DATASET'
-CRAWL_DATASET = 'CRAWL_DATASET'
-DELETE_DATASET = 'DELETE_DATASET'
-STACK_DATASET = 'STACK_DATASET'
-SUBSCRIPTIONS_DATASET = 'SUBSCRIPTIONS_DATASET'
-CREATE_DATASET_TABLE = 'CREATE_DATASET_TABLE'
-DELETE_DATASET_TABLE = 'DELETE_DATASET_TABLE'
-UPDATE_DATASET_TABLE = 'UPDATE_DATASET_TABLE'
-PROFILE_DATASET_TABLE = 'PROFILE_DATASET_TABLE'
-CREATE_DATASET_FOLDER = 'CREATE_DATASET_FOLDER'
-DELETE_DATASET_FOLDER = 'DELETE_DATASET_FOLDER'
-GET_DATASET_FOLDER = 'DELETE_DATASET_FOLDER'
-UPDATE_DATASET_FOLDER = 'UPDATE_DATASET_FOLDER'
-DATASET_WRITE = [
-    UPDATE_DATASET,
-    SYNC_DATASET,
-    SUMMARY_DATASET,
-    IMPORT_DATASET,
-    UPLOAD_DATASET,
-    CREDENTIALS_DATASET,
-    URL_DATASET,
-    CRAWL_DATASET,
-    DELETE_DATASET,
-    STACK_DATASET,
-    SUBSCRIPTIONS_DATASET,
-    UPDATE_DATASET_TABLE,
-    DELETE_DATASET_TABLE,
-    CREATE_DATASET_TABLE,
-    PROFILE_DATASET_TABLE,
-    LIST_DATASET_SHARES,
-    CREATE_DATASET_FOLDER,
-    DELETE_DATASET_FOLDER,
-    UPDATE_DATASET_FOLDER,
-    LIST_DATASET_FOLDERS,
-]
-
-DATASET_ALL = list(set(DATASET_WRITE + DATASET_READ))
 
 """
 DATASET TABLE PERMISSIONS
@@ -386,8 +342,7 @@
 RESOURCES_ALL
 """
 RESOURCES_ALL = (
-    DATASET_ALL
-    + DATASET_TABLE_READ
+    DATASET_TABLE_READ
     + ORGANIZATION_ALL
     + ENVIRONMENT_ALL
     + CONSUMPTION_ROLE_ALL
diff --git a/backend/dataall/modules/datasets/api/dataset/resolvers.py b/backend/dataall/modules/datasets/api/dataset/resolvers.py
index 2a0c375fb..a75e6d414 100644
--- a/backend/dataall/modules/datasets/api/dataset/resolvers.py
+++ b/backend/dataall/modules/datasets/api/dataset/resolvers.py
@@ -22,7 +22,8 @@
 from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
-from dataall.modules.datasets.services.permissions import CREDENTIALS_DATASET
+from dataall.modules.datasets.services.permissions import CREDENTIALS_DATASET, SYNC_DATASET, SUMMARY_DATASET, \
+    CRAWL_DATASET, DELETE_DATASET, SUBSCRIPTIONS_DATASET
 
 log = logging.getLogger(__name__)
 
@@ -317,7 +318,7 @@ def sync_tables(context: Context, source, datasetUri: str = None):
             username=context.username,
             groups=context.groups,
             resource_uri=datasetUri,
-            permission_name=permissions.SYNC_DATASET,
+            permission_name=SYNC_DATASET,
         )
         dataset = DatasetService.get_dataset_by_uri(session, datasetUri)
 
@@ -349,7 +350,7 @@ def start_crawler(context: Context, source, datasetUri: str, input: dict = None)
             username=context.username,
             groups=context.groups,
             resource_uri=datasetUri,
-            permission_name=permissions.CRAWL_DATASET,
+            permission_name=CRAWL_DATASET,
         )
 
         dataset = DatasetService.get_dataset_by_uri(session, datasetUri)
@@ -363,7 +364,7 @@ def start_crawler(context: Context, source, datasetUri: str, input: dict = None)
         crawler = DatasetCrawler(dataset).get_crawler()
         if not crawler:
             raise exceptions.AWSResourceNotFound(
-                action=permissions.CRAWL_DATASET,
+                action=CRAWL_DATASET,
                 message=f'Crawler {dataset.GlueCrawlerName} can not be found',
             )
 
@@ -464,7 +465,7 @@ def save_dataset_summary(
             username=context.username,
             groups=context.groups,
             resource_uri=datasetUri,
-            permission_name=permissions.SUMMARY_DATASET,
+            permission_name=SUMMARY_DATASET,
         )
         dataset = DatasetService.get_dataset_by_uri(session, datasetUri)
         environment = Environment.get_environment_by_uri(
@@ -502,7 +503,7 @@ def get_crawler(context, source, datasetUri: str = None, name: str = None):
             username=context.username,
             groups=context.groups,
             resource_uri=datasetUri,
-            permission_name=permissions.CRAWL_DATASET,
+            permission_name=CRAWL_DATASET,
         )
         dataset = DatasetService.get_dataset_by_uri(session, datasetUri)
 
@@ -527,7 +528,7 @@ def delete_dataset(
             username=context.username,
             groups=context.groups,
             resource_uri=datasetUri,
-            permission_name=permissions.DELETE_DATASET,
+            permission_name=DELETE_DATASET,
         )
         dataset: Dataset = DatasetService.get_dataset_by_uri(session, datasetUri)
         env: models.Environment = Environment.get_environment_by_uri(
@@ -536,7 +537,7 @@ def delete_dataset(
         shares = DatasetService.list_dataset_shares_with_existing_shared_items(session, datasetUri)
         if shares:
             raise exceptions.UnauthorizedOperation(
-                action=permissions.DELETE_DATASET,
+                action=DELETE_DATASET,
                 message=f'Dataset {dataset.name} is shared with other teams. '
                 'Revoke all dataset shares before deletion.',
             )
@@ -545,7 +546,7 @@ def delete_dataset(
         )
         if redshift_datasets:
             raise exceptions.UnauthorizedOperation(
-                action=permissions.DELETE_DATASET,
+                action=DELETE_DATASET,
                 message='Dataset is used by Redshift clusters. '
                 'Remove clusters associations first.',
             )
@@ -604,7 +605,7 @@ def publish_dataset_update(
             username=context.username,
             groups=context.groups,
             resource_uri=datasetUri,
-            permission_name=permissions.SUBSCRIPTIONS_DATASET,
+            permission_name=SUBSCRIPTIONS_DATASET,
         )
         dataset = DatasetService.get_dataset_by_uri(session, datasetUri)
         env = db.api.Environment.get_environment_by_uri(session, dataset.environmentUri)
diff --git a/backend/dataall/modules/datasets/api/profiling/resolvers.py b/backend/dataall/modules/datasets/api/profiling/resolvers.py
index d1eeaf3c9..671b79c32 100644
--- a/backend/dataall/modules/datasets/api/profiling/resolvers.py
+++ b/backend/dataall/modules/datasets/api/profiling/resolvers.py
@@ -4,12 +4,13 @@
 from dataall.api.context import Context
 from dataall.aws.handlers.service_handlers import Worker
 from dataall.aws.handlers.sts import SessionHelper
-from dataall.db import api, permissions, models
+from dataall.db import api, models
 from dataall.db.api import ResourcePolicy
 from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.modules.datasets.services.dataset_table import DatasetTableService
 from dataall.modules.datasets.services.dataset_profiling_service import DatasetProfilingService
 from dataall.modules.datasets.db.models import DatasetProfilingRun
+from dataall.modules.datasets.services.permissions import PROFILE_DATASET_TABLE
 
 log = logging.getLogger(__name__)
 
@@ -31,7 +32,7 @@ def start_profiling_run(context: Context, source, input: dict = None):
             username=context.username,
             groups=context.groups,
             resource_uri=input['datasetUri'],
-            permission_name=permissions.PROFILE_DATASET_TABLE,
+            permission_name=PROFILE_DATASET_TABLE,
         )
         dataset = DatasetService.get_dataset_by_uri(session, input['datasetUri'])
 
diff --git a/backend/dataall/modules/datasets/api/storage_location/resolvers.py b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
index 634e1239a..5e7351aa1 100644
--- a/backend/dataall/modules/datasets/api/storage_location/resolvers.py
+++ b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
@@ -1,6 +1,6 @@
 from dataall.api.context import Context
 from dataall.aws.handlers.service_handlers import Worker
-from dataall.db import permissions, models
+from dataall.db import models
 from dataall.db.api import (
     ResourcePolicy,
     Glossary,
@@ -11,6 +11,7 @@
 from dataall.modules.datasets.db.models import DatasetStorageLocation, Dataset
 from dataall.modules.datasets.services.dataset_location import DatasetLocationService
 from dataall.modules.datasets.services.dataset_service import DatasetService
+from dataall.modules.datasets.services.permissions import UPDATE_DATASET_FOLDER
 
 
 def create_storage_location(
@@ -107,7 +108,7 @@ def publish_location_update(context: Context, source, locationUri: str = None):
             username=context.username,
             groups=context.groups,
             resource_uri=location.datasetUri,
-            permission_name=permissions.UPDATE_DATASET_FOLDER,
+            permission_name=UPDATE_DATASET_FOLDER,
         )
         dataset = DatasetService.get_dataset_by_uri(session, location.datasetUri)
         env = Environment.get_environment_by_uri(session, dataset.environmentUri)
diff --git a/backend/dataall/modules/datasets/api/table/resolvers.py b/backend/dataall/modules/datasets/api/table/resolvers.py
index a45cee61e..2e0a46b2e 100644
--- a/backend/dataall/modules/datasets/api/table/resolvers.py
+++ b/backend/dataall/modules/datasets/api/table/resolvers.py
@@ -9,10 +9,11 @@
 from dataall.api.context import Context
 from dataall.aws.handlers.service_handlers import Worker
 from dataall.aws.handlers.sts import SessionHelper
-from dataall.db import permissions, models
+from dataall.db import models
 from dataall.db.api import ResourcePolicy, Glossary
 from dataall.modules.datasets.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
+from dataall.modules.datasets.services.permissions import UPDATE_DATASET_TABLE
 from dataall.utils import json_utils
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
 from dataall.modules.datasets.services.dataset_table import DatasetTableService
@@ -197,7 +198,7 @@ def publish_table_update(context: Context, source, tableUri: str = None):
             username=context.username,
             groups=context.groups,
             resource_uri=table.datasetUri,
-            permission_name=permissions.UPDATE_DATASET_TABLE,
+            permission_name=UPDATE_DATASET_TABLE,
         )
         dataset = DatasetService.get_dataset_by_uri(session, table.datasetUri)
         env = db.api.Environment.get_environment_by_uri(session, dataset.environmentUri)
diff --git a/backend/dataall/modules/datasets/api/table_column/resolvers.py b/backend/dataall/modules/datasets/api/table_column/resolvers.py
index b27a99dd3..951b2038f 100644
--- a/backend/dataall/modules/datasets/api/table_column/resolvers.py
+++ b/backend/dataall/modules/datasets/api/table_column/resolvers.py
@@ -3,10 +3,11 @@
 from dataall import db
 from dataall.api.context import Context
 from dataall.aws.handlers.service_handlers import Worker
-from dataall.db import paginate, permissions, models
+from dataall.db import paginate, models
 from dataall.db.api import ResourcePolicy
 from dataall.modules.datasets.services.dataset_table import DatasetTableService
 from dataall.modules.datasets.db.models import DatasetTableColumn, DatasetTable
+from dataall.modules.datasets.services.permissions import UPDATE_DATASET_TABLE
 
 
 def list_table_columns(
@@ -54,7 +55,7 @@ def sync_table_columns(context: Context, source, tableUri: str = None):
             username=context.username,
             groups=context.groups,
             resource_uri=table.datasetUri,
-            permission_name=permissions.UPDATE_DATASET_TABLE,
+            permission_name=UPDATE_DATASET_TABLE,
         )
         task = models.Task(action='glue.table.columns', targetUri=table.tableUri)
         session.add(task)
@@ -89,7 +90,7 @@ def update_table_column(
             username=context.username,
             groups=context.groups,
             resource_uri=table.datasetUri,
-            permission_name=permissions.UPDATE_DATASET_TABLE,
+            permission_name=UPDATE_DATASET_TABLE,
         )
         column.description = input.get('description', 'No description provided')
         session.add(column)
diff --git a/backend/dataall/modules/datasets/services/dataset_location.py b/backend/dataall/modules/datasets/services/dataset_location.py
index b13e66c6d..73885eb51 100644
--- a/backend/dataall/modules/datasets/services/dataset_location.py
+++ b/backend/dataall/modules/datasets/services/dataset_location.py
@@ -6,7 +6,8 @@
 from dataall.db import models, api, paginate, exceptions
 from dataall.modules.datasets.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets.db.models import DatasetStorageLocation
-from dataall.modules.datasets.services.permissions import MANAGE_DATASETS, LIST_DATASET_FOLDERS
+from dataall.modules.datasets.services.permissions import MANAGE_DATASETS, LIST_DATASET_FOLDERS, CREATE_DATASET_FOLDER, \
+    DELETE_DATASET_FOLDER, UPDATE_DATASET_FOLDER
 
 logger = logging.getLogger(__name__)
 
@@ -14,7 +15,7 @@
 class DatasetLocationService:
     @staticmethod
     @has_tenant_perm(MANAGE_DATASETS)
-    @has_resource_perm(permissions.CREATE_DATASET_FOLDER)
+    @has_resource_perm(CREATE_DATASET_FOLDER)
     def create_dataset_location(
         session,
         username: str,
@@ -106,7 +107,7 @@ def get_dataset_location(
 
     @staticmethod
     @has_tenant_perm(MANAGE_DATASETS)
-    @has_resource_perm(permissions.UPDATE_DATASET_FOLDER)
+    @has_resource_perm(UPDATE_DATASET_FOLDER)
     def update_dataset_location(
         session,
         username: str,
@@ -136,7 +137,7 @@ def update_dataset_location(
 
     @staticmethod
     @has_tenant_perm(MANAGE_DATASETS)
-    @has_resource_perm(permissions.DELETE_DATASET_FOLDER)
+    @has_resource_perm(DELETE_DATASET_FOLDER)
     def delete_dataset_location(
         session,
         username: str,
@@ -161,7 +162,7 @@ def delete_dataset_location(
         )
         if share_item:
             raise exceptions.ResourceShared(
-                action=permissions.DELETE_DATASET_FOLDER,
+                action=DELETE_DATASET_FOLDER,
                 message='Revoke all folder shares before deletion',
             )
         session.query(models.ShareObjectItem).filter(
diff --git a/backend/dataall/modules/datasets/services/dataset_service.py b/backend/dataall/modules/datasets/services/dataset_service.py
index 4488d03b8..558fa3a28 100644
--- a/backend/dataall/modules/datasets/services/dataset_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_service.py
@@ -14,12 +14,12 @@
     Stack,
 )
 from dataall.db.api import Organization
-from dataall.db import models, api, exceptions, permissions, paginate
+from dataall.db import models, api, exceptions, paginate
 from dataall.db.models.Enums import Language, ConfidentialityClassification
 from dataall.modules.datasets.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.services.dataset_location import DatasetLocationService
-from dataall.modules.datasets.services.permissions import MANAGE_DATASETS, UPDATE_DATASET, DATASET_READ
+from dataall.modules.datasets.services.permissions import MANAGE_DATASETS, UPDATE_DATASET, DATASET_READ, DATASET_ALL
 from dataall.utils.naming_convention import (
     NamingConventionService,
     NamingConventionPattern,
@@ -112,7 +112,7 @@ def create_dataset(
         ResourcePolicy.attach_resource_policy(
             session=session,
             group=data['SamlAdminGroupName'],
-            permissions=permissions.DATASET_ALL,
+            permissions=DATASET_ALL,
             resource_uri=dataset.datasetUri,
             resource_type=Dataset.__name__,
         )
@@ -128,7 +128,7 @@ def create_dataset(
             ResourcePolicy.attach_resource_policy(
                 session=session,
                 group=environment.SamlGroupName,
-                permissions=permissions.DATASET_ALL,
+                permissions=DATASET_ALL,
                 resource_uri=dataset.datasetUri,
                 resource_type=Dataset.__name__,
             )
@@ -316,7 +316,7 @@ def update_dataset(
             ResourcePolicy.attach_resource_policy(
                 session=session,
                 group=dataset.SamlAdminGroupName,
-                permissions=permissions.DATASET_ALL,
+                permissions=DATASET_ALL,
                 resource_uri=dataset.datasetUri,
                 resource_type=Dataset.__name__,
             )
diff --git a/backend/dataall/modules/datasets/services/dataset_table.py b/backend/dataall/modules/datasets/services/dataset_table.py
index b04348c02..76d22015e 100644
--- a/backend/dataall/modules/datasets/services/dataset_table.py
+++ b/backend/dataall/modules/datasets/services/dataset_table.py
@@ -2,9 +2,10 @@
 
 from sqlalchemy.sql import and_
 
-from dataall.db import models, api, permissions, exceptions, paginate
+from dataall.db import models, api, exceptions, paginate
 from dataall.db.api import has_tenant_perm, has_resource_perm, Glossary, ResourcePolicy, Environment
-from dataall.modules.datasets.services.permissions import MANAGE_DATASETS
+from dataall.modules.datasets.services.permissions import MANAGE_DATASETS, CREATE_DATASET_TABLE, DELETE_DATASET_TABLE, \
+    UPDATE_DATASET_TABLE
 from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.utils import json_utils
 from dataall.modules.datasets.db.models import DatasetTableColumn, DatasetTable, Dataset
@@ -15,7 +16,7 @@
 class DatasetTableService:
     @staticmethod
     @has_tenant_perm(MANAGE_DATASETS)
-    @has_resource_perm(permissions.CREATE_DATASET_TABLE)
+    @has_resource_perm(CREATE_DATASET_TABLE)
     def create_dataset_table(
         session,
         username: str,
@@ -71,7 +72,7 @@ def create_dataset_table(
             ResourcePolicy.attach_resource_policy(
                 session=session,
                 group=group,
-                permissions=permissions.DATASET_TABLE_READ,
+                permissions=DATASET_TABLE_READ,
                 resource_uri=table.tableUri,
                 resource_type=DatasetTable.__name__,
             )
@@ -113,7 +114,7 @@ def get_dataset_table(
 
     @staticmethod
     @has_tenant_perm(MANAGE_DATASETS)
-    @has_resource_perm(permissions.UPDATE_DATASET_TABLE)
+    @has_resource_perm(UPDATE_DATASET_TABLE)
     def update_dataset_table(
         session,
         username: str,
@@ -139,7 +140,7 @@ def update_dataset_table(
 
     @staticmethod
     @has_tenant_perm(MANAGE_DATASETS)
-    @has_resource_perm(permissions.DELETE_DATASET_TABLE)
+    @has_resource_perm(DELETE_DATASET_TABLE)
     def delete_dataset_table(
         session,
         username: str,
@@ -162,7 +163,7 @@ def delete_dataset_table(
         )
         if share_item:
             raise exceptions.ResourceShared(
-                action=permissions.DELETE_DATASET_TABLE,
+                action=DELETE_DATASET_TABLE,
                 message='Revoke all table shares before deletion',
             )
         session.query(models.ShareObjectItem).filter(
diff --git a/backend/dataall/modules/datasets/services/permissions.py b/backend/dataall/modules/datasets/services/permissions.py
index bd36e681b..74f37544d 100644
--- a/backend/dataall/modules/datasets/services/permissions.py
+++ b/backend/dataall/modules/datasets/services/permissions.py
@@ -1,7 +1,10 @@
-from dataall.db.permissions import TENANT_ALL, TENANT_ALL_WITH_DESC
+from dataall.db.permissions import TENANT_ALL, TENANT_ALL_WITH_DESC, RESOURCES_ALL
 
 MANAGE_DATASETS = 'MANAGE_DATASETS'
 
+TENANT_ALL.append(MANAGE_DATASETS)
+TENANT_ALL_WITH_DESC[MANAGE_DATASETS] = 'Manage datasets'
+
 GET_DATASET = 'GET_DATASET'
 LIST_DATASETS = 'LIST_DATASETS'
 LIST_DATASET_TABLES = 'LIST_DATASET_TABLES'
@@ -20,6 +23,46 @@
 
 
 UPDATE_DATASET = 'UPDATE_DATASET'
+SYNC_DATASET = 'SYNC_DATASET'
+SUMMARY_DATASET = 'SUMMARY_DATASET'
+IMPORT_DATASET = 'IMPORT_DATASET'
+UPLOAD_DATASET = 'UPLOAD_DATASET'
+URL_DATASET = 'URL_DATASET'
+CRAWL_DATASET = 'CRAWL_DATASET'
+DELETE_DATASET = 'DELETE_DATASET'
+STACK_DATASET = 'STACK_DATASET'
+SUBSCRIPTIONS_DATASET = 'SUBSCRIPTIONS_DATASET'
+CREATE_DATASET_TABLE = 'CREATE_DATASET_TABLE'
+DELETE_DATASET_TABLE = 'DELETE_DATASET_TABLE'
+UPDATE_DATASET_TABLE = 'UPDATE_DATASET_TABLE'
+PROFILE_DATASET_TABLE = 'PROFILE_DATASET_TABLE'
+CREATE_DATASET_FOLDER = 'CREATE_DATASET_FOLDER'
+DELETE_DATASET_FOLDER = 'DELETE_DATASET_FOLDER'
+GET_DATASET_FOLDER = 'DELETE_DATASET_FOLDER'
+UPDATE_DATASET_FOLDER = 'UPDATE_DATASET_FOLDER'
 
-TENANT_ALL.append(MANAGE_DATASETS)
-TENANT_ALL_WITH_DESC[MANAGE_DATASETS] = 'Manage datasets'
+DATASET_WRITE = [
+    UPDATE_DATASET,
+    SYNC_DATASET,
+    SUMMARY_DATASET,
+    IMPORT_DATASET,
+    UPLOAD_DATASET,
+    CREDENTIALS_DATASET,
+    URL_DATASET,
+    CRAWL_DATASET,
+    DELETE_DATASET,
+    STACK_DATASET,
+    SUBSCRIPTIONS_DATASET,
+    UPDATE_DATASET_TABLE,
+    DELETE_DATASET_TABLE,
+    CREATE_DATASET_TABLE,
+    PROFILE_DATASET_TABLE,
+    LIST_DATASET_SHARES,
+    CREATE_DATASET_FOLDER,
+    DELETE_DATASET_FOLDER,
+    UPDATE_DATASET_FOLDER,
+    LIST_DATASET_FOLDERS,
+]
+
+DATASET_ALL = list(set(DATASET_WRITE + DATASET_READ))
+RESOURCES_ALL.extend(DATASET_ALL)
diff --git a/tests/db/test_permission.py b/tests/db/test_permission.py
index e066f1484..3b70757b6 100644
--- a/tests/db/test_permission.py
+++ b/tests/db/test_permission.py
@@ -6,7 +6,7 @@
 from dataall.db.models.Permission import PermissionType
 from dataall.modules.datasets.db.models import Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
-from dataall.modules.datasets.services.permissions import MANAGE_DATASETS, UPDATE_DATASET, DATASET_READ
+from dataall.modules.datasets.services.permissions import MANAGE_DATASETS, UPDATE_DATASET, DATASET_READ, DATASET_WRITE
 
 
 @pytest.fixture(scope='module')
@@ -14,8 +14,7 @@ def permissions(db):
     with db.scoped_session() as session:
         permissions = []
         for p in (
-            DATASET_READ
-            + dataall.db.permissions.DATASET_WRITE
+            DATASET_READ + DATASET_WRITE
             + dataall.db.permissions.DATASET_TABLE_READ
             + dataall.db.permissions.ORGANIZATION_ALL
             + dataall.db.permissions.ENVIRONMENT_ALL
@@ -145,7 +144,7 @@ def test_attach_resource_policy(db, user, group, group_user, dataset, permission
         dataall.db.api.ResourcePolicy.attach_resource_policy(
             session=session,
             group=group.name,
-            permissions=dataall.db.permissions.DATASET_WRITE,
+            permissions=DATASET_WRITE,
             resource_uri=dataset.datasetUri,
             resource_type=Dataset.__name__,
         )

From 788e35fb76be6043e667fb3cd5ba48dc27ec2891 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 27 Apr 2023 10:49:11 +0200
Subject: [PATCH 095/346] Moved dataset table permissions to modules

---
 backend/dataall/db/api/share_object.py         |  3 ++-
 backend/dataall/db/permissions.py              | 14 +-------------
 .../modules/datasets/api/table/resolvers.py    |  4 ++--
 .../datasets/services/dataset_service.py       |  5 +++--
 .../modules/datasets/services/dataset_table.py |  4 ++--
 .../modules/datasets/services/permissions.py   | 18 ++++++++++++++++++
 ...b215e_backfill_dataset_table_permissions.py |  7 ++++---
 tests/db/test_permission.py                    |  6 +++---
 8 files changed, 35 insertions(+), 26 deletions(-)

diff --git a/backend/dataall/db/api/share_object.py b/backend/dataall/db/api/share_object.py
index 455ee7296..79a82af43 100644
--- a/backend/dataall/db/api/share_object.py
+++ b/backend/dataall/db/api/share_object.py
@@ -12,6 +12,7 @@
 from ..models.Enums import ShareObjectStatus, ShareItemStatus, ShareObjectActions, ShareItemActions, ShareableType, PrincipalType
 from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable, Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
+from ...modules.datasets.services.permissions import DATASET_TABLE_READ
 from ...modules.datasets.services.share_notification_service import ShareNotificationService
 
 logger = logging.getLogger(__name__)
@@ -605,7 +606,7 @@ def approve_share_object(
             ResourcePolicy.attach_resource_policy(
                 session=session,
                 group=share.principalId,
-                permissions=permissions.DATASET_TABLE_READ,
+                permissions=DATASET_TABLE_READ,
                 resource_uri=table.itemUri,
                 resource_type=DatasetTable.__name__,
             )
diff --git a/backend/dataall/db/permissions.py b/backend/dataall/db/permissions.py
index 69a7b3d25..2f2e59d00 100644
--- a/backend/dataall/db/permissions.py
+++ b/backend/dataall/db/permissions.py
@@ -182,17 +182,6 @@
     LIST_SHARED_ITEMS,
 ]
 
-"""
-DATASET TABLE PERMISSIONS
-"""
-GET_DATASET_TABLE = 'GET_DATASET_TABLE'
-PREVIEW_DATASET_TABLE = 'PREVIEW_DATASET_TABLE'
-
-DATASET_TABLE_READ = [
-    GET_DATASET_TABLE,
-    PREVIEW_DATASET_TABLE
-]
-
 """
 GLOSSARIES
 """
@@ -342,8 +331,7 @@
 RESOURCES_ALL
 """
 RESOURCES_ALL = (
-    DATASET_TABLE_READ
-    + ORGANIZATION_ALL
+    ORGANIZATION_ALL
     + ENVIRONMENT_ALL
     + CONSUMPTION_ROLE_ALL
     + SHARE_OBJECT_ALL
diff --git a/backend/dataall/modules/datasets/api/table/resolvers.py b/backend/dataall/modules/datasets/api/table/resolvers.py
index 2e0a46b2e..c5e6726a2 100644
--- a/backend/dataall/modules/datasets/api/table/resolvers.py
+++ b/backend/dataall/modules/datasets/api/table/resolvers.py
@@ -13,7 +13,7 @@
 from dataall.db.api import ResourcePolicy, Glossary
 from dataall.modules.datasets.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
-from dataall.modules.datasets.services.permissions import UPDATE_DATASET_TABLE
+from dataall.modules.datasets.services.permissions import UPDATE_DATASET_TABLE, PREVIEW_DATASET_TABLE
 from dataall.utils import json_utils
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
 from dataall.modules.datasets.services.dataset_table import DatasetTableService
@@ -119,7 +119,7 @@ def preview(context, source, tableUri: str = None):
                 username=context.username,
                 groups=context.groups,
                 resource_uri=table.tableUri,
-                permission_name=permissions.PREVIEW_DATASET_TABLE,
+                permission_name=PREVIEW_DATASET_TABLE,
             )
         env = db.api.Environment.get_environment_by_uri(session, dataset.environmentUri)
         env_workgroup = {}
diff --git a/backend/dataall/modules/datasets/services/dataset_service.py b/backend/dataall/modules/datasets/services/dataset_service.py
index 558fa3a28..f88022273 100644
--- a/backend/dataall/modules/datasets/services/dataset_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_service.py
@@ -19,7 +19,8 @@
 from dataall.modules.datasets.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.services.dataset_location import DatasetLocationService
-from dataall.modules.datasets.services.permissions import MANAGE_DATASETS, UPDATE_DATASET, DATASET_READ, DATASET_ALL
+from dataall.modules.datasets.services.permissions import MANAGE_DATASETS, UPDATE_DATASET, DATASET_READ, DATASET_ALL, \
+    DATASET_TABLE_READ
 from dataall.utils.naming_convention import (
     NamingConventionService,
     NamingConventionPattern,
@@ -379,7 +380,7 @@ def transfer_stewardship_to_new_stewards(session, dataset, new_stewards):
             ResourcePolicy.attach_resource_policy(
                 session=session,
                 group=new_stewards,
-                permissions=permissions.DATASET_TABLE_READ,
+                permissions=DATASET_TABLE_READ,
                 resource_uri=tableUri,
                 resource_type=DatasetTable.__name__,
             )
diff --git a/backend/dataall/modules/datasets/services/dataset_table.py b/backend/dataall/modules/datasets/services/dataset_table.py
index 76d22015e..437e9384e 100644
--- a/backend/dataall/modules/datasets/services/dataset_table.py
+++ b/backend/dataall/modules/datasets/services/dataset_table.py
@@ -5,7 +5,7 @@
 from dataall.db import models, api, exceptions, paginate
 from dataall.db.api import has_tenant_perm, has_resource_perm, Glossary, ResourcePolicy, Environment
 from dataall.modules.datasets.services.permissions import MANAGE_DATASETS, CREATE_DATASET_TABLE, DELETE_DATASET_TABLE, \
-    UPDATE_DATASET_TABLE
+    UPDATE_DATASET_TABLE, DATASET_TABLE_READ
 from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.utils import json_utils
 from dataall.modules.datasets.db.models import DatasetTableColumn, DatasetTable, Dataset
@@ -272,7 +272,7 @@ def sync_existing_tables(session, datasetUri, glue_tables=None):
                         ResourcePolicy.attach_resource_policy(
                             session=session,
                             group=group,
-                            permissions=permissions.DATASET_TABLE_READ,
+                            permissions=DATASET_TABLE_READ,
                             resource_uri=updated_table.tableUri,
                             resource_type=DatasetTable.__name__,
                         )
diff --git a/backend/dataall/modules/datasets/services/permissions.py b/backend/dataall/modules/datasets/services/permissions.py
index 74f37544d..09d41c26e 100644
--- a/backend/dataall/modules/datasets/services/permissions.py
+++ b/backend/dataall/modules/datasets/services/permissions.py
@@ -5,6 +5,10 @@
 TENANT_ALL.append(MANAGE_DATASETS)
 TENANT_ALL_WITH_DESC[MANAGE_DATASETS] = 'Manage datasets'
 
+"""
+DATASET PERMISSIONS
+"""
+
 GET_DATASET = 'GET_DATASET'
 LIST_DATASETS = 'LIST_DATASETS'
 LIST_DATASET_TABLES = 'LIST_DATASET_TABLES'
@@ -66,3 +70,17 @@
 
 DATASET_ALL = list(set(DATASET_WRITE + DATASET_READ))
 RESOURCES_ALL.extend(DATASET_ALL)
+
+"""
+DATASET TABLE PERMISSIONS
+"""
+
+GET_DATASET_TABLE = 'GET_DATASET_TABLE'
+PREVIEW_DATASET_TABLE = 'PREVIEW_DATASET_TABLE'
+
+DATASET_TABLE_READ = [
+    GET_DATASET_TABLE,
+    PREVIEW_DATASET_TABLE
+]
+
+RESOURCES_ALL.extend(DATASET_TABLE_READ)
diff --git a/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py b/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py
index 6845c2484..4447d1429 100644
--- a/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py
+++ b/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py
@@ -10,10 +10,11 @@
 from sqlalchemy.orm import query_expression
 from sqlalchemy.dialects import postgresql
 from sqlalchemy.ext.declarative import declarative_base
-from dataall.db import api, models, permissions, utils, Resource
+from dataall.db import api, utils, Resource
 from datetime import datetime
 from dataall.db.models.Enums import ShareObjectStatus, ShareableType
 from dataall.modules.datasets.services.dataset_service import DatasetService
+from dataall.modules.datasets.services.permissions import DATASET_TABLE_READ
 
 # revision identifiers, used by Alembic.
 revision = 'd05f9a5b215e'
@@ -93,7 +94,7 @@ def upgrade():
                     session=session,
                     resource_uri=table.tableUri,
                     group=group,
-                    permissions=permissions.DATASET_TABLE_READ,
+                    permissions=DATASET_TABLE_READ,
                     resource_type=DatasetTable.__name__,
                 )
         print('dataset table permissions updated successfully for owners/stewards')
@@ -117,7 +118,7 @@ def upgrade():
             api.ResourcePolicy.attach_resource_policy(
                 session=session,
                 group=share.principalId,
-                permissions=permissions.DATASET_TABLE_READ,
+                permissions=DATASET_TABLE_READ,
                 resource_uri=shared_table.itemUri,
                 resource_type=DatasetTable.__name__,
             )
diff --git a/tests/db/test_permission.py b/tests/db/test_permission.py
index 3b70757b6..28524a77a 100644
--- a/tests/db/test_permission.py
+++ b/tests/db/test_permission.py
@@ -6,7 +6,8 @@
 from dataall.db.models.Permission import PermissionType
 from dataall.modules.datasets.db.models import Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
-from dataall.modules.datasets.services.permissions import MANAGE_DATASETS, UPDATE_DATASET, DATASET_READ, DATASET_WRITE
+from dataall.modules.datasets.services.permissions import MANAGE_DATASETS, UPDATE_DATASET, DATASET_READ, DATASET_WRITE, \
+    DATASET_TABLE_READ
 
 
 @pytest.fixture(scope='module')
@@ -14,8 +15,7 @@ def permissions(db):
     with db.scoped_session() as session:
         permissions = []
         for p in (
-            DATASET_READ + DATASET_WRITE
-            + dataall.db.permissions.DATASET_TABLE_READ
+            DATASET_READ + DATASET_WRITE + DATASET_TABLE_READ
             + dataall.db.permissions.ORGANIZATION_ALL
             + dataall.db.permissions.ENVIRONMENT_ALL
         ):

From 584a04b8e550ba45ab67e435af65772882777df0 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 27 Apr 2023 10:57:58 +0200
Subject: [PATCH 096/346] Moved dataset related policies

---
 backend/dataall/modules/datasets/cdk/__init__.py              | 4 ++--
 .../databrew.py => modules/datasets/cdk/databrew_policy.py}   | 4 ++--
 .../policies/glue.py => modules/datasets/cdk/glue_policy.py}  | 4 ++--
 .../datasets/cdk/lakeformation_policy.py}                     | 4 ++--
 4 files changed, 8 insertions(+), 8 deletions(-)
 rename backend/dataall/{cdkproxy/stacks/policies/databrew.py => modules/datasets/cdk/databrew_policy.py} (92%)
 rename backend/dataall/{cdkproxy/stacks/policies/glue.py => modules/datasets/cdk/glue_policy.py} (98%)
 rename backend/dataall/{cdkproxy/stacks/policies/lakeformation.py => modules/datasets/cdk/lakeformation_policy.py} (92%)

diff --git a/backend/dataall/modules/datasets/cdk/__init__.py b/backend/dataall/modules/datasets/cdk/__init__.py
index 5642d8a40..9d1e205b8 100644
--- a/backend/dataall/modules/datasets/cdk/__init__.py
+++ b/backend/dataall/modules/datasets/cdk/__init__.py
@@ -1,3 +1,3 @@
-from dataall.modules.datasets.cdk import dataset_stack
+from dataall.modules.datasets.cdk import dataset_stack, databrew_policy, glue_policy, lakeformation_policy
 
-__all__ = ["dataset_stack"]
+__all__ = ["dataset_stack", "databrew_policy", "glue_policy", "lakeformation_policy"]
diff --git a/backend/dataall/cdkproxy/stacks/policies/databrew.py b/backend/dataall/modules/datasets/cdk/databrew_policy.py
similarity index 92%
rename from backend/dataall/cdkproxy/stacks/policies/databrew.py
rename to backend/dataall/modules/datasets/cdk/databrew_policy.py
index 270879639..1ba1c7ee9 100644
--- a/backend/dataall/cdkproxy/stacks/policies/databrew.py
+++ b/backend/dataall/modules/datasets/cdk/databrew_policy.py
@@ -1,9 +1,9 @@
 from dataall.db import permissions
-from .service_policy import ServicePolicy
+from dataall.cdkproxy.stacks.policies.service_policy import ServicePolicy
 from aws_cdk import aws_iam as iam
 
 
-class Databrew(ServicePolicy):
+class DatabrewPolicy(ServicePolicy):
     def get_statements(self, group_permissions, **kwargs):
         if permissions.CREATE_DATASET not in group_permissions:
             return []
diff --git a/backend/dataall/cdkproxy/stacks/policies/glue.py b/backend/dataall/modules/datasets/cdk/glue_policy.py
similarity index 98%
rename from backend/dataall/cdkproxy/stacks/policies/glue.py
rename to backend/dataall/modules/datasets/cdk/glue_policy.py
index aa1dbe479..5b915ee6d 100644
--- a/backend/dataall/cdkproxy/stacks/policies/glue.py
+++ b/backend/dataall/modules/datasets/cdk/glue_policy.py
@@ -1,9 +1,9 @@
 from dataall.db import permissions
-from .service_policy import ServicePolicy
+from dataall.cdkproxy.stacks.policies.service_policy import ServicePolicy
 from aws_cdk import aws_iam as iam
 
 
-class Glue(ServicePolicy):
+class GluePolicy(ServicePolicy):
     def get_statements(self, group_permissions, **kwargs):
         if permissions.CREATE_DATASET not in group_permissions:
             return []
diff --git a/backend/dataall/cdkproxy/stacks/policies/lakeformation.py b/backend/dataall/modules/datasets/cdk/lakeformation_policy.py
similarity index 92%
rename from backend/dataall/cdkproxy/stacks/policies/lakeformation.py
rename to backend/dataall/modules/datasets/cdk/lakeformation_policy.py
index 3eb5d835c..d072b5382 100644
--- a/backend/dataall/cdkproxy/stacks/policies/lakeformation.py
+++ b/backend/dataall/modules/datasets/cdk/lakeformation_policy.py
@@ -1,10 +1,10 @@
 from aws_cdk import aws_iam as iam
 
 from dataall.db import permissions
-from .service_policy import ServicePolicy
+from dataall.cdkproxy.stacks.policies.service_policy import ServicePolicy
 
 
-class LakeFormation(ServicePolicy):
+class LakeFormationPolicy(ServicePolicy):
     def get_statements(self, group_permissions, **kwargs):
         if permissions.CREATE_DATASET not in group_permissions:
             return []

From 4dd3a2b81181f51ac6feb72c0a0fe42a15a42686 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 27 Apr 2023 12:33:25 +0200
Subject: [PATCH 097/346] Moved dataset permissions for env

---
 backend/dataall/db/api/environment.py         |  4 ---
 backend/dataall/db/permissions.py             |  8 -----
 .../modules/datasets/cdk/databrew_policy.py   |  5 +--
 .../modules/datasets/cdk/glue_policy.py       |  5 +--
 .../datasets/cdk/lakeformation_policy.py      |  4 +--
 .../datasets/services/dataset_service.py      | 10 +++---
 .../modules/datasets/services/permissions.py  | 31 ++++++++++++++++++-
 tests/api/test_environment.py                 |  5 +--
 8 files changed, 46 insertions(+), 26 deletions(-)

diff --git a/backend/dataall/db/api/environment.py b/backend/dataall/db/api/environment.py
index accee95f7..68b2d58ec 100644
--- a/backend/dataall/db/api/environment.py
+++ b/backend/dataall/db/api/environment.py
@@ -286,10 +286,6 @@ def invite_group(
 
     @staticmethod
     def validate_permissions(session, uri, g_permissions, group):
-
-        if permissions.CREATE_DATASET in g_permissions:
-            g_permissions.append(permissions.LIST_ENVIRONMENT_DATASETS)
-
         if permissions.CREATE_REDSHIFT_CLUSTER in g_permissions:
             g_permissions.append(permissions.LIST_ENVIRONMENT_REDSHIFT_CLUSTERS)
 
diff --git a/backend/dataall/db/permissions.py b/backend/dataall/db/permissions.py
index 2f2e59d00..bec9fd4cd 100644
--- a/backend/dataall/db/permissions.py
+++ b/backend/dataall/db/permissions.py
@@ -45,13 +45,11 @@
 ADD_ENVIRONMENT_CONSUMPTION_ROLES = 'ADD_ENVIRONMENT_CONSUMPTION_ROLES'
 LIST_ENVIRONMENT_CONSUMPTION_ROLES = 'LIST_ENVIRONMENT_CONSUMPTION_ROLES'
 LIST_ENVIRONMENT_GROUP_PERMISSIONS = 'LIST_ENVIRONMENT_GROUP_PERMISSIONS'
-LIST_ENVIRONMENT_DATASETS = 'LIST_ENVIRONMENT_DATASETS'
 LIST_ENVIRONMENT_GROUPS = 'LIST_ENVIRONMENT_GROUPS'
 CREDENTIALS_ENVIRONMENT = 'CREDENTIALS_ENVIRONMENT'
 ENABLE_ENVIRONMENT_SUBSCRIPTIONS = 'ENABLE_ENVIRONMENT_SUBSCRIPTIONS'
 DISABLE_ENVIRONMENT_SUBSCRIPTIONS = 'DISABLE_ENVIRONMENT_SUBSCRIPTIONS'
 RUN_ATHENA_QUERY = 'RUN_ATHENA_QUERY'
-CREATE_DATASET = 'CREATE_DATASET'
 CREATE_SHARE_OBJECT = 'CREATE_SHARE_OBJECT'
 LIST_ENVIRONMENT_SHARED_WITH_OBJECTS = 'LIST_ENVIRONMENT_SHARED_WITH_OBJECTS'
 CREATE_REDSHIFT_CLUSTER = 'CREATE_REDSHIFT_CLUSTER'
@@ -67,10 +65,8 @@
 
 
 ENVIRONMENT_INVITED = [
-    CREATE_DATASET,
     LIST_ENVIRONMENT_GROUP_PERMISSIONS,
     GET_ENVIRONMENT,
-    LIST_ENVIRONMENT_DATASETS,
     LIST_ENVIRONMENT_GROUPS,
     LIST_ENVIRONMENT_CONSUMPTION_ROLES,
     CREATE_SHARE_OBJECT,
@@ -92,7 +88,6 @@
 ENVIRONMENT_INVITATION_REQUEST = [
     INVITE_ENVIRONMENT_GROUP,
     ADD_ENVIRONMENT_CONSUMPTION_ROLES,
-    CREATE_DATASET,
     CREATE_SHARE_OBJECT,
     CREATE_REDSHIFT_CLUSTER,
     CREATE_SGMSTUDIO_NOTEBOOK,
@@ -110,13 +105,11 @@
     LIST_ENVIRONMENT_GROUP_PERMISSIONS,
     ADD_ENVIRONMENT_CONSUMPTION_ROLES,
     LIST_ENVIRONMENT_CONSUMPTION_ROLES,
-    LIST_ENVIRONMENT_DATASETS,
     LIST_ENVIRONMENT_GROUPS,
     CREDENTIALS_ENVIRONMENT,
     ENABLE_ENVIRONMENT_SUBSCRIPTIONS,
     DISABLE_ENVIRONMENT_SUBSCRIPTIONS,
     RUN_ATHENA_QUERY,
-    CREATE_DATASET,
     CREATE_SHARE_OBJECT,
     CREATE_REDSHIFT_CLUSTER,
     LIST_ENVIRONMENT_REDSHIFT_CLUSTERS,
@@ -345,7 +338,6 @@
 )
 
 RESOURCES_ALL_WITH_DESC = {k: k for k in RESOURCES_ALL}
-RESOURCES_ALL_WITH_DESC[CREATE_DATASET] = 'Create datasets on this environment'
 RESOURCES_ALL_WITH_DESC[CREATE_DASHBOARD] = 'Create dashboards on this environment'
 RESOURCES_ALL_WITH_DESC[CREATE_REDSHIFT_CLUSTER] = 'Create Redshift clusters on this environment'
 RESOURCES_ALL_WITH_DESC[CREATE_SGMSTUDIO_NOTEBOOK] = 'Create ML Studio profiles on this environment'
diff --git a/backend/dataall/modules/datasets/cdk/databrew_policy.py b/backend/dataall/modules/datasets/cdk/databrew_policy.py
index 1ba1c7ee9..ed2ef0b32 100644
--- a/backend/dataall/modules/datasets/cdk/databrew_policy.py
+++ b/backend/dataall/modules/datasets/cdk/databrew_policy.py
@@ -1,11 +1,12 @@
-from dataall.db import permissions
 from dataall.cdkproxy.stacks.policies.service_policy import ServicePolicy
 from aws_cdk import aws_iam as iam
 
+from dataall.modules.datasets.services.permissions import CREATE_DATASET
+
 
 class DatabrewPolicy(ServicePolicy):
     def get_statements(self, group_permissions, **kwargs):
-        if permissions.CREATE_DATASET not in group_permissions:
+        if CREATE_DATASET not in group_permissions:
             return []
 
         statements = [
diff --git a/backend/dataall/modules/datasets/cdk/glue_policy.py b/backend/dataall/modules/datasets/cdk/glue_policy.py
index 5b915ee6d..a98b215bd 100644
--- a/backend/dataall/modules/datasets/cdk/glue_policy.py
+++ b/backend/dataall/modules/datasets/cdk/glue_policy.py
@@ -1,11 +1,12 @@
-from dataall.db import permissions
 from dataall.cdkproxy.stacks.policies.service_policy import ServicePolicy
 from aws_cdk import aws_iam as iam
 
+from dataall.modules.datasets.services.permissions import CREATE_DATASET
+
 
 class GluePolicy(ServicePolicy):
     def get_statements(self, group_permissions, **kwargs):
-        if permissions.CREATE_DATASET not in group_permissions:
+        if CREATE_DATASET not in group_permissions:
             return []
 
         statements = [
diff --git a/backend/dataall/modules/datasets/cdk/lakeformation_policy.py b/backend/dataall/modules/datasets/cdk/lakeformation_policy.py
index d072b5382..bbeef17dc 100644
--- a/backend/dataall/modules/datasets/cdk/lakeformation_policy.py
+++ b/backend/dataall/modules/datasets/cdk/lakeformation_policy.py
@@ -1,12 +1,12 @@
 from aws_cdk import aws_iam as iam
 
-from dataall.db import permissions
 from dataall.cdkproxy.stacks.policies.service_policy import ServicePolicy
+from dataall.modules.datasets.services.permissions import CREATE_DATASET
 
 
 class LakeFormationPolicy(ServicePolicy):
     def get_statements(self, group_permissions, **kwargs):
-        if permissions.CREATE_DATASET not in group_permissions:
+        if CREATE_DATASET not in group_permissions:
             return []
 
         return [
diff --git a/backend/dataall/modules/datasets/services/dataset_service.py b/backend/dataall/modules/datasets/services/dataset_service.py
index f88022273..f32828cfe 100644
--- a/backend/dataall/modules/datasets/services/dataset_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_service.py
@@ -14,13 +14,13 @@
     Stack,
 )
 from dataall.db.api import Organization
-from dataall.db import models, api, exceptions, paginate
+from dataall.db import models, api, exceptions, paginate, permissions
 from dataall.db.models.Enums import Language, ConfidentialityClassification
 from dataall.modules.datasets.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.services.dataset_location import DatasetLocationService
 from dataall.modules.datasets.services.permissions import MANAGE_DATASETS, UPDATE_DATASET, DATASET_READ, DATASET_ALL, \
-    DATASET_TABLE_READ
+    DATASET_TABLE_READ, LIST_ENVIRONMENT_DATASETS, CREATE_DATASET
 from dataall.utils.naming_convention import (
     NamingConventionService,
     NamingConventionPattern,
@@ -32,7 +32,7 @@
 class DatasetService:
     @staticmethod
     @has_tenant_perm(MANAGE_DATASETS)
-    @has_resource_perm(permissions.CREATE_DATASET)
+    @has_resource_perm(CREATE_DATASET)
     def create_dataset(
         session,
         username: str,
@@ -60,7 +60,7 @@ def create_dataset(
             groups=groups,
             uri=uri,
             group=data['SamlAdminGroupName'],
-            permission_name=permissions.CREATE_DATASET,
+            permission_name=CREATE_DATASET,
         )
 
         environment = Environment.get_environment_by_uri(session, uri)
@@ -668,7 +668,7 @@ def query_environment_datasets(session, username, groups, uri, filter) -> Query:
         return query
 
     @staticmethod
-    @has_resource_perm(permissions.LIST_ENVIRONMENT_DATASETS)
+    @has_resource_perm(LIST_ENVIRONMENT_DATASETS)
     def paginated_environment_datasets(
             session, username, groups, uri, data=None, check_perm=None
     ) -> dict:
diff --git a/backend/dataall/modules/datasets/services/permissions.py b/backend/dataall/modules/datasets/services/permissions.py
index 09d41c26e..be65f56e6 100644
--- a/backend/dataall/modules/datasets/services/permissions.py
+++ b/backend/dataall/modules/datasets/services/permissions.py
@@ -1,4 +1,7 @@
-from dataall.db.permissions import TENANT_ALL, TENANT_ALL_WITH_DESC, RESOURCES_ALL
+from itertools import chain
+
+from dataall.db.permissions import TENANT_ALL, TENANT_ALL_WITH_DESC, RESOURCES_ALL, RESOURCES_ALL_WITH_DESC, \
+    ENVIRONMENT_INVITED, ENVIRONMENT_INVITATION_REQUEST, ENVIRONMENT_ALL
 
 MANAGE_DATASETS = 'MANAGE_DATASETS'
 
@@ -84,3 +87,29 @@
 ]
 
 RESOURCES_ALL.extend(DATASET_TABLE_READ)
+
+"""
+DATASET PERMISSIONS FOR ENVIRONMENT
+"""
+
+CREATE_DATASET = 'CREATE_DATASET'
+LIST_ENVIRONMENT_DATASETS = 'LIST_ENVIRONMENT_DATASETS'
+
+ENVIRONMENT_INVITED.append(CREATE_DATASET)
+ENVIRONMENT_INVITED.append(LIST_ENVIRONMENT_DATASETS)
+
+ENVIRONMENT_INVITATION_REQUEST.append(CREATE_DATASET)
+ENVIRONMENT_INVITATION_REQUEST.append(LIST_ENVIRONMENT_DATASETS)
+
+ENVIRONMENT_ALL.append(CREATE_DATASET)
+ENVIRONMENT_ALL.append(LIST_ENVIRONMENT_DATASETS)
+
+RESOURCES_ALL.append(CREATE_DATASET)
+RESOURCES_ALL.append(LIST_ENVIRONMENT_DATASETS)
+
+
+for perm in chain(DATASET_ALL, DATASET_TABLE_READ):
+    RESOURCES_ALL_WITH_DESC[perm] = perm
+
+RESOURCES_ALL_WITH_DESC[CREATE_DATASET] = 'Create datasets on this environment'
+RESOURCES_ALL_WITH_DESC[LIST_ENVIRONMENT_DATASETS] = "List datasets on this environment"
diff --git a/tests/api/test_environment.py b/tests/api/test_environment.py
index 774797108..a29cd1cae 100644
--- a/tests/api/test_environment.py
+++ b/tests/api/test_environment.py
@@ -3,6 +3,7 @@
 import dataall
 from dataall.db import permissions
 from dataall.modules.datasets.db.models import Dataset
+from dataall.modules.datasets.services.permissions import CREATE_DATASET
 
 
 @pytest.fixture(scope='module', autouse=True)
@@ -436,7 +437,7 @@ def test_group_invitation(db, client, env1, org1, group2, user, group3, group, d
     env_permissions = [
         p.name for p in response.data.listEnvironmentGroupInvitationPermissions
     ]
-    assert permissions.CREATE_DATASET in env_permissions
+    assert CREATE_DATASET in env_permissions
 
     response = client.query(
         """
@@ -474,7 +475,7 @@ def test_group_invitation(db, client, env1, org1, group2, user, group3, group, d
         environmentUri=env1.environmentUri,
     )
     env_permissions = [p.name for p in response.data.getGroup.environmentPermissions]
-    assert permissions.CREATE_DATASET in env_permissions
+    assert CREATE_DATASET in env_permissions
 
     response = client.query(
         """

From 95cbf814ae96557761a77ec88945a8e8198192de Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 27 Apr 2023 12:56:48 +0200
Subject: [PATCH 098/346] Added migration script for group environments

---
 ...fc49baecea4_add_enviromental_parameters.py | 43 +++++++++++++++++--
 1 file changed, 40 insertions(+), 3 deletions(-)

diff --git a/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py b/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py
index 061d9b81a..349361b98 100644
--- a/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py
+++ b/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py
@@ -10,11 +10,13 @@
 from alembic import op
 from sqlalchemy import Boolean, Column, String, orm
 from sqlalchemy.ext.declarative import declarative_base
-from dataall.db import Resource
+from dataall.db import Resource, models
+from dataall.db.api import ResourcePolicy
 from dataall.db.api.permission import Permission
-from dataall.db.models import TenantPolicy, TenantPolicyPermission, PermissionType
+from dataall.db.models import TenantPolicy, TenantPolicyPermission, PermissionType, EnvironmentGroup
 from dataall.db.permissions import MANAGE_SGMSTUDIO_NOTEBOOKS
-from dataall.modules.notebooks.services.permissions import MANAGE_NOTEBOOKS
+from dataall.modules.datasets.services.permissions import LIST_ENVIRONMENT_DATASETS, CREATE_DATASET
+from dataall.modules.notebooks.services.permissions import MANAGE_NOTEBOOKS, LIST_ENVIRONMENT_NOTEBOOKS, CREATE_NOTEBOOK
 
 # revision identifiers, used by Alembic.
 revision = "5fc49baecea4"
@@ -109,6 +111,8 @@ def upgrade():
             ))
         session.commit()
 
+        migrate_groups_permissions(session)
+
     except Exception as ex:
         print(f"Failed to execute the migration script due to: {ex}")
 
@@ -151,3 +155,36 @@ def create_foreign_key_to_env(op, table: str):
         table, "environment",
         ["environmentUri"], ["environmentUri"],
     )
+
+
+def find_all_groups(session):
+    return session.query(EnvironmentGroup).all()
+
+
+def migrate_groups_permissions(session):
+    """
+    Adds new permission if the old exist. needed to get rid of old hacks in the code
+    """
+    permissions = [(CREATE_DATASET, LIST_ENVIRONMENT_DATASETS),
+                   (CREATE_NOTEBOOK, LIST_ENVIRONMENT_NOTEBOOKS)]
+
+    groups = find_all_groups(session)
+    for group in groups:
+        new_perms = []
+        for existed, to_add in permissions:
+            if not ResourcePolicy.has_group_resource_permission(
+                session,
+                group_uri=group,
+                permission_name=existed,
+                resource_uri=group.environmentUri,
+            ):
+                new_perms.append(to_add)
+
+        if new_perms:
+            ResourcePolicy.attach_resource_policy(
+                session=session,
+                group=group.groupUri,
+                permissions=new_perms,
+                resource_uri=group.environmentUri,
+                resource_type=models.Environment.__name__
+            )

From 781bb087176bb2b9a4a528362e98af7c9f78b2e8 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 27 Apr 2023 13:43:09 +0200
Subject: [PATCH 099/346] Extracted data policy for dataset

Did the same trick that was done for ServicePolicy
---
 .../dataall/cdkproxy/stacks/environment.py    | 61 ++++---------------
 .../cdkproxy/stacks/policies/data_policy.py   | 17 ++----
 backend/dataall/db/api/environment.py         | 18 ------
 .../modules/datasets/cdk/dataset_policy.py    | 33 ++++++++++
 .../datasets/services/dataset_service.py      | 20 ++++++
 5 files changed, 72 insertions(+), 77 deletions(-)
 create mode 100644 backend/dataall/modules/datasets/cdk/dataset_policy.py

diff --git a/backend/dataall/cdkproxy/stacks/environment.py b/backend/dataall/cdkproxy/stacks/environment.py
index 8c9440933..20646b7fb 100644
--- a/backend/dataall/cdkproxy/stacks/environment.py
+++ b/backend/dataall/cdkproxy/stacks/environment.py
@@ -40,7 +40,6 @@
 from ...db import models
 from ...utils.cdk_nag_utils import CDKNagUtil
 from ...utils.runtime_stacks_tagging import TagsUtil
-from dataall.modules.datasets.db.models import Dataset
 
 logger = logging.getLogger(__name__)
 
@@ -128,33 +127,6 @@ def get_environment_admins_group(
                 group_uri=environment.SamlGroupName,
             )
 
-    @staticmethod
-    def get_environment_group_datasets(
-        engine, environment: models.Environment, group: str
-    ) -> [Dataset]:
-        with engine.scoped_session() as session:
-            return db.api.Environment.list_group_datasets(
-                session,
-                username='cdk',
-                groups=[],
-                uri=environment.environmentUri,
-                data={'groupUri': group},
-                check_perm=False,
-            )
-
-    @staticmethod
-    def get_all_environment_datasets(
-        engine, environment: models.Environment
-    ) -> [Dataset]:
-        with engine.scoped_session() as session:
-            return (
-                session.query(Dataset)
-                .filter(
-                    Dataset.environmentUri == environment.environmentUri,
-                )
-                .all()
-            )
-
     def __init__(self, scope, id, target_uri: str = None, **kwargs):
         super().__init__(scope,
                          id,
@@ -178,10 +150,6 @@ def __init__(self, scope, id, target_uri: str = None, **kwargs):
 
         self.environment_admins_group: models.EnvironmentGroup = self.get_environment_admins_group(self.engine, self._environment)
 
-        self.all_environment_datasets = self.get_all_environment_datasets(
-            self.engine, self._environment
-        )
-
         roles_sagemaker_dependency_group = DependencyGroup()
 
         if self._environment.dashboardsEnabled:
@@ -630,7 +598,6 @@ def create_or_import_environment_default_role(self):
                 region=self._environment.region,
                 environment=self._environment,
                 team=self.environment_admins_group,
-                datasets=self.all_environment_datasets,
             ).generate_admins_data_access_policy()
 
             default_role = iam.Role(
@@ -688,21 +655,19 @@ def create_group_environment_role(self, group):
             permissions=group_permissions,
         ).generate_policies()
 
-        data_policy = DataPolicy(
-            stack=self,
-            tag_key='Team',
-            tag_value=group.groupUri,
-            resource_prefix=self._environment.resourcePrefix,
-            name=f'{self._environment.resourcePrefix}-{group.groupUri}-data-policy',
-            id=f'{self._environment.resourcePrefix}-{group.groupUri}-data-policy',
-            account=self._environment.AwsAccountId,
-            region=self._environment.region,
-            environment=self._environment,
-            team=group,
-            datasets=self.get_environment_group_datasets(
-                self.engine, self._environment, group.groupUri
-            ),
-        ).generate_data_access_policy()
+        with self.engine.scoped_session() as session:
+            data_policy = DataPolicy(
+                stack=self,
+                tag_key='Team',
+                tag_value=group.groupUri,
+                resource_prefix=self._environment.resourcePrefix,
+                name=f'{self._environment.resourcePrefix}-{group.groupUri}-data-policy',
+                id=f'{self._environment.resourcePrefix}-{group.groupUri}-data-policy',
+                account=self._environment.AwsAccountId,
+                region=self._environment.region,
+                environment=self._environment,
+                team=group,
+            ).generate_data_access_policy(session=session)
 
         group_role = iam.Role(
             self,
diff --git a/backend/dataall/cdkproxy/stacks/policies/data_policy.py b/backend/dataall/cdkproxy/stacks/policies/data_policy.py
index b5842afea..a0791954d 100644
--- a/backend/dataall/cdkproxy/stacks/policies/data_policy.py
+++ b/backend/dataall/cdkproxy/stacks/policies/data_policy.py
@@ -4,7 +4,6 @@
 from aws_cdk import aws_iam as iam
 
 from ....db import models
-from dataall.modules.datasets.db.models import Dataset
 
 logger = logging.getLogger()
 
@@ -22,7 +21,6 @@ def __init__(
         resource_prefix,
         environment: models.Environment,
         team: models.EnvironmentGroup,
-        datasets: [Dataset],
     ):
         self.stack = stack
         self.id = id
@@ -34,7 +32,6 @@ def __init__(
         self.resource_prefix = resource_prefix
         self.environment = environment
         self.team = team
-        self.datasets = datasets
 
     def generate_admins_data_access_policy(self) -> iam.Policy:
         """
@@ -87,11 +84,14 @@ def generate_admins_data_access_policy(self) -> iam.Policy:
 
         return policy
 
-    def generate_data_access_policy(self) -> iam.Policy:
+    def generate_data_access_policy(self, session) -> iam.Policy:
         """
         Creates aws_iam.Policy based on team datasets
         """
-        statements: List[iam.PolicyStatement] = self.get_statements()
+        statements: List[iam.PolicyStatement] = self.get_statements(session)
+
+        for extension in DataPolicy.__subclasses__():
+            statements.extend(extension.get_statements(self, session=session))
 
         policy: iam.Policy = iam.Policy(
             self.stack,
@@ -103,7 +103,7 @@ def generate_data_access_policy(self) -> iam.Policy:
 
         return policy
 
-    def get_statements(self):
+    def get_statements(self, session):
         statements = [
             iam.PolicyStatement(
                 actions=[
@@ -147,11 +147,6 @@ def set_allowed_s3_buckets_statements(self, statements):
             f'arn:aws:s3:::{self.environment.EnvironmentDefaultBucketName}',
             f'arn:aws:s3:::{self.environment.EnvironmentDefaultBucketName}/*',
         ]
-        if self.datasets:
-            dataset: Dataset
-            for dataset in self.datasets:
-                allowed_buckets.append(f'arn:aws:s3:::{dataset.S3BucketName}/*')
-                allowed_buckets.append(f'arn:aws:s3:::{dataset.S3BucketName}')
         statements.extend(
             [
                 iam.PolicyStatement(
diff --git a/backend/dataall/db/api/environment.py b/backend/dataall/db/api/environment.py
index 68b2d58ec..9a3d2d6f3 100644
--- a/backend/dataall/db/api/environment.py
+++ b/backend/dataall/db/api/environment.py
@@ -946,24 +946,6 @@ def paginated_environment_redshift_clusters(
             page=data.get('page', 1),
         ).to_dict()
 
-    @staticmethod
-    def list_group_datasets(session, username, groups, uri, data=None, check_perm=None):
-        if not data:
-            raise exceptions.RequiredParameter('data')
-        if not data.get('groupUri'):
-            raise exceptions.RequiredParameter('groupUri')
-
-        return (
-            session.query(Dataset)
-            .filter(
-                and_(
-                    Dataset.environmentUri == uri,
-                    Dataset.SamlAdminGroupName == data['groupUri'],
-                )
-            )
-            .all()
-        )
-
     @staticmethod
     @has_resource_perm(permissions.GET_ENVIRONMENT)
     def get_stack(
diff --git a/backend/dataall/modules/datasets/cdk/dataset_policy.py b/backend/dataall/modules/datasets/cdk/dataset_policy.py
new file mode 100644
index 000000000..5c847fe14
--- /dev/null
+++ b/backend/dataall/modules/datasets/cdk/dataset_policy.py
@@ -0,0 +1,33 @@
+from typing import List
+from aws_cdk import aws_iam as iam
+
+from dataall.cdkproxy.stacks.policies.data_policy import DataPolicy
+from dataall.modules.datasets.db.models import Dataset
+from dataall.modules.datasets.services.dataset_service import DatasetService
+
+
+class DatasetDataPolicy(DataPolicy):
+
+    def get_statements(self, session):
+        datasets = DatasetService.list_group_datasets(
+            session,
+            environment_id=self.environment.environmentUri,
+            group_uri=self.team.groupUri,
+        )
+        return self._generate_dataset_statements(datasets)
+
+    @staticmethod
+    def _generate_dataset_statements(datasets: List[Dataset]):
+        buckets = []
+        if datasets:
+            for dataset in datasets:
+                buckets.append(f'arn:aws:s3:::{dataset.S3BucketName}/*')
+                buckets.append(f'arn:aws:s3:::{dataset.S3BucketName}')
+
+        return [
+            iam.PolicyStatement(
+                actions=['s3:*'],
+                resources=buckets,
+            )
+        ]
+
diff --git a/backend/dataall/modules/datasets/services/dataset_service.py b/backend/dataall/modules/datasets/services/dataset_service.py
index f32828cfe..63a57dcdb 100644
--- a/backend/dataall/modules/datasets/services/dataset_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_service.py
@@ -692,3 +692,23 @@ def paginated_environment_group_datasets(
             page_size=data.get('pageSize', 10),
         ).to_dict()
 
+    @staticmethod
+    def list_group_datasets(session, environment_id, group_uri):
+        return (
+            session.query(Dataset)
+            .filter(
+                and_(
+                    Dataset.environmentUri == environment_id,
+                    Dataset.SamlAdminGroupName == group_uri,
+                )
+            )
+            .all()
+        )
+
+    @staticmethod
+    def list_env_datasets(session, environment_uri):
+        return (
+            session.query(Dataset)
+            .filter(Dataset.environmentUri == environment_uri)
+            .all()
+        )

From 1ec1235910a48a2be9b6593e515be0d52ace7e60 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 27 Apr 2023 15:32:40 +0200
Subject: [PATCH 100/346] Introduced GroupResourceManager

---
 backend/dataall/core/group/__init__.py        |  0
 .../dataall/core/group/services/__init__.py   |  0
 .../group/services/group_resource_manager.py  | 24 +++++++++++++++++++
 backend/dataall/db/api/environment.py         | 13 +++++-----
 .../modules/datasets/db/dataset_repository.py | 17 ++++++++++++-
 .../services/dataset_group_resource.py        | 11 +++++++++
 6 files changed, 58 insertions(+), 7 deletions(-)
 create mode 100644 backend/dataall/core/group/__init__.py
 create mode 100644 backend/dataall/core/group/services/__init__.py
 create mode 100644 backend/dataall/core/group/services/group_resource_manager.py
 create mode 100644 backend/dataall/modules/datasets/services/dataset_group_resource.py

diff --git a/backend/dataall/core/group/__init__.py b/backend/dataall/core/group/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/backend/dataall/core/group/services/__init__.py b/backend/dataall/core/group/services/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/backend/dataall/core/group/services/group_resource_manager.py b/backend/dataall/core/group/services/group_resource_manager.py
new file mode 100644
index 000000000..905770735
--- /dev/null
+++ b/backend/dataall/core/group/services/group_resource_manager.py
@@ -0,0 +1,24 @@
+from typing import Protocol, List
+
+
+class GroupResource(Protocol):
+    def count_resources(self, session, environment_uri, group_uri) -> int:
+        ...
+
+
+class GroupResourceManager:
+    """
+    API for managing group resources
+    """
+    _resources: List[GroupResource] = []
+
+    @staticmethod
+    def register(resource: GroupResource):
+        GroupResourceManager._resources.append(resource)
+
+    @staticmethod
+    def count_group_resources(session, environment_uri, group_uri) -> int:
+        counter = 0
+        for resource in GroupResourceManager._resources:
+            counter += resource.count_resources(session, environment_uri, group_uri)
+        return counter
diff --git a/backend/dataall/db/api/environment.py b/backend/dataall/db/api/environment.py
index 9a3d2d6f3..734e3dcbb 100644
--- a/backend/dataall/db/api/environment.py
+++ b/backend/dataall/db/api/environment.py
@@ -23,11 +23,11 @@
 from ..paginator import paginate
 from dataall.core.environment.models import EnvironmentParameter
 from dataall.core.environment.db.repositories import EnvironmentParameterRepository
-from dataall.modules.datasets.db.models import Dataset
 from dataall.utils.naming_convention import (
     NamingConventionService,
     NamingConventionPattern,
 )
+from dataall.core.group.services.group_resource_manager import GroupResourceManager
 
 log = logging.getLogger(__name__)
 
@@ -352,10 +352,6 @@ def remove_group(session, username, groups, uri, data=None, check_perm=None):
 
         group_env_objects_count = (
             session.query(models.Environment)
-            .outerjoin(
-                Dataset,
-                Dataset.environmentUri == models.Environment.environmentUri,
-            )
             .outerjoin(
                 models.SagemakerStudioUserProfile,
                 models.SagemakerStudioUserProfile.environmentUri
@@ -384,7 +380,6 @@ def remove_group(session, username, groups, uri, data=None, check_perm=None):
                     models.Environment.environmentUri == environment.environmentUri,
                     or_(
                         models.RedshiftCluster.SamlGroupName == group,
-                        Dataset.SamlAdminGroupName == group,
                         models.SagemakerStudioUserProfile.SamlAdminGroupName == group,
                         models.DataPipeline.SamlGroupName == group,
                         models.Dashboard.SamlGroupName == group,
@@ -394,6 +389,12 @@ def remove_group(session, username, groups, uri, data=None, check_perm=None):
             .count()
         )
 
+        group_env_objects_count += GroupResourceManager.count_group_resources(
+            session=session,
+            environment_uri=environment.environmentUri,
+            group_uri=group
+        )
+
         if group_env_objects_count > 0:
             raise exceptions.EnvironmentResourcesFound(
                 action='Remove Team',
diff --git a/backend/dataall/modules/datasets/db/dataset_repository.py b/backend/dataall/modules/datasets/db/dataset_repository.py
index d58c3a7a1..95aef6102 100644
--- a/backend/dataall/modules/datasets/db/dataset_repository.py
+++ b/backend/dataall/modules/datasets/db/dataset_repository.py
@@ -1,5 +1,7 @@
+from operator import and_
+
 from dataall.db import exceptions
-from dataall.db.models import Dataset
+from dataall.modules.datasets.db.models import Dataset
 
 
 class DatasetRepository:
@@ -11,3 +13,16 @@ def get_dataset_by_uri(session, dataset_uri) -> Dataset:
         if not dataset:
             raise exceptions.ObjectNotFound('Dataset', dataset_uri)
         return dataset
+
+    @staticmethod
+    def count_group_datasets(session, environment_uri, group_uri) -> int:
+        return (
+            session.query(Dataset)
+            .filter(
+                and_(
+                    Dataset.environmentUri == environment_uri,
+                    Dataset.SamlAdminGroupName == group_uri
+                ))
+            .count()
+        )
+
diff --git a/backend/dataall/modules/datasets/services/dataset_group_resource.py b/backend/dataall/modules/datasets/services/dataset_group_resource.py
new file mode 100644
index 000000000..e05d06e23
--- /dev/null
+++ b/backend/dataall/modules/datasets/services/dataset_group_resource.py
@@ -0,0 +1,11 @@
+from dataall.core.group.services.group_resource_manager import GroupResource, GroupResourceManager
+from dataall.modules.datasets.db.dataset_repository import DatasetRepository
+
+
+class DatasetGroupResource(GroupResource):
+    def count_resources(self, session, environment_uri, group_uri) -> int:
+        return DatasetRepository.count_group_datasets(session, environment_uri, group_uri)
+
+
+GroupResourceManager.register(DatasetGroupResource())
+

From 9f2748e8869bfccd4264fb41112b1c01ff9ca510 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 27 Apr 2023 18:21:46 +0200
Subject: [PATCH 101/346] Added dataset data policy to import it with other
 stacks

---
 backend/dataall/modules/datasets/cdk/__init__.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/backend/dataall/modules/datasets/cdk/__init__.py b/backend/dataall/modules/datasets/cdk/__init__.py
index 9d1e205b8..eaa9ad99f 100644
--- a/backend/dataall/modules/datasets/cdk/__init__.py
+++ b/backend/dataall/modules/datasets/cdk/__init__.py
@@ -1,3 +1,4 @@
-from dataall.modules.datasets.cdk import dataset_stack, databrew_policy, glue_policy, lakeformation_policy
+from dataall.modules.datasets.cdk import dataset_stack, databrew_policy, glue_policy, lakeformation_policy, \
+    dataset_policy
 
-__all__ = ["dataset_stack", "databrew_policy", "glue_policy", "lakeformation_policy"]
+__all__ = ["dataset_stack", "databrew_policy", "glue_policy", "lakeformation_policy", "dataset_policy"]

From 23e9c9453b116ce757809110828b9679eac47c78 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 27 Apr 2023 16:10:02 +0200
Subject: [PATCH 102/346] Introduced module dependencies

---
 backend/dataall/modules/datasets/__init__.py  | 17 +++----
 backend/dataall/modules/loader.py             | 47 +++++++++++++++++--
 backend/dataall/modules/notebooks/__init__.py |  8 ++--
 3 files changed, 55 insertions(+), 17 deletions(-)

diff --git a/backend/dataall/modules/datasets/__init__.py b/backend/dataall/modules/datasets/__init__.py
index 60349f8b4..36f84a969 100644
--- a/backend/dataall/modules/datasets/__init__.py
+++ b/backend/dataall/modules/datasets/__init__.py
@@ -2,8 +2,6 @@
 import logging
 from typing import List
 
-from dataall.api.Objects.Vote.resolvers import add_vote_type
-from dataall.db.api import TargetType
 from dataall.modules.datasets.db.models import DatasetTableColumn, DatasetStorageLocation, DatasetTable, Dataset
 from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
 from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
@@ -17,11 +15,14 @@
 class DatasetApiModuleInterface(ModuleInterface):
     """Implements ModuleInterface for dataset GraphQl lambda"""
 
-    @classmethod
-    def is_supported(cls, modes):
+    @staticmethod
+    def is_supported(modes):
         return ImportMode.API in modes
 
     def __init__(self):
+        # these imports are placed inside the method because they are only related to GraphQL api.
+        from dataall.db.api import TargetType
+        from dataall.api.Objects.Vote.resolvers import add_vote_type
         from dataall.api.Objects.Feed.registry import FeedRegistry, FeedDefinition
         from dataall.api.Objects.Glossary.registry import GlossaryRegistry, GlossaryDefinition
 
@@ -63,8 +64,8 @@ def __init__(self):
 class DatasetAsyncHandlersModuleInterface(ModuleInterface):
     """Implements ModuleInterface for dataset async lambda"""
 
-    @classmethod
-    def is_supported(cls, modes: List[ImportMode]):
+    @staticmethod
+    def is_supported(modes: List[ImportMode]):
         return ImportMode.HANDLERS in modes
 
     def __init__(self):
@@ -75,8 +76,8 @@ def __init__(self):
 class DatasetCdkModuleInterface(ModuleInterface):
     """Loads dataset cdk stacks """
 
-    @classmethod
-    def is_supported(cls, modes: List[ImportMode]):
+    @staticmethod
+    def is_supported(modes: List[ImportMode]):
         return ImportMode.CDK in modes
 
     def __init__(self):
diff --git a/backend/dataall/modules/loader.py b/backend/dataall/modules/loader.py
index e48583c13..63cbb524d 100644
--- a/backend/dataall/modules/loader.py
+++ b/backend/dataall/modules/loader.py
@@ -3,7 +3,7 @@
 import logging
 from abc import ABC, abstractmethod
 from enum import Enum, auto
-from typing import List
+from typing import List, Type
 
 from dataall.core.config import config
 
@@ -29,10 +29,32 @@ class ModuleInterface(ABC):
     An interface of the module. The implementation should be part of __init__.py of the module
     Contains an API that will be called from core part
     """
-    @classmethod
+    @staticmethod
     @abstractmethod
-    def is_supported(cls, modes: List[ImportMode]):
-        pass
+    def is_supported(modes: List[ImportMode]) -> bool:
+        """
+        Return True if the module interface supports any of the ImportMode and should be loaded
+        """
+        raise NotImplementedError("is_supported is not implemented")
+
+    @staticmethod
+    @abstractmethod
+    def name() -> str:
+        """
+        Returns name of the module. Should be the same if it's specified in the config file
+        """
+        raise NotImplementedError("name is not implemented")
+
+    @staticmethod
+    def depends_on() -> List[Type['ModuleInterface']]:
+        """
+        It describes on what modules this ModuleInterface depends on.
+        It will be used to eventually load these module dependencies. Even if a dependency module is not active
+        in the config file.
+
+        The default value is no dependencies
+        """
+        return []
 
 
 def load_modules(modes: List[ImportMode]) -> None:
@@ -47,7 +69,11 @@ def load_modules(modes: List[ImportMode]) -> None:
         return
 
     log.info("Found %d modules that have been found in the config", len(modules))
+
+    inactive = set()
+    in_config = set()
     for name, props in modules.items():
+        in_config.add(name)
         if "active" not in props:
             raise ValueError(f"Status is not defined for {name} module")
 
@@ -55,6 +81,7 @@ def load_modules(modes: List[ImportMode]) -> None:
 
         if not active:
             log.info(f"Module {name} is not active. Skipping...")
+            inactive.add(name)
             continue
 
         if not _import_module(name):
@@ -62,10 +89,20 @@ def load_modules(modes: List[ImportMode]) -> None:
 
         log.info(f"Module {name} is loaded")
 
-    for module in ModuleInterface.__subclasses__():
+    modules = ModuleInterface.__subclasses__()
+    for module in modules:
         if module.is_supported(modes):
             module()
 
+    modules = ModuleInterface.__subclasses__()  # reload modules. Can load a new modules
+    for module in modules:
+        if module.name() in inactive:
+            log.info(f"There is a module that depends on {module.name()}. " +
+                     "The module has been loaded despite it's inactive.")
+        elif module.name() not in in_config:
+            log.info(f"There is a module that depends on {module.name()}. " +
+                     "The module has been loaded despite it's not specified in the configuration file.")
+
     log.info("All modules have been imported")
 
 
diff --git a/backend/dataall/modules/notebooks/__init__.py b/backend/dataall/modules/notebooks/__init__.py
index b63e0fa51..347abff53 100644
--- a/backend/dataall/modules/notebooks/__init__.py
+++ b/backend/dataall/modules/notebooks/__init__.py
@@ -11,8 +11,8 @@
 class NotebookApiModuleInterface(ModuleInterface):
     """Implements ModuleInterface for notebook GraphQl lambda"""
 
-    @classmethod
-    def is_supported(cls, modes):
+    @staticmethod
+    def is_supported(modes):
         return ImportMode.API in modes
 
     def __init__(self):
@@ -27,8 +27,8 @@ def __init__(self):
 class NotebookCdkModuleInterface(ModuleInterface):
     """Implements ModuleInterface for notebook ecs tasks"""
 
-    @classmethod
-    def is_supported(cls, modes):
+    @staticmethod
+    def is_supported(modes):
         return ImportMode.CDK in modes
 
     def __init__(self):

From 50a2486853992e6af3bf57fd8142efccc0cbd826 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 27 Apr 2023 16:45:05 +0200
Subject: [PATCH 103/346] Added a few check for loading

---
 backend/dataall/modules/loader.py | 52 +++++++++++++++++++++++++------
 1 file changed, 43 insertions(+), 9 deletions(-)

diff --git a/backend/dataall/modules/loader.py b/backend/dataall/modules/loader.py
index 63cbb524d..7e6f24169 100644
--- a/backend/dataall/modules/loader.py
+++ b/backend/dataall/modules/loader.py
@@ -1,9 +1,10 @@
 """Load modules that are specified in the configuration file"""
 import importlib
 import logging
+import sys
 from abc import ABC, abstractmethod
 from enum import Enum, auto
-from typing import List, Type
+from typing import List, Type, Set
 
 from dataall.core.config import config
 
@@ -94,14 +95,8 @@ def load_modules(modes: List[ImportMode]) -> None:
         if module.is_supported(modes):
             module()
 
-    modules = ModuleInterface.__subclasses__()  # reload modules. Can load a new modules
-    for module in modules:
-        if module.name() in inactive:
-            log.info(f"There is a module that depends on {module.name()}. " +
-                     "The module has been loaded despite it's inactive.")
-        elif module.name() not in in_config:
-            log.info(f"There is a module that depends on {module.name()}. " +
-                     "The module has been loaded despite it's not specified in the configuration file.")
+    _check_loading_correct()
+    _describe_loading(in_config, inactive)
 
     log.info("All modules have been imported")
 
@@ -112,3 +107,42 @@ def _import_module(name):
         return True
     except ModuleNotFoundError:
         return False
+
+
+def _check_loading_correct(in_config: Set[str]):
+    """
+    To avoid unintentional loading (without ModuleInterface) we can check all loaded modules.
+    Unintentional/incorrect loading might happen if module A has a direct reference to module B without declaring it
+    in ModuleInterface. Doing so, this might lead to a problem when a module interface require to load something during
+    initialization. But since ModuleInterface is not initializing properly (using depends_on)
+    some functionality may work wrongly.
+    """
+
+    expected_load = set(in_config)
+    for module in ModuleInterface.__subclasses__():
+        for dependency in module.depends_on():
+            expected_load.add(dependency.name())
+
+    for module in ModuleInterface.__subclasses__():
+        if module.name() not in expected_load:
+            raise ImportError(f"ModuleInterface has not been initialized for module {module.name()}")
+
+    for module in sys.modules.keys():
+        if module.startswith(_MODULE_PREFIX):
+            name = module.lstrip(_MODULE_PREFIX).split(".")[0]
+            if name not in expected_load:
+                raise ImportError(f"The package {module} has been imported, but it doesn't contain ModuleInterface")
+
+
+def _describe_loading(in_config: Set[str], inactive: Set[str]):
+    modules = ModuleInterface.__subclasses__()
+    for module in modules:
+        name = module.name()
+        log.debug(f"The {name} module was loaded")
+        if name in inactive:
+            log.info(f"There is a module that depends on {module.name()}. " +
+                     "The module has been loaded despite it's inactive.")
+        elif name not in in_config:
+            log.info(f"There is a module that depends on {module.name()}. " +
+                     "The module has been loaded despite it's not specified in the configuration file.")
+

From 400492a17251906191ebbb3ee91f6c1dc2b3be28 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 27 Apr 2023 18:15:47 +0200
Subject: [PATCH 104/346] Added order for initialization

Added test for the module loader
---
 .../cdkproxy/stacks/policies/__init__.py      |   5 +-
 .../modules/dataset_sharing/__init__.py       |  16 ++
 backend/dataall/modules/datasets/__init__.py  |   7 +-
 backend/dataall/modules/loader.py             | 124 +++++++++++----
 backend/dataall/modules/notebooks/__init__.py |   2 +-
 tests/modules/test_loader.py                  | 145 ++++++++++++++++++
 6 files changed, 266 insertions(+), 33 deletions(-)
 create mode 100644 backend/dataall/modules/dataset_sharing/__init__.py
 create mode 100644 tests/modules/test_loader.py

diff --git a/backend/dataall/cdkproxy/stacks/policies/__init__.py b/backend/dataall/cdkproxy/stacks/policies/__init__.py
index 964bb37a5..4391d0287 100644
--- a/backend/dataall/cdkproxy/stacks/policies/__init__.py
+++ b/backend/dataall/cdkproxy/stacks/policies/__init__.py
@@ -1,9 +1,8 @@
 """Contains the code for creating environment policies"""
 
 from dataall.cdkproxy.stacks.policies import (
-    _lambda, cloudformation, codestar, databrew, glue,
-    lakeformation, quicksight, redshift, stepfunctions, data_policy, service_policy
+    _lambda, cloudformation, codestar, quicksight, redshift, stepfunctions, data_policy, service_policy
 )
 
-__all__ = ["_lambda", "cloudformation", "codestar", "databrew", "glue", "lakeformation", "quicksight",
+__all__ = ["_lambda", "cloudformation", "codestar", "quicksight",
            "redshift", "stepfunctions", "data_policy", "service_policy", "mlstudio"]
diff --git a/backend/dataall/modules/dataset_sharing/__init__.py b/backend/dataall/modules/dataset_sharing/__init__.py
new file mode 100644
index 000000000..ed6b62297
--- /dev/null
+++ b/backend/dataall/modules/dataset_sharing/__init__.py
@@ -0,0 +1,16 @@
+import logging
+from typing import List
+
+from dataall.modules.loader import ModuleInterface, ImportMode
+
+
+log = logging.getLogger(__name__)
+
+
+class SharingApiModuleInterface(ModuleInterface):
+    @staticmethod
+    def is_supported(modes: List[ImportMode]) -> bool:
+        return ImportMode.API in modes
+
+    def __init__(self):
+        log.info("API pf dataset sharing has been imported")
diff --git a/backend/dataall/modules/datasets/__init__.py b/backend/dataall/modules/datasets/__init__.py
index 36f84a969..e6696b534 100644
--- a/backend/dataall/modules/datasets/__init__.py
+++ b/backend/dataall/modules/datasets/__init__.py
@@ -1,7 +1,8 @@
 """Contains the code related to datasets"""
 import logging
-from typing import List
+from typing import List, Type
 
+from dataall.modules.dataset_sharing import SharingApiModuleInterface
 from dataall.modules.datasets.db.models import DatasetTableColumn, DatasetStorageLocation, DatasetTable, Dataset
 from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
 from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
@@ -19,6 +20,10 @@ class DatasetApiModuleInterface(ModuleInterface):
     def is_supported(modes):
         return ImportMode.API in modes
 
+    @staticmethod
+    def depends_on() -> List[Type['ModuleInterface']]:
+        return [SharingApiModuleInterface]
+
     def __init__(self):
         # these imports are placed inside the method because they are only related to GraphQL api.
         from dataall.db.api import TargetType
diff --git a/backend/dataall/modules/loader.py b/backend/dataall/modules/loader.py
index 7e6f24169..034ccee3c 100644
--- a/backend/dataall/modules/loader.py
+++ b/backend/dataall/modules/loader.py
@@ -3,6 +3,7 @@
 import logging
 import sys
 from abc import ABC, abstractmethod
+from collections import defaultdict, deque
 from enum import Enum, auto
 from typing import List, Type, Set
 
@@ -38,13 +39,12 @@ def is_supported(modes: List[ImportMode]) -> bool:
         """
         raise NotImplementedError("is_supported is not implemented")
 
-    @staticmethod
-    @abstractmethod
-    def name() -> str:
+    @classmethod
+    def name(cls) -> str:
         """
         Returns name of the module. Should be the same if it's specified in the config file
         """
-        raise NotImplementedError("name is not implemented")
+        return _remove_module_prefix(cls.__module__)
 
     @staticmethod
     def depends_on() -> List[Type['ModuleInterface']]:
@@ -63,14 +63,19 @@ def load_modules(modes: List[ImportMode]) -> None:
     Loads all modules from the config
     Loads only requested functionality (submodules) using the mode parameter
     """
-    try:
-        modules = config.get_property("modules")
-    except KeyError:
-        log.info('"modules" has not been found in the config file. Nothing to load')
-        return
+    in_config, inactive = _load_modules()
+    _check_loading_correct(in_config, modes)
+    _initialize_modules(modes)
+    _describe_loading(in_config, inactive)
 
-    log.info("Found %d modules that have been found in the config", len(modules))
+    log.info("All modules have been imported")
 
+
+def _load_modules():
+    """
+    Loads modules but not initializing them
+    """
+    modules = _get_modules_from_config()
     inactive = set()
     in_config = set()
     for name, props in modules.items():
@@ -85,23 +90,27 @@ def load_modules(modes: List[ImportMode]) -> None:
             inactive.add(name)
             continue
 
-        if not _import_module(name):
+        if not _load_module(name):
             raise ValueError(f"Couldn't find module {name} under modules directory")
 
         log.info(f"Module {name} is loaded")
+    return in_config, inactive
 
-    modules = ModuleInterface.__subclasses__()
-    for module in modules:
-        if module.is_supported(modes):
-            module()
 
-    _check_loading_correct()
-    _describe_loading(in_config, inactive)
+def _get_modules_from_config():
+    try:
+        modules = config.get_property("modules")
+    except KeyError as e:
+        raise KeyError('"modules" has not been found in the config file. Nothing to load') from e
 
-    log.info("All modules have been imported")
+    log.info("Found %d modules that have been found in the config", len(modules))
+    return modules
 
 
-def _import_module(name):
+def _load_module(name: str):
+    """
+    Loads a module but not initializing it
+    """
     try:
         importlib.import_module(f"{_MODULE_PREFIX}.{name}")
         return True
@@ -109,7 +118,50 @@ def _import_module(name):
         return False
 
 
-def _check_loading_correct(in_config: Set[str]):
+def _initialize_modules(modes: List[ImportMode]):
+    """
+    Initialize all modules for supported modes. This method is using topological sorting for a graph of module
+    dependencies. It's needed to load module in a specific order: first modules to load are without dependencies.
+    It might help to avoid possible issues if there is a load in the module constructor (which can be the case
+    if a module supports a few importing modes).
+    """
+    modules = _all_modules()
+    dependencies = defaultdict(list)
+    degrees = defaultdict(int)
+    supported = []
+    for module in modules:
+        if module.is_supported(modes):
+            supported.append(module)
+            degrees[module] += len(module.depends_on())
+            for dependency in module.depends_on():
+                dependencies[dependency].append(module)
+
+    queue = deque()
+    for module in supported:
+        if degrees[module] == 0:
+            queue.append(module)
+
+    initialized = 0
+    while queue:
+        to_init = queue.popleft()
+        _initialize_module(to_init)
+        initialized += 1
+
+        for dependant in dependencies[to_init]:
+            degrees[dependant] -= 1
+            if degrees[dependant] == 0:
+                queue.append(dependant)
+
+    if initialized < len(degrees):
+        # We shouldn't reach this point since it should already be covered by python. But just in case
+        raise ImportError("Not all modules have been initialized. Most likely circular dependency")
+
+
+def _initialize_module(module):
+    module()  # call a constructor for initialization
+
+
+def _check_loading_correct(in_config: Set[str], modes: List[ImportMode]):
     """
     To avoid unintentional loading (without ModuleInterface) we can check all loaded modules.
     Unintentional/incorrect loading might happen if module A has a direct reference to module B without declaring it
@@ -119,23 +171,26 @@ def _check_loading_correct(in_config: Set[str]):
     """
 
     expected_load = set(in_config)
-    for module in ModuleInterface.__subclasses__():
+    for module in _all_modules():
         for dependency in module.depends_on():
             expected_load.add(dependency.name())
 
-    for module in ModuleInterface.__subclasses__():
-        if module.name() not in expected_load:
-            raise ImportError(f"ModuleInterface has not been initialized for module {module.name()}")
+    for module in _all_modules():
+        if module.is_supported(modes) and module.name() not in expected_load:
+            raise ImportError(
+                f"ModuleInterface has not been initialized for module {module.name()}. "
+                "Declare the module in depends_on"
+            )
 
     for module in sys.modules.keys():
-        if module.startswith(_MODULE_PREFIX):
-            name = module.lstrip(_MODULE_PREFIX).split(".")[0]
-            if name not in expected_load:
+        if module.startswith(_MODULE_PREFIX) and module != __name__:  # skip loader
+            name = _get_module_name(module)
+            if name and name not in expected_load:
                 raise ImportError(f"The package {module} has been imported, but it doesn't contain ModuleInterface")
 
 
 def _describe_loading(in_config: Set[str], inactive: Set[str]):
-    modules = ModuleInterface.__subclasses__()
+    modules = _all_modules()
     for module in modules:
         name = module.name()
         log.debug(f"The {name} module was loaded")
@@ -146,3 +201,16 @@ def _describe_loading(in_config: Set[str], inactive: Set[str]):
             log.info(f"There is a module that depends on {module.name()}. " +
                      "The module has been loaded despite it's not specified in the configuration file.")
 
+
+def _remove_module_prefix(module: str):
+    if module.startswith(_MODULE_PREFIX):
+        return module[len(_MODULE_PREFIX) + 1:]
+    raise ValueError(f"Module  {module} should always starts with {_MODULE_PREFIX}")
+
+
+def _get_module_name(module):
+    return module[len(_MODULE_PREFIX) + 1:].split(".")[0]  # gets only top level module name
+
+
+def _all_modules():
+    return ModuleInterface.__subclasses__()
diff --git a/backend/dataall/modules/notebooks/__init__.py b/backend/dataall/modules/notebooks/__init__.py
index 347abff53..127a1eb31 100644
--- a/backend/dataall/modules/notebooks/__init__.py
+++ b/backend/dataall/modules/notebooks/__init__.py
@@ -33,4 +33,4 @@ def is_supported(modes):
 
     def __init__(self):
         import dataall.modules.notebooks.cdk
-        log.info("API of sagemaker notebooks has been imported")
+        log.info("API of sagemaker notebooks has been imported")
\ No newline at end of file
diff --git a/tests/modules/test_loader.py b/tests/modules/test_loader.py
new file mode 100644
index 000000000..e737c556d
--- /dev/null
+++ b/tests/modules/test_loader.py
@@ -0,0 +1,145 @@
+from abc import ABC
+from typing import List, Type
+
+import pytest
+
+from dataall.modules.loader import ModuleInterface, ImportMode
+from dataall.modules import loader
+
+order = []
+
+
+class TestModule(ModuleInterface, ABC):
+    def __init__(self):
+        order.append(self.__class__)
+
+
+class TestApiModule(TestModule):
+    @staticmethod
+    def is_supported(modes: List[ImportMode]) -> bool:
+        return ImportMode.API in modes
+
+
+class AModule(TestApiModule):
+    pass
+
+
+class BModule(TestApiModule):
+    @staticmethod
+    def depends_on() -> List[Type['ModuleInterface']]:
+        return [AModule]
+
+
+class CModule(TestModule):
+    @staticmethod
+    def is_supported(modes: List[ImportMode]) -> bool:
+        return ImportMode.CDK in modes
+
+
+class DModule(TestApiModule):
+    @staticmethod
+    def depends_on() -> List[Type['ModuleInterface']]:
+        return [BModule]
+
+
+class EModule(TestApiModule):
+    @staticmethod
+    def depends_on() -> List[Type['ModuleInterface']]:
+        return [BModule]
+
+
+class FModule(TestApiModule):
+    @staticmethod
+    def depends_on() -> List[Type['ModuleInterface']]:
+        return [EModule]
+
+
+class GModule(TestApiModule):
+    @staticmethod
+    def depends_on() -> List[Type['ModuleInterface']]:
+        return [AModule, BModule]
+
+
+class IModule(TestApiModule):
+    @staticmethod
+    def depends_on() -> List[Type['ModuleInterface']]:
+        return [EModule, DModule]
+
+
+class JModule(TestApiModule):
+    pass
+
+
+class KModule(TestApiModule):
+    @staticmethod
+    def depends_on() -> List[Type['ModuleInterface']]:
+        return [JModule, EModule]
+
+
+@pytest.fixture(scope='module', autouse=True)
+def patch_prefix():
+    prefix = loader._MODULE_PREFIX
+    loader._MODULE_PREFIX = 'tests.modules.test_loader'
+    yield
+
+    loader._MODULE_PREFIX = prefix
+
+
+@pytest.fixture(scope='function', autouse=True)
+def clean_order():
+    yield
+    order.clear()
+
+
+def patch_loading(mocker, all_modules, in_config):
+    mocker.patch(
+        'dataall.modules.loader._all_modules',
+        return_value=all_modules,
+    )
+    mocker.patch(
+        'dataall.modules.loader._load_modules',
+        return_value=(in_config, {})
+    )
+
+
+def test_nothing_to_load(mocker):
+    patch_loading(mocker, [], set())
+    loader.load_modules([ImportMode.API, ImportMode.CDK])
+    assert len(order) == 0
+
+
+def test_import_with_one_dependency(mocker):
+    patch_loading(mocker, [AModule, BModule], {BModule})
+    loader.load_modules([ImportMode.API])
+    assert order == [AModule, BModule]
+
+
+def test_load_with_cdk_mode(mocker):
+    patch_loading(mocker, [DModule, CModule, BModule], {BModule, CModule})
+    loader.load_modules([ImportMode.CDK])
+    assert order == [CModule]
+
+
+def test_many_nested_layers(mocker):
+    patch_loading(mocker, [BModule, CModule, AModule, DModule], {DModule, CModule})
+    loader.load_modules([ImportMode.API])
+    correct_order = [AModule, BModule, DModule]
+    assert order == correct_order
+    assert CModule not in correct_order
+
+
+def test_complex_loading(mocker):
+    patch_loading(mocker, [
+        AModule, BModule, CModule, DModule, EModule, FModule, GModule, IModule, JModule, KModule
+    ], {AModule, CModule, JModule})
+
+    loader.load_modules([ImportMode.API])
+    assert order == [AModule, JModule, BModule, DModule, EModule, GModule, FModule, IModule, KModule]
+
+
+def test_incorrect_loading(mocker):
+    patch_loading(mocker, [AModule], set())  # A is not specified in config, but was found
+    with pytest.raises(ImportError):
+        loader.load_modules([ImportMode.API])
+
+

From 068e29aee4b37de9f2478b1f31557c7e57919e8c Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 28 Apr 2023 14:08:21 +0200
Subject: [PATCH 105/346] Changed the error message and comments

---
 backend/dataall/modules/loader.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/backend/dataall/modules/loader.py b/backend/dataall/modules/loader.py
index 034ccee3c..73b78f344 100644
--- a/backend/dataall/modules/loader.py
+++ b/backend/dataall/modules/loader.py
@@ -153,8 +153,9 @@ def _initialize_modules(modes: List[ImportMode]):
                 queue.append(dependant)
 
     if initialized < len(degrees):
-        # We shouldn't reach this point since it should already be covered by python. But just in case
-        raise ImportError("Not all modules have been initialized. Most likely circular dependency")
+        # Happens if the ModuleInterface for dependency doesn't support import mode
+        # The case when there is circular imports should already be covered by python loader
+        raise ImportError("Not all modules have been initialized. Check if your import modes are correct")
 
 
 def _initialize_module(module):

From 86f4529d53fcbdaed07e502db7c8c6be1a3665f9 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 28 Apr 2023 14:38:33 +0200
Subject: [PATCH 106/346] Fixed error and moved api import to API
 ModuleInterface

---
 backend/dataall/cdkproxy/stacks/policies/__init__.py | 5 ++---
 backend/dataall/modules/datasets/__init__.py         | 4 ++--
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/backend/dataall/cdkproxy/stacks/policies/__init__.py b/backend/dataall/cdkproxy/stacks/policies/__init__.py
index 964bb37a5..4391d0287 100644
--- a/backend/dataall/cdkproxy/stacks/policies/__init__.py
+++ b/backend/dataall/cdkproxy/stacks/policies/__init__.py
@@ -1,9 +1,8 @@
 """Contains the code for creating environment policies"""
 
 from dataall.cdkproxy.stacks.policies import (
-    _lambda, cloudformation, codestar, databrew, glue,
-    lakeformation, quicksight, redshift, stepfunctions, data_policy, service_policy
+    _lambda, cloudformation, codestar, quicksight, redshift, stepfunctions, data_policy, service_policy
 )
 
-__all__ = ["_lambda", "cloudformation", "codestar", "databrew", "glue", "lakeformation", "quicksight",
+__all__ = ["_lambda", "cloudformation", "codestar", "quicksight",
            "redshift", "stepfunctions", "data_policy", "service_policy", "mlstudio"]
diff --git a/backend/dataall/modules/datasets/__init__.py b/backend/dataall/modules/datasets/__init__.py
index 60349f8b4..69e5fb86d 100644
--- a/backend/dataall/modules/datasets/__init__.py
+++ b/backend/dataall/modules/datasets/__init__.py
@@ -2,8 +2,6 @@
 import logging
 from typing import List
 
-from dataall.api.Objects.Vote.resolvers import add_vote_type
-from dataall.db.api import TargetType
 from dataall.modules.datasets.db.models import DatasetTableColumn, DatasetStorageLocation, DatasetTable, Dataset
 from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
 from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
@@ -22,6 +20,8 @@ def is_supported(cls, modes):
         return ImportMode.API in modes
 
     def __init__(self):
+        from dataall.api.Objects.Vote.resolvers import add_vote_type
+        from dataall.db.api import TargetType
         from dataall.api.Objects.Feed.registry import FeedRegistry, FeedDefinition
         from dataall.api.Objects.Glossary.registry import GlossaryRegistry, GlossaryDefinition
 

From f4b1f673fe37eb2d501357942335e5c5a568514e Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 28 Apr 2023 16:15:33 +0200
Subject: [PATCH 107/346] Removed unused method

---
 .../dataall/modules/datasets/services/dataset_service.py  | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/backend/dataall/modules/datasets/services/dataset_service.py b/backend/dataall/modules/datasets/services/dataset_service.py
index 63a57dcdb..4d54b5573 100644
--- a/backend/dataall/modules/datasets/services/dataset_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_service.py
@@ -704,11 +704,3 @@ def list_group_datasets(session, environment_id, group_uri):
             )
             .all()
         )
-
-    @staticmethod
-    def list_env_datasets(session, environment_uri):
-        return (
-            session.query(Dataset)
-            .filter(Dataset.environmentUri == environment_uri)
-            .all()
-        )

From a52c145ffa48cbc4f200d1b048d80d64d4832434 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 28 Apr 2023 16:21:16 +0200
Subject: [PATCH 108/346] Changed method for checking permissions

---
 .../api/storage_location/resolvers.py         |  2 --
 .../datasets/services/dataset_location.py     | 27 +++++++++----------
 .../datasets/services/dataset_service.py      | 15 +++++------
 .../datasets/services/dataset_table.py        | 19 ++++++-------
 4 files changed, 30 insertions(+), 33 deletions(-)

diff --git a/backend/dataall/modules/datasets/api/storage_location/resolvers.py b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
index 5e7351aa1..35386dacb 100644
--- a/backend/dataall/modules/datasets/api/storage_location/resolvers.py
+++ b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
@@ -21,10 +21,8 @@ def create_storage_location(
         location = DatasetLocationService.create_dataset_location(
             session=session,
             username=context.username,
-            groups=context.groups,
             uri=datasetUri,
             data=input,
-            check_perm=True,
         )
 
         S3DatasetLocationHandler.create_bucket_prefix(location)
diff --git a/backend/dataall/modules/datasets/services/dataset_location.py b/backend/dataall/modules/datasets/services/dataset_location.py
index 73885eb51..a8c0eb61d 100644
--- a/backend/dataall/modules/datasets/services/dataset_location.py
+++ b/backend/dataall/modules/datasets/services/dataset_location.py
@@ -2,7 +2,8 @@
 
 from sqlalchemy import and_, or_
 
-from dataall.db.api import has_tenant_perm, has_resource_perm, Glossary
+from dataall.core.permission_checker import has_tenant_permission, has_resource_permission
+from dataall.db.api import Glossary
 from dataall.db import models, api, paginate, exceptions
 from dataall.modules.datasets.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets.db.models import DatasetStorageLocation
@@ -14,15 +15,13 @@
 
 class DatasetLocationService:
     @staticmethod
-    @has_tenant_perm(MANAGE_DATASETS)
-    @has_resource_perm(CREATE_DATASET_FOLDER)
+    @has_tenant_permission(MANAGE_DATASETS)
+    @has_resource_permission(CREATE_DATASET_FOLDER)
     def create_dataset_location(
         session,
         username: str,
-        groups: [str],
         uri: str,
-        data: dict = None,
-        check_perm: bool = False,
+        data: dict = None
     ) -> DatasetStorageLocation:
         dataset = DatasetRepository.get_dataset_by_uri(session, uri)
         exists = (
@@ -68,8 +67,8 @@ def create_dataset_location(
         return location
 
     @staticmethod
-    @has_tenant_perm(MANAGE_DATASETS)
-    @has_resource_perm(LIST_DATASET_FOLDERS)
+    @has_tenant_permission(MANAGE_DATASETS)
+    @has_resource_permission(LIST_DATASET_FOLDERS)
     def list_dataset_locations(
         session,
         username: str,
@@ -93,8 +92,8 @@ def list_dataset_locations(
         ).to_dict()
 
     @staticmethod
-    @has_tenant_perm(MANAGE_DATASETS)
-    @has_resource_perm(LIST_DATASET_FOLDERS)
+    @has_tenant_permission(MANAGE_DATASETS)
+    @has_resource_permission(LIST_DATASET_FOLDERS)
     def get_dataset_location(
         session,
         username: str,
@@ -106,8 +105,8 @@ def get_dataset_location(
         return DatasetLocationService.get_location_by_uri(session, data['locationUri'])
 
     @staticmethod
-    @has_tenant_perm(MANAGE_DATASETS)
-    @has_resource_perm(UPDATE_DATASET_FOLDER)
+    @has_tenant_permission(MANAGE_DATASETS)
+    @has_resource_permission(UPDATE_DATASET_FOLDER)
     def update_dataset_location(
         session,
         username: str,
@@ -136,8 +135,8 @@ def update_dataset_location(
         return location
 
     @staticmethod
-    @has_tenant_perm(MANAGE_DATASETS)
-    @has_resource_perm(DELETE_DATASET_FOLDER)
+    @has_tenant_permission(MANAGE_DATASETS)
+    @has_resource_permission(DELETE_DATASET_FOLDER)
     def delete_dataset_location(
         session,
         username: str,
diff --git a/backend/dataall/modules/datasets/services/dataset_service.py b/backend/dataall/modules/datasets/services/dataset_service.py
index 4d54b5573..710e2cc1b 100644
--- a/backend/dataall/modules/datasets/services/dataset_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_service.py
@@ -4,10 +4,9 @@
 from sqlalchemy import and_, or_
 from sqlalchemy.orm import Query
 
+from dataall.core.permission_checker import has_tenant_permission, has_resource_permission
 from dataall.db.api import (
     Environment,
-    has_tenant_perm,
-    has_resource_perm,
     ResourcePolicy,
     KeyValueTag,
     Vote,
@@ -31,8 +30,8 @@
 
 class DatasetService:
     @staticmethod
-    @has_tenant_perm(MANAGE_DATASETS)
-    @has_resource_perm(CREATE_DATASET)
+    @has_tenant_permission(MANAGE_DATASETS)
+    @has_resource_permission(CREATE_DATASET)
     def create_dataset(
         session,
         username: str,
@@ -201,7 +200,7 @@ def create_dataset_stack(session, dataset: Dataset) -> models.Stack:
         )
 
     @staticmethod
-    @has_tenant_perm(MANAGE_DATASETS)
+    @has_tenant_permission(MANAGE_DATASETS)
     def get_dataset(
         session,
         username: str,
@@ -294,8 +293,8 @@ def paginated_dataset_tables(
         ).to_dict()
 
     @staticmethod
-    @has_tenant_perm(MANAGE_DATASETS)
-    @has_resource_perm(UPDATE_DATASET)
+    @has_tenant_permission(MANAGE_DATASETS)
+    @has_resource_permission(UPDATE_DATASET)
     def update_dataset(
         session, username, groups, uri, data=None, check_perm=None
     ) -> Dataset:
@@ -668,7 +667,7 @@ def query_environment_datasets(session, username, groups, uri, filter) -> Query:
         return query
 
     @staticmethod
-    @has_resource_perm(LIST_ENVIRONMENT_DATASETS)
+    @has_resource_permission(LIST_ENVIRONMENT_DATASETS)
     def paginated_environment_datasets(
             session, username, groups, uri, data=None, check_perm=None
     ) -> dict:
diff --git a/backend/dataall/modules/datasets/services/dataset_table.py b/backend/dataall/modules/datasets/services/dataset_table.py
index 437e9384e..50f543005 100644
--- a/backend/dataall/modules/datasets/services/dataset_table.py
+++ b/backend/dataall/modules/datasets/services/dataset_table.py
@@ -2,8 +2,9 @@
 
 from sqlalchemy.sql import and_
 
+from dataall.core.permission_checker import has_tenant_permission, has_resource_permission
 from dataall.db import models, api, exceptions, paginate
-from dataall.db.api import has_tenant_perm, has_resource_perm, Glossary, ResourcePolicy, Environment
+from dataall.db.api import Glossary, ResourcePolicy, Environment
 from dataall.modules.datasets.services.permissions import MANAGE_DATASETS, CREATE_DATASET_TABLE, DELETE_DATASET_TABLE, \
     UPDATE_DATASET_TABLE, DATASET_TABLE_READ
 from dataall.modules.datasets.services.dataset_service import DatasetService
@@ -15,8 +16,8 @@
 
 class DatasetTableService:
     @staticmethod
-    @has_tenant_perm(MANAGE_DATASETS)
-    @has_resource_perm(CREATE_DATASET_TABLE)
+    @has_tenant_permission(MANAGE_DATASETS)
+    @has_resource_permission(CREATE_DATASET_TABLE)
     def create_dataset_table(
         session,
         username: str,
@@ -79,7 +80,7 @@ def create_dataset_table(
         return table
 
     @staticmethod
-    @has_tenant_perm(MANAGE_DATASETS)
+    @has_tenant_permission(MANAGE_DATASETS)
     def list_dataset_tables(
         session,
         username: str,
@@ -101,7 +102,7 @@ def list_dataset_tables(
         ).to_dict()
 
     @staticmethod
-    @has_tenant_perm(MANAGE_DATASETS)
+    @has_tenant_permission(MANAGE_DATASETS)
     def get_dataset_table(
         session,
         username: str,
@@ -113,8 +114,8 @@ def get_dataset_table(
         return DatasetTableService.get_dataset_table_by_uri(session, data['tableUri'])
 
     @staticmethod
-    @has_tenant_perm(MANAGE_DATASETS)
-    @has_resource_perm(UPDATE_DATASET_TABLE)
+    @has_tenant_permission(MANAGE_DATASETS)
+    @has_resource_permission(UPDATE_DATASET_TABLE)
     def update_dataset_table(
         session,
         username: str,
@@ -139,8 +140,8 @@ def update_dataset_table(
         return table
 
     @staticmethod
-    @has_tenant_perm(MANAGE_DATASETS)
-    @has_resource_perm(DELETE_DATASET_TABLE)
+    @has_tenant_permission(MANAGE_DATASETS)
+    @has_resource_permission(DELETE_DATASET_TABLE)
     def delete_dataset_table(
         session,
         username: str,

From 19cc9aa7967fbf0c9380223ca3595c46b2adfd65 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 28 Apr 2023 16:30:18 +0200
Subject: [PATCH 109/346] Reduce number of parameters for dataset location
 service

---
 .../datasets/api/storage_location/resolvers.py | 12 +-----------
 .../datasets/services/dataset_location.py      | 18 +++---------------
 2 files changed, 4 insertions(+), 26 deletions(-)

diff --git a/backend/dataall/modules/datasets/api/storage_location/resolvers.py b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
index 35386dacb..e47ce1007 100644
--- a/backend/dataall/modules/datasets/api/storage_location/resolvers.py
+++ b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
@@ -20,7 +20,6 @@ def create_storage_location(
     with context.engine.scoped_session() as session:
         location = DatasetLocationService.create_dataset_location(
             session=session,
-            username=context.username,
             uri=datasetUri,
             data=input,
         )
@@ -38,7 +37,7 @@ def list_dataset_locations(context, source, filter: dict = None):
         filter = {}
     with context.engine.scoped_session() as session:
         return DatasetLocationService.list_dataset_locations(
-            session=session, uri=source.datasetUri, data=filter, check_perm=True
+            session=session, uri=source.datasetUri, data=filter
         )
 
 
@@ -47,11 +46,8 @@ def get_storage_location(context, source, locationUri=None):
         location = DatasetLocationService.get_location_by_uri(session, locationUri)
         return DatasetLocationService.get_dataset_location(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=location.datasetUri,
             data={'locationUri': location.locationUri},
-            check_perm=True,
         )
 
 
@@ -64,11 +60,8 @@ def update_storage_location(
         input['locationUri'] = location.locationUri
         DatasetLocationService.update_dataset_location(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=location.datasetUri,
             data=input,
-            check_perm=True,
         )
         DatasetLocationIndexer.upsert(session, folder_uri=location.locationUri)
 
@@ -80,11 +73,8 @@ def remove_storage_location(context, source, locationUri: str = None):
         location = DatasetLocationService.get_location_by_uri(session, locationUri)
         DatasetLocationService.delete_dataset_location(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=location.datasetUri,
             data={'locationUri': location.locationUri},
-            check_perm=True,
         )
         DatasetLocationIndexer.delete_doc(doc_id=location.locationUri)
     return True
diff --git a/backend/dataall/modules/datasets/services/dataset_location.py b/backend/dataall/modules/datasets/services/dataset_location.py
index a8c0eb61d..240c52f0e 100644
--- a/backend/dataall/modules/datasets/services/dataset_location.py
+++ b/backend/dataall/modules/datasets/services/dataset_location.py
@@ -2,6 +2,7 @@
 
 from sqlalchemy import and_, or_
 
+from dataall.core.context import get_context
 from dataall.core.permission_checker import has_tenant_permission, has_resource_permission
 from dataall.db.api import Glossary
 from dataall.db import models, api, paginate, exceptions
@@ -19,7 +20,6 @@ class DatasetLocationService:
     @has_resource_permission(CREATE_DATASET_FOLDER)
     def create_dataset_location(
         session,
-        username: str,
         uri: str,
         data: dict = None
     ) -> DatasetStorageLocation:
@@ -58,7 +58,7 @@ def create_dataset_location(
         if 'terms' in data.keys():
             Glossary.set_glossary_terms_links(
                 session,
-                username,
+                get_context().username,
                 location.locationUri,
                 'DatasetStorageLocation',
                 data.get('terms', []),
@@ -71,11 +71,8 @@ def create_dataset_location(
     @has_resource_permission(LIST_DATASET_FOLDERS)
     def list_dataset_locations(
         session,
-        username: str,
-        groups: [str],
         uri: str,
         data: dict = None,
-        check_perm: bool = False,
     ) -> dict:
         query = (
             session.query(DatasetStorageLocation)
@@ -96,11 +93,8 @@ def list_dataset_locations(
     @has_resource_permission(LIST_DATASET_FOLDERS)
     def get_dataset_location(
         session,
-        username: str,
-        groups: [str],
         uri: str,
         data: dict = None,
-        check_perm: bool = False,
     ) -> DatasetStorageLocation:
         return DatasetLocationService.get_location_by_uri(session, data['locationUri'])
 
@@ -109,11 +103,8 @@ def get_dataset_location(
     @has_resource_permission(UPDATE_DATASET_FOLDER)
     def update_dataset_location(
         session,
-        username: str,
-        groups: [str],
         uri: str,
         data: dict = None,
-        check_perm: bool = False,
     ) -> DatasetStorageLocation:
 
         location = data.get(
@@ -127,7 +118,7 @@ def update_dataset_location(
         if 'terms' in data.keys():
             Glossary.set_glossary_terms_links(
                 session,
-                username,
+                get_context().username,
                 location.locationUri,
                 'DatasetStorageLocation',
                 data.get('terms', []),
@@ -139,11 +130,8 @@ def update_dataset_location(
     @has_resource_permission(DELETE_DATASET_FOLDER)
     def delete_dataset_location(
         session,
-        username: str,
-        groups: [str],
         uri: str,
         data: dict = None,
-        check_perm: bool = False,
     ):
         location = DatasetLocationService.get_location_by_uri(
             session, data['locationUri']

From cd218e2579471d98a5a07c923b2d2ac142ef8dc9 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 28 Apr 2023 16:31:04 +0200
Subject: [PATCH 110/346] Renamed files

---
 backend/dataall/aws/handlers/redshift.py                      | 2 +-
 backend/dataall/db/api/redshift_cluster.py                    | 2 +-
 backend/dataall/modules/datasets/api/dataset/resolvers.py     | 2 +-
 backend/dataall/modules/datasets/api/profiling/resolvers.py   | 2 +-
 .../modules/datasets/api/storage_location/resolvers.py        | 2 +-
 backend/dataall/modules/datasets/api/table/resolvers.py       | 2 +-
 .../dataall/modules/datasets/api/table_column/resolvers.py    | 2 +-
 .../dataall/modules/datasets/handlers/glue_column_handler.py  | 2 +-
 .../dataall/modules/datasets/handlers/glue_table_handler.py   | 2 +-
 .../dataall/modules/datasets/handlers/s3_location_handler.py  | 2 +-
 backend/dataall/modules/datasets/indexers/dataset_indexer.py  | 2 +-
 .../{dataset_location.py => dataset_location_service.py}      | 0
 backend/dataall/modules/datasets/services/dataset_service.py  | 2 +-
 .../services/{dataset_table.py => dataset_table_service.py}   | 0
 .../dataall/modules/datasets/tasks/subscription_service.py    | 4 ++--
 backend/dataall/modules/datasets/tasks/tables_syncer.py       | 2 +-
 tests/api/test_dataset_table.py                               | 2 +-
 17 files changed, 16 insertions(+), 16 deletions(-)
 rename backend/dataall/modules/datasets/services/{dataset_location.py => dataset_location_service.py} (100%)
 rename backend/dataall/modules/datasets/services/{dataset_table.py => dataset_table_service.py} (100%)

diff --git a/backend/dataall/aws/handlers/redshift.py b/backend/dataall/aws/handlers/redshift.py
index f606b9a79..0ace9d4f3 100644
--- a/backend/dataall/aws/handlers/redshift.py
+++ b/backend/dataall/aws/handlers/redshift.py
@@ -10,7 +10,7 @@
 from ... import db
 from ...db import models
 # TODO should be migrated in the redshift module
-from dataall.modules.datasets.services.dataset_table import DatasetTableService
+from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
 from dataall.modules.datasets.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
 
diff --git a/backend/dataall/db/api/redshift_cluster.py b/backend/dataall/db/api/redshift_cluster.py
index ca7a69515..f43614421 100644
--- a/backend/dataall/db/api/redshift_cluster.py
+++ b/backend/dataall/db/api/redshift_cluster.py
@@ -497,7 +497,7 @@ def enable_copy_table(
         cluster = RedshiftCluster.get_redshift_cluster_by_uri(session, uri)
 
         # TODO this dirty hack should be removed in the redshift module or after pipeline migration (circular import)
-        from dataall.modules.datasets.services.dataset_table import DatasetTableService
+        from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
         table = DatasetTableService.get_dataset_table_by_uri(
             session, data['tableUri']
         )
diff --git a/backend/dataall/modules/datasets/api/dataset/resolvers.py b/backend/dataall/modules/datasets/api/dataset/resolvers.py
index a75e6d414..ab6e4b0d3 100644
--- a/backend/dataall/modules/datasets/api/dataset/resolvers.py
+++ b/backend/dataall/modules/datasets/api/dataset/resolvers.py
@@ -18,7 +18,7 @@
 from dataall.db.api.organization import Organization
 from dataall.modules.datasets import Dataset
 from dataall.modules.datasets.aws.glue_dataset_client import DatasetCrawler
-from dataall.modules.datasets.services.dataset_location import DatasetLocationService
+from dataall.modules.datasets.services.dataset_location_service import DatasetLocationService
 from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
diff --git a/backend/dataall/modules/datasets/api/profiling/resolvers.py b/backend/dataall/modules/datasets/api/profiling/resolvers.py
index 671b79c32..d156eee95 100644
--- a/backend/dataall/modules/datasets/api/profiling/resolvers.py
+++ b/backend/dataall/modules/datasets/api/profiling/resolvers.py
@@ -7,7 +7,7 @@
 from dataall.db import api, models
 from dataall.db.api import ResourcePolicy
 from dataall.modules.datasets.services.dataset_service import DatasetService
-from dataall.modules.datasets.services.dataset_table import DatasetTableService
+from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
 from dataall.modules.datasets.services.dataset_profiling_service import DatasetProfilingService
 from dataall.modules.datasets.db.models import DatasetProfilingRun
 from dataall.modules.datasets.services.permissions import PROFILE_DATASET_TABLE
diff --git a/backend/dataall/modules/datasets/api/storage_location/resolvers.py b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
index e47ce1007..4b1ae1726 100644
--- a/backend/dataall/modules/datasets/api/storage_location/resolvers.py
+++ b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
@@ -9,7 +9,7 @@
 from dataall.modules.datasets.handlers.s3_location_handler import S3DatasetLocationHandler
 from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
 from dataall.modules.datasets.db.models import DatasetStorageLocation, Dataset
-from dataall.modules.datasets.services.dataset_location import DatasetLocationService
+from dataall.modules.datasets.services.dataset_location_service import DatasetLocationService
 from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.modules.datasets.services.permissions import UPDATE_DATASET_FOLDER
 
diff --git a/backend/dataall/modules/datasets/api/table/resolvers.py b/backend/dataall/modules/datasets/api/table/resolvers.py
index c5e6726a2..1ae69e7ae 100644
--- a/backend/dataall/modules/datasets/api/table/resolvers.py
+++ b/backend/dataall/modules/datasets/api/table/resolvers.py
@@ -16,7 +16,7 @@
 from dataall.modules.datasets.services.permissions import UPDATE_DATASET_TABLE, PREVIEW_DATASET_TABLE
 from dataall.utils import json_utils
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
-from dataall.modules.datasets.services.dataset_table import DatasetTableService
+from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
 
 log = logging.getLogger(__name__)
 
diff --git a/backend/dataall/modules/datasets/api/table_column/resolvers.py b/backend/dataall/modules/datasets/api/table_column/resolvers.py
index 951b2038f..591459f87 100644
--- a/backend/dataall/modules/datasets/api/table_column/resolvers.py
+++ b/backend/dataall/modules/datasets/api/table_column/resolvers.py
@@ -5,7 +5,7 @@
 from dataall.aws.handlers.service_handlers import Worker
 from dataall.db import paginate, models
 from dataall.db.api import ResourcePolicy
-from dataall.modules.datasets.services.dataset_table import DatasetTableService
+from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
 from dataall.modules.datasets.db.models import DatasetTableColumn, DatasetTable
 from dataall.modules.datasets.services.permissions import UPDATE_DATASET_TABLE
 
diff --git a/backend/dataall/modules/datasets/handlers/glue_column_handler.py b/backend/dataall/modules/datasets/handlers/glue_column_handler.py
index 59dca4528..07a1c41b5 100644
--- a/backend/dataall/modules/datasets/handlers/glue_column_handler.py
+++ b/backend/dataall/modules/datasets/handlers/glue_column_handler.py
@@ -6,7 +6,7 @@
 from dataall.modules.datasets.aws.glue_table_client import GlueTableClient
 from dataall.modules.datasets.aws.lf_table_client import LakeFormationTableClient
 from dataall.modules.datasets.db.models import DatasetTableColumn, DatasetTable
-from dataall.modules.datasets.services.dataset_table import DatasetTableService
+from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
 
 log = logging.getLogger(__name__)
 
diff --git a/backend/dataall/modules/datasets/handlers/glue_table_handler.py b/backend/dataall/modules/datasets/handlers/glue_table_handler.py
index d41b71ebc..f648dc330 100644
--- a/backend/dataall/modules/datasets/handlers/glue_table_handler.py
+++ b/backend/dataall/modules/datasets/handlers/glue_table_handler.py
@@ -5,7 +5,7 @@
 from dataall.db import models
 from dataall.modules.datasets.db.models import Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
-from dataall.modules.datasets.services.dataset_table import DatasetTableService
+from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
 
 log = logging.getLogger(__name__)
 
diff --git a/backend/dataall/modules/datasets/handlers/s3_location_handler.py b/backend/dataall/modules/datasets/handlers/s3_location_handler.py
index ba8cf6eda..1990e7a9a 100644
--- a/backend/dataall/modules/datasets/handlers/s3_location_handler.py
+++ b/backend/dataall/modules/datasets/handlers/s3_location_handler.py
@@ -3,7 +3,7 @@
 from dataall.aws.handlers.service_handlers import Worker
 from dataall.aws.handlers.sts import SessionHelper
 from dataall.db import models
-from dataall.modules.datasets.services.dataset_location import DatasetLocationService
+from dataall.modules.datasets.services.dataset_location_service import DatasetLocationService
 
 log = logging.getLogger(__name__)
 
diff --git a/backend/dataall/modules/datasets/indexers/dataset_indexer.py b/backend/dataall/modules/datasets/indexers/dataset_indexer.py
index 1936b66be..8af54600f 100644
--- a/backend/dataall/modules/datasets/indexers/dataset_indexer.py
+++ b/backend/dataall/modules/datasets/indexers/dataset_indexer.py
@@ -3,7 +3,7 @@
 from dataall import db
 from dataall.db import models
 from dataall.modules.datasets.db.models import Dataset
-from dataall.modules.datasets.services.dataset_location import DatasetLocationService
+from dataall.modules.datasets.services.dataset_location_service import DatasetLocationService
 from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.searchproxy.upsert import BaseIndexer
 
diff --git a/backend/dataall/modules/datasets/services/dataset_location.py b/backend/dataall/modules/datasets/services/dataset_location_service.py
similarity index 100%
rename from backend/dataall/modules/datasets/services/dataset_location.py
rename to backend/dataall/modules/datasets/services/dataset_location_service.py
diff --git a/backend/dataall/modules/datasets/services/dataset_service.py b/backend/dataall/modules/datasets/services/dataset_service.py
index 710e2cc1b..ddf5fc92e 100644
--- a/backend/dataall/modules/datasets/services/dataset_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_service.py
@@ -17,7 +17,7 @@
 from dataall.db.models.Enums import Language, ConfidentialityClassification
 from dataall.modules.datasets.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets.db.models import DatasetTable, Dataset
-from dataall.modules.datasets.services.dataset_location import DatasetLocationService
+from dataall.modules.datasets.services.dataset_location_service import DatasetLocationService
 from dataall.modules.datasets.services.permissions import MANAGE_DATASETS, UPDATE_DATASET, DATASET_READ, DATASET_ALL, \
     DATASET_TABLE_READ, LIST_ENVIRONMENT_DATASETS, CREATE_DATASET
 from dataall.utils.naming_convention import (
diff --git a/backend/dataall/modules/datasets/services/dataset_table.py b/backend/dataall/modules/datasets/services/dataset_table_service.py
similarity index 100%
rename from backend/dataall/modules/datasets/services/dataset_table.py
rename to backend/dataall/modules/datasets/services/dataset_table_service.py
diff --git a/backend/dataall/modules/datasets/tasks/subscription_service.py b/backend/dataall/modules/datasets/tasks/subscription_service.py
index 033b27bd2..a261fad8a 100644
--- a/backend/dataall/modules/datasets/tasks/subscription_service.py
+++ b/backend/dataall/modules/datasets/tasks/subscription_service.py
@@ -16,8 +16,8 @@
 from dataall.modules.datasets.services.share_notification_service import ShareNotificationService
 from dataall.tasks.subscriptions import poll_queues
 from dataall.utils import json_utils
-from dataall.modules.datasets.services.dataset_table import DatasetTableService
-from dataall.modules.datasets.services.dataset_location import DatasetLocationService
+from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
+from dataall.modules.datasets.services.dataset_location_service import DatasetLocationService
 from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable, Dataset
 
 root = logging.getLogger()
diff --git a/backend/dataall/modules/datasets/tasks/tables_syncer.py b/backend/dataall/modules/datasets/tasks/tables_syncer.py
index c17951916..3a399fe14 100644
--- a/backend/dataall/modules/datasets/tasks/tables_syncer.py
+++ b/backend/dataall/modules/datasets/tasks/tables_syncer.py
@@ -13,7 +13,7 @@
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
 from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.utils.alarm_service import AlarmService
-from dataall.modules.datasets.services.dataset_table import DatasetTableService
+from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
 
 root = logging.getLogger()
 root.setLevel(logging.INFO)
diff --git a/tests/api/test_dataset_table.py b/tests/api/test_dataset_table.py
index 9894569ae..dc8cdbccf 100644
--- a/tests/api/test_dataset_table.py
+++ b/tests/api/test_dataset_table.py
@@ -3,7 +3,7 @@
 import pytest
 
 import dataall
-from dataall.modules.datasets.services.dataset_table import DatasetTableService
+from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
 from dataall.modules.datasets.db.models import DatasetTableColumn, DatasetTable, Dataset
 
 

From 3e24acb1d99bcb14f58684e11d83667a1dc0bd67 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 28 Apr 2023 16:34:26 +0200
Subject: [PATCH 111/346] Reduced number of parameters for the table service

---
 .../modules/datasets/api/table/resolvers.py   | 15 --------------
 .../services/dataset_table_service.py         | 20 +++----------------
 2 files changed, 3 insertions(+), 32 deletions(-)

diff --git a/backend/dataall/modules/datasets/api/table/resolvers.py b/backend/dataall/modules/datasets/api/table/resolvers.py
index 1ae69e7ae..8e72bb8df 100644
--- a/backend/dataall/modules/datasets/api/table/resolvers.py
+++ b/backend/dataall/modules/datasets/api/table/resolvers.py
@@ -25,11 +25,8 @@ def create_table(context, source, datasetUri: str = None, input: dict = None):
     with context.engine.scoped_session() as session:
         table = DatasetTableService.create_dataset_table(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=datasetUri,
             data=input,
-            check_perm=True,
         )
         DatasetTableIndexer.upsert(session, table_uri=table.tableUri)
     return table
@@ -43,11 +40,8 @@ def list_dataset_tables(context, source, filter: dict = None):
     with context.engine.scoped_session() as session:
         return DatasetTableService.list_dataset_tables(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=source.datasetUri,
             data=filter,
-            check_perm=True,
         )
 
 
@@ -56,13 +50,10 @@ def get_table(context, source: Dataset, tableUri: str = None):
         table = DatasetTableService.get_dataset_table_by_uri(session, tableUri)
         return DatasetTableService.get_dataset_table(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=table.datasetUri,
             data={
                 'tableUri': tableUri,
             },
-            check_perm=True,
         )
 
 
@@ -77,11 +68,8 @@ def update_table(context, source, tableUri: str = None, input: dict = None):
 
         DatasetTableService.update_dataset_table(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=dataset.datasetUri,
             data=input,
-            check_perm=True,
         )
         DatasetTableIndexer.upsert(session, table_uri=table.tableUri)
     return table
@@ -92,13 +80,10 @@ def delete_table(context, source, tableUri: str = None):
         table = DatasetTableService.get_dataset_table_by_uri(session, tableUri)
         DatasetTableService.delete_dataset_table(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=table.datasetUri,
             data={
                 'tableUri': tableUri,
             },
-            check_perm=True,
         )
     DatasetTableIndexer.delete_doc(doc_id=tableUri)
     return True
diff --git a/backend/dataall/modules/datasets/services/dataset_table_service.py b/backend/dataall/modules/datasets/services/dataset_table_service.py
index 50f543005..ddfde9c5b 100644
--- a/backend/dataall/modules/datasets/services/dataset_table_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_table_service.py
@@ -2,6 +2,7 @@
 
 from sqlalchemy.sql import and_
 
+from dataall.core.context import get_context
 from dataall.core.permission_checker import has_tenant_permission, has_resource_permission
 from dataall.db import models, api, exceptions, paginate
 from dataall.db.api import Glossary, ResourcePolicy, Environment
@@ -20,11 +21,8 @@ class DatasetTableService:
     @has_resource_permission(CREATE_DATASET_TABLE)
     def create_dataset_table(
         session,
-        username: str,
-        groups: [str],
         uri: str,
         data: dict = None,
-        check_perm: bool = False,
     ) -> DatasetTable:
         dataset = DatasetService.get_dataset_by_uri(session, uri)
         exists = (
@@ -62,7 +60,7 @@ def create_dataset_table(
         session.add(table)
         if data.get('terms') is not None:
             Glossary.set_glossary_terms_links(
-                session, username, table.tableUri, 'DatasetTable', data.get('terms', [])
+                session, get_context().username, table.tableUri, 'DatasetTable', data.get('terms', [])
             )
         session.commit()
 
@@ -83,11 +81,8 @@ def create_dataset_table(
     @has_tenant_permission(MANAGE_DATASETS)
     def list_dataset_tables(
         session,
-        username: str,
-        groups: [str],
         uri: str,
         data: dict = None,
-        check_perm: bool = False,
     ) -> dict:
         query = (
             session.query(DatasetTable)
@@ -105,11 +100,8 @@ def list_dataset_tables(
     @has_tenant_permission(MANAGE_DATASETS)
     def get_dataset_table(
         session,
-        username: str,
-        groups: [str],
         uri: str,
         data: dict = None,
-        check_perm: bool = False,
     ) -> DatasetTable:
         return DatasetTableService.get_dataset_table_by_uri(session, data['tableUri'])
 
@@ -118,11 +110,8 @@ def get_dataset_table(
     @has_resource_permission(UPDATE_DATASET_TABLE)
     def update_dataset_table(
         session,
-        username: str,
-        groups: [str],
         uri: str,
         data: dict = None,
-        check_perm: bool = False,
     ):
         table = data.get(
             'table',
@@ -134,7 +123,7 @@ def update_dataset_table(
 
         if data.get('terms') is not None:
             Glossary.set_glossary_terms_links(
-                session, username, table.tableUri, 'DatasetTable', data.get('terms', [])
+                session, get_context().username, table.tableUri, 'DatasetTable', data.get('terms', [])
             )
 
         return table
@@ -144,11 +133,8 @@ def update_dataset_table(
     @has_resource_permission(DELETE_DATASET_TABLE)
     def delete_dataset_table(
         session,
-        username: str,
-        groups: [str],
         uri: str,
         data: dict = None,
-        check_perm: bool = False,
     ):
         table = DatasetTableService.get_dataset_table_by_uri(session, data['tableUri'])
         share_item_shared_states = api.ShareItemSM.get_share_item_shared_states()

From b5eb774f8b238383fef386d02df09640d01301b7 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 28 Apr 2023 16:42:16 +0200
Subject: [PATCH 112/346] Reduced number of parameters for the dataset service

---
 .../modules/datasets/api/dataset/resolvers.py | 16 +----------
 .../datasets/services/dataset_service.py      | 27 +++++++------------
 2 files changed, 11 insertions(+), 32 deletions(-)

diff --git a/backend/dataall/modules/datasets/api/dataset/resolvers.py b/backend/dataall/modules/datasets/api/dataset/resolvers.py
index ab6e4b0d3..52797fd35 100644
--- a/backend/dataall/modules/datasets/api/dataset/resolvers.py
+++ b/backend/dataall/modules/datasets/api/dataset/resolvers.py
@@ -91,12 +91,7 @@ def import_dataset(context: Context, source, input=None):
 
 def get_dataset(context, source, datasetUri=None):
     with context.engine.scoped_session() as session:
-        dataset = DatasetService.get_dataset(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            uri=datasetUri,
-        )
+        dataset = DatasetService.get_dataset(session, uri=datasetUri)
         if dataset.SamlAdminGroupName in context.groups:
             dataset.userRoleForDataset = DatasetRole.Admin.value
         return dataset
@@ -220,11 +215,8 @@ def update_dataset(context, source, datasetUri: str = None, input: dict = None):
     with context.engine.scoped_session() as session:
         updated_dataset = DatasetService.update_dataset(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=datasetUri,
             data=input,
-            check_perm=True,
         )
         DatasetIndexer.upsert(session, dataset_uri=datasetUri)
 
@@ -655,11 +647,8 @@ def list_datasets_created_in_environment(
     with context.engine.scoped_session() as session:
         return DatasetService.paginated_environment_datasets(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=environmentUri,
             data=filter,
-            check_perm=True,
         )
 
 
@@ -671,10 +660,7 @@ def list_datasets_owned_by_env_group(
     with context.engine.scoped_session() as session:
         return DatasetService.paginated_environment_group_datasets(
             session=session,
-            username=context.username,
-            groups=context.groups,
             envUri=environmentUri,
             groupUri=groupUri,
             data=filter,
-            check_perm=True,
         )
\ No newline at end of file
diff --git a/backend/dataall/modules/datasets/services/dataset_service.py b/backend/dataall/modules/datasets/services/dataset_service.py
index ddf5fc92e..75cc89047 100644
--- a/backend/dataall/modules/datasets/services/dataset_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_service.py
@@ -4,6 +4,7 @@
 from sqlalchemy import and_, or_
 from sqlalchemy.orm import Query
 
+from dataall.core.context import get_context
 from dataall.core.permission_checker import has_tenant_permission, has_resource_permission
 from dataall.db.api import (
     Environment,
@@ -201,14 +202,7 @@ def create_dataset_stack(session, dataset: Dataset) -> models.Stack:
 
     @staticmethod
     @has_tenant_permission(MANAGE_DATASETS)
-    def get_dataset(
-        session,
-        username: str,
-        groups: [str],
-        uri: str,
-        data: dict = None,
-        check_perm: bool = False,
-    ) -> Dataset:
+    def get_dataset(session, uri: str) -> Dataset:
         return DatasetService.get_dataset_by_uri(session, uri)
 
     @staticmethod
@@ -295,9 +289,8 @@ def paginated_dataset_tables(
     @staticmethod
     @has_tenant_permission(MANAGE_DATASETS)
     @has_resource_permission(UPDATE_DATASET)
-    def update_dataset(
-        session, username, groups, uri, data=None, check_perm=None
-    ) -> Dataset:
+    def update_dataset(session, uri, data=None) -> Dataset:
+        username = get_context().username
         dataset: Dataset = DatasetService.get_dataset_by_uri(session, uri)
         if data and isinstance(data, dict):
             for k in data.keys():
@@ -626,7 +619,7 @@ def count_dataset_tables(session, dataset_uri):
         )
 
     @staticmethod
-    def query_environment_group_datasets(session, username, groups, envUri, groupUri, filter) -> Query:
+    def query_environment_group_datasets(session, envUri, groupUri, filter) -> Query:
         query = session.query(Dataset).filter(
             and_(
                 Dataset.environmentUri == envUri,
@@ -647,7 +640,7 @@ def query_environment_group_datasets(session, username, groups, envUri, groupUri
         return query
 
     @staticmethod
-    def query_environment_datasets(session, username, groups, uri, filter) -> Query:
+    def query_environment_datasets(session, uri, filter) -> Query:
         query = session.query(Dataset).filter(
             and_(
                 Dataset.environmentUri == uri,
@@ -669,11 +662,11 @@ def query_environment_datasets(session, username, groups, uri, filter) -> Query:
     @staticmethod
     @has_resource_permission(LIST_ENVIRONMENT_DATASETS)
     def paginated_environment_datasets(
-            session, username, groups, uri, data=None, check_perm=None
+            session, uri, data=None,
     ) -> dict:
         return paginate(
             query=DatasetService.query_environment_datasets(
-                session, username, groups, uri, data
+                session, uri, data
             ),
             page=data.get('page', 1),
             page_size=data.get('pageSize', 10),
@@ -681,11 +674,11 @@ def paginated_environment_datasets(
 
     @staticmethod
     def paginated_environment_group_datasets(
-            session, username, groups, envUri, groupUri, data=None, check_perm=None
+            session, envUri, groupUri, data=None
     ) -> dict:
         return paginate(
             query=DatasetService.query_environment_group_datasets(
-                session, username, groups, envUri, groupUri, data
+                session, envUri, groupUri, data
             ),
             page=data.get('page', 1),
             page_size=data.get('pageSize', 10),

From 7ad099ff77c76b92c8604fa618090e7c15b1291a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 2 May 2023 11:53:58 +0200
Subject: [PATCH 113/346] Bump flask from 2.0.3 to 2.3.2 in /backend (#439)

Bumps [flask](https://github.com/pallets/flask) from 2.0.3 to 2.3.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pallets/flask/releases">flask's
releases</a>.</em></p>
<blockquote>
<h2>2.3.2</h2>
<p>This is a security fix release for the 2.3.x release branch.</p>
<ul>
<li>Security advisory: <a
href="https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq">https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq</a>,
CVE-2023-30861</li>
<li>Changes: <a
href="https://flask.palletsprojects.com/en/2.3.x/changes/#version-2-3-2">https://flask.palletsprojects.com/en/2.3.x/changes/#version-2-3-2</a></li>
<li>Milestone: <a
href="https://github.com/pallets/flask/milestone/29?closed=1">https://github.com/pallets/flask/milestone/29?closed=1</a></li>
</ul>
<h2>2.3.1</h2>
<p>This is a fix release for the 2.3.x release branch.</p>
<ul>
<li>Changes: <a
href="https://flask.palletsprojects.com/en/2.3.x/changes/#version-2-3-1">https://flask.palletsprojects.com/en/2.3.x/changes/#version-2-3-1</a></li>
<li>Milestone: <a
href="https://github.com/pallets/flask/milestone/28?closed=1">https://github.com/pallets/flask/milestone/28?closed=1</a></li>
</ul>
<h2>2.3.0</h2>
<p>This is a feature release, which includes new features, removes
previously deprecated code, and adds new deprecations. The 2.3.x branch
is now the supported fix branch, the 2.2.x branch will become a tag
marking the end of support for that branch. We encourage everyone to
upgrade, and to use a tool such as <a
href="https://pypi.org/project/pip-tools/">pip-tools</a> to pin all
dependencies and control upgrades. Test with warnings treated as errors
to be able to adapt to deprecation warnings early.</p>
<ul>
<li>Changes: <a
href="https://flask.palletsprojects.com/en/2.3.x/changes/#version-2-3-0">https://flask.palletsprojects.com/en/2.3.x/changes/#version-2-3-0</a></li>
<li>Milestone: <a
href="https://github.com/pallets/flask/milestone/24?closed=1">https://github.com/pallets/flask/milestone/24?closed=1</a></li>
</ul>
<h2>2.2.4</h2>
<p>This is a fix release for the 2.2.x release branch.</p>
<ul>
<li>Changes: <a
href="https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-4">https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-4</a></li>
<li>Milestone: <a
href="https://github.com/pallets/flask/milestone/27?closed=1">https://github.com/pallets/flask/milestone/27?closed=1</a></li>
</ul>
<h2>2.2.3</h2>
<p>This is a fix release for the 2.2.x release branch.</p>
<ul>
<li>Changes: <a
href="https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-3">https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-3</a></li>
<li>Milestone: <a
href="https://github.com/pallets/flask/milestone/26?closed=1">https://github.com/pallets/flask/milestone/26?closed=1</a></li>
</ul>
<h2>2.2.2</h2>
<p>This is a fix release for the <a
href="https://github.com/pallets/flask/releases/tag/2.2.0">2.2.0</a>
feature release.</p>
<ul>
<li>Changes: <a
href="https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-2">https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-2</a></li>
<li>Milestone: <a
href="https://github.com/pallets/flask/milestone/25?closed=1">https://github.com/pallets/flask/milestone/25?closed=1</a></li>
</ul>
<h2>2.2.1</h2>
<p>This is a fix release for the <a
href="https://github.com/pallets/flask/releases/tag/2.2.0">2.2.0</a>
feature release.</p>
<ul>
<li>Changes: <a
href="https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-1">https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-1</a></li>
<li>Milestone: <a
href="https://github.com/pallets/flask/milestone/23?closed=1">https://github.com/pallets/flask/milestone/23?closed=1</a></li>
</ul>
<h2>2.2.0</h2>
<p>This is a feature release, which includes new features and removes
previously deprecated code. The 2.2.x branch is now the supported bug
fix branch, the 2.1.x branch will become a tag marking the end of
support for that branch. We encourage everyone to upgrade, and to use a
tool such as <a href="https://pypi.org/project/pip-tools/">pip-tools</a>
to pin all dependencies and control upgrades.</p>
<ul>
<li>Changes: <a
href="https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-0">https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-0</a></li>
<li>Milestone: <a
href="https://github.com/pallets/flask/milestone/19?closed=1">https://github.com/pallets/flask/milestone/19?closed=1</a></li>
</ul>
<h2>2.1.3</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pallets/flask/blob/main/CHANGES.rst">flask's
changelog</a>.</em></p>
<blockquote>
<h2>Version 2.3.2</h2>
<p>Released 2023-05-01</p>
<ul>
<li>Set <code>Vary: Cookie</code> header when the session is accessed,
modified, or refreshed.</li>
<li>Update Werkzeug requirement to &gt;=2.3.3 to apply recent bug
fixes.</li>
</ul>
<h2>Version 2.3.1</h2>
<p>Released 2023-04-25</p>
<ul>
<li>Restore deprecated <code>from flask import Markup</code>.
:issue:<code>5084</code></li>
</ul>
<h2>Version 2.3.0</h2>
<p>Released 2023-04-25</p>
<ul>
<li>
<p>Drop support for Python 3.7. :pr:<code>5072</code></p>
</li>
<li>
<p>Update minimum requirements to the latest versions:
Werkzeug&gt;=2.3.0, Jinja2&gt;3.1.2,
itsdangerous&gt;=2.1.2, click&gt;=8.1.3.</p>
</li>
<li>
<p>Remove previously deprecated code. :pr:<code>4995</code></p>
<ul>
<li>The <code>push</code> and <code>pop</code> methods of the deprecated
<code>_app_ctx_stack</code> and
<code>_request_ctx_stack</code> objects are removed. <code>top</code>
still exists to give
extensions more time to update, but it will be removed.</li>
<li>The <code>FLASK_ENV</code> environment variable, <code>ENV</code>
config key, and <code>app.env</code>
property are removed.</li>
<li>The <code>session_cookie_name</code>,
<code>send_file_max_age_default</code>, <code>use_x_sendfile</code>,
<code>propagate_exceptions</code>, and
<code>templates_auto_reload</code> properties on <code>app</code>
are removed.</li>
<li>The <code>JSON_AS_ASCII</code>, <code>JSON_SORT_KEYS</code>,
<code>JSONIFY_MIMETYPE</code>, and
<code>JSONIFY_PRETTYPRINT_REGULAR</code> config keys are removed.</li>
<li>The <code>app.before_first_request</code> and
<code>bp.before_app_first_request</code> decorators
are removed.</li>
<li><code>json_encoder</code> and <code>json_decoder</code> attributes
on app and blueprint, and the
corresponding <code>json.JSONEncoder</code> and <code>JSONDecoder</code>
classes, are removed.</li>
<li>The <code>json.htmlsafe_dumps</code> and <code>htmlsafe_dump</code>
functions are removed.</li>
<li>Calling setup methods on blueprints after registration is an error
instead of a
warning. :pr:<code>4997</code></li>
</ul>
</li>
<li>
<p>Importing <code>escape</code> and <code>Markup</code> from
<code>flask</code> is deprecated. Import them
directly from <code>markupsafe</code> instead. :pr:<code>4996</code></p>
</li>
<li>
<p>The <code>app.got_first_request</code> property is deprecated.
:pr:<code>4997</code></p>
</li>
<li>
<p>The <code>locked_cached_property</code> decorator is deprecated. Use
a lock inside the
decorated function if locking is needed. :issue:<code>4993</code></p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pallets/flask/commit/f3b8f570545200c87465d18386f3fc9f2258307a"><code>f3b8f57</code></a>
release version 2.3.2</li>
<li><a
href="https://github.com/pallets/flask/commit/c990bba94ab9bc81adf2d33e83c9a9628a2098f2"><code>c990bba</code></a>
update min test env</li>
<li><a
href="https://github.com/pallets/flask/commit/adedb2a64ea7703369bc89021710b439ee79f8dc"><code>adedb2a</code></a>
Merge pull request <a
href="https://redirect.github.com/pallets/flask/issues/5101">#5101</a>
from pallets/update-werkzeug</li>
<li><a
href="https://github.com/pallets/flask/commit/e1aedecdc689cc9a79131851dbdabf6c3bc49c9e"><code>e1aedec</code></a>
update werkzeug</li>
<li><a
href="https://github.com/pallets/flask/commit/37badc3ce8b0665e3454547839196a676729309f"><code>37badc3</code></a>
update changelog</li>
<li><a
href="https://github.com/pallets/flask/commit/70f906c51ce49c485f1d355703e9cc3386b1cc2b"><code>70f906c</code></a>
Merge pull request from GHSA-m2qf-hxjv-5gpq</li>
<li><a
href="https://github.com/pallets/flask/commit/8705dd39c4fa563ea0fe0bf84c85da8fcc98b88d"><code>8705dd3</code></a>
set <code>Vary: Cookie</code> header consistently for session</li>
<li><a
href="https://github.com/pallets/flask/commit/9532cba45d2339e90ebf04f178b1e4f2064e7328"><code>9532cba</code></a>
fix mypy finding</li>
<li><a
href="https://github.com/pallets/flask/commit/0bc7356ce1ae11e633426902aba76d525f4523da"><code>0bc7356</code></a>
start version 2.3.2</li>
<li><a
href="https://github.com/pallets/flask/commit/f07fb2b607c1eaa724ca9bfe43e2dc20d97d34de"><code>f07fb2b</code></a>
Merge pull request <a
href="https://redirect.github.com/pallets/flask/issues/5086">#5086</a>
from pallets/release-2.3.1</li>
<li>Additional commits viewable in <a
href="https://github.com/pallets/flask/compare/2.0.3...2.3.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=flask&package-manager=pip&previous-version=2.0.3&new-version=2.3.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/awslabs/aws-dataall/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 backend/requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/requirements.txt b/backend/requirements.txt
index 7429e61c9..09d8a7abe 100644
--- a/backend/requirements.txt
+++ b/backend/requirements.txt
@@ -3,7 +3,7 @@ aws-xray-sdk==2.4.3
 boto3==1.26.95
 botocore==1.29.95
 fastapi == 0.92.0
-Flask==2.0.3
+Flask==2.3.2
 flask-cors==3.0.10
 nanoid==2.0.0
 opensearch-py==1.0.0

From e4b3e733d32bc179a2fce9493d9c5d4a7bb08fed Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 2 May 2023 13:41:27 +0200
Subject: [PATCH 114/346] Bump flask from 2.0.3 to 2.3.2 in
 /backend/dataall/cdkproxy (#438)

Bumps [flask](https://github.com/pallets/flask) from 2.0.3 to 2.3.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pallets/flask/releases">flask's
releases</a>.</em></p>
<blockquote>
<h2>2.3.2</h2>
<p>This is a security fix release for the 2.3.x release branch.</p>
<ul>
<li>Security advisory: <a
href="https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq">https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq</a>,
CVE-2023-30861</li>
<li>Changes: <a
href="https://flask.palletsprojects.com/en/2.3.x/changes/#version-2-3-2">https://flask.palletsprojects.com/en/2.3.x/changes/#version-2-3-2</a></li>
<li>Milestone: <a
href="https://github.com/pallets/flask/milestone/29?closed=1">https://github.com/pallets/flask/milestone/29?closed=1</a></li>
</ul>
<h2>2.3.1</h2>
<p>This is a fix release for the 2.3.x release branch.</p>
<ul>
<li>Changes: <a
href="https://flask.palletsprojects.com/en/2.3.x/changes/#version-2-3-1">https://flask.palletsprojects.com/en/2.3.x/changes/#version-2-3-1</a></li>
<li>Milestone: <a
href="https://github.com/pallets/flask/milestone/28?closed=1">https://github.com/pallets/flask/milestone/28?closed=1</a></li>
</ul>
<h2>2.3.0</h2>
<p>This is a feature release, which includes new features, removes
previously deprecated code, and adds new deprecations. The 2.3.x branch
is now the supported fix branch, the 2.2.x branch will become a tag
marking the end of support for that branch. We encourage everyone to
upgrade, and to use a tool such as <a
href="https://pypi.org/project/pip-tools/">pip-tools</a> to pin all
dependencies and control upgrades. Test with warnings treated as errors
to be able to adapt to deprecation warnings early.</p>
<ul>
<li>Changes: <a
href="https://flask.palletsprojects.com/en/2.3.x/changes/#version-2-3-0">https://flask.palletsprojects.com/en/2.3.x/changes/#version-2-3-0</a></li>
<li>Milestone: <a
href="https://github.com/pallets/flask/milestone/24?closed=1">https://github.com/pallets/flask/milestone/24?closed=1</a></li>
</ul>
<h2>2.2.4</h2>
<p>This is a fix release for the 2.2.x release branch.</p>
<ul>
<li>Changes: <a
href="https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-4">https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-4</a></li>
<li>Milestone: <a
href="https://github.com/pallets/flask/milestone/27?closed=1">https://github.com/pallets/flask/milestone/27?closed=1</a></li>
</ul>
<h2>2.2.3</h2>
<p>This is a fix release for the 2.2.x release branch.</p>
<ul>
<li>Changes: <a
href="https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-3">https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-3</a></li>
<li>Milestone: <a
href="https://github.com/pallets/flask/milestone/26?closed=1">https://github.com/pallets/flask/milestone/26?closed=1</a></li>
</ul>
<h2>2.2.2</h2>
<p>This is a fix release for the <a
href="https://github.com/pallets/flask/releases/tag/2.2.0">2.2.0</a>
feature release.</p>
<ul>
<li>Changes: <a
href="https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-2">https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-2</a></li>
<li>Milestone: <a
href="https://github.com/pallets/flask/milestone/25?closed=1">https://github.com/pallets/flask/milestone/25?closed=1</a></li>
</ul>
<h2>2.2.1</h2>
<p>This is a fix release for the <a
href="https://github.com/pallets/flask/releases/tag/2.2.0">2.2.0</a>
feature release.</p>
<ul>
<li>Changes: <a
href="https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-1">https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-1</a></li>
<li>Milestone: <a
href="https://github.com/pallets/flask/milestone/23?closed=1">https://github.com/pallets/flask/milestone/23?closed=1</a></li>
</ul>
<h2>2.2.0</h2>
<p>This is a feature release, which includes new features and removes
previously deprecated code. The 2.2.x branch is now the supported bug
fix branch, the 2.1.x branch will become a tag marking the end of
support for that branch. We encourage everyone to upgrade, and to use a
tool such as <a href="https://pypi.org/project/pip-tools/">pip-tools</a>
to pin all dependencies and control upgrades.</p>
<ul>
<li>Changes: <a
href="https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-0">https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-0</a></li>
<li>Milestone: <a
href="https://github.com/pallets/flask/milestone/19?closed=1">https://github.com/pallets/flask/milestone/19?closed=1</a></li>
</ul>
<h2>2.1.3</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pallets/flask/blob/main/CHANGES.rst">flask's
changelog</a>.</em></p>
<blockquote>
<h2>Version 2.3.2</h2>
<p>Released 2023-05-01</p>
<ul>
<li>Set <code>Vary: Cookie</code> header when the session is accessed,
modified, or refreshed.</li>
<li>Update Werkzeug requirement to &gt;=2.3.3 to apply recent bug
fixes.</li>
</ul>
<h2>Version 2.3.1</h2>
<p>Released 2023-04-25</p>
<ul>
<li>Restore deprecated <code>from flask import Markup</code>.
:issue:<code>5084</code></li>
</ul>
<h2>Version 2.3.0</h2>
<p>Released 2023-04-25</p>
<ul>
<li>
<p>Drop support for Python 3.7. :pr:<code>5072</code></p>
</li>
<li>
<p>Update minimum requirements to the latest versions:
Werkzeug&gt;=2.3.0, Jinja2&gt;3.1.2,
itsdangerous&gt;=2.1.2, click&gt;=8.1.3.</p>
</li>
<li>
<p>Remove previously deprecated code. :pr:<code>4995</code></p>
<ul>
<li>The <code>push</code> and <code>pop</code> methods of the deprecated
<code>_app_ctx_stack</code> and
<code>_request_ctx_stack</code> objects are removed. <code>top</code>
still exists to give
extensions more time to update, but it will be removed.</li>
<li>The <code>FLASK_ENV</code> environment variable, <code>ENV</code>
config key, and <code>app.env</code>
property are removed.</li>
<li>The <code>session_cookie_name</code>,
<code>send_file_max_age_default</code>, <code>use_x_sendfile</code>,
<code>propagate_exceptions</code>, and
<code>templates_auto_reload</code> properties on <code>app</code>
are removed.</li>
<li>The <code>JSON_AS_ASCII</code>, <code>JSON_SORT_KEYS</code>,
<code>JSONIFY_MIMETYPE</code>, and
<code>JSONIFY_PRETTYPRINT_REGULAR</code> config keys are removed.</li>
<li>The <code>app.before_first_request</code> and
<code>bp.before_app_first_request</code> decorators
are removed.</li>
<li><code>json_encoder</code> and <code>json_decoder</code> attributes
on app and blueprint, and the
corresponding <code>json.JSONEncoder</code> and <code>JSONDecoder</code>
classes, are removed.</li>
<li>The <code>json.htmlsafe_dumps</code> and <code>htmlsafe_dump</code>
functions are removed.</li>
<li>Calling setup methods on blueprints after registration is an error
instead of a
warning. :pr:<code>4997</code></li>
</ul>
</li>
<li>
<p>Importing <code>escape</code> and <code>Markup</code> from
<code>flask</code> is deprecated. Import them
directly from <code>markupsafe</code> instead. :pr:<code>4996</code></p>
</li>
<li>
<p>The <code>app.got_first_request</code> property is deprecated.
:pr:<code>4997</code></p>
</li>
<li>
<p>The <code>locked_cached_property</code> decorator is deprecated. Use
a lock inside the
decorated function if locking is needed. :issue:<code>4993</code></p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pallets/flask/commit/f3b8f570545200c87465d18386f3fc9f2258307a"><code>f3b8f57</code></a>
release version 2.3.2</li>
<li><a
href="https://github.com/pallets/flask/commit/c990bba94ab9bc81adf2d33e83c9a9628a2098f2"><code>c990bba</code></a>
update min test env</li>
<li><a
href="https://github.com/pallets/flask/commit/adedb2a64ea7703369bc89021710b439ee79f8dc"><code>adedb2a</code></a>
Merge pull request <a
href="https://redirect.github.com/pallets/flask/issues/5101">#5101</a>
from pallets/update-werkzeug</li>
<li><a
href="https://github.com/pallets/flask/commit/e1aedecdc689cc9a79131851dbdabf6c3bc49c9e"><code>e1aedec</code></a>
update werkzeug</li>
<li><a
href="https://github.com/pallets/flask/commit/37badc3ce8b0665e3454547839196a676729309f"><code>37badc3</code></a>
update changelog</li>
<li><a
href="https://github.com/pallets/flask/commit/70f906c51ce49c485f1d355703e9cc3386b1cc2b"><code>70f906c</code></a>
Merge pull request from GHSA-m2qf-hxjv-5gpq</li>
<li><a
href="https://github.com/pallets/flask/commit/8705dd39c4fa563ea0fe0bf84c85da8fcc98b88d"><code>8705dd3</code></a>
set <code>Vary: Cookie</code> header consistently for session</li>
<li><a
href="https://github.com/pallets/flask/commit/9532cba45d2339e90ebf04f178b1e4f2064e7328"><code>9532cba</code></a>
fix mypy finding</li>
<li><a
href="https://github.com/pallets/flask/commit/0bc7356ce1ae11e633426902aba76d525f4523da"><code>0bc7356</code></a>
start version 2.3.2</li>
<li><a
href="https://github.com/pallets/flask/commit/f07fb2b607c1eaa724ca9bfe43e2dc20d97d34de"><code>f07fb2b</code></a>
Merge pull request <a
href="https://redirect.github.com/pallets/flask/issues/5086">#5086</a>
from pallets/release-2.3.1</li>
<li>Additional commits viewable in <a
href="https://github.com/pallets/flask/compare/2.0.3...2.3.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=flask&package-manager=pip&previous-version=2.0.3&new-version=2.3.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/awslabs/aws-dataall/network/alerts).

</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Nikita Podshivalov <nikpodsh@amazon.com>
---
 backend/dataall/cdkproxy/requirements.txt | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/backend/dataall/cdkproxy/requirements.txt b/backend/dataall/cdkproxy/requirements.txt
index f2da84ebe..ccd390c61 100644
--- a/backend/dataall/cdkproxy/requirements.txt
+++ b/backend/dataall/cdkproxy/requirements.txt
@@ -7,13 +7,13 @@ cdk-nag==2.7.2
 constructs==10.0.73
 starlette==0.25.0
 fastapi == 0.92.0
-Flask==2.0.3
+Flask==2.3.2
 PyYAML==6.0
 requests==2.27.1
 tabulate==0.8.9
 uvicorn==0.15.0
-jinja2==3.0.3
-werkzeug==2.2.3
+jinja2==3.1.2
+werkzeug==2.3.3
 constructs>=10.0.0,<11.0.0
 git-remote-codecommit==1.16
 aws-ddk==0.5.1

From 3ae1eca83df494e392786350a9e8fb941c08746e Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 3 May 2023 14:26:48 +0200
Subject: [PATCH 115/346] Fixed all tests

---
 backend/dataall/db/api/share_object.py             | 11 ++++++++++-
 backend/dataall/modules/datasets/__init__.py       |  4 ++++
 .../modules/datasets/api/dataset/resolvers.py      |  3 +--
 .../dataall/modules/datasets/cdk/dataset_policy.py |  2 +-
 .../datasets/handlers/glue_dataset_handler.py      |  2 +-
 .../datasets/services/dataset_group_resource.py    |  3 ---
 .../modules/datasets/services/dataset_service.py   |  6 ++++--
 .../modules/datasets/tasks/tables_syncer.py        |  4 ++--
 .../share_managers/lf_share_manager.py             |  7 ++++---
 tests/api/test_dataset.py                          |  5 +++--
 tests/api/test_vote.py                             |  3 +--
 tests/tasks/test_catalog_indexer.py                |  2 +-
 tests/tasks/test_lf_share_manager.py               |  7 +++++--
 tests/tasks/test_tables_sync.py                    | 14 +++++++++-----
 14 files changed, 46 insertions(+), 27 deletions(-)

diff --git a/backend/dataall/db/api/share_object.py b/backend/dataall/db/api/share_object.py
index 79a82af43..4917664b9 100644
--- a/backend/dataall/db/api/share_object.py
+++ b/backend/dataall/db/api/share_object.py
@@ -13,7 +13,6 @@
 from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable, Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
 from ...modules.datasets.services.permissions import DATASET_TABLE_READ
-from ...modules.datasets.services.share_notification_service import ShareNotificationService
 
 logger = logging.getLogger(__name__)
 
@@ -564,6 +563,8 @@ def submit_share_object(
 
         Share_SM.update_state(session, share, new_share_state)
 
+        # TODO Temporary, to solve cyclic imports. It will go away when shares are in a dedicated module.
+        from dataall.modules.datasets.services.share_notification_service import ShareNotificationService
         ShareNotificationService.notify_share_object_submission(
             session, username, dataset, share
         )
@@ -611,6 +612,8 @@ def approve_share_object(
                 resource_type=DatasetTable.__name__,
             )
 
+        # TODO Temporary, to solve cyclic imports. It will go away when shares are in a dedicated module.
+        from dataall.modules.datasets.services.share_notification_service import ShareNotificationService
         ShareNotificationService.notify_share_object_approval(session, username, dataset, share)
         return share
 
@@ -644,6 +647,9 @@ def reject_share_object(
             group=share.groupUri,
             resource_uri=dataset.datasetUri,
         )
+
+        # TODO Temporary, to solve cyclic imports. It will go away when shares are in a dedicated module.
+        from dataall.modules.datasets.services.share_notification_service import ShareNotificationService
         ShareNotificationService.notify_share_object_rejection(session, username, dataset, share)
         return share
 
@@ -686,6 +692,9 @@ def revoke_items_share_object(
             group=share.groupUri,
             resource_uri=dataset.datasetUri,
         )
+
+        # TODO Temporary, to solve cyclic imports. It will go away when shares are in a dedicated module.
+        from dataall.modules.datasets.services.share_notification_service import ShareNotificationService
         ShareNotificationService.notify_share_object_rejection(session, username, dataset, share)
         return share
 
diff --git a/backend/dataall/modules/datasets/__init__.py b/backend/dataall/modules/datasets/__init__.py
index 69e5fb86d..08b1dffd1 100644
--- a/backend/dataall/modules/datasets/__init__.py
+++ b/backend/dataall/modules/datasets/__init__.py
@@ -2,10 +2,12 @@
 import logging
 from typing import List
 
+from dataall.core.group.services.group_resource_manager import GroupResourceManager
 from dataall.modules.datasets.db.models import DatasetTableColumn, DatasetStorageLocation, DatasetTable, Dataset
 from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
 from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
+from dataall.modules.datasets.services.dataset_group_resource import DatasetGroupResource
 from dataall.modules.datasets.services.permissions import GET_DATASET, UPDATE_DATASET
 from dataall.modules.loader import ModuleInterface, ImportMode
 
@@ -57,6 +59,8 @@ def __init__(self):
 
         TargetType("dataset", GET_DATASET, UPDATE_DATASET)
 
+        GroupResourceManager.register(DatasetGroupResource())
+
         log.info("API of datasets has been imported")
 
 
diff --git a/backend/dataall/modules/datasets/api/dataset/resolvers.py b/backend/dataall/modules/datasets/api/dataset/resolvers.py
index 52797fd35..3cef6e21a 100644
--- a/backend/dataall/modules/datasets/api/dataset/resolvers.py
+++ b/backend/dataall/modules/datasets/api/dataset/resolvers.py
@@ -10,10 +10,9 @@
     DatasetRole,
 )
 from dataall.api.context import Context
-from dataall.aws.handlers.glue import Glue
 from dataall.aws.handlers.service_handlers import Worker
 from dataall.aws.handlers.sts import SessionHelper
-from dataall.db import paginate, exceptions, permissions, models
+from dataall.db import paginate, exceptions, models
 from dataall.db.api import Environment, ShareObject, ResourcePolicy
 from dataall.db.api.organization import Organization
 from dataall.modules.datasets import Dataset
diff --git a/backend/dataall/modules/datasets/cdk/dataset_policy.py b/backend/dataall/modules/datasets/cdk/dataset_policy.py
index 5c847fe14..64c0c53a4 100644
--- a/backend/dataall/modules/datasets/cdk/dataset_policy.py
+++ b/backend/dataall/modules/datasets/cdk/dataset_policy.py
@@ -14,7 +14,7 @@ def get_statements(self, session):
             environment_id=self.environment.environmentUri,
             group_uri=self.team.groupUri,
         )
-        return self._generate_dataset_statements(datasets)
+        return DatasetDataPolicy._generate_dataset_statements(datasets)
 
     @staticmethod
     def _generate_dataset_statements(datasets: List[Dataset]):
diff --git a/backend/dataall/modules/datasets/handlers/glue_dataset_handler.py b/backend/dataall/modules/datasets/handlers/glue_dataset_handler.py
index ff360a2f1..7a43b6ac6 100644
--- a/backend/dataall/modules/datasets/handlers/glue_dataset_handler.py
+++ b/backend/dataall/modules/datasets/handlers/glue_dataset_handler.py
@@ -26,4 +26,4 @@ def start_crawler(engine, task: models.Task):
             crawler = DatasetCrawler(dataset)
             if location:
                 crawler.update_crawler(targets)
-            return crawler.start_crawler()
\ No newline at end of file
+            return crawler.start_crawler()
diff --git a/backend/dataall/modules/datasets/services/dataset_group_resource.py b/backend/dataall/modules/datasets/services/dataset_group_resource.py
index e05d06e23..8d58ac3ad 100644
--- a/backend/dataall/modules/datasets/services/dataset_group_resource.py
+++ b/backend/dataall/modules/datasets/services/dataset_group_resource.py
@@ -6,6 +6,3 @@ class DatasetGroupResource(GroupResource):
     def count_resources(self, session, environment_uri, group_uri) -> int:
         return DatasetRepository.count_group_datasets(session, environment_uri, group_uri)
 
-
-GroupResourceManager.register(DatasetGroupResource())
-
diff --git a/backend/dataall/modules/datasets/services/dataset_service.py b/backend/dataall/modules/datasets/services/dataset_service.py
index 75cc89047..388a14746 100644
--- a/backend/dataall/modules/datasets/services/dataset_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_service.py
@@ -12,6 +12,8 @@
     KeyValueTag,
     Vote,
     Stack,
+    has_tenant_perm,
+    has_resource_perm,
 )
 from dataall.db.api import Organization
 from dataall.db import models, api, exceptions, paginate, permissions
@@ -31,8 +33,8 @@
 
 class DatasetService:
     @staticmethod
-    @has_tenant_permission(MANAGE_DATASETS)
-    @has_resource_permission(CREATE_DATASET)
+    @has_tenant_perm(MANAGE_DATASETS)
+    @has_resource_perm(CREATE_DATASET)
     def create_dataset(
         session,
         username: str,
diff --git a/backend/dataall/modules/datasets/tasks/tables_syncer.py b/backend/dataall/modules/datasets/tasks/tables_syncer.py
index 3a399fe14..b56b57ddd 100644
--- a/backend/dataall/modules/datasets/tasks/tables_syncer.py
+++ b/backend/dataall/modules/datasets/tasks/tables_syncer.py
@@ -11,8 +11,8 @@
 from dataall.modules.datasets.aws.lf_table_client import LakeFormationTableClient
 from dataall.modules.datasets.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
+from dataall.modules.datasets.services.dataset_alarm_service import DatasetAlarmService
 from dataall.modules.datasets.services.dataset_service import DatasetService
-from dataall.utils.alarm_service import AlarmService
 from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
 
 root = logging.getLogger()
@@ -94,7 +94,7 @@ def sync_tables(engine):
                     f'{dataset.AwsAccountId}/{dataset.GlueDatabaseName} '
                     f'due to: {e}'
                 )
-                AlarmService().trigger_dataset_sync_failure_alarm(dataset, str(e))
+                DatasetAlarmService().trigger_dataset_sync_failure_alarm(dataset, str(e))
         return processed_tables
 
 
diff --git a/backend/dataall/tasks/data_sharing/share_managers/lf_share_manager.py b/backend/dataall/tasks/data_sharing/share_managers/lf_share_manager.py
index 997dc830f..1cf649f01 100644
--- a/backend/dataall/tasks/data_sharing/share_managers/lf_share_manager.py
+++ b/backend/dataall/tasks/data_sharing/share_managers/lf_share_manager.py
@@ -10,9 +10,10 @@
 from ....aws.handlers.quicksight import Quicksight
 from ....aws.handlers.sts import SessionHelper
 from ....aws.handlers.ram import Ram
-from ....db import api, exceptions, models
+from ....db import exceptions, models
 from dataall.modules.datasets.db.models import DatasetTable, Dataset
 from dataall.utils.alarm_service import AlarmService
+from dataall.modules.datasets.services.dataset_alarm_service import DatasetAlarmService
 
 logger = logging.getLogger(__name__)
 
@@ -526,7 +527,7 @@ def handle_share_failure(
             f'due to: {error}'
         )
 
-        AlarmService().trigger_table_sharing_failure_alarm(
+        DatasetAlarmService().trigger_table_sharing_failure_alarm(
             table, self.share, self.target_environment
         )
         return True
@@ -549,7 +550,7 @@ def handle_revoke_failure(
             f'with target account {self.target_environment.AwsAccountId}/{self.target_environment.region} '
             f'due to: {error}'
         )
-        AlarmService().trigger_revoke_table_sharing_failure_alarm(
+        DatasetAlarmService().trigger_revoke_table_sharing_failure_alarm(
             table, self.share, self.target_environment
         )
         return True
diff --git a/tests/api/test_dataset.py b/tests/api/test_dataset.py
index ee2d6047e..c6909c28b 100644
--- a/tests/api/test_dataset.py
+++ b/tests/api/test_dataset.py
@@ -1,8 +1,10 @@
 import typing
+from unittest.mock import MagicMock
 
 import pytest
 
 import dataall
+from dataall.modules.datasets.aws.glue_dataset_client import DatasetCrawler
 from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable, Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
 
@@ -180,8 +182,7 @@ def test_update_dataset(dataset1, client, patch_es, group, group2):
 
 def test_start_crawler(org1, env1, dataset1, client, group, module_mocker):
     module_mocker.patch(
-        'dataall.modules.datasets.aws.glue_dataset_client.DatasetCrawler.get_crawler',
-        return_value={'crawler_name': dataset1.GlueCrawlerName},
+        'dataall.modules.datasets.api.dataset.resolvers.DatasetCrawler', MagicMock()
     )
     mutation = """
                 mutation StartGlueCrawler($datasetUri:String, $input:CrawlerInput){
diff --git a/tests/api/test_vote.py b/tests/api/test_vote.py
index 4701c5609..e241e27f7 100644
--- a/tests/api/test_vote.py
+++ b/tests/api/test_vote.py
@@ -110,8 +110,7 @@ def get_vote_query(client, target_uri, target_type, group):
     return response
 
 
-def test_upvote(patch_es, client, dataset1, module_mocker, dashboard):
-    module_mocker.patch('dataall.api.Objects.Vote.resolvers.reindex', return_value={})
+def test_upvote(patch_es, client, dataset1, dashboard):
     response = upvote_mutation(
         client, dataset1.datasetUri, 'dataset', True, dataset1.SamlAdminGroupName
     )
diff --git a/tests/tasks/test_catalog_indexer.py b/tests/tasks/test_catalog_indexer.py
index 32c8873e3..1ffac0b6c 100644
--- a/tests/tasks/test_catalog_indexer.py
+++ b/tests/tasks/test_catalog_indexer.py
@@ -1,6 +1,6 @@
 import pytest
 import dataall
-from dataall.modules.datasets.db.models import DatasetTable
+from dataall.modules.datasets.db.models import DatasetTable, Dataset
 
 
 @pytest.fixture(scope='module', autouse=True)
diff --git a/tests/tasks/test_lf_share_manager.py b/tests/tasks/test_lf_share_manager.py
index 89373d96e..bbe2e21ca 100644
--- a/tests/tasks/test_lf_share_manager.py
+++ b/tests/tasks/test_lf_share_manager.py
@@ -11,6 +11,7 @@
 from dataall.db import models
 from dataall.api import constants
 from dataall.modules.datasets.db.models import DatasetTable, Dataset
+from dataall.modules.datasets.services.dataset_alarm_service import DatasetAlarmService
 
 from dataall.tasks.data_sharing.share_processors.lf_process_cross_account_share import ProcessLFCrossAccountShare
 from dataall.tasks.data_sharing.share_processors.lf_process_same_account_share import ProcessLFSameAccountShare
@@ -644,6 +645,7 @@ def test_revoke_external_account_access_on_source_account(
     # Then
     lf_mock.assert_called_once()
 
+
 def test_handle_share_failure(
         db,
         processor_same_account: ProcessLFSameAccountShare,
@@ -655,7 +657,7 @@ def test_handle_share_failure(
 ):
 
     # Given
-    alarm_service_mock = mocker.patch.object(AlarmService, "trigger_table_sharing_failure_alarm")
+    alarm_service_mock = mocker.patch.object(DatasetAlarmService, "trigger_table_sharing_failure_alarm")
     error = Exception
 
     # When
@@ -673,6 +675,7 @@ def test_handle_share_failure(
     # Then
     alarm_service_mock.assert_called_once()
 
+
 def test_handle_revoke_failure(
         db,
         processor_same_account: ProcessLFSameAccountShare,
@@ -683,7 +686,7 @@ def test_handle_revoke_failure(
         mocker,
 ):
     # Given
-    alarm_service_mock = mocker.patch.object(AlarmService, "trigger_revoke_table_sharing_failure_alarm")
+    alarm_service_mock = mocker.patch.object(DatasetAlarmService, "trigger_revoke_table_sharing_failure_alarm")
     error = Exception
 
     # When
diff --git a/tests/tasks/test_tables_sync.py b/tests/tasks/test_tables_sync.py
index 5d0322f94..5c9937c72 100644
--- a/tests/tasks/test_tables_sync.py
+++ b/tests/tasks/test_tables_sync.py
@@ -1,7 +1,11 @@
+from unittest.mock import MagicMock
+
 import pytest
 import dataall
 from dataall.api.constants import OrganisationUserRole
+from dataall.modules.datasets.aws.lf_table_client import LakeFormationTableClient
 from dataall.modules.datasets.db.models import DatasetTable, Dataset
+from dataall.modules.datasets.tasks.tables_syncer import sync_tables
 
 
 @pytest.fixture(scope='module', autouse=True)
@@ -156,12 +160,12 @@ def test_tables_sync(db, org, env, sync_dataset, table, mocker):
     mocker.patch(
         'dataall.modules.datasets.tasks.tables_syncer.is_assumable_pivot_role', return_value=True
     )
-    mocker.patch(
-        'dataall.aws.handlers.glue.Glue.grant_principals_all_table_permissions',
-        return_value=True,
-    )
 
-    processed_tables = dataall.modules.datasets.tasks.tables_syncer.sync_tables(engine=db)
+    mock_client = MagicMock()
+    mocker.patch("dataall.modules.datasets.tasks.tables_syncer.LakeFormationTableClient", mock_client)
+    mock_client.grant_principals_all_table_permissions = True
+
+    processed_tables = sync_tables(engine=db)
     assert len(processed_tables) == 2
     with db.scoped_session() as session:
         saved_table: DatasetTable = (

From 745f71011f1e47cd26fb86fa56229e5cf5115517 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 3 May 2023 15:34:34 +0200
Subject: [PATCH 116/346] Fixed all tests

---
 backend/dataall/cdkproxy/stacks/environment.py            | 2 --
 .../modules/datasets/services/dataset_share_service.py    | 8 +++++---
 tests/api/conftest.py                                     | 5 +----
 3 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/backend/dataall/cdkproxy/stacks/environment.py b/backend/dataall/cdkproxy/stacks/environment.py
index a2d40af86..e9d604f47 100644
--- a/backend/dataall/cdkproxy/stacks/environment.py
+++ b/backend/dataall/cdkproxy/stacks/environment.py
@@ -141,8 +141,6 @@ def __init__(self, scope, id, target_uri: str = None, **kwargs):
             self.engine, self._environment
         )
 
-        self.all_environment_datasets = self.get_all_environment_datasets(self.engine, self._environment)
-
         # Environment S3 Bucket
         default_environment_bucket = s3.Bucket(
             self,
diff --git a/backend/dataall/modules/datasets/services/dataset_share_service.py b/backend/dataall/modules/datasets/services/dataset_share_service.py
index 74e64c951..90a5334d5 100644
--- a/backend/dataall/modules/datasets/services/dataset_share_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_share_service.py
@@ -4,7 +4,7 @@
 from sqlalchemy import or_, case, func
 from sqlalchemy.sql import and_
 
-from dataall.api.constants import ShareableType
+from dataall.api.constants import ShareableType, PrincipalType
 from dataall.db import models, permissions
 from dataall.db.api import has_resource_perm, ShareItemSM
 from dataall.db.paginator import paginate
@@ -29,6 +29,7 @@ def paginated_shared_with_environment_datasets(
                 models.Environment.name.label('environmentName'),
                 models.ShareObject.created.label('created'),
                 models.ShareObject.principalId.label('principalId'),
+                models.ShareObject.principalType.label('principalType'),
                 models.ShareObjectItem.itemType.label('itemType'),
                 models.ShareObjectItem.GlueDatabaseName.label('GlueDatabaseName'),
                 models.ShareObjectItem.GlueTableName.label('GlueTableName'),
@@ -99,8 +100,9 @@ def paginated_shared_with_environment_datasets(
                 or_(*[models.ShareObjectItem.itemType == t for t in itemTypes])
             )
 
-        if data.get("uniqueDatasets", False):
-            q = q.distinct(models.ShareObject.datasetUri)
+        if data.get("uniqueShares", False):
+            q = q.filter(models.ShareObject.principalType != PrincipalType.ConsumptionRole.value)
+            q = q.distinct(models.ShareObject.shareUri)
 
         if data.get('term'):
             term = data.get('term')
diff --git a/tests/api/conftest.py b/tests/api/conftest.py
index a0b184504..983b011fe 100644
--- a/tests/api/conftest.py
+++ b/tests/api/conftest.py
@@ -25,7 +25,7 @@ def patch_check_env(module_mocker):
 @pytest.fixture(scope='module', autouse=True)
 def patch_check_dataset(module_mocker):
     module_mocker.patch(
-        'dataall.api.Objects.Dataset.resolvers.check_dataset_account', return_value=True
+        'dataall.modules.datasets.api.dataset.resolvers.check_dataset_account', return_value=True
     )
 
 
@@ -635,9 +635,6 @@ def env_fixture(env, org_fixture, user, group, tenant, module_mocker):
 
 @pytest.fixture(scope='module')
 def dataset_fixture(env_fixture, org_fixture, dataset, group, module_mocker) -> Dataset:
-    module_mocker.patch(
-        'dataall.api.Objects.Dataset.resolvers.check_dataset_account', return_value=True
-    )
     yield dataset(
         org=org_fixture,
         env=env_fixture,

From f382a6897b8cb2b366c1d098dcf71d2dd2ea0d72 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 4 May 2023 10:58:15 +0200
Subject: [PATCH 117/346] Review remarks

---
 .../dataall/api/Objects/Glossary/registry.py  |  2 +-
 .../datasets/aws/s3_location_client.py        | 31 +++++++++++++++++++
 .../datasets/handlers/s3_location_handler.py  | 30 ++----------------
 .../datasets/indexers/dataset_indexer.py      |  2 +-
 .../datasets/indexers/location_indexer.py     |  2 +-
 .../datasets/indexers/table_indexer.py        |  2 +-
 backend/dataall/searchproxy/__init__.py       |  1 -
 .../{upsert.py => base_indexer.py}            |  7 +++--
 backend/dataall/searchproxy/indexers.py       |  3 +-
 .../share_managers/s3_share_manager.py        | 14 +++------
 .../share_processors/s3_process_share.py      |  4 +--
 11 files changed, 51 insertions(+), 47 deletions(-)
 create mode 100644 backend/dataall/modules/datasets/aws/s3_location_client.py
 rename backend/dataall/searchproxy/{upsert.py => base_indexer.py} (88%)

diff --git a/backend/dataall/api/Objects/Glossary/registry.py b/backend/dataall/api/Objects/Glossary/registry.py
index 36fea6cf0..fb7e6edf7 100644
--- a/backend/dataall/api/Objects/Glossary/registry.py
+++ b/backend/dataall/api/Objects/Glossary/registry.py
@@ -7,7 +7,7 @@
 from dataall.api.gql.graphql_union_type import UnionTypeRegistry
 from dataall.db import Resource, models
 from dataall.searchproxy.indexers import DashboardIndexer
-from dataall.searchproxy.upsert import BaseIndexer
+from dataall.searchproxy.base_indexer import BaseIndexer
 
 
 class Identifiable(Protocol):
diff --git a/backend/dataall/modules/datasets/aws/s3_location_client.py b/backend/dataall/modules/datasets/aws/s3_location_client.py
new file mode 100644
index 000000000..45385743d
--- /dev/null
+++ b/backend/dataall/modules/datasets/aws/s3_location_client.py
@@ -0,0 +1,31 @@
+import logging
+
+from dataall.aws.handlers.sts import SessionHelper
+from dataall.modules.datasets.db.models import DatasetStorageLocation
+
+log = logging.getLogger(__name__)
+
+
+class S3LocationClient:
+
+    def __init__(self, location: DatasetStorageLocation):
+        session = SessionHelper.remote_session(accountid=location.AWSAccountId)
+        self._client = session.client('s3', region_name=location.region)
+        self._location = location
+
+    def create_bucket_prefix(self):
+        location = self._location
+        try:
+            response = self._client.put_object(
+                Bucket=location.S3BucketName, Body='', Key=location.S3Prefix + '/'
+            )
+            log.info(
+                'Creating S3 Prefix `{}`({}) on AWS #{}'.format(
+                    location.S3BucketName, location.AWSAccountId, response
+                )
+            )
+        except Exception as e:
+            log.error(
+                f'Dataset storage location creation failed on S3 for dataset location {location.locationUri} : {e}'
+            )
+            raise e
diff --git a/backend/dataall/modules/datasets/handlers/s3_location_handler.py b/backend/dataall/modules/datasets/handlers/s3_location_handler.py
index ba8cf6eda..296b7e33c 100644
--- a/backend/dataall/modules/datasets/handlers/s3_location_handler.py
+++ b/backend/dataall/modules/datasets/handlers/s3_location_handler.py
@@ -3,6 +3,7 @@
 from dataall.aws.handlers.service_handlers import Worker
 from dataall.aws.handlers.sts import SessionHelper
 from dataall.db import models
+from dataall.modules.datasets.aws.s3_location_client import S3LocationClient
 from dataall.modules.datasets.services.dataset_location import DatasetLocationService
 
 log = logging.getLogger(__name__)
@@ -11,11 +12,6 @@
 class S3DatasetLocationHandler:
     """Handles async requests related to s3 for dataset storage location"""
 
-    @staticmethod
-    def client(account_id: str, region: str, client_type: str):
-        session = SessionHelper.remote_session(accountid=account_id)
-        return session.client(client_type, region_name=region)
-
     @staticmethod
     @Worker.handler(path='s3.prefix.create')
     def create_dataset_location(engine, task: models.Task):
@@ -23,26 +19,6 @@ def create_dataset_location(engine, task: models.Task):
             location = DatasetLocationService.get_location_by_uri(
                 session, task.targetUri
             )
-            S3DatasetLocationHandler.create_bucket_prefix(location)
-            return location
-
-    @staticmethod
-    def create_bucket_prefix(location):
-        try:
-            account_id = location.AWSAccountId
-            region = location.region
-            s3cli = S3DatasetLocationHandler.client(account_id=account_id, region=region, client_type='s3')
-            response = s3cli.put_object(
-                Bucket=location.S3BucketName, Body='', Key=location.S3Prefix + '/'
-            )
-            log.info(
-                'Creating S3 Prefix `{}`({}) on AWS #{}'.format(
-                    location.S3BucketName, account_id, response
-                )
-            )
+            S3LocationClient(location).create_bucket_prefix()
             location.locationCreated = True
-        except Exception as e:
-            log.error(
-                f'Dataset storage location creation failed on S3 for dataset location {location.locationUri} : {e}'
-            )
-            raise e
+            return location
diff --git a/backend/dataall/modules/datasets/indexers/dataset_indexer.py b/backend/dataall/modules/datasets/indexers/dataset_indexer.py
index 8cb0b7873..35de32e1c 100644
--- a/backend/dataall/modules/datasets/indexers/dataset_indexer.py
+++ b/backend/dataall/modules/datasets/indexers/dataset_indexer.py
@@ -3,7 +3,7 @@
 from dataall import db
 from dataall.db import models
 from dataall.modules.datasets.services.dataset_location import DatasetLocationService
-from dataall.searchproxy.upsert import BaseIndexer
+from dataall.searchproxy.base_indexer import BaseIndexer
 
 
 class DatasetIndexer(BaseIndexer):
diff --git a/backend/dataall/modules/datasets/indexers/location_indexer.py b/backend/dataall/modules/datasets/indexers/location_indexer.py
index 72495b51c..f649a244b 100644
--- a/backend/dataall/modules/datasets/indexers/location_indexer.py
+++ b/backend/dataall/modules/datasets/indexers/location_indexer.py
@@ -3,7 +3,7 @@
 
 from dataall.db import models
 from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
-from dataall.searchproxy.upsert import BaseIndexer
+from dataall.searchproxy.base_indexer import BaseIndexer
 
 
 class DatasetLocationIndexer(BaseIndexer):
diff --git a/backend/dataall/modules/datasets/indexers/table_indexer.py b/backend/dataall/modules/datasets/indexers/table_indexer.py
index 1eab70a87..fec9e4f7c 100644
--- a/backend/dataall/modules/datasets/indexers/table_indexer.py
+++ b/backend/dataall/modules/datasets/indexers/table_indexer.py
@@ -3,7 +3,7 @@
 
 from dataall.db import models
 from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
-from dataall.searchproxy.upsert import BaseIndexer
+from dataall.searchproxy.base_indexer import BaseIndexer
 
 
 class DatasetTableIndexer(BaseIndexer):
diff --git a/backend/dataall/searchproxy/__init__.py b/backend/dataall/searchproxy/__init__.py
index 78493adb6..8dab74fea 100644
--- a/backend/dataall/searchproxy/__init__.py
+++ b/backend/dataall/searchproxy/__init__.py
@@ -4,5 +4,4 @@
 __all__ = [
     'connect',
     'run_query',
-    'upsert',
 ]
diff --git a/backend/dataall/searchproxy/upsert.py b/backend/dataall/searchproxy/base_indexer.py
similarity index 88%
rename from backend/dataall/searchproxy/upsert.py
rename to backend/dataall/searchproxy/base_indexer.py
index 9eb2e3125..fd0cb5e0e 100644
--- a/backend/dataall/searchproxy/upsert.py
+++ b/backend/dataall/searchproxy/base_indexer.py
@@ -21,7 +21,10 @@ class BaseIndexer(ABC):
     def es(cls):
         """Lazy creation of the OpenSearch connection"""
         if cls._es is None:
-            cls._es = connect(envname=os.getenv('envname', 'local'))
+            es = connect(envname=os.getenv('envname', 'local'))
+            if not es:
+                raise Exception('Failed to create ES connection')
+            cls._es = es
 
         return cls._es
 
@@ -35,7 +38,7 @@ def _index(cls, doc_id, doc):
         es = cls.es()
         doc['_indexed'] = datetime.now()
         if es:
-            res = es.index(index=BaseIndexer._INDEX, id=doc_id, body=doc)
+            res = es.index(index=cls._INDEX, id=doc_id, body=doc)
             log.info(f'doc {doc} for id {doc_id} indexed with response {res}')
             return True
         else:
diff --git a/backend/dataall/searchproxy/indexers.py b/backend/dataall/searchproxy/indexers.py
index 13ba44eea..ce4145fc5 100644
--- a/backend/dataall/searchproxy/indexers.py
+++ b/backend/dataall/searchproxy/indexers.py
@@ -4,11 +4,12 @@
 
 from .. import db
 from ..db import models
-from dataall.searchproxy.upsert import BaseIndexer
+from dataall.searchproxy.base_indexer import BaseIndexer
 
 log = logging.getLogger(__name__)
 
 
+# TODO Should be moved to dashboard module
 class DashboardIndexer(BaseIndexer):
     @classmethod
     def upsert(cls, session, dashboard_uri: str):
diff --git a/backend/dataall/tasks/data_sharing/share_managers/s3_share_manager.py b/backend/dataall/tasks/data_sharing/share_managers/s3_share_manager.py
index 30c72a60e..fad1e801f 100644
--- a/backend/dataall/tasks/data_sharing/share_managers/s3_share_manager.py
+++ b/backend/dataall/tasks/data_sharing/share_managers/s3_share_manager.py
@@ -398,12 +398,9 @@ def delete_dataset_bucket_key_policy(
                 json.dumps(policy)
             )
 
-    def handle_share_failure(self, error: Exception) -> None:
+    def log_share_failure(self, error: Exception) -> None:
         """
-        Handles share failure by raising an alarm to alarmsTopic
-        Returns
-        -------
-        True if alarm published successfully
+        Writes a log if the failure happened while sharing
         """
         logger.error(
             f'Failed to share folder {self.s3_prefix} '
@@ -412,12 +409,9 @@ def handle_share_failure(self, error: Exception) -> None:
             f'due to: {error}'
         )
 
-    def handle_revoke_failure(self, error: Exception) -> None:
+    def log_revoke_failure(self, error: Exception) -> None:
         """
-        Handles share failure by raising an alarm to alarmsTopic
-        Returns
-        -------
-        True if alarm published successfully
+        Writes a log if the failure happened while revoking share
         """
         logger.error(
             f'Failed to revoke S3 permissions to folder {self.s3_prefix} '
diff --git a/backend/dataall/tasks/data_sharing/share_processors/s3_process_share.py b/backend/dataall/tasks/data_sharing/share_processors/s3_process_share.py
index 96b608338..860aa8a69 100644
--- a/backend/dataall/tasks/data_sharing/share_processors/s3_process_share.py
+++ b/backend/dataall/tasks/data_sharing/share_processors/s3_process_share.py
@@ -92,7 +92,7 @@ def process_approved_shares(
                 shared_item_SM.update_state_single_item(session, sharing_item, new_state)
 
             except Exception as e:
-                sharing_folder.handle_share_failure(e)
+                sharing_folder.log_share_failure(e)
                 new_state = shared_item_SM.run_transition(models.Enums.ShareItemActions.Failure.value)
                 shared_item_SM.update_state_single_item(session, sharing_item, new_state)
                 success = False
@@ -155,7 +155,7 @@ def process_revoked_shares(
                 revoked_item_SM.update_state_single_item(session, removing_item, new_state)
 
             except Exception as e:
-                removing_folder.handle_revoke_failure(e)
+                removing_folder.log_revoke_failure(e)
                 new_state = revoked_item_SM.run_transition(models.Enums.ShareItemActions.Failure.value)
                 revoked_item_SM.update_state_single_item(session, removing_item, new_state)
                 success = False

From 532ff0d678c1d6b842a3ad1e39e03321bcef9b5d Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 4 May 2023 11:56:36 +0200
Subject: [PATCH 118/346] Added TODO

---
 .../dataall/modules/datasets/handlers/glue_profiling_handler.py  | 1 +
 1 file changed, 1 insertion(+)

diff --git a/backend/dataall/modules/datasets/handlers/glue_profiling_handler.py b/backend/dataall/modules/datasets/handlers/glue_profiling_handler.py
index d15607733..be0915331 100644
--- a/backend/dataall/modules/datasets/handlers/glue_profiling_handler.py
+++ b/backend/dataall/modules/datasets/handlers/glue_profiling_handler.py
@@ -68,6 +68,7 @@ def start_profiling_run(engine, task: models.Task):
             )
             return run
 
+    # TODO move to client once dataset is migrated
     @staticmethod
     def get_job_run(**data):
         accountid = data['accountid']

From 2a319ca2c8fdf67251974ecab6f00e1c392c5426 Mon Sep 17 00:00:00 2001
From: Abdulrahman Kaitoua <abdulrahman.kaitoua@polimi.it>
Date: Fri, 5 May 2023 09:47:52 +0200
Subject: [PATCH 119/346] solve deployment bug #433 CloudFront logs does not
 enable ACL access (#437)

### Feature or Bugfix
- Bugfix

### Detail
Solved bug 433, starting from April 2023 S3 default configurations
changed, the default for s3 is set to disable ACL. Which is giving an
issue for cloudfront logging on s3. The solution was to change the
ownership of the object to object writer (enabling ACL for object writer
as stated in cloudfront documentation).

### Relates
[- <URL or Ticket>](https://github.com/awslabs/aws-dataall/issues/433)

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.

Co-authored-by: akaitoua-sa <126820454+akaitoua-sa@users.noreply.github.com>
---
 deploy/stacks/cloudfront.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/deploy/stacks/cloudfront.py b/deploy/stacks/cloudfront.py
index 5fe398423..382b91d8e 100644
--- a/deploy/stacks/cloudfront.py
+++ b/deploy/stacks/cloudfront.py
@@ -226,6 +226,7 @@ def __init__(
             block_public_access=s3.BlockPublicAccess.BLOCK_ALL,
             enforce_ssl=True,
             versioned=True,
+            object_ownership=s3.ObjectOwnership.OBJECT_WRITER,
         )
 
         frontend_alternate_domain = None
@@ -240,6 +241,7 @@ def __init__(
             removal_policy=RemovalPolicy.DESTROY,
             block_public_access=s3.BlockPublicAccess.BLOCK_ALL,
             enforce_ssl=True,
+            object_ownership=s3.ObjectOwnership.OBJECT_WRITER,
         )
 
         origin_access_identity = cloudfront.OriginAccessIdentity(
@@ -545,6 +547,7 @@ def build_static_site(
             removal_policy=RemovalPolicy.DESTROY,
             block_public_access=s3.BlockPublicAccess.BLOCK_ALL,
             enforce_ssl=True,
+            object_ownership=s3.ObjectOwnership.OBJECT_WRITER,
         )
 
         origin_access_identity = cloudfront.OriginAccessIdentity(

From 8d71ab544bf4875e524631e79b5cacb696a26981 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 5 May 2023 10:32:06 +0200
Subject: [PATCH 120/346] Moved Share API

---
 .../dataset_sharing/api}/__init__.py                |  2 +-
 .../dataset_sharing/api}/input_types.py             |  2 +-
 .../dataset_sharing/api}/mutations.py               |  2 +-
 .../dataset_sharing/api}/queries.py                 |  2 +-
 .../dataset_sharing/api}/resolvers.py               | 13 ++++++-------
 .../dataset_sharing/api}/schema.py                  |  2 +-
 6 files changed, 11 insertions(+), 12 deletions(-)
 rename backend/dataall/{api/Objects/ShareObject => modules/dataset_sharing/api}/__init__.py (74%)
 rename backend/dataall/{api/Objects/ShareObject => modules/dataset_sharing/api}/input_types.py (98%)
 rename backend/dataall/{api/Objects/ShareObject => modules/dataset_sharing/api}/mutations.py (97%)
 rename backend/dataall/{api/Objects/ShareObject => modules/dataset_sharing/api}/queries.py (91%)
 rename backend/dataall/{api/Objects/ShareObject => modules/dataset_sharing/api}/resolvers.py (98%)
 rename backend/dataall/{api/Objects/ShareObject => modules/dataset_sharing/api}/schema.py (99%)

diff --git a/backend/dataall/api/Objects/ShareObject/__init__.py b/backend/dataall/modules/dataset_sharing/api/__init__.py
similarity index 74%
rename from backend/dataall/api/Objects/ShareObject/__init__.py
rename to backend/dataall/modules/dataset_sharing/api/__init__.py
index dfa46b264..d6574a49b 100644
--- a/backend/dataall/api/Objects/ShareObject/__init__.py
+++ b/backend/dataall/modules/dataset_sharing/api/__init__.py
@@ -1,4 +1,4 @@
-from . import (
+from dataall.modules.dataset_sharing.api import (
     input_types,
     mutations,
     queries,
diff --git a/backend/dataall/api/Objects/ShareObject/input_types.py b/backend/dataall/modules/dataset_sharing/api/input_types.py
similarity index 98%
rename from backend/dataall/api/Objects/ShareObject/input_types.py
rename to backend/dataall/modules/dataset_sharing/api/input_types.py
index 04f7269ec..fba467b67 100644
--- a/backend/dataall/api/Objects/ShareObject/input_types.py
+++ b/backend/dataall/modules/dataset_sharing/api/input_types.py
@@ -1,4 +1,4 @@
-from ....api.constants import *
+from dataall.api.constants import *
 
 
 NewShareObjectInput = gql.InputType(
diff --git a/backend/dataall/api/Objects/ShareObject/mutations.py b/backend/dataall/modules/dataset_sharing/api/mutations.py
similarity index 97%
rename from backend/dataall/api/Objects/ShareObject/mutations.py
rename to backend/dataall/modules/dataset_sharing/api/mutations.py
index d8247837d..472ba2764 100644
--- a/backend/dataall/api/Objects/ShareObject/mutations.py
+++ b/backend/dataall/modules/dataset_sharing/api/mutations.py
@@ -1,4 +1,4 @@
-from .resolvers import *
+from dataall.modules.dataset_sharing.api.resolvers import *
 
 createShareObject = gql.MutationField(
     name='createShareObject',
diff --git a/backend/dataall/api/Objects/ShareObject/queries.py b/backend/dataall/modules/dataset_sharing/api/queries.py
similarity index 91%
rename from backend/dataall/api/Objects/ShareObject/queries.py
rename to backend/dataall/modules/dataset_sharing/api/queries.py
index e74be6b03..1033d4408 100644
--- a/backend/dataall/api/Objects/ShareObject/queries.py
+++ b/backend/dataall/modules/dataset_sharing/api/queries.py
@@ -1,4 +1,4 @@
-from .resolvers import *
+from dataall.modules.dataset_sharing.api.resolvers import *
 
 getShareObject = gql.QueryField(
     name='getShareObject',
diff --git a/backend/dataall/api/Objects/ShareObject/resolvers.py b/backend/dataall/modules/dataset_sharing/api/resolvers.py
similarity index 98%
rename from backend/dataall/api/Objects/ShareObject/resolvers.py
rename to backend/dataall/modules/dataset_sharing/api/resolvers.py
index f2e58fa14..46f0261a1 100644
--- a/backend/dataall/api/Objects/ShareObject/resolvers.py
+++ b/backend/dataall/modules/dataset_sharing/api/resolvers.py
@@ -1,12 +1,11 @@
 import logging
 
-
-from .... import db
-from .... import utils
-from ....api.constants import *
-from ....api.context import Context
-from ....aws.handlers.service_handlers import Worker
-from ....db import models
+from dataall import db
+from dataall import utils
+from dataall.api.constants import *
+from dataall.api.context import Context
+from dataall.aws.handlers.service_handlers import Worker
+from dataall.db import models
 from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable, Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
 
diff --git a/backend/dataall/api/Objects/ShareObject/schema.py b/backend/dataall/modules/dataset_sharing/api/schema.py
similarity index 99%
rename from backend/dataall/api/Objects/ShareObject/schema.py
rename to backend/dataall/modules/dataset_sharing/api/schema.py
index 7a26154e3..c99382205 100644
--- a/backend/dataall/api/Objects/ShareObject/schema.py
+++ b/backend/dataall/modules/dataset_sharing/api/schema.py
@@ -1,4 +1,4 @@
-from .resolvers import *
+from dataall.modules.dataset_sharing.api.resolvers import *
 from dataall.api.Objects.Environment.resolvers import resolve_environment
 
 ShareableObject = gql.Union(

From e881a487b570af1394c2fda1fcccaefdac55b338 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 5 May 2023 10:39:37 +0200
Subject: [PATCH 121/346] Moved code of Share

---
 .../api/Objects/Environment/resolvers.py      |  3 +--
 .../dataall/api/Objects/Group/resolvers.py    |  2 +-
 backend/dataall/api/Objects/__init__.py       |  1 -
 backend/dataall/db/api/__init__.py            |  1 -
 .../modules/dataset_sharing/__init__.py       |  3 ++-
 .../services/dataset_share_service.py         |  0
 .../services/share_notification_service.py    |  0
 .../dataset_sharing/services}/share_object.py | 22 ++++++++-----------
 .../datasets/tasks/subscription_service.py    |  2 +-
 9 files changed, 14 insertions(+), 20 deletions(-)
 rename backend/dataall/modules/{datasets => dataset_sharing}/services/dataset_share_service.py (100%)
 rename backend/dataall/modules/{datasets => dataset_sharing}/services/share_notification_service.py (100%)
 rename backend/dataall/{db/api => modules/dataset_sharing/services}/share_object.py (97%)

diff --git a/backend/dataall/api/Objects/Environment/resolvers.py b/backend/dataall/api/Objects/Environment/resolvers.py
index b22ee0c5a..b241f6dbb 100644
--- a/backend/dataall/api/Objects/Environment/resolvers.py
+++ b/backend/dataall/api/Objects/Environment/resolvers.py
@@ -11,7 +11,6 @@
 from ..Stack import stack_helper
 from ...constants import *
 from ....aws.handlers.sts import SessionHelper
-from ....aws.handlers.quicksight import Quicksight
 from ....aws.handlers.cloudformation import CloudFormation
 from ....aws.handlers.iam import IAM
 from ....aws.handlers.parameter_store import ParameterStoreManager
@@ -22,7 +21,7 @@
     NamingConventionPattern,
 )
 
-from dataall.modules.datasets.services.dataset_share_service import DatasetShareService
+from dataall.modules.dataset_sharing.services.dataset_share_service import DatasetShareService
 
 log = logging.getLogger()
 
diff --git a/backend/dataall/api/Objects/Group/resolvers.py b/backend/dataall/api/Objects/Group/resolvers.py
index d29c5be2c..eb7b04ce7 100644
--- a/backend/dataall/api/Objects/Group/resolvers.py
+++ b/backend/dataall/api/Objects/Group/resolvers.py
@@ -4,7 +4,7 @@
 from ....db import exceptions
 from ....db.models import Group
 from ....aws.handlers.cognito import Cognito
-from ....modules.datasets.services.dataset_share_service import DatasetShareService
+from dataall.modules.dataset_sharing.services.dataset_share_service import DatasetShareService
 
 log = logging.getLogger()
 
diff --git a/backend/dataall/api/Objects/__init__.py b/backend/dataall/api/Objects/__init__.py
index 94a2ed2ba..798f3636b 100644
--- a/backend/dataall/api/Objects/__init__.py
+++ b/backend/dataall/api/Objects/__init__.py
@@ -20,7 +20,6 @@
     Group,
     Principal,
     Dashboard,
-    ShareObject,
     Organization,
     Stack,
     Test,
diff --git a/backend/dataall/db/api/__init__.py b/backend/dataall/db/api/__init__.py
index ed19787aa..cfc41776d 100644
--- a/backend/dataall/db/api/__init__.py
+++ b/backend/dataall/db/api/__init__.py
@@ -10,7 +10,6 @@
 from .environment import Environment
 from .glossary import Glossary
 from .vote import Vote
-from .share_object import ShareObject, ShareObjectSM, ShareItemSM
 from .notification import Notification
 from .redshift_cluster import RedshiftCluster
 from .vpc import Vpc
diff --git a/backend/dataall/modules/dataset_sharing/__init__.py b/backend/dataall/modules/dataset_sharing/__init__.py
index ed6b62297..793662cc7 100644
--- a/backend/dataall/modules/dataset_sharing/__init__.py
+++ b/backend/dataall/modules/dataset_sharing/__init__.py
@@ -13,4 +13,5 @@ def is_supported(modes: List[ImportMode]) -> bool:
         return ImportMode.API in modes
 
     def __init__(self):
-        log.info("API pf dataset sharing has been imported")
+        from dataall.modules.dataset_sharing import api
+        log.info("API of dataset sharing has been imported")
diff --git a/backend/dataall/modules/datasets/services/dataset_share_service.py b/backend/dataall/modules/dataset_sharing/services/dataset_share_service.py
similarity index 100%
rename from backend/dataall/modules/datasets/services/dataset_share_service.py
rename to backend/dataall/modules/dataset_sharing/services/dataset_share_service.py
diff --git a/backend/dataall/modules/datasets/services/share_notification_service.py b/backend/dataall/modules/dataset_sharing/services/share_notification_service.py
similarity index 100%
rename from backend/dataall/modules/datasets/services/share_notification_service.py
rename to backend/dataall/modules/dataset_sharing/services/share_notification_service.py
diff --git a/backend/dataall/db/api/share_object.py b/backend/dataall/modules/dataset_sharing/services/share_object.py
similarity index 97%
rename from backend/dataall/db/api/share_object.py
rename to backend/dataall/modules/dataset_sharing/services/share_object.py
index 4917664b9..264534ff2 100644
--- a/backend/dataall/db/api/share_object.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_object.py
@@ -2,17 +2,18 @@
 
 from sqlalchemy import and_, or_, func, case
 
-from . import (
+from dataall.db.api import (
     has_resource_perm,
     ResourcePolicy,
     Environment,
 )
-from .. import api, utils
-from .. import models, exceptions, permissions, paginate
-from ..models.Enums import ShareObjectStatus, ShareItemStatus, ShareObjectActions, ShareItemActions, ShareableType, PrincipalType
+from dataall.db import api, utils
+from dataall.db import models, exceptions, permissions, paginate
+from dataall.db.models.Enums import ShareObjectStatus, ShareItemStatus, ShareObjectActions, ShareItemActions, ShareableType, PrincipalType
 from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable, Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
-from ...modules.datasets.services.permissions import DATASET_TABLE_READ
+from dataall.modules.datasets.services.permissions import DATASET_TABLE_READ
+from dataall.modules.dataset_sharing.services.share_notification_service import ShareNotificationService
 
 logger = logging.getLogger(__name__)
 
@@ -563,8 +564,6 @@ def submit_share_object(
 
         Share_SM.update_state(session, share, new_share_state)
 
-        # TODO Temporary, to solve cyclic imports. It will go away when shares are in a dedicated module.
-        from dataall.modules.datasets.services.share_notification_service import ShareNotificationService
         ShareNotificationService.notify_share_object_submission(
             session, username, dataset, share
         )
@@ -612,8 +611,7 @@ def approve_share_object(
                 resource_type=DatasetTable.__name__,
             )
 
-        # TODO Temporary, to solve cyclic imports. It will go away when shares are in a dedicated module.
-        from dataall.modules.datasets.services.share_notification_service import ShareNotificationService
+        from dataall.modules.dataset_sharing.services.share_notification_service import ShareNotificationService
         ShareNotificationService.notify_share_object_approval(session, username, dataset, share)
         return share
 
@@ -648,8 +646,7 @@ def reject_share_object(
             resource_uri=dataset.datasetUri,
         )
 
-        # TODO Temporary, to solve cyclic imports. It will go away when shares are in a dedicated module.
-        from dataall.modules.datasets.services.share_notification_service import ShareNotificationService
+        from dataall.modules.dataset_sharing.services.share_notification_service import ShareNotificationService
         ShareNotificationService.notify_share_object_rejection(session, username, dataset, share)
         return share
 
@@ -693,8 +690,7 @@ def revoke_items_share_object(
             resource_uri=dataset.datasetUri,
         )
 
-        # TODO Temporary, to solve cyclic imports. It will go away when shares are in a dedicated module.
-        from dataall.modules.datasets.services.share_notification_service import ShareNotificationService
+        from dataall.modules.dataset_sharing.services.share_notification_service import ShareNotificationService
         ShareNotificationService.notify_share_object_rejection(session, username, dataset, share)
         return share
 
diff --git a/backend/dataall/modules/datasets/tasks/subscription_service.py b/backend/dataall/modules/datasets/tasks/subscription_service.py
index a261fad8a..4bbe7c34b 100644
--- a/backend/dataall/modules/datasets/tasks/subscription_service.py
+++ b/backend/dataall/modules/datasets/tasks/subscription_service.py
@@ -13,7 +13,7 @@
 from dataall.db import get_engine
 from dataall.db import models
 from dataall.modules.datasets.services.dataset_profiling_service import DatasetProfilingService
-from dataall.modules.datasets.services.share_notification_service import ShareNotificationService
+`from dataall.modules.dataset_sharing.services.share_notification_service import ShareNotificationService
 from dataall.tasks.subscriptions import poll_queues
 from dataall.utils import json_utils
 from dataall.modules.datasets.services.dataset_table_service import DatasetTableService

From e0aac6aaa30a64d7adb207f2139f791f2357a14b Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 5 May 2023 11:53:56 +0200
Subject: [PATCH 122/346] Moved Share models

---
 backend/dataall/db/api/environment.py         |  10 +-
 backend/dataall/db/api/redshift_cluster.py    |  38 +-
 backend/dataall/db/models/Enums.py            |  51 ---
 backend/dataall/db/models/ShareObjectItem.py  |  27 --
 backend/dataall/db/models/__init__.py         |   2 -
 .../modules/dataset_sharing/api/resolvers.py  |  64 ++--
 .../modules/dataset_sharing/db/Enums.py       |  52 +++
 .../modules/dataset_sharing/db/__init__.py    |   0
 .../dataset_sharing/db/models.py}             |  26 +-
 .../dataset_sharing/services/__init__.py      |   0
 .../services/dataset_share_service.py         |  88 ++---
 .../services/share_notification_service.py    |   9 +-
 .../dataset_sharing/services/share_object.py  | 348 +++++++++---------
 .../modules/datasets/api/dataset/resolvers.py |   7 +-
 .../datasets/handlers/glue_dataset_handler.py |   3 -
 .../services/dataset_alarm_service.py         |   5 +-
 .../services/dataset_location_service.py      |  16 +-
 .../datasets/services/dataset_service.py      |  64 ++--
 .../services/dataset_table_service.py         |  33 +-
 .../datasets/tasks/bucket_policy_updater.py   |  30 +-
 .../datasets/tasks/subscription_service.py    |  23 +-
 .../data_sharing/data_sharing_service.py      |  51 +--
 .../share_managers/lf_share_manager.py        |  12 +-
 .../share_managers/s3_share_manager.py        |  19 +-
 .../lf_process_cross_account_share.py         |  32 +-
 .../lf_process_same_account_share.py          |  27 +-
 .../share_processors/s3_process_share.py      |  33 +-
 ...215e_backfill_dataset_table_permissions.py |   6 +-
 tests/api/conftest.py                         |  19 +-
 tests/api/test_share.py                       | 118 +++---
 tests/tasks/conftest.py                       |  20 +-
 tests/tasks/test_lf_share_manager.py          |  77 ++--
 tests/tasks/test_s3_share_manager.py          |  70 ++--
 tests/tasks/test_subscriptions.py             |  11 +-
 34 files changed, 712 insertions(+), 679 deletions(-)
 delete mode 100644 backend/dataall/db/models/ShareObjectItem.py
 create mode 100644 backend/dataall/modules/dataset_sharing/db/Enums.py
 create mode 100644 backend/dataall/modules/dataset_sharing/db/__init__.py
 rename backend/dataall/{db/models/ShareObject.py => modules/dataset_sharing/db/models.py} (51%)
 create mode 100644 backend/dataall/modules/dataset_sharing/services/__init__.py

diff --git a/backend/dataall/db/api/environment.py b/backend/dataall/db/api/environment.py
index 734e3dcbb..0e5c1cb86 100644
--- a/backend/dataall/db/api/environment.py
+++ b/backend/dataall/db/api/environment.py
@@ -28,6 +28,8 @@
     NamingConventionPattern,
 )
 from dataall.core.group.services.group_resource_manager import GroupResourceManager
+# TODO get rid of it
+from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
 
 log = logging.getLogger(__name__)
 
@@ -988,14 +990,14 @@ def delete_environment(session, username, groups, uri, data=None, check_perm=Non
         )
 
         env_shared_with_objects = (
-            session.query(models.ShareObject)
-            .filter(models.ShareObject.environmentUri == environment.environmentUri)
+            session.query(ShareObject)
+            .filter(ShareObject.environmentUri == environment.environmentUri)
             .all()
         )
         for share in env_shared_with_objects:
             (
-                session.query(models.ShareObjectItem)
-                .filter(models.ShareObjectItem.shareUri == share.shareUri)
+                session.query(ShareObjectItem)
+                .filter(ShareObjectItem.shareUri == share.shareUri)
                 .delete()
             )
             session.delete(share)
diff --git a/backend/dataall/db/api/redshift_cluster.py b/backend/dataall/db/api/redshift_cluster.py
index f43614421..6f57e38fc 100644
--- a/backend/dataall/db/api/redshift_cluster.py
+++ b/backend/dataall/db/api/redshift_cluster.py
@@ -11,6 +11,8 @@
 )
 from dataall.utils.slugify import slugify
 from dataall.modules.datasets.services.dataset_service import DatasetService
+from dataall.modules.dataset_sharing.db.models import ShareObject, ShareObjectItem
+from dataall.modules.dataset_sharing.services.share_object import ShareItemSM
 
 log = logging.getLogger(__name__)
 
@@ -185,29 +187,29 @@ def list_available_datasets(
         cluster: models.RedshiftCluster = RedshiftCluster.get_redshift_cluster_by_uri(
             session, uri
         )
-        share_item_shared_states = api.ShareItemSM.get_share_item_shared_states()
+        share_item_shared_states = ShareItemSM.get_share_item_shared_states()
 
         shared = (
             session.query(
-                models.ShareObject.datasetUri.label('datasetUri'),
+                ShareObject.datasetUri.label('datasetUri'),
                 literal(cluster.clusterUri).label('clusterUri'),
             )
             .join(
                 models.RedshiftCluster,
                 models.RedshiftCluster.environmentUri
-                == models.ShareObject.environmentUri,
+                == ShareObject.environmentUri,
             )
             .filter(
                 and_(
                     models.RedshiftCluster.clusterUri == cluster.clusterUri,
-                    models.ShareObjectItem.status.in_(share_item_shared_states),
+                    ShareObjectItem.status.in_(share_item_shared_states),
                     or_(
-                        models.ShareObject.owner == username,
-                        models.ShareObject.principalId.in_(groups),
+                        ShareObject.owner == username,
+                        ShareObject.principalId.in_(groups),
                     ),
                 )
             )
-            .group_by(models.ShareObject.datasetUri, models.RedshiftCluster.clusterUri)
+            .group_by(ShareObject.datasetUri, models.RedshiftCluster.clusterUri)
         )
         created = (
             session.query(
@@ -300,36 +302,36 @@ def list_available_cluster_tables(
         cluster: models.RedshiftCluster = RedshiftCluster.get_redshift_cluster_by_uri(
             session, uri
         )
-        share_item_shared_states = api.ShareItemSM.get_share_item_shared_states()
+        share_item_shared_states = ShareItemSM.get_share_item_shared_states()
 
         shared = (
             session.query(
-                models.ShareObject.datasetUri.label('datasetUri'),
-                models.ShareObjectItem.itemUri.label('tableUri'),
+                ShareObject.datasetUri.label('datasetUri'),
+                ShareObjectItem.itemUri.label('tableUri'),
                 literal(cluster.clusterUri).label('clusterUri'),
             )
             .join(
-                models.ShareObject,
-                models.ShareObject.shareUri == models.ShareObjectItem.shareUri,
+                ShareObject,
+                ShareObject.shareUri == ShareObjectItem.shareUri,
             )
             .join(
                 models.RedshiftCluster,
                 models.RedshiftCluster.environmentUri
-                == models.ShareObject.environmentUri,
+                == ShareObject.environmentUri,
             )
             .filter(
                 and_(
                     models.RedshiftCluster.clusterUri == cluster.clusterUri,
-                    models.ShareObjectItem.status.in_(share_item_shared_states),
+                    ShareObjectItem.status.in_(share_item_shared_states),
                     or_(
-                        models.ShareObject.owner == username,
-                        models.ShareObject.principalId.in_(groups),
+                        ShareObject.owner == username,
+                        ShareObject.principalId.in_(groups),
                     ),
                 )
             )
             .group_by(
-                models.ShareObject.datasetUri,
-                models.ShareObjectItem.itemUri,
+                ShareObject.datasetUri,
+                ShareObjectItem.itemUri,
                 models.RedshiftCluster.clusterUri,
             )
         )
diff --git a/backend/dataall/db/models/Enums.py b/backend/dataall/db/models/Enums.py
index 8e981242b..f5b5200cf 100644
--- a/backend/dataall/db/models/Enums.py
+++ b/backend/dataall/db/models/Enums.py
@@ -109,57 +109,6 @@ class PrincipalType(Enum):
     ConsumptionRole = 'ConsumptionRole'
 
 
-class ShareObjectPermission(Enum):
-    Approvers = '999'
-    Requesters = '800'
-    DatasetAdmins = '700'
-    NoPermission = '000'
-
-
-class ShareObjectStatus(Enum):
-    Deleted = 'Deleted'
-    Approved = 'Approved'
-    Rejected = 'Rejected'
-    Revoked = 'Revoked'
-    Draft = 'Draft'
-    Submitted = 'Submitted'
-    Revoke_In_Progress = 'Revoke_In_Progress'
-    Share_In_Progress = 'Share_In_Progress'
-    Processed = 'Processed'
-
-
-class ShareItemStatus(Enum):
-    Deleted = 'Deleted'
-    PendingApproval = 'PendingApproval'
-    Share_Approved = 'Share_Approved'
-    Share_Rejected = 'Share_Rejected'
-    Share_In_Progress = 'Share_In_Progress'
-    Share_Succeeded = 'Share_Succeeded'
-    Share_Failed = 'Share_Failed'
-    Revoke_Approved = 'Revoke_Approved'
-    Revoke_In_Progress = 'Revoke_In_Progress'
-    Revoke_Failed = 'Revoke_Failed'
-    Revoke_Succeeded = 'Revoke_Succeeded'
-
-
-class ShareObjectActions(Enum):
-    Submit = 'Submit'
-    Approve = 'Approve'
-    Reject = 'Reject'
-    RevokeItems = 'RevokeItems'
-    Start = 'Start'
-    Finish = 'Finish'
-    FinishPending = 'FinishPending'
-    Delete = 'Delete'
-
-
-class ShareItemActions(Enum):
-    AddItem = 'AddItem'
-    RemoveItem = 'RemoveItem'
-    Failure = 'Failure'
-    Success = 'Success'
-
-
 class ConfidentialityClassification(Enum):
     Unclassified = 'Unclassified'
     Official = 'Official'
diff --git a/backend/dataall/db/models/ShareObjectItem.py b/backend/dataall/db/models/ShareObjectItem.py
deleted file mode 100644
index dac037687..000000000
--- a/backend/dataall/db/models/ShareObjectItem.py
+++ /dev/null
@@ -1,27 +0,0 @@
-from datetime import datetime
-
-from sqlalchemy import Column, DateTime, String
-
-from .Enums import ShareItemStatus
-from .. import Base, utils
-
-
-class ShareObjectItem(Base):
-    __tablename__ = 'share_object_item'
-    shareUri = Column(String, nullable=False)
-    shareItemUri = Column(
-        String, default=utils.uuid('shareitem'), nullable=False, primary_key=True
-    )
-    itemType = Column(String, nullable=False)
-    itemUri = Column(String, nullable=False)
-    itemName = Column(String, nullable=False)
-    permission = Column(String, nullable=True)
-    created = Column(DateTime, nullable=False, default=datetime.now)
-    updated = Column(DateTime, nullable=True, onupdate=datetime.now)
-    deleted = Column(DateTime, nullable=True)
-    owner = Column(String, nullable=False)
-    GlueDatabaseName = Column(String, nullable=True)
-    GlueTableName = Column(String, nullable=True)
-    S3AccessPointName = Column(String, nullable=True)
-    status = Column(String, nullable=False, default=ShareItemStatus.PendingApproval.value)
-    action = Column(String, nullable=True)
diff --git a/backend/dataall/db/models/__init__.py b/backend/dataall/db/models/__init__.py
index fff02245e..fbed60b1e 100644
--- a/backend/dataall/db/models/__init__.py
+++ b/backend/dataall/db/models/__init__.py
@@ -21,8 +21,6 @@
 from .ResourcePolicy import ResourcePolicy
 from .ResourcePolicyPermission import ResourcePolicyPermission
 from .SagemakerStudio import SagemakerStudio, SagemakerStudioUserProfile
-from .ShareObject import ShareObject
-from .ShareObjectItem import ShareObjectItem
 from .DataPipeline import DataPipeline
 from .DataPipelineEnvironment import DataPipelineEnvironment
 from .Stack import Stack
diff --git a/backend/dataall/modules/dataset_sharing/api/resolvers.py b/backend/dataall/modules/dataset_sharing/api/resolvers.py
index 46f0261a1..ec634bc41 100644
--- a/backend/dataall/modules/dataset_sharing/api/resolvers.py
+++ b/backend/dataall/modules/dataset_sharing/api/resolvers.py
@@ -2,10 +2,13 @@
 
 from dataall import db
 from dataall import utils
+from dataall.api.Objects.Principal.resolvers import get_principal
 from dataall.api.constants import *
 from dataall.api.context import Context
 from dataall.aws.handlers.service_handlers import Worker
 from dataall.db import models
+from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
+from dataall.modules.dataset_sharing.services.share_object import ShareObjectService
 from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable, Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
 
@@ -16,7 +19,7 @@ def get_share_object_dataset(context, source, **kwargs):
     if not source:
         return None
     with context.engine.scoped_session() as session:
-        share: models.ShareObject = session.query(models.ShareObject).get(
+        share: ShareObject = session.query(ShareObject).get(
             source.shareUri
         )
         return session.query(Dataset).get(share.datasetUri)
@@ -41,7 +44,7 @@ def create_share_object(
         input['itemUri'] = itemUri
         input['itemType'] = itemType
         input['datasetUri'] = datasetUri
-        return db.api.ShareObject.create_share_object(
+        return ShareObjectService.create_share_object(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -53,7 +56,7 @@ def create_share_object(
 
 def submit_share_object(context: Context, source, shareUri: str = None):
     with context.engine.scoped_session() as session:
-        return db.api.ShareObject.submit_share_object(
+        return ShareObjectService.submit_share_object(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -65,7 +68,7 @@ def submit_share_object(context: Context, source, shareUri: str = None):
 
 def approve_share_object(context: Context, source, shareUri: str = None):
     with context.engine.scoped_session() as session:
-        share = db.api.ShareObject.approve_share_object(
+        share = ShareObjectService.approve_share_object(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -88,7 +91,7 @@ def approve_share_object(context: Context, source, shareUri: str = None):
 
 def reject_share_object(context: Context, source, shareUri: str = None):
     with context.engine.scoped_session() as session:
-        return db.api.ShareObject.reject_share_object(
+        return ShareObjectService.reject_share_object(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -100,7 +103,7 @@ def reject_share_object(context: Context, source, shareUri: str = None):
 
 def revoke_items_share_object(context: Context, source, input):
     with context.engine.scoped_session() as session:
-        share = db.api.ShareObject.revoke_items_share_object(
+        share = ShareObjectService.revoke_items_share_object(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -123,11 +126,11 @@ def revoke_items_share_object(context: Context, source, input):
 
 def delete_share_object(context: Context, source, shareUri: str = None):
     with context.engine.scoped_session() as session:
-        share = db.api.ShareObject.get_share_by_uri(session, shareUri)
+        share = ShareObjectService.get_share_by_uri(session, shareUri)
         if not share:
             raise db.exceptions.ObjectNotFound('ShareObject', shareUri)
 
-        db.api.ShareObject.delete_share_object(
+        ShareObjectService.delete_share_object(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -140,7 +143,7 @@ def delete_share_object(context: Context, source, shareUri: str = None):
 
 def add_shared_item(context, source, shareUri: str = None, input: dict = None):
     with context.engine.scoped_session() as session:
-        share_item = db.api.ShareObject.add_share_object_item(
+        share_item = ShareObjectService.add_share_object_item(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -153,13 +156,13 @@ def add_shared_item(context, source, shareUri: str = None, input: dict = None):
 
 def remove_shared_item(context, source, shareItemUri: str = None):
     with context.engine.scoped_session() as session:
-        share_item: models.ShareObjectItem = session.query(models.ShareObjectItem).get(
+        share_item: ShareObjectItem = session.query(ShareObjectItem).get(
             shareItemUri
         )
         if not share_item:
             raise db.exceptions.ObjectNotFound('ShareObjectItem', shareItemUri)
-        share = db.api.ShareObject.get_share_by_uri(session, share_item.shareUri)
-        db.api.ShareObject.remove_share_object_item(
+        share = ShareObjectService.get_share_by_uri(session, share_item.shareUri)
+        ShareObjectService.remove_share_object_item(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -175,14 +178,14 @@ def remove_shared_item(context, source, shareItemUri: str = None):
 
 
 def list_shared_items(
-    context: Context, source: models.ShareObject, filter: dict = None
+    context: Context, source: ShareObject, filter: dict = None
 ):
     if not source:
         return None
     if not filter:
         filter = {}
     with context.engine.scoped_session() as session:
-        return db.api.ShareObject.list_shared_items(
+        return ShareObjectService.list_shared_items(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -192,11 +195,11 @@ def list_shared_items(
         )
 
 
-def resolve_shared_item(context, source: models.ShareObjectItem, **kwargs):
+def resolve_shared_item(context, source: ShareObjectItem, **kwargs):
     if not source:
         return None
     with context.engine.scoped_session() as session:
-        return db.api.ShareObject.get_share_item(
+        return ShareObjectService.get_share_item(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -208,7 +211,7 @@ def resolve_shared_item(context, source: models.ShareObjectItem, **kwargs):
 
 def get_share_object(context, source, shareUri: str = None):
     with context.engine.scoped_session() as session:
-        return db.api.ShareObject.get_share_object(
+        return ShareObjectService.get_share_object(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -218,7 +221,7 @@ def get_share_object(context, source, shareUri: str = None):
         )
 
 
-def resolve_user_role(context: Context, source: models.ShareObject, **kwargs):
+def resolve_user_role(context: Context, source: ShareObject, **kwargs):
     if not source:
         return None
     with context.engine.scoped_session() as session:
@@ -246,7 +249,7 @@ def resolve_user_role(context: Context, source: models.ShareObject, **kwargs):
             return ShareObjectPermission.NoPermission.value
 
 
-def resolve_dataset(context: Context, source: models.ShareObject, **kwargs):
+def resolve_dataset(context: Context, source: ShareObject, **kwargs):
     if not source:
         return None
     with context.engine.scoped_session() as session:
@@ -271,10 +274,9 @@ def union_resolver(object, *_):
         return 'DatasetStorageLocation'
 
 
-def resolve_principal(context: Context, source: models.ShareObject, **kwargs):
+def resolve_principal(context: Context, source: ShareObject, **kwargs):
     if not source:
         return None
-    from ..Principal.resolvers import get_principal
 
     with context.engine.scoped_session() as session:
         return get_principal(
@@ -282,13 +284,13 @@ def resolve_principal(context: Context, source: models.ShareObject, **kwargs):
         )
 
 
-def resolve_group(context: Context, source: models.ShareObject, **kwargs):
+def resolve_group(context: Context, source: ShareObject, **kwargs):
     if not source:
         return None
     return source.groupUri
 
 
-def resolve_consumption_data(context: Context, source: models.ShareObject, **kwargs):
+def resolve_consumption_data(context: Context, source: ShareObject, **kwargs):
     if not source:
         return None
     with context.engine.scoped_session() as session:
@@ -304,33 +306,33 @@ def resolve_consumption_data(context: Context, source: models.ShareObject, **kwa
             }
 
 
-def resolve_share_object_statistics(context: Context, source: models.ShareObject, **kwargs):
+def resolve_share_object_statistics(context: Context, source: ShareObject, **kwargs):
     if not source:
         return None
     with context.engine.scoped_session() as session:
-        return db.api.ShareObject.resolve_share_object_statistics(
+        return ShareObjectService.resolve_share_object_statistics(
             session, source.shareUri
         )
 
 
-def resolve_existing_shared_items(context: Context, source: models.ShareObject, **kwargs):
+def resolve_existing_shared_items(context: Context, source: ShareObject, **kwargs):
     if not source:
         return None
     with context.engine.scoped_session() as session:
-        return db.api.ShareObject.check_existing_shared_items(
+        return ShareObjectService.check_existing_shared_items(
             session, source.shareUri
         )
 
 
 def list_shareable_objects(
-    context: Context, source: models.ShareObject, filter: dict = None
+    context: Context, source: ShareObject, filter: dict = None
 ):
     if not source:
         return None
     if not filter:
         filter = {'page': 1, 'pageSize': 5}
     with context.engine.scoped_session() as session:
-        return db.api.ShareObject.list_shareable_items(
+        return ShareObjectService.list_shareable_items(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -344,7 +346,7 @@ def list_shares_in_my_inbox(context: Context, source, filter: dict = None):
     if not filter:
         filter = {}
     with context.engine.scoped_session() as session:
-        return db.api.ShareObject.list_user_received_share_requests(
+        return ShareObjectService.list_user_received_share_requests(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -358,7 +360,7 @@ def list_shares_in_my_outbox(context: Context, source, filter: dict = None):
     if not filter:
         filter = {}
     with context.engine.scoped_session() as session:
-        return db.api.ShareObject.list_user_sent_share_requests(
+        return ShareObjectService.list_user_sent_share_requests(
             session=session,
             username=context.username,
             groups=context.groups,
diff --git a/backend/dataall/modules/dataset_sharing/db/Enums.py b/backend/dataall/modules/dataset_sharing/db/Enums.py
new file mode 100644
index 000000000..e76485bd2
--- /dev/null
+++ b/backend/dataall/modules/dataset_sharing/db/Enums.py
@@ -0,0 +1,52 @@
+from enum import Enum
+
+
+class ShareObjectStatus(Enum):
+    Deleted = 'Deleted'
+    Approved = 'Approved'
+    Rejected = 'Rejected'
+    Revoked = 'Revoked'
+    Draft = 'Draft'
+    Submitted = 'Submitted'
+    Revoke_In_Progress = 'Revoke_In_Progress'
+    Share_In_Progress = 'Share_In_Progress'
+    Processed = 'Processed'
+
+
+class ShareObjectPermission(Enum):
+    Approvers = '999'
+    Requesters = '800'
+    DatasetAdmins = '700'
+    NoPermission = '000'
+
+
+class ShareItemStatus(Enum):
+    Deleted = 'Deleted'
+    PendingApproval = 'PendingApproval'
+    Share_Approved = 'Share_Approved'
+    Share_Rejected = 'Share_Rejected'
+    Share_In_Progress = 'Share_In_Progress'
+    Share_Succeeded = 'Share_Succeeded'
+    Share_Failed = 'Share_Failed'
+    Revoke_Approved = 'Revoke_Approved'
+    Revoke_In_Progress = 'Revoke_In_Progress'
+    Revoke_Failed = 'Revoke_Failed'
+    Revoke_Succeeded = 'Revoke_Succeeded'
+
+
+class ShareObjectActions(Enum):
+    Submit = 'Submit'
+    Approve = 'Approve'
+    Reject = 'Reject'
+    RevokeItems = 'RevokeItems'
+    Start = 'Start'
+    Finish = 'Finish'
+    FinishPending = 'FinishPending'
+    Delete = 'Delete'
+
+
+class ShareItemActions(Enum):
+    AddItem = 'AddItem'
+    RemoveItem = 'RemoveItem'
+    Failure = 'Failure'
+    Success = 'Success'
diff --git a/backend/dataall/modules/dataset_sharing/db/__init__.py b/backend/dataall/modules/dataset_sharing/db/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/backend/dataall/db/models/ShareObject.py b/backend/dataall/modules/dataset_sharing/db/models.py
similarity index 51%
rename from backend/dataall/db/models/ShareObject.py
rename to backend/dataall/modules/dataset_sharing/db/models.py
index 220099fd5..43436c290 100644
--- a/backend/dataall/db/models/ShareObject.py
+++ b/backend/dataall/modules/dataset_sharing/db/models.py
@@ -4,8 +4,8 @@
 from sqlalchemy import Boolean, Column, String, DateTime
 from sqlalchemy.orm import query_expression
 
-from .Enums import ShareObjectStatus
-from .. import Base, utils
+from dataall.db import Base, utils
+from dataall.modules.dataset_sharing.db.Enums import ShareObjectStatus, ShareItemStatus
 
 
 def in_one_month():
@@ -35,3 +35,25 @@ class ShareObject(Base):
     confirmed = Column(Boolean, default=False)
     userRoleForShareObject = query_expression()
     existingSharedItems = query_expression()
+
+
+class ShareObjectItem(Base):
+    __tablename__ = 'share_object_item'
+    shareUri = Column(String, nullable=False)
+    shareItemUri = Column(
+        String, default=utils.uuid('shareitem'), nullable=False, primary_key=True
+    )
+    itemType = Column(String, nullable=False)
+    itemUri = Column(String, nullable=False)
+    itemName = Column(String, nullable=False)
+    permission = Column(String, nullable=True)
+    created = Column(DateTime, nullable=False, default=datetime.now)
+    updated = Column(DateTime, nullable=True, onupdate=datetime.now)
+    deleted = Column(DateTime, nullable=True)
+    owner = Column(String, nullable=False)
+    GlueDatabaseName = Column(String, nullable=True)
+    GlueTableName = Column(String, nullable=True)
+    S3AccessPointName = Column(String, nullable=True)
+    status = Column(String, nullable=False, default=ShareItemStatus.PendingApproval.value)
+    action = Column(String, nullable=True)
+
diff --git a/backend/dataall/modules/dataset_sharing/services/__init__.py b/backend/dataall/modules/dataset_sharing/services/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/backend/dataall/modules/dataset_sharing/services/dataset_share_service.py b/backend/dataall/modules/dataset_sharing/services/dataset_share_service.py
index 90a5334d5..e2996d746 100644
--- a/backend/dataall/modules/dataset_sharing/services/dataset_share_service.py
+++ b/backend/dataall/modules/dataset_sharing/services/dataset_share_service.py
@@ -6,8 +6,10 @@
 
 from dataall.api.constants import ShareableType, PrincipalType
 from dataall.db import models, permissions
-from dataall.db.api import has_resource_perm, ShareItemSM
+from dataall.db.api import has_resource_perm
 from dataall.db.paginator import paginate
+from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
+from dataall.modules.dataset_sharing.services.share_object import ShareItemSM
 from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable, Dataset
 
 
@@ -21,25 +23,25 @@ def paginated_shared_with_environment_datasets(
         share_item_shared_states = ShareItemSM.get_share_item_shared_states()
         q = (
             session.query(
-                models.ShareObjectItem.shareUri.label('shareUri'),
+                ShareObjectItem.shareUri.label('shareUri'),
                 Dataset.datasetUri.label('datasetUri'),
                 Dataset.name.label('datasetName'),
                 Dataset.description.label('datasetDescription'),
                 models.Environment.environmentUri.label('environmentUri'),
                 models.Environment.name.label('environmentName'),
-                models.ShareObject.created.label('created'),
-                models.ShareObject.principalId.label('principalId'),
-                models.ShareObject.principalType.label('principalType'),
-                models.ShareObjectItem.itemType.label('itemType'),
-                models.ShareObjectItem.GlueDatabaseName.label('GlueDatabaseName'),
-                models.ShareObjectItem.GlueTableName.label('GlueTableName'),
-                models.ShareObjectItem.S3AccessPointName.label('S3AccessPointName'),
+                ShareObject.created.label('created'),
+                ShareObject.principalId.label('principalId'),
+                ShareObject.principalType.label('principalType'),
+                ShareObjectItem.itemType.label('itemType'),
+                ShareObjectItem.GlueDatabaseName.label('GlueDatabaseName'),
+                ShareObjectItem.GlueTableName.label('GlueTableName'),
+                ShareObjectItem.S3AccessPointName.label('S3AccessPointName'),
                 models.Organization.organizationUri.label('organizationUri'),
                 models.Organization.name.label('organizationName'),
                 case(
                     [
                         (
-                            models.ShareObjectItem.itemType
+                            ShareObjectItem.itemType
                             == ShareableType.Table.value,
                             func.concat(
                                 DatasetTable.GlueDatabaseName,
@@ -48,7 +50,7 @@ def paginated_shared_with_environment_datasets(
                             ),
                         ),
                         (
-                            models.ShareObjectItem.itemType
+                            ShareObjectItem.itemType
                             == ShareableType.StorageLocation.value,
                             func.concat(DatasetStorageLocation.name),
                         ),
@@ -57,12 +59,12 @@ def paginated_shared_with_environment_datasets(
                 ).label('itemAccess'),
             )
             .join(
-                models.ShareObject,
-                models.ShareObject.shareUri == models.ShareObjectItem.shareUri,
+                ShareObject,
+                ShareObject.shareUri == ShareObjectItem.shareUri,
             )
             .join(
                 Dataset,
-                models.ShareObject.datasetUri == Dataset.datasetUri,
+                ShareObject.datasetUri == Dataset.datasetUri,
             )
             .join(
                 models.Environment,
@@ -75,38 +77,38 @@ def paginated_shared_with_environment_datasets(
             )
             .outerjoin(
                 DatasetTable,
-                models.ShareObjectItem.itemUri == DatasetTable.tableUri,
+                ShareObjectItem.itemUri == DatasetTable.tableUri,
             )
             .outerjoin(
                 DatasetStorageLocation,
-                models.ShareObjectItem.itemUri
+                ShareObjectItem.itemUri
                 == DatasetStorageLocation.locationUri,
             )
             .filter(
                 and_(
-                    models.ShareObjectItem.status.in_(share_item_shared_states),
-                    models.ShareObject.environmentUri == uri,
+                    ShareObjectItem.status.in_(share_item_shared_states),
+                    ShareObject.environmentUri == uri,
                 )
             )
         )
 
         if data.get('datasetUri'):
             datasetUri = data.get('datasetUri')
-            q = q.filter(models.ShareObject.datasetUri == datasetUri)
+            q = q.filter(ShareObject.datasetUri == datasetUri)
 
         if data.get('itemTypes', None):
             itemTypes = data.get('itemTypes')
             q = q.filter(
-                or_(*[models.ShareObjectItem.itemType == t for t in itemTypes])
+                or_(*[ShareObjectItem.itemType == t for t in itemTypes])
             )
 
         if data.get("uniqueShares", False):
-            q = q.filter(models.ShareObject.principalType != PrincipalType.ConsumptionRole.value)
-            q = q.distinct(models.ShareObject.shareUri)
+            q = q.filter(ShareObject.principalType != PrincipalType.ConsumptionRole.value)
+            q = q.distinct(ShareObject.shareUri)
 
         if data.get('term'):
             term = data.get('term')
-            q = q.filter(models.ShareObjectItem.itemName.ilike('%' + term + '%'))
+            q = q.filter(ShareObjectItem.itemName.ilike('%' + term + '%'))
 
         return paginate(
             query=q, page=data.get('page', 1), page_size=data.get('pageSize', 10)
@@ -119,24 +121,24 @@ def paginated_shared_with_environment_group_datasets(
         share_item_shared_states = ShareItemSM.get_share_item_shared_states()
         q = (
             session.query(
-                models.ShareObjectItem.shareUri.label('shareUri'),
+                ShareObjectItem.shareUri.label('shareUri'),
                 Dataset.datasetUri.label('datasetUri'),
                 Dataset.name.label('datasetName'),
                 Dataset.description.label('datasetDescription'),
                 models.Environment.environmentUri.label('environmentUri'),
                 models.Environment.name.label('environmentName'),
-                models.ShareObject.created.label('created'),
-                models.ShareObject.principalId.label('principalId'),
-                models.ShareObjectItem.itemType.label('itemType'),
-                models.ShareObjectItem.GlueDatabaseName.label('GlueDatabaseName'),
-                models.ShareObjectItem.GlueTableName.label('GlueTableName'),
-                models.ShareObjectItem.S3AccessPointName.label('S3AccessPointName'),
+                ShareObject.created.label('created'),
+                ShareObject.principalId.label('principalId'),
+                ShareObjectItem.itemType.label('itemType'),
+                ShareObjectItem.GlueDatabaseName.label('GlueDatabaseName'),
+                ShareObjectItem.GlueTableName.label('GlueTableName'),
+                ShareObjectItem.S3AccessPointName.label('S3AccessPointName'),
                 models.Organization.organizationUri.label('organizationUri'),
                 models.Organization.name.label('organizationName'),
                 case(
                     [
                         (
-                            models.ShareObjectItem.itemType
+                            ShareObjectItem.itemType
                             == ShareableType.Table.value,
                             func.concat(
                                 DatasetTable.GlueDatabaseName,
@@ -145,7 +147,7 @@ def paginated_shared_with_environment_group_datasets(
                             ),
                         ),
                         (
-                            models.ShareObjectItem.itemType
+                            ShareObjectItem.itemType
                             == ShareableType.StorageLocation.value,
                             func.concat(DatasetStorageLocation.name),
                         ),
@@ -154,12 +156,12 @@ def paginated_shared_with_environment_group_datasets(
                 ).label('itemAccess'),
             )
             .join(
-                models.ShareObject,
-                models.ShareObject.shareUri == models.ShareObjectItem.shareUri,
+                ShareObject,
+                ShareObject.shareUri == ShareObjectItem.shareUri,
             )
             .join(
                 Dataset,
-                models.ShareObject.datasetUri == Dataset.datasetUri,
+                ShareObject.datasetUri == Dataset.datasetUri,
             )
             .join(
                 models.Environment,
@@ -172,34 +174,34 @@ def paginated_shared_with_environment_group_datasets(
             )
             .outerjoin(
                 DatasetTable,
-                models.ShareObjectItem.itemUri == DatasetTable.tableUri,
+                ShareObjectItem.itemUri == DatasetTable.tableUri,
             )
             .outerjoin(
                 DatasetStorageLocation,
-                models.ShareObjectItem.itemUri
+                ShareObjectItem.itemUri
                 == DatasetStorageLocation.locationUri,
             )
             .filter(
                 and_(
-                    models.ShareObjectItem.status.in_(share_item_shared_states),
-                    models.ShareObject.environmentUri == envUri,
-                    models.ShareObject.principalId == groupUri,
+                    ShareObjectItem.status.in_(share_item_shared_states),
+                    ShareObject.environmentUri == envUri,
+                    ShareObject.principalId == groupUri,
                 )
             )
         )
 
         if data.get('datasetUri'):
             datasetUri = data.get('datasetUri')
-            q = q.filter(models.ShareObject.datasetUri == datasetUri)
+            q = q.filter(ShareObject.datasetUri == datasetUri)
 
         if data.get('itemTypes', None):
             itemTypes = data.get('itemTypes')
             q = q.filter(
-                or_(*[models.ShareObjectItem.itemType == t for t in itemTypes])
+                or_(*[ShareObjectItem.itemType == t for t in itemTypes])
             )
         if data.get('term'):
             term = data.get('term')
-            q = q.filter(models.ShareObjectItem.itemName.ilike('%' + term + '%'))
+            q = q.filter(ShareObjectItem.itemName.ilike('%' + term + '%'))
 
         return paginate(
             query=q, page=data.get('page', 1), page_size=data.get('pageSize', 10)
diff --git a/backend/dataall/modules/dataset_sharing/services/share_notification_service.py b/backend/dataall/modules/dataset_sharing/services/share_notification_service.py
index 896094ab3..59c12fef5 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_notification_service.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_notification_service.py
@@ -1,12 +1,13 @@
 from dataall.db import models
 from dataall.db.api import Notification
+from dataall.modules.dataset_sharing.db.models import ShareObject
 from dataall.modules.datasets.db.models import Dataset
 
 
 class ShareNotificationService:
     @staticmethod
     def notify_share_object_submission(
-            session, username: str, dataset: Dataset, share: models.ShareObject
+            session, username: str, dataset: Dataset, share: ShareObject
     ):
         notifications = []
         # stewards = Notification.get_dataset_stewards(session, dataset)
@@ -25,7 +26,7 @@ def notify_share_object_submission(
 
     @staticmethod
     def notify_share_object_approval(
-            session, username: str, dataset: Dataset, share: models.ShareObject
+            session, username: str, dataset: Dataset, share: ShareObject
     ):
         notifications = []
         targeted_users = ShareNotificationService._get_share_object_targeted_users(
@@ -46,7 +47,7 @@ def notify_share_object_approval(
 
     @staticmethod
     def notify_share_object_rejection(
-            session, username: str, dataset: Dataset, share: models.ShareObject
+            session, username: str, dataset: Dataset, share: ShareObject
     ):
         notifications = []
         targeted_users = ShareNotificationService._get_share_object_targeted_users(
@@ -67,7 +68,7 @@ def notify_share_object_rejection(
 
     @staticmethod
     def notify_new_data_available_from_owners(
-            session, dataset: Dataset, share: models.ShareObject, s3_prefix
+            session, dataset: Dataset, share: ShareObject, s3_prefix
     ):
         notifications = []
         targeted_users = ShareNotificationService._get_share_object_targeted_users(
diff --git a/backend/dataall/modules/dataset_sharing/services/share_object.py b/backend/dataall/modules/dataset_sharing/services/share_object.py
index 264534ff2..0fa291cbb 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_object.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_object.py
@@ -9,7 +9,10 @@
 )
 from dataall.db import api, utils
 from dataall.db import models, exceptions, permissions, paginate
-from dataall.db.models.Enums import ShareObjectStatus, ShareItemStatus, ShareObjectActions, ShareItemActions, ShareableType, PrincipalType
+from dataall.db.models.Enums import ShareableType, PrincipalType
+from dataall.modules.dataset_sharing.db.Enums import ShareObjectActions, ShareObjectStatus, ShareItemActions, \
+    ShareItemStatus
+from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
 from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable, Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.modules.datasets.services.permissions import DATASET_TABLE_READ
@@ -146,7 +149,7 @@ def run_transition(self, transition):
 
     def update_state(self, session, share, new_state):
         logger.info(f"Updating share object {share.shareUri} in DB from {self._state} to state {new_state}")
-        ShareObject.update_share_object_status(
+        ShareObjectService.update_share_object_status(
             session=session,
             shareUri=share.shareUri,
             status=new_state
@@ -276,14 +279,14 @@ def update_state(self, session, share_uri, new_state):
         if share_uri and (new_state != self._state):
             if new_state == ShareItemStatus.Deleted.value:
                 logger.info(f"Deleting share items in DB in {self._state} state")
-                ShareObject.delete_share_item_status_batch(
+                ShareObjectService.delete_share_item_status_batch(
                     session=session,
                     share_uri=share_uri,
                     status=self._state
                 )
             else:
                 logger.info(f"Updating share items in DB from {self._state} to state {new_state}")
-                ShareObject.update_share_item_status_batch(
+                ShareObjectService.update_share_item_status_batch(
                     session=session,
                     share_uri=share_uri,
                     old_status=self._state,
@@ -296,7 +299,7 @@ def update_state(self, session, share_uri, new_state):
 
     def update_state_single_item(self, session, share_item, new_state):
         logger.info(f"Updating share item in DB {share_item.shareItemUri} status to {new_state}")
-        ShareObject.update_share_item_status(
+        ShareObjectService.update_share_item_status(
             session=session,
             uri=share_item.shareItemUri,
             status=new_state
@@ -322,7 +325,7 @@ def get_share_item_revokable_states():
         ]
 
 
-class ShareObject:
+class ShareObjectService:
     @staticmethod
     @has_resource_perm(permissions.CREATE_SHARE_OBJECT)
     def create_share_object(
@@ -332,7 +335,7 @@ def create_share_object(
         uri: str,
         data: dict = None,
         check_perm: bool = False,
-    ) -> models.ShareObject:
+    ) -> ShareObject:
         if not data:
             raise exceptions.RequiredParameter(data)
         if not data.get('principalId'):
@@ -385,7 +388,7 @@ def create_share_object(
                 message=f'Team: {groupUri} is managing the dataset {dataset.name}',
             )
 
-        ShareObject.validate_group_membership(
+        ShareObjectService.validate_group_membership(
             session=session,
             username=username,
             groups=groups,
@@ -393,20 +396,20 @@ def create_share_object(
             environment_uri=uri,
         )
 
-        share: models.ShareObject = (
-            session.query(models.ShareObject)
+        share: ShareObject = (
+            session.query(ShareObject)
             .filter(
                 and_(
-                    models.ShareObject.datasetUri == datasetUri,
-                    models.ShareObject.principalId == principalId,
-                    models.ShareObject.environmentUri == environmentUri,
-                    models.ShareObject.groupUri == groupUri,
+                    ShareObject.datasetUri == datasetUri,
+                    ShareObject.principalId == principalId,
+                    ShareObject.environmentUri == environmentUri,
+                    ShareObject.groupUri == groupUri,
                 )
             )
             .first()
         )
         if not share:
-            share = models.ShareObject(
+            share = ShareObject(
                 datasetUri=dataset.datasetUri,
                 environmentUri=environment.environmentUri,
                 owner=username,
@@ -428,11 +431,11 @@ def create_share_object(
                     item = session.query(DatasetTable).get(itemUri)
 
             share_item = (
-                session.query(models.ShareObjectItem)
+                session.query(ShareObjectItem)
                 .filter(
                     and_(
-                        models.ShareObjectItem.shareUri == share.shareUri,
-                        models.ShareObjectItem.itemUri == itemUri,
+                        ShareObjectItem.shareUri == share.shareUri,
+                        ShareObjectItem.itemUri == itemUri,
                     )
                 )
                 .first()
@@ -443,7 +446,7 @@ def create_share_object(
             )
 
             if not share_item and item:
-                new_share_item: models.ShareObjectItem = models.ShareObjectItem(
+                new_share_item: ShareObjectItem = ShareObjectItem(
                     shareUri=share.shareUri,
                     itemUri=itemUri,
                     itemType=itemType,
@@ -481,14 +484,14 @@ def create_share_object(
             group=groupUri,
             permissions=permissions.SHARE_OBJECT_REQUESTER,
             resource_uri=share.shareUri,
-            resource_type=models.ShareObject.__name__,
+            resource_type=ShareObject.__name__,
         )
         ResourcePolicy.attach_resource_policy(
             session=session,
             group=dataset.SamlAdminGroupName,
             permissions=permissions.SHARE_OBJECT_REQUESTER,
             resource_uri=share.shareUri,
-            resource_type=models.ShareObject.__name__,
+            resource_type=ShareObject.__name__,
         )
         if dataset.SamlAdminGroupName != environment.SamlGroupName:
             ResourcePolicy.attach_resource_policy(
@@ -496,7 +499,7 @@ def create_share_object(
                 group=environment.SamlGroupName,
                 permissions=permissions.SHARE_OBJECT_REQUESTER,
                 resource_uri=share.shareUri,
-                resource_type=models.ShareObject.__name__,
+                resource_type=ShareObject.__name__,
             )
         # Attaching REQUESTER permissions to:
         # dataset.stewards (includes the dataset Admins)
@@ -505,7 +508,7 @@ def create_share_object(
             group=dataset.stewards,
             permissions=permissions.SHARE_OBJECT_APPROVER,
             resource_uri=share.shareUri,
-            resource_type=models.ShareObject.__name__,
+            resource_type=ShareObject.__name__,
         )
         return share
 
@@ -540,10 +543,10 @@ def submit_share_object(
         uri: str,
         data: dict = None,
         check_perm: bool = False,
-    ) -> models.ShareObject:
-        share = ShareObject.get_share_by_uri(session, uri)
+    ) -> ShareObject:
+        share = ShareObjectService.get_share_by_uri(session, uri)
         dataset = DatasetService.get_dataset_by_uri(session, share.datasetUri)
-        share_items_states = ShareObject.get_share_items_states(session, uri)
+        share_items_states = ShareObjectService.get_share_items_states(session, uri)
 
         valid_states = [ShareItemStatus.PendingApproval.value]
         valid_share_items_states = [x for x in valid_states if x in share_items_states]
@@ -578,10 +581,10 @@ def approve_share_object(
         uri: str,
         data: dict = None,
         check_perm: bool = False,
-    ) -> models.ShareObject:
-        share = ShareObject.get_share_by_uri(session, uri)
+    ) -> ShareObject:
+        share = ShareObjectService.get_share_by_uri(session, uri)
         dataset = DatasetService.get_dataset_by_uri(session, share.datasetUri)
-        share_items_states = ShareObject.get_share_items_states(session, uri)
+        share_items_states = ShareObjectService.get_share_items_states(session, uri)
 
         Share_SM = ShareObjectSM(share.status)
         new_share_state = Share_SM.run_transition(ShareObjectActions.Approve.value)
@@ -594,11 +597,11 @@ def approve_share_object(
         Share_SM.update_state(session, share, new_share_state)
 
         # GET TABLES SHARED AND APPROVE SHARE FOR EACH TABLE
-        share_table_items = session.query(models.ShareObjectItem).filter(
+        share_table_items = session.query(ShareObjectItem).filter(
             (
                 and_(
-                    models.ShareObjectItem.shareUri == uri,
-                    models.ShareObjectItem.itemType == ShareableType.Table.value
+                    ShareObjectItem.shareUri == uri,
+                    ShareObjectItem.itemType == ShareableType.Table.value
                 )
             )
         ).all()
@@ -624,11 +627,11 @@ def reject_share_object(
         uri: str,
         data: dict = None,
         check_perm: bool = False,
-    ) -> models.ShareObject:
+    ) -> ShareObject:
 
-        share = ShareObject.get_share_by_uri(session, uri)
+        share = ShareObjectService.get_share_by_uri(session, uri)
         dataset = DatasetService.get_dataset_by_uri(session, share.datasetUri)
-        share_items_states = ShareObject.get_share_items_states(session, uri)
+        share_items_states = ShareObjectService.get_share_items_states(session, uri)
 
         Share_SM = ShareObjectSM(share.status)
         new_share_state = Share_SM.run_transition(ShareObjectActions.Reject.value)
@@ -659,12 +662,12 @@ def revoke_items_share_object(
         uri: str,
         data: dict = None,
         check_perm: bool = False,
-    ) -> models.ShareObject:
+    ) -> ShareObject:
 
-        share = ShareObject.get_share_by_uri(session, uri)
+        share = ShareObjectService.get_share_by_uri(session, uri)
         dataset = DatasetService.get_dataset_by_uri(session, share.datasetUri)
-        revoked_items_states = ShareObject.get_share_items_states(session, uri, data.get("revokedItemUris"))
-        revoked_items = [ShareObject.get_share_item_by_uri(session, uri) for uri in data.get("revokedItemUris")]
+        revoked_items_states = ShareObjectService.get_share_items_states(session, uri, data.get("revokedItemUris"))
+        revoked_items = [ShareObjectService.get_share_item_by_uri(session, uri) for uri in data.get("revokedItemUris")]
 
         if revoked_items_states == []:
             raise exceptions.ShareItemsFound(
@@ -704,7 +707,7 @@ def get_share_object(
         data: dict = None,
         check_perm: bool = False,
     ):
-        share = session.query(models.ShareObject).get(uri)
+        share = session.query(ShareObject).get(uri)
         if not share:
             raise exceptions.ObjectNotFound('Share', uri)
 
@@ -720,9 +723,9 @@ def get_share_item(
         data: dict = None,
         check_perm: bool = False,
     ):
-        share_item: models.ShareObjectItem = data.get(
+        share_item: ShareObjectItem = data.get(
             'share_item',
-            ShareObject.get_share_item_by_uri(session, data['shareItemUri']),
+            ShareObjectService.get_share_item_by_uri(session, data['shareItemUri']),
         )
         if share_item.itemType == ShareableType.Table.value:
             return session.query(DatasetTable).get(share_item.itemUri)
@@ -731,17 +734,17 @@ def get_share_item(
 
     @staticmethod
     def get_share_by_uri(session, uri):
-        share = session.query(models.ShareObject).get(uri)
+        share = session.query(ShareObject).get(uri)
         if not share:
             raise exceptions.ObjectNotFound('Share', uri)
         return share
 
     @staticmethod
     def get_share_by_dataset_attributes(session, dataset_uri, dataset_owner):
-        share: models.ShareObject = (
-            session.query(models.ShareObject)
-            .filter(models.ShareObject.datasetUri == dataset_uri)
-            .filter(models.ShareObject.owner == dataset_owner)
+        share: ShareObject = (
+            session.query(ShareObject)
+            .filter(ShareObject.datasetUri == dataset_uri)
+            .filter(ShareObject.owner == dataset_owner)
             .first()
         )
         return share
@@ -755,11 +758,11 @@ def add_share_object_item(
         uri: str,
         data: dict = None,
         check_perm: bool = False,
-    ) -> models.ShareObjectItem:
+    ) -> ShareObjectItem:
         itemType = data.get('itemType')
         itemUri = data.get('itemUri')
         item = None
-        share: models.ShareObject = session.query(models.ShareObject).get(uri)
+        share: ShareObject = session.query(ShareObject).get(uri)
         dataset: Dataset = session.query(Dataset).get(share.datasetUri)
         target_environment: models.Environment = session.query(models.Environment).get(
             share.environmentUri
@@ -785,12 +788,12 @@ def add_share_object_item(
         if not item:
             raise exceptions.ObjectNotFound('ShareObjectItem', itemUri)
 
-        shareItem: models.ShareObjectItem = (
-            session.query(models.ShareObjectItem)
+        shareItem: ShareObjectItem = (
+            session.query(ShareObjectItem)
             .filter(
                 and_(
-                    models.ShareObjectItem.shareUri == uri,
-                    models.ShareObjectItem.itemUri == itemUri,
+                    ShareObjectItem.shareUri == uri,
+                    ShareObjectItem.itemUri == itemUri,
                 )
             )
             .first()
@@ -802,7 +805,7 @@ def add_share_object_item(
         logger.info(f"S3AccessPointName={S3AccessPointName}")
 
         if not shareItem:
-            shareItem = models.ShareObjectItem(
+            shareItem = ShareObjectItem(
                 shareUri=uri,
                 itemUri=itemUri,
                 itemType=itemType,
@@ -834,13 +837,13 @@ def remove_share_object_item(
         check_perm: bool = False,
     ) -> bool:
 
-        share_item: models.ShareObjectItem = data.get(
+        share_item: ShareObjectItem = data.get(
             'share_item',
-            ShareObject.get_share_item_by_uri(session, data['shareItemUri']),
+            ShareObjectService.get_share_item_by_uri(session, data['shareItemUri']),
         )
-        share: models.ShareObject = data.get(
+        share: ShareObject = data.get(
             'share',
-            ShareObject.get_share_by_uri(session, uri),
+            ShareObjectService.get_share_by_uri(session, uri),
         )
 
         Item_SM = ShareItemSM(share_item.status)
@@ -852,8 +855,8 @@ def remove_share_object_item(
     @staticmethod
     @has_resource_perm(permissions.DELETE_SHARE_OBJECT)
     def delete_share_object(session, username, groups, uri, data=None, check_perm=None):
-        share: models.ShareObject = ShareObject.get_share_by_uri(session, uri)
-        share_items_states = ShareObject.get_share_items_states(session, uri)
+        share: ShareObject = ShareObjectService.get_share_by_uri(session, uri)
+        share_items_states = ShareObjectService.get_share_items_states(session, uri)
         shared_share_items_states = [x for x in ShareItemSM.get_share_item_shared_states() if x in share_items_states]
 
         Share_SM = ShareObjectSM(share.status)
@@ -876,12 +879,12 @@ def delete_share_object(session, username, groups, uri, data=None, check_perm=No
 
     @staticmethod
     def check_existing_shared_items(session, uri):
-        share: models.ShareObject = ShareObject.get_share_by_uri(session, uri)
+        share: ShareObject = ShareObjectService.get_share_by_uri(session, uri)
         share_item_shared_states = ShareItemSM.get_share_item_shared_states()
-        shared_items = session.query(models.ShareObjectItem).filter(
+        shared_items = session.query(ShareObjectItem).filter(
             and_(
-                models.ShareObjectItem.shareUri == share.shareUri,
-                models.ShareObjectItem.status.in_(share_item_shared_states)
+                ShareObjectItem.shareUri == share.shareUri,
+                ShareObjectItem.status.in_(share_item_shared_states)
             )
         ).all()
         if shared_items:
@@ -890,13 +893,13 @@ def check_existing_shared_items(session, uri):
 
     @staticmethod
     def check_existing_shared_items_of_type(session, uri, item_type):
-        share: models.ShareObject = ShareObject.get_share_by_uri(session, uri)
+        share: ShareObject = ShareObjectService.get_share_by_uri(session, uri)
         share_item_shared_states = ShareItemSM.get_share_item_shared_states()
-        shared_items = session.query(models.ShareObjectItem).filter(
+        shared_items = session.query(ShareObjectItem).filter(
             and_(
-                models.ShareObjectItem.shareUri == share.shareUri,
-                models.ShareObjectItem.itemType == item_type,
-                models.ShareObjectItem.status.in_(share_item_shared_states)
+                ShareObjectItem.shareUri == share.shareUri,
+                ShareObjectItem.itemType == item_type,
+                ShareObjectItem.status.in_(share_item_shared_states)
             )
         ).all()
         if shared_items:
@@ -905,11 +908,11 @@ def check_existing_shared_items_of_type(session, uri, item_type):
 
     @staticmethod
     def check_pending_share_items(session, uri):
-        share: models.ShareObject = ShareObject.get_share_by_uri(session, uri)
-        shared_items = session.query(models.ShareObjectItem).filter(
+        share: ShareObject = ShareObjectService.get_share_by_uri(session, uri)
+        shared_items = session.query(ShareObjectItem).filter(
             and_(
-                models.ShareObjectItem.shareUri == share.shareUri,
-                models.ShareObjectItem.status.in_([ShareItemStatus.PendingApproval.value])
+                ShareObjectItem.shareUri == share.shareUri,
+                ShareObjectItem.status.in_([ShareItemStatus.PendingApproval.value])
             )
         ).all()
         if shared_items:
@@ -918,7 +921,7 @@ def check_pending_share_items(session, uri):
 
     @staticmethod
     def get_share_item_by_uri(session, uri):
-        share_item: models.ShareObjectItem = session.query(models.ShareObjectItem).get(
+        share_item: ShareObjectItem = session.query(ShareObjectItem).get(
             uri
         )
         if not share_item:
@@ -929,9 +932,9 @@ def get_share_item_by_uri(session, uri):
     @staticmethod
     @has_resource_perm(permissions.LIST_SHARED_ITEMS)
     def list_shared_items(session, username, groups, uri, data=None, check_perm=None):
-        share: models.ShareObject = ShareObject.get_share_by_uri(session, uri)
-        query = session.query(models.ShareObjectItem).filter(
-            models.ShareObjectItem.shareUri == share.shareUri,
+        share: ShareObject = ShareObjectService.get_share_by_uri(session, uri)
+        query = session.query(ShareObjectItem).filter(
+            ShareObjectItem.shareUri == share.shareUri,
         )
         return paginate(
             query, page=data.get('page', 1), page_size=data.get('pageSize', 5)
@@ -942,8 +945,8 @@ def list_shareable_items(
         session, username, groups, uri, data=None, check_perm=None
     ):
 
-        share: models.ShareObject = data.get(
-            'share', ShareObject.get_share_by_uri(session, uri)
+        share: ShareObject = data.get(
+            'share', ShareObjectService.get_share_by_uri(session, uri)
         )
         share_item_revokable_states = ShareItemSM.get_share_item_revokable_states()
         datasetUri = share.datasetUri
@@ -956,25 +959,25 @@ def list_shareable_items(
                 func.coalesce('DatasetTable').label('itemType'),
                 DatasetTable.GlueTableName.label('itemName'),
                 DatasetTable.description.label('description'),
-                models.ShareObjectItem.shareItemUri.label('shareItemUri'),
-                models.ShareObjectItem.status.label('status'),
+                ShareObjectItem.shareItemUri.label('shareItemUri'),
+                ShareObjectItem.status.label('status'),
                 case(
-                    [(models.ShareObjectItem.shareItemUri.isnot(None), True)],
+                    [(ShareObjectItem.shareItemUri.isnot(None), True)],
                     else_=False,
                 ).label('isShared'),
             )
             .outerjoin(
-                models.ShareObjectItem,
+                ShareObjectItem,
                 and_(
-                    models.ShareObjectItem.shareUri == share.shareUri,
-                    DatasetTable.tableUri == models.ShareObjectItem.itemUri,
+                    ShareObjectItem.shareUri == share.shareUri,
+                    DatasetTable.tableUri == ShareObjectItem.itemUri,
                 ),
             )
             .filter(DatasetTable.datasetUri == datasetUri)
         )
         if data:
             if data.get("isRevokable"):
-                tables = tables.filter(models.ShareObjectItem.status.in_(share_item_revokable_states))
+                tables = tables.filter(ShareObjectItem.status.in_(share_item_revokable_states))
 
         # All folders from the dataset with a column isShared
         # marking the folder as part of the shareObject
@@ -984,26 +987,26 @@ def list_shareable_items(
                 func.coalesce('DatasetStorageLocation').label('itemType'),
                 DatasetStorageLocation.S3Prefix.label('itemName'),
                 DatasetStorageLocation.description.label('description'),
-                models.ShareObjectItem.shareItemUri.label('shareItemUri'),
-                models.ShareObjectItem.status.label('status'),
+                ShareObjectItem.shareItemUri.label('shareItemUri'),
+                ShareObjectItem.status.label('status'),
                 case(
-                    [(models.ShareObjectItem.shareItemUri.isnot(None), True)],
+                    [(ShareObjectItem.shareItemUri.isnot(None), True)],
                     else_=False,
                 ).label('isShared'),
             )
             .outerjoin(
-                models.ShareObjectItem,
+                ShareObjectItem,
                 and_(
-                    models.ShareObjectItem.shareUri == share.shareUri,
+                    ShareObjectItem.shareUri == share.shareUri,
                     DatasetStorageLocation.locationUri
-                    == models.ShareObjectItem.itemUri,
+                    == ShareObjectItem.itemUri,
                 ),
             )
             .filter(DatasetStorageLocation.datasetUri == datasetUri)
         )
         if data:
             if data.get("isRevokable"):
-                locations = locations.filter(models.ShareObjectItem.status.in_(share_item_revokable_states))
+                locations = locations.filter(ShareObjectItem.status.in_(share_item_revokable_states))
 
         shareable_objects = tables.union(locations).subquery('shareable_objects')
         query = session.query(shareable_objects)
@@ -1028,10 +1031,10 @@ def list_user_received_share_requests(
         session, username, groups, uri, data=None, check_perm=None
     ):
         query = (
-            session.query(models.ShareObject)
+            session.query(ShareObject)
             .join(
                 Dataset,
-                Dataset.datasetUri == models.ShareObject.datasetUri,
+                Dataset.datasetUri == ShareObject.datasetUri,
             )
             .filter(
                 or_(
@@ -1050,17 +1053,17 @@ def list_user_sent_share_requests(
         session, username, groups, uri, data=None, check_perm=None
     ):
         query = (
-            session.query(models.ShareObject)
+            session.query(ShareObject)
             .join(
                 models.Environment,
-                models.Environment.environmentUri == models.ShareObject.environmentUri,
+                models.Environment.environmentUri == ShareObject.environmentUri,
             )
             .filter(
                 or_(
-                    models.ShareObject.owner == username,
+                    ShareObject.owner == username,
                     and_(
-                        models.ShareObject.groupUri.in_(groups),
-                        models.ShareObject.principalType.in_([PrincipalType.Group.value, PrincipalType.ConsumptionRole.value])
+                        ShareObject.groupUri.in_(groups),
+                        ShareObject.principalType.in_([PrincipalType.Group.value, PrincipalType.ConsumptionRole.value])
                     ),
                 )
             )
@@ -1073,11 +1076,11 @@ def get_share_by_dataset_and_environment(session, dataset_uri, environment_uri):
             models.EnvironmentGroup.environmentUri == environment_uri
         )
         groups = [g.groupUri for g in environment_groups]
-        share = session.query(models.ShareObject).filter(
+        share = session.query(ShareObject).filter(
             and_(
-                models.ShareObject.datasetUri == dataset_uri,
-                models.ShareObject.environmentUri == environment_uri,
-                models.ShareObject.groupUri.in_(groups),
+                ShareObject.datasetUri == dataset_uri,
+                ShareObject.environmentUri == environment_uri,
+                ShareObject.groupUri.in_(groups),
             )
         )
         if not share:
@@ -1089,9 +1092,9 @@ def update_share_object_status(
             session,
             shareUri: str,
             status: str,
-    ) -> models.ShareObject:
+    ) -> ShareObject:
 
-        share = ShareObject.get_share_by_uri(session, shareUri)
+        share = ShareObjectService.get_share_by_uri(session, shareUri)
         share.status = status
         session.commit()
         return share
@@ -1101,9 +1104,9 @@ def update_share_item_status(
         session,
         uri: str,
         status: str,
-    ) -> models.ShareObjectItem:
+    ) -> ShareObjectItem:
 
-        share_item = ShareObject.get_share_item_by_uri(session, uri)
+        share_item = ShareObjectService.get_share_item_by_uri(session, uri)
         share_item.status = status
         session.commit()
         return share_item
@@ -1115,11 +1118,11 @@ def delete_share_item_status_batch(
         status: str,
     ):
         (
-            session.query(models.ShareObjectItem)
+            session.query(ShareObjectItem)
             .filter(
                 and_(
-                    models.ShareObjectItem.shareUri == share_uri,
-                    models.ShareObjectItem.status == status
+                    ShareObjectItem.shareUri == share_uri,
+                    ShareObjectItem.status == status
                 )
             )
             .delete()
@@ -1134,16 +1137,16 @@ def update_share_item_status_batch(
     ) -> bool:
 
         (
-            session.query(models.ShareObjectItem)
+            session.query(ShareObjectItem)
             .filter(
                 and_(
-                    models.ShareObjectItem.shareUri == share_uri,
-                    models.ShareObjectItem.status == old_status
+                    ShareObjectItem.shareUri == share_uri,
+                    ShareObjectItem.status == old_status
                 )
             )
             .update(
                 {
-                    models.ShareObjectItem.status: new_status,
+                    ShareObjectItem.status: new_status,
                 }
             )
         )
@@ -1152,15 +1155,15 @@ def update_share_item_status_batch(
     @staticmethod
     def find_share_item_by_table(
         session,
-        share: models.ShareObject,
+        share: ShareObject,
         table: DatasetTable,
-    ) -> models.ShareObjectItem:
-        share_item: models.ShareObjectItem = (
-            session.query(models.ShareObjectItem)
+    ) -> ShareObjectItem:
+        share_item: ShareObjectItem = (
+            session.query(ShareObjectItem)
             .filter(
                 and_(
-                    models.ShareObjectItem.itemUri == table.tableUri,
-                    models.ShareObjectItem.shareUri == share.shareUri,
+                    ShareObjectItem.itemUri == table.tableUri,
+                    ShareObjectItem.shareUri == share.shareUri,
                 )
             )
             .first()
@@ -1170,15 +1173,15 @@ def find_share_item_by_table(
     @staticmethod
     def find_share_item_by_folder(
         session,
-        share: models.ShareObject,
+        share: ShareObject,
         folder: DatasetStorageLocation,
-    ) -> models.ShareObjectItem:
-        share_item: models.ShareObjectItem = (
-            session.query(models.ShareObjectItem)
+    ) -> ShareObjectItem:
+        share_item: ShareObjectItem = (
+            session.query(ShareObjectItem)
             .filter(
                 and_(
-                    models.ShareObjectItem.itemUri == folder.locationUri,
-                    models.ShareObjectItem.shareUri == share.shareUri,
+                    ShareObjectItem.itemUri == folder.locationUri,
+                    ShareObjectItem.shareUri == share.shareUri,
                 )
             )
             .first()
@@ -1187,7 +1190,7 @@ def find_share_item_by_folder(
 
     @staticmethod
     def get_share_data(session, share_uri):
-        share: models.ShareObject = session.query(models.ShareObject).get(share_uri)
+        share: ShareObject = session.query(ShareObject).get(share_uri)
         if not share:
             raise exceptions.ObjectNotFound('Share', share_uri)
 
@@ -1250,27 +1253,27 @@ def get_share_data(session, share_uri):
 
     @staticmethod
     def get_share_data_items(session, share_uri, status):
-        share: models.ShareObject = session.query(models.ShareObject).get(share_uri)
+        share: ShareObject = session.query(ShareObject).get(share_uri)
         if not share:
             raise exceptions.ObjectNotFound('Share', share_uri)
 
         tables = (
             session.query(DatasetTable)
             .join(
-                models.ShareObjectItem,
-                models.ShareObjectItem.itemUri == DatasetTable.tableUri,
+                ShareObjectItem,
+                ShareObjectItem.itemUri == DatasetTable.tableUri,
             )
             .join(
-                models.ShareObject,
-                models.ShareObject.shareUri == models.ShareObjectItem.shareUri,
+                ShareObject,
+                ShareObject.shareUri == ShareObjectItem.shareUri,
             )
             .filter(
                 and_(
-                    models.ShareObject.datasetUri == share.datasetUri,
-                    models.ShareObject.environmentUri
+                    ShareObject.datasetUri == share.datasetUri,
+                    ShareObject.environmentUri
                     == share.environmentUri,
-                    models.ShareObject.shareUri == share_uri,
-                    models.ShareObjectItem.status == status,
+                    ShareObject.shareUri == share_uri,
+                    ShareObjectItem.status == status,
                 )
             )
             .all()
@@ -1279,20 +1282,20 @@ def get_share_data_items(session, share_uri, status):
         folders = (
             session.query(DatasetStorageLocation)
             .join(
-                models.ShareObjectItem,
-                models.ShareObjectItem.itemUri == DatasetStorageLocation.locationUri,
+                ShareObjectItem,
+                ShareObjectItem.itemUri == DatasetStorageLocation.locationUri,
             )
             .join(
-                models.ShareObject,
-                models.ShareObject.shareUri == models.ShareObjectItem.shareUri,
+                ShareObject,
+                ShareObject.shareUri == ShareObjectItem.shareUri,
             )
             .filter(
                 and_(
-                    models.ShareObject.datasetUri == share.datasetUri,
-                    models.ShareObject.environmentUri
+                    ShareObject.datasetUri == share.datasetUri,
+                    ShareObject.environmentUri
                     == share.environmentUri,
-                    models.ShareObject.shareUri == share_uri,
-                    models.ShareObjectItem.status == status,
+                    ShareObject.shareUri == share_uri,
+                    ShareObjectItem.status == status,
                 )
             )
             .all()
@@ -1306,13 +1309,12 @@ def get_share_data_items(session, share_uri, status):
     @staticmethod
     def other_approved_share_object_exists(session, environment_uri, dataset_uri):
         return (
-            session.query(models.ShareObject)
+            session.query(ShareObject)
             .filter(
                 and_(
                     models.Environment.environmentUri == environment_uri,
-                    models.ShareObject.status
-                    == models.Enums.ShareObjectStatus.Approved.value,
-                    models.ShareObject.datasetUri == dataset_uri,
+                    ShareObject.status == ShareObjectStatus.Approved.value,
+                    ShareObject.datasetUri == dataset_uri,
                 )
             )
             .all()
@@ -1321,60 +1323,60 @@ def other_approved_share_object_exists(session, environment_uri, dataset_uri):
     @staticmethod
     def get_share_items_states(session, share_uri, item_uris=None):
         query = (
-            session.query(models.ShareObjectItem)
+            session.query(ShareObjectItem)
             .join(
-                models.ShareObject,
-                models.ShareObjectItem.shareUri == models.ShareObject.shareUri,
+                ShareObject,
+                ShareObjectItem.shareUri == ShareObject.shareUri,
             )
             .filter(
                 and_(
-                    models.ShareObject.shareUri == share_uri,
+                    ShareObject.shareUri == share_uri,
                 )
             )
         )
         if item_uris:
-            query = query.filter(models.ShareObjectItem.shareItemUri.in_(item_uris))
-        return [item.status for item in query.distinct(models.ShareObjectItem.status)]
+            query = query.filter(ShareObjectItem.shareItemUri.in_(item_uris))
+        return [item.status for item in query.distinct(ShareObjectItem.status)]
 
     @staticmethod
     def resolve_share_object_statistics(session, uri, **kwargs):
         share_item_shared_states = ShareItemSM.get_share_item_shared_states()
         tables = (
-            session.query(models.ShareObjectItem)
+            session.query(ShareObjectItem)
             .filter(
                 and_(
-                    models.ShareObjectItem.shareUri == uri,
-                    models.ShareObjectItem.itemType == 'DatasetTable',
+                    ShareObjectItem.shareUri == uri,
+                    ShareObjectItem.itemType == 'DatasetTable',
                 )
             )
             .count()
         )
         locations = (
-            session.query(models.ShareObjectItem)
+            session.query(ShareObjectItem)
             .filter(
                 and_(
-                    models.ShareObjectItem.shareUri == uri,
-                    models.ShareObjectItem.itemType == 'DatasetStorageLocation',
+                    ShareObjectItem.shareUri == uri,
+                    ShareObjectItem.itemType == 'DatasetStorageLocation',
                 )
             )
             .count()
         )
         shared_items = (
-            session.query(models.ShareObjectItem)
+            session.query(ShareObjectItem)
             .filter(
                 and_(
-                    models.ShareObjectItem.shareUri == uri,
-                    models.ShareObjectItem.status.in_(share_item_shared_states),
+                    ShareObjectItem.shareUri == uri,
+                    ShareObjectItem.status.in_(share_item_shared_states),
                 )
             )
             .count()
         )
         revoked_items = (
-            session.query(models.ShareObjectItem)
+            session.query(ShareObjectItem)
             .filter(
                 and_(
-                    models.ShareObjectItem.shareUri == uri,
-                    models.ShareObjectItem.status.in_([ShareItemStatus.Revoke_Succeeded.value]),
+                    ShareObjectItem.shareUri == uri,
+                    ShareObjectItem.status.in_([ShareItemStatus.Revoke_Succeeded.value]),
                 )
             )
             .count()
@@ -1384,11 +1386,11 @@ def resolve_share_object_statistics(session, uri, **kwargs):
             ShareItemStatus.Revoke_Failed.value
         ]
         failed_items = (
-            session.query(models.ShareObjectItem)
+            session.query(ShareObjectItem)
             .filter(
                 and_(
-                    models.ShareObjectItem.shareUri == uri,
-                    models.ShareObjectItem.status.in_(failed_states),
+                    ShareObjectItem.shareUri == uri,
+                    ShareObjectItem.status.in_(failed_states),
                 )
             )
             .count()
@@ -1397,11 +1399,11 @@ def resolve_share_object_statistics(session, uri, **kwargs):
             ShareItemStatus.PendingApproval.value
         ]
         pending_items = (
-            session.query(models.ShareObjectItem)
+            session.query(ShareObjectItem)
             .filter(
                 and_(
-                    models.ShareObjectItem.shareUri == uri,
-                    models.ShareObjectItem.status.in_(pending_states),
+                    ShareObjectItem.shareUri == uri,
+                    ShareObjectItem.status.in_(pending_states),
                 )
             )
             .count()
diff --git a/backend/dataall/modules/datasets/api/dataset/resolvers.py b/backend/dataall/modules/datasets/api/dataset/resolvers.py
index f2444d40d..ab70bc627 100644
--- a/backend/dataall/modules/datasets/api/dataset/resolvers.py
+++ b/backend/dataall/modules/datasets/api/dataset/resolvers.py
@@ -13,8 +13,9 @@
 from dataall.aws.handlers.service_handlers import Worker
 from dataall.aws.handlers.sts import SessionHelper
 from dataall.db import paginate, exceptions, models
-from dataall.db.api import Environment, ShareObject, ResourcePolicy
+from dataall.db.api import Environment, ResourcePolicy
 from dataall.db.api.organization import Organization
+from dataall.modules.dataset_sharing.db.models import ShareObject
 from dataall.modules.datasets import Dataset
 from dataall.modules.datasets.aws.glue_dataset_client import DatasetCrawler
 from dataall.modules.datasets.services.dataset_location_service import DatasetLocationService
@@ -124,8 +125,8 @@ def resolve_user_role(context: Context, source: Dataset, **kwargs):
     else:
         with context.engine.scoped_session() as session:
             share = (
-                session.query(models.ShareObject)
-                .filter(models.ShareObject.datasetUri == source.datasetUri)
+                session.query(ShareObject)
+                .filter(ShareObject.datasetUri == source.datasetUri)
                 .first()
             )
             if share and (
diff --git a/backend/dataall/modules/datasets/handlers/glue_dataset_handler.py b/backend/dataall/modules/datasets/handlers/glue_dataset_handler.py
index 7a43b6ac6..27e5c1ec4 100644
--- a/backend/dataall/modules/datasets/handlers/glue_dataset_handler.py
+++ b/backend/dataall/modules/datasets/handlers/glue_dataset_handler.py
@@ -1,9 +1,6 @@
 import logging
 
-from botocore.exceptions import ClientError
-
 from dataall.aws.handlers.service_handlers import Worker
-from dataall.aws.handlers.sts import SessionHelper
 from dataall.db import models
 from dataall.modules.datasets.aws.glue_dataset_client import DatasetCrawler
 from dataall.modules.datasets.db.models import Dataset
diff --git a/backend/dataall/modules/datasets/services/dataset_alarm_service.py b/backend/dataall/modules/datasets/services/dataset_alarm_service.py
index 9283f2265..2748877fb 100644
--- a/backend/dataall/modules/datasets/services/dataset_alarm_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_alarm_service.py
@@ -2,6 +2,7 @@
 from datetime import datetime
 
 from dataall.db import models
+from dataall.modules.dataset_sharing.db.models import ShareObject
 from dataall.modules.datasets.db.models import DatasetTable, Dataset
 from dataall.utils.alarm_service import AlarmService
 
@@ -14,7 +15,7 @@ class DatasetAlarmService(AlarmService):
     def trigger_table_sharing_failure_alarm(
             self,
             table: DatasetTable,
-            share: models.ShareObject,
+            share: ShareObject,
             target_environment: models.Environment,
     ):
         log.info('Triggering share failure alarm...')
@@ -46,7 +47,7 @@ def trigger_table_sharing_failure_alarm(
     def trigger_revoke_table_sharing_failure_alarm(
             self,
             table: DatasetTable,
-            share: models.ShareObject,
+            share: ShareObject,
             target_environment: models.Environment,
     ):
         log.info('Triggering share failure alarm...')
diff --git a/backend/dataall/modules/datasets/services/dataset_location_service.py b/backend/dataall/modules/datasets/services/dataset_location_service.py
index 240c52f0e..2493ddede 100644
--- a/backend/dataall/modules/datasets/services/dataset_location_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_location_service.py
@@ -5,7 +5,9 @@
 from dataall.core.context import get_context
 from dataall.core.permission_checker import has_tenant_permission, has_resource_permission
 from dataall.db.api import Glossary
-from dataall.db import models, api, paginate, exceptions
+from dataall.db import paginate, exceptions
+from dataall.modules.dataset_sharing.db.models import ShareObjectItem
+from dataall.modules.dataset_sharing.services.share_object import ShareItemSM
 from dataall.modules.datasets.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets.db.models import DatasetStorageLocation
 from dataall.modules.datasets.services.permissions import MANAGE_DATASETS, LIST_DATASET_FOLDERS, CREATE_DATASET_FOLDER, \
@@ -136,13 +138,13 @@ def delete_dataset_location(
         location = DatasetLocationService.get_location_by_uri(
             session, data['locationUri']
         )
-        share_item_shared_states = api.ShareItemSM.get_share_item_shared_states()
+        share_item_shared_states = ShareItemSM.get_share_item_shared_states()
         share_item = (
-            session.query(models.ShareObjectItem)
+            session.query(ShareObjectItem)
             .filter(
                 and_(
-                    models.ShareObjectItem.itemUri == location.locationUri,
-                    models.ShareObjectItem.status.in_(share_item_shared_states)
+                    ShareObjectItem.itemUri == location.locationUri,
+                    ShareObjectItem.status.in_(share_item_shared_states)
                 )
             )
             .first()
@@ -152,8 +154,8 @@ def delete_dataset_location(
                 action=DELETE_DATASET_FOLDER,
                 message='Revoke all folder shares before deletion',
             )
-        session.query(models.ShareObjectItem).filter(
-            models.ShareObjectItem.itemUri == location.locationUri,
+        session.query(ShareObjectItem).filter(
+            ShareObjectItem.itemUri == location.locationUri,
         ).delete()
 
         session.delete(location)
diff --git a/backend/dataall/modules/datasets/services/dataset_service.py b/backend/dataall/modules/datasets/services/dataset_service.py
index 388a14746..faf973106 100644
--- a/backend/dataall/modules/datasets/services/dataset_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_service.py
@@ -16,8 +16,10 @@
     has_resource_perm,
 )
 from dataall.db.api import Organization
-from dataall.db import models, api, exceptions, paginate, permissions
+from dataall.db import models, exceptions, paginate, permissions
 from dataall.db.models.Enums import Language, ConfidentialityClassification
+from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
+from dataall.modules.dataset_sharing.services.share_object import ShareItemSM
 from dataall.modules.datasets.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.services.dataset_location_service import DatasetLocationService
@@ -213,16 +215,16 @@ def get_dataset_by_uri(session, dataset_uri) -> Dataset:
 
     @staticmethod
     def query_user_datasets(session, username, groups, filter) -> Query:
-        share_item_shared_states = api.ShareItemSM.get_share_item_shared_states()
+        share_item_shared_states = ShareItemSM.get_share_item_shared_states()
         query = (
             session.query(Dataset)
             .outerjoin(
-                models.ShareObject,
-                models.ShareObject.datasetUri == Dataset.datasetUri,
+                ShareObject,
+                ShareObject.datasetUri == Dataset.datasetUri,
             )
             .outerjoin(
-                models.ShareObjectItem,
-                models.ShareObjectItem.shareUri == models.ShareObject.shareUri
+                ShareObjectItem,
+                ShareObjectItem.shareUri == ShareObject.shareUri
             )
             .filter(
                 or_(
@@ -230,12 +232,12 @@ def query_user_datasets(session, username, groups, filter) -> Query:
                     Dataset.SamlAdminGroupName.in_(groups),
                     Dataset.stewards.in_(groups),
                     and_(
-                        models.ShareObject.principalId.in_(groups),
-                        models.ShareObjectItem.status.in_(share_item_shared_states),
+                        ShareObject.principalId.in_(groups),
+                        ShareObjectItem.status.in_(share_item_shared_states),
                     ),
                     and_(
-                        models.ShareObject.owner == username,
-                        models.ShareObjectItem.status.in_(share_item_shared_states),
+                        ShareObject.owner == username,
+                        ShareObjectItem.status.in_(share_item_shared_states),
                     ),
                 )
             )
@@ -331,8 +333,8 @@ def update_dataset(session, uri, data=None) -> Dataset:
     @staticmethod
     def transfer_stewardship_to_owners(session, dataset):
         dataset_shares = (
-            session.query(models.ShareObject)
-            .filter(models.ShareObject.datasetUri == dataset.datasetUri)
+            session.query(ShareObject)
+            .filter(ShareObject.datasetUri == dataset.datasetUri)
             .all()
         )
         if dataset_shares:
@@ -342,7 +344,7 @@ def transfer_stewardship_to_owners(session, dataset):
                     group=dataset.SamlAdminGroupName,
                     permissions=permissions.SHARE_OBJECT_APPROVER,
                     resource_uri=share.shareUri,
-                    resource_type=models.ShareObject.__name__,
+                    resource_type=ShareObject.__name__,
                 )
         return dataset
 
@@ -380,8 +382,8 @@ def transfer_stewardship_to_new_stewards(session, dataset, new_stewards):
             )
 
         dataset_shares = (
-            session.query(models.ShareObject)
-            .filter(models.ShareObject.datasetUri == dataset.datasetUri)
+            session.query(ShareObject)
+            .filter(ShareObject.datasetUri == dataset.datasetUri)
             .all()
         )
         if dataset_shares:
@@ -391,7 +393,7 @@ def transfer_stewardship_to_new_stewards(session, dataset, new_stewards):
                     group=new_stewards,
                     permissions=permissions.SHARE_OBJECT_APPROVER,
                     resource_uri=share.shareUri,
-                    resource_type=models.ShareObject.__name__,
+                    resource_type=ShareObject.__name__,
                 )
                 ResourcePolicy.delete_resource_policy(
                     session=session,
@@ -459,35 +461,35 @@ def get_dataset_tables(session, dataset_uri):
 
     @staticmethod
     def query_dataset_shares(session, dataset_uri) -> Query:
-        return session.query(models.ShareObject).filter(
+        return session.query(ShareObject).filter(
             and_(
-                models.ShareObject.datasetUri == dataset_uri,
-                models.ShareObject.deleted.is_(None),
+                ShareObject.datasetUri == dataset_uri,
+                ShareObject.deleted.is_(None),
             )
         )
 
     @staticmethod
     def paginated_dataset_shares(
         session, username, groups, uri, data=None, check_perm=None
-    ) -> [models.ShareObject]:
+    ) -> [ShareObject]:
         query = DatasetService.query_dataset_shares(session, uri)
         return paginate(
             query=query, page=data.get('page', 1), page_size=data.get('pageSize', 5)
         ).to_dict()
 
     @staticmethod
-    def list_dataset_shares(session, dataset_uri) -> [models.ShareObject]:
+    def list_dataset_shares(session, dataset_uri) -> [ShareObject]:
         """return the dataset shares"""
         query = DatasetService.query_dataset_shares(session, dataset_uri)
         return query.all()
 
     @staticmethod
-    def list_dataset_shares_with_existing_shared_items(session, dataset_uri) -> [models.ShareObject]:
-        query = session.query(models.ShareObject).filter(
+    def list_dataset_shares_with_existing_shared_items(session, dataset_uri) -> [ShareObject]:
+        query = session.query(ShareObject).filter(
             and_(
-                models.ShareObject.datasetUri == dataset_uri,
-                models.ShareObject.deleted.is_(None),
-                models.ShareObject.existingSharedItems.is_(True),
+                ShareObject.datasetUri == dataset_uri,
+                ShareObject.deleted.is_(None),
+                ShareObject.existingSharedItems.is_(True),
             )
         )
         return query.all()
@@ -532,19 +534,19 @@ def delete_dataset(
     @staticmethod
     def _delete_dataset_shares_with_no_shared_items(session, dataset_uri):
         share_objects = (
-            session.query(models.ShareObject)
+            session.query(ShareObject)
             .filter(
                 and_(
-                    models.ShareObject.datasetUri == dataset_uri,
-                    models.ShareObject.existingSharedItems.is_(False),
+                    ShareObject.datasetUri == dataset_uri,
+                    ShareObject.existingSharedItems.is_(False),
                 )
             )
             .all()
         )
         for share in share_objects:
             (
-                session.query(models.ShareObjectItem)
-                .filter(models.ShareObjectItem.shareUri == share.shareUri)
+                session.query(ShareObjectItem)
+                .filter(ShareObjectItem.shareUri == share.shareUri)
                 .delete()
             )
             session.delete(share)
diff --git a/backend/dataall/modules/datasets/services/dataset_table_service.py b/backend/dataall/modules/datasets/services/dataset_table_service.py
index ddfde9c5b..18d0533bd 100644
--- a/backend/dataall/modules/datasets/services/dataset_table_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_table_service.py
@@ -4,8 +4,10 @@
 
 from dataall.core.context import get_context
 from dataall.core.permission_checker import has_tenant_permission, has_resource_permission
-from dataall.db import models, api, exceptions, paginate
+from dataall.db import exceptions, paginate
 from dataall.db.api import Glossary, ResourcePolicy, Environment
+from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
+from dataall.modules.dataset_sharing.services.share_object import ShareItemSM
 from dataall.modules.datasets.services.permissions import MANAGE_DATASETS, CREATE_DATASET_TABLE, DELETE_DATASET_TABLE, \
     UPDATE_DATASET_TABLE, DATASET_TABLE_READ
 from dataall.modules.datasets.services.dataset_service import DatasetService
@@ -137,13 +139,13 @@ def delete_dataset_table(
         data: dict = None,
     ):
         table = DatasetTableService.get_dataset_table_by_uri(session, data['tableUri'])
-        share_item_shared_states = api.ShareItemSM.get_share_item_shared_states()
+        share_item_shared_states = ShareItemSM.get_share_item_shared_states()
         share_item = (
-            session.query(models.ShareObjectItem)
+            session.query(ShareObjectItem)
             .filter(
                 and_(
-                    models.ShareObjectItem.itemUri == table.tableUri,
-                    models.ShareObjectItem.status.in_(share_item_shared_states)
+                    ShareObjectItem.itemUri == table.tableUri,
+                    ShareObjectItem.status.in_(share_item_shared_states)
                 )
             )
             .first()
@@ -153,8 +155,8 @@ def delete_dataset_table(
                 action=DELETE_DATASET_TABLE,
                 message='Revoke all table shares before deletion',
             )
-        session.query(models.ShareObjectItem).filter(
-            models.ShareObjectItem.itemUri == table.tableUri,
+        session.query(ShareObjectItem).filter(
+            ShareObjectItem.itemUri == table.tableUri,
         ).delete()
         session.delete(table)
         Glossary.delete_glossary_terms_links(
@@ -170,23 +172,22 @@ def query_dataset_tables_shared_with_env(
         This means looking at approved ShareObject items
         for the share object associating the dataset and environment
         """
-        share_item_shared_states = api.ShareItemSM.get_share_item_shared_states()
+        share_item_shared_states = ShareItemSM.get_share_item_shared_states()
         env_tables_shared = (
             session.query(DatasetTable)  # all tables
             .join(
-                models.ShareObjectItem,  # found in ShareObjectItem
-                models.ShareObjectItem.itemUri == DatasetTable.tableUri,
+                ShareObjectItem,  # found in ShareObjectItem
+                ShareObjectItem.itemUri == DatasetTable.tableUri,
             )
             .join(
-                models.ShareObject,  # jump to share object
-                models.ShareObject.shareUri == models.ShareObjectItem.shareUri,
+                ShareObject,  # jump to share object
+                ShareObject.shareUri == ShareObjectItem.shareUri,
             )
             .filter(
                 and_(
-                    models.ShareObject.datasetUri == dataset_uri,  # for this dataset
-                    models.ShareObject.environmentUri
-                    == environment_uri,  # for this environment
-                    models.ShareObjectItem.status.in_(share_item_shared_states),
+                    ShareObject.datasetUri == dataset_uri,  # for this dataset
+                    ShareObject.environmentUri == environment_uri,  # for this environment
+                    ShareObjectItem.status.in_(share_item_shared_states),
                 )
             )
             .all()
diff --git a/backend/dataall/modules/datasets/tasks/bucket_policy_updater.py b/backend/dataall/modules/datasets/tasks/bucket_policy_updater.py
index e04855d65..2656dec3f 100644
--- a/backend/dataall/modules/datasets/tasks/bucket_policy_updater.py
+++ b/backend/dataall/modules/datasets/tasks/bucket_policy_updater.py
@@ -10,6 +10,8 @@
 from dataall.aws.handlers.sts import SessionHelper
 from dataall.db import get_engine
 from dataall.db import models
+from dataall.modules.dataset_sharing.db.Enums import ShareObjectStatus
+from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
 from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable, Dataset
 
 root = logging.getLogger()
@@ -164,7 +166,7 @@ def group_prefixes_by_accountid(cls, accountid, prefix, account_prefixes):
             account_prefixes[accountid] = [prefix]
         return account_prefixes
 
-    def get_shared_tables(self, dataset) -> typing.List[models.ShareObjectItem]:
+    def get_shared_tables(self, dataset) -> typing.List[ShareObjectItem]:
         with self.engine.scoped_session() as session:
             tables = (
                 session.query(
@@ -177,26 +179,25 @@ def get_shared_tables(self, dataset) -> typing.List[models.ShareObjectItem]:
                     models.Environment.region.label('TargetRegion'),
                 )
                 .join(
-                    models.ShareObjectItem,
+                    ShareObjectItem,
                     and_(
-                        models.ShareObjectItem.itemUri == DatasetTable.tableUri
+                        ShareObjectItem.itemUri == DatasetTable.tableUri
                     ),
                 )
                 .join(
-                    models.ShareObject,
-                    models.ShareObject.shareUri == models.ShareObjectItem.shareUri,
+                    ShareObject,
+                    ShareObject.shareUri == ShareObjectItem.shareUri,
                 )
                 .join(
                     models.Environment,
                     models.Environment.environmentUri
-                    == models.ShareObject.environmentUri,
+                    == ShareObject.environmentUri,
                 )
                 .filter(
                     and_(
                         DatasetTable.datasetUri == dataset.datasetUri,
                         DatasetTable.deleted.is_(None),
-                        models.ShareObjectItem.status
-                        == models.Enums.ShareObjectStatus.Approved.value,
+                        ShareObjectItem.status == ShareObjectStatus.Approved.value,
                     )
                 )
             ).all()
@@ -213,27 +214,26 @@ def get_shared_folders(self, dataset) -> typing.List[DatasetStorageLocation]:
                     models.Environment.region.label('region'),
                 )
                 .join(
-                    models.ShareObjectItem,
+                    ShareObjectItem,
                     and_(
-                        models.ShareObjectItem.itemUri
+                        ShareObjectItem.itemUri
                         == DatasetStorageLocation.locationUri
                     ),
                 )
                 .join(
-                    models.ShareObject,
-                    models.ShareObject.shareUri == models.ShareObjectItem.shareUri,
+                    ShareObject,
+                    ShareObject.shareUri == ShareObjectItem.shareUri,
                 )
                 .join(
                     models.Environment,
                     models.Environment.environmentUri
-                    == models.ShareObject.environmentUri,
+                    == ShareObject.environmentUri,
                 )
                 .filter(
                     and_(
                         DatasetStorageLocation.datasetUri == dataset.datasetUri,
                         DatasetStorageLocation.deleted.is_(None),
-                        models.ShareObjectItem.status
-                        == models.Enums.ShareObjectStatus.Approved.value,
+                        ShareObjectItem.status == ShareObjectStatus.Approved.value,
                     )
                 )
             ).all()
diff --git a/backend/dataall/modules/datasets/tasks/subscription_service.py b/backend/dataall/modules/datasets/tasks/subscription_service.py
index 4bbe7c34b..bb639130e 100644
--- a/backend/dataall/modules/datasets/tasks/subscription_service.py
+++ b/backend/dataall/modules/datasets/tasks/subscription_service.py
@@ -12,8 +12,9 @@
 from dataall.aws.handlers.sqs import SqsQueue
 from dataall.db import get_engine
 from dataall.db import models
+from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
 from dataall.modules.datasets.services.dataset_profiling_service import DatasetProfilingService
-`from dataall.modules.dataset_sharing.services.share_notification_service import ShareNotificationService
+from dataall.modules.dataset_sharing.services.share_notification_service import ShareNotificationService
 from dataall.tasks.subscriptions import poll_queues
 from dataall.utils import json_utils
 from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
@@ -88,9 +89,9 @@ def publish_table_update_message(engine, message):
                 log.info(
                     f'Found dataset {dataset.datasetUri}|{dataset.environmentUri}|{dataset.AwsAccountId}'
                 )
-                share_items: [models.ShareObjectItem] = (
-                    session.query(models.ShareObjectItem)
-                    .filter(models.ShareObjectItem.itemUri == table.tableUri)
+                share_items: [ShareObjectItem] = (
+                    session.query(ShareObjectItem)
+                    .filter(ShareObjectItem.itemUri == table.tableUri)
                     .all()
                 )
                 log.info(f'Found shared items for table {share_items}')
@@ -126,9 +127,9 @@ def publish_location_update_message(session, message):
             log.info(
                 f'Found dataset {dataset.datasetUri}|{dataset.environmentUri}|{dataset.AwsAccountId}'
             )
-            share_items: [models.ShareObjectItem] = (
-                session.query(models.ShareObjectItem)
-                .filter(models.ShareObjectItem.itemUri == location.locationUri)
+            share_items: [ShareObjectItem] = (
+                session.query(ShareObjectItem)
+                .filter(ShareObjectItem.itemUri == location.locationUri)
                 .all()
             )
             log.info(f'Found shared items for location {share_items}')
@@ -316,12 +317,12 @@ def redshift_copy(
 
     @staticmethod
     def get_approved_share_object(session, item):
-        share_object: models.ShareObject = (
-            session.query(models.ShareObject)
+        share_object: ShareObject = (
+            session.query(ShareObject)
             .filter(
                 and_(
-                    models.ShareObject.shareUri == item.shareUri,
-                    models.ShareObject.status == 'Approved',
+                    ShareObject.shareUri == item.shareUri,
+                    ShareObject.status == 'Approved',
                 )
             )
             .first()
diff --git a/backend/dataall/tasks/data_sharing/data_sharing_service.py b/backend/dataall/tasks/data_sharing/data_sharing_service.py
index 40b79f1c1..4ec4687b6 100644
--- a/backend/dataall/tasks/data_sharing/data_sharing_service.py
+++ b/backend/dataall/tasks/data_sharing/data_sharing_service.py
@@ -5,10 +5,13 @@
 from .share_processors.lf_process_same_account_share import ProcessLFSameAccountShare
 from .share_processors.s3_process_share import ProcessS3Share
 
-from ...aws.handlers.ram import Ram
-from ...aws.handlers.sts import SessionHelper
-from ...db import api, models, Engine
-from ...utils import Parameter
+from dataall.aws.handlers.ram import Ram
+from dataall.aws.handlers.sts import SessionHelper
+from dataall.db import models, Engine
+from dataall.modules.dataset_sharing.db.Enums import ShareObjectActions, ShareItemStatus, ShareObjectStatus
+from dataall.modules.dataset_sharing.db.models import ShareObject
+from dataall.modules.dataset_sharing.services.share_object import ShareObjectSM, ShareObjectService, ShareItemSM
+from dataall.utils import Parameter
 
 log = logging.getLogger(__name__)
 
@@ -44,16 +47,16 @@ def approve_share(cls, engine: Engine, share_uri: str) -> bool:
                 share,
                 source_environment,
                 target_environment,
-            ) = api.ShareObject.get_share_data(session, share_uri)
+            ) = ShareObjectService.get_share_data(session, share_uri)
 
-            Share_SM = api.ShareObjectSM(share.status)
-            new_share_state = Share_SM.run_transition(models.Enums.ShareObjectActions.Start.value)
+            Share_SM = ShareObjectSM(share.status)
+            new_share_state = Share_SM.run_transition(ShareObjectActions.Start.value)
             Share_SM.update_state(session, share, new_share_state)
 
             (
                 shared_tables,
                 shared_folders
-            ) = api.ShareObject.get_share_data_items(session, share_uri, models.ShareItemStatus.Share_Approved.value)
+            ) = ShareObjectService.get_share_data_items(session, share_uri, ShareItemStatus.Share_Approved.value)
 
         log.info(f'Granting permissions to folders: {shared_folders}')
 
@@ -96,7 +99,7 @@ def approve_share(cls, engine: Engine, share_uri: str) -> bool:
         approved_tables_succeed = processor.process_approved_shares()
         log.info(f'sharing tables succeeded = {approved_tables_succeed}')
 
-        new_share_state = Share_SM.run_transition(models.Enums.ShareObjectActions.Finish.value)
+        new_share_state = Share_SM.run_transition(ShareObjectActions.Finish.value)
         Share_SM.update_state(session, share, new_share_state)
 
         return approved_tables_succeed if approved_folders_succeed else False
@@ -131,20 +134,20 @@ def revoke_share(cls, engine: Engine, share_uri: str):
                 share,
                 source_environment,
                 target_environment,
-            ) = api.ShareObject.get_share_data(session, share_uri)
+            ) = ShareObjectService.get_share_data(session, share_uri)
 
-            Share_SM = api.ShareObjectSM(share.status)
-            new_share_state = Share_SM.run_transition(models.Enums.ShareObjectActions.Start.value)
+            Share_SM = ShareObjectSM(share.status)
+            new_share_state = Share_SM.run_transition(ShareObjectActions.Start.value)
             Share_SM.update_state(session, share, new_share_state)
 
-            revoked_item_SM = api.ShareItemSM(models.ShareItemStatus.Revoke_Approved.value)
+            revoked_item_SM = ShareItemSM(ShareItemStatus.Revoke_Approved.value)
 
             (
                 revoked_tables,
                 revoked_folders
-            ) = api.ShareObject.get_share_data_items(session, share_uri, models.ShareItemStatus.Revoke_Approved.value)
+            ) = ShareObjectService.get_share_data_items(session, share_uri, ShareItemStatus.Revoke_Approved.value)
 
-            new_state = revoked_item_SM.run_transition(models.ShareObjectActions.Start.value)
+            new_state = revoked_item_SM.run_transition(ShareObjectActions.Start.value)
             revoked_item_SM.update_state(session, share_uri, new_state)
 
             log.info(f'Revoking permissions to folders: {revoked_folders}')
@@ -160,7 +163,7 @@ def revoke_share(cls, engine: Engine, share_uri: str):
                 env_group,
             )
             log.info(f'revoking folders succeeded = {revoked_folders_succeed}')
-            existing_shared_items = api.ShareObject.check_existing_shared_items_of_type(
+            existing_shared_items = ShareObjectService.check_existing_shared_items_of_type(
                 session,
                 share_uri,
                 models.ShareableType.StorageLocation.value
@@ -201,7 +204,7 @@ def revoke_share(cls, engine: Engine, share_uri: str):
             revoked_tables_succeed = processor.process_revoked_shares()
             log.info(f'revoking tables succeeded = {revoked_tables_succeed}')
 
-            existing_shared_items = api.ShareObject.check_existing_shared_items_of_type(
+            existing_shared_items = ShareObjectService.check_existing_shared_items_of_type(
                 session,
                 share_uri,
                 models.ShareableType.Table.value
@@ -212,11 +215,11 @@ def revoke_share(cls, engine: Engine, share_uri: str):
                 clean_up_tables = processor.clean_up_share()
                 log.info(f"Clean up LF successful = {clean_up_tables}")
 
-            existing_pending_items = api.ShareObject.check_pending_share_items(session, share_uri)
+            existing_pending_items = ShareObjectService.check_pending_share_items(session, share_uri)
             if existing_pending_items:
-                new_share_state = Share_SM.run_transition(models.Enums.ShareObjectActions.FinishPending.value)
+                new_share_state = Share_SM.run_transition(ShareObjectActions.FinishPending.value)
             else:
-                new_share_state = Share_SM.run_transition(models.Enums.ShareObjectActions.Finish.value)
+                new_share_state = Share_SM.run_transition(ShareObjectActions.Finish.value)
             Share_SM.update_state(session, share, new_share_state)
 
             return revoked_tables_succeed and revoked_folders_succeed
@@ -254,12 +257,12 @@ def refresh_shares(cls, engine: Engine) -> bool:
         -------
         true if refresh succeeds
         """
-        share_object_refreshable_states = api.ShareObjectSM.get_share_object_refreshable_states()
+        share_object_refreshable_states = ShareObjectSM.get_share_object_refreshable_states()
         with engine.scoped_session() as session:
             environments = session.query(models.Environment).all()
             shares = (
-                session.query(models.ShareObject)
-                .filter(models.ShareObject.status.in_(share_object_refreshable_states))
+                session.query(ShareObject)
+                .filter(ShareObject.status.in_(share_object_refreshable_states))
                 .all()
             )
 
@@ -286,7 +289,7 @@ def refresh_shares(cls, engine: Engine) -> bool:
                 log.info(
                     f'Refreshing share {share.shareUri} with {share.status} status...'
                 )
-                if share.status in [models.ShareObjectStatus.Approved.value]:
+                if share.status in [ShareObjectStatus.Approved.value]:
                     cls.approve_share(engine, share.shareUri)
                 else:
                     cls.revoke_share(engine, share.shareUri)
diff --git a/backend/dataall/tasks/data_sharing/share_managers/lf_share_manager.py b/backend/dataall/tasks/data_sharing/share_managers/lf_share_manager.py
index 192b13913..16f3cb689 100644
--- a/backend/dataall/tasks/data_sharing/share_managers/lf_share_manager.py
+++ b/backend/dataall/tasks/data_sharing/share_managers/lf_share_manager.py
@@ -12,8 +12,8 @@
 from ....aws.handlers.ram import Ram
 from ....db import exceptions, models
 from dataall.modules.datasets.db.models import DatasetTable, Dataset
-from dataall.utils.alarm_service import AlarmService
 from dataall.modules.datasets.services.dataset_alarm_service import DatasetAlarmService
+from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
 
 logger = logging.getLogger(__name__)
 
@@ -23,7 +23,7 @@ def __init__(
         self,
         session,
         dataset: Dataset,
-        share: models.ShareObject,
+        share: ShareObject,
         shared_tables: [DatasetTable],
         revoked_tables: [DatasetTable],
         source_environment: models.Environment,
@@ -77,7 +77,7 @@ def build_shared_db_name(self) -> str:
         Parameters
         ----------
         dataset : Dataset
-        share : models.ShareObject
+        share : ShareObject
 
         Returns
         -------
@@ -113,7 +113,7 @@ def build_share_data(self, table: DatasetTable) -> dict:
         return data
 
     def check_share_item_exists_on_glue_catalog(
-        self, share_item: models.ShareObjectItem, table: DatasetTable
+        self, share_item: ShareObjectItem, table: DatasetTable
     ) -> None:
         """
         Checks if a table in the share request
@@ -506,7 +506,7 @@ def delete_ram_resource_shares(self, resource_arn: str) -> [dict]:
     def handle_share_failure(
         self,
         table: DatasetTable,
-        share_item: models.ShareObjectItem,
+        share_item: ShareObjectItem,
         error: Exception,
     ) -> bool:
         """
@@ -536,7 +536,7 @@ def handle_share_failure(
     def handle_revoke_failure(
             self,
             table: DatasetTable,
-            share_item: models.ShareObjectItem,
+            share_item: ShareObjectItem,
             error: Exception,
     ) -> bool:
         """
diff --git a/backend/dataall/tasks/data_sharing/share_managers/s3_share_manager.py b/backend/dataall/tasks/data_sharing/share_managers/s3_share_manager.py
index 52f6581ea..211a87968 100644
--- a/backend/dataall/tasks/data_sharing/share_managers/s3_share_manager.py
+++ b/backend/dataall/tasks/data_sharing/share_managers/s3_share_manager.py
@@ -8,8 +8,9 @@
 from ....aws.handlers.s3 import S3
 from ....aws.handlers.kms import KMS
 from ....aws.handlers.iam import IAM
+from ....modules.dataset_sharing.db.models import ShareObject
+from ....modules.dataset_sharing.services.share_object import ShareObjectService
 
-from ....utils.alarm_service import AlarmService
 from dataall.modules.datasets.db.models import DatasetStorageLocation, Dataset
 
 logger = logging.getLogger(__name__)
@@ -22,7 +23,7 @@ def __init__(
         self,
         session,
         dataset: Dataset,
-        share: models.ShareObject,
+        share: ShareObject,
         target_folder: DatasetStorageLocation,
         source_environment: models.Environment,
         target_environment: models.Environment,
@@ -37,7 +38,7 @@ def __init__(
         self.target_folder = target_folder
         self.source_environment = source_environment
         self.target_environment = target_environment
-        self.share_item = api.ShareObject.find_share_item_by_folder(
+        self.share_item = ShareObjectService.find_share_item_by_folder(
             session,
             share,
             target_folder,
@@ -56,15 +57,15 @@ def __init__(
 
     @abc.abstractmethod
     def process_approved_shares(self, *kwargs) -> bool:
-        return NotImplementedError
+        raise NotImplementedError
 
     @abc.abstractmethod
     def process_revoked_shares(self, *kwargs) -> bool:
-        return NotImplementedError
+        raise NotImplementedError
 
     @abc.abstractmethod
     def clean_up_share(self, *kwargs):
-        return NotImplementedError
+        raise NotImplementedError
 
     @staticmethod
     def build_access_point_name(share):
@@ -324,7 +325,7 @@ def delete_access_point_policy(self):
 
     @staticmethod
     def delete_access_point(
-            share: models.ShareObject,
+            share: ShareObject,
             dataset: Dataset,
     ):
         access_point_name = S3ShareManager.build_access_point_name(share)
@@ -341,7 +342,7 @@ def delete_access_point(
 
     @staticmethod
     def delete_target_role_access_policy(
-            share: models.ShareObject,
+            share: ShareObject,
             dataset: Dataset,
             target_environment: models.Environment,
     ):
@@ -376,7 +377,7 @@ def delete_target_role_access_policy(
 
     @staticmethod
     def delete_dataset_bucket_key_policy(
-            share: models.ShareObject,
+            share: ShareObject,
             dataset: Dataset,
             target_environment: models.Environment,
     ):
diff --git a/backend/dataall/tasks/data_sharing/share_processors/lf_process_cross_account_share.py b/backend/dataall/tasks/data_sharing/share_processors/lf_process_cross_account_share.py
index 94eb786ec..eccd515b0 100644
--- a/backend/dataall/tasks/data_sharing/share_processors/lf_process_cross_account_share.py
+++ b/backend/dataall/tasks/data_sharing/share_processors/lf_process_cross_account_share.py
@@ -1,10 +1,12 @@
 import logging
 
-
+from dataall.modules.dataset_sharing.db.Enums import ShareItemStatus, ShareObjectActions, ShareItemActions
 from ..share_managers import LFShareManager
-from ....aws.handlers.ram import Ram
-from ....db import models, api
+from dataall.aws.handlers.ram import Ram
+from dataall.db import models, api
 from dataall.modules.datasets.db.models import DatasetTable, Dataset
+from dataall.modules.dataset_sharing.db.models import ShareObject
+from dataall.modules.dataset_sharing.services.share_object import ShareObjectService, ShareItemSM
 
 log = logging.getLogger(__name__)
 
@@ -14,7 +16,7 @@ def __init__(
         self,
         session,
         dataset: Dataset,
-        share: models.ShareObject,
+        share: ShareObject,
         shared_tables: [DatasetTable],
         revoked_tables: [DatasetTable],
         source_environment: models.Environment,
@@ -72,7 +74,7 @@ def process_approved_shares(self) -> bool:
             for table in self.shared_tables:
                 log.info(f"Sharing table {table.GlueTableName}...")
 
-                share_item = api.ShareObject.find_share_item_by_table(
+                share_item = ShareObjectService.find_share_item_by_table(
                     self.session, self.share, table
                 )
 
@@ -83,8 +85,8 @@ def process_approved_shares(self) -> bool:
                     )
                     continue
 
-                shared_item_SM = api.ShareItemSM(models.ShareItemStatus.Share_Approved.value)
-                new_state = shared_item_SM.run_transition(models.Enums.ShareObjectActions.Start.value)
+                shared_item_SM = ShareItemSM(ShareItemStatus.Share_Approved.value)
+                new_state = shared_item_SM.run_transition(ShareObjectActions.Start.value)
                 shared_item_SM.update_state_single_item(self.session, share_item, new_state)
 
                 try:
@@ -105,12 +107,12 @@ def process_approved_shares(self) -> bool:
 
                     self.create_resource_link(**data)
 
-                    new_state = shared_item_SM.run_transition(models.Enums.ShareItemActions.Success.value)
+                    new_state = shared_item_SM.run_transition(ShareItemActions.Success.value)
                     shared_item_SM.update_state_single_item(self.session, share_item, new_state)
 
                 except Exception as e:
                     self.handle_share_failure(table=table, share_item=share_item, error=e)
-                    new_state = shared_item_SM.run_transition(models.Enums.ShareItemActions.Failure.value)
+                    new_state = shared_item_SM.run_transition(ShareItemActions.Failure.value)
                     shared_item_SM.update_state_single_item(self.session, share_item, new_state)
                     success = False
 
@@ -138,12 +140,12 @@ def process_revoked_shares(self) -> bool:
         shared_db_name = self.build_shared_db_name()
         principals = self.get_share_principals()
         for table in self.revoked_tables:
-            share_item = api.ShareObject.find_share_item_by_table(
+            share_item = ShareObjectService.find_share_item_by_table(
                 self.session, self.share, table
             )
 
-            revoked_item_SM = api.ShareItemSM(models.ShareItemStatus.Revoke_Approved.value)
-            new_state = revoked_item_SM.run_transition(models.Enums.ShareObjectActions.Start.value)
+            revoked_item_SM = ShareItemSM(ShareItemStatus.Revoke_Approved.value)
+            new_state = revoked_item_SM.run_transition(ShareObjectActions.Start.value)
             revoked_item_SM.update_state_single_item(self.session, share_item, new_state)
 
             try:
@@ -159,12 +161,12 @@ def process_revoked_shares(self) -> bool:
 
                 self.delete_resource_link_table(table)
 
-                new_state = revoked_item_SM.run_transition(models.Enums.ShareItemActions.Success.value)
+                new_state = revoked_item_SM.run_transition(ShareItemActions.Success.value)
                 revoked_item_SM.update_state_single_item(self.session, share_item, new_state)
 
             except Exception as e:
                 self.handle_revoke_failure(share_item=share_item, table=table, error=e)
-                new_state = revoked_item_SM.run_transition(models.Enums.ShareItemActions.Failure.value)
+                new_state = revoked_item_SM.run_transition(ShareItemActions.Failure.value)
                 revoked_item_SM.update_state_single_item(self.session, share_item, new_state)
                 success = False
 
@@ -182,7 +184,7 @@ def clean_up_share(self) -> bool:
 
         self.delete_shared_database()
 
-        if not api.ShareObject.other_approved_share_object_exists(
+        if not ShareObjectService.other_approved_share_object_exists(
                 self.session,
                 self.target_environment.environmentUri,
                 self.dataset.datasetUri,
diff --git a/backend/dataall/tasks/data_sharing/share_processors/lf_process_same_account_share.py b/backend/dataall/tasks/data_sharing/share_processors/lf_process_same_account_share.py
index c2afa4b23..bce4ad0d2 100644
--- a/backend/dataall/tasks/data_sharing/share_processors/lf_process_same_account_share.py
+++ b/backend/dataall/tasks/data_sharing/share_processors/lf_process_same_account_share.py
@@ -1,7 +1,10 @@
 import logging
 
+from dataall.modules.dataset_sharing.db.Enums import ShareItemStatus, ShareObjectActions, ShareItemActions
+from dataall.modules.dataset_sharing.db.models import ShareObject
+from dataall.modules.dataset_sharing.services.share_object import ShareObjectService, ShareItemSM
 from ..share_managers import LFShareManager
-from dataall.db import models, api
+from dataall.db import models
 from dataall.modules.datasets.db.models import DatasetTable, Dataset
 
 log = logging.getLogger(__name__)
@@ -12,7 +15,7 @@ def __init__(
         self,
         session,
         dataset: Dataset,
-        share: models.ShareObject,
+        share: ShareObject,
         shared_tables: [DatasetTable],
         revoked_tables: [DatasetTable],
         source_environment: models.Environment,
@@ -67,7 +70,7 @@ def process_approved_shares(self) -> bool:
 
         for table in self.shared_tables:
 
-            share_item = api.ShareObject.find_share_item_by_table(
+            share_item = ShareObjectService.find_share_item_by_table(
                 self.session, self.share, table
             )
 
@@ -77,8 +80,8 @@ def process_approved_shares(self) -> bool:
                     f'and Dataset Table {table.GlueTableName} continuing loop...'
                 )
                 continue
-            shared_item_SM = api.ShareItemSM(models.ShareItemStatus.Share_Approved.value)
-            new_state = shared_item_SM.run_transition(models.Enums.ShareObjectActions.Start.value)
+            shared_item_SM = ShareItemSM(ShareItemStatus.Share_Approved.value)
+            new_state = shared_item_SM.run_transition(ShareObjectActions.Start.value)
             shared_item_SM.update_state_single_item(self.session, share_item, new_state)
 
             try:
@@ -88,12 +91,12 @@ def process_approved_shares(self) -> bool:
                 data = self.build_share_data(table)
                 self.create_resource_link(**data)
 
-                new_state = shared_item_SM.run_transition(models.Enums.ShareItemActions.Success.value)
+                new_state = shared_item_SM.run_transition(ShareItemActions.Success.value)
                 shared_item_SM.update_state_single_item(self.session, share_item, new_state)
 
             except Exception as e:
                 self.handle_share_failure(table, share_item, e)
-                new_state = shared_item_SM.run_transition(models.Enums.ShareItemActions.Failure.value)
+                new_state = shared_item_SM.run_transition(ShareItemActions.Failure.value)
                 shared_item_SM.update_state_single_item(self.session, share_item, new_state)
                 success = False
 
@@ -118,7 +121,7 @@ def process_revoked_shares(self) -> bool:
         shared_db_name = self.build_shared_db_name()
         principals = self.get_share_principals()
         for table in self.revoked_tables:
-            share_item = api.ShareObject.find_share_item_by_table(
+            share_item = ShareObjectService.find_share_item_by_table(
                 self.session, self.share, table
             )
             if not share_item:
@@ -128,8 +131,8 @@ def process_revoked_shares(self) -> bool:
                 )
                 continue
 
-            revoked_item_SM = api.ShareItemSM(models.ShareItemStatus.Revoke_Approved.value)
-            new_state = revoked_item_SM.run_transition(models.Enums.ShareObjectActions.Start.value)
+            revoked_item_SM = ShareItemSM(ShareItemStatus.Revoke_Approved.value)
+            new_state = revoked_item_SM.run_transition(ShareObjectActions.Start.value)
             revoked_item_SM.update_state_single_item(self.session, share_item, new_state)
 
             try:
@@ -144,12 +147,12 @@ def process_revoked_shares(self) -> bool:
 
                 self.delete_resource_link_table(table)
 
-                new_state = revoked_item_SM.run_transition(models.Enums.ShareItemActions.Success.value)
+                new_state = revoked_item_SM.run_transition(ShareItemActions.Success.value)
                 revoked_item_SM.update_state_single_item(self.session, share_item, new_state)
 
             except Exception as e:
                 self.handle_revoke_failure(share_item, table, e)
-                new_state = revoked_item_SM.run_transition(models.Enums.ShareItemActions.Failure.value)
+                new_state = revoked_item_SM.run_transition(ShareItemActions.Failure.value)
                 revoked_item_SM.update_state_single_item(self.session, share_item, new_state)
                 success = False
 
diff --git a/backend/dataall/tasks/data_sharing/share_processors/s3_process_share.py b/backend/dataall/tasks/data_sharing/share_processors/s3_process_share.py
index 013dda059..74525ef20 100644
--- a/backend/dataall/tasks/data_sharing/share_processors/s3_process_share.py
+++ b/backend/dataall/tasks/data_sharing/share_processors/s3_process_share.py
@@ -1,8 +1,11 @@
 import logging
 
-from ....db import models, api
+from dataall.db import models
 from ..share_managers import S3ShareManager
 from dataall.modules.datasets.db.models import DatasetStorageLocation, Dataset
+from dataall.modules.dataset_sharing.db.Enums import ShareItemStatus, ShareObjectActions, ShareItemActions
+from dataall.modules.dataset_sharing.db.models import ShareObject
+from dataall.modules.dataset_sharing.services.share_object import ShareObjectService, ShareItemSM
 
 log = logging.getLogger(__name__)
 
@@ -12,7 +15,7 @@ def __init__(
         self,
         session,
         dataset: Dataset,
-        share: models.ShareObject,
+        share: ShareObject,
         share_folder: DatasetStorageLocation,
         source_environment: models.Environment,
         target_environment: models.Environment,
@@ -36,7 +39,7 @@ def process_approved_shares(
         cls,
         session,
         dataset: Dataset,
-        share: models.ShareObject,
+        share: ShareObject,
         share_folders: [DatasetStorageLocation],
         source_environment: models.Environment,
         target_environment: models.Environment,
@@ -61,13 +64,13 @@ def process_approved_shares(
         success = True
         for folder in share_folders:
             log.info(f'sharing folder: {folder}')
-            sharing_item = api.ShareObject.find_share_item_by_folder(
+            sharing_item = ShareObjectService.find_share_item_by_folder(
                 session,
                 share,
                 folder,
             )
-            shared_item_SM = api.ShareItemSM(models.ShareItemStatus.Share_Approved.value)
-            new_state = shared_item_SM.run_transition(models.Enums.ShareObjectActions.Start.value)
+            shared_item_SM = ShareItemSM(ShareItemStatus.Share_Approved.value)
+            new_state = shared_item_SM.run_transition(ShareObjectActions.Start.value)
             shared_item_SM.update_state_single_item(session, sharing_item, new_state)
 
             sharing_folder = cls(
@@ -87,12 +90,12 @@ def process_approved_shares(
                 sharing_folder.manage_access_point_and_policy()
                 sharing_folder.update_dataset_bucket_key_policy()
 
-                new_state = shared_item_SM.run_transition(models.Enums.ShareItemActions.Success.value)
+                new_state = shared_item_SM.run_transition(ShareItemActions.Success.value)
                 shared_item_SM.update_state_single_item(session, sharing_item, new_state)
 
             except Exception as e:
                 sharing_folder.log_share_failure(e)
-                new_state = shared_item_SM.run_transition(models.Enums.ShareItemActions.Failure.value)
+                new_state = shared_item_SM.run_transition(ShareItemActions.Failure.value)
                 shared_item_SM.update_state_single_item(session, sharing_item, new_state)
                 success = False
 
@@ -103,7 +106,7 @@ def process_revoked_shares(
             cls,
             session,
             dataset: Dataset,
-            share: models.ShareObject,
+            share: ShareObject,
             revoke_folders: [DatasetStorageLocation],
             source_environment: models.Environment,
             target_environment: models.Environment,
@@ -126,14 +129,14 @@ def process_revoked_shares(
         success = True
         for folder in revoke_folders:
             log.info(f'revoking access to folder: {folder}')
-            removing_item = api.ShareObject.find_share_item_by_folder(
+            removing_item = ShareObjectService.find_share_item_by_folder(
                 session,
                 share,
                 folder,
             )
 
-            revoked_item_SM = api.ShareItemSM(models.ShareItemStatus.Revoke_Approved.value)
-            new_state = revoked_item_SM.run_transition(models.Enums.ShareObjectActions.Start.value)
+            revoked_item_SM = ShareItemSM(ShareItemStatus.Revoke_Approved.value)
+            new_state = revoked_item_SM.run_transition(ShareObjectActions.Start.value)
             revoked_item_SM.update_state_single_item(session, removing_item, new_state)
 
             removing_folder = cls(
@@ -150,12 +153,12 @@ def process_revoked_shares(
             try:
                 removing_folder.delete_access_point_policy()
 
-                new_state = revoked_item_SM.run_transition(models.Enums.ShareItemActions.Success.value)
+                new_state = revoked_item_SM.run_transition(ShareItemActions.Success.value)
                 revoked_item_SM.update_state_single_item(session, removing_item, new_state)
 
             except Exception as e:
                 removing_folder.log_revoke_failure(e)
-                new_state = revoked_item_SM.run_transition(models.Enums.ShareItemActions.Failure.value)
+                new_state = revoked_item_SM.run_transition(ShareItemActions.Failure.value)
                 revoked_item_SM.update_state_single_item(session, removing_item, new_state)
                 success = False
 
@@ -164,7 +167,7 @@ def process_revoked_shares(
     @staticmethod
     def clean_up_share(
             dataset: Dataset,
-            share: models.ShareObject,
+            share: ShareObject,
             target_environment: models.Environment
     ):
         """
diff --git a/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py b/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py
index 4447d1429..c80c922d0 100644
--- a/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py
+++ b/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py
@@ -12,7 +12,9 @@
 from sqlalchemy.ext.declarative import declarative_base
 from dataall.db import api, utils, Resource
 from datetime import datetime
-from dataall.db.models.Enums import ShareObjectStatus, ShareableType
+from dataall.db.models.Enums import ShareableType
+from dataall.modules.dataset_sharing.db.Enums import ShareObjectStatus
+from dataall.modules.dataset_sharing.services.share_object import ShareObjectService
 from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.modules.datasets.services.permissions import DATASET_TABLE_READ
 
@@ -114,7 +116,7 @@ def upgrade():
             )
         ).all()
         for shared_table in share_table_items:
-            share = api.ShareObject.get_share_by_uri(session, shared_table.shareUri)
+            share = ShareObjectService.get_share_by_uri(session, shared_table.shareUri)
             api.ResourcePolicy.attach_resource_policy(
                 session=session,
                 group=share.principalId,
diff --git a/tests/api/conftest.py b/tests/api/conftest.py
index 0e74c0563..62075ddb0 100644
--- a/tests/api/conftest.py
+++ b/tests/api/conftest.py
@@ -1,4 +1,5 @@
 import dataall.searchproxy.indexers
+from dataall.modules.dataset_sharing.db.models import ShareObject, ShareObjectItem
 from .client import *
 from dataall.db import models
 from dataall.api import constants
@@ -458,9 +459,9 @@ def factory(
             env_group: models.EnvironmentGroup,
             owner: str,
             status: str
-    ) -> models.ShareObject:
+    ) -> ShareObject:
         with db.scoped_session() as session:
-            share = models.ShareObject(
+            share = ShareObject(
                 datasetUri=dataset.datasetUri,
                 environmentUri=environment.environmentUri,
                 owner=owner,
@@ -477,21 +478,21 @@ def factory(
                 group=env_group.groupUri,
                 permissions=dataall.db.permissions.SHARE_OBJECT_REQUESTER,
                 resource_uri=share.shareUri,
-                resource_type=models.ShareObject.__name__,
+                resource_type=ShareObject.__name__,
             )
             dataall.db.api.ResourcePolicy.attach_resource_policy(
                 session=session,
                 group=dataset.SamlAdminGroupName,
                 permissions=dataall.db.permissions.SHARE_OBJECT_REQUESTER,
                 resource_uri=share.shareUri,
-                resource_type=dataall.db.models.ShareObject.__name__,
+                resource_type=ShareObject.__name__,
             )
             dataall.db.api.ResourcePolicy.attach_resource_policy(
                 session=session,
                 group=dataset.stewards,
                 permissions=dataall.db.permissions.SHARE_OBJECT_APPROVER,
                 resource_uri=share.shareUri,
-                resource_type=dataall.db.models.ShareObject.__name__,
+                resource_type=ShareObject.__name__,
             )
             if dataset.SamlAdminGroupName != environment.SamlGroupName:
                 dataall.db.api.ResourcePolicy.attach_resource_policy(
@@ -499,7 +500,7 @@ def factory(
                     group=environment.SamlGroupName,
                     permissions=dataall.db.permissions.SHARE_OBJECT_REQUESTER,
                     resource_uri=share.shareUri,
-                    resource_type=dataall.db.models.ShareObject.__name__,
+                    resource_type=ShareObject.__name__,
                 )
             session.commit()
             return share
@@ -510,12 +511,12 @@ def factory(
 @pytest.fixture(scope="module")
 def share_item(db):
     def factory(
-            share: models.ShareObject,
+            share: ShareObject,
             table: DatasetTable,
             status: str
-    ) -> models.ShareObjectItem:
+    ) -> ShareObjectItem:
         with db.scoped_session() as session:
-            share_item = models.ShareObjectItem(
+            share_item = ShareObjectItem(
                 shareUri=share.shareUri,
                 owner="alice",
                 itemUri=table.tableUri,
diff --git a/tests/api/test_share.py b/tests/api/test_share.py
index c87e8255a..9ae7c3b62 100644
--- a/tests/api/test_share.py
+++ b/tests/api/test_share.py
@@ -3,6 +3,10 @@
 import pytest
 
 import dataall
+from dataall.api.constants import ShareObjectStatus, ShareItemStatus
+from dataall.modules.dataset_sharing.db.Enums import ShareObjectActions, ShareItemActions
+from dataall.modules.dataset_sharing.db.models import ShareObject, ShareObjectItem
+from dataall.modules.dataset_sharing.services.share_object import ShareObjectService, ShareItemSM, ShareObjectSM
 from dataall.modules.datasets.db.models import DatasetTable, Dataset
 
 
@@ -139,13 +143,13 @@ def share1_draft(
         dataset1: Dataset,
         env2: dataall.db.models.Environment,
         env2group: dataall.db.models.EnvironmentGroup,
-) -> dataall.db.models.ShareObject:
+) -> ShareObject:
     share1 = share(
         dataset=dataset1,
         environment=env2,
         env_group=env2group,
         owner=user2.userName,
-        status=dataall.api.constants.ShareObjectStatus.Draft.value
+        status=ShareObjectStatus.Draft.value
     )
     yield share1
 
@@ -195,9 +199,9 @@ def share1_draft(
 @pytest.fixture(scope='function')
 def share1_item_pa(
         share_item: typing.Callable,
-        share1_draft: dataall.db.models.ShareObject,
+        share1_draft: ShareObject,
         table1: DatasetTable
-) -> dataall.db.models.ShareObjectItem:
+) -> ShareObjectItem:
     # Cleaned up with share1_draft
     yield share_item(
         share=share1_draft,
@@ -216,13 +220,13 @@ def share2_submitted(
         dataset1: Dataset,
         env2: dataall.db.models.Environment,
         env2group: dataall.db.models.EnvironmentGroup,
-) -> dataall.db.models.ShareObject:
+) -> ShareObject:
     share2 = share(
         dataset=dataset1,
         environment=env2,
         env_group=env2group,
         owner=user2.userName,
-        status=dataall.api.constants.ShareObjectStatus.Submitted.value
+        status=ShareObjectStatus.Submitted.value
     )
     yield share2
     # Cleanup share
@@ -270,9 +274,9 @@ def share2_submitted(
 @pytest.fixture(scope='function')
 def share2_item_pa(
         share_item: typing.Callable,
-        share2_submitted: dataall.db.models.ShareObject,
+        share2_submitted: ShareObject,
         table1: DatasetTable
-) -> dataall.db.models.ShareObjectItem:
+) -> ShareObjectItem:
     # Cleaned up with share2
     yield share_item(
         share=share2_submitted,
@@ -291,13 +295,13 @@ def share3_processed(
         dataset1: Dataset,
         env2: dataall.db.models.Environment,
         env2group: dataall.db.models.EnvironmentGroup,
-) -> dataall.db.models.ShareObject:
+) -> ShareObject:
     share3 = share(
         dataset=dataset1,
         environment=env2,
         env_group=env2group,
         owner=user2.userName,
-        status=dataall.api.constants.ShareObjectStatus.Processed.value
+        status=ShareObjectStatus.Processed.value
     )
     yield share3
     # Cleanup share
@@ -345,14 +349,14 @@ def share3_processed(
 @pytest.fixture(scope='function')
 def share3_item_shared(
         share_item: typing.Callable,
-        share3_processed: dataall.db.models.ShareObject,
+        share3_processed: ShareObject,
         table1:DatasetTable
-) -> dataall.db.models.ShareObjectItem:
+) -> ShareObjectItem:
     # Cleaned up with share3
     yield share_item(
         share=share3_processed,
         table=table1,
-        status=dataall.api.constants.ShareItemStatus.Share_Succeeded.value
+        status=ShareItemStatus.Share_Succeeded.value
     )
 
 
@@ -363,13 +367,13 @@ def share4_draft(
         dataset1: Dataset,
         env2: dataall.db.models.Environment,
         env2group: dataall.db.models.EnvironmentGroup,
-) -> dataall.db.models.ShareObject:
+) -> ShareObject:
     yield share(
         dataset=dataset1,
         environment=env2,
         env_group=env2group,
         owner=user2.userName,
-        status=dataall.api.constants.ShareObjectStatus.Draft.value
+        status=ShareObjectStatus.Draft.value
     )
 
 
@@ -810,7 +814,7 @@ def test_create_share_object_authorized(client, user2, group2, env2group, env2,
     )
     # Then share object created with status Draft and user is 'Requester'
     assert create_share_object_response.data.createShareObject.shareUri
-    assert create_share_object_response.data.createShareObject.status == dataall.api.constants.ShareObjectStatus.Draft.value
+    assert create_share_object_response.data.createShareObject.status == ShareObjectStatus.Draft.value
     assert create_share_object_response.data.createShareObject.userRoleForShareObject == 'Requesters'
 
 
@@ -830,7 +834,7 @@ def test_create_share_object_with_item_authorized(client, user2, group2, env2gro
 
     # Then share object created with status Draft and user is 'Requester'
     assert create_share_object_response.data.createShareObject.shareUri
-    assert create_share_object_response.data.createShareObject.status == dataall.api.constants.ShareObjectStatus.Draft.value
+    assert create_share_object_response.data.createShareObject.status == ShareObjectStatus.Draft.value
     assert create_share_object_response.data.createShareObject.userRoleForShareObject == 'Requesters'
 
     # And item has been added to the share request
@@ -994,8 +998,7 @@ def test_add_share_item(
 
     # Then shared item was added to share object in status PendingApproval
     assert add_share_item_response.data.addSharedItem.shareUri == share1_draft.shareUri
-    assert add_share_item_response.data.addSharedItem.status == \
-           dataall.api.constants.ShareItemStatus.PendingApproval.name
+    assert add_share_item_response.data.addSharedItem.status == ShareItemStatus.PendingApproval.name
 
 
 def test_remove_share_item(
@@ -1011,11 +1014,11 @@ def test_remove_share_item(
         filter={"isShared": True},
     )
 
-    assert get_share_object_response.data.getShareObject.status == dataall.api.constants.ShareObjectStatus.Draft.value
+    assert get_share_object_response.data.getShareObject.status == ShareObjectStatus.Draft.value
 
     shareItem = get_share_object_response.data.getShareObject.get("items").nodes[0]
     assert shareItem.shareItemUri == share1_item_pa.shareItemUri
-    assert shareItem.status == dataall.api.constants.ShareItemStatus.PendingApproval.value
+    assert shareItem.status == ShareItemStatus.PendingApproval.value
     assert get_share_object_response.data.getShareObject.get("items").count == 1
 
     # When
@@ -1052,11 +1055,11 @@ def test_submit_share_request(
         filter={"isShared": True}
     )
 
-    assert get_share_object_response.data.getShareObject.status == dataall.api.constants.ShareObjectStatus.Draft.value
+    assert get_share_object_response.data.getShareObject.status == ShareObjectStatus.Draft.value
 
     shareItem = get_share_object_response.data.getShareObject.get("items").nodes[0]
     assert shareItem.shareItemUri == share1_item_pa.shareItemUri
-    assert shareItem.status == dataall.api.constants.ShareItemStatus.PendingApproval.value
+    assert shareItem.status == ShareItemStatus.PendingApproval.value
     assert get_share_object_response.data.getShareObject.get("items").count == 1
 
     # When
@@ -1069,8 +1072,7 @@ def test_submit_share_request(
     )
 
     # Then share object status is changed to Submitted
-    assert submit_share_object_response.data.submitShareObject.status == \
-           dataall.api.constants.ShareObjectStatus.Submitted.name
+    assert submit_share_object_response.data.submitShareObject.status == ShareObjectStatus.Submitted.name
     assert submit_share_object_response.data.submitShareObject.userRoleForShareObject == 'Requesters'
 
     # and share item status stays in PendingApproval
@@ -1083,7 +1085,7 @@ def test_submit_share_request(
     )
     shareItem = get_share_object_response.data.getShareObject.get("items").nodes[0]
     status = shareItem['status']
-    assert status == dataall.api.constants.ShareItemStatus.PendingApproval.name
+    assert status == ShareItemStatus.PendingApproval.name
 
 
 def test_approve_share_request(
@@ -1100,10 +1102,10 @@ def test_approve_share_request(
         filter={"isShared": True}
     )
 
-    assert get_share_object_response.data.getShareObject.status == dataall.api.constants.ShareObjectStatus.Submitted.value
+    assert get_share_object_response.data.getShareObject.status == ShareObjectStatus.Submitted.value
     shareItem = get_share_object_response.data.getShareObject.get("items").nodes[0]
     assert shareItem.shareItemUri == share2_item_pa.shareItemUri
-    assert shareItem.status == dataall.api.constants.ShareItemStatus.PendingApproval.value
+    assert shareItem.status == ShareItemStatus.PendingApproval.value
     assert get_share_object_response.data.getShareObject.get("items").count == 1
 
     # When we approve the share object
@@ -1118,8 +1120,7 @@ def test_approve_share_request(
     assert approve_share_object_response.data.approveShareObject.userRoleForShareObject == 'Approvers'
 
     # Then share object status is changed to Approved
-    assert approve_share_object_response.data.approveShareObject.status == \
-           dataall.api.constants.ShareObjectStatus.Approved.name
+    assert approve_share_object_response.data.approveShareObject.status == ShareObjectStatus.Approved.name
 
     # and share item status is changed to Share_Approved
     get_share_object_response = get_share_object(
@@ -1131,7 +1132,7 @@ def test_approve_share_request(
     )
 
     shareItem = get_share_object_response.data.getShareObject.get("items").nodes[0]
-    assert shareItem.status == dataall.api.constants.ShareItemStatus.Share_Approved.value
+    assert shareItem.status == ShareItemStatus.Share_Approved.value
 
     # When approved share object is processed and the shared items successfully shared
     _successfull_processing_for_share_object(db, share2_submitted)
@@ -1145,11 +1146,11 @@ def test_approve_share_request(
     )
 
     # Then share object status is changed to Processed
-    assert get_share_object_response.data.getShareObject.status == dataall.api.constants.ShareObjectStatus.Processed.value
+    assert get_share_object_response.data.getShareObject.status == ShareObjectStatus.Processed.value
 
     # And share item status is changed to Share_Succeeded
     shareItem = get_share_object_response.data.getShareObject.get("items").nodes[0]
-    assert shareItem.status == dataall.api.constants.ShareItemStatus.Share_Succeeded.value
+    assert shareItem.status == ShareItemStatus.Share_Succeeded.value
 
 
 def test_reject_share_request(
@@ -1166,10 +1167,10 @@ def test_reject_share_request(
         filter={"isShared": True}
     )
 
-    assert get_share_object_response.data.getShareObject.status == dataall.api.constants.ShareObjectStatus.Submitted.value
+    assert get_share_object_response.data.getShareObject.status == ShareObjectStatus.Submitted.value
     shareItem = get_share_object_response.data.getShareObject.get("items").nodes[0]
     assert shareItem.shareItemUri == share2_item_pa.shareItemUri
-    assert shareItem.status == dataall.api.constants.ShareItemStatus.PendingApproval.value
+    assert shareItem.status == ShareItemStatus.PendingApproval.value
     assert get_share_object_response.data.getShareObject.get("items").count == 1
 
     # When we reject the share object
@@ -1181,8 +1182,7 @@ def test_reject_share_request(
     )
 
     # Then share object status is changed to Rejected
-    assert reject_share_object_response.data.rejectShareObject.status == \
-           dataall.api.constants.ShareObjectStatus.Rejected.name
+    assert reject_share_object_response.data.rejectShareObject.status == ShareObjectStatus.Rejected.name
 
     # and share item status is changed to Share_Rejected
     get_share_object_response = get_share_object(
@@ -1194,7 +1194,7 @@ def test_reject_share_request(
     )
 
     shareItem = get_share_object_response.data.getShareObject.get("items").nodes[0]
-    assert shareItem.status == dataall.api.constants.ShareItemStatus.Share_Rejected.value
+    assert shareItem.status == ShareItemStatus.Share_Rejected.value
 
 
 def test_search_shared_items_in_environment(
@@ -1210,7 +1210,7 @@ def test_search_shared_items_in_environment(
         filter={"isShared": True}
     )
 
-    assert get_share_object_response.data.getShareObject.status == dataall.api.constants.ShareObjectStatus.Processed.value
+    assert get_share_object_response.data.getShareObject.status == ShareObjectStatus.Processed.value
 
     list_datasets_published_in_environment_response = list_datasets_published_in_environment(
         client=client,
@@ -1237,11 +1237,11 @@ def test_revoke_items_share_request(
         filter={"isShared": True}
     )
 
-    assert get_share_object_response.data.getShareObject.status == dataall.api.constants.ShareObjectStatus.Processed.value
+    assert get_share_object_response.data.getShareObject.status == ShareObjectStatus.Processed.value
 
     shareItem = get_share_object_response.data.getShareObject.get("items").nodes[0]
     assert shareItem.shareItemUri == share3_item_shared.shareItemUri
-    assert shareItem.status == dataall.api.constants.ShareItemStatus.Share_Succeeded.value
+    assert shareItem.status == ShareItemStatus.Share_Succeeded.value
     revoked_items_uris = [node.shareItemUri for node in
                           get_share_object_response.data.getShareObject.get('items').nodes]
 
@@ -1255,7 +1255,7 @@ def test_revoke_items_share_request(
         revoked_items_uris=revoked_items_uris
     )
     # Then share object changes to status Rejected
-    assert revoke_items_share_object_response.data.revokeItemsShareObject.status == dataall.api.constants.ShareObjectStatus.Revoked.value
+    assert revoke_items_share_object_response.data.revokeItemsShareObject.status == ShareObjectStatus.Revoked.value
 
     # And shared item changes to status Revoke_Approved
     get_share_object_response = get_share_object(
@@ -1267,7 +1267,7 @@ def test_revoke_items_share_request(
     )
     sharedItem = get_share_object_response.data.getShareObject.get('items').nodes[0]
     status = sharedItem['status']
-    assert status == dataall.api.constants.ShareItemStatus.Revoke_Approved.value
+    assert status == ShareItemStatus.Revoke_Approved.value
 
     # Given the revoked share object is processed and the shared items
     # When approved share object is processed and the shared items successfully revoked (we re-use same function)
@@ -1282,11 +1282,11 @@ def test_revoke_items_share_request(
     )
 
     # Then share object status is changed to Processed
-    assert get_share_object_response.data.getShareObject.status == dataall.api.constants.ShareObjectStatus.Processed.value
+    assert get_share_object_response.data.getShareObject.status == ShareObjectStatus.Processed.value
 
     # And share item status is changed to Revoke_Succeeded
     shareItem = get_share_object_response.data.getShareObject.get("items").nodes[0]
-    assert shareItem.status == dataall.api.constants.ShareItemStatus.Revoke_Succeeded.value
+    assert shareItem.status == ShareItemStatus.Revoke_Succeeded.value
 
 
 def test_delete_share_object(
@@ -1302,7 +1302,7 @@ def test_delete_share_object(
         filter={"isShared": True}
     )
 
-    assert get_share_object_response.data.getShareObject.status == dataall.api.constants.ShareObjectStatus.Draft.value
+    assert get_share_object_response.data.getShareObject.status == ShareObjectStatus.Draft.value
 
     # When deleting the share object
     delete_share_object_response = delete_share_object(
@@ -1329,11 +1329,11 @@ def test_delete_share_object_remaining_items_error(
         filter={"isShared": True}
     )
 
-    assert get_share_object_response.data.getShareObject.status == dataall.api.constants.ShareObjectStatus.Processed.value
+    assert get_share_object_response.data.getShareObject.status == ShareObjectStatus.Processed.value
 
     shareItem = get_share_object_response.data.getShareObject.get("items").nodes[0]
     assert shareItem.shareItemUri == share3_item_shared.shareItemUri
-    assert shareItem.status == dataall.api.constants.ShareItemStatus.Share_Succeeded.value
+    assert shareItem.status == ShareItemStatus.Share_Succeeded.value
     assert get_share_object_response.data.getShareObject.get("items").count == 1
 
     # When deleting the share object
@@ -1350,16 +1350,16 @@ def test_delete_share_object_remaining_items_error(
 def _successfull_processing_for_share_object(db, share):
     with db.scoped_session() as session:
         print('Processing share with action ShareObjectActions.Start')
-        share = dataall.db.api.ShareObject.get_share_by_uri(session, share.shareUri)
+        share = ShareObjectService.get_share_by_uri(session, share.shareUri)
 
-        share_items_states = dataall.db.api.ShareObject.get_share_items_states(session, share.shareUri)
+        share_items_states = ShareObjectService.get_share_items_states(session, share.shareUri)
 
-        Share_SM = dataall.db.api.ShareObjectSM(share.status)
-        new_share_state = Share_SM.run_transition(dataall.db.models.Enums.ShareObjectActions.Start.value)
+        Share_SM = ShareObjectSM(share.status)
+        new_share_state = Share_SM.run_transition(ShareObjectActions.Start.value)
 
         for item_state in share_items_states:
-            Item_SM = dataall.db.api.ShareItemSM(item_state)
-            new_state = Item_SM.run_transition(dataall.db.models.Enums.ShareObjectActions.Start.value)
+            Item_SM = ShareItemSM(item_state)
+            new_state = Item_SM.run_transition(ShareObjectActions.Start.value)
             Item_SM.update_state(session, share.shareUri, new_state)
 
         Share_SM.update_state(session, share, new_share_state)
@@ -1367,14 +1367,14 @@ def _successfull_processing_for_share_object(db, share):
         print('Processing share with action ShareObjectActions.Finish \
             and ShareItemActions.Success')
 
-        share = dataall.db.api.ShareObject.get_share_by_uri(session, share.shareUri)
-        share_items_states = dataall.db.api.ShareObject.get_share_items_states(session, share.shareUri)
+        share = ShareObjectService.get_share_by_uri(session, share.shareUri)
+        share_items_states = ShareObjectService.get_share_items_states(session, share.shareUri)
 
-        new_share_state = Share_SM.run_transition(dataall.db.models.Enums.ShareObjectActions.Finish.value)
+        new_share_state = Share_SM.run_transition(ShareObjectActions.Finish.value)
 
         for item_state in share_items_states:
-            Item_SM = dataall.db.api.ShareItemSM(item_state)
-            new_state = Item_SM.run_transition(dataall.db.models.Enums.ShareItemActions.Success.value)
+            Item_SM = ShareItemSM(item_state)
+            new_state = Item_SM.run_transition(ShareItemActions.Success.value)
             Item_SM.update_state(session, share.shareUri, new_state)
 
         Share_SM.update_state(session, share, new_share_state)
diff --git a/tests/tasks/conftest.py b/tests/tasks/conftest.py
index 0ff919894..e8d1effe3 100644
--- a/tests/tasks/conftest.py
+++ b/tests/tasks/conftest.py
@@ -1,7 +1,9 @@
 import pytest
 
+from dataall.api.constants import ShareObjectStatus
 from dataall.db import models
 from dataall.api import constants
+from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
 from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable, Dataset
 
 
@@ -175,16 +177,16 @@ def factory(
         dataset: Dataset,
         environment: models.Environment,
         env_group: models.EnvironmentGroup
-    ) -> models.ShareObject:
+    ) -> ShareObject:
         with db.scoped_session() as session:
-            share = models.ShareObject(
+            share = ShareObject(
                 datasetUri=dataset.datasetUri,
                 environmentUri=environment.environmentUri,
                 owner="bob",
                 principalId=environment.SamlGroupName,
                 principalType=constants.PrincipalType.Group.value,
                 principalIAMRoleName=env_group.environmentIAMRoleName,
-                status=constants.ShareObjectStatus.Approved.value,
+                status=ShareObjectStatus.Approved.value,
             )
             session.add(share)
             session.commit()
@@ -196,11 +198,11 @@ def factory(
 @pytest.fixture(scope="module")
 def share_item_folder(db):
     def factory(
-        share: models.ShareObject,
+        share: ShareObject,
         location: DatasetStorageLocation,
-    ) -> models.ShareObjectItem:
+    ) -> ShareObjectItem:
         with db.scoped_session() as session:
-            share_item = models.ShareObjectItem(
+            share_item = ShareObjectItem(
                 shareUri=share.shareUri,
                 owner="alice",
                 itemUri=location.locationUri,
@@ -217,12 +219,12 @@ def factory(
 @pytest.fixture(scope="module")
 def share_item_table(db):
     def factory(
-        share: models.ShareObject,
+        share: ShareObject,
         table: DatasetTable,
         status: str,
-    ) -> models.ShareObjectItem:
+    ) -> ShareObjectItem:
         with db.scoped_session() as session:
-            share_item = models.ShareObjectItem(
+            share_item = ShareObjectItem(
                 shareUri=share.shareUri,
                 owner="alice",
                 itemUri=table.tableUri,
diff --git a/tests/tasks/test_lf_share_manager.py b/tests/tasks/test_lf_share_manager.py
index bbe2e21ca..e2ddde9da 100644
--- a/tests/tasks/test_lf_share_manager.py
+++ b/tests/tasks/test_lf_share_manager.py
@@ -10,12 +10,12 @@
 
 from dataall.db import models
 from dataall.api import constants
+from dataall.modules.dataset_sharing.db.models import ShareObject, ShareObjectItem
 from dataall.modules.datasets.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.services.dataset_alarm_service import DatasetAlarmService
 
 from dataall.tasks.data_sharing.share_processors.lf_process_cross_account_share import ProcessLFCrossAccountShare
 from dataall.tasks.data_sharing.share_processors.lf_process_same_account_share import ProcessLFSameAccountShare
-from dataall.utils.alarm_service import AlarmService
 
 
 SOURCE_ENV_ACCOUNT = "1" *  12
@@ -114,7 +114,7 @@ def table2(table: Callable, dataset1: Dataset) -> DatasetTable:
 @pytest.fixture(scope="module")
 def share_same_account(
         share: Callable, dataset1: Dataset, source_environment: models.Environment,
-        source_environment_group_requesters: models.EnvironmentGroup) -> models.ShareObject:
+        source_environment_group_requesters: models.EnvironmentGroup) -> ShareObject:
     yield share(
         dataset=dataset1,
         environment=source_environment,
@@ -125,7 +125,7 @@ def share_same_account(
 @pytest.fixture(scope="module")
 def share_cross_account(
         share: Callable, dataset1: Dataset, target_environment: models.Environment,
-        target_environment_group: models.EnvironmentGroup) -> models.ShareObject:
+        target_environment_group: models.EnvironmentGroup) -> ShareObject:
     yield share(
         dataset=dataset1,
         environment=target_environment,
@@ -134,8 +134,8 @@ def share_cross_account(
 
 
 @pytest.fixture(scope="module")
-def share_item_same_account(share_item_table: Callable, share_same_account: models.ShareObject,
-                            table1: DatasetTable) -> models.ShareObjectItem:
+def share_item_same_account(share_item_table: Callable, share_same_account: ShareObject,
+                            table1: DatasetTable) -> ShareObjectItem:
     yield share_item_table(
         share=share_same_account,
         table=table1,
@@ -143,8 +143,8 @@ def share_item_same_account(share_item_table: Callable, share_same_account: mode
     )
 
 @pytest.fixture(scope="module")
-def revoke_item_same_account(share_item_table: Callable, share_same_account: models.ShareObject,
-                             table2: DatasetTable) -> models.ShareObjectItem:
+def revoke_item_same_account(share_item_table: Callable, share_same_account: ShareObject,
+                             table2: DatasetTable) -> ShareObjectItem:
     yield share_item_table(
         share=share_same_account,
         table=table2,
@@ -152,23 +152,25 @@ def revoke_item_same_account(share_item_table: Callable, share_same_account: mod
     )
 
 @pytest.fixture(scope="module")
-def share_item_cross_account(share_item_table: Callable, share_cross_account: models.ShareObject,
-                             table1: DatasetTable) -> models.ShareObjectItem:
+def share_item_cross_account(share_item_table: Callable, share_cross_account: ShareObject,
+                             table1: DatasetTable) -> ShareObjectItem:
     yield share_item_table(
         share=share_cross_account,
         table=table1,
         status=constants.ShareItemStatus.Share_Approved.value
     )
 
+
 @pytest.fixture(scope="module")
-def revoke_item_cross_account(share_item_table: Callable, share_cross_account: models.ShareObject,
-                              table2: DatasetTable) -> models.ShareObjectItem:
+def revoke_item_cross_account(share_item_table: Callable, share_cross_account: ShareObject,
+                              table2: DatasetTable) -> ShareObjectItem:
     yield share_item_table(
         share=share_cross_account,
         table=table2,
         status=constants.ShareItemStatus.Revoke_Approved.value
     )
 
+
 @pytest.fixture(scope="module", autouse=True)
 def processor_cross_account(db, dataset1, share_cross_account, table1, table2, source_environment, target_environment,
                             target_environment_group):
@@ -185,6 +187,7 @@ def processor_cross_account(db, dataset1, share_cross_account, table1, table2, s
         )
     yield processor
 
+
 @pytest.fixture(scope="module", autouse=True)
 def processor_same_account(db, dataset1, share_same_account, table1, source_environment,
                            source_environment_group_requesters):
@@ -211,8 +214,8 @@ def test_build_shared_db_name(
         processor_same_account: ProcessLFSameAccountShare,
         processor_cross_account: ProcessLFCrossAccountShare,
         dataset1: Dataset,
-        share_same_account: models.ShareObject,
-        share_cross_account: models.ShareObject,
+        share_same_account: ShareObject,
+        share_cross_account: ShareObject,
 ):
     # Given a dataset and its share, build db_share name
     # Then, it should return
@@ -225,8 +228,8 @@ def test_get_share_principals(
         processor_cross_account: ProcessLFCrossAccountShare,
         source_environment: models.Environment,
         target_environment: models.Environment,
-        share_same_account: models.ShareObject,
-        share_cross_account: models.ShareObject,
+        share_same_account: ShareObject,
+        share_cross_account: ShareObject,
 ):
     # Given a dataset and its share, build db_share name
     # Then, it should return
@@ -238,8 +241,8 @@ def test_create_shared_database(
         db,
         processor_same_account: ProcessLFSameAccountShare,
         processor_cross_account: ProcessLFCrossAccountShare,
-        share_same_account: models.ShareObject,
-        share_cross_account: models.ShareObject,
+        share_same_account: ShareObject,
+        share_cross_account: ShareObject,
         source_environment: models.Environment,
         target_environment: models.Environment,
         dataset1: Dataset,
@@ -297,8 +300,8 @@ def test_check_share_item_exists_on_glue_catalog(
         processor_same_account: ProcessLFSameAccountShare,
         processor_cross_account: ProcessLFCrossAccountShare,
         table1: DatasetTable,
-        share_item_same_account: models.ShareObjectItem,
-        share_item_cross_account: models.ShareObjectItem,
+        share_item_same_account: ShareObjectItem,
+        share_item_cross_account: ShareObjectItem,
         mocker,
 ):
 
@@ -329,8 +332,8 @@ def test_build_share_data(
         db,
         processor_same_account: ProcessLFSameAccountShare,
         processor_cross_account: ProcessLFCrossAccountShare,
-        share_same_account: models.ShareObject,
-        share_cross_account: models.ShareObject,
+        share_same_account: ShareObject,
+        share_cross_account: ShareObject,
         source_environment: models.Environment,
         target_environment: models.Environment,
         dataset1: Dataset,
@@ -377,8 +380,8 @@ def test_create_resource_link(
         db,
         processor_same_account: ProcessLFSameAccountShare,
         processor_cross_account: ProcessLFCrossAccountShare,
-        share_same_account: models.ShareObject,
-        share_cross_account: models.ShareObject,
+        share_same_account: ShareObject,
+        share_cross_account: ShareObject,
         source_environment: models.Environment,
         target_environment: models.Environment,
         dataset1: Dataset,
@@ -460,8 +463,8 @@ def test_revoke_table_resource_link_access(
         db,
         processor_same_account: ProcessLFSameAccountShare,
         processor_cross_account: ProcessLFCrossAccountShare,
-        share_same_account: models.ShareObject,
-        share_cross_account: models.ShareObject,
+        share_same_account: ShareObject,
+        share_cross_account: ShareObject,
         source_environment: models.Environment,
         target_environment: models.Environment,
         dataset1: Dataset,
@@ -508,8 +511,8 @@ def test_revoke_source_table_access(
         db,
         processor_same_account: ProcessLFSameAccountShare,
         processor_cross_account: ProcessLFCrossAccountShare,
-        share_same_account: models.ShareObject,
-        share_cross_account: models.ShareObject,
+        share_same_account: ShareObject,
+        share_cross_account: ShareObject,
         source_environment: models.Environment,
         target_environment: models.Environment,
         dataset1: Dataset,
@@ -551,8 +554,8 @@ def test_delete_resource_link_table(
         db,
         processor_same_account: ProcessLFSameAccountShare,
         processor_cross_account: ProcessLFCrossAccountShare,
-        share_same_account: models.ShareObject,
-        share_cross_account: models.ShareObject,
+        share_same_account: ShareObject,
+        share_cross_account: ShareObject,
         source_environment: models.Environment,
         target_environment: models.Environment,
         dataset1: Dataset,
@@ -593,8 +596,8 @@ def test_delete_shared_database(
         db,
         processor_same_account: ProcessLFSameAccountShare,
         processor_cross_account: ProcessLFCrossAccountShare,
-        share_same_account: models.ShareObject,
-        share_cross_account: models.ShareObject,
+        share_same_account: ShareObject,
+        share_cross_account: ShareObject,
         source_environment: models.Environment,
         target_environment: models.Environment,
         dataset1: Dataset,
@@ -622,8 +625,8 @@ def test_revoke_external_account_access_on_source_account(
         db,
         processor_same_account: ProcessLFSameAccountShare,
         processor_cross_account: ProcessLFCrossAccountShare,
-        share_same_account: models.ShareObject,
-        share_cross_account: models.ShareObject,
+        share_same_account: ShareObject,
+        share_cross_account: ShareObject,
         source_environment: models.Environment,
         target_environment: models.Environment,
         dataset1: Dataset,
@@ -650,8 +653,8 @@ def test_handle_share_failure(
         db,
         processor_same_account: ProcessLFSameAccountShare,
         processor_cross_account: ProcessLFCrossAccountShare,
-        share_item_same_account: models.ShareObjectItem,
-        share_item_cross_account: models.ShareObjectItem,
+        share_item_same_account: ShareObjectItem,
+        share_item_cross_account: ShareObjectItem,
         table1: DatasetTable,
         mocker,
 ):
@@ -680,8 +683,8 @@ def test_handle_revoke_failure(
         db,
         processor_same_account: ProcessLFSameAccountShare,
         processor_cross_account: ProcessLFCrossAccountShare,
-        revoke_item_same_account: models.ShareObjectItem,
-        revoke_item_cross_account: models.ShareObjectItem,
+        revoke_item_same_account: ShareObjectItem,
+        revoke_item_cross_account: ShareObjectItem,
         table1: DatasetTable,
         mocker,
 ):
diff --git a/tests/tasks/test_s3_share_manager.py b/tests/tasks/test_s3_share_manager.py
index 549ed8afb..b0dc0f722 100644
--- a/tests/tasks/test_s3_share_manager.py
+++ b/tests/tasks/test_s3_share_manager.py
@@ -4,9 +4,9 @@
 from typing import Callable
 
 from dataall.db import models
+from dataall.modules.dataset_sharing.db.models import ShareObject, ShareObjectItem
 
 from dataall.tasks.data_sharing.share_managers.s3_share_manager import S3ShareManager
-from dataall.utils.alarm_service import AlarmService
 from dataall.modules.datasets.db.models import DatasetStorageLocation, Dataset
 
 SOURCE_ENV_ACCOUNT = "111111111111"
@@ -75,13 +75,13 @@ def location1(location: Callable, dataset1: Dataset) -> DatasetStorageLocation:
 @pytest.fixture(scope="module")
 def share1(share: Callable, dataset1: Dataset,
            target_environment: models.Environment,
-           target_environment_group: models.EnvironmentGroup) -> models.ShareObject:
+           target_environment_group: models.EnvironmentGroup) -> ShareObject:
     share1 = share(dataset1, target_environment, target_environment_group)
     yield share1
 
 
 @pytest.fixture(scope="module")
-def share_item_folder1(share_item_folder: Callable, share1: models.ShareObject, location1: DatasetStorageLocation):
+def share_item_folder1(share_item_folder: Callable, share1: ShareObject, location1: DatasetStorageLocation):
     share_item_folder1 = share_item_folder(share1, location1)
     return share_item_folder1
 
@@ -169,7 +169,7 @@ def test_manage_bucket_policy_no_policy(
     target_environment_group,
     dataset1,
     db,
-    share1: models.ShareObject,
+    share1: ShareObject,
     share_item_folder1,
     location1,
     source_environment: models.Environment,
@@ -233,7 +233,7 @@ def test_manage_bucket_policy_existing_policy(
     target_environment_group,
     dataset1,
     db,
-    share1: models.ShareObject,
+    share1: ShareObject,
     share_item_folder1,
     location1,
     source_environment: models.Environment,
@@ -282,7 +282,7 @@ def test_grant_target_role_access_policy_existing_policy_bucket_not_included(
     target_environment_group,
     dataset1,
     db,
-    share1: models.ShareObject,
+    share1: ShareObject,
     share_item_folder1,
     location1,
     source_environment: models.Environment,
@@ -335,7 +335,7 @@ def test_grant_target_role_access_policy_existing_policy_bucket_included(
     target_environment_group,
     dataset1,
     db,
-    share1: models.ShareObject,
+    share1: ShareObject,
     share_item_folder1,
     location1,
     source_environment: models.Environment,
@@ -381,8 +381,8 @@ def test_grant_target_role_access_policy_test_no_policy(
     target_environment_group: models.EnvironmentGroup,
     dataset1: Dataset,
     db,
-    share1: models.ShareObject,
-    share_item_folder1: models.ShareObjectItem,
+    share1: ShareObject,
+    share_item_folder1: ShareObjectItem,
     location1: DatasetStorageLocation,
     source_environment: models.Environment,
     target_environment: models.Environment,
@@ -443,8 +443,8 @@ def test_update_dataset_bucket_key_policy_with_env_admin(
     target_environment_group: models.EnvironmentGroup,
     dataset1: Dataset,
     db,
-    share1: models.ShareObject,
-    share_item_folder1: models.ShareObjectItem,
+    share1: ShareObject,
+    share_item_folder1: ShareObjectItem,
     location1: DatasetStorageLocation,
     source_environment: models.Environment,
     target_environment: models.Environment,
@@ -560,8 +560,8 @@ def test_update_dataset_bucket_key_policy_without_env_admin(
     target_environment_group: models.EnvironmentGroup,
     dataset1: Dataset,
     db,
-    share1: models.ShareObject,
-    share_item_folder1: models.ShareObjectItem,
+    share1: ShareObject,
+    share_item_folder1: ShareObjectItem,
     location1: DatasetStorageLocation,
     source_environment: models.Environment,
     target_environment: models.Environment,
@@ -640,8 +640,8 @@ def test_manage_access_point_and_policy_1(
     target_environment_group: models.EnvironmentGroup,
     dataset1: Dataset,
     db,
-    share1: models.ShareObject,
-    share_item_folder1: models.ShareObjectItem,
+    share1: ShareObject,
+    share_item_folder1: ShareObjectItem,
     location1: DatasetStorageLocation,
     source_environment: models.Environment,
     target_environment: models.Environment,
@@ -731,8 +731,8 @@ def test_manage_access_point_and_policy_2(
     target_environment_group: models.EnvironmentGroup,
     dataset1: Dataset,
     db,
-    share1: models.ShareObject,
-    share_item_folder1: models.ShareObjectItem,
+    share1: ShareObject,
+    share_item_folder1: ShareObjectItem,
     location1: DatasetStorageLocation,
     source_environment: models.Environment,
     target_environment: models.Environment,
@@ -805,8 +805,8 @@ def test_manage_access_point_and_policy_3(
     target_environment_group: models.EnvironmentGroup,
     dataset1: Dataset,
     db,
-    share1: models.ShareObject,
-    share_item_folder1: models.ShareObjectItem,
+    share1: ShareObject,
+    share_item_folder1: ShareObjectItem,
     location1: DatasetStorageLocation,
     source_environment: models.Environment,
     target_environment: models.Environment,
@@ -876,8 +876,8 @@ def test_delete_access_point_policy_with_env_admin_one_prefix(
     target_environment_group: models.EnvironmentGroup,
     dataset1: Dataset,
     db,
-    share1: models.ShareObject,
-    share_item_folder1: models.ShareObjectItem,
+    share1: ShareObject,
+    share_item_folder1: ShareObjectItem,
     location1: DatasetStorageLocation,
     source_environment: models.Environment,
     target_environment: models.Environment,
@@ -948,8 +948,8 @@ def test_delete_access_point_policy_with_env_admin_multiple_prefix(
     target_environment_group: models.EnvironmentGroup,
     dataset1: Dataset,
     db,
-    share1: models.ShareObject,
-    share_item_folder1: models.ShareObjectItem,
+    share1: ShareObject,
+    share_item_folder1: ShareObjectItem,
     location1: DatasetStorageLocation,
     source_environment: models.Environment,
     target_environment: models.Environment,
@@ -1015,8 +1015,8 @@ def test_dont_delete_access_point_with_policy(
     target_environment_group: models.EnvironmentGroup,
     dataset1: Dataset,
     db,
-    share1: models.ShareObject,
-    share_item_folder1: models.ShareObjectItem,
+    share1: ShareObject,
+    share_item_folder1: ShareObjectItem,
     location1: DatasetStorageLocation,
     source_environment: models.Environment,
     target_environment: models.Environment,
@@ -1061,8 +1061,8 @@ def test_delete_access_point_without_policy(
     target_environment_group: models.EnvironmentGroup,
     dataset1: Dataset,
     db,
-    share1: models.ShareObject,
-    share_item_folder1: models.ShareObjectItem,
+    share1: ShareObject,
+    share_item_folder1: ShareObjectItem,
     location1: DatasetStorageLocation,
     source_environment: models.Environment,
     target_environment: models.Environment,
@@ -1107,8 +1107,8 @@ def test_delete_target_role_access_policy_no_remaining_statement(
     target_environment_group: models.EnvironmentGroup,
     dataset1: Dataset,
     db,
-    share1: models.ShareObject,
-    share_item_folder1: models.ShareObjectItem,
+    share1: ShareObject,
+    share_item_folder1: ShareObjectItem,
     location1: DatasetStorageLocation,
     source_environment: models.Environment,
     target_environment: models.Environment,
@@ -1172,8 +1172,8 @@ def test_delete_target_role_access_policy_with_remaining_statement(
     target_environment_group: models.EnvironmentGroup,
     dataset1: Dataset,
     db,
-    share1: models.ShareObject,
-    share_item_folder1: models.ShareObjectItem,
+    share1: ShareObject,
+    share_item_folder1: ShareObjectItem,
     location1: DatasetStorageLocation,
     source_environment: models.Environment,
     target_environment: models.Environment,
@@ -1258,8 +1258,8 @@ def test_delete_dataset_bucket_key_policy_existing_policy_with_additional_target
     target_environment_group: models.EnvironmentGroup,
     dataset1: Dataset,
     db,
-    share1: models.ShareObject,
-    share_item_folder1: models.ShareObjectItem,
+    share1: ShareObject,
+    share_item_folder1: ShareObjectItem,
     location1: DatasetStorageLocation,
     source_environment: models.Environment,
     target_environment: models.Environment,
@@ -1349,8 +1349,8 @@ def test_delete_dataset_bucket_key_policy_existing_policy_with_no_additional_tar
     target_environment_group: models.EnvironmentGroup,
     dataset1: Dataset,
     db,
-    share1: models.ShareObject,
-    share_item_folder1: models.ShareObjectItem,
+    share1: ShareObject,
+    share_item_folder1: ShareObjectItem,
     location1: DatasetStorageLocation,
     source_environment: models.Environment,
     target_environment: models.Environment,
diff --git a/tests/tasks/test_subscriptions.py b/tests/tasks/test_subscriptions.py
index 11c255db2..b8e470a9d 100644
--- a/tests/tasks/test_subscriptions.py
+++ b/tests/tasks/test_subscriptions.py
@@ -2,7 +2,10 @@
 
 import dataall
 from dataall.api.constants import OrganisationUserRole
+from dataall.modules.dataset_sharing.db.Enums import ShareObjectStatus
+from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
 from dataall.modules.datasets.db.models import DatasetTable, Dataset
+from dataall.modules.datasets.tasks.subscription_service import SubscriptionService
 
 
 @pytest.fixture(scope='module')
@@ -110,17 +113,17 @@ def share(
             region=dataset.region,
         )
         session.add(table)
-        share = dataall.db.models.ShareObject(
+        share = ShareObject(
             datasetUri=dataset.datasetUri,
             environmentUri=otherenv.environmentUri,
             owner='bob',
             principalId='group2',
             principalType=dataall.api.constants.PrincipalType.Environment.value,
-            status=dataall.api.constants.ShareObjectStatus.Approved.value,
+            status=ShareObjectStatus.Approved.value,
         )
         session.add(share)
         session.commit()
-        share_item = dataall.db.models.ShareObjectItem(
+        share_item = ShareObjectItem(
             shareUri=share.shareUri,
             owner='alice',
             itemUri=table.tableUri,
@@ -138,7 +141,7 @@ def test_subscriptions(org, env, otherenv, db, dataset, share, mocker):
         'dataall.modules.datasets.tasks.subscription_service.SubscriptionService.sns_call',
         return_value=True,
     )
-    subscriber = dataall.modules.datasets.tasks.subscription_service.SubscriptionService()
+    subscriber = SubscriptionService()
     messages = [
         {
             'prefix': 's3://dataset/testtable/csv/',

From da7c858536a5eefebbcc35662268c3396680bb1f Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 5 May 2023 12:01:55 +0200
Subject: [PATCH 123/346] Moved dataset models to dataset_base

---
 backend/dataall/aws/handlers/redshift.py                     | 2 +-
 backend/dataall/db/api/redshift_cluster.py                   | 4 ++--
 backend/dataall/modules/dataset_sharing/api/resolvers.py     | 2 +-
 .../dataset_sharing/services/dataset_share_service.py        | 5 +----
 .../dataset_sharing/services/share_notification_service.py   | 2 +-
 .../dataall/modules/dataset_sharing/services/share_object.py | 2 +-
 backend/dataall/modules/datasets/__init__.py                 | 2 +-
 backend/dataall/modules/datasets/api/profiling/resolvers.py  | 2 +-
 .../modules/datasets/api/storage_location/resolvers.py       | 2 +-
 backend/dataall/modules/datasets/api/table/resolvers.py      | 2 +-
 .../dataall/modules/datasets/api/table_column/resolvers.py   | 2 +-
 backend/dataall/modules/datasets/aws/glue_dataset_client.py  | 2 +-
 backend/dataall/modules/datasets/aws/glue_table_client.py    | 2 +-
 backend/dataall/modules/datasets/aws/lf_table_client.py      | 2 +-
 backend/dataall/modules/datasets/aws/s3_location_client.py   | 2 +-
 backend/dataall/modules/datasets/cdk/dataset_policy.py       | 2 +-
 backend/dataall/modules/datasets/cdk/dataset_stack.py        | 3 +--
 .../dataall/modules/datasets/handlers/glue_column_handler.py | 2 +-
 .../modules/datasets/handlers/glue_dataset_handler.py        | 2 +-
 .../modules/datasets/handlers/glue_profiling_handler.py      | 2 +-
 .../dataall/modules/datasets/handlers/glue_table_handler.py  | 2 +-
 backend/dataall/modules/datasets/indexers/dataset_indexer.py | 2 +-
 .../dataall/modules/datasets/indexers/location_indexer.py    | 2 +-
 backend/dataall/modules/datasets/indexers/table_indexer.py   | 2 +-
 .../modules/datasets/services/dataset_alarm_service.py       | 2 +-
 .../modules/datasets/services/dataset_group_resource.py      | 4 ++--
 .../modules/datasets/services/dataset_location_service.py    | 4 ++--
 .../modules/datasets/services/dataset_profiling_service.py   | 2 +-
 backend/dataall/modules/datasets/services/dataset_service.py | 4 ++--
 .../modules/datasets/services/dataset_table_service.py       | 2 +-
 .../dataall/modules/datasets/tasks/bucket_policy_updater.py  | 2 +-
 .../dataall/modules/datasets/tasks/subscription_service.py   | 2 +-
 backend/dataall/modules/datasets/tasks/tables_syncer.py      | 2 +-
 backend/dataall/modules/datasets_base/__init__.py            | 0
 backend/dataall/modules/datasets_base/db/__init__.py         | 0
 .../{datasets => datasets_base}/db/dataset_repository.py     | 2 +-
 .../dataall/modules/{datasets => datasets_base}/db/models.py | 0
 backend/dataall/tasks/catalog_indexer.py                     | 2 +-
 .../tasks/data_sharing/share_managers/lf_share_manager.py    | 2 +-
 .../tasks/data_sharing/share_managers/s3_share_manager.py    | 4 ++--
 .../share_processors/lf_process_cross_account_share.py       | 4 ++--
 .../share_processors/lf_process_same_account_share.py        | 2 +-
 .../tasks/data_sharing/share_processors/s3_process_share.py  | 2 +-
 backend/dataall/tasks/stacks_updater.py                      | 2 +-
 tests/api/conftest.py                                        | 2 +-
 tests/api/test_dashboards.py                                 | 2 +-
 tests/api/test_dataset.py                                    | 3 +--
 tests/api/test_dataset_location.py                           | 2 +-
 tests/api/test_dataset_profiling.py                          | 4 +---
 tests/api/test_dataset_table.py                              | 2 +-
 tests/api/test_environment.py                                | 3 +--
 tests/api/test_glossary.py                                   | 2 +-
 tests/api/test_keyvaluetag.py                                | 4 +---
 tests/api/test_redshift_cluster.py                           | 2 +-
 tests/api/test_share.py                                      | 2 +-
 tests/api/test_vote.py                                       | 2 +-
 tests/cdkproxy/conftest.py                                   | 2 +-
 tests/db/test_permission.py                                  | 2 +-
 tests/modules/datasets/test_dataset_feed.py                  | 2 +-
 tests/searchproxy/test_indexers.py                           | 4 +---
 tests/tasks/conftest.py                                      | 2 +-
 tests/tasks/test_catalog_indexer.py                          | 2 +-
 tests/tasks/test_lf_share_manager.py                         | 2 +-
 tests/tasks/test_policies.py                                 | 2 +-
 tests/tasks/test_s3_share_manager.py                         | 2 +-
 tests/tasks/test_stacks_updater.py                           | 2 +-
 tests/tasks/test_subscriptions.py                            | 2 +-
 tests/tasks/test_tables_sync.py                              | 3 +--
 68 files changed, 71 insertions(+), 84 deletions(-)
 create mode 100644 backend/dataall/modules/datasets_base/__init__.py
 create mode 100644 backend/dataall/modules/datasets_base/db/__init__.py
 rename backend/dataall/modules/{datasets => datasets_base}/db/dataset_repository.py (92%)
 rename backend/dataall/modules/{datasets => datasets_base}/db/models.py (100%)

diff --git a/backend/dataall/aws/handlers/redshift.py b/backend/dataall/aws/handlers/redshift.py
index 0ace9d4f3..1e3e994c6 100644
--- a/backend/dataall/aws/handlers/redshift.py
+++ b/backend/dataall/aws/handlers/redshift.py
@@ -11,7 +11,7 @@
 from ...db import models
 # TODO should be migrated in the redshift module
 from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
-from dataall.modules.datasets.db.models import DatasetTable, Dataset
+from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
 
 log = logging.getLogger(__name__)
diff --git a/backend/dataall/db/api/redshift_cluster.py b/backend/dataall/db/api/redshift_cluster.py
index 6f57e38fc..33657ca9d 100644
--- a/backend/dataall/db/api/redshift_cluster.py
+++ b/backend/dataall/db/api/redshift_cluster.py
@@ -2,9 +2,9 @@
 
 from sqlalchemy import and_, or_, literal
 
-from .. import models, api, exceptions, paginate, permissions
+from .. import models, exceptions, paginate, permissions
 from . import has_resource_perm, ResourcePolicy, Environment
-from dataall.modules.datasets.db.models import DatasetTable, Dataset
+from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 from dataall.utils.naming_convention import (
     NamingConventionService,
     NamingConventionPattern,
diff --git a/backend/dataall/modules/dataset_sharing/api/resolvers.py b/backend/dataall/modules/dataset_sharing/api/resolvers.py
index ec634bc41..50877afcc 100644
--- a/backend/dataall/modules/dataset_sharing/api/resolvers.py
+++ b/backend/dataall/modules/dataset_sharing/api/resolvers.py
@@ -9,7 +9,7 @@
 from dataall.db import models
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
 from dataall.modules.dataset_sharing.services.share_object import ShareObjectService
-from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable, Dataset
+from dataall.modules.datasets_base.db.models import DatasetStorageLocation, DatasetTable, Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
 
 log = logging.getLogger(__name__)
diff --git a/backend/dataall/modules/dataset_sharing/services/dataset_share_service.py b/backend/dataall/modules/dataset_sharing/services/dataset_share_service.py
index e2996d746..dbf0fe150 100644
--- a/backend/dataall/modules/dataset_sharing/services/dataset_share_service.py
+++ b/backend/dataall/modules/dataset_sharing/services/dataset_share_service.py
@@ -1,6 +1,3 @@
-import logging
-import re
-
 from sqlalchemy import or_, case, func
 from sqlalchemy.sql import and_
 
@@ -10,7 +7,7 @@
 from dataall.db.paginator import paginate
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
 from dataall.modules.dataset_sharing.services.share_object import ShareItemSM
-from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable, Dataset
+from dataall.modules.datasets_base.db.models import DatasetStorageLocation, DatasetTable, Dataset
 
 
 class DatasetShareService:
diff --git a/backend/dataall/modules/dataset_sharing/services/share_notification_service.py b/backend/dataall/modules/dataset_sharing/services/share_notification_service.py
index 59c12fef5..4f1bb20df 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_notification_service.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_notification_service.py
@@ -1,7 +1,7 @@
 from dataall.db import models
 from dataall.db.api import Notification
 from dataall.modules.dataset_sharing.db.models import ShareObject
-from dataall.modules.datasets.db.models import Dataset
+from dataall.modules.datasets_base.db.models import Dataset
 
 
 class ShareNotificationService:
diff --git a/backend/dataall/modules/dataset_sharing/services/share_object.py b/backend/dataall/modules/dataset_sharing/services/share_object.py
index 0fa291cbb..2a97d6cb4 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_object.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_object.py
@@ -13,7 +13,7 @@
 from dataall.modules.dataset_sharing.db.Enums import ShareObjectActions, ShareObjectStatus, ShareItemActions, \
     ShareItemStatus
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
-from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable, Dataset
+from dataall.modules.datasets_base.db.models import DatasetStorageLocation, DatasetTable, Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.modules.datasets.services.permissions import DATASET_TABLE_READ
 from dataall.modules.dataset_sharing.services.share_notification_service import ShareNotificationService
diff --git a/backend/dataall/modules/datasets/__init__.py b/backend/dataall/modules/datasets/__init__.py
index 5fce6b4c4..874482057 100644
--- a/backend/dataall/modules/datasets/__init__.py
+++ b/backend/dataall/modules/datasets/__init__.py
@@ -4,7 +4,7 @@
 
 from dataall.modules.dataset_sharing import SharingApiModuleInterface
 from dataall.core.group.services.group_resource_manager import GroupResourceManager
-from dataall.modules.datasets.db.models import DatasetTableColumn, DatasetStorageLocation, DatasetTable, Dataset
+from dataall.modules.datasets_base.db.models import DatasetTableColumn, DatasetStorageLocation, DatasetTable, Dataset
 from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
 from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
diff --git a/backend/dataall/modules/datasets/api/profiling/resolvers.py b/backend/dataall/modules/datasets/api/profiling/resolvers.py
index d156eee95..9fddc4505 100644
--- a/backend/dataall/modules/datasets/api/profiling/resolvers.py
+++ b/backend/dataall/modules/datasets/api/profiling/resolvers.py
@@ -9,7 +9,7 @@
 from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
 from dataall.modules.datasets.services.dataset_profiling_service import DatasetProfilingService
-from dataall.modules.datasets.db.models import DatasetProfilingRun
+from dataall.modules.datasets_base.db.models import DatasetProfilingRun
 from dataall.modules.datasets.services.permissions import PROFILE_DATASET_TABLE
 
 log = logging.getLogger(__name__)
diff --git a/backend/dataall/modules/datasets/api/storage_location/resolvers.py b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
index 4b1ae1726..db9f8fde7 100644
--- a/backend/dataall/modules/datasets/api/storage_location/resolvers.py
+++ b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
@@ -8,7 +8,7 @@
 )
 from dataall.modules.datasets.handlers.s3_location_handler import S3DatasetLocationHandler
 from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
-from dataall.modules.datasets.db.models import DatasetStorageLocation, Dataset
+from dataall.modules.datasets_base.db.models import DatasetStorageLocation, Dataset
 from dataall.modules.datasets.services.dataset_location_service import DatasetLocationService
 from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.modules.datasets.services.permissions import UPDATE_DATASET_FOLDER
diff --git a/backend/dataall/modules/datasets/api/table/resolvers.py b/backend/dataall/modules/datasets/api/table/resolvers.py
index 8e72bb8df..caa160851 100644
--- a/backend/dataall/modules/datasets/api/table/resolvers.py
+++ b/backend/dataall/modules/datasets/api/table/resolvers.py
@@ -11,7 +11,7 @@
 from dataall.aws.handlers.sts import SessionHelper
 from dataall.db import models
 from dataall.db.api import ResourcePolicy, Glossary
-from dataall.modules.datasets.db.models import DatasetTable, Dataset
+from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.modules.datasets.services.permissions import UPDATE_DATASET_TABLE, PREVIEW_DATASET_TABLE
 from dataall.utils import json_utils
diff --git a/backend/dataall/modules/datasets/api/table_column/resolvers.py b/backend/dataall/modules/datasets/api/table_column/resolvers.py
index 591459f87..0efeceaa6 100644
--- a/backend/dataall/modules/datasets/api/table_column/resolvers.py
+++ b/backend/dataall/modules/datasets/api/table_column/resolvers.py
@@ -6,7 +6,7 @@
 from dataall.db import paginate, models
 from dataall.db.api import ResourcePolicy
 from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
-from dataall.modules.datasets.db.models import DatasetTableColumn, DatasetTable
+from dataall.modules.datasets_base.db.models import DatasetTableColumn, DatasetTable
 from dataall.modules.datasets.services.permissions import UPDATE_DATASET_TABLE
 
 
diff --git a/backend/dataall/modules/datasets/aws/glue_dataset_client.py b/backend/dataall/modules/datasets/aws/glue_dataset_client.py
index 2f29abc41..f52b35f92 100644
--- a/backend/dataall/modules/datasets/aws/glue_dataset_client.py
+++ b/backend/dataall/modules/datasets/aws/glue_dataset_client.py
@@ -2,7 +2,7 @@
 from botocore.exceptions import ClientError
 
 from dataall.aws.handlers.sts import SessionHelper
-from dataall.modules.datasets.db.models import Dataset
+from dataall.modules.datasets_base.db.models import Dataset
 
 log = logging.getLogger(__name__)
 
diff --git a/backend/dataall/modules/datasets/aws/glue_table_client.py b/backend/dataall/modules/datasets/aws/glue_table_client.py
index 2b0f1c5c4..6050b27d6 100644
--- a/backend/dataall/modules/datasets/aws/glue_table_client.py
+++ b/backend/dataall/modules/datasets/aws/glue_table_client.py
@@ -2,7 +2,7 @@
 
 from botocore.exceptions import ClientError
 
-from dataall.modules.datasets.db.models import DatasetTable
+from dataall.modules.datasets_base.db.models import DatasetTable
 
 log = logging.getLogger(__name__)
 
diff --git a/backend/dataall/modules/datasets/aws/lf_table_client.py b/backend/dataall/modules/datasets/aws/lf_table_client.py
index 8caff5073..2a6eaef5a 100644
--- a/backend/dataall/modules/datasets/aws/lf_table_client.py
+++ b/backend/dataall/modules/datasets/aws/lf_table_client.py
@@ -2,7 +2,7 @@
 from botocore.exceptions import ClientError
 
 from dataall.aws.handlers.sts import SessionHelper
-from dataall.modules.datasets.db.models import DatasetTable
+from dataall.modules.datasets_base.db.models import DatasetTable
 
 log = logging.getLogger(__name__)
 
diff --git a/backend/dataall/modules/datasets/aws/s3_location_client.py b/backend/dataall/modules/datasets/aws/s3_location_client.py
index 45385743d..ab127ad28 100644
--- a/backend/dataall/modules/datasets/aws/s3_location_client.py
+++ b/backend/dataall/modules/datasets/aws/s3_location_client.py
@@ -1,7 +1,7 @@
 import logging
 
 from dataall.aws.handlers.sts import SessionHelper
-from dataall.modules.datasets.db.models import DatasetStorageLocation
+from dataall.modules.datasets_base.db.models import DatasetStorageLocation
 
 log = logging.getLogger(__name__)
 
diff --git a/backend/dataall/modules/datasets/cdk/dataset_policy.py b/backend/dataall/modules/datasets/cdk/dataset_policy.py
index 64c0c53a4..05d3e0e89 100644
--- a/backend/dataall/modules/datasets/cdk/dataset_policy.py
+++ b/backend/dataall/modules/datasets/cdk/dataset_policy.py
@@ -2,7 +2,7 @@
 from aws_cdk import aws_iam as iam
 
 from dataall.cdkproxy.stacks.policies.data_policy import DataPolicy
-from dataall.modules.datasets.db.models import Dataset
+from dataall.modules.datasets_base.db.models import Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
 
 
diff --git a/backend/dataall/modules/datasets/cdk/dataset_stack.py b/backend/dataall/modules/datasets/cdk/dataset_stack.py
index 2e77dcfc8..73c2aedc5 100644
--- a/backend/dataall/modules/datasets/cdk/dataset_stack.py
+++ b/backend/dataall/modules/datasets/cdk/dataset_stack.py
@@ -1,6 +1,5 @@
 import logging
 import os
-import typing
 
 from aws_cdk import (
     custom_resources as cr,
@@ -27,7 +26,7 @@
 from dataall.db.api import Environment
 from dataall.utils.cdk_nag_utils import CDKNagUtil
 from dataall.utils.runtime_stacks_tagging import TagsUtil
-from dataall.modules.datasets.db.models import Dataset
+from dataall.modules.datasets_base.db.models import Dataset
 
 logger = logging.getLogger(__name__)
 
diff --git a/backend/dataall/modules/datasets/handlers/glue_column_handler.py b/backend/dataall/modules/datasets/handlers/glue_column_handler.py
index 07a1c41b5..0cf8d0b1b 100644
--- a/backend/dataall/modules/datasets/handlers/glue_column_handler.py
+++ b/backend/dataall/modules/datasets/handlers/glue_column_handler.py
@@ -5,7 +5,7 @@
 from dataall.aws.handlers.service_handlers import Worker
 from dataall.modules.datasets.aws.glue_table_client import GlueTableClient
 from dataall.modules.datasets.aws.lf_table_client import LakeFormationTableClient
-from dataall.modules.datasets.db.models import DatasetTableColumn, DatasetTable
+from dataall.modules.datasets_base.db.models import DatasetTableColumn, DatasetTable
 from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
 
 log = logging.getLogger(__name__)
diff --git a/backend/dataall/modules/datasets/handlers/glue_dataset_handler.py b/backend/dataall/modules/datasets/handlers/glue_dataset_handler.py
index 27e5c1ec4..277999720 100644
--- a/backend/dataall/modules/datasets/handlers/glue_dataset_handler.py
+++ b/backend/dataall/modules/datasets/handlers/glue_dataset_handler.py
@@ -3,7 +3,7 @@
 from dataall.aws.handlers.service_handlers import Worker
 from dataall.db import models
 from dataall.modules.datasets.aws.glue_dataset_client import DatasetCrawler
-from dataall.modules.datasets.db.models import Dataset
+from dataall.modules.datasets_base.db.models import Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
 
 log = logging.getLogger(__name__)
diff --git a/backend/dataall/modules/datasets/handlers/glue_profiling_handler.py b/backend/dataall/modules/datasets/handlers/glue_profiling_handler.py
index 5d2a4232a..c45e7011b 100644
--- a/backend/dataall/modules/datasets/handlers/glue_profiling_handler.py
+++ b/backend/dataall/modules/datasets/handlers/glue_profiling_handler.py
@@ -4,7 +4,7 @@
 from dataall.aws.handlers.service_handlers import Worker
 from dataall.aws.handlers.sts import SessionHelper
 from dataall.db import models
-from dataall.modules.datasets.db.models import DatasetProfilingRun, Dataset
+from dataall.modules.datasets_base.db.models import DatasetProfilingRun, Dataset
 from dataall.modules.datasets.services.dataset_profiling_service import DatasetProfilingService
 
 log = logging.getLogger(__name__)
diff --git a/backend/dataall/modules/datasets/handlers/glue_table_handler.py b/backend/dataall/modules/datasets/handlers/glue_table_handler.py
index f648dc330..aabff1ae7 100644
--- a/backend/dataall/modules/datasets/handlers/glue_table_handler.py
+++ b/backend/dataall/modules/datasets/handlers/glue_table_handler.py
@@ -3,7 +3,7 @@
 from dataall.aws.handlers.glue import Glue
 from dataall.aws.handlers.service_handlers import Worker
 from dataall.db import models
-from dataall.modules.datasets.db.models import Dataset
+from dataall.modules.datasets_base.db.models import Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
 
diff --git a/backend/dataall/modules/datasets/indexers/dataset_indexer.py b/backend/dataall/modules/datasets/indexers/dataset_indexer.py
index 33935de71..9f8191343 100644
--- a/backend/dataall/modules/datasets/indexers/dataset_indexer.py
+++ b/backend/dataall/modules/datasets/indexers/dataset_indexer.py
@@ -2,7 +2,7 @@
 
 from dataall import db
 from dataall.db import models
-from dataall.modules.datasets.db.models import Dataset
+from dataall.modules.datasets_base.db.models import Dataset
 from dataall.modules.datasets.services.dataset_location_service import DatasetLocationService
 from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.searchproxy.base_indexer import BaseIndexer
diff --git a/backend/dataall/modules/datasets/indexers/location_indexer.py b/backend/dataall/modules/datasets/indexers/location_indexer.py
index 0a4672164..9a6694d66 100644
--- a/backend/dataall/modules/datasets/indexers/location_indexer.py
+++ b/backend/dataall/modules/datasets/indexers/location_indexer.py
@@ -1,5 +1,5 @@
 """Indexes DatasetStorageLocation in OpenSearch"""
-from dataall.modules.datasets.db.models import DatasetStorageLocation, Dataset
+from dataall.modules.datasets_base.db.models import DatasetStorageLocation, Dataset
 
 from dataall.db import models
 from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
diff --git a/backend/dataall/modules/datasets/indexers/table_indexer.py b/backend/dataall/modules/datasets/indexers/table_indexer.py
index bde683c20..edbf262b5 100644
--- a/backend/dataall/modules/datasets/indexers/table_indexer.py
+++ b/backend/dataall/modules/datasets/indexers/table_indexer.py
@@ -2,7 +2,7 @@
 from operator import and_
 
 from dataall.db import models
-from dataall.modules.datasets.db.models import DatasetTable, Dataset
+from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
 from dataall.searchproxy.base_indexer import BaseIndexer
 
diff --git a/backend/dataall/modules/datasets/services/dataset_alarm_service.py b/backend/dataall/modules/datasets/services/dataset_alarm_service.py
index 2748877fb..2a348ec85 100644
--- a/backend/dataall/modules/datasets/services/dataset_alarm_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_alarm_service.py
@@ -3,7 +3,7 @@
 
 from dataall.db import models
 from dataall.modules.dataset_sharing.db.models import ShareObject
-from dataall.modules.datasets.db.models import DatasetTable, Dataset
+from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 from dataall.utils.alarm_service import AlarmService
 
 log = logging.getLogger(__name__)
diff --git a/backend/dataall/modules/datasets/services/dataset_group_resource.py b/backend/dataall/modules/datasets/services/dataset_group_resource.py
index 8d58ac3ad..25ec77beb 100644
--- a/backend/dataall/modules/datasets/services/dataset_group_resource.py
+++ b/backend/dataall/modules/datasets/services/dataset_group_resource.py
@@ -1,5 +1,5 @@
-from dataall.core.group.services.group_resource_manager import GroupResource, GroupResourceManager
-from dataall.modules.datasets.db.dataset_repository import DatasetRepository
+from dataall.core.group.services.group_resource_manager import GroupResource
+from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 
 
 class DatasetGroupResource(GroupResource):
diff --git a/backend/dataall/modules/datasets/services/dataset_location_service.py b/backend/dataall/modules/datasets/services/dataset_location_service.py
index 2493ddede..b86b86b34 100644
--- a/backend/dataall/modules/datasets/services/dataset_location_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_location_service.py
@@ -8,8 +8,8 @@
 from dataall.db import paginate, exceptions
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem
 from dataall.modules.dataset_sharing.services.share_object import ShareItemSM
-from dataall.modules.datasets.db.dataset_repository import DatasetRepository
-from dataall.modules.datasets.db.models import DatasetStorageLocation
+from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
+from dataall.modules.datasets_base.db.models import DatasetStorageLocation
 from dataall.modules.datasets.services.permissions import MANAGE_DATASETS, LIST_DATASET_FOLDERS, CREATE_DATASET_FOLDER, \
     DELETE_DATASET_FOLDER, UPDATE_DATASET_FOLDER
 
diff --git a/backend/dataall/modules/datasets/services/dataset_profiling_service.py b/backend/dataall/modules/datasets/services/dataset_profiling_service.py
index ce679ccd4..55a143ebf 100644
--- a/backend/dataall/modules/datasets/services/dataset_profiling_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_profiling_service.py
@@ -2,7 +2,7 @@
 
 from dataall.db import paginate, models
 from dataall.db.exceptions import ObjectNotFound
-from dataall.modules.datasets.db.models import DatasetProfilingRun, DatasetTable, Dataset
+from dataall.modules.datasets_base.db.models import DatasetProfilingRun, DatasetTable, Dataset
 
 
 class DatasetProfilingService:
diff --git a/backend/dataall/modules/datasets/services/dataset_service.py b/backend/dataall/modules/datasets/services/dataset_service.py
index faf973106..e2dd52e4c 100644
--- a/backend/dataall/modules/datasets/services/dataset_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_service.py
@@ -20,8 +20,8 @@
 from dataall.db.models.Enums import Language, ConfidentialityClassification
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
 from dataall.modules.dataset_sharing.services.share_object import ShareItemSM
-from dataall.modules.datasets.db.dataset_repository import DatasetRepository
-from dataall.modules.datasets.db.models import DatasetTable, Dataset
+from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
+from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.services.dataset_location_service import DatasetLocationService
 from dataall.modules.datasets.services.permissions import MANAGE_DATASETS, UPDATE_DATASET, DATASET_READ, DATASET_ALL, \
     DATASET_TABLE_READ, LIST_ENVIRONMENT_DATASETS, CREATE_DATASET
diff --git a/backend/dataall/modules/datasets/services/dataset_table_service.py b/backend/dataall/modules/datasets/services/dataset_table_service.py
index 18d0533bd..42b40011a 100644
--- a/backend/dataall/modules/datasets/services/dataset_table_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_table_service.py
@@ -12,7 +12,7 @@
     UPDATE_DATASET_TABLE, DATASET_TABLE_READ
 from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.utils import json_utils
-from dataall.modules.datasets.db.models import DatasetTableColumn, DatasetTable, Dataset
+from dataall.modules.datasets_base.db.models import DatasetTableColumn, DatasetTable, Dataset
 
 logger = logging.getLogger(__name__)
 
diff --git a/backend/dataall/modules/datasets/tasks/bucket_policy_updater.py b/backend/dataall/modules/datasets/tasks/bucket_policy_updater.py
index 2656dec3f..cf40ddaa8 100644
--- a/backend/dataall/modules/datasets/tasks/bucket_policy_updater.py
+++ b/backend/dataall/modules/datasets/tasks/bucket_policy_updater.py
@@ -12,7 +12,7 @@
 from dataall.db import models
 from dataall.modules.dataset_sharing.db.Enums import ShareObjectStatus
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
-from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable, Dataset
+from dataall.modules.datasets_base.db.models import DatasetStorageLocation, DatasetTable, Dataset
 
 root = logging.getLogger()
 root.setLevel(logging.INFO)
diff --git a/backend/dataall/modules/datasets/tasks/subscription_service.py b/backend/dataall/modules/datasets/tasks/subscription_service.py
index bb639130e..1a27ddcf0 100644
--- a/backend/dataall/modules/datasets/tasks/subscription_service.py
+++ b/backend/dataall/modules/datasets/tasks/subscription_service.py
@@ -19,7 +19,7 @@
 from dataall.utils import json_utils
 from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
 from dataall.modules.datasets.services.dataset_location_service import DatasetLocationService
-from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable, Dataset
+from dataall.modules.datasets_base.db.models import DatasetStorageLocation, DatasetTable, Dataset
 
 root = logging.getLogger()
 root.setLevel(logging.INFO)
diff --git a/backend/dataall/modules/datasets/tasks/tables_syncer.py b/backend/dataall/modules/datasets/tasks/tables_syncer.py
index b56b57ddd..6be5054f2 100644
--- a/backend/dataall/modules/datasets/tasks/tables_syncer.py
+++ b/backend/dataall/modules/datasets/tasks/tables_syncer.py
@@ -9,7 +9,7 @@
 from dataall.db import get_engine
 from dataall.db import models
 from dataall.modules.datasets.aws.lf_table_client import LakeFormationTableClient
-from dataall.modules.datasets.db.models import DatasetTable, Dataset
+from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
 from dataall.modules.datasets.services.dataset_alarm_service import DatasetAlarmService
 from dataall.modules.datasets.services.dataset_service import DatasetService
diff --git a/backend/dataall/modules/datasets_base/__init__.py b/backend/dataall/modules/datasets_base/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/backend/dataall/modules/datasets_base/db/__init__.py b/backend/dataall/modules/datasets_base/db/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/backend/dataall/modules/datasets/db/dataset_repository.py b/backend/dataall/modules/datasets_base/db/dataset_repository.py
similarity index 92%
rename from backend/dataall/modules/datasets/db/dataset_repository.py
rename to backend/dataall/modules/datasets_base/db/dataset_repository.py
index 95aef6102..132905664 100644
--- a/backend/dataall/modules/datasets/db/dataset_repository.py
+++ b/backend/dataall/modules/datasets_base/db/dataset_repository.py
@@ -1,7 +1,7 @@
 from operator import and_
 
 from dataall.db import exceptions
-from dataall.modules.datasets.db.models import Dataset
+from dataall.modules.datasets_base.db.models import Dataset
 
 
 class DatasetRepository:
diff --git a/backend/dataall/modules/datasets/db/models.py b/backend/dataall/modules/datasets_base/db/models.py
similarity index 100%
rename from backend/dataall/modules/datasets/db/models.py
rename to backend/dataall/modules/datasets_base/db/models.py
diff --git a/backend/dataall/tasks/catalog_indexer.py b/backend/dataall/tasks/catalog_indexer.py
index 60d9df792..962eb66f2 100644
--- a/backend/dataall/tasks/catalog_indexer.py
+++ b/backend/dataall/tasks/catalog_indexer.py
@@ -2,7 +2,7 @@
 import os
 import sys
 
-from dataall.modules.datasets.db.models import Dataset
+from dataall.modules.datasets_base.db.models import Dataset
 from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
 from dataall.modules.datasets.services.dataset_service import DatasetService
diff --git a/backend/dataall/tasks/data_sharing/share_managers/lf_share_manager.py b/backend/dataall/tasks/data_sharing/share_managers/lf_share_manager.py
index 16f3cb689..89f28c271 100644
--- a/backend/dataall/tasks/data_sharing/share_managers/lf_share_manager.py
+++ b/backend/dataall/tasks/data_sharing/share_managers/lf_share_manager.py
@@ -11,7 +11,7 @@
 from ....aws.handlers.sts import SessionHelper
 from ....aws.handlers.ram import Ram
 from ....db import exceptions, models
-from dataall.modules.datasets.db.models import DatasetTable, Dataset
+from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.services.dataset_alarm_service import DatasetAlarmService
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
 
diff --git a/backend/dataall/tasks/data_sharing/share_managers/s3_share_manager.py b/backend/dataall/tasks/data_sharing/share_managers/s3_share_manager.py
index 211a87968..4b4824a51 100644
--- a/backend/dataall/tasks/data_sharing/share_managers/s3_share_manager.py
+++ b/backend/dataall/tasks/data_sharing/share_managers/s3_share_manager.py
@@ -3,7 +3,7 @@
 import json
 import time
 
-from ....db import models, api, utils
+from ....db import models, utils
 from ....aws.handlers.sts import SessionHelper
 from ....aws.handlers.s3 import S3
 from ....aws.handlers.kms import KMS
@@ -11,7 +11,7 @@
 from ....modules.dataset_sharing.db.models import ShareObject
 from ....modules.dataset_sharing.services.share_object import ShareObjectService
 
-from dataall.modules.datasets.db.models import DatasetStorageLocation, Dataset
+from dataall.modules.datasets_base.db.models import DatasetStorageLocation, Dataset
 
 logger = logging.getLogger(__name__)
 ACCESS_POINT_CREATION_TIME = 30
diff --git a/backend/dataall/tasks/data_sharing/share_processors/lf_process_cross_account_share.py b/backend/dataall/tasks/data_sharing/share_processors/lf_process_cross_account_share.py
index eccd515b0..7b225db92 100644
--- a/backend/dataall/tasks/data_sharing/share_processors/lf_process_cross_account_share.py
+++ b/backend/dataall/tasks/data_sharing/share_processors/lf_process_cross_account_share.py
@@ -3,8 +3,8 @@
 from dataall.modules.dataset_sharing.db.Enums import ShareItemStatus, ShareObjectActions, ShareItemActions
 from ..share_managers import LFShareManager
 from dataall.aws.handlers.ram import Ram
-from dataall.db import models, api
-from dataall.modules.datasets.db.models import DatasetTable, Dataset
+from dataall.db import models
+from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 from dataall.modules.dataset_sharing.db.models import ShareObject
 from dataall.modules.dataset_sharing.services.share_object import ShareObjectService, ShareItemSM
 
diff --git a/backend/dataall/tasks/data_sharing/share_processors/lf_process_same_account_share.py b/backend/dataall/tasks/data_sharing/share_processors/lf_process_same_account_share.py
index bce4ad0d2..70392765e 100644
--- a/backend/dataall/tasks/data_sharing/share_processors/lf_process_same_account_share.py
+++ b/backend/dataall/tasks/data_sharing/share_processors/lf_process_same_account_share.py
@@ -5,7 +5,7 @@
 from dataall.modules.dataset_sharing.services.share_object import ShareObjectService, ShareItemSM
 from ..share_managers import LFShareManager
 from dataall.db import models
-from dataall.modules.datasets.db.models import DatasetTable, Dataset
+from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 
 log = logging.getLogger(__name__)
 
diff --git a/backend/dataall/tasks/data_sharing/share_processors/s3_process_share.py b/backend/dataall/tasks/data_sharing/share_processors/s3_process_share.py
index 74525ef20..1d8b932e9 100644
--- a/backend/dataall/tasks/data_sharing/share_processors/s3_process_share.py
+++ b/backend/dataall/tasks/data_sharing/share_processors/s3_process_share.py
@@ -2,7 +2,7 @@
 
 from dataall.db import models
 from ..share_managers import S3ShareManager
-from dataall.modules.datasets.db.models import DatasetStorageLocation, Dataset
+from dataall.modules.datasets_base.db.models import DatasetStorageLocation, Dataset
 from dataall.modules.dataset_sharing.db.Enums import ShareItemStatus, ShareObjectActions, ShareItemActions
 from dataall.modules.dataset_sharing.db.models import ShareObject
 from dataall.modules.dataset_sharing.services.share_object import ShareObjectService, ShareItemSM
diff --git a/backend/dataall/tasks/stacks_updater.py b/backend/dataall/tasks/stacks_updater.py
index 9d76b7cfb..9a17deaf1 100644
--- a/backend/dataall/tasks/stacks_updater.py
+++ b/backend/dataall/tasks/stacks_updater.py
@@ -3,7 +3,7 @@
 import sys
 import time
 
-from dataall.modules.datasets.db.models import Dataset
+from dataall.modules.datasets_base.db.models import Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
 from .. import db
 from ..db import models
diff --git a/tests/api/conftest.py b/tests/api/conftest.py
index 62075ddb0..cdeadcd6f 100644
--- a/tests/api/conftest.py
+++ b/tests/api/conftest.py
@@ -3,7 +3,7 @@
 from .client import *
 from dataall.db import models
 from dataall.api import constants
-from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable, Dataset
+from dataall.modules.datasets_base.db.models import DatasetStorageLocation, DatasetTable, Dataset
 
 
 @pytest.fixture(scope='module', autouse=True)
diff --git a/tests/api/test_dashboards.py b/tests/api/test_dashboards.py
index ca29f1587..f38ea2419 100644
--- a/tests/api/test_dashboards.py
+++ b/tests/api/test_dashboards.py
@@ -2,7 +2,7 @@
 import pytest
 
 import dataall
-from dataall.modules.datasets.db.models import Dataset
+from dataall.modules.datasets_base.db.models import Dataset
 
 
 @pytest.fixture(scope='module', autouse=True)
diff --git a/tests/api/test_dataset.py b/tests/api/test_dataset.py
index 8e2e57297..b6d5a4629 100644
--- a/tests/api/test_dataset.py
+++ b/tests/api/test_dataset.py
@@ -4,8 +4,7 @@
 import pytest
 
 import dataall
-from dataall.modules.datasets.aws.glue_dataset_client import DatasetCrawler
-from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable, Dataset
+from dataall.modules.datasets_base.db.models import DatasetStorageLocation, DatasetTable, Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
 
 
diff --git a/tests/api/test_dataset_location.py b/tests/api/test_dataset_location.py
index d5f1e8efe..6764ffa90 100644
--- a/tests/api/test_dataset_location.py
+++ b/tests/api/test_dataset_location.py
@@ -3,7 +3,7 @@
 import pytest
 
 import dataall
-from dataall.modules.datasets.db.models import Dataset
+from dataall.modules.datasets_base.db.models import Dataset
 
 
 @pytest.fixture(scope='module', autouse=True)
diff --git a/tests/api/test_dataset_profiling.py b/tests/api/test_dataset_profiling.py
index 917c7149b..345c9541e 100644
--- a/tests/api/test_dataset_profiling.py
+++ b/tests/api/test_dataset_profiling.py
@@ -1,8 +1,6 @@
-import typing
 import pytest
 
-import dataall
-from dataall.modules.datasets.db.models import DatasetProfilingRun, DatasetTable, Dataset
+from dataall.modules.datasets_base.db.models import DatasetProfilingRun, DatasetTable, Dataset
 
 
 @pytest.fixture(scope='module', autouse=True)
diff --git a/tests/api/test_dataset_table.py b/tests/api/test_dataset_table.py
index 22078b018..3e3dc3ab3 100644
--- a/tests/api/test_dataset_table.py
+++ b/tests/api/test_dataset_table.py
@@ -4,7 +4,7 @@
 
 import dataall
 from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
-from dataall.modules.datasets.db.models import DatasetTableColumn, DatasetTable, Dataset
+from dataall.modules.datasets_base.db.models import DatasetTableColumn, DatasetTable, Dataset
 
 
 @pytest.fixture(scope='module', autouse=True)
diff --git a/tests/api/test_environment.py b/tests/api/test_environment.py
index 7e4640f41..2500b595b 100644
--- a/tests/api/test_environment.py
+++ b/tests/api/test_environment.py
@@ -1,8 +1,7 @@
 import pytest
 
 import dataall
-from dataall.db import permissions
-from dataall.modules.datasets.db.models import Dataset
+from dataall.modules.datasets_base.db.models import Dataset
 from dataall.modules.datasets.services.permissions import CREATE_DATASET
 
 
diff --git a/tests/api/test_glossary.py b/tests/api/test_glossary.py
index 92685bd69..4802afb81 100644
--- a/tests/api/test_glossary.py
+++ b/tests/api/test_glossary.py
@@ -1,7 +1,7 @@
 from datetime import datetime
 from typing import List
 from dataall.db import models
-from dataall.modules.datasets.db.models import DatasetTableColumn, DatasetTable, Dataset
+from dataall.modules.datasets_base.db.models import DatasetTableColumn, DatasetTable, Dataset
 import pytest
 
 
diff --git a/tests/api/test_keyvaluetag.py b/tests/api/test_keyvaluetag.py
index 2f4f04a8e..cf254a515 100644
--- a/tests/api/test_keyvaluetag.py
+++ b/tests/api/test_keyvaluetag.py
@@ -1,11 +1,9 @@
-from typing import List
-
 import dataall
 from dataall.db import models
 import pytest
 
 from dataall.db import exceptions
-from dataall.modules.datasets.db.models import Dataset
+from dataall.modules.datasets_base.db.models import Dataset
 
 
 @pytest.fixture(scope='module')
diff --git a/tests/api/test_redshift_cluster.py b/tests/api/test_redshift_cluster.py
index 548e9e02b..0058c2fe9 100644
--- a/tests/api/test_redshift_cluster.py
+++ b/tests/api/test_redshift_cluster.py
@@ -4,7 +4,7 @@
 import pytest
 import dataall
 from dataall.api.constants import RedshiftClusterRole
-from dataall.modules.datasets.db.models import Dataset
+from dataall.modules.datasets_base.db.models import Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
 
 
diff --git a/tests/api/test_share.py b/tests/api/test_share.py
index 9ae7c3b62..ada27ed57 100644
--- a/tests/api/test_share.py
+++ b/tests/api/test_share.py
@@ -7,7 +7,7 @@
 from dataall.modules.dataset_sharing.db.Enums import ShareObjectActions, ShareItemActions
 from dataall.modules.dataset_sharing.db.models import ShareObject, ShareObjectItem
 from dataall.modules.dataset_sharing.services.share_object import ShareObjectService, ShareItemSM, ShareObjectSM
-from dataall.modules.datasets.db.models import DatasetTable, Dataset
+from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 
 
 def random_table_name():
diff --git a/tests/api/test_vote.py b/tests/api/test_vote.py
index 28800edd8..efe0a7d4e 100644
--- a/tests/api/test_vote.py
+++ b/tests/api/test_vote.py
@@ -1,7 +1,7 @@
 import pytest
 
 from dataall.db import models
-from dataall.modules.datasets.db.models import Dataset
+from dataall.modules.datasets_base.db.models import Dataset
 
 
 @pytest.fixture(scope='module')
diff --git a/tests/cdkproxy/conftest.py b/tests/cdkproxy/conftest.py
index d1810bfef..fa0680594 100644
--- a/tests/cdkproxy/conftest.py
+++ b/tests/cdkproxy/conftest.py
@@ -1,7 +1,7 @@
 import pytest
 
 from dataall.db import models, api
-from dataall.modules.datasets.db.models import DatasetTable, Dataset
+from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 
 
 @pytest.fixture(scope='module', autouse=True)
diff --git a/tests/db/test_permission.py b/tests/db/test_permission.py
index 28524a77a..29f7c0edf 100644
--- a/tests/db/test_permission.py
+++ b/tests/db/test_permission.py
@@ -4,7 +4,7 @@
 from dataall.api.constants import OrganisationUserRole
 from dataall.db import exceptions
 from dataall.db.models.Permission import PermissionType
-from dataall.modules.datasets.db.models import Dataset
+from dataall.modules.datasets_base.db.models import Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.modules.datasets.services.permissions import MANAGE_DATASETS, UPDATE_DATASET, DATASET_READ, DATASET_WRITE, \
     DATASET_TABLE_READ
diff --git a/tests/modules/datasets/test_dataset_feed.py b/tests/modules/datasets/test_dataset_feed.py
index 06ffdc8ed..7546a173a 100644
--- a/tests/modules/datasets/test_dataset_feed.py
+++ b/tests/modules/datasets/test_dataset_feed.py
@@ -1,6 +1,6 @@
 
 from dataall.api.Objects.Feed.registry import FeedRegistry
-from dataall.modules.datasets.db.models import DatasetTableColumn
+from dataall.modules.datasets_base.db.models import DatasetTableColumn
 
 
 def test_dataset_registered():
diff --git a/tests/searchproxy/test_indexers.py b/tests/searchproxy/test_indexers.py
index 8bcf114d7..9458140cd 100644
--- a/tests/searchproxy/test_indexers.py
+++ b/tests/searchproxy/test_indexers.py
@@ -1,11 +1,9 @@
-import typing
-
 import pytest
 
 import dataall
 from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
-from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable, Dataset
+from dataall.modules.datasets_base.db.models import DatasetStorageLocation, DatasetTable, Dataset
 from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
 
 
diff --git a/tests/tasks/conftest.py b/tests/tasks/conftest.py
index e8d1effe3..175fc6934 100644
--- a/tests/tasks/conftest.py
+++ b/tests/tasks/conftest.py
@@ -4,7 +4,7 @@
 from dataall.db import models
 from dataall.api import constants
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
-from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable, Dataset
+from dataall.modules.datasets_base.db.models import DatasetStorageLocation, DatasetTable, Dataset
 
 
 @pytest.fixture(scope="module")
diff --git a/tests/tasks/test_catalog_indexer.py b/tests/tasks/test_catalog_indexer.py
index 1ffac0b6c..712f4a6f9 100644
--- a/tests/tasks/test_catalog_indexer.py
+++ b/tests/tasks/test_catalog_indexer.py
@@ -1,6 +1,6 @@
 import pytest
 import dataall
-from dataall.modules.datasets.db.models import DatasetTable, Dataset
+from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 
 
 @pytest.fixture(scope='module', autouse=True)
diff --git a/tests/tasks/test_lf_share_manager.py b/tests/tasks/test_lf_share_manager.py
index e2ddde9da..9669216d2 100644
--- a/tests/tasks/test_lf_share_manager.py
+++ b/tests/tasks/test_lf_share_manager.py
@@ -11,7 +11,7 @@
 from dataall.db import models
 from dataall.api import constants
 from dataall.modules.dataset_sharing.db.models import ShareObject, ShareObjectItem
-from dataall.modules.datasets.db.models import DatasetTable, Dataset
+from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.services.dataset_alarm_service import DatasetAlarmService
 
 from dataall.tasks.data_sharing.share_processors.lf_process_cross_account_share import ProcessLFCrossAccountShare
diff --git a/tests/tasks/test_policies.py b/tests/tasks/test_policies.py
index e84ed2d75..d0f369bcb 100644
--- a/tests/tasks/test_policies.py
+++ b/tests/tasks/test_policies.py
@@ -1,5 +1,5 @@
 from dataall.api.constants import OrganisationUserRole
-from dataall.modules.datasets.db.models import DatasetTable, Dataset
+from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.tasks.bucket_policy_updater import BucketPoliciesUpdater
 import pytest
 import dataall
diff --git a/tests/tasks/test_s3_share_manager.py b/tests/tasks/test_s3_share_manager.py
index b0dc0f722..eb8893586 100644
--- a/tests/tasks/test_s3_share_manager.py
+++ b/tests/tasks/test_s3_share_manager.py
@@ -7,7 +7,7 @@
 from dataall.modules.dataset_sharing.db.models import ShareObject, ShareObjectItem
 
 from dataall.tasks.data_sharing.share_managers.s3_share_manager import S3ShareManager
-from dataall.modules.datasets.db.models import DatasetStorageLocation, Dataset
+from dataall.modules.datasets_base.db.models import DatasetStorageLocation, Dataset
 
 SOURCE_ENV_ACCOUNT = "111111111111"
 SOURCE_ENV_ROLE_NAME = "dataall-ProducerEnvironment-i6v1v1c2"
diff --git a/tests/tasks/test_stacks_updater.py b/tests/tasks/test_stacks_updater.py
index 5bd095a91..701d7c50d 100644
--- a/tests/tasks/test_stacks_updater.py
+++ b/tests/tasks/test_stacks_updater.py
@@ -1,7 +1,7 @@
 import pytest
 import dataall
 from dataall.api.constants import OrganisationUserRole
-from dataall.modules.datasets.db.models import Dataset
+from dataall.modules.datasets_base.db.models import Dataset
 
 
 @pytest.fixture(scope='module', autouse=True)
diff --git a/tests/tasks/test_subscriptions.py b/tests/tasks/test_subscriptions.py
index b8e470a9d..8195a8298 100644
--- a/tests/tasks/test_subscriptions.py
+++ b/tests/tasks/test_subscriptions.py
@@ -4,7 +4,7 @@
 from dataall.api.constants import OrganisationUserRole
 from dataall.modules.dataset_sharing.db.Enums import ShareObjectStatus
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
-from dataall.modules.datasets.db.models import DatasetTable, Dataset
+from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.tasks.subscription_service import SubscriptionService
 
 
diff --git a/tests/tasks/test_tables_sync.py b/tests/tasks/test_tables_sync.py
index 5c9937c72..3206d2f4e 100644
--- a/tests/tasks/test_tables_sync.py
+++ b/tests/tasks/test_tables_sync.py
@@ -3,8 +3,7 @@
 import pytest
 import dataall
 from dataall.api.constants import OrganisationUserRole
-from dataall.modules.datasets.aws.lf_table_client import LakeFormationTableClient
-from dataall.modules.datasets.db.models import DatasetTable, Dataset
+from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.tasks.tables_syncer import sync_tables
 
 

From c28ac675e68e1204b8423f7ea3cd6eca0f848390 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 5 May 2023 12:10:21 +0200
Subject: [PATCH 124/346] Moved DATASET_TABLE_READ to datasets_base

---
 backend/dataall/api/Objects/Vote/resolvers.py      |  2 +-
 .../modules/dataset_sharing/api/resolvers.py       |  4 ++--
 .../dataset_sharing/services/share_object.py       | 14 +++++++-------
 .../modules/datasets/services/dataset_service.py   |  3 ++-
 .../datasets/services/dataset_table_service.py     |  3 ++-
 .../modules/datasets/services/permissions.py       | 12 +-----------
 .../modules/datasets_base/services/__init__.py     |  0
 .../modules/datasets_base/services/permissions.py  | 12 ++++++++++++
 ...f9a5b215e_backfill_dataset_table_permissions.py |  2 +-
 tests/db/test_permission.py                        |  4 ++--
 10 files changed, 30 insertions(+), 26 deletions(-)
 create mode 100644 backend/dataall/modules/datasets_base/services/__init__.py
 create mode 100644 backend/dataall/modules/datasets_base/services/permissions.py

diff --git a/backend/dataall/api/Objects/Vote/resolvers.py b/backend/dataall/api/Objects/Vote/resolvers.py
index 2302ef3d2..c94d735eb 100644
--- a/backend/dataall/api/Objects/Vote/resolvers.py
+++ b/backend/dataall/api/Objects/Vote/resolvers.py
@@ -3,7 +3,7 @@
 from dataall import db
 from dataall.api.context import Context
 from dataall.searchproxy.indexers import DashboardIndexer
-from dataall.searchproxy.upsert import BaseIndexer
+from dataall.searchproxy.base_indexer import BaseIndexer
 
 _VOTE_TYPES: Dict[str, Type[BaseIndexer]] = {}
 
diff --git a/backend/dataall/modules/dataset_sharing/api/resolvers.py b/backend/dataall/modules/dataset_sharing/api/resolvers.py
index 50877afcc..6cbb39b95 100644
--- a/backend/dataall/modules/dataset_sharing/api/resolvers.py
+++ b/backend/dataall/modules/dataset_sharing/api/resolvers.py
@@ -9,8 +9,8 @@
 from dataall.db import models
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
 from dataall.modules.dataset_sharing.services.share_object import ShareObjectService
+from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base.db.models import DatasetStorageLocation, DatasetTable, Dataset
-from dataall.modules.datasets.services.dataset_service import DatasetService
 
 log = logging.getLogger(__name__)
 
@@ -35,7 +35,7 @@ def create_share_object(
 ):
 
     with context.engine.scoped_session() as session:
-        dataset: Dataset = DatasetService.get_dataset_by_uri(session, datasetUri)
+        dataset: Dataset = DatasetRepository.get_dataset_by_uri(session, datasetUri)
         environment: models.Environment = db.api.Environment.get_environment_by_uri(
             session, input['environmentUri']
         )
diff --git a/backend/dataall/modules/dataset_sharing/services/share_object.py b/backend/dataall/modules/dataset_sharing/services/share_object.py
index 2a97d6cb4..821952f05 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_object.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_object.py
@@ -13,10 +13,10 @@
 from dataall.modules.dataset_sharing.db.Enums import ShareObjectActions, ShareObjectStatus, ShareItemActions, \
     ShareItemStatus
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
+from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base.db.models import DatasetStorageLocation, DatasetTable, Dataset
-from dataall.modules.datasets.services.dataset_service import DatasetService
-from dataall.modules.datasets.services.permissions import DATASET_TABLE_READ
 from dataall.modules.dataset_sharing.services.share_notification_service import ShareNotificationService
+from dataall.modules.datasets_base.services.permissions import DATASET_TABLE_READ
 
 logger = logging.getLogger(__name__)
 
@@ -352,7 +352,7 @@ def create_share_object(
         itemType = data.get('itemType')
 
         dataset: Dataset = data.get(
-            'dataset', DatasetService.get_dataset_by_uri(session, datasetUri)
+            'dataset', DatasetRepository.get_dataset_by_uri(session, datasetUri)
         )
         environment: models.Environment = data.get(
             'environment',
@@ -545,7 +545,7 @@ def submit_share_object(
         check_perm: bool = False,
     ) -> ShareObject:
         share = ShareObjectService.get_share_by_uri(session, uri)
-        dataset = DatasetService.get_dataset_by_uri(session, share.datasetUri)
+        dataset = DatasetRepository.get_dataset_by_uri(session, share.datasetUri)
         share_items_states = ShareObjectService.get_share_items_states(session, uri)
 
         valid_states = [ShareItemStatus.PendingApproval.value]
@@ -583,7 +583,7 @@ def approve_share_object(
         check_perm: bool = False,
     ) -> ShareObject:
         share = ShareObjectService.get_share_by_uri(session, uri)
-        dataset = DatasetService.get_dataset_by_uri(session, share.datasetUri)
+        dataset = DatasetRepository.get_dataset_by_uri(session, share.datasetUri)
         share_items_states = ShareObjectService.get_share_items_states(session, uri)
 
         Share_SM = ShareObjectSM(share.status)
@@ -630,7 +630,7 @@ def reject_share_object(
     ) -> ShareObject:
 
         share = ShareObjectService.get_share_by_uri(session, uri)
-        dataset = DatasetService.get_dataset_by_uri(session, share.datasetUri)
+        dataset = DatasetRepository.get_dataset_by_uri(session, share.datasetUri)
         share_items_states = ShareObjectService.get_share_items_states(session, uri)
 
         Share_SM = ShareObjectSM(share.status)
@@ -665,7 +665,7 @@ def revoke_items_share_object(
     ) -> ShareObject:
 
         share = ShareObjectService.get_share_by_uri(session, uri)
-        dataset = DatasetService.get_dataset_by_uri(session, share.datasetUri)
+        dataset = DatasetRepository.get_dataset_by_uri(session, share.datasetUri)
         revoked_items_states = ShareObjectService.get_share_items_states(session, uri, data.get("revokedItemUris"))
         revoked_items = [ShareObjectService.get_share_item_by_uri(session, uri) for uri in data.get("revokedItemUris")]
 
diff --git a/backend/dataall/modules/datasets/services/dataset_service.py b/backend/dataall/modules/datasets/services/dataset_service.py
index e2dd52e4c..46d1b9d60 100644
--- a/backend/dataall/modules/datasets/services/dataset_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_service.py
@@ -24,7 +24,8 @@
 from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.services.dataset_location_service import DatasetLocationService
 from dataall.modules.datasets.services.permissions import MANAGE_DATASETS, UPDATE_DATASET, DATASET_READ, DATASET_ALL, \
-    DATASET_TABLE_READ, LIST_ENVIRONMENT_DATASETS, CREATE_DATASET
+    LIST_ENVIRONMENT_DATASETS, CREATE_DATASET
+from dataall.modules.datasets_base.services.permissions import DATASET_TABLE_READ
 from dataall.utils.naming_convention import (
     NamingConventionService,
     NamingConventionPattern,
diff --git a/backend/dataall/modules/datasets/services/dataset_table_service.py b/backend/dataall/modules/datasets/services/dataset_table_service.py
index 42b40011a..62ba0dfbd 100644
--- a/backend/dataall/modules/datasets/services/dataset_table_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_table_service.py
@@ -9,8 +9,9 @@
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
 from dataall.modules.dataset_sharing.services.share_object import ShareItemSM
 from dataall.modules.datasets.services.permissions import MANAGE_DATASETS, CREATE_DATASET_TABLE, DELETE_DATASET_TABLE, \
-    UPDATE_DATASET_TABLE, DATASET_TABLE_READ
+    UPDATE_DATASET_TABLE
 from dataall.modules.datasets.services.dataset_service import DatasetService
+from dataall.modules.datasets_base.services.permissions import DATASET_TABLE_READ
 from dataall.utils import json_utils
 from dataall.modules.datasets_base.db.models import DatasetTableColumn, DatasetTable, Dataset
 
diff --git a/backend/dataall/modules/datasets/services/permissions.py b/backend/dataall/modules/datasets/services/permissions.py
index be65f56e6..c17f43e9d 100644
--- a/backend/dataall/modules/datasets/services/permissions.py
+++ b/backend/dataall/modules/datasets/services/permissions.py
@@ -2,6 +2,7 @@
 
 from dataall.db.permissions import TENANT_ALL, TENANT_ALL_WITH_DESC, RESOURCES_ALL, RESOURCES_ALL_WITH_DESC, \
     ENVIRONMENT_INVITED, ENVIRONMENT_INVITATION_REQUEST, ENVIRONMENT_ALL
+from dataall.modules.datasets_base.services.permissions import DATASET_TABLE_READ
 
 MANAGE_DATASETS = 'MANAGE_DATASETS'
 
@@ -74,17 +75,6 @@
 DATASET_ALL = list(set(DATASET_WRITE + DATASET_READ))
 RESOURCES_ALL.extend(DATASET_ALL)
 
-"""
-DATASET TABLE PERMISSIONS
-"""
-
-GET_DATASET_TABLE = 'GET_DATASET_TABLE'
-PREVIEW_DATASET_TABLE = 'PREVIEW_DATASET_TABLE'
-
-DATASET_TABLE_READ = [
-    GET_DATASET_TABLE,
-    PREVIEW_DATASET_TABLE
-]
 
 RESOURCES_ALL.extend(DATASET_TABLE_READ)
 
diff --git a/backend/dataall/modules/datasets_base/services/__init__.py b/backend/dataall/modules/datasets_base/services/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/backend/dataall/modules/datasets_base/services/permissions.py b/backend/dataall/modules/datasets_base/services/permissions.py
new file mode 100644
index 000000000..5d44ec983
--- /dev/null
+++ b/backend/dataall/modules/datasets_base/services/permissions.py
@@ -0,0 +1,12 @@
+
+"""
+DATASET TABLE PERMISSIONS
+"""
+
+GET_DATASET_TABLE = 'GET_DATASET_TABLE'
+PREVIEW_DATASET_TABLE = 'PREVIEW_DATASET_TABLE'
+
+DATASET_TABLE_READ = [
+    GET_DATASET_TABLE,
+    PREVIEW_DATASET_TABLE
+]
diff --git a/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py b/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py
index c80c922d0..54b93659f 100644
--- a/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py
+++ b/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py
@@ -16,7 +16,7 @@
 from dataall.modules.dataset_sharing.db.Enums import ShareObjectStatus
 from dataall.modules.dataset_sharing.services.share_object import ShareObjectService
 from dataall.modules.datasets.services.dataset_service import DatasetService
-from dataall.modules.datasets.services.permissions import DATASET_TABLE_READ
+from dataall.modules.datasets_base.services.permissions import DATASET_TABLE_READ
 
 # revision identifiers, used by Alembic.
 revision = 'd05f9a5b215e'
diff --git a/tests/db/test_permission.py b/tests/db/test_permission.py
index 29f7c0edf..eba00c47b 100644
--- a/tests/db/test_permission.py
+++ b/tests/db/test_permission.py
@@ -6,8 +6,8 @@
 from dataall.db.models.Permission import PermissionType
 from dataall.modules.datasets_base.db.models import Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
-from dataall.modules.datasets.services.permissions import MANAGE_DATASETS, UPDATE_DATASET, DATASET_READ, DATASET_WRITE, \
-    DATASET_TABLE_READ
+from dataall.modules.datasets.services.permissions import MANAGE_DATASETS, UPDATE_DATASET, DATASET_READ, DATASET_WRITE
+from dataall.modules.datasets_base.services.permissions import DATASET_TABLE_READ
 
 
 @pytest.fixture(scope='module')

From a68117538faf6d127f4e0d22ea4ea267ae0371e1 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 5 May 2023 12:44:09 +0200
Subject: [PATCH 125/346] Fixed all tests

---
 backend/dataall/modules/dataset_sharing/__init__.py      | 7 ++++++-
 backend/dataall/modules/dataset_sharing/api/resolvers.py | 6 +++---
 backend/dataall/modules/datasets/__init__.py             | 3 ++-
 .../modules/datasets/api/storage_location/resolvers.py   | 4 ++--
 backend/dataall/modules/datasets/api/table/resolvers.py  | 3 ++-
 backend/dataall/modules/datasets_base/__init__.py        | 9 +++++++++
 tests/api/conftest.py                                    | 1 -
 tests/api/test_dataset_location.py                       | 7 +++----
 tests/searchproxy/test_indexers.py                       | 8 ++++----
 9 files changed, 31 insertions(+), 17 deletions(-)

diff --git a/backend/dataall/modules/dataset_sharing/__init__.py b/backend/dataall/modules/dataset_sharing/__init__.py
index 793662cc7..7e2c7621d 100644
--- a/backend/dataall/modules/dataset_sharing/__init__.py
+++ b/backend/dataall/modules/dataset_sharing/__init__.py
@@ -1,6 +1,7 @@
 import logging
-from typing import List
+from typing import List, Type
 
+from dataall.modules.datasets_base import DatasetBaseModuleInterface
 from dataall.modules.loader import ModuleInterface, ImportMode
 
 
@@ -12,6 +13,10 @@ class SharingApiModuleInterface(ModuleInterface):
     def is_supported(modes: List[ImportMode]) -> bool:
         return ImportMode.API in modes
 
+    @staticmethod
+    def depends_on() -> List[Type['ModuleInterface']]:
+        return [DatasetBaseModuleInterface]
+
     def __init__(self):
         from dataall.modules.dataset_sharing import api
         log.info("API of dataset sharing has been imported")
diff --git a/backend/dataall/modules/dataset_sharing/api/resolvers.py b/backend/dataall/modules/dataset_sharing/api/resolvers.py
index 6cbb39b95..8f857f031 100644
--- a/backend/dataall/modules/dataset_sharing/api/resolvers.py
+++ b/backend/dataall/modules/dataset_sharing/api/resolvers.py
@@ -225,7 +225,7 @@ def resolve_user_role(context: Context, source: ShareObject, **kwargs):
     if not source:
         return None
     with context.engine.scoped_session() as session:
-        dataset: Dataset = DatasetService.get_dataset_by_uri(session, source.datasetUri)
+        dataset: Dataset = DatasetRepository.get_dataset_by_uri(session, source.datasetUri)
         if dataset and dataset.stewards in context.groups:
             return ShareObjectPermission.Approvers.value
         if (
@@ -253,7 +253,7 @@ def resolve_dataset(context: Context, source: ShareObject, **kwargs):
     if not source:
         return None
     with context.engine.scoped_session() as session:
-        ds: Dataset = DatasetService.get_dataset_by_uri(session, source.datasetUri)
+        ds: Dataset = DatasetRepository.get_dataset_by_uri(session, source.datasetUri)
         if ds:
             env: models.Environment = db.api.Environment.get_environment_by_uri(session, ds.environmentUri)
             return {
@@ -294,7 +294,7 @@ def resolve_consumption_data(context: Context, source: ShareObject, **kwargs):
     if not source:
         return None
     with context.engine.scoped_session() as session:
-        ds: Dataset = DatasetService.get_dataset_by_uri(session, source.datasetUri)
+        ds: Dataset = DatasetRepository.get_dataset_by_uri(session, source.datasetUri)
         if ds:
             S3AccessPointName = utils.slugify(
                 source.datasetUri + '-' + source.principalId,
diff --git a/backend/dataall/modules/datasets/__init__.py b/backend/dataall/modules/datasets/__init__.py
index 874482057..737c3e2b2 100644
--- a/backend/dataall/modules/datasets/__init__.py
+++ b/backend/dataall/modules/datasets/__init__.py
@@ -4,6 +4,7 @@
 
 from dataall.modules.dataset_sharing import SharingApiModuleInterface
 from dataall.core.group.services.group_resource_manager import GroupResourceManager
+from dataall.modules.datasets_base import DatasetBaseModuleInterface
 from dataall.modules.datasets_base.db.models import DatasetTableColumn, DatasetStorageLocation, DatasetTable, Dataset
 from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
 from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
@@ -24,7 +25,7 @@ def is_supported(modes):
 
     @staticmethod
     def depends_on() -> List[Type['ModuleInterface']]:
-        return [SharingApiModuleInterface]
+        return [SharingApiModuleInterface, DatasetBaseModuleInterface]
 
     def __init__(self):
         # these imports are placed inside the method because they are only related to GraphQL api.
diff --git a/backend/dataall/modules/datasets/api/storage_location/resolvers.py b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
index db9f8fde7..c5b073a6a 100644
--- a/backend/dataall/modules/datasets/api/storage_location/resolvers.py
+++ b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
@@ -6,7 +6,7 @@
     Glossary,
     Environment,
 )
-from dataall.modules.datasets.handlers.s3_location_handler import S3DatasetLocationHandler
+from dataall.modules.datasets.aws.s3_location_client import S3LocationClient
 from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
 from dataall.modules.datasets_base.db.models import DatasetStorageLocation, Dataset
 from dataall.modules.datasets.services.dataset_location_service import DatasetLocationService
@@ -24,7 +24,7 @@ def create_storage_location(
             data=input,
         )
 
-        S3DatasetLocationHandler.create_bucket_prefix(location)
+        S3LocationClient.create_bucket_prefix(location)
 
         DatasetLocationIndexer.upsert(session=session, folder_uri=location.locationUri)
     return location
diff --git a/backend/dataall/modules/datasets/api/table/resolvers.py b/backend/dataall/modules/datasets/api/table/resolvers.py
index caa160851..b7b0ae04b 100644
--- a/backend/dataall/modules/datasets/api/table/resolvers.py
+++ b/backend/dataall/modules/datasets/api/table/resolvers.py
@@ -13,7 +13,8 @@
 from dataall.db.api import ResourcePolicy, Glossary
 from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
-from dataall.modules.datasets.services.permissions import UPDATE_DATASET_TABLE, PREVIEW_DATASET_TABLE
+from dataall.modules.datasets.services.permissions import UPDATE_DATASET_TABLE
+from dataall.modules.datasets_base.services.permissions import PREVIEW_DATASET_TABLE
 from dataall.utils import json_utils
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
 from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
diff --git a/backend/dataall/modules/datasets_base/__init__.py b/backend/dataall/modules/datasets_base/__init__.py
index e69de29bb..7906c0307 100644
--- a/backend/dataall/modules/datasets_base/__init__.py
+++ b/backend/dataall/modules/datasets_base/__init__.py
@@ -0,0 +1,9 @@
+from typing import List
+
+from dataall.modules.loader import ModuleInterface, ImportMode
+
+
+class DatasetBaseModuleInterface(ModuleInterface):
+    @staticmethod
+    def is_supported(modes: List[ImportMode]) -> bool:
+        return True
diff --git a/tests/api/conftest.py b/tests/api/conftest.py
index cdeadcd6f..671cc793c 100644
--- a/tests/api/conftest.py
+++ b/tests/api/conftest.py
@@ -34,7 +34,6 @@ def patch_check_dataset(module_mocker):
 def patch_es(module_mocker):
     module_mocker.patch('dataall.searchproxy.connect', return_value={})
     module_mocker.patch('dataall.searchproxy.search', return_value={})
-    module_mocker.patch('dataall.searchproxy.upsert', return_value={})
     module_mocker.patch(
         'dataall.modules.datasets.indexers.table_indexer.DatasetTableIndexer.upsert_all',
         return_value={}
diff --git a/tests/api/test_dataset_location.py b/tests/api/test_dataset_location.py
index 6764ffa90..191fab492 100644
--- a/tests/api/test_dataset_location.py
+++ b/tests/api/test_dataset_location.py
@@ -1,8 +1,10 @@
 import typing
+from unittest.mock import MagicMock
 
 import pytest
 
 import dataall
+from dataall.modules.datasets.aws.s3_location_client import S3LocationClient
 from dataall.modules.datasets_base.db.models import Dataset
 
 
@@ -67,10 +69,7 @@ def test_get_dataset(client, dataset1, env1, user, group):
 
 
 def test_create_location(client, dataset1, env1, user, group, patch_es, module_mocker):
-    module_mocker.patch(
-        'dataall.modules.datasets.handlers.s3_location_handler.S3DatasetLocationHandler.create_bucket_prefix',
-        return_value=True
-    )
+    module_mocker.patch.object(S3LocationClient, "create_bucket_prefix")
     response = client.query(
         """
         mutation createDatasetStorageLocation($datasetUri:String!, $input:NewDatasetStorageLocationInput!){
diff --git a/tests/searchproxy/test_indexers.py b/tests/searchproxy/test_indexers.py
index 9458140cd..006060e24 100644
--- a/tests/searchproxy/test_indexers.py
+++ b/tests/searchproxy/test_indexers.py
@@ -122,7 +122,7 @@ def test_es_request():
 
 
 def test_upsert_dataset(db, dataset, env, mocker):
-    mocker.patch('dataall.searchproxy.upsert', return_value={})
+    mocker.patch('dataall.searchproxy.base_indexer.BaseIndexer._index', return_value={})
     with db.scoped_session() as session:
         dataset_indexed = DatasetIndexer.upsert(
             session, dataset_uri=dataset.datasetUri
@@ -131,14 +131,14 @@ def test_upsert_dataset(db, dataset, env, mocker):
 
 
 def test_upsert_table(db, dataset, env, mocker, table):
-    mocker.patch('dataall.searchproxy.upsert', return_value={})
+    mocker.patch('dataall.searchproxy.base_indexer.BaseIndexer._index', return_value={})
     with db.scoped_session() as session:
         table_indexed = DatasetTableIndexer.upsert(session, table_uri=table.tableUri)
         assert table_indexed.uri == table.tableUri
 
 
 def test_upsert_folder(db, dataset, env, mocker, folder):
-    mocker.patch('dataall.searchproxy.upsert', return_value={})
+    mocker.patch('dataall.searchproxy.base_indexer.BaseIndexer._index', return_value={})
     with db.scoped_session() as session:
         folder_indexed = DatasetLocationIndexer.upsert(
             session=session, folder_uri=folder.locationUri
@@ -147,7 +147,7 @@ def test_upsert_folder(db, dataset, env, mocker, folder):
 
 
 def test_upsert_tables(db, dataset, env, mocker, folder):
-    mocker.patch('dataall.searchproxy.upsert', return_value={})
+    mocker.patch('dataall.searchproxy.base_indexer.BaseIndexer._index', return_value={})
     with db.scoped_session() as session:
         tables = DatasetTableIndexer.upsert_all(
             session, dataset_uri=dataset.datasetUri

From c2ac71c3a8dae3db5523ab4bad8e0c1cd99addba Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 5 May 2023 13:02:35 +0200
Subject: [PATCH 126/346] Fixed all tests

---
 backend/dataall/api/Objects/Vote/resolvers.py             | 2 +-
 .../modules/datasets/api/storage_location/resolvers.py    | 4 ++--
 tests/api/conftest.py                                     | 1 -
 tests/api/test_dataset.py                                 | 1 -
 tests/api/test_dataset_location.py                        | 8 ++++----
 tests/searchproxy/test_indexers.py                        | 8 ++++----
 tests/tasks/test_tables_sync.py                           | 1 -
 7 files changed, 11 insertions(+), 14 deletions(-)

diff --git a/backend/dataall/api/Objects/Vote/resolvers.py b/backend/dataall/api/Objects/Vote/resolvers.py
index 2302ef3d2..c94d735eb 100644
--- a/backend/dataall/api/Objects/Vote/resolvers.py
+++ b/backend/dataall/api/Objects/Vote/resolvers.py
@@ -3,7 +3,7 @@
 from dataall import db
 from dataall.api.context import Context
 from dataall.searchproxy.indexers import DashboardIndexer
-from dataall.searchproxy.upsert import BaseIndexer
+from dataall.searchproxy.base_indexer import BaseIndexer
 
 _VOTE_TYPES: Dict[str, Type[BaseIndexer]] = {}
 
diff --git a/backend/dataall/modules/datasets/api/storage_location/resolvers.py b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
index 4b1ae1726..62feb570c 100644
--- a/backend/dataall/modules/datasets/api/storage_location/resolvers.py
+++ b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
@@ -6,7 +6,7 @@
     Glossary,
     Environment,
 )
-from dataall.modules.datasets.handlers.s3_location_handler import S3DatasetLocationHandler
+from dataall.modules.datasets.aws.s3_location_client import S3LocationClient
 from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
 from dataall.modules.datasets.db.models import DatasetStorageLocation, Dataset
 from dataall.modules.datasets.services.dataset_location_service import DatasetLocationService
@@ -24,7 +24,7 @@ def create_storage_location(
             data=input,
         )
 
-        S3DatasetLocationHandler.create_bucket_prefix(location)
+        S3LocationClient(location).create_bucket_prefix()
 
         DatasetLocationIndexer.upsert(session=session, folder_uri=location.locationUri)
     return location
diff --git a/tests/api/conftest.py b/tests/api/conftest.py
index 395bafe67..9a204e9e6 100644
--- a/tests/api/conftest.py
+++ b/tests/api/conftest.py
@@ -28,7 +28,6 @@ def patch_check_env(module_mocker):
 def patch_es(module_mocker):
     module_mocker.patch('dataall.searchproxy.connect', return_value={})
     module_mocker.patch('dataall.searchproxy.search', return_value={})
-    module_mocker.patch('dataall.searchproxy.upsert', return_value={})
     module_mocker.patch(
         'dataall.modules.datasets.indexers.table_indexer.DatasetTableIndexer.upsert_all',
         return_value={}
diff --git a/tests/api/test_dataset.py b/tests/api/test_dataset.py
index c6909c28b..368ea97fa 100644
--- a/tests/api/test_dataset.py
+++ b/tests/api/test_dataset.py
@@ -4,7 +4,6 @@
 import pytest
 
 import dataall
-from dataall.modules.datasets.aws.glue_dataset_client import DatasetCrawler
 from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable, Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
 
diff --git a/tests/api/test_dataset_location.py b/tests/api/test_dataset_location.py
index 50aafe9a3..ed700630c 100644
--- a/tests/api/test_dataset_location.py
+++ b/tests/api/test_dataset_location.py
@@ -1,8 +1,10 @@
 import typing
+from unittest.mock import MagicMock
 
 import pytest
 
 import dataall
+from dataall.modules.datasets.aws.s3_location_client import S3LocationClient
 from dataall.modules.datasets.db.models import Dataset
 
 
@@ -71,10 +73,8 @@ def test_get_dataset(client, dataset1, env1, user, group):
 
 
 def test_create_location(client, dataset1, env1, user, group, patch_es, module_mocker):
-    module_mocker.patch(
-        'dataall.modules.datasets.handlers.s3_location_handler.S3DatasetLocationHandler.create_bucket_prefix',
-        return_value=True
-    )
+    mock_client = MagicMock()
+    module_mocker.patch("dataall.modules.datasets.api.storage_location.resolvers.S3LocationClient", mock_client)
     response = client.query(
         """
         mutation createDatasetStorageLocation($datasetUri:String!, $input:NewDatasetStorageLocationInput!){
diff --git a/tests/searchproxy/test_indexers.py b/tests/searchproxy/test_indexers.py
index 8bcf114d7..83be2dc4c 100644
--- a/tests/searchproxy/test_indexers.py
+++ b/tests/searchproxy/test_indexers.py
@@ -124,7 +124,7 @@ def test_es_request():
 
 
 def test_upsert_dataset(db, dataset, env, mocker):
-    mocker.patch('dataall.searchproxy.upsert', return_value={})
+    mocker.patch('dataall.searchproxy.base_indexer.BaseIndexer._index', return_value={})
     with db.scoped_session() as session:
         dataset_indexed = DatasetIndexer.upsert(
             session, dataset_uri=dataset.datasetUri
@@ -133,14 +133,14 @@ def test_upsert_dataset(db, dataset, env, mocker):
 
 
 def test_upsert_table(db, dataset, env, mocker, table):
-    mocker.patch('dataall.searchproxy.upsert', return_value={})
+    mocker.patch('dataall.searchproxy.base_indexer.BaseIndexer._index', return_value={})
     with db.scoped_session() as session:
         table_indexed = DatasetTableIndexer.upsert(session, table_uri=table.tableUri)
         assert table_indexed.uri == table.tableUri
 
 
 def test_upsert_folder(db, dataset, env, mocker, folder):
-    mocker.patch('dataall.searchproxy.upsert', return_value={})
+    mocker.patch('dataall.searchproxy.base_indexer.BaseIndexer._index', return_value={})
     with db.scoped_session() as session:
         folder_indexed = DatasetLocationIndexer.upsert(
             session=session, folder_uri=folder.locationUri
@@ -149,7 +149,7 @@ def test_upsert_folder(db, dataset, env, mocker, folder):
 
 
 def test_upsert_tables(db, dataset, env, mocker, folder):
-    mocker.patch('dataall.searchproxy.upsert', return_value={})
+    mocker.patch('dataall.searchproxy.base_indexer.BaseIndexer._index', return_value={})
     with db.scoped_session() as session:
         tables = DatasetTableIndexer.upsert_all(
             session, dataset_uri=dataset.datasetUri
diff --git a/tests/tasks/test_tables_sync.py b/tests/tasks/test_tables_sync.py
index 5c9937c72..f6ff700dd 100644
--- a/tests/tasks/test_tables_sync.py
+++ b/tests/tasks/test_tables_sync.py
@@ -3,7 +3,6 @@
 import pytest
 import dataall
 from dataall.api.constants import OrganisationUserRole
-from dataall.modules.datasets.aws.lf_table_client import LakeFormationTableClient
 from dataall.modules.datasets.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.tasks.tables_syncer import sync_tables
 

From 082fec9008e5efc79f760dc45496467142ef8a0f Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 5 May 2023 13:03:44 +0200
Subject: [PATCH 127/346] Review remarks

---
 backend/dataall/cdkproxy/stacks/policies/data_policy.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/dataall/cdkproxy/stacks/policies/data_policy.py b/backend/dataall/cdkproxy/stacks/policies/data_policy.py
index a0791954d..49f7d59fb 100644
--- a/backend/dataall/cdkproxy/stacks/policies/data_policy.py
+++ b/backend/dataall/cdkproxy/stacks/policies/data_policy.py
@@ -103,7 +103,7 @@ def generate_data_access_policy(self, session) -> iam.Policy:
 
         return policy
 
-    def get_statements(self, session):
+    def get_statements(self, *args, **kwargs):
         statements = [
             iam.PolicyStatement(
                 actions=[

From dbf6197e20ecfa0d94ba753280cd5f30335debcd Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 5 May 2023 13:21:00 +0200
Subject: [PATCH 128/346] Moved code related to dataset sharing

---
 backend/dataall/aws/handlers/ecs.py                |  2 +-
 .../services}/data_sharing_service.py              |  6 +++---
 .../services/dataset_alarm_service.py              |  0
 .../services}/share_managers/__init__.py           |  0
 .../services}/share_managers/lf_share_manager.py   | 14 +++++++-------
 .../services}/share_managers/s3_share_manager.py   | 14 +++++++-------
 .../services}/share_processors/__init__.py         |  0
 .../lf_process_cross_account_share.py              |  0
 .../lf_process_same_account_share.py               |  0
 .../services}/share_processors/s3_process_share.py |  0
 .../modules/datasets/tasks/tables_syncer.py        |  2 +-
 backend/dataall/tasks/share_manager.py             |  4 ++--
 backend/dataall/tasks/shares_refresh.py            |  4 ++--
 tests/tasks/test_lf_share_manager.py               |  6 +++---
 tests/tasks/test_s3_share_manager.py               |  2 +-
 15 files changed, 27 insertions(+), 27 deletions(-)
 rename backend/dataall/{tasks/data_sharing => modules/dataset_sharing/services}/data_sharing_service.py (96%)
 rename backend/dataall/modules/{datasets => dataset_sharing}/services/dataset_alarm_service.py (100%)
 rename backend/dataall/{tasks/data_sharing => modules/dataset_sharing/services}/share_managers/__init__.py (100%)
 rename backend/dataall/{tasks/data_sharing => modules/dataset_sharing/services}/share_managers/lf_share_manager.py (97%)
 rename backend/dataall/{tasks/data_sharing => modules/dataset_sharing/services}/share_managers/s3_share_manager.py (98%)
 rename backend/dataall/{tasks/data_sharing => modules/dataset_sharing/services}/share_processors/__init__.py (100%)
 rename backend/dataall/{tasks/data_sharing => modules/dataset_sharing/services}/share_processors/lf_process_cross_account_share.py (100%)
 rename backend/dataall/{tasks/data_sharing => modules/dataset_sharing/services}/share_processors/lf_process_same_account_share.py (100%)
 rename backend/dataall/{tasks/data_sharing => modules/dataset_sharing/services}/share_processors/s3_process_share.py (100%)

diff --git a/backend/dataall/aws/handlers/ecs.py b/backend/dataall/aws/handlers/ecs.py
index 5d98f6ba3..528ebb520 100644
--- a/backend/dataall/aws/handlers/ecs.py
+++ b/backend/dataall/aws/handlers/ecs.py
@@ -9,7 +9,7 @@
 from ... import db
 from ...db import models
 from ...utils import Parameter
-from ...tasks.data_sharing.data_sharing_service import DataSharingService
+from dataall.modules.dataset_sharing.services.data_sharing_service import DataSharingService
 
 log = logging.getLogger('aws:ecs')
 
diff --git a/backend/dataall/tasks/data_sharing/data_sharing_service.py b/backend/dataall/modules/dataset_sharing/services/data_sharing_service.py
similarity index 96%
rename from backend/dataall/tasks/data_sharing/data_sharing_service.py
rename to backend/dataall/modules/dataset_sharing/services/data_sharing_service.py
index 4ec4687b6..6ffd124e4 100644
--- a/backend/dataall/tasks/data_sharing/data_sharing_service.py
+++ b/backend/dataall/modules/dataset_sharing/services/data_sharing_service.py
@@ -1,9 +1,9 @@
 import logging
 import os
 
-from .share_processors.lf_process_cross_account_share import ProcessLFCrossAccountShare
-from .share_processors.lf_process_same_account_share import ProcessLFSameAccountShare
-from .share_processors.s3_process_share import ProcessS3Share
+from dataall.modules.dataset_sharing.services.share_processors.lf_process_cross_account_share import ProcessLFCrossAccountShare
+from dataall.modules.dataset_sharing.services.share_processors.lf_process_same_account_share import ProcessLFSameAccountShare
+from dataall.modules.dataset_sharing.services.share_processors.s3_process_share import ProcessS3Share
 
 from dataall.aws.handlers.ram import Ram
 from dataall.aws.handlers.sts import SessionHelper
diff --git a/backend/dataall/modules/datasets/services/dataset_alarm_service.py b/backend/dataall/modules/dataset_sharing/services/dataset_alarm_service.py
similarity index 100%
rename from backend/dataall/modules/datasets/services/dataset_alarm_service.py
rename to backend/dataall/modules/dataset_sharing/services/dataset_alarm_service.py
diff --git a/backend/dataall/tasks/data_sharing/share_managers/__init__.py b/backend/dataall/modules/dataset_sharing/services/share_managers/__init__.py
similarity index 100%
rename from backend/dataall/tasks/data_sharing/share_managers/__init__.py
rename to backend/dataall/modules/dataset_sharing/services/share_managers/__init__.py
diff --git a/backend/dataall/tasks/data_sharing/share_managers/lf_share_manager.py b/backend/dataall/modules/dataset_sharing/services/share_managers/lf_share_manager.py
similarity index 97%
rename from backend/dataall/tasks/data_sharing/share_managers/lf_share_manager.py
rename to backend/dataall/modules/dataset_sharing/services/share_managers/lf_share_manager.py
index 89f28c271..2e3b830ff 100644
--- a/backend/dataall/tasks/data_sharing/share_managers/lf_share_manager.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_managers/lf_share_manager.py
@@ -5,14 +5,14 @@
 
 from botocore.exceptions import ClientError
 
-from ....aws.handlers.glue import Glue
-from ....aws.handlers.lakeformation import LakeFormation
-from ....aws.handlers.quicksight import Quicksight
-from ....aws.handlers.sts import SessionHelper
-from ....aws.handlers.ram import Ram
-from ....db import exceptions, models
+from dataall.aws.handlers.glue import Glue
+from dataall.aws.handlers.lakeformation import LakeFormation
+from dataall.aws.handlers.quicksight import Quicksight
+from dataall.aws.handlers.sts import SessionHelper
+from dataall.aws.handlers.ram import Ram
+from dataall.db import exceptions, models
 from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
-from dataall.modules.datasets.services.dataset_alarm_service import DatasetAlarmService
+from dataall.modules.dataset_sharing.services.dataset_alarm_service import DatasetAlarmService
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
 
 logger = logging.getLogger(__name__)
diff --git a/backend/dataall/tasks/data_sharing/share_managers/s3_share_manager.py b/backend/dataall/modules/dataset_sharing/services/share_managers/s3_share_manager.py
similarity index 98%
rename from backend/dataall/tasks/data_sharing/share_managers/s3_share_manager.py
rename to backend/dataall/modules/dataset_sharing/services/share_managers/s3_share_manager.py
index 4b4824a51..8a1b516eb 100644
--- a/backend/dataall/tasks/data_sharing/share_managers/s3_share_manager.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_managers/s3_share_manager.py
@@ -3,13 +3,13 @@
 import json
 import time
 
-from ....db import models, utils
-from ....aws.handlers.sts import SessionHelper
-from ....aws.handlers.s3 import S3
-from ....aws.handlers.kms import KMS
-from ....aws.handlers.iam import IAM
-from ....modules.dataset_sharing.db.models import ShareObject
-from ....modules.dataset_sharing.services.share_object import ShareObjectService
+from dataall.db import models, utils
+from dataall.aws.handlers.sts import SessionHelper
+from dataall.aws.handlers.s3 import S3
+from dataall.aws.handlers.kms import KMS
+from dataall.aws.handlers.iam import IAM
+from dataall.modules.dataset_sharing.db.models import ShareObject
+from dataall.modules.dataset_sharing.services.share_object import ShareObjectService
 
 from dataall.modules.datasets_base.db.models import DatasetStorageLocation, Dataset
 
diff --git a/backend/dataall/tasks/data_sharing/share_processors/__init__.py b/backend/dataall/modules/dataset_sharing/services/share_processors/__init__.py
similarity index 100%
rename from backend/dataall/tasks/data_sharing/share_processors/__init__.py
rename to backend/dataall/modules/dataset_sharing/services/share_processors/__init__.py
diff --git a/backend/dataall/tasks/data_sharing/share_processors/lf_process_cross_account_share.py b/backend/dataall/modules/dataset_sharing/services/share_processors/lf_process_cross_account_share.py
similarity index 100%
rename from backend/dataall/tasks/data_sharing/share_processors/lf_process_cross_account_share.py
rename to backend/dataall/modules/dataset_sharing/services/share_processors/lf_process_cross_account_share.py
diff --git a/backend/dataall/tasks/data_sharing/share_processors/lf_process_same_account_share.py b/backend/dataall/modules/dataset_sharing/services/share_processors/lf_process_same_account_share.py
similarity index 100%
rename from backend/dataall/tasks/data_sharing/share_processors/lf_process_same_account_share.py
rename to backend/dataall/modules/dataset_sharing/services/share_processors/lf_process_same_account_share.py
diff --git a/backend/dataall/tasks/data_sharing/share_processors/s3_process_share.py b/backend/dataall/modules/dataset_sharing/services/share_processors/s3_process_share.py
similarity index 100%
rename from backend/dataall/tasks/data_sharing/share_processors/s3_process_share.py
rename to backend/dataall/modules/dataset_sharing/services/share_processors/s3_process_share.py
diff --git a/backend/dataall/modules/datasets/tasks/tables_syncer.py b/backend/dataall/modules/datasets/tasks/tables_syncer.py
index 6be5054f2..a9d8bb47a 100644
--- a/backend/dataall/modules/datasets/tasks/tables_syncer.py
+++ b/backend/dataall/modules/datasets/tasks/tables_syncer.py
@@ -11,7 +11,7 @@
 from dataall.modules.datasets.aws.lf_table_client import LakeFormationTableClient
 from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
-from dataall.modules.datasets.services.dataset_alarm_service import DatasetAlarmService
+from dataall.modules.dataset_sharing.services.dataset_alarm_service import DatasetAlarmService
 from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
 
diff --git a/backend/dataall/tasks/share_manager.py b/backend/dataall/tasks/share_manager.py
index 000f5d808..e00cb4441 100644
--- a/backend/dataall/tasks/share_manager.py
+++ b/backend/dataall/tasks/share_manager.py
@@ -2,8 +2,8 @@
 import os
 import sys
 
-from .data_sharing.data_sharing_service import DataSharingService
-from ..db import get_engine
+from dataall.modules.dataset_sharing.services.data_sharing_service import DataSharingService
+from dataall.db import get_engine
 
 root = logging.getLogger()
 root.setLevel(logging.INFO)
diff --git a/backend/dataall/tasks/shares_refresh.py b/backend/dataall/tasks/shares_refresh.py
index d1957bc74..0d0b25d55 100644
--- a/backend/dataall/tasks/shares_refresh.py
+++ b/backend/dataall/tasks/shares_refresh.py
@@ -2,8 +2,8 @@
 import os
 import sys
 
-from .data_sharing.data_sharing_service import DataSharingService
-from ..db import get_engine
+from dataall.modules.dataset_sharing.services.data_sharing_service import DataSharingService
+from dataall.db import get_engine
 
 root = logging.getLogger()
 root.setLevel(logging.INFO)
diff --git a/tests/tasks/test_lf_share_manager.py b/tests/tasks/test_lf_share_manager.py
index 9669216d2..5cefd5a2c 100644
--- a/tests/tasks/test_lf_share_manager.py
+++ b/tests/tasks/test_lf_share_manager.py
@@ -12,10 +12,10 @@
 from dataall.api import constants
 from dataall.modules.dataset_sharing.db.models import ShareObject, ShareObjectItem
 from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
-from dataall.modules.datasets.services.dataset_alarm_service import DatasetAlarmService
+from dataall.modules.dataset_sharing.services.dataset_alarm_service import DatasetAlarmService
 
-from dataall.tasks.data_sharing.share_processors.lf_process_cross_account_share import ProcessLFCrossAccountShare
-from dataall.tasks.data_sharing.share_processors.lf_process_same_account_share import ProcessLFSameAccountShare
+from dataall.modules.dataset_sharing.services.share_processors.lf_process_cross_account_share import ProcessLFCrossAccountShare
+from dataall.modules.dataset_sharing.services.share_processors.lf_process_same_account_share import ProcessLFSameAccountShare
 
 
 SOURCE_ENV_ACCOUNT = "1" *  12
diff --git a/tests/tasks/test_s3_share_manager.py b/tests/tasks/test_s3_share_manager.py
index eb8893586..6595b9ee8 100644
--- a/tests/tasks/test_s3_share_manager.py
+++ b/tests/tasks/test_s3_share_manager.py
@@ -6,7 +6,7 @@
 from dataall.db import models
 from dataall.modules.dataset_sharing.db.models import ShareObject, ShareObjectItem
 
-from dataall.tasks.data_sharing.share_managers.s3_share_manager import S3ShareManager
+from dataall.modules.dataset_sharing.services.share_managers import S3ShareManager
 from dataall.modules.datasets_base.db.models import DatasetStorageLocation, Dataset
 
 SOURCE_ENV_ACCOUNT = "111111111111"

From 26b2e8b77e24529892d56e23b78506283d4b55e5 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 5 May 2023 13:29:22 +0200
Subject: [PATCH 129/346] Moved task for sharing

---
 .../data_sharing => modules/dataset_sharing/tasks}/__init__.py | 0
 .../dataset_sharing/tasks/share_manager_task.py}               | 0
 .../dataset_sharing/tasks/shares_refresh_task.py}              | 0
 deploy/stacks/container.py                                     | 3 ++-
 4 files changed, 2 insertions(+), 1 deletion(-)
 rename backend/dataall/{tasks/data_sharing => modules/dataset_sharing/tasks}/__init__.py (100%)
 rename backend/dataall/{tasks/share_manager.py => modules/dataset_sharing/tasks/share_manager_task.py} (100%)
 rename backend/dataall/{tasks/shares_refresh.py => modules/dataset_sharing/tasks/shares_refresh_task.py} (100%)

diff --git a/backend/dataall/tasks/data_sharing/__init__.py b/backend/dataall/modules/dataset_sharing/tasks/__init__.py
similarity index 100%
rename from backend/dataall/tasks/data_sharing/__init__.py
rename to backend/dataall/modules/dataset_sharing/tasks/__init__.py
diff --git a/backend/dataall/tasks/share_manager.py b/backend/dataall/modules/dataset_sharing/tasks/share_manager_task.py
similarity index 100%
rename from backend/dataall/tasks/share_manager.py
rename to backend/dataall/modules/dataset_sharing/tasks/share_manager_task.py
diff --git a/backend/dataall/tasks/shares_refresh.py b/backend/dataall/modules/dataset_sharing/tasks/shares_refresh_task.py
similarity index 100%
rename from backend/dataall/tasks/shares_refresh.py
rename to backend/dataall/modules/dataset_sharing/tasks/shares_refresh_task.py
diff --git a/deploy/stacks/container.py b/deploy/stacks/container.py
index 2eb850a65..2a835753e 100644
--- a/deploy/stacks/container.py
+++ b/deploy/stacks/container.py
@@ -221,6 +221,7 @@ def __init__(
             family=f'{resource_prefix}-{envname}-share-manager',
         )
 
+        # TODO introduce the ability to change the deployment depending on config.json file
         share_management_container = share_management_task_definition.add_container(
             f'ShareManagementTaskContainer{envname}',
             container_name=f'container',
@@ -228,7 +229,7 @@ def __init__(
                 repository=ecr_repository, tag=cdkproxy_image_tag
             ),
             environment=self._create_env('DEBUG'),
-            command=['python3.8', '-m', 'dataall.tasks.share_manager'],
+            command=['python3.8', '-m', 'dataall.modules.dataset_sharing.tasks.share_manager_task'],
             logging=ecs.LogDriver.aws_logs(
                 stream_prefix='task',
                 log_group=self.create_log_group(

From 2c40b9228728fbe39f820e5a5da420414c7caf01 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 5 May 2023 13:31:48 +0200
Subject: [PATCH 130/346] Removed shares_refresh task since it's not used in
 the project

---
 .../services/data_sharing_service.py          | 77 -------------------
 .../dataset_sharing/services/share_object.py  |  7 --
 .../tasks/shares_refresh_task.py              | 28 -------
 3 files changed, 112 deletions(-)
 delete mode 100644 backend/dataall/modules/dataset_sharing/tasks/shares_refresh_task.py

diff --git a/backend/dataall/modules/dataset_sharing/services/data_sharing_service.py b/backend/dataall/modules/dataset_sharing/services/data_sharing_service.py
index 6ffd124e4..e0989ccf9 100644
--- a/backend/dataall/modules/dataset_sharing/services/data_sharing_service.py
+++ b/backend/dataall/modules/dataset_sharing/services/data_sharing_service.py
@@ -223,80 +223,3 @@ def revoke_share(cls, engine: Engine, share_uri: str):
             Share_SM.update_state(session, share, new_share_state)
 
             return revoked_tables_succeed and revoked_folders_succeed
-
-    @classmethod
-    def clean_lfv1_ram_resources(cls, environment: models.Environment):
-        """
-        Deletes LFV1 resource shares for an environment
-        Parameters
-        ----------
-        environment : models.Environment
-
-        Returns
-        -------
-        None
-        """
-        return Ram.delete_lakeformation_v1_resource_shares(
-            SessionHelper.remote_session(accountid=environment.AwsAccountId).client(
-                'ram', region_name=environment.region
-            )
-        )
-
-    @classmethod
-    def refresh_shares(cls, engine: Engine) -> bool:
-        """
-        Refreshes the shares at scheduled frequency.
-        If a share is in 'Approve' state it triggers an approve ECS sharing task
-        If a share is in 'Revoked' state it triggers a revoke ECS sharing task
-        Also cleans up LFV1 ram resource shares if enabled on SSM
-        Parameters
-        ----------
-        engine : db.engine
-
-        Returns
-        -------
-        true if refresh succeeds
-        """
-        share_object_refreshable_states = ShareObjectSM.get_share_object_refreshable_states()
-        with engine.scoped_session() as session:
-            environments = session.query(models.Environment).all()
-            shares = (
-                session.query(ShareObject)
-                .filter(ShareObject.status.in_(share_object_refreshable_states))
-                .all()
-            )
-
-        # Feature toggle: default value is False
-        if (
-            Parameter().get_parameter(
-                os.getenv('envname', 'local'), 'shares/cleanlfv1ram'
-            )
-            == 'True'
-        ):
-            log.info('LFV1 Cleanup toggle is enabled')
-            for e in environments:
-                log.info(
-                    f'Cleaning LFV1 ram resource for environment: {e.AwsAccountId}/{e.region}...'
-                )
-                cls.clean_lfv1_ram_resources(e)
-
-        if not shares:
-            log.info('No Approved nor Revoked shares found. Nothing to do...')
-            return True
-
-        for share in shares:
-            try:
-                log.info(
-                    f'Refreshing share {share.shareUri} with {share.status} status...'
-                )
-                if share.status in [ShareObjectStatus.Approved.value]:
-                    cls.approve_share(engine, share.shareUri)
-                else:
-                    cls.revoke_share(engine, share.shareUri)
-
-            except Exception as e:
-                log.error(
-                    f'Failed refreshing share {share.shareUri} with {share.status}. '
-                    f'due to: {e}'
-                )
-        return True
diff --git a/backend/dataall/modules/dataset_sharing/services/share_object.py b/backend/dataall/modules/dataset_sharing/services/share_object.py
index 821952f05..2d6ff314c 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_object.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_object.py
@@ -157,13 +157,6 @@ def update_state(self, session, share, new_state):
         self._state = new_state
         return True
 
-    @staticmethod
-    def get_share_object_refreshable_states():
-        return [
-            ShareObjectStatus.Approved.value,
-            ShareObjectStatus.Revoked.value
-        ]
-
 
 class ShareItemSM:
     def __init__(self, state):
diff --git a/backend/dataall/modules/dataset_sharing/tasks/shares_refresh_task.py b/backend/dataall/modules/dataset_sharing/tasks/shares_refresh_task.py
deleted file mode 100644
index 0d0b25d55..000000000
--- a/backend/dataall/modules/dataset_sharing/tasks/shares_refresh_task.py
+++ /dev/null
@@ -1,28 +0,0 @@
-import logging
-import os
-import sys
-
-from dataall.modules.dataset_sharing.services.data_sharing_service import DataSharingService
-from dataall.db import get_engine
-
-root = logging.getLogger()
-root.setLevel(logging.INFO)
-if not root.hasHandlers():
-    root.addHandler(logging.StreamHandler(sys.stdout))
-log = logging.getLogger(__name__)
-
-
-if __name__ == '__main__':
-
-    try:
-        ENVNAME = os.environ.get('envname', 'local')
-        ENGINE = get_engine(envname=ENVNAME)
-
-        log.info('Starting refresh shares task...')
-        DataSharingService.refresh_shares(engine=ENGINE)
-
-        log.info('Sharing task finished successfully')
-
-    except Exception as e:
-        log.error(f'Sharing task failed due to: {e}')
-        raise e

From 29a7f7e574d392e4427e0533216dbe0a7c4e90f8 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 5 May 2023 13:35:33 +0200
Subject: [PATCH 131/346] Fixed imports

---
 .../dataset_sharing/services/data_sharing_service.py       | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/backend/dataall/modules/dataset_sharing/services/data_sharing_service.py b/backend/dataall/modules/dataset_sharing/services/data_sharing_service.py
index e0989ccf9..08ef1169d 100644
--- a/backend/dataall/modules/dataset_sharing/services/data_sharing_service.py
+++ b/backend/dataall/modules/dataset_sharing/services/data_sharing_service.py
@@ -1,17 +1,12 @@
 import logging
-import os
 
 from dataall.modules.dataset_sharing.services.share_processors.lf_process_cross_account_share import ProcessLFCrossAccountShare
 from dataall.modules.dataset_sharing.services.share_processors.lf_process_same_account_share import ProcessLFSameAccountShare
 from dataall.modules.dataset_sharing.services.share_processors.s3_process_share import ProcessS3Share
 
-from dataall.aws.handlers.ram import Ram
-from dataall.aws.handlers.sts import SessionHelper
 from dataall.db import models, Engine
-from dataall.modules.dataset_sharing.db.Enums import ShareObjectActions, ShareItemStatus, ShareObjectStatus
-from dataall.modules.dataset_sharing.db.models import ShareObject
+from dataall.modules.dataset_sharing.db.Enums import ShareObjectActions, ShareItemStatus
 from dataall.modules.dataset_sharing.services.share_object import ShareObjectSM, ShareObjectService, ShareItemSM
-from dataall.utils import Parameter
 
 log = logging.getLogger(__name__)
 

From da2bac50e7081d067f1c67fbd8ace779a7f493f3 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 5 May 2023 15:30:38 +0200
Subject: [PATCH 132/346] Moved services to repositories since it would be
 easier to extract business logic from it

---
 backend/dataall/aws/handlers/redshift.py      |  4 +--
 backend/dataall/db/api/redshift_cluster.py    |  4 +--
 .../modules/datasets/api/dataset/resolvers.py |  8 +++---
 .../datasets/api/profiling/resolvers.py       | 20 +++++++-------
 .../api/storage_location/resolvers.py         | 20 +++++++-------
 .../modules/datasets/api/table/resolvers.py   | 26 +++++++++----------
 .../datasets/api/table_column/resolvers.py    |  8 +++---
 .../dataset_location_repository.py}           |  8 +++---
 .../dataset_profiling_repository.py}          |  4 +--
 .../dataset_table_repository.py}              | 16 ++++++------
 .../datasets/handlers/glue_column_handler.py  |  4 +--
 .../handlers/glue_profiling_handler.py        |  8 +++---
 .../datasets/handlers/glue_table_handler.py   |  4 +--
 .../datasets/handlers/s3_location_handler.py  |  4 +--
 .../datasets/indexers/dataset_indexer.py      |  4 +--
 .../datasets/services/dataset_service.py      |  4 +--
 .../datasets/tasks/subscription_service.py    | 14 +++++-----
 .../modules/datasets/tasks/tables_syncer.py   |  4 +--
 tests/api/test_dataset_table.py               |  4 +--
 19 files changed, 84 insertions(+), 84 deletions(-)
 rename backend/dataall/modules/datasets/{services/dataset_location_service.py => db/dataset_location_repository.py} (96%)
 rename backend/dataall/modules/datasets/{services/dataset_profiling_service.py => db/dataset_profiling_repository.py} (98%)
 rename backend/dataall/modules/datasets/{services/dataset_table_service.py => db/dataset_table_repository.py} (95%)

diff --git a/backend/dataall/aws/handlers/redshift.py b/backend/dataall/aws/handlers/redshift.py
index 1e3e994c6..5264366b3 100644
--- a/backend/dataall/aws/handlers/redshift.py
+++ b/backend/dataall/aws/handlers/redshift.py
@@ -10,7 +10,7 @@
 from ... import db
 from ...db import models
 # TODO should be migrated in the redshift module
-from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
+from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
 from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
 
@@ -450,7 +450,7 @@ def copy_data(engine, task: models.Task):
                 session, task.payload['datasetUri']
             )
 
-            table: DatasetTable = DatasetTableService.get_dataset_table_by_uri(
+            table: DatasetTable = DatasetTableRepository.get_dataset_table_by_uri(
                 session, task.payload['tableUri']
             )
 
diff --git a/backend/dataall/db/api/redshift_cluster.py b/backend/dataall/db/api/redshift_cluster.py
index 33657ca9d..f463fd3f5 100644
--- a/backend/dataall/db/api/redshift_cluster.py
+++ b/backend/dataall/db/api/redshift_cluster.py
@@ -499,8 +499,8 @@ def enable_copy_table(
         cluster = RedshiftCluster.get_redshift_cluster_by_uri(session, uri)
 
         # TODO this dirty hack should be removed in the redshift module or after pipeline migration (circular import)
-        from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
-        table = DatasetTableService.get_dataset_table_by_uri(
+        from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
+        table = DatasetTableRepository.get_dataset_table_by_uri(
             session, data['tableUri']
         )
         table = models.RedshiftClusterDatasetTable(
diff --git a/backend/dataall/modules/datasets/api/dataset/resolvers.py b/backend/dataall/modules/datasets/api/dataset/resolvers.py
index ab70bc627..9239fbb3b 100644
--- a/backend/dataall/modules/datasets/api/dataset/resolvers.py
+++ b/backend/dataall/modules/datasets/api/dataset/resolvers.py
@@ -18,7 +18,7 @@
 from dataall.modules.dataset_sharing.db.models import ShareObject
 from dataall.modules.datasets import Dataset
 from dataall.modules.datasets.aws.glue_dataset_client import DatasetCrawler
-from dataall.modules.datasets.services.dataset_location_service import DatasetLocationService
+from dataall.modules.datasets.db.dataset_location_repository import DatasetLocationRepository
 from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
@@ -177,7 +177,7 @@ def list_locations(context, source: Dataset, filter: dict = None):
     if not filter:
         filter = {'page': 1, 'pageSize': 5}
     with context.engine.scoped_session() as session:
-        return DatasetLocationService.paginated_dataset_locations(
+        return DatasetLocationRepository.paginated_dataset_locations(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -249,7 +249,7 @@ def get_dataset_statistics(context: Context, source: Dataset, **kwargs):
         return None
     with context.engine.scoped_session() as session:
         count_tables = DatasetService.count_dataset_tables(session, source.datasetUri)
-        count_locations = DatasetLocationService.count_dataset_locations(
+        count_locations = DatasetLocationRepository.count_dataset_locations(
             session, source.datasetUri
         )
         count_upvotes = db.api.Vote.count_upvotes(
@@ -566,7 +566,7 @@ def delete_dataset(
         for uri in tables:
             DatasetIndexer.delete_doc(doc_id=uri)
 
-        folders = [f.locationUri for f in DatasetLocationService.get_dataset_folders(session, datasetUri)]
+        folders = [f.locationUri for f in DatasetLocationRepository.get_dataset_folders(session, datasetUri)]
         for uri in folders:
             DatasetIndexer.delete_doc(doc_id=uri)
 
diff --git a/backend/dataall/modules/datasets/api/profiling/resolvers.py b/backend/dataall/modules/datasets/api/profiling/resolvers.py
index 9fddc4505..0f676c789 100644
--- a/backend/dataall/modules/datasets/api/profiling/resolvers.py
+++ b/backend/dataall/modules/datasets/api/profiling/resolvers.py
@@ -7,8 +7,8 @@
 from dataall.db import api, models
 from dataall.db.api import ResourcePolicy
 from dataall.modules.datasets.services.dataset_service import DatasetService
-from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
-from dataall.modules.datasets.services.dataset_profiling_service import DatasetProfilingService
+from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
+from dataall.modules.datasets.db.dataset_profiling_repository import DatasetProfilingRepository
 from dataall.modules.datasets_base.db.models import DatasetProfilingRun
 from dataall.modules.datasets.services.permissions import PROFILE_DATASET_TABLE
 
@@ -36,7 +36,7 @@ def start_profiling_run(context: Context, source, input: dict = None):
         )
         dataset = DatasetService.get_dataset_by_uri(session, input['datasetUri'])
 
-        run = DatasetProfilingService.start_profiling(
+        run = DatasetProfilingRepository.start_profiling(
             session=session,
             datasetUri=dataset.datasetUri,
             tableUri=input.get('tableUri'),
@@ -74,7 +74,7 @@ def get_profiling_results(context: Context, source: DatasetProfilingRun):
 
 def update_profiling_run_results(context: Context, source, profilingRunUri, results):
     with context.engine.scoped_session() as session:
-        run = DatasetProfilingService.update_run(
+        run = DatasetProfilingRepository.update_run(
             session=session, profilingRunUri=profilingRunUri, results=results
         )
         return run
@@ -82,12 +82,12 @@ def update_profiling_run_results(context: Context, source, profilingRunUri, resu
 
 def list_profiling_runs(context: Context, source, datasetUri=None):
     with context.engine.scoped_session() as session:
-        return DatasetProfilingService.list_profiling_runs(session, datasetUri)
+        return DatasetProfilingRepository.list_profiling_runs(session, datasetUri)
 
 
 def get_profiling_run(context: Context, source, profilingRunUri=None):
     with context.engine.scoped_session() as session:
-        return DatasetProfilingService.get_profiling_run(
+        return DatasetProfilingRepository.get_profiling_run(
             session=session, profilingRunUri=profilingRunUri
         )
 
@@ -95,14 +95,14 @@ def get_profiling_run(context: Context, source, profilingRunUri=None):
 def get_last_table_profiling_run(context: Context, source, tableUri=None):
     with context.engine.scoped_session() as session:
         run: DatasetProfilingRun = (
-            DatasetProfilingService.get_table_last_profiling_run(
+            DatasetProfilingRepository.get_table_last_profiling_run(
                 session=session, tableUri=tableUri
             )
         )
 
         if run:
             if not run.results:
-                table = DatasetTableService.get_dataset_table_by_uri(session, tableUri)
+                table = DatasetTableRepository.get_dataset_table_by_uri(session, tableUri)
                 dataset = DatasetService.get_dataset_by_uri(session, table.datasetUri)
                 environment = api.Environment.get_environment_by_uri(
                     session, dataset.environmentUri
@@ -116,7 +116,7 @@ def get_last_table_profiling_run(context: Context, source, tableUri=None):
 
             if not run.results:
                 run_with_results = (
-                    DatasetProfilingService.get_table_last_profiling_run_with_results(
+                    DatasetProfilingRepository.get_table_last_profiling_run_with_results(
                         session=session, tableUri=tableUri
                     )
                 )
@@ -147,6 +147,6 @@ def get_profiling_results_from_s3(environment, dataset, table, run):
 
 def list_table_profiling_runs(context: Context, source, tableUri=None):
     with context.engine.scoped_session() as session:
-        return DatasetProfilingService.list_table_profiling_runs(
+        return DatasetProfilingRepository.list_table_profiling_runs(
             session=session, tableUri=tableUri, filter={}
         )
diff --git a/backend/dataall/modules/datasets/api/storage_location/resolvers.py b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
index 9f0a16f01..119e861c1 100644
--- a/backend/dataall/modules/datasets/api/storage_location/resolvers.py
+++ b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
@@ -9,7 +9,7 @@
 from dataall.modules.datasets.aws.s3_location_client import S3LocationClient
 from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
 from dataall.modules.datasets_base.db.models import DatasetStorageLocation, Dataset
-from dataall.modules.datasets.services.dataset_location_service import DatasetLocationService
+from dataall.modules.datasets.db.dataset_location_repository import DatasetLocationRepository
 from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.modules.datasets.services.permissions import UPDATE_DATASET_FOLDER
 
@@ -18,7 +18,7 @@ def create_storage_location(
     context, source, datasetUri: str = None, input: dict = None
 ):
     with context.engine.scoped_session() as session:
-        location = DatasetLocationService.create_dataset_location(
+        location = DatasetLocationRepository.create_dataset_location(
             session=session,
             uri=datasetUri,
             data=input,
@@ -36,15 +36,15 @@ def list_dataset_locations(context, source, filter: dict = None):
     if not filter:
         filter = {}
     with context.engine.scoped_session() as session:
-        return DatasetLocationService.list_dataset_locations(
+        return DatasetLocationRepository.list_dataset_locations(
             session=session, uri=source.datasetUri, data=filter
         )
 
 
 def get_storage_location(context, source, locationUri=None):
     with context.engine.scoped_session() as session:
-        location = DatasetLocationService.get_location_by_uri(session, locationUri)
-        return DatasetLocationService.get_dataset_location(
+        location = DatasetLocationRepository.get_location_by_uri(session, locationUri)
+        return DatasetLocationRepository.get_dataset_location(
             session=session,
             uri=location.datasetUri,
             data={'locationUri': location.locationUri},
@@ -55,10 +55,10 @@ def update_storage_location(
     context, source, locationUri: str = None, input: dict = None
 ):
     with context.engine.scoped_session() as session:
-        location = DatasetLocationService.get_location_by_uri(session, locationUri)
+        location = DatasetLocationRepository.get_location_by_uri(session, locationUri)
         input['location'] = location
         input['locationUri'] = location.locationUri
-        DatasetLocationService.update_dataset_location(
+        DatasetLocationRepository.update_dataset_location(
             session=session,
             uri=location.datasetUri,
             data=input,
@@ -70,8 +70,8 @@ def update_storage_location(
 
 def remove_storage_location(context, source, locationUri: str = None):
     with context.engine.scoped_session() as session:
-        location = DatasetLocationService.get_location_by_uri(session, locationUri)
-        DatasetLocationService.delete_dataset_location(
+        location = DatasetLocationRepository.get_location_by_uri(session, locationUri)
+        DatasetLocationRepository.delete_dataset_location(
             session=session,
             uri=location.datasetUri,
             data={'locationUri': location.locationUri},
@@ -90,7 +90,7 @@ def resolve_dataset(context, source: DatasetStorageLocation, **kwargs):
 
 def publish_location_update(context: Context, source, locationUri: str = None):
     with context.engine.scoped_session() as session:
-        location = DatasetLocationService.get_location_by_uri(session, locationUri)
+        location = DatasetLocationRepository.get_location_by_uri(session, locationUri)
         ResourcePolicy.check_user_resource_permission(
             session=session,
             username=context.username,
diff --git a/backend/dataall/modules/datasets/api/table/resolvers.py b/backend/dataall/modules/datasets/api/table/resolvers.py
index b7b0ae04b..5444cd0a0 100644
--- a/backend/dataall/modules/datasets/api/table/resolvers.py
+++ b/backend/dataall/modules/datasets/api/table/resolvers.py
@@ -17,14 +17,14 @@
 from dataall.modules.datasets_base.services.permissions import PREVIEW_DATASET_TABLE
 from dataall.utils import json_utils
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
-from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
+from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
 
 log = logging.getLogger(__name__)
 
 
 def create_table(context, source, datasetUri: str = None, input: dict = None):
     with context.engine.scoped_session() as session:
-        table = DatasetTableService.create_dataset_table(
+        table = DatasetTableRepository.create_dataset_table(
             session=session,
             uri=datasetUri,
             data=input,
@@ -39,7 +39,7 @@ def list_dataset_tables(context, source, filter: dict = None):
     if not filter:
         filter = {}
     with context.engine.scoped_session() as session:
-        return DatasetTableService.list_dataset_tables(
+        return DatasetTableRepository.list_dataset_tables(
             session=session,
             uri=source.datasetUri,
             data=filter,
@@ -48,8 +48,8 @@ def list_dataset_tables(context, source, filter: dict = None):
 
 def get_table(context, source: Dataset, tableUri: str = None):
     with context.engine.scoped_session() as session:
-        table = DatasetTableService.get_dataset_table_by_uri(session, tableUri)
-        return DatasetTableService.get_dataset_table(
+        table = DatasetTableRepository.get_dataset_table_by_uri(session, tableUri)
+        return DatasetTableRepository.get_dataset_table(
             session=session,
             uri=table.datasetUri,
             data={
@@ -60,14 +60,14 @@ def get_table(context, source: Dataset, tableUri: str = None):
 
 def update_table(context, source, tableUri: str = None, input: dict = None):
     with context.engine.scoped_session() as session:
-        table = DatasetTableService.get_dataset_table_by_uri(session, tableUri)
+        table = DatasetTableRepository.get_dataset_table_by_uri(session, tableUri)
 
         dataset = DatasetService.get_dataset_by_uri(session, table.datasetUri)
 
         input['table'] = table
         input['tableUri'] = table.tableUri
 
-        DatasetTableService.update_dataset_table(
+        DatasetTableRepository.update_dataset_table(
             session=session,
             uri=dataset.datasetUri,
             data=input,
@@ -78,8 +78,8 @@ def update_table(context, source, tableUri: str = None, input: dict = None):
 
 def delete_table(context, source, tableUri: str = None):
     with context.engine.scoped_session() as session:
-        table = DatasetTableService.get_dataset_table_by_uri(session, tableUri)
-        DatasetTableService.delete_dataset_table(
+        table = DatasetTableRepository.get_dataset_table_by_uri(session, tableUri)
+        DatasetTableRepository.delete_dataset_table(
             session=session,
             uri=table.datasetUri,
             data={
@@ -92,7 +92,7 @@ def delete_table(context, source, tableUri: str = None):
 
 def preview(context, source, tableUri: str = None):
     with context.engine.scoped_session() as session:
-        table: DatasetTable = DatasetTableService.get_dataset_table_by_uri(
+        table: DatasetTable = DatasetTableRepository.get_dataset_table_by_uri(
             session, tableUri
         )
         dataset = DatasetService.get_dataset_by_uri(session, table.datasetUri)
@@ -147,7 +147,7 @@ def get_glue_table_properties(context: Context, source: DatasetTable, **kwargs):
     if not source:
         return None
     with context.engine.scoped_session() as session:
-        table: DatasetTable = DatasetTableService.get_dataset_table_by_uri(
+        table: DatasetTable = DatasetTableRepository.get_dataset_table_by_uri(
             session, source.tableUri
         )
         return json_utils.to_string(table.GlueTableProperties).replace('\\', ' ')
@@ -176,7 +176,7 @@ def resolve_glossary_terms(context: Context, source: DatasetTable, **kwargs):
 
 def publish_table_update(context: Context, source, tableUri: str = None):
     with context.engine.scoped_session() as session:
-        table: DatasetTable = DatasetTableService.get_dataset_table_by_uri(
+        table: DatasetTable = DatasetTableRepository.get_dataset_table_by_uri(
             session, tableUri
         )
         ResourcePolicy.check_user_resource_permission(
@@ -225,7 +225,7 @@ def resolve_redshift_copy_location(
 
 def list_shared_tables_by_env_dataset(context: Context, source, datasetUri: str, envUri: str, filter: dict = None):
     with context.engine.scoped_session() as session:
-        return DatasetTableService.get_dataset_tables_shared_with_env(
+        return DatasetTableRepository.get_dataset_tables_shared_with_env(
             session,
             envUri,
             datasetUri
diff --git a/backend/dataall/modules/datasets/api/table_column/resolvers.py b/backend/dataall/modules/datasets/api/table_column/resolvers.py
index 0efeceaa6..251d407bd 100644
--- a/backend/dataall/modules/datasets/api/table_column/resolvers.py
+++ b/backend/dataall/modules/datasets/api/table_column/resolvers.py
@@ -5,7 +5,7 @@
 from dataall.aws.handlers.service_handlers import Worker
 from dataall.db import paginate, models
 from dataall.db.api import ResourcePolicy
-from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
+from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
 from dataall.modules.datasets_base.db.models import DatasetTableColumn, DatasetTable
 from dataall.modules.datasets.services.permissions import UPDATE_DATASET_TABLE
 
@@ -22,7 +22,7 @@ def list_table_columns(
         filter = {}
     with context.engine.scoped_session() as session:
         if not source:
-            source = DatasetTableService.get_dataset_table_by_uri(session, tableUri)
+            source = DatasetTableRepository.get_dataset_table_by_uri(session, tableUri)
         q = (
             session.query(DatasetTableColumn)
             .filter(
@@ -47,7 +47,7 @@ def list_table_columns(
 
 def sync_table_columns(context: Context, source, tableUri: str = None):
     with context.engine.scoped_session() as session:
-        table: DatasetTable = DatasetTableService.get_dataset_table_by_uri(
+        table: DatasetTable = DatasetTableRepository.get_dataset_table_by_uri(
             session, tableUri
         )
         ResourcePolicy.check_user_resource_permission(
@@ -82,7 +82,7 @@ def update_table_column(
         ).get(columnUri)
         if not column:
             raise db.exceptions.ObjectNotFound('Column', columnUri)
-        table: DatasetTable = DatasetTableService.get_dataset_table_by_uri(
+        table: DatasetTable = DatasetTableRepository.get_dataset_table_by_uri(
             session, column.tableUri
         )
         ResourcePolicy.check_user_resource_permission(
diff --git a/backend/dataall/modules/datasets/services/dataset_location_service.py b/backend/dataall/modules/datasets/db/dataset_location_repository.py
similarity index 96%
rename from backend/dataall/modules/datasets/services/dataset_location_service.py
rename to backend/dataall/modules/datasets/db/dataset_location_repository.py
index b86b86b34..4fc65db98 100644
--- a/backend/dataall/modules/datasets/services/dataset_location_service.py
+++ b/backend/dataall/modules/datasets/db/dataset_location_repository.py
@@ -16,7 +16,7 @@
 logger = logging.getLogger(__name__)
 
 
-class DatasetLocationService:
+class DatasetLocationRepository:
     @staticmethod
     @has_tenant_permission(MANAGE_DATASETS)
     @has_resource_permission(CREATE_DATASET_FOLDER)
@@ -98,7 +98,7 @@ def get_dataset_location(
         uri: str,
         data: dict = None,
     ) -> DatasetStorageLocation:
-        return DatasetLocationService.get_location_by_uri(session, data['locationUri'])
+        return DatasetLocationRepository.get_location_by_uri(session, data['locationUri'])
 
     @staticmethod
     @has_tenant_permission(MANAGE_DATASETS)
@@ -111,7 +111,7 @@ def update_dataset_location(
 
         location = data.get(
             'location',
-            DatasetLocationService.get_location_by_uri(session, data['locationUri']),
+            DatasetLocationRepository.get_location_by_uri(session, data['locationUri']),
         )
 
         for k in data.keys():
@@ -135,7 +135,7 @@ def delete_dataset_location(
         uri: str,
         data: dict = None,
     ):
-        location = DatasetLocationService.get_location_by_uri(
+        location = DatasetLocationRepository.get_location_by_uri(
             session, data['locationUri']
         )
         share_item_shared_states = ShareItemSM.get_share_item_shared_states()
diff --git a/backend/dataall/modules/datasets/services/dataset_profiling_service.py b/backend/dataall/modules/datasets/db/dataset_profiling_repository.py
similarity index 98%
rename from backend/dataall/modules/datasets/services/dataset_profiling_service.py
rename to backend/dataall/modules/datasets/db/dataset_profiling_repository.py
index 55a143ebf..a34ad0a5a 100644
--- a/backend/dataall/modules/datasets/services/dataset_profiling_service.py
+++ b/backend/dataall/modules/datasets/db/dataset_profiling_repository.py
@@ -5,7 +5,7 @@
 from dataall.modules.datasets_base.db.models import DatasetProfilingRun, DatasetTable, Dataset
 
 
-class DatasetProfilingService:
+class DatasetProfilingRepository:
     def __init__(self):
         pass
 
@@ -56,7 +56,7 @@ def update_run(
         GlueJobRunState=None,
         results=None,
     ):
-        run = DatasetProfilingService.get_profiling_run(
+        run = DatasetProfilingRepository.get_profiling_run(
             session, profilingRunUri=profilingRunUri, GlueJobRunId=GlueJobRunId
         )
         if GlueJobRunId:
diff --git a/backend/dataall/modules/datasets/services/dataset_table_service.py b/backend/dataall/modules/datasets/db/dataset_table_repository.py
similarity index 95%
rename from backend/dataall/modules/datasets/services/dataset_table_service.py
rename to backend/dataall/modules/datasets/db/dataset_table_repository.py
index 62ba0dfbd..1b7a95867 100644
--- a/backend/dataall/modules/datasets/services/dataset_table_service.py
+++ b/backend/dataall/modules/datasets/db/dataset_table_repository.py
@@ -18,7 +18,7 @@
 logger = logging.getLogger(__name__)
 
 
-class DatasetTableService:
+class DatasetTableRepository:
     @staticmethod
     @has_tenant_permission(MANAGE_DATASETS)
     @has_resource_permission(CREATE_DATASET_TABLE)
@@ -106,7 +106,7 @@ def get_dataset_table(
         uri: str,
         data: dict = None,
     ) -> DatasetTable:
-        return DatasetTableService.get_dataset_table_by_uri(session, data['tableUri'])
+        return DatasetTableRepository.get_dataset_table_by_uri(session, data['tableUri'])
 
     @staticmethod
     @has_tenant_permission(MANAGE_DATASETS)
@@ -118,7 +118,7 @@ def update_dataset_table(
     ):
         table = data.get(
             'table',
-            DatasetTableService.get_dataset_table_by_uri(session, data['tableUri']),
+            DatasetTableRepository.get_dataset_table_by_uri(session, data['tableUri']),
         )
 
         for k in [attr for attr in data.keys() if attr != 'term']:
@@ -139,7 +139,7 @@ def delete_dataset_table(
         uri: str,
         data: dict = None,
     ):
-        table = DatasetTableService.get_dataset_table_by_uri(session, data['tableUri'])
+        table = DatasetTableRepository.get_dataset_table_by_uri(session, data['tableUri'])
         share_item_shared_states = ShareItemSM.get_share_item_shared_states()
         share_item = (
             session.query(ShareObjectItem)
@@ -202,7 +202,7 @@ def get_dataset_tables_shared_with_env(
     ):
         return [
             {"tableUri": t.tableUri, "GlueTableName": t.GlueTableName}
-            for t in DatasetTableService.query_dataset_tables_shared_with_env(
+            for t in DatasetTableRepository.query_dataset_tables_shared_with_env(
                 session, environment_uri, dataset_uri
             )
         ]
@@ -227,7 +227,7 @@ def sync_existing_tables(session, datasetUri, glue_tables=None):
             existing_table_names = [e.GlueTableName for e in existing_tables]
             existing_dataset_tables_map = {t.GlueTableName: t for t in existing_tables}
 
-            DatasetTableService.update_existing_tables_status(existing_tables, glue_tables)
+            DatasetTableRepository.update_existing_tables_status(existing_tables, glue_tables)
             logger.info(
                 f'existing_tables={glue_tables}'
             )
@@ -276,7 +276,7 @@ def sync_existing_tables(session, datasetUri, glue_tables=None):
                         table.get('Parameters', {})
                     )
 
-                DatasetTableService.sync_table_columns(session, updated_table, table)
+                DatasetTableRepository.sync_table_columns(session, updated_table, table)
 
         return True
 
@@ -292,7 +292,7 @@ def update_existing_tables_status(existing_tables, glue_tables):
     @staticmethod
     def sync_table_columns(session, dataset_table, glue_table):
 
-        DatasetTableService.delete_all_table_columns(session, dataset_table)
+        DatasetTableRepository.delete_all_table_columns(session, dataset_table)
 
         columns = [
             {**item, **{'columnType': 'column'}}
diff --git a/backend/dataall/modules/datasets/handlers/glue_column_handler.py b/backend/dataall/modules/datasets/handlers/glue_column_handler.py
index 0cf8d0b1b..b16ce4413 100644
--- a/backend/dataall/modules/datasets/handlers/glue_column_handler.py
+++ b/backend/dataall/modules/datasets/handlers/glue_column_handler.py
@@ -6,7 +6,7 @@
 from dataall.modules.datasets.aws.glue_table_client import GlueTableClient
 from dataall.modules.datasets.aws.lf_table_client import LakeFormationTableClient
 from dataall.modules.datasets_base.db.models import DatasetTableColumn, DatasetTable
-from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
+from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
 
 log = logging.getLogger(__name__)
 
@@ -24,7 +24,7 @@ def get_table_columns(engine, task: models.Task):
             aws = SessionHelper.remote_session(dataset_table.AWSAccountId)
             glue_table = GlueTableClient(aws, dataset_table).get_table()
 
-            DatasetTableService.sync_table_columns(
+            DatasetTableRepository.sync_table_columns(
                 session, dataset_table, glue_table['Table']
             )
         return True
diff --git a/backend/dataall/modules/datasets/handlers/glue_profiling_handler.py b/backend/dataall/modules/datasets/handlers/glue_profiling_handler.py
index c45e7011b..7177d426d 100644
--- a/backend/dataall/modules/datasets/handlers/glue_profiling_handler.py
+++ b/backend/dataall/modules/datasets/handlers/glue_profiling_handler.py
@@ -5,7 +5,7 @@
 from dataall.aws.handlers.sts import SessionHelper
 from dataall.db import models
 from dataall.modules.datasets_base.db.models import DatasetProfilingRun, Dataset
-from dataall.modules.datasets.services.dataset_profiling_service import DatasetProfilingService
+from dataall.modules.datasets.db.dataset_profiling_repository import DatasetProfilingRepository
 
 log = logging.getLogger(__name__)
 
@@ -18,7 +18,7 @@ class DatasetProfilingGlueHandler:
     def get_profiling_run(engine, task: models.Task):
         with engine.scoped_session() as session:
             profiling: DatasetProfilingRun = (
-                DatasetProfilingService.get_profiling_run(
+                DatasetProfilingRepository.get_profiling_run(
                     session, profilingRunUri=task.targetUri
                 )
             )
@@ -42,7 +42,7 @@ def get_profiling_run(engine, task: models.Task):
     def start_profiling_run(engine, task: models.Task):
         with engine.scoped_session() as session:
             profiling: DatasetProfilingRun = (
-                DatasetProfilingService.get_profiling_run(
+                DatasetProfilingRepository.get_profiling_run(
                     session, profilingRunUri=task.targetUri
                 )
             )
@@ -61,7 +61,7 @@ def start_profiling_run(engine, task: models.Task):
                     ),
                 }
             )
-            DatasetProfilingService.update_run(
+            DatasetProfilingRepository.update_run(
                 session,
                 profilingRunUri=profiling.profilingRunUri,
                 GlueJobRunId=run['JobRunId'],
diff --git a/backend/dataall/modules/datasets/handlers/glue_table_handler.py b/backend/dataall/modules/datasets/handlers/glue_table_handler.py
index aabff1ae7..7fc938828 100644
--- a/backend/dataall/modules/datasets/handlers/glue_table_handler.py
+++ b/backend/dataall/modules/datasets/handlers/glue_table_handler.py
@@ -5,7 +5,7 @@
 from dataall.db import models
 from dataall.modules.datasets_base.db.models import Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
-from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
+from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
 
 log = logging.getLogger(__name__)
 
@@ -25,5 +25,5 @@ def list_tables(engine, task: models.Task):
             tables = Glue.list_glue_database_tables(
                 account_id, dataset.GlueDatabaseName, region
             )
-            DatasetTableService.sync_existing_tables(session, dataset.datasetUri, glue_tables=tables)
+            DatasetTableRepository.sync_existing_tables(session, dataset.datasetUri, glue_tables=tables)
             return tables
diff --git a/backend/dataall/modules/datasets/handlers/s3_location_handler.py b/backend/dataall/modules/datasets/handlers/s3_location_handler.py
index 14864c191..68ba5f04b 100644
--- a/backend/dataall/modules/datasets/handlers/s3_location_handler.py
+++ b/backend/dataall/modules/datasets/handlers/s3_location_handler.py
@@ -3,7 +3,7 @@
 from dataall.aws.handlers.service_handlers import Worker
 from dataall.db import models
 from dataall.modules.datasets.aws.s3_location_client import S3LocationClient
-from dataall.modules.datasets.services.dataset_location_service import DatasetLocationService
+from dataall.modules.datasets.db.dataset_location_repository import DatasetLocationRepository
 
 log = logging.getLogger(__name__)
 
@@ -15,7 +15,7 @@ class S3DatasetLocationHandler:
     @Worker.handler(path='s3.prefix.create')
     def create_dataset_location(engine, task: models.Task):
         with engine.scoped_session() as session:
-            location = DatasetLocationService.get_location_by_uri(
+            location = DatasetLocationRepository.get_location_by_uri(
                 session, task.targetUri
             )
             S3LocationClient(location).create_bucket_prefix()
diff --git a/backend/dataall/modules/datasets/indexers/dataset_indexer.py b/backend/dataall/modules/datasets/indexers/dataset_indexer.py
index 9f8191343..72915207d 100644
--- a/backend/dataall/modules/datasets/indexers/dataset_indexer.py
+++ b/backend/dataall/modules/datasets/indexers/dataset_indexer.py
@@ -3,7 +3,7 @@
 from dataall import db
 from dataall.db import models
 from dataall.modules.datasets_base.db.models import Dataset
-from dataall.modules.datasets.services.dataset_location_service import DatasetLocationService
+from dataall.modules.datasets.db.dataset_location_repository import DatasetLocationRepository
 from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.searchproxy.base_indexer import BaseIndexer
 
@@ -46,7 +46,7 @@ def upsert(cls, session, dataset_uri: str):
             .first()
         )
         count_tables = DatasetService.count_dataset_tables(session, dataset_uri)
-        count_folders = DatasetLocationService.count_dataset_locations(session, dataset_uri)
+        count_folders = DatasetLocationRepository.count_dataset_locations(session, dataset_uri)
         count_upvotes = db.api.Vote.count_upvotes(
             session, None, None, dataset_uri, {'targetType': 'dataset'}
         )
diff --git a/backend/dataall/modules/datasets/services/dataset_service.py b/backend/dataall/modules/datasets/services/dataset_service.py
index 46d1b9d60..d92c672ca 100644
--- a/backend/dataall/modules/datasets/services/dataset_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_service.py
@@ -22,7 +22,7 @@
 from dataall.modules.dataset_sharing.services.share_object import ShareItemSM
 from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
-from dataall.modules.datasets.services.dataset_location_service import DatasetLocationService
+from dataall.modules.datasets.db.dataset_location_repository import DatasetLocationRepository
 from dataall.modules.datasets.services.permissions import MANAGE_DATASETS, UPDATE_DATASET, DATASET_READ, DATASET_ALL, \
     LIST_ENVIRONMENT_DATASETS, CREATE_DATASET
 from dataall.modules.datasets_base.services.permissions import DATASET_TABLE_READ
@@ -514,7 +514,7 @@ def delete_dataset(
         DatasetService._delete_dataset_shares_with_no_shared_items(session, uri)
         DatasetService._delete_dataset_term_links(session, uri)
         DatasetService._delete_dataset_tables(session, dataset.datasetUri)
-        DatasetLocationService.delete_dataset_locations(session, dataset.datasetUri)
+        DatasetLocationRepository.delete_dataset_locations(session, dataset.datasetUri)
         KeyValueTag.delete_key_value_tags(session, dataset.datasetUri, 'dataset')
         Vote.delete_votes(session, dataset.datasetUri, 'dataset')
         session.delete(dataset)
diff --git a/backend/dataall/modules/datasets/tasks/subscription_service.py b/backend/dataall/modules/datasets/tasks/subscription_service.py
index 1a27ddcf0..e18875ab9 100644
--- a/backend/dataall/modules/datasets/tasks/subscription_service.py
+++ b/backend/dataall/modules/datasets/tasks/subscription_service.py
@@ -13,12 +13,12 @@
 from dataall.db import get_engine
 from dataall.db import models
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
-from dataall.modules.datasets.services.dataset_profiling_service import DatasetProfilingService
+from dataall.modules.datasets.db.dataset_profiling_repository import DatasetProfilingRepository
 from dataall.modules.dataset_sharing.services.share_notification_service import ShareNotificationService
 from dataall.tasks.subscriptions import poll_queues
 from dataall.utils import json_utils
-from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
-from dataall.modules.datasets.services.dataset_location_service import DatasetLocationService
+from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
+from dataall.modules.datasets.db.dataset_location_repository import DatasetLocationRepository
 from dataall.modules.datasets_base.db.models import DatasetStorageLocation, DatasetTable, Dataset
 
 root = logging.getLogger()
@@ -70,7 +70,7 @@ def notify_consumers(engine, messages):
     @staticmethod
     def publish_table_update_message(engine, message):
         with engine.scoped_session() as session:
-            table: DatasetTable = DatasetTableService.get_table_by_s3_prefix(
+            table: DatasetTable = DatasetTableRepository.get_table_by_s3_prefix(
                 session,
                 message.get('prefix'),
                 message.get('accountid'),
@@ -108,7 +108,7 @@ def publish_table_update_message(engine, message):
     @staticmethod
     def publish_location_update_message(session, message):
         location: DatasetStorageLocation = (
-            DatasetLocationService.get_location_by_s3_prefix(
+            DatasetLocationRepository.get_location_by_s3_prefix(
                 session,
                 message.get('prefix'),
                 message.get('accountid'),
@@ -141,14 +141,14 @@ def publish_location_update_message(session, message):
     @staticmethod
     def store_dataquality_results(session, message):
 
-        table: DatasetTable = DatasetTableService.get_table_by_s3_prefix(
+        table: DatasetTable = DatasetTableRepository.get_table_by_s3_prefix(
             session,
             message.get('prefix'),
             message.get('accountid'),
             message.get('region'),
         )
 
-        run = DatasetProfilingService.start_profiling(
+        run = DatasetProfilingRepository.start_profiling(
             session=session,
             datasetUri=table.datasetUri,
             GlueTableName=table.GlueTableName,
diff --git a/backend/dataall/modules/datasets/tasks/tables_syncer.py b/backend/dataall/modules/datasets/tasks/tables_syncer.py
index a9d8bb47a..ab219eb5b 100644
--- a/backend/dataall/modules/datasets/tasks/tables_syncer.py
+++ b/backend/dataall/modules/datasets/tasks/tables_syncer.py
@@ -13,7 +13,7 @@
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
 from dataall.modules.dataset_sharing.services.dataset_alarm_service import DatasetAlarmService
 from dataall.modules.datasets.services.dataset_service import DatasetService
-from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
+from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
 
 root = logging.getLogger()
 root.setLevel(logging.INFO)
@@ -64,7 +64,7 @@ def sync_tables(engine):
                         f'Found {len(tables)} tables on Glue database {dataset.GlueDatabaseName}'
                     )
 
-                    DatasetTableService.sync_existing_tables(
+                    DatasetTableRepository.sync_existing_tables(
                         session, dataset.datasetUri, glue_tables=tables
                     )
 
diff --git a/tests/api/test_dataset_table.py b/tests/api/test_dataset_table.py
index 3e3dc3ab3..042ad880b 100644
--- a/tests/api/test_dataset_table.py
+++ b/tests/api/test_dataset_table.py
@@ -3,7 +3,7 @@
 import pytest
 
 import dataall
-from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
+from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
 from dataall.modules.datasets_base.db.models import DatasetTableColumn, DatasetTable, Dataset
 
 
@@ -287,7 +287,7 @@ def test_sync_tables_and_columns(client, table, dataset1, db):
             },
         ]
 
-        assert DatasetTableService.sync_existing_tables(session, dataset1.datasetUri, glue_tables)
+        assert DatasetTableRepository.sync_existing_tables(session, dataset1.datasetUri, glue_tables)
         new_table: DatasetTable = (
             session.query(DatasetTable)
             .filter(DatasetTable.name == 'new_table')

From 5c67ef4cbcf5d6ddfc21902de73465f03bdb109c Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 8 May 2023 10:54:00 +0200
Subject: [PATCH 133/346] Review remarks

---
 backend/dataall/api/Objects/Vote/resolvers.py |  1 +
 .../group/services/group_resource_manager.py  |  7 ++++---
 backend/dataall/db/api/share_object.py        |  2 +-
 backend/dataall/modules/datasets/__init__.py  |  6 +++---
 .../modules/datasets/api/dataset/resolvers.py |  2 +-
 .../datasets/api/profiling/resolvers.py       |  2 +-
 .../api/storage_location/resolvers.py         |  2 +-
 .../modules/datasets/api/table/resolvers.py   |  2 +-
 .../datasets/api/table_column/resolvers.py    |  2 +-
 .../dataall/modules/datasets/cdk/__init__.py  |  7 ++++---
 ...taset_policy.py => dataset_data_policy.py} |  0
 ...w_policy.py => dataset_databrew_policy.py} |  4 ++--
 ...{glue_policy.py => dataset_glue_policy.py} |  4 ++--
 ...icy.py => dataset_lakeformation_policy.py} |  4 ++--
 .../modules/datasets/db/dataset_repository.py |  7 +++----
 .../services/dataset_group_resource.py        |  8 --------
 .../services/dataset_location_service.py      |  4 ++--
 ...{permissions.py => dataset_permissions.py} |  0
 .../datasets/services/dataset_service.py      |  4 ++--
 .../services/dataset_table_service.py         |  2 +-
 backend/dataall/modules/notebooks/__init__.py |  2 +-
 .../modules/notebooks/api/resolvers.py        |  2 +-
 .../dataall/modules/notebooks/cdk/policies.py |  2 +-
 .../modules/notebooks/services/__init__.py    |  4 ++--
 ...permissions.py => notebook_permissions.py} |  0
 .../{services.py => notebook_service.py}      | 20 +++++++++----------
 ...fc49baecea4_add_enviromental_parameters.py |  4 ++--
 ...215e_backfill_dataset_table_permissions.py |  2 +-
 tests/api/test_environment.py                 |  3 +--
 tests/api/test_tenant.py                      |  2 +-
 tests/db/test_permission.py                   |  2 +-
 .../notebooks/test_sagemaker_notebook.py      |  2 +-
 32 files changed, 54 insertions(+), 61 deletions(-)
 rename backend/dataall/modules/datasets/cdk/{dataset_policy.py => dataset_data_policy.py} (100%)
 rename backend/dataall/modules/datasets/cdk/{databrew_policy.py => dataset_databrew_policy.py} (91%)
 rename backend/dataall/modules/datasets/cdk/{glue_policy.py => dataset_glue_policy.py} (97%)
 rename backend/dataall/modules/datasets/cdk/{lakeformation_policy.py => dataset_lakeformation_policy.py} (91%)
 delete mode 100644 backend/dataall/modules/datasets/services/dataset_group_resource.py
 rename backend/dataall/modules/datasets/services/{permissions.py => dataset_permissions.py} (100%)
 rename backend/dataall/modules/notebooks/services/{permissions.py => notebook_permissions.py} (100%)
 rename backend/dataall/modules/notebooks/services/{services.py => notebook_service.py} (92%)

diff --git a/backend/dataall/api/Objects/Vote/resolvers.py b/backend/dataall/api/Objects/Vote/resolvers.py
index c94d735eb..b9a14e117 100644
--- a/backend/dataall/api/Objects/Vote/resolvers.py
+++ b/backend/dataall/api/Objects/Vote/resolvers.py
@@ -53,4 +53,5 @@ def get_vote(context: Context, source, targetUri: str = None, targetType: str =
         )
 
 
+# TODO should migrate after into the Dashboard module
 add_vote_type("dashboard", DashboardIndexer)
diff --git a/backend/dataall/core/group/services/group_resource_manager.py b/backend/dataall/core/group/services/group_resource_manager.py
index 905770735..01d858495 100644
--- a/backend/dataall/core/group/services/group_resource_manager.py
+++ b/backend/dataall/core/group/services/group_resource_manager.py
@@ -1,9 +1,10 @@
-from typing import Protocol, List
+from abc import ABC
+from typing import List
 
 
-class GroupResource(Protocol):
+class GroupResource(ABC):
     def count_resources(self, session, environment_uri, group_uri) -> int:
-        ...
+        raise NotImplementedError()
 
 
 class GroupResourceManager:
diff --git a/backend/dataall/db/api/share_object.py b/backend/dataall/db/api/share_object.py
index 4917664b9..bcd8b12b9 100644
--- a/backend/dataall/db/api/share_object.py
+++ b/backend/dataall/db/api/share_object.py
@@ -12,7 +12,7 @@
 from ..models.Enums import ShareObjectStatus, ShareItemStatus, ShareObjectActions, ShareItemActions, ShareableType, PrincipalType
 from dataall.modules.datasets.db.models import DatasetStorageLocation, DatasetTable, Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
-from ...modules.datasets.services.permissions import DATASET_TABLE_READ
+from dataall.modules.datasets.services.dataset_permissions import DATASET_TABLE_READ
 
 logger = logging.getLogger(__name__)
 
diff --git a/backend/dataall/modules/datasets/__init__.py b/backend/dataall/modules/datasets/__init__.py
index 08b1dffd1..2ace4145b 100644
--- a/backend/dataall/modules/datasets/__init__.py
+++ b/backend/dataall/modules/datasets/__init__.py
@@ -3,12 +3,12 @@
 from typing import List
 
 from dataall.core.group.services.group_resource_manager import GroupResourceManager
+from dataall.modules.datasets.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets.db.models import DatasetTableColumn, DatasetStorageLocation, DatasetTable, Dataset
 from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
 from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
-from dataall.modules.datasets.services.dataset_group_resource import DatasetGroupResource
-from dataall.modules.datasets.services.permissions import GET_DATASET, UPDATE_DATASET
+from dataall.modules.datasets.services.dataset_permissions import GET_DATASET, UPDATE_DATASET
 from dataall.modules.loader import ModuleInterface, ImportMode
 
 log = logging.getLogger(__name__)
@@ -59,7 +59,7 @@ def __init__(self):
 
         TargetType("dataset", GET_DATASET, UPDATE_DATASET)
 
-        GroupResourceManager.register(DatasetGroupResource())
+        GroupResourceManager.register(DatasetRepository())
 
         log.info("API of datasets has been imported")
 
diff --git a/backend/dataall/modules/datasets/api/dataset/resolvers.py b/backend/dataall/modules/datasets/api/dataset/resolvers.py
index 3cef6e21a..7b25886da 100644
--- a/backend/dataall/modules/datasets/api/dataset/resolvers.py
+++ b/backend/dataall/modules/datasets/api/dataset/resolvers.py
@@ -21,7 +21,7 @@
 from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
-from dataall.modules.datasets.services.permissions import CREDENTIALS_DATASET, SYNC_DATASET, SUMMARY_DATASET, \
+from dataall.modules.datasets.services.dataset_permissions import CREDENTIALS_DATASET, SYNC_DATASET, SUMMARY_DATASET, \
     CRAWL_DATASET, DELETE_DATASET, SUBSCRIPTIONS_DATASET
 
 log = logging.getLogger(__name__)
diff --git a/backend/dataall/modules/datasets/api/profiling/resolvers.py b/backend/dataall/modules/datasets/api/profiling/resolvers.py
index d156eee95..0dab9a579 100644
--- a/backend/dataall/modules/datasets/api/profiling/resolvers.py
+++ b/backend/dataall/modules/datasets/api/profiling/resolvers.py
@@ -10,7 +10,7 @@
 from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
 from dataall.modules.datasets.services.dataset_profiling_service import DatasetProfilingService
 from dataall.modules.datasets.db.models import DatasetProfilingRun
-from dataall.modules.datasets.services.permissions import PROFILE_DATASET_TABLE
+from dataall.modules.datasets.services.dataset_permissions import PROFILE_DATASET_TABLE
 
 log = logging.getLogger(__name__)
 
diff --git a/backend/dataall/modules/datasets/api/storage_location/resolvers.py b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
index 62feb570c..a3b35f5c0 100644
--- a/backend/dataall/modules/datasets/api/storage_location/resolvers.py
+++ b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
@@ -11,7 +11,7 @@
 from dataall.modules.datasets.db.models import DatasetStorageLocation, Dataset
 from dataall.modules.datasets.services.dataset_location_service import DatasetLocationService
 from dataall.modules.datasets.services.dataset_service import DatasetService
-from dataall.modules.datasets.services.permissions import UPDATE_DATASET_FOLDER
+from dataall.modules.datasets.services.dataset_permissions import UPDATE_DATASET_FOLDER
 
 
 def create_storage_location(
diff --git a/backend/dataall/modules/datasets/api/table/resolvers.py b/backend/dataall/modules/datasets/api/table/resolvers.py
index 8e72bb8df..bed3aa32d 100644
--- a/backend/dataall/modules/datasets/api/table/resolvers.py
+++ b/backend/dataall/modules/datasets/api/table/resolvers.py
@@ -13,7 +13,7 @@
 from dataall.db.api import ResourcePolicy, Glossary
 from dataall.modules.datasets.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
-from dataall.modules.datasets.services.permissions import UPDATE_DATASET_TABLE, PREVIEW_DATASET_TABLE
+from dataall.modules.datasets.services.dataset_permissions import UPDATE_DATASET_TABLE, PREVIEW_DATASET_TABLE
 from dataall.utils import json_utils
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
 from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
diff --git a/backend/dataall/modules/datasets/api/table_column/resolvers.py b/backend/dataall/modules/datasets/api/table_column/resolvers.py
index 591459f87..b206ccce3 100644
--- a/backend/dataall/modules/datasets/api/table_column/resolvers.py
+++ b/backend/dataall/modules/datasets/api/table_column/resolvers.py
@@ -7,7 +7,7 @@
 from dataall.db.api import ResourcePolicy
 from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
 from dataall.modules.datasets.db.models import DatasetTableColumn, DatasetTable
-from dataall.modules.datasets.services.permissions import UPDATE_DATASET_TABLE
+from dataall.modules.datasets.services.dataset_permissions import UPDATE_DATASET_TABLE
 
 
 def list_table_columns(
diff --git a/backend/dataall/modules/datasets/cdk/__init__.py b/backend/dataall/modules/datasets/cdk/__init__.py
index eaa9ad99f..613a75e04 100644
--- a/backend/dataall/modules/datasets/cdk/__init__.py
+++ b/backend/dataall/modules/datasets/cdk/__init__.py
@@ -1,4 +1,5 @@
-from dataall.modules.datasets.cdk import dataset_stack, databrew_policy, glue_policy, lakeformation_policy, \
-    dataset_policy
+from dataall.modules.datasets.cdk import dataset_stack, dataset_databrew_policy, dataset_glue_policy, \
+    dataset_lakeformation_policy, dataset_data_policy
 
-__all__ = ["dataset_stack", "databrew_policy", "glue_policy", "lakeformation_policy", "dataset_policy"]
+__all__ = ["dataset_stack", "dataset_databrew_policy", "dataset_glue_policy", "dataset_lakeformation_policy",
+           "dataset_data_policy"]
diff --git a/backend/dataall/modules/datasets/cdk/dataset_policy.py b/backend/dataall/modules/datasets/cdk/dataset_data_policy.py
similarity index 100%
rename from backend/dataall/modules/datasets/cdk/dataset_policy.py
rename to backend/dataall/modules/datasets/cdk/dataset_data_policy.py
diff --git a/backend/dataall/modules/datasets/cdk/databrew_policy.py b/backend/dataall/modules/datasets/cdk/dataset_databrew_policy.py
similarity index 91%
rename from backend/dataall/modules/datasets/cdk/databrew_policy.py
rename to backend/dataall/modules/datasets/cdk/dataset_databrew_policy.py
index ed2ef0b32..896a1069a 100644
--- a/backend/dataall/modules/datasets/cdk/databrew_policy.py
+++ b/backend/dataall/modules/datasets/cdk/dataset_databrew_policy.py
@@ -1,10 +1,10 @@
 from dataall.cdkproxy.stacks.policies.service_policy import ServicePolicy
 from aws_cdk import aws_iam as iam
 
-from dataall.modules.datasets.services.permissions import CREATE_DATASET
+from dataall.modules.datasets.services.dataset_permissions import CREATE_DATASET
 
 
-class DatabrewPolicy(ServicePolicy):
+class DatasetDatabrewServicePolicy(ServicePolicy):
     def get_statements(self, group_permissions, **kwargs):
         if CREATE_DATASET not in group_permissions:
             return []
diff --git a/backend/dataall/modules/datasets/cdk/glue_policy.py b/backend/dataall/modules/datasets/cdk/dataset_glue_policy.py
similarity index 97%
rename from backend/dataall/modules/datasets/cdk/glue_policy.py
rename to backend/dataall/modules/datasets/cdk/dataset_glue_policy.py
index a98b215bd..de9783448 100644
--- a/backend/dataall/modules/datasets/cdk/glue_policy.py
+++ b/backend/dataall/modules/datasets/cdk/dataset_glue_policy.py
@@ -1,10 +1,10 @@
 from dataall.cdkproxy.stacks.policies.service_policy import ServicePolicy
 from aws_cdk import aws_iam as iam
 
-from dataall.modules.datasets.services.permissions import CREATE_DATASET
+from dataall.modules.datasets.services.dataset_permissions import CREATE_DATASET
 
 
-class GluePolicy(ServicePolicy):
+class DatasetGlueServicePolicy(ServicePolicy):
     def get_statements(self, group_permissions, **kwargs):
         if CREATE_DATASET not in group_permissions:
             return []
diff --git a/backend/dataall/modules/datasets/cdk/lakeformation_policy.py b/backend/dataall/modules/datasets/cdk/dataset_lakeformation_policy.py
similarity index 91%
rename from backend/dataall/modules/datasets/cdk/lakeformation_policy.py
rename to backend/dataall/modules/datasets/cdk/dataset_lakeformation_policy.py
index bbeef17dc..ab4113e5c 100644
--- a/backend/dataall/modules/datasets/cdk/lakeformation_policy.py
+++ b/backend/dataall/modules/datasets/cdk/dataset_lakeformation_policy.py
@@ -1,10 +1,10 @@
 from aws_cdk import aws_iam as iam
 
 from dataall.cdkproxy.stacks.policies.service_policy import ServicePolicy
-from dataall.modules.datasets.services.permissions import CREATE_DATASET
+from dataall.modules.datasets.services.dataset_permissions import CREATE_DATASET
 
 
-class LakeFormationPolicy(ServicePolicy):
+class DatasetLakeFormationServicePolicy(ServicePolicy):
     def get_statements(self, group_permissions, **kwargs):
         if CREATE_DATASET not in group_permissions:
             return []
diff --git a/backend/dataall/modules/datasets/db/dataset_repository.py b/backend/dataall/modules/datasets/db/dataset_repository.py
index 95aef6102..8159147cc 100644
--- a/backend/dataall/modules/datasets/db/dataset_repository.py
+++ b/backend/dataall/modules/datasets/db/dataset_repository.py
@@ -1,10 +1,11 @@
 from operator import and_
 
+from dataall.core.group.services.group_resource_manager import GroupResource
 from dataall.db import exceptions
 from dataall.modules.datasets.db.models import Dataset
 
 
-class DatasetRepository:
+class DatasetRepository(GroupResource):
     """DAO layer for Datasets"""
 
     @staticmethod
@@ -14,8 +15,7 @@ def get_dataset_by_uri(session, dataset_uri) -> Dataset:
             raise exceptions.ObjectNotFound('Dataset', dataset_uri)
         return dataset
 
-    @staticmethod
-    def count_group_datasets(session, environment_uri, group_uri) -> int:
+    def count_resources(self, session, environment_uri, group_uri) -> int:
         return (
             session.query(Dataset)
             .filter(
@@ -25,4 +25,3 @@ def count_group_datasets(session, environment_uri, group_uri) -> int:
                 ))
             .count()
         )
-
diff --git a/backend/dataall/modules/datasets/services/dataset_group_resource.py b/backend/dataall/modules/datasets/services/dataset_group_resource.py
deleted file mode 100644
index 8d58ac3ad..000000000
--- a/backend/dataall/modules/datasets/services/dataset_group_resource.py
+++ /dev/null
@@ -1,8 +0,0 @@
-from dataall.core.group.services.group_resource_manager import GroupResource, GroupResourceManager
-from dataall.modules.datasets.db.dataset_repository import DatasetRepository
-
-
-class DatasetGroupResource(GroupResource):
-    def count_resources(self, session, environment_uri, group_uri) -> int:
-        return DatasetRepository.count_group_datasets(session, environment_uri, group_uri)
-
diff --git a/backend/dataall/modules/datasets/services/dataset_location_service.py b/backend/dataall/modules/datasets/services/dataset_location_service.py
index 240c52f0e..27ec62c9a 100644
--- a/backend/dataall/modules/datasets/services/dataset_location_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_location_service.py
@@ -8,8 +8,8 @@
 from dataall.db import models, api, paginate, exceptions
 from dataall.modules.datasets.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets.db.models import DatasetStorageLocation
-from dataall.modules.datasets.services.permissions import MANAGE_DATASETS, LIST_DATASET_FOLDERS, CREATE_DATASET_FOLDER, \
-    DELETE_DATASET_FOLDER, UPDATE_DATASET_FOLDER
+from dataall.modules.datasets.services.dataset_permissions import MANAGE_DATASETS, LIST_DATASET_FOLDERS, \
+    CREATE_DATASET_FOLDER, DELETE_DATASET_FOLDER, UPDATE_DATASET_FOLDER
 
 logger = logging.getLogger(__name__)
 
diff --git a/backend/dataall/modules/datasets/services/permissions.py b/backend/dataall/modules/datasets/services/dataset_permissions.py
similarity index 100%
rename from backend/dataall/modules/datasets/services/permissions.py
rename to backend/dataall/modules/datasets/services/dataset_permissions.py
diff --git a/backend/dataall/modules/datasets/services/dataset_service.py b/backend/dataall/modules/datasets/services/dataset_service.py
index 388a14746..2c7835327 100644
--- a/backend/dataall/modules/datasets/services/dataset_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_service.py
@@ -21,8 +21,8 @@
 from dataall.modules.datasets.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.services.dataset_location_service import DatasetLocationService
-from dataall.modules.datasets.services.permissions import MANAGE_DATASETS, UPDATE_DATASET, DATASET_READ, DATASET_ALL, \
-    DATASET_TABLE_READ, LIST_ENVIRONMENT_DATASETS, CREATE_DATASET
+from dataall.modules.datasets.services.dataset_permissions import MANAGE_DATASETS, UPDATE_DATASET, DATASET_READ, \
+    DATASET_ALL, DATASET_TABLE_READ, LIST_ENVIRONMENT_DATASETS, CREATE_DATASET
 from dataall.utils.naming_convention import (
     NamingConventionService,
     NamingConventionPattern,
diff --git a/backend/dataall/modules/datasets/services/dataset_table_service.py b/backend/dataall/modules/datasets/services/dataset_table_service.py
index ddfde9c5b..28c9a3b88 100644
--- a/backend/dataall/modules/datasets/services/dataset_table_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_table_service.py
@@ -6,7 +6,7 @@
 from dataall.core.permission_checker import has_tenant_permission, has_resource_permission
 from dataall.db import models, api, exceptions, paginate
 from dataall.db.api import Glossary, ResourcePolicy, Environment
-from dataall.modules.datasets.services.permissions import MANAGE_DATASETS, CREATE_DATASET_TABLE, DELETE_DATASET_TABLE, \
+from dataall.modules.datasets.services.dataset_permissions import MANAGE_DATASETS, CREATE_DATASET_TABLE, DELETE_DATASET_TABLE, \
     UPDATE_DATASET_TABLE, DATASET_TABLE_READ
 from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.utils import json_utils
diff --git a/backend/dataall/modules/notebooks/__init__.py b/backend/dataall/modules/notebooks/__init__.py
index b63e0fa51..f2db29d86 100644
--- a/backend/dataall/modules/notebooks/__init__.py
+++ b/backend/dataall/modules/notebooks/__init__.py
@@ -18,7 +18,7 @@ def is_supported(cls, modes):
     def __init__(self):
         import dataall.modules.notebooks.api
 
-        from dataall.modules.notebooks.services.permissions import GET_NOTEBOOK, UPDATE_NOTEBOOK
+        from dataall.modules.notebooks.services.notebook_permissions import GET_NOTEBOOK, UPDATE_NOTEBOOK
         TargetType("notebook", GET_NOTEBOOK, UPDATE_NOTEBOOK)
 
         log.info("API of sagemaker notebooks has been imported")
diff --git a/backend/dataall/modules/notebooks/api/resolvers.py b/backend/dataall/modules/notebooks/api/resolvers.py
index 3c0d70c67..04218bf4a 100644
--- a/backend/dataall/modules/notebooks/api/resolvers.py
+++ b/backend/dataall/modules/notebooks/api/resolvers.py
@@ -3,7 +3,7 @@
 from dataall.api.context import Context
 from dataall.db import exceptions
 from dataall.api.Objects.Stack import stack_helper
-from dataall.modules.notebooks.services.services import NotebookService, NotebookCreationRequest
+from dataall.modules.notebooks.services.notebook_service import NotebookService, NotebookCreationRequest
 from dataall.modules.notebooks.db.models import SagemakerNotebook
 
 
diff --git a/backend/dataall/modules/notebooks/cdk/policies.py b/backend/dataall/modules/notebooks/cdk/policies.py
index c6e77f9b6..b462b6a0c 100644
--- a/backend/dataall/modules/notebooks/cdk/policies.py
+++ b/backend/dataall/modules/notebooks/cdk/policies.py
@@ -1,6 +1,6 @@
 from dataall.cdkproxy.stacks.policies.service_policy import ServicePolicy
 
-from dataall.modules.notebooks.services.permissions import CREATE_NOTEBOOK
+from dataall.modules.notebooks.services.notebook_permissions import CREATE_NOTEBOOK
 from dataall.modules.common.sagemaker.cdk.statements import create_sagemaker_statements
 
 
diff --git a/backend/dataall/modules/notebooks/services/__init__.py b/backend/dataall/modules/notebooks/services/__init__.py
index a5df50095..5f13a14f1 100644
--- a/backend/dataall/modules/notebooks/services/__init__.py
+++ b/backend/dataall/modules/notebooks/services/__init__.py
@@ -2,6 +2,6 @@
 Contains the code needed for service layer.
 The service layer is a layer where all business logic is aggregated
 """
-from dataall.modules.notebooks.services import services, permissions
+from dataall.modules.notebooks.services import notebook_service, notebook_permissions
 
-__all__ = ["services", "permissions"]
+__all__ = ["notebook_service", "notebook_permissions"]
diff --git a/backend/dataall/modules/notebooks/services/permissions.py b/backend/dataall/modules/notebooks/services/notebook_permissions.py
similarity index 100%
rename from backend/dataall/modules/notebooks/services/permissions.py
rename to backend/dataall/modules/notebooks/services/notebook_permissions.py
diff --git a/backend/dataall/modules/notebooks/services/services.py b/backend/dataall/modules/notebooks/services/notebook_service.py
similarity index 92%
rename from backend/dataall/modules/notebooks/services/services.py
rename to backend/dataall/modules/notebooks/services/notebook_service.py
index c2b9b9b27..041f2d044 100644
--- a/backend/dataall/modules/notebooks/services/services.py
+++ b/backend/dataall/modules/notebooks/services/notebook_service.py
@@ -24,8 +24,8 @@
 )
 from dataall.utils.slugify import slugify
 from dataall.modules.notebooks.db.models import SagemakerNotebook
-from dataall.modules.notebooks.services import permissions
-from dataall.modules.notebooks.services.permissions import MANAGE_NOTEBOOKS, CREATE_NOTEBOOK
+from dataall.modules.notebooks.services.notebook_permissions import MANAGE_NOTEBOOKS, CREATE_NOTEBOOK, NOTEBOOK_ALL, \
+    GET_NOTEBOOK, UPDATE_NOTEBOOK, DELETE_NOTEBOOK
 from dataall.core.permission_checker import has_resource_permission, has_tenant_permission, has_group_permission
 
 logger = logging.getLogger(__name__)
@@ -119,7 +119,7 @@ def create_notebook(*, uri: str, admin_group: str, request: NotebookCreationRequ
             ResourcePolicy.attach_resource_policy(
                 session=session,
                 group=request.SamlAdminGroupName,
-                permissions=permissions.NOTEBOOK_ALL,
+                permissions=NOTEBOOK_ALL,
                 resource_uri=notebook.notebookUri,
                 resource_type=SagemakerNotebook.__name__,
             )
@@ -128,7 +128,7 @@ def create_notebook(*, uri: str, admin_group: str, request: NotebookCreationRequ
                 ResourcePolicy.attach_resource_policy(
                     session=session,
                     group=env.SamlGroupName,
-                    permissions=permissions.NOTEBOOK_ALL,
+                    permissions=NOTEBOOK_ALL,
                     resource_uri=notebook.notebookUri,
                     resource_type=SagemakerNotebook.__name__,
                 )
@@ -156,42 +156,42 @@ def list_user_notebooks(filter) -> dict:
             )
 
     @staticmethod
-    @has_resource_permission(permissions.GET_NOTEBOOK)
+    @has_resource_permission(GET_NOTEBOOK)
     def get_notebook(*, uri) -> SagemakerNotebook:
         """Gets a notebook by uri"""
         with _session() as session:
             return NotebookService._get_notebook(session, uri)
 
     @staticmethod
-    @has_resource_permission(permissions.UPDATE_NOTEBOOK)
+    @has_resource_permission(UPDATE_NOTEBOOK)
     def start_notebook(*, uri):
         """Starts notebooks instance"""
         notebook = NotebookService.get_notebook(uri=uri)
         client(notebook).start_instance()
 
     @staticmethod
-    @has_resource_permission(permissions.UPDATE_NOTEBOOK)
+    @has_resource_permission(UPDATE_NOTEBOOK)
     def stop_notebook(*, uri: str) -> None:
         """Stop notebook instance"""
         notebook = NotebookService.get_notebook(uri=uri)
         client(notebook).stop_instance()
 
     @staticmethod
-    @has_resource_permission(permissions.GET_NOTEBOOK)
+    @has_resource_permission(GET_NOTEBOOK)
     def get_notebook_presigned_url(*, uri: str) -> str:
         """Creates and returns a presigned url for a notebook"""
         notebook = NotebookService.get_notebook(uri=uri)
         return client(notebook).presigned_url()
 
     @staticmethod
-    @has_resource_permission(permissions.GET_NOTEBOOK)
+    @has_resource_permission(GET_NOTEBOOK)
     def get_notebook_status(*, uri) -> str:
         """Retrieves notebook status"""
         notebook = NotebookService.get_notebook(uri=uri)
         return client(notebook).get_notebook_instance_status()
 
     @staticmethod
-    @has_resource_permission(permissions.DELETE_NOTEBOOK)
+    @has_resource_permission(DELETE_NOTEBOOK)
     def delete_notebook(*, uri: str, delete_from_aws: bool):
         """Deletes notebook from the database and if delete_from_aws is True from AWS as well"""
         with _session() as session:
diff --git a/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py b/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py
index 349361b98..628ae38ab 100644
--- a/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py
+++ b/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py
@@ -15,8 +15,8 @@
 from dataall.db.api.permission import Permission
 from dataall.db.models import TenantPolicy, TenantPolicyPermission, PermissionType, EnvironmentGroup
 from dataall.db.permissions import MANAGE_SGMSTUDIO_NOTEBOOKS
-from dataall.modules.datasets.services.permissions import LIST_ENVIRONMENT_DATASETS, CREATE_DATASET
-from dataall.modules.notebooks.services.permissions import MANAGE_NOTEBOOKS, LIST_ENVIRONMENT_NOTEBOOKS, CREATE_NOTEBOOK
+from dataall.modules.datasets.services.dataset_permissions import LIST_ENVIRONMENT_DATASETS, CREATE_DATASET
+from dataall.modules.notebooks.services.notebook_permissions import MANAGE_NOTEBOOKS, LIST_ENVIRONMENT_NOTEBOOKS, CREATE_NOTEBOOK
 
 # revision identifiers, used by Alembic.
 revision = "5fc49baecea4"
diff --git a/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py b/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py
index 4447d1429..c87301d9d 100644
--- a/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py
+++ b/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py
@@ -14,7 +14,7 @@
 from datetime import datetime
 from dataall.db.models.Enums import ShareObjectStatus, ShareableType
 from dataall.modules.datasets.services.dataset_service import DatasetService
-from dataall.modules.datasets.services.permissions import DATASET_TABLE_READ
+from dataall.modules.datasets.services.dataset_permissions import DATASET_TABLE_READ
 
 # revision identifiers, used by Alembic.
 revision = 'd05f9a5b215e'
diff --git a/tests/api/test_environment.py b/tests/api/test_environment.py
index a29cd1cae..88fe7e48e 100644
--- a/tests/api/test_environment.py
+++ b/tests/api/test_environment.py
@@ -1,9 +1,8 @@
 import pytest
 
 import dataall
-from dataall.db import permissions
 from dataall.modules.datasets.db.models import Dataset
-from dataall.modules.datasets.services.permissions import CREATE_DATASET
+from dataall.modules.datasets.services.dataset_permissions import CREATE_DATASET
 
 
 @pytest.fixture(scope='module', autouse=True)
diff --git a/tests/api/test_tenant.py b/tests/api/test_tenant.py
index 8554c8de9..443110b8a 100644
--- a/tests/api/test_tenant.py
+++ b/tests/api/test_tenant.py
@@ -1,5 +1,5 @@
 from dataall.db import permissions
-from dataall.modules.datasets.services.permissions import MANAGE_DATASETS
+from dataall.modules.datasets.services.dataset_permissions import MANAGE_DATASETS
 
 
 def test_list_tenant_permissions(client, user, group, tenant):
diff --git a/tests/db/test_permission.py b/tests/db/test_permission.py
index 28524a77a..f1e55c6b0 100644
--- a/tests/db/test_permission.py
+++ b/tests/db/test_permission.py
@@ -6,7 +6,7 @@
 from dataall.db.models.Permission import PermissionType
 from dataall.modules.datasets.db.models import Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
-from dataall.modules.datasets.services.permissions import MANAGE_DATASETS, UPDATE_DATASET, DATASET_READ, DATASET_WRITE, \
+from dataall.modules.datasets.services.dataset_permissions import MANAGE_DATASETS, UPDATE_DATASET, DATASET_READ, DATASET_WRITE, \
     DATASET_TABLE_READ
 
 
diff --git a/tests/modules/notebooks/test_sagemaker_notebook.py b/tests/modules/notebooks/test_sagemaker_notebook.py
index 8b2aa9792..ab47815fe 100644
--- a/tests/modules/notebooks/test_sagemaker_notebook.py
+++ b/tests/modules/notebooks/test_sagemaker_notebook.py
@@ -41,7 +41,7 @@ def test_sgm_notebook(sgm_notebook, group):
 @pytest.fixture(scope='module', autouse=True)
 def patch_aws(module_mocker):
     module_mocker.patch(
-        "dataall.modules.notebooks.services.services.client",
+        "dataall.modules.notebooks.services.notebook_service.client",
         return_value=MockSagemakerClient(),
     )
 

From 57f1e1f4811c550847b5ad045a89ae8ed8c9cd40 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 8 May 2023 11:48:17 +0200
Subject: [PATCH 134/346] Review remarks

---
 ...ervice.py => dataset_subscription_task.py} | 22 +++++++++----------
 deploy/stacks/container.py                    |  2 +-
 tests/tasks/test_subscriptions.py             |  4 ++--
 3 files changed, 14 insertions(+), 14 deletions(-)
 rename backend/dataall/modules/datasets/tasks/{subscription_service.py => dataset_subscription_task.py} (93%)

diff --git a/backend/dataall/modules/datasets/tasks/subscription_service.py b/backend/dataall/modules/datasets/tasks/dataset_subscription_task.py
similarity index 93%
rename from backend/dataall/modules/datasets/tasks/subscription_service.py
rename to backend/dataall/modules/datasets/tasks/dataset_subscription_task.py
index a261fad8a..dee3ee6b7 100644
--- a/backend/dataall/modules/datasets/tasks/subscription_service.py
+++ b/backend/dataall/modules/datasets/tasks/dataset_subscription_task.py
@@ -27,7 +27,7 @@
 log = logging.getLogger(__name__)
 
 
-class SubscriptionService:
+class DatasetSubscriptionService:
     def __init__(self):
         pass
 
@@ -60,9 +60,9 @@ def notify_consumers(engine, messages):
 
             for message in messages:
 
-                SubscriptionService.publish_table_update_message(engine, message)
+                DatasetSubscriptionService.publish_table_update_message(engine, message)
 
-                SubscriptionService.publish_location_update_message(session, message)
+                DatasetSubscriptionService.publish_location_update_message(session, message)
 
         return True
 
@@ -95,7 +95,7 @@ def publish_table_update_message(engine, message):
                 )
                 log.info(f'Found shared items for table {share_items}')
 
-                return SubscriptionService.publish_sns_message(
+                return DatasetSubscriptionService.publish_sns_message(
                     engine,
                     message,
                     dataset,
@@ -133,7 +133,7 @@ def publish_location_update_message(session, message):
             )
             log.info(f'Found shared items for location {share_items}')
 
-            return SubscriptionService.publish_sns_message(
+            return DatasetSubscriptionService.publish_sns_message(
                 session, message, dataset, share_items, location.S3Prefix
             )
 
@@ -164,9 +164,9 @@ def store_dataquality_results(session, message):
         if message.get('rows'):
             quality_results['table_nb_rows'] = message.get('rows')
 
-        SubscriptionService.set_columns_type(quality_results, message)
+        DatasetSubscriptionService.set_columns_type(quality_results, message)
 
-        data_types = SubscriptionService.set_data_types(message)
+        data_types = DatasetSubscriptionService.set_data_types(message)
 
         quality_results['dataTypes'] = data_types
 
@@ -213,7 +213,7 @@ def publish_sns_message(
         with engine.scoped_session() as session:
             for item in share_items:
 
-                share_object = SubscriptionService.get_approved_share_object(
+                share_object = DatasetSubscriptionService.get_approved_share_object(
                     session, item
                 )
 
@@ -245,7 +245,7 @@ def publish_sns_message(
                                 f'Producer message before notifications: {message}'
                             )
 
-                            SubscriptionService.redshift_copy(
+                            DatasetSubscriptionService.redshift_copy(
                                 engine, message, dataset, environment, table
                             )
 
@@ -256,7 +256,7 @@ def publish_sns_message(
                                 f'has updated the table shared with you {prefix}',
                             }
 
-                            response = SubscriptionService.sns_call(
+                            response = DatasetSubscriptionService.sns_call(
                                 message, environment
                             )
 
@@ -334,7 +334,7 @@ def get_approved_share_object(session, item):
     ENGINE = get_engine(envname=ENVNAME)
     Worker.queue = SqsQueue.send
     log.info('Polling datasets updates...')
-    service = SubscriptionService()
+    service = DatasetSubscriptionService()
     queues = service.get_queues(service.get_environments(ENGINE))
     messages = poll_queues(queues)
     service.notify_consumers(ENGINE, messages)
diff --git a/deploy/stacks/container.py b/deploy/stacks/container.py
index ed5b929f8..94d79906d 100644
--- a/deploy/stacks/container.py
+++ b/deploy/stacks/container.py
@@ -182,7 +182,7 @@ def __init__(
             command=[
                 'python3.8',
                 '-m',
-                'dataall.modules.datasets.tasks.subscription_service',
+                'dataall.modules.datasets.tasks.dataset_subscription_task',
             ],
             container_id=f'container',
             ecr_repository=ecr_repository,
diff --git a/tests/tasks/test_subscriptions.py b/tests/tasks/test_subscriptions.py
index 11c255db2..f02a218bb 100644
--- a/tests/tasks/test_subscriptions.py
+++ b/tests/tasks/test_subscriptions.py
@@ -135,10 +135,10 @@ def share(
 
 def test_subscriptions(org, env, otherenv, db, dataset, share, mocker):
     mocker.patch(
-        'dataall.modules.datasets.tasks.subscription_service.SubscriptionService.sns_call',
+        'dataall.modules.datasets.tasks.dataset_subscription_task.DatasetSubscriptionService.sns_call',
         return_value=True,
     )
-    subscriber = dataall.modules.datasets.tasks.subscription_service.SubscriptionService()
+    subscriber = dataall.modules.datasets.tasks.dataset_subscription_task.DatasetSubscriptionService()
     messages = [
         {
             'prefix': 's3://dataset/testtable/csv/',

From 66510d68be5596739916cd80d2208b8a069f0bb8 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 8 May 2023 12:45:56 +0200
Subject: [PATCH 135/346] Removed common and added sagemaker base

---
 backend/dataall/cdkproxy/stacks/policies/mlstudio.py   |  2 +-
 backend/dataall/modules/common/__init__.py             |  1 -
 backend/dataall/modules/common/sagemaker/__init__.py   |  1 -
 .../dataall/modules/common/sagemaker/cdk/__init__.py   |  1 -
 backend/dataall/modules/notebooks/__init__.py          |  8 +++++++-
 backend/dataall/modules/notebooks/cdk/policies.py      |  2 +-
 backend/dataall/modules/sagemaker_base/__init__.py     | 10 ++++++++++
 backend/dataall/modules/sagemaker_base/cdk/__init__.py |  0
 .../sagemaker => sagemaker_base}/cdk/statements.py     |  0
 9 files changed, 19 insertions(+), 6 deletions(-)
 delete mode 100644 backend/dataall/modules/common/__init__.py
 delete mode 100644 backend/dataall/modules/common/sagemaker/__init__.py
 delete mode 100644 backend/dataall/modules/common/sagemaker/cdk/__init__.py
 create mode 100644 backend/dataall/modules/sagemaker_base/__init__.py
 create mode 100644 backend/dataall/modules/sagemaker_base/cdk/__init__.py
 rename backend/dataall/modules/{common/sagemaker => sagemaker_base}/cdk/statements.py (100%)

diff --git a/backend/dataall/cdkproxy/stacks/policies/mlstudio.py b/backend/dataall/cdkproxy/stacks/policies/mlstudio.py
index 05b44c903..b416de5c7 100644
--- a/backend/dataall/cdkproxy/stacks/policies/mlstudio.py
+++ b/backend/dataall/cdkproxy/stacks/policies/mlstudio.py
@@ -1,7 +1,7 @@
 from dataall.cdkproxy.stacks.policies.service_policy import ServicePolicy
 
 from dataall.db import permissions
-from dataall.modules.common.sagemaker.cdk.statements import create_sagemaker_statements
+from dataall.modules.sagemaker_base.cdk.statements import create_sagemaker_statements
 
 
 class SagemakerPolicy(ServicePolicy):
diff --git a/backend/dataall/modules/common/__init__.py b/backend/dataall/modules/common/__init__.py
deleted file mode 100644
index 984cce4a8..000000000
--- a/backend/dataall/modules/common/__init__.py
+++ /dev/null
@@ -1 +0,0 @@
-"""Contains the common code that can be shared among modules"""
diff --git a/backend/dataall/modules/common/sagemaker/__init__.py b/backend/dataall/modules/common/sagemaker/__init__.py
deleted file mode 100644
index 959747d5d..000000000
--- a/backend/dataall/modules/common/sagemaker/__init__.py
+++ /dev/null
@@ -1 +0,0 @@
-"""Common code for machine learning studio and notebooks"""
diff --git a/backend/dataall/modules/common/sagemaker/cdk/__init__.py b/backend/dataall/modules/common/sagemaker/cdk/__init__.py
deleted file mode 100644
index e2e75f02a..000000000
--- a/backend/dataall/modules/common/sagemaker/cdk/__init__.py
+++ /dev/null
@@ -1 +0,0 @@
-# Contains infrastructure code shared between ML studio and notebooks
diff --git a/backend/dataall/modules/notebooks/__init__.py b/backend/dataall/modules/notebooks/__init__.py
index cf53b455f..0241bd2be 100644
--- a/backend/dataall/modules/notebooks/__init__.py
+++ b/backend/dataall/modules/notebooks/__init__.py
@@ -1,9 +1,11 @@
 """Contains the code related to SageMaker notebooks"""
 import logging
+from typing import List, Type
 
 from dataall.db.api import TargetType
 from dataall.modules.loader import ImportMode, ModuleInterface
 from dataall.modules.notebooks.db.repositories import NotebookRepository
+from dataall.modules.sagemaker_base import SagemakerCdkModuleInterface
 
 log = logging.getLogger(__name__)
 
@@ -31,6 +33,10 @@ class NotebookCdkModuleInterface(ModuleInterface):
     def is_supported(modes):
         return ImportMode.CDK in modes
 
+    @staticmethod
+    def depends_on() -> List[Type['ModuleInterface']]:
+        return [SagemakerCdkModuleInterface]
+
     def __init__(self):
         import dataall.modules.notebooks.cdk
-        log.info("API of sagemaker notebooks has been imported")
\ No newline at end of file
+        log.info("API of sagemaker notebooks has been imported")
diff --git a/backend/dataall/modules/notebooks/cdk/policies.py b/backend/dataall/modules/notebooks/cdk/policies.py
index b462b6a0c..fffb3aa6c 100644
--- a/backend/dataall/modules/notebooks/cdk/policies.py
+++ b/backend/dataall/modules/notebooks/cdk/policies.py
@@ -1,7 +1,7 @@
 from dataall.cdkproxy.stacks.policies.service_policy import ServicePolicy
 
 from dataall.modules.notebooks.services.notebook_permissions import CREATE_NOTEBOOK
-from dataall.modules.common.sagemaker.cdk.statements import create_sagemaker_statements
+from dataall.modules.sagemaker_base.cdk.statements import create_sagemaker_statements
 
 
 class SagemakerPolicy(ServicePolicy):
diff --git a/backend/dataall/modules/sagemaker_base/__init__.py b/backend/dataall/modules/sagemaker_base/__init__.py
new file mode 100644
index 000000000..20589ebf0
--- /dev/null
+++ b/backend/dataall/modules/sagemaker_base/__init__.py
@@ -0,0 +1,10 @@
+"""Common code for machine learning studio and notebooks"""
+from typing import List
+
+from dataall.modules.loader import ModuleInterface, ImportMode
+
+
+class SagemakerCdkModuleInterface(ModuleInterface):
+    @staticmethod
+    def is_supported(modes: List[ImportMode]) -> bool:
+        return ImportMode.CDK in modes
diff --git a/backend/dataall/modules/sagemaker_base/cdk/__init__.py b/backend/dataall/modules/sagemaker_base/cdk/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/backend/dataall/modules/common/sagemaker/cdk/statements.py b/backend/dataall/modules/sagemaker_base/cdk/statements.py
similarity index 100%
rename from backend/dataall/modules/common/sagemaker/cdk/statements.py
rename to backend/dataall/modules/sagemaker_base/cdk/statements.py

From a1af334e30667a336d7ce2809b5449602786ca09 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 8 May 2023 13:07:43 +0200
Subject: [PATCH 136/346] Resolved merge conflict

---
 backend/dataall/modules/datasets/__init__.py | 2 +-
 tests/tasks/test_subscriptions.py            | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/backend/dataall/modules/datasets/__init__.py b/backend/dataall/modules/datasets/__init__.py
index e6ec2361a..0fee22f94 100644
--- a/backend/dataall/modules/datasets/__init__.py
+++ b/backend/dataall/modules/datasets/__init__.py
@@ -4,7 +4,7 @@
 
 from dataall.modules.dataset_sharing import SharingApiModuleInterface
 from dataall.core.group.services.group_resource_manager import GroupResourceManager
-from dataall.modules.datasets.db.dataset_repository import DatasetRepository
+from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base import DatasetBaseModuleInterface
 from dataall.modules.datasets_base.db.models import DatasetTableColumn, DatasetStorageLocation, DatasetTable, Dataset
 from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
diff --git a/tests/tasks/test_subscriptions.py b/tests/tasks/test_subscriptions.py
index eb1bd92d7..3e29f8182 100644
--- a/tests/tasks/test_subscriptions.py
+++ b/tests/tasks/test_subscriptions.py
@@ -141,7 +141,7 @@ def test_subscriptions(org, env, otherenv, db, dataset, share, mocker):
         'dataall.modules.datasets.tasks.dataset_subscription_task.DatasetSubscriptionService.sns_call',
         return_value=True,
     )
-    subscriber = SubscriptionService()
+    subscriber = DatasetSubscriptionService()
     messages = [
         {
             'prefix': 's3://dataset/testtable/csv/',

From 44c653d8c12a1158a700f2cdb0ae13691f3b4bdd Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 8 May 2023 14:18:09 +0200
Subject: [PATCH 137/346] Moved dataset service to repository for now

---
 backend/dataall/aws/handlers/redshift.py                     | 2 +-
 backend/dataall/db/api/redshift_cluster.py                   | 2 +-
 backend/dataall/modules/datasets/api/dataset/resolvers.py    | 2 +-
 backend/dataall/modules/datasets/api/profiling/resolvers.py  | 2 +-
 .../modules/datasets/api/storage_location/resolvers.py       | 2 +-
 backend/dataall/modules/datasets/api/table/resolvers.py      | 2 +-
 backend/dataall/modules/datasets/cdk/dataset_data_policy.py  | 2 +-
 .../modules/datasets/{services => db}/dataset_service.py     | 0
 .../dataall/modules/datasets/db/dataset_table_repository.py  | 2 +-
 .../modules/datasets/handlers/glue_dataset_handler.py        | 2 +-
 .../dataall/modules/datasets/handlers/glue_table_handler.py  | 2 +-
 .../dataall/modules/datasets/handlers/sns_dataset_handler.py | 2 +-
 backend/dataall/modules/datasets/indexers/dataset_indexer.py | 2 +-
 backend/dataall/modules/datasets/tasks/tables_syncer.py      | 2 +-
 backend/dataall/tasks/catalog_indexer.py                     | 2 +-
 backend/dataall/tasks/stacks_updater.py                      | 2 +-
 .../d05f9a5b215e_backfill_dataset_table_permissions.py       | 2 +-
 tests/api/test_dataset.py                                    | 2 +-
 tests/api/test_redshift_cluster.py                           | 2 +-
 tests/db/test_permission.py                                  | 5 ++---
 20 files changed, 20 insertions(+), 21 deletions(-)
 rename backend/dataall/modules/datasets/{services => db}/dataset_service.py (100%)

diff --git a/backend/dataall/aws/handlers/redshift.py b/backend/dataall/aws/handlers/redshift.py
index 5264366b3..bb61c05a7 100644
--- a/backend/dataall/aws/handlers/redshift.py
+++ b/backend/dataall/aws/handlers/redshift.py
@@ -12,7 +12,7 @@
 # TODO should be migrated in the redshift module
 from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
 from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
-from dataall.modules.datasets.services.dataset_service import DatasetService
+from dataall.modules.datasets.db.dataset_service import DatasetService
 
 log = logging.getLogger(__name__)
 
diff --git a/backend/dataall/db/api/redshift_cluster.py b/backend/dataall/db/api/redshift_cluster.py
index f463fd3f5..dece5d480 100644
--- a/backend/dataall/db/api/redshift_cluster.py
+++ b/backend/dataall/db/api/redshift_cluster.py
@@ -10,7 +10,7 @@
     NamingConventionPattern,
 )
 from dataall.utils.slugify import slugify
-from dataall.modules.datasets.services.dataset_service import DatasetService
+from dataall.modules.datasets.db.dataset_service import DatasetService
 from dataall.modules.dataset_sharing.db.models import ShareObject, ShareObjectItem
 from dataall.modules.dataset_sharing.services.share_object import ShareItemSM
 
diff --git a/backend/dataall/modules/datasets/api/dataset/resolvers.py b/backend/dataall/modules/datasets/api/dataset/resolvers.py
index 01dc1802e..a0ac4c55d 100644
--- a/backend/dataall/modules/datasets/api/dataset/resolvers.py
+++ b/backend/dataall/modules/datasets/api/dataset/resolvers.py
@@ -19,7 +19,7 @@
 from dataall.modules.datasets import Dataset
 from dataall.modules.datasets.aws.glue_dataset_client import DatasetCrawler
 from dataall.modules.datasets.db.dataset_location_repository import DatasetLocationRepository
-from dataall.modules.datasets.services.dataset_service import DatasetService
+from dataall.modules.datasets.db.dataset_service import DatasetService
 from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
 from dataall.modules.datasets.services.dataset_permissions import CREDENTIALS_DATASET, SYNC_DATASET, SUMMARY_DATASET, \
diff --git a/backend/dataall/modules/datasets/api/profiling/resolvers.py b/backend/dataall/modules/datasets/api/profiling/resolvers.py
index a89a2dd29..c29f6100b 100644
--- a/backend/dataall/modules/datasets/api/profiling/resolvers.py
+++ b/backend/dataall/modules/datasets/api/profiling/resolvers.py
@@ -6,7 +6,7 @@
 from dataall.aws.handlers.sts import SessionHelper
 from dataall.db import api, models
 from dataall.db.api import ResourcePolicy
-from dataall.modules.datasets.services.dataset_service import DatasetService
+from dataall.modules.datasets.db.dataset_service import DatasetService
 from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
 from dataall.modules.datasets.db.dataset_profiling_repository import DatasetProfilingRepository
 from dataall.modules.datasets_base.db.models import DatasetProfilingRun
diff --git a/backend/dataall/modules/datasets/api/storage_location/resolvers.py b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
index ff16fe1bc..db68277a2 100644
--- a/backend/dataall/modules/datasets/api/storage_location/resolvers.py
+++ b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
@@ -10,7 +10,7 @@
 from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
 from dataall.modules.datasets_base.db.models import DatasetStorageLocation, Dataset
 from dataall.modules.datasets.db.dataset_location_repository import DatasetLocationRepository
-from dataall.modules.datasets.services.dataset_service import DatasetService
+from dataall.modules.datasets.db.dataset_service import DatasetService
 from dataall.modules.datasets.services.dataset_permissions import UPDATE_DATASET_FOLDER
 
 
diff --git a/backend/dataall/modules/datasets/api/table/resolvers.py b/backend/dataall/modules/datasets/api/table/resolvers.py
index 1c6d802f8..8e70ad271 100644
--- a/backend/dataall/modules/datasets/api/table/resolvers.py
+++ b/backend/dataall/modules/datasets/api/table/resolvers.py
@@ -12,7 +12,7 @@
 from dataall.db import models
 from dataall.db.api import ResourcePolicy, Glossary
 from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
-from dataall.modules.datasets.services.dataset_service import DatasetService
+from dataall.modules.datasets.db.dataset_service import DatasetService
 from dataall.modules.datasets.services.dataset_permissions import UPDATE_DATASET_TABLE
 from dataall.modules.datasets_base.services.permissions import PREVIEW_DATASET_TABLE
 from dataall.utils import json_utils
diff --git a/backend/dataall/modules/datasets/cdk/dataset_data_policy.py b/backend/dataall/modules/datasets/cdk/dataset_data_policy.py
index 05d3e0e89..21be6ee5a 100644
--- a/backend/dataall/modules/datasets/cdk/dataset_data_policy.py
+++ b/backend/dataall/modules/datasets/cdk/dataset_data_policy.py
@@ -3,7 +3,7 @@
 
 from dataall.cdkproxy.stacks.policies.data_policy import DataPolicy
 from dataall.modules.datasets_base.db.models import Dataset
-from dataall.modules.datasets.services.dataset_service import DatasetService
+from dataall.modules.datasets.db.dataset_service import DatasetService
 
 
 class DatasetDataPolicy(DataPolicy):
diff --git a/backend/dataall/modules/datasets/services/dataset_service.py b/backend/dataall/modules/datasets/db/dataset_service.py
similarity index 100%
rename from backend/dataall/modules/datasets/services/dataset_service.py
rename to backend/dataall/modules/datasets/db/dataset_service.py
diff --git a/backend/dataall/modules/datasets/db/dataset_table_repository.py b/backend/dataall/modules/datasets/db/dataset_table_repository.py
index 9c0a8ae3d..5db57a59a 100644
--- a/backend/dataall/modules/datasets/db/dataset_table_repository.py
+++ b/backend/dataall/modules/datasets/db/dataset_table_repository.py
@@ -10,7 +10,7 @@
 from dataall.modules.dataset_sharing.services.share_object import ShareItemSM
 from dataall.modules.datasets.services.dataset_permissions import MANAGE_DATASETS, CREATE_DATASET_TABLE, DELETE_DATASET_TABLE, \
     UPDATE_DATASET_TABLE
-from dataall.modules.datasets.services.dataset_service import DatasetService
+from dataall.modules.datasets.db.dataset_service import DatasetService
 from dataall.modules.datasets_base.services.permissions import DATASET_TABLE_READ
 from dataall.utils import json_utils
 from dataall.modules.datasets_base.db.models import DatasetTableColumn, DatasetTable, Dataset
diff --git a/backend/dataall/modules/datasets/handlers/glue_dataset_handler.py b/backend/dataall/modules/datasets/handlers/glue_dataset_handler.py
index 277999720..cf1be74d0 100644
--- a/backend/dataall/modules/datasets/handlers/glue_dataset_handler.py
+++ b/backend/dataall/modules/datasets/handlers/glue_dataset_handler.py
@@ -4,7 +4,7 @@
 from dataall.db import models
 from dataall.modules.datasets.aws.glue_dataset_client import DatasetCrawler
 from dataall.modules.datasets_base.db.models import Dataset
-from dataall.modules.datasets.services.dataset_service import DatasetService
+from dataall.modules.datasets.db.dataset_service import DatasetService
 
 log = logging.getLogger(__name__)
 
diff --git a/backend/dataall/modules/datasets/handlers/glue_table_handler.py b/backend/dataall/modules/datasets/handlers/glue_table_handler.py
index 7fc938828..7cb3cbd38 100644
--- a/backend/dataall/modules/datasets/handlers/glue_table_handler.py
+++ b/backend/dataall/modules/datasets/handlers/glue_table_handler.py
@@ -4,7 +4,7 @@
 from dataall.aws.handlers.service_handlers import Worker
 from dataall.db import models
 from dataall.modules.datasets_base.db.models import Dataset
-from dataall.modules.datasets.services.dataset_service import DatasetService
+from dataall.modules.datasets.db.dataset_service import DatasetService
 from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
 
 log = logging.getLogger(__name__)
diff --git a/backend/dataall/modules/datasets/handlers/sns_dataset_handler.py b/backend/dataall/modules/datasets/handlers/sns_dataset_handler.py
index 006c4023d..e5a2deb27 100644
--- a/backend/dataall/modules/datasets/handlers/sns_dataset_handler.py
+++ b/backend/dataall/modules/datasets/handlers/sns_dataset_handler.py
@@ -7,7 +7,7 @@
 from dataall.aws.handlers.sts import SessionHelper
 from dataall import db
 from dataall.db import models
-from dataall.modules.datasets.services.dataset_service import DatasetService
+from dataall.modules.datasets.db.dataset_service import DatasetService
 
 logger = logging.getLogger(__name__)
 
diff --git a/backend/dataall/modules/datasets/indexers/dataset_indexer.py b/backend/dataall/modules/datasets/indexers/dataset_indexer.py
index 72915207d..20c28bb1d 100644
--- a/backend/dataall/modules/datasets/indexers/dataset_indexer.py
+++ b/backend/dataall/modules/datasets/indexers/dataset_indexer.py
@@ -4,7 +4,7 @@
 from dataall.db import models
 from dataall.modules.datasets_base.db.models import Dataset
 from dataall.modules.datasets.db.dataset_location_repository import DatasetLocationRepository
-from dataall.modules.datasets.services.dataset_service import DatasetService
+from dataall.modules.datasets.db.dataset_service import DatasetService
 from dataall.searchproxy.base_indexer import BaseIndexer
 
 
diff --git a/backend/dataall/modules/datasets/tasks/tables_syncer.py b/backend/dataall/modules/datasets/tasks/tables_syncer.py
index ab219eb5b..98dfc3a00 100644
--- a/backend/dataall/modules/datasets/tasks/tables_syncer.py
+++ b/backend/dataall/modules/datasets/tasks/tables_syncer.py
@@ -12,7 +12,7 @@
 from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
 from dataall.modules.dataset_sharing.services.dataset_alarm_service import DatasetAlarmService
-from dataall.modules.datasets.services.dataset_service import DatasetService
+from dataall.modules.datasets.db.dataset_service import DatasetService
 from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
 
 root = logging.getLogger()
diff --git a/backend/dataall/tasks/catalog_indexer.py b/backend/dataall/tasks/catalog_indexer.py
index 962eb66f2..377337410 100644
--- a/backend/dataall/tasks/catalog_indexer.py
+++ b/backend/dataall/tasks/catalog_indexer.py
@@ -5,7 +5,7 @@
 from dataall.modules.datasets_base.db.models import Dataset
 from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
-from dataall.modules.datasets.services.dataset_service import DatasetService
+from dataall.modules.datasets.db.dataset_service import DatasetService
 from dataall.db import get_engine, models
 from dataall.searchproxy.indexers import DashboardIndexer
 from dataall.utils.alarm_service import AlarmService
diff --git a/backend/dataall/tasks/stacks_updater.py b/backend/dataall/tasks/stacks_updater.py
index 9a17deaf1..28c5e0887 100644
--- a/backend/dataall/tasks/stacks_updater.py
+++ b/backend/dataall/tasks/stacks_updater.py
@@ -4,7 +4,7 @@
 import time
 
 from dataall.modules.datasets_base.db.models import Dataset
-from dataall.modules.datasets.services.dataset_service import DatasetService
+from dataall.modules.datasets.db.dataset_service import DatasetService
 from .. import db
 from ..db import models
 from ..aws.handlers.ecs import Ecs
diff --git a/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py b/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py
index 3d036f0e0..66a76761d 100644
--- a/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py
+++ b/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py
@@ -15,7 +15,7 @@
 from dataall.db.models.Enums import ShareableType
 from dataall.modules.dataset_sharing.db.Enums import ShareObjectStatus
 from dataall.modules.dataset_sharing.services.share_object import ShareObjectService
-from dataall.modules.datasets.services.dataset_service import DatasetService
+from dataall.modules.datasets.db.dataset_service import DatasetService
 from dataall.modules.datasets_base.services.dataset_permissions import DATASET_TABLE_READ
 
 # revision identifiers, used by Alembic.
diff --git a/tests/api/test_dataset.py b/tests/api/test_dataset.py
index b6d5a4629..4534f3b16 100644
--- a/tests/api/test_dataset.py
+++ b/tests/api/test_dataset.py
@@ -5,7 +5,7 @@
 
 import dataall
 from dataall.modules.datasets_base.db.models import DatasetStorageLocation, DatasetTable, Dataset
-from dataall.modules.datasets.services.dataset_service import DatasetService
+from dataall.modules.datasets.db.dataset_service import DatasetService
 
 
 @pytest.fixture(scope='module', autouse=True)
diff --git a/tests/api/test_redshift_cluster.py b/tests/api/test_redshift_cluster.py
index 0058c2fe9..7ecc12264 100644
--- a/tests/api/test_redshift_cluster.py
+++ b/tests/api/test_redshift_cluster.py
@@ -5,7 +5,7 @@
 import dataall
 from dataall.api.constants import RedshiftClusterRole
 from dataall.modules.datasets_base.db.models import Dataset
-from dataall.modules.datasets.services.dataset_service import DatasetService
+from dataall.modules.datasets.db.dataset_service import DatasetService
 
 
 @pytest.fixture(scope='module', autouse=True)
diff --git a/tests/db/test_permission.py b/tests/db/test_permission.py
index b3c5c11b2..aee931076 100644
--- a/tests/db/test_permission.py
+++ b/tests/db/test_permission.py
@@ -5,9 +5,8 @@
 from dataall.db import exceptions
 from dataall.db.models.Permission import PermissionType
 from dataall.modules.datasets_base.db.models import Dataset
-from dataall.modules.datasets.services.dataset_service import DatasetService
-from dataall.modules.datasets.services.dataset_permissions import MANAGE_DATASETS, UPDATE_DATASET, DATASET_READ, DATASET_WRITE, \
-    DATASET_TABLE_READ
+from dataall.modules.datasets.db.dataset_service import DatasetService
+from dataall.modules.datasets.services.dataset_permissions import MANAGE_DATASETS, UPDATE_DATASET, DATASET_READ, DATASET_WRITE
 from dataall.modules.datasets_base.services.permissions import DATASET_TABLE_READ
 
 @pytest.fixture(scope='module')

From 2ff57a2c83094bf394b16ac87a91ef14a5ce29f1 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 8 May 2023 14:30:41 +0200
Subject: [PATCH 138/346] Moved listDataItemsSharedWithEnvGroup to sharing

---
 backend/dataall/api/Objects/Group/queries.py   | 14 +-------------
 backend/dataall/api/Objects/Group/resolvers.py | 18 ------------------
 .../modules/dataset_sharing/api/queries.py     | 12 ++++++++++++
 .../modules/dataset_sharing/api/resolvers.py   | 18 ++++++++++++++++++
 4 files changed, 31 insertions(+), 31 deletions(-)

diff --git a/backend/dataall/api/Objects/Group/queries.py b/backend/dataall/api/Objects/Group/queries.py
index 62233b5c5..8642a00c8 100644
--- a/backend/dataall/api/Objects/Group/queries.py
+++ b/backend/dataall/api/Objects/Group/queries.py
@@ -1,5 +1,5 @@
 from ... import gql
-from .resolvers import get_group, list_data_items_shared_with_env_group, list_cognito_groups
+from .resolvers import get_group, list_cognito_groups
 
 getGroup = gql.QueryField(
     name='getGroup',
@@ -8,18 +8,6 @@
     resolver=get_group,
 )
 
-listDataItemsSharedWithEnvGroup = gql.QueryField(
-    name='listDataItemsSharedWithEnvGroup',
-    args=[
-        gql.Argument(name='environmentUri', type=gql.NonNullableType(gql.String)),
-        gql.Argument(name='groupUri', type=gql.NonNullableType(gql.String)),
-        gql.Argument(name='filter', type=gql.Ref('EnvironmentDataItemFilter')),
-    ],
-    resolver=list_data_items_shared_with_env_group,
-    type=gql.Ref('EnvironmentPublishedItemSearchResults'),
-    test_scope='Dataset',
-)
-
 listCognitoGroups = gql.QueryField(
     name='listCognitoGroups',
     args=[
diff --git a/backend/dataall/api/Objects/Group/resolvers.py b/backend/dataall/api/Objects/Group/resolvers.py
index eb7b04ce7..3ef75f1ed 100644
--- a/backend/dataall/api/Objects/Group/resolvers.py
+++ b/backend/dataall/api/Objects/Group/resolvers.py
@@ -4,7 +4,6 @@
 from ....db import exceptions
 from ....db.models import Group
 from ....aws.handlers.cognito import Cognito
-from dataall.modules.dataset_sharing.services.dataset_share_service import DatasetShareService
 
 log = logging.getLogger()
 
@@ -43,23 +42,6 @@ def get_group(context, source, groupUri):
     return Group(groupUri=groupUri, name=groupUri, label=groupUri)
 
 
-def list_data_items_shared_with_env_group(
-    context, source, environmentUri: str = None, groupUri: str = None, filter: dict = None
-):
-    if not filter:
-        filter = {}
-    with context.engine.scoped_session() as session:
-        return DatasetShareService.paginated_shared_with_environment_group_datasets(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            envUri=environmentUri,
-            groupUri=groupUri,
-            data=filter,
-            check_perm=True,
-        )
-
-
 def list_cognito_groups(context, source, filter: dict = None):
     envname = os.getenv('envname', 'local')
     if envname in ['dkrcompose']:
diff --git a/backend/dataall/modules/dataset_sharing/api/queries.py b/backend/dataall/modules/dataset_sharing/api/queries.py
index 1033d4408..37565220b 100644
--- a/backend/dataall/modules/dataset_sharing/api/queries.py
+++ b/backend/dataall/modules/dataset_sharing/api/queries.py
@@ -21,3 +21,15 @@
     type=gql.Ref('ShareSearchResult'),
     resolver=list_shares_in_my_inbox,
 )
+
+listDataItemsSharedWithEnvGroup = gql.QueryField(
+    name='listDataItemsSharedWithEnvGroup',
+    args=[
+        gql.Argument(name='environmentUri', type=gql.NonNullableType(gql.String)),
+        gql.Argument(name='groupUri', type=gql.NonNullableType(gql.String)),
+        gql.Argument(name='filter', type=gql.Ref('EnvironmentDataItemFilter')),
+    ],
+    resolver=list_data_items_shared_with_env_group,
+    type=gql.Ref('EnvironmentPublishedItemSearchResults'),
+    test_scope='Dataset',
+)
diff --git a/backend/dataall/modules/dataset_sharing/api/resolvers.py b/backend/dataall/modules/dataset_sharing/api/resolvers.py
index 8f857f031..096c7e5a8 100644
--- a/backend/dataall/modules/dataset_sharing/api/resolvers.py
+++ b/backend/dataall/modules/dataset_sharing/api/resolvers.py
@@ -8,6 +8,7 @@
 from dataall.aws.handlers.service_handlers import Worker
 from dataall.db import models
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
+from dataall.modules.dataset_sharing.services.dataset_share_service import DatasetShareService
 from dataall.modules.dataset_sharing.services.share_object import ShareObjectService
 from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base.db.models import DatasetStorageLocation, DatasetTable, Dataset
@@ -368,3 +369,20 @@ def list_shares_in_my_outbox(context: Context, source, filter: dict = None):
             data=filter,
             check_perm=None,
         )
+
+
+def list_data_items_shared_with_env_group(
+    context, source, environmentUri: str = None, groupUri: str = None, filter: dict = None
+):
+    if not filter:
+        filter = {}
+    with context.engine.scoped_session() as session:
+        return DatasetShareService.paginated_shared_with_environment_group_datasets(
+            session=session,
+            username=context.username,
+            groups=context.groups,
+            envUri=environmentUri,
+            groupUri=groupUri,
+            data=filter,
+            check_perm=True,
+        )
\ No newline at end of file

From b0e30d80a68f36f272c210f63a7b22dd707f3e63 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 8 May 2023 14:36:47 +0200
Subject: [PATCH 139/346] Moved queries related to sharing

---
 .../api/Objects/Environment/queries.py        | 12 -------
 .../api/Objects/Environment/resolvers.py      | 17 ----------
 .../dataall/api/Objects/Environment/schema.py | 33 -------------------
 .../modules/dataset_sharing/api/queries.py    | 11 +++++++
 .../modules/dataset_sharing/api/resolvers.py  | 18 +++++++++-
 .../modules/dataset_sharing/api/schema.py     | 33 +++++++++++++++++++
 6 files changed, 61 insertions(+), 63 deletions(-)

diff --git a/backend/dataall/api/Objects/Environment/queries.py b/backend/dataall/api/Objects/Environment/queries.py
index 892b3d32b..18f266c3f 100644
--- a/backend/dataall/api/Objects/Environment/queries.py
+++ b/backend/dataall/api/Objects/Environment/queries.py
@@ -48,18 +48,6 @@
 )
 
 
-searchEnvironmentDataItems = gql.QueryField(
-    name='searchEnvironmentDataItems',
-    args=[
-        gql.Argument(name='environmentUri', type=gql.NonNullableType(gql.String)),
-        gql.Argument(name='filter', type=gql.Ref('EnvironmentDataItemFilter')),
-    ],
-    resolver=list_shared_with_environment_data_items,
-    type=gql.Ref('EnvironmentPublishedItemSearchResults'),
-    test_scope='Dataset',
-)
-
-
 generateEnvironmentAccessToken = gql.QueryField(
     name='generateEnvironmentAccessToken',
     args=[
diff --git a/backend/dataall/api/Objects/Environment/resolvers.py b/backend/dataall/api/Objects/Environment/resolvers.py
index b241f6dbb..af7976e62 100644
--- a/backend/dataall/api/Objects/Environment/resolvers.py
+++ b/backend/dataall/api/Objects/Environment/resolvers.py
@@ -21,8 +21,6 @@
     NamingConventionPattern,
 )
 
-from dataall.modules.dataset_sharing.services.dataset_share_service import DatasetShareService
-
 log = logging.getLogger()
 
 
@@ -401,21 +399,6 @@ def list_environment_group_permissions(
             check_perm=True,
         )
 
-def list_shared_with_environment_data_items(
-    context: Context, source, environmentUri: str = None, filter: dict = None
-):
-    if not filter:
-        filter = {}
-    with context.engine.scoped_session() as session:
-        return DatasetShareService.paginated_shared_with_environment_datasets(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            uri=environmentUri,
-            data=filter,
-            check_perm=True,
-        )
-
 
 def _get_environment_group_aws_session(
     session, username, groups, environment, groupUri=None
diff --git a/backend/dataall/api/Objects/Environment/schema.py b/backend/dataall/api/Objects/Environment/schema.py
index 1c1bae604..bb5749065 100644
--- a/backend/dataall/api/Objects/Environment/schema.py
+++ b/backend/dataall/api/Objects/Environment/schema.py
@@ -127,39 +127,6 @@
 )
 
 
-EnvironmentPublishedItem = gql.ObjectType(
-    name='EnvironmentPublishedItem',
-    fields=[
-        gql.Field(name='shareUri', type=gql.NonNullableType(gql.String)),
-        gql.Field(name='datasetUri', type=gql.NonNullableType(gql.String)),
-        gql.Field(name='datasetName', type=gql.NonNullableType(gql.String)),
-        gql.Field(name='itemAccess', type=gql.NonNullableType(gql.String)),
-        gql.Field(name='itemType', type=gql.NonNullableType(gql.String)),
-        gql.Field(name='environmentUri', type=gql.NonNullableType(gql.String)),
-        gql.Field(name='principalId', type=gql.NonNullableType(gql.String)),
-        gql.Field(name='environmentName', type=gql.NonNullableType(gql.String)),
-        gql.Field(name='organizationUri', type=gql.NonNullableType(gql.String)),
-        gql.Field(name='organizationName', type=gql.NonNullableType(gql.String)),
-        gql.Field(name='created', type=gql.NonNullableType(gql.String)),
-        gql.Field(name='GlueDatabaseName', type=gql.String),
-        gql.Field(name='GlueTableName', type=gql.String),
-        gql.Field(name='S3AccessPointName', type=gql.String),
-    ],
-)
-
-
-EnvironmentPublishedItemSearchResults = gql.ObjectType(
-    name='EnvironmentPublishedItemSearchResults',
-    fields=[
-        gql.Field(name='count', type=gql.Integer),
-        gql.Field(name='page', type=gql.Integer),
-        gql.Field(name='pages', type=gql.Integer),
-        gql.Field(name='hasNext', type=gql.Boolean),
-        gql.Field(name='hasPrevious', type=gql.Boolean),
-        gql.Field(name='nodes', type=gql.ArrayType(EnvironmentPublishedItem)),
-    ],
-)
-
 ConsumptionRole = gql.ObjectType(
     name='ConsumptionRole',
     fields=[
diff --git a/backend/dataall/modules/dataset_sharing/api/queries.py b/backend/dataall/modules/dataset_sharing/api/queries.py
index 37565220b..126508758 100644
--- a/backend/dataall/modules/dataset_sharing/api/queries.py
+++ b/backend/dataall/modules/dataset_sharing/api/queries.py
@@ -33,3 +33,14 @@
     type=gql.Ref('EnvironmentPublishedItemSearchResults'),
     test_scope='Dataset',
 )
+
+searchEnvironmentDataItems = gql.QueryField(
+    name='searchEnvironmentDataItems',
+    args=[
+        gql.Argument(name='environmentUri', type=gql.NonNullableType(gql.String)),
+        gql.Argument(name='filter', type=gql.Ref('EnvironmentDataItemFilter')),
+    ],
+    resolver=list_shared_with_environment_data_items,
+    type=gql.Ref('EnvironmentPublishedItemSearchResults'),
+    test_scope='Dataset',
+)
diff --git a/backend/dataall/modules/dataset_sharing/api/resolvers.py b/backend/dataall/modules/dataset_sharing/api/resolvers.py
index 096c7e5a8..a0e33909b 100644
--- a/backend/dataall/modules/dataset_sharing/api/resolvers.py
+++ b/backend/dataall/modules/dataset_sharing/api/resolvers.py
@@ -385,4 +385,20 @@ def list_data_items_shared_with_env_group(
             groupUri=groupUri,
             data=filter,
             check_perm=True,
-        )
\ No newline at end of file
+        )
+
+
+def list_shared_with_environment_data_items(
+    context: Context, source, environmentUri: str = None, filter: dict = None
+):
+    if not filter:
+        filter = {}
+    with context.engine.scoped_session() as session:
+        return DatasetShareService.paginated_shared_with_environment_datasets(
+            session=session,
+            username=context.username,
+            groups=context.groups,
+            uri=environmentUri,
+            data=filter,
+            check_perm=True,
+        )
diff --git a/backend/dataall/modules/dataset_sharing/api/schema.py b/backend/dataall/modules/dataset_sharing/api/schema.py
index c99382205..f8455d0b5 100644
--- a/backend/dataall/modules/dataset_sharing/api/schema.py
+++ b/backend/dataall/modules/dataset_sharing/api/schema.py
@@ -166,3 +166,36 @@
         gql.Field(name='nodes', type=gql.ArrayType(gql.Ref('ShareObject'))),
     ],
 )
+
+EnvironmentPublishedItem = gql.ObjectType(
+    name='EnvironmentPublishedItem',
+    fields=[
+        gql.Field(name='shareUri', type=gql.NonNullableType(gql.String)),
+        gql.Field(name='datasetUri', type=gql.NonNullableType(gql.String)),
+        gql.Field(name='datasetName', type=gql.NonNullableType(gql.String)),
+        gql.Field(name='itemAccess', type=gql.NonNullableType(gql.String)),
+        gql.Field(name='itemType', type=gql.NonNullableType(gql.String)),
+        gql.Field(name='environmentUri', type=gql.NonNullableType(gql.String)),
+        gql.Field(name='principalId', type=gql.NonNullableType(gql.String)),
+        gql.Field(name='environmentName', type=gql.NonNullableType(gql.String)),
+        gql.Field(name='organizationUri', type=gql.NonNullableType(gql.String)),
+        gql.Field(name='organizationName', type=gql.NonNullableType(gql.String)),
+        gql.Field(name='created', type=gql.NonNullableType(gql.String)),
+        gql.Field(name='GlueDatabaseName', type=gql.String),
+        gql.Field(name='GlueTableName', type=gql.String),
+        gql.Field(name='S3AccessPointName', type=gql.String),
+    ],
+)
+
+
+EnvironmentPublishedItemSearchResults = gql.ObjectType(
+    name='EnvironmentPublishedItemSearchResults',
+    fields=[
+        gql.Field(name='count', type=gql.Integer),
+        gql.Field(name='page', type=gql.Integer),
+        gql.Field(name='pages', type=gql.Integer),
+        gql.Field(name='hasNext', type=gql.Boolean),
+        gql.Field(name='hasPrevious', type=gql.Boolean),
+        gql.Field(name='nodes', type=gql.ArrayType(EnvironmentPublishedItem)),
+    ],
+)
\ No newline at end of file

From 1ceb50e204735f8bcb79646e97472891e0c0c618 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 8 May 2023 16:57:22 +0200
Subject: [PATCH 140/346] Review remarks

---
 .../dataall/cdkproxy/stacks/environment.py    |  6 +-
 .../cdkproxy/stacks/policies/data_policy.py   |  4 +-
 .../datasets/aws/glue_profiler_client.py      | 46 ++++++++++
 .../modules/datasets/aws/lf_table_client.py   |  3 -
 .../datasets/aws/sns_dataset_client.py        | 39 +++++++++
 .../dataall/modules/datasets/cdk/__init__.py  |  4 +-
 ...et_data_policy.py => dataset_s3_policy.py} |  6 +-
 .../modules/datasets/handlers/__init__.py     |  6 +-
 .../datasets/handlers/glue_dataset_handler.py |  2 +-
 .../handlers/glue_profiling_handler.py        | 86 +++++--------------
 .../datasets/handlers/glue_table_handler.py   |  2 +-
 ..._handler.py => glue_table_sync_handler.py} |  6 +-
 ...andler.py => s3_folder_creator_handler.py} |  4 +-
 .../datasets/handlers/sns_dataset_handler.py  | 32 ++-----
 14 files changed, 132 insertions(+), 114 deletions(-)
 create mode 100644 backend/dataall/modules/datasets/aws/glue_profiler_client.py
 create mode 100644 backend/dataall/modules/datasets/aws/sns_dataset_client.py
 rename backend/dataall/modules/datasets/cdk/{dataset_data_policy.py => dataset_s3_policy.py} (83%)
 rename backend/dataall/modules/datasets/handlers/{glue_column_handler.py => glue_table_sync_handler.py} (91%)
 rename backend/dataall/modules/datasets/handlers/{s3_location_handler.py => s3_folder_creator_handler.py} (87%)

diff --git a/backend/dataall/cdkproxy/stacks/environment.py b/backend/dataall/cdkproxy/stacks/environment.py
index 20646b7fb..2b863640d 100644
--- a/backend/dataall/cdkproxy/stacks/environment.py
+++ b/backend/dataall/cdkproxy/stacks/environment.py
@@ -28,7 +28,7 @@
 from botocore.exceptions import ClientError
 
 from .manager import stack
-from .policies.data_policy import DataPolicy
+from .policies.data_policy import S3Policy
 from .policies.service_policy import ServicePolicy
 from ... import db
 from ...aws.handlers.quicksight import Quicksight
@@ -587,7 +587,7 @@ def create_or_import_environment_default_role(self):
                 ),
             ).generate_policies()
 
-            data_policy = DataPolicy(
+            data_policy = S3Policy(
                 stack=self,
                 tag_key='Team',
                 tag_value=self._environment.SamlGroupName,
@@ -656,7 +656,7 @@ def create_group_environment_role(self, group):
         ).generate_policies()
 
         with self.engine.scoped_session() as session:
-            data_policy = DataPolicy(
+            data_policy = S3Policy(
                 stack=self,
                 tag_key='Team',
                 tag_value=group.groupUri,
diff --git a/backend/dataall/cdkproxy/stacks/policies/data_policy.py b/backend/dataall/cdkproxy/stacks/policies/data_policy.py
index 49f7d59fb..37c86e648 100644
--- a/backend/dataall/cdkproxy/stacks/policies/data_policy.py
+++ b/backend/dataall/cdkproxy/stacks/policies/data_policy.py
@@ -8,7 +8,7 @@
 logger = logging.getLogger()
 
 
-class DataPolicy:
+class S3Policy:
     def __init__(
         self,
         stack,
@@ -90,7 +90,7 @@ def generate_data_access_policy(self, session) -> iam.Policy:
         """
         statements: List[iam.PolicyStatement] = self.get_statements(session)
 
-        for extension in DataPolicy.__subclasses__():
+        for extension in S3Policy.__subclasses__():
             statements.extend(extension.get_statements(self, session=session))
 
         policy: iam.Policy = iam.Policy(
diff --git a/backend/dataall/modules/datasets/aws/glue_profiler_client.py b/backend/dataall/modules/datasets/aws/glue_profiler_client.py
new file mode 100644
index 000000000..6b678ec0b
--- /dev/null
+++ b/backend/dataall/modules/datasets/aws/glue_profiler_client.py
@@ -0,0 +1,46 @@
+import logging
+from botocore.exceptions import ClientError
+
+from dataall.aws.handlers.sts import SessionHelper
+from dataall.modules.datasets import Dataset
+from dataall.modules.datasets.db.models import DatasetProfilingRun
+
+log = logging.getLogger(__name__)
+
+
+class GlueDatasetProfilerClient:
+    """Controls glue profiling jobs in AWS"""
+
+    def __init__(self, dataset: Dataset):
+        session = SessionHelper.remote_session(accountid=dataset.AwsAccountId)
+        self._client = session.client('glue', region_name=dataset.region)
+        self._name = dataset.GlueProfilingJobName
+
+    def get_job_status(self, profiling: DatasetProfilingRun):
+        """Returns a status of a glue job"""
+        run_id = profiling.GlueJobRunId
+        try:
+            response = self._client.get_job_run(JobName=self._name, RunId=run_id)
+            return response['JobRun']['JobRunState']
+        except ClientError as e:
+            log.error(f'Failed to get job run {run_id} due to: {e}')
+            raise e
+
+    def run_job(self, profiling: DatasetProfilingRun):
+        """Run glue job. Returns id of the job"""
+        args = {
+            'arguments': (
+                {'--table': profiling.GlueTableName}
+                if profiling.GlueTableName
+                else {}
+            ),
+        }
+        try:
+            response = self._client.start_job_run(
+                JobName=self._name, Arguments=args
+            )
+
+            return response['JobRunId']
+        except ClientError as e:
+            log.error(f'Failed to start profiling job {self._name} due to: {e}')
+            raise e
diff --git a/backend/dataall/modules/datasets/aws/lf_table_client.py b/backend/dataall/modules/datasets/aws/lf_table_client.py
index 8caff5073..c7b0825c9 100644
--- a/backend/dataall/modules/datasets/aws/lf_table_client.py
+++ b/backend/dataall/modules/datasets/aws/lf_table_client.py
@@ -20,9 +20,6 @@ def grant_pivot_role_all_table_permissions(self):
         """
         Pivot role needs to have all permissions
         for tables managed inside dataall
-        :param aws_session:
-        :param table:
-        :return:
         """
         table = self._table
         principal = SessionHelper.get_delegation_role_arn(table.AWSAccountId)
diff --git a/backend/dataall/modules/datasets/aws/sns_dataset_client.py b/backend/dataall/modules/datasets/aws/sns_dataset_client.py
new file mode 100644
index 000000000..f6e82694a
--- /dev/null
+++ b/backend/dataall/modules/datasets/aws/sns_dataset_client.py
@@ -0,0 +1,39 @@
+import json
+import logging
+
+from botocore.exceptions import ClientError
+
+from dataall.aws.handlers.sts import SessionHelper
+from dataall.db.models import Environment
+from dataall.modules.datasets import Dataset
+
+log = logging.getLogger(__name__)
+
+
+class SnsDatasetClient:
+
+    def __init__(self, environment: Environment, dataset: Dataset):
+        aws_session = SessionHelper.remote_session(
+            accountid=environment.AwsAccountId
+        )
+
+        self._client = aws_session.client('sns', region_name=environment.region)
+        self._topic = f'arn:aws:sns:{environment.region}:{environment.AwsAccountId}:{environment.subscriptionsProducersTopicName}'
+        self._dataset = dataset
+
+    def publish_dataset_message(self, message: dict):
+
+        try:
+            response = self._client.publish(
+                TopicArn=self._topic,
+                Message=json.dumps(message),
+            )
+            return response
+        except ClientError as e:
+            log.error(
+                f'Failed to deliver dataset '
+                f'{self._dataset.datasetUri}|{message} '
+                f'update message for consumers '
+                f'due to: {e} '
+            )
+            raise e
diff --git a/backend/dataall/modules/datasets/cdk/__init__.py b/backend/dataall/modules/datasets/cdk/__init__.py
index 613a75e04..8710674cd 100644
--- a/backend/dataall/modules/datasets/cdk/__init__.py
+++ b/backend/dataall/modules/datasets/cdk/__init__.py
@@ -1,5 +1,5 @@
 from dataall.modules.datasets.cdk import dataset_stack, dataset_databrew_policy, dataset_glue_policy, \
-    dataset_lakeformation_policy, dataset_data_policy
+    dataset_lakeformation_policy, dataset_s3_policy
 
 __all__ = ["dataset_stack", "dataset_databrew_policy", "dataset_glue_policy", "dataset_lakeformation_policy",
-           "dataset_data_policy"]
+           "dataset_s3_policy"]
diff --git a/backend/dataall/modules/datasets/cdk/dataset_data_policy.py b/backend/dataall/modules/datasets/cdk/dataset_s3_policy.py
similarity index 83%
rename from backend/dataall/modules/datasets/cdk/dataset_data_policy.py
rename to backend/dataall/modules/datasets/cdk/dataset_s3_policy.py
index 64c0c53a4..158d8ac74 100644
--- a/backend/dataall/modules/datasets/cdk/dataset_data_policy.py
+++ b/backend/dataall/modules/datasets/cdk/dataset_s3_policy.py
@@ -1,12 +1,12 @@
 from typing import List
 from aws_cdk import aws_iam as iam
 
-from dataall.cdkproxy.stacks.policies.data_policy import DataPolicy
+from dataall.cdkproxy.stacks.policies.data_policy import S3Policy
 from dataall.modules.datasets.db.models import Dataset
 from dataall.modules.datasets.services.dataset_service import DatasetService
 
 
-class DatasetDataPolicy(DataPolicy):
+class DatasetS3Policy(S3Policy):
 
     def get_statements(self, session):
         datasets = DatasetService.list_group_datasets(
@@ -14,7 +14,7 @@ def get_statements(self, session):
             environment_id=self.environment.environmentUri,
             group_uri=self.team.groupUri,
         )
-        return DatasetDataPolicy._generate_dataset_statements(datasets)
+        return DatasetS3Policy._generate_dataset_statements(datasets)
 
     @staticmethod
     def _generate_dataset_statements(datasets: List[Dataset]):
diff --git a/backend/dataall/modules/datasets/handlers/__init__.py b/backend/dataall/modules/datasets/handlers/__init__.py
index 382f052a9..91d4aeff6 100644
--- a/backend/dataall/modules/datasets/handlers/__init__.py
+++ b/backend/dataall/modules/datasets/handlers/__init__.py
@@ -3,10 +3,10 @@
 processing in a separate lambda function
 """
 from dataall.modules.datasets.handlers import (
-    glue_column_handler,
+    glue_table_sync_handler,
     glue_table_handler,
     glue_profiling_handler,
-    s3_location_handler
+    s3_folder_creator_handler
 )
 
-__all__ = ["glue_column_handler", "glue_table_handler", "glue_profiling_handler", "s3_location_handler"]
+__all__ = ["glue_table_sync_handler", "glue_table_handler", "glue_profiling_handler", "s3_folder_creator_handler"]
diff --git a/backend/dataall/modules/datasets/handlers/glue_dataset_handler.py b/backend/dataall/modules/datasets/handlers/glue_dataset_handler.py
index 7a43b6ac6..7e8596531 100644
--- a/backend/dataall/modules/datasets/handlers/glue_dataset_handler.py
+++ b/backend/dataall/modules/datasets/handlers/glue_dataset_handler.py
@@ -12,7 +12,7 @@
 log = logging.getLogger(__name__)
 
 
-class GlueDatasetHandler:
+class DatasetCrawlerHandler:
 
     @staticmethod
     @Worker.handler(path='glue.crawler.start')
diff --git a/backend/dataall/modules/datasets/handlers/glue_profiling_handler.py b/backend/dataall/modules/datasets/handlers/glue_profiling_handler.py
index 5d2a4232a..85af6b108 100644
--- a/backend/dataall/modules/datasets/handlers/glue_profiling_handler.py
+++ b/backend/dataall/modules/datasets/handlers/glue_profiling_handler.py
@@ -4,6 +4,7 @@
 from dataall.aws.handlers.service_handlers import Worker
 from dataall.aws.handlers.sts import SessionHelper
 from dataall.db import models
+from dataall.modules.datasets.aws.glue_profiler_client import GlueDatasetProfilerClient
 from dataall.modules.datasets.db.models import DatasetProfilingRun, Dataset
 from dataall.modules.datasets.services.dataset_profiling_service import DatasetProfilingService
 
@@ -17,23 +18,10 @@ class DatasetProfilingGlueHandler:
     @Worker.handler('glue.job.profiling_run_status')
     def get_profiling_run(engine, task: models.Task):
         with engine.scoped_session() as session:
-            profiling: DatasetProfilingRun = (
-                DatasetProfilingService.get_profiling_run(
-                    session, profilingRunUri=task.targetUri
-                )
-            )
-            dataset: Dataset = session.query(Dataset).get(
-                profiling.datasetUri
-            )
-            glue_run = DatasetProfilingGlueHandler.get_job_run(
-                **{
-                    'accountid': dataset.AwsAccountId,
-                    'name': dataset.GlueProfilingJobName,
-                    'region': dataset.region,
-                    'run_id': profiling.GlueJobRunId,
-                }
-            )
-            profiling.status = glue_run['JobRun']['JobRunState']
+            dataset, profiling = DatasetProfilingGlueHandler._get_job_data(session, task)
+            status = GlueDatasetProfilerClient(dataset).get_job_status(profiling)
+
+            profiling.status = status
             session.commit()
             return profiling.status
 
@@ -41,59 +29,25 @@ def get_profiling_run(engine, task: models.Task):
     @Worker.handler('glue.job.start_profiling_run')
     def start_profiling_run(engine, task: models.Task):
         with engine.scoped_session() as session:
-            profiling: DatasetProfilingRun = (
-                DatasetProfilingService.get_profiling_run(
-                    session, profilingRunUri=task.targetUri
-                )
-            )
-            dataset: Dataset = session.query(Dataset).get(
-                profiling.datasetUri
-            )
-            run = DatasetProfilingGlueHandler.run_job(
-                **{
-                    'accountid': dataset.AwsAccountId,
-                    'name': dataset.GlueProfilingJobName,
-                    'region': dataset.region,
-                    'arguments': (
-                        {'--table': profiling.GlueTableName}
-                        if profiling.GlueTableName
-                        else {}
-                    ),
-                }
-            )
+            dataset, profiling = DatasetProfilingGlueHandler._get_job_data(session, task)
+            run_id = GlueDatasetProfilerClient(dataset).run_job(profiling)
+
             DatasetProfilingService.update_run(
                 session,
                 profilingRunUri=profiling.profilingRunUri,
-                GlueJobRunId=run['JobRunId'],
+                GlueJobRunId=run_id,
             )
-            return run
+            return run_id
 
-    # TODO move to client once dataset is migrated
     @staticmethod
-    def get_job_run(**data):
-        accountid = data['accountid']
-        name = data['name']
-        run_id = data['run_id']
-        try:
-            session = SessionHelper.remote_session(accountid=accountid)
-            client = session.client('glue', region_name=data.get('region', 'eu-west-1'))
-            response = client.get_job_run(JobName=name, RunId=run_id)
-            return response
-        except ClientError as e:
-            log.error(f'Failed to get job run {run_id} due to: {e}')
-            raise e
-
-    @staticmethod
-    def run_job(**data):
-        accountid = data['accountid']
-        name = data['name']
-        try:
-            session = SessionHelper.remote_session(accountid=accountid)
-            client = session.client('glue', region_name=data.get('region', 'eu-west-1'))
-            response = client.start_job_run(
-                JobName=name, Arguments=data.get('arguments', {})
+    def _get_job_data(session, task):
+        profiling: DatasetProfilingRun = (
+            DatasetProfilingService.get_profiling_run(
+                session, profilingRunUri=task.targetUri
             )
-            return response
-        except ClientError as e:
-            log.error(f'Failed to start profiling job {name} due to: {e}')
-            raise e
+        )
+        dataset: Dataset = session.query(Dataset).get(
+            profiling.datasetUri
+        )
+
+        return dataset, profiling
diff --git a/backend/dataall/modules/datasets/handlers/glue_table_handler.py b/backend/dataall/modules/datasets/handlers/glue_table_handler.py
index f648dc330..b38311ca6 100644
--- a/backend/dataall/modules/datasets/handlers/glue_table_handler.py
+++ b/backend/dataall/modules/datasets/handlers/glue_table_handler.py
@@ -10,7 +10,7 @@
 log = logging.getLogger(__name__)
 
 
-class DatasetColumnGlueHandler:
+class DatasetTableSyncHandler:
     """A handler for dataset table"""
 
     @staticmethod
diff --git a/backend/dataall/modules/datasets/handlers/glue_column_handler.py b/backend/dataall/modules/datasets/handlers/glue_table_sync_handler.py
similarity index 91%
rename from backend/dataall/modules/datasets/handlers/glue_column_handler.py
rename to backend/dataall/modules/datasets/handlers/glue_table_sync_handler.py
index 07a1c41b5..76b04d75b 100644
--- a/backend/dataall/modules/datasets/handlers/glue_column_handler.py
+++ b/backend/dataall/modules/datasets/handlers/glue_table_sync_handler.py
@@ -38,8 +38,10 @@ def update_table_columns(engine, task: models.Task):
 
             aws_session = SessionHelper.remote_session(table.AWSAccountId)
 
-            LakeFormationTableClient(table, aws_session).grant_pivot_role_all_table_permissions()
-            glue_client = GlueTableClient(aws_session, table)
+            lf_client = LakeFormationTableClient(table=table, aws_session=aws_session)
+            lf_client.grant_pivot_role_all_table_permissions()
+
+            glue_client = GlueTableClient(aws_session=aws_session, table=table)
             original_table = glue_client.get_table()
             updated_table = {
                 k: v
diff --git a/backend/dataall/modules/datasets/handlers/s3_location_handler.py b/backend/dataall/modules/datasets/handlers/s3_folder_creator_handler.py
similarity index 87%
rename from backend/dataall/modules/datasets/handlers/s3_location_handler.py
rename to backend/dataall/modules/datasets/handlers/s3_folder_creator_handler.py
index 14864c191..b2435f6d7 100644
--- a/backend/dataall/modules/datasets/handlers/s3_location_handler.py
+++ b/backend/dataall/modules/datasets/handlers/s3_folder_creator_handler.py
@@ -8,8 +8,8 @@
 log = logging.getLogger(__name__)
 
 
-class S3DatasetLocationHandler:
-    """Handles async requests related to s3 for dataset storage location"""
+class S3FolderCreatorHandler:
+    """Handles async requests related to s3 for dataset folders"""
 
     @staticmethod
     @Worker.handler(path='s3.prefix.create')
diff --git a/backend/dataall/modules/datasets/handlers/sns_dataset_handler.py b/backend/dataall/modules/datasets/handlers/sns_dataset_handler.py
index 006c4023d..25986fe7d 100644
--- a/backend/dataall/modules/datasets/handlers/sns_dataset_handler.py
+++ b/backend/dataall/modules/datasets/handlers/sns_dataset_handler.py
@@ -4,9 +4,9 @@
 from botocore.exceptions import ClientError
 
 from dataall.aws.handlers.service_handlers import Worker
-from dataall.aws.handlers.sts import SessionHelper
-from dataall import db
 from dataall.db import models
+from dataall.db.api import Environment
+from dataall.modules.datasets.aws.sns_dataset_client import SnsDatasetClient
 from dataall.modules.datasets.services.dataset_service import DatasetService
 
 logger = logging.getLogger(__name__)
@@ -21,33 +21,13 @@ def __init__(self):
     def publish_update(engine, task: models.Task):
         with engine.scoped_session() as session:
             dataset = DatasetService.get_dataset_by_uri(session, task.targetUri)
-            environment = db.api.Environment.get_environment_by_uri(
-                session, dataset.environmentUri
-            )
-            aws_session = SessionHelper.remote_session(
-                accountid=environment.AwsAccountId
-            )
-            sns = aws_session.client('sns', region_name=environment.region)
+            environment = Environment.get_environment_by_uri(session, dataset.environmentUri)
+
             message = {
                 'prefix': task.payload['s3Prefix'],
                 'accountid': environment.AwsAccountId,
                 'region': environment.region,
                 'bucket_name': dataset.S3BucketName,
             }
-            try:
-                logger.info(
-                    f'Sending dataset {dataset.datasetUri}|{message} update message for consumers'
-                )
-                response = sns.publish(
-                    TopicArn=f'arn:aws:sns:{environment.region}:{environment.AwsAccountId}:{environment.subscriptionsProducersTopicName}',
-                    Message=json.dumps(message),
-                )
-                return response
-            except ClientError as e:
-                logger.error(
-                    f'Failed to deliver dataset '
-                    f'{dataset.datasetUri}|{message} '
-                    f'update message for consumers '
-                    f'due to: {e} '
-                )
-                raise e
+
+            SnsDatasetClient(environment, dataset).publish_dataset_message(message)

From 0a5170e5c3ea9992ec65628a7e2349ec0d8c44cd Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 8 May 2023 17:01:44 +0200
Subject: [PATCH 141/346] Moved dataset constants

---
 backend/dataall/api/constants.py                    | 10 ----------
 backend/dataall/db/models/Enums.py                  | 10 ----------
 .../modules/datasets/api/dataset/resolvers.py       |  4 +---
 .../dataall/modules/datasets/api/dataset/schema.py  | 13 ++++++++++++-
 4 files changed, 13 insertions(+), 24 deletions(-)

diff --git a/backend/dataall/api/constants.py b/backend/dataall/api/constants.py
index ad712b4a4..d3c2a74e8 100644
--- a/backend/dataall/api/constants.py
+++ b/backend/dataall/api/constants.py
@@ -80,16 +80,6 @@ class DataPipelineRole(GraphQLEnumMapper):
     NoPermission = '000'
 
 
-class DatasetRole(GraphQLEnumMapper):
-    # Permissions on a dataset
-    BusinessOwner = '999'
-    DataSteward = '998'
-    Creator = '950'
-    Admin = '900'
-    Shared = '300'
-    NoPermission = '000'
-
-
 class GlossaryRole(GraphQLEnumMapper):
     # Permissions on a glossary
     Admin = '900'
diff --git a/backend/dataall/db/models/Enums.py b/backend/dataall/db/models/Enums.py
index 8e981242b..e31718fbb 100644
--- a/backend/dataall/db/models/Enums.py
+++ b/backend/dataall/db/models/Enums.py
@@ -49,16 +49,6 @@ class DataPipelineRole(Enum):
     NoPermission = '000'
 
 
-class DatasetRole(Enum):
-    # Permissions on a dataset
-    BusinessOwner = '999'
-    DataSteward = '998'
-    Creator = '950'
-    Admin = '900'
-    Shared = '300'
-    NoPermission = '000'
-
-
 class RedshiftClusterRole(Enum):
     Creator = '950'
     Admin = '900'
diff --git a/backend/dataall/modules/datasets/api/dataset/resolvers.py b/backend/dataall/modules/datasets/api/dataset/resolvers.py
index 7b25886da..b62397415 100644
--- a/backend/dataall/modules/datasets/api/dataset/resolvers.py
+++ b/backend/dataall/modules/datasets/api/dataset/resolvers.py
@@ -6,9 +6,6 @@
 
 from dataall.api.Objects.Stack import stack_helper
 from dataall import db
-from dataall.api.constants import (
-    DatasetRole,
-)
 from dataall.api.context import Context
 from dataall.aws.handlers.service_handlers import Worker
 from dataall.aws.handlers.sts import SessionHelper
@@ -16,6 +13,7 @@
 from dataall.db.api import Environment, ShareObject, ResourcePolicy
 from dataall.db.api.organization import Organization
 from dataall.modules.datasets import Dataset
+from dataall.modules.datasets.api.dataset.schema import DatasetRole
 from dataall.modules.datasets.aws.glue_dataset_client import DatasetCrawler
 from dataall.modules.datasets.services.dataset_location_service import DatasetLocationService
 from dataall.modules.datasets.services.dataset_service import DatasetService
diff --git a/backend/dataall/modules/datasets/api/dataset/schema.py b/backend/dataall/modules/datasets/api/dataset/schema.py
index 4786df52a..90f4a2baa 100644
--- a/backend/dataall/modules/datasets/api/dataset/schema.py
+++ b/backend/dataall/modules/datasets/api/dataset/schema.py
@@ -13,7 +13,18 @@
     resolve_redshift_copy_enabled,
     get_dataset_stack
 )
-from dataall.api.constants import DatasetRole, EnvironmentPermission
+from dataall.api.constants import EnvironmentPermission, GraphQLEnumMapper
+
+
+class DatasetRole(GraphQLEnumMapper):
+    # Permissions on a dataset
+    BusinessOwner = '999'
+    DataSteward = '998'
+    Creator = '950'
+    Admin = '900'
+    Shared = '300'
+    NoPermission = '000'
+
 
 DatasetStatistics = gql.ObjectType(
     name='DatasetStatistics',

From 19377d6bdad42348338b686289bf71f956ab4eef Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 8 May 2023 17:09:17 +0200
Subject: [PATCH 142/346] Returned deleted methods and added triggering of
 alarms

---
 .../services/dataset_alarm_service.py         | 58 ++++++++++++++++++-
 .../share_managers/s3_share_manager.py        | 22 +++++--
 .../share_processors/s3_process_share.py      |  4 +-
 3 files changed, 76 insertions(+), 8 deletions(-)

diff --git a/backend/dataall/modules/datasets/services/dataset_alarm_service.py b/backend/dataall/modules/datasets/services/dataset_alarm_service.py
index 9283f2265..7dfeaae57 100644
--- a/backend/dataall/modules/datasets/services/dataset_alarm_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_alarm_service.py
@@ -2,7 +2,7 @@
 from datetime import datetime
 
 from dataall.db import models
-from dataall.modules.datasets.db.models import DatasetTable, Dataset
+from dataall.modules.datasets.db.models import DatasetTable, Dataset, DatasetStorageLocation
 from dataall.utils.alarm_service import AlarmService
 
 log = logging.getLogger(__name__)
@@ -93,4 +93,60 @@ def trigger_dataset_sync_failure_alarm(self, dataset: Dataset, error: str):
     """
         return self.publish_message_to_alarms_topic(subject, message)
 
+    def trigger_folder_sharing_failure_alarm(
+        self,
+        folder: DatasetStorageLocation,
+        share: models.ShareObject,
+        target_environment: models.Environment,
+    ):
+        log.info('Triggering share failure alarm...')
+        subject = (
+            f'ALARM: DATAALL Folder {folder.S3Prefix} Sharing Failure Notification'
+        )
+        message = f"""
+You are receiving this email because your DATAALL {self.envname} environment in the {self.region} region has entered the ALARM state, because it failed to share the folder {folder.S3Prefix} with S3 Access Point.
+Alarm Details:
+    - State Change:               	OK -> ALARM
+    - Reason for State Change:      S3 Folder sharing failure
+    - Timestamp:                              {datetime.now()}
+    Share Source
+    - Dataset URI:                   {share.datasetUri}
+    - AWS Account:                   {folder.AWSAccountId}
+    - Region:                            {folder.region}
+    - S3 Bucket:                     {folder.S3BucketName}
+    - S3 Folder:                     {folder.S3Prefix}
+    Share Target
+    - AWS Account:                {target_environment.AwsAccountId}
+    - Region:                            {target_environment.region}
+"""
+        return self.publish_message_to_alarms_topic(subject, message)
+
+    def trigger_revoke_folder_sharing_failure_alarm(
+        self,
+        folder: DatasetStorageLocation,
+        share: models.ShareObject,
+        target_environment: models.Environment,
+    ):
+        log.info('Triggering share failure alarm...')
+        subject = (
+            f'ALARM: DATAALL Folder {folder.S3Prefix} Sharing Revoke Failure Notification'
+        )
+        message = f"""
+You are receiving this email because your DATAALL {self.envname} environment in the {self.region} region has entered the ALARM state, because it failed to share the folder {folder.S3Prefix} with S3 Access Point.
+Alarm Details:
+    - State Change:               	OK -> ALARM
+    - Reason for State Change:      S3 Folder sharing Revoke failure
+    - Timestamp:                              {datetime.now()}
+    Share Source
+    - Dataset URI:                   {share.datasetUri}
+    - AWS Account:                   {folder.AWSAccountId}
+    - Region:                            {folder.region}
+    - S3 Bucket:                     {folder.S3BucketName}
+    - S3 Folder:                     {folder.S3Prefix}
+    Share Target
+    - AWS Account:                {target_environment.AwsAccountId}
+    - Region:                            {target_environment.region}
+"""
+        return self.publish_message_to_alarms_topic(subject, message)
+
 
diff --git a/backend/dataall/tasks/data_sharing/share_managers/s3_share_manager.py b/backend/dataall/tasks/data_sharing/share_managers/s3_share_manager.py
index 52f6581ea..c557482c9 100644
--- a/backend/dataall/tasks/data_sharing/share_managers/s3_share_manager.py
+++ b/backend/dataall/tasks/data_sharing/share_managers/s3_share_manager.py
@@ -8,8 +8,8 @@
 from ....aws.handlers.s3 import S3
 from ....aws.handlers.kms import KMS
 from ....aws.handlers.iam import IAM
+from ....modules.datasets.services.dataset_alarm_service import DatasetAlarmService
 
-from ....utils.alarm_service import AlarmService
 from dataall.modules.datasets.db.models import DatasetStorageLocation, Dataset
 
 logger = logging.getLogger(__name__)
@@ -398,9 +398,12 @@ def delete_dataset_bucket_key_policy(
                 json.dumps(policy)
             )
 
-    def log_share_failure(self, error: Exception) -> None:
+    def handle_share_failure(self, error: Exception) -> None:
         """
-        Writes a log if the failure happened while sharing
+        Handles share failure by raising an alarm to alarmsTopic
+        Returns
+        -------
+        True if alarm published successfully
         """
         logger.error(
             f'Failed to share folder {self.s3_prefix} '
@@ -408,10 +411,16 @@ def log_share_failure(self, error: Exception) -> None:
             f'with target account {self.target_environment.AwsAccountId}/{self.target_environment.region} '
             f'due to: {error}'
         )
+        DatasetAlarmService().trigger_folder_sharing_failure_alarm(
+            self.target_folder, self.share, self.target_environment
+        )
 
-    def log_revoke_failure(self, error: Exception) -> None:
+    def handle_revoke_failure(self, error: Exception) -> None:
         """
-        Writes a log if the failure happened while revoking share
+        Handles share failure by raising an alarm to alarmsTopic
+        Returns
+        -------
+        True if alarm published successfully
         """
         logger.error(
             f'Failed to revoke S3 permissions to folder {self.s3_prefix} '
@@ -419,3 +428,6 @@ def log_revoke_failure(self, error: Exception) -> None:
             f'with target account {self.target_environment.AwsAccountId}/{self.target_environment.region} '
             f'due to: {error}'
         )
+        DatasetAlarmService().trigger_revoke_folder_sharing_failure_alarm(
+            self.target_folder, self.share, self.target_environment
+        )
diff --git a/backend/dataall/tasks/data_sharing/share_processors/s3_process_share.py b/backend/dataall/tasks/data_sharing/share_processors/s3_process_share.py
index 013dda059..13175c2d1 100644
--- a/backend/dataall/tasks/data_sharing/share_processors/s3_process_share.py
+++ b/backend/dataall/tasks/data_sharing/share_processors/s3_process_share.py
@@ -91,7 +91,7 @@ def process_approved_shares(
                 shared_item_SM.update_state_single_item(session, sharing_item, new_state)
 
             except Exception as e:
-                sharing_folder.log_share_failure(e)
+                sharing_folder.handle_share_failure(e)
                 new_state = shared_item_SM.run_transition(models.Enums.ShareItemActions.Failure.value)
                 shared_item_SM.update_state_single_item(session, sharing_item, new_state)
                 success = False
@@ -154,7 +154,7 @@ def process_revoked_shares(
                 revoked_item_SM.update_state_single_item(session, removing_item, new_state)
 
             except Exception as e:
-                removing_folder.log_revoke_failure(e)
+                removing_folder.handle_revoke_failure(e)
                 new_state = revoked_item_SM.run_transition(models.Enums.ShareItemActions.Failure.value)
                 revoked_item_SM.update_state_single_item(session, removing_item, new_state)
                 success = False

From ae0c61189c9f1efb0de51ed2eea8f6b20aa2bc19 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 9 May 2023 11:34:40 +0200
Subject: [PATCH 143/346] Resolved cyclic import

---
 .../dataall/modules/datasets/api/dataset/enums.py  | 11 +++++++++++
 .../modules/datasets/api/dataset/resolvers.py      |  2 +-
 .../dataall/modules/datasets/api/dataset/schema.py | 14 ++------------
 3 files changed, 14 insertions(+), 13 deletions(-)
 create mode 100644 backend/dataall/modules/datasets/api/dataset/enums.py

diff --git a/backend/dataall/modules/datasets/api/dataset/enums.py b/backend/dataall/modules/datasets/api/dataset/enums.py
new file mode 100644
index 000000000..decf8df06
--- /dev/null
+++ b/backend/dataall/modules/datasets/api/dataset/enums.py
@@ -0,0 +1,11 @@
+from dataall.api.constants import GraphQLEnumMapper
+
+
+class DatasetRole(GraphQLEnumMapper):
+    # Permissions on a dataset
+    BusinessOwner = '999'
+    DataSteward = '998'
+    Creator = '950'
+    Admin = '900'
+    Shared = '300'
+    NoPermission = '000'
diff --git a/backend/dataall/modules/datasets/api/dataset/resolvers.py b/backend/dataall/modules/datasets/api/dataset/resolvers.py
index b62397415..d3c5863a2 100644
--- a/backend/dataall/modules/datasets/api/dataset/resolvers.py
+++ b/backend/dataall/modules/datasets/api/dataset/resolvers.py
@@ -13,7 +13,7 @@
 from dataall.db.api import Environment, ShareObject, ResourcePolicy
 from dataall.db.api.organization import Organization
 from dataall.modules.datasets import Dataset
-from dataall.modules.datasets.api.dataset.schema import DatasetRole
+from dataall.modules.datasets.api.dataset.enums import DatasetRole
 from dataall.modules.datasets.aws.glue_dataset_client import DatasetCrawler
 from dataall.modules.datasets.services.dataset_location_service import DatasetLocationService
 from dataall.modules.datasets.services.dataset_service import DatasetService
diff --git a/backend/dataall/modules/datasets/api/dataset/schema.py b/backend/dataall/modules/datasets/api/dataset/schema.py
index 90f4a2baa..a329ebf58 100644
--- a/backend/dataall/modules/datasets/api/dataset/schema.py
+++ b/backend/dataall/modules/datasets/api/dataset/schema.py
@@ -1,4 +1,5 @@
 from dataall.api import gql
+from dataall.modules.datasets.api.dataset.enums import DatasetRole
 from dataall.modules.datasets.api.dataset.resolvers import (
     get_dataset_environment,
     get_dataset_organization,
@@ -13,18 +14,7 @@
     resolve_redshift_copy_enabled,
     get_dataset_stack
 )
-from dataall.api.constants import EnvironmentPermission, GraphQLEnumMapper
-
-
-class DatasetRole(GraphQLEnumMapper):
-    # Permissions on a dataset
-    BusinessOwner = '999'
-    DataSteward = '998'
-    Creator = '950'
-    Admin = '900'
-    Shared = '300'
-    NoPermission = '000'
-
+from dataall.api.constants import EnvironmentPermission
 
 DatasetStatistics = gql.ObjectType(
     name='DatasetStatistics',

From a2e27a8c60c633ac8e3d061915fddc8daaa82512 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 9 May 2023 11:36:01 +0200
Subject: [PATCH 144/346] Moved glue script to dataset module and introduced
 extension for environment stack

---
 .gitignore                                    |  2 -
 .../dataall/cdkproxy/stacks/environment.py    | 50 +++++++++----------
 .../assets/glueprofilingjob/glue_script.py    |  0
 .../cdk/dataset_glue_profiler_extension.py    | 42 ++++++++++++++++
 tests/modules/datasets/test_glue_profiler.py  |  8 +++
 5 files changed, 74 insertions(+), 28 deletions(-)
 rename backend/dataall/{cdkproxy => modules/datasets/cdk}/assets/glueprofilingjob/glue_script.py (100%)
 create mode 100644 backend/dataall/modules/datasets/cdk/dataset_glue_profiler_extension.py
 create mode 100644 tests/modules/datasets/test_glue_profiler.py

diff --git a/.gitignore b/.gitignore
index aab8ca3d0..9261ed4bd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -70,5 +70,3 @@ npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
 .idea
-/backend/dataall/cdkproxy/assets/gluedataqualityjob/datahubdq.zip
-/backend/dataall/cdkproxy/assets/glueprofilingjob/datahubdq.zip
diff --git a/backend/dataall/cdkproxy/stacks/environment.py b/backend/dataall/cdkproxy/stacks/environment.py
index 2b863640d..b591fbea5 100644
--- a/backend/dataall/cdkproxy/stacks/environment.py
+++ b/backend/dataall/cdkproxy/stacks/environment.py
@@ -1,12 +1,12 @@
 import logging
 import os
 import pathlib
-import shutil
+from abc import abstractmethod
+from typing import List
 
 from aws_cdk import (
     custom_resources as cr,
     aws_s3 as s3,
-    aws_s3_deployment,
     aws_iam as iam,
     aws_lambda as _lambda,
     aws_lambda_destinations as lambda_destination,
@@ -44,9 +44,25 @@
 logger = logging.getLogger(__name__)
 
 
+class EnvironmentStackExtension:
+    @staticmethod
+    @abstractmethod
+    def extent(setup: 'EnvironmentSetup'):
+        raise NotImplementedError
+
+
 @stack(stack='environment')
 class EnvironmentSetup(Stack):
     module_name = __file__
+    _EXTENSIONS: List[EnvironmentStackExtension] = []
+
+    @staticmethod
+    def register(extension: EnvironmentStackExtension):
+        EnvironmentSetup._EXTENSIONS.append(extension)
+
+    @property
+    def environment(self) -> models.Environment:
+        return self._environment
 
     def get_engine(self):
         envname = os.environ.get('envname', 'local')
@@ -173,6 +189,7 @@ def __init__(self, scope, id, target_uri: str = None, **kwargs):
             versioned=True,
             enforce_ssl=True,
         )
+        self.default_environment_bucket = default_environment_bucket
         default_environment_bucket.add_to_resource_policy(
             iam.PolicyStatement(
                 sid='RedshiftLogging',
@@ -220,22 +237,6 @@ def __init__(self, scope, id, target_uri: str = None, **kwargs):
             enabled=True,
         )
 
-        profiling_assetspath = self.zip_code(
-            os.path.realpath(
-                os.path.abspath(
-                    os.path.join(__file__, '..', '..', 'assets', 'glueprofilingjob')
-                )
-            )
-        )
-
-        aws_s3_deployment.BucketDeployment(
-            self,
-            f'{self._environment.resourcePrefix}GlueProflingJobDeployment',
-            sources=[aws_s3_deployment.Source.asset(profiling_assetspath)],
-            destination_bucket=default_environment_bucket,
-            destination_key_prefix='profiling/code',
-        )
-
         default_role = self.create_or_import_environment_default_role()
         roles_sagemaker_dependency_group.add(default_role)
 
@@ -250,6 +251,8 @@ def __init__(self, scope, id, target_uri: str = None, **kwargs):
             f'arn:aws:iam::{self._environment.AwsAccountId}:role/{self.pivot_role_name}',
         )
 
+        self.pivot_role = pivot_role
+
         # Lakeformation default settings
         entry_point = str(
             pathlib.PosixPath(
@@ -558,6 +561,9 @@ def __init__(self, scope, id, target_uri: str = None, **kwargs):
                 parameter_name=f'/dataall/{self._environment.environmentUri}/sagemaker/sagemakerstudio/domain_id',
             )
 
+        for extension in EnvironmentSetup._EXTENSIONS:
+            extension.extent(self)
+
         TagsUtil.add_tags(stack=self, model=models.Environment, target_type="environment")
 
         CDKNagUtil.check_rules(self)
@@ -767,14 +773,6 @@ def create_topic(self, construct_id, central_account, environment):
         )
         return topic
 
-    @staticmethod
-    def zip_code(assetspath, s3_key='profiler'):
-        logger.info('Zipping code')
-        shutil.make_archive(
-            base_name=f'{assetspath}/{s3_key}', format='zip', root_dir=f'{assetspath}'
-        )
-        return assetspath
-
     def set_dlq(self, queue_name) -> sqs.Queue:
         queue_key = kms.Key(
             self,
diff --git a/backend/dataall/cdkproxy/assets/glueprofilingjob/glue_script.py b/backend/dataall/modules/datasets/cdk/assets/glueprofilingjob/glue_script.py
similarity index 100%
rename from backend/dataall/cdkproxy/assets/glueprofilingjob/glue_script.py
rename to backend/dataall/modules/datasets/cdk/assets/glueprofilingjob/glue_script.py
diff --git a/backend/dataall/modules/datasets/cdk/dataset_glue_profiler_extension.py b/backend/dataall/modules/datasets/cdk/dataset_glue_profiler_extension.py
new file mode 100644
index 000000000..5311c7460
--- /dev/null
+++ b/backend/dataall/modules/datasets/cdk/dataset_glue_profiler_extension.py
@@ -0,0 +1,42 @@
+import os
+import logging
+import shutil
+from aws_cdk import aws_s3_deployment
+
+from dataall.cdkproxy.stacks import EnvironmentSetup
+from dataall.cdkproxy.stacks.environment import EnvironmentStackExtension
+
+log = logging.getLogger(__name__)
+
+
+class DatasetGlueProfilerExtension(EnvironmentStackExtension):
+    """Extends an environment stack for glue profiler """
+
+    @staticmethod
+    def extent(setup: EnvironmentSetup):
+        asset_path = DatasetGlueProfilerExtension.get_path_to_asset()
+        profiling_assetspath = DatasetGlueProfilerExtension.zip_code(asset_path)
+
+        aws_s3_deployment.BucketDeployment(
+            setup,
+            f'{setup.environment.resourcePrefix}GlueProflingJobDeployment',
+            sources=[aws_s3_deployment.Source.asset(profiling_assetspath)],
+            destination_bucket=setup.default_environment_bucket,
+            destination_key_prefix='profiling/code',
+        )
+
+    @staticmethod
+    def get_path_to_asset():
+        return os.path.realpath(
+            os.path.abspath(
+                os.path.join(__file__, '..', 'assets', 'glueprofilingjob')
+            )
+        )
+
+    @staticmethod
+    def zip_code(assets_path, s3_key='profiler'):
+        log.info('Zipping code')
+        shutil.make_archive(
+            base_name=f'{assets_path}/{s3_key}', format='zip', root_dir=f'{assets_path}'
+        )
+        return assets_path
diff --git a/tests/modules/datasets/test_glue_profiler.py b/tests/modules/datasets/test_glue_profiler.py
new file mode 100644
index 000000000..7e45695c2
--- /dev/null
+++ b/tests/modules/datasets/test_glue_profiler.py
@@ -0,0 +1,8 @@
+from dataall.modules.datasets.cdk.dataset_glue_profiler_extension import DatasetGlueProfilerExtension
+from pathlib import Path
+
+
+def test_glue_profiler_exist():
+    path = DatasetGlueProfilerExtension.get_path_to_asset()
+    assert Path(path).exists()
+

From 732f726d43886fe4707accb531357fc58c463ae7 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 9 May 2023 11:50:50 +0200
Subject: [PATCH 145/346] Renamed the method

---
 backend/dataall/modules/datasets/handlers/glue_table_handler.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/dataall/modules/datasets/handlers/glue_table_handler.py b/backend/dataall/modules/datasets/handlers/glue_table_handler.py
index b38311ca6..ce6b7b66a 100644
--- a/backend/dataall/modules/datasets/handlers/glue_table_handler.py
+++ b/backend/dataall/modules/datasets/handlers/glue_table_handler.py
@@ -15,7 +15,7 @@ class DatasetTableSyncHandler:
 
     @staticmethod
     @Worker.handler(path='glue.dataset.database.tables')
-    def list_tables(engine, task: models.Task):
+    def sync_existing_tables(engine, task: models.Task):
         with engine.scoped_session() as session:
             dataset: Dataset = DatasetService.get_dataset_by_uri(
                 session, task.targetUri

From 90d6429a155c07248dd219a2d60b4812ce670894 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 9 May 2023 12:10:27 +0200
Subject: [PATCH 146/346] Fixed test and added registration of glue extension

---
 backend/dataall/cdkproxy/stacks/environment.py             | 7 +++----
 backend/dataall/modules/datasets/__init__.py               | 5 +++++
 .../datasets/cdk/dataset_glue_profiler_extension.py        | 2 +-
 3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/backend/dataall/cdkproxy/stacks/environment.py b/backend/dataall/cdkproxy/stacks/environment.py
index b591fbea5..7c1050fe7 100644
--- a/backend/dataall/cdkproxy/stacks/environment.py
+++ b/backend/dataall/cdkproxy/stacks/environment.py
@@ -2,7 +2,7 @@
 import os
 import pathlib
 from abc import abstractmethod
-from typing import List
+from typing import List, Type
 
 from aws_cdk import (
     custom_resources as cr,
@@ -54,13 +54,12 @@ def extent(setup: 'EnvironmentSetup'):
 @stack(stack='environment')
 class EnvironmentSetup(Stack):
     module_name = __file__
-    _EXTENSIONS: List[EnvironmentStackExtension] = []
+    _EXTENSIONS: List[Type[EnvironmentStackExtension]] = []
 
     @staticmethod
-    def register(extension: EnvironmentStackExtension):
+    def register(extension: Type[EnvironmentStackExtension]):
         EnvironmentSetup._EXTENSIONS.append(extension)
 
-    @property
     def environment(self) -> models.Environment:
         return self._environment
 
diff --git a/backend/dataall/modules/datasets/__init__.py b/backend/dataall/modules/datasets/__init__.py
index 2ace4145b..d653d358e 100644
--- a/backend/dataall/modules/datasets/__init__.py
+++ b/backend/dataall/modules/datasets/__init__.py
@@ -85,4 +85,9 @@ def is_supported(cls, modes: List[ImportMode]):
 
     def __init__(self):
         import dataall.modules.datasets.cdk
+        from dataall.cdkproxy.stacks.environment import EnvironmentSetup
+        from dataall.modules.datasets.cdk.dataset_glue_profiler_extension import DatasetGlueProfilerExtension
+
+        EnvironmentSetup.register(DatasetGlueProfilerExtension)
+
         log.info("Dataset stacks have been imported")
diff --git a/backend/dataall/modules/datasets/cdk/dataset_glue_profiler_extension.py b/backend/dataall/modules/datasets/cdk/dataset_glue_profiler_extension.py
index 5311c7460..d4986380d 100644
--- a/backend/dataall/modules/datasets/cdk/dataset_glue_profiler_extension.py
+++ b/backend/dataall/modules/datasets/cdk/dataset_glue_profiler_extension.py
@@ -19,7 +19,7 @@ def extent(setup: EnvironmentSetup):
 
         aws_s3_deployment.BucketDeployment(
             setup,
-            f'{setup.environment.resourcePrefix}GlueProflingJobDeployment',
+            f'{setup.environment().resourcePrefix}GlueProflingJobDeployment',
             sources=[aws_s3_deployment.Source.asset(profiling_assetspath)],
             destination_bucket=setup.default_environment_bucket,
             destination_key_prefix='profiling/code',

From 23b5eb8c2b4000d212bd22c801d42cdf91531bb6 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 9 May 2023 14:12:43 +0200
Subject: [PATCH 147/346] Merge conflict

---
 backend/dataall/cdkproxy/stacks/environment.py | 2 --
 1 file changed, 2 deletions(-)

diff --git a/backend/dataall/cdkproxy/stacks/environment.py b/backend/dataall/cdkproxy/stacks/environment.py
index 807e331bb..e4fb58b44 100644
--- a/backend/dataall/cdkproxy/stacks/environment.py
+++ b/backend/dataall/cdkproxy/stacks/environment.py
@@ -242,8 +242,6 @@ def __init__(self, scope, id, target_uri: str = None, **kwargs):
                 f'arn:aws:iam::{self._environment.AwsAccountId}:role/{self.pivot_role_name}',
             )
 
-        self.pivot_role = pivot_role
-
         # Lakeformation default settings custom resource
         # Set PivotRole as Lake Formation data lake admin
         entry_point = str(

From 99fb5066f159a9736a62c02de80615a937bb670d Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 9 May 2023 15:21:04 +0200
Subject: [PATCH 148/346] Fix merge conflict

---
 .../dataset_sharing/services/dataset_alarm_service.py        | 4 ++--
 .../services/share_managers/s3_share_manager.py              | 2 +-
 backend/dataall/modules/datasets/aws/glue_profiler_client.py | 2 +-
 .../modules/datasets/handlers/glue_profiling_handler.py      | 5 ++---
 4 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/backend/dataall/modules/dataset_sharing/services/dataset_alarm_service.py b/backend/dataall/modules/dataset_sharing/services/dataset_alarm_service.py
index 0c30d267b..c1a11c289 100644
--- a/backend/dataall/modules/dataset_sharing/services/dataset_alarm_service.py
+++ b/backend/dataall/modules/dataset_sharing/services/dataset_alarm_service.py
@@ -97,7 +97,7 @@ def trigger_dataset_sync_failure_alarm(self, dataset: Dataset, error: str):
     def trigger_folder_sharing_failure_alarm(
         self,
         folder: DatasetStorageLocation,
-        share: models.ShareObject,
+        share: ShareObject,
         target_environment: models.Environment,
     ):
         log.info('Triggering share failure alarm...')
@@ -125,7 +125,7 @@ def trigger_folder_sharing_failure_alarm(
     def trigger_revoke_folder_sharing_failure_alarm(
         self,
         folder: DatasetStorageLocation,
-        share: models.ShareObject,
+        share: ShareObject,
         target_environment: models.Environment,
     ):
         log.info('Triggering share failure alarm...')
diff --git a/backend/dataall/modules/dataset_sharing/services/share_managers/s3_share_manager.py b/backend/dataall/modules/dataset_sharing/services/share_managers/s3_share_manager.py
index d0248c1c8..004ed44f7 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_managers/s3_share_manager.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_managers/s3_share_manager.py
@@ -9,8 +9,8 @@
 from dataall.aws.handlers.kms import KMS
 from dataall.aws.handlers.iam import IAM
 from dataall.modules.dataset_sharing.db.models import ShareObject
+from dataall.modules.dataset_sharing.services.dataset_alarm_service import DatasetAlarmService
 from dataall.modules.dataset_sharing.services.share_object import ShareObjectService
-from dataall.modules.datasets.services.dataset_alarm_service import DatasetAlarmService
 
 from dataall.modules.datasets_base.db.models import DatasetStorageLocation, Dataset
 
diff --git a/backend/dataall/modules/datasets/aws/glue_profiler_client.py b/backend/dataall/modules/datasets/aws/glue_profiler_client.py
index 6b678ec0b..523dc2c20 100644
--- a/backend/dataall/modules/datasets/aws/glue_profiler_client.py
+++ b/backend/dataall/modules/datasets/aws/glue_profiler_client.py
@@ -3,7 +3,7 @@
 
 from dataall.aws.handlers.sts import SessionHelper
 from dataall.modules.datasets import Dataset
-from dataall.modules.datasets.db.models import DatasetProfilingRun
+from dataall.modules.datasets_base.db.models import DatasetProfilingRun
 
 log = logging.getLogger(__name__)
 
diff --git a/backend/dataall/modules/datasets/handlers/glue_profiling_handler.py b/backend/dataall/modules/datasets/handlers/glue_profiling_handler.py
index 0d604a7c7..a804dc729 100644
--- a/backend/dataall/modules/datasets/handlers/glue_profiling_handler.py
+++ b/backend/dataall/modules/datasets/handlers/glue_profiling_handler.py
@@ -1,11 +1,10 @@
 import logging
 
 from dataall.aws.handlers.service_handlers import Worker
-from dataall.aws.handlers.sts import SessionHelper
 from dataall.db import models
 from dataall.modules.datasets.aws.glue_profiler_client import GlueDatasetProfilerClient
 from dataall.modules.datasets_base.db.models import DatasetProfilingRun, Dataset
-from dataall.modules.datasets.services.dataset_profiling_repository import DatasetProfilingRepository
+from dataall.modules.datasets.db.dataset_profiling_repository import DatasetProfilingRepository
 
 log = logging.getLogger(__name__)
 
@@ -31,7 +30,7 @@ def start_profiling_run(engine, task: models.Task):
             dataset, profiling = DatasetProfilingGlueHandler._get_job_data(session, task)
             run_id = GlueDatasetProfilerClient(dataset).run_job(profiling)
 
-            DatasetProfilingService.update_run(
+            DatasetProfilingRepository.update_run(
                 session,
                 profilingRunUri=profiling.profilingRunUri,
                 GlueJobRunId=run_id,

From b3838205a30303eed82ea33fc70459d062bfaff2 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 9 May 2023 15:37:51 +0200
Subject: [PATCH 149/346] Extracted EcsShareHandler

---
 backend/dataall/aws/handlers/ecs.py           | 60 ---------------
 backend/dataall/modules/__init__.py           | 10 +--
 .../modules/dataset_sharing/__init__.py       | 12 +++
 .../dataset_sharing/handlers/__init__.py      |  0
 .../handlers/ecs_share_handler.py             | 74 +++++++++++++++++++
 backend/dataall/modules/datasets/__init__.py  | 13 +++-
 6 files changed, 102 insertions(+), 67 deletions(-)
 create mode 100644 backend/dataall/modules/dataset_sharing/handlers/__init__.py
 create mode 100644 backend/dataall/modules/dataset_sharing/handlers/ecs_share_handler.py

diff --git a/backend/dataall/aws/handlers/ecs.py b/backend/dataall/aws/handlers/ecs.py
index 528ebb520..922a22a89 100644
--- a/backend/dataall/aws/handlers/ecs.py
+++ b/backend/dataall/aws/handlers/ecs.py
@@ -9,7 +9,6 @@
 from ... import db
 from ...db import models
 from ...utils import Parameter
-from dataall.modules.dataset_sharing.services.data_sharing_service import DataSharingService
 
 log = logging.getLogger('aws:ecs')
 
@@ -18,65 +17,6 @@ class Ecs:
     def __init__(self):
         pass
 
-    @staticmethod
-    @Worker.handler(path='ecs.share.approve')
-    def approve_share(engine, task: models.Task):
-        envname = os.environ.get('envname', 'local')
-        if envname in ['local', 'dkrcompose']:
-            return DataSharingService.approve_share(engine, task.targetUri)
-        else:
-            return Ecs.run_share_management_ecs_task(
-                envname=envname, share_uri=task.targetUri, handler='approve_share'
-            )
-
-    @staticmethod
-    @Worker.handler(path='ecs.share.revoke')
-    def revoke_share(engine, task: models.Task):
-        envname = os.environ.get('envname', 'local')
-        if envname in ['local', 'dkrcompose']:
-            return DataSharingService.revoke_share(engine, task.targetUri)
-        else:
-            return Ecs.run_share_management_ecs_task(
-                envname=envname, share_uri=task.targetUri, handler='revoke_share'
-            )
-
-    @staticmethod
-    def run_share_management_ecs_task(envname, share_uri, handler):
-        share_task_definition = Parameter().get_parameter(
-            env=envname, path='ecs/task_def_arn/share_management'
-        )
-        container_name = Parameter().get_parameter(
-            env=envname, path='ecs/container/share_management'
-        )
-        cluster_name = Parameter().get_parameter(env=envname, path='ecs/cluster/name')
-        subnets = Parameter().get_parameter(env=envname, path='ecs/private_subnets')
-        security_groups = Parameter().get_parameter(
-            env=envname, path='ecs/security_groups'
-        )
-
-        try:
-            Ecs.run_ecs_task(
-                cluster_name=cluster_name,
-                task_definition=share_task_definition,
-                container_name=container_name,
-                security_groups=security_groups,
-                subnets=subnets,
-                environment=[
-                    {'name': 'shareUri', 'value': share_uri},
-                    {'name': 'config_location', 'value': '/config.json'},
-                    {'name': 'envname', 'value': envname},
-                    {'name': 'handler', 'value': handler},
-                    {
-                        'name': 'AWS_REGION',
-                        'value': os.getenv('AWS_REGION', 'eu-west-1'),
-                    },
-                ],
-            )
-            return True
-        except ClientError as e:
-            log.error(e)
-            raise e
-
     @staticmethod
     @Worker.handler(path='ecs.cdkproxy.deploy')
     def deploy_stack(engine, task: models.Task):
diff --git a/backend/dataall/modules/__init__.py b/backend/dataall/modules/__init__.py
index dce3a711e..7e1d5c42a 100644
--- a/backend/dataall/modules/__init__.py
+++ b/backend/dataall/modules/__init__.py
@@ -7,7 +7,7 @@
 3) Define your module in config.json. The loader will use it to import your module
 
 Remember that there should not be any references from outside to modules.
-The rule is simple: modules can import the core/common code, but not the other way around
+The rule is simple: modules can import the core code, but not the other way around
 Otherwise your modules will be imported automatically.
 You can add logging about the importing the module in __init__.py to track unintentionally imports
 
@@ -19,15 +19,13 @@
 register itself automatically if there is decorator @stack upon the class
 see StackManagerFactory and @stack - for more information on stacks
 
-tasks - contains code for short-running tasks that will be delegated to lambda
+handlers - contains code for long-running tasks that will be delegated to lambda
 These task will automatically register themselves when there is @Worker.handler
 upon the static! method.
 see WorkerHandler - for more information on short-living tasks
 
 Another example of auto import is service policies. If your module has a service policy
-it will be automatically imported if it inherited from ServicePolicy
+it will be automatically imported if it inherited from ServicePolicy or S3Policy
 
-Manual import:
-Permissions. Make sure you have added all permission to the core permissions
-Permission resolvers in TargetType. see it for reference
+Any manual import should be done in __init__ file of the module in ModuleInterface
 """
diff --git a/backend/dataall/modules/dataset_sharing/__init__.py b/backend/dataall/modules/dataset_sharing/__init__.py
index 7e2c7621d..80ab16edc 100644
--- a/backend/dataall/modules/dataset_sharing/__init__.py
+++ b/backend/dataall/modules/dataset_sharing/__init__.py
@@ -20,3 +20,15 @@ def depends_on() -> List[Type['ModuleInterface']]:
     def __init__(self):
         from dataall.modules.dataset_sharing import api
         log.info("API of dataset sharing has been imported")
+
+
+class SharingAsyncHandlersModuleInterface(ModuleInterface):
+    """Implements ModuleInterface for dataset async lambda"""
+
+    @staticmethod
+    def is_supported(modes: List[ImportMode]):
+        return ImportMode.HANDLERS in modes
+
+    def __init__(self):
+        import dataall.modules.dataset_sharing.handlers
+        log.info("Sharing handlers have been imported")
diff --git a/backend/dataall/modules/dataset_sharing/handlers/__init__.py b/backend/dataall/modules/dataset_sharing/handlers/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/backend/dataall/modules/dataset_sharing/handlers/ecs_share_handler.py b/backend/dataall/modules/dataset_sharing/handlers/ecs_share_handler.py
new file mode 100644
index 000000000..e7b600222
--- /dev/null
+++ b/backend/dataall/modules/dataset_sharing/handlers/ecs_share_handler.py
@@ -0,0 +1,74 @@
+
+import logging
+import os
+
+from botocore.exceptions import ClientError
+
+from dataall.aws.handlers.ecs import Ecs
+from dataall.db import models
+from dataall.utils import Parameter
+from dataall.aws.handlers.service_handlers import Worker
+from dataall.modules.dataset_sharing.services.data_sharing_service import DataSharingService
+
+log = logging.getLogger(__name__)
+
+
+class EcsShareHandler:
+    @staticmethod
+    @Worker.handler(path='ecs.share.approve')
+    def approve_share(engine, task: models.Task):
+        envname = os.environ.get('envname', 'local')
+        if envname in ['local', 'dkrcompose']:
+            return DataSharingService.approve_share(engine, task.targetUri)
+        else:
+            return EcsShareHandler.run_share_management_ecs_task(
+                envname=envname, share_uri=task.targetUri, handler='approve_share'
+            )
+
+    @staticmethod
+    @Worker.handler(path='ecs.share.revoke')
+    def revoke_share(engine, task: models.Task):
+        envname = os.environ.get('envname', 'local')
+        if envname in ['local', 'dkrcompose']:
+            return DataSharingService.revoke_share(engine, task.targetUri)
+        else:
+            return EcsShareHandler.run_share_management_ecs_task(
+                envname=envname, share_uri=task.targetUri, handler='revoke_share'
+            )
+
+    @staticmethod
+    def run_share_management_ecs_task(envname, share_uri, handler):
+        share_task_definition = Parameter().get_parameter(
+            env=envname, path='ecs/task_def_arn/share_management'
+        )
+        container_name = Parameter().get_parameter(
+            env=envname, path='ecs/container/share_management'
+        )
+        cluster_name = Parameter().get_parameter(env=envname, path='ecs/cluster/name')
+        subnets = Parameter().get_parameter(env=envname, path='ecs/private_subnets')
+        security_groups = Parameter().get_parameter(
+            env=envname, path='ecs/security_groups'
+        )
+
+        try:
+            Ecs.run_ecs_task(
+                cluster_name=cluster_name,
+                task_definition=share_task_definition,
+                container_name=container_name,
+                security_groups=security_groups,
+                subnets=subnets,
+                environment=[
+                    {'name': 'shareUri', 'value': share_uri},
+                    {'name': 'config_location', 'value': '/config.json'},
+                    {'name': 'envname', 'value': envname},
+                    {'name': 'handler', 'value': handler},
+                    {
+                        'name': 'AWS_REGION',
+                        'value': os.getenv('AWS_REGION', 'eu-west-1'),
+                    },
+                ],
+            )
+            return True
+        except ClientError as e:
+            log.error(e)
+            raise e
diff --git a/backend/dataall/modules/datasets/__init__.py b/backend/dataall/modules/datasets/__init__.py
index aba27e198..e923124a7 100644
--- a/backend/dataall/modules/datasets/__init__.py
+++ b/backend/dataall/modules/datasets/__init__.py
@@ -2,7 +2,6 @@
 import logging
 from typing import List, Type
 
-from dataall.modules.dataset_sharing import SharingApiModuleInterface
 from dataall.core.group.services.group_resource_manager import GroupResourceManager
 from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base import DatasetBaseModuleInterface
@@ -25,6 +24,8 @@ def is_supported(modes):
 
     @staticmethod
     def depends_on() -> List[Type['ModuleInterface']]:
+        from dataall.modules.dataset_sharing import SharingApiModuleInterface
+
         return [SharingApiModuleInterface, DatasetBaseModuleInterface]
 
     def __init__(self):
@@ -82,6 +83,12 @@ def __init__(self):
         import dataall.modules.datasets.handlers
         log.info("Dataset handlers have been imported")
 
+    @staticmethod
+    def depends_on() -> List[Type['ModuleInterface']]:
+        from dataall.modules.dataset_sharing import SharingAsyncHandlersModuleInterface
+
+        return [SharingAsyncHandlersModuleInterface, DatasetBaseModuleInterface]
+
 
 class DatasetCdkModuleInterface(ModuleInterface):
     """Loads dataset cdk stacks """
@@ -98,3 +105,7 @@ def __init__(self):
         EnvironmentSetup.register(DatasetGlueProfilerExtension)
 
         log.info("Dataset stacks have been imported")
+
+    @staticmethod
+    def depends_on() -> List[Type['ModuleInterface']]:
+        return [DatasetBaseModuleInterface]

From efbdd269ffdb919e68fda417f7414be7b17484a5 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 9 May 2023 16:04:36 +0200
Subject: [PATCH 150/346] Reduced code duplication

---
 backend/dataall/aws/handlers/ecs.py           | 140 +++++++++---------
 .../handlers/ecs_share_handler.py             |  55 ++-----
 2 files changed, 82 insertions(+), 113 deletions(-)

diff --git a/backend/dataall/aws/handlers/ecs.py b/backend/dataall/aws/handlers/ecs.py
index 922a22a89..b5958e4e6 100644
--- a/backend/dataall/aws/handlers/ecs.py
+++ b/backend/dataall/aws/handlers/ecs.py
@@ -39,87 +39,83 @@ def deploy_stack(engine, task: models.Task):
 
     @staticmethod
     def run_cdkproxy_task(stack_uri):
-        envname = os.environ.get('envname', 'local')
-        cdkproxy_task_definition = Parameter().get_parameter(
-            env=envname, path='ecs/task_def_arn/cdkproxy'
+        task_arn = Ecs.run_ecs_task(
+            task_definition_param='ecs/task_def_arn/cdkproxy',
+            container_name_param='ecs/container/cdkproxy',
+            context=[{'name': 'stackUri', 'value': stack_uri}],
+            started_by=f'awsworker-{stack_uri}',
         )
-        container_name = Parameter().get_parameter(
-            env=envname, path='ecs/container/cdkproxy'
-        )
-        cluster_name = Parameter().get_parameter(env=envname, path='ecs/cluster/name')
-        subnets = Parameter().get_parameter(env=envname, path='ecs/private_subnets')
-        security_groups = Parameter().get_parameter(
-            env=envname, path='ecs/security_groups'
-        )
-        try:
-            task_arn = Ecs.run_ecs_task(
-                cluster_name=cluster_name,
-                task_definition=cdkproxy_task_definition,
-                container_name=container_name,
-                security_groups=security_groups,
-                subnets=subnets,
-                environment=[
-                    {'name': 'stackUri', 'value': stack_uri},
-                    {'name': 'config_location', 'value': '/config.json'},
-                    {'name': 'envname', 'value': envname},
-                    {
-                        'name': 'AWS_REGION',
-                        'value': os.getenv('AWS_REGION', 'eu-west-1'),
-                    },
-                ],
-                started_by=f'awsworker-{stack_uri}',
-            )
-            log.info(f'ECS Task {task_arn} running')
-            return task_arn
-        except ClientError as e:
-            log.error(e)
-            raise e
+        log.info(f'ECS Task {task_arn} running')
+        return task_arn
 
     @staticmethod
     def run_ecs_task(
-        cluster_name,
-        task_definition,
-        container_name,
-        security_groups,
-        subnets,
-        environment,
+        task_definition_param,
+        container_name_param,
+        context,
         started_by='awsworker',
     ):
-        response = boto3.client('ecs').run_task(
-            cluster=cluster_name,
-            taskDefinition=task_definition,
-            count=1,
-            launchType='FARGATE',
-            networkConfiguration={
-                'awsvpcConfiguration': {
-                    'subnets': subnets.split(','),
-                    'securityGroups': security_groups.split(','),
-                }
-            },
-            overrides={
-                'containerOverrides': [
-                    {
-                        'name': container_name,
-                        'environment': environment,
+        try:
+            envname = os.environ.get('envname', 'local')
+            cluster_name = Parameter().get_parameter(env=envname, path='ecs/cluster/name')
+            subnets = Parameter().get_parameter(env=envname, path='ecs/private_subnets')
+            security_groups = Parameter().get_parameter(
+                env=envname, path='ecs/security_groups'
+            )
+
+            task_definition = Parameter().get_parameter(
+                env=envname, path=task_definition_param
+            )
+            container_name = Parameter().get_parameter(
+                env=envname, path=container_name_param
+            )
+
+            response = boto3.client('ecs').run_task(
+                cluster=cluster_name,
+                taskDefinition=task_definition,
+                count=1,
+                launchType='FARGATE',
+                networkConfiguration={
+                    'awsvpcConfiguration': {
+                        'subnets': subnets.split(','),
+                        'securityGroups': security_groups.split(','),
                     }
-                ]
-            },
-            startedBy=started_by,
-        )
-        if response['failures']:
-            raise Exception(
-                ', '.join(
-                    [
-                        'fail to run task {0} reason: {1}'.format(
-                            failure['arn'], failure['reason']
-                        )
-                        for failure in response['failures']
+                },
+                overrides={
+                    'containerOverrides': [
+                        {
+                            'name': container_name,
+                            'environment': [
+                                {'name': 'config_location', 'value': '/config.json'},
+                                {'name': 'envname', 'value': envname},
+                                {
+                                    'name': 'AWS_REGION',
+                                    'value': os.getenv('AWS_REGION', 'eu-west-1'),
+                                },
+                                *context
+                            ],
+                        }
                     ]
-                )
+                },
+                startedBy=started_by,
             )
-        task_arn = response.get('tasks', [{'taskArn': None}])[0]['taskArn']
-        log.info(f'Task started {task_arn}..')
-        return task_arn
+            if response['failures']:
+                raise Exception(
+                    ', '.join(
+                        [
+                            'fail to run task {0} reason: {1}'.format(
+                                failure['arn'], failure['reason']
+                            )
+                            for failure in response['failures']
+                        ]
+                    )
+                )
+            task_arn = response.get('tasks', [{'taskArn': None}])[0]['taskArn']
+            log.info(f'Task started {task_arn}..')
+            return task_arn
+        except ClientError as e:
+            log.error(e)
+            raise e
 
     @staticmethod
     def is_task_running(cluster_name, started_by):
diff --git a/backend/dataall/modules/dataset_sharing/handlers/ecs_share_handler.py b/backend/dataall/modules/dataset_sharing/handlers/ecs_share_handler.py
index e7b600222..2707a0609 100644
--- a/backend/dataall/modules/dataset_sharing/handlers/ecs_share_handler.py
+++ b/backend/dataall/modules/dataset_sharing/handlers/ecs_share_handler.py
@@ -17,58 +17,31 @@ class EcsShareHandler:
     @staticmethod
     @Worker.handler(path='ecs.share.approve')
     def approve_share(engine, task: models.Task):
-        envname = os.environ.get('envname', 'local')
-        if envname in ['local', 'dkrcompose']:
-            return DataSharingService.approve_share(engine, task.targetUri)
-        else:
-            return EcsShareHandler.run_share_management_ecs_task(
-                envname=envname, share_uri=task.targetUri, handler='approve_share'
-            )
+        return EcsShareHandler._manage_share(engine, task, DataSharingService.approve_share, 'approve_share')
 
     @staticmethod
     @Worker.handler(path='ecs.share.revoke')
     def revoke_share(engine, task: models.Task):
+        return EcsShareHandler._manage_share(engine, task, DataSharingService.revoke_share, 'revoke_share')
+
+    @staticmethod
+    def _manage_share(engine, task: models.Task, local_handler, ecs_handler: str):
         envname = os.environ.get('envname', 'local')
         if envname in ['local', 'dkrcompose']:
-            return DataSharingService.revoke_share(engine, task.targetUri)
+            return local_handler(engine, task.targetUri)
         else:
-            return EcsShareHandler.run_share_management_ecs_task(
-                envname=envname, share_uri=task.targetUri, handler='revoke_share'
+            return EcsShareHandler._run_share_management_ecs_task(
+                share_uri=task.targetUri, handler=ecs_handler
             )
 
     @staticmethod
-    def run_share_management_ecs_task(envname, share_uri, handler):
-        share_task_definition = Parameter().get_parameter(
-            env=envname, path='ecs/task_def_arn/share_management'
-        )
-        container_name = Parameter().get_parameter(
-            env=envname, path='ecs/container/share_management'
-        )
-        cluster_name = Parameter().get_parameter(env=envname, path='ecs/cluster/name')
-        subnets = Parameter().get_parameter(env=envname, path='ecs/private_subnets')
-        security_groups = Parameter().get_parameter(
-            env=envname, path='ecs/security_groups'
-        )
-
-        try:
-            Ecs.run_ecs_task(
-                cluster_name=cluster_name,
-                task_definition=share_task_definition,
-                container_name=container_name,
-                security_groups=security_groups,
-                subnets=subnets,
-                environment=[
+    def _run_share_management_ecs_task(share_uri, handler):
+        return Ecs.run_ecs_task(
+                task_definition_param='ecs/task_def_arn/share_management',
+                container_name_param='ecs/container/share_management',
+                context=[
                     {'name': 'shareUri', 'value': share_uri},
-                    {'name': 'config_location', 'value': '/config.json'},
-                    {'name': 'envname', 'value': envname},
                     {'name': 'handler', 'value': handler},
-                    {
-                        'name': 'AWS_REGION',
-                        'value': os.getenv('AWS_REGION', 'eu-west-1'),
-                    },
                 ],
             )
-            return True
-        except ClientError as e:
-            log.error(e)
-            raise e
+

From efe9154fb286d8e65c3137c4813806d37d9ca3e5 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 9 May 2023 16:24:00 +0200
Subject: [PATCH 151/346] Moved GraphQL constants

---
 backend/dataall/api/constants.py              | 57 -------------------
 .../modules/dataset_sharing/api/enums.py      | 14 +++++
 .../dataset_sharing/api/input_types.py        |  2 +-
 .../modules/dataset_sharing/api/mutations.py  |  1 +
 .../modules/dataset_sharing/api/queries.py    |  1 +
 .../modules/dataset_sharing/api/resolvers.py  |  2 +-
 .../modules/dataset_sharing/api/schema.py     |  1 +
 7 files changed, 19 insertions(+), 59 deletions(-)
 create mode 100644 backend/dataall/modules/dataset_sharing/api/enums.py

diff --git a/backend/dataall/api/constants.py b/backend/dataall/api/constants.py
index d3c2a74e8..f63fb16c6 100644
--- a/backend/dataall/api/constants.py
+++ b/backend/dataall/api/constants.py
@@ -119,12 +119,6 @@ class SortDirection(GraphQLEnumMapper):
     desc = 'desc'
 
 
-class ShareableType(GraphQLEnumMapper):
-    Table = 'DatasetTable'
-    StorageLocation = 'DatasetStorageLocation'
-    View = 'View'
-
-
 class PrincipalType(GraphQLEnumMapper):
     Any = 'Any'
     Organization = 'Organization'
@@ -136,57 +130,6 @@ class PrincipalType(GraphQLEnumMapper):
     ConsumptionRole = 'ConsumptionRole'
 
 
-class ShareObjectPermission(GraphQLEnumMapper):
-    Approvers = '999'
-    Requesters = '800'
-    DatasetAdmins = '700'
-    NoPermission = '000'
-
-
-class ShareObjectStatus(GraphQLEnumMapper):
-    Deleted = 'Deleted'
-    Approved = 'Approved'
-    Rejected = 'Rejected'
-    Revoked = 'Revoked'
-    Draft = 'Draft'
-    Submitted = 'Submitted'
-    Revoke_In_Progress = 'Revoke_In_Progress'
-    Share_In_Progress = 'Share_In_Progress'
-    Processed = 'Processed'
-
-
-class ShareItemStatus(GraphQLEnumMapper):
-    Deleted = 'Deleted'
-    PendingApproval = 'PendingApproval'
-    Share_Approved = 'Share_Approved'
-    Share_Rejected = 'Share_Rejected'
-    Share_In_Progress = 'Share_In_Progress'
-    Share_Succeeded = 'Share_Succeeded'
-    Share_Failed = 'Share_Failed'
-    Revoke_Approved = 'Revoke_Approved'
-    Revoke_In_Progress = 'Revoke_In_Progress'
-    Revoke_Failed = 'Revoke_Failed'
-    Revoke_Succeeded = 'Revoke_Succeeded'
-
-
-class ShareObjectActions(GraphQLEnumMapper):
-    Submit = 'Submit'
-    Approve = 'Approve'
-    Reject = 'Reject'
-    RevokeItems = 'RevokeItems'
-    Start = 'Start'
-    Finish = 'Finish'
-    FinishPending = 'FinishPending'
-    Delete = 'Delete'
-
-
-class ShareItemActions(GraphQLEnumMapper):
-    AddItem = 'AddItem'
-    RemoveItem = 'RemoveItem'
-    Failure = 'Failure'
-    Success = 'Success'
-
-
 class ConfidentialityClassification(GraphQLEnumMapper):
     Unclassified = 'Unclassified'
     Official = 'Official'
diff --git a/backend/dataall/modules/dataset_sharing/api/enums.py b/backend/dataall/modules/dataset_sharing/api/enums.py
new file mode 100644
index 000000000..e08c83ea6
--- /dev/null
+++ b/backend/dataall/modules/dataset_sharing/api/enums.py
@@ -0,0 +1,14 @@
+from dataall.api.constants import GraphQLEnumMapper
+
+
+class ShareableType(GraphQLEnumMapper):
+    Table = 'DatasetTable'
+    StorageLocation = 'DatasetStorageLocation'
+    View = 'View'
+
+
+class ShareObjectPermission(GraphQLEnumMapper):
+    Approvers = '999'
+    Requesters = '800'
+    DatasetAdmins = '700'
+    NoPermission = '000'
diff --git a/backend/dataall/modules/dataset_sharing/api/input_types.py b/backend/dataall/modules/dataset_sharing/api/input_types.py
index fba467b67..a631736bf 100644
--- a/backend/dataall/modules/dataset_sharing/api/input_types.py
+++ b/backend/dataall/modules/dataset_sharing/api/input_types.py
@@ -1,5 +1,5 @@
 from dataall.api.constants import *
-
+from dataall.modules.dataset_sharing.api.enums import ShareableType
 
 NewShareObjectInput = gql.InputType(
     name='NewShareObjectInput',
diff --git a/backend/dataall/modules/dataset_sharing/api/mutations.py b/backend/dataall/modules/dataset_sharing/api/mutations.py
index 472ba2764..b7e6cac43 100644
--- a/backend/dataall/modules/dataset_sharing/api/mutations.py
+++ b/backend/dataall/modules/dataset_sharing/api/mutations.py
@@ -1,3 +1,4 @@
+from dataall.api import gql
 from dataall.modules.dataset_sharing.api.resolvers import *
 
 createShareObject = gql.MutationField(
diff --git a/backend/dataall/modules/dataset_sharing/api/queries.py b/backend/dataall/modules/dataset_sharing/api/queries.py
index 126508758..0ebe44c64 100644
--- a/backend/dataall/modules/dataset_sharing/api/queries.py
+++ b/backend/dataall/modules/dataset_sharing/api/queries.py
@@ -1,3 +1,4 @@
+from dataall.api import gql
 from dataall.modules.dataset_sharing.api.resolvers import *
 
 getShareObject = gql.QueryField(
diff --git a/backend/dataall/modules/dataset_sharing/api/resolvers.py b/backend/dataall/modules/dataset_sharing/api/resolvers.py
index a0e33909b..6d5234e2e 100644
--- a/backend/dataall/modules/dataset_sharing/api/resolvers.py
+++ b/backend/dataall/modules/dataset_sharing/api/resolvers.py
@@ -3,10 +3,10 @@
 from dataall import db
 from dataall import utils
 from dataall.api.Objects.Principal.resolvers import get_principal
-from dataall.api.constants import *
 from dataall.api.context import Context
 from dataall.aws.handlers.service_handlers import Worker
 from dataall.db import models
+from dataall.modules.dataset_sharing.api.enums import ShareObjectPermission
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
 from dataall.modules.dataset_sharing.services.dataset_share_service import DatasetShareService
 from dataall.modules.dataset_sharing.services.share_object import ShareObjectService
diff --git a/backend/dataall/modules/dataset_sharing/api/schema.py b/backend/dataall/modules/dataset_sharing/api/schema.py
index f8455d0b5..5146e65c2 100644
--- a/backend/dataall/modules/dataset_sharing/api/schema.py
+++ b/backend/dataall/modules/dataset_sharing/api/schema.py
@@ -1,3 +1,4 @@
+from dataall.modules.dataset_sharing.api.enums import ShareableType
 from dataall.modules.dataset_sharing.api.resolvers import *
 from dataall.api.Objects.Environment.resolvers import resolve_environment
 

From 13a2fc082694600a0dacaa7e88d0d61ec950d753 Mon Sep 17 00:00:00 2001
From: dlpzx <71252798+dlpzx@users.noreply.github.com>
Date: Wed, 10 May 2023 10:15:11 +0200
Subject: [PATCH 152/346] =?UTF-8?q?Modify=20docker-compose=20yaml=20to=20r?=
 =?UTF-8?q?ead=20region=20and=20default=20region=20from=20env=E2=80=A6=20(?=
 =?UTF-8?q?#446)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

### Feature or Bugfix
- Bugfix
- Refactoring

### Detail
Added `AWS_REGION` to the environment variables of the Docker containers
for local development. Set both`AWS_DEFAULT_REGION` and `AWS_REGION` to
their values set on the terminal where `docker-compose up` is run.
If these values are not set, `eu-west-1` is used as default
Another PR with better instructions to the github pages documentation
(deploy locally) will follow.

### Relates

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.
---
 docker-compose.yaml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/docker-compose.yaml b/docker-compose.yaml
index 0668ffcd8..bd41b1925 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -16,7 +16,8 @@ services:
       - db
     environment:
       envname: 'dkrcompose'
-      AWS_DEFAULT_REGION: "eu-west-1"
+      AWS_REGION: "${AWS_REGION:-eu-west-1}"
+      AWS_DEFAULT_REGION: "${AWS_DEFAULT_REGION:-eu-west-1}"
     volumes:
       - ./backend:/code
       - $HOME/.aws/credentials:/root/.aws/credentials:ro
@@ -36,7 +37,8 @@ services:
       - 5000:5000
     environment:
       envname: 'dkrcompose'
-      AWS_DEFAULT_REGION: "eu-west-1"
+      AWS_REGION: "${AWS_REGION:-eu-west-1}"
+      AWS_DEFAULT_REGION: "${AWS_DEFAULT_REGION:-eu-west-1}"
     volumes:
       - ./backend:/code
       - $HOME/.aws/credentials:/root/.aws/credentials:ro

From d9ace5d00f5239626a69287350b78d04fd467a7e Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 10 May 2023 10:27:11 +0200
Subject: [PATCH 153/346] Moved GraphQL and db constants

---
 backend/dataall/db/models/Enums.py            |  6 ---
 .../modules/dataset_sharing/api/enums.py      | 44 +++++++++++++++++++
 .../modules/dataset_sharing/api/schema.py     |  1 +
 .../modules/dataset_sharing/db/Enums.py       |  6 +++
 .../services/data_sharing_service.py          |  8 ++--
 .../services/dataset_share_service.py         |  3 +-
 .../dataset_sharing/services/share_object.py  |  4 +-
 .../04d92886fabe_add_consumption_roles.py     |  3 +-
 ...215e_backfill_dataset_table_permissions.py |  7 ++-
 tests/api/conftest.py                         |  3 +-
 tests/api/test_share.py                       | 19 ++++----
 tests/tasks/conftest.py                       |  8 ++--
 tests/tasks/test_lf_share_manager.py          | 10 ++---
 tests/tasks/test_subscriptions.py             |  6 +--
 14 files changed, 88 insertions(+), 40 deletions(-)

diff --git a/backend/dataall/db/models/Enums.py b/backend/dataall/db/models/Enums.py
index c283d9381..7d90746f5 100644
--- a/backend/dataall/db/models/Enums.py
+++ b/backend/dataall/db/models/Enums.py
@@ -82,12 +82,6 @@ class SortDirection(Enum):
     desc = 'desc'
 
 
-class ShareableType(Enum):
-    Table = 'DatasetTable'
-    StorageLocation = 'DatasetStorageLocation'
-    View = 'View'
-
-
 class PrincipalType(Enum):
     Any = 'Any'
     Organization = 'Organization'
diff --git a/backend/dataall/modules/dataset_sharing/api/enums.py b/backend/dataall/modules/dataset_sharing/api/enums.py
index e08c83ea6..139bba0a4 100644
--- a/backend/dataall/modules/dataset_sharing/api/enums.py
+++ b/backend/dataall/modules/dataset_sharing/api/enums.py
@@ -12,3 +12,47 @@ class ShareObjectPermission(GraphQLEnumMapper):
     Requesters = '800'
     DatasetAdmins = '700'
     NoPermission = '000'
+
+
+class ShareObjectStatus(GraphQLEnumMapper):
+    Deleted = 'Deleted'
+    Approved = 'Approved'
+    Rejected = 'Rejected'
+    Revoked = 'Revoked'
+    Draft = 'Draft'
+    Submitted = 'Submitted'
+    Revoke_In_Progress = 'Revoke_In_Progress'
+    Share_In_Progress = 'Share_In_Progress'
+    Processed = 'Processed'
+
+
+class ShareItemStatus(GraphQLEnumMapper):
+    Deleted = 'Deleted'
+    PendingApproval = 'PendingApproval'
+    Share_Approved = 'Share_Approved'
+    Share_Rejected = 'Share_Rejected'
+    Share_In_Progress = 'Share_In_Progress'
+    Share_Succeeded = 'Share_Succeeded'
+    Share_Failed = 'Share_Failed'
+    Revoke_Approved = 'Revoke_Approved'
+    Revoke_In_Progress = 'Revoke_In_Progress'
+    Revoke_Failed = 'Revoke_Failed'
+    Revoke_Succeeded = 'Revoke_Succeeded'
+
+
+class ShareObjectActions(GraphQLEnumMapper):
+    Submit = 'Submit'
+    Approve = 'Approve'
+    Reject = 'Reject'
+    RevokeItems = 'RevokeItems'
+    Start = 'Start'
+    Finish = 'Finish'
+    FinishPending = 'FinishPending'
+    Delete = 'Delete'
+
+
+class ShareItemActions(GraphQLEnumMapper):
+    AddItem = 'AddItem'
+    RemoveItem = 'RemoveItem'
+    Failure = 'Failure'
+    Success = 'Success'
diff --git a/backend/dataall/modules/dataset_sharing/api/schema.py b/backend/dataall/modules/dataset_sharing/api/schema.py
index 5146e65c2..529a55cbb 100644
--- a/backend/dataall/modules/dataset_sharing/api/schema.py
+++ b/backend/dataall/modules/dataset_sharing/api/schema.py
@@ -1,3 +1,4 @@
+from dataall.api import gql
 from dataall.modules.dataset_sharing.api.enums import ShareableType
 from dataall.modules.dataset_sharing.api.resolvers import *
 from dataall.api.Objects.Environment.resolvers import resolve_environment
diff --git a/backend/dataall/modules/dataset_sharing/db/Enums.py b/backend/dataall/modules/dataset_sharing/db/Enums.py
index e76485bd2..dfab06799 100644
--- a/backend/dataall/modules/dataset_sharing/db/Enums.py
+++ b/backend/dataall/modules/dataset_sharing/db/Enums.py
@@ -50,3 +50,9 @@ class ShareItemActions(Enum):
     RemoveItem = 'RemoveItem'
     Failure = 'Failure'
     Success = 'Success'
+
+
+class ShareableType(Enum):
+    Table = 'DatasetTable'
+    StorageLocation = 'DatasetStorageLocation'
+    View = 'View'
diff --git a/backend/dataall/modules/dataset_sharing/services/data_sharing_service.py b/backend/dataall/modules/dataset_sharing/services/data_sharing_service.py
index 08ef1169d..560d3c03e 100644
--- a/backend/dataall/modules/dataset_sharing/services/data_sharing_service.py
+++ b/backend/dataall/modules/dataset_sharing/services/data_sharing_service.py
@@ -4,8 +4,8 @@
 from dataall.modules.dataset_sharing.services.share_processors.lf_process_same_account_share import ProcessLFSameAccountShare
 from dataall.modules.dataset_sharing.services.share_processors.s3_process_share import ProcessS3Share
 
-from dataall.db import models, Engine
-from dataall.modules.dataset_sharing.db.Enums import ShareObjectActions, ShareItemStatus
+from dataall.db import Engine
+from dataall.modules.dataset_sharing.db.Enums import ShareObjectActions, ShareItemStatus, ShareableType
 from dataall.modules.dataset_sharing.services.share_object import ShareObjectSM, ShareObjectService, ShareItemSM
 
 log = logging.getLogger(__name__)
@@ -161,7 +161,7 @@ def revoke_share(cls, engine: Engine, share_uri: str):
             existing_shared_items = ShareObjectService.check_existing_shared_items_of_type(
                 session,
                 share_uri,
-                models.ShareableType.StorageLocation.value
+                ShareableType.StorageLocation.value
             )
             log.info(f'Still remaining S3 resources shared = {existing_shared_items}')
             if not existing_shared_items and revoked_folders:
@@ -202,7 +202,7 @@ def revoke_share(cls, engine: Engine, share_uri: str):
             existing_shared_items = ShareObjectService.check_existing_shared_items_of_type(
                 session,
                 share_uri,
-                models.ShareableType.Table.value
+                ShareableType.Table.value
             )
             log.info(f'Still remaining LF resources shared = {existing_shared_items}')
             if not existing_shared_items and revoked_tables:
diff --git a/backend/dataall/modules/dataset_sharing/services/dataset_share_service.py b/backend/dataall/modules/dataset_sharing/services/dataset_share_service.py
index dbf0fe150..afb275a7a 100644
--- a/backend/dataall/modules/dataset_sharing/services/dataset_share_service.py
+++ b/backend/dataall/modules/dataset_sharing/services/dataset_share_service.py
@@ -1,10 +1,11 @@
 from sqlalchemy import or_, case, func
 from sqlalchemy.sql import and_
 
-from dataall.api.constants import ShareableType, PrincipalType
+from dataall.api.constants import PrincipalType
 from dataall.db import models, permissions
 from dataall.db.api import has_resource_perm
 from dataall.db.paginator import paginate
+from dataall.modules.dataset_sharing.db.Enums import ShareableType
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
 from dataall.modules.dataset_sharing.services.share_object import ShareItemSM
 from dataall.modules.datasets_base.db.models import DatasetStorageLocation, DatasetTable, Dataset
diff --git a/backend/dataall/modules/dataset_sharing/services/share_object.py b/backend/dataall/modules/dataset_sharing/services/share_object.py
index 2d6ff314c..cf79e12e4 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_object.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_object.py
@@ -9,9 +9,9 @@
 )
 from dataall.db import api, utils
 from dataall.db import models, exceptions, permissions, paginate
-from dataall.db.models.Enums import ShareableType, PrincipalType
+from dataall.db.models.Enums import PrincipalType
 from dataall.modules.dataset_sharing.db.Enums import ShareObjectActions, ShareObjectStatus, ShareItemActions, \
-    ShareItemStatus
+    ShareItemStatus, ShareableType
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
 from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base.db.models import DatasetStorageLocation, DatasetTable, Dataset
diff --git a/backend/migrations/versions/04d92886fabe_add_consumption_roles.py b/backend/migrations/versions/04d92886fabe_add_consumption_roles.py
index 2cda5e189..ee323d9eb 100644
--- a/backend/migrations/versions/04d92886fabe_add_consumption_roles.py
+++ b/backend/migrations/versions/04d92886fabe_add_consumption_roles.py
@@ -12,9 +12,10 @@
 from sqlalchemy.ext.declarative import declarative_base
 
 from dataall.db import api, models, permissions, utils
-from dataall.db.models.Enums import ShareObjectStatus, ShareableType, PrincipalType
 from datetime import datetime
 
+from dataall.modules.dataset_sharing.db.Enums import ShareObjectStatus
+
 # revision identifiers, used by Alembic.
 revision = '04d92886fabe'
 down_revision = 'd922057f0d91'
diff --git a/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py b/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py
index 66a76761d..59ea230fd 100644
--- a/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py
+++ b/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py
@@ -12,11 +12,10 @@
 from sqlalchemy.ext.declarative import declarative_base
 from dataall.db import api, utils, Resource
 from datetime import datetime
-from dataall.db.models.Enums import ShareableType
-from dataall.modules.dataset_sharing.db.Enums import ShareObjectStatus
+from dataall.modules.dataset_sharing.db.Enums import ShareObjectStatus, ShareableType, ShareItemStatus
 from dataall.modules.dataset_sharing.services.share_object import ShareObjectService
 from dataall.modules.datasets.db.dataset_service import DatasetService
-from dataall.modules.datasets_base.services.dataset_permissions import DATASET_TABLE_READ
+from dataall.modules.datasets_base.services.permissions import DATASET_TABLE_READ
 
 # revision identifiers, used by Alembic.
 revision = 'd05f9a5b215e'
@@ -110,7 +109,7 @@ def upgrade():
         share_table_items: [ShareObjectItem] = session.query(ShareObjectItem).filter(
             (
                 and_(
-                    ShareObjectItem.status == ShareObjectStatus.Share_Succeeded.value,
+                    ShareObjectItem.status == ShareItemStatus.Share_Succeeded.value,
                     ShareObjectItem.itemType == ShareableType.Table.value
                 )
             )
diff --git a/tests/api/conftest.py b/tests/api/conftest.py
index 671cc793c..707a7b008 100644
--- a/tests/api/conftest.py
+++ b/tests/api/conftest.py
@@ -1,4 +1,5 @@
 import dataall.searchproxy.indexers
+from dataall.modules.dataset_sharing.db.Enums import ShareableType
 from dataall.modules.dataset_sharing.db.models import ShareObject, ShareObjectItem
 from .client import *
 from dataall.db import models
@@ -519,7 +520,7 @@ def factory(
                 shareUri=share.shareUri,
                 owner="alice",
                 itemUri=table.tableUri,
-                itemType=constants.ShareableType.Table.value,
+                itemType=ShareableType.Table.value,
                 itemName=table.name,
                 status=status,
             )
diff --git a/tests/api/test_share.py b/tests/api/test_share.py
index ada27ed57..2643ce0fb 100644
--- a/tests/api/test_share.py
+++ b/tests/api/test_share.py
@@ -3,8 +3,10 @@
 import pytest
 
 import dataall
-from dataall.api.constants import ShareObjectStatus, ShareItemStatus
-from dataall.modules.dataset_sharing.db.Enums import ShareObjectActions, ShareItemActions
+from dataall.api.constants import PrincipalType
+from dataall.modules.dataset_sharing.api.enums import ShareableType
+from dataall.modules.dataset_sharing.db.Enums import ShareObjectActions, ShareItemActions, ShareObjectStatus, \
+    ShareItemStatus
 from dataall.modules.dataset_sharing.db.models import ShareObject, ShareObjectItem
 from dataall.modules.dataset_sharing.services.share_object import ShareObjectService, ShareItemSM, ShareObjectSM
 from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
@@ -206,7 +208,7 @@ def share1_item_pa(
     yield share_item(
         share=share1_draft,
         table=table1,
-        status=dataall.api.constants.ShareItemStatus.PendingApproval.value
+        status=ShareItemStatus.PendingApproval.value
     )
 
 
@@ -281,7 +283,7 @@ def share2_item_pa(
     yield share_item(
         share=share2_submitted,
         table=table1,
-        status=dataall.api.constants.ShareItemStatus.PendingApproval.value
+        status=ShareItemStatus.PendingApproval.value
     )
 
 
@@ -409,13 +411,13 @@ def create_share_object(client, userName, group, groupUri, environmentUri, datas
         username=userName,
         groups=[group.name],
         datasetUri=datasetUri,
-        itemType=dataall.api.constants.ShareableType.Table.value if itemUri else None,
+        itemType=ShareableType.Table.value if itemUri else None,
         itemUri=itemUri,
         input={
             'environmentUri': environmentUri,
             'groupUri': groupUri,
             'principalId': groupUri,
-            'principalType': dataall.api.constants.PrincipalType.Group.value,
+            'principalType': PrincipalType.Group.value,
         },
     )
 
@@ -847,8 +849,7 @@ def test_create_share_object_with_item_authorized(client, user2, group2, env2gro
     )
 
     assert get_share_object_response.data.getShareObject.get('items').nodes[0].itemUri == table1.tableUri
-    assert get_share_object_response.data.getShareObject.get('items').nodes[
-               0].itemType == dataall.api.constants.ShareableType.Table.name
+    assert get_share_object_response.data.getShareObject.get('items').nodes[0].itemType == ShareableType.Table.name
 
 
 def test_get_share_object(client, share1_draft, user, group):
@@ -865,7 +866,7 @@ def test_get_share_object(client, share1_draft, user, group):
     # Then we get the info about the share
     assert get_share_object_response.data.getShareObject.shareUri == share1_draft.shareUri
     assert get_share_object_response.data.getShareObject.get(
-        'principal').principalType == dataall.api.constants.PrincipalType.Group.name
+        'principal').principalType == PrincipalType.Group.name
     assert get_share_object_response.data.getShareObject.get('principal').principalIAMRoleName
     assert get_share_object_response.data.getShareObject.get('principal').SamlGroupName
     assert get_share_object_response.data.getShareObject.get('principal').region
diff --git a/tests/tasks/conftest.py b/tests/tasks/conftest.py
index 175fc6934..cfa59f774 100644
--- a/tests/tasks/conftest.py
+++ b/tests/tasks/conftest.py
@@ -1,8 +1,8 @@
 import pytest
 
-from dataall.api.constants import ShareObjectStatus
 from dataall.db import models
 from dataall.api import constants
+from dataall.modules.dataset_sharing.db.Enums import ShareableType, ShareItemStatus, ShareObjectStatus
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
 from dataall.modules.datasets_base.db.models import DatasetStorageLocation, DatasetTable, Dataset
 
@@ -206,9 +206,9 @@ def factory(
                 shareUri=share.shareUri,
                 owner="alice",
                 itemUri=location.locationUri,
-                itemType=constants.ShareableType.StorageLocation.value,
+                itemType=ShareableType.StorageLocation.value,
                 itemName=location.name,
-                status=constants.ShareItemStatus.Share_Approved.value,
+                status=ShareItemStatus.Share_Approved.value,
             )
             session.add(share_item)
             session.commit()
@@ -228,7 +228,7 @@ def factory(
                 shareUri=share.shareUri,
                 owner="alice",
                 itemUri=table.tableUri,
-                itemType=constants.ShareableType.Table.value,
+                itemType=ShareableType.Table.value,
                 itemName=table.name,
                 status=status,
             )
diff --git a/tests/tasks/test_lf_share_manager.py b/tests/tasks/test_lf_share_manager.py
index 5cefd5a2c..4c4e0f6b8 100644
--- a/tests/tasks/test_lf_share_manager.py
+++ b/tests/tasks/test_lf_share_manager.py
@@ -9,7 +9,7 @@
 from typing import Callable
 
 from dataall.db import models
-from dataall.api import constants
+from dataall.modules.dataset_sharing.api.enums import ShareItemStatus
 from dataall.modules.dataset_sharing.db.models import ShareObject, ShareObjectItem
 from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 from dataall.modules.dataset_sharing.services.dataset_alarm_service import DatasetAlarmService
@@ -139,7 +139,7 @@ def share_item_same_account(share_item_table: Callable, share_same_account: Shar
     yield share_item_table(
         share=share_same_account,
         table=table1,
-        status=constants.ShareItemStatus.Share_Approved.value
+        status=ShareItemStatus.Share_Approved.value
     )
 
 @pytest.fixture(scope="module")
@@ -148,7 +148,7 @@ def revoke_item_same_account(share_item_table: Callable, share_same_account: Sha
     yield share_item_table(
         share=share_same_account,
         table=table2,
-        status=constants.ShareItemStatus.Revoke_Approved.value
+        status=ShareItemStatus.Revoke_Approved.value
     )
 
 @pytest.fixture(scope="module")
@@ -157,7 +157,7 @@ def share_item_cross_account(share_item_table: Callable, share_cross_account: Sh
     yield share_item_table(
         share=share_cross_account,
         table=table1,
-        status=constants.ShareItemStatus.Share_Approved.value
+        status=ShareItemStatus.Share_Approved.value
     )
 
 
@@ -167,7 +167,7 @@ def revoke_item_cross_account(share_item_table: Callable, share_cross_account: S
     yield share_item_table(
         share=share_cross_account,
         table=table2,
-        status=constants.ShareItemStatus.Revoke_Approved.value
+        status=ShareItemStatus.Revoke_Approved.value
     )
 
 
diff --git a/tests/tasks/test_subscriptions.py b/tests/tasks/test_subscriptions.py
index 3e29f8182..bad162b08 100644
--- a/tests/tasks/test_subscriptions.py
+++ b/tests/tasks/test_subscriptions.py
@@ -2,7 +2,7 @@
 
 import dataall
 from dataall.api.constants import OrganisationUserRole
-from dataall.modules.dataset_sharing.db.Enums import ShareObjectStatus
+from dataall.modules.dataset_sharing.db.Enums import ShareObjectStatus, ShareItemStatus, ShareableType
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
 from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.tasks.dataset_subscription_task import DatasetSubscriptionService
@@ -127,11 +127,11 @@ def share(
             shareUri=share.shareUri,
             owner='alice',
             itemUri=table.tableUri,
-            itemType=dataall.api.constants.ShareableType.Table.value,
+            itemType=ShareableType.Table.value,
             itemName=table.GlueTableName,
             GlueDatabaseName=table.GlueDatabaseName,
             GlueTableName=table.GlueTableName,
-            status=dataall.api.constants.ShareItemStatus.Share_Approved.value,
+            status=ShareItemStatus.Share_Approved.value,
         )
         session.add(share_item)
 

From 5654763709a96785994e28797921ff100a736cda Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 10 May 2023 10:27:43 +0200
Subject: [PATCH 154/346] Renamed the file

---
 .../dataall/modules/dataset_sharing/db/{Enums.py => enums.py}   | 0
 backend/dataall/modules/dataset_sharing/db/models.py            | 2 +-
 .../modules/dataset_sharing/services/data_sharing_service.py    | 2 +-
 .../modules/dataset_sharing/services/dataset_share_service.py   | 2 +-
 .../dataall/modules/dataset_sharing/services/share_object.py    | 2 +-
 .../services/share_processors/lf_process_cross_account_share.py | 2 +-
 .../services/share_processors/lf_process_same_account_share.py  | 2 +-
 .../services/share_processors/s3_process_share.py               | 2 +-
 backend/dataall/modules/datasets/tasks/bucket_policy_updater.py | 2 +-
 .../migrations/versions/04d92886fabe_add_consumption_roles.py   | 2 +-
 .../versions/d05f9a5b215e_backfill_dataset_table_permissions.py | 2 +-
 tests/api/conftest.py                                           | 2 +-
 tests/api/test_share.py                                         | 2 +-
 tests/tasks/conftest.py                                         | 2 +-
 tests/tasks/test_subscriptions.py                               | 2 +-
 15 files changed, 14 insertions(+), 14 deletions(-)
 rename backend/dataall/modules/dataset_sharing/db/{Enums.py => enums.py} (100%)

diff --git a/backend/dataall/modules/dataset_sharing/db/Enums.py b/backend/dataall/modules/dataset_sharing/db/enums.py
similarity index 100%
rename from backend/dataall/modules/dataset_sharing/db/Enums.py
rename to backend/dataall/modules/dataset_sharing/db/enums.py
diff --git a/backend/dataall/modules/dataset_sharing/db/models.py b/backend/dataall/modules/dataset_sharing/db/models.py
index 43436c290..85883b00c 100644
--- a/backend/dataall/modules/dataset_sharing/db/models.py
+++ b/backend/dataall/modules/dataset_sharing/db/models.py
@@ -5,7 +5,7 @@
 from sqlalchemy.orm import query_expression
 
 from dataall.db import Base, utils
-from dataall.modules.dataset_sharing.db.Enums import ShareObjectStatus, ShareItemStatus
+from dataall.modules.dataset_sharing.db.enums import ShareObjectStatus, ShareItemStatus
 
 
 def in_one_month():
diff --git a/backend/dataall/modules/dataset_sharing/services/data_sharing_service.py b/backend/dataall/modules/dataset_sharing/services/data_sharing_service.py
index 560d3c03e..1f5fb2b92 100644
--- a/backend/dataall/modules/dataset_sharing/services/data_sharing_service.py
+++ b/backend/dataall/modules/dataset_sharing/services/data_sharing_service.py
@@ -5,7 +5,7 @@
 from dataall.modules.dataset_sharing.services.share_processors.s3_process_share import ProcessS3Share
 
 from dataall.db import Engine
-from dataall.modules.dataset_sharing.db.Enums import ShareObjectActions, ShareItemStatus, ShareableType
+from dataall.modules.dataset_sharing.db.enums import ShareObjectActions, ShareItemStatus, ShareableType
 from dataall.modules.dataset_sharing.services.share_object import ShareObjectSM, ShareObjectService, ShareItemSM
 
 log = logging.getLogger(__name__)
diff --git a/backend/dataall/modules/dataset_sharing/services/dataset_share_service.py b/backend/dataall/modules/dataset_sharing/services/dataset_share_service.py
index afb275a7a..c86468941 100644
--- a/backend/dataall/modules/dataset_sharing/services/dataset_share_service.py
+++ b/backend/dataall/modules/dataset_sharing/services/dataset_share_service.py
@@ -5,7 +5,7 @@
 from dataall.db import models, permissions
 from dataall.db.api import has_resource_perm
 from dataall.db.paginator import paginate
-from dataall.modules.dataset_sharing.db.Enums import ShareableType
+from dataall.modules.dataset_sharing.db.enums import ShareableType
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
 from dataall.modules.dataset_sharing.services.share_object import ShareItemSM
 from dataall.modules.datasets_base.db.models import DatasetStorageLocation, DatasetTable, Dataset
diff --git a/backend/dataall/modules/dataset_sharing/services/share_object.py b/backend/dataall/modules/dataset_sharing/services/share_object.py
index cf79e12e4..3c982e6fe 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_object.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_object.py
@@ -10,7 +10,7 @@
 from dataall.db import api, utils
 from dataall.db import models, exceptions, permissions, paginate
 from dataall.db.models.Enums import PrincipalType
-from dataall.modules.dataset_sharing.db.Enums import ShareObjectActions, ShareObjectStatus, ShareItemActions, \
+from dataall.modules.dataset_sharing.db.enums import ShareObjectActions, ShareObjectStatus, ShareItemActions, \
     ShareItemStatus, ShareableType
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
 from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
diff --git a/backend/dataall/modules/dataset_sharing/services/share_processors/lf_process_cross_account_share.py b/backend/dataall/modules/dataset_sharing/services/share_processors/lf_process_cross_account_share.py
index 7b225db92..0f6a56938 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_processors/lf_process_cross_account_share.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_processors/lf_process_cross_account_share.py
@@ -1,6 +1,6 @@
 import logging
 
-from dataall.modules.dataset_sharing.db.Enums import ShareItemStatus, ShareObjectActions, ShareItemActions
+from dataall.modules.dataset_sharing.db.enums import ShareItemStatus, ShareObjectActions, ShareItemActions
 from ..share_managers import LFShareManager
 from dataall.aws.handlers.ram import Ram
 from dataall.db import models
diff --git a/backend/dataall/modules/dataset_sharing/services/share_processors/lf_process_same_account_share.py b/backend/dataall/modules/dataset_sharing/services/share_processors/lf_process_same_account_share.py
index 70392765e..0a78057fa 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_processors/lf_process_same_account_share.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_processors/lf_process_same_account_share.py
@@ -1,6 +1,6 @@
 import logging
 
-from dataall.modules.dataset_sharing.db.Enums import ShareItemStatus, ShareObjectActions, ShareItemActions
+from dataall.modules.dataset_sharing.db.enums import ShareItemStatus, ShareObjectActions, ShareItemActions
 from dataall.modules.dataset_sharing.db.models import ShareObject
 from dataall.modules.dataset_sharing.services.share_object import ShareObjectService, ShareItemSM
 from ..share_managers import LFShareManager
diff --git a/backend/dataall/modules/dataset_sharing/services/share_processors/s3_process_share.py b/backend/dataall/modules/dataset_sharing/services/share_processors/s3_process_share.py
index f955de7be..cb8e284dd 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_processors/s3_process_share.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_processors/s3_process_share.py
@@ -3,7 +3,7 @@
 from dataall.db import models
 from ..share_managers import S3ShareManager
 from dataall.modules.datasets_base.db.models import DatasetStorageLocation, Dataset
-from dataall.modules.dataset_sharing.db.Enums import ShareItemStatus, ShareObjectActions, ShareItemActions
+from dataall.modules.dataset_sharing.db.enums import ShareItemStatus, ShareObjectActions, ShareItemActions
 from dataall.modules.dataset_sharing.db.models import ShareObject
 from dataall.modules.dataset_sharing.services.share_object import ShareObjectService, ShareItemSM
 
diff --git a/backend/dataall/modules/datasets/tasks/bucket_policy_updater.py b/backend/dataall/modules/datasets/tasks/bucket_policy_updater.py
index cf40ddaa8..bfffe873c 100644
--- a/backend/dataall/modules/datasets/tasks/bucket_policy_updater.py
+++ b/backend/dataall/modules/datasets/tasks/bucket_policy_updater.py
@@ -10,7 +10,7 @@
 from dataall.aws.handlers.sts import SessionHelper
 from dataall.db import get_engine
 from dataall.db import models
-from dataall.modules.dataset_sharing.db.Enums import ShareObjectStatus
+from dataall.modules.dataset_sharing.db.enums import ShareObjectStatus
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
 from dataall.modules.datasets_base.db.models import DatasetStorageLocation, DatasetTable, Dataset
 
diff --git a/backend/migrations/versions/04d92886fabe_add_consumption_roles.py b/backend/migrations/versions/04d92886fabe_add_consumption_roles.py
index ee323d9eb..af764861e 100644
--- a/backend/migrations/versions/04d92886fabe_add_consumption_roles.py
+++ b/backend/migrations/versions/04d92886fabe_add_consumption_roles.py
@@ -14,7 +14,7 @@
 from dataall.db import api, models, permissions, utils
 from datetime import datetime
 
-from dataall.modules.dataset_sharing.db.Enums import ShareObjectStatus
+from dataall.modules.dataset_sharing.db.enums import ShareObjectStatus
 
 # revision identifiers, used by Alembic.
 revision = '04d92886fabe'
diff --git a/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py b/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py
index 59ea230fd..bf8ea96b3 100644
--- a/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py
+++ b/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py
@@ -12,7 +12,7 @@
 from sqlalchemy.ext.declarative import declarative_base
 from dataall.db import api, utils, Resource
 from datetime import datetime
-from dataall.modules.dataset_sharing.db.Enums import ShareObjectStatus, ShareableType, ShareItemStatus
+from dataall.modules.dataset_sharing.db.enums import ShareObjectStatus, ShareableType, ShareItemStatus
 from dataall.modules.dataset_sharing.services.share_object import ShareObjectService
 from dataall.modules.datasets.db.dataset_service import DatasetService
 from dataall.modules.datasets_base.services.permissions import DATASET_TABLE_READ
diff --git a/tests/api/conftest.py b/tests/api/conftest.py
index 707a7b008..a0ba4ff0e 100644
--- a/tests/api/conftest.py
+++ b/tests/api/conftest.py
@@ -1,5 +1,5 @@
 import dataall.searchproxy.indexers
-from dataall.modules.dataset_sharing.db.Enums import ShareableType
+from dataall.modules.dataset_sharing.db.enums import ShareableType
 from dataall.modules.dataset_sharing.db.models import ShareObject, ShareObjectItem
 from .client import *
 from dataall.db import models
diff --git a/tests/api/test_share.py b/tests/api/test_share.py
index 2643ce0fb..055208996 100644
--- a/tests/api/test_share.py
+++ b/tests/api/test_share.py
@@ -5,7 +5,7 @@
 import dataall
 from dataall.api.constants import PrincipalType
 from dataall.modules.dataset_sharing.api.enums import ShareableType
-from dataall.modules.dataset_sharing.db.Enums import ShareObjectActions, ShareItemActions, ShareObjectStatus, \
+from dataall.modules.dataset_sharing.db.enums import ShareObjectActions, ShareItemActions, ShareObjectStatus, \
     ShareItemStatus
 from dataall.modules.dataset_sharing.db.models import ShareObject, ShareObjectItem
 from dataall.modules.dataset_sharing.services.share_object import ShareObjectService, ShareItemSM, ShareObjectSM
diff --git a/tests/tasks/conftest.py b/tests/tasks/conftest.py
index cfa59f774..4fbbd49e3 100644
--- a/tests/tasks/conftest.py
+++ b/tests/tasks/conftest.py
@@ -2,7 +2,7 @@
 
 from dataall.db import models
 from dataall.api import constants
-from dataall.modules.dataset_sharing.db.Enums import ShareableType, ShareItemStatus, ShareObjectStatus
+from dataall.modules.dataset_sharing.db.enums import ShareableType, ShareItemStatus, ShareObjectStatus
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
 from dataall.modules.datasets_base.db.models import DatasetStorageLocation, DatasetTable, Dataset
 
diff --git a/tests/tasks/test_subscriptions.py b/tests/tasks/test_subscriptions.py
index bad162b08..b27df8462 100644
--- a/tests/tasks/test_subscriptions.py
+++ b/tests/tasks/test_subscriptions.py
@@ -2,7 +2,7 @@
 
 import dataall
 from dataall.api.constants import OrganisationUserRole
-from dataall.modules.dataset_sharing.db.Enums import ShareObjectStatus, ShareItemStatus, ShareableType
+from dataall.modules.dataset_sharing.db.enums import ShareObjectStatus, ShareItemStatus, ShareableType
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
 from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.tasks.dataset_subscription_task import DatasetSubscriptionService

From 235ec826331687f8f7ddc5e4068fb7c112175700 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 10 May 2023 10:32:05 +0200
Subject: [PATCH 155/346] Moved to share_object_repository.py

---
 backend/dataall/db/api/redshift_cluster.py    |  2 +-
 .../modules/dataset_sharing/api/resolvers.py  | 38 ++++++-------
 .../share_object_repository.py}               | 54 +++++++++----------
 .../services/data_sharing_service.py          | 16 +++---
 .../services/dataset_share_service.py         |  2 +-
 .../share_managers/s3_share_manager.py        |  4 +-
 .../lf_process_cross_account_share.py         |  8 +--
 .../lf_process_same_account_share.py          |  6 +--
 .../share_processors/s3_process_share.py      |  6 +--
 .../db/dataset_location_repository.py         |  4 +-
 .../modules/datasets/db/dataset_service.py    |  2 +-
 .../datasets/db/dataset_table_repository.py   |  2 +-
 ...215e_backfill_dataset_table_permissions.py |  4 +-
 tests/api/test_share.py                       | 10 ++--
 14 files changed, 79 insertions(+), 79 deletions(-)
 rename backend/dataall/modules/dataset_sharing/{services/share_object.py => db/share_object_repository.py} (96%)

diff --git a/backend/dataall/db/api/redshift_cluster.py b/backend/dataall/db/api/redshift_cluster.py
index dece5d480..bd092ff45 100644
--- a/backend/dataall/db/api/redshift_cluster.py
+++ b/backend/dataall/db/api/redshift_cluster.py
@@ -12,7 +12,7 @@
 from dataall.utils.slugify import slugify
 from dataall.modules.datasets.db.dataset_service import DatasetService
 from dataall.modules.dataset_sharing.db.models import ShareObject, ShareObjectItem
-from dataall.modules.dataset_sharing.services.share_object import ShareItemSM
+from dataall.modules.dataset_sharing.db.share_object_repository import ShareItemSM
 
 log = logging.getLogger(__name__)
 
diff --git a/backend/dataall/modules/dataset_sharing/api/resolvers.py b/backend/dataall/modules/dataset_sharing/api/resolvers.py
index 6d5234e2e..c21432437 100644
--- a/backend/dataall/modules/dataset_sharing/api/resolvers.py
+++ b/backend/dataall/modules/dataset_sharing/api/resolvers.py
@@ -9,7 +9,7 @@
 from dataall.modules.dataset_sharing.api.enums import ShareObjectPermission
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
 from dataall.modules.dataset_sharing.services.dataset_share_service import DatasetShareService
-from dataall.modules.dataset_sharing.services.share_object import ShareObjectService
+from dataall.modules.dataset_sharing.db.share_object_repository import ShareObjectRepository
 from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base.db.models import DatasetStorageLocation, DatasetTable, Dataset
 
@@ -45,7 +45,7 @@ def create_share_object(
         input['itemUri'] = itemUri
         input['itemType'] = itemType
         input['datasetUri'] = datasetUri
-        return ShareObjectService.create_share_object(
+        return ShareObjectRepository.create_share_object(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -57,7 +57,7 @@ def create_share_object(
 
 def submit_share_object(context: Context, source, shareUri: str = None):
     with context.engine.scoped_session() as session:
-        return ShareObjectService.submit_share_object(
+        return ShareObjectRepository.submit_share_object(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -69,7 +69,7 @@ def submit_share_object(context: Context, source, shareUri: str = None):
 
 def approve_share_object(context: Context, source, shareUri: str = None):
     with context.engine.scoped_session() as session:
-        share = ShareObjectService.approve_share_object(
+        share = ShareObjectRepository.approve_share_object(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -92,7 +92,7 @@ def approve_share_object(context: Context, source, shareUri: str = None):
 
 def reject_share_object(context: Context, source, shareUri: str = None):
     with context.engine.scoped_session() as session:
-        return ShareObjectService.reject_share_object(
+        return ShareObjectRepository.reject_share_object(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -104,7 +104,7 @@ def reject_share_object(context: Context, source, shareUri: str = None):
 
 def revoke_items_share_object(context: Context, source, input):
     with context.engine.scoped_session() as session:
-        share = ShareObjectService.revoke_items_share_object(
+        share = ShareObjectRepository.revoke_items_share_object(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -127,11 +127,11 @@ def revoke_items_share_object(context: Context, source, input):
 
 def delete_share_object(context: Context, source, shareUri: str = None):
     with context.engine.scoped_session() as session:
-        share = ShareObjectService.get_share_by_uri(session, shareUri)
+        share = ShareObjectRepository.get_share_by_uri(session, shareUri)
         if not share:
             raise db.exceptions.ObjectNotFound('ShareObject', shareUri)
 
-        ShareObjectService.delete_share_object(
+        ShareObjectRepository.delete_share_object(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -144,7 +144,7 @@ def delete_share_object(context: Context, source, shareUri: str = None):
 
 def add_shared_item(context, source, shareUri: str = None, input: dict = None):
     with context.engine.scoped_session() as session:
-        share_item = ShareObjectService.add_share_object_item(
+        share_item = ShareObjectRepository.add_share_object_item(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -162,8 +162,8 @@ def remove_shared_item(context, source, shareItemUri: str = None):
         )
         if not share_item:
             raise db.exceptions.ObjectNotFound('ShareObjectItem', shareItemUri)
-        share = ShareObjectService.get_share_by_uri(session, share_item.shareUri)
-        ShareObjectService.remove_share_object_item(
+        share = ShareObjectRepository.get_share_by_uri(session, share_item.shareUri)
+        ShareObjectRepository.remove_share_object_item(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -186,7 +186,7 @@ def list_shared_items(
     if not filter:
         filter = {}
     with context.engine.scoped_session() as session:
-        return ShareObjectService.list_shared_items(
+        return ShareObjectRepository.list_shared_items(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -200,7 +200,7 @@ def resolve_shared_item(context, source: ShareObjectItem, **kwargs):
     if not source:
         return None
     with context.engine.scoped_session() as session:
-        return ShareObjectService.get_share_item(
+        return ShareObjectRepository.get_share_item(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -212,7 +212,7 @@ def resolve_shared_item(context, source: ShareObjectItem, **kwargs):
 
 def get_share_object(context, source, shareUri: str = None):
     with context.engine.scoped_session() as session:
-        return ShareObjectService.get_share_object(
+        return ShareObjectRepository.get_share_object(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -311,7 +311,7 @@ def resolve_share_object_statistics(context: Context, source: ShareObject, **kwa
     if not source:
         return None
     with context.engine.scoped_session() as session:
-        return ShareObjectService.resolve_share_object_statistics(
+        return ShareObjectRepository.resolve_share_object_statistics(
             session, source.shareUri
         )
 
@@ -320,7 +320,7 @@ def resolve_existing_shared_items(context: Context, source: ShareObject, **kwarg
     if not source:
         return None
     with context.engine.scoped_session() as session:
-        return ShareObjectService.check_existing_shared_items(
+        return ShareObjectRepository.check_existing_shared_items(
             session, source.shareUri
         )
 
@@ -333,7 +333,7 @@ def list_shareable_objects(
     if not filter:
         filter = {'page': 1, 'pageSize': 5}
     with context.engine.scoped_session() as session:
-        return ShareObjectService.list_shareable_items(
+        return ShareObjectRepository.list_shareable_items(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -347,7 +347,7 @@ def list_shares_in_my_inbox(context: Context, source, filter: dict = None):
     if not filter:
         filter = {}
     with context.engine.scoped_session() as session:
-        return ShareObjectService.list_user_received_share_requests(
+        return ShareObjectRepository.list_user_received_share_requests(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -361,7 +361,7 @@ def list_shares_in_my_outbox(context: Context, source, filter: dict = None):
     if not filter:
         filter = {}
     with context.engine.scoped_session() as session:
-        return ShareObjectService.list_user_sent_share_requests(
+        return ShareObjectRepository.list_user_sent_share_requests(
             session=session,
             username=context.username,
             groups=context.groups,
diff --git a/backend/dataall/modules/dataset_sharing/services/share_object.py b/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
similarity index 96%
rename from backend/dataall/modules/dataset_sharing/services/share_object.py
rename to backend/dataall/modules/dataset_sharing/db/share_object_repository.py
index 3c982e6fe..6f88548ee 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_object.py
+++ b/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
@@ -149,7 +149,7 @@ def run_transition(self, transition):
 
     def update_state(self, session, share, new_state):
         logger.info(f"Updating share object {share.shareUri} in DB from {self._state} to state {new_state}")
-        ShareObjectService.update_share_object_status(
+        ShareObjectRepository.update_share_object_status(
             session=session,
             shareUri=share.shareUri,
             status=new_state
@@ -272,14 +272,14 @@ def update_state(self, session, share_uri, new_state):
         if share_uri and (new_state != self._state):
             if new_state == ShareItemStatus.Deleted.value:
                 logger.info(f"Deleting share items in DB in {self._state} state")
-                ShareObjectService.delete_share_item_status_batch(
+                ShareObjectRepository.delete_share_item_status_batch(
                     session=session,
                     share_uri=share_uri,
                     status=self._state
                 )
             else:
                 logger.info(f"Updating share items in DB from {self._state} to state {new_state}")
-                ShareObjectService.update_share_item_status_batch(
+                ShareObjectRepository.update_share_item_status_batch(
                     session=session,
                     share_uri=share_uri,
                     old_status=self._state,
@@ -292,7 +292,7 @@ def update_state(self, session, share_uri, new_state):
 
     def update_state_single_item(self, session, share_item, new_state):
         logger.info(f"Updating share item in DB {share_item.shareItemUri} status to {new_state}")
-        ShareObjectService.update_share_item_status(
+        ShareObjectRepository.update_share_item_status(
             session=session,
             uri=share_item.shareItemUri,
             status=new_state
@@ -318,7 +318,7 @@ def get_share_item_revokable_states():
         ]
 
 
-class ShareObjectService:
+class ShareObjectRepository:
     @staticmethod
     @has_resource_perm(permissions.CREATE_SHARE_OBJECT)
     def create_share_object(
@@ -381,7 +381,7 @@ def create_share_object(
                 message=f'Team: {groupUri} is managing the dataset {dataset.name}',
             )
 
-        ShareObjectService.validate_group_membership(
+        ShareObjectRepository.validate_group_membership(
             session=session,
             username=username,
             groups=groups,
@@ -537,9 +537,9 @@ def submit_share_object(
         data: dict = None,
         check_perm: bool = False,
     ) -> ShareObject:
-        share = ShareObjectService.get_share_by_uri(session, uri)
+        share = ShareObjectRepository.get_share_by_uri(session, uri)
         dataset = DatasetRepository.get_dataset_by_uri(session, share.datasetUri)
-        share_items_states = ShareObjectService.get_share_items_states(session, uri)
+        share_items_states = ShareObjectRepository.get_share_items_states(session, uri)
 
         valid_states = [ShareItemStatus.PendingApproval.value]
         valid_share_items_states = [x for x in valid_states if x in share_items_states]
@@ -575,9 +575,9 @@ def approve_share_object(
         data: dict = None,
         check_perm: bool = False,
     ) -> ShareObject:
-        share = ShareObjectService.get_share_by_uri(session, uri)
+        share = ShareObjectRepository.get_share_by_uri(session, uri)
         dataset = DatasetRepository.get_dataset_by_uri(session, share.datasetUri)
-        share_items_states = ShareObjectService.get_share_items_states(session, uri)
+        share_items_states = ShareObjectRepository.get_share_items_states(session, uri)
 
         Share_SM = ShareObjectSM(share.status)
         new_share_state = Share_SM.run_transition(ShareObjectActions.Approve.value)
@@ -622,9 +622,9 @@ def reject_share_object(
         check_perm: bool = False,
     ) -> ShareObject:
 
-        share = ShareObjectService.get_share_by_uri(session, uri)
+        share = ShareObjectRepository.get_share_by_uri(session, uri)
         dataset = DatasetRepository.get_dataset_by_uri(session, share.datasetUri)
-        share_items_states = ShareObjectService.get_share_items_states(session, uri)
+        share_items_states = ShareObjectRepository.get_share_items_states(session, uri)
 
         Share_SM = ShareObjectSM(share.status)
         new_share_state = Share_SM.run_transition(ShareObjectActions.Reject.value)
@@ -657,10 +657,10 @@ def revoke_items_share_object(
         check_perm: bool = False,
     ) -> ShareObject:
 
-        share = ShareObjectService.get_share_by_uri(session, uri)
+        share = ShareObjectRepository.get_share_by_uri(session, uri)
         dataset = DatasetRepository.get_dataset_by_uri(session, share.datasetUri)
-        revoked_items_states = ShareObjectService.get_share_items_states(session, uri, data.get("revokedItemUris"))
-        revoked_items = [ShareObjectService.get_share_item_by_uri(session, uri) for uri in data.get("revokedItemUris")]
+        revoked_items_states = ShareObjectRepository.get_share_items_states(session, uri, data.get("revokedItemUris"))
+        revoked_items = [ShareObjectRepository.get_share_item_by_uri(session, uri) for uri in data.get("revokedItemUris")]
 
         if revoked_items_states == []:
             raise exceptions.ShareItemsFound(
@@ -718,7 +718,7 @@ def get_share_item(
     ):
         share_item: ShareObjectItem = data.get(
             'share_item',
-            ShareObjectService.get_share_item_by_uri(session, data['shareItemUri']),
+            ShareObjectRepository.get_share_item_by_uri(session, data['shareItemUri']),
         )
         if share_item.itemType == ShareableType.Table.value:
             return session.query(DatasetTable).get(share_item.itemUri)
@@ -832,11 +832,11 @@ def remove_share_object_item(
 
         share_item: ShareObjectItem = data.get(
             'share_item',
-            ShareObjectService.get_share_item_by_uri(session, data['shareItemUri']),
+            ShareObjectRepository.get_share_item_by_uri(session, data['shareItemUri']),
         )
         share: ShareObject = data.get(
             'share',
-            ShareObjectService.get_share_by_uri(session, uri),
+            ShareObjectRepository.get_share_by_uri(session, uri),
         )
 
         Item_SM = ShareItemSM(share_item.status)
@@ -848,8 +848,8 @@ def remove_share_object_item(
     @staticmethod
     @has_resource_perm(permissions.DELETE_SHARE_OBJECT)
     def delete_share_object(session, username, groups, uri, data=None, check_perm=None):
-        share: ShareObject = ShareObjectService.get_share_by_uri(session, uri)
-        share_items_states = ShareObjectService.get_share_items_states(session, uri)
+        share: ShareObject = ShareObjectRepository.get_share_by_uri(session, uri)
+        share_items_states = ShareObjectRepository.get_share_items_states(session, uri)
         shared_share_items_states = [x for x in ShareItemSM.get_share_item_shared_states() if x in share_items_states]
 
         Share_SM = ShareObjectSM(share.status)
@@ -872,7 +872,7 @@ def delete_share_object(session, username, groups, uri, data=None, check_perm=No
 
     @staticmethod
     def check_existing_shared_items(session, uri):
-        share: ShareObject = ShareObjectService.get_share_by_uri(session, uri)
+        share: ShareObject = ShareObjectRepository.get_share_by_uri(session, uri)
         share_item_shared_states = ShareItemSM.get_share_item_shared_states()
         shared_items = session.query(ShareObjectItem).filter(
             and_(
@@ -886,7 +886,7 @@ def check_existing_shared_items(session, uri):
 
     @staticmethod
     def check_existing_shared_items_of_type(session, uri, item_type):
-        share: ShareObject = ShareObjectService.get_share_by_uri(session, uri)
+        share: ShareObject = ShareObjectRepository.get_share_by_uri(session, uri)
         share_item_shared_states = ShareItemSM.get_share_item_shared_states()
         shared_items = session.query(ShareObjectItem).filter(
             and_(
@@ -901,7 +901,7 @@ def check_existing_shared_items_of_type(session, uri, item_type):
 
     @staticmethod
     def check_pending_share_items(session, uri):
-        share: ShareObject = ShareObjectService.get_share_by_uri(session, uri)
+        share: ShareObject = ShareObjectRepository.get_share_by_uri(session, uri)
         shared_items = session.query(ShareObjectItem).filter(
             and_(
                 ShareObjectItem.shareUri == share.shareUri,
@@ -925,7 +925,7 @@ def get_share_item_by_uri(session, uri):
     @staticmethod
     @has_resource_perm(permissions.LIST_SHARED_ITEMS)
     def list_shared_items(session, username, groups, uri, data=None, check_perm=None):
-        share: ShareObject = ShareObjectService.get_share_by_uri(session, uri)
+        share: ShareObject = ShareObjectRepository.get_share_by_uri(session, uri)
         query = session.query(ShareObjectItem).filter(
             ShareObjectItem.shareUri == share.shareUri,
         )
@@ -939,7 +939,7 @@ def list_shareable_items(
     ):
 
         share: ShareObject = data.get(
-            'share', ShareObjectService.get_share_by_uri(session, uri)
+            'share', ShareObjectRepository.get_share_by_uri(session, uri)
         )
         share_item_revokable_states = ShareItemSM.get_share_item_revokable_states()
         datasetUri = share.datasetUri
@@ -1087,7 +1087,7 @@ def update_share_object_status(
             status: str,
     ) -> ShareObject:
 
-        share = ShareObjectService.get_share_by_uri(session, shareUri)
+        share = ShareObjectRepository.get_share_by_uri(session, shareUri)
         share.status = status
         session.commit()
         return share
@@ -1099,7 +1099,7 @@ def update_share_item_status(
         status: str,
     ) -> ShareObjectItem:
 
-        share_item = ShareObjectService.get_share_item_by_uri(session, uri)
+        share_item = ShareObjectRepository.get_share_item_by_uri(session, uri)
         share_item.status = status
         session.commit()
         return share_item
diff --git a/backend/dataall/modules/dataset_sharing/services/data_sharing_service.py b/backend/dataall/modules/dataset_sharing/services/data_sharing_service.py
index 1f5fb2b92..53ab11c98 100644
--- a/backend/dataall/modules/dataset_sharing/services/data_sharing_service.py
+++ b/backend/dataall/modules/dataset_sharing/services/data_sharing_service.py
@@ -6,7 +6,7 @@
 
 from dataall.db import Engine
 from dataall.modules.dataset_sharing.db.enums import ShareObjectActions, ShareItemStatus, ShareableType
-from dataall.modules.dataset_sharing.services.share_object import ShareObjectSM, ShareObjectService, ShareItemSM
+from dataall.modules.dataset_sharing.db.share_object_repository import ShareObjectSM, ShareObjectRepository, ShareItemSM
 
 log = logging.getLogger(__name__)
 
@@ -42,7 +42,7 @@ def approve_share(cls, engine: Engine, share_uri: str) -> bool:
                 share,
                 source_environment,
                 target_environment,
-            ) = ShareObjectService.get_share_data(session, share_uri)
+            ) = ShareObjectRepository.get_share_data(session, share_uri)
 
             Share_SM = ShareObjectSM(share.status)
             new_share_state = Share_SM.run_transition(ShareObjectActions.Start.value)
@@ -51,7 +51,7 @@ def approve_share(cls, engine: Engine, share_uri: str) -> bool:
             (
                 shared_tables,
                 shared_folders
-            ) = ShareObjectService.get_share_data_items(session, share_uri, ShareItemStatus.Share_Approved.value)
+            ) = ShareObjectRepository.get_share_data_items(session, share_uri, ShareItemStatus.Share_Approved.value)
 
         log.info(f'Granting permissions to folders: {shared_folders}')
 
@@ -129,7 +129,7 @@ def revoke_share(cls, engine: Engine, share_uri: str):
                 share,
                 source_environment,
                 target_environment,
-            ) = ShareObjectService.get_share_data(session, share_uri)
+            ) = ShareObjectRepository.get_share_data(session, share_uri)
 
             Share_SM = ShareObjectSM(share.status)
             new_share_state = Share_SM.run_transition(ShareObjectActions.Start.value)
@@ -140,7 +140,7 @@ def revoke_share(cls, engine: Engine, share_uri: str):
             (
                 revoked_tables,
                 revoked_folders
-            ) = ShareObjectService.get_share_data_items(session, share_uri, ShareItemStatus.Revoke_Approved.value)
+            ) = ShareObjectRepository.get_share_data_items(session, share_uri, ShareItemStatus.Revoke_Approved.value)
 
             new_state = revoked_item_SM.run_transition(ShareObjectActions.Start.value)
             revoked_item_SM.update_state(session, share_uri, new_state)
@@ -158,7 +158,7 @@ def revoke_share(cls, engine: Engine, share_uri: str):
                 env_group,
             )
             log.info(f'revoking folders succeeded = {revoked_folders_succeed}')
-            existing_shared_items = ShareObjectService.check_existing_shared_items_of_type(
+            existing_shared_items = ShareObjectRepository.check_existing_shared_items_of_type(
                 session,
                 share_uri,
                 ShareableType.StorageLocation.value
@@ -199,7 +199,7 @@ def revoke_share(cls, engine: Engine, share_uri: str):
             revoked_tables_succeed = processor.process_revoked_shares()
             log.info(f'revoking tables succeeded = {revoked_tables_succeed}')
 
-            existing_shared_items = ShareObjectService.check_existing_shared_items_of_type(
+            existing_shared_items = ShareObjectRepository.check_existing_shared_items_of_type(
                 session,
                 share_uri,
                 ShareableType.Table.value
@@ -210,7 +210,7 @@ def revoke_share(cls, engine: Engine, share_uri: str):
                 clean_up_tables = processor.clean_up_share()
                 log.info(f"Clean up LF successful = {clean_up_tables}")
 
-            existing_pending_items = ShareObjectService.check_pending_share_items(session, share_uri)
+            existing_pending_items = ShareObjectRepository.check_pending_share_items(session, share_uri)
             if existing_pending_items:
                 new_share_state = Share_SM.run_transition(ShareObjectActions.FinishPending.value)
             else:
diff --git a/backend/dataall/modules/dataset_sharing/services/dataset_share_service.py b/backend/dataall/modules/dataset_sharing/services/dataset_share_service.py
index c86468941..f40437d89 100644
--- a/backend/dataall/modules/dataset_sharing/services/dataset_share_service.py
+++ b/backend/dataall/modules/dataset_sharing/services/dataset_share_service.py
@@ -7,7 +7,7 @@
 from dataall.db.paginator import paginate
 from dataall.modules.dataset_sharing.db.enums import ShareableType
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
-from dataall.modules.dataset_sharing.services.share_object import ShareItemSM
+from dataall.modules.dataset_sharing.db.share_object_repository import ShareItemSM
 from dataall.modules.datasets_base.db.models import DatasetStorageLocation, DatasetTable, Dataset
 
 
diff --git a/backend/dataall/modules/dataset_sharing/services/share_managers/s3_share_manager.py b/backend/dataall/modules/dataset_sharing/services/share_managers/s3_share_manager.py
index 004ed44f7..9662a3529 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_managers/s3_share_manager.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_managers/s3_share_manager.py
@@ -10,7 +10,7 @@
 from dataall.aws.handlers.iam import IAM
 from dataall.modules.dataset_sharing.db.models import ShareObject
 from dataall.modules.dataset_sharing.services.dataset_alarm_service import DatasetAlarmService
-from dataall.modules.dataset_sharing.services.share_object import ShareObjectService
+from dataall.modules.dataset_sharing.db.share_object_repository import ShareObjectRepository
 
 from dataall.modules.datasets_base.db.models import DatasetStorageLocation, Dataset
 
@@ -39,7 +39,7 @@ def __init__(
         self.target_folder = target_folder
         self.source_environment = source_environment
         self.target_environment = target_environment
-        self.share_item = ShareObjectService.find_share_item_by_folder(
+        self.share_item = ShareObjectRepository.find_share_item_by_folder(
             session,
             share,
             target_folder,
diff --git a/backend/dataall/modules/dataset_sharing/services/share_processors/lf_process_cross_account_share.py b/backend/dataall/modules/dataset_sharing/services/share_processors/lf_process_cross_account_share.py
index 0f6a56938..6e96fa0b5 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_processors/lf_process_cross_account_share.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_processors/lf_process_cross_account_share.py
@@ -6,7 +6,7 @@
 from dataall.db import models
 from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 from dataall.modules.dataset_sharing.db.models import ShareObject
-from dataall.modules.dataset_sharing.services.share_object import ShareObjectService, ShareItemSM
+from dataall.modules.dataset_sharing.db.share_object_repository import ShareObjectRepository, ShareItemSM
 
 log = logging.getLogger(__name__)
 
@@ -74,7 +74,7 @@ def process_approved_shares(self) -> bool:
             for table in self.shared_tables:
                 log.info(f"Sharing table {table.GlueTableName}...")
 
-                share_item = ShareObjectService.find_share_item_by_table(
+                share_item = ShareObjectRepository.find_share_item_by_table(
                     self.session, self.share, table
                 )
 
@@ -140,7 +140,7 @@ def process_revoked_shares(self) -> bool:
         shared_db_name = self.build_shared_db_name()
         principals = self.get_share_principals()
         for table in self.revoked_tables:
-            share_item = ShareObjectService.find_share_item_by_table(
+            share_item = ShareObjectRepository.find_share_item_by_table(
                 self.session, self.share, table
             )
 
@@ -184,7 +184,7 @@ def clean_up_share(self) -> bool:
 
         self.delete_shared_database()
 
-        if not ShareObjectService.other_approved_share_object_exists(
+        if not ShareObjectRepository.other_approved_share_object_exists(
                 self.session,
                 self.target_environment.environmentUri,
                 self.dataset.datasetUri,
diff --git a/backend/dataall/modules/dataset_sharing/services/share_processors/lf_process_same_account_share.py b/backend/dataall/modules/dataset_sharing/services/share_processors/lf_process_same_account_share.py
index 0a78057fa..b6e11482d 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_processors/lf_process_same_account_share.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_processors/lf_process_same_account_share.py
@@ -2,7 +2,7 @@
 
 from dataall.modules.dataset_sharing.db.enums import ShareItemStatus, ShareObjectActions, ShareItemActions
 from dataall.modules.dataset_sharing.db.models import ShareObject
-from dataall.modules.dataset_sharing.services.share_object import ShareObjectService, ShareItemSM
+from dataall.modules.dataset_sharing.db.share_object_repository import ShareObjectRepository, ShareItemSM
 from ..share_managers import LFShareManager
 from dataall.db import models
 from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
@@ -70,7 +70,7 @@ def process_approved_shares(self) -> bool:
 
         for table in self.shared_tables:
 
-            share_item = ShareObjectService.find_share_item_by_table(
+            share_item = ShareObjectRepository.find_share_item_by_table(
                 self.session, self.share, table
             )
 
@@ -121,7 +121,7 @@ def process_revoked_shares(self) -> bool:
         shared_db_name = self.build_shared_db_name()
         principals = self.get_share_principals()
         for table in self.revoked_tables:
-            share_item = ShareObjectService.find_share_item_by_table(
+            share_item = ShareObjectRepository.find_share_item_by_table(
                 self.session, self.share, table
             )
             if not share_item:
diff --git a/backend/dataall/modules/dataset_sharing/services/share_processors/s3_process_share.py b/backend/dataall/modules/dataset_sharing/services/share_processors/s3_process_share.py
index cb8e284dd..7b79f4013 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_processors/s3_process_share.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_processors/s3_process_share.py
@@ -5,7 +5,7 @@
 from dataall.modules.datasets_base.db.models import DatasetStorageLocation, Dataset
 from dataall.modules.dataset_sharing.db.enums import ShareItemStatus, ShareObjectActions, ShareItemActions
 from dataall.modules.dataset_sharing.db.models import ShareObject
-from dataall.modules.dataset_sharing.services.share_object import ShareObjectService, ShareItemSM
+from dataall.modules.dataset_sharing.db.share_object_repository import ShareObjectRepository, ShareItemSM
 
 log = logging.getLogger(__name__)
 
@@ -64,7 +64,7 @@ def process_approved_shares(
         success = True
         for folder in share_folders:
             log.info(f'sharing folder: {folder}')
-            sharing_item = ShareObjectService.find_share_item_by_folder(
+            sharing_item = ShareObjectRepository.find_share_item_by_folder(
                 session,
                 share,
                 folder,
@@ -129,7 +129,7 @@ def process_revoked_shares(
         success = True
         for folder in revoke_folders:
             log.info(f'revoking access to folder: {folder}')
-            removing_item = ShareObjectService.find_share_item_by_folder(
+            removing_item = ShareObjectRepository.find_share_item_by_folder(
                 session,
                 share,
                 folder,
diff --git a/backend/dataall/modules/datasets/db/dataset_location_repository.py b/backend/dataall/modules/datasets/db/dataset_location_repository.py
index d2809e28e..ffb0617b4 100644
--- a/backend/dataall/modules/datasets/db/dataset_location_repository.py
+++ b/backend/dataall/modules/datasets/db/dataset_location_repository.py
@@ -7,10 +7,10 @@
 from dataall.db.api import Glossary
 from dataall.db import paginate, exceptions
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem
-from dataall.modules.dataset_sharing.services.share_object import ShareItemSM
+from dataall.modules.dataset_sharing.db.share_object_repository import ShareItemSM
 from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base.db.models import DatasetStorageLocation
-from dataall.modules.datasets.services.dataset_permissions import MANAGE_DATASETS, LIST_DATASET_FOLDERS, CREATE_DATASET_FOLDER, \
+from dataall.modules.datasets.services.dataset_permissions import MANAGE_DATASETS, LIST_DATASET_FOLDERS, \
     DELETE_DATASET_FOLDER, UPDATE_DATASET_FOLDER, CREATE_DATASET_FOLDER
 
 logger = logging.getLogger(__name__)
diff --git a/backend/dataall/modules/datasets/db/dataset_service.py b/backend/dataall/modules/datasets/db/dataset_service.py
index 0fe28693f..e4988d853 100644
--- a/backend/dataall/modules/datasets/db/dataset_service.py
+++ b/backend/dataall/modules/datasets/db/dataset_service.py
@@ -19,7 +19,7 @@
 from dataall.db import models, exceptions, paginate, permissions
 from dataall.db.models.Enums import Language, ConfidentialityClassification
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
-from dataall.modules.dataset_sharing.services.share_object import ShareItemSM
+from dataall.modules.dataset_sharing.db.share_object_repository import ShareItemSM
 from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.db.dataset_location_repository import DatasetLocationRepository
diff --git a/backend/dataall/modules/datasets/db/dataset_table_repository.py b/backend/dataall/modules/datasets/db/dataset_table_repository.py
index 5db57a59a..cdf473d03 100644
--- a/backend/dataall/modules/datasets/db/dataset_table_repository.py
+++ b/backend/dataall/modules/datasets/db/dataset_table_repository.py
@@ -7,7 +7,7 @@
 from dataall.db import exceptions, paginate
 from dataall.db.api import Glossary, ResourcePolicy, Environment
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
-from dataall.modules.dataset_sharing.services.share_object import ShareItemSM
+from dataall.modules.dataset_sharing.db.share_object_repository import ShareItemSM
 from dataall.modules.datasets.services.dataset_permissions import MANAGE_DATASETS, CREATE_DATASET_TABLE, DELETE_DATASET_TABLE, \
     UPDATE_DATASET_TABLE
 from dataall.modules.datasets.db.dataset_service import DatasetService
diff --git a/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py b/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py
index bf8ea96b3..c696f0896 100644
--- a/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py
+++ b/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py
@@ -13,7 +13,7 @@
 from dataall.db import api, utils, Resource
 from datetime import datetime
 from dataall.modules.dataset_sharing.db.enums import ShareObjectStatus, ShareableType, ShareItemStatus
-from dataall.modules.dataset_sharing.services.share_object import ShareObjectService
+from dataall.modules.dataset_sharing.db.share_object_repository import ShareObjectRepository
 from dataall.modules.datasets.db.dataset_service import DatasetService
 from dataall.modules.datasets_base.services.permissions import DATASET_TABLE_READ
 
@@ -115,7 +115,7 @@ def upgrade():
             )
         ).all()
         for shared_table in share_table_items:
-            share = ShareObjectService.get_share_by_uri(session, shared_table.shareUri)
+            share = ShareObjectRepository.get_share_by_uri(session, shared_table.shareUri)
             api.ResourcePolicy.attach_resource_policy(
                 session=session,
                 group=share.principalId,
diff --git a/tests/api/test_share.py b/tests/api/test_share.py
index 055208996..e1f6983c0 100644
--- a/tests/api/test_share.py
+++ b/tests/api/test_share.py
@@ -8,7 +8,7 @@
 from dataall.modules.dataset_sharing.db.enums import ShareObjectActions, ShareItemActions, ShareObjectStatus, \
     ShareItemStatus
 from dataall.modules.dataset_sharing.db.models import ShareObject, ShareObjectItem
-from dataall.modules.dataset_sharing.services.share_object import ShareObjectService, ShareItemSM, ShareObjectSM
+from dataall.modules.dataset_sharing.db.share_object_repository import ShareObjectRepository, ShareItemSM, ShareObjectSM
 from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 
 
@@ -1351,9 +1351,9 @@ def test_delete_share_object_remaining_items_error(
 def _successfull_processing_for_share_object(db, share):
     with db.scoped_session() as session:
         print('Processing share with action ShareObjectActions.Start')
-        share = ShareObjectService.get_share_by_uri(session, share.shareUri)
+        share = ShareObjectRepository.get_share_by_uri(session, share.shareUri)
 
-        share_items_states = ShareObjectService.get_share_items_states(session, share.shareUri)
+        share_items_states = ShareObjectRepository.get_share_items_states(session, share.shareUri)
 
         Share_SM = ShareObjectSM(share.status)
         new_share_state = Share_SM.run_transition(ShareObjectActions.Start.value)
@@ -1368,8 +1368,8 @@ def _successfull_processing_for_share_object(db, share):
         print('Processing share with action ShareObjectActions.Finish \
             and ShareItemActions.Success')
 
-        share = ShareObjectService.get_share_by_uri(session, share.shareUri)
-        share_items_states = ShareObjectService.get_share_items_states(session, share.shareUri)
+        share = ShareObjectRepository.get_share_by_uri(session, share.shareUri)
+        share_items_states = ShareObjectRepository.get_share_items_states(session, share.shareUri)
 
         new_share_state = Share_SM.run_transition(ShareObjectActions.Finish.value)
 

From c598dcb218f3c5794640d74b19009e3377d8525e Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 10 May 2023 11:17:21 +0200
Subject: [PATCH 156/346] Introduced DatasetColumnService

---
 .../datasets/api/table_column/resolvers.py    | 82 +++----------------
 .../datasets/db/dataset_column_repository.py  | 42 ++++++++++
 .../services/dataset_column_service.py        | 56 +++++++++++++
 3 files changed, 109 insertions(+), 71 deletions(-)
 create mode 100644 backend/dataall/modules/datasets/db/dataset_column_repository.py
 create mode 100644 backend/dataall/modules/datasets/services/dataset_column_service.py

diff --git a/backend/dataall/modules/datasets/api/table_column/resolvers.py b/backend/dataall/modules/datasets/api/table_column/resolvers.py
index 0d5c05a69..a11a6539d 100644
--- a/backend/dataall/modules/datasets/api/table_column/resolvers.py
+++ b/backend/dataall/modules/datasets/api/table_column/resolvers.py
@@ -1,13 +1,7 @@
-from sqlalchemy import or_
-
-from dataall import db
 from dataall.api.context import Context
-from dataall.aws.handlers.service_handlers import Worker
 from dataall.db import paginate, models
-from dataall.db.api import ResourcePolicy
-from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
+from dataall.modules.datasets.services.dataset_column_service import DatasetColumnService
 from dataall.modules.datasets_base.db.models import DatasetTableColumn, DatasetTable
-from dataall.modules.datasets.services.dataset_permissions import UPDATE_DATASET_TABLE
 
 
 def list_table_columns(
@@ -20,47 +14,13 @@ def list_table_columns(
         tableUri = source.tableUri
     if not filter:
         filter = {}
-    with context.engine.scoped_session() as session:
-        if not source:
-            source = DatasetTableRepository.get_dataset_table_by_uri(session, tableUri)
-        q = (
-            session.query(DatasetTableColumn)
-            .filter(
-                DatasetTableColumn.tableUri == tableUri,
-                DatasetTableColumn.deleted.is_(None),
-            )
-            .order_by(DatasetTableColumn.columnType.asc())
-        )
-        term = filter.get('term')
-        if term:
-            q = q.filter(
-                or_(
-                    DatasetTableColumn.label.ilike('%' + term + '%'),
-                    DatasetTableColumn.description.ilike('%' + term + '%'),
-                )
-            ).order_by(DatasetTableColumn.columnType.asc())
-
-    return paginate(
-        q, page=filter.get('page', 1), page_size=filter.get('pageSize', 65)
-    ).to_dict()
+    DatasetColumnService.paginate_active_columns_for_table(tableUri, **filter)
 
 
 def sync_table_columns(context: Context, source, tableUri: str = None):
-    with context.engine.scoped_session() as session:
-        table: DatasetTable = DatasetTableRepository.get_dataset_table_by_uri(
-            session, tableUri
-        )
-        ResourcePolicy.check_user_resource_permission(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            resource_uri=table.datasetUri,
-            permission_name=UPDATE_DATASET_TABLE,
-        )
-        task = models.Task(action='glue.table.columns', targetUri=table.tableUri)
-        session.add(task)
-    Worker.process(engine=context.engine, task_ids=[task.taskUri], save_response=False)
-    return list_table_columns(context, source=table, tableUri=tableUri)
+    if tableUri is None:
+        return None
+    return DatasetColumnService.sync_table_columns(tableUri)
 
 
 def resolve_terms(context, source: DatasetTableColumn, **kwargs):
@@ -76,31 +36,11 @@ def resolve_terms(context, source: DatasetTableColumn, **kwargs):
 def update_table_column(
     context: Context, source, columnUri: str = None, input: dict = None
 ):
-    with context.engine.scoped_session() as session:
-        column: DatasetTableColumn = session.query(
-            DatasetTableColumn
-        ).get(columnUri)
-        if not column:
-            raise db.exceptions.ObjectNotFound('Column', columnUri)
-        table: DatasetTable = DatasetTableRepository.get_dataset_table_by_uri(
-            session, column.tableUri
-        )
-        ResourcePolicy.check_user_resource_permission(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            resource_uri=table.datasetUri,
-            permission_name=UPDATE_DATASET_TABLE,
-        )
-        column.description = input.get('description', 'No description provided')
-        session.add(column)
-        session.commit()
+    if columnUri is None:
+        return None
 
-        task = models.Task(
-            action='glue.table.update_column', targetUri=column.columnUri
-        )
-        session.add(task)
-        session.commit()
+    if input is None:
+        input = {}
 
-    Worker.queue(engine=context.engine, task_ids=[task.taskUri])
-    return column
+    description = input.get('description', 'No description provided')
+    return DatasetColumnService.update_table_column_description(columnUri, description)
diff --git a/backend/dataall/modules/datasets/db/dataset_column_repository.py b/backend/dataall/modules/datasets/db/dataset_column_repository.py
new file mode 100644
index 000000000..9caf3fa0e
--- /dev/null
+++ b/backend/dataall/modules/datasets/db/dataset_column_repository.py
@@ -0,0 +1,42 @@
+from operator import or_
+
+from dataall.db import paginate
+from dataall.db.exceptions import ObjectNotFound
+from dataall.modules.datasets_base.db.models import DatasetTableColumn
+
+
+class DatasetColumnRepository:
+    @staticmethod
+    def get_column(session, column_uri) -> DatasetTableColumn:
+        column = session.query(DatasetTableColumn).get(column_uri)
+        if not column:
+            raise ObjectNotFound('Column', column_uri)
+        return column
+
+    @staticmethod
+    def save_and_commit(session, column: DatasetTableColumn):
+        session.add(column)
+        session.commit()
+
+    @staticmethod
+    def paginate_active_columns_for_table(session, table_uri: str, term, page, page_size):
+        q = (
+            session.query(DatasetTableColumn)
+            .filter(
+                DatasetTableColumn.tableUri == table_uri,
+                DatasetTableColumn.deleted.is_(None),
+            )
+            .order_by(DatasetTableColumn.columnType.asc())
+        )
+
+        if term:
+            q = q.filter(
+                or_(
+                    DatasetTableColumn.label.ilike('%' + term + '%'),
+                    DatasetTableColumn.description.ilike('%' + term + '%'),
+                )
+            ).order_by(DatasetTableColumn.columnType.asc())
+
+        return paginate(q, page=page, page_size=page_size).to_dict()
+
+
diff --git a/backend/dataall/modules/datasets/services/dataset_column_service.py b/backend/dataall/modules/datasets/services/dataset_column_service.py
new file mode 100644
index 000000000..c2d308846
--- /dev/null
+++ b/backend/dataall/modules/datasets/services/dataset_column_service.py
@@ -0,0 +1,56 @@
+from dataall.aws.handlers.service_handlers import Worker
+from dataall.core.context import get_context
+from dataall.db import models
+from dataall.db.api import ResourcePolicy
+from dataall.modules.datasets.db.dataset_column_repository import DatasetColumnRepository
+from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
+from dataall.modules.datasets.services.dataset_permissions import UPDATE_DATASET_TABLE
+from dataall.modules.datasets_base.db.models import DatasetTable, DatasetTableColumn
+
+
+class DatasetColumnService:
+
+    @staticmethod
+    def paginate_active_columns_for_table(table_uri: str, page=1, pageSize=65, term=None):
+        # TODO THERE WAS NO PERMISSION CHECK!!!
+        with get_context().db_engine.scoped_session() as session:
+            DatasetColumnRepository.paginate_active_columns_for_table(session, table_uri, term, page, pageSize)
+
+    @staticmethod
+    def sync_table_columns(table_uri: str):
+        context = get_context()
+        with context.db_engine.scoped_session() as session:
+            DatasetColumnService._check_resource_permission(session, table_uri, UPDATE_DATASET_TABLE)
+            task = models.Task(action='glue.table.columns', targetUri=table_uri)
+            session.add(task)
+        Worker.process(engine=context.db_engine, task_ids=[task.taskUri], save_response=False)
+        return DatasetColumnService.paginate_active_columns_for_table(table_uri)
+
+    @staticmethod
+    def update_table_column_description(column_uri: str, description) -> DatasetTableColumn:
+        with get_context().db_engine.scoped_session() as session:
+            column: DatasetTableColumn = DatasetColumnRepository.get_column(session, column_uri)
+            DatasetColumnService._check_resource_permission(session, column.tableUri, UPDATE_DATASET_TABLE)
+
+            column.description = description
+
+            task = models.Task(
+                action='glue.table.update_column', targetUri=column.columnUri
+            )
+            session.add(task)
+            session.commit()
+
+        Worker.queue(engine=get_context().db_engine, task_ids=[task.taskUri])
+        return column
+
+    @staticmethod
+    def _check_resource_permission(session, table_uri: str, permission):
+        context = get_context()
+        table: DatasetTable = DatasetTableRepository.get_dataset_table_by_uri(session, table_uri)
+        ResourcePolicy.check_user_resource_permission(
+            session=session,
+            username=context.username,
+            groups=context.groups,
+            resource_uri=table.datasetUri,
+            permission_name=permission,
+        )

From 2331d17b8868e8720a3b7e93ec5dd70304a5b954 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 10 May 2023 17:27:55 +0200
Subject: [PATCH 157/346] Created DatasetTableService

---
 .../modules/datasets/api/table/resolvers.py   | 167 ++-------------
 .../services/dataset_table_service.py         | 191 ++++++++++++++++++
 2 files changed, 206 insertions(+), 152 deletions(-)
 create mode 100644 backend/dataall/modules/datasets/services/dataset_table_service.py

diff --git a/backend/dataall/modules/datasets/api/table/resolvers.py b/backend/dataall/modules/datasets/api/table/resolvers.py
index 8e70ad271..89404a75b 100644
--- a/backend/dataall/modules/datasets/api/table/resolvers.py
+++ b/backend/dataall/modules/datasets/api/table/resolvers.py
@@ -1,36 +1,17 @@
-import json
 import logging
 
-from botocore.exceptions import ClientError
-from pyathena import connect
-
 from dataall import db
 from dataall.modules.datasets.api.dataset.resolvers import get_dataset
 from dataall.api.context import Context
-from dataall.aws.handlers.service_handlers import Worker
-from dataall.aws.handlers.sts import SessionHelper
-from dataall.db import models
-from dataall.db.api import ResourcePolicy, Glossary
+from dataall.db.api import  Glossary
+from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
 from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
-from dataall.modules.datasets.db.dataset_service import DatasetService
-from dataall.modules.datasets.services.dataset_permissions import UPDATE_DATASET_TABLE
-from dataall.modules.datasets_base.services.permissions import PREVIEW_DATASET_TABLE
-from dataall.utils import json_utils
-from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
-from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
 
 log = logging.getLogger(__name__)
 
 
 def create_table(context, source, datasetUri: str = None, input: dict = None):
-    with context.engine.scoped_session() as session:
-        table = DatasetTableRepository.create_dataset_table(
-            session=session,
-            uri=datasetUri,
-            data=input,
-        )
-        DatasetTableIndexer.upsert(session, table_uri=table.tableUri)
-    return table
+    return DatasetTableService.create_table(dataset_uri=datasetUri, table_data=input)
 
 
 def list_dataset_tables(context, source, filter: dict = None):
@@ -38,119 +19,33 @@ def list_dataset_tables(context, source, filter: dict = None):
         return None
     if not filter:
         filter = {}
-    with context.engine.scoped_session() as session:
-        return DatasetTableRepository.list_dataset_tables(
-            session=session,
-            uri=source.datasetUri,
-            data=filter,
-        )
+    return DatasetTableService.list_dataset_tables(dataset_uri=source.datasetUri, filter=filter)
 
 
 def get_table(context, source: Dataset, tableUri: str = None):
-    with context.engine.scoped_session() as session:
-        table = DatasetTableRepository.get_dataset_table_by_uri(session, tableUri)
-        return DatasetTableRepository.get_dataset_table(
-            session=session,
-            uri=table.datasetUri,
-            data={
-                'tableUri': tableUri,
-            },
-        )
+    return DatasetTableService.update_table(table_uri=tableUri)
 
 
 def update_table(context, source, tableUri: str = None, input: dict = None):
-    with context.engine.scoped_session() as session:
-        table = DatasetTableRepository.get_dataset_table_by_uri(session, tableUri)
-
-        dataset = DatasetService.get_dataset_by_uri(session, table.datasetUri)
-
-        input['table'] = table
-        input['tableUri'] = table.tableUri
-
-        DatasetTableRepository.update_dataset_table(
-            session=session,
-            uri=dataset.datasetUri,
-            data=input,
-        )
-        DatasetTableIndexer.upsert(session, table_uri=table.tableUri)
-    return table
+    return DatasetTableService.update_table(table_uri=tableUri, input=input)
 
 
 def delete_table(context, source, tableUri: str = None):
-    with context.engine.scoped_session() as session:
-        table = DatasetTableRepository.get_dataset_table_by_uri(session, tableUri)
-        DatasetTableRepository.delete_dataset_table(
-            session=session,
-            uri=table.datasetUri,
-            data={
-                'tableUri': tableUri,
-            },
-        )
-    DatasetTableIndexer.delete_doc(doc_id=tableUri)
-    return True
+    if not tableUri:
+        return False
+    return DatasetTableService.delete_table(table_uri=tableUri)
 
 
 def preview(context, source, tableUri: str = None):
-    with context.engine.scoped_session() as session:
-        table: DatasetTable = DatasetTableRepository.get_dataset_table_by_uri(
-            session, tableUri
-        )
-        dataset = DatasetService.get_dataset_by_uri(session, table.datasetUri)
-        if (
-            dataset.confidentiality
-            != models.ConfidentialityClassification.Unclassified.value
-        ):
-            ResourcePolicy.check_user_resource_permission(
-                session=session,
-                username=context.username,
-                groups=context.groups,
-                resource_uri=table.tableUri,
-                permission_name=PREVIEW_DATASET_TABLE,
-            )
-        env = db.api.Environment.get_environment_by_uri(session, dataset.environmentUri)
-        env_workgroup = {}
-        boto3_session = SessionHelper.remote_session(accountid=table.AWSAccountId)
-        creds = boto3_session.get_credentials()
-        try:
-            env_workgroup = boto3_session.client(
-                'athena', region_name=env.region
-            ).get_work_group(WorkGroup=env.EnvironmentDefaultAthenaWorkGroup)
-        except ClientError as e:
-            log.info(
-                f'Workgroup {env.EnvironmentDefaultAthenaWorkGroup} can not be found'
-                f'due to: {e}'
-            )
-
-        connection = connect(
-            aws_access_key_id=creds.access_key,
-            aws_secret_access_key=creds.secret_key,
-            aws_session_token=creds.token,
-            work_group=env_workgroup.get('WorkGroup', {}).get('Name', 'primary'),
-            s3_staging_dir=f's3://{env.EnvironmentDefaultBucketName}/preview/{dataset.datasetUri}/{table.tableUri}',
-            region_name=table.region,
-        )
-        cursor = connection.cursor()
-
-        SQL = f'select * from "{table.GlueDatabaseName}"."{table.GlueTableName}" limit 50'  # nosec
-        cursor.execute(SQL)
-        fields = []
-        for f in cursor.description:
-            fields.append(json.dumps({'name': f[0]}))
-        rows = []
-        for row in cursor:
-            rows.append(json.dumps(json_utils.to_json(list(row))))
-
-    return {'rows': rows, 'fields': fields}
+    if not tableUri:
+        return None
+    return DatasetTableService.preview(table_uri=tableUri)
 
 
 def get_glue_table_properties(context: Context, source: DatasetTable, **kwargs):
     if not source:
         return None
-    with context.engine.scoped_session() as session:
-        table: DatasetTable = DatasetTableRepository.get_dataset_table_by_uri(
-            session, source.tableUri
-        )
-        return json_utils.to_string(table.GlueTableProperties).replace('\\', ' ')
+    return DatasetTableService.get_glue_table_properties(source.tableUri)
 
 
 def resolve_dataset(context, source: DatasetTable, **kwargs):
@@ -175,34 +70,7 @@ def resolve_glossary_terms(context: Context, source: DatasetTable, **kwargs):
 
 
 def publish_table_update(context: Context, source, tableUri: str = None):
-    with context.engine.scoped_session() as session:
-        table: DatasetTable = DatasetTableRepository.get_dataset_table_by_uri(
-            session, tableUri
-        )
-        ResourcePolicy.check_user_resource_permission(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            resource_uri=table.datasetUri,
-            permission_name=UPDATE_DATASET_TABLE,
-        )
-        dataset = DatasetService.get_dataset_by_uri(session, table.datasetUri)
-        env = db.api.Environment.get_environment_by_uri(session, dataset.environmentUri)
-        if not env.subscriptionsEnabled or not env.subscriptionsProducersTopicName:
-            raise Exception(
-                'Subscriptions are disabled. '
-                "First enable subscriptions for this dataset's environment then retry."
-            )
-
-        task = models.Task(
-            targetUri=table.datasetUri,
-            action='sns.dataset.publish_update',
-            payload={'s3Prefix': table.S3Prefix},
-        )
-        session.add(task)
-
-    Worker.process(engine=context.engine, task_ids=[task.taskUri], save_response=False)
-    return True
+    return DatasetTableService.publish_table_update(table_uri=tableUri)
 
 
 def resolve_redshift_copy_schema(context, source: DatasetTable, clusterUri: str):
@@ -224,9 +92,4 @@ def resolve_redshift_copy_location(
 
 
 def list_shared_tables_by_env_dataset(context: Context, source, datasetUri: str, envUri: str, filter: dict = None):
-    with context.engine.scoped_session() as session:
-        return DatasetTableRepository.get_dataset_tables_shared_with_env(
-            session,
-            envUri,
-            datasetUri
-        )
+    return DatasetTableService.list_shared_tables_by_env_dataset(datasetUri, envUri)
diff --git a/backend/dataall/modules/datasets/services/dataset_table_service.py b/backend/dataall/modules/datasets/services/dataset_table_service.py
new file mode 100644
index 000000000..f3585422c
--- /dev/null
+++ b/backend/dataall/modules/datasets/services/dataset_table_service.py
@@ -0,0 +1,191 @@
+import json
+import logging
+
+from botocore.exceptions import ClientError
+from pyathena import connect
+
+from dataall.aws.handlers.service_handlers import Worker
+from dataall.aws.handlers.sts import SessionHelper
+from dataall.core.context import get_context
+from dataall.db import models
+from dataall.db.api import ResourcePolicy, Environment
+from dataall.modules.datasets import DatasetTableIndexer
+from dataall.modules.datasets.db.dataset_service import DatasetService
+from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
+from dataall.modules.datasets.services.dataset_permissions import UPDATE_DATASET_TABLE
+from dataall.modules.datasets_base.db.models import Dataset, DatasetTable
+from dataall.modules.datasets_base.services.permissions import PREVIEW_DATASET_TABLE
+from dataall.utils import json_utils
+
+log = logging.getLogger(__name__)
+
+
+class DatasetTableService:
+
+    @staticmethod
+    def create_table(dataset_uri: str, table_data: dict):
+        with get_context().db_engine.scoped_session() as session:
+            table = DatasetTableRepository.create_dataset_table(
+                session=session,
+                uri=dataset_uri,
+                data=table_data,
+            )
+        DatasetTableIndexer.upsert(session, table_uri=table.tableUri)
+        return table
+
+    @staticmethod
+    def list_dataset_tables(dataset_uri: str, filter: dict):
+        with get_context().db_engine.scoped_session() as session:
+            return DatasetTableRepository.list_dataset_tables(
+                session=session,
+                uri=dataset_uri,
+                data=filter,
+            )
+
+    @staticmethod
+    def get_table(table_uri: str):
+        with get_context().db_engine.scoped_session() as session:
+            table = DatasetTableRepository.get_dataset_table_by_uri(session, table_uri)
+            return DatasetTableRepository.get_dataset_table(
+                session=session,
+                uri=table.datasetUri,
+                data={
+                    'tableUri': table_uri,
+                },
+            )
+
+    @staticmethod
+    def update_table(table_uri: str, input: dict = None):
+        with get_context().db_engine.scoped_session() as session:
+            table = DatasetTableRepository.get_dataset_table_by_uri(session, table_uri)
+            dataset = DatasetService.get_dataset_by_uri(session, table.datasetUri)
+
+            input['table'] = table
+            input['tableUri'] = table.tableUri
+
+            DatasetTableRepository.update_dataset_table(
+                session=session,
+                uri=dataset.datasetUri,
+                data=input,
+            )
+        DatasetTableIndexer.upsert(session, table_uri=table.tableUri)
+        return table
+
+    @staticmethod
+    def delete_table(table_uri: str):
+        with get_context().db_engine.scoped_session() as session:
+            table = DatasetTableRepository.get_dataset_table_by_uri(session, table_uri)
+            DatasetTableRepository.delete_dataset_table(
+                session=session,
+                uri=table.datasetUri,
+                data={
+                    'tableUri': table_uri,
+                },
+            )
+        DatasetTableIndexer.delete_doc(doc_id=table_uri)
+        return True
+
+    @staticmethod
+    def preview(table_uri: str):
+        context = get_context()
+        with context.db_engine.scoped_session() as session:
+            table: DatasetTable = DatasetTableRepository.get_dataset_table_by_uri(
+                session, table_uri
+            )
+            dataset = DatasetService.get_dataset_by_uri(session, table.datasetUri)
+            if (
+                    dataset.confidentiality
+                    != models.ConfidentialityClassification.Unclassified.value
+            ):
+                ResourcePolicy.check_user_resource_permission(
+                    session=session,
+                    username=context.username,
+                    groups=context.groups,
+                    resource_uri=table.tableUri,
+                    permission_name=PREVIEW_DATASET_TABLE,
+                )
+            env = Environment.get_environment_by_uri(session, dataset.environmentUri)
+            env_workgroup = {}
+            boto3_session = SessionHelper.remote_session(accountid=table.AWSAccountId)
+            creds = boto3_session.get_credentials()
+            try:
+                env_workgroup = boto3_session.client(
+                    'athena', region_name=env.region
+                ).get_work_group(WorkGroup=env.EnvironmentDefaultAthenaWorkGroup)
+            except ClientError as e:
+                log.info(
+                    f'Workgroup {env.EnvironmentDefaultAthenaWorkGroup} can not be found'
+                    f'due to: {e}'
+                )
+
+            connection = connect(
+                aws_access_key_id=creds.access_key,
+                aws_secret_access_key=creds.secret_key,
+                aws_session_token=creds.token,
+                work_group=env_workgroup.get('WorkGroup', {}).get('Name', 'primary'),
+                s3_staging_dir=f's3://{env.EnvironmentDefaultBucketName}/preview/{dataset.datasetUri}/{table.tableUri}',
+                region_name=table.region,
+            )
+            cursor = connection.cursor()
+
+            sql = f'select * from "{table.GlueDatabaseName}"."{table.GlueTableName}" limit 50'  # nosec
+            cursor.execute(sql)
+            fields = []
+            for f in cursor.description:
+                fields.append(json.dumps({'name': f[0]}))
+            rows = []
+            for row in cursor:
+                rows.append(json.dumps(json_utils.to_json(list(row))))
+
+        return {'rows': rows, 'fields': fields}
+
+    @staticmethod
+    def get_glue_table_properties(table_uri: str):
+        with get_context().db_engine.scoped_session() as session:
+            table: DatasetTable = DatasetTableRepository.get_dataset_table_by_uri(
+                session, table_uri
+            )
+            return json_utils.to_string(table.GlueTableProperties).replace('\\', ' ')
+
+    @staticmethod
+    def publish_table_update(table_uri: str):
+        context = get_context()
+        with context.db_engine.scoped_session() as session:
+            table: DatasetTable = DatasetTableRepository.get_dataset_table_by_uri(
+                session, table_uri
+            )
+            ResourcePolicy.check_user_resource_permission(
+                session=session,
+                username=context.username,
+                groups=context.groups,
+                resource_uri=table.datasetUri,
+                permission_name=UPDATE_DATASET_TABLE,
+            )
+            dataset = DatasetService.get_dataset_by_uri(session, table.datasetUri)
+            env = Environment.get_environment_by_uri(session, dataset.environmentUri)
+            if not env.subscriptionsEnabled or not env.subscriptionsProducersTopicName:
+                raise Exception(
+                    'Subscriptions are disabled. '
+                    "First enable subscriptions for this dataset's environment then retry."
+                )
+
+            task = models.Task(
+                targetUri=table.datasetUri,
+                action='sns.dataset.publish_update',
+                payload={'s3Prefix': table.S3Prefix},
+            )
+            session.add(task)
+
+        Worker.process(engine=context.db_engine, task_ids=[task.taskUri], save_response=False)
+        return True
+
+    @staticmethod
+    def list_shared_tables_by_env_dataset(dataset_uri: str, env_uri: str):
+        with get_context().db_engine.scoped_session() as session:
+            return DatasetTableRepository.get_dataset_tables_shared_with_env(
+                session,
+                dataset_uri,
+                env_uri
+            )
+
+

From 95557ba68d662411e4e8bab1f19e3d3a34ea2f6b Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 10 May 2023 17:37:37 +0200
Subject: [PATCH 158/346] Extracted AthenaTableClient

---
 .../datasets/aws/athena_table_client.py       | 58 +++++++++++++++++++
 .../services/dataset_table_service.py         | 39 +------------
 2 files changed, 60 insertions(+), 37 deletions(-)
 create mode 100644 backend/dataall/modules/datasets/aws/athena_table_client.py

diff --git a/backend/dataall/modules/datasets/aws/athena_table_client.py b/backend/dataall/modules/datasets/aws/athena_table_client.py
new file mode 100644
index 000000000..d3132df3f
--- /dev/null
+++ b/backend/dataall/modules/datasets/aws/athena_table_client.py
@@ -0,0 +1,58 @@
+import json
+import logging
+from pyathena import connect
+
+from botocore.exceptions import ClientError
+
+from dataall.aws.handlers.sts import SessionHelper
+from dataall.db.models import Environment
+from dataall.modules.datasets_base.db.models import DatasetTable
+from dataall.utils import json_utils
+
+
+log = logging.getLogger(__name__)
+
+
+class AthenaTableClient:
+
+    def __init__(self, env: Environment, table: DatasetTable):
+        session = SessionHelper.remote_session(accountid=table.AWSAccountId)
+        self._client = session.client('athena', region_name=env.region)
+        self._creds = session.get_credentials()
+        self._env = env
+        self._table = table
+
+    def get_table(self, dataset_uri):
+        env = self._env
+        table = self._table
+        creds = self._creds
+
+        env_workgroup = {}
+        try:
+            env_workgroup = self._client.get_work_group(WorkGroup=env.EnvironmentDefaultAthenaWorkGroup)
+        except ClientError as e:
+            log.info(
+                f'Workgroup {env.EnvironmentDefaultAthenaWorkGroup} can not be found'
+                f'due to: {e}'
+            )
+
+        connection = connect(
+            aws_access_key_id=creds.access_key,
+            aws_secret_access_key=creds.secret_key,
+            aws_session_token=creds.token,
+            work_group=env_workgroup.get('WorkGroup', {}).get('Name', 'primary'),
+            s3_staging_dir=f's3://{env.EnvironmentDefaultBucketName}/preview/{dataset_uri}/{table.tableUri}',
+            region_name=table.region,
+        )
+        cursor = connection.cursor()
+
+        sql = f'select * from "{table.GlueDatabaseName}"."{table.GlueTableName}" limit 50'  # nosec
+        cursor.execute(sql)
+        fields = []
+        for f in cursor.description:
+            fields.append(json.dumps({'name': f[0]}))
+        rows = []
+        for row in cursor:
+            rows.append(json.dumps(json_utils.to_json(list(row))))
+
+        return {'rows': rows, 'fields': fields}
diff --git a/backend/dataall/modules/datasets/services/dataset_table_service.py b/backend/dataall/modules/datasets/services/dataset_table_service.py
index f3585422c..fc16fc564 100644
--- a/backend/dataall/modules/datasets/services/dataset_table_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_table_service.py
@@ -1,15 +1,12 @@
-import json
 import logging
 
-from botocore.exceptions import ClientError
-from pyathena import connect
 
 from dataall.aws.handlers.service_handlers import Worker
-from dataall.aws.handlers.sts import SessionHelper
 from dataall.core.context import get_context
 from dataall.db import models
 from dataall.db.api import ResourcePolicy, Environment
 from dataall.modules.datasets import DatasetTableIndexer
+from dataall.modules.datasets.aws.athena_table_client import AthenaTableClient
 from dataall.modules.datasets.db.dataset_service import DatasetService
 from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
 from dataall.modules.datasets.services.dataset_permissions import UPDATE_DATASET_TABLE
@@ -105,39 +102,7 @@ def preview(table_uri: str):
                     permission_name=PREVIEW_DATASET_TABLE,
                 )
             env = Environment.get_environment_by_uri(session, dataset.environmentUri)
-            env_workgroup = {}
-            boto3_session = SessionHelper.remote_session(accountid=table.AWSAccountId)
-            creds = boto3_session.get_credentials()
-            try:
-                env_workgroup = boto3_session.client(
-                    'athena', region_name=env.region
-                ).get_work_group(WorkGroup=env.EnvironmentDefaultAthenaWorkGroup)
-            except ClientError as e:
-                log.info(
-                    f'Workgroup {env.EnvironmentDefaultAthenaWorkGroup} can not be found'
-                    f'due to: {e}'
-                )
-
-            connection = connect(
-                aws_access_key_id=creds.access_key,
-                aws_secret_access_key=creds.secret_key,
-                aws_session_token=creds.token,
-                work_group=env_workgroup.get('WorkGroup', {}).get('Name', 'primary'),
-                s3_staging_dir=f's3://{env.EnvironmentDefaultBucketName}/preview/{dataset.datasetUri}/{table.tableUri}',
-                region_name=table.region,
-            )
-            cursor = connection.cursor()
-
-            sql = f'select * from "{table.GlueDatabaseName}"."{table.GlueTableName}" limit 50'  # nosec
-            cursor.execute(sql)
-            fields = []
-            for f in cursor.description:
-                fields.append(json.dumps({'name': f[0]}))
-            rows = []
-            for row in cursor:
-                rows.append(json.dumps(json_utils.to_json(list(row))))
-
-        return {'rows': rows, 'fields': fields}
+            return AthenaTableClient(env, table).get_table(dataset_uri=dataset.datasetUri)
 
     @staticmethod
     def get_glue_table_properties(table_uri: str):

From 445e25a91a91b6477b27373a663dd3d1d14eb37d Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 11 May 2023 10:46:30 +0200
Subject: [PATCH 159/346] Split logic between service and repo for DatasetTable

---
 backend/dataall/core/permission_checker.py    |  13 +-
 .../db/share_object_repository.py             |  19 +++
 .../modules/datasets/api/table/resolvers.py   |   8 +-
 .../datasets/db/dataset_table_repository.py   | 141 ++--------------
 .../services/dataset_table_service.py         | 151 +++++++++++-------
 5 files changed, 136 insertions(+), 196 deletions(-)

diff --git a/backend/dataall/core/permission_checker.py b/backend/dataall/core/permission_checker.py
index 784665996..1fccd8fb4 100644
--- a/backend/dataall/core/permission_checker.py
+++ b/backend/dataall/core/permission_checker.py
@@ -3,7 +3,7 @@
 and interact with resources or do some actions in the app
 """
 import contextlib
-from typing import Protocol
+from typing import Protocol, Callable
 
 from dataall.core.context import RequestContext, get_context
 from dataall.db.api import TenantPolicy, ResourcePolicy, Environment
@@ -11,7 +11,7 @@
 
 class Identifiable(Protocol):
     """Protocol to identify resources for checking permissions"""
-    def get_uri(self) -> str:
+    def get_resource_uri(self) -> str:
         ...
 
 
@@ -56,9 +56,8 @@ def no_decorated(f):
 
     static_func = False
     try:
-        func.__func__
-        static_func = True
         fn = func.__func__
+        static_func = True
     except AttributeError:
         fn = func
 
@@ -66,7 +65,7 @@ def no_decorated(f):
     return fn, staticmethod if static_func else no_decorated
 
 
-def has_resource_permission(permission: str, resource_name: str = None):
+def has_resource_permission(permission: str, resource_name: str = None, parent_resource: Callable = None):
     """
     Decorator that check if a user has access to the resource.
     The method or function decorated with this decorator must have a URI of accessing resource
@@ -80,11 +79,13 @@ def decorated(*args, **kwargs):
             uri: str
             if resource_name:
                 resource: Identifiable = kwargs[resource_name]
-                uri = resource.get_uri()
+                uri = resource.get_resource_uri()
             else:
                 uri = kwargs["uri"]
 
             with get_context().db_engine.scoped_session() as session:
+                if parent_resource:
+                    uri = parent_resource(session, uri)
                 _check_resource_permission(session, uri, permission)
 
             return fn(*args, **kwargs)
diff --git a/backend/dataall/modules/dataset_sharing/db/share_object_repository.py b/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
index 6f88548ee..a2c83ac10 100644
--- a/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
+++ b/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
@@ -1402,3 +1402,22 @@ def resolve_share_object_statistics(session, uri, **kwargs):
             .count()
         )
         return {'tables': tables, 'locations': locations, 'sharedItems': shared_items, 'revokedItems': revoked_items, 'failedItems': failed_items, 'pendingItems': pending_items}
+
+    @staticmethod
+    def has_shared_items(session, item_uri: str) -> int:
+        share_item_shared_states = ShareItemSM.get_share_item_shared_states()
+        return (
+            session.query(ShareObjectItem)
+            .filter(
+                and_(
+                    ShareObjectItem.itemUri == item_uri,
+                    ShareObjectItem.status.in_(share_item_shared_states)
+                )
+            )
+            .count()
+        )
+
+    @staticmethod
+    def delete_shares(session, item_uri: str):
+        session.query(ShareObjectItem).filter(ShareObjectItem.itemUri == item_uri).delete()
+
diff --git a/backend/dataall/modules/datasets/api/table/resolvers.py b/backend/dataall/modules/datasets/api/table/resolvers.py
index 89404a75b..d400f0b74 100644
--- a/backend/dataall/modules/datasets/api/table/resolvers.py
+++ b/backend/dataall/modules/datasets/api/table/resolvers.py
@@ -19,11 +19,11 @@ def list_dataset_tables(context, source, filter: dict = None):
         return None
     if not filter:
         filter = {}
-    return DatasetTableService.list_dataset_tables(dataset_uri=source.datasetUri, filter=filter)
+    return DatasetTableService.list_dataset_tables(dataset_uri=source.datasetUri, **filter)
 
 
 def get_table(context, source: Dataset, tableUri: str = None):
-    return DatasetTableService.update_table(table_uri=tableUri)
+    return DatasetTableService.get_table(table_uri=tableUri)
 
 
 def update_table(context, source, tableUri: str = None, input: dict = None):
@@ -33,7 +33,7 @@ def update_table(context, source, tableUri: str = None, input: dict = None):
 def delete_table(context, source, tableUri: str = None):
     if not tableUri:
         return False
-    return DatasetTableService.delete_table(table_uri=tableUri)
+    return DatasetTableService.delete_table(uri=tableUri)
 
 
 def preview(context, source, tableUri: str = None):
@@ -70,7 +70,7 @@ def resolve_glossary_terms(context: Context, source: DatasetTable, **kwargs):
 
 
 def publish_table_update(context: Context, source, tableUri: str = None):
-    return DatasetTableService.publish_table_update(table_uri=tableUri)
+    return DatasetTableService.publish_table_update(uri=tableUri)
 
 
 def resolve_redshift_copy_schema(context, source: DatasetTable, clusterUri: str):
diff --git a/backend/dataall/modules/datasets/db/dataset_table_repository.py b/backend/dataall/modules/datasets/db/dataset_table_repository.py
index cdf473d03..bfcf7ef18 100644
--- a/backend/dataall/modules/datasets/db/dataset_table_repository.py
+++ b/backend/dataall/modules/datasets/db/dataset_table_repository.py
@@ -2,15 +2,10 @@
 
 from sqlalchemy.sql import and_
 
-from dataall.core.context import get_context
-from dataall.core.permission_checker import has_tenant_permission, has_resource_permission
 from dataall.db import exceptions, paginate
 from dataall.db.api import Glossary, ResourcePolicy, Environment
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
 from dataall.modules.dataset_sharing.db.share_object_repository import ShareItemSM
-from dataall.modules.datasets.services.dataset_permissions import MANAGE_DATASETS, CREATE_DATASET_TABLE, DELETE_DATASET_TABLE, \
-    UPDATE_DATASET_TABLE
-from dataall.modules.datasets.db.dataset_service import DatasetService
 from dataall.modules.datasets_base.services.permissions import DATASET_TABLE_READ
 from dataall.utils import json_utils
 from dataall.modules.datasets_base.db.models import DatasetTableColumn, DatasetTable, Dataset
@@ -19,34 +14,28 @@
 
 
 class DatasetTableRepository:
+
     @staticmethod
-    @has_tenant_permission(MANAGE_DATASETS)
-    @has_resource_permission(CREATE_DATASET_TABLE)
-    def create_dataset_table(
-        session,
-        uri: str,
-        data: dict = None,
-    ) -> DatasetTable:
-        dataset = DatasetService.get_dataset_by_uri(session, uri)
-        exists = (
+    def save(session, table: DatasetTable):
+        session.add(table)
+
+    @staticmethod
+    def exists(session, dataset_uri, glue_table_name):
+        return (
             session.query(DatasetTable)
             .filter(
                 and_(
-                    DatasetTable.datasetUri == uri,
-                    DatasetTable.GlueTableName == data['name'],
+                    DatasetTable.datasetUri == dataset_uri,
+                    DatasetTable.GlueTableName == glue_table_name,
                 )
             )
             .count()
         )
 
-        if exists:
-            raise exceptions.ResourceAlreadyExists(
-                action='Create Table',
-                message=f'table: {data["name"]} already exist on dataset {uri}',
-            )
-
+    @staticmethod
+    def create_dataset_table(session, dataset: Dataset, data: dict = None) -> DatasetTable:
         table = DatasetTable(
-            datasetUri=uri,
+            datasetUri=dataset.datasetUri,
             label=data['name'],
             name=data['name'],
             description=data.get('description', 'No description provided'),
@@ -61,108 +50,23 @@ def create_dataset_table(
             region=dataset.region,
         )
         session.add(table)
-        if data.get('terms') is not None:
-            Glossary.set_glossary_terms_links(
-                session, get_context().username, table.tableUri, 'DatasetTable', data.get('terms', [])
-            )
         session.commit()
-
-        # ADD DATASET TABLE PERMISSIONS
-        environment = Environment.get_environment_by_uri(session, dataset.environmentUri)
-        permission_group = set([dataset.SamlAdminGroupName, environment.SamlGroupName, dataset.stewards if dataset.stewards is not None else dataset.SamlAdminGroupName])
-        for group in permission_group:
-            ResourcePolicy.attach_resource_policy(
-                session=session,
-                group=group,
-                permissions=DATASET_TABLE_READ,
-                resource_uri=table.tableUri,
-                resource_type=DatasetTable.__name__,
-            )
         return table
 
     @staticmethod
-    @has_tenant_permission(MANAGE_DATASETS)
-    def list_dataset_tables(
-        session,
-        uri: str,
-        data: dict = None,
-    ) -> dict:
+    def paginate_dataset_tables(session, dataset_uri, term, page, page_size) -> dict:
         query = (
             session.query(DatasetTable)
-            .filter(DatasetTable.datasetUri == uri)
+            .filter(DatasetTable.datasetUri == dataset_uri)
             .order_by(DatasetTable.created.desc())
         )
-        if data.get('term'):
-            term = data.get('term')
+        if term:
             query = query.filter(DatasetTable.label.ilike('%' + term + '%'))
-        return paginate(
-            query, page=data.get('page', 1), page_size=data.get('pageSize', 10)
-        ).to_dict()
-
-    @staticmethod
-    @has_tenant_permission(MANAGE_DATASETS)
-    def get_dataset_table(
-        session,
-        uri: str,
-        data: dict = None,
-    ) -> DatasetTable:
-        return DatasetTableRepository.get_dataset_table_by_uri(session, data['tableUri'])
-
-    @staticmethod
-    @has_tenant_permission(MANAGE_DATASETS)
-    @has_resource_permission(UPDATE_DATASET_TABLE)
-    def update_dataset_table(
-        session,
-        uri: str,
-        data: dict = None,
-    ):
-        table = data.get(
-            'table',
-            DatasetTableRepository.get_dataset_table_by_uri(session, data['tableUri']),
-        )
-
-        for k in [attr for attr in data.keys() if attr != 'term']:
-            setattr(table, k, data.get(k))
-
-        if data.get('terms') is not None:
-            Glossary.set_glossary_terms_links(
-                session, get_context().username, table.tableUri, 'DatasetTable', data.get('terms', [])
-            )
-
-        return table
+        return paginate(query, page=page, page_size=page_size).to_dict()
 
     @staticmethod
-    @has_tenant_permission(MANAGE_DATASETS)
-    @has_resource_permission(DELETE_DATASET_TABLE)
-    def delete_dataset_table(
-        session,
-        uri: str,
-        data: dict = None,
-    ):
-        table = DatasetTableRepository.get_dataset_table_by_uri(session, data['tableUri'])
-        share_item_shared_states = ShareItemSM.get_share_item_shared_states()
-        share_item = (
-            session.query(ShareObjectItem)
-            .filter(
-                and_(
-                    ShareObjectItem.itemUri == table.tableUri,
-                    ShareObjectItem.status.in_(share_item_shared_states)
-                )
-            )
-            .first()
-        )
-        if share_item:
-            raise exceptions.ResourceShared(
-                action=DELETE_DATASET_TABLE,
-                message='Revoke all table shares before deletion',
-            )
-        session.query(ShareObjectItem).filter(
-            ShareObjectItem.itemUri == table.tableUri,
-        ).delete()
+    def delete_dataset_table(session, table: DatasetTable):
         session.delete(table)
-        Glossary.delete_glossary_terms_links(
-            session, target_uri=table.tableUri, target_type='DatasetTable'
-        )
         return True
 
     @staticmethod
@@ -196,17 +100,6 @@ def query_dataset_tables_shared_with_env(
 
         return env_tables_shared
 
-    @staticmethod
-    def get_dataset_tables_shared_with_env(
-        session, environment_uri: str, dataset_uri: str
-    ):
-        return [
-            {"tableUri": t.tableUri, "GlueTableName": t.GlueTableName}
-            for t in DatasetTableRepository.query_dataset_tables_shared_with_env(
-                session, environment_uri, dataset_uri
-            )
-        ]
-
     @staticmethod
     def get_dataset_table_by_uri(session, table_uri):
         table: DatasetTable = session.query(DatasetTable).get(table_uri)
diff --git a/backend/dataall/modules/datasets/services/dataset_table_service.py b/backend/dataall/modules/datasets/services/dataset_table_service.py
index fc16fc564..70c9394d7 100644
--- a/backend/dataall/modules/datasets/services/dataset_table_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_table_service.py
@@ -3,83 +3,118 @@
 
 from dataall.aws.handlers.service_handlers import Worker
 from dataall.core.context import get_context
+from dataall.core.permission_checker import has_resource_permission, has_tenant_permission
 from dataall.db import models
-from dataall.db.api import ResourcePolicy, Environment
+from dataall.db.api import ResourcePolicy, Environment, Glossary
+from dataall.db.exceptions import ResourceShared, ResourceAlreadyExists
+from dataall.modules.dataset_sharing.db.share_object_repository import ShareObjectRepository
 from dataall.modules.datasets import DatasetTableIndexer
 from dataall.modules.datasets.aws.athena_table_client import AthenaTableClient
 from dataall.modules.datasets.db.dataset_service import DatasetService
 from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
-from dataall.modules.datasets.services.dataset_permissions import UPDATE_DATASET_TABLE
-from dataall.modules.datasets_base.db.models import Dataset, DatasetTable
-from dataall.modules.datasets_base.services.permissions import PREVIEW_DATASET_TABLE
+from dataall.modules.datasets.services.dataset_permissions import UPDATE_DATASET_TABLE, MANAGE_DATASETS, \
+    DELETE_DATASET_TABLE, CREATE_DATASET_TABLE
+from dataall.modules.datasets_base.db.models import DatasetTable
+from dataall.modules.datasets_base.services.permissions import PREVIEW_DATASET_TABLE, DATASET_TABLE_READ
 from dataall.utils import json_utils
 
 log = logging.getLogger(__name__)
 
 
 class DatasetTableService:
+    @staticmethod
+    def _get_dataset_uri(session, table_uri):
+        table = DatasetTableRepository.get_dataset_table_by_uri(session, table_uri)
+        return table.datasetUri
 
     @staticmethod
-    def create_table(dataset_uri: str, table_data: dict):
+    @has_tenant_permission(MANAGE_DATASETS)
+    @has_resource_permission(CREATE_DATASET_TABLE)
+    def create_table(uri: str, table_data: dict):
         with get_context().db_engine.scoped_session() as session:
-            table = DatasetTableRepository.create_dataset_table(
-                session=session,
-                uri=dataset_uri,
-                data=table_data,
-            )
+            dataset = DatasetService.get_dataset_by_uri(session, uri)
+            glue_table = table_data['name']
+            exists = DatasetTableRepository.exists(session, dataset_uri=uri, glue_table_name=glue_table)
+
+            if exists:
+                raise ResourceAlreadyExists(
+                    action='Create Table',
+                    message=f'table: {glue_table} already exist on dataset {uri}',
+                )
+
+            table = DatasetTableRepository.create_dataset_table(session, dataset, table_data)
+
+            if 'terms' in table_data:
+                Glossary.set_glossary_terms_links(
+                    session, get_context().username, table.tableUri, 'DatasetTable', table_data['terms']
+                )
+
+            # ADD DATASET TABLE PERMISSIONS
+            environment = Environment.get_environment_by_uri(session, dataset.environmentUri)
+            permission_group = {dataset.SamlAdminGroupName, environment.SamlGroupName,
+                                dataset.stewards if dataset.stewards is not None else dataset.SamlAdminGroupName}
+            for group in permission_group:
+                ResourcePolicy.attach_resource_policy(
+                    session=session,
+                    group=group,
+                    permissions=DATASET_TABLE_READ,
+                    resource_uri=table.tableUri,
+                    resource_type=DatasetTable.__name__,
+                )
         DatasetTableIndexer.upsert(session, table_uri=table.tableUri)
         return table
 
     @staticmethod
-    def list_dataset_tables(dataset_uri: str, filter: dict):
+    @has_tenant_permission(MANAGE_DATASETS)
+    def list_dataset_tables(dataset_uri: str, term=None, page=1, pageSize=10):
         with get_context().db_engine.scoped_session() as session:
-            return DatasetTableRepository.list_dataset_tables(
-                session=session,
-                uri=dataset_uri,
-                data=filter,
-            )
+            return DatasetTableRepository.paginate_dataset_tables(session, dataset_uri, term, page, pageSize)
 
     @staticmethod
+    @has_tenant_permission(MANAGE_DATASETS)
     def get_table(table_uri: str):
         with get_context().db_engine.scoped_session() as session:
-            table = DatasetTableRepository.get_dataset_table_by_uri(session, table_uri)
-            return DatasetTableRepository.get_dataset_table(
-                session=session,
-                uri=table.datasetUri,
-                data={
-                    'tableUri': table_uri,
-                },
-            )
+            return DatasetTableRepository.get_dataset_table_by_uri(session, table_uri)
 
     @staticmethod
-    def update_table(table_uri: str, input: dict = None):
+    @has_tenant_permission(MANAGE_DATASETS)
+    @has_resource_permission(UPDATE_DATASET_TABLE, parent_resource=_get_dataset_uri)
+    def update_table(table_uri: str, table_data: dict = None):
         with get_context().db_engine.scoped_session() as session:
             table = DatasetTableRepository.get_dataset_table_by_uri(session, table_uri)
-            dataset = DatasetService.get_dataset_by_uri(session, table.datasetUri)
 
-            input['table'] = table
-            input['tableUri'] = table.tableUri
+            for k in [attr for attr in table_data.keys() if attr != 'terms']:
+                setattr(table, k, table_data.get(k))
+
+            DatasetTableRepository.save(session, table)
+            if 'terms' in table_data:
+                Glossary.set_glossary_terms_links(
+                    session, get_context().username, table.tableUri, 'DatasetTable', table_data['terms']
+                )
 
-            DatasetTableRepository.update_dataset_table(
-                session=session,
-                uri=dataset.datasetUri,
-                data=input,
-            )
         DatasetTableIndexer.upsert(session, table_uri=table.tableUri)
         return table
 
     @staticmethod
-    def delete_table(table_uri: str):
+    @has_tenant_permission(MANAGE_DATASETS)
+    @has_resource_permission(DELETE_DATASET_TABLE, parent_resource=_get_dataset_uri)
+    def delete_table(uri: str):
         with get_context().db_engine.scoped_session() as session:
-            table = DatasetTableRepository.get_dataset_table_by_uri(session, table_uri)
-            DatasetTableRepository.delete_dataset_table(
-                session=session,
-                uri=table.datasetUri,
-                data={
-                    'tableUri': table_uri,
-                },
+            table = DatasetTableRepository.get_dataset_table_by_uri(session, uri)
+            has_share = ShareObjectRepository.has_shared_items(session, table.tableUri)
+            if has_share:
+                raise ResourceShared(
+                    action=DELETE_DATASET_TABLE,
+                    message='Revoke all table shares before deletion',
+                )
+
+            ShareObjectRepository.delete_shares(session, table.tableUri)
+            DatasetTableRepository.delete_dataset_table(session, table)
+
+            Glossary.delete_glossary_terms_links(
+                session, target_uri=table.tableUri, target_type='DatasetTable'
             )
-        DatasetTableIndexer.delete_doc(doc_id=table_uri)
+        DatasetTableIndexer.delete_doc(doc_id=uri)
         return True
 
     @staticmethod
@@ -106,26 +141,17 @@ def preview(table_uri: str):
 
     @staticmethod
     def get_glue_table_properties(table_uri: str):
+        # TODO THERE WAS NO PERMISSION CHECK
         with get_context().db_engine.scoped_session() as session:
-            table: DatasetTable = DatasetTableRepository.get_dataset_table_by_uri(
-                session, table_uri
-            )
+            table: DatasetTable = DatasetTableRepository.get_dataset_table_by_uri(session, table_uri)
             return json_utils.to_string(table.GlueTableProperties).replace('\\', ' ')
 
     @staticmethod
-    def publish_table_update(table_uri: str):
+    @has_resource_permission(UPDATE_DATASET_TABLE, parent_resource=_get_dataset_uri)
+    def publish_table_update(uri: str):
         context = get_context()
         with context.db_engine.scoped_session() as session:
-            table: DatasetTable = DatasetTableRepository.get_dataset_table_by_uri(
-                session, table_uri
-            )
-            ResourcePolicy.check_user_resource_permission(
-                session=session,
-                username=context.username,
-                groups=context.groups,
-                resource_uri=table.datasetUri,
-                permission_name=UPDATE_DATASET_TABLE,
-            )
+            table: DatasetTable = DatasetTableRepository.get_dataset_table_by_uri(session, uri)
             dataset = DatasetService.get_dataset_by_uri(session, table.datasetUri)
             env = Environment.get_environment_by_uri(session, dataset.environmentUri)
             if not env.subscriptionsEnabled or not env.subscriptionsProducersTopicName:
@@ -146,11 +172,12 @@ def publish_table_update(table_uri: str):
 
     @staticmethod
     def list_shared_tables_by_env_dataset(dataset_uri: str, env_uri: str):
+        # TODO THERE WAS NO PERMISSION CHECK
         with get_context().db_engine.scoped_session() as session:
-            return DatasetTableRepository.get_dataset_tables_shared_with_env(
-                session,
-                dataset_uri,
-                env_uri
-            )
-
+            return [
+                {"tableUri": t.tableUri, "GlueTableName": t.GlueTableName}
+                for t in DatasetTableRepository.query_dataset_tables_shared_with_env(
+                    session, env_uri, dataset_uri
+                )
+            ]
 

From 22c970b32a94e90eeb910248db18dd8cfcdec65b Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 11 May 2023 12:25:33 +0200
Subject: [PATCH 160/346] Split logic between service and repo for DatasetTable

---
 .../datasets/db/dataset_table_repository.py   | 103 ++++++------------
 .../datasets/handlers/glue_table_handler.py   |   4 +-
 .../services/dataset_table_service.py         |  63 ++++++++---
 .../modules/datasets/tasks/tables_syncer.py   |   4 +-
 tests/api/test_dataset_table.py               |   4 +-
 5 files changed, 88 insertions(+), 90 deletions(-)

diff --git a/backend/dataall/modules/datasets/db/dataset_table_repository.py b/backend/dataall/modules/datasets/db/dataset_table_repository.py
index bfcf7ef18..b6fddf491 100644
--- a/backend/dataall/modules/datasets/db/dataset_table_repository.py
+++ b/backend/dataall/modules/datasets/db/dataset_table_repository.py
@@ -3,12 +3,10 @@
 from sqlalchemy.sql import and_
 
 from dataall.db import exceptions, paginate
-from dataall.db.api import Glossary, ResourcePolicy, Environment
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
 from dataall.modules.dataset_sharing.db.share_object_repository import ShareItemSM
-from dataall.modules.datasets_base.services.permissions import DATASET_TABLE_READ
-from dataall.utils import json_utils
 from dataall.modules.datasets_base.db.models import DatasetTableColumn, DatasetTable, Dataset
+from dataall.utils import json_utils
 
 logger = logging.getLogger(__name__)
 
@@ -53,6 +51,28 @@ def create_dataset_table(session, dataset: Dataset, data: dict = None) -> Datase
         session.commit()
         return table
 
+    @staticmethod
+    def create_synced_table(session, dataset: Dataset, table: dict):
+        updated_table = DatasetTable(
+            datasetUri=dataset.datasetUri,
+            label=table['Name'],
+            name=table['Name'],
+            region=dataset.region,
+            owner=dataset.owner,
+            GlueDatabaseName=dataset.GlueDatabaseName,
+            AWSAccountId=dataset.AwsAccountId,
+            S3BucketName=dataset.S3BucketName,
+            S3Prefix=table.get('StorageDescriptor', {}).get('Location'),
+            GlueTableName=table['Name'],
+            LastGlueTableStatus='InSync',
+            GlueTableProperties=json_utils.to_json(
+                table.get('Parameters', {})
+            ),
+        )
+        session.add(updated_table)
+        session.commit()
+        return table
+
     @staticmethod
     def paginate_dataset_tables(session, dataset_uri, term, page, page_size) -> dict:
         query = (
@@ -107,72 +127,6 @@ def get_dataset_table_by_uri(session, table_uri):
             raise exceptions.ObjectNotFound('DatasetTable', table_uri)
         return table
 
-    @staticmethod
-    def sync_existing_tables(session, datasetUri, glue_tables=None):
-
-        dataset: Dataset = session.query(Dataset).get(datasetUri)
-        if dataset:
-            existing_tables = (
-                session.query(DatasetTable)
-                .filter(DatasetTable.datasetUri == datasetUri)
-                .all()
-            )
-            existing_table_names = [e.GlueTableName for e in existing_tables]
-            existing_dataset_tables_map = {t.GlueTableName: t for t in existing_tables}
-
-            DatasetTableRepository.update_existing_tables_status(existing_tables, glue_tables)
-            logger.info(
-                f'existing_tables={glue_tables}'
-            )
-            for table in glue_tables:
-                if table['Name'] not in existing_table_names:
-                    logger.info(
-                        f'Storing new table: {table} for dataset db {dataset.GlueDatabaseName}'
-                    )
-                    updated_table = DatasetTable(
-                        datasetUri=dataset.datasetUri,
-                        label=table['Name'],
-                        name=table['Name'],
-                        region=dataset.region,
-                        owner=dataset.owner,
-                        GlueDatabaseName=dataset.GlueDatabaseName,
-                        AWSAccountId=dataset.AwsAccountId,
-                        S3BucketName=dataset.S3BucketName,
-                        S3Prefix=table.get('StorageDescriptor', {}).get('Location'),
-                        GlueTableName=table['Name'],
-                        LastGlueTableStatus='InSync',
-                        GlueTableProperties=json_utils.to_json(
-                            table.get('Parameters', {})
-                        ),
-                    )
-                    session.add(updated_table)
-                    session.commit()
-                    # ADD DATASET TABLE PERMISSIONS
-                    env = Environment.get_environment_by_uri(session, dataset.environmentUri)
-                    permission_group = set([dataset.SamlAdminGroupName, env.SamlGroupName, dataset.stewards if dataset.stewards is not None else dataset.SamlAdminGroupName])
-                    for group in permission_group:
-                        ResourcePolicy.attach_resource_policy(
-                            session=session,
-                            group=group,
-                            permissions=DATASET_TABLE_READ,
-                            resource_uri=updated_table.tableUri,
-                            resource_type=DatasetTable.__name__,
-                        )
-                else:
-                    logger.info(
-                        f'Updating table: {table} for dataset db {dataset.GlueDatabaseName}'
-                    )
-                    updated_table: DatasetTable = (
-                        existing_dataset_tables_map.get(table['Name'])
-                    )
-                    updated_table.GlueTableProperties = json_utils.to_json(
-                        table.get('Parameters', {})
-                    )
-
-                DatasetTableRepository.sync_table_columns(session, updated_table, table)
-
-        return True
-
     @staticmethod
     def update_existing_tables_status(existing_tables, glue_tables):
         for existing_table in existing_tables:
@@ -220,8 +174,7 @@ def sync_table_columns(session, dataset_table, glue_table):
     def delete_all_table_columns(session, dataset_table):
         session.query(DatasetTableColumn).filter(
             and_(
-                DatasetTableColumn.GlueDatabaseName
-                == dataset_table.GlueDatabaseName,
+                DatasetTableColumn.GlueDatabaseName == dataset_table.GlueDatabaseName,
                 DatasetTableColumn.GlueTableName == dataset_table.GlueTableName,
             )
         ).delete()
@@ -247,3 +200,11 @@ def get_table_by_s3_prefix(session, s3_prefix, accountid, region):
                 f'Found table {table.tableUri}|{table.GlueTableName}|{table.S3Prefix}'
             )
             return table
+
+    @staticmethod
+    def find_dataset_tables(session, dataset_uri):
+        return (
+            session.query(DatasetTable)
+            .filter(DatasetTable.datasetUri == dataset_uri)
+            .all()
+        )
diff --git a/backend/dataall/modules/datasets/handlers/glue_table_handler.py b/backend/dataall/modules/datasets/handlers/glue_table_handler.py
index daf9003c0..d822a435a 100644
--- a/backend/dataall/modules/datasets/handlers/glue_table_handler.py
+++ b/backend/dataall/modules/datasets/handlers/glue_table_handler.py
@@ -3,9 +3,9 @@
 from dataall.aws.handlers.glue import Glue
 from dataall.aws.handlers.service_handlers import Worker
 from dataall.db import models
+from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
 from dataall.modules.datasets_base.db.models import Dataset
 from dataall.modules.datasets.db.dataset_service import DatasetService
-from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
 
 log = logging.getLogger(__name__)
 
@@ -25,5 +25,5 @@ def sync_existing_tables(engine, task: models.Task):
             tables = Glue.list_glue_database_tables(
                 account_id, dataset.GlueDatabaseName, region
             )
-            DatasetTableRepository.sync_existing_tables(session, dataset.datasetUri, glue_tables=tables)
+            DatasetTableService.sync_existing_tables(session, dataset.datasetUri, glue_tables=tables)
             return tables
diff --git a/backend/dataall/modules/datasets/services/dataset_table_service.py b/backend/dataall/modules/datasets/services/dataset_table_service.py
index 70c9394d7..8c40b6255 100644
--- a/backend/dataall/modules/datasets/services/dataset_table_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_table_service.py
@@ -14,7 +14,7 @@
 from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
 from dataall.modules.datasets.services.dataset_permissions import UPDATE_DATASET_TABLE, MANAGE_DATASETS, \
     DELETE_DATASET_TABLE, CREATE_DATASET_TABLE
-from dataall.modules.datasets_base.db.models import DatasetTable
+from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 from dataall.modules.datasets_base.services.permissions import PREVIEW_DATASET_TABLE, DATASET_TABLE_READ
 from dataall.utils import json_utils
 
@@ -49,18 +49,7 @@ def create_table(uri: str, table_data: dict):
                     session, get_context().username, table.tableUri, 'DatasetTable', table_data['terms']
                 )
 
-            # ADD DATASET TABLE PERMISSIONS
-            environment = Environment.get_environment_by_uri(session, dataset.environmentUri)
-            permission_group = {dataset.SamlAdminGroupName, environment.SamlGroupName,
-                                dataset.stewards if dataset.stewards is not None else dataset.SamlAdminGroupName}
-            for group in permission_group:
-                ResourcePolicy.attach_resource_policy(
-                    session=session,
-                    group=group,
-                    permissions=DATASET_TABLE_READ,
-                    resource_uri=table.tableUri,
-                    resource_type=DatasetTable.__name__,
-                )
+            DatasetTableService._attach_dataset_table_permission(session, dataset, table.tableUri)
         DatasetTableIndexer.upsert(session, table_uri=table.tableUri)
         return table
 
@@ -181,3 +170,51 @@ def list_shared_tables_by_env_dataset(dataset_uri: str, env_uri: str):
                 )
             ]
 
+    @staticmethod
+    def sync_existing_tables(session, dataset_uri, glue_tables=None):
+        dataset: Dataset = DatasetService.get_dataset_by_uri(session, dataset_uri)
+        if dataset:
+            existing_tables = DatasetTableRepository.find_dataset_tables(session, dataset_uri)
+            existing_table_names = [e.GlueTableName for e in existing_tables]
+            existing_dataset_tables_map = {t.GlueTableName: t for t in existing_tables}
+
+            DatasetTableRepository.update_existing_tables_status(existing_tables, glue_tables)
+            log.info(
+                f'existing_tables={glue_tables}'
+            )
+            for table in glue_tables:
+                if table['Name'] not in existing_table_names:
+                    log.info(
+                        f'Storing new table: {table} for dataset db {dataset.GlueDatabaseName}'
+                    )
+                    updated_table = DatasetTableRepository.create_synced_table(session, dataset, table)
+                    DatasetTableService._attach_dataset_table_permission(session, dataset, updated_table.tableUri)
+                else:
+                    log.info(
+                        f'Updating table: {table} for dataset db {dataset.GlueDatabaseName}'
+                    )
+                    updated_table: DatasetTable = (
+                        existing_dataset_tables_map.get(table['Name'])
+                    )
+                    updated_table.GlueTableProperties = json_utils.to_json(
+                        table.get('Parameters', {})
+                    )
+
+                DatasetTableRepository.sync_table_columns(session, updated_table, table)
+
+        return True
+
+    @staticmethod
+    def _attach_dataset_table_permission(session, dataset: Dataset, table_uri):
+        # ADD DATASET TABLE PERMISSIONS
+        env = Environment.get_environment_by_uri(session, dataset.environmentUri)
+        permission_group = {dataset.SamlAdminGroupName, env.SamlGroupName,
+                            dataset.stewards if dataset.stewards is not None else dataset.SamlAdminGroupName}
+        for group in permission_group:
+            ResourcePolicy.attach_resource_policy(
+                session=session,
+                group=group,
+                permissions=DATASET_TABLE_READ,
+                resource_uri=table_uri,
+                resource_type=DatasetTable.__name__,
+            )
diff --git a/backend/dataall/modules/datasets/tasks/tables_syncer.py b/backend/dataall/modules/datasets/tasks/tables_syncer.py
index 98dfc3a00..3f6e223db 100644
--- a/backend/dataall/modules/datasets/tasks/tables_syncer.py
+++ b/backend/dataall/modules/datasets/tasks/tables_syncer.py
@@ -9,11 +9,11 @@
 from dataall.db import get_engine
 from dataall.db import models
 from dataall.modules.datasets.aws.lf_table_client import LakeFormationTableClient
+from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
 from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
 from dataall.modules.dataset_sharing.services.dataset_alarm_service import DatasetAlarmService
 from dataall.modules.datasets.db.dataset_service import DatasetService
-from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
 
 root = logging.getLogger()
 root.setLevel(logging.INFO)
@@ -64,7 +64,7 @@ def sync_tables(engine):
                         f'Found {len(tables)} tables on Glue database {dataset.GlueDatabaseName}'
                     )
 
-                    DatasetTableRepository.sync_existing_tables(
+                    DatasetTableService.sync_existing_tables(
                         session, dataset.datasetUri, glue_tables=tables
                     )
 
diff --git a/tests/api/test_dataset_table.py b/tests/api/test_dataset_table.py
index 042ad880b..3e3dc3ab3 100644
--- a/tests/api/test_dataset_table.py
+++ b/tests/api/test_dataset_table.py
@@ -3,7 +3,7 @@
 import pytest
 
 import dataall
-from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
+from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
 from dataall.modules.datasets_base.db.models import DatasetTableColumn, DatasetTable, Dataset
 
 
@@ -287,7 +287,7 @@ def test_sync_tables_and_columns(client, table, dataset1, db):
             },
         ]
 
-        assert DatasetTableRepository.sync_existing_tables(session, dataset1.datasetUri, glue_tables)
+        assert DatasetTableService.sync_existing_tables(session, dataset1.datasetUri, glue_tables)
         new_table: DatasetTable = (
             session.query(DatasetTable)
             .filter(DatasetTable.name == 'new_table')

From f186a30fc7e82bf34691dc17992f4ec011247c38 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 11 May 2023 12:31:27 +0200
Subject: [PATCH 161/346] Moved ConfidentialityClassification

---
 backend/dataall/api/constants.py                           | 6 ------
 backend/dataall/db/models/Enums.py                         | 6 ------
 backend/dataall/modules/datasets/api/dataset/__init__.py   | 3 ++-
 backend/dataall/modules/datasets/api/dataset/enums.py      | 7 +++++++
 backend/dataall/modules/datasets/db/dataset_service.py     | 3 ++-
 backend/dataall/modules/datasets/db/enums.py               | 7 +++++++
 .../modules/datasets/services/dataset_table_service.py     | 4 ++--
 7 files changed, 20 insertions(+), 16 deletions(-)
 create mode 100644 backend/dataall/modules/datasets/db/enums.py

diff --git a/backend/dataall/api/constants.py b/backend/dataall/api/constants.py
index f63fb16c6..0be2d4ae2 100644
--- a/backend/dataall/api/constants.py
+++ b/backend/dataall/api/constants.py
@@ -130,12 +130,6 @@ class PrincipalType(GraphQLEnumMapper):
     ConsumptionRole = 'ConsumptionRole'
 
 
-class ConfidentialityClassification(GraphQLEnumMapper):
-    Unclassified = 'Unclassified'
-    Official = 'Official'
-    Secret = 'Secret'
-
-
 class Language(GraphQLEnumMapper):
     English = 'English'
     French = 'French'
diff --git a/backend/dataall/db/models/Enums.py b/backend/dataall/db/models/Enums.py
index 7d90746f5..ebce865a2 100644
--- a/backend/dataall/db/models/Enums.py
+++ b/backend/dataall/db/models/Enums.py
@@ -93,12 +93,6 @@ class PrincipalType(Enum):
     ConsumptionRole = 'ConsumptionRole'
 
 
-class ConfidentialityClassification(Enum):
-    Unclassified = 'Unclassified'
-    Official = 'Official'
-    Secret = 'Secret'
-
-
 class Language(Enum):
     English = 'English'
     French = 'French'
diff --git a/backend/dataall/modules/datasets/api/dataset/__init__.py b/backend/dataall/modules/datasets/api/dataset/__init__.py
index d286e1a7d..807cc8a05 100644
--- a/backend/dataall/modules/datasets/api/dataset/__init__.py
+++ b/backend/dataall/modules/datasets/api/dataset/__init__.py
@@ -4,6 +4,7 @@
     queries,
     resolvers,
     schema,
+    enums
 )
 
-__all__ = ['resolvers', 'schema', 'input_types', 'queries', 'mutations']
+__all__ = ['resolvers', 'schema', 'input_types', 'queries', 'mutations', 'enums']
diff --git a/backend/dataall/modules/datasets/api/dataset/enums.py b/backend/dataall/modules/datasets/api/dataset/enums.py
index decf8df06..7169bb5c5 100644
--- a/backend/dataall/modules/datasets/api/dataset/enums.py
+++ b/backend/dataall/modules/datasets/api/dataset/enums.py
@@ -9,3 +9,10 @@ class DatasetRole(GraphQLEnumMapper):
     Admin = '900'
     Shared = '300'
     NoPermission = '000'
+
+
+class ConfidentialityClassification(GraphQLEnumMapper):
+    Unclassified = 'Unclassified'
+    Official = 'Official'
+    Secret = 'Secret'
+
diff --git a/backend/dataall/modules/datasets/db/dataset_service.py b/backend/dataall/modules/datasets/db/dataset_service.py
index e4988d853..b93bbe8f4 100644
--- a/backend/dataall/modules/datasets/db/dataset_service.py
+++ b/backend/dataall/modules/datasets/db/dataset_service.py
@@ -17,9 +17,10 @@
 )
 from dataall.db.api import Organization
 from dataall.db import models, exceptions, paginate, permissions
-from dataall.db.models.Enums import Language, ConfidentialityClassification
+from dataall.db.models.Enums import Language
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
 from dataall.modules.dataset_sharing.db.share_object_repository import ShareItemSM
+from dataall.modules.datasets.db.enums import ConfidentialityClassification
 from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.db.dataset_location_repository import DatasetLocationRepository
diff --git a/backend/dataall/modules/datasets/db/enums.py b/backend/dataall/modules/datasets/db/enums.py
new file mode 100644
index 000000000..5ef5e8170
--- /dev/null
+++ b/backend/dataall/modules/datasets/db/enums.py
@@ -0,0 +1,7 @@
+from enum import Enum
+
+
+class ConfidentialityClassification(Enum):
+    Unclassified = 'Unclassified'
+    Official = 'Official'
+    Secret = 'Secret'
diff --git a/backend/dataall/modules/datasets/services/dataset_table_service.py b/backend/dataall/modules/datasets/services/dataset_table_service.py
index 8c40b6255..f2e3fbd22 100644
--- a/backend/dataall/modules/datasets/services/dataset_table_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_table_service.py
@@ -12,6 +12,7 @@
 from dataall.modules.datasets.aws.athena_table_client import AthenaTableClient
 from dataall.modules.datasets.db.dataset_service import DatasetService
 from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
+from dataall.modules.datasets.db.enums import ConfidentialityClassification
 from dataall.modules.datasets.services.dataset_permissions import UPDATE_DATASET_TABLE, MANAGE_DATASETS, \
     DELETE_DATASET_TABLE, CREATE_DATASET_TABLE
 from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
@@ -115,8 +116,7 @@ def preview(table_uri: str):
             )
             dataset = DatasetService.get_dataset_by_uri(session, table.datasetUri)
             if (
-                    dataset.confidentiality
-                    != models.ConfidentialityClassification.Unclassified.value
+                    dataset.confidentiality != ConfidentialityClassification.Unclassified.value
             ):
                 ResourcePolicy.check_user_resource_permission(
                     session=session,

From d76005a9731d509645f15ed503a1fd88592762f8 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 11 May 2023 12:48:37 +0200
Subject: [PATCH 162/346] Extracted DatasetLocationService

---
 .../api/storage_location/resolvers.py         |  88 ++-------------
 .../db/dataset_location_repository.py         |  22 +---
 .../services/dataset_location_service.py      | 104 ++++++++++++++++++
 3 files changed, 113 insertions(+), 101 deletions(-)
 create mode 100644 backend/dataall/modules/datasets/services/dataset_location_service.py

diff --git a/backend/dataall/modules/datasets/api/storage_location/resolvers.py b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
index db68277a2..e73ade13a 100644
--- a/backend/dataall/modules/datasets/api/storage_location/resolvers.py
+++ b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
@@ -1,33 +1,13 @@
 from dataall.api.context import Context
-from dataall.aws.handlers.service_handlers import Worker
-from dataall.db import models
-from dataall.db.api import (
-    ResourcePolicy,
-    Glossary,
-    Environment,
-)
-from dataall.modules.datasets.aws.s3_location_client import S3LocationClient
-from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
+from dataall.db.api import Glossary
+from dataall.modules.datasets.services.dataset_location_service import DatasetLocationService
 from dataall.modules.datasets_base.db.models import DatasetStorageLocation, Dataset
-from dataall.modules.datasets.db.dataset_location_repository import DatasetLocationRepository
-from dataall.modules.datasets.db.dataset_service import DatasetService
-from dataall.modules.datasets.services.dataset_permissions import UPDATE_DATASET_FOLDER
 
 
 def create_storage_location(
     context, source, datasetUri: str = None, input: dict = None
 ):
-    with context.engine.scoped_session() as session:
-        location = DatasetLocationRepository.create_dataset_location(
-            session=session,
-            uri=datasetUri,
-            data=input,
-        )
-
-        S3LocationClient(location).create_bucket_prefix()
-
-        DatasetLocationIndexer.upsert(session=session, folder_uri=location.locationUri)
-    return location
+    return DatasetLocationService.create_storage_location(uri=datasetUri, data=input)
 
 
 def list_dataset_locations(context, source, filter: dict = None):
@@ -35,49 +15,21 @@ def list_dataset_locations(context, source, filter: dict = None):
         return None
     if not filter:
         filter = {}
-    with context.engine.scoped_session() as session:
-        return DatasetLocationRepository.list_dataset_locations(
-            session=session, uri=source.datasetUri, data=filter
-        )
+    return DatasetLocationService.list_dataset_locations(uri=source.datasetUri, filter=filter)
 
 
 def get_storage_location(context, source, locationUri=None):
-    with context.engine.scoped_session() as session:
-        location = DatasetLocationRepository.get_location_by_uri(session, locationUri)
-        return DatasetLocationRepository.get_dataset_location(
-            session=session,
-            uri=location.datasetUri,
-            data={'locationUri': location.locationUri},
-        )
+    return DatasetLocationService.get_storage_location(uri=locationUri)
 
 
 def update_storage_location(
     context, source, locationUri: str = None, input: dict = None
 ):
-    with context.engine.scoped_session() as session:
-        location = DatasetLocationRepository.get_location_by_uri(session, locationUri)
-        input['location'] = location
-        input['locationUri'] = location.locationUri
-        DatasetLocationRepository.update_dataset_location(
-            session=session,
-            uri=location.datasetUri,
-            data=input,
-        )
-        DatasetLocationIndexer.upsert(session, folder_uri=location.locationUri)
-
-        return location
+    return DatasetLocationService.update_storage_location(uri=locationUri, data=input)
 
 
 def remove_storage_location(context, source, locationUri: str = None):
-    with context.engine.scoped_session() as session:
-        location = DatasetLocationRepository.get_location_by_uri(session, locationUri)
-        DatasetLocationRepository.delete_dataset_location(
-            session=session,
-            uri=location.datasetUri,
-            data={'locationUri': location.locationUri},
-        )
-        DatasetLocationIndexer.delete_doc(doc_id=location.locationUri)
-    return True
+    return DatasetLocationService.remove_storage_location(uri=locationUri)
 
 
 def resolve_dataset(context, source: DatasetStorageLocation, **kwargs):
@@ -89,31 +41,7 @@ def resolve_dataset(context, source: DatasetStorageLocation, **kwargs):
 
 
 def publish_location_update(context: Context, source, locationUri: str = None):
-    with context.engine.scoped_session() as session:
-        location = DatasetLocationRepository.get_location_by_uri(session, locationUri)
-        ResourcePolicy.check_user_resource_permission(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            resource_uri=location.datasetUri,
-            permission_name=UPDATE_DATASET_FOLDER,
-        )
-        dataset = DatasetService.get_dataset_by_uri(session, location.datasetUri)
-        env = Environment.get_environment_by_uri(session, dataset.environmentUri)
-        if not env.subscriptionsEnabled or not env.subscriptionsProducersTopicName:
-            raise Exception(
-                'Subscriptions are disabled. '
-                "First enable subscriptions for this dataset's environment then retry."
-            )
-        task = models.Task(
-            targetUri=location.datasetUri,
-            action='sns.dataset.publish_update',
-            payload={'s3Prefix': location.S3Prefix},
-        )
-        session.add(task)
-
-    Worker.process(engine=context.engine, task_ids=[task.taskUri], save_response=False)
-    return True
+    return DatasetLocationService.publish_location_update(uri=locationUri)
 
 
 def resolve_glossary_terms(
diff --git a/backend/dataall/modules/datasets/db/dataset_location_repository.py b/backend/dataall/modules/datasets/db/dataset_location_repository.py
index ffb0617b4..73517dc78 100644
--- a/backend/dataall/modules/datasets/db/dataset_location_repository.py
+++ b/backend/dataall/modules/datasets/db/dataset_location_repository.py
@@ -3,23 +3,19 @@
 from sqlalchemy import and_, or_
 
 from dataall.core.context import get_context
-from dataall.core.permission_checker import has_tenant_permission, has_resource_permission
 from dataall.db.api import Glossary
 from dataall.db import paginate, exceptions
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem
 from dataall.modules.dataset_sharing.db.share_object_repository import ShareItemSM
 from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base.db.models import DatasetStorageLocation
-from dataall.modules.datasets.services.dataset_permissions import MANAGE_DATASETS, LIST_DATASET_FOLDERS, \
-    DELETE_DATASET_FOLDER, UPDATE_DATASET_FOLDER, CREATE_DATASET_FOLDER
+from dataall.modules.datasets.services.dataset_permissions import DELETE_DATASET_FOLDER
 
 logger = logging.getLogger(__name__)
 
 
 class DatasetLocationRepository:
     @staticmethod
-    @has_tenant_permission(MANAGE_DATASETS)
-    @has_resource_permission(CREATE_DATASET_FOLDER)
     def create_dataset_location(
         session,
         uri: str,
@@ -69,8 +65,6 @@ def create_dataset_location(
         return location
 
     @staticmethod
-    @has_tenant_permission(MANAGE_DATASETS)
-    @has_resource_permission(LIST_DATASET_FOLDERS)
     def list_dataset_locations(
         session,
         uri: str,
@@ -91,18 +85,6 @@ def list_dataset_locations(
         ).to_dict()
 
     @staticmethod
-    @has_tenant_permission(MANAGE_DATASETS)
-    @has_resource_permission(LIST_DATASET_FOLDERS)
-    def get_dataset_location(
-        session,
-        uri: str,
-        data: dict = None,
-    ) -> DatasetStorageLocation:
-        return DatasetLocationRepository.get_location_by_uri(session, data['locationUri'])
-
-    @staticmethod
-    @has_tenant_permission(MANAGE_DATASETS)
-    @has_resource_permission(UPDATE_DATASET_FOLDER)
     def update_dataset_location(
         session,
         uri: str,
@@ -128,8 +110,6 @@ def update_dataset_location(
         return location
 
     @staticmethod
-    @has_tenant_permission(MANAGE_DATASETS)
-    @has_resource_permission(DELETE_DATASET_FOLDER)
     def delete_dataset_location(
         session,
         uri: str,
diff --git a/backend/dataall/modules/datasets/services/dataset_location_service.py b/backend/dataall/modules/datasets/services/dataset_location_service.py
new file mode 100644
index 000000000..2ce5e170e
--- /dev/null
+++ b/backend/dataall/modules/datasets/services/dataset_location_service.py
@@ -0,0 +1,104 @@
+from dataall.aws.handlers.service_handlers import Worker
+from dataall.core.context import get_context
+from dataall.core.permission_checker import has_resource_permission, has_tenant_permission
+from dataall.db.api import Environment
+from dataall.db.models import Task
+from dataall.modules.datasets import DatasetLocationIndexer
+from dataall.modules.datasets.aws.s3_location_client import S3LocationClient
+from dataall.modules.datasets.db.dataset_location_repository import DatasetLocationRepository
+from dataall.modules.datasets.db.dataset_service import DatasetService
+from dataall.modules.datasets.services.dataset_permissions import UPDATE_DATASET_FOLDER, MANAGE_DATASETS, \
+    CREATE_DATASET_FOLDER, LIST_DATASET_FOLDERS, DELETE_DATASET_FOLDER
+
+
+class DatasetLocationService:
+    @staticmethod
+    def _get_dataset_uri(session, uri):
+        location = DatasetLocationRepository.get_location_by_uri(session, uri)
+        return location.datasetUri
+
+    @staticmethod
+    @has_tenant_permission(MANAGE_DATASETS)
+    @has_resource_permission(CREATE_DATASET_FOLDER)
+    def create_storage_location(uri: str, data: dict):
+        with get_context().db_engine.scoped_session() as session:
+            location = DatasetLocationRepository.create_dataset_location(
+                session=session,
+                uri=uri,
+                data=data,
+            )
+
+            S3LocationClient(location).create_bucket_prefix()
+
+        DatasetLocationIndexer.upsert(session=session, folder_uri=location.locationUri)
+        return location
+
+    @staticmethod
+    @has_tenant_permission(MANAGE_DATASETS)
+    @has_resource_permission(LIST_DATASET_FOLDERS)
+    def list_dataset_locations(uri: str, filter: dict = None):
+        with get_context().db_engine.scoped_session() as session:
+            return DatasetLocationRepository.list_dataset_locations(
+                session=session, uri=uri, data=filter
+            )
+
+    @staticmethod
+    @has_tenant_permission(MANAGE_DATASETS)
+    @has_resource_permission(LIST_DATASET_FOLDERS, parent_resource=_get_dataset_uri)
+    def get_storage_location(uri):
+        with get_context().db_engine.scoped_session() as session:
+            return DatasetLocationRepository.get_location_by_uri(session, uri)
+
+    @staticmethod
+    @has_tenant_permission(MANAGE_DATASETS)
+    @has_resource_permission(UPDATE_DATASET_FOLDER, parent_resource=_get_dataset_uri)
+    def update_storage_location(uri: str, data: dict):
+        with get_context().db_engine.scoped_session() as session:
+            location = DatasetLocationRepository.get_location_by_uri(session, uri)
+            data['location'] = location
+            data['locationUri'] = location.locationUri
+            DatasetLocationRepository.update_dataset_location(
+                session=session,
+                uri=location.datasetUri,
+                data=data,
+            )
+            DatasetLocationIndexer.upsert(session, folder_uri=location.locationUri)
+
+            return location
+
+    @staticmethod
+    @has_tenant_permission(MANAGE_DATASETS)
+    @has_resource_permission(DELETE_DATASET_FOLDER, parent_resource=_get_dataset_uri)
+    def remove_storage_location(uri: str = None):
+        with get_context().db_engine.scoped_session() as session:
+            location = DatasetLocationRepository.get_location_by_uri(session, uri)
+            DatasetLocationRepository.delete_dataset_location(
+                session=session,
+                uri=location.datasetUri,
+                data={'locationUri': location.locationUri},
+            )
+            DatasetLocationIndexer.delete_doc(doc_id=location.locationUri)
+        return True
+
+    @staticmethod
+    @has_resource_permission(UPDATE_DATASET_FOLDER, parent_resource=_get_dataset_uri)
+    def publish_location_update(uri: str):
+        context = get_context()
+        with context.db_engine.scoped_session() as session:
+            location = DatasetLocationRepository.get_location_by_uri(session, uri)
+            dataset = DatasetService.get_dataset_by_uri(session, location.datasetUri)
+            env = Environment.get_environment_by_uri(session, dataset.environmentUri)
+            if not env.subscriptionsEnabled or not env.subscriptionsProducersTopicName:
+                raise Exception(
+                    'Subscriptions are disabled. '
+                    "First enable subscriptions for this dataset's environment then retry."
+                )
+            task = Task(
+                targetUri=location.datasetUri,
+                action='sns.dataset.publish_update',
+                payload={'s3Prefix': location.S3Prefix},
+            )
+            session.add(task)
+
+        Worker.process(engine=context.db_engine, task_ids=[task.taskUri], save_response=False)
+        return True

From e01e4e984aae0ea8662837333d372a836830da18 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 11 May 2023 13:08:20 +0200
Subject: [PATCH 163/346] Extracted DatasetLocationService

---
 .../modules/datasets/api/dataset/resolvers.py |   2 -
 .../db/dataset_location_repository.py         | 108 +++---------------
 .../datasets/db/dataset_table_repository.py   |   3 +-
 .../services/dataset_location_service.py      |  63 +++++++---
 .../services/dataset_table_service.py         |   2 +-
 5 files changed, 63 insertions(+), 115 deletions(-)

diff --git a/backend/dataall/modules/datasets/api/dataset/resolvers.py b/backend/dataall/modules/datasets/api/dataset/resolvers.py
index 6f1c6fc15..dd90eb360 100644
--- a/backend/dataall/modules/datasets/api/dataset/resolvers.py
+++ b/backend/dataall/modules/datasets/api/dataset/resolvers.py
@@ -177,8 +177,6 @@ def list_locations(context, source: Dataset, filter: dict = None):
     with context.engine.scoped_session() as session:
         return DatasetLocationRepository.paginated_dataset_locations(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=source.datasetUri,
             data=filter,
         )
diff --git a/backend/dataall/modules/datasets/db/dataset_location_repository.py b/backend/dataall/modules/datasets/db/dataset_location_repository.py
index 73517dc78..a58527c75 100644
--- a/backend/dataall/modules/datasets/db/dataset_location_repository.py
+++ b/backend/dataall/modules/datasets/db/dataset_location_repository.py
@@ -8,37 +8,33 @@
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem
 from dataall.modules.dataset_sharing.db.share_object_repository import ShareItemSM
 from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
-from dataall.modules.datasets_base.db.models import DatasetStorageLocation
+from dataall.modules.datasets_base.db.models import DatasetStorageLocation, Dataset
 from dataall.modules.datasets.services.dataset_permissions import DELETE_DATASET_FOLDER
 
 logger = logging.getLogger(__name__)
 
 
 class DatasetLocationRepository:
+
     @staticmethod
-    def create_dataset_location(
-        session,
-        uri: str,
-        data: dict = None
-    ) -> DatasetStorageLocation:
-        dataset = DatasetRepository.get_dataset_by_uri(session, uri)
-        exists = (
+    def exists(session, dataset_uri: str, prefix: str):
+        return (
             session.query(DatasetStorageLocation)
             .filter(
                 and_(
-                    DatasetStorageLocation.datasetUri == dataset.datasetUri,
-                    DatasetStorageLocation.S3Prefix == data['prefix'],
+                    DatasetStorageLocation.datasetUri == dataset_uri,
+                    DatasetStorageLocation.S3Prefix == prefix,
                 )
             )
             .count()
         )
 
-        if exists:
-            raise exceptions.ResourceAlreadyExists(
-                action='Create Folder',
-                message=f'Folder: {data["prefix"]} already exist on dataset {uri}',
-            )
-
+    @staticmethod
+    def create_dataset_location(
+        session,
+        dataset: Dataset,
+        data: dict = None
+    ) -> DatasetStorageLocation:
         location = DatasetStorageLocation(
             datasetUri=dataset.datasetUri,
             label=data.get('label'),
@@ -52,16 +48,6 @@ def create_dataset_location(
         )
         session.add(location)
         session.commit()
-
-        if 'terms' in data.keys():
-            Glossary.set_glossary_terms_links(
-                session,
-                get_context().username,
-                location.locationUri,
-                'DatasetStorageLocation',
-                data.get('terms', []),
-            )
-
         return location
 
     @staticmethod
@@ -85,66 +71,8 @@ def list_dataset_locations(
         ).to_dict()
 
     @staticmethod
-    def update_dataset_location(
-        session,
-        uri: str,
-        data: dict = None,
-    ) -> DatasetStorageLocation:
-
-        location = data.get(
-            'location',
-            DatasetLocationRepository.get_location_by_uri(session, data['locationUri']),
-        )
-
-        for k in data.keys():
-            setattr(location, k, data.get(k))
-
-        if 'terms' in data.keys():
-            Glossary.set_glossary_terms_links(
-                session,
-                get_context().username,
-                location.locationUri,
-                'DatasetStorageLocation',
-                data.get('terms', []),
-            )
-        return location
-
-    @staticmethod
-    def delete_dataset_location(
-        session,
-        uri: str,
-        data: dict = None,
-    ):
-        location = DatasetLocationRepository.get_location_by_uri(
-            session, data['locationUri']
-        )
-        share_item_shared_states = ShareItemSM.get_share_item_shared_states()
-        share_item = (
-            session.query(ShareObjectItem)
-            .filter(
-                and_(
-                    ShareObjectItem.itemUri == location.locationUri,
-                    ShareObjectItem.status.in_(share_item_shared_states)
-                )
-            )
-            .first()
-        )
-        if share_item:
-            raise exceptions.ResourceShared(
-                action=DELETE_DATASET_FOLDER,
-                message='Revoke all folder shares before deletion',
-            )
-        session.query(ShareObjectItem).filter(
-            ShareObjectItem.itemUri == location.locationUri,
-        ).delete()
-
+    def delete(session, location):
         session.delete(location)
-        Glossary.delete_glossary_terms_links(
-            session,
-            target_uri=location.locationUri,
-            target_type='DatasetStorageLocation',
-        )
-        return True
 
     @staticmethod
     def get_location_by_uri(session, location_uri) -> DatasetStorageLocation:
@@ -186,11 +114,7 @@ def count_dataset_locations(session, dataset_uri):
     def delete_dataset_locations(session, dataset_uri) -> bool:
         locations = (
             session.query(DatasetStorageLocation)
-            .filter(
-                and_(
-                    DatasetStorageLocation.datasetUri == dataset_uri,
-                )
-            )
+            .filter(DatasetStorageLocation.datasetUri == dataset_uri )
             .all()
         )
         for location in locations:
@@ -207,9 +131,7 @@ def get_dataset_folders(session, dataset_uri):
         )
 
     @staticmethod
-    def paginated_dataset_locations(
-            session, username, groups, uri, data=None, check_perm=None
-    ) -> dict:
+    def paginated_dataset_locations(session, uri, data=None) -> dict:
         query = session.query(DatasetStorageLocation).filter(
             DatasetStorageLocation.datasetUri == uri
         )
diff --git a/backend/dataall/modules/datasets/db/dataset_table_repository.py b/backend/dataall/modules/datasets/db/dataset_table_repository.py
index b6fddf491..73d7fd2ad 100644
--- a/backend/dataall/modules/datasets/db/dataset_table_repository.py
+++ b/backend/dataall/modules/datasets/db/dataset_table_repository.py
@@ -85,9 +85,8 @@ def paginate_dataset_tables(session, dataset_uri, term, page, page_size) -> dict
         return paginate(query, page=page, page_size=page_size).to_dict()
 
     @staticmethod
-    def delete_dataset_table(session, table: DatasetTable):
+    def delete(session, table: DatasetTable):
         session.delete(table)
-        return True
 
     @staticmethod
     def query_dataset_tables_shared_with_env(
diff --git a/backend/dataall/modules/datasets/services/dataset_location_service.py b/backend/dataall/modules/datasets/services/dataset_location_service.py
index 2ce5e170e..bf277987c 100644
--- a/backend/dataall/modules/datasets/services/dataset_location_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_location_service.py
@@ -1,14 +1,17 @@
 from dataall.aws.handlers.service_handlers import Worker
 from dataall.core.context import get_context
 from dataall.core.permission_checker import has_resource_permission, has_tenant_permission
-from dataall.db.api import Environment
+from dataall.db.api import Environment, Glossary
+from dataall.db.exceptions import ResourceShared, ResourceAlreadyExists
 from dataall.db.models import Task
+from dataall.modules.dataset_sharing.db.share_object_repository import ShareObjectRepository
 from dataall.modules.datasets import DatasetLocationIndexer
 from dataall.modules.datasets.aws.s3_location_client import S3LocationClient
 from dataall.modules.datasets.db.dataset_location_repository import DatasetLocationRepository
 from dataall.modules.datasets.db.dataset_service import DatasetService
 from dataall.modules.datasets.services.dataset_permissions import UPDATE_DATASET_FOLDER, MANAGE_DATASETS, \
     CREATE_DATASET_FOLDER, LIST_DATASET_FOLDERS, DELETE_DATASET_FOLDER
+from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 
 
 class DatasetLocationService:
@@ -22,11 +25,19 @@ def _get_dataset_uri(session, uri):
     @has_resource_permission(CREATE_DATASET_FOLDER)
     def create_storage_location(uri: str, data: dict):
         with get_context().db_engine.scoped_session() as session:
-            location = DatasetLocationRepository.create_dataset_location(
-                session=session,
-                uri=uri,
-                data=data,
-            )
+            exists = DatasetLocationRepository.exists(session, uri, data['prefix'])
+
+            if exists:
+                raise ResourceAlreadyExists(
+                    action='Create Folder',
+                    message=f'Folder: {data["prefix"]} already exist on dataset {uri}',
+                )
+
+            dataset = DatasetRepository.get_dataset_by_uri(session, uri)
+            location = DatasetLocationRepository.create_dataset_location(session, dataset, data)
+
+            if 'terms' in data.keys():
+                DatasetLocationService._create_glossary_links(session, location, data['terms'])
 
             S3LocationClient(location).create_bucket_prefix()
 
@@ -55,13 +66,12 @@ def get_storage_location(uri):
     def update_storage_location(uri: str, data: dict):
         with get_context().db_engine.scoped_session() as session:
             location = DatasetLocationRepository.get_location_by_uri(session, uri)
-            data['location'] = location
-            data['locationUri'] = location.locationUri
-            DatasetLocationRepository.update_dataset_location(
-                session=session,
-                uri=location.datasetUri,
-                data=data,
-            )
+            for k in data.keys():
+                setattr(location, k, data.get(k))
+
+            if 'terms' in data.keys():
+                DatasetLocationService._create_glossary_links(session, location, data['terms'])
+
             DatasetLocationIndexer.upsert(session, folder_uri=location.locationUri)
 
             return location
@@ -72,10 +82,19 @@ def update_storage_location(uri: str, data: dict):
     def remove_storage_location(uri: str = None):
         with get_context().db_engine.scoped_session() as session:
             location = DatasetLocationRepository.get_location_by_uri(session, uri)
-            DatasetLocationRepository.delete_dataset_location(
-                session=session,
-                uri=location.datasetUri,
-                data={'locationUri': location.locationUri},
+            has_shares = ShareObjectRepository.has_shared_items(session, location.locationUri)
+            if has_shares:
+                raise ResourceShared(
+                    action=DELETE_DATASET_FOLDER,
+                    message='Revoke all folder shares before deletion',
+                )
+
+            ShareObjectRepository.delete_shares(session, location.locationUri)
+            DatasetLocationRepository.delete(session, location)
+            Glossary.delete_glossary_terms_links(
+                session,
+                target_uri=location.locationUri,
+                target_type='DatasetStorageLocation',
             )
             DatasetLocationIndexer.delete_doc(doc_id=location.locationUri)
         return True
@@ -102,3 +121,13 @@ def publish_location_update(uri: str):
 
         Worker.process(engine=context.db_engine, task_ids=[task.taskUri], save_response=False)
         return True
+
+    @staticmethod
+    def _create_glossary_links(session, location, terms):
+        Glossary.set_glossary_terms_links(
+            session,
+            get_context().username,
+            location.locationUri,
+            'DatasetStorageLocation',
+            terms
+        )
diff --git a/backend/dataall/modules/datasets/services/dataset_table_service.py b/backend/dataall/modules/datasets/services/dataset_table_service.py
index f2e3fbd22..28c6755d3 100644
--- a/backend/dataall/modules/datasets/services/dataset_table_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_table_service.py
@@ -99,7 +99,7 @@ def delete_table(uri: str):
                 )
 
             ShareObjectRepository.delete_shares(session, table.tableUri)
-            DatasetTableRepository.delete_dataset_table(session, table)
+            DatasetTableRepository.delete(session, table)
 
             Glossary.delete_glossary_terms_links(
                 session, target_uri=table.tableUri, target_type='DatasetTable'

From db1df34ea8a6881502db49b7be60ba1f16df969f Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 11 May 2023 13:36:37 +0200
Subject: [PATCH 164/346] Extracted DatasetProfilingService

---
 .../datasets/api/profiling/resolvers.py       | 109 ++----------------
 .../datasets/aws/s3_profiler_client.py        |  30 +++++
 .../db/dataset_profiling_repository.py        |   2 +-
 .../services/dataset_profiling_service.py     | 102 ++++++++++++++++
 4 files changed, 145 insertions(+), 98 deletions(-)
 create mode 100644 backend/dataall/modules/datasets/aws/s3_profiler_client.py
 create mode 100644 backend/dataall/modules/datasets/services/dataset_profiling_service.py

diff --git a/backend/dataall/modules/datasets/api/profiling/resolvers.py b/backend/dataall/modules/datasets/api/profiling/resolvers.py
index c29f6100b..911293f62 100644
--- a/backend/dataall/modules/datasets/api/profiling/resolvers.py
+++ b/backend/dataall/modules/datasets/api/profiling/resolvers.py
@@ -9,6 +9,7 @@
 from dataall.modules.datasets.db.dataset_service import DatasetService
 from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
 from dataall.modules.datasets.db.dataset_profiling_repository import DatasetProfilingRepository
+from dataall.modules.datasets.services.dataset_profiling_service import DatasetProfilingService
 from dataall.modules.datasets_base.db.models import DatasetProfilingRun
 from dataall.modules.datasets.services.dataset_permissions import PROFILE_DATASET_TABLE
 
@@ -25,43 +26,17 @@ def resolve_dataset(context, source: DatasetProfilingRun):
 
 
 def start_profiling_run(context: Context, source, input: dict = None):
-    with context.engine.scoped_session() as session:
-
-        ResourcePolicy.check_user_resource_permission(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            resource_uri=input['datasetUri'],
-            permission_name=PROFILE_DATASET_TABLE,
-        )
-        dataset = DatasetService.get_dataset_by_uri(session, input['datasetUri'])
-
-        run = DatasetProfilingRepository.start_profiling(
-            session=session,
-            datasetUri=dataset.datasetUri,
-            tableUri=input.get('tableUri'),
-            GlueTableName=input.get('GlueTableName'),
-        )
-
-        task = models.Task(
-            targetUri=run.profilingRunUri, action='glue.job.start_profiling_run'
-        )
-        session.add(task)
-
-    Worker.process(engine=context.engine, task_ids=[task.taskUri])
-
-    return run
+    return DatasetProfilingService.start_profiling_run(
+        uri=input['datasetUri'],
+        table_uri=input['table_uri'],
+        glue_table_name=input['GlueTableName']
+    )
 
 
 def get_profiling_run_status(context: Context, source: DatasetProfilingRun):
     if not source:
         return None
-    with context.engine.scoped_session() as session:
-        task = models.Task(
-            targetUri=source.profilingRunUri, action='glue.job.profiling_run_status'
-        )
-        session.add(task)
-    Worker.queue(engine=context.engine, task_ids=[task.taskUri])
+    DatasetProfilingService.queue_profiling_run(source.profilingRunUri)
     return source.status
 
 
@@ -73,80 +48,20 @@ def get_profiling_results(context: Context, source: DatasetProfilingRun):
 
 
 def update_profiling_run_results(context: Context, source, profilingRunUri, results):
-    with context.engine.scoped_session() as session:
-        run = DatasetProfilingRepository.update_run(
-            session=session, profilingRunUri=profilingRunUri, results=results
-        )
-        return run
+    return DatasetProfilingService.update_profiling_run_results(profilingRunUri, results)
 
 
 def list_profiling_runs(context: Context, source, datasetUri=None):
-    with context.engine.scoped_session() as session:
-        return DatasetProfilingRepository.list_profiling_runs(session, datasetUri)
+    return DatasetProfilingService.list_profiling_runs(datasetUri)
 
 
 def get_profiling_run(context: Context, source, profilingRunUri=None):
-    with context.engine.scoped_session() as session:
-        return DatasetProfilingRepository.get_profiling_run(
-            session=session, profilingRunUri=profilingRunUri
-        )
+    return DatasetProfilingService.get_profiling_run(profilingRunUri)
 
 
 def get_last_table_profiling_run(context: Context, source, tableUri=None):
-    with context.engine.scoped_session() as session:
-        run: DatasetProfilingRun = (
-            DatasetProfilingRepository.get_table_last_profiling_run(
-                session=session, tableUri=tableUri
-            )
-        )
-
-        if run:
-            if not run.results:
-                table = DatasetTableRepository.get_dataset_table_by_uri(session, tableUri)
-                dataset = DatasetService.get_dataset_by_uri(session, table.datasetUri)
-                environment = api.Environment.get_environment_by_uri(
-                    session, dataset.environmentUri
-                )
-                content = get_profiling_results_from_s3(
-                    environment, dataset, table, run
-                )
-                if content:
-                    results = json.loads(content)
-                    run.results = results
-
-            if not run.results:
-                run_with_results = (
-                    DatasetProfilingRepository.get_table_last_profiling_run_with_results(
-                        session=session, tableUri=tableUri
-                    )
-                )
-                if run_with_results:
-                    run = run_with_results
-
-        return run
-
-
-def get_profiling_results_from_s3(environment, dataset, table, run):
-    s3 = SessionHelper.remote_session(environment.AwsAccountId).client(
-        's3', region_name=environment.region
-    )
-    try:
-        key = f'profiling/results/{dataset.datasetUri}/{table.GlueTableName}/{run.GlueJobRunId}/results.json'
-        s3.head_object(Bucket=environment.EnvironmentDefaultBucketName, Key=key)
-        response = s3.get_object(
-            Bucket=environment.EnvironmentDefaultBucketName, Key=key
-        )
-        content = str(response['Body'].read().decode('utf-8'))
-        return content
-    except Exception as e:
-        log.error(
-            f'Failed to retrieve S3 results for table profiling job '
-            f'{table.GlueTableName}//{run.GlueJobRunId} due to {e}'
-        )
+    return DatasetProfilingService.get_last_table_profiling_run(tableUri)
 
 
 def list_table_profiling_runs(context: Context, source, tableUri=None):
-    with context.engine.scoped_session() as session:
-        return DatasetProfilingRepository.list_table_profiling_runs(
-            session=session, tableUri=tableUri, filter={}
-        )
+    return DatasetProfilingService.list_profiling_runs(tableUri)
diff --git a/backend/dataall/modules/datasets/aws/s3_profiler_client.py b/backend/dataall/modules/datasets/aws/s3_profiler_client.py
new file mode 100644
index 000000000..cb1928b18
--- /dev/null
+++ b/backend/dataall/modules/datasets/aws/s3_profiler_client.py
@@ -0,0 +1,30 @@
+import logging
+
+from dataall.aws.handlers.sts import SessionHelper
+from dataall.db.models import Environment
+
+log = logging.getLogger(__name__)
+
+
+class S3ProfilerClient:
+    def __init__(self, env: Environment):
+        self._client = SessionHelper.remote_session(env.AwsAccountId).client(
+            's3', region_name=env.region
+        )
+        self._env = env
+
+    def get_profiling_results_from_s3(self, dataset, table, run):
+        s3 = self._client
+        try:
+            key = f'profiling/results/{dataset.datasetUri}/{table.GlueTableName}/{run.GlueJobRunId}/results.json'
+            s3.head_object(Bucket=self._env.EnvironmentDefaultBucketName, Key=key)
+            response = s3.get_object(
+                Bucket=self._env.EnvironmentDefaultBucketName, Key=key
+            )
+            content = str(response['Body'].read().decode('utf-8'))
+            return content
+        except Exception as e:
+            log.error(
+                f'Failed to retrieve S3 results for table profiling job '
+                f'{table.GlueTableName}//{run.GlueJobRunId} due to {e}'
+            )
diff --git a/backend/dataall/modules/datasets/db/dataset_profiling_repository.py b/backend/dataall/modules/datasets/db/dataset_profiling_repository.py
index a34ad0a5a..a709e08c8 100644
--- a/backend/dataall/modules/datasets/db/dataset_profiling_repository.py
+++ b/backend/dataall/modules/datasets/db/dataset_profiling_repository.py
@@ -139,7 +139,7 @@ def get_table_last_profiling_run(session, tableUri):
         )
 
     @staticmethod
-    def get_table_last_profiling_run_with_results(session, tableUri):
+    def get_table_last_profiling_run_with_results(session, table_uri):
         return (
             session.query(DatasetProfilingRun)
             .join(
diff --git a/backend/dataall/modules/datasets/services/dataset_profiling_service.py b/backend/dataall/modules/datasets/services/dataset_profiling_service.py
new file mode 100644
index 000000000..7160c7dc5
--- /dev/null
+++ b/backend/dataall/modules/datasets/services/dataset_profiling_service.py
@@ -0,0 +1,102 @@
+import json
+
+from dataall.aws.handlers.service_handlers import Worker
+from dataall.core.context import get_context
+from dataall.core.permission_checker import has_resource_permission
+from dataall.db.api import Environment, ResourcePolicy
+from dataall.db.models import Task
+from dataall.modules.datasets.aws.s3_profiler_client import S3ProfilerClient
+from dataall.modules.datasets.db.dataset_profiling_repository import DatasetProfilingRepository
+from dataall.modules.datasets.db.dataset_service import DatasetService
+from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
+from dataall.modules.datasets.services.dataset_permissions import PROFILE_DATASET_TABLE
+from dataall.modules.datasets_base.db.models import DatasetProfilingRun
+
+
+class DatasetProfilingService:
+    @staticmethod
+    @has_resource_permission(PROFILE_DATASET_TABLE)
+    def start_profiling_run(uri, table_uri, glue_table_name):
+        context = get_context()
+        with context.db_engine.scoped_session() as session:
+            dataset = DatasetService.get_dataset_by_uri(session, uri)
+            run = DatasetProfilingRepository.start_profiling(
+                session=session,
+                datasetUri=dataset.datasetUri,
+                tableUri=table_uri,
+                GlueTableName=glue_table_name,
+            )
+
+            task = Task(
+                targetUri=run.profilingRunUri, action='glue.job.start_profiling_run'
+            )
+            session.add(task)
+
+        Worker.process(engine=context.db_engine, task_ids=[task.taskUri])
+
+        return run
+
+    @staticmethod
+    def queue_profiling_run(run_uri):
+        context = get_context()
+        with context.db_engine.scoped_session() as session:
+            task = Task(
+                targetUri=run_uri, action='glue.job.profiling_run_status'
+            )
+            session.add(task)
+        Worker.queue(engine=context.db_engine, task_ids=[task.taskUri])
+
+    @staticmethod
+    def update_profiling_run_results(run_uri, results):
+        with get_context().db_engine.scoped_session() as session:
+            run = DatasetProfilingRepository.update_run(
+                session=session, profilingRunUri=run_uri, results=results
+            )
+            return run
+
+    @staticmethod
+    def list_profiling_runs(dataset_uri):
+        with get_context().db_engine.scoped_session() as session:
+            return DatasetProfilingRepository.list_profiling_runs(session, dataset_uri)
+
+    @staticmethod
+    def get_profiling_run(run_uri):
+        with get_context().db_engine.scoped_session() as session:
+            return DatasetProfilingRepository.get_profiling_run(
+                session=session, profilingRunUri=run_uri
+            )
+
+    @staticmethod
+    def get_last_table_profiling_run(table_uri: str):
+        with get_context().db_engine.scoped_session() as session:
+            run: DatasetProfilingRun = (
+                DatasetProfilingRepository.get_table_last_profiling_run(
+                    session=session, tableUri=table_uri
+                )
+            )
+
+            if run:
+                if not run.results:
+                    table = DatasetTableRepository.get_dataset_table_by_uri(session, table_uri)
+                    dataset = DatasetService.get_dataset_by_uri(session, table.datasetUri)
+                    environment = Environment.get_environment_by_uri(session, dataset.environmentUri)
+                    content = S3ProfilerClient(environment).get_profiling_results_from_s3(dataset, table, run)
+                    if content:
+                        results = json.loads(content)
+                        run.results = results
+
+                if not run.results:
+                    run_with_results = (
+                        DatasetProfilingRepository.get_table_last_profiling_run_with_results(session, table_uri)
+                    )
+                    if run_with_results:
+                        run = run_with_results
+
+            return run
+
+    @staticmethod
+    def list_table_profiling_runs(table_uri: str):
+        with get_context().db_engine.scoped_session() as session:
+            return DatasetProfilingRepository.list_table_profiling_runs(
+                session=session, tableUri=table_uri, filter={}
+            )

From c831f18422c99e588bbcaa29c36d43154a5e1b14 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 11 May 2023 13:56:04 +0200
Subject: [PATCH 165/346] Extracted DatasetProfilingService

---
 .../datasets/api/profiling/resolvers.py       |  2 +-
 .../db/dataset_profiling_repository.py        | 70 +++++++------------
 .../handlers/glue_profiling_handler.py        |  4 +-
 .../services/dataset_profiling_service.py     | 40 +++++++----
 4 files changed, 56 insertions(+), 60 deletions(-)

diff --git a/backend/dataall/modules/datasets/api/profiling/resolvers.py b/backend/dataall/modules/datasets/api/profiling/resolvers.py
index 911293f62..d59d1628f 100644
--- a/backend/dataall/modules/datasets/api/profiling/resolvers.py
+++ b/backend/dataall/modules/datasets/api/profiling/resolvers.py
@@ -64,4 +64,4 @@ def get_last_table_profiling_run(context: Context, source, tableUri=None):
 
 
 def list_table_profiling_runs(context: Context, source, tableUri=None):
-    return DatasetProfilingService.list_profiling_runs(tableUri)
+    return DatasetProfilingService.list_table_profiling_runs(tableUri)
diff --git a/backend/dataall/modules/datasets/db/dataset_profiling_repository.py b/backend/dataall/modules/datasets/db/dataset_profiling_repository.py
index a709e08c8..eb8a2b3ca 100644
--- a/backend/dataall/modules/datasets/db/dataset_profiling_repository.py
+++ b/backend/dataall/modules/datasets/db/dataset_profiling_repository.py
@@ -10,36 +10,16 @@ def __init__(self):
         pass
 
     @staticmethod
-    def start_profiling(
-        session, datasetUri, tableUri=None, GlueTableName=None, GlueJobRunId=None
-    ):
-        dataset: Dataset = session.query(Dataset).get(datasetUri)
-        if not dataset:
-            raise ObjectNotFound('Dataset', datasetUri)
-
-        if tableUri and not GlueTableName:
-            table: DatasetTable = session.query(DatasetTable).get(
-                tableUri
-            )
-            if not table:
-                raise ObjectNotFound('DatasetTable', tableUri)
-            GlueTableName = table.GlueTableName
-
-        environment: models.Environment = session.query(models.Environment).get(
-            dataset.environmentUri
-        )
-        if not environment:
-            raise ObjectNotFound('Environment', dataset.environmentUri)
-
+    def save_profiling(session, dataset, env, glue_table_name):
         run = DatasetProfilingRun(
             datasetUri=dataset.datasetUri,
             status='RUNNING',
-            AwsAccountId=environment.AwsAccountId,
+            AwsAccountId=env.AwsAccountId,
             GlueJobName=dataset.GlueProfilingJobName or 'Unknown',
             GlueTriggerSchedule=dataset.GlueProfilingTriggerSchedule,
             GlueTriggerName=dataset.GlueProfilingTriggerName,
-            GlueTableName=GlueTableName,
-            GlueJobRunId=GlueJobRunId,
+            GlueTableName=glue_table_name,
+            GlueJobRunId=None,
             owner=dataset.owner,
             label=dataset.GlueProfilingJobName or 'Unknown',
         )
@@ -51,18 +31,18 @@ def start_profiling(
     @staticmethod
     def update_run(
         session,
-        profilingRunUri=None,
-        GlueJobRunId=None,
-        GlueJobRunState=None,
+        run_uri=None,
+        glue_job_run_id=None,
+        glue_job_state=None,
         results=None,
     ):
         run = DatasetProfilingRepository.get_profiling_run(
-            session, profilingRunUri=profilingRunUri, GlueJobRunId=GlueJobRunId
+            session, profilingRunUri=run_uri, GlueJobRunId=glue_job_run_id
         )
-        if GlueJobRunId:
-            run.GlueJobRunId = GlueJobRunId
-        if GlueJobRunState:
-            run.status = GlueJobRunState
+        if glue_job_run_id:
+            run.GlueJobRunId = glue_job_run_id
+        if glue_job_state:
+            run.status = glue_job_state
         if results:
             run.results = results
         session.commit()
@@ -86,12 +66,12 @@ def get_profiling_run(
         return run
 
     @staticmethod
-    def list_profiling_runs(session, datasetUri, filter: dict = None):
-        if not filter:
-            filter = {}
+    def list_profiling_runs(session, dataset_uri):
+        # TODO filter is always default
+        filter = {}
         q = (
             session.query(DatasetProfilingRun)
-            .filter(DatasetProfilingRun.datasetUri == datasetUri)
+            .filter(DatasetProfilingRun.datasetUri == dataset_uri)
             .order_by(DatasetProfilingRun.created.desc())
         )
         return paginate(
@@ -99,9 +79,9 @@ def list_profiling_runs(session, datasetUri, filter: dict = None):
         ).to_dict()
 
     @staticmethod
-    def list_table_profiling_runs(session, tableUri, filter):
-        if not filter:
-            filter = {}
+    def list_table_profiling_runs(session, table_uri):
+        # TODO filter is always default
+        filter = {}
         q = (
             session.query(DatasetProfilingRun)
             .join(
@@ -110,26 +90,26 @@ def list_table_profiling_runs(session, tableUri, filter):
             )
             .filter(
                 and_(
-                    DatasetTable.tableUri == tableUri,
-                    DatasetTable.GlueTableName
-                    == DatasetProfilingRun.GlueTableName,
+                    DatasetTable.tableUri == table_uri,
+                    DatasetTable.GlueTableName == DatasetProfilingRun.GlueTableName,
                 )
             )
             .order_by(DatasetProfilingRun.created.desc())
+            .all()
         )
         return paginate(
             q, page=filter.get('page', 1), page_size=filter.get('pageSize', 20)
         ).to_dict()
 
     @staticmethod
-    def get_table_last_profiling_run(session, tableUri):
+    def get_table_last_profiling_run(session, table_uri):
         return (
             session.query(DatasetProfilingRun)
             .join(
                 DatasetTable,
                 DatasetTable.datasetUri == DatasetProfilingRun.datasetUri,
             )
-            .filter(DatasetTable.tableUri == tableUri)
+            .filter(DatasetTable.tableUri == table_uri)
             .filter(
                 DatasetTable.GlueTableName
                 == DatasetProfilingRun.GlueTableName
@@ -146,7 +126,7 @@ def get_table_last_profiling_run_with_results(session, table_uri):
                 DatasetTable,
                 DatasetTable.datasetUri == DatasetProfilingRun.datasetUri,
             )
-            .filter(DatasetTable.tableUri == tableUri)
+            .filter(DatasetTable.tableUri == table_uri)
             .filter(
                 DatasetTable.GlueTableName
                 == DatasetProfilingRun.GlueTableName
diff --git a/backend/dataall/modules/datasets/handlers/glue_profiling_handler.py b/backend/dataall/modules/datasets/handlers/glue_profiling_handler.py
index a804dc729..81d37d36d 100644
--- a/backend/dataall/modules/datasets/handlers/glue_profiling_handler.py
+++ b/backend/dataall/modules/datasets/handlers/glue_profiling_handler.py
@@ -32,8 +32,8 @@ def start_profiling_run(engine, task: models.Task):
 
             DatasetProfilingRepository.update_run(
                 session,
-                profilingRunUri=profiling.profilingRunUri,
-                GlueJobRunId=run_id,
+                run_uri=profiling.profilingRunUri,
+                glue_job_run_id=run_id,
             )
             return run_id
 
diff --git a/backend/dataall/modules/datasets/services/dataset_profiling_service.py b/backend/dataall/modules/datasets/services/dataset_profiling_service.py
index 7160c7dc5..9f3428406 100644
--- a/backend/dataall/modules/datasets/services/dataset_profiling_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_profiling_service.py
@@ -4,13 +4,14 @@
 from dataall.core.context import get_context
 from dataall.core.permission_checker import has_resource_permission
 from dataall.db.api import Environment, ResourcePolicy
+from dataall.db.exceptions import ObjectNotFound
 from dataall.db.models import Task
 from dataall.modules.datasets.aws.s3_profiler_client import S3ProfilerClient
 from dataall.modules.datasets.db.dataset_profiling_repository import DatasetProfilingRepository
 from dataall.modules.datasets.db.dataset_service import DatasetService
 from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
 from dataall.modules.datasets.services.dataset_permissions import PROFILE_DATASET_TABLE
-from dataall.modules.datasets_base.db.models import DatasetProfilingRun
+from dataall.modules.datasets_base.db.models import DatasetProfilingRun, DatasetTable
 
 
 class DatasetProfilingService:
@@ -20,11 +21,24 @@ def start_profiling_run(uri, table_uri, glue_table_name):
         context = get_context()
         with context.db_engine.scoped_session() as session:
             dataset = DatasetService.get_dataset_by_uri(session, uri)
-            run = DatasetProfilingRepository.start_profiling(
+            if not dataset:
+                raise ObjectNotFound('Dataset', uri)
+
+            if table_uri and not glue_table_name:
+                table: DatasetTable = DatasetTableRepository.get_dataset_table_by_uri(session, table_uri)
+                if not table:
+                    raise ObjectNotFound('DatasetTable', table_uri)
+                glue_table_name = table.GlueTableName
+
+            environment: Environment = Environment.get_environment_by_uri(session, dataset.environmentUri)
+            if not environment:
+                raise ObjectNotFound('Environment', dataset.environmentUri)
+
+            run = DatasetProfilingRepository.save_profiling(
                 session=session,
-                datasetUri=dataset.datasetUri,
-                tableUri=table_uri,
-                GlueTableName=glue_table_name,
+                dataset=dataset,
+                env=environment,
+                glue_table_name=glue_table_name,
             )
 
             task = Task(
@@ -38,6 +52,7 @@ def start_profiling_run(uri, table_uri, glue_table_name):
 
     @staticmethod
     def queue_profiling_run(run_uri):
+        # TODO NO PERMISSION CHECK
         context = get_context()
         with context.db_engine.scoped_session() as session:
             task = Task(
@@ -48,19 +63,22 @@ def queue_profiling_run(run_uri):
 
     @staticmethod
     def update_profiling_run_results(run_uri, results):
+        # TODO NO PERMISSION CHECK
         with get_context().db_engine.scoped_session() as session:
             run = DatasetProfilingRepository.update_run(
-                session=session, profilingRunUri=run_uri, results=results
+                session=session, run_uri=run_uri, results=results
             )
             return run
 
     @staticmethod
     def list_profiling_runs(dataset_uri):
+        # TODO NO PERMISSION CHECK
         with get_context().db_engine.scoped_session() as session:
             return DatasetProfilingRepository.list_profiling_runs(session, dataset_uri)
 
     @staticmethod
     def get_profiling_run(run_uri):
+        # TODO NO PERMISSION CHECK
         with get_context().db_engine.scoped_session() as session:
             return DatasetProfilingRepository.get_profiling_run(
                 session=session, profilingRunUri=run_uri
@@ -68,11 +86,10 @@ def get_profiling_run(run_uri):
 
     @staticmethod
     def get_last_table_profiling_run(table_uri: str):
+        # TODO NO PERMISSION CHECK
         with get_context().db_engine.scoped_session() as session:
             run: DatasetProfilingRun = (
-                DatasetProfilingRepository.get_table_last_profiling_run(
-                    session=session, tableUri=table_uri
-                )
+                DatasetProfilingRepository.get_table_last_profiling_run(session, table_uri)
             )
 
             if run:
@@ -96,7 +113,6 @@ def get_last_table_profiling_run(table_uri: str):
 
     @staticmethod
     def list_table_profiling_runs(table_uri: str):
+        # TODO NO PERMISSION CHECK
         with get_context().db_engine.scoped_session() as session:
-            return DatasetProfilingRepository.list_table_profiling_runs(
-                session=session, tableUri=table_uri, filter={}
-            )
+            return DatasetProfilingRepository.list_table_profiling_runs(session, table_uri)

From 77efeb381f042037549ca3ad4d9db384d65bf8fa Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 11 May 2023 14:09:05 +0200
Subject: [PATCH 166/346] Put all code in dataset_base because of name
 collision

---
 .../modules/datasets/db/dataset_service.py    | 704 ------------------
 .../datasets/services/dataset_service.py      |   5 +
 .../datasets_base/db/dataset_repository.py    | 700 ++++++++++++++++-
 3 files changed, 702 insertions(+), 707 deletions(-)
 delete mode 100644 backend/dataall/modules/datasets/db/dataset_service.py
 create mode 100644 backend/dataall/modules/datasets/services/dataset_service.py

diff --git a/backend/dataall/modules/datasets/db/dataset_service.py b/backend/dataall/modules/datasets/db/dataset_service.py
deleted file mode 100644
index b93bbe8f4..000000000
--- a/backend/dataall/modules/datasets/db/dataset_service.py
+++ /dev/null
@@ -1,704 +0,0 @@
-import logging
-from datetime import datetime
-
-from sqlalchemy import and_, or_
-from sqlalchemy.orm import Query
-
-from dataall.core.context import get_context
-from dataall.core.permission_checker import has_tenant_permission, has_resource_permission
-from dataall.db.api import (
-    Environment,
-    ResourcePolicy,
-    KeyValueTag,
-    Vote,
-    Stack,
-    has_tenant_perm,
-    has_resource_perm,
-)
-from dataall.db.api import Organization
-from dataall.db import models, exceptions, paginate, permissions
-from dataall.db.models.Enums import Language
-from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
-from dataall.modules.dataset_sharing.db.share_object_repository import ShareItemSM
-from dataall.modules.datasets.db.enums import ConfidentialityClassification
-from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
-from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
-from dataall.modules.datasets.db.dataset_location_repository import DatasetLocationRepository
-from dataall.modules.datasets.services.dataset_permissions import MANAGE_DATASETS, UPDATE_DATASET, DATASET_READ, DATASET_ALL, \
-    LIST_ENVIRONMENT_DATASETS, CREATE_DATASET
-from dataall.modules.datasets_base.services.permissions import DATASET_TABLE_READ
-from dataall.utils.naming_convention import (
-    NamingConventionService,
-    NamingConventionPattern,
-)
-
-logger = logging.getLogger(__name__)
-
-
-class DatasetService:
-    @staticmethod
-    @has_tenant_perm(MANAGE_DATASETS)
-    @has_resource_perm(CREATE_DATASET)
-    def create_dataset(
-        session,
-        username: str,
-        groups: [str],
-        uri: str,
-        data: dict = None,
-        check_perm: bool = False,
-    ) -> Dataset:
-        if not uri:
-            raise exceptions.RequiredParameter('environmentUri')
-        if not data:
-            raise exceptions.RequiredParameter('data')
-        if not data.get('SamlAdminGroupName'):
-            raise exceptions.RequiredParameter('group')
-        if not data.get('label'):
-            raise exceptions.RequiredParameter('label')
-        if len(data['label']) > 52:
-            raise exceptions.InvalidInput(
-                'Dataset name', data['label'], 'less than 52 characters'
-            )
-
-        Environment.check_group_environment_permission(
-            session=session,
-            username=username,
-            groups=groups,
-            uri=uri,
-            group=data['SamlAdminGroupName'],
-            permission_name=CREATE_DATASET,
-        )
-
-        environment = Environment.get_environment_by_uri(session, uri)
-
-        organization = Organization.get_organization_by_uri(
-            session, environment.organizationUri
-        )
-
-        dataset = Dataset(
-            label=data.get('label'),
-            owner=username,
-            description=data.get('description', 'No description provided'),
-            tags=data.get('tags', []),
-            AwsAccountId=environment.AwsAccountId,
-            SamlAdminGroupName=data['SamlAdminGroupName'],
-            region=environment.region,
-            S3BucketName='undefined',
-            GlueDatabaseName='undefined',
-            IAMDatasetAdminRoleArn='undefined',
-            IAMDatasetAdminUserArn='undefined',
-            KmsAlias='undefined',
-            environmentUri=environment.environmentUri,
-            organizationUri=environment.organizationUri,
-            language=data.get('language', Language.English.value),
-            confidentiality=data.get(
-                'confidentiality', ConfidentialityClassification.Unclassified.value
-            ),
-            topics=data.get('topics', []),
-            businessOwnerEmail=data.get('businessOwnerEmail'),
-            businessOwnerDelegationEmails=data.get('businessOwnerDelegationEmails', []),
-            stewards=data.get('stewards')
-            if data.get('stewards')
-            else data['SamlAdminGroupName'],
-        )
-        session.add(dataset)
-        session.commit()
-
-        DatasetService._set_dataset_aws_resources(dataset, data, environment)
-
-        activity = models.Activity(
-            action='dataset:create',
-            label='dataset:create',
-            owner=username,
-            summary=f'{username} created dataset {dataset.name} in {environment.name} on organization {organization.name}',
-            targetUri=dataset.datasetUri,
-            targetType='dataset',
-        )
-        session.add(activity)
-
-        ResourcePolicy.attach_resource_policy(
-            session=session,
-            group=data['SamlAdminGroupName'],
-            permissions=DATASET_ALL,
-            resource_uri=dataset.datasetUri,
-            resource_type=Dataset.__name__,
-        )
-        if dataset.stewards and dataset.stewards != dataset.SamlAdminGroupName:
-            ResourcePolicy.attach_resource_policy(
-                session=session,
-                group=dataset.stewards,
-                permissions=DATASET_READ,
-                resource_uri=dataset.datasetUri,
-                resource_type=Dataset.__name__,
-            )
-        if environment.SamlGroupName != dataset.SamlAdminGroupName:
-            ResourcePolicy.attach_resource_policy(
-                session=session,
-                group=environment.SamlGroupName,
-                permissions=DATASET_ALL,
-                resource_uri=dataset.datasetUri,
-                resource_type=Dataset.__name__,
-            )
-        return dataset
-
-    @staticmethod
-    def _set_dataset_aws_resources(dataset: Dataset, data, environment):
-
-        bucket_name = NamingConventionService(
-            target_uri=dataset.datasetUri,
-            target_label=dataset.label,
-            pattern=NamingConventionPattern.S3,
-            resource_prefix=environment.resourcePrefix,
-        ).build_compliant_name()
-        dataset.S3BucketName = data.get('bucketName') or bucket_name
-
-        glue_db_name = NamingConventionService(
-            target_uri=dataset.datasetUri,
-            target_label=dataset.label,
-            pattern=NamingConventionPattern.GLUE,
-            resource_prefix=environment.resourcePrefix,
-        ).build_compliant_name()
-        dataset.GlueDatabaseName = data.get('glueDatabaseName') or glue_db_name
-
-        kms_alias = bucket_name
-        dataset.KmsAlias = data.get('KmsKeyId') or kms_alias
-
-        iam_role_name = NamingConventionService(
-            target_uri=dataset.datasetUri,
-            target_label=dataset.label,
-            pattern=NamingConventionPattern.IAM,
-            resource_prefix=environment.resourcePrefix,
-        ).build_compliant_name()
-        iam_role_arn = f'arn:aws:iam::{dataset.AwsAccountId}:role/{iam_role_name}'
-        if data.get('adminRoleName'):
-            dataset.IAMDatasetAdminRoleArn = (
-                f"arn:aws:iam::{dataset.AwsAccountId}:role/{data['adminRoleName']}"
-            )
-            dataset.IAMDatasetAdminUserArn = (
-                f"arn:aws:iam::{dataset.AwsAccountId}:role/{data['adminRoleName']}"
-            )
-        else:
-            dataset.IAMDatasetAdminRoleArn = iam_role_arn
-            dataset.IAMDatasetAdminUserArn = iam_role_arn
-
-        dataset.GlueCrawlerName = f'{dataset.S3BucketName}-{dataset.datasetUri}-crawler'
-        dataset.GlueProfilingJobName = f'{dataset.S3BucketName}-{dataset.datasetUri}-profiler'
-        dataset.GlueProfilingTriggerSchedule = None
-        dataset.GlueProfilingTriggerName = f'{dataset.S3BucketName}-{dataset.datasetUri}-trigger'
-        dataset.GlueDataQualityJobName = f'{dataset.S3BucketName}-{dataset.datasetUri}-dataquality'
-        dataset.GlueDataQualitySchedule = None
-        dataset.GlueDataQualityTriggerName = f'{dataset.S3BucketName}-{dataset.datasetUri}-dqtrigger'
-        return dataset
-
-    @staticmethod
-    def create_dataset_stack(session, dataset: Dataset) -> models.Stack:
-        return Stack.create_stack(
-            session=session,
-            environment_uri=dataset.environmentUri,
-            target_uri=dataset.datasetUri,
-            target_label=dataset.label,
-            target_type='dataset',
-            payload={
-                'bucket_name': dataset.S3BucketName,
-                'database_name': dataset.GlueDatabaseName,
-                'role_name': dataset.S3BucketName,
-                'user_name': dataset.S3BucketName,
-            },
-        )
-
-    @staticmethod
-    @has_tenant_permission(MANAGE_DATASETS)
-    def get_dataset(session, uri: str) -> Dataset:
-        return DatasetService.get_dataset_by_uri(session, uri)
-
-    @staticmethod
-    def get_dataset_by_uri(session, dataset_uri) -> Dataset:
-        return DatasetRepository.get_dataset_by_uri(session, dataset_uri)
-
-    @staticmethod
-    def query_user_datasets(session, username, groups, filter) -> Query:
-        share_item_shared_states = ShareItemSM.get_share_item_shared_states()
-        query = (
-            session.query(Dataset)
-            .outerjoin(
-                ShareObject,
-                ShareObject.datasetUri == Dataset.datasetUri,
-            )
-            .outerjoin(
-                ShareObjectItem,
-                ShareObjectItem.shareUri == ShareObject.shareUri
-            )
-            .filter(
-                or_(
-                    Dataset.owner == username,
-                    Dataset.SamlAdminGroupName.in_(groups),
-                    Dataset.stewards.in_(groups),
-                    and_(
-                        ShareObject.principalId.in_(groups),
-                        ShareObjectItem.status.in_(share_item_shared_states),
-                    ),
-                    and_(
-                        ShareObject.owner == username,
-                        ShareObjectItem.status.in_(share_item_shared_states),
-                    ),
-                )
-            )
-        )
-        if filter and filter.get('term'):
-            query = query.filter(
-                or_(
-                    Dataset.description.ilike(filter.get('term') + '%%'),
-                    Dataset.label.ilike(filter.get('term') + '%%'),
-                )
-            )
-        return query
-
-    @staticmethod
-    def paginated_user_datasets(
-        session, username, groups, uri, data=None, check_perm=None
-    ) -> dict:
-        return paginate(
-            query=DatasetService.query_user_datasets(session, username, groups, data),
-            page=data.get('page', 1),
-            page_size=data.get('pageSize', 10),
-        ).to_dict()
-
-    @staticmethod
-    def paginated_dataset_tables(
-        session, username, groups, uri, data=None, check_perm=None
-    ) -> dict:
-        query = (
-            session.query(DatasetTable)
-            .filter(
-                and_(
-                    DatasetTable.datasetUri == uri,
-                    DatasetTable.LastGlueTableStatus != 'Deleted',
-                )
-            )
-            .order_by(DatasetTable.created.desc())
-        )
-        if data and data.get('term'):
-            query = query.filter(
-                or_(
-                    *[
-                        DatasetTable.name.ilike('%' + data.get('term') + '%'),
-                        DatasetTable.GlueTableName.ilike(
-                            '%' + data.get('term') + '%'
-                        ),
-                    ]
-                )
-            )
-        return paginate(
-            query=query, page_size=data.get('pageSize', 10), page=data.get('page', 1)
-        ).to_dict()
-
-    @staticmethod
-    @has_tenant_permission(MANAGE_DATASETS)
-    @has_resource_permission(UPDATE_DATASET)
-    def update_dataset(session, uri, data=None) -> Dataset:
-        username = get_context().username
-        dataset: Dataset = DatasetService.get_dataset_by_uri(session, uri)
-        if data and isinstance(data, dict):
-            for k in data.keys():
-                if k != 'stewards':
-                    setattr(dataset, k, data.get(k))
-            if data.get('stewards') and data.get('stewards') != dataset.stewards:
-                if data.get('stewards') != dataset.SamlAdminGroupName:
-                    DatasetService.transfer_stewardship_to_new_stewards(
-                        session, dataset, data['stewards']
-                    )
-                    dataset.stewards = data['stewards']
-                else:
-                    DatasetService.transfer_stewardship_to_owners(session, dataset)
-                    dataset.stewards = dataset.SamlAdminGroupName
-
-            ResourcePolicy.attach_resource_policy(
-                session=session,
-                group=dataset.SamlAdminGroupName,
-                permissions=DATASET_ALL,
-                resource_uri=dataset.datasetUri,
-                resource_type=Dataset.__name__,
-            )
-            DatasetService.update_dataset_glossary_terms(session, username, uri, data)
-            activity = models.Activity(
-                action='dataset:update',
-                label='dataset:update',
-                owner=username,
-                summary=f'{username} updated dataset {dataset.name}',
-                targetUri=dataset.datasetUri,
-                targetType='dataset',
-            )
-            session.add(activity)
-            session.commit()
-        return dataset
-
-    @staticmethod
-    def transfer_stewardship_to_owners(session, dataset):
-        dataset_shares = (
-            session.query(ShareObject)
-            .filter(ShareObject.datasetUri == dataset.datasetUri)
-            .all()
-        )
-        if dataset_shares:
-            for share in dataset_shares:
-                ResourcePolicy.attach_resource_policy(
-                    session=session,
-                    group=dataset.SamlAdminGroupName,
-                    permissions=permissions.SHARE_OBJECT_APPROVER,
-                    resource_uri=share.shareUri,
-                    resource_type=ShareObject.__name__,
-                )
-        return dataset
-
-    @staticmethod
-    def transfer_stewardship_to_new_stewards(session, dataset, new_stewards):
-        env = Environment.get_environment_by_uri(session, dataset.environmentUri)
-        if dataset.stewards != env.SamlGroupName:
-            ResourcePolicy.delete_resource_policy(
-                session=session,
-                group=dataset.stewards,
-                resource_uri=dataset.datasetUri,
-            )
-        ResourcePolicy.attach_resource_policy(
-            session=session,
-            group=new_stewards,
-            permissions=DATASET_READ,
-            resource_uri=dataset.datasetUri,
-            resource_type=Dataset.__name__,
-        )
-
-        dataset_tables = [t.tableUri for t in DatasetService.get_dataset_tables(session, dataset.datasetUri)]
-        for tableUri in dataset_tables:
-            if dataset.stewards != env.SamlGroupName:
-                ResourcePolicy.delete_resource_policy(
-                    session=session,
-                    group=dataset.stewards,
-                    resource_uri=tableUri,
-                )
-            ResourcePolicy.attach_resource_policy(
-                session=session,
-                group=new_stewards,
-                permissions=DATASET_TABLE_READ,
-                resource_uri=tableUri,
-                resource_type=DatasetTable.__name__,
-            )
-
-        dataset_shares = (
-            session.query(ShareObject)
-            .filter(ShareObject.datasetUri == dataset.datasetUri)
-            .all()
-        )
-        if dataset_shares:
-            for share in dataset_shares:
-                ResourcePolicy.attach_resource_policy(
-                    session=session,
-                    group=new_stewards,
-                    permissions=permissions.SHARE_OBJECT_APPROVER,
-                    resource_uri=share.shareUri,
-                    resource_type=ShareObject.__name__,
-                )
-                ResourcePolicy.delete_resource_policy(
-                    session=session,
-                    group=dataset.stewards,
-                    resource_uri=share.shareUri,
-                )
-        return dataset
-
-    @staticmethod
-    def update_dataset_glossary_terms(session, username, uri, data):
-        if data.get('terms'):
-            input_terms = data.get('terms', [])
-            current_links = session.query(models.TermLink).filter(
-                models.TermLink.targetUri == uri
-            )
-            for current_link in current_links:
-                if current_link not in input_terms:
-                    session.delete(current_link)
-            for nodeUri in input_terms:
-                term = session.query(models.GlossaryNode).get(nodeUri)
-                if term:
-                    link = (
-                        session.query(models.TermLink)
-                        .filter(
-                            models.TermLink.targetUri == uri,
-                            models.TermLink.nodeUri == nodeUri,
-                        )
-                        .first()
-                    )
-                    if not link:
-                        new_link = models.TermLink(
-                            targetUri=uri,
-                            nodeUri=nodeUri,
-                            targetType='Dataset',
-                            owner=username,
-                            approvedByOwner=True,
-                        )
-                        session.add(new_link)
-
-    @staticmethod
-    def update_bucket_status(session, dataset_uri):
-        """
-        helper method to update the dataset bucket status
-        """
-        dataset = DatasetService.get_dataset_by_uri(session, dataset_uri)
-        dataset.bucketCreated = True
-        return dataset
-
-    @staticmethod
-    def update_glue_database_status(session, dataset_uri):
-        """
-        helper method to update the dataset db status
-        """
-        dataset = DatasetService.get_dataset_by_uri(session, dataset_uri)
-        dataset.glueDatabaseCreated = True
-
-    @staticmethod
-    def get_dataset_tables(session, dataset_uri):
-        """return the dataset tables"""
-        return (
-            session.query(DatasetTable)
-            .filter(DatasetTable.datasetUri == dataset_uri)
-            .all()
-        )
-
-    @staticmethod
-    def query_dataset_shares(session, dataset_uri) -> Query:
-        return session.query(ShareObject).filter(
-            and_(
-                ShareObject.datasetUri == dataset_uri,
-                ShareObject.deleted.is_(None),
-            )
-        )
-
-    @staticmethod
-    def paginated_dataset_shares(
-        session, username, groups, uri, data=None, check_perm=None
-    ) -> [ShareObject]:
-        query = DatasetService.query_dataset_shares(session, uri)
-        return paginate(
-            query=query, page=data.get('page', 1), page_size=data.get('pageSize', 5)
-        ).to_dict()
-
-    @staticmethod
-    def list_dataset_shares(session, dataset_uri) -> [ShareObject]:
-        """return the dataset shares"""
-        query = DatasetService.query_dataset_shares(session, dataset_uri)
-        return query.all()
-
-    @staticmethod
-    def list_dataset_shares_with_existing_shared_items(session, dataset_uri) -> [ShareObject]:
-        query = session.query(ShareObject).filter(
-            and_(
-                ShareObject.datasetUri == dataset_uri,
-                ShareObject.deleted.is_(None),
-                ShareObject.existingSharedItems.is_(True),
-            )
-        )
-        return query.all()
-
-    @staticmethod
-    def list_dataset_redshift_clusters(
-        session, dataset_uri
-    ) -> [models.RedshiftClusterDataset]:
-        """return the dataset clusters"""
-        return (
-            session.query(models.RedshiftClusterDataset)
-            .filter(models.RedshiftClusterDataset.datasetUri == dataset_uri)
-            .all()
-        )
-
-    @staticmethod
-    def delete_dataset(
-        session, username, groups, uri, data=None, check_perm=None
-    ) -> bool:
-        dataset = DatasetService.get_dataset_by_uri(session, uri)
-        DatasetService._delete_dataset_shares_with_no_shared_items(session, uri)
-        DatasetService._delete_dataset_term_links(session, uri)
-        DatasetService._delete_dataset_tables(session, dataset.datasetUri)
-        DatasetLocationRepository.delete_dataset_locations(session, dataset.datasetUri)
-        KeyValueTag.delete_key_value_tags(session, dataset.datasetUri, 'dataset')
-        Vote.delete_votes(session, dataset.datasetUri, 'dataset')
-        session.delete(dataset)
-        ResourcePolicy.delete_resource_policy(
-            session=session, resource_uri=uri, group=dataset.SamlAdminGroupName
-        )
-        env = Environment.get_environment_by_uri(session, dataset.environmentUri)
-        if dataset.SamlAdminGroupName != env.SamlGroupName:
-            ResourcePolicy.delete_resource_policy(
-                session=session, resource_uri=uri, group=env.SamlGroupName
-            )
-        if dataset.stewards:
-            ResourcePolicy.delete_resource_policy(
-                session=session, resource_uri=uri, group=dataset.stewards
-            )
-        return True
-
-    @staticmethod
-    def _delete_dataset_shares_with_no_shared_items(session, dataset_uri):
-        share_objects = (
-            session.query(ShareObject)
-            .filter(
-                and_(
-                    ShareObject.datasetUri == dataset_uri,
-                    ShareObject.existingSharedItems.is_(False),
-                )
-            )
-            .all()
-        )
-        for share in share_objects:
-            (
-                session.query(ShareObjectItem)
-                .filter(ShareObjectItem.shareUri == share.shareUri)
-                .delete()
-            )
-            session.delete(share)
-
-    @staticmethod
-    def _delete_dataset_term_links(session, uri):
-        tables = [t.tableUri for t in DatasetService.get_dataset_tables(session, uri)]
-        for tableUri in tables:
-            term_links = (
-                session.query(models.TermLink)
-                .filter(
-                    and_(
-                        models.TermLink.targetUri == tableUri,
-                        models.TermLink.targetType == 'DatasetTable',
-                    )
-                )
-                .all()
-            )
-            for link in term_links:
-                session.delete(link)
-                session.commit()
-        term_links = (
-            session.query(models.TermLink)
-            .filter(
-                and_(
-                    models.TermLink.targetUri == uri,
-                    models.TermLink.targetType == 'Dataset',
-                )
-            )
-            .all()
-        )
-        for link in term_links:
-            session.delete(link)
-
-    @staticmethod
-    def _delete_dataset_tables(session, dataset_uri) -> bool:
-        tables = (
-            session.query(DatasetTable)
-            .filter(
-                and_(
-                    DatasetTable.datasetUri == dataset_uri,
-                )
-            )
-            .all()
-        )
-        for table in tables:
-            table.deleted = datetime.now()
-        return tables
-
-    @staticmethod
-    def list_all_datasets(session) -> [Dataset]:
-        return session.query(Dataset).all()
-
-    @staticmethod
-    def list_all_active_datasets(session) -> [Dataset]:
-        return (
-            session.query(Dataset).filter(Dataset.deleted.is_(None)).all()
-        )
-
-    @staticmethod
-    def get_dataset_by_bucket_name(session, bucket) -> [Dataset]:
-        return (
-            session.query(Dataset)
-            .filter(Dataset.S3BucketName == bucket)
-            .first()
-        )
-
-    @staticmethod
-    def count_dataset_tables(session, dataset_uri):
-        return (
-            session.query(DatasetTable)
-            .filter(DatasetTable.datasetUri == dataset_uri)
-            .count()
-        )
-
-    @staticmethod
-    def query_environment_group_datasets(session, envUri, groupUri, filter) -> Query:
-        query = session.query(Dataset).filter(
-            and_(
-                Dataset.environmentUri == envUri,
-                Dataset.SamlAdminGroupName == groupUri,
-                Dataset.deleted.is_(None),
-            )
-        )
-        if filter and filter.get('term'):
-            term = filter['term']
-            query = query.filter(
-                or_(
-                    Dataset.label.ilike('%' + term + '%'),
-                    Dataset.description.ilike('%' + term + '%'),
-                    Dataset.tags.contains(f'{{{term}}}'),
-                    Dataset.region.ilike('%' + term + '%'),
-                )
-            )
-        return query
-
-    @staticmethod
-    def query_environment_datasets(session, uri, filter) -> Query:
-        query = session.query(Dataset).filter(
-            and_(
-                Dataset.environmentUri == uri,
-                Dataset.deleted.is_(None),
-            )
-        )
-        if filter and filter.get('term'):
-            term = filter['term']
-            query = query.filter(
-                or_(
-                    Dataset.label.ilike('%' + term + '%'),
-                    Dataset.description.ilike('%' + term + '%'),
-                    Dataset.tags.contains(f'{{{term}}}'),
-                    Dataset.region.ilike('%' + term + '%'),
-                )
-            )
-        return query
-
-    @staticmethod
-    @has_resource_permission(LIST_ENVIRONMENT_DATASETS)
-    def paginated_environment_datasets(
-            session, uri, data=None,
-    ) -> dict:
-        return paginate(
-            query=DatasetService.query_environment_datasets(
-                session, uri, data
-            ),
-            page=data.get('page', 1),
-            page_size=data.get('pageSize', 10),
-        ).to_dict()
-
-    @staticmethod
-    def paginated_environment_group_datasets(
-            session, envUri, groupUri, data=None
-    ) -> dict:
-        return paginate(
-            query=DatasetService.query_environment_group_datasets(
-                session, envUri, groupUri, data
-            ),
-            page=data.get('page', 1),
-            page_size=data.get('pageSize', 10),
-        ).to_dict()
-
-    @staticmethod
-    def list_group_datasets(session, environment_id, group_uri):
-        return (
-            session.query(Dataset)
-            .filter(
-                and_(
-                    Dataset.environmentUri == environment_id,
-                    Dataset.SamlAdminGroupName == group_uri,
-                )
-            )
-            .all()
-        )
diff --git a/backend/dataall/modules/datasets/services/dataset_service.py b/backend/dataall/modules/datasets/services/dataset_service.py
new file mode 100644
index 000000000..e1c025e2d
--- /dev/null
+++ b/backend/dataall/modules/datasets/services/dataset_service.py
@@ -0,0 +1,5 @@
+
+
+
+class DatasetService:
+    pass
\ No newline at end of file
diff --git a/backend/dataall/modules/datasets_base/db/dataset_repository.py b/backend/dataall/modules/datasets_base/db/dataset_repository.py
index 4f15ad259..8b8369854 100644
--- a/backend/dataall/modules/datasets_base/db/dataset_repository.py
+++ b/backend/dataall/modules/datasets_base/db/dataset_repository.py
@@ -1,8 +1,38 @@
-from operator import and_
+import logging
+from datetime import datetime
 
+from sqlalchemy import and_, or_
+from sqlalchemy.orm import Query
+
+from dataall.core.context import get_context
+from dataall.core.permission_checker import has_tenant_permission, has_resource_permission
+from dataall.db.api import (
+    Environment,
+    ResourcePolicy,
+    KeyValueTag,
+    Vote,
+    Stack,
+    has_tenant_perm,
+    has_resource_perm,
+)
+from dataall.db.api import Organization
+from dataall.db import models, exceptions, paginate, permissions
+from dataall.db.models.Enums import Language
+from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
+from dataall.modules.dataset_sharing.db.share_object_repository import ShareItemSM
+from dataall.modules.datasets.db.enums import ConfidentialityClassification
 from dataall.core.group.services.group_resource_manager import GroupResource
-from dataall.db import exceptions
-from dataall.modules.datasets_base.db.models import Dataset
+from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
+from dataall.modules.datasets.db.dataset_location_repository import DatasetLocationRepository
+from dataall.modules.datasets.services.dataset_permissions import MANAGE_DATASETS, UPDATE_DATASET, DATASET_READ, DATASET_ALL, \
+    LIST_ENVIRONMENT_DATASETS, CREATE_DATASET
+from dataall.modules.datasets_base.services.permissions import DATASET_TABLE_READ
+from dataall.utils.naming_convention import (
+    NamingConventionService,
+    NamingConventionPattern,
+)
+
+logger = logging.getLogger(__name__)
 
 
 class DatasetRepository(GroupResource):
@@ -25,3 +55,667 @@ def count_resources(self, session, environment_uri, group_uri) -> int:
                 ))
             .count()
         )
+
+    @staticmethod
+    @has_tenant_perm(MANAGE_DATASETS)
+    @has_resource_perm(CREATE_DATASET)
+    def create_dataset(
+        session,
+        username: str,
+        groups: [str],
+        uri: str,
+        data: dict = None,
+        check_perm: bool = False,
+    ) -> Dataset:
+        if not uri:
+            raise exceptions.RequiredParameter('environmentUri')
+        if not data:
+            raise exceptions.RequiredParameter('data')
+        if not data.get('SamlAdminGroupName'):
+            raise exceptions.RequiredParameter('group')
+        if not data.get('label'):
+            raise exceptions.RequiredParameter('label')
+        if len(data['label']) > 52:
+            raise exceptions.InvalidInput(
+                'Dataset name', data['label'], 'less than 52 characters'
+            )
+
+        Environment.check_group_environment_permission(
+            session=session,
+            username=username,
+            groups=groups,
+            uri=uri,
+            group=data['SamlAdminGroupName'],
+            permission_name=CREATE_DATASET,
+        )
+
+        environment = Environment.get_environment_by_uri(session, uri)
+
+        organization = Organization.get_organization_by_uri(
+            session, environment.organizationUri
+        )
+
+        dataset = Dataset(
+            label=data.get('label'),
+            owner=username,
+            description=data.get('description', 'No description provided'),
+            tags=data.get('tags', []),
+            AwsAccountId=environment.AwsAccountId,
+            SamlAdminGroupName=data['SamlAdminGroupName'],
+            region=environment.region,
+            S3BucketName='undefined',
+            GlueDatabaseName='undefined',
+            IAMDatasetAdminRoleArn='undefined',
+            IAMDatasetAdminUserArn='undefined',
+            KmsAlias='undefined',
+            environmentUri=environment.environmentUri,
+            organizationUri=environment.organizationUri,
+            language=data.get('language', Language.English.value),
+            confidentiality=data.get(
+                'confidentiality', ConfidentialityClassification.Unclassified.value
+            ),
+            topics=data.get('topics', []),
+            businessOwnerEmail=data.get('businessOwnerEmail'),
+            businessOwnerDelegationEmails=data.get('businessOwnerDelegationEmails', []),
+            stewards=data.get('stewards')
+            if data.get('stewards')
+            else data['SamlAdminGroupName'],
+        )
+        session.add(dataset)
+        session.commit()
+
+        DatasetRepository._set_dataset_aws_resources(dataset, data, environment)
+
+        activity = models.Activity(
+            action='dataset:create',
+            label='dataset:create',
+            owner=username,
+            summary=f'{username} created dataset {dataset.name} in {environment.name} on organization {organization.name}',
+            targetUri=dataset.datasetUri,
+            targetType='dataset',
+        )
+        session.add(activity)
+
+        ResourcePolicy.attach_resource_policy(
+            session=session,
+            group=data['SamlAdminGroupName'],
+            permissions=DATASET_ALL,
+            resource_uri=dataset.datasetUri,
+            resource_type=Dataset.__name__,
+        )
+        if dataset.stewards and dataset.stewards != dataset.SamlAdminGroupName:
+            ResourcePolicy.attach_resource_policy(
+                session=session,
+                group=dataset.stewards,
+                permissions=DATASET_READ,
+                resource_uri=dataset.datasetUri,
+                resource_type=Dataset.__name__,
+            )
+        if environment.SamlGroupName != dataset.SamlAdminGroupName:
+            ResourcePolicy.attach_resource_policy(
+                session=session,
+                group=environment.SamlGroupName,
+                permissions=DATASET_ALL,
+                resource_uri=dataset.datasetUri,
+                resource_type=Dataset.__name__,
+            )
+        return dataset
+
+    @staticmethod
+    def _set_dataset_aws_resources(dataset: Dataset, data, environment):
+
+        bucket_name = NamingConventionService(
+            target_uri=dataset.datasetUri,
+            target_label=dataset.label,
+            pattern=NamingConventionPattern.S3,
+            resource_prefix=environment.resourcePrefix,
+        ).build_compliant_name()
+        dataset.S3BucketName = data.get('bucketName') or bucket_name
+
+        glue_db_name = NamingConventionService(
+            target_uri=dataset.datasetUri,
+            target_label=dataset.label,
+            pattern=NamingConventionPattern.GLUE,
+            resource_prefix=environment.resourcePrefix,
+        ).build_compliant_name()
+        dataset.GlueDatabaseName = data.get('glueDatabaseName') or glue_db_name
+
+        kms_alias = bucket_name
+        dataset.KmsAlias = data.get('KmsKeyId') or kms_alias
+
+        iam_role_name = NamingConventionService(
+            target_uri=dataset.datasetUri,
+            target_label=dataset.label,
+            pattern=NamingConventionPattern.IAM,
+            resource_prefix=environment.resourcePrefix,
+        ).build_compliant_name()
+        iam_role_arn = f'arn:aws:iam::{dataset.AwsAccountId}:role/{iam_role_name}'
+        if data.get('adminRoleName'):
+            dataset.IAMDatasetAdminRoleArn = (
+                f"arn:aws:iam::{dataset.AwsAccountId}:role/{data['adminRoleName']}"
+            )
+            dataset.IAMDatasetAdminUserArn = (
+                f"arn:aws:iam::{dataset.AwsAccountId}:role/{data['adminRoleName']}"
+            )
+        else:
+            dataset.IAMDatasetAdminRoleArn = iam_role_arn
+            dataset.IAMDatasetAdminUserArn = iam_role_arn
+
+        dataset.GlueCrawlerName = f'{dataset.S3BucketName}-{dataset.datasetUri}-crawler'
+        dataset.GlueProfilingJobName = f'{dataset.S3BucketName}-{dataset.datasetUri}-profiler'
+        dataset.GlueProfilingTriggerSchedule = None
+        dataset.GlueProfilingTriggerName = f'{dataset.S3BucketName}-{dataset.datasetUri}-trigger'
+        dataset.GlueDataQualityJobName = f'{dataset.S3BucketName}-{dataset.datasetUri}-dataquality'
+        dataset.GlueDataQualitySchedule = None
+        dataset.GlueDataQualityTriggerName = f'{dataset.S3BucketName}-{dataset.datasetUri}-dqtrigger'
+        return dataset
+
+    @staticmethod
+    def create_dataset_stack(session, dataset: Dataset) -> models.Stack:
+        return Stack.create_stack(
+            session=session,
+            environment_uri=dataset.environmentUri,
+            target_uri=dataset.datasetUri,
+            target_label=dataset.label,
+            target_type='dataset',
+            payload={
+                'bucket_name': dataset.S3BucketName,
+                'database_name': dataset.GlueDatabaseName,
+                'role_name': dataset.S3BucketName,
+                'user_name': dataset.S3BucketName,
+            },
+        )
+
+    @staticmethod
+    @has_tenant_permission(MANAGE_DATASETS)
+    def get_dataset(session, uri: str) -> Dataset:
+        return DatasetRepository.get_dataset_by_uri(session, uri)
+
+    @staticmethod
+    def query_user_datasets(session, username, groups, filter) -> Query:
+        share_item_shared_states = ShareItemSM.get_share_item_shared_states()
+        query = (
+            session.query(Dataset)
+            .outerjoin(
+                ShareObject,
+                ShareObject.datasetUri == Dataset.datasetUri,
+            )
+            .outerjoin(
+                ShareObjectItem,
+                ShareObjectItem.shareUri == ShareObject.shareUri
+            )
+            .filter(
+                or_(
+                    Dataset.owner == username,
+                    Dataset.SamlAdminGroupName.in_(groups),
+                    Dataset.stewards.in_(groups),
+                    and_(
+                        ShareObject.principalId.in_(groups),
+                        ShareObjectItem.status.in_(share_item_shared_states),
+                    ),
+                    and_(
+                        ShareObject.owner == username,
+                        ShareObjectItem.status.in_(share_item_shared_states),
+                    ),
+                )
+            )
+        )
+        if filter and filter.get('term'):
+            query = query.filter(
+                or_(
+                    Dataset.description.ilike(filter.get('term') + '%%'),
+                    Dataset.label.ilike(filter.get('term') + '%%'),
+                )
+            )
+        return query
+
+    @staticmethod
+    def paginated_user_datasets(
+        session, username, groups, uri, data=None, check_perm=None
+    ) -> dict:
+        return paginate(
+            query=DatasetRepository.query_user_datasets(session, username, groups, data),
+            page=data.get('page', 1),
+            page_size=data.get('pageSize', 10),
+        ).to_dict()
+
+    @staticmethod
+    def paginated_dataset_tables(
+        session, username, groups, uri, data=None, check_perm=None
+    ) -> dict:
+        query = (
+            session.query(DatasetTable)
+            .filter(
+                and_(
+                    DatasetTable.datasetUri == uri,
+                    DatasetTable.LastGlueTableStatus != 'Deleted',
+                )
+            )
+            .order_by(DatasetTable.created.desc())
+        )
+        if data and data.get('term'):
+            query = query.filter(
+                or_(
+                    *[
+                        DatasetTable.name.ilike('%' + data.get('term') + '%'),
+                        DatasetTable.GlueTableName.ilike(
+                            '%' + data.get('term') + '%'
+                        ),
+                    ]
+                )
+            )
+        return paginate(
+            query=query, page_size=data.get('pageSize', 10), page=data.get('page', 1)
+        ).to_dict()
+
+    @staticmethod
+    @has_tenant_permission(MANAGE_DATASETS)
+    @has_resource_permission(UPDATE_DATASET)
+    def update_dataset(session, uri, data=None) -> Dataset:
+        username = get_context().username
+        dataset: Dataset = DatasetRepository.get_dataset_by_uri(session, uri)
+        if data and isinstance(data, dict):
+            for k in data.keys():
+                if k != 'stewards':
+                    setattr(dataset, k, data.get(k))
+            if data.get('stewards') and data.get('stewards') != dataset.stewards:
+                if data.get('stewards') != dataset.SamlAdminGroupName:
+                    DatasetRepository.transfer_stewardship_to_new_stewards(
+                        session, dataset, data['stewards']
+                    )
+                    dataset.stewards = data['stewards']
+                else:
+                    DatasetRepository.transfer_stewardship_to_owners(session, dataset)
+                    dataset.stewards = dataset.SamlAdminGroupName
+
+            ResourcePolicy.attach_resource_policy(
+                session=session,
+                group=dataset.SamlAdminGroupName,
+                permissions=DATASET_ALL,
+                resource_uri=dataset.datasetUri,
+                resource_type=Dataset.__name__,
+            )
+            DatasetRepository.update_dataset_glossary_terms(session, username, uri, data)
+            activity = models.Activity(
+                action='dataset:update',
+                label='dataset:update',
+                owner=username,
+                summary=f'{username} updated dataset {dataset.name}',
+                targetUri=dataset.datasetUri,
+                targetType='dataset',
+            )
+            session.add(activity)
+            session.commit()
+        return dataset
+
+    @staticmethod
+    def transfer_stewardship_to_owners(session, dataset):
+        dataset_shares = (
+            session.query(ShareObject)
+            .filter(ShareObject.datasetUri == dataset.datasetUri)
+            .all()
+        )
+        if dataset_shares:
+            for share in dataset_shares:
+                ResourcePolicy.attach_resource_policy(
+                    session=session,
+                    group=dataset.SamlAdminGroupName,
+                    permissions=permissions.SHARE_OBJECT_APPROVER,
+                    resource_uri=share.shareUri,
+                    resource_type=ShareObject.__name__,
+                )
+        return dataset
+
+    @staticmethod
+    def transfer_stewardship_to_new_stewards(session, dataset, new_stewards):
+        env = Environment.get_environment_by_uri(session, dataset.environmentUri)
+        if dataset.stewards != env.SamlGroupName:
+            ResourcePolicy.delete_resource_policy(
+                session=session,
+                group=dataset.stewards,
+                resource_uri=dataset.datasetUri,
+            )
+        ResourcePolicy.attach_resource_policy(
+            session=session,
+            group=new_stewards,
+            permissions=DATASET_READ,
+            resource_uri=dataset.datasetUri,
+            resource_type=Dataset.__name__,
+        )
+
+        dataset_tables = [t.tableUri for t in DatasetRepository.get_dataset_tables(session, dataset.datasetUri)]
+        for tableUri in dataset_tables:
+            if dataset.stewards != env.SamlGroupName:
+                ResourcePolicy.delete_resource_policy(
+                    session=session,
+                    group=dataset.stewards,
+                    resource_uri=tableUri,
+                )
+            ResourcePolicy.attach_resource_policy(
+                session=session,
+                group=new_stewards,
+                permissions=DATASET_TABLE_READ,
+                resource_uri=tableUri,
+                resource_type=DatasetTable.__name__,
+            )
+
+        dataset_shares = (
+            session.query(ShareObject)
+            .filter(ShareObject.datasetUri == dataset.datasetUri)
+            .all()
+        )
+        if dataset_shares:
+            for share in dataset_shares:
+                ResourcePolicy.attach_resource_policy(
+                    session=session,
+                    group=new_stewards,
+                    permissions=permissions.SHARE_OBJECT_APPROVER,
+                    resource_uri=share.shareUri,
+                    resource_type=ShareObject.__name__,
+                )
+                ResourcePolicy.delete_resource_policy(
+                    session=session,
+                    group=dataset.stewards,
+                    resource_uri=share.shareUri,
+                )
+        return dataset
+
+    @staticmethod
+    def update_dataset_glossary_terms(session, username, uri, data):
+        if data.get('terms'):
+            input_terms = data.get('terms', [])
+            current_links = session.query(models.TermLink).filter(
+                models.TermLink.targetUri == uri
+            )
+            for current_link in current_links:
+                if current_link not in input_terms:
+                    session.delete(current_link)
+            for nodeUri in input_terms:
+                term = session.query(models.GlossaryNode).get(nodeUri)
+                if term:
+                    link = (
+                        session.query(models.TermLink)
+                        .filter(
+                            models.TermLink.targetUri == uri,
+                            models.TermLink.nodeUri == nodeUri,
+                        )
+                        .first()
+                    )
+                    if not link:
+                        new_link = models.TermLink(
+                            targetUri=uri,
+                            nodeUri=nodeUri,
+                            targetType='Dataset',
+                            owner=username,
+                            approvedByOwner=True,
+                        )
+                        session.add(new_link)
+
+    @staticmethod
+    def update_bucket_status(session, dataset_uri):
+        """
+        helper method to update the dataset bucket status
+        """
+        dataset = DatasetRepository.get_dataset_by_uri(session, dataset_uri)
+        dataset.bucketCreated = True
+        return dataset
+
+    @staticmethod
+    def update_glue_database_status(session, dataset_uri):
+        """
+        helper method to update the dataset db status
+        """
+        dataset = DatasetRepository.get_dataset_by_uri(session, dataset_uri)
+        dataset.glueDatabaseCreated = True
+
+    @staticmethod
+    def get_dataset_tables(session, dataset_uri):
+        """return the dataset tables"""
+        return (
+            session.query(DatasetTable)
+            .filter(DatasetTable.datasetUri == dataset_uri)
+            .all()
+        )
+
+    @staticmethod
+    def query_dataset_shares(session, dataset_uri) -> Query:
+        return session.query(ShareObject).filter(
+            and_(
+                ShareObject.datasetUri == dataset_uri,
+                ShareObject.deleted.is_(None),
+            )
+        )
+
+    @staticmethod
+    def paginated_dataset_shares(
+        session, username, groups, uri, data=None, check_perm=None
+    ) -> [ShareObject]:
+        query = DatasetRepository.query_dataset_shares(session, uri)
+        return paginate(
+            query=query, page=data.get('page', 1), page_size=data.get('pageSize', 5)
+        ).to_dict()
+
+    @staticmethod
+    def list_dataset_shares(session, dataset_uri) -> [ShareObject]:
+        """return the dataset shares"""
+        query = DatasetRepository.query_dataset_shares(session, dataset_uri)
+        return query.all()
+
+    @staticmethod
+    def list_dataset_shares_with_existing_shared_items(session, dataset_uri) -> [ShareObject]:
+        query = session.query(ShareObject).filter(
+            and_(
+                ShareObject.datasetUri == dataset_uri,
+                ShareObject.deleted.is_(None),
+                ShareObject.existingSharedItems.is_(True),
+            )
+        )
+        return query.all()
+
+    @staticmethod
+    def list_dataset_redshift_clusters(
+        session, dataset_uri
+    ) -> [models.RedshiftClusterDataset]:
+        """return the dataset clusters"""
+        return (
+            session.query(models.RedshiftClusterDataset)
+            .filter(models.RedshiftClusterDataset.datasetUri == dataset_uri)
+            .all()
+        )
+
+    @staticmethod
+    def delete_dataset(
+        session, username, groups, uri, data=None, check_perm=None
+    ) -> bool:
+        dataset = DatasetRepository.get_dataset_by_uri(session, uri)
+        DatasetRepository._delete_dataset_shares_with_no_shared_items(session, uri)
+        DatasetRepository._delete_dataset_term_links(session, uri)
+        DatasetRepository._delete_dataset_tables(session, dataset.datasetUri)
+        DatasetLocationRepository.delete_dataset_locations(session, dataset.datasetUri)
+        KeyValueTag.delete_key_value_tags(session, dataset.datasetUri, 'dataset')
+        Vote.delete_votes(session, dataset.datasetUri, 'dataset')
+        session.delete(dataset)
+        ResourcePolicy.delete_resource_policy(
+            session=session, resource_uri=uri, group=dataset.SamlAdminGroupName
+        )
+        env = Environment.get_environment_by_uri(session, dataset.environmentUri)
+        if dataset.SamlAdminGroupName != env.SamlGroupName:
+            ResourcePolicy.delete_resource_policy(
+                session=session, resource_uri=uri, group=env.SamlGroupName
+            )
+        if dataset.stewards:
+            ResourcePolicy.delete_resource_policy(
+                session=session, resource_uri=uri, group=dataset.stewards
+            )
+        return True
+
+    @staticmethod
+    def _delete_dataset_shares_with_no_shared_items(session, dataset_uri):
+        share_objects = (
+            session.query(ShareObject)
+            .filter(
+                and_(
+                    ShareObject.datasetUri == dataset_uri,
+                    ShareObject.existingSharedItems.is_(False),
+                )
+            )
+            .all()
+        )
+        for share in share_objects:
+            (
+                session.query(ShareObjectItem)
+                .filter(ShareObjectItem.shareUri == share.shareUri)
+                .delete()
+            )
+            session.delete(share)
+
+    @staticmethod
+    def _delete_dataset_term_links(session, uri):
+        tables = [t.tableUri for t in DatasetRepository.get_dataset_tables(session, uri)]
+        for tableUri in tables:
+            term_links = (
+                session.query(models.TermLink)
+                .filter(
+                    and_(
+                        models.TermLink.targetUri == tableUri,
+                        models.TermLink.targetType == 'DatasetTable',
+                    )
+                )
+                .all()
+            )
+            for link in term_links:
+                session.delete(link)
+                session.commit()
+        term_links = (
+            session.query(models.TermLink)
+            .filter(
+                and_(
+                    models.TermLink.targetUri == uri,
+                    models.TermLink.targetType == 'Dataset',
+                )
+            )
+            .all()
+        )
+        for link in term_links:
+            session.delete(link)
+
+    @staticmethod
+    def _delete_dataset_tables(session, dataset_uri) -> bool:
+        tables = (
+            session.query(DatasetTable)
+            .filter(
+                and_(
+                    DatasetTable.datasetUri == dataset_uri,
+                )
+            )
+            .all()
+        )
+        for table in tables:
+            table.deleted = datetime.now()
+        return tables
+
+    @staticmethod
+    def list_all_datasets(session) -> [Dataset]:
+        return session.query(Dataset).all()
+
+    @staticmethod
+    def list_all_active_datasets(session) -> [Dataset]:
+        return (
+            session.query(Dataset).filter(Dataset.deleted.is_(None)).all()
+        )
+
+    @staticmethod
+    def get_dataset_by_bucket_name(session, bucket) -> [Dataset]:
+        return (
+            session.query(Dataset)
+            .filter(Dataset.S3BucketName == bucket)
+            .first()
+        )
+
+    @staticmethod
+    def count_dataset_tables(session, dataset_uri):
+        return (
+            session.query(DatasetTable)
+            .filter(DatasetTable.datasetUri == dataset_uri)
+            .count()
+        )
+
+    @staticmethod
+    def query_environment_group_datasets(session, envUri, groupUri, filter) -> Query:
+        query = session.query(Dataset).filter(
+            and_(
+                Dataset.environmentUri == envUri,
+                Dataset.SamlAdminGroupName == groupUri,
+                Dataset.deleted.is_(None),
+            )
+        )
+        if filter and filter.get('term'):
+            term = filter['term']
+            query = query.filter(
+                or_(
+                    Dataset.label.ilike('%' + term + '%'),
+                    Dataset.description.ilike('%' + term + '%'),
+                    Dataset.tags.contains(f'{{{term}}}'),
+                    Dataset.region.ilike('%' + term + '%'),
+                )
+            )
+        return query
+
+    @staticmethod
+    def query_environment_datasets(session, uri, filter) -> Query:
+        query = session.query(Dataset).filter(
+            and_(
+                Dataset.environmentUri == uri,
+                Dataset.deleted.is_(None),
+            )
+        )
+        if filter and filter.get('term'):
+            term = filter['term']
+            query = query.filter(
+                or_(
+                    Dataset.label.ilike('%' + term + '%'),
+                    Dataset.description.ilike('%' + term + '%'),
+                    Dataset.tags.contains(f'{{{term}}}'),
+                    Dataset.region.ilike('%' + term + '%'),
+                )
+            )
+        return query
+
+    @staticmethod
+    @has_resource_permission(LIST_ENVIRONMENT_DATASETS)
+    def paginated_environment_datasets(
+            session, uri, data=None,
+    ) -> dict:
+        return paginate(
+            query=DatasetRepository.query_environment_datasets(
+                session, uri, data
+            ),
+            page=data.get('page', 1),
+            page_size=data.get('pageSize', 10),
+        ).to_dict()
+
+    @staticmethod
+    def paginated_environment_group_datasets(
+            session, envUri, groupUri, data=None
+    ) -> dict:
+        return paginate(
+            query=DatasetRepository.query_environment_group_datasets(
+                session, envUri, groupUri, data
+            ),
+            page=data.get('page', 1),
+            page_size=data.get('pageSize', 10),
+        ).to_dict()
+
+    @staticmethod
+    def list_group_datasets(session, environment_id, group_uri):
+        return (
+            session.query(Dataset)
+            .filter(
+                and_(
+                    Dataset.environmentUri == environment_id,
+                    Dataset.SamlAdminGroupName == group_uri,
+                )
+            )
+            .all()
+        )
+

From 0e0689406f1211a33be44f11a5866f3b95f25b22 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 11 May 2023 15:27:46 +0200
Subject: [PATCH 167/346] Extracted methods into DatasetService

---
 .../modules/datasets/api/dataset/resolvers.py | 504 +-----------------
 .../datasets/services/dataset_service.py      | 503 ++++++++++++++++-
 2 files changed, 526 insertions(+), 481 deletions(-)

diff --git a/backend/dataall/modules/datasets/api/dataset/resolvers.py b/backend/dataall/modules/datasets/api/dataset/resolvers.py
index dd90eb360..8fb021c98 100644
--- a/backend/dataall/modules/datasets/api/dataset/resolvers.py
+++ b/backend/dataall/modules/datasets/api/dataset/resolvers.py
@@ -1,65 +1,21 @@
-import json
 import logging
 
-from botocore.config import Config
-from botocore.exceptions import ClientError
-
 from dataall.api.Objects.Stack import stack_helper
 from dataall import db
 from dataall.api.context import Context
-from dataall.aws.handlers.service_handlers import Worker
-from dataall.aws.handlers.sts import SessionHelper
 from dataall.db import paginate, exceptions, models
-from dataall.db.api import Environment, ResourcePolicy
+from dataall.db.api import Environment
 from dataall.db.api.organization import Organization
 from dataall.modules.dataset_sharing.db.models import ShareObject
 from dataall.modules.datasets import Dataset
 from dataall.modules.datasets.api.dataset.enums import DatasetRole
-from dataall.modules.datasets.aws.glue_dataset_client import DatasetCrawler
-from dataall.modules.datasets.db.dataset_location_repository import DatasetLocationRepository
-from dataall.modules.datasets.db.dataset_service import DatasetService
-from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
-from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
-from dataall.modules.datasets.services.dataset_permissions import CREDENTIALS_DATASET, SYNC_DATASET, SUMMARY_DATASET, \
-    CRAWL_DATASET, DELETE_DATASET, SUBSCRIPTIONS_DATASET
-from dataall.aws.handlers.quicksight import Quicksight
+from dataall.modules.datasets.services.dataset_service import DatasetService
 
 log = logging.getLogger(__name__)
 
 
-def check_dataset_account(environment):
-    if environment.dashboardsEnabled:
-        quicksight_subscription = Quicksight.check_quicksight_enterprise_subscription(AwsAccountId=environment.AwsAccountId)
-        if quicksight_subscription:
-            group = Quicksight.create_quicksight_group(AwsAccountId=environment.AwsAccountId)
-            return True if group else False
-    return True
-
-
 def create_dataset(context: Context, source, input=None):
-    with context.engine.scoped_session() as session:
-        environment = Environment.get_environment_by_uri(session, input.get('environmentUri'))
-        check_dataset_account(environment=environment)
-
-        dataset = DatasetService.create_dataset(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            uri=input.get('environmentUri'),
-            data=input,
-            check_perm=True,
-        )
-        DatasetService.create_dataset_stack(session, dataset)
-
-        DatasetIndexer.upsert(
-            session=session, dataset_uri=dataset.datasetUri
-        )
-
-    _deploy_dataset_stack(dataset)
-
-    dataset.userRoleForDataset = DatasetRole.Creator.value
-
-    return dataset
+    return DatasetService.create_dataset(env_uri=input['environmentUri'], data=input)
 
 
 def import_dataset(context: Context, source, input=None):
@@ -72,43 +28,11 @@ def import_dataset(context: Context, source, input=None):
     if not input.get('SamlAdminGroupName'):
         raise exceptions.RequiredParameter('group')
 
-    with context.engine.scoped_session() as session:
-        environment = Environment.get_environment_by_uri(session, input.get('environmentUri'))
-        check_dataset_account(environment=environment)
-
-        dataset = DatasetService.create_dataset(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            uri=input.get('environmentUri'),
-            data=input,
-            check_perm=True,
-        )
-        dataset.imported = True
-        dataset.importedS3Bucket = True if input['bucketName'] else False
-        dataset.importedGlueDatabase = True if input.get('glueDatabaseName') else False
-        dataset.importedKmsKey = True if input.get('KmsKeyId') else False
-        dataset.importedAdminRole = True if input.get('adminRoleName') else False
-
-        DatasetService.create_dataset_stack(session, dataset)
-
-        DatasetIndexer.upsert(
-            session=session, dataset_uri=dataset.datasetUri
-        )
-
-    _deploy_dataset_stack(dataset)
-
-    dataset.userRoleForDataset = DatasetRole.Creator.value
-
-    return dataset
+    return DatasetService.import_dataset(data=input)
 
 
 def get_dataset(context, source, datasetUri=None):
-    with context.engine.scoped_session() as session:
-        dataset = DatasetService.get_dataset(session, uri=datasetUri)
-        if dataset.SamlAdminGroupName in context.groups:
-            dataset.userRoleForDataset = DatasetRole.Admin.value
-        return dataset
+    return DatasetService.get_dataset(uri=datasetUri)
 
 
 def resolve_user_role(context: Context, source: Dataset, **kwargs):
@@ -137,36 +61,13 @@ def resolve_user_role(context: Context, source: Dataset, **kwargs):
 def get_file_upload_presigned_url(
     context, source, datasetUri: str = None, input: dict = None
 ):
-    with context.engine.scoped_session() as session:
-        dataset = DatasetService.get_dataset_by_uri(session, datasetUri)
-
-    s3_client = SessionHelper.remote_session(dataset.AwsAccountId).client(
-        's3',
-        region_name=dataset.region,
-        config=Config(signature_version='s3v4', s3={'addressing_style': 'virtual'}),
-    )
-    try:
-        s3_client.get_bucket_acl(
-            Bucket=dataset.S3BucketName, ExpectedBucketOwner=dataset.AwsAccountId
-        )
-        response = s3_client.generate_presigned_post(
-            Bucket=dataset.S3BucketName,
-            Key=input.get('prefix', 'uploads') + '/' + input.get('fileName'),
-            ExpiresIn=15 * 60,
-        )
-
-        return json.dumps(response)
-    except ClientError as e:
-        raise e
+    return DatasetService.get_file_upload_presigned_url(uri=datasetUri, data=input)
 
 
 def list_datasets(context: Context, source, filter: dict = None):
     if not filter:
         filter = {'page': 1, 'pageSize': 5}
-    with context.engine.scoped_session() as session:
-        return DatasetService.paginated_user_datasets(
-            session, context.username, context.groups, uri=None, data=filter
-        )
+    return DatasetService.list_datasets(filter)
 
 
 def list_locations(context, source: Dataset, filter: dict = None):
@@ -174,12 +75,7 @@ def list_locations(context, source: Dataset, filter: dict = None):
         return None
     if not filter:
         filter = {'page': 1, 'pageSize': 5}
-    with context.engine.scoped_session() as session:
-        return DatasetLocationRepository.paginated_dataset_locations(
-            session=session,
-            uri=source.datasetUri,
-            data=filter,
-        )
+    return DatasetService.list_locations(source.datasetUri, filter)
 
 
 def list_tables(context, source: Dataset, filter: dict = None):
@@ -187,14 +83,7 @@ def list_tables(context, source: Dataset, filter: dict = None):
         return None
     if not filter:
         filter = {'page': 1, 'pageSize': 5}
-    with context.engine.scoped_session() as session:
-        return DatasetService.paginated_dataset_tables(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            uri=source.datasetUri,
-            data=filter,
-        )
+    return DatasetService.list_tables(source.datasetUri, filter)
 
 
 def get_dataset_organization(context, source: Dataset, **kwargs):
@@ -224,173 +113,29 @@ def get_dataset_stewards_group(context, source: Dataset, **kwargs):
 
 
 def update_dataset(context, source, datasetUri: str = None, input: dict = None):
-    with context.engine.scoped_session() as session:
-        dataset = DatasetService.get_dataset_by_uri(session, datasetUri)
-        environment = Environment.get_environment_by_uri(session, dataset.environmentUri)
-        check_dataset_account(environment=environment)
-        updated_dataset = DatasetService.update_dataset(
-            session=session,
-            uri=datasetUri,
-            data=input,
-        )
-        DatasetIndexer.upsert(session, dataset_uri=datasetUri)
-
-    _deploy_dataset_stack(updated_dataset)
-
-    return updated_dataset
+    return DatasetService.update_dataset(uri=datasetUri)
 
 
 def get_dataset_statistics(context: Context, source: Dataset, **kwargs):
     if not source:
         return None
-    with context.engine.scoped_session() as session:
-        count_tables = DatasetService.count_dataset_tables(session, source.datasetUri)
-        count_locations = DatasetLocationRepository.count_dataset_locations(
-            session, source.datasetUri
-        )
-        count_upvotes = db.api.Vote.count_upvotes(
-            session, None, None, source.datasetUri, {'targetType': 'dataset'}
-        )
-    return {
-        'tables': count_tables or 0,
-        'locations': count_locations or 0,
-        'upvotes': count_upvotes or 0,
-    }
+    return DatasetService.get_dataset_statistics(source)
 
 
 def get_dataset_etl_credentials(context: Context, source, datasetUri: str = None):
-    with context.engine.scoped_session() as session:
-        ResourcePolicy.check_user_resource_permission(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            resource_uri=datasetUri,
-            permission_name=CREDENTIALS_DATASET,
-        )
-        task = models.Task(targetUri=datasetUri, action='iam.dataset.user.credentials')
-        session.add(task)
-    response = Worker.process(
-        engine=context.engine, task_ids=[task.taskUri], save_response=False
-    )[0]
-    return json.dumps(response['response'])
+    return DatasetService.get_dataset_etl_credentials(uri=datasetUri)
 
 
 def get_dataset_assume_role_url(context: Context, source, datasetUri: str = None):
-    with context.engine.scoped_session() as session:
-        ResourcePolicy.check_user_resource_permission(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            resource_uri=datasetUri,
-            permission_name=CREDENTIALS_DATASET,
-        )
-        dataset = DatasetService.get_dataset_by_uri(session, datasetUri)
-        if dataset.SamlAdminGroupName not in context.groups:
-            share = ShareObject.get_share_by_dataset_attributes(
-                session=session,
-                dataset_uri=datasetUri,
-                dataset_owner=context.username
-            )
-            shared_environment = Environment.get_environment_by_uri(
-                session=session,
-                uri=share.environmentUri
-            )
-            env_group = Environment.get_environment_group(
-                session=session,
-                group_uri=share.principalId,
-                environment_uri=share.environmentUri
-            )
-            role_arn = env_group.environmentIAMRoleArn
-            account_id = shared_environment.AwsAccountId
-        else:
-            role_arn = dataset.IAMDatasetAdminRoleArn
-            account_id = dataset.AwsAccountId
-
-    pivot_session = SessionHelper.remote_session(account_id)
-    aws_session = SessionHelper.get_session(
-        base_session=pivot_session, role_arn=role_arn
-    )
-    url = SessionHelper.get_console_access_url(
-        aws_session,
-        region=dataset.region,
-        bucket=dataset.S3BucketName,
-    )
-    return url
+    return DatasetService.get_dataset_assume_role_url(uri=datasetUri)
 
 
 def sync_tables(context: Context, source, datasetUri: str = None):
-    with context.engine.scoped_session() as session:
-        ResourcePolicy.check_user_resource_permission(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            resource_uri=datasetUri,
-            permission_name=SYNC_DATASET,
-        )
-        dataset = DatasetService.get_dataset_by_uri(session, datasetUri)
-
-        task = models.Task(
-            action='glue.dataset.database.tables',
-            targetUri=dataset.datasetUri,
-        )
-        session.add(task)
-    Worker.process(engine=context.engine, task_ids=[task.taskUri], save_response=False)
-    with context.engine.scoped_session() as session:
-        DatasetTableIndexer.upsert_all(
-            session=session, dataset_uri=dataset.datasetUri
-        )
-        DatasetTableIndexer.remove_all_deleted(session=session, dataset_uri=dataset.datasetUri)
-        return DatasetService.paginated_dataset_tables(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            uri=datasetUri,
-            data={'page': 1, 'pageSize': 10},
-            check_perm=None,
-        )
+    return DatasetService.sync_tables(uri=datasetUri)
 
 
 def start_crawler(context: Context, source, datasetUri: str, input: dict = None):
-    with context.engine.scoped_session() as session:
-        ResourcePolicy.check_user_resource_permission(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            resource_uri=datasetUri,
-            permission_name=CRAWL_DATASET,
-        )
-
-        dataset = DatasetService.get_dataset_by_uri(session, datasetUri)
-
-        location = (
-            f's3://{dataset.S3BucketName}/{input.get("prefix")}'
-            if input.get('prefix')
-            else f's3://{dataset.S3BucketName}'
-        )
-
-        crawler = DatasetCrawler(dataset).get_crawler()
-        if not crawler:
-            raise exceptions.AWSResourceNotFound(
-                action=CRAWL_DATASET,
-                message=f'Crawler {dataset.GlueCrawlerName} can not be found',
-            )
-
-        task = models.Task(
-            targetUri=datasetUri,
-            action='glue.crawler.start',
-            payload={'location': location},
-        )
-        session.add(task)
-        session.commit()
-
-        Worker.queue(engine=context.engine, task_ids=[task.taskUri])
-
-        return {
-            'Name': dataset.GlueCrawlerName,
-            'AwsAccountId': dataset.AwsAccountId,
-            'region': dataset.region,
-            'status': crawler.get('LastCrawl', {}).get('Status', 'N/A'),
-        }
+    return DatasetService.start_crawler(uri=datasetUri, data=input)
 
 
 def list_dataset_share_objects(context, source, filter: dict = None):
@@ -398,100 +143,21 @@ def list_dataset_share_objects(context, source, filter: dict = None):
         return None
     if not filter:
         filter = {'page': 1, 'pageSize': 5}
-    with context.engine.scoped_session() as session:
-        return DatasetService.paginated_dataset_shares(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            uri=source.datasetUri,
-            data=filter,
-            check_perm=True,
-        )
+    return DatasetService.list_dataset_share_objects(source, filter)
 
 
 def generate_dataset_access_token(context, source, datasetUri: str = None):
-    with context.engine.scoped_session() as session:
-        ResourcePolicy.check_user_resource_permission(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            resource_uri=datasetUri,
-            permission_name=CREDENTIALS_DATASET,
-        )
-        dataset = DatasetService.get_dataset_by_uri(session, datasetUri)
-
-    pivot_session = SessionHelper.remote_session(dataset.AwsAccountId)
-    aws_session = SessionHelper.get_session(
-        base_session=pivot_session, role_arn=dataset.IAMDatasetAdminRoleArn
-    )
-    c = aws_session.get_credentials()
-    credentials = {
-        'AccessKey': c.access_key,
-        'SessionKey': c.secret_key,
-        'sessionToken': c.token,
-    }
-
-    return json.dumps(credentials)
+    return DatasetService.generate_dataset_access_token(uri=datasetUri)
 
 
 def get_dataset_summary(context, source, datasetUri: str = None):
-    with context.engine.scoped_session() as session:
-        dataset = DatasetService.get_dataset_by_uri(session, datasetUri)
-        environment = Environment.get_environment_by_uri(
-            session, dataset.environmentUri
-        )
-
-        pivot_session = SessionHelper.remote_session(dataset.AwsAccountId)
-        env_admin_session = SessionHelper.get_session(
-            base_session=pivot_session,
-            role_arn=environment.EnvironmentDefaultIAMRoleArn,
-        )
-        s3 = env_admin_session.client('s3', region_name=dataset.region)
-
-        try:
-            s3.head_object(
-                Bucket=environment.EnvironmentDefaultBucketName,
-                Key=f'summary/{datasetUri}/summary.md',
-            )
-            response = s3.get_object(
-                Bucket=environment.EnvironmentDefaultBucketName,
-                Key=f'summary/{datasetUri}/summary.md',
-            )
-            content = str(response['Body'].read().decode('utf-8'))
-            return content
-        except Exception as e:
-            raise e
+    return DatasetService.get_dataset_summary(uri=datasetUri)
 
 
 def save_dataset_summary(
     context: Context, source, datasetUri: str = None, content: str = None
 ):
-    with context.engine.scoped_session() as session:
-        ResourcePolicy.check_user_resource_permission(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            resource_uri=datasetUri,
-            permission_name=SUMMARY_DATASET,
-        )
-        dataset = DatasetService.get_dataset_by_uri(session, datasetUri)
-        environment = Environment.get_environment_by_uri(
-            session, dataset.environmentUri
-        )
-
-        pivot_session = SessionHelper.remote_session(dataset.AwsAccountId)
-        env_admin_session = SessionHelper.get_session(
-            base_session=pivot_session,
-            role_arn=environment.EnvironmentDefaultIAMRoleArn,
-        )
-        s3 = env_admin_session.client('s3', region_name=dataset.region)
-
-        s3.put_object(
-            Bucket=environment.EnvironmentDefaultBucketName,
-            Key=f'summary/{datasetUri}/summary.md',
-            Body=content,
-        )
-    return True
+    return DatasetService.save_dataset_summary(uri=datasetUri, content=content)
 
 
 def get_dataset_stack(context: Context, source: Dataset, **kwargs):
@@ -504,88 +170,13 @@ def get_dataset_stack(context: Context, source: Dataset, **kwargs):
 
 
 def get_crawler(context, source, datasetUri: str = None, name: str = None):
-    with context.engine.scoped_session() as session:
-        ResourcePolicy.check_user_resource_permission(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            resource_uri=datasetUri,
-            permission_name=CRAWL_DATASET,
-        )
-        dataset = DatasetService.get_dataset_by_uri(session, datasetUri)
-
-    aws_session = SessionHelper.remote_session(dataset.AwsAccountId)
-    client = aws_session.client('glue', region_name=dataset.region)
-
-    response = client.get_crawler(Name=name)
-    return {
-        'Name': name,
-        'AwsAccountId': dataset.AwsAccountId,
-        'region': dataset.region,
-        'status': response['Crawler'].get('LastCrawl', {}).get('Status', 'N/A'),
-    }
+    return DatasetService.get_crawler(uri=datasetUri, name=name)
 
 
 def delete_dataset(
     context: Context, source, datasetUri: str = None, deleteFromAWS: bool = False
 ):
-    with context.engine.scoped_session() as session:
-        ResourcePolicy.check_user_resource_permission(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            resource_uri=datasetUri,
-            permission_name=DELETE_DATASET,
-        )
-        dataset: Dataset = DatasetService.get_dataset_by_uri(session, datasetUri)
-        env: models.Environment = Environment.get_environment_by_uri(
-            session, dataset.environmentUri
-        )
-        shares = DatasetService.list_dataset_shares_with_existing_shared_items(session, datasetUri)
-        if shares:
-            raise exceptions.UnauthorizedOperation(
-                action=DELETE_DATASET,
-                message=f'Dataset {dataset.name} is shared with other teams. '
-                'Revoke all dataset shares before deletion.',
-            )
-        redshift_datasets = DatasetService.list_dataset_redshift_clusters(
-            session, datasetUri
-        )
-        if redshift_datasets:
-            raise exceptions.UnauthorizedOperation(
-                action=DELETE_DATASET,
-                message='Dataset is used by Redshift clusters. '
-                'Remove clusters associations first.',
-            )
-
-        tables = [t.tableUri for t in DatasetService.get_dataset_tables(session, datasetUri)]
-        for uri in tables:
-            DatasetIndexer.delete_doc(doc_id=uri)
-
-        folders = [f.locationUri for f in DatasetLocationRepository.get_dataset_folders(session, datasetUri)]
-        for uri in folders:
-            DatasetIndexer.delete_doc(doc_id=uri)
-
-        DatasetIndexer.delete_doc(doc_id=datasetUri)
-
-        DatasetService.delete_dataset(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            uri=datasetUri,
-            data=None,
-            check_perm=True,
-        )
-
-    if deleteFromAWS:
-        stack_helper.delete_stack(
-            target_uri=datasetUri,
-            accountid=env.AwsAccountId,
-            cdk_role_arn=env.CDKRoleArn,
-            region=env.region,
-        )
-        stack_helper.deploy_stack(dataset.environmentUri)
-    return True
+    return DatasetService.delete_dataset(uri=datasetUri, delete_from_aws=deleteFromAWS)
 
 
 def get_dataset_glossary_terms(context: Context, source: Dataset, **kwargs):
@@ -606,34 +197,7 @@ def get_dataset_glossary_terms(context: Context, source: Dataset, **kwargs):
 def publish_dataset_update(
     context: Context, source, datasetUri: str = None, s3Prefix: str = None
 ):
-    with context.engine.scoped_session() as session:
-        ResourcePolicy.check_user_resource_permission(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            resource_uri=datasetUri,
-            permission_name=SUBSCRIPTIONS_DATASET,
-        )
-        dataset = DatasetService.get_dataset_by_uri(session, datasetUri)
-        env = db.api.Environment.get_environment_by_uri(session, dataset.environmentUri)
-        if not env.subscriptionsEnabled or not env.subscriptionsProducersTopicName:
-            raise Exception(
-                'Subscriptions are disabled. '
-                "First enable subscriptions for this dataset's environment then retry."
-            )
-
-        task = models.Task(
-            targetUri=datasetUri,
-            action='sns.dataset.publish_update',
-            payload={'s3Prefix': s3Prefix},
-        )
-        session.add(task)
-
-    response = Worker.process(
-        engine=context.engine, task_ids=[task.taskUri], save_response=False
-    )[0]
-    log.info(f'Dataset update publish response: {response}')
-    return True
+    return DatasetService.publish_dataset_update(uri=datasetUri, s3_prefix=s3Prefix)
 
 
 def resolve_redshift_copy_enabled(context, source: Dataset, clusterUri: str):
@@ -645,26 +209,12 @@ def resolve_redshift_copy_enabled(context, source: Dataset, clusterUri: str):
         ).datasetCopyEnabled
 
 
-def _deploy_dataset_stack(dataset: Dataset):
-    """
-    Each dataset stack deployment triggers environment stack update
-    to rebuild teams IAM roles data access policies
-    """
-    stack_helper.deploy_stack(dataset.datasetUri)
-    stack_helper.deploy_stack(dataset.environmentUri)
-
-
 def list_datasets_created_in_environment(
     context: Context, source, environmentUri: str = None, filter: dict = None
 ):
     if not filter:
         filter = {}
-    with context.engine.scoped_session() as session:
-        return DatasetService.paginated_environment_datasets(
-            session=session,
-            uri=environmentUri,
-            data=filter,
-        )
+    return DatasetService.list_datasets_created_in_environment(environmentUri, filter)
 
 
 def list_datasets_owned_by_env_group(
@@ -672,10 +222,4 @@ def list_datasets_owned_by_env_group(
 ):
     if not filter:
         filter = {}
-    with context.engine.scoped_session() as session:
-        return DatasetService.paginated_environment_group_datasets(
-            session=session,
-            envUri=environmentUri,
-            groupUri=groupUri,
-            data=filter,
-        )
\ No newline at end of file
+    return DatasetService.list_datasets_owned_by_env_group(environmentUri, groupUri, filter)
diff --git a/backend/dataall/modules/datasets/services/dataset_service.py b/backend/dataall/modules/datasets/services/dataset_service.py
index e1c025e2d..ede241f95 100644
--- a/backend/dataall/modules/datasets/services/dataset_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_service.py
@@ -1,5 +1,506 @@
+import json
+import logging
 
+from dataall.api.Objects.Stack import stack_helper
+from dataall.aws.handlers.quicksight import Quicksight
+from dataall.aws.handlers.service_handlers import Worker
+from dataall.aws.handlers.sts import SessionHelper
+from dataall.core.context import get_context
+from dataall.core.permission_checker import has_resource_permission
+from dataall.db.api import Vote
+from dataall.db.exceptions import AWSResourceNotFound, UnauthorizedOperation
+from dataall.db.models import Environment, Task
+from dataall.modules.dataset_sharing.api.schema import ShareObject
+from dataall.modules.datasets import DatasetIndexer, DatasetTableIndexer
+from dataall.modules.datasets.api.dataset.enums import DatasetRole
+from dataall.modules.datasets.aws.glue_dataset_client import DatasetCrawler
+from dataall.modules.datasets.aws.s3_dataset_client import S3DatasetClient
+from dataall.modules.datasets.db.dataset_location_repository import DatasetLocationRepository
+from dataall.modules.datasets.services.dataset_permissions import CREDENTIALS_DATASET, SYNC_DATASET, CRAWL_DATASET, \
+    SUMMARY_DATASET, DELETE_DATASET, SUBSCRIPTIONS_DATASET
+from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
+from dataall.modules.datasets_base.db.models import Dataset
+
+log = logging.getLogger(__name__)
 
 
 class DatasetService:
-    pass
\ No newline at end of file
+
+    @staticmethod
+    def check_dataset_account(environment):
+        if environment.dashboardsEnabled:
+            quicksight_subscription = Quicksight.check_quicksight_enterprise_subscription(
+                AwsAccountId=environment.AwsAccountId)
+            if quicksight_subscription:
+                group = Quicksight.create_quicksight_group(AwsAccountId=environment.AwsAccountId)
+                return True if group else False
+        return True
+
+    @staticmethod
+    def create_dataset(env_uri, data: dict):
+        context = get_context()
+        with context.db_engine.scoped_session() as session:
+            environment = Environment.get_environment_by_uri(session, env_uri)
+            DatasetService.check_dataset_account(environment=environment)
+
+            dataset = DatasetRepository.create_dataset(
+                session=session,
+                username=context.username,
+                groups=context.groups,
+                uri=env_uri,
+                data=data,
+                check_perm=True,
+            )
+
+            DatasetRepository.create_dataset_stack(session, dataset)
+
+            DatasetIndexer.upsert(
+                session=session, dataset_uri=dataset.datasetUri
+            )
+
+        DatasetService._deploy_dataset_stack(dataset)
+
+        dataset.userRoleForDataset = DatasetRole.Creator.value
+
+        return dataset
+
+    @staticmethod
+    def import_dataset(data):
+        context = get_context()
+        with context.db_engine.scoped_session() as session:
+            environment = Environment.get_environment_by_uri(session, data.get('environmentUri'))
+            DatasetService.check_dataset_account(environment=environment)
+
+            dataset = DatasetRepository.create_dataset(
+                session=session,
+                username=context.username,
+                groups=context.groups,
+                uri=data.get('environmentUri'),
+                data=data,
+                check_perm=True,
+            )
+            dataset.imported = True
+            dataset.importedS3Bucket = True if data['bucketName'] else False
+            dataset.importedGlueDatabase = True if data['glueDatabaseName'] else False
+            dataset.importedKmsKey = True if data['KmsKeyId'] else False
+            dataset.importedAdminRole = True if data['adminRoleName'] else False
+
+            DatasetRepository.create_dataset_stack(session, dataset)
+
+            DatasetIndexer.upsert(
+                session=session, dataset_uri=dataset.datasetUri
+            )
+
+        DatasetService._deploy_dataset_stack(dataset)
+
+        dataset.userRoleForDataset = DatasetRole.Creator.value
+
+        return dataset
+
+    @staticmethod
+    def get_dataset(uri):
+        context = get_context()
+        with context.db_engine.scoped_session() as session:
+            dataset = DatasetRepository.get_dataset(session, uri=uri)
+            if dataset.SamlAdminGroupName in context.groups:
+                dataset.userRoleForDataset = DatasetRole.Admin.value
+            return dataset
+
+    @staticmethod
+    def get_file_upload_presigned_url(uri: str, data: dict):
+        with get_context().db_engine.scoped_session() as session:
+            dataset = DatasetRepository.get_dataset_by_uri(session, uri)
+            return S3DatasetClient(dataset).get_file_upload_presigned_url(data)
+
+    @staticmethod
+    def list_datasets(data: dict):
+        context = get_context()
+        with context.db_engine.scoped_session() as session:
+            return DatasetRepository.paginated_user_datasets(
+                session, context.username, context.groups, uri=None, data=data
+            )
+
+    @staticmethod
+    def list_locations(dataset_uri, data: dict):
+        with get_context().db_engine.scoped_session() as session:
+            return DatasetLocationRepository.paginated_dataset_locations(
+                session=session,
+                uri=dataset_uri,
+                data=data,
+            )
+
+    @staticmethod
+    def list_tables(dataset_uri, data: dict):
+        context = get_context()
+        with context.db_engine.scoped_session() as session:
+            return DatasetRepository.paginated_dataset_tables(
+                session=session,
+                username=context.username,
+                groups=context.groups,
+                uri=dataset_uri,
+                data=data,
+            )
+
+    @staticmethod
+    def update_dataset(uri: str, data: dict):
+        with get_context().db_engine.scoped_session() as session:
+            dataset = DatasetRepository.get_dataset_by_uri(session, uri)
+            environment = Environment.get_environment_by_uri(session, dataset.environmentUri)
+            DatasetService.check_dataset_account(environment=environment)
+            updated_dataset = DatasetRepository.update_dataset(
+                session=session,
+                uri=uri,
+                data=data,
+            )
+            DatasetIndexer.upsert(session, dataset_uri=uri)
+
+        DatasetService._deploy_dataset_stack(updated_dataset)
+
+        return updated_dataset
+
+    @staticmethod
+    def get_dataset_statistics(dataset: Dataset):
+        with get_context().db_engine.scoped_session() as session:
+            count_tables = DatasetRepository.count_dataset_tables(session, dataset.datasetUri)
+            count_locations = DatasetLocationRepository.count_dataset_locations(
+                session, dataset.datasetUri
+            )
+            count_upvotes = Vote.count_upvotes(
+                session, None, None, dataset.datasetUri, {'targetType': 'dataset'}
+            )
+        return {
+            'tables': count_tables or 0,
+            'locations': count_locations or 0,
+            'upvotes': count_upvotes or 0,
+        }
+
+    @staticmethod
+    @has_resource_permission(CREDENTIALS_DATASET)
+    def get_dataset_etl_credentials(uri):
+        context = get_context()
+        with context.db_engine.scoped_session() as session:
+            task = Task(targetUri=uri, action='iam.dataset.user.credentials')
+            session.add(task)
+        response = Worker.process(
+            engine=context.db_engine, task_ids=[task.taskUri], save_response=False
+        )[0]
+        return json.dumps(response['response'])
+
+    @staticmethod
+    @has_resource_permission(CREDENTIALS_DATASET)
+    def get_dataset_assume_role_url(uri):
+        context = get_context()
+        with context.db_engine.scoped_session() as session:
+            dataset = DatasetRepository.get_dataset_by_uri(session, uri)
+            if dataset.SamlAdminGroupName not in context.groups:
+                share = ShareObject.get_share_by_dataset_attributes(
+                    session=session,
+                    dataset_uri=uri,
+                    dataset_owner=context.username
+                )
+                shared_environment = Environment.get_environment_by_uri(
+                    session=session,
+                    uri=share.environmentUri
+                )
+                env_group = Environment.get_environment_group(
+                    session=session,
+                    group_uri=share.principalId,
+                    environment_uri=share.environmentUri
+                )
+                role_arn = env_group.environmentIAMRoleArn
+                account_id = shared_environment.AwsAccountId
+            else:
+                role_arn = dataset.IAMDatasetAdminRoleArn
+                account_id = dataset.AwsAccountId
+
+        pivot_session = SessionHelper.remote_session(account_id)
+        aws_session = SessionHelper.get_session(
+            base_session=pivot_session, role_arn=role_arn
+        )
+        url = SessionHelper.get_console_access_url(
+            aws_session,
+            region=dataset.region,
+            bucket=dataset.S3BucketName,
+        )
+        return url
+
+    @staticmethod
+    @has_resource_permission(SYNC_DATASET)
+    def sync_tables(uri):
+        context = get_context()
+        with context.db_engine.scoped_session() as session:
+            dataset = DatasetRepository.get_dataset_by_uri(session, uri)
+
+            task = Task(
+                action='glue.dataset.database.tables',
+                targetUri=dataset.datasetUri,
+            )
+            session.add(task)
+        Worker.process(engine=context.db_engine, task_ids=[task.taskUri], save_response=False)
+        with context.db_engine.scoped_session() as session:
+            DatasetTableIndexer.upsert_all(
+                session=session, dataset_uri=dataset.datasetUri
+            )
+            DatasetTableIndexer.remove_all_deleted(session=session, dataset_uri=dataset.datasetUri)
+            return DatasetRepository.paginated_dataset_tables(
+                session=session,
+                username=context.username,
+                groups=context.groups,
+                uri=uri,
+                data={'page': 1, 'pageSize': 10},
+                check_perm=None,
+            )
+
+    @staticmethod
+    @has_resource_permission(CRAWL_DATASET)
+    def start_crawler(uri: str, data: dict = None):
+        engine = get_context().db_engine
+        with engine.scoped_session() as session:
+            dataset = DatasetRepository.get_dataset_by_uri(session, uri)
+
+            location = (
+                f's3://{dataset.S3BucketName}/{data.get("prefix")}'
+                if data.get('prefix')
+                else f's3://{dataset.S3BucketName}'
+            )
+
+            crawler = DatasetCrawler(dataset).get_crawler()
+            if not crawler:
+                raise AWSResourceNotFound(
+                    action=CRAWL_DATASET,
+                    message=f'Crawler {dataset.GlueCrawlerName} can not be found',
+                )
+
+            task = Task(
+                targetUri=uri,
+                action='glue.crawler.start',
+                payload={'location': location},
+            )
+            session.add(task)
+            session.commit()
+
+            Worker.queue(engine=engine, task_ids=[task.taskUri])
+
+            return {
+                'Name': dataset.GlueCrawlerName,
+                'AwsAccountId': dataset.AwsAccountId,
+                'region': dataset.region,
+                'status': crawler.get('LastCrawl', {}).get('Status', 'N/A'),
+            }
+
+    @staticmethod
+    def list_dataset_share_objects(dataset: Dataset, data: dict = None):
+        context = get_context()
+        with context.db_engine.scoped_session() as session:
+            return DatasetRepository.paginated_dataset_shares(
+                session=session,
+                username=context.username,
+                groups=context.groups,
+                uri=dataset.datasetUri,
+                data=data,
+                check_perm=True,
+            )
+
+    @staticmethod
+    @has_resource_permission(CREDENTIALS_DATASET)
+    def generate_dataset_access_token(uri):
+        with get_context().db_engine.scoped_session() as session:
+            dataset = DatasetRepository.get_dataset_by_uri(session, uri)
+
+        pivot_session = SessionHelper.remote_session(dataset.AwsAccountId)
+        aws_session = SessionHelper.get_session(
+            base_session=pivot_session, role_arn=dataset.IAMDatasetAdminRoleArn
+        )
+        c = aws_session.get_credentials()
+        credentials = {
+            'AccessKey': c.access_key,
+            'SessionKey': c.secret_key,
+            'sessionToken': c.token,
+        }
+
+        return json.dumps(credentials)
+
+    @staticmethod
+    def get_dataset_summary(uri: str):
+        # TODO THERE WAS NO PERMISSION CHECK!!!
+        with get_context().db_engine.scoped_session() as session:
+            dataset = DatasetRepository.get_dataset_by_uri(session, uri)
+            environment = Environment.get_environment_by_uri(
+                session, dataset.environmentUri
+            )
+
+            pivot_session = SessionHelper.remote_session(dataset.AwsAccountId)
+            env_admin_session = SessionHelper.get_session(
+                base_session=pivot_session,
+                role_arn=environment.EnvironmentDefaultIAMRoleArn,
+            )
+            s3 = env_admin_session.client('s3', region_name=dataset.region)
+
+            try:
+                s3.head_object(
+                    Bucket=environment.EnvironmentDefaultBucketName,
+                    Key=f'summary/{uri}/summary.md',
+                )
+                response = s3.get_object(
+                    Bucket=environment.EnvironmentDefaultBucketName,
+                    Key=f'summary/{uri}/summary.md',
+                )
+                content = str(response['Body'].read().decode('utf-8'))
+                return content
+            except Exception as e:
+                raise e
+
+    @staticmethod
+    @has_resource_permission(SUMMARY_DATASET)
+    def save_dataset_summary(uri: str, content: str):
+        context = get_context()
+        with context.db_engine.scoped_session() as session:
+            dataset = DatasetRepository.get_dataset_by_uri(session, uri)
+            environment = Environment.get_environment_by_uri(
+                session, dataset.environmentUri
+            )
+
+            pivot_session = SessionHelper.remote_session(dataset.AwsAccountId)
+            env_admin_session = SessionHelper.get_session(
+                base_session=pivot_session,
+                role_arn=environment.EnvironmentDefaultIAMRoleArn,
+            )
+            s3 = env_admin_session.client('s3', region_name=dataset.region)
+
+            s3.put_object(
+                Bucket=environment.EnvironmentDefaultBucketName,
+                Key=f'summary/{uri}/summary.md',
+                Body=content,
+            )
+        return True
+
+    @staticmethod
+    def get_dataset_stack(dataset: Dataset):
+        return stack_helper.get_stack_with_cfn_resources(
+            targetUri=dataset.datasetUri,
+            environmentUri=dataset.environmentUri,
+        )
+
+    @staticmethod
+    @has_resource_permission(CRAWL_DATASET)
+    def get_crawler(uri: str, name: str):
+        context = get_context()
+        with context.db_engine.scoped_session() as session:
+            dataset = DatasetRepository.get_dataset_by_uri(session, uri)
+
+        response = DatasetCrawler(dataset).get_crawler(crawler_name=name)
+        return {
+            'Name': name,
+            'AwsAccountId': dataset.AwsAccountId,
+            'region': dataset.region,
+            'status': response.get('LastCrawl', {}).get('Status', 'N/A'),
+        }
+
+    @staticmethod
+    @has_resource_permission(DELETE_DATASET)
+    def delete_dataset(uri: str, delete_from_aws: bool = False):
+        context = get_context()
+        with context.db_engine.scoped_session() as session:
+            dataset: Dataset = DatasetRepository.get_dataset_by_uri(session, uri)
+            env: Environment = Environment.get_environment_by_uri(
+                session, dataset.environmentUri
+            )
+            shares = DatasetRepository.list_dataset_shares_with_existing_shared_items(session, uri)
+            if shares:
+                raise UnauthorizedOperation(
+                    action=DELETE_DATASET,
+                    message=f'Dataset {dataset.name} is shared with other teams. '
+                            'Revoke all dataset shares before deletion.',
+                )
+            redshift_datasets = DatasetRepository.list_dataset_redshift_clusters(
+                session, uri
+            )
+            if redshift_datasets:
+                raise UnauthorizedOperation(
+                    action=DELETE_DATASET,
+                    message='Dataset is used by Redshift clusters. '
+                            'Remove clusters associations first.',
+                )
+
+            tables = [t.tableUri for t in DatasetRepository.get_dataset_tables(session, uri)]
+            for uri in tables:
+                DatasetIndexer.delete_doc(doc_id=uri)
+
+            folders = [f.locationUri for f in DatasetLocationRepository.get_dataset_folders(session, uri)]
+            for uri in folders:
+                DatasetIndexer.delete_doc(doc_id=uri)
+
+            DatasetIndexer.delete_doc(doc_id=uri)
+
+            DatasetService.delete_dataset(
+                session=session,
+                username=context.username,
+                groups=context.groups,
+                uri=uri,
+                data=None,
+                check_perm=True,
+            )
+
+        if delete_from_aws:
+            stack_helper.delete_stack(
+                target_uri=uri,
+                accountid=env.AwsAccountId,
+                cdk_role_arn=env.CDKRoleArn,
+                region=env.region,
+            )
+            stack_helper.deploy_stack(dataset.environmentUri)
+        return True
+
+    @staticmethod
+    @has_resource_permission(SUBSCRIPTIONS_DATASET)
+    def publish_dataset_update(uri: str, s3_prefix: str):
+        engine = get_context().db_engine
+        with engine.scoped_session() as session:
+            dataset = DatasetRepository.get_dataset_by_uri(session, uri)
+            env = Environment.get_environment_by_uri(session, dataset.environmentUri)
+            if not env.subscriptionsEnabled or not env.subscriptionsProducersTopicName:
+                raise Exception(
+                    'Subscriptions are disabled. '
+                    "First enable subscriptions for this dataset's environment then retry."
+                )
+
+            task = Task(
+                targetUri=uri,
+                action='sns.dataset.publish_update',
+                payload={'s3Prefix': s3_prefix},
+            )
+            session.add(task)
+
+        response = Worker.process(
+            engine=engine, task_ids=[task.taskUri], save_response=False
+        )[0]
+        log.info(f'Dataset update publish response: {response}')
+        return True
+
+    @staticmethod
+    def _deploy_dataset_stack(dataset: Dataset):
+        """
+        Each dataset stack deployment triggers environment stack update
+        to rebuild teams IAM roles data access policies
+        """
+        stack_helper.deploy_stack(dataset.datasetUri)
+        stack_helper.deploy_stack(dataset.environmentUri)
+
+    @staticmethod
+    def list_datasets_created_in_environment(env_uri: str, data: dict):
+        with get_context().db_engine.scoped_session() as session:
+            return DatasetRepository.paginated_environment_datasets(
+                session=session,
+                uri=env_uri,
+                data=data,
+            )
+
+    @staticmethod
+    def list_datasets_owned_by_env_group(env_uri: str, group_uri: str, data: dict):
+        with get_context().db_engine.scoped_session() as session:
+            return DatasetRepository.paginated_environment_group_datasets(
+                session=session,
+                envUri=env_uri,
+                groupUri=group_uri,
+                data=data,
+            )

From 7ba235d136ca7ba476cea74f656aa0bbfd8be25e Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 11 May 2023 15:38:52 +0200
Subject: [PATCH 168/346] Introduced S3DatasetClient and small fixes

---
 .../modules/datasets/api/dataset/resolvers.py |  4 +-
 .../datasets/aws/glue_dataset_client.py       |  5 ++-
 .../modules/datasets/aws/s3_dataset_client.py | 34 ++++++++++++++
 .../datasets/handlers/glue_dataset_handler.py |  4 +-
 .../datasets/handlers/sns_dataset_handler.py  |  8 +---
 .../datasets/services/dataset_service.py      | 44 +++++++++----------
 .../services/dataset_table_service.py         | 10 ++---
 7 files changed, 70 insertions(+), 39 deletions(-)
 create mode 100644 backend/dataall/modules/datasets/aws/s3_dataset_client.py

diff --git a/backend/dataall/modules/datasets/api/dataset/resolvers.py b/backend/dataall/modules/datasets/api/dataset/resolvers.py
index 8fb021c98..2453ebe7c 100644
--- a/backend/dataall/modules/datasets/api/dataset/resolvers.py
+++ b/backend/dataall/modules/datasets/api/dataset/resolvers.py
@@ -28,7 +28,7 @@ def import_dataset(context: Context, source, input=None):
     if not input.get('SamlAdminGroupName'):
         raise exceptions.RequiredParameter('group')
 
-    return DatasetService.import_dataset(data=input)
+    return DatasetService.import_dataset(uri=input['environmentUri'], data=input)
 
 
 def get_dataset(context, source, datasetUri=None):
@@ -214,7 +214,7 @@ def list_datasets_created_in_environment(
 ):
     if not filter:
         filter = {}
-    return DatasetService.list_datasets_created_in_environment(environmentUri, filter)
+    return DatasetService.list_datasets_created_in_environment(uri=environmentUri, data=filter)
 
 
 def list_datasets_owned_by_env_group(
diff --git a/backend/dataall/modules/datasets/aws/glue_dataset_client.py b/backend/dataall/modules/datasets/aws/glue_dataset_client.py
index f52b35f92..310acd2b6 100644
--- a/backend/dataall/modules/datasets/aws/glue_dataset_client.py
+++ b/backend/dataall/modules/datasets/aws/glue_dataset_client.py
@@ -14,9 +14,10 @@ def __init__(self, dataset: Dataset):
         self._client = session.client('glue', region_name=region)
         self._dataset = dataset
 
-    def get_crawler(self):
+    def get_crawler(self, crawler_name=None):
         crawler = None
-        crawler_name = self._dataset.GlueCrawlerName
+        if not crawler_name:
+            crawler_name = self._dataset.GlueCrawlerName
 
         try:
             crawler = self._client.get_crawler(Name=crawler_name)
diff --git a/backend/dataall/modules/datasets/aws/s3_dataset_client.py b/backend/dataall/modules/datasets/aws/s3_dataset_client.py
new file mode 100644
index 000000000..d6a92ab39
--- /dev/null
+++ b/backend/dataall/modules/datasets/aws/s3_dataset_client.py
@@ -0,0 +1,34 @@
+import json
+
+from botocore.config import Config
+from botocore.exceptions import ClientError
+
+from dataall.aws.handlers.sts import SessionHelper
+from dataall.modules.datasets_base.db.models import Dataset
+
+
+class S3DatasetClient:
+
+    def __init__(self, dataset: Dataset):
+        self._client = SessionHelper.remote_session(dataset.AwsAccountId).client(
+            's3',
+            region_name=dataset.region,
+            config=Config(signature_version='s3v4', s3={'addressing_style': 'virtual'}),
+        )
+        self._dataset = dataset
+
+    def get_file_upload_presigned_url(self, data):
+        dataset = self._dataset
+        try:
+            self._client.get_bucket_acl(
+                Bucket=dataset.S3BucketName, ExpectedBucketOwner=dataset.AwsAccountId
+            )
+            response = self._client.generate_presigned_post(
+                Bucket=dataset.S3BucketName,
+                Key=data.get('prefix', 'uploads') + '/' + data.get('fileName'),
+                ExpiresIn=15 * 60,
+            )
+
+            return json.dumps(response)
+        except ClientError as e:
+            raise e
diff --git a/backend/dataall/modules/datasets/handlers/glue_dataset_handler.py b/backend/dataall/modules/datasets/handlers/glue_dataset_handler.py
index d066f59f4..44192a3d1 100644
--- a/backend/dataall/modules/datasets/handlers/glue_dataset_handler.py
+++ b/backend/dataall/modules/datasets/handlers/glue_dataset_handler.py
@@ -3,8 +3,8 @@
 from dataall.aws.handlers.service_handlers import Worker
 from dataall.db import models
 from dataall.modules.datasets.aws.glue_dataset_client import DatasetCrawler
+from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base.db.models import Dataset
-from dataall.modules.datasets.db.dataset_service import DatasetService
 
 log = logging.getLogger(__name__)
 
@@ -15,7 +15,7 @@ class DatasetCrawlerHandler:
     @Worker.handler(path='glue.crawler.start')
     def start_crawler(engine, task: models.Task):
         with engine.scoped_session() as session:
-            dataset: Dataset = DatasetService.get_dataset_by_uri(
+            dataset: Dataset = DatasetRepository.get_dataset_by_uri(
                 session, task.targetUri
             )
             location = task.payload.get('location')
diff --git a/backend/dataall/modules/datasets/handlers/sns_dataset_handler.py b/backend/dataall/modules/datasets/handlers/sns_dataset_handler.py
index 14e11cc98..f2c3b8dd5 100644
--- a/backend/dataall/modules/datasets/handlers/sns_dataset_handler.py
+++ b/backend/dataall/modules/datasets/handlers/sns_dataset_handler.py
@@ -1,14 +1,10 @@
-import json
 import logging
 
-from botocore.exceptions import ClientError
-
 from dataall.aws.handlers.service_handlers import Worker
 from dataall.db import models
-from dataall.modules.datasets.db.dataset_service import DatasetService
 from dataall.db.api import Environment
 from dataall.modules.datasets.aws.sns_dataset_client import SnsDatasetClient
-from dataall.modules.datasets.db.dataset_service import DatasetService
+from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 
 logger = logging.getLogger(__name__)
 
@@ -21,7 +17,7 @@ def __init__(self):
     @Worker.handler(path='sns.dataset.publish_update')
     def publish_update(engine, task: models.Task):
         with engine.scoped_session() as session:
-            dataset = DatasetService.get_dataset_by_uri(session, task.targetUri)
+            dataset = DatasetRepository.get_dataset_by_uri(session, task.targetUri)
             environment = Environment.get_environment_by_uri(session, dataset.environmentUri)
 
             message = {
diff --git a/backend/dataall/modules/datasets/services/dataset_service.py b/backend/dataall/modules/datasets/services/dataset_service.py
index ede241f95..6b5e99bf1 100644
--- a/backend/dataall/modules/datasets/services/dataset_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_service.py
@@ -6,7 +6,7 @@
 from dataall.aws.handlers.service_handlers import Worker
 from dataall.aws.handlers.sts import SessionHelper
 from dataall.core.context import get_context
-from dataall.core.permission_checker import has_resource_permission
+from dataall.core.permission_checker import has_resource_permission, has_tenant_permission
 from dataall.db.api import Vote
 from dataall.db.exceptions import AWSResourceNotFound, UnauthorizedOperation
 from dataall.db.models import Environment, Task
@@ -17,7 +17,8 @@
 from dataall.modules.datasets.aws.s3_dataset_client import S3DatasetClient
 from dataall.modules.datasets.db.dataset_location_repository import DatasetLocationRepository
 from dataall.modules.datasets.services.dataset_permissions import CREDENTIALS_DATASET, SYNC_DATASET, CRAWL_DATASET, \
-    SUMMARY_DATASET, DELETE_DATASET, SUBSCRIPTIONS_DATASET
+    SUMMARY_DATASET, DELETE_DATASET, SUBSCRIPTIONS_DATASET, MANAGE_DATASETS, UPDATE_DATASET, LIST_ENVIRONMENT_DATASETS, \
+    CREATE_DATASET
 from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base.db.models import Dataset
 
@@ -37,17 +38,19 @@ def check_dataset_account(environment):
         return True
 
     @staticmethod
-    def create_dataset(env_uri, data: dict):
+    @has_tenant_permission(MANAGE_DATASETS)
+    @has_resource_permission(CREATE_DATASET)
+    def create_dataset(uri, data: dict):
         context = get_context()
         with context.db_engine.scoped_session() as session:
-            environment = Environment.get_environment_by_uri(session, env_uri)
+            environment = Environment.get_environment_by_uri(session, uri)
             DatasetService.check_dataset_account(environment=environment)
 
             dataset = DatasetRepository.create_dataset(
                 session=session,
                 username=context.username,
                 groups=context.groups,
-                uri=env_uri,
+                uri=uri,
                 data=data,
                 check_perm=True,
             )
@@ -65,17 +68,19 @@ def create_dataset(env_uri, data: dict):
         return dataset
 
     @staticmethod
-    def import_dataset(data):
+    @has_tenant_permission(MANAGE_DATASETS)
+    @has_resource_permission(CREATE_DATASET)
+    def import_dataset(uri, data):
         context = get_context()
         with context.db_engine.scoped_session() as session:
-            environment = Environment.get_environment_by_uri(session, data.get('environmentUri'))
+            environment = Environment.get_environment_by_uri(session, uri)
             DatasetService.check_dataset_account(environment=environment)
 
             dataset = DatasetRepository.create_dataset(
                 session=session,
                 username=context.username,
                 groups=context.groups,
-                uri=data.get('environmentUri'),
+                uri=uri,
                 data=data,
                 check_perm=True,
             )
@@ -98,6 +103,7 @@ def import_dataset(data):
         return dataset
 
     @staticmethod
+    @has_tenant_permission(MANAGE_DATASETS)
     def get_dataset(uri):
         context = get_context()
         with context.db_engine.scoped_session() as session:
@@ -117,7 +123,7 @@ def list_datasets(data: dict):
         context = get_context()
         with context.db_engine.scoped_session() as session:
             return DatasetRepository.paginated_user_datasets(
-                session, context.username, context.groups, uri=None, data=data
+                session, context.username, context.groups, data=data
             )
 
     @staticmethod
@@ -135,13 +141,13 @@ def list_tables(dataset_uri, data: dict):
         with context.db_engine.scoped_session() as session:
             return DatasetRepository.paginated_dataset_tables(
                 session=session,
-                username=context.username,
-                groups=context.groups,
                 uri=dataset_uri,
                 data=data,
             )
 
     @staticmethod
+    @has_tenant_permission(MANAGE_DATASETS)
+    @has_resource_permission(UPDATE_DATASET)
     def update_dataset(uri: str, data: dict):
         with get_context().db_engine.scoped_session() as session:
             dataset = DatasetRepository.get_dataset_by_uri(session, uri)
@@ -244,11 +250,8 @@ def sync_tables(uri):
             DatasetTableIndexer.remove_all_deleted(session=session, dataset_uri=dataset.datasetUri)
             return DatasetRepository.paginated_dataset_tables(
                 session=session,
-                username=context.username,
-                groups=context.groups,
                 uri=uri,
                 data={'page': 1, 'pageSize': 10},
-                check_perm=None,
             )
 
     @staticmethod
@@ -290,15 +293,11 @@ def start_crawler(uri: str, data: dict = None):
 
     @staticmethod
     def list_dataset_share_objects(dataset: Dataset, data: dict = None):
-        context = get_context()
-        with context.db_engine.scoped_session() as session:
+        with get_context().db_engine.scoped_session() as session:
             return DatasetRepository.paginated_dataset_shares(
                 session=session,
-                username=context.username,
-                groups=context.groups,
                 uri=dataset.datasetUri,
-                data=data,
-                check_perm=True,
+                data=data
             )
 
     @staticmethod
@@ -487,11 +486,12 @@ def _deploy_dataset_stack(dataset: Dataset):
         stack_helper.deploy_stack(dataset.environmentUri)
 
     @staticmethod
-    def list_datasets_created_in_environment(env_uri: str, data: dict):
+    @has_resource_permission(LIST_ENVIRONMENT_DATASETS)
+    def list_datasets_created_in_environment(uri: str, data: dict):
         with get_context().db_engine.scoped_session() as session:
             return DatasetRepository.paginated_environment_datasets(
                 session=session,
-                uri=env_uri,
+                uri=uri,
                 data=data,
             )
 
diff --git a/backend/dataall/modules/datasets/services/dataset_table_service.py b/backend/dataall/modules/datasets/services/dataset_table_service.py
index 28c6755d3..29401278e 100644
--- a/backend/dataall/modules/datasets/services/dataset_table_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_table_service.py
@@ -10,11 +10,11 @@
 from dataall.modules.dataset_sharing.db.share_object_repository import ShareObjectRepository
 from dataall.modules.datasets import DatasetTableIndexer
 from dataall.modules.datasets.aws.athena_table_client import AthenaTableClient
-from dataall.modules.datasets.db.dataset_service import DatasetService
 from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
 from dataall.modules.datasets.db.enums import ConfidentialityClassification
 from dataall.modules.datasets.services.dataset_permissions import UPDATE_DATASET_TABLE, MANAGE_DATASETS, \
     DELETE_DATASET_TABLE, CREATE_DATASET_TABLE
+from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 from dataall.modules.datasets_base.services.permissions import PREVIEW_DATASET_TABLE, DATASET_TABLE_READ
 from dataall.utils import json_utils
@@ -33,7 +33,7 @@ def _get_dataset_uri(session, table_uri):
     @has_resource_permission(CREATE_DATASET_TABLE)
     def create_table(uri: str, table_data: dict):
         with get_context().db_engine.scoped_session() as session:
-            dataset = DatasetService.get_dataset_by_uri(session, uri)
+            dataset = DatasetRepository.get_dataset_by_uri(session, uri)
             glue_table = table_data['name']
             exists = DatasetTableRepository.exists(session, dataset_uri=uri, glue_table_name=glue_table)
 
@@ -114,7 +114,7 @@ def preview(table_uri: str):
             table: DatasetTable = DatasetTableRepository.get_dataset_table_by_uri(
                 session, table_uri
             )
-            dataset = DatasetService.get_dataset_by_uri(session, table.datasetUri)
+            dataset = DatasetRepository.get_dataset_by_uri(session, table.datasetUri)
             if (
                     dataset.confidentiality != ConfidentialityClassification.Unclassified.value
             ):
@@ -141,7 +141,7 @@ def publish_table_update(uri: str):
         context = get_context()
         with context.db_engine.scoped_session() as session:
             table: DatasetTable = DatasetTableRepository.get_dataset_table_by_uri(session, uri)
-            dataset = DatasetService.get_dataset_by_uri(session, table.datasetUri)
+            dataset = DatasetRepository.get_dataset_by_uri(session, table.datasetUri)
             env = Environment.get_environment_by_uri(session, dataset.environmentUri)
             if not env.subscriptionsEnabled or not env.subscriptionsProducersTopicName:
                 raise Exception(
@@ -172,7 +172,7 @@ def list_shared_tables_by_env_dataset(dataset_uri: str, env_uri: str):
 
     @staticmethod
     def sync_existing_tables(session, dataset_uri, glue_tables=None):
-        dataset: Dataset = DatasetService.get_dataset_by_uri(session, dataset_uri)
+        dataset: Dataset = DatasetRepository.get_dataset_by_uri(session, dataset_uri)
         if dataset:
             existing_tables = DatasetTableRepository.find_dataset_tables(session, dataset_uri)
             existing_table_names = [e.GlueTableName for e in existing_tables]

From 5e65e41be20243fa2e9a41715afddc86fbd00810 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 11 May 2023 16:10:56 +0200
Subject: [PATCH 169/346] Extracting logic from repos

---
 .../modules/datasets/cdk/dataset_s3_policy.py |   4 +-
 .../services/dataset_location_service.py      |   3 +-
 .../datasets/services/dataset_service.py      | 116 ++++++++------
 .../datasets_base/db/dataset_repository.py    | 148 ++----------------
 backend/dataall/tasks/catalog_indexer.py      |   4 +-
 ...215e_backfill_dataset_table_permissions.py |   4 +-
 6 files changed, 95 insertions(+), 184 deletions(-)

diff --git a/backend/dataall/modules/datasets/cdk/dataset_s3_policy.py b/backend/dataall/modules/datasets/cdk/dataset_s3_policy.py
index 8b7d55453..404b43db0 100644
--- a/backend/dataall/modules/datasets/cdk/dataset_s3_policy.py
+++ b/backend/dataall/modules/datasets/cdk/dataset_s3_policy.py
@@ -2,14 +2,14 @@
 from aws_cdk import aws_iam as iam
 
 from dataall.cdkproxy.stacks.policies.data_policy import S3Policy
+from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base.db.models import Dataset
-from dataall.modules.datasets.db.dataset_service import DatasetService
 
 
 class DatasetS3Policy(S3Policy):
 
     def get_statements(self, session):
-        datasets = DatasetService.list_group_datasets(
+        datasets = DatasetRepository.list_group_datasets(
             session,
             environment_id=self.environment.environmentUri,
             group_uri=self.team.groupUri,
diff --git a/backend/dataall/modules/datasets/services/dataset_location_service.py b/backend/dataall/modules/datasets/services/dataset_location_service.py
index bf277987c..144f59ddf 100644
--- a/backend/dataall/modules/datasets/services/dataset_location_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_location_service.py
@@ -8,7 +8,6 @@
 from dataall.modules.datasets import DatasetLocationIndexer
 from dataall.modules.datasets.aws.s3_location_client import S3LocationClient
 from dataall.modules.datasets.db.dataset_location_repository import DatasetLocationRepository
-from dataall.modules.datasets.db.dataset_service import DatasetService
 from dataall.modules.datasets.services.dataset_permissions import UPDATE_DATASET_FOLDER, MANAGE_DATASETS, \
     CREATE_DATASET_FOLDER, LIST_DATASET_FOLDERS, DELETE_DATASET_FOLDER
 from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
@@ -105,7 +104,7 @@ def publish_location_update(uri: str):
         context = get_context()
         with context.db_engine.scoped_session() as session:
             location = DatasetLocationRepository.get_location_by_uri(session, uri)
-            dataset = DatasetService.get_dataset_by_uri(session, location.datasetUri)
+            dataset = DatasetRepository.get_dataset_by_uri(session, location.datasetUri)
             env = Environment.get_environment_by_uri(session, dataset.environmentUri)
             if not env.subscriptionsEnabled or not env.subscriptionsProducersTopicName:
                 raise Exception(
diff --git a/backend/dataall/modules/datasets/services/dataset_service.py b/backend/dataall/modules/datasets/services/dataset_service.py
index 6b5e99bf1..9e5a35bdf 100644
--- a/backend/dataall/modules/datasets/services/dataset_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_service.py
@@ -6,19 +6,20 @@
 from dataall.aws.handlers.service_handlers import Worker
 from dataall.aws.handlers.sts import SessionHelper
 from dataall.core.context import get_context
-from dataall.core.permission_checker import has_resource_permission, has_tenant_permission
-from dataall.db.api import Vote
+from dataall.core.permission_checker import has_resource_permission, has_tenant_permission, has_group_permission
+from dataall.db.api import Vote, ResourcePolicy, KeyValueTag, Stack
 from dataall.db.exceptions import AWSResourceNotFound, UnauthorizedOperation
 from dataall.db.models import Environment, Task
-from dataall.modules.dataset_sharing.api.schema import ShareObject
+from dataall.modules.dataset_sharing.db.share_object_repository import ShareObjectRepository
 from dataall.modules.datasets import DatasetIndexer, DatasetTableIndexer
 from dataall.modules.datasets.api.dataset.enums import DatasetRole
 from dataall.modules.datasets.aws.glue_dataset_client import DatasetCrawler
 from dataall.modules.datasets.aws.s3_dataset_client import S3DatasetClient
 from dataall.modules.datasets.db.dataset_location_repository import DatasetLocationRepository
+from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
 from dataall.modules.datasets.services.dataset_permissions import CREDENTIALS_DATASET, SYNC_DATASET, CRAWL_DATASET, \
     SUMMARY_DATASET, DELETE_DATASET, SUBSCRIPTIONS_DATASET, MANAGE_DATASETS, UPDATE_DATASET, LIST_ENVIRONMENT_DATASETS, \
-    CREATE_DATASET
+    CREATE_DATASET, DATASET_ALL, DATASET_READ
 from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base.db.models import Dataset
 
@@ -40,6 +41,7 @@ def check_dataset_account(environment):
     @staticmethod
     @has_tenant_permission(MANAGE_DATASETS)
     @has_resource_permission(CREATE_DATASET)
+    @has_group_permission(CREATE_DATASET)
     def create_dataset(uri, data: dict):
         context = get_context()
         with context.db_engine.scoped_session() as session:
@@ -55,42 +57,31 @@ def create_dataset(uri, data: dict):
                 check_perm=True,
             )
 
-            DatasetRepository.create_dataset_stack(session, dataset)
-
-            DatasetIndexer.upsert(
-                session=session, dataset_uri=dataset.datasetUri
-            )
-
-        DatasetService._deploy_dataset_stack(dataset)
-
-        dataset.userRoleForDataset = DatasetRole.Creator.value
-
-        return dataset
-
-    @staticmethod
-    @has_tenant_permission(MANAGE_DATASETS)
-    @has_resource_permission(CREATE_DATASET)
-    def import_dataset(uri, data):
-        context = get_context()
-        with context.db_engine.scoped_session() as session:
-            environment = Environment.get_environment_by_uri(session, uri)
-            DatasetService.check_dataset_account(environment=environment)
-
-            dataset = DatasetRepository.create_dataset(
+            ResourcePolicy.attach_resource_policy(
                 session=session,
-                username=context.username,
-                groups=context.groups,
-                uri=uri,
-                data=data,
-                check_perm=True,
+                group=data['SamlAdminGroupName'],
+                permissions=DATASET_ALL,
+                resource_uri=dataset.datasetUri,
+                resource_type=Dataset.__name__,
             )
-            dataset.imported = True
-            dataset.importedS3Bucket = True if data['bucketName'] else False
-            dataset.importedGlueDatabase = True if data['glueDatabaseName'] else False
-            dataset.importedKmsKey = True if data['KmsKeyId'] else False
-            dataset.importedAdminRole = True if data['adminRoleName'] else False
+            if dataset.stewards and dataset.stewards != dataset.SamlAdminGroupName:
+                ResourcePolicy.attach_resource_policy(
+                    session=session,
+                    group=dataset.stewards,
+                    permissions=DATASET_READ,
+                    resource_uri=dataset.datasetUri,
+                    resource_type=Dataset.__name__,
+                )
+            if environment.SamlGroupName != dataset.SamlAdminGroupName:
+                ResourcePolicy.attach_resource_policy(
+                    session=session,
+                    group=environment.SamlGroupName,
+                    permissions=DATASET_ALL,
+                    resource_uri=dataset.datasetUri,
+                    resource_type=Dataset.__name__,
+                )
 
-            DatasetRepository.create_dataset_stack(session, dataset)
+            DatasetService._create_dataset_stack(session, dataset)
 
             DatasetIndexer.upsert(
                 session=session, dataset_uri=dataset.datasetUri
@@ -102,6 +93,11 @@ def import_dataset(uri, data):
 
         return dataset
 
+    @staticmethod
+    def import_dataset(uri, data):
+        data['imported'] = True
+        return DatasetService.create_dataset(uri=uri, data=data)
+
     @staticmethod
     @has_tenant_permission(MANAGE_DATASETS)
     def get_dataset(uri):
@@ -199,7 +195,7 @@ def get_dataset_assume_role_url(uri):
         with context.db_engine.scoped_session() as session:
             dataset = DatasetRepository.get_dataset_by_uri(session, uri)
             if dataset.SamlAdminGroupName not in context.groups:
-                share = ShareObject.get_share_by_dataset_attributes(
+                share = ShareObjectRepository.get_share_by_dataset_attributes(
                     session=session,
                     dataset_uri=uri,
                     dataset_owner=context.username
@@ -431,14 +427,28 @@ def delete_dataset(uri: str, delete_from_aws: bool = False):
 
             DatasetIndexer.delete_doc(doc_id=uri)
 
-            DatasetService.delete_dataset(
-                session=session,
-                username=context.username,
-                groups=context.groups,
-                uri=uri,
-                data=None,
-                check_perm=True,
+            dataset = DatasetRepository.get_dataset_by_uri(session, uri)
+            ShareObjectRepository.delete_shares_with_no_shared_items(session, uri)
+            DatasetRepository.delete_dataset_term_links(session, uri)
+            DatasetTableRepository.delete_dataset_tables(session, dataset.datasetUri)
+            DatasetLocationRepository.delete_dataset_locations(session, dataset.datasetUri)
+            KeyValueTag.delete_key_value_tags(session, dataset.datasetUri, 'dataset')
+            Vote.delete_votes(session, dataset.datasetUri, 'dataset')
+
+            ResourcePolicy.delete_resource_policy(
+                session=session, resource_uri=uri, group=dataset.SamlAdminGroupName
             )
+            env = Environment.get_environment_by_uri(session, dataset.environmentUri)
+            if dataset.SamlAdminGroupName != env.SamlGroupName:
+                ResourcePolicy.delete_resource_policy(
+                    session=session, resource_uri=uri, group=env.SamlGroupName
+                )
+            if dataset.stewards:
+                ResourcePolicy.delete_resource_policy(
+                    session=session, resource_uri=uri, group=dataset.stewards
+                )
+
+            DatasetRepository.delete_dataset(session, dataset)
 
         if delete_from_aws:
             stack_helper.delete_stack(
@@ -485,6 +495,22 @@ def _deploy_dataset_stack(dataset: Dataset):
         stack_helper.deploy_stack(dataset.datasetUri)
         stack_helper.deploy_stack(dataset.environmentUri)
 
+    @staticmethod
+    def _create_dataset_stack(session, dataset: Dataset) -> Stack:
+        return Stack.create_stack(
+            session=session,
+            environment_uri=dataset.environmentUri,
+            target_uri=dataset.datasetUri,
+            target_label=dataset.label,
+            target_type='dataset',
+            payload={
+                'bucket_name': dataset.S3BucketName,
+                'database_name': dataset.GlueDatabaseName,
+                'role_name': dataset.S3BucketName,
+                'user_name': dataset.S3BucketName,
+            },
+        )
+
     @staticmethod
     @has_resource_permission(LIST_ENVIRONMENT_DATASETS)
     def list_datasets_created_in_environment(uri: str, data: dict):
diff --git a/backend/dataall/modules/datasets_base/db/dataset_repository.py b/backend/dataall/modules/datasets_base/db/dataset_repository.py
index 8b8369854..f20465c68 100644
--- a/backend/dataall/modules/datasets_base/db/dataset_repository.py
+++ b/backend/dataall/modules/datasets_base/db/dataset_repository.py
@@ -1,31 +1,23 @@
 import logging
-from datetime import datetime
 
 from sqlalchemy import and_, or_
 from sqlalchemy.orm import Query
 
 from dataall.core.context import get_context
-from dataall.core.permission_checker import has_tenant_permission, has_resource_permission
 from dataall.db.api import (
     Environment,
     ResourcePolicy,
-    KeyValueTag,
-    Vote,
-    Stack,
-    has_tenant_perm,
-    has_resource_perm,
 )
 from dataall.db.api import Organization
 from dataall.db import models, exceptions, paginate, permissions
+from dataall.db.exceptions import ObjectNotFound
 from dataall.db.models.Enums import Language
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
 from dataall.modules.dataset_sharing.db.share_object_repository import ShareItemSM
 from dataall.modules.datasets.db.enums import ConfidentialityClassification
 from dataall.core.group.services.group_resource_manager import GroupResource
 from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
-from dataall.modules.datasets.db.dataset_location_repository import DatasetLocationRepository
-from dataall.modules.datasets.services.dataset_permissions import MANAGE_DATASETS, UPDATE_DATASET, DATASET_READ, DATASET_ALL, \
-    LIST_ENVIRONMENT_DATASETS, CREATE_DATASET
+from dataall.modules.datasets.services.dataset_permissions import DATASET_READ, DATASET_ALL
 from dataall.modules.datasets_base.services.permissions import DATASET_TABLE_READ
 from dataall.utils.naming_convention import (
     NamingConventionService,
@@ -42,7 +34,7 @@ class DatasetRepository(GroupResource):
     def get_dataset_by_uri(session, dataset_uri) -> Dataset:
         dataset: Dataset = session.query(Dataset).get(dataset_uri)
         if not dataset:
-            raise exceptions.ObjectNotFound('Dataset', dataset_uri)
+            raise ObjectNotFound('Dataset', dataset_uri)
         return dataset
 
     def count_resources(self, session, environment_uri, group_uri) -> int:
@@ -57,8 +49,6 @@ def count_resources(self, session, environment_uri, group_uri) -> int:
         )
 
     @staticmethod
-    @has_tenant_perm(MANAGE_DATASETS)
-    @has_resource_perm(CREATE_DATASET)
     def create_dataset(
         session,
         username: str,
@@ -80,15 +70,6 @@ def create_dataset(
                 'Dataset name', data['label'], 'less than 52 characters'
             )
 
-        Environment.check_group_environment_permission(
-            session=session,
-            username=username,
-            groups=groups,
-            uri=uri,
-            group=data['SamlAdminGroupName'],
-            permission_name=CREATE_DATASET,
-        )
-
         environment = Environment.get_environment_by_uri(session, uri)
 
         organization = Organization.get_organization_by_uri(
@@ -125,6 +106,7 @@ def create_dataset(
         session.commit()
 
         DatasetRepository._set_dataset_aws_resources(dataset, data, environment)
+        DatasetRepository._set_import_data(dataset, data)
 
         activity = models.Activity(
             action='dataset:create',
@@ -135,30 +117,6 @@ def create_dataset(
             targetType='dataset',
         )
         session.add(activity)
-
-        ResourcePolicy.attach_resource_policy(
-            session=session,
-            group=data['SamlAdminGroupName'],
-            permissions=DATASET_ALL,
-            resource_uri=dataset.datasetUri,
-            resource_type=Dataset.__name__,
-        )
-        if dataset.stewards and dataset.stewards != dataset.SamlAdminGroupName:
-            ResourcePolicy.attach_resource_policy(
-                session=session,
-                group=dataset.stewards,
-                permissions=DATASET_READ,
-                resource_uri=dataset.datasetUri,
-                resource_type=Dataset.__name__,
-            )
-        if environment.SamlGroupName != dataset.SamlAdminGroupName:
-            ResourcePolicy.attach_resource_policy(
-                session=session,
-                group=environment.SamlGroupName,
-                permissions=DATASET_ALL,
-                resource_uri=dataset.datasetUri,
-                resource_type=Dataset.__name__,
-            )
         return dataset
 
     @staticmethod
@@ -211,23 +169,6 @@ def _set_dataset_aws_resources(dataset: Dataset, data, environment):
         return dataset
 
     @staticmethod
-    def create_dataset_stack(session, dataset: Dataset) -> models.Stack:
-        return Stack.create_stack(
-            session=session,
-            environment_uri=dataset.environmentUri,
-            target_uri=dataset.datasetUri,
-            target_label=dataset.label,
-            target_type='dataset',
-            payload={
-                'bucket_name': dataset.S3BucketName,
-                'database_name': dataset.GlueDatabaseName,
-                'role_name': dataset.S3BucketName,
-                'user_name': dataset.S3BucketName,
-            },
-        )
-
-    @staticmethod
-    @has_tenant_permission(MANAGE_DATASETS)
     def get_dataset(session, uri: str) -> Dataset:
         return DatasetRepository.get_dataset_by_uri(session, uri)
 
@@ -271,7 +212,7 @@ def query_user_datasets(session, username, groups, filter) -> Query:
 
     @staticmethod
     def paginated_user_datasets(
-        session, username, groups, uri, data=None, check_perm=None
+        session, username, groups, data=None
     ) -> dict:
         return paginate(
             query=DatasetRepository.query_user_datasets(session, username, groups, data),
@@ -280,9 +221,7 @@ def paginated_user_datasets(
         ).to_dict()
 
     @staticmethod
-    def paginated_dataset_tables(
-        session, username, groups, uri, data=None, check_perm=None
-    ) -> dict:
+    def paginated_dataset_tables(session, uri, data=None) -> dict:
         query = (
             session.query(DatasetTable)
             .filter(
@@ -309,8 +248,6 @@ def paginated_dataset_tables(
         ).to_dict()
 
     @staticmethod
-    @has_tenant_permission(MANAGE_DATASETS)
-    @has_resource_permission(UPDATE_DATASET)
     def update_dataset(session, uri, data=None) -> Dataset:
         username = get_context().username
         dataset: Dataset = DatasetRepository.get_dataset_by_uri(session, uri)
@@ -487,9 +424,7 @@ def query_dataset_shares(session, dataset_uri) -> Query:
         )
 
     @staticmethod
-    def paginated_dataset_shares(
-        session, username, groups, uri, data=None, check_perm=None
-    ) -> [ShareObject]:
+    def paginated_dataset_shares(session, uri, data=None) -> [ShareObject]:
         query = DatasetRepository.query_dataset_shares(session, uri)
         return paginate(
             query=query, page=data.get('page', 1), page_size=data.get('pageSize', 5)
@@ -524,53 +459,12 @@ def list_dataset_redshift_clusters(
         )
 
     @staticmethod
-    def delete_dataset(
-        session, username, groups, uri, data=None, check_perm=None
-    ) -> bool:
-        dataset = DatasetRepository.get_dataset_by_uri(session, uri)
-        DatasetRepository._delete_dataset_shares_with_no_shared_items(session, uri)
-        DatasetRepository._delete_dataset_term_links(session, uri)
-        DatasetRepository._delete_dataset_tables(session, dataset.datasetUri)
-        DatasetLocationRepository.delete_dataset_locations(session, dataset.datasetUri)
-        KeyValueTag.delete_key_value_tags(session, dataset.datasetUri, 'dataset')
-        Vote.delete_votes(session, dataset.datasetUri, 'dataset')
+    def delete_dataset(session, dataset) -> bool:
         session.delete(dataset)
-        ResourcePolicy.delete_resource_policy(
-            session=session, resource_uri=uri, group=dataset.SamlAdminGroupName
-        )
-        env = Environment.get_environment_by_uri(session, dataset.environmentUri)
-        if dataset.SamlAdminGroupName != env.SamlGroupName:
-            ResourcePolicy.delete_resource_policy(
-                session=session, resource_uri=uri, group=env.SamlGroupName
-            )
-        if dataset.stewards:
-            ResourcePolicy.delete_resource_policy(
-                session=session, resource_uri=uri, group=dataset.stewards
-            )
         return True
 
     @staticmethod
-    def _delete_dataset_shares_with_no_shared_items(session, dataset_uri):
-        share_objects = (
-            session.query(ShareObject)
-            .filter(
-                and_(
-                    ShareObject.datasetUri == dataset_uri,
-                    ShareObject.existingSharedItems.is_(False),
-                )
-            )
-            .all()
-        )
-        for share in share_objects:
-            (
-                session.query(ShareObjectItem)
-                .filter(ShareObjectItem.shareUri == share.shareUri)
-                .delete()
-            )
-            session.delete(share)
-
-    @staticmethod
-    def _delete_dataset_term_links(session, uri):
+    def delete_dataset_term_links(session, uri):
         tables = [t.tableUri for t in DatasetRepository.get_dataset_tables(session, uri)]
         for tableUri in tables:
             term_links = (
@@ -599,21 +493,6 @@ def _delete_dataset_term_links(session, uri):
         for link in term_links:
             session.delete(link)
 
-    @staticmethod
-    def _delete_dataset_tables(session, dataset_uri) -> bool:
-        tables = (
-            session.query(DatasetTable)
-            .filter(
-                and_(
-                    DatasetTable.datasetUri == dataset_uri,
-                )
-            )
-            .all()
-        )
-        for table in tables:
-            table.deleted = datetime.now()
-        return tables
-
     @staticmethod
     def list_all_datasets(session) -> [Dataset]:
         return session.query(Dataset).all()
@@ -682,7 +561,6 @@ def query_environment_datasets(session, uri, filter) -> Query:
         return query
 
     @staticmethod
-    @has_resource_permission(LIST_ENVIRONMENT_DATASETS)
     def paginated_environment_datasets(
             session, uri, data=None,
     ) -> dict:
@@ -719,3 +597,11 @@ def list_group_datasets(session, environment_id, group_uri):
             .all()
         )
 
+    @staticmethod
+    def _set_import_data(dataset, data):
+        dataset.imported = True if data['imported'] else False
+        dataset.importedS3Bucket = True if data['bucketName'] else False
+        dataset.importedGlueDatabase = True if data['glueDatabaseName'] else False
+        dataset.importedKmsKey = True if data['KmsKeyId'] else False
+        dataset.importedAdminRole = True if data['adminRoleName'] else False
+
diff --git a/backend/dataall/tasks/catalog_indexer.py b/backend/dataall/tasks/catalog_indexer.py
index 377337410..9da3ed925 100644
--- a/backend/dataall/tasks/catalog_indexer.py
+++ b/backend/dataall/tasks/catalog_indexer.py
@@ -2,10 +2,10 @@
 import os
 import sys
 
+from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base.db.models import Dataset
 from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
-from dataall.modules.datasets.db.dataset_service import DatasetService
 from dataall.db import get_engine, models
 from dataall.searchproxy.indexers import DashboardIndexer
 from dataall.utils.alarm_service import AlarmService
@@ -22,7 +22,7 @@ def index_objects(engine):
         indexed_objects_counter = 0
         with engine.scoped_session() as session:
 
-            all_datasets: [Dataset] = DatasetService.list_all_active_datasets(
+            all_datasets: [Dataset] = DatasetRepository.list_all_active_datasets(
                 session
             )
             log.info(f'Found {len(all_datasets)} datasets')
diff --git a/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py b/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py
index c696f0896..4b7accd56 100644
--- a/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py
+++ b/backend/migrations/versions/d05f9a5b215e_backfill_dataset_table_permissions.py
@@ -14,7 +14,7 @@
 from datetime import datetime
 from dataall.modules.dataset_sharing.db.enums import ShareObjectStatus, ShareableType, ShareItemStatus
 from dataall.modules.dataset_sharing.db.share_object_repository import ShareObjectRepository
-from dataall.modules.datasets.db.dataset_service import DatasetService
+from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base.services.permissions import DATASET_TABLE_READ
 
 # revision identifiers, used by Alembic.
@@ -86,7 +86,7 @@ def upgrade():
         print('Back-filling dataset table permissions for owners/stewards...')
         dataset_tables: [DatasetTable] = session.query(DatasetTable).filter(DatasetTable.deleted.is_(None)).all()
         for table in dataset_tables:
-            dataset = DatasetService.get_dataset_by_uri(session, table.datasetUri)
+            dataset = DatasetRepository.get_dataset_by_uri(session, table.datasetUri)
             env = api.Environment.get_environment_by_uri(session, dataset.environmentUri)
 
             groups = set([dataset.SamlAdminGroupName, env.SamlGroupName, dataset.stewards if dataset.stewards is not None else dataset.SamlAdminGroupName])

From a420f0e92bcbd60f75277b7c84fe6270929de383 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 11 May 2023 16:25:09 +0200
Subject: [PATCH 170/346] Some refactoring

---
 backend/dataall/aws/handlers/redshift.py      |  6 +++---
 backend/dataall/db/api/redshift_cluster.py    |  4 ++--
 .../db/share_object_repository.py             | 21 +++++++++++++++++++
 .../datasets/api/profiling/resolvers.py       |  9 +-------
 .../datasets/db/dataset_table_repository.py   | 16 ++++++++++++++
 .../datasets/handlers/glue_table_handler.py   |  4 ++--
 .../datasets/indexers/dataset_indexer.py      |  8 +++----
 .../services/dataset_profiling_service.py     | 10 ++++-----
 .../modules/datasets/tasks/tables_syncer.py   |  4 ++--
 .../datasets_base/db/dataset_repository.py    |  2 --
 backend/dataall/tasks/stacks_updater.py       |  4 ++--
 tests/api/test_dataset.py                     |  4 ++--
 tests/api/test_redshift_cluster.py            |  7 +------
 tests/db/test_permission.py                   |  6 +-----
 14 files changed, 61 insertions(+), 44 deletions(-)

diff --git a/backend/dataall/aws/handlers/redshift.py b/backend/dataall/aws/handlers/redshift.py
index bb61c05a7..7bb1e096d 100644
--- a/backend/dataall/aws/handlers/redshift.py
+++ b/backend/dataall/aws/handlers/redshift.py
@@ -12,7 +12,7 @@
 # TODO should be migrated in the redshift module
 from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
 from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
-from dataall.modules.datasets.db.dataset_service import DatasetService
+from ...modules.datasets_base.db.dataset_repository import DatasetRepository
 
 log = logging.getLogger(__name__)
 
@@ -372,7 +372,7 @@ def get_cluster_catalog_databases(session, task):
             Redshift.set_cluster_secrets(secretsmanager, cluster)
             catalog_databases = []
             for d in cluster_datasets:
-                dataset = DatasetService.get_dataset_by_uri(session, d.datasetUri)
+                dataset = DatasetRepository.get_dataset_by_uri(session, d.datasetUri)
                 if dataset.environmentUri != cluster.environmentUri:
                     catalog_databases.append(f'{dataset.GlueDatabaseName}shared')
                 else:
@@ -446,7 +446,7 @@ def copy_data(engine, task: models.Task):
                 task.targetUri
             )
 
-            dataset: Dataset = DatasetService.get_dataset_by_uri(
+            dataset: Dataset = DatasetRepository.get_dataset_by_uri(
                 session, task.payload['datasetUri']
             )
 
diff --git a/backend/dataall/db/api/redshift_cluster.py b/backend/dataall/db/api/redshift_cluster.py
index bd092ff45..342739145 100644
--- a/backend/dataall/db/api/redshift_cluster.py
+++ b/backend/dataall/db/api/redshift_cluster.py
@@ -10,9 +10,9 @@
     NamingConventionPattern,
 )
 from dataall.utils.slugify import slugify
-from dataall.modules.datasets.db.dataset_service import DatasetService
 from dataall.modules.dataset_sharing.db.models import ShareObject, ShareObjectItem
 from dataall.modules.dataset_sharing.db.share_object_repository import ShareItemSM
+from ...modules.datasets_base.db.dataset_repository import DatasetRepository
 
 log = logging.getLogger(__name__)
 
@@ -396,7 +396,7 @@ def add_dataset(session, username, groups, uri, data=None, check_perm=True):
                 message=f'Cluster {cluster.name} is not on available state ({cluster.status})',
             )
 
-        dataset = DatasetService.get_dataset_by_uri(session, dataset_uri=data['datasetUri'])
+        dataset = DatasetRepository.get_dataset_by_uri(session, dataset_uri=data['datasetUri'])
 
         exists = session.query(models.RedshiftClusterDataset).get(
             (uri, data['datasetUri'])
diff --git a/backend/dataall/modules/dataset_sharing/db/share_object_repository.py b/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
index a2c83ac10..2d06fe332 100644
--- a/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
+++ b/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
@@ -1421,3 +1421,24 @@ def has_shared_items(session, item_uri: str) -> int:
     def delete_shares(session, item_uri: str):
         session.query(ShareObjectItem).filter(ShareObjectItem.itemUri == item_uri).delete()
 
+    @staticmethod
+    def delete_shares_with_no_shared_items(session, dataset_uri):
+        share_objects = (
+            session.query(ShareObject)
+            .filter(
+                and_(
+                    ShareObject.datasetUri == dataset_uri,
+                    ShareObject.existingSharedItems.is_(False),
+                )
+            )
+            .all()
+        )
+        for share in share_objects:
+            (
+                session.query(ShareObjectItem)
+                .filter(ShareObjectItem.shareUri == share.shareUri)
+                .delete()
+            )
+            session.delete(share)
+
+
diff --git a/backend/dataall/modules/datasets/api/profiling/resolvers.py b/backend/dataall/modules/datasets/api/profiling/resolvers.py
index d59d1628f..0cf6d77e7 100644
--- a/backend/dataall/modules/datasets/api/profiling/resolvers.py
+++ b/backend/dataall/modules/datasets/api/profiling/resolvers.py
@@ -2,16 +2,9 @@
 import logging
 
 from dataall.api.context import Context
-from dataall.aws.handlers.service_handlers import Worker
-from dataall.aws.handlers.sts import SessionHelper
-from dataall.db import api, models
-from dataall.db.api import ResourcePolicy
-from dataall.modules.datasets.db.dataset_service import DatasetService
-from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
-from dataall.modules.datasets.db.dataset_profiling_repository import DatasetProfilingRepository
+from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.modules.datasets.services.dataset_profiling_service import DatasetProfilingService
 from dataall.modules.datasets_base.db.models import DatasetProfilingRun
-from dataall.modules.datasets.services.dataset_permissions import PROFILE_DATASET_TABLE
 
 log = logging.getLogger(__name__)
 
diff --git a/backend/dataall/modules/datasets/db/dataset_table_repository.py b/backend/dataall/modules/datasets/db/dataset_table_repository.py
index 73d7fd2ad..63b6e7d63 100644
--- a/backend/dataall/modules/datasets/db/dataset_table_repository.py
+++ b/backend/dataall/modules/datasets/db/dataset_table_repository.py
@@ -1,4 +1,5 @@
 import logging
+from datetime import datetime
 
 from sqlalchemy.sql import and_
 
@@ -207,3 +208,18 @@ def find_dataset_tables(session, dataset_uri):
             .filter(DatasetTable.datasetUri == dataset_uri)
             .all()
         )
+
+    @staticmethod
+    def delete_dataset_tables(session, dataset_uri) -> bool:
+        tables = (
+            session.query(DatasetTable)
+            .filter(
+                and_(
+                    DatasetTable.datasetUri == dataset_uri,
+                )
+            )
+            .all()
+        )
+        for table in tables:
+            table.deleted = datetime.now()
+        return tables
diff --git a/backend/dataall/modules/datasets/handlers/glue_table_handler.py b/backend/dataall/modules/datasets/handlers/glue_table_handler.py
index d822a435a..af148cc38 100644
--- a/backend/dataall/modules/datasets/handlers/glue_table_handler.py
+++ b/backend/dataall/modules/datasets/handlers/glue_table_handler.py
@@ -4,8 +4,8 @@
 from dataall.aws.handlers.service_handlers import Worker
 from dataall.db import models
 from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
+from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base.db.models import Dataset
-from dataall.modules.datasets.db.dataset_service import DatasetService
 
 log = logging.getLogger(__name__)
 
@@ -17,7 +17,7 @@ class DatasetTableSyncHandler:
     @Worker.handler(path='glue.dataset.database.tables')
     def sync_existing_tables(engine, task: models.Task):
         with engine.scoped_session() as session:
-            dataset: Dataset = DatasetService.get_dataset_by_uri(
+            dataset: Dataset = DatasetRepository.get_dataset_by_uri(
                 session, task.targetUri
             )
             account_id = dataset.AwsAccountId
diff --git a/backend/dataall/modules/datasets/indexers/dataset_indexer.py b/backend/dataall/modules/datasets/indexers/dataset_indexer.py
index 20c28bb1d..4036136ba 100644
--- a/backend/dataall/modules/datasets/indexers/dataset_indexer.py
+++ b/backend/dataall/modules/datasets/indexers/dataset_indexer.py
@@ -1,10 +1,10 @@
 """Indexes Datasets in OpenSearch"""
 
-from dataall import db
 from dataall.db import models
+from dataall.db.api import Vote
+from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base.db.models import Dataset
 from dataall.modules.datasets.db.dataset_location_repository import DatasetLocationRepository
-from dataall.modules.datasets.db.dataset_service import DatasetService
 from dataall.searchproxy.base_indexer import BaseIndexer
 
 
@@ -45,9 +45,9 @@ def upsert(cls, session, dataset_uri: str):
             .filter(Dataset.datasetUri == dataset_uri)
             .first()
         )
-        count_tables = DatasetService.count_dataset_tables(session, dataset_uri)
+        count_tables = DatasetRepository.count_dataset_tables(session, dataset_uri)
         count_folders = DatasetLocationRepository.count_dataset_locations(session, dataset_uri)
-        count_upvotes = db.api.Vote.count_upvotes(
+        count_upvotes = Vote.count_upvotes(
             session, None, None, dataset_uri, {'targetType': 'dataset'}
         )
 
diff --git a/backend/dataall/modules/datasets/services/dataset_profiling_service.py b/backend/dataall/modules/datasets/services/dataset_profiling_service.py
index 9f3428406..109bbcafd 100644
--- a/backend/dataall/modules/datasets/services/dataset_profiling_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_profiling_service.py
@@ -3,14 +3,14 @@
 from dataall.aws.handlers.service_handlers import Worker
 from dataall.core.context import get_context
 from dataall.core.permission_checker import has_resource_permission
-from dataall.db.api import Environment, ResourcePolicy
+from dataall.db.api import Environment
 from dataall.db.exceptions import ObjectNotFound
 from dataall.db.models import Task
 from dataall.modules.datasets.aws.s3_profiler_client import S3ProfilerClient
 from dataall.modules.datasets.db.dataset_profiling_repository import DatasetProfilingRepository
-from dataall.modules.datasets.db.dataset_service import DatasetService
 from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
 from dataall.modules.datasets.services.dataset_permissions import PROFILE_DATASET_TABLE
+from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base.db.models import DatasetProfilingRun, DatasetTable
 
 
@@ -20,9 +20,7 @@ class DatasetProfilingService:
     def start_profiling_run(uri, table_uri, glue_table_name):
         context = get_context()
         with context.db_engine.scoped_session() as session:
-            dataset = DatasetService.get_dataset_by_uri(session, uri)
-            if not dataset:
-                raise ObjectNotFound('Dataset', uri)
+            dataset = DatasetRepository.get_dataset_by_uri(session, uri)
 
             if table_uri and not glue_table_name:
                 table: DatasetTable = DatasetTableRepository.get_dataset_table_by_uri(session, table_uri)
@@ -95,7 +93,7 @@ def get_last_table_profiling_run(table_uri: str):
             if run:
                 if not run.results:
                     table = DatasetTableRepository.get_dataset_table_by_uri(session, table_uri)
-                    dataset = DatasetService.get_dataset_by_uri(session, table.datasetUri)
+                    dataset = DatasetRepository.get_dataset_by_uri(session, table.datasetUri)
                     environment = Environment.get_environment_by_uri(session, dataset.environmentUri)
                     content = S3ProfilerClient(environment).get_profiling_results_from_s3(dataset, table, run)
                     if content:
diff --git a/backend/dataall/modules/datasets/tasks/tables_syncer.py b/backend/dataall/modules/datasets/tasks/tables_syncer.py
index 3f6e223db..c8c4eb76b 100644
--- a/backend/dataall/modules/datasets/tasks/tables_syncer.py
+++ b/backend/dataall/modules/datasets/tasks/tables_syncer.py
@@ -10,10 +10,10 @@
 from dataall.db import models
 from dataall.modules.datasets.aws.lf_table_client import LakeFormationTableClient
 from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
+from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
 from dataall.modules.dataset_sharing.services.dataset_alarm_service import DatasetAlarmService
-from dataall.modules.datasets.db.dataset_service import DatasetService
 
 root = logging.getLogger()
 root.setLevel(logging.INFO)
@@ -25,7 +25,7 @@
 def sync_tables(engine):
     with engine.scoped_session() as session:
         processed_tables = []
-        all_datasets: [Dataset] = DatasetService.list_all_active_datasets(
+        all_datasets: [Dataset] = DatasetRepository.list_all_active_datasets(
             session
         )
         log.info(f'Found {len(all_datasets)} datasets for tables sync')
diff --git a/backend/dataall/modules/datasets_base/db/dataset_repository.py b/backend/dataall/modules/datasets_base/db/dataset_repository.py
index f20465c68..41dc2a577 100644
--- a/backend/dataall/modules/datasets_base/db/dataset_repository.py
+++ b/backend/dataall/modules/datasets_base/db/dataset_repository.py
@@ -52,10 +52,8 @@ def count_resources(self, session, environment_uri, group_uri) -> int:
     def create_dataset(
         session,
         username: str,
-        groups: [str],
         uri: str,
         data: dict = None,
-        check_perm: bool = False,
     ) -> Dataset:
         if not uri:
             raise exceptions.RequiredParameter('environmentUri')
diff --git a/backend/dataall/tasks/stacks_updater.py b/backend/dataall/tasks/stacks_updater.py
index 28c5e0887..ea380cdd6 100644
--- a/backend/dataall/tasks/stacks_updater.py
+++ b/backend/dataall/tasks/stacks_updater.py
@@ -3,8 +3,8 @@
 import sys
 import time
 
+from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base.db.models import Dataset
-from dataall.modules.datasets.db.dataset_service import DatasetService
 from .. import db
 from ..db import models
 from ..aws.handlers.ecs import Ecs
@@ -24,7 +24,7 @@
 def update_stacks(engine, envname):
     with engine.scoped_session() as session:
 
-        all_datasets: [Dataset] = DatasetService.list_all_active_datasets(session)
+        all_datasets: [Dataset] = DatasetRepository.list_all_active_datasets(session)
         all_environments: [models.Environment] = db.api.Environment.list_all_active_environments(session)
 
         log.info(f'Found {len(all_environments)} environments, triggering update stack tasks...')
diff --git a/tests/api/test_dataset.py b/tests/api/test_dataset.py
index 4534f3b16..1f060701d 100644
--- a/tests/api/test_dataset.py
+++ b/tests/api/test_dataset.py
@@ -4,8 +4,8 @@
 import pytest
 
 import dataall
+from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base.db.models import DatasetStorageLocation, DatasetTable, Dataset
-from dataall.modules.datasets.db.dataset_service import DatasetService
 
 
 @pytest.fixture(scope='module', autouse=True)
@@ -487,7 +487,7 @@ def test_get_dataset_by_prefix(db, env1, org1):
         )
         session.add(dataset)
         session.commit()
-        dataset_found: Dataset = DatasetService.get_dataset_by_bucket_name(
+        dataset_found: Dataset = DatasetRepository.get_dataset_by_bucket_name(
             session,
             bucket='s3a://insite-data-lake-raw-alpha-eu-west-1/booker/volume_constraints/insite_version=1/volume_constraints.delta'.split(
                 '//'
diff --git a/tests/api/test_redshift_cluster.py b/tests/api/test_redshift_cluster.py
index 7ecc12264..0a7cf3bef 100644
--- a/tests/api/test_redshift_cluster.py
+++ b/tests/api/test_redshift_cluster.py
@@ -4,9 +4,8 @@
 import pytest
 import dataall
 from dataall.api.constants import RedshiftClusterRole
+from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.modules.datasets_base.db.models import Dataset
-from dataall.modules.datasets.db.dataset_service import DatasetService
-
 
 @pytest.fixture(scope='module', autouse=True)
 def org1(org, user, group, tenant):
@@ -40,12 +39,8 @@ def dataset1(db, user, env1, org1, dataset, group, group3) -> Dataset:
             stewards=group3.name,
         )
         dataset = DatasetService.create_dataset(
-            session=session,
-            username=user.userName,
-            groups=[group.name],
             uri=env1.environmentUri,
             data=data,
-            check_perm=True,
         )
         yield dataset
 
diff --git a/tests/db/test_permission.py b/tests/db/test_permission.py
index aee931076..0b32a93b3 100644
--- a/tests/db/test_permission.py
+++ b/tests/db/test_permission.py
@@ -5,7 +5,7 @@
 from dataall.db import exceptions
 from dataall.db.models.Permission import PermissionType
 from dataall.modules.datasets_base.db.models import Dataset
-from dataall.modules.datasets.db.dataset_service import DatasetService
+from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.modules.datasets.services.dataset_permissions import MANAGE_DATASETS, UPDATE_DATASET, DATASET_READ, DATASET_WRITE
 from dataall.modules.datasets_base.services.permissions import DATASET_TABLE_READ
 
@@ -259,11 +259,7 @@ def test_create_dataset(db, env, user, group, group_user, dataset, permissions,
             IAMDatasetAdminRoleArn=f'arn:aws:iam::123456789012:role/dataset',
         )
         dataset = DatasetService.create_dataset(
-            session=session,
-            username=user.userName,
-            groups=[group.name],
             uri=env_with_perm.environmentUri,
             data=data,
-            check_perm=True,
         )
         assert dataset

From f6cab09cbdd19ebe9dc5f949844778a659528ace Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 11 May 2023 17:15:08 +0200
Subject: [PATCH 171/346] Extracted code to fix circular dependency

---
 backend/dataall/db/api/redshift_cluster.py    |   2 +-
 .../db/share_object_repository.py             |  83 +++++++
 backend/dataall/modules/datasets/db/enums.py  |   7 -
 .../datasets/services/dataset_service.py      | 115 ++++++++--
 .../services/dataset_table_service.py         |   2 +-
 .../datasets_base/db/dataset_repository.py    | 208 +-----------------
 .../dataall/modules/datasets_base/db/enums.py |  18 ++
 tests/api/conftest.py                         |   2 +-
 8 files changed, 217 insertions(+), 220 deletions(-)
 delete mode 100644 backend/dataall/modules/datasets/db/enums.py
 create mode 100644 backend/dataall/modules/datasets_base/db/enums.py

diff --git a/backend/dataall/db/api/redshift_cluster.py b/backend/dataall/db/api/redshift_cluster.py
index 342739145..15222738b 100644
--- a/backend/dataall/db/api/redshift_cluster.py
+++ b/backend/dataall/db/api/redshift_cluster.py
@@ -12,7 +12,6 @@
 from dataall.utils.slugify import slugify
 from dataall.modules.dataset_sharing.db.models import ShareObject, ShareObjectItem
 from dataall.modules.dataset_sharing.db.share_object_repository import ShareItemSM
-from ...modules.datasets_base.db.dataset_repository import DatasetRepository
 
 log = logging.getLogger(__name__)
 
@@ -396,6 +395,7 @@ def add_dataset(session, username, groups, uri, data=None, check_perm=True):
                 message=f'Cluster {cluster.name} is not on available state ({cluster.status})',
             )
 
+        from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
         dataset = DatasetRepository.get_dataset_by_uri(session, dataset_uri=data['datasetUri'])
 
         exists = session.query(models.RedshiftClusterDataset).get(
diff --git a/backend/dataall/modules/dataset_sharing/db/share_object_repository.py b/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
index 2d06fe332..e2a9ddc8f 100644
--- a/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
+++ b/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
@@ -1,6 +1,7 @@
 import logging
 
 from sqlalchemy import and_, or_, func, case
+from sqlalchemy.orm import Query
 
 from dataall.db.api import (
     has_resource_perm,
@@ -1441,4 +1442,86 @@ def delete_shares_with_no_shared_items(session, dataset_uri):
             )
             session.delete(share)
 
+    @staticmethod
+    def _query_user_datasets(session, username, groups, filter) -> Query:
+        share_item_shared_states = ShareItemSM.get_share_item_shared_states()
+        query = (
+            session.query(Dataset)
+            .outerjoin(
+                ShareObject,
+                ShareObject.datasetUri == Dataset.datasetUri,
+            )
+            .outerjoin(
+                ShareObjectItem,
+                ShareObjectItem.shareUri == ShareObject.shareUri
+            )
+            .filter(
+                or_(
+                    Dataset.owner == username,
+                    Dataset.SamlAdminGroupName.in_(groups),
+                    Dataset.stewards.in_(groups),
+                    and_(
+                        ShareObject.principalId.in_(groups),
+                        ShareObjectItem.status.in_(share_item_shared_states),
+                    ),
+                    and_(
+                        ShareObject.owner == username,
+                        ShareObjectItem.status.in_(share_item_shared_states),
+                    ),
+                )
+            )
+        )
+        if filter and filter.get('term'):
+            query = query.filter(
+                or_(
+                    Dataset.description.ilike(filter.get('term') + '%%'),
+                    Dataset.label.ilike(filter.get('term') + '%%'),
+                )
+            )
+        return query
+
+    @staticmethod
+    def paginated_user_datasets(
+            session, username, groups, data=None
+    ) -> dict:
+        return paginate(
+            query=ShareObjectRepository._query_user_datasets(session, username, groups, data),
+            page=data.get('page', 1),
+            page_size=data.get('pageSize', 10),
+        ).to_dict()
+
+    @staticmethod
+    def find_dataset_shares(session, dataset_uri):
+        return (
+            session.query(ShareObject)
+            .filter(ShareObject.datasetUri == dataset_uri)
+            .all()
+        )
+
+    @staticmethod
+    def query_dataset_shares(session, dataset_uri) -> Query:
+        return session.query(ShareObject).filter(
+            and_(
+                ShareObject.datasetUri == dataset_uri,
+                ShareObject.deleted.is_(None),
+            )
+        )
+
+    @staticmethod
+    def paginated_dataset_shares(session, uri, data=None) -> [ShareObject]:
+        query = ShareObjectRepository.query_dataset_shares(session, uri)
+        return paginate(
+            query=query, page=data.get('page', 1), page_size=data.get('pageSize', 5)
+        ).to_dict()
+
+    @staticmethod
+    def list_dataset_shares_with_existing_shared_items(session, dataset_uri) -> [ShareObject]:
+        query = session.query(ShareObject).filter(
+            and_(
+                ShareObject.datasetUri == dataset_uri,
+                ShareObject.deleted.is_(None),
+                ShareObject.existingSharedItems.is_(True),
+            )
+        )
+        return query.all()
 
diff --git a/backend/dataall/modules/datasets/db/enums.py b/backend/dataall/modules/datasets/db/enums.py
deleted file mode 100644
index 5ef5e8170..000000000
--- a/backend/dataall/modules/datasets/db/enums.py
+++ /dev/null
@@ -1,7 +0,0 @@
-from enum import Enum
-
-
-class ConfidentialityClassification(Enum):
-    Unclassified = 'Unclassified'
-    Official = 'Official'
-    Secret = 'Secret'
diff --git a/backend/dataall/modules/datasets/services/dataset_service.py b/backend/dataall/modules/datasets/services/dataset_service.py
index 9e5a35bdf..ed8f4263d 100644
--- a/backend/dataall/modules/datasets/services/dataset_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_service.py
@@ -10,9 +10,10 @@
 from dataall.db.api import Vote, ResourcePolicy, KeyValueTag, Stack
 from dataall.db.exceptions import AWSResourceNotFound, UnauthorizedOperation
 from dataall.db.models import Environment, Task
+from dataall.db.permissions import SHARE_OBJECT_APPROVER
+from dataall.modules.dataset_sharing.db.models import ShareObject
 from dataall.modules.dataset_sharing.db.share_object_repository import ShareObjectRepository
 from dataall.modules.datasets import DatasetIndexer, DatasetTableIndexer
-from dataall.modules.datasets.api.dataset.enums import DatasetRole
 from dataall.modules.datasets.aws.glue_dataset_client import DatasetCrawler
 from dataall.modules.datasets.aws.s3_dataset_client import S3DatasetClient
 from dataall.modules.datasets.db.dataset_location_repository import DatasetLocationRepository
@@ -21,7 +22,9 @@
     SUMMARY_DATASET, DELETE_DATASET, SUBSCRIPTIONS_DATASET, MANAGE_DATASETS, UPDATE_DATASET, LIST_ENVIRONMENT_DATASETS, \
     CREATE_DATASET, DATASET_ALL, DATASET_READ
 from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
-from dataall.modules.datasets_base.db.models import Dataset
+from dataall.modules.datasets_base.db.enums import DatasetRole
+from dataall.modules.datasets_base.db.models import Dataset, DatasetTable
+from dataall.modules.datasets_base.services.permissions import DATASET_TABLE_READ
 
 log = logging.getLogger(__name__)
 
@@ -51,10 +54,8 @@ def create_dataset(uri, data: dict):
             dataset = DatasetRepository.create_dataset(
                 session=session,
                 username=context.username,
-                groups=context.groups,
                 uri=uri,
                 data=data,
-                check_perm=True,
             )
 
             ResourcePolicy.attach_resource_policy(
@@ -118,7 +119,7 @@ def get_file_upload_presigned_url(uri: str, data: dict):
     def list_datasets(data: dict):
         context = get_context()
         with context.db_engine.scoped_session() as session:
-            return DatasetRepository.paginated_user_datasets(
+            return ShareObjectRepository.paginated_user_datasets(
                 session, context.username, context.groups, data=data
             )
 
@@ -149,16 +150,38 @@ def update_dataset(uri: str, data: dict):
             dataset = DatasetRepository.get_dataset_by_uri(session, uri)
             environment = Environment.get_environment_by_uri(session, dataset.environmentUri)
             DatasetService.check_dataset_account(environment=environment)
-            updated_dataset = DatasetRepository.update_dataset(
-                session=session,
-                uri=uri,
-                data=data,
-            )
+
+            username = get_context().username
+            dataset: Dataset = DatasetRepository.get_dataset_by_uri(session, uri)
+            if data and isinstance(data, dict):
+                for k in data.keys():
+                    if k != 'stewards':
+                        setattr(dataset, k, data.get(k))
+                if data.get('stewards') and data.get('stewards') != dataset.stewards:
+                    if data.get('stewards') != dataset.SamlAdminGroupName:
+                        DatasetService._transfer_stewardship_to_new_stewards(
+                            session, dataset, data['stewards']
+                        )
+                        dataset.stewards = data['stewards']
+                    else:
+                        DatasetService._transfer_stewardship_to_owners(session, dataset)
+                        dataset.stewards = dataset.SamlAdminGroupName
+
+                ResourcePolicy.attach_resource_policy(
+                    session=session,
+                    group=dataset.SamlAdminGroupName,
+                    permissions=DATASET_ALL,
+                    resource_uri=dataset.datasetUri,
+                    resource_type=Dataset.__name__,
+                )
+                DatasetRepository.update_dataset_glossary_terms(session, username, uri, data)
+                DatasetRepository.update_dataset_activity(session, dataset, username)
+
             DatasetIndexer.upsert(session, dataset_uri=uri)
 
-        DatasetService._deploy_dataset_stack(updated_dataset)
+        DatasetService._deploy_dataset_stack(dataset)
 
-        return updated_dataset
+        return dataset
 
     @staticmethod
     def get_dataset_statistics(dataset: Dataset):
@@ -290,7 +313,7 @@ def start_crawler(uri: str, data: dict = None):
     @staticmethod
     def list_dataset_share_objects(dataset: Dataset, data: dict = None):
         with get_context().db_engine.scoped_session() as session:
-            return DatasetRepository.paginated_dataset_shares(
+            return ShareObjectRepository.paginated_dataset_shares(
                 session=session,
                 uri=dataset.datasetUri,
                 data=data
@@ -400,7 +423,7 @@ def delete_dataset(uri: str, delete_from_aws: bool = False):
             env: Environment = Environment.get_environment_by_uri(
                 session, dataset.environmentUri
             )
-            shares = DatasetRepository.list_dataset_shares_with_existing_shared_items(session, uri)
+            shares = ShareObjectRepository.list_dataset_shares_with_existing_shared_items(session, uri)
             if shares:
                 raise UnauthorizedOperation(
                     action=DELETE_DATASET,
@@ -530,3 +553,67 @@ def list_datasets_owned_by_env_group(env_uri: str, group_uri: str, data: dict):
                 groupUri=group_uri,
                 data=data,
             )
+
+    @staticmethod
+    def _transfer_stewardship_to_owners(session, dataset):
+        dataset_shares = ShareObjectRepository.find_dataset_shares(session, dataset.datasetUri)
+        if dataset_shares:
+            for share in dataset_shares:
+                ResourcePolicy.attach_resource_policy(
+                    session=session,
+                    group=dataset.SamlAdminGroupName,
+                    permissions=SHARE_OBJECT_APPROVER,
+                    resource_uri=share.shareUri,
+                    resource_type=ShareObject.__name__,
+                )
+        return dataset
+
+    @staticmethod
+    def _transfer_stewardship_to_new_stewards(session, dataset, new_stewards):
+        env = Environment.get_environment_by_uri(session, dataset.environmentUri)
+        if dataset.stewards != env.SamlGroupName:
+            ResourcePolicy.delete_resource_policy(
+                session=session,
+                group=dataset.stewards,
+                resource_uri=dataset.datasetUri,
+            )
+        ResourcePolicy.attach_resource_policy(
+            session=session,
+            group=new_stewards,
+            permissions=DATASET_READ,
+            resource_uri=dataset.datasetUri,
+            resource_type=Dataset.__name__,
+        )
+
+        dataset_tables = [t.tableUri for t in DatasetRepository.get_dataset_tables(session, dataset.datasetUri)]
+        for tableUri in dataset_tables:
+            if dataset.stewards != env.SamlGroupName:
+                ResourcePolicy.delete_resource_policy(
+                    session=session,
+                    group=dataset.stewards,
+                    resource_uri=tableUri,
+                )
+            ResourcePolicy.attach_resource_policy(
+                session=session,
+                group=new_stewards,
+                permissions=DATASET_TABLE_READ,
+                resource_uri=tableUri,
+                resource_type=DatasetTable.__name__,
+            )
+
+        dataset_shares = ShareObjectRepository.find_dataset_shares(session, dataset.datasetUri)
+        if dataset_shares:
+            for share in dataset_shares:
+                ResourcePolicy.attach_resource_policy(
+                    session=session,
+                    group=new_stewards,
+                    permissions=SHARE_OBJECT_APPROVER,
+                    resource_uri=share.shareUri,
+                    resource_type=ShareObject.__name__,
+                )
+                ResourcePolicy.delete_resource_policy(
+                    session=session,
+                    group=dataset.stewards,
+                    resource_uri=share.shareUri,
+                )
+        return dataset
diff --git a/backend/dataall/modules/datasets/services/dataset_table_service.py b/backend/dataall/modules/datasets/services/dataset_table_service.py
index 29401278e..ab12d1131 100644
--- a/backend/dataall/modules/datasets/services/dataset_table_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_table_service.py
@@ -11,7 +11,7 @@
 from dataall.modules.datasets import DatasetTableIndexer
 from dataall.modules.datasets.aws.athena_table_client import AthenaTableClient
 from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
-from dataall.modules.datasets.db.enums import ConfidentialityClassification
+from dataall.modules.datasets_base.db.enums import ConfidentialityClassification
 from dataall.modules.datasets.services.dataset_permissions import UPDATE_DATASET_TABLE, MANAGE_DATASETS, \
     DELETE_DATASET_TABLE, CREATE_DATASET_TABLE
 from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
diff --git a/backend/dataall/modules/datasets_base/db/dataset_repository.py b/backend/dataall/modules/datasets_base/db/dataset_repository.py
index 41dc2a577..a7da6a930 100644
--- a/backend/dataall/modules/datasets_base/db/dataset_repository.py
+++ b/backend/dataall/modules/datasets_base/db/dataset_repository.py
@@ -3,22 +3,16 @@
 from sqlalchemy import and_, or_
 from sqlalchemy.orm import Query
 
-from dataall.core.context import get_context
 from dataall.db.api import (
     Environment,
-    ResourcePolicy,
 )
 from dataall.db.api import Organization
-from dataall.db import models, exceptions, paginate, permissions
+from dataall.db import models, exceptions, paginate
 from dataall.db.exceptions import ObjectNotFound
 from dataall.db.models.Enums import Language
-from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
-from dataall.modules.dataset_sharing.db.share_object_repository import ShareItemSM
-from dataall.modules.datasets.db.enums import ConfidentialityClassification
+from dataall.modules.datasets_base.db.enums import ConfidentialityClassification
 from dataall.core.group.services.group_resource_manager import GroupResource
 from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
-from dataall.modules.datasets.services.dataset_permissions import DATASET_READ, DATASET_ALL
-from dataall.modules.datasets_base.services.permissions import DATASET_TABLE_READ
 from dataall.utils.naming_convention import (
     NamingConventionService,
     NamingConventionPattern,
@@ -170,54 +164,6 @@ def _set_dataset_aws_resources(dataset: Dataset, data, environment):
     def get_dataset(session, uri: str) -> Dataset:
         return DatasetRepository.get_dataset_by_uri(session, uri)
 
-    @staticmethod
-    def query_user_datasets(session, username, groups, filter) -> Query:
-        share_item_shared_states = ShareItemSM.get_share_item_shared_states()
-        query = (
-            session.query(Dataset)
-            .outerjoin(
-                ShareObject,
-                ShareObject.datasetUri == Dataset.datasetUri,
-            )
-            .outerjoin(
-                ShareObjectItem,
-                ShareObjectItem.shareUri == ShareObject.shareUri
-            )
-            .filter(
-                or_(
-                    Dataset.owner == username,
-                    Dataset.SamlAdminGroupName.in_(groups),
-                    Dataset.stewards.in_(groups),
-                    and_(
-                        ShareObject.principalId.in_(groups),
-                        ShareObjectItem.status.in_(share_item_shared_states),
-                    ),
-                    and_(
-                        ShareObject.owner == username,
-                        ShareObjectItem.status.in_(share_item_shared_states),
-                    ),
-                )
-            )
-        )
-        if filter and filter.get('term'):
-            query = query.filter(
-                or_(
-                    Dataset.description.ilike(filter.get('term') + '%%'),
-                    Dataset.label.ilike(filter.get('term') + '%%'),
-                )
-            )
-        return query
-
-    @staticmethod
-    def paginated_user_datasets(
-        session, username, groups, data=None
-    ) -> dict:
-        return paginate(
-            query=DatasetRepository.query_user_datasets(session, username, groups, data),
-            page=data.get('page', 1),
-            page_size=data.get('pageSize', 10),
-        ).to_dict()
-
     @staticmethod
     def paginated_dataset_tables(session, uri, data=None) -> dict:
         query = (
@@ -246,114 +192,17 @@ def paginated_dataset_tables(session, uri, data=None) -> dict:
         ).to_dict()
 
     @staticmethod
-    def update_dataset(session, uri, data=None) -> Dataset:
-        username = get_context().username
-        dataset: Dataset = DatasetRepository.get_dataset_by_uri(session, uri)
-        if data and isinstance(data, dict):
-            for k in data.keys():
-                if k != 'stewards':
-                    setattr(dataset, k, data.get(k))
-            if data.get('stewards') and data.get('stewards') != dataset.stewards:
-                if data.get('stewards') != dataset.SamlAdminGroupName:
-                    DatasetRepository.transfer_stewardship_to_new_stewards(
-                        session, dataset, data['stewards']
-                    )
-                    dataset.stewards = data['stewards']
-                else:
-                    DatasetRepository.transfer_stewardship_to_owners(session, dataset)
-                    dataset.stewards = dataset.SamlAdminGroupName
-
-            ResourcePolicy.attach_resource_policy(
-                session=session,
-                group=dataset.SamlAdminGroupName,
-                permissions=DATASET_ALL,
-                resource_uri=dataset.datasetUri,
-                resource_type=Dataset.__name__,
-            )
-            DatasetRepository.update_dataset_glossary_terms(session, username, uri, data)
-            activity = models.Activity(
-                action='dataset:update',
-                label='dataset:update',
-                owner=username,
-                summary=f'{username} updated dataset {dataset.name}',
-                targetUri=dataset.datasetUri,
-                targetType='dataset',
-            )
-            session.add(activity)
-            session.commit()
-        return dataset
-
-    @staticmethod
-    def transfer_stewardship_to_owners(session, dataset):
-        dataset_shares = (
-            session.query(ShareObject)
-            .filter(ShareObject.datasetUri == dataset.datasetUri)
-            .all()
-        )
-        if dataset_shares:
-            for share in dataset_shares:
-                ResourcePolicy.attach_resource_policy(
-                    session=session,
-                    group=dataset.SamlAdminGroupName,
-                    permissions=permissions.SHARE_OBJECT_APPROVER,
-                    resource_uri=share.shareUri,
-                    resource_type=ShareObject.__name__,
-                )
-        return dataset
-
-    @staticmethod
-    def transfer_stewardship_to_new_stewards(session, dataset, new_stewards):
-        env = Environment.get_environment_by_uri(session, dataset.environmentUri)
-        if dataset.stewards != env.SamlGroupName:
-            ResourcePolicy.delete_resource_policy(
-                session=session,
-                group=dataset.stewards,
-                resource_uri=dataset.datasetUri,
-            )
-        ResourcePolicy.attach_resource_policy(
-            session=session,
-            group=new_stewards,
-            permissions=DATASET_READ,
-            resource_uri=dataset.datasetUri,
-            resource_type=Dataset.__name__,
-        )
-
-        dataset_tables = [t.tableUri for t in DatasetRepository.get_dataset_tables(session, dataset.datasetUri)]
-        for tableUri in dataset_tables:
-            if dataset.stewards != env.SamlGroupName:
-                ResourcePolicy.delete_resource_policy(
-                    session=session,
-                    group=dataset.stewards,
-                    resource_uri=tableUri,
-                )
-            ResourcePolicy.attach_resource_policy(
-                session=session,
-                group=new_stewards,
-                permissions=DATASET_TABLE_READ,
-                resource_uri=tableUri,
-                resource_type=DatasetTable.__name__,
-            )
-
-        dataset_shares = (
-            session.query(ShareObject)
-            .filter(ShareObject.datasetUri == dataset.datasetUri)
-            .all()
+    def update_dataset_activity(session, dataset, username) :
+        activity = models.Activity(
+            action='dataset:update',
+            label='dataset:update',
+            owner=username,
+            summary=f'{username} updated dataset {dataset.name}',
+            targetUri=dataset.datasetUri,
+            targetType='dataset',
         )
-        if dataset_shares:
-            for share in dataset_shares:
-                ResourcePolicy.attach_resource_policy(
-                    session=session,
-                    group=new_stewards,
-                    permissions=permissions.SHARE_OBJECT_APPROVER,
-                    resource_uri=share.shareUri,
-                    resource_type=ShareObject.__name__,
-                )
-                ResourcePolicy.delete_resource_policy(
-                    session=session,
-                    group=dataset.stewards,
-                    resource_uri=share.shareUri,
-                )
-        return dataset
+        session.add(activity)
+        session.commit()
 
     @staticmethod
     def update_dataset_glossary_terms(session, username, uri, data):
@@ -412,39 +261,6 @@ def get_dataset_tables(session, dataset_uri):
             .all()
         )
 
-    @staticmethod
-    def query_dataset_shares(session, dataset_uri) -> Query:
-        return session.query(ShareObject).filter(
-            and_(
-                ShareObject.datasetUri == dataset_uri,
-                ShareObject.deleted.is_(None),
-            )
-        )
-
-    @staticmethod
-    def paginated_dataset_shares(session, uri, data=None) -> [ShareObject]:
-        query = DatasetRepository.query_dataset_shares(session, uri)
-        return paginate(
-            query=query, page=data.get('page', 1), page_size=data.get('pageSize', 5)
-        ).to_dict()
-
-    @staticmethod
-    def list_dataset_shares(session, dataset_uri) -> [ShareObject]:
-        """return the dataset shares"""
-        query = DatasetRepository.query_dataset_shares(session, dataset_uri)
-        return query.all()
-
-    @staticmethod
-    def list_dataset_shares_with_existing_shared_items(session, dataset_uri) -> [ShareObject]:
-        query = session.query(ShareObject).filter(
-            and_(
-                ShareObject.datasetUri == dataset_uri,
-                ShareObject.deleted.is_(None),
-                ShareObject.existingSharedItems.is_(True),
-            )
-        )
-        return query.all()
-
     @staticmethod
     def list_dataset_redshift_clusters(
         session, dataset_uri
diff --git a/backend/dataall/modules/datasets_base/db/enums.py b/backend/dataall/modules/datasets_base/db/enums.py
new file mode 100644
index 000000000..5c2d89091
--- /dev/null
+++ b/backend/dataall/modules/datasets_base/db/enums.py
@@ -0,0 +1,18 @@
+from enum import Enum
+
+
+class ConfidentialityClassification(Enum):
+    Unclassified = 'Unclassified'
+    Official = 'Official'
+    Secret = 'Secret'
+
+
+class DatasetRole(Enum):
+    # Permissions on a dataset
+    BusinessOwner = '999'
+    DataSteward = '998'
+    Creator = '950'
+    Admin = '900'
+    Shared = '300'
+    NoPermission = '000'
+
diff --git a/tests/api/conftest.py b/tests/api/conftest.py
index a0ba4ff0e..931fc26c9 100644
--- a/tests/api/conftest.py
+++ b/tests/api/conftest.py
@@ -27,7 +27,7 @@ def patch_check_env(module_mocker):
 @pytest.fixture(scope='module', autouse=True)
 def patch_check_dataset(module_mocker):
     module_mocker.patch(
-        'dataall.modules.datasets.api.dataset.resolvers.check_dataset_account', return_value=True
+        'dataall.modules.datasets.services.dataset_service.DatasetService.check_dataset_account', return_value=True
     )
 
 

From 15f2c93a22dbdcf73c78f5d03715d9feca48b3be Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 12 May 2023 10:03:15 +0200
Subject: [PATCH 172/346] Fixed tests

---
 backend/dataall/core/permission_checker.py           |  1 -
 .../modules/datasets/api/dataset/resolvers.py        | 10 +++++++---
 .../modules/datasets/api/profiling/resolvers.py      | 11 ++++-------
 .../modules/datasets/services/dataset_service.py     | 12 ++++++------
 .../modules/datasets_base/db/dataset_repository.py   | 10 +++++-----
 tests/api/test_dataset.py                            |  2 +-
 tests/api/test_dataset_location.py                   |  2 +-
 tests/api/test_redshift_cluster.py                   |  5 ++++-
 tests/db/test_permission.py                          |  4 ++++
 9 files changed, 32 insertions(+), 25 deletions(-)

diff --git a/backend/dataall/core/permission_checker.py b/backend/dataall/core/permission_checker.py
index 1fccd8fb4..4101a9b67 100644
--- a/backend/dataall/core/permission_checker.py
+++ b/backend/dataall/core/permission_checker.py
@@ -2,7 +2,6 @@
 Contains decorators that check if user has a permission to access
 and interact with resources or do some actions in the app
 """
-import contextlib
 from typing import Protocol, Callable
 
 from dataall.core.context import RequestContext, get_context
diff --git a/backend/dataall/modules/datasets/api/dataset/resolvers.py b/backend/dataall/modules/datasets/api/dataset/resolvers.py
index 2453ebe7c..236432ce0 100644
--- a/backend/dataall/modules/datasets/api/dataset/resolvers.py
+++ b/backend/dataall/modules/datasets/api/dataset/resolvers.py
@@ -15,7 +15,9 @@
 
 
 def create_dataset(context: Context, source, input=None):
-    return DatasetService.create_dataset(env_uri=input['environmentUri'], data=input)
+    admin_group = input['SamlAdminGroupName']
+    uri = input['environmentUri']
+    return DatasetService.create_dataset(uri=uri, admin_group=admin_group, data=input)
 
 
 def import_dataset(context: Context, source, input=None):
@@ -28,7 +30,9 @@ def import_dataset(context: Context, source, input=None):
     if not input.get('SamlAdminGroupName'):
         raise exceptions.RequiredParameter('group')
 
-    return DatasetService.import_dataset(uri=input['environmentUri'], data=input)
+    admin_group = input['SamlAdminGroupName']
+    uri = input['environmentUri']
+    return DatasetService.import_dataset(uri=uri, admin_group=admin_group, data=input)
 
 
 def get_dataset(context, source, datasetUri=None):
@@ -113,7 +117,7 @@ def get_dataset_stewards_group(context, source: Dataset, **kwargs):
 
 
 def update_dataset(context, source, datasetUri: str = None, input: dict = None):
-    return DatasetService.update_dataset(uri=datasetUri)
+    return DatasetService.update_dataset(uri=datasetUri, data=input)
 
 
 def get_dataset_statistics(context: Context, source: Dataset, **kwargs):
diff --git a/backend/dataall/modules/datasets/api/profiling/resolvers.py b/backend/dataall/modules/datasets/api/profiling/resolvers.py
index 0cf6d77e7..51701fb5e 100644
--- a/backend/dataall/modules/datasets/api/profiling/resolvers.py
+++ b/backend/dataall/modules/datasets/api/profiling/resolvers.py
@@ -2,8 +2,8 @@
 import logging
 
 from dataall.api.context import Context
-from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.modules.datasets.services.dataset_profiling_service import DatasetProfilingService
+from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.modules.datasets_base.db.models import DatasetProfilingRun
 
 log = logging.getLogger(__name__)
@@ -12,17 +12,14 @@
 def resolve_dataset(context, source: DatasetProfilingRun):
     if not source:
         return None
-    with context.engine.scoped_session() as session:
-        return DatasetService.get_dataset_by_uri(
-            session=session, dataset_uri=source.datasetUri
-        )
+    return DatasetService.get_dataset(uri=source.datasetUri)
 
 
 def start_profiling_run(context: Context, source, input: dict = None):
     return DatasetProfilingService.start_profiling_run(
         uri=input['datasetUri'],
-        table_uri=input['table_uri'],
-        glue_table_name=input['GlueTableName']
+        table_uri=input.get('tableUri'),
+        glue_table_name=input.get('GlueTableName')
     )
 
 
diff --git a/backend/dataall/modules/datasets/services/dataset_service.py b/backend/dataall/modules/datasets/services/dataset_service.py
index ed8f4263d..689fe951e 100644
--- a/backend/dataall/modules/datasets/services/dataset_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_service.py
@@ -7,9 +7,9 @@
 from dataall.aws.handlers.sts import SessionHelper
 from dataall.core.context import get_context
 from dataall.core.permission_checker import has_resource_permission, has_tenant_permission, has_group_permission
-from dataall.db.api import Vote, ResourcePolicy, KeyValueTag, Stack
+from dataall.db.api import Vote, ResourcePolicy, KeyValueTag, Stack, Environment
 from dataall.db.exceptions import AWSResourceNotFound, UnauthorizedOperation
-from dataall.db.models import Environment, Task
+from dataall.db.models import Task
 from dataall.db.permissions import SHARE_OBJECT_APPROVER
 from dataall.modules.dataset_sharing.db.models import ShareObject
 from dataall.modules.dataset_sharing.db.share_object_repository import ShareObjectRepository
@@ -45,7 +45,7 @@ def check_dataset_account(environment):
     @has_tenant_permission(MANAGE_DATASETS)
     @has_resource_permission(CREATE_DATASET)
     @has_group_permission(CREATE_DATASET)
-    def create_dataset(uri, data: dict):
+    def create_dataset(uri, admin_group, data: dict):
         context = get_context()
         with context.db_engine.scoped_session() as session:
             environment = Environment.get_environment_by_uri(session, uri)
@@ -95,9 +95,9 @@ def create_dataset(uri, data: dict):
         return dataset
 
     @staticmethod
-    def import_dataset(uri, data):
+    def import_dataset(uri, admin_group, data):
         data['imported'] = True
-        return DatasetService.create_dataset(uri=uri, data=data)
+        return DatasetService.create_dataset(uri=uri, admin_group=admin_group, data=data)
 
     @staticmethod
     @has_tenant_permission(MANAGE_DATASETS)
@@ -420,7 +420,7 @@ def delete_dataset(uri: str, delete_from_aws: bool = False):
         context = get_context()
         with context.db_engine.scoped_session() as session:
             dataset: Dataset = DatasetRepository.get_dataset_by_uri(session, uri)
-            env: Environment = Environment.get_environment_by_uri(
+            env = Environment.get_environment_by_uri(
                 session, dataset.environmentUri
             )
             shares = ShareObjectRepository.list_dataset_shares_with_existing_shared_items(session, uri)
diff --git a/backend/dataall/modules/datasets_base/db/dataset_repository.py b/backend/dataall/modules/datasets_base/db/dataset_repository.py
index a7da6a930..12b0514d7 100644
--- a/backend/dataall/modules/datasets_base/db/dataset_repository.py
+++ b/backend/dataall/modules/datasets_base/db/dataset_repository.py
@@ -413,9 +413,9 @@ def list_group_datasets(session, environment_id, group_uri):
 
     @staticmethod
     def _set_import_data(dataset, data):
-        dataset.imported = True if data['imported'] else False
-        dataset.importedS3Bucket = True if data['bucketName'] else False
-        dataset.importedGlueDatabase = True if data['glueDatabaseName'] else False
-        dataset.importedKmsKey = True if data['KmsKeyId'] else False
-        dataset.importedAdminRole = True if data['adminRoleName'] else False
+        dataset.imported = True if data.get('imported') else False
+        dataset.importedS3Bucket = True if data.get('bucketName') else False
+        dataset.importedGlueDatabase = True if data.get('glueDatabaseName') else False
+        dataset.importedKmsKey = True if data.get('KmsKeyId') else False
+        dataset.importedAdminRole = True if data.get('adminRoleName') else False
 
diff --git a/tests/api/test_dataset.py b/tests/api/test_dataset.py
index 1f060701d..f5b9e80b3 100644
--- a/tests/api/test_dataset.py
+++ b/tests/api/test_dataset.py
@@ -177,7 +177,7 @@ def test_update_dataset(dataset1, client, group, group2):
 
 def test_start_crawler(org1, env1, dataset1, client, group, module_mocker):
     module_mocker.patch(
-        'dataall.modules.datasets.api.dataset.resolvers.DatasetCrawler', MagicMock()
+        'dataall.modules.datasets.services.dataset_service.DatasetCrawler', MagicMock()
     )
     mutation = """
                 mutation StartGlueCrawler($datasetUri:String, $input:CrawlerInput){
diff --git a/tests/api/test_dataset_location.py b/tests/api/test_dataset_location.py
index fe62eb065..8071d327e 100644
--- a/tests/api/test_dataset_location.py
+++ b/tests/api/test_dataset_location.py
@@ -69,7 +69,7 @@ def test_get_dataset(client, dataset1, env1, user, group):
 
 def test_create_location(client, dataset1, env1, user, group, patch_es, module_mocker):
     mock_client = MagicMock()
-    module_mocker.patch("dataall.modules.datasets.api.storage_location.resolvers.S3LocationClient", mock_client)
+    module_mocker.patch("dataall.modules.datasets.services.dataset_location_service.S3LocationClient", mock_client)
     response = client.query(
         """
         mutation createDatasetStorageLocation($datasetUri:String!, $input:NewDatasetStorageLocationInput!){
diff --git a/tests/api/test_redshift_cluster.py b/tests/api/test_redshift_cluster.py
index 0a7cf3bef..d98e748f4 100644
--- a/tests/api/test_redshift_cluster.py
+++ b/tests/api/test_redshift_cluster.py
@@ -5,6 +5,7 @@
 import dataall
 from dataall.api.constants import RedshiftClusterRole
 from dataall.modules.datasets.services.dataset_service import DatasetService
+from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base.db.models import Dataset
 
 @pytest.fixture(scope='module', autouse=True)
@@ -38,7 +39,9 @@ def dataset1(db, user, env1, org1, dataset, group, group3) -> Dataset:
             IAMDatasetAdminRoleArn=f'arn:aws:iam::123456789012:role/dataset',
             stewards=group3.name,
         )
-        dataset = DatasetService.create_dataset(
+        dataset = DatasetRepository.create_dataset(
+            session=session,
+            username=user.userName,
             uri=env1.environmentUri,
             data=data,
         )
diff --git a/tests/db/test_permission.py b/tests/db/test_permission.py
index 0b32a93b3..0016888e2 100644
--- a/tests/db/test_permission.py
+++ b/tests/db/test_permission.py
@@ -2,6 +2,7 @@
 
 import dataall
 from dataall.api.constants import OrganisationUserRole
+from dataall.core.context import set_context, RequestContext
 from dataall.db import exceptions
 from dataall.db.models.Permission import PermissionType
 from dataall.modules.datasets_base.db.models import Dataset
@@ -258,8 +259,11 @@ def test_create_dataset(db, env, user, group, group_user, dataset, permissions,
             IAMDatasetAdminUserArn=f'arn:aws:iam::123456789012:user/dataset',
             IAMDatasetAdminRoleArn=f'arn:aws:iam::123456789012:role/dataset',
         )
+
+        set_context(RequestContext(db, user.userName, [group.name]))
         dataset = DatasetService.create_dataset(
             uri=env_with_perm.environmentUri,
+            admin_group=group.name,
             data=data,
         )
         assert dataset

From 73ff8669498b3ca7ba3a5eef5ef5572fd87ffd0b Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 12 May 2023 13:24:47 +0200
Subject: [PATCH 173/346] Fixed incorrect check

---
 backend/dataall/modules/loader.py | 26 +++++++++++++++++++-------
 tests/modules/test_loader.py      | 11 +++++++++--
 2 files changed, 28 insertions(+), 9 deletions(-)

diff --git a/backend/dataall/modules/loader.py b/backend/dataall/modules/loader.py
index 73b78f344..8fc03c0b4 100644
--- a/backend/dataall/modules/loader.py
+++ b/backend/dataall/modules/loader.py
@@ -79,7 +79,7 @@ def _load_modules():
     inactive = set()
     in_config = set()
     for name, props in modules.items():
-        in_config.add(name)
+
         if "active" not in props:
             raise ValueError(f"Status is not defined for {name} module")
 
@@ -90,6 +90,7 @@ def _load_modules():
             inactive.add(name)
             continue
 
+        in_config.add(name)
         if not _load_module(name):
             raise ValueError(f"Couldn't find module {name} under modules directory")
 
@@ -170,23 +171,34 @@ def _check_loading_correct(in_config: Set[str], modes: List[ImportMode]):
     initialization. But since ModuleInterface is not initializing properly (using depends_on)
     some functionality may work wrongly.
     """
-
-    expected_load = set(in_config)
+    expected_load = set()
     for module in _all_modules():
-        for dependency in module.depends_on():
-            expected_load.add(dependency.name())
+        if module.name() in in_config:
+            expected_load.add(module)
+
+    to_add = list(expected_load)
+    while to_add:
+        new_to_add = []
+        while to_add:
+            module = to_add.pop()
+            for dependency in module.depends_on():
+                if dependency not in expected_load:
+                    expected_load.add(dependency)
+                    new_to_add.append(dependency)
+        to_add = new_to_add
 
     for module in _all_modules():
-        if module.is_supported(modes) and module.name() not in expected_load:
+        if module.is_supported(modes) and module not in expected_load:
             raise ImportError(
                 f"ModuleInterface has not been initialized for module {module.name()}. "
                 "Declare the module in depends_on"
             )
 
+    loaded_module_names = {module.name() for module in expected_load}
     for module in sys.modules.keys():
         if module.startswith(_MODULE_PREFIX) and module != __name__:  # skip loader
             name = _get_module_name(module)
-            if name and name not in expected_load:
+            if name and name not in loaded_module_names:
                 raise ImportError(f"The package {module} has been imported, but it doesn't contain ModuleInterface")
 
 
diff --git a/tests/modules/test_loader.py b/tests/modules/test_loader.py
index e737c556d..f374c7763 100644
--- a/tests/modules/test_loader.py
+++ b/tests/modules/test_loader.py
@@ -13,6 +13,10 @@ class TestModule(ModuleInterface, ABC):
     def __init__(self):
         order.append(self.__class__)
 
+    @classmethod
+    def name(cls) -> str:
+        return cls.__name__
+
 
 class TestApiModule(TestModule):
     @staticmethod
@@ -98,7 +102,7 @@ def patch_loading(mocker, all_modules, in_config):
     )
     mocker.patch(
         'dataall.modules.loader._load_modules',
-        return_value=(in_config, {})
+        return_value=({module.name() for module in in_config}, {})
     )
 
 
@@ -131,7 +135,7 @@ def test_many_nested_layers(mocker):
 def test_complex_loading(mocker):
     patch_loading(mocker, [
         AModule, BModule, CModule, DModule, EModule, FModule, GModule, IModule, JModule, KModule
-    ], {AModule, CModule, JModule})
+    ], {CModule, FModule, GModule, IModule, KModule})
 
     loader.load_modules([ImportMode.API])
     assert order == [AModule, JModule, BModule, DModule, EModule, GModule, FModule, IModule, KModule]
@@ -142,4 +146,7 @@ def test_incorrect_loading(mocker):
     with pytest.raises(ImportError):
         loader.load_modules([ImportMode.API])
 
+    patch_loading(mocker, [AModule, BModule], {AModule})
+    with pytest.raises(ImportError):
+        loader.load_modules([ImportMode.API])
 

From cd340797e58984de2ac170422f8352e97f1c8805 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 12 May 2023 14:56:57 +0200
Subject: [PATCH 174/346] Fixed tests

---
 .../modules/datasets/api/table/resolvers.py    |  4 ++--
 .../db/dataset_profiling_repository.py         |  1 -
 .../datasets/db/dataset_table_repository.py    |  2 +-
 .../datasets/services/dataset_table_service.py |  8 ++++----
 tests/api/test_dataset_profiling.py            | 18 ++++++++++--------
 tests/db/test_permission.py                    |  8 ++++++++
 6 files changed, 25 insertions(+), 16 deletions(-)

diff --git a/backend/dataall/modules/datasets/api/table/resolvers.py b/backend/dataall/modules/datasets/api/table/resolvers.py
index d400f0b74..1ecae0cde 100644
--- a/backend/dataall/modules/datasets/api/table/resolvers.py
+++ b/backend/dataall/modules/datasets/api/table/resolvers.py
@@ -23,11 +23,11 @@ def list_dataset_tables(context, source, filter: dict = None):
 
 
 def get_table(context, source: Dataset, tableUri: str = None):
-    return DatasetTableService.get_table(table_uri=tableUri)
+    return DatasetTableService.get_table(uri=tableUri)
 
 
 def update_table(context, source, tableUri: str = None, input: dict = None):
-    return DatasetTableService.update_table(table_uri=tableUri, input=input)
+    return DatasetTableService.update_table(uri=tableUri, table_data=input)
 
 
 def delete_table(context, source, tableUri: str = None):
diff --git a/backend/dataall/modules/datasets/db/dataset_profiling_repository.py b/backend/dataall/modules/datasets/db/dataset_profiling_repository.py
index eb8a2b3ca..71a7c3016 100644
--- a/backend/dataall/modules/datasets/db/dataset_profiling_repository.py
+++ b/backend/dataall/modules/datasets/db/dataset_profiling_repository.py
@@ -95,7 +95,6 @@ def list_table_profiling_runs(session, table_uri):
                 )
             )
             .order_by(DatasetProfilingRun.created.desc())
-            .all()
         )
         return paginate(
             q, page=filter.get('page', 1), page_size=filter.get('pageSize', 20)
diff --git a/backend/dataall/modules/datasets/db/dataset_table_repository.py b/backend/dataall/modules/datasets/db/dataset_table_repository.py
index 63b6e7d63..b34c87dfa 100644
--- a/backend/dataall/modules/datasets/db/dataset_table_repository.py
+++ b/backend/dataall/modules/datasets/db/dataset_table_repository.py
@@ -72,7 +72,7 @@ def create_synced_table(session, dataset: Dataset, table: dict):
         )
         session.add(updated_table)
         session.commit()
-        return table
+        return updated_table
 
     @staticmethod
     def paginate_dataset_tables(session, dataset_uri, term, page, page_size) -> dict:
diff --git a/backend/dataall/modules/datasets/services/dataset_table_service.py b/backend/dataall/modules/datasets/services/dataset_table_service.py
index ab12d1131..99f3b4db1 100644
--- a/backend/dataall/modules/datasets/services/dataset_table_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_table_service.py
@@ -62,16 +62,16 @@ def list_dataset_tables(dataset_uri: str, term=None, page=1, pageSize=10):
 
     @staticmethod
     @has_tenant_permission(MANAGE_DATASETS)
-    def get_table(table_uri: str):
+    def get_table(uri: str):
         with get_context().db_engine.scoped_session() as session:
-            return DatasetTableRepository.get_dataset_table_by_uri(session, table_uri)
+            return DatasetTableRepository.get_dataset_table_by_uri(session, uri)
 
     @staticmethod
     @has_tenant_permission(MANAGE_DATASETS)
     @has_resource_permission(UPDATE_DATASET_TABLE, parent_resource=_get_dataset_uri)
-    def update_table(table_uri: str, table_data: dict = None):
+    def update_table(uri: str, table_data: dict = None):
         with get_context().db_engine.scoped_session() as session:
-            table = DatasetTableRepository.get_dataset_table_by_uri(session, table_uri)
+            table = DatasetTableRepository.get_dataset_table_by_uri(session, uri)
 
             for k in [attr for attr in table_data.keys() if attr != 'terms']:
                 setattr(table, k, table_data.get(k))
diff --git a/tests/api/test_dataset_profiling.py b/tests/api/test_dataset_profiling.py
index 345c9541e..852b4ea0b 100644
--- a/tests/api/test_dataset_profiling.py
+++ b/tests/api/test_dataset_profiling.py
@@ -1,3 +1,5 @@
+from unittest.mock import MagicMock
+
 import pytest
 
 from dataall.modules.datasets_base.db.models import DatasetProfilingRun, DatasetTable, Dataset
@@ -21,6 +23,14 @@ def dataset1(env1, org1, dataset, group, user) -> Dataset:
         org=org1, env=env1, name='dataset1', owner=user.userName, group=group.name
     )
 
+@pytest.fixture(scope='module', autouse=True)
+def patch_methods(module_mocker):
+    mock_client = MagicMock()
+    module_mocker.patch(
+        'dataall.modules.datasets.services.dataset_profiling_service.S3ProfilerClient', mock_client
+    )
+    mock_client().get_profiling_results_from_s3.return_value = '{"results": "yes"}'
+
 
 def test_add_tables(table, dataset1, db):
     for i in range(0, 10):
@@ -123,10 +133,6 @@ def test_get_profiling_run(client, dataset1, env1, module_mocker, db, group):
 def test_get_table_profiling_run(
     client, dataset1, env1, module_mocker, table, db, group
 ):
-    module_mocker.patch(
-        'dataall.modules.datasets.api.profiling.resolvers.get_profiling_results_from_s3',
-        return_value='{"results": "yes"}',
-    )
     runs = list_profiling_runs(client, dataset1, group)
     module_mocker.patch(
         'dataall.aws.handlers.service_handlers.Worker.queue',
@@ -163,10 +169,6 @@ def test_get_table_profiling_run(
 def test_list_table_profiling_runs(
     client, dataset1, env1, module_mocker, table, db, group
 ):
-    module_mocker.patch(
-        'dataall.modules.datasets.api.profiling.resolvers.get_profiling_results_from_s3',
-        return_value='{"results": "yes"}',
-    )
     module_mocker.patch('requests.post', return_value=True)
     runs = list_profiling_runs(client, dataset1, group)
     table1000 = table(dataset=dataset1, name='table1000', username=dataset1.owner)
diff --git a/tests/db/test_permission.py b/tests/db/test_permission.py
index 0016888e2..177f8fe2d 100644
--- a/tests/db/test_permission.py
+++ b/tests/db/test_permission.py
@@ -114,6 +114,14 @@ def env(org, db, group):
     yield env
 
 
+@pytest.fixture(scope='module', autouse=True)
+def patch_methods(module_mocker):
+    module_mocker.patch(
+        'dataall.modules.datasets.services.dataset_service.DatasetService._deploy_dataset_stack',
+        return_value=True
+    )
+
+
 @pytest.fixture(scope='module', autouse=True)
 def dataset(org, env, db, group):
     with db.scoped_session() as session:

From a92e8297a91836336993e8a1410a962ab40ad7f8 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 12 May 2023 15:21:05 +0200
Subject: [PATCH 175/346] Moved permissions related to sharing

---
 backend/dataall/db/api/environment.py         |  4 --
 backend/dataall/db/permissions.py             | 49 ---------------
 .../db/share_object_repository.py             | 45 +++++++-------
 .../services/dataset_share_service.py         |  3 +-
 .../services/share_permissions.py             | 59 +++++++++++++++++++
 .../datasets/services/dataset_service.py      |  2 +-
 tests/api/conftest.py                         |  9 +--
 7 files changed, 91 insertions(+), 80 deletions(-)
 create mode 100644 backend/dataall/modules/dataset_sharing/services/share_permissions.py

diff --git a/backend/dataall/db/api/environment.py b/backend/dataall/db/api/environment.py
index 0e5c1cb86..bba9c841d 100644
--- a/backend/dataall/db/api/environment.py
+++ b/backend/dataall/db/api/environment.py
@@ -301,9 +301,6 @@ def validate_permissions(session, uri, g_permissions, group):
         if permissions.ADD_ENVIRONMENT_CONSUMPTION_ROLES in g_permissions:
             g_permissions.append(permissions.LIST_ENVIRONMENT_CONSUMPTION_ROLES)
 
-        if permissions.CREATE_SHARE_OBJECT in g_permissions:
-            g_permissions.append(permissions.LIST_ENVIRONMENT_SHARED_WITH_OBJECTS)
-
         if permissions.CREATE_NETWORK in g_permissions:
             g_permissions.append(permissions.LIST_ENVIRONMENT_NETWORKS)
 
@@ -312,7 +309,6 @@ def validate_permissions(session, uri, g_permissions, group):
         g_permissions.append(permissions.LIST_ENVIRONMENT_GROUPS)
         g_permissions.append(permissions.LIST_ENVIRONMENT_GROUP_PERMISSIONS)
         g_permissions.append(permissions.LIST_ENVIRONMENT_REDSHIFT_CLUSTERS)
-        g_permissions.append(permissions.LIST_ENVIRONMENT_SHARED_WITH_OBJECTS)
         g_permissions.append(permissions.LIST_ENVIRONMENT_NETWORKS)
         g_permissions.append(permissions.CREDENTIALS_ENVIRONMENT)
 
diff --git a/backend/dataall/db/permissions.py b/backend/dataall/db/permissions.py
index bec9fd4cd..8fc4fa8fd 100644
--- a/backend/dataall/db/permissions.py
+++ b/backend/dataall/db/permissions.py
@@ -50,8 +50,6 @@
 ENABLE_ENVIRONMENT_SUBSCRIPTIONS = 'ENABLE_ENVIRONMENT_SUBSCRIPTIONS'
 DISABLE_ENVIRONMENT_SUBSCRIPTIONS = 'DISABLE_ENVIRONMENT_SUBSCRIPTIONS'
 RUN_ATHENA_QUERY = 'RUN_ATHENA_QUERY'
-CREATE_SHARE_OBJECT = 'CREATE_SHARE_OBJECT'
-LIST_ENVIRONMENT_SHARED_WITH_OBJECTS = 'LIST_ENVIRONMENT_SHARED_WITH_OBJECTS'
 CREATE_REDSHIFT_CLUSTER = 'CREATE_REDSHIFT_CLUSTER'
 LIST_ENVIRONMENT_REDSHIFT_CLUSTERS = 'LIST_ENVIRONMENT_REDSHIFT_CLUSTERS'
 CREATE_SGMSTUDIO_NOTEBOOK = 'CREATE_SGMSTUDIO_NOTEBOOK'
@@ -69,8 +67,6 @@
     GET_ENVIRONMENT,
     LIST_ENVIRONMENT_GROUPS,
     LIST_ENVIRONMENT_CONSUMPTION_ROLES,
-    CREATE_SHARE_OBJECT,
-    LIST_ENVIRONMENT_SHARED_WITH_OBJECTS,
     RUN_ATHENA_QUERY,
     CREATE_REDSHIFT_CLUSTER,
     LIST_ENVIRONMENT_REDSHIFT_CLUSTERS,
@@ -88,7 +84,6 @@
 ENVIRONMENT_INVITATION_REQUEST = [
     INVITE_ENVIRONMENT_GROUP,
     ADD_ENVIRONMENT_CONSUMPTION_ROLES,
-    CREATE_SHARE_OBJECT,
     CREATE_REDSHIFT_CLUSTER,
     CREATE_SGMSTUDIO_NOTEBOOK,
     CREATE_DASHBOARD,
@@ -110,10 +105,8 @@
     ENABLE_ENVIRONMENT_SUBSCRIPTIONS,
     DISABLE_ENVIRONMENT_SUBSCRIPTIONS,
     RUN_ATHENA_QUERY,
-    CREATE_SHARE_OBJECT,
     CREATE_REDSHIFT_CLUSTER,
     LIST_ENVIRONMENT_REDSHIFT_CLUSTERS,
-    LIST_ENVIRONMENT_SHARED_WITH_OBJECTS,
     CREATE_SGMSTUDIO_NOTEBOOK,
     LIST_ENVIRONMENT_SGMSTUDIO_NOTEBOOKS,
     CREATE_DASHBOARD,
@@ -135,46 +128,6 @@
     REMOVE_ENVIRONMENT_CONSUMPTION_ROLE
 ]
 
-"""
-SHARE OBJECT
-"""
-ADD_ITEM = 'ADD_ITEM'
-REMOVE_ITEM = 'REMOVE_ITEM'
-SUBMIT_SHARE_OBJECT = 'SUBMIT_SHARE_OBJECT'
-APPROVE_SHARE_OBJECT = 'APPROVE_SHARE_OBJECT'
-REJECT_SHARE_OBJECT = 'REJECT_SHARE_OBJECT'
-DELETE_SHARE_OBJECT = 'DELETE_SHARE_OBJECT'
-GET_SHARE_OBJECT = 'GET_SHARE_OBJECT'
-LIST_SHARED_ITEMS = 'LIST_SHARED_ITEMS'
-SHARE_OBJECT_REQUESTER = [
-    ADD_ITEM,
-    REMOVE_ITEM,
-    SUBMIT_SHARE_OBJECT,
-    GET_SHARE_OBJECT,
-    LIST_SHARED_ITEMS,
-    DELETE_SHARE_OBJECT,
-]
-SHARE_OBJECT_APPROVER = [
-    ADD_ITEM,
-    REMOVE_ITEM,
-    SUBMIT_SHARE_OBJECT,
-    APPROVE_SHARE_OBJECT,
-    REJECT_SHARE_OBJECT,
-    DELETE_SHARE_OBJECT,
-    GET_SHARE_OBJECT,
-    LIST_SHARED_ITEMS,
-]
-SHARE_OBJECT_ALL = [
-    ADD_ITEM,
-    REMOVE_ITEM,
-    SUBMIT_SHARE_OBJECT,
-    APPROVE_SHARE_OBJECT,
-    REJECT_SHARE_OBJECT,
-    DELETE_SHARE_OBJECT,
-    GET_SHARE_OBJECT,
-    LIST_SHARED_ITEMS,
-]
-
 """
 GLOSSARIES
 """
@@ -327,7 +280,6 @@
     ORGANIZATION_ALL
     + ENVIRONMENT_ALL
     + CONSUMPTION_ROLE_ALL
-    + SHARE_OBJECT_ALL
     + REDSHIFT_CLUSTER_ALL
     + GLOSSARY_ALL
     + SGMSTUDIO_NOTEBOOK_ALL
@@ -343,6 +295,5 @@
 RESOURCES_ALL_WITH_DESC[CREATE_SGMSTUDIO_NOTEBOOK] = 'Create ML Studio profiles on this environment'
 RESOURCES_ALL_WITH_DESC[INVITE_ENVIRONMENT_GROUP] = 'Invite other teams to this environment'
 RESOURCES_ALL_WITH_DESC[ADD_ENVIRONMENT_CONSUMPTION_ROLES] = 'Add IAM consumption roles to this environment'
-RESOURCES_ALL_WITH_DESC[CREATE_SHARE_OBJECT] = 'Request datasets access for this environment'
 RESOURCES_ALL_WITH_DESC[CREATE_PIPELINE] = 'Create pipelines on this environment'
 RESOURCES_ALL_WITH_DESC[CREATE_NETWORK] = 'Create networks on this environment'
diff --git a/backend/dataall/modules/dataset_sharing/db/share_object_repository.py b/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
index e2a9ddc8f..5abbe6134 100644
--- a/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
+++ b/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
@@ -9,11 +9,14 @@
     Environment,
 )
 from dataall.db import api, utils
-from dataall.db import models, exceptions, permissions, paginate
+from dataall.db import models, exceptions, paginate
 from dataall.db.models.Enums import PrincipalType
 from dataall.modules.dataset_sharing.db.enums import ShareObjectActions, ShareObjectStatus, ShareItemActions, \
     ShareItemStatus, ShareableType
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
+from dataall.modules.dataset_sharing.services.share_permissions import SHARE_OBJECT_REQUESTER, SHARE_OBJECT_APPROVER, \
+    CREATE_SHARE_OBJECT, SUBMIT_SHARE_OBJECT, ADD_ITEM, GET_SHARE_OBJECT, APPROVE_SHARE_OBJECT, REMOVE_ITEM, \
+    DELETE_SHARE_OBJECT, LIST_SHARED_ITEMS, REJECT_SHARE_OBJECT
 from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base.db.models import DatasetStorageLocation, DatasetTable, Dataset
 from dataall.modules.dataset_sharing.services.share_notification_service import ShareNotificationService
@@ -321,7 +324,7 @@ def get_share_item_revokable_states():
 
 class ShareObjectRepository:
     @staticmethod
-    @has_resource_perm(permissions.CREATE_SHARE_OBJECT)
+    @has_resource_perm(CREATE_SHARE_OBJECT)
     def create_share_object(
         session,
         username: str,
@@ -355,7 +358,7 @@ def create_share_object(
 
         if environment.region != dataset.region:
             raise exceptions.UnauthorizedOperation(
-                action=permissions.CREATE_SHARE_OBJECT,
+                action=CREATE_SHARE_OBJECT,
                 message=f'Requester Team {groupUri} works in region {environment.region} and the requested dataset is stored in region {dataset.region}',
             )
 
@@ -378,7 +381,7 @@ def create_share_object(
             dataset.stewards == groupUri or dataset.SamlAdminGroupName == groupUri
         ) and environment.environmentUri == dataset.environmentUri and principalType == models.PrincipalType.Group.value:
             raise exceptions.UnauthorizedOperation(
-                action=permissions.CREATE_SHARE_OBJECT,
+                action=CREATE_SHARE_OBJECT,
                 message=f'Team: {groupUri} is managing the dataset {dataset.name}',
             )
 
@@ -476,14 +479,14 @@ def create_share_object(
         ResourcePolicy.attach_resource_policy(
             session=session,
             group=groupUri,
-            permissions=permissions.SHARE_OBJECT_REQUESTER,
+            permissions=SHARE_OBJECT_REQUESTER,
             resource_uri=share.shareUri,
             resource_type=ShareObject.__name__,
         )
         ResourcePolicy.attach_resource_policy(
             session=session,
             group=dataset.SamlAdminGroupName,
-            permissions=permissions.SHARE_OBJECT_REQUESTER,
+            permissions=SHARE_OBJECT_REQUESTER,
             resource_uri=share.shareUri,
             resource_type=ShareObject.__name__,
         )
@@ -491,7 +494,7 @@ def create_share_object(
             ResourcePolicy.attach_resource_policy(
                 session=session,
                 group=environment.SamlGroupName,
-                permissions=permissions.SHARE_OBJECT_REQUESTER,
+                permissions=SHARE_OBJECT_REQUESTER,
                 resource_uri=share.shareUri,
                 resource_type=ShareObject.__name__,
             )
@@ -500,7 +503,7 @@ def create_share_object(
         ResourcePolicy.attach_resource_policy(
             session=session,
             group=dataset.stewards,
-            permissions=permissions.SHARE_OBJECT_APPROVER,
+            permissions=SHARE_OBJECT_APPROVER,
             resource_uri=share.shareUri,
             resource_type=ShareObject.__name__,
         )
@@ -512,7 +515,7 @@ def validate_group_membership(
     ):
         if share_object_group and share_object_group not in groups:
             raise exceptions.UnauthorizedOperation(
-                action=permissions.CREATE_SHARE_OBJECT,
+                action=CREATE_SHARE_OBJECT,
                 message=f'User: {username} is not a member of the team {share_object_group}',
             )
         if share_object_group not in Environment.list_environment_groups(
@@ -524,12 +527,12 @@ def validate_group_membership(
             check_perm=True,
         ):
             raise exceptions.UnauthorizedOperation(
-                action=permissions.CREATE_SHARE_OBJECT,
+                action=CREATE_SHARE_OBJECT,
                 message=f'Team: {share_object_group} is not a member of the environment {environment_uri}',
             )
 
     @staticmethod
-    @has_resource_perm(permissions.SUBMIT_SHARE_OBJECT)
+    @has_resource_perm(SUBMIT_SHARE_OBJECT)
     def submit_share_object(
         session,
         username: str,
@@ -567,7 +570,7 @@ def submit_share_object(
         return share
 
     @staticmethod
-    @has_resource_perm(permissions.APPROVE_SHARE_OBJECT)
+    @has_resource_perm(APPROVE_SHARE_OBJECT)
     def approve_share_object(
         session,
         username: str,
@@ -613,7 +616,7 @@ def approve_share_object(
         return share
 
     @staticmethod
-    @has_resource_perm(permissions.REJECT_SHARE_OBJECT)
+    @has_resource_perm(REJECT_SHARE_OBJECT)
     def reject_share_object(
         session,
         username: str,
@@ -648,7 +651,7 @@ def reject_share_object(
         return share
 
     @staticmethod
-    @has_resource_perm(permissions.GET_SHARE_OBJECT)
+    @has_resource_perm(GET_SHARE_OBJECT)
     def revoke_items_share_object(
         session,
         username: str,
@@ -692,7 +695,7 @@ def revoke_items_share_object(
         return share
 
     @staticmethod
-    @has_resource_perm(permissions.GET_SHARE_OBJECT)
+    @has_resource_perm(GET_SHARE_OBJECT)
     def get_share_object(
         session,
         username: str,
@@ -708,7 +711,7 @@ def get_share_object(
         return share
 
     @staticmethod
-    @has_resource_perm(permissions.GET_SHARE_OBJECT)
+    @has_resource_perm(GET_SHARE_OBJECT)
     def get_share_item(
         session,
         username: str,
@@ -744,7 +747,7 @@ def get_share_by_dataset_attributes(session, dataset_uri, dataset_owner):
         return share
 
     @staticmethod
-    @has_resource_perm(permissions.ADD_ITEM)
+    @has_resource_perm(ADD_ITEM)
     def add_share_object_item(
         session,
         username: str,
@@ -770,7 +773,7 @@ def add_share_object_item(
             item: DatasetTable = session.query(DatasetTable).get(itemUri)
             if item and item.region != target_environment.region:
                 raise exceptions.UnauthorizedOperation(
-                    action=permissions.ADD_ITEM,
+                    action=ADD_ITEM,
                     message=f'Lake Formation cross region sharing is not supported. '
                     f'Table {item.GlueTableName} is in {item.region} and target environment '
                     f'{target_environment.name} is in {target_environment.region} ',
@@ -821,7 +824,7 @@ def add_share_object_item(
         return shareItem
 
     @staticmethod
-    @has_resource_perm(permissions.REMOVE_ITEM)
+    @has_resource_perm(REMOVE_ITEM)
     def remove_share_object_item(
         session,
         username: str,
@@ -847,7 +850,7 @@ def remove_share_object_item(
         return True
 
     @staticmethod
-    @has_resource_perm(permissions.DELETE_SHARE_OBJECT)
+    @has_resource_perm(DELETE_SHARE_OBJECT)
     def delete_share_object(session, username, groups, uri, data=None, check_perm=None):
         share: ShareObject = ShareObjectRepository.get_share_by_uri(session, uri)
         share_items_states = ShareObjectRepository.get_share_items_states(session, uri)
@@ -924,7 +927,7 @@ def get_share_item_by_uri(session, uri):
         return share_item
 
     @staticmethod
-    @has_resource_perm(permissions.LIST_SHARED_ITEMS)
+    @has_resource_perm(LIST_SHARED_ITEMS)
     def list_shared_items(session, username, groups, uri, data=None, check_perm=None):
         share: ShareObject = ShareObjectRepository.get_share_by_uri(session, uri)
         query = session.query(ShareObjectItem).filter(
diff --git a/backend/dataall/modules/dataset_sharing/services/dataset_share_service.py b/backend/dataall/modules/dataset_sharing/services/dataset_share_service.py
index f40437d89..80a0d9998 100644
--- a/backend/dataall/modules/dataset_sharing/services/dataset_share_service.py
+++ b/backend/dataall/modules/dataset_sharing/services/dataset_share_service.py
@@ -8,13 +8,14 @@
 from dataall.modules.dataset_sharing.db.enums import ShareableType
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
 from dataall.modules.dataset_sharing.db.share_object_repository import ShareItemSM
+from dataall.modules.dataset_sharing.services.share_permissions import LIST_ENVIRONMENT_SHARED_WITH_OBJECTS
 from dataall.modules.datasets_base.db.models import DatasetStorageLocation, DatasetTable, Dataset
 
 
 class DatasetShareService:
 
     @staticmethod
-    @has_resource_perm(permissions.LIST_ENVIRONMENT_SHARED_WITH_OBJECTS)
+    @has_resource_perm(LIST_ENVIRONMENT_SHARED_WITH_OBJECTS)
     def paginated_shared_with_environment_datasets(
             session, username, groups, uri, data=None, check_perm=None
     ) -> dict:
diff --git a/backend/dataall/modules/dataset_sharing/services/share_permissions.py b/backend/dataall/modules/dataset_sharing/services/share_permissions.py
new file mode 100644
index 000000000..5ae4071da
--- /dev/null
+++ b/backend/dataall/modules/dataset_sharing/services/share_permissions.py
@@ -0,0 +1,59 @@
+"""
+SHARE OBJECT
+"""
+from dataall.db.permissions import ENVIRONMENT_INVITED, ENVIRONMENT_INVITATION_REQUEST, ENVIRONMENT_ALL, RESOURCES_ALL, \
+    RESOURCES_ALL_WITH_DESC
+
+ADD_ITEM = 'ADD_ITEM'
+REMOVE_ITEM = 'REMOVE_ITEM'
+SUBMIT_SHARE_OBJECT = 'SUBMIT_SHARE_OBJECT'
+APPROVE_SHARE_OBJECT = 'APPROVE_SHARE_OBJECT'
+REJECT_SHARE_OBJECT = 'REJECT_SHARE_OBJECT'
+DELETE_SHARE_OBJECT = 'DELETE_SHARE_OBJECT'
+GET_SHARE_OBJECT = 'GET_SHARE_OBJECT'
+LIST_SHARED_ITEMS = 'LIST_SHARED_ITEMS'
+SHARE_OBJECT_REQUESTER = [
+    ADD_ITEM,
+    REMOVE_ITEM,
+    SUBMIT_SHARE_OBJECT,
+    GET_SHARE_OBJECT,
+    LIST_SHARED_ITEMS,
+    DELETE_SHARE_OBJECT,
+]
+SHARE_OBJECT_APPROVER = [
+    ADD_ITEM,
+    REMOVE_ITEM,
+    SUBMIT_SHARE_OBJECT,
+    APPROVE_SHARE_OBJECT,
+    REJECT_SHARE_OBJECT,
+    DELETE_SHARE_OBJECT,
+    GET_SHARE_OBJECT,
+    LIST_SHARED_ITEMS,
+]
+SHARE_OBJECT_ALL = [
+    ADD_ITEM,
+    REMOVE_ITEM,
+    SUBMIT_SHARE_OBJECT,
+    APPROVE_SHARE_OBJECT,
+    REJECT_SHARE_OBJECT,
+    DELETE_SHARE_OBJECT,
+    GET_SHARE_OBJECT,
+    LIST_SHARED_ITEMS,
+]
+
+CREATE_SHARE_OBJECT = 'CREATE_SHARE_OBJECT'
+LIST_ENVIRONMENT_SHARED_WITH_OBJECTS = 'LIST_ENVIRONMENT_SHARED_WITH_OBJECTS'
+
+ENVIRONMENT_INVITED.append(CREATE_SHARE_OBJECT)
+ENVIRONMENT_INVITED.append(LIST_ENVIRONMENT_SHARED_WITH_OBJECTS)
+ENVIRONMENT_INVITATION_REQUEST.append(CREATE_SHARE_OBJECT)
+ENVIRONMENT_INVITATION_REQUEST.append(LIST_ENVIRONMENT_SHARED_WITH_OBJECTS)
+ENVIRONMENT_ALL.append(CREATE_SHARE_OBJECT)
+ENVIRONMENT_ALL.append(LIST_ENVIRONMENT_SHARED_WITH_OBJECTS)
+
+RESOURCES_ALL.extend(SHARE_OBJECT_ALL)
+for perm in SHARE_OBJECT_ALL:
+    RESOURCES_ALL_WITH_DESC[perm] = perm
+
+RESOURCES_ALL_WITH_DESC[CREATE_SHARE_OBJECT] = 'Request datasets access for this environment'
+RESOURCES_ALL_WITH_DESC[LIST_ENVIRONMENT_SHARED_WITH_OBJECTS] = LIST_ENVIRONMENT_SHARED_WITH_OBJECTS
diff --git a/backend/dataall/modules/datasets/services/dataset_service.py b/backend/dataall/modules/datasets/services/dataset_service.py
index 689fe951e..643bbff39 100644
--- a/backend/dataall/modules/datasets/services/dataset_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_service.py
@@ -10,9 +10,9 @@
 from dataall.db.api import Vote, ResourcePolicy, KeyValueTag, Stack, Environment
 from dataall.db.exceptions import AWSResourceNotFound, UnauthorizedOperation
 from dataall.db.models import Task
-from dataall.db.permissions import SHARE_OBJECT_APPROVER
 from dataall.modules.dataset_sharing.db.models import ShareObject
 from dataall.modules.dataset_sharing.db.share_object_repository import ShareObjectRepository
+from dataall.modules.dataset_sharing.services.share_permissions import SHARE_OBJECT_APPROVER
 from dataall.modules.datasets import DatasetIndexer, DatasetTableIndexer
 from dataall.modules.datasets.aws.glue_dataset_client import DatasetCrawler
 from dataall.modules.datasets.aws.s3_dataset_client import S3DatasetClient
diff --git a/tests/api/conftest.py b/tests/api/conftest.py
index 931fc26c9..9e8ec5996 100644
--- a/tests/api/conftest.py
+++ b/tests/api/conftest.py
@@ -1,6 +1,7 @@
 import dataall.searchproxy.indexers
 from dataall.modules.dataset_sharing.db.enums import ShareableType
 from dataall.modules.dataset_sharing.db.models import ShareObject, ShareObjectItem
+from dataall.modules.dataset_sharing.services.share_permissions import SHARE_OBJECT_REQUESTER, SHARE_OBJECT_APPROVER
 from .client import *
 from dataall.db import models
 from dataall.api import constants
@@ -476,21 +477,21 @@ def factory(
             dataall.db.api.ResourcePolicy.attach_resource_policy(
                 session=session,
                 group=env_group.groupUri,
-                permissions=dataall.db.permissions.SHARE_OBJECT_REQUESTER,
+                permissions=SHARE_OBJECT_REQUESTER,
                 resource_uri=share.shareUri,
                 resource_type=ShareObject.__name__,
             )
             dataall.db.api.ResourcePolicy.attach_resource_policy(
                 session=session,
                 group=dataset.SamlAdminGroupName,
-                permissions=dataall.db.permissions.SHARE_OBJECT_REQUESTER,
+                permissions=SHARE_OBJECT_REQUESTER,
                 resource_uri=share.shareUri,
                 resource_type=ShareObject.__name__,
             )
             dataall.db.api.ResourcePolicy.attach_resource_policy(
                 session=session,
                 group=dataset.stewards,
-                permissions=dataall.db.permissions.SHARE_OBJECT_APPROVER,
+                permissions=SHARE_OBJECT_APPROVER,
                 resource_uri=share.shareUri,
                 resource_type=ShareObject.__name__,
             )
@@ -498,7 +499,7 @@ def factory(
                 dataall.db.api.ResourcePolicy.attach_resource_policy(
                     session=session,
                     group=environment.SamlGroupName,
-                    permissions=dataall.db.permissions.SHARE_OBJECT_REQUESTER,
+                    permissions=SHARE_OBJECT_REQUESTER,
                     resource_uri=share.shareUri,
                     resource_type=ShareObject.__name__,
                 )

From afc8a735620c492c50802cd404bbdf4bd1c72f09 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 12 May 2023 15:32:57 +0200
Subject: [PATCH 176/346] Migrated to a new permission API

---
 .../modules/dataset_sharing/api/resolvers.py  | 37 +----------
 .../db/share_object_repository.py             | 61 +++++--------------
 2 files changed, 17 insertions(+), 81 deletions(-)

diff --git a/backend/dataall/modules/dataset_sharing/api/resolvers.py b/backend/dataall/modules/dataset_sharing/api/resolvers.py
index c21432437..94555b6ab 100644
--- a/backend/dataall/modules/dataset_sharing/api/resolvers.py
+++ b/backend/dataall/modules/dataset_sharing/api/resolvers.py
@@ -51,7 +51,6 @@ def create_share_object(
             groups=context.groups,
             uri=environment.environmentUri,
             data=input,
-            check_perm=True,
         )
 
 
@@ -60,10 +59,7 @@ def submit_share_object(context: Context, source, shareUri: str = None):
         return ShareObjectRepository.submit_share_object(
             session=session,
             username=context.username,
-            groups=context.groups,
             uri=shareUri,
-            data=None,
-            check_perm=True,
         )
 
 
@@ -72,10 +68,7 @@ def approve_share_object(context: Context, source, shareUri: str = None):
         share = ShareObjectRepository.approve_share_object(
             session=session,
             username=context.username,
-            groups=context.groups,
             uri=shareUri,
-            data=None,
-            check_perm=True,
         )
 
         approve_share_task: models.Task = models.Task(
@@ -95,10 +88,7 @@ def reject_share_object(context: Context, source, shareUri: str = None):
         return ShareObjectRepository.reject_share_object(
             session=session,
             username=context.username,
-            groups=context.groups,
             uri=shareUri,
-            data=None,
-            check_perm=True,
         )
 
 
@@ -107,10 +97,8 @@ def revoke_items_share_object(context: Context, source, input):
         share = ShareObjectRepository.revoke_items_share_object(
             session=session,
             username=context.username,
-            groups=context.groups,
             uri=input.get("shareUri"),
             data=input,
-            check_perm=True,
         )
 
         revoke_share_task: models.Task = models.Task(
@@ -131,13 +119,7 @@ def delete_share_object(context: Context, source, shareUri: str = None):
         if not share:
             raise db.exceptions.ObjectNotFound('ShareObject', shareUri)
 
-        ShareObjectRepository.delete_share_object(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            uri=shareUri,
-            check_perm=True,
-        )
+        ShareObjectRepository.delete_share_object(session=session, uri=shareUri)
 
     return True
 
@@ -147,10 +129,8 @@ def add_shared_item(context, source, shareUri: str = None, input: dict = None):
         share_item = ShareObjectRepository.add_share_object_item(
             session=session,
             username=context.username,
-            groups=context.groups,
             uri=shareUri,
             data=input,
-            check_perm=True,
         )
     return share_item
 
@@ -165,15 +145,12 @@ def remove_shared_item(context, source, shareItemUri: str = None):
         share = ShareObjectRepository.get_share_by_uri(session, share_item.shareUri)
         ShareObjectRepository.remove_share_object_item(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=share.shareUri,
             data={
                 'shareItemUri': shareItemUri,
                 'share_item': share_item,
                 'share': share,
-            },
-            check_perm=True,
+            }
         )
     return True
 
@@ -189,10 +166,7 @@ def list_shared_items(
         return ShareObjectRepository.list_shared_items(
             session=session,
             username=context.username,
-            groups=context.groups,
-            uri=source.shareUri,
             data=filter,
-            check_perm=True,
         )
 
 
@@ -202,11 +176,8 @@ def resolve_shared_item(context, source: ShareObjectItem, **kwargs):
     with context.engine.scoped_session() as session:
         return ShareObjectRepository.get_share_item(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=source.shareUri,
             data={'share_item': source},
-            check_perm=True,
         )
 
 
@@ -214,11 +185,7 @@ def get_share_object(context, source, shareUri: str = None):
     with context.engine.scoped_session() as session:
         return ShareObjectRepository.get_share_object(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=shareUri,
-            data=None,
-            check_perm=True,
         )
 
 
diff --git a/backend/dataall/modules/dataset_sharing/db/share_object_repository.py b/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
index 5abbe6134..d90318329 100644
--- a/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
+++ b/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
@@ -3,8 +3,8 @@
 from sqlalchemy import and_, or_, func, case
 from sqlalchemy.orm import Query
 
+from dataall.core.permission_checker import has_resource_permission
 from dataall.db.api import (
-    has_resource_perm,
     ResourcePolicy,
     Environment,
 )
@@ -324,14 +324,13 @@ def get_share_item_revokable_states():
 
 class ShareObjectRepository:
     @staticmethod
-    @has_resource_perm(CREATE_SHARE_OBJECT)
+    @has_resource_permission(CREATE_SHARE_OBJECT)
     def create_share_object(
         session,
         username: str,
         groups: [str],
         uri: str,
         data: dict = None,
-        check_perm: bool = False,
     ) -> ShareObject:
         if not data:
             raise exceptions.RequiredParameter(data)
@@ -532,14 +531,11 @@ def validate_group_membership(
             )
 
     @staticmethod
-    @has_resource_perm(SUBMIT_SHARE_OBJECT)
+    @has_resource_permission(SUBMIT_SHARE_OBJECT)
     def submit_share_object(
         session,
         username: str,
-        groups: [str],
         uri: str,
-        data: dict = None,
-        check_perm: bool = False,
     ) -> ShareObject:
         share = ShareObjectRepository.get_share_by_uri(session, uri)
         dataset = DatasetRepository.get_dataset_by_uri(session, share.datasetUri)
@@ -570,14 +566,11 @@ def submit_share_object(
         return share
 
     @staticmethod
-    @has_resource_perm(APPROVE_SHARE_OBJECT)
+    @has_resource_permission(APPROVE_SHARE_OBJECT)
     def approve_share_object(
         session,
         username: str,
-        groups: [str],
         uri: str,
-        data: dict = None,
-        check_perm: bool = False,
     ) -> ShareObject:
         share = ShareObjectRepository.get_share_by_uri(session, uri)
         dataset = DatasetRepository.get_dataset_by_uri(session, share.datasetUri)
@@ -616,14 +609,11 @@ def approve_share_object(
         return share
 
     @staticmethod
-    @has_resource_perm(REJECT_SHARE_OBJECT)
+    @has_resource_permission(REJECT_SHARE_OBJECT)
     def reject_share_object(
         session,
         username: str,
-        groups: [str],
         uri: str,
-        data: dict = None,
-        check_perm: bool = False,
     ) -> ShareObject:
 
         share = ShareObjectRepository.get_share_by_uri(session, uri)
@@ -651,14 +641,12 @@ def reject_share_object(
         return share
 
     @staticmethod
-    @has_resource_perm(GET_SHARE_OBJECT)
+    @has_resource_permission(GET_SHARE_OBJECT)
     def revoke_items_share_object(
         session,
         username: str,
-        groups: [str],
         uri: str,
         data: dict = None,
-        check_perm: bool = False,
     ) -> ShareObject:
 
         share = ShareObjectRepository.get_share_by_uri(session, uri)
@@ -695,15 +683,8 @@ def revoke_items_share_object(
         return share
 
     @staticmethod
-    @has_resource_perm(GET_SHARE_OBJECT)
-    def get_share_object(
-        session,
-        username: str,
-        groups: [str],
-        uri: str,
-        data: dict = None,
-        check_perm: bool = False,
-    ):
+    @has_resource_permission(GET_SHARE_OBJECT)
+    def get_share_object(session, uri: str):
         share = session.query(ShareObject).get(uri)
         if not share:
             raise exceptions.ObjectNotFound('Share', uri)
@@ -711,14 +692,11 @@ def get_share_object(
         return share
 
     @staticmethod
-    @has_resource_perm(GET_SHARE_OBJECT)
+    @has_resource_permission(GET_SHARE_OBJECT)
     def get_share_item(
         session,
-        username: str,
-        groups: [str],
         uri: str,
         data: dict = None,
-        check_perm: bool = False,
     ):
         share_item: ShareObjectItem = data.get(
             'share_item',
@@ -747,14 +725,12 @@ def get_share_by_dataset_attributes(session, dataset_uri, dataset_owner):
         return share
 
     @staticmethod
-    @has_resource_perm(ADD_ITEM)
+    @has_resource_permission(ADD_ITEM)
     def add_share_object_item(
         session,
         username: str,
-        groups: [str],
         uri: str,
         data: dict = None,
-        check_perm: bool = False,
     ) -> ShareObjectItem:
         itemType = data.get('itemType')
         itemUri = data.get('itemUri')
@@ -824,24 +800,17 @@ def add_share_object_item(
         return shareItem
 
     @staticmethod
-    @has_resource_perm(REMOVE_ITEM)
+    @has_resource_permission(REMOVE_ITEM)
     def remove_share_object_item(
         session,
-        username: str,
-        groups: [str],
         uri: str,
         data: dict = None,
-        check_perm: bool = False,
     ) -> bool:
 
         share_item: ShareObjectItem = data.get(
             'share_item',
             ShareObjectRepository.get_share_item_by_uri(session, data['shareItemUri']),
         )
-        share: ShareObject = data.get(
-            'share',
-            ShareObjectRepository.get_share_by_uri(session, uri),
-        )
 
         Item_SM = ShareItemSM(share_item.status)
         newstatus = Item_SM.run_transition(ShareItemActions.RemoveItem.value)
@@ -850,8 +819,8 @@ def remove_share_object_item(
         return True
 
     @staticmethod
-    @has_resource_perm(DELETE_SHARE_OBJECT)
-    def delete_share_object(session, username, groups, uri, data=None, check_perm=None):
+    @has_resource_permission(DELETE_SHARE_OBJECT)
+    def delete_share_object(session, uri):
         share: ShareObject = ShareObjectRepository.get_share_by_uri(session, uri)
         share_items_states = ShareObjectRepository.get_share_items_states(session, uri)
         shared_share_items_states = [x for x in ShareItemSM.get_share_item_shared_states() if x in share_items_states]
@@ -927,8 +896,8 @@ def get_share_item_by_uri(session, uri):
         return share_item
 
     @staticmethod
-    @has_resource_perm(LIST_SHARED_ITEMS)
-    def list_shared_items(session, username, groups, uri, data=None, check_perm=None):
+    @has_resource_permission(LIST_SHARED_ITEMS)
+    def list_shared_items(session, uri, data=None):
         share: ShareObject = ShareObjectRepository.get_share_by_uri(session, uri)
         query = session.query(ShareObjectItem).filter(
             ShareObjectItem.shareUri == share.shareUri,

From bfce1cbe22de9dbe13298501c06246f48158a9fe Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 12 May 2023 15:39:19 +0200
Subject: [PATCH 177/346] Returned filter back

---
 .../dataall/modules/datasets/api/table/resolvers.py  |  2 +-
 .../modules/datasets/api/table_column/resolvers.py   |  2 +-
 .../modules/datasets/db/dataset_column_repository.py | 11 ++++++++---
 .../modules/datasets/db/dataset_table_repository.py  | 12 ++++++++----
 .../datasets/services/dataset_column_service.py      |  4 ++--
 .../datasets/services/dataset_table_service.py       |  4 ++--
 6 files changed, 22 insertions(+), 13 deletions(-)

diff --git a/backend/dataall/modules/datasets/api/table/resolvers.py b/backend/dataall/modules/datasets/api/table/resolvers.py
index 1ecae0cde..c2a7ed3d1 100644
--- a/backend/dataall/modules/datasets/api/table/resolvers.py
+++ b/backend/dataall/modules/datasets/api/table/resolvers.py
@@ -19,7 +19,7 @@ def list_dataset_tables(context, source, filter: dict = None):
         return None
     if not filter:
         filter = {}
-    return DatasetTableService.list_dataset_tables(dataset_uri=source.datasetUri, **filter)
+    return DatasetTableService.list_dataset_tables(dataset_uri=source.datasetUri, filter=filter)
 
 
 def get_table(context, source: Dataset, tableUri: str = None):
diff --git a/backend/dataall/modules/datasets/api/table_column/resolvers.py b/backend/dataall/modules/datasets/api/table_column/resolvers.py
index a11a6539d..b4e6ca0df 100644
--- a/backend/dataall/modules/datasets/api/table_column/resolvers.py
+++ b/backend/dataall/modules/datasets/api/table_column/resolvers.py
@@ -14,7 +14,7 @@ def list_table_columns(
         tableUri = source.tableUri
     if not filter:
         filter = {}
-    DatasetColumnService.paginate_active_columns_for_table(tableUri, **filter)
+    DatasetColumnService.paginate_active_columns_for_table(tableUri, filter)
 
 
 def sync_table_columns(context: Context, source, tableUri: str = None):
diff --git a/backend/dataall/modules/datasets/db/dataset_column_repository.py b/backend/dataall/modules/datasets/db/dataset_column_repository.py
index 9caf3fa0e..b4ae5e6ed 100644
--- a/backend/dataall/modules/datasets/db/dataset_column_repository.py
+++ b/backend/dataall/modules/datasets/db/dataset_column_repository.py
@@ -19,7 +19,7 @@ def save_and_commit(session, column: DatasetTableColumn):
         session.commit()
 
     @staticmethod
-    def paginate_active_columns_for_table(session, table_uri: str, term, page, page_size):
+    def paginate_active_columns_for_table(session, table_uri: str, filter: dict):
         q = (
             session.query(DatasetTableColumn)
             .filter(
@@ -29,7 +29,8 @@ def paginate_active_columns_for_table(session, table_uri: str, term, page, page_
             .order_by(DatasetTableColumn.columnType.asc())
         )
 
-        if term:
+        if 'term' in filter:
+            term = filter['term']
             q = q.filter(
                 or_(
                     DatasetTableColumn.label.ilike('%' + term + '%'),
@@ -37,6 +38,10 @@ def paginate_active_columns_for_table(session, table_uri: str, term, page, page_
                 )
             ).order_by(DatasetTableColumn.columnType.asc())
 
-        return paginate(q, page=page, page_size=page_size).to_dict()
+        return paginate(
+            query=q,
+            page=filter.get('page', 1),
+            page_size=filter.get('pageSize', 10)
+        ).to_dict()
 
 
diff --git a/backend/dataall/modules/datasets/db/dataset_table_repository.py b/backend/dataall/modules/datasets/db/dataset_table_repository.py
index b34c87dfa..9fb6eeec7 100644
--- a/backend/dataall/modules/datasets/db/dataset_table_repository.py
+++ b/backend/dataall/modules/datasets/db/dataset_table_repository.py
@@ -75,15 +75,19 @@ def create_synced_table(session, dataset: Dataset, table: dict):
         return updated_table
 
     @staticmethod
-    def paginate_dataset_tables(session, dataset_uri, term, page, page_size) -> dict:
+    def paginate_dataset_tables(session, dataset_uri, filter: dict) -> dict:
         query = (
             session.query(DatasetTable)
             .filter(DatasetTable.datasetUri == dataset_uri)
             .order_by(DatasetTable.created.desc())
         )
-        if term:
-            query = query.filter(DatasetTable.label.ilike('%' + term + '%'))
-        return paginate(query, page=page, page_size=page_size).to_dict()
+        if 'term' in filter:
+            query = query.filter(DatasetTable.label.ilike('%' + filter['term'] + '%'))
+        return paginate(
+            query=query,
+            page=filter.get('page', 1),
+            page_size=filter.get('pageSize', 10)
+        ).to_dict()
 
     @staticmethod
     def delete(session, table: DatasetTable):
diff --git a/backend/dataall/modules/datasets/services/dataset_column_service.py b/backend/dataall/modules/datasets/services/dataset_column_service.py
index c2d308846..f50c5bdef 100644
--- a/backend/dataall/modules/datasets/services/dataset_column_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_column_service.py
@@ -11,10 +11,10 @@
 class DatasetColumnService:
 
     @staticmethod
-    def paginate_active_columns_for_table(table_uri: str, page=1, pageSize=65, term=None):
+    def paginate_active_columns_for_table(table_uri: str, filter=None):
         # TODO THERE WAS NO PERMISSION CHECK!!!
         with get_context().db_engine.scoped_session() as session:
-            DatasetColumnRepository.paginate_active_columns_for_table(session, table_uri, term, page, pageSize)
+            DatasetColumnRepository.paginate_active_columns_for_table(session, table_uri, filter)
 
     @staticmethod
     def sync_table_columns(table_uri: str):
diff --git a/backend/dataall/modules/datasets/services/dataset_table_service.py b/backend/dataall/modules/datasets/services/dataset_table_service.py
index 99f3b4db1..958c80b48 100644
--- a/backend/dataall/modules/datasets/services/dataset_table_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_table_service.py
@@ -56,9 +56,9 @@ def create_table(uri: str, table_data: dict):
 
     @staticmethod
     @has_tenant_permission(MANAGE_DATASETS)
-    def list_dataset_tables(dataset_uri: str, term=None, page=1, pageSize=10):
+    def list_dataset_tables(dataset_uri: str, filter):
         with get_context().db_engine.scoped_session() as session:
-            return DatasetTableRepository.paginate_dataset_tables(session, dataset_uri, term, page, pageSize)
+            return DatasetTableRepository.paginate_dataset_tables(session, dataset_uri, filter)
 
     @staticmethod
     @has_tenant_permission(MANAGE_DATASETS)

From 1d386da502ad635b69696b2dc48adc635156bad6 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 12 May 2023 16:05:22 +0200
Subject: [PATCH 178/346] Extracted validation logic

---
 .../modules/dataset_sharing/api/resolvers.py  | 11 ++++++
 .../db/share_object_repository.py             |  7 ----
 .../modules/datasets/api/dataset/resolvers.py | 37 ++++++++++++++-----
 .../datasets/api/profiling/resolvers.py       |  4 ++
 .../api/storage_location/resolvers.py         |  6 +++
 .../modules/datasets/api/table/resolvers.py   |  4 ++
 .../datasets_base/db/dataset_repository.py    | 13 -------
 7 files changed, 53 insertions(+), 29 deletions(-)

diff --git a/backend/dataall/modules/dataset_sharing/api/resolvers.py b/backend/dataall/modules/dataset_sharing/api/resolvers.py
index 94555b6ab..f15dbff9b 100644
--- a/backend/dataall/modules/dataset_sharing/api/resolvers.py
+++ b/backend/dataall/modules/dataset_sharing/api/resolvers.py
@@ -6,6 +6,7 @@
 from dataall.api.context import Context
 from dataall.aws.handlers.service_handlers import Worker
 from dataall.db import models
+from dataall.db.exceptions import RequiredParameter
 from dataall.modules.dataset_sharing.api.enums import ShareObjectPermission
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
 from dataall.modules.dataset_sharing.services.dataset_share_service import DatasetShareService
@@ -34,6 +35,16 @@ def create_share_object(
     itemType: str = None,
     input: dict = None,
 ):
+    if not input:
+        raise RequiredParameter(input)
+    if 'principalId' not in input:
+        raise RequiredParameter('principalId')
+    if 'datasetUri' not in input:
+        raise RequiredParameter('datasetUri')
+    if 'principalType' not in input:
+        raise RequiredParameter('principalType')
+    if 'groupUri' not in input:
+        raise RequiredParameter('groupUri')
 
     with context.engine.scoped_session() as session:
         dataset: Dataset = DatasetRepository.get_dataset_by_uri(session, datasetUri)
diff --git a/backend/dataall/modules/dataset_sharing/db/share_object_repository.py b/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
index d90318329..7f966c62c 100644
--- a/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
+++ b/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
@@ -332,13 +332,6 @@ def create_share_object(
         uri: str,
         data: dict = None,
     ) -> ShareObject:
-        if not data:
-            raise exceptions.RequiredParameter(data)
-        if not data.get('principalId'):
-            raise exceptions.RequiredParameter('principalId')
-        if not data.get('datasetUri'):
-            raise exceptions.RequiredParameter('datasetUri')
-
         principalId = data['principalId']
         principalType = data['principalType']
         datasetUri = data['datasetUri']
diff --git a/backend/dataall/modules/datasets/api/dataset/resolvers.py b/backend/dataall/modules/datasets/api/dataset/resolvers.py
index 236432ce0..388be6861 100644
--- a/backend/dataall/modules/datasets/api/dataset/resolvers.py
+++ b/backend/dataall/modules/datasets/api/dataset/resolvers.py
@@ -3,9 +3,10 @@
 from dataall.api.Objects.Stack import stack_helper
 from dataall import db
 from dataall.api.context import Context
-from dataall.db import paginate, exceptions, models
+from dataall.db import paginate, models
 from dataall.db.api import Environment
 from dataall.db.api.organization import Organization
+from dataall.db.exceptions import RequiredParameter, InvalidInput
 from dataall.modules.dataset_sharing.db.models import ShareObject
 from dataall.modules.datasets import Dataset
 from dataall.modules.datasets.api.dataset.enums import DatasetRole
@@ -15,20 +16,15 @@
 
 
 def create_dataset(context: Context, source, input=None):
+    RequestValidator.validate_creation_request(input)
+
     admin_group = input['SamlAdminGroupName']
     uri = input['environmentUri']
     return DatasetService.create_dataset(uri=uri, admin_group=admin_group, data=input)
 
 
 def import_dataset(context: Context, source, input=None):
-    if not input:
-        raise exceptions.RequiredParameter(input)
-    if not input.get('environmentUri'):
-        raise exceptions.RequiredParameter('environmentUri')
-    if not input.get('bucketName'):
-        raise exceptions.RequiredParameter('bucketName')
-    if not input.get('SamlAdminGroupName'):
-        raise exceptions.RequiredParameter('group')
+    RequestValidator.validate_import_request(input)
 
     admin_group = input['SamlAdminGroupName']
     uri = input['environmentUri']
@@ -227,3 +223,26 @@ def list_datasets_owned_by_env_group(
     if not filter:
         filter = {}
     return DatasetService.list_datasets_owned_by_env_group(environmentUri, groupUri, filter)
+
+
+class RequestValidator:
+    @staticmethod
+    def validate_creation_request(data):
+        if not data:
+            raise RequiredParameter(data)
+        if not data.get('environmentUri'):
+            raise RequiredParameter('environmentUri')
+        if not data.get('SamlAdminGroupName'):
+            raise RequiredParameter('group')
+        if not data.get('label'):
+            raise RequiredParameter('label')
+        if len(data['label']) > 52:
+            raise InvalidInput(
+                'Dataset name', data['label'], 'less than 52 characters'
+            )
+
+    @staticmethod
+    def validate_import_request(data):
+        RequestValidator.validate_creation_request(data)
+        if not data.get('bucketName'):
+            raise RequiredParameter('bucketName')
diff --git a/backend/dataall/modules/datasets/api/profiling/resolvers.py b/backend/dataall/modules/datasets/api/profiling/resolvers.py
index 51701fb5e..13cb232d9 100644
--- a/backend/dataall/modules/datasets/api/profiling/resolvers.py
+++ b/backend/dataall/modules/datasets/api/profiling/resolvers.py
@@ -2,6 +2,7 @@
 import logging
 
 from dataall.api.context import Context
+from dataall.db.exceptions import RequiredParameter
 from dataall.modules.datasets.services.dataset_profiling_service import DatasetProfilingService
 from dataall.modules.datasets.services.dataset_service import DatasetService
 from dataall.modules.datasets_base.db.models import DatasetProfilingRun
@@ -16,6 +17,9 @@ def resolve_dataset(context, source: DatasetProfilingRun):
 
 
 def start_profiling_run(context: Context, source, input: dict = None):
+    if 'datasetUri' not in input:
+        raise RequiredParameter('datasetUri')
+
     return DatasetProfilingService.start_profiling_run(
         uri=input['datasetUri'],
         table_uri=input.get('tableUri'),
diff --git a/backend/dataall/modules/datasets/api/storage_location/resolvers.py b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
index e73ade13a..ed29097e3 100644
--- a/backend/dataall/modules/datasets/api/storage_location/resolvers.py
+++ b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
@@ -1,5 +1,6 @@
 from dataall.api.context import Context
 from dataall.db.api import Glossary
+from dataall.db.exceptions import RequiredParameter
 from dataall.modules.datasets.services.dataset_location_service import DatasetLocationService
 from dataall.modules.datasets_base.db.models import DatasetStorageLocation, Dataset
 
@@ -7,6 +8,11 @@
 def create_storage_location(
     context, source, datasetUri: str = None, input: dict = None
 ):
+    if 'prefix' not in input:
+        raise RequiredParameter('prefix')
+    if 'label' not in input:
+        raise RequiredParameter('label')
+
     return DatasetLocationService.create_storage_location(uri=datasetUri, data=input)
 
 
diff --git a/backend/dataall/modules/datasets/api/table/resolvers.py b/backend/dataall/modules/datasets/api/table/resolvers.py
index c2a7ed3d1..5b047ab49 100644
--- a/backend/dataall/modules/datasets/api/table/resolvers.py
+++ b/backend/dataall/modules/datasets/api/table/resolvers.py
@@ -1,6 +1,7 @@
 import logging
 
 from dataall import db
+from dataall.db.exceptions import RequiredParameter
 from dataall.modules.datasets.api.dataset.resolvers import get_dataset
 from dataall.api.context import Context
 from dataall.db.api import  Glossary
@@ -11,6 +12,9 @@
 
 
 def create_table(context, source, datasetUri: str = None, input: dict = None):
+    if "name" not in input:
+        raise RequiredParameter("name")
+
     return DatasetTableService.create_table(dataset_uri=datasetUri, table_data=input)
 
 
diff --git a/backend/dataall/modules/datasets_base/db/dataset_repository.py b/backend/dataall/modules/datasets_base/db/dataset_repository.py
index 12b0514d7..8db4cac14 100644
--- a/backend/dataall/modules/datasets_base/db/dataset_repository.py
+++ b/backend/dataall/modules/datasets_base/db/dataset_repository.py
@@ -49,19 +49,6 @@ def create_dataset(
         uri: str,
         data: dict = None,
     ) -> Dataset:
-        if not uri:
-            raise exceptions.RequiredParameter('environmentUri')
-        if not data:
-            raise exceptions.RequiredParameter('data')
-        if not data.get('SamlAdminGroupName'):
-            raise exceptions.RequiredParameter('group')
-        if not data.get('label'):
-            raise exceptions.RequiredParameter('label')
-        if len(data['label']) > 52:
-            raise exceptions.InvalidInput(
-                'Dataset name', data['label'], 'less than 52 characters'
-            )
-
         environment = Environment.get_environment_by_uri(session, uri)
 
         organization = Organization.get_organization_by_uri(

From 2467144e3bbfb4d3891ba6637e6ff1c461dd4e32 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 15 May 2023 15:22:22 +0200
Subject: [PATCH 179/346] Extracted two sharing services

---
 .../modules/dataset_sharing/api/resolvers.py  | 203 +----
 .../modules/dataset_sharing/api/schema.py     |   6 +-
 .../db/share_object_repository.py             | 764 +++---------------
 .../services/share_item_service.py            | 164 ++++
 .../share_managers/s3_share_manager.py        |   6 +-
 .../services/share_object_service.py          | 344 ++++++++
 .../lf_process_cross_account_share.py         |   8 +-
 .../lf_process_same_account_share.py          |   8 +-
 .../share_processors/s3_process_share.py      |  12 +-
 .../modules/datasets/api/table/resolvers.py   |  12 +-
 10 files changed, 661 insertions(+), 866 deletions(-)
 create mode 100644 backend/dataall/modules/dataset_sharing/services/share_item_service.py
 create mode 100644 backend/dataall/modules/dataset_sharing/services/share_object_service.py

diff --git a/backend/dataall/modules/dataset_sharing/api/resolvers.py b/backend/dataall/modules/dataset_sharing/api/resolvers.py
index f15dbff9b..350330c32 100644
--- a/backend/dataall/modules/dataset_sharing/api/resolvers.py
+++ b/backend/dataall/modules/dataset_sharing/api/resolvers.py
@@ -4,29 +4,19 @@
 from dataall import utils
 from dataall.api.Objects.Principal.resolvers import get_principal
 from dataall.api.context import Context
-from dataall.aws.handlers.service_handlers import Worker
 from dataall.db import models
 from dataall.db.exceptions import RequiredParameter
 from dataall.modules.dataset_sharing.api.enums import ShareObjectPermission
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
 from dataall.modules.dataset_sharing.services.dataset_share_service import DatasetShareService
-from dataall.modules.dataset_sharing.db.share_object_repository import ShareObjectRepository
+from dataall.modules.dataset_sharing.services.share_item_service import ShareItemService
+from dataall.modules.dataset_sharing.services.share_object_service import ShareObjectService
 from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base.db.models import DatasetStorageLocation, DatasetTable, Dataset
 
 log = logging.getLogger(__name__)
 
 
-def get_share_object_dataset(context, source, **kwargs):
-    if not source:
-        return None
-    with context.engine.scoped_session() as session:
-        share: ShareObject = session.query(ShareObject).get(
-            source.shareUri
-        )
-        return session.query(Dataset).get(share.datasetUri)
-
-
 def create_share_object(
     context: Context,
     source,
@@ -46,158 +36,53 @@ def create_share_object(
     if 'groupUri' not in input:
         raise RequiredParameter('groupUri')
 
-    with context.engine.scoped_session() as session:
-        dataset: Dataset = DatasetRepository.get_dataset_by_uri(session, datasetUri)
-        environment: models.Environment = db.api.Environment.get_environment_by_uri(
-            session, input['environmentUri']
-        )
-        input['dataset'] = dataset
-        input['environment'] = environment
-        input['itemUri'] = itemUri
-        input['itemType'] = itemType
-        input['datasetUri'] = datasetUri
-        return ShareObjectRepository.create_share_object(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            uri=environment.environmentUri,
-            data=input,
-        )
+    return ShareObjectService.create_share_object(
+        uri=datasetUri,
+        item_uri=itemUri,
+        item_type=itemType,
+        group_uri=input['groupUri'],
+        principal_id=input['principalId'],
+        principal_type=input['principalType']
+    )
 
 
 def submit_share_object(context: Context, source, shareUri: str = None):
-    with context.engine.scoped_session() as session:
-        return ShareObjectRepository.submit_share_object(
-            session=session,
-            username=context.username,
-            uri=shareUri,
-        )
+    return ShareObjectService.submit_share_object(uri=shareUri)
 
 
 def approve_share_object(context: Context, source, shareUri: str = None):
-    with context.engine.scoped_session() as session:
-        share = ShareObjectRepository.approve_share_object(
-            session=session,
-            username=context.username,
-            uri=shareUri,
-        )
-
-        approve_share_task: models.Task = models.Task(
-            action='ecs.share.approve',
-            targetUri=shareUri,
-            payload={'environmentUri': share.environmentUri},
-        )
-        session.add(approve_share_task)
-
-    Worker.queue(engine=context.engine, task_ids=[approve_share_task.taskUri])
-
-    return share
+    return ShareObjectService.approve_share_object(uri=shareUri)
 
 
 def reject_share_object(context: Context, source, shareUri: str = None):
-    with context.engine.scoped_session() as session:
-        return ShareObjectRepository.reject_share_object(
-            session=session,
-            username=context.username,
-            uri=shareUri,
-        )
+    return ShareObjectService.reject_share_object(uri=shareUri)
 
 
 def revoke_items_share_object(context: Context, source, input):
-    with context.engine.scoped_session() as session:
-        share = ShareObjectRepository.revoke_items_share_object(
-            session=session,
-            username=context.username,
-            uri=input.get("shareUri"),
-            data=input,
-        )
-
-        revoke_share_task: models.Task = models.Task(
-            action='ecs.share.revoke',
-            targetUri=input.get("shareUri"),
-            payload={'environmentUri': share.environmentUri},
-        )
-        session.add(revoke_share_task)
-
-    Worker.queue(engine=context.engine, task_ids=[revoke_share_task.taskUri])
-
-    return share
+    share_uri = input.get("shareUri")
+    revoked_uris = input.get("revokedItemUris")
+    return ShareItemService.revoke_items_share_object(uri=share_uri, revoked_uris=revoked_uris)
 
 
 def delete_share_object(context: Context, source, shareUri: str = None):
-    with context.engine.scoped_session() as session:
-        share = ShareObjectRepository.get_share_by_uri(session, shareUri)
-        if not share:
-            raise db.exceptions.ObjectNotFound('ShareObject', shareUri)
-
-        ShareObjectRepository.delete_share_object(session=session, uri=shareUri)
-
-    return True
+    return ShareObjectService.delete_share_object(uri=shareUri)
 
 
 def add_shared_item(context, source, shareUri: str = None, input: dict = None):
-    with context.engine.scoped_session() as session:
-        share_item = ShareObjectRepository.add_share_object_item(
-            session=session,
-            username=context.username,
-            uri=shareUri,
-            data=input,
-        )
-    return share_item
+    return ShareItemService.add_shared_item(uri=shareUri, data=input)
 
 
 def remove_shared_item(context, source, shareItemUri: str = None):
-    with context.engine.scoped_session() as session:
-        share_item: ShareObjectItem = session.query(ShareObjectItem).get(
-            shareItemUri
-        )
-        if not share_item:
-            raise db.exceptions.ObjectNotFound('ShareObjectItem', shareItemUri)
-        share = ShareObjectRepository.get_share_by_uri(session, share_item.shareUri)
-        ShareObjectRepository.remove_share_object_item(
-            session=session,
-            uri=share.shareUri,
-            data={
-                'shareItemUri': shareItemUri,
-                'share_item': share_item,
-                'share': share,
-            }
-        )
-    return True
-
-
-def list_shared_items(
-    context: Context, source: ShareObject, filter: dict = None
-):
-    if not source:
-        return None
-    if not filter:
-        filter = {}
-    with context.engine.scoped_session() as session:
-        return ShareObjectRepository.list_shared_items(
-            session=session,
-            username=context.username,
-            data=filter,
-        )
-
+    return ShareItemService.remove_shared_item(uri=shareItemUri)
 
 def resolve_shared_item(context, source: ShareObjectItem, **kwargs):
     if not source:
         return None
-    with context.engine.scoped_session() as session:
-        return ShareObjectRepository.get_share_item(
-            session=session,
-            uri=source.shareUri,
-            data={'share_item': source},
-        )
+    return ShareItemService.resolve_shared_item(uri=source.shareUri, item=source)
 
 
 def get_share_object(context, source, shareUri: str = None):
-    with context.engine.scoped_session() as session:
-        return ShareObjectRepository.get_share_object(
-            session=session,
-            uri=shareUri,
-        )
+    return ShareObjectService.get_share_object(uri=shareUri)
 
 
 def resolve_user_role(context: Context, source: ShareObject, **kwargs):
@@ -288,19 +173,13 @@ def resolve_consumption_data(context: Context, source: ShareObject, **kwargs):
 def resolve_share_object_statistics(context: Context, source: ShareObject, **kwargs):
     if not source:
         return None
-    with context.engine.scoped_session() as session:
-        return ShareObjectRepository.resolve_share_object_statistics(
-            session, source.shareUri
-        )
+    return ShareObjectService.resolve_share_object_statistics(uri=source.shareUri)
 
 
 def resolve_existing_shared_items(context: Context, source: ShareObject, **kwargs):
     if not source:
         return None
-    with context.engine.scoped_session() as session:
-        return ShareObjectRepository.check_existing_shared_items(
-            session, source.shareUri
-        )
+    return ShareItemService.check_existing_shared_items(source)
 
 
 def list_shareable_objects(
@@ -310,43 +189,25 @@ def list_shareable_objects(
         return None
     if not filter:
         filter = {'page': 1, 'pageSize': 5}
-    with context.engine.scoped_session() as session:
-        return ShareObjectRepository.list_shareable_items(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            uri=source.shareUri,
-            data=filter,
-            check_perm=True,
-        )
+
+    is_revokable = filter.get('isRevokable')
+    return ShareItemService.list_shareable_objects(
+        share=source,
+        is_revokable=is_revokable,
+        filter=filter
+    )
 
 
 def list_shares_in_my_inbox(context: Context, source, filter: dict = None):
     if not filter:
         filter = {}
-    with context.engine.scoped_session() as session:
-        return ShareObjectRepository.list_user_received_share_requests(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            uri=None,
-            data=filter,
-            check_perm=None,
-        )
+    return ShareObjectService.list_shares_in_my_inbox(filter)
 
 
 def list_shares_in_my_outbox(context: Context, source, filter: dict = None):
     if not filter:
         filter = {}
-    with context.engine.scoped_session() as session:
-        return ShareObjectRepository.list_user_sent_share_requests(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            uri=None,
-            data=filter,
-            check_perm=None,
-        )
+    return ShareObjectService.list_shares_in_my_outbox(filter)
 
 
 def list_data_items_shared_with_env_group(
diff --git a/backend/dataall/modules/dataset_sharing/api/schema.py b/backend/dataall/modules/dataset_sharing/api/schema.py
index 529a55cbb..891bf2ff0 100644
--- a/backend/dataall/modules/dataset_sharing/api/schema.py
+++ b/backend/dataall/modules/dataset_sharing/api/schema.py
@@ -1,6 +1,8 @@
 from dataall.api import gql
 from dataall.modules.dataset_sharing.api.enums import ShareableType
-from dataall.modules.dataset_sharing.api.resolvers import *
+from dataall.modules.dataset_sharing.api.resolvers import union_resolver, resolve_shared_item, resolve_dataset, \
+    resolve_consumption_data, resolve_existing_shared_items, resolve_share_object_statistics, resolve_principal, \
+    resolve_group, list_shareable_objects, resolve_user_role
 from dataall.api.Objects.Environment.resolvers import resolve_environment
 
 ShareableObject = gql.Union(
@@ -200,4 +202,4 @@
         gql.Field(name='hasPrevious', type=gql.Boolean),
         gql.Field(name='nodes', type=gql.ArrayType(EnvironmentPublishedItem)),
     ],
-)
\ No newline at end of file
+)
diff --git a/backend/dataall/modules/dataset_sharing/db/share_object_repository.py b/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
index 7f966c62c..dfa27f33e 100644
--- a/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
+++ b/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
@@ -3,24 +3,13 @@
 from sqlalchemy import and_, or_, func, case
 from sqlalchemy.orm import Query
 
-from dataall.core.permission_checker import has_resource_permission
-from dataall.db.api import (
-    ResourcePolicy,
-    Environment,
-)
-from dataall.db import api, utils
 from dataall.db import models, exceptions, paginate
 from dataall.db.models.Enums import PrincipalType
 from dataall.modules.dataset_sharing.db.enums import ShareObjectActions, ShareObjectStatus, ShareItemActions, \
     ShareItemStatus, ShareableType
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
-from dataall.modules.dataset_sharing.services.share_permissions import SHARE_OBJECT_REQUESTER, SHARE_OBJECT_APPROVER, \
-    CREATE_SHARE_OBJECT, SUBMIT_SHARE_OBJECT, ADD_ITEM, GET_SHARE_OBJECT, APPROVE_SHARE_OBJECT, REMOVE_ITEM, \
-    DELETE_SHARE_OBJECT, LIST_SHARED_ITEMS, REJECT_SHARE_OBJECT
 from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base.db.models import DatasetStorageLocation, DatasetTable, Dataset
-from dataall.modules.dataset_sharing.services.share_notification_service import ShareNotificationService
-from dataall.modules.datasets_base.services.permissions import DATASET_TABLE_READ
 
 logger = logging.getLogger(__name__)
 
@@ -324,381 +313,31 @@ def get_share_item_revokable_states():
 
 class ShareObjectRepository:
     @staticmethod
-    @has_resource_permission(CREATE_SHARE_OBJECT)
-    def create_share_object(
-        session,
-        username: str,
-        groups: [str],
-        uri: str,
-        data: dict = None,
-    ) -> ShareObject:
-        principalId = data['principalId']
-        principalType = data['principalType']
-        datasetUri = data['datasetUri']
-        environmentUri = uri
-        groupUri = data['groupUri']
-        itemUri = data.get('itemUri')
-        itemType = data.get('itemType')
-
-        dataset: Dataset = data.get(
-            'dataset', DatasetRepository.get_dataset_by_uri(session, datasetUri)
-        )
-        environment: models.Environment = data.get(
-            'environment',
-            api.Environment.get_environment_by_uri(session, environmentUri),
-        )
-
-        if environment.region != dataset.region:
-            raise exceptions.UnauthorizedOperation(
-                action=CREATE_SHARE_OBJECT,
-                message=f'Requester Team {groupUri} works in region {environment.region} and the requested dataset is stored in region {dataset.region}',
-            )
-
-        if principalType == models.PrincipalType.ConsumptionRole.value:
-            consumption_role: models.ConsumptionRole = api.Environment.get_environment_consumption_role(
-                session,
-                principalId,
-                environmentUri
-            )
-            principalIAMRoleName = consumption_role.IAMRoleName
-        else:
-            env_group: models.EnvironmentGroup = api.Environment.get_environment_group(
-                session,
-                groupUri,
-                environmentUri
-            )
-            principalIAMRoleName = env_group.environmentIAMRoleName
-
-        if (
-            dataset.stewards == groupUri or dataset.SamlAdminGroupName == groupUri
-        ) and environment.environmentUri == dataset.environmentUri and principalType == models.PrincipalType.Group.value:
-            raise exceptions.UnauthorizedOperation(
-                action=CREATE_SHARE_OBJECT,
-                message=f'Team: {groupUri} is managing the dataset {dataset.name}',
-            )
-
-        ShareObjectRepository.validate_group_membership(
-            session=session,
-            username=username,
-            groups=groups,
-            share_object_group=groupUri,
-            environment_uri=uri,
-        )
+    def save_and_commit(session, share):
+        session.add(share)
+        session.commit()
 
-        share: ShareObject = (
+    @staticmethod
+    def exists(session, dataset: Dataset, env, principal_id, group_uri) -> ShareObject:
+        return (
             session.query(ShareObject)
             .filter(
                 and_(
-                    ShareObject.datasetUri == datasetUri,
-                    ShareObject.principalId == principalId,
-                    ShareObject.environmentUri == environmentUri,
-                    ShareObject.groupUri == groupUri,
-                )
-            )
-            .first()
-        )
-        if not share:
-            share = ShareObject(
-                datasetUri=dataset.datasetUri,
-                environmentUri=environment.environmentUri,
-                owner=username,
-                groupUri=groupUri,
-                principalId=principalId,
-                principalType=principalType,
-                principalIAMRoleName=principalIAMRoleName,
-                status=ShareObjectStatus.Draft.value,
-            )
-            session.add(share)
-            session.commit()
-
-        if itemUri:
-            item = None
-            if itemType:
-                if itemType == ShareableType.StorageLocation.value:
-                    item = session.query(DatasetStorageLocation).get(itemUri)
-                if itemType == ShareableType.Table.value:
-                    item = session.query(DatasetTable).get(itemUri)
-
-            share_item = (
-                session.query(ShareObjectItem)
-                .filter(
-                    and_(
-                        ShareObjectItem.shareUri == share.shareUri,
-                        ShareObjectItem.itemUri == itemUri,
-                    )
-                )
-                .first()
-            )
-            S3AccessPointName = utils.slugify(
-                share.datasetUri + '-' + share.principalId,
-                max_length=50, lowercase=True, regex_pattern='[^a-zA-Z0-9-]', separator='-'
-            )
-
-            if not share_item and item:
-                new_share_item: ShareObjectItem = ShareObjectItem(
-                    shareUri=share.shareUri,
-                    itemUri=itemUri,
-                    itemType=itemType,
-                    itemName=item.name,
-                    status=ShareItemStatus.PendingApproval.value,
-                    owner=username,
-                    GlueDatabaseName=dataset.GlueDatabaseName
-                    if itemType == ShareableType.Table.value
-                    else '',
-                    GlueTableName=item.GlueTableName
-                    if itemType == ShareableType.Table.value
-                    else '',
-                    S3AccessPointName=S3AccessPointName
-                    if itemType == ShareableType.StorageLocation.value
-                    else '',
-                )
-                session.add(new_share_item)
-
-        activity = models.Activity(
-            action='SHARE_OBJECT:CREATE',
-            label='SHARE_OBJECT:CREATE',
-            owner=username,
-            summary=f'{username} created a share object for the {dataset.name} in {environment.name} for the principal: {principalId}',
-            targetUri=dataset.datasetUri,
-            targetType='dataset',
-        )
-        session.add(activity)
-
-        # Attaching REQUESTER permissions to:
-        # requester group (groupUri)
-        # dataset.SamlAdminGroupName
-        # environment.SamlGroupName
-        ResourcePolicy.attach_resource_policy(
-            session=session,
-            group=groupUri,
-            permissions=SHARE_OBJECT_REQUESTER,
-            resource_uri=share.shareUri,
-            resource_type=ShareObject.__name__,
-        )
-        ResourcePolicy.attach_resource_policy(
-            session=session,
-            group=dataset.SamlAdminGroupName,
-            permissions=SHARE_OBJECT_REQUESTER,
-            resource_uri=share.shareUri,
-            resource_type=ShareObject.__name__,
-        )
-        if dataset.SamlAdminGroupName != environment.SamlGroupName:
-            ResourcePolicy.attach_resource_policy(
-                session=session,
-                group=environment.SamlGroupName,
-                permissions=SHARE_OBJECT_REQUESTER,
-                resource_uri=share.shareUri,
-                resource_type=ShareObject.__name__,
-            )
-        # Attaching REQUESTER permissions to:
-        # dataset.stewards (includes the dataset Admins)
-        ResourcePolicy.attach_resource_policy(
-            session=session,
-            group=dataset.stewards,
-            permissions=SHARE_OBJECT_APPROVER,
-            resource_uri=share.shareUri,
-            resource_type=ShareObject.__name__,
-        )
-        return share
-
-    @staticmethod
-    def validate_group_membership(
-        session, environment_uri, share_object_group, username, groups
-    ):
-        if share_object_group and share_object_group not in groups:
-            raise exceptions.UnauthorizedOperation(
-                action=CREATE_SHARE_OBJECT,
-                message=f'User: {username} is not a member of the team {share_object_group}',
-            )
-        if share_object_group not in Environment.list_environment_groups(
-            session=session,
-            username=username,
-            groups=groups,
-            uri=environment_uri,
-            data=None,
-            check_perm=True,
-        ):
-            raise exceptions.UnauthorizedOperation(
-                action=CREATE_SHARE_OBJECT,
-                message=f'Team: {share_object_group} is not a member of the environment {environment_uri}',
-            )
-
-    @staticmethod
-    @has_resource_permission(SUBMIT_SHARE_OBJECT)
-    def submit_share_object(
-        session,
-        username: str,
-        uri: str,
-    ) -> ShareObject:
-        share = ShareObjectRepository.get_share_by_uri(session, uri)
-        dataset = DatasetRepository.get_dataset_by_uri(session, share.datasetUri)
-        share_items_states = ShareObjectRepository.get_share_items_states(session, uri)
-
-        valid_states = [ShareItemStatus.PendingApproval.value]
-        valid_share_items_states = [x for x in valid_states if x in share_items_states]
-
-        if valid_share_items_states == []:
-            raise exceptions.ShareItemsFound(
-                action='Submit Share Object',
-                message='The request is empty of pending items. Add items to share request.',
-            )
-
-        Share_SM = ShareObjectSM(share.status)
-        new_share_state = Share_SM.run_transition(ShareObjectActions.Submit.value)
-
-        for item_state in share_items_states:
-            Item_SM = ShareItemSM(item_state)
-            new_state = Item_SM.run_transition(ShareObjectActions.Submit.value)
-            Item_SM.update_state(session, share.shareUri, new_state)
-
-        Share_SM.update_state(session, share, new_share_state)
-
-        ShareNotificationService.notify_share_object_submission(
-            session, username, dataset, share
-        )
-        return share
-
-    @staticmethod
-    @has_resource_permission(APPROVE_SHARE_OBJECT)
-    def approve_share_object(
-        session,
-        username: str,
-        uri: str,
-    ) -> ShareObject:
-        share = ShareObjectRepository.get_share_by_uri(session, uri)
-        dataset = DatasetRepository.get_dataset_by_uri(session, share.datasetUri)
-        share_items_states = ShareObjectRepository.get_share_items_states(session, uri)
-
-        Share_SM = ShareObjectSM(share.status)
-        new_share_state = Share_SM.run_transition(ShareObjectActions.Approve.value)
-
-        for item_state in share_items_states:
-            Item_SM = ShareItemSM(item_state)
-            new_state = Item_SM.run_transition(ShareObjectActions.Approve.value)
-            Item_SM.update_state(session, share.shareUri, new_state)
-
-        Share_SM.update_state(session, share, new_share_state)
-
-        # GET TABLES SHARED AND APPROVE SHARE FOR EACH TABLE
-        share_table_items = session.query(ShareObjectItem).filter(
-            (
-                and_(
-                    ShareObjectItem.shareUri == uri,
-                    ShareObjectItem.itemType == ShareableType.Table.value
+                    ShareObject.datasetUri == dataset.datasetUri,
+                    ShareObject.principalId == principal_id,
+                    ShareObject.environmentUri == env.environmentUri,
+                    ShareObject.groupUri == group_uri,
                 )
             )
-        ).all()
-        for table in share_table_items:
-            ResourcePolicy.attach_resource_policy(
-                session=session,
-                group=share.principalId,
-                permissions=DATASET_TABLE_READ,
-                resource_uri=table.itemUri,
-                resource_type=DatasetTable.__name__,
-            )
-
-        from dataall.modules.dataset_sharing.services.share_notification_service import ShareNotificationService
-        ShareNotificationService.notify_share_object_approval(session, username, dataset, share)
-        return share
-
-    @staticmethod
-    @has_resource_permission(REJECT_SHARE_OBJECT)
-    def reject_share_object(
-        session,
-        username: str,
-        uri: str,
-    ) -> ShareObject:
-
-        share = ShareObjectRepository.get_share_by_uri(session, uri)
-        dataset = DatasetRepository.get_dataset_by_uri(session, share.datasetUri)
-        share_items_states = ShareObjectRepository.get_share_items_states(session, uri)
-
-        Share_SM = ShareObjectSM(share.status)
-        new_share_state = Share_SM.run_transition(ShareObjectActions.Reject.value)
-
-        for item_state in share_items_states:
-            Item_SM = ShareItemSM(item_state)
-            new_state = Item_SM.run_transition(ShareObjectActions.Reject.value)
-            Item_SM.update_state(session, share.shareUri, new_state)
-
-        Share_SM.update_state(session, share, new_share_state)
-
-        ResourcePolicy.delete_resource_policy(
-            session=session,
-            group=share.groupUri,
-            resource_uri=dataset.datasetUri,
-        )
-
-        from dataall.modules.dataset_sharing.services.share_notification_service import ShareNotificationService
-        ShareNotificationService.notify_share_object_rejection(session, username, dataset, share)
-        return share
-
-    @staticmethod
-    @has_resource_permission(GET_SHARE_OBJECT)
-    def revoke_items_share_object(
-        session,
-        username: str,
-        uri: str,
-        data: dict = None,
-    ) -> ShareObject:
-
-        share = ShareObjectRepository.get_share_by_uri(session, uri)
-        dataset = DatasetRepository.get_dataset_by_uri(session, share.datasetUri)
-        revoked_items_states = ShareObjectRepository.get_share_items_states(session, uri, data.get("revokedItemUris"))
-        revoked_items = [ShareObjectRepository.get_share_item_by_uri(session, uri) for uri in data.get("revokedItemUris")]
-
-        if revoked_items_states == []:
-            raise exceptions.ShareItemsFound(
-                action='Revoke Items from Share Object',
-                message='Nothing to be revoked.',
-            )
-
-        Share_SM = ShareObjectSM(share.status)
-        new_share_state = Share_SM.run_transition(ShareObjectActions.RevokeItems.value)
-
-        for item_state in revoked_items_states:
-            Item_SM = ShareItemSM(item_state)
-            new_state = Item_SM.run_transition(ShareObjectActions.RevokeItems.value)
-            for item in revoked_items:
-                if item.status == item_state:
-                    Item_SM.update_state_single_item(session, item, new_state)
-
-        Share_SM.update_state(session, share, new_share_state)
-
-        ResourcePolicy.delete_resource_policy(
-            session=session,
-            group=share.groupUri,
-            resource_uri=dataset.datasetUri,
+            .count()
         )
 
-        from dataall.modules.dataset_sharing.services.share_notification_service import ShareNotificationService
-        ShareNotificationService.notify_share_object_rejection(session, username, dataset, share)
-        return share
-
-    @staticmethod
-    @has_resource_permission(GET_SHARE_OBJECT)
-    def get_share_object(session, uri: str):
-        share = session.query(ShareObject).get(uri)
-        if not share:
-            raise exceptions.ObjectNotFound('Share', uri)
-
-        return share
-
     @staticmethod
-    @has_resource_permission(GET_SHARE_OBJECT)
-    def get_share_item(
-        session,
-        uri: str,
-        data: dict = None,
-    ):
-        share_item: ShareObjectItem = data.get(
-            'share_item',
-            ShareObjectRepository.get_share_item_by_uri(session, data['shareItemUri']),
-        )
-        if share_item.itemType == ShareableType.Table.value:
-            return session.query(DatasetTable).get(share_item.itemUri)
-        if share_item.itemType == ShareableType.StorageLocation:
-            return session.Query(DatasetStorageLocation).get(share_item.itemUri)
+    def get_share_item(session, item_type, item_uri):
+        if item_type == ShareableType.Table.value:
+            return session.query(DatasetTable).get(item_uri)
+        if item_type == ShareableType.StorageLocation.value:
+            return session.query(DatasetStorageLocation).get(item_uri)
 
     @staticmethod
     def get_share_by_uri(session, uri):
@@ -718,124 +357,10 @@ def get_share_by_dataset_attributes(session, dataset_uri, dataset_owner):
         return share
 
     @staticmethod
-    @has_resource_permission(ADD_ITEM)
-    def add_share_object_item(
-        session,
-        username: str,
-        uri: str,
-        data: dict = None,
-    ) -> ShareObjectItem:
-        itemType = data.get('itemType')
-        itemUri = data.get('itemUri')
-        item = None
-        share: ShareObject = session.query(ShareObject).get(uri)
-        dataset: Dataset = session.query(Dataset).get(share.datasetUri)
-        target_environment: models.Environment = session.query(models.Environment).get(
-            share.environmentUri
-        )
-
-        Share_SM = ShareObjectSM(share.status)
-        new_share_state = Share_SM.run_transition(ShareItemActions.AddItem.value)
-        Share_SM.update_state(session, share, new_share_state)
-
-        if itemType == ShareableType.Table.value:
-            item: DatasetTable = session.query(DatasetTable).get(itemUri)
-            if item and item.region != target_environment.region:
-                raise exceptions.UnauthorizedOperation(
-                    action=ADD_ITEM,
-                    message=f'Lake Formation cross region sharing is not supported. '
-                    f'Table {item.GlueTableName} is in {item.region} and target environment '
-                    f'{target_environment.name} is in {target_environment.region} ',
-                )
-
-        elif itemType == ShareableType.StorageLocation.value:
-            item = session.query(DatasetStorageLocation).get(itemUri)
-
-        if not item:
-            raise exceptions.ObjectNotFound('ShareObjectItem', itemUri)
-
-        shareItem: ShareObjectItem = (
-            session.query(ShareObjectItem)
-            .filter(
-                and_(
-                    ShareObjectItem.shareUri == uri,
-                    ShareObjectItem.itemUri == itemUri,
-                )
-            )
-            .first()
-        )
-        S3AccessPointName = utils.slugify(
-            share.datasetUri + '-' + share.principalId,
-            max_length=50, lowercase=True, regex_pattern='[^a-zA-Z0-9-]', separator='-'
-        )
-        logger.info(f"S3AccessPointName={S3AccessPointName}")
-
-        if not shareItem:
-            shareItem = ShareObjectItem(
-                shareUri=uri,
-                itemUri=itemUri,
-                itemType=itemType,
-                itemName=item.name,
-                status=ShareItemStatus.PendingApproval.value,
-                owner=username,
-                GlueDatabaseName=dataset.GlueDatabaseName
-                if itemType == ShareableType.Table.value
-                else '',
-                GlueTableName=item.GlueTableName
-                if itemType == ShareableType.Table.value
-                else '',
-                S3AccessPointName=S3AccessPointName
-                if itemType == ShareableType.StorageLocation.value
-                else '',
-            )
-            session.add(shareItem)
-
-        return shareItem
-
-    @staticmethod
-    @has_resource_permission(REMOVE_ITEM)
-    def remove_share_object_item(
-        session,
-        uri: str,
-        data: dict = None,
-    ) -> bool:
-
-        share_item: ShareObjectItem = data.get(
-            'share_item',
-            ShareObjectRepository.get_share_item_by_uri(session, data['shareItemUri']),
-        )
-
-        Item_SM = ShareItemSM(share_item.status)
-        newstatus = Item_SM.run_transition(ShareItemActions.RemoveItem.value)
-
+    def remove_share_object_item(session, share_item):
         session.delete(share_item)
         return True
 
-    @staticmethod
-    @has_resource_permission(DELETE_SHARE_OBJECT)
-    def delete_share_object(session, uri):
-        share: ShareObject = ShareObjectRepository.get_share_by_uri(session, uri)
-        share_items_states = ShareObjectRepository.get_share_items_states(session, uri)
-        shared_share_items_states = [x for x in ShareItemSM.get_share_item_shared_states() if x in share_items_states]
-
-        Share_SM = ShareObjectSM(share.status)
-        new_share_state = Share_SM.run_transition(ShareObjectActions.Delete.value)
-
-        for item_state in share_items_states:
-            Item_SM = ShareItemSM(item_state)
-            new_state = Item_SM.run_transition(ShareObjectActions.Delete.value)
-            Item_SM.update_state(session, share.shareUri, new_state)
-
-        if shared_share_items_states:
-            raise exceptions.ShareItemsFound(
-                action='Delete share object',
-                message='There are shared items in this request. Revoke access to these items before deleting the request.',
-            )
-        if new_share_state == ShareObjectStatus.Deleted.value:
-            session.delete(share)
-
-        return True
-
     @staticmethod
     def check_existing_shared_items(session, uri):
         share: ShareObject = ShareObjectRepository.get_share_by_uri(session, uri)
@@ -850,6 +375,45 @@ def check_existing_shared_items(session, uri):
             return True
         return False
 
+    @staticmethod
+    def count_sharable_items(session, uri, share_type):
+        return (
+            session.query(ShareObjectItem)
+            .filter(
+                and_(
+                    ShareObjectItem.shareUri == uri,
+                    ShareObjectItem.itemType == share_type,
+                )
+            )
+            .count()
+        )
+
+    @staticmethod
+    def find_sharable_item(session, share_uri, item_uri) -> ShareObjectItem:
+        return (
+            session.query(ShareObjectItem)
+            .filter(
+                and_(
+                    ShareObjectItem.itemUri == item_uri,
+                    ShareObjectItem.shareUri == share_uri,
+                )
+            )
+            .first()
+        )
+
+    @staticmethod
+    def count_items_in_states(session, uri, states):
+        return (
+            session.query(ShareObjectItem)
+            .filter(
+                and_(
+                    ShareObjectItem.shareUri == uri,
+                    ShareObjectItem.status.in_(states),
+                )
+            )
+            .count()
+        )
+
     @staticmethod
     def check_existing_shared_items_of_type(session, uri, item_type):
         share: ShareObject = ShareObjectRepository.get_share_by_uri(session, uri)
@@ -880,36 +444,14 @@ def check_pending_share_items(session, uri):
 
     @staticmethod
     def get_share_item_by_uri(session, uri):
-        share_item: ShareObjectItem = session.query(ShareObjectItem).get(
-            uri
-        )
+        share_item: ShareObjectItem = session.query(ShareObjectItem).get(uri)
         if not share_item:
             raise exceptions.ObjectNotFound('ShareObjectItem', uri)
 
         return share_item
 
     @staticmethod
-    @has_resource_permission(LIST_SHARED_ITEMS)
-    def list_shared_items(session, uri, data=None):
-        share: ShareObject = ShareObjectRepository.get_share_by_uri(session, uri)
-        query = session.query(ShareObjectItem).filter(
-            ShareObjectItem.shareUri == share.shareUri,
-        )
-        return paginate(
-            query, page=data.get('page', 1), page_size=data.get('pageSize', 5)
-        ).to_dict()
-
-    @staticmethod
-    def list_shareable_items(
-        session, username, groups, uri, data=None, check_perm=None
-    ):
-
-        share: ShareObject = data.get(
-            'share', ShareObjectRepository.get_share_by_uri(session, uri)
-        )
-        share_item_revokable_states = ShareItemSM.get_share_item_revokable_states()
-        datasetUri = share.datasetUri
-
+    def list_shareable_items(session, share, states, data):
         # All tables from dataset with a column isShared
         # marking the table as part of the shareObject
         tables = (
@@ -932,11 +474,10 @@ def list_shareable_items(
                     DatasetTable.tableUri == ShareObjectItem.itemUri,
                 ),
             )
-            .filter(DatasetTable.datasetUri == datasetUri)
+            .filter(DatasetTable.datasetUri == share.datasetUri)
         )
-        if data:
-            if data.get("isRevokable"):
-                tables = tables.filter(ShareObjectItem.status.in_(share_item_revokable_states))
+        if states:
+            tables = tables.filter(ShareObjectItem.status.in_(states))
 
         # All folders from the dataset with a column isShared
         # marking the folder as part of the shareObject
@@ -961,11 +502,10 @@ def list_shareable_items(
                     == ShareObjectItem.itemUri,
                 ),
             )
-            .filter(DatasetStorageLocation.datasetUri == datasetUri)
+            .filter(DatasetStorageLocation.datasetUri == share.datasetUri)
         )
-        if data:
-            if data.get("isRevokable"):
-                locations = locations.filter(ShareObjectItem.status.in_(share_item_revokable_states))
+        if states:
+            locations = locations.filter(ShareObjectItem.status.in_(states))
 
         shareable_objects = tables.union(locations).subquery('shareable_objects')
         query = session.query(shareable_objects)
@@ -986,9 +526,7 @@ def list_shareable_items(
         return paginate(query, data.get('page', 1), data.get('pageSize', 10)).to_dict()
 
     @staticmethod
-    def list_user_received_share_requests(
-        session, username, groups, uri, data=None, check_perm=None
-    ):
+    def list_user_received_share_requests(session, username, groups, data=None):
         query = (
             session.query(ShareObject)
             .join(
@@ -1008,9 +546,7 @@ def list_user_received_share_requests(
         return paginate(query, data.get('page', 1), data.get('pageSize', 10)).to_dict()
 
     @staticmethod
-    def list_user_sent_share_requests(
-        session, username, groups, uri, data=None, check_perm=None
-    ):
+    def list_user_sent_share_requests(session, username, groups, data=None):
         query = (
             session.query(ShareObject)
             .join(
@@ -1111,51 +647,13 @@ def update_share_item_status_batch(
         )
         return True
 
-    @staticmethod
-    def find_share_item_by_table(
-        session,
-        share: ShareObject,
-        table: DatasetTable,
-    ) -> ShareObjectItem:
-        share_item: ShareObjectItem = (
-            session.query(ShareObjectItem)
-            .filter(
-                and_(
-                    ShareObjectItem.itemUri == table.tableUri,
-                    ShareObjectItem.shareUri == share.shareUri,
-                )
-            )
-            .first()
-        )
-        return share_item
-
-    @staticmethod
-    def find_share_item_by_folder(
-        session,
-        share: ShareObject,
-        folder: DatasetStorageLocation,
-    ) -> ShareObjectItem:
-        share_item: ShareObjectItem = (
-            session.query(ShareObjectItem)
-            .filter(
-                and_(
-                    ShareObjectItem.itemUri == folder.locationUri,
-                    ShareObjectItem.shareUri == share.shareUri,
-                )
-            )
-            .first()
-        )
-        return share_item
-
     @staticmethod
     def get_share_data(session, share_uri):
         share: ShareObject = session.query(ShareObject).get(share_uri)
         if not share:
             raise exceptions.ObjectNotFound('Share', share_uri)
 
-        dataset: Dataset = session.query(Dataset).get(share.datasetUri)
-        if not dataset:
-            raise exceptions.ObjectNotFound('Dataset', share.datasetUri)
+        dataset: Dataset = DatasetRepository.get_dataset_by_uri(session, share.datasetUri)
 
         source_environment: models.Environment = session.query(models.Environment).get(
             dataset.environmentUri
@@ -1216,33 +714,26 @@ def get_share_data_items(session, share_uri, status):
         if not share:
             raise exceptions.ObjectNotFound('Share', share_uri)
 
-        tables = (
-            session.query(DatasetTable)
-            .join(
-                ShareObjectItem,
-                ShareObjectItem.itemUri == DatasetTable.tableUri,
-            )
-            .join(
-                ShareObject,
-                ShareObject.shareUri == ShareObjectItem.shareUri,
-            )
-            .filter(
-                and_(
-                    ShareObject.datasetUri == share.datasetUri,
-                    ShareObject.environmentUri
-                    == share.environmentUri,
-                    ShareObject.shareUri == share_uri,
-                    ShareObjectItem.status == status,
-                )
-            )
-            .all()
+        tables = ShareObjectRepository._find_all_share_item(
+            session, share, status, DatasetTable, DatasetTable.tableUri
         )
 
-        folders = (
-            session.query(DatasetStorageLocation)
+        folders = ShareObjectRepository._find_all_share_item(
+            session, share, status, DatasetStorageLocation, DatasetStorageLocation.locationUri
+        )
+
+        return (
+            tables,
+            folders,
+        )
+
+    @staticmethod
+    def _find_all_share_item(session, share, status, share_type_model, share_type_uri):
+        return (
+            session.query(share_type_model)
             .join(
                 ShareObjectItem,
-                ShareObjectItem.itemUri == DatasetStorageLocation.locationUri,
+                ShareObjectItem.itemUri == share_type_uri,
             )
             .join(
                 ShareObject,
@@ -1251,18 +742,25 @@ def get_share_data_items(session, share_uri, status):
             .filter(
                 and_(
                     ShareObject.datasetUri == share.datasetUri,
-                    ShareObject.environmentUri
-                    == share.environmentUri,
-                    ShareObject.shareUri == share_uri,
+                    ShareObject.environmentUri == share.environmentUri,
+                    ShareObject.shareUri == share.shareUri,
                     ShareObjectItem.status == status,
                 )
             )
             .all()
         )
 
+    @staticmethod
+    def find_all_share_items(session, share_uri, share_type):
         return (
-            tables,
-            folders,
+            session.query(ShareObjectItem).filter(
+                (
+                    and_(
+                        ShareObjectItem.shareUri == share_uri,
+                        ShareObjectItem.itemType == share_type
+                    )
+                )
+            ).all()
         )
 
     @staticmethod
@@ -1297,78 +795,6 @@ def get_share_items_states(session, share_uri, item_uris=None):
             query = query.filter(ShareObjectItem.shareItemUri.in_(item_uris))
         return [item.status for item in query.distinct(ShareObjectItem.status)]
 
-    @staticmethod
-    def resolve_share_object_statistics(session, uri, **kwargs):
-        share_item_shared_states = ShareItemSM.get_share_item_shared_states()
-        tables = (
-            session.query(ShareObjectItem)
-            .filter(
-                and_(
-                    ShareObjectItem.shareUri == uri,
-                    ShareObjectItem.itemType == 'DatasetTable',
-                )
-            )
-            .count()
-        )
-        locations = (
-            session.query(ShareObjectItem)
-            .filter(
-                and_(
-                    ShareObjectItem.shareUri == uri,
-                    ShareObjectItem.itemType == 'DatasetStorageLocation',
-                )
-            )
-            .count()
-        )
-        shared_items = (
-            session.query(ShareObjectItem)
-            .filter(
-                and_(
-                    ShareObjectItem.shareUri == uri,
-                    ShareObjectItem.status.in_(share_item_shared_states),
-                )
-            )
-            .count()
-        )
-        revoked_items = (
-            session.query(ShareObjectItem)
-            .filter(
-                and_(
-                    ShareObjectItem.shareUri == uri,
-                    ShareObjectItem.status.in_([ShareItemStatus.Revoke_Succeeded.value]),
-                )
-            )
-            .count()
-        )
-        failed_states = [
-            ShareItemStatus.Share_Failed.value,
-            ShareItemStatus.Revoke_Failed.value
-        ]
-        failed_items = (
-            session.query(ShareObjectItem)
-            .filter(
-                and_(
-                    ShareObjectItem.shareUri == uri,
-                    ShareObjectItem.status.in_(failed_states),
-                )
-            )
-            .count()
-        )
-        pending_states = [
-            ShareItemStatus.PendingApproval.value
-        ]
-        pending_items = (
-            session.query(ShareObjectItem)
-            .filter(
-                and_(
-                    ShareObjectItem.shareUri == uri,
-                    ShareObjectItem.status.in_(pending_states),
-                )
-            )
-            .count()
-        )
-        return {'tables': tables, 'locations': locations, 'sharedItems': shared_items, 'revokedItems': revoked_items, 'failedItems': failed_items, 'pendingItems': pending_items}
-
     @staticmethod
     def has_shared_items(session, item_uri: str) -> int:
         share_item_shared_states = ShareItemSM.get_share_item_shared_states()
diff --git a/backend/dataall/modules/dataset_sharing/services/share_item_service.py b/backend/dataall/modules/dataset_sharing/services/share_item_service.py
new file mode 100644
index 000000000..db2613bba
--- /dev/null
+++ b/backend/dataall/modules/dataset_sharing/services/share_item_service.py
@@ -0,0 +1,164 @@
+import logging
+
+from dataall.aws.handlers.service_handlers import Worker
+from dataall.core.context import get_context
+from dataall.core.permission_checker import has_resource_permission
+from dataall.db import utils
+from dataall.db.api import Environment, ResourcePolicy
+from dataall.db.exceptions import ObjectNotFound, ShareItemsFound, UnauthorizedOperation
+from dataall.db.models import Task
+from dataall.modules.dataset_sharing.db.enums import ShareObjectActions, ShareableType, ShareItemStatus, \
+    ShareItemActions
+from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
+from dataall.modules.dataset_sharing.db.share_object_repository import ShareObjectRepository, ShareObjectSM, ShareItemSM
+from dataall.modules.dataset_sharing.services.share_notification_service import ShareNotificationService
+from dataall.modules.dataset_sharing.services.share_permissions import GET_SHARE_OBJECT, ADD_ITEM, REMOVE_ITEM
+from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
+from dataall.modules.datasets_base.db.models import Dataset
+
+
+log = logging.getLogger(__name__)
+
+
+class ShareItemService:
+    @staticmethod
+    def _get_share_uri(session, uri):
+        share_item = ShareObjectRepository.get_share_item_by_uri(session, uri)
+        share = ShareObjectRepository.get_share_by_uri(session, share_item.shareUri)
+        return share.shareUri
+
+    @staticmethod
+    @has_resource_permission(GET_SHARE_OBJECT)
+    def revoke_items_share_object(uri, revoked_uris):
+        context = get_context()
+        with context.db_engine.scoped_session() as session:
+            share = ShareObjectRepository.get_share_by_uri(session, uri)
+            dataset = DatasetRepository.get_dataset_by_uri(session, share.datasetUri)
+            revoked_items_states = ShareObjectRepository.get_share_items_states(session, uri, revoked_uris)
+            revoked_items = [ShareObjectRepository.get_share_item_by_uri(session, uri) for uri in revoked_uris]
+
+            if revoked_items_states:
+                raise ShareItemsFound(
+                    action='Revoke Items from Share Object',
+                    message='Nothing to be revoked.',
+                )
+
+            share_sm = ShareObjectSM(share.status)
+            new_share_state = share_sm.run_transition(ShareObjectActions.RevokeItems.value)
+
+            for item_state in revoked_items_states:
+                item_sm = ShareItemSM(item_state)
+                new_state = item_sm.run_transition(ShareObjectActions.RevokeItems.value)
+                for item in revoked_items:
+                    if item.status == item_state:
+                        item_sm.update_state_single_item(session, item, new_state)
+
+            share_sm.update_state(session, share, new_share_state)
+
+            ResourcePolicy.delete_resource_policy(
+                session=session,
+                group=share.groupUri,
+                resource_uri=dataset.datasetUri,
+            )
+
+            ShareNotificationService.notify_share_object_rejection(session, context.username, dataset, share)
+
+            revoke_share_task: Task = Task(
+                action='ecs.share.revoke',
+                targetUri=uri,
+                payload={'environmentUri': share.environmentUri},
+            )
+            session.add(revoke_share_task)
+
+        Worker.queue(engine=context.db_engine, task_ids=[revoke_share_task.taskUri])
+
+        return share
+
+    @staticmethod
+    @has_resource_permission(ADD_ITEM)
+    def add_shared_item(uri: str, data: dict = None):
+        context = get_context()
+        with context.db_engine.scoped_session() as session:
+            item_type = data.get('itemType')
+            item_uri = data.get('itemUri')
+            share = ShareObjectRepository.get_share_by_uri(session, uri)
+            dataset: Dataset = DatasetRepository.get_dataset_by_uri(session, share.datasetUri)
+            target_environment = Environment.get_environment_by_uri(session, dataset.environmentUri)
+
+            share_sm = ShareObjectSM(share.status)
+            new_share_state = share_sm.run_transition(ShareItemActions.AddItem.value)
+            share_sm.update_state(session, share, new_share_state)
+
+            item = ShareObjectRepository.get_share_item(session, item_type, item_uri)
+            if not item:
+                raise ObjectNotFound('ShareObjectItem', item_uri)
+
+            if item_type == ShareableType.Table.value and item.region != target_environment.region:
+                raise UnauthorizedOperation(
+                    action=ADD_ITEM,
+                    message=f'Lake Formation cross region sharing is not supported. '
+                            f'Table {item.GlueTableName} is in {item.region} and target environment '
+                            f'{target_environment.name} is in {target_environment.region} ',
+                )
+
+            share_item: ShareObjectItem = ShareObjectRepository.find_sharable_item(session, uri, item_uri)
+
+            s3_access_point_name = utils.slugify(
+                share.datasetUri + '-' + share.principalId,
+                max_length=50, lowercase=True, regex_pattern='[^a-zA-Z0-9-]', separator='-'
+            )
+            log.info(f"S3AccessPointName={s3_access_point_name}")
+
+            if not share_item:
+                share_item = ShareObjectItem(
+                    shareUri=uri,
+                    itemUri=item_uri,
+                    itemType=item_type,
+                    itemName=item.name,
+                    status=ShareItemStatus.PendingApproval.value,
+                    owner=context.username,
+                    GlueDatabaseName=dataset.GlueDatabaseName
+                    if item_type == ShareableType.Table.value
+                    else '',
+                    GlueTableName=item.GlueTableName
+                    if item_type == ShareableType.Table.value
+                    else '',
+                    S3AccessPointName=s3_access_point_name
+                    if item_type == ShareableType.StorageLocation.value
+                    else '',
+                )
+                session.add(share_item)
+        return share_item
+
+    @staticmethod
+    @has_resource_permission(REMOVE_ITEM, parent_resource=_get_share_uri)
+    def remove_shared_item(uri: str):
+        with get_context().db_engine.scoped_session() as session:
+            share_item = ShareObjectRepository.get_share_item_by_uri(session, uri)
+
+            item_sm = ShareItemSM(share_item.status)
+            item_sm.run_transition(ShareItemActions.RemoveItem.value)
+            ShareObjectRepository.remove_share_object_item(session, share_item)
+        return True
+
+    @staticmethod
+    @has_resource_permission(GET_SHARE_OBJECT)
+    def resolve_shared_item(uri, item: ShareObjectItem):
+        with get_context().db_engine.scoped_session() as session:
+            return ShareObjectRepository.get_share_item(session, item.itemType, item.itemUri)
+
+    @staticmethod
+    def check_existing_shared_items(share):
+        with get_context().db_engine.scoped_session() as session:
+            return ShareObjectRepository.check_existing_shared_items(
+                session, share.shareUri
+            )
+
+    @staticmethod
+    def list_shareable_objects(share, filter, is_revokable=False):
+        states = None
+        if is_revokable:
+            states = ShareItemSM.get_share_item_revokable_states()
+
+        with get_context().db_engine.scoped_session() as session:
+            return ShareObjectRepository.list_shareable_items(session, share, states, filter)
diff --git a/backend/dataall/modules/dataset_sharing/services/share_managers/s3_share_manager.py b/backend/dataall/modules/dataset_sharing/services/share_managers/s3_share_manager.py
index 9662a3529..46c448643 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_managers/s3_share_manager.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_managers/s3_share_manager.py
@@ -39,10 +39,10 @@ def __init__(
         self.target_folder = target_folder
         self.source_environment = source_environment
         self.target_environment = target_environment
-        self.share_item = ShareObjectRepository.find_share_item_by_folder(
+        self.share_item = ShareObjectRepository.find_sharable_item(
             session,
-            share,
-            target_folder,
+            share.shareUri,
+            target_folder.locationUri,
         )
         self.access_point_name = self.share_item.S3AccessPointName
 
diff --git a/backend/dataall/modules/dataset_sharing/services/share_object_service.py b/backend/dataall/modules/dataset_sharing/services/share_object_service.py
new file mode 100644
index 000000000..5752a3d37
--- /dev/null
+++ b/backend/dataall/modules/dataset_sharing/services/share_object_service.py
@@ -0,0 +1,344 @@
+from sqlalchemy import and_
+
+from dataall.core.context import get_context
+from dataall.core.permission_checker import has_resource_permission
+from dataall.db import utils
+from dataall.db.api import ResourcePolicy, Environment
+from dataall.db.exceptions import ShareItemsFound, UnauthorizedOperation
+from dataall.db.models import Activity, PrincipalType, EnvironmentGroup, ConsumptionRole
+from dataall.modules.dataset_sharing.db.enums import ShareObjectActions, ShareableType, ShareItemStatus, \
+    ShareObjectStatus
+from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
+from dataall.modules.dataset_sharing.db.share_object_repository import ShareObjectRepository, ShareObjectSM, ShareItemSM
+from dataall.modules.dataset_sharing.services.share_notification_service import ShareNotificationService
+from dataall.modules.dataset_sharing.services.share_permissions import REJECT_SHARE_OBJECT, APPROVE_SHARE_OBJECT, \
+    SUBMIT_SHARE_OBJECT, SHARE_OBJECT_APPROVER, SHARE_OBJECT_REQUESTER, CREATE_SHARE_OBJECT, DELETE_SHARE_OBJECT, \
+    GET_SHARE_OBJECT
+from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
+from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
+from dataall.modules.datasets_base.services.permissions import DATASET_TABLE_READ
+
+
+class ShareObjectService:
+    @staticmethod
+    def _get_env_uri(session, uri):
+        dataset: Dataset = DatasetRepository.get_dataset_by_uri(session, uri)
+        environment = Environment.get_environment_by_uri(session, dataset.environmentUri)
+        return environment.environmentUri
+
+    @staticmethod
+    @has_resource_permission(GET_SHARE_OBJECT)
+    def get_share_object(uri):
+        with get_context().db_engine.scoped_session() as session:
+            return ShareObjectRepository.get_share_by_uri(session, uri)
+
+    @staticmethod
+    @has_resource_permission(CREATE_SHARE_OBJECT, parent_resource=_get_env_uri)
+    def create_share_object(
+            uri: str,
+            item_uri: str,
+            item_type: str,
+            group_uri,
+            principal_id,
+            principal_type
+    ):
+        context = get_context()
+        with context.db_engine.scoped_session() as session:
+            dataset: Dataset = DatasetRepository.get_dataset_by_uri(session, uri)
+            environment = Environment.get_environment_by_uri(session, dataset.environmentUri)
+
+            if environment.region != dataset.region:
+                raise UnauthorizedOperation(
+                    action=CREATE_SHARE_OBJECT,
+                    message=f'Requester Team {group_uri} works in region {environment.region} ' +
+                            f'and the requested dataset is stored in region {dataset.region}',
+                )
+
+            if principal_type == PrincipalType.ConsumptionRole.value:
+                consumption_role: ConsumptionRole = Environment.get_environment_consumption_role(
+                    session,
+                    principal_id,
+                    environment.environmentUri
+                )
+                principal_iam_role_name = consumption_role.IAMRoleName
+            else:
+                env_group: EnvironmentGroup = Environment.get_environment_group(
+                    session,
+                    group_uri,
+                    environment.environmentUri
+                )
+                principal_iam_role_name = env_group.environmentIAMRoleName
+
+            if (
+                    dataset.stewards == group_uri or dataset.SamlAdminGroupName == group_uri
+            ) and environment.environmentUri == dataset.environmentUri and principal_type == PrincipalType.Group.value:
+                raise UnauthorizedOperation(
+                    action=CREATE_SHARE_OBJECT,
+                    message=f'Team: {group_uri} is managing the dataset {dataset.name}',
+                )
+
+            ShareObjectService._validate_group_membership(session, group_uri, environment.environmentUri)
+
+            has_share = ShareObjectRepository.exists(session, dataset, environment, principal_id, group_uri)
+            if not has_share:
+                share = ShareObject(
+                    datasetUri=dataset.datasetUri,
+                    environmentUri=environment.environmentUri,
+                    owner=context.username,
+                    groupUri=group_uri,
+                    principalId=principal_id,
+                    principalType=principal_type,
+                    principalIAMRoleName=principal_iam_role_name,
+                    status=ShareObjectStatus.Draft.value,
+                )
+                ShareObjectRepository.save_and_commit(session, share)
+
+            if item_uri:
+                item = ShareObjectRepository.get_share_item(session, item_type, item_uri)
+                share_item = ShareObjectRepository.find_sharable_item(session, share.shareUri, item_uri)
+
+                s3_access_point_name = utils.slugify(
+                    share.datasetUri + '-' + share.principalId,
+                    max_length=50, lowercase=True, regex_pattern='[^a-zA-Z0-9-]', separator='-'
+                )
+
+                if not share_item and item:
+                    new_share_item: ShareObjectItem = ShareObjectItem(
+                        shareUri=share.shareUri,
+                        itemUri=item_uri,
+                        itemType=item_type,
+                        itemName=item.name,
+                        status=ShareItemStatus.PendingApproval.value,
+                        owner=context.username,
+                        GlueDatabaseName=dataset.GlueDatabaseName
+                        if item_type == ShareableType.Table.value
+                        else '',
+                        GlueTableName=item.GlueTableName
+                        if item_type == ShareableType.Table.value
+                        else '',
+                        S3AccessPointName=s3_access_point_name
+                        if item_type == ShareableType.StorageLocation.value
+                        else '',
+                    )
+                    session.add(new_share_item)
+
+            activity = Activity(
+                action='SHARE_OBJECT:CREATE',
+                label='SHARE_OBJECT:CREATE',
+                owner=context.username,
+                summary=f'{context.username} created a share object for the {dataset.name} in {environment.name} for the principal: {principal_id}',
+                targetUri=dataset.datasetUri,
+                targetType='dataset',
+            )
+            session.add(activity)
+
+            # Attaching REQUESTER permissions to:
+            # requester group (groupUri)
+            # dataset.SamlAdminGroupName
+            # environment.SamlGroupName
+            ShareObjectService._attach_share_resource_policy(session, share, group_uri)
+            ShareObjectService._attach_share_resource_policy(session, share, dataset.SamlGroupName)
+            if dataset.SamlAdminGroupName != environment.SamlGroupName:
+                ShareObjectService._attach_share_resource_policy(session, share, environment.SamlGroupName)
+
+            # Attaching REQUESTER permissions to:
+            # dataset.stewards (includes the dataset Admins)
+            ResourcePolicy.attach_resource_policy(
+                session=session,
+                group=dataset.stewards,
+                permissions=SHARE_OBJECT_APPROVER,
+                resource_uri=share.shareUri,
+                resource_type=ShareObject.__name__,
+            )
+            return share
+
+    @staticmethod
+    @has_resource_permission(SUBMIT_SHARE_OBJECT)
+    def submit_share_object(uri: str):
+        context = get_context()
+        with context.db_engine.scoped_session() as session:
+            share, dataset, states = ShareObjectService._get_share_data(session, uri)
+
+            valid_states = [ShareItemStatus.PendingApproval.value]
+            valid_share_items_states = [x for x in valid_states if x in states]
+
+            if valid_share_items_states:
+                raise ShareItemsFound(
+                    action='Submit Share Object',
+                    message='The request is empty of pending items. Add items to share request.',
+                )
+
+            ShareObjectService._run_transitions(session, share, states, ShareObjectActions.Submit)
+            ShareNotificationService.notify_share_object_submission(
+                session, context.username, dataset, share
+            )
+
+    @staticmethod
+    @has_resource_permission(APPROVE_SHARE_OBJECT)
+    def approve_share_object(uri: str):
+        context = get_context()
+        with context.db_engine.scoped_session() as session:
+            share, dataset, states = ShareObjectService._get_share_data(session, uri)
+            ShareObjectService._run_transitions(session, share, states, ShareObjectActions.Approve)
+
+            # GET TABLES SHARED AND APPROVE SHARE FOR EACH TABLE
+            share_table_items = ShareObjectRepository.find_all_share_items(session, uri, ShareableType.Table.value)
+            for table in share_table_items:
+                ResourcePolicy.attach_resource_policy(
+                    session=session,
+                    group=share.principalId,
+                    permissions=DATASET_TABLE_READ,
+                    resource_uri=table.itemUri,
+                    resource_type=DatasetTable.__name__,
+                )
+
+            ShareNotificationService.notify_share_object_approval(session, context.username, dataset, share)
+            return share
+
+            approve_share_task: Task = Task(
+                action='ecs.share.approve',
+                targetUri=uri,
+                payload={'environmentUri': share.environmentUri},
+            )
+            session.add(approve_share_task)
+
+        Worker.queue(engine=context.db_engine, task_ids=[approve_share_task.taskUri])
+
+        return share
+
+    @staticmethod
+    @has_resource_permission(REJECT_SHARE_OBJECT)
+    def reject_share_object(uri: str):
+        context = get_context()
+        with context.db_engine.scoped_session() as session:
+            share, dataset, states = ShareObjectService._get_share_data(session, uri)
+            ShareObjectService._run_transitions(session, share, states, ShareObjectActions.Reject)
+            ResourcePolicy.delete_resource_policy(
+                session=session,
+                group=share.groupUri,
+                resource_uri=dataset.datasetUri,
+            )
+
+            ShareNotificationService.notify_share_object_rejection(session, context.username, dataset, share)
+            return share
+
+    @staticmethod
+    @has_resource_permission(DELETE_SHARE_OBJECT)
+    def delete_share_object(uri: str):
+        with get_context().db_engine.scoped_session() as session:
+            share, dataset, states = ShareObjectService._get_share_data(session, uri)
+            shared_share_items_states = [x for x in ShareItemSM.get_share_item_shared_states() if x in states]
+
+            if shared_share_items_states:
+                raise ShareItemsFound(
+                    action='Delete share object',
+                    message='There are shared items in this request. ' +
+                            'Revoke access to these items before deleting the request.',
+                )
+
+            new_state = ShareObjectService._run_transitions(session, share, states, ShareObjectActions.Delete)
+            if new_state == ShareObjectStatus.Deleted.value:
+                session.delete(share)
+
+            return True
+
+    @staticmethod
+    def resolve_share_object_statistics(uri):
+        with get_context().db_engine.scoped_session() as session:
+            tables = ShareObjectRepository.count_sharable_items(session, uri, 'DatasetTable')
+            locations = ShareObjectRepository.count_sharable_items(session, uri, 'DatasetStorageLocation')
+            shared_items = ShareObjectRepository.count_items_in_states(
+                session, uri, ShareItemSM.get_share_item_shared_states()
+            )
+            revoked_items = ShareObjectRepository.count_items_in_states(
+                session, uri, [ShareItemStatus.Revoke_Succeeded.value]
+            )
+            failed_states = [
+                ShareItemStatus.Share_Failed.value,
+                ShareItemStatus.Revoke_Failed.value
+            ]
+            failed_items = ShareObjectRepository.count_items_in_states(
+                session, uri, failed_states
+            )
+            pending_items = ShareObjectRepository.count_items_in_states(
+                session, uri, [ShareItemStatus.PendingApproval.value]
+            )
+            return {'tables': tables, 'locations': locations, 'sharedItems': shared_items, 'revokedItems': revoked_items,
+                    'failedItems': failed_items, 'pendingItems': pending_items}
+
+    @staticmethod
+    def list_shares_in_my_inbox(filter: dict):
+        # TODO THERE WAS NO PERMISSION CHECK
+        context = get_context()
+        with context.db_engine.scoped_session() as session:
+            return ShareObjectRepository.list_user_received_share_requests(
+                session=session,
+                username=context.username,
+                groups=context.groups,
+                data=filter,
+            )
+
+    @staticmethod
+    def list_shares_in_my_outbox(filter):
+        # TODO THERE WAS NO PERMISSION CHECK
+        context = get_context()
+        with context.db_engine.scoped_session() as session:
+            return ShareObjectRepository.list_user_sent_share_requests(
+                session=session,
+                username=context.username,
+                groups=context.groups,
+                data=filter,
+            )
+
+    @staticmethod
+    def _run_transitions(session, share, share_items_states, action):
+        share_sm = ShareObjectSM(share.status)
+        new_share_state = share_sm.run_transition(action.value)
+
+        for item_state in share_items_states:
+            item_sm = ShareItemSM(item_state)
+            new_state = item_sm.run_transition(action.value)
+            item_sm.update_state(session, share.shareUri, new_state)
+
+        share_sm.update_state(session, share, new_share_state)
+        return new_share_state
+
+    @staticmethod
+    def _get_share_data(session, uri):
+        share = ShareObjectRepository.get_share_by_uri(session, uri)
+        dataset = DatasetRepository.get_dataset_by_uri(session, share.datasetUri)
+        share_items_states = ShareObjectRepository.get_share_items_states(session, uri)
+        return share, dataset, share_items_states
+
+    @staticmethod
+    def _attach_share_resource_policy(session, share, group):
+        ResourcePolicy.attach_resource_policy(
+            session=session,
+            group=group,
+            permissions=SHARE_OBJECT_REQUESTER,
+            resource_uri=share.shareUri,
+            resource_type=ShareObject.__name__,
+        )
+
+    @staticmethod
+    def _validate_group_membership(
+        session, share_object_group, environment_uri
+    ):
+        context = get_context()
+        if share_object_group and share_object_group not in context.groups:
+            raise UnauthorizedOperation(
+                action=CREATE_SHARE_OBJECT,
+                message=f'User: {context.username} is not a member of the team {share_object_group}',
+            )
+        if share_object_group not in Environment.list_environment_groups(
+            session=session,
+            username=context.username,
+            groups=context.groups,
+            uri=environment_uri,
+            data=None,
+            check_perm=True,
+        ):
+            raise UnauthorizedOperation(
+                action=CREATE_SHARE_OBJECT,
+                message=f'Team: {share_object_group} is not a member of the environment {environment_uri}',
+            )
diff --git a/backend/dataall/modules/dataset_sharing/services/share_processors/lf_process_cross_account_share.py b/backend/dataall/modules/dataset_sharing/services/share_processors/lf_process_cross_account_share.py
index 6e96fa0b5..64e46eb91 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_processors/lf_process_cross_account_share.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_processors/lf_process_cross_account_share.py
@@ -74,8 +74,8 @@ def process_approved_shares(self) -> bool:
             for table in self.shared_tables:
                 log.info(f"Sharing table {table.GlueTableName}...")
 
-                share_item = ShareObjectRepository.find_share_item_by_table(
-                    self.session, self.share, table
+                share_item = ShareObjectRepository.find_sharable_item(
+                    self.session, self.share.shareUri, table.tableUri
                 )
 
                 if not share_item:
@@ -140,8 +140,8 @@ def process_revoked_shares(self) -> bool:
         shared_db_name = self.build_shared_db_name()
         principals = self.get_share_principals()
         for table in self.revoked_tables:
-            share_item = ShareObjectRepository.find_share_item_by_table(
-                self.session, self.share, table
+            share_item = ShareObjectRepository.find_sharable_item(
+                self.session, self.share.shareUri, table.tableUri
             )
 
             revoked_item_SM = ShareItemSM(ShareItemStatus.Revoke_Approved.value)
diff --git a/backend/dataall/modules/dataset_sharing/services/share_processors/lf_process_same_account_share.py b/backend/dataall/modules/dataset_sharing/services/share_processors/lf_process_same_account_share.py
index b6e11482d..7f7968366 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_processors/lf_process_same_account_share.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_processors/lf_process_same_account_share.py
@@ -70,8 +70,8 @@ def process_approved_shares(self) -> bool:
 
         for table in self.shared_tables:
 
-            share_item = ShareObjectRepository.find_share_item_by_table(
-                self.session, self.share, table
+            share_item = ShareObjectRepository.find_sharable_item(
+                self.session, self.share.shareUri, table.tableUri
             )
 
             if not share_item:
@@ -121,8 +121,8 @@ def process_revoked_shares(self) -> bool:
         shared_db_name = self.build_shared_db_name()
         principals = self.get_share_principals()
         for table in self.revoked_tables:
-            share_item = ShareObjectRepository.find_share_item_by_table(
-                self.session, self.share, table
+            share_item = ShareObjectRepository.find_sharable_item(
+                self.session, self.share.shareUri, table.tableUri
             )
             if not share_item:
                 log.info(
diff --git a/backend/dataall/modules/dataset_sharing/services/share_processors/s3_process_share.py b/backend/dataall/modules/dataset_sharing/services/share_processors/s3_process_share.py
index 7b79f4013..bd9eb9298 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_processors/s3_process_share.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_processors/s3_process_share.py
@@ -64,10 +64,10 @@ def process_approved_shares(
         success = True
         for folder in share_folders:
             log.info(f'sharing folder: {folder}')
-            sharing_item = ShareObjectRepository.find_share_item_by_folder(
+            sharing_item = ShareObjectRepository.find_sharable_item(
                 session,
-                share,
-                folder,
+                share.shareUri,
+                folder.locationUri,
             )
             shared_item_SM = ShareItemSM(ShareItemStatus.Share_Approved.value)
             new_state = shared_item_SM.run_transition(ShareObjectActions.Start.value)
@@ -129,10 +129,10 @@ def process_revoked_shares(
         success = True
         for folder in revoke_folders:
             log.info(f'revoking access to folder: {folder}')
-            removing_item = ShareObjectRepository.find_share_item_by_folder(
+            removing_item = ShareObjectRepository.find_sharable_item(
                 session,
-                share,
-                folder,
+                share.shareUri,
+                folder.locationUri,
             )
 
             revoked_item_SM = ShareItemSM(ShareItemStatus.Revoke_Approved.value)
diff --git a/backend/dataall/modules/datasets/api/table/resolvers.py b/backend/dataall/modules/datasets/api/table/resolvers.py
index 5b047ab49..8fb41b064 100644
--- a/backend/dataall/modules/datasets/api/table/resolvers.py
+++ b/backend/dataall/modules/datasets/api/table/resolvers.py
@@ -55,12 +55,10 @@ def get_glue_table_properties(context: Context, source: DatasetTable, **kwargs):
 def resolve_dataset(context, source: DatasetTable, **kwargs):
     if not source:
         return None
-    with context.engine.scoped_session() as session:
-        dataset_with_role = get_dataset(
-            context, source=None, datasetUri=source.datasetUri
-        )
-        if not dataset_with_role:
-            return None
+
+    dataset_with_role = get_dataset(context, source=None, datasetUri=source.datasetUri)
+    if not dataset_with_role:
+        return None
     return dataset_with_role
 
 
@@ -95,5 +93,5 @@ def resolve_redshift_copy_location(
         ).dataLocation
 
 
-def list_shared_tables_by_env_dataset(context: Context, source, datasetUri: str, envUri: str, filter: dict = None):
+def list_shared_tables_by_env_dataset(context: Context, source, datasetUri: str, envUri: str):
     return DatasetTableService.list_shared_tables_by_env_dataset(datasetUri, envUri)

From dd0fc0ac0c0c45d9fa6d4850a40a0358d151edd9 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 15 May 2023 16:03:53 +0200
Subject: [PATCH 180/346] Review remarks

---
 backend/dataall/modules/loader.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/backend/dataall/modules/loader.py b/backend/dataall/modules/loader.py
index 8fc03c0b4..7354ebeec 100644
--- a/backend/dataall/modules/loader.py
+++ b/backend/dataall/modules/loader.py
@@ -184,6 +184,9 @@ def _check_loading_correct(in_config: Set[str], modes: List[ImportMode]):
             for dependency in module.depends_on():
                 if dependency not in expected_load:
                     expected_load.add(dependency)
+                    if not dependency.is_supported(modes):
+                        raise ImportError(f"Dependency {dependency.name()} doesn't support {modes}")
+
                     new_to_add.append(dependency)
         to_add = new_to_add
 

From 6765aaa009e9bd803a30dc80bfe1f253f1277c89 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 15 May 2023 16:24:36 +0200
Subject: [PATCH 181/346] Removed dataset_share_service.py

---
 .../modules/dataset_sharing/api/resolvers.py  |  15 +-
 .../db/share_object_repository.py             |  99 +++++++++
 .../services/dataset_share_service.py         | 207 ------------------
 .../services/share_item_service.py            |  14 +-
 4 files changed, 116 insertions(+), 219 deletions(-)
 delete mode 100644 backend/dataall/modules/dataset_sharing/services/dataset_share_service.py

diff --git a/backend/dataall/modules/dataset_sharing/api/resolvers.py b/backend/dataall/modules/dataset_sharing/api/resolvers.py
index 350330c32..f6e5347d2 100644
--- a/backend/dataall/modules/dataset_sharing/api/resolvers.py
+++ b/backend/dataall/modules/dataset_sharing/api/resolvers.py
@@ -8,7 +8,6 @@
 from dataall.db.exceptions import RequiredParameter
 from dataall.modules.dataset_sharing.api.enums import ShareObjectPermission
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
-from dataall.modules.dataset_sharing.services.dataset_share_service import DatasetShareService
 from dataall.modules.dataset_sharing.services.share_item_service import ShareItemService
 from dataall.modules.dataset_sharing.services.share_object_service import ShareObjectService
 from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
@@ -216,14 +215,11 @@ def list_data_items_shared_with_env_group(
     if not filter:
         filter = {}
     with context.engine.scoped_session() as session:
-        return DatasetShareService.paginated_shared_with_environment_group_datasets(
+        return ShareItemService.paginated_shared_with_environment_group_datasets(
             session=session,
-            username=context.username,
-            groups=context.groups,
-            envUri=environmentUri,
-            groupUri=groupUri,
+            env_uri=environmentUri,
+            group_uri=groupUri,
             data=filter,
-            check_perm=True,
         )
 
 
@@ -233,11 +229,8 @@ def list_shared_with_environment_data_items(
     if not filter:
         filter = {}
     with context.engine.scoped_session() as session:
-        return DatasetShareService.paginated_shared_with_environment_datasets(
+        return ShareItemService.paginated_shared_with_environment_datasets(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=environmentUri,
             data=filter,
-            check_perm=True,
         )
diff --git a/backend/dataall/modules/dataset_sharing/db/share_object_repository.py b/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
index dfa27f33e..29d59fc9a 100644
--- a/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
+++ b/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
@@ -916,3 +916,102 @@ def list_dataset_shares_with_existing_shared_items(session, dataset_uri) -> [Sha
         )
         return query.all()
 
+    @staticmethod
+    def paginate_shared_datasets(session, env_uri, group_uri, data):
+        share_item_shared_states = ShareItemSM.get_share_item_shared_states()
+        q = (
+            session.query(
+                ShareObjectItem.shareUri.label('shareUri'),
+                Dataset.datasetUri.label('datasetUri'),
+                Dataset.name.label('datasetName'),
+                Dataset.description.label('datasetDescription'),
+                models.Environment.environmentUri.label('environmentUri'),
+                models.Environment.name.label('environmentName'),
+                ShareObject.created.label('created'),
+                ShareObject.principalId.label('principalId'),
+                ShareObject.principalType.label('principalType'),
+                ShareObjectItem.itemType.label('itemType'),
+                ShareObjectItem.GlueDatabaseName.label('GlueDatabaseName'),
+                ShareObjectItem.GlueTableName.label('GlueTableName'),
+                ShareObjectItem.S3AccessPointName.label('S3AccessPointName'),
+                models.Organization.organizationUri.label('organizationUri'),
+                models.Organization.name.label('organizationName'),
+                case(
+                    [
+                        (
+                            ShareObjectItem.itemType
+                            == ShareableType.Table.value,
+                            func.concat(
+                                DatasetTable.GlueDatabaseName,
+                                '.',
+                                DatasetTable.GlueTableName,
+                            ),
+                        ),
+                        (
+                            ShareObjectItem.itemType
+                            == ShareableType.StorageLocation.value,
+                            func.concat(DatasetStorageLocation.name),
+                        ),
+                    ],
+                    else_='XXX XXXX',
+                ).label('itemAccess'),
+            )
+            .join(
+                ShareObject,
+                ShareObject.shareUri == ShareObjectItem.shareUri,
+            )
+            .join(
+                Dataset,
+                ShareObject.datasetUri == Dataset.datasetUri,
+            )
+            .join(
+                models.Environment,
+                models.Environment.environmentUri == Dataset.environmentUri,
+            )
+            .join(
+                models.Organization,
+                models.Organization.organizationUri
+                == models.Environment.organizationUri,
+            )
+            .outerjoin(
+                DatasetTable,
+                ShareObjectItem.itemUri == DatasetTable.tableUri,
+            )
+            .outerjoin(
+                DatasetStorageLocation,
+                ShareObjectItem.itemUri
+                == DatasetStorageLocation.locationUri,
+            )
+            .filter(
+                and_(
+                    ShareObjectItem.status.in_(share_item_shared_states),
+                    ShareObject.environmentUri == env_uri,
+                    ShareObject.principalId == group_uri if group_uri else True,
+                )
+            )
+        )
+
+        if data.get('datasetUri'):
+            dataset_uri = data.get('datasetUri')
+            q = q.filter(ShareObject.datasetUri == dataset_uri)
+
+        if data.get('itemTypes', None):
+            item_types = data.get('itemTypes')
+            q = q.filter(
+                or_(*[ShareObjectItem.itemType == t for t in item_types])
+            )
+
+        if data.get("uniqueShares", False):
+            q = q.filter(ShareObject.principalType != PrincipalType.ConsumptionRole.value)
+            q = q.distinct(ShareObject.shareUri)
+
+        if data.get('term'):
+            term = data.get('term')
+            q = q.filter(ShareObjectItem.itemName.ilike('%' + term + '%'))
+
+        return paginate(
+            query=q, page=data.get('page', 1), page_size=data.get('pageSize', 10)
+        ).to_dict()
+
+
+
diff --git a/backend/dataall/modules/dataset_sharing/services/dataset_share_service.py b/backend/dataall/modules/dataset_sharing/services/dataset_share_service.py
deleted file mode 100644
index 80a0d9998..000000000
--- a/backend/dataall/modules/dataset_sharing/services/dataset_share_service.py
+++ /dev/null
@@ -1,207 +0,0 @@
-from sqlalchemy import or_, case, func
-from sqlalchemy.sql import and_
-
-from dataall.api.constants import PrincipalType
-from dataall.db import models, permissions
-from dataall.db.api import has_resource_perm
-from dataall.db.paginator import paginate
-from dataall.modules.dataset_sharing.db.enums import ShareableType
-from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
-from dataall.modules.dataset_sharing.db.share_object_repository import ShareItemSM
-from dataall.modules.dataset_sharing.services.share_permissions import LIST_ENVIRONMENT_SHARED_WITH_OBJECTS
-from dataall.modules.datasets_base.db.models import DatasetStorageLocation, DatasetTable, Dataset
-
-
-class DatasetShareService:
-
-    @staticmethod
-    @has_resource_perm(LIST_ENVIRONMENT_SHARED_WITH_OBJECTS)
-    def paginated_shared_with_environment_datasets(
-            session, username, groups, uri, data=None, check_perm=None
-    ) -> dict:
-        share_item_shared_states = ShareItemSM.get_share_item_shared_states()
-        q = (
-            session.query(
-                ShareObjectItem.shareUri.label('shareUri'),
-                Dataset.datasetUri.label('datasetUri'),
-                Dataset.name.label('datasetName'),
-                Dataset.description.label('datasetDescription'),
-                models.Environment.environmentUri.label('environmentUri'),
-                models.Environment.name.label('environmentName'),
-                ShareObject.created.label('created'),
-                ShareObject.principalId.label('principalId'),
-                ShareObject.principalType.label('principalType'),
-                ShareObjectItem.itemType.label('itemType'),
-                ShareObjectItem.GlueDatabaseName.label('GlueDatabaseName'),
-                ShareObjectItem.GlueTableName.label('GlueTableName'),
-                ShareObjectItem.S3AccessPointName.label('S3AccessPointName'),
-                models.Organization.organizationUri.label('organizationUri'),
-                models.Organization.name.label('organizationName'),
-                case(
-                    [
-                        (
-                            ShareObjectItem.itemType
-                            == ShareableType.Table.value,
-                            func.concat(
-                                DatasetTable.GlueDatabaseName,
-                                '.',
-                                DatasetTable.GlueTableName,
-                            ),
-                        ),
-                        (
-                            ShareObjectItem.itemType
-                            == ShareableType.StorageLocation.value,
-                            func.concat(DatasetStorageLocation.name),
-                        ),
-                    ],
-                    else_='XXX XXXX',
-                ).label('itemAccess'),
-            )
-            .join(
-                ShareObject,
-                ShareObject.shareUri == ShareObjectItem.shareUri,
-            )
-            .join(
-                Dataset,
-                ShareObject.datasetUri == Dataset.datasetUri,
-            )
-            .join(
-                models.Environment,
-                models.Environment.environmentUri == Dataset.environmentUri,
-            )
-            .join(
-                models.Organization,
-                models.Organization.organizationUri
-                == models.Environment.organizationUri,
-            )
-            .outerjoin(
-                DatasetTable,
-                ShareObjectItem.itemUri == DatasetTable.tableUri,
-            )
-            .outerjoin(
-                DatasetStorageLocation,
-                ShareObjectItem.itemUri
-                == DatasetStorageLocation.locationUri,
-            )
-            .filter(
-                and_(
-                    ShareObjectItem.status.in_(share_item_shared_states),
-                    ShareObject.environmentUri == uri,
-                )
-            )
-        )
-
-        if data.get('datasetUri'):
-            datasetUri = data.get('datasetUri')
-            q = q.filter(ShareObject.datasetUri == datasetUri)
-
-        if data.get('itemTypes', None):
-            itemTypes = data.get('itemTypes')
-            q = q.filter(
-                or_(*[ShareObjectItem.itemType == t for t in itemTypes])
-            )
-
-        if data.get("uniqueShares", False):
-            q = q.filter(ShareObject.principalType != PrincipalType.ConsumptionRole.value)
-            q = q.distinct(ShareObject.shareUri)
-
-        if data.get('term'):
-            term = data.get('term')
-            q = q.filter(ShareObjectItem.itemName.ilike('%' + term + '%'))
-
-        return paginate(
-            query=q, page=data.get('page', 1), page_size=data.get('pageSize', 10)
-        ).to_dict()
-
-    @staticmethod
-    def paginated_shared_with_environment_group_datasets(
-            session, username, groups, envUri, groupUri, data=None, check_perm=None
-    ) -> dict:
-        share_item_shared_states = ShareItemSM.get_share_item_shared_states()
-        q = (
-            session.query(
-                ShareObjectItem.shareUri.label('shareUri'),
-                Dataset.datasetUri.label('datasetUri'),
-                Dataset.name.label('datasetName'),
-                Dataset.description.label('datasetDescription'),
-                models.Environment.environmentUri.label('environmentUri'),
-                models.Environment.name.label('environmentName'),
-                ShareObject.created.label('created'),
-                ShareObject.principalId.label('principalId'),
-                ShareObjectItem.itemType.label('itemType'),
-                ShareObjectItem.GlueDatabaseName.label('GlueDatabaseName'),
-                ShareObjectItem.GlueTableName.label('GlueTableName'),
-                ShareObjectItem.S3AccessPointName.label('S3AccessPointName'),
-                models.Organization.organizationUri.label('organizationUri'),
-                models.Organization.name.label('organizationName'),
-                case(
-                    [
-                        (
-                            ShareObjectItem.itemType
-                            == ShareableType.Table.value,
-                            func.concat(
-                                DatasetTable.GlueDatabaseName,
-                                '.',
-                                DatasetTable.GlueTableName,
-                            ),
-                        ),
-                        (
-                            ShareObjectItem.itemType
-                            == ShareableType.StorageLocation.value,
-                            func.concat(DatasetStorageLocation.name),
-                        ),
-                    ],
-                    else_='XXX XXXX',
-                ).label('itemAccess'),
-            )
-            .join(
-                ShareObject,
-                ShareObject.shareUri == ShareObjectItem.shareUri,
-            )
-            .join(
-                Dataset,
-                ShareObject.datasetUri == Dataset.datasetUri,
-            )
-            .join(
-                models.Environment,
-                models.Environment.environmentUri == Dataset.environmentUri,
-            )
-            .join(
-                models.Organization,
-                models.Organization.organizationUri
-                == models.Environment.organizationUri,
-            )
-            .outerjoin(
-                DatasetTable,
-                ShareObjectItem.itemUri == DatasetTable.tableUri,
-            )
-            .outerjoin(
-                DatasetStorageLocation,
-                ShareObjectItem.itemUri
-                == DatasetStorageLocation.locationUri,
-            )
-            .filter(
-                and_(
-                    ShareObjectItem.status.in_(share_item_shared_states),
-                    ShareObject.environmentUri == envUri,
-                    ShareObject.principalId == groupUri,
-                )
-            )
-        )
-
-        if data.get('datasetUri'):
-            datasetUri = data.get('datasetUri')
-            q = q.filter(ShareObject.datasetUri == datasetUri)
-
-        if data.get('itemTypes', None):
-            itemTypes = data.get('itemTypes')
-            q = q.filter(
-                or_(*[ShareObjectItem.itemType == t for t in itemTypes])
-            )
-        if data.get('term'):
-            term = data.get('term')
-            q = q.filter(ShareObjectItem.itemName.ilike('%' + term + '%'))
-
-        return paginate(
-            query=q, page=data.get('page', 1), page_size=data.get('pageSize', 10)
-        ).to_dict()
diff --git a/backend/dataall/modules/dataset_sharing/services/share_item_service.py b/backend/dataall/modules/dataset_sharing/services/share_item_service.py
index db2613bba..604924797 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_item_service.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_item_service.py
@@ -12,7 +12,8 @@
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
 from dataall.modules.dataset_sharing.db.share_object_repository import ShareObjectRepository, ShareObjectSM, ShareItemSM
 from dataall.modules.dataset_sharing.services.share_notification_service import ShareNotificationService
-from dataall.modules.dataset_sharing.services.share_permissions import GET_SHARE_OBJECT, ADD_ITEM, REMOVE_ITEM
+from dataall.modules.dataset_sharing.services.share_permissions import GET_SHARE_OBJECT, ADD_ITEM, REMOVE_ITEM, \
+    LIST_ENVIRONMENT_SHARED_WITH_OBJECTS
 from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base.db.models import Dataset
 
@@ -162,3 +163,14 @@ def list_shareable_objects(share, filter, is_revokable=False):
 
         with get_context().db_engine.scoped_session() as session:
             return ShareObjectRepository.list_shareable_items(session, share, states, filter)
+
+    @staticmethod
+    @has_resource_permission(LIST_ENVIRONMENT_SHARED_WITH_OBJECTS)
+    def paginated_shared_with_environment_datasets(session, uri, data) -> dict:
+        return ShareObjectRepository.paginate_shared_datasets(session, uri, None, data)
+
+    @staticmethod
+    def paginated_shared_with_environment_group_datasets(session, env_uri, group_uri, data) -> dict:
+        # TODO THERE WAS NOT PERMISSION
+        return ShareObjectRepository.paginate_shared_datasets(session, env_uri, group_uri, data)
+

From 4d2db02d618b34fb9968c4df977266c8fbb711e5 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 15 May 2023 17:13:49 +0200
Subject: [PATCH 182/346] Small fix

---
 .../modules/dataset_sharing/api/resolvers.py      |  5 ++---
 .../services/share_object_service.py              | 15 +++++----------
 2 files changed, 7 insertions(+), 13 deletions(-)

diff --git a/backend/dataall/modules/dataset_sharing/api/resolvers.py b/backend/dataall/modules/dataset_sharing/api/resolvers.py
index f6e5347d2..9d32aed3d 100644
--- a/backend/dataall/modules/dataset_sharing/api/resolvers.py
+++ b/backend/dataall/modules/dataset_sharing/api/resolvers.py
@@ -28,15 +28,14 @@ def create_share_object(
         raise RequiredParameter(input)
     if 'principalId' not in input:
         raise RequiredParameter('principalId')
-    if 'datasetUri' not in input:
-        raise RequiredParameter('datasetUri')
     if 'principalType' not in input:
         raise RequiredParameter('principalType')
     if 'groupUri' not in input:
         raise RequiredParameter('groupUri')
 
     return ShareObjectService.create_share_object(
-        uri=datasetUri,
+        uri=input['environmentUri'],
+        dataset_uri=datasetUri,
         item_uri=itemUri,
         item_type=itemType,
         group_uri=input['groupUri'],
diff --git a/backend/dataall/modules/dataset_sharing/services/share_object_service.py b/backend/dataall/modules/dataset_sharing/services/share_object_service.py
index 5752a3d37..154b129f5 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_object_service.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_object_service.py
@@ -20,12 +20,6 @@
 
 
 class ShareObjectService:
-    @staticmethod
-    def _get_env_uri(session, uri):
-        dataset: Dataset = DatasetRepository.get_dataset_by_uri(session, uri)
-        environment = Environment.get_environment_by_uri(session, dataset.environmentUri)
-        return environment.environmentUri
-
     @staticmethod
     @has_resource_permission(GET_SHARE_OBJECT)
     def get_share_object(uri):
@@ -33,9 +27,10 @@ def get_share_object(uri):
             return ShareObjectRepository.get_share_by_uri(session, uri)
 
     @staticmethod
-    @has_resource_permission(CREATE_SHARE_OBJECT, parent_resource=_get_env_uri)
+    @has_resource_permission(CREATE_SHARE_OBJECT)
     def create_share_object(
             uri: str,
+            dataset_uri: str,
             item_uri: str,
             item_type: str,
             group_uri,
@@ -44,8 +39,8 @@ def create_share_object(
     ):
         context = get_context()
         with context.db_engine.scoped_session() as session:
-            dataset: Dataset = DatasetRepository.get_dataset_by_uri(session, uri)
-            environment = Environment.get_environment_by_uri(session, dataset.environmentUri)
+            dataset: Dataset = DatasetRepository.get_dataset_by_uri(session, dataset_uri)
+            environment = Environment.get_environment_by_uri(session, uri)
 
             if environment.region != dataset.region:
                 raise UnauthorizedOperation(
@@ -137,7 +132,7 @@ def create_share_object(
             # dataset.SamlAdminGroupName
             # environment.SamlGroupName
             ShareObjectService._attach_share_resource_policy(session, share, group_uri)
-            ShareObjectService._attach_share_resource_policy(session, share, dataset.SamlGroupName)
+            ShareObjectService._attach_share_resource_policy(session, share, dataset.SamlAdminGroupName)
             if dataset.SamlAdminGroupName != environment.SamlGroupName:
                 ShareObjectService._attach_share_resource_policy(session, share, environment.SamlGroupName)
 

From d0e9f648deace336b296c04711b7ce376e547047 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 15 May 2023 17:23:11 +0200
Subject: [PATCH 183/346] Fix test with a new check

---
 tests/modules/test_loader.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/modules/test_loader.py b/tests/modules/test_loader.py
index f374c7763..9db12b408 100644
--- a/tests/modules/test_loader.py
+++ b/tests/modules/test_loader.py
@@ -119,7 +119,7 @@ def test_import_with_one_dependency(mocker):
 
 
 def test_load_with_cdk_mode(mocker):
-    patch_loading(mocker, [DModule, CModule, BModule], {BModule, CModule})
+    patch_loading(mocker, [DModule, CModule, BModule], {CModule})
     loader.load_modules([ImportMode.CDK])
     assert order == [CModule]
 

From 345f71de650b5c28942aad8de7dd869e67362b24 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 15 May 2023 17:54:15 +0200
Subject: [PATCH 184/346] Fixed small issues

---
 .../dataset_sharing/db/share_object_repository.py        | 4 ++--
 .../dataset_sharing/services/share_item_service.py       | 2 +-
 .../dataset_sharing/services/share_object_service.py     | 9 +++++----
 3 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/backend/dataall/modules/dataset_sharing/db/share_object_repository.py b/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
index 29d59fc9a..036534efd 100644
--- a/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
+++ b/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
@@ -318,7 +318,7 @@ def save_and_commit(session, share):
         session.commit()
 
     @staticmethod
-    def exists(session, dataset: Dataset, env, principal_id, group_uri) -> ShareObject:
+    def find_share(session, dataset: Dataset, env, principal_id, group_uri) -> ShareObject:
         return (
             session.query(ShareObject)
             .filter(
@@ -329,7 +329,7 @@ def exists(session, dataset: Dataset, env, principal_id, group_uri) -> ShareObje
                     ShareObject.groupUri == group_uri,
                 )
             )
-            .count()
+            .first()
         )
 
     @staticmethod
diff --git a/backend/dataall/modules/dataset_sharing/services/share_item_service.py b/backend/dataall/modules/dataset_sharing/services/share_item_service.py
index 604924797..4d5faf18b 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_item_service.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_item_service.py
@@ -38,7 +38,7 @@ def revoke_items_share_object(uri, revoked_uris):
             revoked_items_states = ShareObjectRepository.get_share_items_states(session, uri, revoked_uris)
             revoked_items = [ShareObjectRepository.get_share_item_by_uri(session, uri) for uri in revoked_uris]
 
-            if revoked_items_states:
+            if not revoked_items_states:
                 raise ShareItemsFound(
                     action='Revoke Items from Share Object',
                     message='Nothing to be revoked.',
diff --git a/backend/dataall/modules/dataset_sharing/services/share_object_service.py b/backend/dataall/modules/dataset_sharing/services/share_object_service.py
index 154b129f5..cdc8651bd 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_object_service.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_object_service.py
@@ -74,8 +74,8 @@ def create_share_object(
 
             ShareObjectService._validate_group_membership(session, group_uri, environment.environmentUri)
 
-            has_share = ShareObjectRepository.exists(session, dataset, environment, principal_id, group_uri)
-            if not has_share:
+            share = ShareObjectRepository.find_share(session, dataset, environment, principal_id, group_uri)
+            if not share:
                 share = ShareObject(
                     datasetUri=dataset.datasetUri,
                     environmentUri=environment.environmentUri,
@@ -157,7 +157,7 @@ def submit_share_object(uri: str):
             valid_states = [ShareItemStatus.PendingApproval.value]
             valid_share_items_states = [x for x in valid_states if x in states]
 
-            if valid_share_items_states:
+            if not valid_share_items_states:
                 raise ShareItemsFound(
                     action='Submit Share Object',
                     message='The request is empty of pending items. Add items to share request.',
@@ -167,6 +167,7 @@ def submit_share_object(uri: str):
             ShareNotificationService.notify_share_object_submission(
                 session, context.username, dataset, share
             )
+            return share
 
     @staticmethod
     @has_resource_permission(APPROVE_SHARE_OBJECT)
@@ -224,6 +225,7 @@ def delete_share_object(uri: str):
             share, dataset, states = ShareObjectService._get_share_data(session, uri)
             shared_share_items_states = [x for x in ShareItemSM.get_share_item_shared_states() if x in states]
 
+            new_state = ShareObjectService._run_transitions(session, share, states, ShareObjectActions.Delete)
             if shared_share_items_states:
                 raise ShareItemsFound(
                     action='Delete share object',
@@ -231,7 +233,6 @@ def delete_share_object(uri: str):
                             'Revoke access to these items before deleting the request.',
                 )
 
-            new_state = ShareObjectService._run_transitions(session, share, states, ShareObjectActions.Delete)
             if new_state == ShareObjectStatus.Deleted.value:
                 session.delete(share)
 

From e9ebb086dd03c1bb8c4e0db9ac194ea26f298c79 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 16 May 2023 13:05:02 +0200
Subject: [PATCH 185/346] Bump pymdown-extensions from 8.1.1 to 10.0 in
 /documentation/userguide (#456)

Bumps pymdown-extensions from 8.1.1 to 10.0.
---
 documentation/userguide/requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/documentation/userguide/requirements.txt b/documentation/userguide/requirements.txt
index 8dcd4add6..116221455 100644
--- a/documentation/userguide/requirements.txt
+++ b/documentation/userguide/requirements.txt
@@ -1,2 +1,2 @@
 mkdocs-material==6.1.7
-pymdown-extensions==8.1.1
+pymdown-extensions==10.0

From 45da50f34880df289f385ac959926d369cb413ac Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 16 May 2023 13:07:58 +0200
Subject: [PATCH 186/346] Moved datasets and share tests into dataset folder

---
 tests/api/client.py                           |  31 --
 tests/api/conftest.py                         | 310 ---------------
 tests/api/test_environment.py                 |   1 +
 tests/api/test_keyvaluetag.py                 |  90 ++---
 tests/api/test_organization.py                |   6 +-
 tests/api/test_redshift_cluster.py            |   4 +-
 tests/api/test_stack.py                       |   6 -
 tests/api/test_vote.py                        |  55 +--
 tests/modules/datasets/conftest.py            | 363 ++++++++++++++++++
 .../{api => modules/datasets}/test_dataset.py |   7 -
 .../datasets/test_dataset_count_votes.py      |  48 +++
 .../datasets/test_dataset_key_value_tag.py    |  59 +++
 .../datasets}/test_dataset_location.py        |   0
 .../datasets}/test_dataset_profiling.py       |   0
 tests/modules/datasets/test_dataset_stack.py  |   7 +
 .../datasets}/test_dataset_table.py           |   0
 tests/{api => modules/datasets}/test_share.py |   0
 .../modules/notebooks/test_notebook_stack.py  |  18 +-
 18 files changed, 520 insertions(+), 485 deletions(-)
 create mode 100644 tests/modules/datasets/conftest.py
 rename tests/{api => modules/datasets}/test_dataset.py (98%)
 create mode 100644 tests/modules/datasets/test_dataset_count_votes.py
 create mode 100644 tests/modules/datasets/test_dataset_key_value_tag.py
 rename tests/{api => modules/datasets}/test_dataset_location.py (100%)
 rename tests/{api => modules/datasets}/test_dataset_profiling.py (100%)
 create mode 100644 tests/modules/datasets/test_dataset_stack.py
 rename tests/{api => modules/datasets}/test_dataset_table.py (100%)
 rename tests/{api => modules/datasets}/test_share.py (100%)

diff --git a/tests/api/client.py b/tests/api/client.py
index 36c6bd8e8..8544d4e1c 100644
--- a/tests/api/client.py
+++ b/tests/api/client.py
@@ -1,4 +1,3 @@
-import random
 import typing
 import json
 import pytest
@@ -95,33 +94,3 @@ def wrapper(*args, **kwargs):
         print(fn.__name__, 'is deprecated')
 
     return wrapper
-
-
-def random_email():
-    names = ['andy', 'bill', 'satya', 'sundar']
-    corps = ['google.com', 'amazon.com', 'microsoft.com']
-    return f'{random.choice(names)}@{random.choice(corps)}'
-
-
-def random_emails():
-    emails = []
-    for i in range(1, 2 + random.choice([2, 3, 4])):
-        emails.append(random_email())
-    return emails
-
-
-def random_group():
-    prefixes = ['big', 'small', 'pretty', 'shiny']
-    names = ['team', 'people', 'group']
-    lands = ['snow', 'ice', 'green', 'high']
-    return f'{random.choice(prefixes).capitalize()}{random.choice(names).capitalize()}From{random.choice(lands).capitalize()}land'
-
-
-def random_tag():
-    return random.choice(
-        ['sales', 'finances', 'sites', 'people', 'products', 'partners', 'operations']
-    )
-
-
-def random_tags():
-    return [random_tag() for i in range(1, random.choice([2, 3, 4, 5]))]
diff --git a/tests/api/conftest.py b/tests/api/conftest.py
index 9e8ec5996..791357e66 100644
--- a/tests/api/conftest.py
+++ b/tests/api/conftest.py
@@ -1,11 +1,6 @@
 import dataall.searchproxy.indexers
-from dataall.modules.dataset_sharing.db.enums import ShareableType
-from dataall.modules.dataset_sharing.db.models import ShareObject, ShareObjectItem
-from dataall.modules.dataset_sharing.services.share_permissions import SHARE_OBJECT_REQUESTER, SHARE_OBJECT_APPROVER
 from .client import *
 from dataall.db import models
-from dataall.api import constants
-from dataall.modules.datasets_base.db.models import DatasetStorageLocation, DatasetTable, Dataset
 
 
 @pytest.fixture(scope='module', autouse=True)
@@ -36,16 +31,6 @@ def patch_check_dataset(module_mocker):
 def patch_es(module_mocker):
     module_mocker.patch('dataall.searchproxy.connect', return_value={})
     module_mocker.patch('dataall.searchproxy.search', return_value={})
-    module_mocker.patch(
-        'dataall.modules.datasets.indexers.table_indexer.DatasetTableIndexer.upsert_all',
-        return_value={}
-    )
-    module_mocker.patch('dataall.modules.datasets.indexers.dataset_indexer.DatasetIndexer.upsert', return_value={})
-    module_mocker.patch('dataall.modules.datasets.indexers.table_indexer.DatasetTableIndexer.upsert', return_value={})
-    module_mocker.patch(
-        'dataall.modules.datasets.indexers.location_indexer.DatasetLocationIndexer.upsert',
-        return_value={}
-    )
     module_mocker.patch('dataall.searchproxy.indexers.DashboardIndexer.upsert', return_value={})
     module_mocker.patch('dataall.searchproxy.base_indexer.BaseIndexer.delete_doc', return_value={})
 
@@ -187,127 +172,6 @@ def tenant(db, group, group2, permissions, user, user2, user3, group3, group4):
         yield tenant
 
 
-@pytest.fixture(scope='module', autouse=True)
-def dataset(client, patch_es):
-    cache = {}
-
-    def factory(
-        org: models.Organization,
-        env: models.Environment,
-        name: str,
-        owner: str,
-        group: str,
-    ) -> Dataset:
-        key = f'{org.organizationUri}-{env.environmentUri}-{name}-{group}'
-        if cache.get(key):
-            print('found in cache ', cache[key])
-            return cache.get(key)
-        response = client.query(
-            """
-            mutation CreateDataset($input:NewDatasetInput){
-                createDataset(
-                input:$input
-                ){
-                    datasetUri
-                    label
-                    description
-                    AwsAccountId
-                    S3BucketName
-                    GlueDatabaseName
-                    owner
-                    region,
-                    businessOwnerEmail
-                    businessOwnerDelegationEmails
-                    SamlAdminGroupName
-                    GlueCrawlerName
-                    tables{
-                     nodes{
-                      tableUri
-                     }
-                    }
-                    locations{
-                     nodes{
-                      locationUri
-                     }
-                    }
-                    stack{
-                        stack
-                        status
-                        stackUri
-                        targetUri
-                        accountid
-                        region
-                        stackid
-                        link
-                        outputs
-                        resources
-
-                    }
-                    topics
-                    language
-                    confidentiality
-                    organization{
-                        organizationUri
-                        label
-                    }
-                    shares{
-                        nodes{
-                         shareUri
-                        }
-                    }
-                    terms{
-                        count
-                        nodes{
-                            __typename
-                            ...on Term {
-                                nodeUri
-                                path
-                                label
-                            }
-                        }
-                    }
-                    environment{
-                        environmentUri
-                        label
-                        region
-                        subscriptionsEnabled
-                        subscriptionsProducersTopicImported
-                        subscriptionsConsumersTopicImported
-                        subscriptionsConsumersTopicName
-                        subscriptionsProducersTopicName
-                        organization{
-                            organizationUri
-                            label
-                        }
-                    }
-                    statistics{
-                        tables
-                        locations
-                        upvotes
-                    }
-                }
-            }
-            """,
-            username=owner,
-            groups=[group],
-            input={
-                'owner': owner,
-                'label': f'{name}',
-                'description': 'test dataset {name}',
-                'businessOwnerEmail': 'jeff@amazon.com',
-                'tags': random_tags(),
-                'businessOwnerDelegationEmails': random_emails(),
-                'environmentUri': env.environmentUri,
-                'SamlAdminGroupName': group or random_group(),
-                'organizationUri': org.organizationUri,
-            },
-        )
-        print('==>', response)
-        return response.data.createDataset
-
-    yield factory
-
-
 @pytest.fixture(scope='module', autouse=True)
 def env(client):
     cache = {}
@@ -391,37 +255,6 @@ def factory(
 
     yield factory
 
-@pytest.fixture(scope="module")
-def dataset_model(db):
-    def factory(
-        organization: models.Organization,
-        environment: models.Environment,
-        label: str,
-    ) -> Dataset:
-        with db.scoped_session() as session:
-            dataset = Dataset(
-                organizationUri=organization.organizationUri,
-                environmentUri=environment.environmentUri,
-                label=label,
-                owner=environment.owner,
-                stewards=environment.SamlGroupName,
-                SamlAdminGroupName=environment.SamlGroupName,
-                businessOwnerDelegationEmails=["foo@amazon.com"],
-                name=label,
-                S3BucketName=label,
-                GlueDatabaseName="gluedatabase",
-                KmsAlias="kmsalias",
-                AwsAccountId=environment.AwsAccountId,
-                region=environment.region,
-                IAMDatasetAdminUserArn=f"arn:aws:iam::{environment.AwsAccountId}:user/dataset",
-                IAMDatasetAdminRoleArn=f"arn:aws:iam::{environment.AwsAccountId}:role/dataset",
-            )
-            session.add(dataset)
-            session.commit()
-            return dataset
-
-    yield factory
-
 
 @pytest.fixture(scope="module")
 def environment_group(db):
@@ -452,138 +285,6 @@ def factory(
     yield factory
 
 
-@pytest.fixture(scope="module")
-def share(db):
-    def factory(
-            dataset: Dataset,
-            environment: models.Environment,
-            env_group: models.EnvironmentGroup,
-            owner: str,
-            status: str
-    ) -> ShareObject:
-        with db.scoped_session() as session:
-            share = ShareObject(
-                datasetUri=dataset.datasetUri,
-                environmentUri=environment.environmentUri,
-                owner=owner,
-                groupUri=env_group.groupUri,
-                principalId=env_group.groupUri,
-                principalType=constants.PrincipalType.Group.value,
-                principalIAMRoleName=env_group.environmentIAMRoleName,
-                status=status,
-            )
-            session.add(share)
-            session.commit()
-            dataall.db.api.ResourcePolicy.attach_resource_policy(
-                session=session,
-                group=env_group.groupUri,
-                permissions=SHARE_OBJECT_REQUESTER,
-                resource_uri=share.shareUri,
-                resource_type=ShareObject.__name__,
-            )
-            dataall.db.api.ResourcePolicy.attach_resource_policy(
-                session=session,
-                group=dataset.SamlAdminGroupName,
-                permissions=SHARE_OBJECT_REQUESTER,
-                resource_uri=share.shareUri,
-                resource_type=ShareObject.__name__,
-            )
-            dataall.db.api.ResourcePolicy.attach_resource_policy(
-                session=session,
-                group=dataset.stewards,
-                permissions=SHARE_OBJECT_APPROVER,
-                resource_uri=share.shareUri,
-                resource_type=ShareObject.__name__,
-            )
-            if dataset.SamlAdminGroupName != environment.SamlGroupName:
-                dataall.db.api.ResourcePolicy.attach_resource_policy(
-                    session=session,
-                    group=environment.SamlGroupName,
-                    permissions=SHARE_OBJECT_REQUESTER,
-                    resource_uri=share.shareUri,
-                    resource_type=ShareObject.__name__,
-                )
-            session.commit()
-            return share
-
-    yield factory
-
-
-@pytest.fixture(scope="module")
-def share_item(db):
-    def factory(
-            share: ShareObject,
-            table: DatasetTable,
-            status: str
-    ) -> ShareObjectItem:
-        with db.scoped_session() as session:
-            share_item = ShareObjectItem(
-                shareUri=share.shareUri,
-                owner="alice",
-                itemUri=table.tableUri,
-                itemType=ShareableType.Table.value,
-                itemName=table.name,
-                status=status,
-            )
-            session.add(share_item)
-            session.commit()
-            return share_item
-
-    yield factory
-
-
-@pytest.fixture(scope='module', autouse=True)
-def location(db):
-    cache = {}
-
-    def factory(dataset: Dataset, name, username) -> DatasetStorageLocation:
-        key = f'{dataset.datasetUri}-{name}'
-        if cache.get(key):
-            return cache.get(key)
-        with db.scoped_session() as session:
-            ds_location = DatasetStorageLocation(
-                name=name,
-                label=name,
-                owner=username,
-                datasetUri=dataset.datasetUri,
-                S3BucketName=dataset.S3BucketName,
-                region=dataset.region,
-                AWSAccountId=dataset.AwsAccountId,
-                S3Prefix=f'{name}',
-            )
-            session.add(ds_location)
-        return ds_location
-
-    yield factory
-
-
-@pytest.fixture(scope='module', autouse=True)
-def table(db):
-    cache = {}
-
-    def factory(dataset: Dataset, name, username) -> DatasetTable:
-        key = f'{dataset.datasetUri}-{name}'
-        if cache.get(key):
-            return cache.get(key)
-        with db.scoped_session() as session:
-            table = DatasetTable(
-                name=name,
-                label=name,
-                owner=username,
-                datasetUri=dataset.datasetUri,
-                GlueDatabaseName=dataset.GlueDatabaseName,
-                GlueTableName=name,
-                region=dataset.region,
-                AWSAccountId=dataset.AwsAccountId,
-                S3BucketName=dataset.S3BucketName,
-                S3Prefix=f'{name}',
-            )
-            session.add(table)
-        return table
-
-    yield factory
-
-
 @pytest.fixture(scope='module', autouse=True)
 def org(client):
     cache = {}
@@ -635,17 +336,6 @@ def env_fixture(env, org_fixture, user, group, tenant, module_mocker):
     yield env1
 
 
-@pytest.fixture(scope='module')
-def dataset_fixture(env_fixture, org_fixture, dataset, group, module_mocker) -> Dataset:
-    yield dataset(
-        org=org_fixture,
-        env=env_fixture,
-        name='dataset1',
-        owner=env_fixture.owner,
-        group=group.name,
-    )
-
-
 @pytest.fixture(scope='module')
 def cluster(env_fixture, org_fixture, client, group):
     ouri = org_fixture.organizationUri
diff --git a/tests/api/test_environment.py b/tests/api/test_environment.py
index 7b6e4965d..d3a88d086 100644
--- a/tests/api/test_environment.py
+++ b/tests/api/test_environment.py
@@ -51,6 +51,7 @@ def get_env(client, env1, group):
         groups=[group.name],
     )
 
+
 def test_get_environment(client, org1, env1, group):
     response = get_env(client, env1, group)
     assert (
diff --git a/tests/api/test_keyvaluetag.py b/tests/api/test_keyvaluetag.py
index cf254a515..be386d6a4 100644
--- a/tests/api/test_keyvaluetag.py
+++ b/tests/api/test_keyvaluetag.py
@@ -20,15 +20,7 @@ def env1(
     yield env1
 
 
-@pytest.fixture(scope='module', autouse=True)
-def dataset1(db, env1, org1, group, user, dataset, module_mocker) -> Dataset:
-    with db.scoped_session() as session:
-        yield dataset(
-            org=org1, env=env1, name='dataset1', owner=user.userName, group=group.name
-        )
-
-
-def list_tags_query(client, dataset1, target_type=None):
+def list_tags_query(client, target_uri, target_type, group):
     query = client.query(
         """
         query listKeyValueTags($targetUri:String!, $targetType:String!){
@@ -42,72 +34,36 @@ def list_tags_query(client, dataset1, target_type=None):
             }
         }
         """,
-        targetUri=dataset1.datasetUri,
-        targetType=target_type or 'dataset',
+        targetUri=target_uri,
+        targetType=target_type,
         username='alice',
-        groups=[dataset1.SamlAdminGroupName],
+        groups=[group],
     )
     return query
 
 
-def test_empty_key_value_tags(client, dataset1):
-    response = list_tags_query(client, dataset1)
-    print(response)
-    assert len(response.data.listKeyValueTags) == 0
-
-
-def test_unsupported_target_type(db, dataset1):
+def test_unsupported_target_type(db):
     with pytest.raises(exceptions.InvalidInput):
         assert dataall.db.api.TargetType.is_supported_target_type('unknown')
 
 
-def test_update_key_value_tags(client, dataset1):
-    response = client.query(
-        """
-        mutation updateKeyValueTags($input:UpdateKeyValueTagsInput!){
-            updateKeyValueTags(input:$input){
-                tagUri
-                targetUri
-                targetType
-                key
-                value
-                cascade
+def update_key_value_tags(client, target_uri, target_type, tags, group):
+    return (
+        client.query(
+            """
+            mutation updateKeyValueTags($input:UpdateKeyValueTagsInput!){
+                updateKeyValueTags(input:$input){
+                    tagUri
+                    targetUri
+                    targetType
+                    key
+                    value
+                    cascade
+                }
             }
-        }
-        """,
-        input=dict(
-            targetUri=dataset1.datasetUri,
-            targetType='dataset',
-            tags=[{'key': 'tag1', 'value': 'value1', 'cascade': False}],
-        ),
-        username='alice',
-        groups=[dataset1.SamlAdminGroupName],
-    )
-    assert len(response.data.updateKeyValueTags) == 1
-
-    response = list_tags_query(client, dataset1)
-    assert response.data.listKeyValueTags[0].key == 'tag1'
-    assert response.data.listKeyValueTags[0].value == 'value1'
-    assert response.data.listKeyValueTags[0].cascade == False
-
-    response = client.query(
-        """
-        mutation updateKeyValueTags($input:UpdateKeyValueTagsInput!){
-            updateKeyValueTags(input:$input){
-                tagUri
-                targetUri
-                targetType
-                key
-                value
-                cascade
-            }
-        }
-        """,
-        input=dict(targetUri=dataset1.datasetUri, targetType='dataset', tags=[]),
-        username='alice',
-        groups=[dataset1.SamlAdminGroupName],
+            """,
+            input=dict(targetUri=target_uri, targetType=target_type, tags=tags),
+            username='alice',
+            groups=[group],
+        )
     )
-    assert len(response.data.updateKeyValueTags) == 0
-
-    response = list_tags_query(client, dataset1)
-    assert len(response.data.listKeyValueTags) == 0
diff --git a/tests/api/test_organization.py b/tests/api/test_organization.py
index fd414af31..9b74e52a2 100644
--- a/tests/api/test_organization.py
+++ b/tests/api/test_organization.py
@@ -182,7 +182,7 @@ def test_list_organizations_anyone(client, org1):
     assert response.data.listOrganizations.count == 0
 
 
-def test_group_invitation(db, client, org1, group2, user, group3, group, dataset, env):
+def test_group_invitation(db, client, org1, group2, user, group3, group, env):
     response = client.query(
         """
         mutation inviteGroupToOrganization($input:InviteGroupToOrganizationInput){
@@ -280,8 +280,8 @@ def test_group_invitation(db, client, org1, group2, user, group3, group, dataset
 
     assert 'OrganizationResourcesFound' in response.errors[0].message
     with db.scoped_session() as session:
-        dataset = session.query(dataall.db.models.Environment).get(env2.environmentUri)
-        session.delete(dataset)
+        env = session.query(dataall.db.models.Environment).get(env2.environmentUri)
+        session.delete(env)
         session.commit()
 
     response = client.query(
diff --git a/tests/api/test_redshift_cluster.py b/tests/api/test_redshift_cluster.py
index d98e748f4..502c2ef02 100644
--- a/tests/api/test_redshift_cluster.py
+++ b/tests/api/test_redshift_cluster.py
@@ -4,7 +4,9 @@
 import pytest
 import dataall
 from dataall.api.constants import RedshiftClusterRole
-from dataall.modules.datasets.services.dataset_service import DatasetService
+
+from tests.modules.datasets.conftest import dataset, table
+
 from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base.db.models import Dataset
 
diff --git a/tests/api/test_stack.py b/tests/api/test_stack.py
index bcb9f28f0..d99e1ca6a 100644
--- a/tests/api/test_stack.py
+++ b/tests/api/test_stack.py
@@ -4,7 +4,6 @@ def test_update_stack(
     group,
     pipeline,
     env_fixture,
-    dataset_fixture,
     sgm_studio,
     cluster,
 ):
@@ -13,11 +12,6 @@ def test_update_stack(
     )
     assert response.data.updateStack.targetUri == env_fixture.environmentUri
 
-    response = update_stack_query(
-        client, dataset_fixture.datasetUri, 'dataset', group.name
-    )
-    assert response.data.updateStack.targetUri == dataset_fixture.datasetUri
-
     response = update_stack_query(
         client, sgm_studio.sagemakerStudioUserProfileUri, 'mlstudio', group.name
     )
diff --git a/tests/api/test_vote.py b/tests/api/test_vote.py
index efe0a7d4e..e0db05c74 100644
--- a/tests/api/test_vote.py
+++ b/tests/api/test_vote.py
@@ -18,14 +18,6 @@ def env1(
     yield env1
 
 
-@pytest.fixture(scope='module', autouse=True)
-def dataset1(db, env1, org1, group, user, dataset) -> Dataset:
-    with db.scoped_session() as session:
-        yield dataset(
-            org=org1, env=env1, name='dataset1', owner=user.userName, group=group.name
-        )
-
-
 @pytest.fixture(scope='module')
 def dashboard(client, env1, org1, group, module_mocker, patch_es):
     module_mocker.patch(
@@ -63,13 +55,9 @@ def dashboard(client, env1, org1, group, module_mocker, patch_es):
     yield response.data.importDashboard
 
 
-def test_count_votes(client, dataset1, dashboard):
-    response = count_votes_query(
-        client, dataset1.datasetUri, 'dataset', dataset1.SamlAdminGroupName
-    )
-    assert response.data.countUpVotes == 0
+def test_count_votes(client, dashboard, env1):
     response = count_votes_query(
-        client, dashboard.dashboardUri, 'dashboard', dataset1.SamlAdminGroupName
+        client, dashboard.dashboardUri, 'dashboard', env1.SamlGroupName
     )
     assert response.data.countUpVotes == 0
 
@@ -106,57 +94,34 @@ def get_vote_query(client, target_uri, target_type, group):
     return response
 
 
-def test_upvote(patch_es, client, dataset1, dashboard):
-    response = upvote_mutation(
-        client, dataset1.datasetUri, 'dataset', True, dataset1.SamlAdminGroupName
-    )
-    assert response.data.upVote.upvote
-    response = count_votes_query(
-        client, dataset1.datasetUri, 'dataset', dataset1.SamlAdminGroupName
-    )
-    assert response.data.countUpVotes == 1
-    response = get_vote_query(
-        client, dataset1.datasetUri, 'dataset', dataset1.SamlAdminGroupName
-    )
-    assert response.data.getVote.upvote
+def test_upvote(patch_es, client, env1, dashboard):
 
     response = upvote_mutation(
-        client, dashboard.dashboardUri, 'dashboard', True, dataset1.SamlAdminGroupName
+        client, dashboard.dashboardUri, 'dashboard', True, env1.SamlGroupName
     )
     assert response.data.upVote.upvote
     response = count_votes_query(
-        client, dashboard.dashboardUri, 'dashboard', dataset1.SamlAdminGroupName
+        client, dashboard.dashboardUri, 'dashboard', env1.SamlGroupName
     )
     assert response.data.countUpVotes == 1
     response = get_vote_query(
-        client, dashboard.dashboardUri, 'dashboard', dataset1.SamlAdminGroupName
+        client, dashboard.dashboardUri, 'dashboard', env1.SamlGroupName
     )
     assert response.data.getVote.upvote
 
     response = upvote_mutation(
-        client, dataset1.datasetUri, 'dataset', False, dataset1.SamlAdminGroupName
-    )
-    assert not response.data.upVote.upvote
-    response = upvote_mutation(
-        client, dashboard.dashboardUri, 'dashboard', False, dataset1.SamlAdminGroupName
+        client, dashboard.dashboardUri, 'dashboard', False, env1.SamlGroupName
     )
 
     assert not response.data.upVote.upvote
+
     response = get_vote_query(
-        client, dataset1.datasetUri, 'dataset', dataset1.SamlAdminGroupName
-    )
-    assert not response.data.getVote.upvote
-    response = get_vote_query(
-        client, dashboard.dashboardUri, 'dashboard', dataset1.SamlAdminGroupName
+        client, dashboard.dashboardUri, 'dashboard', env1.SamlGroupName
     )
     assert not response.data.getVote.upvote
 
     response = count_votes_query(
-        client, dataset1.datasetUri, 'dataset', dataset1.SamlAdminGroupName
-    )
-    assert response.data.countUpVotes == 0
-    response = count_votes_query(
-        client, dashboard.dashboardUri, 'dashboard', dataset1.SamlAdminGroupName
+        client, dashboard.dashboardUri, 'dashboard', env1.SamlGroupName
     )
     assert response.data.countUpVotes == 0
 
diff --git a/tests/modules/datasets/conftest.py b/tests/modules/datasets/conftest.py
new file mode 100644
index 000000000..56a1f33fb
--- /dev/null
+++ b/tests/modules/datasets/conftest.py
@@ -0,0 +1,363 @@
+import random
+import pytest
+
+from tests.api.client import *
+from tests.api.conftest import *
+
+from dataall.db.api import ResourcePolicy
+from dataall.db.models import ShareableType, ShareObjectItem, ShareObject, Environment, EnvironmentGroup, Organization, \
+    PrincipalType
+from dataall.db.permissions import SHARE_OBJECT_REQUESTER, SHARE_OBJECT_APPROVER
+from dataall.modules.datasets import Dataset, DatasetTable, DatasetStorageLocation
+
+
+@pytest.fixture(scope='module', autouse=True)
+def patch_es(module_mocker):
+    module_mocker.patch('dataall.searchproxy.connect', return_value={})
+    module_mocker.patch('dataall.searchproxy.search', return_value={})
+    module_mocker.patch(
+        'dataall.modules.datasets.indexers.table_indexer.DatasetTableIndexer.upsert_all',
+        return_value={}
+    )
+    module_mocker.patch('dataall.modules.datasets.indexers.dataset_indexer.DatasetIndexer.upsert', return_value={})
+    module_mocker.patch('dataall.modules.datasets.indexers.table_indexer.DatasetTableIndexer.upsert', return_value={})
+    module_mocker.patch(
+        'dataall.modules.datasets.indexers.location_indexer.DatasetLocationIndexer.upsert',
+        return_value={}
+    )
+    module_mocker.patch('dataall.searchproxy.base_indexer.BaseIndexer.delete_doc', return_value={})
+
+
+@pytest.fixture(scope='module', autouse=True)
+def dataset(client, patch_es):
+    cache = {}
+
+    def factory(
+        org: Organization,
+        env: Environment,
+        name: str,
+        owner: str,
+        group: str,
+    ) -> Dataset:
+        key = f'{org.organizationUri}-{env.environmentUri}-{name}-{group}'
+        if cache.get(key):
+            print('found in cache ', cache[key])
+            return cache.get(key)
+        response = client.query(
+            """
+            mutation CreateDataset($input:NewDatasetInput){
+                createDataset(
+                input:$input
+                ){
+                    datasetUri
+                    label
+                    description
+                    AwsAccountId
+                    S3BucketName
+                    GlueDatabaseName
+                    owner
+                    region,
+                    businessOwnerEmail
+                    businessOwnerDelegationEmails
+                    SamlAdminGroupName
+                    GlueCrawlerName
+                    tables{
+                     nodes{
+                      tableUri
+                     }
+                    }
+                    locations{
+                     nodes{
+                      locationUri
+                     }
+                    }
+                    stack{
+                        stack
+                        status
+                        stackUri
+                        targetUri
+                        accountid
+                        region
+                        stackid
+                        link
+                        outputs
+                        resources
+
+                    }
+                    topics
+                    language
+                    confidentiality
+                    organization{
+                        organizationUri
+                        label
+                    }
+                    shares{
+                        nodes{
+                         shareUri
+                        }
+                    }
+                    terms{
+                        count
+                        nodes{
+                            __typename
+                            ...on Term {
+                                nodeUri
+                                path
+                                label
+                            }
+                        }
+                    }
+                    environment{
+                        environmentUri
+                        label
+                        region
+                        subscriptionsEnabled
+                        subscriptionsProducersTopicImported
+                        subscriptionsConsumersTopicImported
+                        subscriptionsConsumersTopicName
+                        subscriptionsProducersTopicName
+                        organization{
+                            organizationUri
+                            label
+                        }
+                    }
+                    statistics{
+                        tables
+                        locations
+                        upvotes
+                    }
+                }
+            }
+            """,
+            username=owner,
+            groups=[group],
+            input={
+                'owner': owner,
+                'label': f'{name}',
+                'description': 'test dataset {name}',
+                'businessOwnerEmail': 'jeff@amazon.com',
+                'tags': random_tags(),
+                'businessOwnerDelegationEmails': random_emails(),
+                'environmentUri': env.environmentUri,
+                'SamlAdminGroupName': group or random_group(),
+                'organizationUri': org.organizationUri,
+            },
+        )
+        print('==>', response)
+        return response.data.createDataset
+
+    yield factory
+
+
+@pytest.fixture(scope='module')
+def dataset1(env1, org1, dataset, group) -> Dataset:
+    yield dataset(
+        org=org1, env=env1, name='dataset1', owner=env1.owner, group=group.name
+    )
+
+
+@pytest.fixture(scope='module', autouse=True)
+def table(db):
+    cache = {}
+
+    def factory(dataset: Dataset, name, username) -> DatasetTable:
+        key = f'{dataset.datasetUri}-{name}'
+        if cache.get(key):
+            return cache.get(key)
+        with db.scoped_session() as session:
+            table = DatasetTable(
+                name=name,
+                label=name,
+                owner=username,
+                datasetUri=dataset.datasetUri,
+                GlueDatabaseName=dataset.GlueDatabaseName,
+                GlueTableName=name,
+                region=dataset.region,
+                AWSAccountId=dataset.AwsAccountId,
+                S3BucketName=dataset.S3BucketName,
+                S3Prefix=f'{name}',
+            )
+            session.add(table)
+        return table
+
+    yield factory
+
+
+@pytest.fixture(scope='module')
+def dataset_fixture(env_fixture, org_fixture, dataset, group) -> Dataset:
+    yield dataset(
+        org=org_fixture,
+        env=env_fixture,
+        name='dataset1',
+        owner=env_fixture.owner,
+        group=group.name,
+    )
+
+
+@pytest.fixture(scope="module")
+def dataset_model(db):
+    def factory(
+        organization: Organization,
+        environment: Environment,
+        label: str,
+    ) -> Dataset:
+        with db.scoped_session() as session:
+            dataset = Dataset(
+                organizationUri=organization.organizationUri,
+                environmentUri=environment.environmentUri,
+                label=label,
+                owner=environment.owner,
+                stewards=environment.SamlGroupName,
+                SamlAdminGroupName=environment.SamlGroupName,
+                businessOwnerDelegationEmails=["foo@amazon.com"],
+                name=label,
+                S3BucketName=label,
+                GlueDatabaseName="gluedatabase",
+                KmsAlias="kmsalias",
+                AwsAccountId=environment.AwsAccountId,
+                region=environment.region,
+                IAMDatasetAdminUserArn=f"arn:aws:iam::{environment.AwsAccountId}:user/dataset",
+                IAMDatasetAdminRoleArn=f"arn:aws:iam::{environment.AwsAccountId}:role/dataset",
+            )
+            session.add(dataset)
+            session.commit()
+            return dataset
+
+    yield factory
+
+
+@pytest.fixture(scope='module', autouse=True)
+def location(db):
+    cache = {}
+
+    def factory(dataset: Dataset, name, username) -> DatasetStorageLocation:
+        key = f'{dataset.datasetUri}-{name}'
+        if cache.get(key):
+            return cache.get(key)
+        with db.scoped_session() as session:
+            ds_location = DatasetStorageLocation(
+                name=name,
+                label=name,
+                owner=username,
+                datasetUri=dataset.datasetUri,
+                S3BucketName=dataset.S3BucketName,
+                region=dataset.region,
+                AWSAccountId=dataset.AwsAccountId,
+                S3Prefix=f'{name}',
+            )
+            session.add(ds_location)
+        return ds_location
+
+    yield factory
+
+
+@pytest.fixture(scope="module")
+def share_item(db):
+    def factory(
+            share: ShareObject,
+            table: DatasetTable,
+            status: str
+    ) -> ShareObjectItem:
+        with db.scoped_session() as session:
+            share_item = ShareObjectItem(
+                shareUri=share.shareUri,
+                owner="alice",
+                itemUri=table.tableUri,
+                itemType=ShareableType.Table.value,
+                itemName=table.name,
+                status=status,
+            )
+            session.add(share_item)
+            session.commit()
+            return share_item
+
+    yield factory
+
+
+@pytest.fixture(scope="module")
+def share(db):
+    def factory(
+            dataset: Dataset,
+            environment: Environment,
+            env_group: EnvironmentGroup,
+            owner: str,
+            status: str
+    ) -> ShareObject:
+        with db.scoped_session() as session:
+            share = ShareObject(
+                datasetUri=dataset.datasetUri,
+                environmentUri=environment.environmentUri,
+                owner=owner,
+                groupUri=env_group.groupUri,
+                principalId=env_group.groupUri,
+                principalType=PrincipalType.Group.value,
+                principalIAMRoleName=env_group.environmentIAMRoleName,
+                status=status,
+            )
+            session.add(share)
+            session.commit()
+
+            ResourcePolicy.attach_resource_policy(
+                session=session,
+                group=env_group.groupUri,
+                permissions=SHARE_OBJECT_REQUESTER,
+                resource_uri=share.shareUri,
+                resource_type=ShareObject.__name__,
+            )
+            ResourcePolicy.attach_resource_policy(
+                session=session,
+                group=dataset.SamlAdminGroupName,
+                permissions=SHARE_OBJECT_REQUESTER,
+                resource_uri=share.shareUri,
+                resource_type=ShareObject.__name__,
+            )
+            ResourcePolicy.attach_resource_policy(
+                session=session,
+                group=dataset.stewards,
+                permissions=SHARE_OBJECT_APPROVER,
+                resource_uri=share.shareUri,
+                resource_type=ShareObject.__name__,
+            )
+            if dataset.SamlAdminGroupName != environment.SamlGroupName:
+                ResourcePolicy.attach_resource_policy(
+                    session=session,
+                    group=environment.SamlGroupName,
+                    permissions=SHARE_OBJECT_REQUESTER,
+                    resource_uri=share.shareUri,
+                    resource_type=ShareObject.__name__,
+                )
+            session.commit()
+            return share
+
+    yield factory
+
+
+def random_email():
+    names = ['andy', 'bill', 'satya', 'sundar']
+    corps = ['google.com', 'amazon.com', 'microsoft.com']
+    return f'{random.choice(names)}@{random.choice(corps)}'
+
+
+def random_emails():
+    emails = []
+    for i in range(1, 2 + random.choice([2, 3, 4])):
+        emails.append(random_email())
+    return emails
+
+
+def random_group():
+    prefixes = ['big', 'small', 'pretty', 'shiny']
+    names = ['team', 'people', 'group']
+    lands = ['snow', 'ice', 'green', 'high']
+    return f'{random.choice(prefixes).capitalize()}{random.choice(names).capitalize()}From{random.choice(lands).capitalize()}land'
+
+
+def random_tag():
+    return random.choice(
+        ['sales', 'finances', 'sites', 'people', 'products', 'partners', 'operations']
+    )
+
+
+def random_tags():
+    return [random_tag() for i in range(1, random.choice([2, 3, 4, 5]))]
+
diff --git a/tests/api/test_dataset.py b/tests/modules/datasets/test_dataset.py
similarity index 98%
rename from tests/api/test_dataset.py
rename to tests/modules/datasets/test_dataset.py
index f5b9e80b3..1724fc0a5 100644
--- a/tests/api/test_dataset.py
+++ b/tests/modules/datasets/test_dataset.py
@@ -20,13 +20,6 @@ def env1(env, org1, user, group, tenant):
     yield env1
 
 
-@pytest.fixture(scope='module')
-def dataset1(env1, org1, dataset, group) -> Dataset:
-    yield dataset(
-        org=org1, env=env1, name='dataset1', owner=env1.owner, group=group.name
-    )
-
-
 @pytest.fixture(scope='module')
 def org2(org: typing.Callable, user2, group2, tenant) -> dataall.db.models.Organization:
     yield org('org2', user2.userName, group2.name)
diff --git a/tests/modules/datasets/test_dataset_count_votes.py b/tests/modules/datasets/test_dataset_count_votes.py
new file mode 100644
index 000000000..2212d8ad9
--- /dev/null
+++ b/tests/modules/datasets/test_dataset_count_votes.py
@@ -0,0 +1,48 @@
+import pytest
+
+from dataall.modules.datasets import Dataset
+from tests.api.test_vote import *
+
+
+@pytest.fixture(scope='module', autouse=True)
+def dataset1(db, env1, org1, group, user, dataset) -> Dataset:
+    yield dataset(
+        org=org1, env=env1, name='dataset1', owner=user.userName, group=group.name
+    )
+
+
+def test_count_votes(client, dataset1, dashboard):
+    response = count_votes_query(
+        client, dataset1.datasetUri, 'dataset', dataset1.SamlAdminGroupName
+    )
+    assert response.data.countUpVotes == 0
+
+
+def test_upvote(patch_es, client, dataset1):
+    response = upvote_mutation(
+        client, dataset1.datasetUri, 'dataset', True, dataset1.SamlAdminGroupName
+    )
+    assert response.data.upVote.upvote
+    response = count_votes_query(
+        client, dataset1.datasetUri, 'dataset', dataset1.SamlAdminGroupName
+    )
+    assert response.data.countUpVotes == 1
+    response = get_vote_query(
+        client, dataset1.datasetUri, 'dataset', dataset1.SamlAdminGroupName
+    )
+    assert response.data.getVote.upvote
+
+    response = upvote_mutation(
+        client, dataset1.datasetUri, 'dataset', False, dataset1.SamlAdminGroupName
+    )
+    assert not response.data.upVote.upvote
+
+    response = get_vote_query(
+        client, dataset1.datasetUri, 'dataset', dataset1.SamlAdminGroupName
+    )
+    assert not response.data.getVote.upvote
+
+    response = count_votes_query(
+        client, dataset1.datasetUri, 'dataset', dataset1.SamlAdminGroupName
+    )
+    assert response.data.countUpVotes == 0
\ No newline at end of file
diff --git a/tests/modules/datasets/test_dataset_key_value_tag.py b/tests/modules/datasets/test_dataset_key_value_tag.py
new file mode 100644
index 000000000..a17f5b59f
--- /dev/null
+++ b/tests/modules/datasets/test_dataset_key_value_tag.py
@@ -0,0 +1,59 @@
+from dataall.db import models
+import pytest
+
+from dataall.modules.datasets.db.models import Dataset
+from tests.api.test_keyvaluetag import update_key_value_tags, list_tags_query
+
+
+@pytest.fixture(scope='module')
+def org1(db, org, tenant, user, group) -> models.Organization:
+    org = org('testorg', user.userName, group.name)
+    yield org
+
+
+@pytest.fixture(scope='module')
+def env1(
+        db, org1: models.Organization, user, group, module_mocker, env
+) -> models.Environment:
+    module_mocker.patch('requests.post', return_value=True)
+    module_mocker.patch(
+        'dataall.api.Objects.Environment.resolvers.check_environment', return_value=True
+    )
+    env1 = env(org1, 'dev', user.userName, group.name, '111111111111', 'eu-west-1')
+    yield env1
+
+
+@pytest.fixture(scope='module', autouse=True)
+def dataset1(db, env1, org1, group, user, dataset) -> Dataset:
+    with db.scoped_session():
+        yield dataset(
+            org=org1, env=env1, name='dataset1', owner=user.userName, group=group.name
+        )
+
+
+def list_dataset_tags_query(client, dataset):
+    return list_tags_query(client, dataset.datasetUri, 'dataset', dataset.SamlAdminGroupName)
+
+
+def test_empty_key_value_tags(client, dataset1):
+    response = list_dataset_tags_query(client, dataset1.datasetUri)
+    print(response)
+    assert len(response.data.listKeyValueTags) == 0
+
+
+def test_update_key_value_tags(client, dataset1):
+    tags = [{'key': 'tag1', 'value': 'value1', 'cascade': False}]
+    response = update_key_value_tags(client, dataset1.datasetUri, 'dataset', tags, dataset1.SamlAdminGroupName)
+
+    assert len(response.data.updateKeyValueTags) == 1
+
+    response = list_dataset_tags_query(client, dataset1)
+    assert response.data.listKeyValueTags[0].key == 'tag1'
+    assert response.data.listKeyValueTags[0].value == 'value1'
+    assert not response.data.listKeyValueTags[0].cascade
+
+    response = update_key_value_tags(client, dataset1.datasetUri, 'dataset', [], dataset1.SamlAdminGroupName)
+    assert len(response.data.updateKeyValueTags) == 0
+
+    response = list_dataset_tags_query(client, dataset1)
+    assert len(response.data.listKeyValueTags) == 0
diff --git a/tests/api/test_dataset_location.py b/tests/modules/datasets/test_dataset_location.py
similarity index 100%
rename from tests/api/test_dataset_location.py
rename to tests/modules/datasets/test_dataset_location.py
diff --git a/tests/api/test_dataset_profiling.py b/tests/modules/datasets/test_dataset_profiling.py
similarity index 100%
rename from tests/api/test_dataset_profiling.py
rename to tests/modules/datasets/test_dataset_profiling.py
diff --git a/tests/modules/datasets/test_dataset_stack.py b/tests/modules/datasets/test_dataset_stack.py
new file mode 100644
index 000000000..81860e17b
--- /dev/null
+++ b/tests/modules/datasets/test_dataset_stack.py
@@ -0,0 +1,7 @@
+from tests.api.test_stack import update_stack_query
+
+
+def test_notebook_stack(client, dataset_fixture, group):
+    dataset = dataset_fixture
+    response = update_stack_query(client, dataset.datasetUri, 'dataset', dataset.SamlAdminGroupName)
+    assert response.data.updateStack.targetUri == dataset.datasetUri
diff --git a/tests/api/test_dataset_table.py b/tests/modules/datasets/test_dataset_table.py
similarity index 100%
rename from tests/api/test_dataset_table.py
rename to tests/modules/datasets/test_dataset_table.py
diff --git a/tests/api/test_share.py b/tests/modules/datasets/test_share.py
similarity index 100%
rename from tests/api/test_share.py
rename to tests/modules/datasets/test_share.py
diff --git a/tests/modules/notebooks/test_notebook_stack.py b/tests/modules/notebooks/test_notebook_stack.py
index 1c41c46c6..b7f7ce153 100644
--- a/tests/modules/notebooks/test_notebook_stack.py
+++ b/tests/modules/notebooks/test_notebook_stack.py
@@ -1,18 +1,6 @@
+from tests.api.test_stack import update_stack_query
+
 
 def test_notebook_stack(client, sgm_notebook, group):
-    response = client.query(
-        """
-        mutation updateStack($targetUri:String!, $targetType:String!){
-            updateStack(targetUri:$targetUri, targetType:$targetType){
-                stackUri
-                targetUri
-                name
-            }
-        }
-        """,
-        targetUri=sgm_notebook.notebookUri,
-        targetType="notebook",
-        username="alice",
-        groups=[group.name],
-    )
+    response = update_stack_query(client, sgm_notebook.notebookUri, 'notebook', group.name)
     assert response.data.updateStack.targetUri == sgm_notebook.notebookUri

From 054e1b6a77ba6d5ab706460a3686e0fd0d854361 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 16 May 2023 17:17:31 +0200
Subject: [PATCH 187/346] Fixing tests after moving them

---
 tests/api/test_dashboards.py                  |  12 --
 tests/api/test_environment.py                 |  32 +---
 tests/api/test_keyvaluetag.py                 |   1 -
 tests/api/test_vote.py                        |   1 -
 tests/modules/datasets/conftest.py            |   6 +-
 .../datasets/test_dataset_key_value_tag.py    |   4 +-
 .../datasets/test_dataset_resource_found.py   | 154 ++++++++++++++++++
 7 files changed, 161 insertions(+), 49 deletions(-)
 create mode 100644 tests/modules/datasets/test_dataset_resource_found.py

diff --git a/tests/api/test_dashboards.py b/tests/api/test_dashboards.py
index f38ea2419..cd0da17bd 100644
--- a/tests/api/test_dashboards.py
+++ b/tests/api/test_dashboards.py
@@ -2,7 +2,6 @@
 import pytest
 
 import dataall
-from dataall.modules.datasets_base.db.models import Dataset
 
 
 @pytest.fixture(scope='module', autouse=True)
@@ -24,17 +23,6 @@ def env1(env, org1, user, group, tenant, module_mocker):
     yield env1
 
 
-@pytest.fixture(scope='module')
-def dataset1(
-    org1: dataall.db.models.Organization,
-    env1: dataall.db.models.Environment,
-    dataset: typing.Callable,
-) -> Dataset:
-    yield dataset(
-        org=org1, env=env1, name='dataset1', owner=env1.owner, group='dataset1admins'
-    )
-
-
 @pytest.fixture(scope='module')
 def dashboard(client, env1, org1, group, module_mocker, patch_es):
     module_mocker.patch(
diff --git a/tests/api/test_environment.py b/tests/api/test_environment.py
index d3a88d086..01770b8d9 100644
--- a/tests/api/test_environment.py
+++ b/tests/api/test_environment.py
@@ -1,8 +1,6 @@
 import pytest
 
 import dataall
-from dataall.modules.datasets_base.db.models import Dataset
-from dataall.modules.datasets.services.dataset_permissions import CREATE_DATASET
 
 
 @pytest.fixture(scope='module', autouse=True)
@@ -394,7 +392,7 @@ def test_paging(db, client, org1, env1, user, group):
         first_id = response.data.listEnvironments.nodes[0].environmentUri
 
 
-def test_group_invitation(db, client, env1, org1, group2, user, group3, group, dataset):
+def test_group_invitation(db, client, env1, org1, group2, user, group3, group):
     response = client.query(
         """
         query listResourcePermissions($filter:ResourcePermissionFilter){
@@ -433,7 +431,6 @@ def test_group_invitation(db, client, env1, org1, group2, user, group3, group, d
     env_permissions = [
         p.name for p in response.data.listEnvironmentGroupInvitationPermissions
     ]
-    assert CREATE_DATASET in env_permissions
 
     response = client.query(
         """
@@ -471,7 +468,6 @@ def test_group_invitation(db, client, env1, org1, group2, user, group3, group, d
         environmentUri=env1.environmentUri,
     )
     env_permissions = [p.name for p in response.data.getGroup.environmentPermissions]
-    assert CREATE_DATASET in env_permissions
 
     response = client.query(
         """
@@ -575,32 +571,6 @@ def test_group_invitation(db, client, env1, org1, group2, user, group3, group, d
 
     assert response.data.listAllEnvironmentGroups.count == 2
 
-    dataset = dataset(
-        org=org1, env=env1, name='dataset1', owner='bob', group=group2.name
-    )
-    assert dataset.datasetUri
-
-    response = client.query(
-        """
-        mutation removeGroupFromEnvironment($environmentUri: String!, $groupUri: String!){
-            removeGroupFromEnvironment(environmentUri: $environmentUri, groupUri: $groupUri){
-                environmentUri
-            }
-        }
-        """,
-        username='alice',
-        environmentUri=env1.environmentUri,
-        groupUri=group2.name,
-        groups=[group.name, group2.name],
-    )
-    print(response)
-
-    assert 'EnvironmentResourcesFound' in response.errors[0].message
-    with db.scoped_session() as session:
-        dataset = session.query(Dataset).get(dataset.datasetUri)
-        session.delete(dataset)
-        session.commit()
-
     response = client.query(
         """
         mutation removeGroupFromEnvironment($environmentUri: String!, $groupUri: String!){
diff --git a/tests/api/test_keyvaluetag.py b/tests/api/test_keyvaluetag.py
index be386d6a4..2e996f341 100644
--- a/tests/api/test_keyvaluetag.py
+++ b/tests/api/test_keyvaluetag.py
@@ -3,7 +3,6 @@
 import pytest
 
 from dataall.db import exceptions
-from dataall.modules.datasets_base.db.models import Dataset
 
 
 @pytest.fixture(scope='module')
diff --git a/tests/api/test_vote.py b/tests/api/test_vote.py
index e0db05c74..513f0b903 100644
--- a/tests/api/test_vote.py
+++ b/tests/api/test_vote.py
@@ -1,7 +1,6 @@
 import pytest
 
 from dataall.db import models
-from dataall.modules.datasets_base.db.models import Dataset
 
 
 @pytest.fixture(scope='module')
diff --git a/tests/modules/datasets/conftest.py b/tests/modules/datasets/conftest.py
index 56a1f33fb..af895ccd3 100644
--- a/tests/modules/datasets/conftest.py
+++ b/tests/modules/datasets/conftest.py
@@ -1,13 +1,15 @@
 import random
 import pytest
 
+from dataall.modules.dataset_sharing.db.enums import ShareableType
+from dataall.modules.dataset_sharing.db.models import ShareObject, ShareObjectItem
+from dataall.modules.dataset_sharing.services.share_permissions import SHARE_OBJECT_REQUESTER, SHARE_OBJECT_APPROVER
 from tests.api.client import *
 from tests.api.conftest import *
 
 from dataall.db.api import ResourcePolicy
-from dataall.db.models import ShareableType, ShareObjectItem, ShareObject, Environment, EnvironmentGroup, Organization, \
+from dataall.db.models import Environment, EnvironmentGroup, Organization, \
     PrincipalType
-from dataall.db.permissions import SHARE_OBJECT_REQUESTER, SHARE_OBJECT_APPROVER
 from dataall.modules.datasets import Dataset, DatasetTable, DatasetStorageLocation
 
 
diff --git a/tests/modules/datasets/test_dataset_key_value_tag.py b/tests/modules/datasets/test_dataset_key_value_tag.py
index a17f5b59f..472a3c400 100644
--- a/tests/modules/datasets/test_dataset_key_value_tag.py
+++ b/tests/modules/datasets/test_dataset_key_value_tag.py
@@ -1,7 +1,7 @@
 from dataall.db import models
 import pytest
 
-from dataall.modules.datasets.db.models import Dataset
+from dataall.modules.datasets_base.db.models import Dataset
 from tests.api.test_keyvaluetag import update_key_value_tags, list_tags_query
 
 
@@ -36,7 +36,7 @@ def list_dataset_tags_query(client, dataset):
 
 
 def test_empty_key_value_tags(client, dataset1):
-    response = list_dataset_tags_query(client, dataset1.datasetUri)
+    response = list_dataset_tags_query(client, dataset1)
     print(response)
     assert len(response.data.listKeyValueTags) == 0
 
diff --git a/tests/modules/datasets/test_dataset_resource_found.py b/tests/modules/datasets/test_dataset_resource_found.py
new file mode 100644
index 000000000..e8f056a61
--- /dev/null
+++ b/tests/modules/datasets/test_dataset_resource_found.py
@@ -0,0 +1,154 @@
+import pytest
+
+from dataall.modules.datasets_base.db.models import Dataset
+from dataall.modules.datasets.services.dataset_permissions import CREATE_DATASET
+
+
+@pytest.fixture(scope='module', autouse=True)
+def org1(org, user, group, tenant):
+    org1 = org('testorg', user.userName, group.name)
+    yield org1
+
+
+@pytest.fixture(scope='module', autouse=True)
+def env1(env, org1, user, group, tenant):
+    env1 = env(org1, 'dev', user.userName, group.name, '111111111111', 'eu-west-1')
+    yield env1
+
+
+def get_env(client, env1, group):
+    return client.query(
+        """
+        query GetEnv($environmentUri:String!){
+            getEnvironment(environmentUri:$environmentUri){
+                organization{
+                    organizationUri
+                }
+                environmentUri
+                label
+                AwsAccountId
+                region
+                SamlGroupName
+                owner
+                dashboardsEnabled
+                mlStudiosEnabled
+                pipelinesEnabled
+                warehousesEnabled
+                stack{
+                 EcsTaskArn
+                 EcsTaskId
+                }
+                parameters {
+                    key
+                    value
+                }
+            }
+        }
+        """,
+        username='alice',
+        environmentUri=env1.environmentUri,
+        groups=[group.name],
+    )
+
+
+def test_dataset_resource_found(db, client, env1, org1, group2, user, group3, group, dataset):
+    response = client.query(
+        """
+        query listEnvironmentGroupInvitationPermissions($environmentUri:String){
+            listEnvironmentGroupInvitationPermissions(environmentUri:$environmentUri){
+                    permissionUri
+                    name
+                    type
+            }
+        }
+        """,
+        username=user.userName,
+        groups=[group.name, group2.name],
+        filter={},
+    )
+
+    env_permissions = [
+        p.name for p in response.data.listEnvironmentGroupInvitationPermissions
+    ]
+    assert CREATE_DATASET in env_permissions
+
+    response = client.query(
+        """
+        mutation inviteGroupOnEnvironment($input:InviteGroupOnEnvironmentInput){
+            inviteGroupOnEnvironment(input:$input){
+                environmentUri
+            }
+        }
+        """,
+        username='alice',
+        input=dict(
+            environmentUri=env1.environmentUri,
+            groupUri=group2.name,
+            permissions=env_permissions,
+            environmentIAMRoleName='myteamrole',
+        ),
+        groups=[group.name, group2.name],
+    )
+    print(response)
+    assert response.data.inviteGroupOnEnvironment
+
+    response = client.query(
+        """
+        query getGroup($groupUri:String!, $environmentUri:String){
+            getGroup(groupUri:$groupUri){
+                environmentPermissions(environmentUri:$environmentUri){
+                 name
+                }
+            }
+        }
+        """,
+        username=user.userName,
+        groups=[group2.name],
+        groupUri=group2.name,
+        environmentUri=env1.environmentUri,
+    )
+    env_permissions = [p.name for p in response.data.getGroup.environmentPermissions]
+    assert CREATE_DATASET in env_permissions
+
+    dataset = dataset(
+        org=org1, env=env1, name='dataset1', owner='bob', group=group2.name
+    )
+    assert dataset.datasetUri
+
+    response = client.query(
+        """
+        mutation removeGroupFromEnvironment($environmentUri: String!, $groupUri: String!){
+            removeGroupFromEnvironment(environmentUri: $environmentUri, groupUri: $groupUri){
+                environmentUri
+            }
+        }
+        """,
+        username='alice',
+        environmentUri=env1.environmentUri,
+        groupUri=group2.name,
+        groups=[group.name, group2.name],
+    )
+    print(response)
+
+    assert 'EnvironmentResourcesFound' in response.errors[0].message
+    with db.scoped_session() as session:
+        dataset = session.query(Dataset).get(dataset.datasetUri)
+        session.delete(dataset)
+        session.commit()
+
+    response = client.query(
+        """
+        mutation removeGroupFromEnvironment($environmentUri: String!, $groupUri: String!){
+            removeGroupFromEnvironment(environmentUri: $environmentUri, groupUri: $groupUri){
+                environmentUri
+            }
+        }
+        """,
+        username='alice',
+        environmentUri=env1.environmentUri,
+        groupUri=group2.name,
+        groups=[group.name, group2.name],
+    )
+    print(response)
+    assert response.data.removeGroupFromEnvironment
+

From e891ad98f513bb9faf353142b0d444db742b17cd Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 16 May 2023 17:43:33 +0200
Subject: [PATCH 188/346] Fixing tests after moving them

---
 tests/api/test_glossary.py                    | 150 +---------------
 .../modules/datasets/test_dataset_glossary.py | 164 ++++++++++++++++++
 2 files changed, 165 insertions(+), 149 deletions(-)
 create mode 100644 tests/modules/datasets/test_dataset_glossary.py

diff --git a/tests/api/test_glossary.py b/tests/api/test_glossary.py
index 4802afb81..83c710c19 100644
--- a/tests/api/test_glossary.py
+++ b/tests/api/test_glossary.py
@@ -1,7 +1,5 @@
 from datetime import datetime
-from typing import List
 from dataall.db import models
-from dataall.modules.datasets_base.db.models import DatasetTableColumn, DatasetTable, Dataset
 import pytest
 
 
@@ -11,7 +9,7 @@ def _org(db, org, tenant, user, group) -> models.Organization:
     yield org
 
 
-@pytest.fixture(scope='module')
+@pytest.fixture(scope='module', autouse=True)
 def _env(
     db, _org: models.Organization, user, group, env
 ) -> models.Environment:
@@ -19,53 +17,6 @@ def _env(
     yield env1
 
 
-@pytest.fixture(scope='module', autouse=True)
-def _dataset(db, _env, _org, group, user, dataset) -> Dataset:
-    with db.scoped_session() as session:
-        yield dataset(
-            org=_org, env=_env, name='dataset1', owner=user.userName, group=group.name
-        )
-
-
-@pytest.fixture(scope='module', autouse=True)
-def _table(db, _dataset) -> DatasetTable:
-    with db.scoped_session() as session:
-        t = DatasetTable(
-            datasetUri=_dataset.datasetUri,
-            label='table',
-            AWSAccountId=_dataset.AwsAccountId,
-            region=_dataset.region,
-            S3BucketName=_dataset.S3BucketName,
-            S3Prefix='/raw',
-            GlueTableName='table',
-            owner='alice',
-            GlueDatabaseName=_dataset.GlueDatabaseName,
-        )
-        session.add(t)
-    yield t
-
-
-@pytest.fixture(scope='module', autouse=True)
-def _columns(db, _dataset, _table) -> List[DatasetTableColumn]:
-    with db.scoped_session() as session:
-        cols = []
-        for i in range(0, 10):
-            c = DatasetTableColumn(
-                datasetUri=_dataset.datasetUri,
-                tableUri=_table.tableUri,
-                label=f'c{i+1}',
-                AWSAccountId=_dataset.AwsAccountId,
-                region=_dataset.region,
-                GlueTableName='table',
-                typeName='String',
-                owner='user',
-                GlueDatabaseName=_dataset.GlueDatabaseName,
-            )
-            session.add(c)
-            cols.append(c)
-    yield cols
-
-
 @pytest.fixture(scope='module', autouse=True)
 def g1(client, group):
     r = client.query(
@@ -300,57 +251,6 @@ def test_get_term(client, t1):
     assert r.data.getTerm.readme == t1.readme
 
 
-def test_dataset_term_link_approval(db, client, t1, _dataset, user, group):
-    response = client.query(
-        """
-        mutation UpdateDataset($datasetUri:String!,$input:ModifyDatasetInput){
-            updateDataset(datasetUri:$datasetUri,input:$input){
-                datasetUri
-                label
-                tags
-            }
-        }
-        """,
-        username='alice',
-        groups=[group.name],
-        datasetUri=_dataset.datasetUri,
-        input={'terms': [t1.nodeUri]},
-    )
-    with db.scoped_session() as session:
-        link: models.TermLink = (
-            session.query(models.TermLink)
-            .filter(models.TermLink.nodeUri == t1.nodeUri)
-            .first()
-        )
-    r = client.query(
-        """
-        mutation ApproveTermAssociation($linkUri:String!){
-            approveTermAssociation(linkUri:$linkUri)
-        }
-        """,
-        linkUri=link.linkUri,
-        username='alice',
-        groups=[group.name],
-    )
-    assert r
-    link: models.TermLink = session.query(models.TermLink).get(link.linkUri)
-    assert link.approvedBySteward
-
-    r = client.query(
-        """
-        mutation DismissTermAssociation($linkUri:String!){
-            dismissTermAssociation(linkUri:$linkUri)
-        }
-        """,
-        linkUri=link.linkUri,
-        username='alice',
-        groups=[group.name],
-    )
-    assert r
-    link: models.TermLink = session.query(models.TermLink).get(link.linkUri)
-    assert not link.approvedBySteward
-
-
 def test_glossary_categories(client, g1, c1):
     r = client.query(
         """
@@ -497,54 +397,6 @@ def test_delete_subcategory(client, subcategory, group):
     print(r)
 
 
-def test_link_term(client, t1, _columns, group):
-    col = _columns[0]
-    r = client.query(
-        """
-        mutation LinkTerm(
-            $nodeUri:String!,
-            $targetUri:String!,
-            $targetType:String!,
-        ){
-            linkTerm(
-                nodeUri:$nodeUri,
-                targetUri:$targetUri,
-                targetType:$targetType
-            ){
-                linkUri
-            }
-        }
-        """,
-        nodeUri=t1.nodeUri,
-        targetUri=col.columnUri,
-        targetType='Column',
-        username='alice',
-        groups=[group.name],
-    )
-    linkUri = r.data.linkTerm.linkUri
-
-    r = client.query(
-        """
-        query GetGlossaryTermLink($linkUri:String!){
-            getGlossaryTermLink(linkUri:$linkUri){
-                linkUri
-                created
-                target{
-                    __typename
-                    ... on DatasetTableColumn{
-                         label
-                        columnUri
-                    }
-                }
-            }
-        }
-        """,
-        linkUri=linkUri,
-        username='alice',
-    )
-    print(r)
-
-
 def test_get_term_associations(t1, db, client):
     r = client.query(
         """
diff --git a/tests/modules/datasets/test_dataset_glossary.py b/tests/modules/datasets/test_dataset_glossary.py
new file mode 100644
index 000000000..07cdeeb4f
--- /dev/null
+++ b/tests/modules/datasets/test_dataset_glossary.py
@@ -0,0 +1,164 @@
+import pytest
+from typing import List
+
+from dataall.db.models import Environment, Organization
+from dataall.modules.datasets_base.db.models import DatasetTableColumn, DatasetTable, Dataset
+from tests.api.test_glossary import *
+
+
+@pytest.fixture(scope='module')
+def _org(db, org, tenant, user, group) -> Organization:
+    org = org('testorg', user.userName, group.name)
+    yield org
+
+
+@pytest.fixture(scope='module')
+def _env(db, _org: Organization, user, group, env) -> Environment:
+    env1 = env(_org, 'dev', user.userName, group.name, '111111111111', 'eu-west-1')
+    yield env1
+
+
+@pytest.fixture(scope='module', autouse=True)
+def _dataset(db, _env, _org, group, user, dataset) -> Dataset:
+    with db.scoped_session() as session:
+        yield dataset(
+            org=_org, env=_env, name='dataset1', owner=user.userName, group=group.name
+        )
+
+
+@pytest.fixture(scope='module', autouse=True)
+def _table(db, _dataset) -> DatasetTable:
+    with db.scoped_session() as session:
+        t = DatasetTable(
+            datasetUri=_dataset.datasetUri,
+            label='table',
+            AWSAccountId=_dataset.AwsAccountId,
+            region=_dataset.region,
+            S3BucketName=_dataset.S3BucketName,
+            S3Prefix='/raw',
+            GlueTableName='table',
+            owner='alice',
+            GlueDatabaseName=_dataset.GlueDatabaseName,
+        )
+        session.add(t)
+    yield t
+
+
+@pytest.fixture(scope='module', autouse=True)
+def _columns(db, _dataset, _table) -> List[DatasetTableColumn]:
+    with db.scoped_session() as session:
+        cols = []
+        for i in range(0, 10):
+            c = DatasetTableColumn(
+                datasetUri=_dataset.datasetUri,
+                tableUri=_table.tableUri,
+                label=f'c{i+1}',
+                AWSAccountId=_dataset.AwsAccountId,
+                region=_dataset.region,
+                GlueTableName='table',
+                typeName='String',
+                owner='user',
+                GlueDatabaseName=_dataset.GlueDatabaseName,
+            )
+            session.add(c)
+            cols.append(c)
+    yield cols
+
+
+def test_dataset_link_term(client, t1, _columns, group):
+    col = _columns[0]
+    r = client.query(
+        """
+        mutation LinkTerm(
+            $nodeUri:String!,
+            $targetUri:String!,
+            $targetType:String!,
+        ){
+            linkTerm(
+                nodeUri:$nodeUri,
+                targetUri:$targetUri,
+                targetType:$targetType
+            ){
+                linkUri
+            }
+        }
+        """,
+        nodeUri=t1.nodeUri,
+        targetUri=col.columnUri,
+        targetType='Column',
+        username='alice',
+        groups=[group.name],
+    )
+    link_uri = r.data.linkTerm.linkUri
+
+    r = client.query(
+        """
+        query GetGlossaryTermLink($linkUri:String!){
+            getGlossaryTermLink(linkUri:$linkUri){
+                linkUri
+                created
+                target{
+                    __typename
+                    ... on DatasetTableColumn{
+                         label
+                        columnUri
+                    }
+                }
+            }
+        }
+        """,
+        linkUri=link_uri,
+        username='alice',
+    )
+    print(r)
+
+
+def test_dataset_term_link_approval(db, client, t1, _dataset, user, group):
+    response = client.query(
+        """
+        mutation UpdateDataset($datasetUri:String!,$input:ModifyDatasetInput){
+            updateDataset(datasetUri:$datasetUri,input:$input){
+                datasetUri
+                label
+                tags
+            }
+        }
+        """,
+        username='alice',
+        groups=[group.name],
+        datasetUri=_dataset.datasetUri,
+        input={'terms': [t1.nodeUri]},
+    )
+    with db.scoped_session() as session:
+        link: models.TermLink = (
+            session.query(models.TermLink)
+            .filter(models.TermLink.nodeUri == t1.nodeUri)
+            .first()
+        )
+    r = client.query(
+        """
+        mutation ApproveTermAssociation($linkUri:String!){
+            approveTermAssociation(linkUri:$linkUri)
+        }
+        """,
+        linkUri=link.linkUri,
+        username='alice',
+        groups=[group.name],
+    )
+    assert r
+    link: models.TermLink = session.query(models.TermLink).get(link.linkUri)
+    assert link.approvedBySteward
+
+    r = client.query(
+        """
+        mutation DismissTermAssociation($linkUri:String!){
+            dismissTermAssociation(linkUri:$linkUri)
+        }
+        """,
+        linkUri=link.linkUri,
+        username='alice',
+        groups=[group.name],
+    )
+    assert r
+    link: models.TermLink = session.query(models.TermLink).get(link.linkUri)
+    assert not link.approvedBySteward

From 71d1ccbd1bcdae479423fd53f463d0894bd3d338 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 16 May 2023 18:17:32 +0200
Subject: [PATCH 189/346] Moving cdk stack tests

---
 tests/api/conftest.py                         |  7 --
 tests/api/test_redshift_cluster.py            |  8 ++
 tests/api/test_tenant.py                      |  5 +-
 tests/cdkproxy/conftest.py                    | 82 -----------------
 tests/cdkproxy/test_dataset_stack.py          | 54 ------------
 tests/modules/datasets/conftest.py            |  7 ++
 tests/modules/datasets/test_dataset.py        |  7 ++
 tests/modules/datasets/test_dataset_stack.py  | 88 +++++++++++++++++--
 .../test_environment_stack_with_dataset.py}   | 38 ++++++++
 9 files changed, 145 insertions(+), 151 deletions(-)
 delete mode 100644 tests/cdkproxy/test_dataset_stack.py
 rename tests/{cdkproxy/test_environment_stack.py => modules/datasets/test_environment_stack_with_dataset.py} (61%)

diff --git a/tests/api/conftest.py b/tests/api/conftest.py
index 791357e66..a71099f54 100644
--- a/tests/api/conftest.py
+++ b/tests/api/conftest.py
@@ -20,13 +20,6 @@ def patch_check_env(module_mocker):
     )
 
 
-@pytest.fixture(scope='module', autouse=True)
-def patch_check_dataset(module_mocker):
-    module_mocker.patch(
-        'dataall.modules.datasets.services.dataset_service.DatasetService.check_dataset_account', return_value=True
-    )
-
-
 @pytest.fixture(scope='module', autouse=True)
 def patch_es(module_mocker):
     module_mocker.patch('dataall.searchproxy.connect', return_value={})
diff --git a/tests/api/test_redshift_cluster.py b/tests/api/test_redshift_cluster.py
index 502c2ef02..1fe8c7d08 100644
--- a/tests/api/test_redshift_cluster.py
+++ b/tests/api/test_redshift_cluster.py
@@ -10,6 +10,14 @@
 from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base.db.models import Dataset
 
+
+@pytest.fixture(scope='module', autouse=True)
+def patch_check_dataset(module_mocker):
+    module_mocker.patch(
+        'dataall.modules.datasets.services.dataset_service.DatasetService.check_dataset_account', return_value=True
+    )
+
+
 @pytest.fixture(scope='module', autouse=True)
 def org1(org, user, group, tenant):
     org1 = org('testorg', user.userName, group.name)
diff --git a/tests/api/test_tenant.py b/tests/api/test_tenant.py
index 443110b8a..217c620eb 100644
--- a/tests/api/test_tenant.py
+++ b/tests/api/test_tenant.py
@@ -1,5 +1,4 @@
 from dataall.db import permissions
-from dataall.modules.datasets.services.dataset_permissions import MANAGE_DATASETS
 
 
 def test_list_tenant_permissions(client, user, group, tenant):
@@ -61,7 +60,7 @@ def test_update_permissions(client, user, group, tenant):
         username='alice',
         input=dict(
             groupUri=group.name,
-            permissions=[permissions.MANAGE_ORGANIZATIONS, MANAGE_DATASETS],
+            permissions=[permissions.MANAGE_ORGANIZATIONS, permissions.MANAGE_GROUPS],
         ),
         groups=[group.name, 'DAAdministrators'],
     )
@@ -93,7 +92,7 @@ def test_update_permissions(client, user, group, tenant):
         username='alice',
         input=dict(
             groupUri=group.name,
-            permissions=[permissions.MANAGE_ORGANIZATIONS, MANAGE_DATASETS],
+            permissions=[permissions.MANAGE_ORGANIZATIONS, permissions.MANAGE_GROUPS],
         ),
         groups=[group.name, 'DAAdministrators'],
     )
diff --git a/tests/cdkproxy/conftest.py b/tests/cdkproxy/conftest.py
index fa0680594..aa90279bf 100644
--- a/tests/cdkproxy/conftest.py
+++ b/tests/cdkproxy/conftest.py
@@ -1,7 +1,6 @@
 import pytest
 
 from dataall.db import models, api
-from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 
 
 @pytest.fixture(scope='module', autouse=True)
@@ -59,87 +58,6 @@ def env(db, org: models.Organization) -> models.Environment:
     yield env
 
 
-@pytest.fixture(scope='module', autouse=True)
-def another_group(db, env):
-    with db.scoped_session() as session:
-        env_group: models.EnvironmentGroup = models.EnvironmentGroup(
-            environmentUri=env.environmentUri,
-            groupUri='anothergroup',
-            environmentIAMRoleArn='aontherGroupArn',
-            environmentIAMRoleName='anotherGroupRole',
-            environmentAthenaWorkGroup='workgroup',
-        )
-        session.add(env_group)
-        dataset = Dataset(
-            label='thisdataset',
-            environmentUri=env.environmentUri,
-            organizationUri=env.organizationUri,
-            name='anotherdataset',
-            description='test',
-            AwsAccountId=env.AwsAccountId,
-            region=env.region,
-            S3BucketName='bucket',
-            GlueDatabaseName='db',
-            IAMDatasetAdminRoleArn='role',
-            IAMDatasetAdminUserArn='xxx',
-            KmsAlias='xxx',
-            owner='me',
-            confidentiality='C1',
-            businessOwnerEmail='jeff',
-            businessOwnerDelegationEmails=['andy'],
-            SamlAdminGroupName=env_group.groupUri,
-            GlueCrawlerName='dhCrawler',
-        )
-        session.add(dataset)
-        yield env_group
-
-
-@pytest.fixture(scope='module', autouse=True)
-def dataset(db, env: models.Environment) -> Dataset:
-    with db.scoped_session() as session:
-        dataset = Dataset(
-            label='thisdataset',
-            environmentUri=env.environmentUri,
-            organizationUri=env.organizationUri,
-            name='thisdataset',
-            description='test',
-            AwsAccountId=env.AwsAccountId,
-            region=env.region,
-            S3BucketName='bucket',
-            GlueDatabaseName='db',
-            IAMDatasetAdminRoleArn='role',
-            IAMDatasetAdminUserArn='xxx',
-            KmsAlias='xxx',
-            owner='me',
-            confidentiality='C1',
-            businessOwnerEmail='jeff',
-            businessOwnerDelegationEmails=['andy'],
-            SamlAdminGroupName='admins',
-            GlueCrawlerName='dhCrawler',
-        )
-        session.add(dataset)
-    yield dataset
-
-
-@pytest.fixture(scope='module', autouse=True)
-def table(db, dataset: Dataset) -> DatasetTable:
-    with db.scoped_session() as session:
-        table = DatasetTable(
-            label='thistable',
-            owner='me',
-            datasetUri=dataset.datasetUri,
-            AWSAccountId=dataset.AwsAccountId,
-            region=dataset.region,
-            GlueDatabaseName=dataset.GlueDatabaseName,
-            S3BucketName=dataset.S3BucketName,
-            GlueTableName='asimpletesttable',
-            S3Prefix='/raw/asimpletesttable/',
-        )
-
-        session.add(table)
-    yield table
-
-
 @pytest.fixture(scope='module', autouse=True)
 def sgm_studio(db, env: models.Environment) -> models.SagemakerStudioUserProfile:
     with db.scoped_session() as session:
diff --git a/tests/cdkproxy/test_dataset_stack.py b/tests/cdkproxy/test_dataset_stack.py
deleted file mode 100644
index 173d81ef4..000000000
--- a/tests/cdkproxy/test_dataset_stack.py
+++ /dev/null
@@ -1,54 +0,0 @@
-import json
-
-import pytest
-from aws_cdk import App
-
-from dataall.modules.datasets.cdk.dataset_stack import DatasetStack
-
-
-@pytest.fixture(scope='function', autouse=True)
-def patch_methods(mocker, db, dataset, env, org):
-    mocker.patch('dataall.modules.datasets.cdk.dataset_stack.DatasetStack.get_engine', return_value=db)
-    mocker.patch(
-        'dataall.modules.datasets.cdk.dataset_stack.DatasetStack.get_target', return_value=dataset
-    )
-    mocker.patch(
-        'dataall.aws.handlers.sts.SessionHelper.get_delegation_role_name',
-        return_value="dataall-pivot-role-name-pytest",
-    )
-    mocker.patch(
-        'dataall.aws.handlers.lakeformation.LakeFormation.check_existing_lf_registered_location',
-        return_value=False,
-    )
-    mocker.patch(
-        'dataall.utils.runtime_stacks_tagging.TagsUtil.get_target',
-        return_value=dataset,
-    )
-    mocker.patch(
-        'dataall.utils.runtime_stacks_tagging.TagsUtil.get_engine',
-        return_value=db,
-    )
-    mocker.patch(
-        'dataall.utils.runtime_stacks_tagging.TagsUtil.get_environment',
-        return_value=env,
-    )
-    mocker.patch(
-        'dataall.utils.runtime_stacks_tagging.TagsUtil.get_organization',
-        return_value=org,
-    )
-
-
-@pytest.fixture(scope='function', autouse=True)
-def template(dataset):
-    app = App()
-    DatasetStack(app, 'Dataset', target_uri=dataset.datasetUri)
-    return json.dumps(app.synth().get_stack_by_name('Dataset').template)
-
-
-def test_resources_created(template):
-    assert 'AWS::S3::Bucket' in template
-    assert 'AWS::KMS::Key' in template
-    assert 'AWS::IAM::Role' in template
-    assert 'AWS::IAM::Policy' in template
-    assert 'AWS::S3::BucketPolicy' in template
-    assert 'AWS::Glue::Job' in template
diff --git a/tests/modules/datasets/conftest.py b/tests/modules/datasets/conftest.py
index af895ccd3..8c5181297 100644
--- a/tests/modules/datasets/conftest.py
+++ b/tests/modules/datasets/conftest.py
@@ -13,6 +13,13 @@
 from dataall.modules.datasets import Dataset, DatasetTable, DatasetStorageLocation
 
 
+@pytest.fixture(scope='module', autouse=True)
+def patch_check_dataset(module_mocker):
+    module_mocker.patch(
+        'dataall.modules.datasets.services.dataset_service.DatasetService.check_dataset_account', return_value=True
+    )
+
+
 @pytest.fixture(scope='module', autouse=True)
 def patch_es(module_mocker):
     module_mocker.patch('dataall.searchproxy.connect', return_value={})
diff --git a/tests/modules/datasets/test_dataset.py b/tests/modules/datasets/test_dataset.py
index 1724fc0a5..41380b3ee 100644
--- a/tests/modules/datasets/test_dataset.py
+++ b/tests/modules/datasets/test_dataset.py
@@ -6,6 +6,7 @@
 import dataall
 from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base.db.models import DatasetStorageLocation, DatasetTable, Dataset
+from tests.api.test_stack import update_stack_query
 
 
 @pytest.fixture(scope='module', autouse=True)
@@ -533,3 +534,9 @@ def test_stewardship(client, dataset, env1, org1, db, group2, group, user, patch
         },
     )
     assert response.data.createDataset.stewards == group2.name
+
+
+def test_dataset_stack(client, dataset_fixture, group):
+    dataset = dataset_fixture
+    response = update_stack_query(client, dataset.datasetUri, 'dataset', dataset.SamlAdminGroupName)
+    assert response.data.updateStack.targetUri == dataset.datasetUri
diff --git a/tests/modules/datasets/test_dataset_stack.py b/tests/modules/datasets/test_dataset_stack.py
index 81860e17b..48484f3d3 100644
--- a/tests/modules/datasets/test_dataset_stack.py
+++ b/tests/modules/datasets/test_dataset_stack.py
@@ -1,7 +1,85 @@
-from tests.api.test_stack import update_stack_query
+import json
 
+import pytest
+from aws_cdk import App
 
-def test_notebook_stack(client, dataset_fixture, group):
-    dataset = dataset_fixture
-    response = update_stack_query(client, dataset.datasetUri, 'dataset', dataset.SamlAdminGroupName)
-    assert response.data.updateStack.targetUri == dataset.datasetUri
+from dataall.db.models import Environment
+from dataall.modules.datasets.cdk.dataset_stack import DatasetStack
+from dataall.modules.datasets_base.db.models import Dataset
+
+from tests.cdkproxy.conftest import *
+
+
+@pytest.fixture(scope='module', autouse=True)
+def dataset(db, env: Environment) -> Dataset:
+    with db.scoped_session() as session:
+        dataset = Dataset(
+            label='thisdataset',
+            environmentUri=env.environmentUri,
+            organizationUri=env.organizationUri,
+            name='thisdataset',
+            description='test',
+            AwsAccountId=env.AwsAccountId,
+            region=env.region,
+            S3BucketName='bucket',
+            GlueDatabaseName='db',
+            IAMDatasetAdminRoleArn='role',
+            IAMDatasetAdminUserArn='xxx',
+            KmsAlias='xxx',
+            owner='me',
+            confidentiality='C1',
+            businessOwnerEmail='jeff',
+            businessOwnerDelegationEmails=['andy'],
+            SamlAdminGroupName='admins',
+            GlueCrawlerName='dhCrawler',
+        )
+        session.add(dataset)
+    yield dataset
+
+
+@pytest.fixture(scope='function', autouse=True)
+def patch_methods(mocker, db, dataset, env, org):
+    mocker.patch('dataall.modules.datasets.cdk.dataset_stack.DatasetStack.get_engine', return_value=db)
+    mocker.patch(
+        'dataall.modules.datasets.cdk.dataset_stack.DatasetStack.get_target', return_value=dataset
+    )
+    mocker.patch(
+        'dataall.aws.handlers.sts.SessionHelper.get_delegation_role_name',
+        return_value="dataall-pivot-role-name-pytest",
+    )
+    mocker.patch(
+        'dataall.aws.handlers.lakeformation.LakeFormation.check_existing_lf_registered_location',
+        return_value=False,
+    )
+    mocker.patch(
+        'dataall.utils.runtime_stacks_tagging.TagsUtil.get_target',
+        return_value=dataset,
+    )
+    mocker.patch(
+        'dataall.utils.runtime_stacks_tagging.TagsUtil.get_engine',
+        return_value=db,
+    )
+    mocker.patch(
+        'dataall.utils.runtime_stacks_tagging.TagsUtil.get_environment',
+        return_value=env,
+    )
+    mocker.patch(
+        'dataall.utils.runtime_stacks_tagging.TagsUtil.get_organization',
+        return_value=org,
+    )
+
+
+@pytest.fixture(scope='function', autouse=True)
+def template(dataset):
+    app = App()
+    DatasetStack(app, 'Dataset', target_uri=dataset.datasetUri)
+    return json.dumps(app.synth().get_stack_by_name('Dataset').template)
+
+
+def test_resources_created(template):
+    assert 'AWS::S3::Bucket' in template
+    assert 'AWS::KMS::Key' in template
+    assert 'AWS::IAM::Role' in template
+    assert 'AWS::IAM::Policy' in template
+    assert 'AWS::S3::BucketPolicy' in template
+    assert 'AWS::Glue::Job' in template
diff --git a/tests/cdkproxy/test_environment_stack.py b/tests/modules/datasets/test_environment_stack_with_dataset.py
similarity index 61%
rename from tests/cdkproxy/test_environment_stack.py
rename to tests/modules/datasets/test_environment_stack_with_dataset.py
index f5dceccdf..bf724b9f8 100644
--- a/tests/cdkproxy/test_environment_stack.py
+++ b/tests/modules/datasets/test_environment_stack_with_dataset.py
@@ -4,6 +4,9 @@
 from aws_cdk import App
 
 from dataall.cdkproxy.stacks import EnvironmentSetup
+from dataall.db.models import EnvironmentGroup
+from dataall.modules.datasets_base.db.models import Dataset
+from tests.cdkproxy.conftest import *
 
 
 @pytest.fixture(scope='function', autouse=True)
@@ -51,6 +54,41 @@ def patch_methods(mocker, db, env, another_group, permissions):
     )
 
 
+@pytest.fixture(scope='module', autouse=True)
+def another_group(db, env):
+    with db.scoped_session() as session:
+        env_group: EnvironmentGroup = EnvironmentGroup(
+            environmentUri=env.environmentUri,
+            groupUri='anothergroup',
+            environmentIAMRoleArn='aontherGroupArn',
+            environmentIAMRoleName='anotherGroupRole',
+            environmentAthenaWorkGroup='workgroup',
+        )
+        session.add(env_group)
+        dataset = Dataset(
+            label='thisdataset',
+            environmentUri=env.environmentUri,
+            organizationUri=env.organizationUri,
+            name='anotherdataset',
+            description='test',
+            AwsAccountId=env.AwsAccountId,
+            region=env.region,
+            S3BucketName='bucket',
+            GlueDatabaseName='db',
+            IAMDatasetAdminRoleArn='role',
+            IAMDatasetAdminUserArn='xxx',
+            KmsAlias='xxx',
+            owner='me',
+            confidentiality='C1',
+            businessOwnerEmail='jeff',
+            businessOwnerDelegationEmails=['andy'],
+            SamlAdminGroupName=env_group.groupUri,
+            GlueCrawlerName='dhCrawler',
+        )
+        session.add(dataset)
+        yield env_group
+
+
 @pytest.fixture(scope='function', autouse=True)
 def template(env):
     app = App()

From 012a01f8d21242807fe2ebdd10d182966333ba94 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 17 May 2023 10:45:30 +0200
Subject: [PATCH 190/346] Moving next part of dataset tests

---
 tests/db/test_permission.py                   | 179 ++----------------
 tests/modules/datasets/conftest.py            |  17 --
 .../modules/datasets/test_dataset_glossary.py |  32 ++++
 .../datasets/test_dataset_indexers.py}        |   6 +-
 .../datasets/test_dataset_permissions.py      | 179 ++++++++++++++++++
 tests/searchproxy/__init__.py                 |   0
 tests/utils/factories/__init__.py             |   3 -
 7 files changed, 228 insertions(+), 188 deletions(-)
 rename tests/{searchproxy/test_indexers.py => modules/datasets/test_dataset_indexers.py} (97%)
 create mode 100644 tests/modules/datasets/test_dataset_permissions.py
 delete mode 100644 tests/searchproxy/__init__.py
 delete mode 100644 tests/utils/factories/__init__.py

diff --git a/tests/db/test_permission.py b/tests/db/test_permission.py
index 177f8fe2d..ce6a75461 100644
--- a/tests/db/test_permission.py
+++ b/tests/db/test_permission.py
@@ -2,23 +2,16 @@
 
 import dataall
 from dataall.api.constants import OrganisationUserRole
-from dataall.core.context import set_context, RequestContext
 from dataall.db import exceptions
+from dataall.db.api import TenantPolicy, Tenant
 from dataall.db.models.Permission import PermissionType
-from dataall.modules.datasets_base.db.models import Dataset
-from dataall.modules.datasets.services.dataset_service import DatasetService
-from dataall.modules.datasets.services.dataset_permissions import MANAGE_DATASETS, UPDATE_DATASET, DATASET_READ, DATASET_WRITE
-from dataall.modules.datasets_base.services.permissions import DATASET_TABLE_READ
+from dataall.db.permissions import MANAGE_GROUPS, ENVIRONMENT_ALL, ORGANIZATION_ALL
 
-@pytest.fixture(scope='module')
-def permissions(db):
+
+def permissions(db, all_perms):
     with db.scoped_session() as session:
         permissions = []
-        for p in (
-            DATASET_READ + DATASET_WRITE + DATASET_TABLE_READ
-            + dataall.db.permissions.ORGANIZATION_ALL
-            + dataall.db.permissions.ENVIRONMENT_ALL
-        ):
+        for p in all_perms:
             permissions.append(
                 dataall.db.api.Permission.save_permission(
                     session,
@@ -37,13 +30,12 @@ def permissions(db):
                 )
             )
         session.commit()
-        yield permissions
 
 
 @pytest.fixture(scope='module')
 def tenant(db):
     with db.scoped_session() as session:
-        tenant = dataall.db.api.Tenant.save_tenant(
+        tenant = Tenant.save_tenant(
             session, name='dataall', description='Tenant dataall'
         )
         yield tenant
@@ -67,17 +59,6 @@ def group(db, user):
         yield group
 
 
-@pytest.fixture(scope='module')
-def group_user(db, group, user):
-    with db.scoped_session() as session:
-        member = dataall.db.models.GroupMember(
-            userName=user.userName,
-            groupUri=group.groupUri,
-        )
-        session.add(member)
-        yield member
-
-
 @pytest.fixture(scope='module', autouse=True)
 def org(db, group):
     with db.scoped_session() as session:
@@ -114,164 +95,32 @@ def env(org, db, group):
     yield env
 
 
-@pytest.fixture(scope='module', autouse=True)
-def patch_methods(module_mocker):
-    module_mocker.patch(
-        'dataall.modules.datasets.services.dataset_service.DatasetService._deploy_dataset_stack',
-        return_value=True
-    )
-
-
-@pytest.fixture(scope='module', autouse=True)
-def dataset(org, env, db, group):
+def test_attach_tenant_policy(db, user, group, tenant):
+    permissions(db, ORGANIZATION_ALL + ENVIRONMENT_ALL)
     with db.scoped_session() as session:
-        dataset = Dataset(
-            organizationUri=org.organizationUri,
-            environmentUri=env.environmentUri,
-            label='label',
-            owner='foo',
-            SamlAdminGroupName=group.name,
-            businessOwnerDelegationEmails=['foo@amazon.com'],
-            businessOwnerEmail=['bar@amazon.com'],
-            name='name',
-            S3BucketName='S3BucketName',
-            GlueDatabaseName='GlueDatabaseName',
-            KmsAlias='kmsalias',
-            AwsAccountId='123456789012',
-            region='eu-west-1',
-            IAMDatasetAdminUserArn=f'arn:aws:iam::123456789012:user/dataset',
-            IAMDatasetAdminRoleArn=f'arn:aws:iam::123456789012:role/dataset',
-        )
-        session.add(dataset)
-    yield dataset
-
-
-def test_attach_resource_policy(db, user, group, group_user, dataset, permissions):
-    with db.scoped_session() as session:
-
-        dataall.db.api.ResourcePolicy.attach_resource_policy(
-            session=session,
-            group=group.name,
-            permissions=DATASET_WRITE,
-            resource_uri=dataset.datasetUri,
-            resource_type=Dataset.__name__,
-        )
-        assert dataall.db.api.ResourcePolicy.check_user_resource_permission(
-            session=session,
-            username=user.userName,
-            groups=[group.name],
-            permission_name=UPDATE_DATASET,
-            resource_uri=dataset.datasetUri,
-        )
-
-
-def test_attach_tenant_policy(
-    db, user, group, group_user, dataset, permissions, tenant
-):
-    with db.scoped_session() as session:
-
-        dataall.db.api.TenantPolicy.attach_group_tenant_policy(
+        TenantPolicy.attach_group_tenant_policy(
             session=session,
             group=group.name,
-            permissions=[MANAGE_DATASETS],
+            permissions=[MANAGE_GROUPS],
             tenant_name='dataall',
         )
 
-        assert dataall.db.api.TenantPolicy.check_user_tenant_permission(
+        assert TenantPolicy.check_user_tenant_permission(
             session=session,
             username=user.userName,
             groups=[group.name],
-            permission_name=MANAGE_DATASETS,
+            permission_name=MANAGE_GROUPS,
             tenant_name='dataall',
         )
 
 
-def test_unauthorized_resource_policy(
-    db, user, group_user, group, dataset, permissions
-):
-    with pytest.raises(exceptions.ResourceUnauthorized):
-        with db.scoped_session() as session:
-            assert dataall.db.api.ResourcePolicy.check_user_resource_permission(
-                session=session,
-                username=user.userName,
-                groups=[group.name],
-                permission_name='UNKNOW_PERMISSION',
-                resource_uri=dataset.datasetUri,
-            )
-
-
-def test_unauthorized_tenant_policy(
-    db, user, group, group_user, dataset, permissions, tenant
-):
+def test_unauthorized_tenant_policy(db, user, group):
     with pytest.raises(exceptions.TenantUnauthorized):
         with db.scoped_session() as session:
-            assert dataall.db.api.TenantPolicy.check_user_tenant_permission(
+            assert TenantPolicy.check_user_tenant_permission(
                 session=session,
                 username=user.userName,
                 groups=[group.name],
                 permission_name='UNKNOW_PERMISSION',
                 tenant_name='dataall',
             )
-
-
-def test_create_dataset(db, env, user, group, group_user, dataset, permissions, tenant):
-    with db.scoped_session() as session:
-        dataall.db.api.TenantPolicy.attach_group_tenant_policy(
-            session=session,
-            group=group.name,
-            permissions=dataall.db.permissions.TENANT_ALL,
-            tenant_name='dataall',
-        )
-        org_with_perm = dataall.db.api.Organization.create_organization(
-            session=session,
-            username=user.userName,
-            groups=[group.name],
-            uri=None,
-            data={
-                'label': 'OrgWithPerm',
-                'SamlGroupName': group.name,
-                'description': 'desc',
-                'tags': [],
-            },
-            check_perm=True,
-        )
-        env_with_perm = dataall.db.api.Environment.create_environment(
-            session=session,
-            username=user.userName,
-            groups=[group.name],
-            uri=org_with_perm.organizationUri,
-            data={
-                'label': 'EnvWithPerm',
-                'organizationUri': org_with_perm.organizationUri,
-                'SamlGroupName': group.name,
-                'description': 'desc',
-                'AwsAccountId': '123456789012',
-                'region': 'eu-west-1',
-                'cdk_role_name': 'cdkrole',
-            },
-            check_perm=True,
-        )
-
-        data = dict(
-            label='label',
-            owner='foo',
-            SamlAdminGroupName=group.name,
-            businessOwnerDelegationEmails=['foo@amazon.com'],
-            businessOwnerEmail=['bar@amazon.com'],
-            name='name',
-            S3BucketName='S3BucketName',
-            GlueDatabaseName='GlueDatabaseName',
-            KmsAlias='kmsalias',
-            AwsAccountId='123456789012',
-            region='eu-west-1',
-            IAMDatasetAdminUserArn=f'arn:aws:iam::123456789012:user/dataset',
-            IAMDatasetAdminRoleArn=f'arn:aws:iam::123456789012:role/dataset',
-        )
-
-        set_context(RequestContext(db, user.userName, [group.name]))
-        dataset = DatasetService.create_dataset(
-            uri=env_with_perm.environmentUri,
-            admin_group=group.name,
-            data=data,
-        )
-        assert dataset
diff --git a/tests/modules/datasets/conftest.py b/tests/modules/datasets/conftest.py
index 8c5181297..d6c5ce3ff 100644
--- a/tests/modules/datasets/conftest.py
+++ b/tests/modules/datasets/conftest.py
@@ -20,23 +20,6 @@ def patch_check_dataset(module_mocker):
     )
 
 
-@pytest.fixture(scope='module', autouse=True)
-def patch_es(module_mocker):
-    module_mocker.patch('dataall.searchproxy.connect', return_value={})
-    module_mocker.patch('dataall.searchproxy.search', return_value={})
-    module_mocker.patch(
-        'dataall.modules.datasets.indexers.table_indexer.DatasetTableIndexer.upsert_all',
-        return_value={}
-    )
-    module_mocker.patch('dataall.modules.datasets.indexers.dataset_indexer.DatasetIndexer.upsert', return_value={})
-    module_mocker.patch('dataall.modules.datasets.indexers.table_indexer.DatasetTableIndexer.upsert', return_value={})
-    module_mocker.patch(
-        'dataall.modules.datasets.indexers.location_indexer.DatasetLocationIndexer.upsert',
-        return_value={}
-    )
-    module_mocker.patch('dataall.searchproxy.base_indexer.BaseIndexer.delete_doc', return_value={})
-
-
 @pytest.fixture(scope='module', autouse=True)
 def dataset(client, patch_es):
     cache = {}
diff --git a/tests/modules/datasets/test_dataset_glossary.py b/tests/modules/datasets/test_dataset_glossary.py
index 07cdeeb4f..7ae12299e 100644
--- a/tests/modules/datasets/test_dataset_glossary.py
+++ b/tests/modules/datasets/test_dataset_glossary.py
@@ -162,3 +162,35 @@ def test_dataset_term_link_approval(db, client, t1, _dataset, user, group):
     assert r
     link: models.TermLink = session.query(models.TermLink).get(link.linkUri)
     assert not link.approvedBySteward
+
+
+def test_get_column_term_associations(t1, db, client):
+    r = client.query(
+        """
+        query GetTerm($nodeUri:String!){
+            getTerm(nodeUri:$nodeUri){
+                nodeUri
+                label
+                readme
+                associations{
+                    count
+                    nodes{
+                        linkUri
+                        target{
+                            ... on DatasetTableColumn{
+                                label
+                                columnUri
+                            }
+                        }
+                    }
+                }
+            }
+
+        }
+        """,
+        nodeUri=t1.nodeUri,
+        username='alice',
+    )
+    assert r.data.getTerm.nodeUri == t1.nodeUri
+    assert r.data.getTerm.label == t1.label
+    assert r.data.getTerm.readme == t1.readme
diff --git a/tests/searchproxy/test_indexers.py b/tests/modules/datasets/test_dataset_indexers.py
similarity index 97%
rename from tests/searchproxy/test_indexers.py
rename to tests/modules/datasets/test_dataset_indexers.py
index 006060e24..4dc979681 100644
--- a/tests/searchproxy/test_indexers.py
+++ b/tests/modules/datasets/test_dataset_indexers.py
@@ -1,6 +1,6 @@
 import pytest
 
-import dataall
+from dataall.db.models import Organization, Environment
 from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
 from dataall.modules.datasets_base.db.models import DatasetStorageLocation, DatasetTable, Dataset
@@ -10,7 +10,7 @@
 @pytest.fixture(scope='module', autouse=True)
 def org(db):
     with db.scoped_session() as session:
-        org = dataall.db.models.Organization(
+        org = Organization(
             label='org',
             owner='alice',
             tags=[],
@@ -25,7 +25,7 @@ def org(db):
 @pytest.fixture(scope='module', autouse=True)
 def env(org, db):
     with db.scoped_session() as session:
-        env = dataall.db.models.Environment(
+        env = Environment(
             organizationUri=org.organizationUri,
             AwsAccountId='12345678901',
             region='eu-west-1',
diff --git a/tests/modules/datasets/test_dataset_permissions.py b/tests/modules/datasets/test_dataset_permissions.py
new file mode 100644
index 000000000..015f0fd4a
--- /dev/null
+++ b/tests/modules/datasets/test_dataset_permissions.py
@@ -0,0 +1,179 @@
+import pytest
+
+from dataall.core.context import set_context, RequestContext
+from dataall.db.api import ResourcePolicy, TenantPolicy, Environment, Organization, Tenant
+from dataall.db.exceptions import ResourceUnauthorized
+from dataall.db.models import GroupMember
+from dataall.db.permissions import TENANT_ALL
+from dataall.modules.datasets.services.dataset_permissions import DATASET_WRITE, UPDATE_DATASET, MANAGE_DATASETS, \
+    DATASET_READ
+from dataall.modules.datasets.services.dataset_service import DatasetService
+from dataall.modules.datasets_base.db.models import Dataset
+from dataall.modules.datasets_base.services.permissions import DATASET_TABLE_READ
+
+from tests.db.test_permission import *
+
+
+@pytest.fixture(scope='module', autouse=True)
+def patch_methods(module_mocker):
+    module_mocker.patch(
+        'dataall.modules.datasets.services.dataset_service.DatasetService._deploy_dataset_stack',
+        return_value=True
+    )
+
+
+@pytest.fixture(scope='module')
+def tenant(db):
+    with db.scoped_session() as session:
+        tenant = Tenant.save_tenant(
+            session, name='dataall', description='Tenant dataall'
+        )
+        yield tenant
+
+
+@pytest.fixture(scope='module')
+def group_user(db, group, user):
+    with db.scoped_session() as session:
+        member = GroupMember(userName=user.userName, groupUri=group.groupUri)
+        session.add(member)
+        yield member
+
+
+@pytest.fixture(scope='module', autouse=True)
+def dataset(org, env, db, group):
+    with db.scoped_session() as session:
+        dataset = Dataset(
+            organizationUri=org.organizationUri,
+            environmentUri=env.environmentUri,
+            label='label',
+            owner='foo',
+            SamlAdminGroupName=group.name,
+            businessOwnerDelegationEmails=['foo@amazon.com'],
+            businessOwnerEmail=['bar@amazon.com'],
+            name='name',
+            S3BucketName='S3BucketName',
+            GlueDatabaseName='GlueDatabaseName',
+            KmsAlias='kmsalias',
+            AwsAccountId='123456789012',
+            region='eu-west-1',
+            IAMDatasetAdminUserArn=f'arn:aws:iam::123456789012:user/dataset',
+            IAMDatasetAdminRoleArn=f'arn:aws:iam::123456789012:role/dataset',
+        )
+        session.add(dataset)
+    yield dataset
+
+
+def test_attach_resource_policy(db, user, group, group_user, dataset):
+    permissions(db, ENVIRONMENT_ALL + ORGANIZATION_ALL + DATASET_READ + DATASET_WRITE + DATASET_TABLE_READ)
+    with db.scoped_session() as session:
+        ResourcePolicy.attach_resource_policy(
+            session=session,
+            group=group.name,
+            permissions=DATASET_WRITE,
+            resource_uri=dataset.datasetUri,
+            resource_type=Dataset.__name__,
+        )
+        assert ResourcePolicy.check_user_resource_permission(
+            session=session,
+            username=user.userName,
+            groups=[group.name],
+            permission_name=UPDATE_DATASET,
+            resource_uri=dataset.datasetUri,
+        )
+
+
+def test_attach_tenant_policy(
+    db, user, group, group_user, dataset, permissions, tenant
+):
+    with db.scoped_session() as session:
+        TenantPolicy.attach_group_tenant_policy(
+            session=session,
+            group=group.name,
+            permissions=[MANAGE_DATASETS],
+            tenant_name='dataall',
+        )
+
+        assert TenantPolicy.check_user_tenant_permission(
+            session=session,
+            username=user.userName,
+            groups=[group.name],
+            permission_name=MANAGE_DATASETS,
+            tenant_name='dataall',
+        )
+
+
+def test_unauthorized_resource_policy(
+    db, user, group_user, group, dataset, permissions
+):
+    with pytest.raises(ResourceUnauthorized):
+        with db.scoped_session() as session:
+            assert ResourcePolicy.check_user_resource_permission(
+                session=session,
+                username=user.userName,
+                groups=[group.name],
+                permission_name='UNKNOWN_PERMISSION',
+                resource_uri=dataset.datasetUri,
+            )
+
+
+def test_create_dataset(db, env, user, group, group_user, dataset, permissions, tenant):
+    with db.scoped_session() as session:
+        TenantPolicy.attach_group_tenant_policy(
+            session=session,
+            group=group.name,
+            permissions=TENANT_ALL,
+            tenant_name='dataall',
+        )
+        org_with_perm = Organization.create_organization(
+            session=session,
+            username=user.userName,
+            groups=[group.name],
+            uri=None,
+            data={
+                'label': 'OrgWithPerm',
+                'SamlGroupName': group.name,
+                'description': 'desc',
+                'tags': [],
+            },
+            check_perm=True,
+        )
+        env_with_perm = Environment.create_environment(
+            session=session,
+            username=user.userName,
+            groups=[group.name],
+            uri=org_with_perm.organizationUri,
+            data={
+                'label': 'EnvWithPerm',
+                'organizationUri': org_with_perm.organizationUri,
+                'SamlGroupName': group.name,
+                'description': 'desc',
+                'AwsAccountId': '123456789012',
+                'region': 'eu-west-1',
+                'cdk_role_name': 'cdkrole',
+            },
+            check_perm=True,
+        )
+
+        data = dict(
+            label='label',
+            owner='foo',
+            SamlAdminGroupName=group.name,
+            businessOwnerDelegationEmails=['foo@amazon.com'],
+            businessOwnerEmail=['bar@amazon.com'],
+            name='name',
+            S3BucketName='S3BucketName',
+            GlueDatabaseName='GlueDatabaseName',
+            KmsAlias='kmsalias',
+            AwsAccountId='123456789012',
+            region='eu-west-1',
+            IAMDatasetAdminUserArn=f'arn:aws:iam::123456789012:user/dataset',
+            IAMDatasetAdminRoleArn=f'arn:aws:iam::123456789012:role/dataset',
+        )
+
+        set_context(RequestContext(db, user.userName, [group.name]))
+        dataset = DatasetService.create_dataset(
+            uri=env_with_perm.environmentUri,
+            admin_group=group.name,
+            data=data,
+        )
+        assert dataset
diff --git a/tests/searchproxy/__init__.py b/tests/searchproxy/__init__.py
deleted file mode 100644
index e69de29bb..000000000
diff --git a/tests/utils/factories/__init__.py b/tests/utils/factories/__init__.py
deleted file mode 100644
index ff6dabec2..000000000
--- a/tests/utils/factories/__init__.py
+++ /dev/null
@@ -1,3 +0,0 @@
-from .org import org
-from .env import env
-from .dataset import dataset

From 929861ca1bc8c528fa6dd144eebf5f054a98387f Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 17 May 2023 11:09:23 +0200
Subject: [PATCH 191/346] Extracted LakeFormationDatasetClient

---
 backend/dataall/aws/handlers/lakeformation.py | 22 --------
 backend/dataall/aws/handlers/quicksight.py    | 53 -------------------
 .../modules/datasets/aws/lf_dataset_client.py | 41 ++++++++++++++
 .../modules/datasets/cdk/dataset_stack.py     |  7 +--
 tests/api/test_glossary.py                    | 32 -----------
 tests/modules/datasets/test_dataset_stack.py  |  7 ++-
 6 files changed, 48 insertions(+), 114 deletions(-)
 create mode 100644 backend/dataall/modules/datasets/aws/lf_dataset_client.py

diff --git a/backend/dataall/aws/handlers/lakeformation.py b/backend/dataall/aws/handlers/lakeformation.py
index e1939c536..1746bdad3 100644
--- a/backend/dataall/aws/handlers/lakeformation.py
+++ b/backend/dataall/aws/handlers/lakeformation.py
@@ -6,34 +6,12 @@
 from .sts import SessionHelper
 
 log = logging.getLogger('aws:lakeformation')
-PIVOT_ROLE_NAME_PREFIX = "datallPivotRole"
 
 
 class LakeFormation:
     def __init__(self):
         pass
 
-    @staticmethod
-    def check_existing_lf_registered_location(resource_arn, accountid, region):
-        """
-        Checks if there is a non-dataall-created registered location for the Dataset
-        Returns False is already existing location else return the resource info
-        """
-        try:
-            session = SessionHelper.remote_session(accountid)
-            lf_client = session.client('lakeformation', region_name=region)
-            response = lf_client.describe_resource(ResourceArn=resource_arn)
-            registered_role_name = response['ResourceInfo']['RoleArn'].lstrip(f"arn:aws:iam::{accountid}:role/")
-            log.info(f'LF data location already registered: {response}, registered with role {registered_role_name}')
-            if registered_role_name.startswith(PIVOT_ROLE_NAME_PREFIX):
-                log.info('The existing data location was created as part of the dataset stack. There was no pre-existing data location.')
-                return False
-            return response['ResourceInfo']
-
-        except ClientError as e:
-            log.info(f'LF data location for resource {resource_arn} not found due to {e}')
-            return False
-
     @staticmethod
     def grant_pivot_role_all_database_permissions(accountid, region, database):
         LakeFormation.grant_permissions_to_database(
diff --git a/backend/dataall/aws/handlers/quicksight.py b/backend/dataall/aws/handlers/quicksight.py
index 749c53829..886482f3f 100644
--- a/backend/dataall/aws/handlers/quicksight.py
+++ b/backend/dataall/aws/handlers/quicksight.py
@@ -452,59 +452,6 @@ def create_data_source_vpc(AwsAccountId, region, UserName, vpcConnectionId):
 
         return "dataall-metadata-db"
 
-    @staticmethod
-    def create_data_set_from_source(AwsAccountId, region, UserName, dataSourceId, tablesToImport):
-        client = Quicksight.get_quicksight_client(AwsAccountId, region)
-        user = Quicksight.describe_user(AwsAccountId, UserName)
-        if not user:
-            return False
-
-        data_source = client.describe_data_source(
-            AwsAccountId=AwsAccountId,
-            DataSourceId=dataSourceId
-        )
-
-        if not data_source:
-            return False
-
-        for table in tablesToImport:
-
-            response = client.create_data_set(
-                AwsAccountId=AwsAccountId,
-                DataSetId=f"dataall-imported-{table}",
-                Name=f"dataall-imported-{table}",
-                PhysicalTableMap={
-                    'string': {
-                        'RelationalTable': {
-                            'DataSourceArn': data_source.get('DataSource').get('Arn'),
-                            'Catalog': 'string',
-                            'Schema': 'dev',
-                            'Name': table,
-                            'InputColumns': [
-                                {
-                                    'Name': 'string',
-                                    'Type': 'STRING'
-                                },
-                            ]
-                        }
-                    }},
-                ImportMode='DIRECT_QUERY',
-                Permissions=[
-                    {
-                        'Principal': user.get('Arn'),
-                        'Actions': [
-                            "quicksight:DescribeDataSet",
-                            "quicksight:DescribeDataSetPermissions",
-                            "quicksight:PassDataSet",
-                            "quicksight:DescribeIngestion",
-                            "quicksight:ListIngestions"
-                        ]
-                    },
-                ],
-            )
-
-        return True
-
     @staticmethod
     def create_analysis(AwsAccountId, region, UserName):
         client = Quicksight.get_quicksight_client(AwsAccountId, region)
diff --git a/backend/dataall/modules/datasets/aws/lf_dataset_client.py b/backend/dataall/modules/datasets/aws/lf_dataset_client.py
new file mode 100644
index 000000000..d89a099b8
--- /dev/null
+++ b/backend/dataall/modules/datasets/aws/lf_dataset_client.py
@@ -0,0 +1,41 @@
+import logging
+from botocore.exceptions import ClientError
+
+from dataall.aws.handlers.sts import SessionHelper
+from dataall.db.models import Environment
+from dataall.modules.datasets_base.db.models import Dataset
+
+log = logging.getLogger(__name__)
+PIVOT_ROLE_NAME_PREFIX = "datallPivotRole"
+
+
+class LakeFormationDatasetClient:
+
+    def __init__(self, env: Environment, dataset: Dataset):
+        session = SessionHelper.remote_session(env.AwsAccountId)
+        self._client = session.client('lakeformation', region_name=env.region)
+        self._dataset = dataset
+        self._env = env
+
+    def check_existing_lf_registered_location(self):
+        """
+        Checks if there is a non-dataall-created registered location for the Dataset
+        Returns False is already existing location else return the resource info
+        """
+
+        resource_arn = f'arn:aws:s3:::{self._dataset.S3BucketName}'
+        try:
+
+            response = self._client.describe_resource(ResourceArn=resource_arn)
+            registered_role_name = response['ResourceInfo']['RoleArn'].lstrip(f"arn:aws:iam::{self._env}:role/")
+            log.info(f'LF data location already registered: {response}, registered with role {registered_role_name}')
+            if registered_role_name.startswith(PIVOT_ROLE_NAME_PREFIX):
+                log.info(
+                    'The existing data location was created as part of the dataset stack. '
+                    'There was no pre-existing data location.')
+                return False
+            return response['ResourceInfo']
+
+        except ClientError as e:
+            log.info(f'LF data location for resource {resource_arn} not found due to {e}')
+            return False
diff --git a/backend/dataall/modules/datasets/cdk/dataset_stack.py b/backend/dataall/modules/datasets/cdk/dataset_stack.py
index 73c2aedc5..3e45734e7 100644
--- a/backend/dataall/modules/datasets/cdk/dataset_stack.py
+++ b/backend/dataall/modules/datasets/cdk/dataset_stack.py
@@ -24,6 +24,7 @@
 from dataall.aws.handlers.sts import SessionHelper
 from dataall.db import models
 from dataall.db.api import Environment
+from dataall.modules.datasets.aws.lf_dataset_client import LakeFormationDatasetClient
 from dataall.utils.cdk_nag_utils import CDKNagUtil
 from dataall.utils.runtime_stacks_tagging import TagsUtil
 from dataall.modules.datasets_base.db.models import Dataset
@@ -306,11 +307,7 @@ def __init__(self, scope, id, target_uri: str = None, **kwargs):
         dataset_admin_policy.attach_to_role(dataset_admin_role)
 
         # Datalake location custom resource: registers the S3 location in LakeFormation
-        registered_location = LakeFormation.check_existing_lf_registered_location(
-            resource_arn=f'arn:aws:s3:::{dataset.S3BucketName}',
-            accountid=env.AwsAccountId,
-            region=env.region
-        )
+        registered_location = LakeFormationDatasetClient(env, dataset).check_existing_lf_registered_location()
 
         if not registered_location:
             storage_location = CfnResource(
diff --git a/tests/api/test_glossary.py b/tests/api/test_glossary.py
index 83c710c19..7505196f7 100644
--- a/tests/api/test_glossary.py
+++ b/tests/api/test_glossary.py
@@ -397,38 +397,6 @@ def test_delete_subcategory(client, subcategory, group):
     print(r)
 
 
-def test_get_term_associations(t1, db, client):
-    r = client.query(
-        """
-        query GetTerm($nodeUri:String!){
-            getTerm(nodeUri:$nodeUri){
-                nodeUri
-                label
-                readme
-                associations{
-                    count
-                    nodes{
-                        linkUri
-                        target{
-                            ... on DatasetTableColumn{
-                                label
-                                columnUri
-                            }
-                        }
-                    }
-                }
-            }
-
-        }
-        """,
-        nodeUri=t1.nodeUri,
-        username='alice',
-    )
-    assert r.data.getTerm.nodeUri == t1.nodeUri
-    assert r.data.getTerm.label == t1.label
-    assert r.data.getTerm.readme == t1.readme
-
-
 def test_delete_category(client, db, c1, group):
     now = datetime.now()
     r = client.query(
diff --git a/tests/modules/datasets/test_dataset_stack.py b/tests/modules/datasets/test_dataset_stack.py
index 48484f3d3..ded48ee91 100644
--- a/tests/modules/datasets/test_dataset_stack.py
+++ b/tests/modules/datasets/test_dataset_stack.py
@@ -1,4 +1,5 @@
 import json
+from unittest.mock import MagicMock
 
 import pytest
 from aws_cdk import App
@@ -47,10 +48,12 @@ def patch_methods(mocker, db, dataset, env, org):
         'dataall.aws.handlers.sts.SessionHelper.get_delegation_role_name',
         return_value="dataall-pivot-role-name-pytest",
     )
+    lf_client = MagicMock()
     mocker.patch(
-        'dataall.aws.handlers.lakeformation.LakeFormation.check_existing_lf_registered_location',
-        return_value=False,
+        'dataall.modules.datasets.cdk.dataset_stack.LakeFormationDatasetClient',
+        return_value=lf_client,
     )
+    lf_client.return_value.check_existing_lf_registered_location = False
     mocker.patch(
         'dataall.utils.runtime_stacks_tagging.TagsUtil.get_target',
         return_value=dataset,

From 3b10f32bee42d338d04502e4db0599b38b1ebc86 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 17 May 2023 11:13:24 +0200
Subject: [PATCH 192/346] Deleted dead code

---
 backend/dataall/aws/handlers/glue.py | 170 ---------------------------
 1 file changed, 170 deletions(-)

diff --git a/backend/dataall/aws/handlers/glue.py b/backend/dataall/aws/handlers/glue.py
index 6c79c84a1..a8f319b85 100644
--- a/backend/dataall/aws/handlers/glue.py
+++ b/backend/dataall/aws/handlers/glue.py
@@ -51,12 +51,6 @@ def _create_glue_database(accountid, database, region, location):
             log.debug(f'Failed to create database {database}', e)
             raise e
 
-    @staticmethod
-    def get_database_arn(**data):
-        return 'arn:aws:glue:{}:{}:database/{}'.format(
-            data.get('region', 'eu-west-1'), data.get('accountid'), data.get('database')
-        )
-
     @staticmethod
     def database_exists(**data):
         accountid = data['accountid']
@@ -122,89 +116,6 @@ def table_exists(**data):
             log.info(f'Glue table not found: {data}')
             return None
 
-    @staticmethod
-    def _create_table(**data):
-        accountid = data['accountid']
-        region = data.get('region', 'eu-west-1')
-        database = data.get('database', 'UnknownDatabaseName')
-
-        session = SessionHelper.remote_session(accountid=accountid)
-        glue = session.client('glue', region_name=region)
-        log.info(
-            'Creating table {} in database {}'.format(
-                data['tablename'], data['database']
-            )
-        )
-        if not Glue.database_exists(
-            database=database, region=region, accountid=accountid
-        ):
-            Glue.create_database(accountid, database, region, None)
-        if 'table_input' not in data:
-            table_input = {
-                'Name': data['tablename'],
-                'Description': data.get('Description', 'Not available'),
-                'Parameters': {'classification': 'csv', 'skip.header.line.count': '1'},
-                'StorageDescriptor': {
-                    'Columns': [
-                        {'Name': c['Name'], 'Type': c['Type']}
-                        for c in data.get('columns')
-                    ],
-                    'Location': data.get('location'),
-                    'InputFormat': 'org.apache.hadoop.mapred.TextInputFormat',
-                    'OutputFormat': 'org.apache.hadoop.hive.ql.io.HiveIgnoreKeyTextOutputFormat',
-                    'SerdeInfo': {
-                        'SerializationLibrary': 'org.apache.hadoop.hive.serde2.lazy.LazySimpleSerDe',
-                        'Parameters': {
-                            'serialization.format': ',',
-                            'field.delim': ',',
-                            'escape.delim': '\\',
-                        },
-                    },
-                },
-                'TableType': 'EXTERNAL_TABLE',
-                'PartitionKeys': data.get('partition_keys') or [],
-            }
-        else:
-            table_input = data['table_input']
-
-        found_table = Glue.table_exists(**data)
-
-        if not found_table:
-            response = glue.create_table(
-                CatalogId=accountid,
-                DatabaseName=data.get('database'),
-                TableInput=table_input,
-            )
-            log.info(f'Successfully Created table {table_input} on account {accountid}')
-            return response
-
-        else:
-
-            if Glue.is_resource_link(found_table):
-
-                log.info(
-                    f'Table is a Resource Link {found_table} '
-                    f'on account {accountid} and is managed by source account'
-                )
-                return found_table
-
-            elif Glue.is_resource_link(table_input):
-
-                return Glue.delete_table_and_create_resourcelink(
-                    glue, database, accountid, table_input
-                )
-
-            else:
-                response = glue.update_table(
-                    CatalogId=accountid,
-                    DatabaseName=data.get('database'),
-                    TableInput=table_input,
-                )
-                log.info(
-                    f'Successfully Updated table {found_table} on account {accountid}'
-                )
-                return response
-
     @staticmethod
     def delete_table(accountid, region, database, tablename):
         session = SessionHelper.remote_session(accountid=accountid)
@@ -263,52 +174,6 @@ def create_resource_link(**data):
             )
             raise e
 
-    @staticmethod
-    def is_resource_link(table_input: dict):
-        """
-        Verifies if a Glue table or Glue table input contains the block "TargetTable"
-        if it is the case it means it is a Resource Link
-        to a shared table by Lake Formation cross account or from the same account
-        :param table_input:
-        :return:
-        """
-        if 'TargetTable' in table_input.keys():
-            log.info(
-                f"Table {table_input['Name']} is a resource link "
-                f"from account {table_input['TargetTable']['CatalogId']} and will not be updated"
-            )
-            return True
-        return False
-
-    @staticmethod
-    def delete_table_and_create_resourcelink(glue, database, accountid, table_input):
-        """
-        When table exists before Lake Formation introduction it needs to be deleted
-        And transformed to a resource link
-        :param glue:
-        :param database:
-        :param accountid:
-        :param table_input:
-        :return:
-        """
-        try:
-            glue.delete_table(
-                CatalogId=accountid, DatabaseName=database, Name=table_input['Name']
-            )
-            log.debug(
-                f'Successfully Deleted table {table_input} on account {accountid}'
-            )
-            response = glue.create_table(
-                CatalogId=accountid, DatabaseName=database, TableInput=table_input
-            )
-            log.info(f'Successfully Changed table to resource link {response}')
-            return response
-        except ClientError as e:
-            log.warning(
-                f'Failed to change table to resource link {table_input} due to: {e}'
-            )
-            raise e
-
     @staticmethod
     def delete_database(**data):
         accountid = data['accountid']
@@ -333,41 +198,6 @@ def delete_database(**data):
             )
             raise e
 
-    @staticmethod
-    def batch_delete_tables(**data):
-        accountid = data['accountid']
-        region = data['region']
-        database = data['database']
-        tables = data['tables']
-
-        if not tables:
-            log.info('No tables to delete exiting method...')
-            return
-
-        log.info(f'Batch deleting tables: {tables}')
-        try:
-            session = SessionHelper.remote_session(accountid=accountid)
-            glue = session.client('glue', region_name=region)
-            if Glue.database_exists(
-                accountid=accountid,
-                region=region,
-                database=database,
-            ):
-                glue.batch_delete_table(
-                    CatalogId=accountid, DatabaseName=database, TablesToDelete=tables
-                )
-                log.debug(
-                    f'Batch deleted tables {len(tables)} from database {database} successfully'
-                )
-            return True
-        except ClientError as e:
-            log.error(
-                f'Could not batch delete tables {tables} '
-                f'in database {accountid}://{database} '
-                f'due to: {e}'
-            )
-            raise e
-
     @staticmethod
     @Worker.handler(path='glue.job.runs')
     def get_job_runs(engine, task: models.Task):

From 931c778badfb847b27380259bff3c28625404110 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 17 May 2023 12:14:47 +0200
Subject: [PATCH 193/346] Moved lakeformation.py

---
 .../modules/dataset_sharing/aws/__init__.py   |  0
 .../aws/lakeformation_client.py}              | 12 +++++-----
 .../share_managers/lf_share_manager.py        | 22 +++++++++----------
 .../modules/datasets/cdk/dataset_stack.py     |  1 -
 tests/tasks/test_lf_share_manager.py          | 22 ++++++++++---------
 5 files changed, 29 insertions(+), 28 deletions(-)
 create mode 100644 backend/dataall/modules/dataset_sharing/aws/__init__.py
 rename backend/dataall/{aws/handlers/lakeformation.py => modules/dataset_sharing/aws/lakeformation_client.py} (96%)

diff --git a/backend/dataall/modules/dataset_sharing/aws/__init__.py b/backend/dataall/modules/dataset_sharing/aws/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/backend/dataall/aws/handlers/lakeformation.py b/backend/dataall/modules/dataset_sharing/aws/lakeformation_client.py
similarity index 96%
rename from backend/dataall/aws/handlers/lakeformation.py
rename to backend/dataall/modules/dataset_sharing/aws/lakeformation_client.py
index 1746bdad3..bec615958 100644
--- a/backend/dataall/aws/handlers/lakeformation.py
+++ b/backend/dataall/modules/dataset_sharing/aws/lakeformation_client.py
@@ -3,18 +3,18 @@
 
 from botocore.exceptions import ClientError
 
-from .sts import SessionHelper
+from dataall.aws.handlers.sts import SessionHelper
 
 log = logging.getLogger('aws:lakeformation')
 
 
-class LakeFormation:
+class LakeFormationClient:
     def __init__(self):
         pass
 
     @staticmethod
     def grant_pivot_role_all_database_permissions(accountid, region, database):
-        LakeFormation.grant_permissions_to_database(
+        LakeFormationClient.grant_permissions_to_database(
             client=SessionHelper.remote_session(accountid=accountid).client(
                 'lakeformation', region_name=region
             ),
@@ -106,7 +106,7 @@ def revoke_iamallowedgroups_super_permission_from_table(
                 f'Revoking IAMAllowedGroups Super '
                 f'permission for table {database}|{table}'
             )
-            LakeFormation.batch_revoke_permissions(
+            LakeFormationClient.batch_revoke_permissions(
                 client,
                 accountid,
                 entries=[
@@ -164,11 +164,11 @@ def batch_revoke_permissions(client, accountid, entries):
                     raise ClientError(
                         error_response={
                             'Error': {
-                                'Code': 'LakeFormation.batch_revoke_permissions',
+                                'Code': 'LakeFormationClient.batch_revoke_permissions',
                                 'Message': f'Operation ended with failures: {failures}',
                             }
                         },
-                        operation_name='LakeFormation.batch_revoke_permissions',
+                        operation_name='LakeFormationClient.batch_revoke_permissions',
                     )
 
         except ClientError as e:
diff --git a/backend/dataall/modules/dataset_sharing/services/share_managers/lf_share_manager.py b/backend/dataall/modules/dataset_sharing/services/share_managers/lf_share_manager.py
index 2e3b830ff..5cf6171dc 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_managers/lf_share_manager.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_managers/lf_share_manager.py
@@ -6,7 +6,7 @@
 from botocore.exceptions import ClientError
 
 from dataall.aws.handlers.glue import Glue
-from dataall.aws.handlers.lakeformation import LakeFormation
+from dataall.modules.dataset_sharing.aws.lakeformation_client import LakeFormationClient
 from dataall.aws.handlers.quicksight import Quicksight
 from dataall.aws.handlers.sts import SessionHelper
 from dataall.aws.handlers.ram import Ram
@@ -146,7 +146,7 @@ def grant_pivot_role_all_database_permissions(self) -> bool:
         """
         Grants 'ALL' database Lake Formation permissions to data.all PivotRole
         """
-        LakeFormation.grant_pivot_role_all_database_permissions(
+        LakeFormationClient.grant_pivot_role_all_database_permissions(
             self.source_environment.AwsAccountId,
             self.source_environment.region,
             self.dataset.GlueDatabaseName,
@@ -191,11 +191,11 @@ def create_shared_database(
             f's3://{dataset.S3BucketName}',
         )
 
-        LakeFormation.grant_pivot_role_all_database_permissions(
+        LakeFormationClient.grant_pivot_role_all_database_permissions(
             target_environment.AwsAccountId, target_environment.region, shared_db_name
         )
 
-        LakeFormation.grant_permissions_to_database(
+        LakeFormationClient.grant_permissions_to_database(
             client=SessionHelper.remote_session(
                 accountid=target_environment.AwsAccountId
             ).client('lakeformation', region_name=target_environment.region),
@@ -258,11 +258,11 @@ def create_resource_link(cls, **data) -> dict:
                 resource_link_input=resource_link_input,
             )
 
-            LakeFormation.grant_resource_link_permission(
+            LakeFormationClient.grant_resource_link_permission(
                 lakeformation_client, source, target, target_database
             )
 
-            LakeFormation.grant_resource_link_permission_on_target(
+            LakeFormationClient.grant_resource_link_permission_on_target(
                 lakeformation_client, source, target
             )
 
@@ -306,7 +306,7 @@ def revoke_table_resource_link_access(self, table: DatasetTable, principals: [st
                 f'for principal {principal}'
 
             )
-            LakeFormation.batch_revoke_permissions(
+            LakeFormationClient.batch_revoke_permissions(
                 SessionHelper.remote_session(self.target_environment.AwsAccountId).client(
                     'lakeformation', region_name=self.target_environment.region
                 ),
@@ -359,7 +359,7 @@ def revoke_source_table_access(self, table, principals: [str]):
             f'on {self.source_environment.AwsAccountId}/{self.dataset.GlueDatabaseName}/{table.GlueTableName} '
             f'for principals {principals}'
         )
-        LakeFormation.revoke_source_table_access(
+        LakeFormationClient.revoke_source_table_access(
             target_accountid=self.target_environment.AwsAccountId,
             region=self.target_environment.region,
             source_database=self.dataset.GlueDatabaseName,
@@ -407,7 +407,7 @@ def share_table_with_target_account(cls, **data):
         )
         try:
 
-            LakeFormation.revoke_iamallowedgroups_super_permission_from_table(
+            LakeFormationClient.revoke_iamallowedgroups_super_permission_from_table(
                 source_lf_client,
                 source_accountid,
                 data['source']['database'],
@@ -415,7 +415,7 @@ def share_table_with_target_account(cls, **data):
             )
             time.sleep(1)
 
-            LakeFormation.grant_permissions_to_table(
+            LakeFormationClient.grant_permissions_to_table(
                 source_lf_client,
                 target_accountid,
                 data['source']['database'],
@@ -479,7 +479,7 @@ def revoke_external_account_access_on_source_account(self) -> [dict]:
                     'PermissionsWithGrantOption': ['DESCRIBE', 'SELECT'],
                 }
             )
-            LakeFormation.batch_revoke_permissions(
+            LakeFormationClient.batch_revoke_permissions(
                 client, self.source_environment.AwsAccountId, revoke_entries
             )
         return revoke_entries
diff --git a/backend/dataall/modules/datasets/cdk/dataset_stack.py b/backend/dataall/modules/datasets/cdk/dataset_stack.py
index 3e45734e7..30727154b 100644
--- a/backend/dataall/modules/datasets/cdk/dataset_stack.py
+++ b/backend/dataall/modules/datasets/cdk/dataset_stack.py
@@ -20,7 +20,6 @@
 from dataall.cdkproxy.stacks.manager import stack
 from dataall import db
 from dataall.aws.handlers.quicksight import Quicksight
-from dataall.aws.handlers.lakeformation import LakeFormation
 from dataall.aws.handlers.sts import SessionHelper
 from dataall.db import models
 from dataall.db.api import Environment
diff --git a/tests/tasks/test_lf_share_manager.py b/tests/tasks/test_lf_share_manager.py
index 4c4e0f6b8..75cfef909 100644
--- a/tests/tasks/test_lf_share_manager.py
+++ b/tests/tasks/test_lf_share_manager.py
@@ -3,6 +3,8 @@
 Remarks
 
 """
+from unittest.mock import MagicMock
+
 import boto3
 import pytest
 
@@ -25,6 +27,8 @@
 TARGET_ACCOUNT_ENV = "2" * 12
 TARGET_ACCOUNT_ENV_ROLE_NAME = "dataall-ConsumersEnvironment-r71ucp4m"
 
+LF_CLIENT = "dataall.modules.dataset_sharing.aws.lakeformation_client.LakeFormationClient"
+
 
 @pytest.fixture(scope="module")
 def org1(org: Callable) -> models.Organization:
@@ -253,7 +257,7 @@ def test_create_shared_database(
         return_value=True,
     )
     lf_mock_pr = mocker.patch(
-        "dataall.aws.handlers.lakeformation.LakeFormation.grant_pivot_role_all_database_permissions",
+        f"{LF_CLIENT}.grant_pivot_role_all_database_permissions",
         return_value=True,
     )
     mocker.patch(
@@ -261,7 +265,7 @@ def test_create_shared_database(
         return_value=boto3.Session(),
     )
     lf_mock = mocker.patch(
-        "dataall.aws.handlers.lakeformation.LakeFormation.grant_permissions_to_database",
+        f"{LF_CLIENT}.grant_permissions_to_database",
         return_value=True,
     )
     # When
@@ -397,11 +401,11 @@ def test_create_resource_link(
         return_value=True,
     )
     lf_mock_1 = mocker.patch(
-        "dataall.aws.handlers.lakeformation.LakeFormation.grant_resource_link_permission",
+        f"{LF_CLIENT}.grant_resource_link_permission",
         return_value=True,
     )
     lf_mock_2 = mocker.patch(
-        "dataall.aws.handlers.lakeformation.LakeFormation.grant_resource_link_permission_on_target",
+        f"{LF_CLIENT}.grant_resource_link_permission_on_target",
         return_value=True,
     )
 
@@ -459,6 +463,7 @@ def test_create_resource_link(
 
     pass
 
+
 def test_revoke_table_resource_link_access(
         db,
         processor_same_account: ProcessLFSameAccountShare,
@@ -482,7 +487,7 @@ def test_revoke_table_resource_link_access(
     )
 
     lf_mock = mocker.patch(
-        "dataall.aws.handlers.lakeformation.LakeFormation.batch_revoke_permissions",
+        f"{LF_CLIENT}.batch_revoke_permissions",
         return_value=True,
     )
 
@@ -525,7 +530,7 @@ def test_revoke_source_table_access(
     )
 
     lf_mock = mocker.patch(
-        "dataall.aws.handlers.lakeformation.LakeFormation.revoke_source_table_access",
+        f"{LF_CLIENT}.revoke_source_table_access",
         return_value=True,
     )
 
@@ -634,10 +639,7 @@ def test_revoke_external_account_access_on_source_account(
         table2: DatasetTable,
         mocker,
 ):
-    lf_mock = mocker.patch(
-        "dataall.aws.handlers.lakeformation.LakeFormation.batch_revoke_permissions",
-        return_value=True,
-    )
+    lf_mock = mocker.patch(f"{LF_CLIENT}.batch_revoke_permissions", return_value=True)
 
     mocker.patch(
         "dataall.aws.handlers.sts.SessionHelper.remote_session",

From e462507c1f0a3d48e595402898ef54219c677315 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 17 May 2023 12:37:23 +0200
Subject: [PATCH 194/346] Moved a method to DatasetCrawler

---
 backend/dataall/aws/handlers/glue.py          | 31 ------------------
 .../datasets/aws/glue_dataset_client.py       | 32 +++++++++++++++++++
 .../datasets/handlers/glue_table_handler.py   |  7 ++--
 .../modules/datasets/tasks/tables_syncer.py   |  6 ++--
 tests/tasks/test_tables_sync.py               | 10 +++---
 5 files changed, 41 insertions(+), 45 deletions(-)

diff --git a/backend/dataall/aws/handlers/glue.py b/backend/dataall/aws/handlers/glue.py
index a8f319b85..dedeb0516 100644
--- a/backend/dataall/aws/handlers/glue.py
+++ b/backend/dataall/aws/handlers/glue.py
@@ -65,37 +65,6 @@ def database_exists(**data):
             log.info(f'Database {database} does not exist on account {accountid}...')
             return False
 
-    @staticmethod
-    def list_glue_database_tables(accountid, database, region):
-        aws_session = SessionHelper.remote_session(accountid=accountid)
-        glue = aws_session.client('glue', region_name=region)
-        found_tables = []
-        try:
-            log.debug(f'Looking for {database} tables')
-
-            if not Glue.database_exists(
-                accountid=accountid, database=database, region=region
-            ):
-                return found_tables
-
-            paginator = glue.get_paginator('get_tables')
-
-            pages = paginator.paginate(
-                DatabaseName=database,
-                CatalogId=accountid,
-            )
-            for page in pages:
-                found_tables.extend(page['TableList'])
-
-            log.debug(f'Retrieved all database {database} tables: {found_tables}')
-
-        except ClientError as e:
-            log.error(
-                f'Failed to retrieve tables for database {accountid}|{database}: {e}',
-                exc_info=True,
-            )
-        return found_tables
-
     @staticmethod
     def table_exists(**data):
         accountid = data['accountid']
diff --git a/backend/dataall/modules/datasets/aws/glue_dataset_client.py b/backend/dataall/modules/datasets/aws/glue_dataset_client.py
index 310acd2b6..2657d6a45 100644
--- a/backend/dataall/modules/datasets/aws/glue_dataset_client.py
+++ b/backend/dataall/modules/datasets/aws/glue_dataset_client.py
@@ -1,6 +1,7 @@
 import logging
 from botocore.exceptions import ClientError
 
+from dataall.aws.handlers.glue import Glue
 from dataall.aws.handlers.sts import SessionHelper
 from dataall.modules.datasets_base.db.models import Dataset
 
@@ -65,4 +66,35 @@ def update_crawler(self, targets):
             else:
                 raise e
 
+    def list_glue_database_tables(self):
+        dataset = self._dataset
+        database = dataset.GlueDatabaseName
+        account_id = dataset.AwsAccountId
+        found_tables = []
+        try:
+            log.debug(f'Looking for {database} tables')
+
+            if not Glue.database_exists(
+                    accountid=account_id, database=database, region=dataset.region
+            ):
+                return found_tables
+
+            paginator = self._client.get_paginator('get_tables')
+
+            pages = paginator.paginate(
+                DatabaseName=database,
+                CatalogId=account_id,
+            )
+            for page in pages:
+                found_tables.extend(page['TableList'])
+
+            log.debug(f'Retrieved all database {database} tables: {found_tables}')
+
+        except ClientError as e:
+            log.error(
+                f'Failed to retrieve tables for database {account_id}|{database}: {e}',
+                exc_info=True,
+            )
+        return found_tables
+
 
diff --git a/backend/dataall/modules/datasets/handlers/glue_table_handler.py b/backend/dataall/modules/datasets/handlers/glue_table_handler.py
index af148cc38..c67b8423d 100644
--- a/backend/dataall/modules/datasets/handlers/glue_table_handler.py
+++ b/backend/dataall/modules/datasets/handlers/glue_table_handler.py
@@ -3,6 +3,7 @@
 from dataall.aws.handlers.glue import Glue
 from dataall.aws.handlers.service_handlers import Worker
 from dataall.db import models
+from dataall.modules.datasets.aws.glue_dataset_client import DatasetCrawler
 from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
 from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base.db.models import Dataset
@@ -20,10 +21,6 @@ def sync_existing_tables(engine, task: models.Task):
             dataset: Dataset = DatasetRepository.get_dataset_by_uri(
                 session, task.targetUri
             )
-            account_id = dataset.AwsAccountId
-            region = dataset.region
-            tables = Glue.list_glue_database_tables(
-                account_id, dataset.GlueDatabaseName, region
-            )
+            tables = DatasetCrawler(dataset).list_glue_database_tables()
             DatasetTableService.sync_existing_tables(session, dataset.datasetUri, glue_tables=tables)
             return tables
diff --git a/backend/dataall/modules/datasets/tasks/tables_syncer.py b/backend/dataall/modules/datasets/tasks/tables_syncer.py
index c8c4eb76b..55812565e 100644
--- a/backend/dataall/modules/datasets/tasks/tables_syncer.py
+++ b/backend/dataall/modules/datasets/tasks/tables_syncer.py
@@ -4,10 +4,10 @@
 from operator import and_
 
 from dataall import db
-from dataall.aws.handlers.glue import Glue
 from dataall.aws.handlers.sts import SessionHelper
 from dataall.db import get_engine
 from dataall.db import models
+from dataall.modules.datasets.aws.glue_dataset_client import DatasetCrawler
 from dataall.modules.datasets.aws.lf_table_client import LakeFormationTableClient
 from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
 from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
@@ -56,9 +56,7 @@ def sync_tables(engine):
                     )
                 else:
 
-                    tables = Glue.list_glue_database_tables(
-                        dataset.AwsAccountId, dataset.GlueDatabaseName, dataset.region
-                    )
+                    tables = DatasetCrawler(dataset).list_glue_database_tables()
 
                     log.info(
                         f'Found {len(tables)} tables on Glue database {dataset.GlueDatabaseName}'
diff --git a/tests/tasks/test_tables_sync.py b/tests/tasks/test_tables_sync.py
index 3206d2f4e..05ec1f09d 100644
--- a/tests/tasks/test_tables_sync.py
+++ b/tests/tasks/test_tables_sync.py
@@ -103,9 +103,9 @@ def permissions(db):
 
 
 def test_tables_sync(db, org, env, sync_dataset, table, mocker):
-    mocker.patch(
-        'dataall.aws.handlers.glue.Glue.list_glue_database_tables',
-        return_value=[
+    mock_crawler = MagicMock()
+    mocker.patch('dataall.modules.datasets.tasks.tables_syncer.DatasetCrawler', mock_crawler)
+    mock_crawler().list_glue_database_tables.return_value = [
             {
                 'Name': 'new_table',
                 'DatabaseName': sync_dataset.GlueDatabaseName,
@@ -154,8 +154,8 @@ def test_tables_sync(db, org, env, sync_dataset, table, mocker):
                     },
                 ],
             },
-        ],
-    )
+        ]
+
     mocker.patch(
         'dataall.modules.datasets.tasks.tables_syncer.is_assumable_pivot_role', return_value=True
     )

From 4ad8ce78e6ab74790fe0c5621b4dcaddbf8b29c9 Mon Sep 17 00:00:00 2001
From: dlpzx <71252798+dlpzx@users.noreply.github.com>
Date: Wed, 17 May 2023 13:02:19 +0200
Subject: [PATCH 195/346] Bump starlette from 0.25.0 to 0.27.0 and upgrade
 fastapi (#460)

### Feature or Bugfix
- Bugfix

### Detail
- Solve vulnerabilities found in starlette 0.25.0

### Relates

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.
---
 backend/dataall/cdkproxy/requirements.txt | 4 ++--
 backend/requirements.txt                  | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/backend/dataall/cdkproxy/requirements.txt b/backend/dataall/cdkproxy/requirements.txt
index ccd390c61..b4630dc27 100644
--- a/backend/dataall/cdkproxy/requirements.txt
+++ b/backend/dataall/cdkproxy/requirements.txt
@@ -5,8 +5,8 @@ boto3-stubs==1.24.85
 botocore==1.27.85
 cdk-nag==2.7.2
 constructs==10.0.73
-starlette==0.25.0
-fastapi == 0.92.0
+starlette==0.27.0
+fastapi == 0.95.2
 Flask==2.3.2
 PyYAML==6.0
 requests==2.27.1
diff --git a/backend/requirements.txt b/backend/requirements.txt
index 09d8a7abe..ee569f2d8 100644
--- a/backend/requirements.txt
+++ b/backend/requirements.txt
@@ -2,7 +2,7 @@ ariadne==0.17.0
 aws-xray-sdk==2.4.3
 boto3==1.26.95
 botocore==1.29.95
-fastapi == 0.92.0
+fastapi == 0.95.2
 Flask==2.3.2
 flask-cors==3.0.10
 nanoid==2.0.0
@@ -14,4 +14,4 @@ PyYAML==6.0
 requests==2.27.1
 requests_aws4auth==1.1.1
 sqlalchemy==1.3.24
-starlette==0.25.0
\ No newline at end of file
+starlette==0.27.0
\ No newline at end of file

From 06644dcfbb475ebc5fbbb16a8e75e70572d1095a Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 17 May 2023 14:08:09 +0200
Subject: [PATCH 196/346] Moved glue methods into sharing

---
 backend/dataall/aws/handlers/glue.py          | 154 ------------------
 .../dataset_sharing/aws/glue_client.py        | 132 +++++++++++++++
 .../share_managers/lf_share_manager.py        |  67 +++-----
 .../datasets/aws/glue_dataset_client.py       |  13 +-
 tests/tasks/test_lf_share_manager.py          |  83 +++++-----
 5 files changed, 206 insertions(+), 243 deletions(-)
 create mode 100644 backend/dataall/modules/dataset_sharing/aws/glue_client.py

diff --git a/backend/dataall/aws/handlers/glue.py b/backend/dataall/aws/handlers/glue.py
index dedeb0516..c93c76d06 100644
--- a/backend/dataall/aws/handlers/glue.py
+++ b/backend/dataall/aws/handlers/glue.py
@@ -13,160 +13,6 @@ class Glue:
     def __init__(self):
         pass
 
-    @staticmethod
-    def create_database(accountid, database, region, location):
-        try:
-            existing_database = Glue.database_exists(
-                accountid=accountid, database=database, region=region
-            )
-            if existing_database:
-                glue_database_created = True
-            else:
-                Glue._create_glue_database(accountid, database, region, location)
-                glue_database_created = True
-            return glue_database_created
-        except ClientError as e:
-            log.error(
-                f'Failed to create database {database} on account {accountid} due to {e}'
-            )
-            raise e
-
-    @staticmethod
-    def _create_glue_database(accountid, database, region, location):
-        try:
-            aws_session = SessionHelper.remote_session(accountid=accountid)
-            glue = aws_session.client('glue', region_name=region)
-            db_input = {
-                'Name': database,
-                'Description': 'dataall database {} '.format(database),
-                'CreateTableDefaultPermissions': [],
-            }
-            if location:
-                db_input['LocationUri'] = location
-            log.info(f'Creating Glue database with input: {db_input}')
-            response = glue.create_database(CatalogId=accountid, DatabaseInput=db_input)
-            log.info(f'response Create Database: {response}')
-            return response
-        except ClientError as e:
-            log.debug(f'Failed to create database {database}', e)
-            raise e
-
-    @staticmethod
-    def database_exists(**data):
-        accountid = data['accountid']
-        database = data.get('database', 'UnknownDatabaseName')
-        region = data.get('region', 'eu-west-1')
-        session = SessionHelper.remote_session(accountid)
-        try:
-            glue_client = session.client('glue', region_name=region)
-            glue_client.get_database(CatalogId=data['accountid'], Name=database)
-            return True
-        except ClientError:
-            log.info(f'Database {database} does not exist on account {accountid}...')
-            return False
-
-    @staticmethod
-    def table_exists(**data):
-        accountid = data['accountid']
-        region = data.get('region', 'eu-west-1')
-        database = data.get('database', 'UndefinedDatabaseName')
-        table_name = data.get('tablename', 'UndefinedTableName')
-        try:
-            table = (
-                SessionHelper.remote_session(accountid)
-                .client('glue', region_name=region)
-                .get_table(
-                    CatalogId=data['accountid'], DatabaseName=database, Name=table_name
-                )
-            )
-            log.info(f'Glue table found: {data}')
-            return table
-        except ClientError:
-            log.info(f'Glue table not found: {data}')
-            return None
-
-    @staticmethod
-    def delete_table(accountid, region, database, tablename):
-        session = SessionHelper.remote_session(accountid=accountid)
-        client = session.client('glue', region_name=region)
-        log.info(
-            'Deleting table {} in database {}'.format(
-                tablename, database
-            )
-        )
-        response = client.delete_table(
-            CatalogId=accountid,
-            DatabaseName=database,
-            Name=tablename
-        )
-
-        return response
-
-    @staticmethod
-    def create_resource_link(**data):
-        accountid = data['accountid']
-        region = data['region']
-        database = data['database']
-        resource_link_name = data['resource_link_name']
-        resource_link_input = data['resource_link_input']
-        log.info(
-            f'Creating ResourceLink {resource_link_name} in database {accountid}://{database}'
-        )
-        try:
-            session = SessionHelper.remote_session(accountid=accountid)
-            glue = session.client('glue', region_name=region)
-            resource_link = Glue.table_exists(
-                accountid=accountid,
-                region=region,
-                database=database,
-                tablename=resource_link_name,
-            )
-            if resource_link:
-                log.info(
-                    f'ResourceLink {resource_link_name} already exists in database {accountid}://{database}'
-                )
-            else:
-                resource_link = glue.create_table(
-                    CatalogId=accountid,
-                    DatabaseName=database,
-                    TableInput=resource_link_input,
-                )
-                log.info(
-                    f'Successfully created ResourceLink {resource_link_name} in database {accountid}://{database}'
-                )
-            return resource_link
-        except ClientError as e:
-            log.error(
-                f'Could not create ResourceLink {resource_link_name} '
-                f'in database {accountid}://{database} '
-                f'due to: {e}'
-            )
-            raise e
-
-    @staticmethod
-    def delete_database(**data):
-        accountid = data['accountid']
-        region = data['region']
-        database = data['database']
-        log.info(f'Deleting database {accountid}://{database} ...')
-        try:
-            session = SessionHelper.remote_session(accountid=accountid)
-            glue = session.client('glue', region_name=region)
-            if Glue.database_exists(
-                accountid=accountid,
-                region=region,
-                database=database,
-            ):
-                glue.delete_database(CatalogId=accountid, Name=database)
-            return True
-        except ClientError as e:
-            log.error(
-                f'Could not delete database {database} '
-                f'in account {accountid} '
-                f'due to: {e}'
-            )
-            raise e
-
     @staticmethod
     @Worker.handler(path='glue.job.runs')
     def get_job_runs(engine, task: models.Task):
diff --git a/backend/dataall/modules/dataset_sharing/aws/glue_client.py b/backend/dataall/modules/dataset_sharing/aws/glue_client.py
new file mode 100644
index 000000000..11141c799
--- /dev/null
+++ b/backend/dataall/modules/dataset_sharing/aws/glue_client.py
@@ -0,0 +1,132 @@
+import logging
+
+from botocore.exceptions import ClientError
+
+from dataall.aws.handlers.sts import SessionHelper
+
+log = logging.getLogger(__name__)
+
+
+class GlueClient:
+    def __init__(self, account_id, region, database):
+        aws_session = SessionHelper.remote_session(accountid=account_id)
+        self._client = aws_session.client('glue', region_name=region)
+        self._database = database
+        self._account_id = account_id
+
+    def create_database(self, location):
+        try:
+            existing_database = self.database_exists()
+            if existing_database:
+                glue_database_created = True
+            else:
+                self._create_glue_database(location)
+                glue_database_created = True
+            return glue_database_created
+        except ClientError as e:
+            log.error(
+                f'Failed to create database {self._database} on account {self._account_id} due to {e}'
+            )
+            raise e
+
+    def _create_glue_database(self, location):
+        database = self._database
+        try:
+            db_input = {
+                'Name': database,
+                'Description': 'dataall database {} '.format(database),
+                'CreateTableDefaultPermissions': [],
+            }
+            if location:
+                db_input['LocationUri'] = location
+            log.info(f'Creating Glue database with input: {db_input}')
+            response = self._client.create_database(CatalogId=self._account_id, DatabaseInput=db_input)
+            log.info(f'response Create Database: {response}')
+            return response
+        except ClientError as e:
+            log.debug(f'Failed to create database {database}', e)
+            raise e
+
+    def database_exists(self):
+        try:
+            self._client.get_database(CatalogId=self._account_id, Name=self._database)
+            return True
+        except ClientError:
+            log.info(f'Database {self._database} does not exist on account {self._account_id}...')
+            return False
+
+    def table_exists(self, table_name):
+        try:
+            table = (
+                self._client.get_table(
+                    CatalogId=self._account_id, DatabaseName=self._database, Name=table_name
+                )
+            )
+            log.info(f'Glue table found: {table_name}')
+            return table
+        except ClientError:
+            log.info(f'Glue table not found: {table_name}')
+            return None
+
+    def delete_table(self, table_name):
+        database = self._database
+        log.info(
+            'Deleting table {} in database {}'.format(
+                table_name, database
+            )
+        )
+        response = self._client.delete_table(
+            CatalogId=self._account_id,
+            DatabaseName=database,
+            Name=table_name
+        )
+
+        return response
+
+    def create_resource_link(self, resource_link_name, resource_link_input):
+        account_id = self._account_id
+        database = self._database
+
+        log.info(
+            f'Creating ResourceLink {resource_link_name} in database {account_id}://{database}'
+        )
+        try:
+            resource_link = self.table_exists(resource_link_name)
+            if resource_link:
+                log.info(
+                    f'ResourceLink {resource_link_name} already exists in database {account_id}://{database}'
+                )
+            else:
+                resource_link = self._client.create_table(
+                    CatalogId=account_id,
+                    DatabaseName=database,
+                    TableInput=resource_link_input,
+                )
+                log.info(
+                    f'Successfully created ResourceLink {resource_link_name} in database {account_id}://{database}'
+                )
+            return resource_link
+        except ClientError as e:
+            log.error(
+                f'Could not create ResourceLink {resource_link_name} '
+                f'in database {account_id}://{database} '
+                f'due to: {e}'
+            )
+            raise e
+
+    def delete_database(self):
+        account_id = self._account_id
+        database = self._database
+
+        log.info(f'Deleting database {account_id}://{database} ...')
+        try:
+            if self.database_exists():
+                self._client.delete_database(CatalogId=account_id, Name=database)
+            return True
+        except ClientError as e:
+            log.error(
+                f'Could not delete database {database} '
+                f'in account {account_id} '
+                f'due to: {e}'
+            )
+            raise e
diff --git a/backend/dataall/modules/dataset_sharing/services/share_managers/lf_share_manager.py b/backend/dataall/modules/dataset_sharing/services/share_managers/lf_share_manager.py
index 5cf6171dc..8321021e2 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_managers/lf_share_manager.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_managers/lf_share_manager.py
@@ -5,7 +5,7 @@
 
 from botocore.exceptions import ClientError
 
-from dataall.aws.handlers.glue import Glue
+from dataall.modules.dataset_sharing.aws.glue_client import GlueClient
 from dataall.modules.dataset_sharing.aws.lakeformation_client import LakeFormationClient
 from dataall.aws.handlers.quicksight import Quicksight
 from dataall.aws.handlers.sts import SessionHelper
@@ -128,12 +128,7 @@ def check_share_item_exists_on_glue_catalog(
         -------
         exceptions.AWSResourceNotFound
         """
-        if not Glue.table_exists(
-            accountid=self.source_environment.AwsAccountId,
-            region=self.source_environment.region,
-            database=table.GlueDatabaseName,
-            tablename=table.GlueTableName,
-        ):
+        if not self._create_glue_client().table_exists(table.GlueTableName):
             raise exceptions.AWSResourceNotFound(
                 action='ProcessShare',
                 message=(
@@ -184,12 +179,11 @@ def create_shared_database(
             f'{target_environment.AwsAccountId}://{shared_db_name}'
         )
 
-        database = Glue.create_database(
+        database = GlueClient(
             target_environment.AwsAccountId,
             shared_db_name,
-            target_environment.region,
-            f's3://{dataset.S3BucketName}',
-        )
+            target_environment.region
+        ).create_database(f's3://{dataset.S3BucketName}')
 
         LakeFormationClient.grant_pivot_role_all_database_permissions(
             target_environment.AwsAccountId, target_environment.region, shared_db_name
@@ -215,11 +209,7 @@ def delete_shared_database(self) -> bool:
         bool
         """
         logger.info(f'Deleting shared database {self.shared_db_name}')
-        return Glue.delete_database(
-            accountid=self.target_environment.AwsAccountId,
-            region=self.target_environment.region,
-            database=self.shared_db_name,
-        )
+        return self._create_glue_client().delete_database()
 
     @classmethod
     def create_resource_link(cls, **data) -> dict:
@@ -250,10 +240,8 @@ def create_resource_link(cls, **data) -> dict:
         }
 
         try:
-            resource_link = Glue.create_resource_link(
-                accountid=target['accountid'],
-                region=target['region'],
-                database=target_database,
+            glue_client = GlueClient(target['accountid'], target['region'], target_database)
+            resource_link = glue_client.create_resource_link(
                 resource_link_name=source['tablename'],
                 resource_link_input=resource_link_input,
             )
@@ -286,12 +274,8 @@ def revoke_table_resource_link_access(self, table: DatasetTable, principals: [st
         -------
         True if revoke is successful
         """
-        if not Glue.table_exists(
-            accountid=self.target_environment.AwsAccountId,
-            region=self.target_environment.region,
-            database=self.shared_db_name,
-            tablename=table.GlueTableName,
-        ):
+        glue_client = self._create_glue_client()
+        if not glue_client.table_exists(table.GlueTableName):
             logger.info(
                 f'Resource link could not be found '
                 f'on {self.target_environment.AwsAccountId}/{self.shared_db_name}/{table.GlueTableName} '
@@ -341,12 +325,8 @@ def revoke_source_table_access(self, table, principals: [str]):
         -------
         True if revoke is successful
         """
-        if not Glue.table_exists(
-            accountid=self.target_environment.AwsAccountId,
-            region=self.target_environment.region,
-            database=self.shared_db_name,
-            tablename=table.GlueTableName,
-        ):
+        glue_client = self._create_glue_client()
+        if not glue_client.table_exists(table.GlueTableName):
             logger.info(
                 f'Source table could not be found '
                 f'on {self.source_environment.AwsAccountId}/{self.dataset.GlueDatabaseName}/{table.GlueTableName} '
@@ -371,20 +351,12 @@ def revoke_source_table_access(self, table, principals: [str]):
 
     def delete_resource_link_table(self, table: DatasetTable):
         logger.info(f'Deleting shared table {table.GlueTableName}')
+        glue_client = self._create_glue_client()
 
-        if not Glue.table_exists(
-                accountid=self.target_environment.AwsAccountId,
-                region=self.target_environment.region,
-                database=self.shared_db_name,
-                tablename=table.GlueTableName,
-        ):
+        if not glue_client.table_exists(table.GlueTableName):
             return True
-        Glue.delete_table(
-            accountid=self.target_environment.AwsAccountId,
-            region=self.target_environment.region,
-            database=self.shared_db_name,
-            tablename=table.GlueTableName
-        )
+
+        glue_client.delete_table(table.GlueTableName)
         return True
 
     @classmethod
@@ -555,3 +527,10 @@ def handle_revoke_failure(
             table, self.share, self.target_environment
         )
         return True
+
+    def _create_glue_client(self):
+        return GlueClient(
+            self.target_environment.AwsAccountId,
+            self.target_environment.region,
+            self.shared_db_name,
+        )
diff --git a/backend/dataall/modules/datasets/aws/glue_dataset_client.py b/backend/dataall/modules/datasets/aws/glue_dataset_client.py
index 2657d6a45..cf5d432b1 100644
--- a/backend/dataall/modules/datasets/aws/glue_dataset_client.py
+++ b/backend/dataall/modules/datasets/aws/glue_dataset_client.py
@@ -1,7 +1,6 @@
 import logging
 from botocore.exceptions import ClientError
 
-from dataall.aws.handlers.glue import Glue
 from dataall.aws.handlers.sts import SessionHelper
 from dataall.modules.datasets_base.db.models import Dataset
 
@@ -74,9 +73,7 @@ def list_glue_database_tables(self):
         try:
             log.debug(f'Looking for {database} tables')
 
-            if not Glue.database_exists(
-                    accountid=account_id, database=database, region=dataset.region
-            ):
+            if not self.database_exists():
                 return found_tables
 
             paginator = self._client.get_paginator('get_tables')
@@ -97,4 +94,12 @@ def list_glue_database_tables(self):
             )
         return found_tables
 
+    def database_exists(self):
+        dataset = self._dataset
+        try:
+            self._client.get_database(CatalogId=dataset.AwsAccountId, Name=dataset.GlueDatabaseName)
+            return True
+        except ClientError:
+            log.info(f'Database {dataset.GlueDatabaseName} does not exist on account {dataset.AwsAccountId}...')
+            return False
 
diff --git a/tests/tasks/test_lf_share_manager.py b/tests/tasks/test_lf_share_manager.py
index 75cfef909..5c1d8b067 100644
--- a/tests/tasks/test_lf_share_manager.py
+++ b/tests/tasks/test_lf_share_manager.py
@@ -209,6 +209,16 @@ def processor_same_account(db, dataset1, share_same_account, table1, source_envi
     yield processor
 
 
+@pytest.fixture(scope="function")
+def mock_glue_client(mocker):
+    mock_client = MagicMock()
+    mocker.patch(
+        "dataall.modules.dataset_sharing.services.share_managers.lf_share_manager.GlueClient",
+        mock_client
+    )
+    yield mock_client
+
+
 def test_init(processor_same_account, processor_cross_account):
     assert processor_same_account.dataset
     assert processor_same_account.share
@@ -251,11 +261,10 @@ def test_create_shared_database(
         target_environment: models.Environment,
         dataset1: Dataset,
         mocker,
+        mock_glue_client
 ):
-    create_db_mock = mocker.patch(
-        "dataall.aws.handlers.glue.Glue.create_database",
-        return_value=True,
-    )
+    mock_glue_client().create_database.return_value = True
+
     lf_mock_pr = mocker.patch(
         f"{LF_CLIENT}.grant_pivot_role_all_database_permissions",
         return_value=True,
@@ -277,12 +286,12 @@ def test_create_shared_database(
     )
 
     # Then
-    create_db_mock.assert_called_once()
+    mock_glue_client().create_database.assert_called_once()
     lf_mock_pr.assert_called_once()
     lf_mock.assert_called_once()
 
     # Reset mocks
-    create_db_mock.reset_mock()
+    mock_glue_client().create_database.reset_mock()
     lf_mock_pr.reset_mock()
     lf_mock.reset_mock()
 
@@ -295,10 +304,11 @@ def test_create_shared_database(
     )
 
     # Then
-    create_db_mock.assert_called_once()
+    mock_glue_client().create_database.assert_called_once()
     lf_mock_pr.assert_called_once()
     lf_mock.assert_called_once()
 
+
 def test_check_share_item_exists_on_glue_catalog(
         db,
         processor_same_account: ProcessLFSameAccountShare,
@@ -307,20 +317,19 @@ def test_check_share_item_exists_on_glue_catalog(
         share_item_same_account: ShareObjectItem,
         share_item_cross_account: ShareObjectItem,
         mocker,
+        mock_glue_client,
 ):
 
-    glue_mock = mocker.patch(
-        "dataall.aws.handlers.glue.Glue.table_exists",
-        return_value=True,
-    )
+    mock_glue_client().table_exists.return_value = True
+
     # When
     processor_same_account.check_share_item_exists_on_glue_catalog(
         share_item=share_item_same_account,
         table=table1
     )
     # Then
-    glue_mock.assert_called_once()
-    glue_mock.reset_mock()
+    mock_glue_client().table_exists.assert_called_once()
+    mock_glue_client().table_exists.reset_mock()
 
     # When
     processor_cross_account.check_share_item_exists_on_glue_catalog(
@@ -328,8 +337,7 @@ def test_check_share_item_exists_on_glue_catalog(
         table=table1
     )
     # Then
-    glue_mock.assert_called_once()
-
+    mock_glue_client().table_exists.assert_called_once()
 
 
 def test_build_share_data(
@@ -391,15 +399,15 @@ def test_create_resource_link(
         dataset1: Dataset,
         table1: DatasetTable,
         mocker,
+        mock_glue_client,
 ):
     sts_mock = mocker.patch(
         "dataall.aws.handlers.sts.SessionHelper.remote_session",
         return_value=boto3.Session(),
     )
-    glue_mock = mocker.patch(
-        "dataall.aws.handlers.glue.Glue.create_resource_link",
-        return_value=True,
-    )
+    glue_mock = mock_glue_client().create_resource_link
+    glue_mock.return_value = True
+
     lf_mock_1 = mocker.patch(
         f"{LF_CLIENT}.grant_resource_link_permission",
         return_value=True,
@@ -475,11 +483,11 @@ def test_revoke_table_resource_link_access(
         dataset1: Dataset,
         table2: DatasetTable,
         mocker,
+        mock_glue_client
 ):
-    glue_mock = mocker.patch(
-        "dataall.aws.handlers.glue.Glue.table_exists",
-        return_value=True,
-    )
+
+    glue_mock = mock_glue_client().table_exists
+    glue_mock.return_value = True
 
     mocker.patch(
         "dataall.aws.handlers.sts.SessionHelper.remote_session",
@@ -523,11 +531,10 @@ def test_revoke_source_table_access(
         dataset1: Dataset,
         table2: DatasetTable,
         mocker,
+        mock_glue_client
 ):
-    glue_mock = mocker.patch(
-        "dataall.aws.handlers.glue.Glue.table_exists",
-        return_value=True,
-    )
+    glue_mock = mock_glue_client().table_exists
+    glue_mock.return_value = True
 
     lf_mock = mocker.patch(
         f"{LF_CLIENT}.revoke_source_table_access",
@@ -565,17 +572,13 @@ def test_delete_resource_link_table(
         target_environment: models.Environment,
         dataset1: Dataset,
         table2: DatasetTable,
-        mocker,
+        mock_glue_client
 ):
-    glue_mock = mocker.patch(
-        "dataall.aws.handlers.glue.Glue.table_exists",
-        return_value=True,
-    )
+    glue_mock = mock_glue_client().table_exists
+    glue_mock.return_value = True,
 
-    glue_mock2 = mocker.patch(
-        "dataall.aws.handlers.glue.Glue.delete_table",
-        return_value=True,
-    )
+    glue_mock2 = mock_glue_client().delete_table
+    glue_mock2.return_value = True,
 
 
     processor_same_account.delete_resource_link_table(
@@ -607,12 +610,10 @@ def test_delete_shared_database(
         target_environment: models.Environment,
         dataset1: Dataset,
         table1: DatasetTable,
-        mocker,
+        mock_glue_client
 ):
-    glue_mock = mocker.patch(
-        "dataall.aws.handlers.glue.Glue.delete_database",
-        return_value=True,
-    )
+    glue_mock = mock_glue_client().delete_database
+    glue_mock.return_value = True
 
     processor_same_account.delete_shared_database()
     # Then

From fadb54f27d473fb7f951eb12cfee65e7b6ba1c0c Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 17 May 2023 14:13:51 +0200
Subject: [PATCH 197/346] Moved filter used only in sharing

---
 .../dataall/api/Objects/Environment/input_types.py   | 12 ------------
 .../modules/dataset_sharing/api/input_types.py       | 11 +++++++++++
 2 files changed, 11 insertions(+), 12 deletions(-)

diff --git a/backend/dataall/api/Objects/Environment/input_types.py b/backend/dataall/api/Objects/Environment/input_types.py
index 88e3e293b..05f890e74 100644
--- a/backend/dataall/api/Objects/Environment/input_types.py
+++ b/backend/dataall/api/Objects/Environment/input_types.py
@@ -100,18 +100,6 @@ class EnvironmentSortField(GraphQLEnumMapper):
 )
 
 
-EnvironmentDataItemFilter = gql.InputType(
-    name='EnvironmentDataItemFilter',
-    arguments=[
-        gql.Argument('itemTypes', gql.ArrayType(gql.String)),
-        gql.Argument('term', gql.String),
-        gql.Argument('page', gql.Integer),
-        gql.Argument('pageSize', gql.Integer),
-        gql.Argument('uniqueShares', gql.Boolean)
-    ],
-)
-
-
 InviteGroupOnEnvironmentInput = gql.InputType(
     name='InviteGroupOnEnvironmentInput',
     arguments=[
diff --git a/backend/dataall/modules/dataset_sharing/api/input_types.py b/backend/dataall/modules/dataset_sharing/api/input_types.py
index a631736bf..3f1193e77 100644
--- a/backend/dataall/modules/dataset_sharing/api/input_types.py
+++ b/backend/dataall/modules/dataset_sharing/api/input_types.py
@@ -74,3 +74,14 @@ class ShareSortField(GraphQLEnumMapper):
         gql.Argument('pageSize', gql.Integer),
     ],
 )
+
+EnvironmentDataItemFilter = gql.InputType(
+    name='EnvironmentDataItemFilter',
+    arguments=[
+        gql.Argument('itemTypes', gql.ArrayType(gql.String)),
+        gql.Argument('term', gql.String),
+        gql.Argument('page', gql.Integer),
+        gql.Argument('pageSize', gql.Integer),
+        gql.Argument('uniqueShares', gql.Boolean)
+    ],
+)

From 03c7fb9340a0c5e5345f03d501f2334a802ae878 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 17 May 2023 14:37:47 +0200
Subject: [PATCH 198/346] Solved merge conflict after the merge

---
 .../dataall/modules/datasets_base/db/dataset_repository.py    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/backend/dataall/modules/datasets_base/db/dataset_repository.py b/backend/dataall/modules/datasets_base/db/dataset_repository.py
index 8db4cac14..3b99a5f27 100644
--- a/backend/dataall/modules/datasets_base/db/dataset_repository.py
+++ b/backend/dataall/modules/datasets_base/db/dataset_repository.py
@@ -31,12 +31,12 @@ def get_dataset_by_uri(session, dataset_uri) -> Dataset:
             raise ObjectNotFound('Dataset', dataset_uri)
         return dataset
 
-    def count_resources(self, session, environment_uri, group_uri) -> int:
+    def count_resources(self, session, environment, group_uri) -> int:
         return (
             session.query(Dataset)
             .filter(
                 and_(
-                    Dataset.environmentUri == environment_uri,
+                    Dataset.environmentUri == environment.environmentUri,
                     Dataset.SamlAdminGroupName == group_uri
                 ))
             .count()

From 8418d316539650415940028dcd3206dc35c0198c Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 17 May 2023 14:41:15 +0200
Subject: [PATCH 199/346] Found a share related exception

---
 backend/dataall/db/exceptions.py                     | 12 ------------
 .../dataset_sharing/services/share_exceptions.py     | 12 ++++++++++++
 .../dataset_sharing/services/share_item_service.py   |  3 ++-
 .../dataset_sharing/services/share_object_service.py |  3 ++-
 4 files changed, 16 insertions(+), 14 deletions(-)
 create mode 100644 backend/dataall/modules/dataset_sharing/services/share_exceptions.py

diff --git a/backend/dataall/db/exceptions.py b/backend/dataall/db/exceptions.py
index 3453327a8..20b8c9973 100644
--- a/backend/dataall/db/exceptions.py
+++ b/backend/dataall/db/exceptions.py
@@ -161,18 +161,6 @@ def __str__(self):
         return f'{self.message}'
 
 
-class ShareItemsFound(Exception):
-    def __init__(self, action, message):
-        self.action = action
-        self.message = f"""
-                    An error occurred (ShareItemsFound) when calling {self.action} operation:
-                    {message}
-                """
-
-    def __str__(self):
-        return f'{self.message}'
-
-
 class OrganizationResourcesFound(Exception):
     def __init__(self, action, message):
         self.action = action
diff --git a/backend/dataall/modules/dataset_sharing/services/share_exceptions.py b/backend/dataall/modules/dataset_sharing/services/share_exceptions.py
new file mode 100644
index 000000000..706c61ccf
--- /dev/null
+++ b/backend/dataall/modules/dataset_sharing/services/share_exceptions.py
@@ -0,0 +1,12 @@
+
+
+class ShareItemsFound(Exception):
+    def __init__(self, action, message):
+        self.action = action
+        self.message = f"""
+                    An error occurred (ShareItemsFound) when calling {self.action} operation:
+                    {message}
+                """
+
+    def __str__(self):
+        return f'{self.message}'
diff --git a/backend/dataall/modules/dataset_sharing/services/share_item_service.py b/backend/dataall/modules/dataset_sharing/services/share_item_service.py
index 4d5faf18b..0cd683aac 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_item_service.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_item_service.py
@@ -5,12 +5,13 @@
 from dataall.core.permission_checker import has_resource_permission
 from dataall.db import utils
 from dataall.db.api import Environment, ResourcePolicy
-from dataall.db.exceptions import ObjectNotFound, ShareItemsFound, UnauthorizedOperation
+from dataall.db.exceptions import ObjectNotFound, UnauthorizedOperation
 from dataall.db.models import Task
 from dataall.modules.dataset_sharing.db.enums import ShareObjectActions, ShareableType, ShareItemStatus, \
     ShareItemActions
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
 from dataall.modules.dataset_sharing.db.share_object_repository import ShareObjectRepository, ShareObjectSM, ShareItemSM
+from dataall.modules.dataset_sharing.services.share_exceptions import ShareItemsFound
 from dataall.modules.dataset_sharing.services.share_notification_service import ShareNotificationService
 from dataall.modules.dataset_sharing.services.share_permissions import GET_SHARE_OBJECT, ADD_ITEM, REMOVE_ITEM, \
     LIST_ENVIRONMENT_SHARED_WITH_OBJECTS
diff --git a/backend/dataall/modules/dataset_sharing/services/share_object_service.py b/backend/dataall/modules/dataset_sharing/services/share_object_service.py
index cdc8651bd..d96265b60 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_object_service.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_object_service.py
@@ -4,12 +4,13 @@
 from dataall.core.permission_checker import has_resource_permission
 from dataall.db import utils
 from dataall.db.api import ResourcePolicy, Environment
-from dataall.db.exceptions import ShareItemsFound, UnauthorizedOperation
+from dataall.db.exceptions import UnauthorizedOperation
 from dataall.db.models import Activity, PrincipalType, EnvironmentGroup, ConsumptionRole
 from dataall.modules.dataset_sharing.db.enums import ShareObjectActions, ShareableType, ShareItemStatus, \
     ShareObjectStatus
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
 from dataall.modules.dataset_sharing.db.share_object_repository import ShareObjectRepository, ShareObjectSM, ShareItemSM
+from dataall.modules.dataset_sharing.services.share_exceptions import ShareItemsFound
 from dataall.modules.dataset_sharing.services.share_notification_service import ShareNotificationService
 from dataall.modules.dataset_sharing.services.share_permissions import REJECT_SHARE_OBJECT, APPROVE_SHARE_OBJECT, \
     SUBMIT_SHARE_OBJECT, SHARE_OBJECT_APPROVER, SHARE_OBJECT_REQUESTER, CREATE_SHARE_OBJECT, DELETE_SHARE_OBJECT, \

From ee4f34cfa2db0e4704e0018e20468d3f8a19c6d8 Mon Sep 17 00:00:00 2001
From: Gezim Musliaj <102723839+gmuslia@users.noreply.github.com>
Date: Wed, 17 May 2023 15:42:43 +0200
Subject: [PATCH 200/346] Fixes issue with existing cognito callbacks (#464)

### Feature or Bugfix
- BugFix

### Detail
- In line
(https://github.com/awslabs/aws-dataall/blob/13a2fc082694600a0dacaa7e88d0d61ec950d753/deploy/configs/cognito_urls_config.py#L61)

It checks for example.com where instead the right callback to check is
```https://example.com``` and that's why it doesn't get replaced during
the configuration phase.

### Relates
- https://github.com/awslabs/aws-dataall/issues/454

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.
---
 deploy/configs/cognito_urls_config.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/deploy/configs/cognito_urls_config.py b/deploy/configs/cognito_urls_config.py
index d71e8189b..52c8f9155 100644
--- a/deploy/configs/cognito_urls_config.py
+++ b/deploy/configs/cognito_urls_config.py
@@ -58,8 +58,8 @@ def setup_cognito(
             f'https://{user_guide_link}/parseauth',
         ]
         existing_callbacks = user_pool['UserPoolClient'].get('CallbackURLs', [])
-        if 'example.com' in existing_callbacks:
-            existing_callbacks.remove('example.com')
+        if 'https://example.com' in existing_callbacks:
+            existing_callbacks.remove('https://example.com')
         updated_callbacks = existing_callbacks + list(
             set(config_callbacks) - set(existing_callbacks)
         )

From d7b6b51713ae9fea6249c231f3cfd724960feafd Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 17 May 2023 15:50:28 +0200
Subject: [PATCH 201/346] Added delete environment listener

---
 .../group/services/group_resource_manager.py  | 25 +++++++++++++-----
 backend/dataall/db/api/environment.py         | 20 +++-----------
 .../db/share_object_repository.py             | 26 +++++++++++++++++++
 backend/dataall/modules/datasets/__init__.py  |  4 +--
 .../datasets_base/db/dataset_repository.py    |  7 ++---
 .../dataall/modules/worksheets/__init__.py    |  4 +--
 .../modules/worksheets/db/repositories.py     |  7 ++---
 7 files changed, 59 insertions(+), 34 deletions(-)

diff --git a/backend/dataall/core/group/services/group_resource_manager.py b/backend/dataall/core/group/services/group_resource_manager.py
index a5aeaba4a..950d66a7a 100644
--- a/backend/dataall/core/group/services/group_resource_manager.py
+++ b/backend/dataall/core/group/services/group_resource_manager.py
@@ -2,24 +2,35 @@
 from typing import List
 
 
-class GroupResource(ABC):
-    def count_resources(self, session, environment, group_uri) -> int:
+class EnvironmentResource(ABC):
+    @staticmethod
+    def count_resources(session, environment, group_uri) -> int:
         raise NotImplementedError()
 
+    @staticmethod
+    def delete_env(session, environment):
+        pass
+
 
-class GroupResourceManager:
+class EnvironmentResourceManager:
     """
     API for managing group resources
     """
-    _resources: List[GroupResource] = []
+    _resources: List[EnvironmentResource] = []
 
     @staticmethod
-    def register(resource: GroupResource):
-        GroupResourceManager._resources.append(resource)
+    def register(resource: EnvironmentResource):
+        EnvironmentResourceManager._resources.append(resource)
 
     @staticmethod
     def count_group_resources(session, environment, group_uri) -> int:
         counter = 0
-        for resource in GroupResourceManager._resources:
+        for resource in EnvironmentResourceManager._resources:
             counter += resource.count_resources(session, environment, group_uri)
         return counter
+
+    @staticmethod
+    def delete_env(session, environment):
+        for resource in EnvironmentResourceManager._resources:
+            resource.delete_env(session, environment)
+
diff --git a/backend/dataall/db/api/environment.py b/backend/dataall/db/api/environment.py
index 961418f03..360a07d3c 100644
--- a/backend/dataall/db/api/environment.py
+++ b/backend/dataall/db/api/environment.py
@@ -27,9 +27,7 @@
     NamingConventionService,
     NamingConventionPattern,
 )
-from dataall.core.group.services.group_resource_manager import GroupResourceManager
-# TODO get rid of it
-from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
+from dataall.core.group.services.group_resource_manager import EnvironmentResourceManager
 
 log = logging.getLogger(__name__)
 
@@ -381,7 +379,7 @@ def remove_group(session, username, groups, uri, data=None, check_perm=None):
             .count()
         )
 
-        group_env_objects_count += GroupResourceManager.count_group_resources(
+        group_env_objects_count += EnvironmentResourceManager.count_group_resources(
             session=session,
             environment=environment,
             group_uri=group
@@ -979,19 +977,7 @@ def delete_environment(session, username, groups, uri, data=None, check_perm=Non
             session, environment.environmentUri, 'environment'
         )
 
-        env_shared_with_objects = (
-            session.query(ShareObject)
-            .filter(ShareObject.environmentUri == environment.environmentUri)
-            .all()
-        )
-        for share in env_shared_with_objects:
-            (
-                session.query(ShareObjectItem)
-                .filter(ShareObjectItem.shareUri == share.shareUri)
-                .delete()
-            )
-            session.delete(share)
-
+        EnvironmentResourceManager.delete_env(session, environment)
         EnvironmentParameterRepository(session).delete_params(environment.environmentUri)
 
         return session.delete(environment)
diff --git a/backend/dataall/modules/dataset_sharing/db/share_object_repository.py b/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
index 036534efd..30c7d4972 100644
--- a/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
+++ b/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
@@ -3,6 +3,7 @@
 from sqlalchemy import and_, or_, func, case
 from sqlalchemy.orm import Query
 
+from dataall.core.group.services.group_resource_manager import EnvironmentResource
 from dataall.db import models, exceptions, paginate
 from dataall.db.models.Enums import PrincipalType
 from dataall.modules.dataset_sharing.db.enums import ShareObjectActions, ShareObjectStatus, ShareItemActions, \
@@ -311,6 +312,16 @@ def get_share_item_revokable_states():
         ]
 
 
+class ShareEnvironmentResource(EnvironmentResource):
+    @staticmethod
+    def count_resources(session, environment, group_uri) -> int:
+        return 0
+
+    @staticmethod
+    def delete_env(session, environment):
+        ShareObjectRepository.delete_all_share_items(session, environment.environmentUri)
+
+
 class ShareObjectRepository:
     @staticmethod
     def save_and_commit(session, share):
@@ -916,6 +927,21 @@ def list_dataset_shares_with_existing_shared_items(session, dataset_uri) -> [Sha
         )
         return query.all()
 
+    @staticmethod
+    def delete_all_share_items(session, env_uri):
+        env_shared_with_objects = (
+            session.query(ShareObject)
+            .filter(ShareObject.environmentUri == env_uri)
+            .all()
+        )
+        for share in env_shared_with_objects:
+            (
+                session.query(ShareObjectItem)
+                .filter(ShareObjectItem.shareUri == share.shareUri)
+                .delete()
+            )
+            session.delete(share)
+
     @staticmethod
     def paginate_shared_datasets(session, env_uri, group_uri, data):
         share_item_shared_states = ShareItemSM.get_share_item_shared_states()
diff --git a/backend/dataall/modules/datasets/__init__.py b/backend/dataall/modules/datasets/__init__.py
index e923124a7..1c70609ae 100644
--- a/backend/dataall/modules/datasets/__init__.py
+++ b/backend/dataall/modules/datasets/__init__.py
@@ -2,7 +2,7 @@
 import logging
 from typing import List, Type
 
-from dataall.core.group.services.group_resource_manager import GroupResourceManager
+from dataall.core.group.services.group_resource_manager import EnvironmentResourceManager
 from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base import DatasetBaseModuleInterface
 from dataall.modules.datasets_base.db.models import DatasetTableColumn, DatasetStorageLocation, DatasetTable, Dataset
@@ -67,7 +67,7 @@ def __init__(self):
 
         TargetType("dataset", GET_DATASET, UPDATE_DATASET)
 
-        GroupResourceManager.register(DatasetRepository())
+        EnvironmentResourceManager.register(DatasetRepository())
 
         log.info("API of datasets has been imported")
 
diff --git a/backend/dataall/modules/datasets_base/db/dataset_repository.py b/backend/dataall/modules/datasets_base/db/dataset_repository.py
index 3b99a5f27..aea0bb8bc 100644
--- a/backend/dataall/modules/datasets_base/db/dataset_repository.py
+++ b/backend/dataall/modules/datasets_base/db/dataset_repository.py
@@ -11,7 +11,7 @@
 from dataall.db.exceptions import ObjectNotFound
 from dataall.db.models.Enums import Language
 from dataall.modules.datasets_base.db.enums import ConfidentialityClassification
-from dataall.core.group.services.group_resource_manager import GroupResource
+from dataall.core.group.services.group_resource_manager import EnvironmentResource
 from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 from dataall.utils.naming_convention import (
     NamingConventionService,
@@ -21,7 +21,7 @@
 logger = logging.getLogger(__name__)
 
 
-class DatasetRepository(GroupResource):
+class DatasetRepository(EnvironmentResource):
     """DAO layer for Datasets"""
 
     @staticmethod
@@ -31,7 +31,8 @@ def get_dataset_by_uri(session, dataset_uri) -> Dataset:
             raise ObjectNotFound('Dataset', dataset_uri)
         return dataset
 
-    def count_resources(self, session, environment, group_uri) -> int:
+    @staticmethod
+    def count_resources(session, environment, group_uri) -> int:
         return (
             session.query(Dataset)
             .filter(
diff --git a/backend/dataall/modules/worksheets/__init__.py b/backend/dataall/modules/worksheets/__init__.py
index 900c55b2a..9c9acdaf8 100644
--- a/backend/dataall/modules/worksheets/__init__.py
+++ b/backend/dataall/modules/worksheets/__init__.py
@@ -1,7 +1,7 @@
 """Contains the code related to worksheets"""
 import logging
 
-from dataall.core.group.services.group_resource_manager import GroupResourceManager
+from dataall.core.group.services.group_resource_manager import EnvironmentResourceManager
 from dataall.modules.loader import ImportMode, ModuleInterface
 from dataall.modules.worksheets.db.models import Worksheet
 from dataall.modules.worksheets.db.repositories import WorksheetRepository
@@ -23,6 +23,6 @@ def __init__(self):
 
         FeedRegistry.register(FeedDefinition("Worksheet", Worksheet))
 
-        GroupResourceManager.register(WorksheetRepository())
+        EnvironmentResourceManager.register(WorksheetRepository())
 
         log.info("API of worksheets has been imported")
\ No newline at end of file
diff --git a/backend/dataall/modules/worksheets/db/repositories.py b/backend/dataall/modules/worksheets/db/repositories.py
index 420c06909..d8828c0cb 100644
--- a/backend/dataall/modules/worksheets/db/repositories.py
+++ b/backend/dataall/modules/worksheets/db/repositories.py
@@ -4,17 +4,18 @@
 from sqlalchemy import or_
 from sqlalchemy.orm import Query
 
-from dataall.core.group.services.group_resource_manager import GroupResource
+from dataall.core.group.services.group_resource_manager import EnvironmentResource
 from dataall.db import paginate
 from dataall.modules.worksheets.db.models import Worksheet, WorksheetQueryResult
 
 
-class WorksheetRepository(GroupResource):
+class WorksheetRepository(EnvironmentResource):
     """DAO layer for worksheets"""
     _DEFAULT_PAGE = 1
     _DEFAULT_PAGE_SIZE = 10
 
-    def count_resources(self, session, environment, group_uri) -> int:
+    @staticmethod
+    def count_resources(session, environment, group_uri) -> int:
         return (
             session.query(WorksheetQueryResult)
             .filter(

From 62cbb12a6d3b757151cad270375e92f9d238666e Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 17 May 2023 16:25:16 +0200
Subject: [PATCH 202/346] Added two import mode dedicated to tasks loading and
 refactored these tasks

---
 backend/dataall/modules/datasets/__init__.py  | 40 +++++++++++++++--
 .../datasets/indexers/catalog_indexer.py      | 21 +++++++++
 backend/dataall/modules/loader.py             |  2 +
 backend/dataall/tasks/catalog_indexer.py      | 35 ++++++++-------
 backend/dataall/tasks/stacks_updater.py       | 44 ++++++++++++-------
 5 files changed, 107 insertions(+), 35 deletions(-)
 create mode 100644 backend/dataall/modules/datasets/indexers/catalog_indexer.py

diff --git a/backend/dataall/modules/datasets/__init__.py b/backend/dataall/modules/datasets/__init__.py
index 1c70609ae..371e76709 100644
--- a/backend/dataall/modules/datasets/__init__.py
+++ b/backend/dataall/modules/datasets/__init__.py
@@ -2,13 +2,9 @@
 import logging
 from typing import List, Type
 
-from dataall.core.group.services.group_resource_manager import EnvironmentResourceManager
 from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base import DatasetBaseModuleInterface
 from dataall.modules.datasets_base.db.models import DatasetTableColumn, DatasetStorageLocation, DatasetTable, Dataset
-from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
-from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
-from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
 from dataall.modules.datasets.services.dataset_permissions import GET_DATASET, UPDATE_DATASET
 from dataall.modules.loader import ModuleInterface, ImportMode
 
@@ -34,6 +30,10 @@ def __init__(self):
         from dataall.api.Objects.Vote.resolvers import add_vote_type
         from dataall.api.Objects.Feed.registry import FeedRegistry, FeedDefinition
         from dataall.api.Objects.Glossary.registry import GlossaryRegistry, GlossaryDefinition
+        from dataall.core.group.services.group_resource_manager import EnvironmentResourceManager
+        from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
+        from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
+        from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
 
         import dataall.modules.datasets.api
 
@@ -109,3 +109,35 @@ def __init__(self):
     @staticmethod
     def depends_on() -> List[Type['ModuleInterface']]:
         return [DatasetBaseModuleInterface]
+
+
+class DatasetStackUpdaterModuleInterface(ModuleInterface):
+
+    @staticmethod
+    def is_supported(modes: List[ImportMode]) -> bool:
+        return ImportMode.STACK_UPDATER_TASK in modes
+
+    def __init__(self):
+        from dataall.tasks.stacks_updater import StackFinder
+        from dataall.tasks.stacks_updater import register_stack_finder
+
+        class DatasetStackFinder(StackFinder):
+            def find_stack_uris(self, session) -> List[str]:
+                all_datasets: [Dataset] = DatasetRepository.list_all_active_datasets(session)
+                log.info(f'Found {len(all_datasets)} datasets')
+                return [dataset.datasetUri for dataset in all_datasets]
+
+        register_stack_finder(DatasetStackFinder())
+
+
+class DatasetCatalogIndexerModuleInterface(ModuleInterface):
+
+    @staticmethod
+    def is_supported(modes: List[ImportMode]) -> bool:
+        return ImportMode.CATALOG_INDEXER_TASK in modes
+
+    def __init__(self):
+        from dataall.tasks.catalog_indexer import register_catalog_indexer
+        from dataall.modules.datasets.indexers.catalog_indexer import DatasetCatalogIndexer
+
+        register_catalog_indexer(DatasetCatalogIndexer())
diff --git a/backend/dataall/modules/datasets/indexers/catalog_indexer.py b/backend/dataall/modules/datasets/indexers/catalog_indexer.py
new file mode 100644
index 000000000..cf573548b
--- /dev/null
+++ b/backend/dataall/modules/datasets/indexers/catalog_indexer.py
@@ -0,0 +1,21 @@
+import logging
+
+from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
+from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
+from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
+from dataall.modules.datasets_base.db.models import Dataset
+from dataall.tasks.catalog_indexer import CatalogIndexer
+
+log = logging.getLogger(__name__)
+
+
+class DatasetCatalogIndexer(CatalogIndexer):
+
+    def index(self, session) -> int:
+        all_datasets: [Dataset] = DatasetRepository.list_all_active_datasets(session)
+        log.info(f'Found {len(all_datasets)} datasets')
+        dataset: Dataset
+        for dataset in all_datasets:
+            tables = DatasetTableIndexer.upsert_all(session, dataset.datasetUri)
+            folders = DatasetLocationIndexer.upsert_all(session, dataset_uri=dataset.datasetUri)
+            return len(tables) + len(folders) + 1
diff --git a/backend/dataall/modules/loader.py b/backend/dataall/modules/loader.py
index 7354ebeec..df6c83db9 100644
--- a/backend/dataall/modules/loader.py
+++ b/backend/dataall/modules/loader.py
@@ -24,6 +24,8 @@ class ImportMode(Enum):
     API = auto()
     CDK = auto()
     HANDLERS = auto()
+    STACK_UPDATER_TASK = auto()
+    CATALOG_INDEXER_TASK = auto()
 
 
 class ModuleInterface(ABC):
diff --git a/backend/dataall/tasks/catalog_indexer.py b/backend/dataall/tasks/catalog_indexer.py
index 9da3ed925..bbdc07df8 100644
--- a/backend/dataall/tasks/catalog_indexer.py
+++ b/backend/dataall/tasks/catalog_indexer.py
@@ -1,12 +1,11 @@
 import logging
 import os
 import sys
+from abc import ABC
+from typing import List
 
-from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
-from dataall.modules.datasets_base.db.models import Dataset
-from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
-from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
 from dataall.db import get_engine, models
+from dataall.modules.loader import load_modules, ImportMode
 from dataall.searchproxy.indexers import DashboardIndexer
 from dataall.utils.alarm_service import AlarmService
 
@@ -16,23 +15,27 @@
     root.addHandler(logging.StreamHandler(sys.stdout))
 log = logging.getLogger(__name__)
 
+load_modules([ImportMode.CATALOG_INDEXER_TASK])
+
+
+class CatalogIndexer(ABC):
+    def index(self, session) -> int:
+        raise NotImplementedError("index is not implemented")
+
+
+_indexers: List[CatalogIndexer] = []
+
+
+def register_catalog_indexer(indexer: CatalogIndexer):
+    _indexers.append(indexer)
+
 
 def index_objects(engine):
     try:
         indexed_objects_counter = 0
         with engine.scoped_session() as session:
-
-            all_datasets: [Dataset] = DatasetRepository.list_all_active_datasets(
-                session
-            )
-            log.info(f'Found {len(all_datasets)} datasets')
-            dataset: Dataset
-            for dataset in all_datasets:
-                tables = DatasetTableIndexer.upsert_all(session, dataset.datasetUri)
-                folders = DatasetLocationIndexer.upsert_all(session, dataset_uri=dataset.datasetUri)
-                indexed_objects_counter = (
-                    indexed_objects_counter + len(tables) + len(folders) + 1
-                )
+            for indexer in _indexers:
+                indexed_objects_counter += indexer.index(session)
 
             all_dashboards: [models.Dashboard] = session.query(models.Dashboard).all()
             log.info(f'Found {len(all_dashboards)} dashboards')
diff --git a/backend/dataall/tasks/stacks_updater.py b/backend/dataall/tasks/stacks_updater.py
index ea380cdd6..77bf6fc47 100644
--- a/backend/dataall/tasks/stacks_updater.py
+++ b/backend/dataall/tasks/stacks_updater.py
@@ -2,14 +2,15 @@
 import os
 import sys
 import time
+from abc import ABC
+from typing import List
 
-from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
-from dataall.modules.datasets_base.db.models import Dataset
-from .. import db
-from ..db import models
-from ..aws.handlers.ecs import Ecs
-from ..db import get_engine
-from ..utils import Parameter
+from dataall.modules.loader import ImportMode, load_modules
+from dataall import db
+from dataall.db import models
+from dataall.aws.handlers.ecs import Ecs
+from dataall.db import get_engine
+from dataall.utils import Parameter
 
 root = logging.getLogger()
 root.setLevel(logging.INFO)
@@ -21,23 +22,36 @@
 SLEEP_TIME = 30
 
 
+load_modules([ImportMode.STACK_UPDATER_TASK])
+
+
+class StackFinder(ABC):
+    def find_stack_uris(self, session) -> List[str]:
+        """Finds stacks to update"""
+        raise NotImplementedError("retrieve_stack_uris is not implemented")
+
+
+_finders: List[StackFinder] = []
+
+
+def register_stack_finder(finder: StackFinder):
+    _finders.append(finder)
+
+
 def update_stacks(engine, envname):
     with engine.scoped_session() as session:
-
-        all_datasets: [Dataset] = DatasetRepository.list_all_active_datasets(session)
         all_environments: [models.Environment] = db.api.Environment.list_all_active_environments(session)
+        additional_stacks = []
+        for finder in _finders:
+            additional_stacks.extend(finder.find_stack_uris(session))
 
         log.info(f'Found {len(all_environments)} environments, triggering update stack tasks...')
         environment: models.Environment
         for environment in all_environments:
             update_stack(session=session, envname=envname, target_uri=environment.environmentUri, wait=True)
 
-        log.info(f'Found {len(all_datasets)} datasets')
-        dataset: Dataset
-        for dataset in all_datasets:
-            update_stack(session=session, envname=envname, target_uri=dataset.datasetUri, wait=False)
-
-        return all_environments, all_datasets
+        for stack_uri in additional_stacks:
+            update_stack(session=session, envname=envname, target_uri=stack_uri, wait=False)
 
 
 def update_stack(session, envname, target_uri, wait=False):

From 34ac1cd3e8475246b51b2c047b65cdad0fdf8e54 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 17 May 2023 16:47:01 +0200
Subject: [PATCH 203/346] Fixed imports

---
 .../modules/datasets/services/dataset_location_service.py      | 2 +-
 backend/dataall/modules/datasets/services/dataset_service.py   | 3 ++-
 .../dataall/modules/datasets/services/dataset_table_service.py | 2 +-
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/backend/dataall/modules/datasets/services/dataset_location_service.py b/backend/dataall/modules/datasets/services/dataset_location_service.py
index 144f59ddf..00cac9bb3 100644
--- a/backend/dataall/modules/datasets/services/dataset_location_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_location_service.py
@@ -5,9 +5,9 @@
 from dataall.db.exceptions import ResourceShared, ResourceAlreadyExists
 from dataall.db.models import Task
 from dataall.modules.dataset_sharing.db.share_object_repository import ShareObjectRepository
-from dataall.modules.datasets import DatasetLocationIndexer
 from dataall.modules.datasets.aws.s3_location_client import S3LocationClient
 from dataall.modules.datasets.db.dataset_location_repository import DatasetLocationRepository
+from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
 from dataall.modules.datasets.services.dataset_permissions import UPDATE_DATASET_FOLDER, MANAGE_DATASETS, \
     CREATE_DATASET_FOLDER, LIST_DATASET_FOLDERS, DELETE_DATASET_FOLDER
 from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
diff --git a/backend/dataall/modules/datasets/services/dataset_service.py b/backend/dataall/modules/datasets/services/dataset_service.py
index 643bbff39..3ba1cac19 100644
--- a/backend/dataall/modules/datasets/services/dataset_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_service.py
@@ -13,11 +13,12 @@
 from dataall.modules.dataset_sharing.db.models import ShareObject
 from dataall.modules.dataset_sharing.db.share_object_repository import ShareObjectRepository
 from dataall.modules.dataset_sharing.services.share_permissions import SHARE_OBJECT_APPROVER
-from dataall.modules.datasets import DatasetIndexer, DatasetTableIndexer
 from dataall.modules.datasets.aws.glue_dataset_client import DatasetCrawler
 from dataall.modules.datasets.aws.s3_dataset_client import S3DatasetClient
 from dataall.modules.datasets.db.dataset_location_repository import DatasetLocationRepository
 from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
+from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
+from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
 from dataall.modules.datasets.services.dataset_permissions import CREDENTIALS_DATASET, SYNC_DATASET, CRAWL_DATASET, \
     SUMMARY_DATASET, DELETE_DATASET, SUBSCRIPTIONS_DATASET, MANAGE_DATASETS, UPDATE_DATASET, LIST_ENVIRONMENT_DATASETS, \
     CREATE_DATASET, DATASET_ALL, DATASET_READ
diff --git a/backend/dataall/modules/datasets/services/dataset_table_service.py b/backend/dataall/modules/datasets/services/dataset_table_service.py
index 958c80b48..521eb182a 100644
--- a/backend/dataall/modules/datasets/services/dataset_table_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_table_service.py
@@ -8,9 +8,9 @@
 from dataall.db.api import ResourcePolicy, Environment, Glossary
 from dataall.db.exceptions import ResourceShared, ResourceAlreadyExists
 from dataall.modules.dataset_sharing.db.share_object_repository import ShareObjectRepository
-from dataall.modules.datasets import DatasetTableIndexer
 from dataall.modules.datasets.aws.athena_table_client import AthenaTableClient
 from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
+from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
 from dataall.modules.datasets_base.db.enums import ConfidentialityClassification
 from dataall.modules.datasets.services.dataset_permissions import UPDATE_DATASET_TABLE, MANAGE_DATASETS, \
     DELETE_DATASET_TABLE, CREATE_DATASET_TABLE

From 1891f538e51c7aa707abf2ae3eb1703da3d75ed1 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 17 May 2023 17:57:09 +0200
Subject: [PATCH 204/346] Fixed issue with multiply loading

---
 backend/api_handler.py                        |  2 +-
 backend/aws_handler.py                        |  2 +-
 backend/cdkproxymain.py                       |  2 +-
 backend/dataall/cdkproxy/app.py               |  2 +-
 .../modules/dataset_sharing/__init__.py       |  4 +--
 backend/dataall/modules/datasets/__init__.py  | 10 +++---
 .../dataall/modules/datasets_base/__init__.py |  4 +--
 backend/dataall/modules/loader.py             | 35 +++++++++++++++----
 .../modules/sagemaker_base/__init__.py        |  4 +--
 .../dataall/modules/worksheets/__init__.py    |  4 +--
 backend/dataall/tasks/__init__.py             |  1 -
 backend/dataall/tasks/catalog_indexer.py      |  2 +-
 backend/dataall/tasks/stacks_updater.py       |  4 ++-
 backend/local_graphql_server.py               |  2 +-
 tests/conftest.py                             |  2 +-
 tests/modules/test_loader.py                  | 28 +++++++++------
 tests/tasks/test_stacks_updater.py            |  4 +--
 17 files changed, 72 insertions(+), 40 deletions(-)

diff --git a/backend/api_handler.py b/backend/api_handler.py
index 714e107b2..e8d5e184c 100644
--- a/backend/api_handler.py
+++ b/backend/api_handler.py
@@ -24,7 +24,7 @@
 for name in ['boto3', 's3transfer', 'botocore', 'boto']:
     logging.getLogger(name).setLevel(logging.ERROR)
 
-load_modules(modes=[ImportMode.API])
+load_modules(modes={ImportMode.API})
 SCHEMA = bootstrap_schema()
 TYPE_DEFS = gql(SCHEMA.gql(with_directives=False))
 ENVNAME = os.getenv('envname', 'local')
diff --git a/backend/aws_handler.py b/backend/aws_handler.py
index ec5382b6f..7101a6da2 100644
--- a/backend/aws_handler.py
+++ b/backend/aws_handler.py
@@ -14,7 +14,7 @@
 
 engine = get_engine(envname=ENVNAME)
 
-load_modules(modes=[ImportMode.HANDLERS])
+load_modules(modes={ImportMode.HANDLERS})
 
 
 def handler(event, context=None):
diff --git a/backend/cdkproxymain.py b/backend/cdkproxymain.py
index 602b580c8..21f0e1349 100644
--- a/backend/cdkproxymain.py
+++ b/backend/cdkproxymain.py
@@ -21,7 +21,7 @@
     f"Application started for envname= `{ENVNAME}` DH_DOCKER_VERSION:{os.environ.get('DH_DOCKER_VERSION')}"
 )
 
-load_modules(modes=[ImportMode.CDK])
+load_modules(modes={ImportMode.CDK})
 StackManager.registered_stacks()
 
 
diff --git a/backend/dataall/cdkproxy/app.py b/backend/dataall/cdkproxy/app.py
index fde8fa2eb..297dfe116 100644
--- a/backend/dataall/cdkproxy/app.py
+++ b/backend/dataall/cdkproxy/app.py
@@ -13,7 +13,7 @@
 logger = logging.getLogger('cdkapp process')
 logger.setLevel('INFO')
 
-load_modules(modes=[ImportMode.CDK])
+load_modules(modes={ImportMode.CDK})
 
 
 class CdkRunner:
diff --git a/backend/dataall/modules/dataset_sharing/__init__.py b/backend/dataall/modules/dataset_sharing/__init__.py
index 80ab16edc..140fb4e0c 100644
--- a/backend/dataall/modules/dataset_sharing/__init__.py
+++ b/backend/dataall/modules/dataset_sharing/__init__.py
@@ -1,5 +1,5 @@
 import logging
-from typing import List, Type
+from typing import List, Type, Set
 
 from dataall.modules.datasets_base import DatasetBaseModuleInterface
 from dataall.modules.loader import ModuleInterface, ImportMode
@@ -10,7 +10,7 @@
 
 class SharingApiModuleInterface(ModuleInterface):
     @staticmethod
-    def is_supported(modes: List[ImportMode]) -> bool:
+    def is_supported(modes: Set[ImportMode]) -> bool:
         return ImportMode.API in modes
 
     @staticmethod
diff --git a/backend/dataall/modules/datasets/__init__.py b/backend/dataall/modules/datasets/__init__.py
index 371e76709..61161caf1 100644
--- a/backend/dataall/modules/datasets/__init__.py
+++ b/backend/dataall/modules/datasets/__init__.py
@@ -1,6 +1,6 @@
 """Contains the code related to datasets"""
 import logging
-from typing import List, Type
+from typing import List, Type, Set
 
 from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base import DatasetBaseModuleInterface
@@ -76,7 +76,7 @@ class DatasetAsyncHandlersModuleInterface(ModuleInterface):
     """Implements ModuleInterface for dataset async lambda"""
 
     @staticmethod
-    def is_supported(modes: List[ImportMode]):
+    def is_supported(modes: Set[ImportMode]):
         return ImportMode.HANDLERS in modes
 
     def __init__(self):
@@ -94,7 +94,7 @@ class DatasetCdkModuleInterface(ModuleInterface):
     """Loads dataset cdk stacks """
 
     @staticmethod
-    def is_supported(modes: List[ImportMode]):
+    def is_supported(modes: Set[ImportMode]):
         return ImportMode.CDK in modes
 
     def __init__(self):
@@ -114,7 +114,7 @@ def depends_on() -> List[Type['ModuleInterface']]:
 class DatasetStackUpdaterModuleInterface(ModuleInterface):
 
     @staticmethod
-    def is_supported(modes: List[ImportMode]) -> bool:
+    def is_supported(modes: Set[ImportMode]) -> bool:
         return ImportMode.STACK_UPDATER_TASK in modes
 
     def __init__(self):
@@ -133,7 +133,7 @@ def find_stack_uris(self, session) -> List[str]:
 class DatasetCatalogIndexerModuleInterface(ModuleInterface):
 
     @staticmethod
-    def is_supported(modes: List[ImportMode]) -> bool:
+    def is_supported(modes: Set[ImportMode]) -> bool:
         return ImportMode.CATALOG_INDEXER_TASK in modes
 
     def __init__(self):
diff --git a/backend/dataall/modules/datasets_base/__init__.py b/backend/dataall/modules/datasets_base/__init__.py
index 7906c0307..57ac7afaf 100644
--- a/backend/dataall/modules/datasets_base/__init__.py
+++ b/backend/dataall/modules/datasets_base/__init__.py
@@ -1,9 +1,9 @@
-from typing import List
+from typing import Set
 
 from dataall.modules.loader import ModuleInterface, ImportMode
 
 
 class DatasetBaseModuleInterface(ModuleInterface):
     @staticmethod
-    def is_supported(modes: List[ImportMode]) -> bool:
+    def is_supported(modes: Set[ImportMode]) -> bool:
         return True
diff --git a/backend/dataall/modules/loader.py b/backend/dataall/modules/loader.py
index df6c83db9..49dbfe346 100644
--- a/backend/dataall/modules/loader.py
+++ b/backend/dataall/modules/loader.py
@@ -13,6 +13,9 @@
 
 _MODULE_PREFIX = "dataall.modules"
 
+# This needed not to load the same module twice. Should happen only in tests
+_ACTIVE_MODES = set()
+
 
 class ImportMode(Enum):
     """Defines importing mode
@@ -27,6 +30,10 @@ class ImportMode(Enum):
     STACK_UPDATER_TASK = auto()
     CATALOG_INDEXER_TASK = auto()
 
+    @staticmethod
+    def all():
+        return {mode for mode in ImportMode}
+
 
 class ModuleInterface(ABC):
     """
@@ -35,7 +42,7 @@ class ModuleInterface(ABC):
     """
     @staticmethod
     @abstractmethod
-    def is_supported(modes: List[ImportMode]) -> bool:
+    def is_supported(modes: Set[ImportMode]) -> bool:
         """
         Return True if the module interface supports any of the ImportMode and should be loaded
         """
@@ -60,19 +67,35 @@ def depends_on() -> List[Type['ModuleInterface']]:
         return []
 
 
-def load_modules(modes: List[ImportMode]) -> None:
+def load_modules(modes: Set[ImportMode]) -> None:
     """
     Loads all modules from the config
     Loads only requested functionality (submodules) using the mode parameter
     """
+
+    to_load = _new_modules(modes)
+    if not to_load:
+        return
+
     in_config, inactive = _load_modules()
-    _check_loading_correct(in_config, modes)
-    _initialize_modules(modes)
+    _check_loading_correct(in_config, to_load)
+    _initialize_modules(to_load)
     _describe_loading(in_config, inactive)
 
     log.info("All modules have been imported")
 
 
+def _new_modules(modes: Set[ImportMode]):
+    """
+    Extracts only new modules to load. It's needed to avoid multiply loading
+    """
+    all_modes = _ACTIVE_MODES
+
+    to_load = modes - all_modes  # complement of set
+    all_modes |= modes
+    return to_load
+
+
 def _load_modules():
     """
     Loads modules but not initializing them
@@ -121,7 +144,7 @@ def _load_module(name: str):
         return False
 
 
-def _initialize_modules(modes: List[ImportMode]):
+def _initialize_modules(modes: Set[ImportMode]):
     """
     Initialize all modules for supported modes. This method is using topological sorting for a graph of module
     dependencies. It's needed to load module in a specific order: first modules to load are without dependencies.
@@ -165,7 +188,7 @@ def _initialize_module(module):
     module()  # call a constructor for initialization
 
 
-def _check_loading_correct(in_config: Set[str], modes: List[ImportMode]):
+def _check_loading_correct(in_config: Set[str], modes: Set[ImportMode]):
     """
     To avoid unintentional loading (without ModuleInterface) we can check all loaded modules.
     Unintentional/incorrect loading might happen if module A has a direct reference to module B without declaring it
diff --git a/backend/dataall/modules/sagemaker_base/__init__.py b/backend/dataall/modules/sagemaker_base/__init__.py
index 20589ebf0..6a40c6c75 100644
--- a/backend/dataall/modules/sagemaker_base/__init__.py
+++ b/backend/dataall/modules/sagemaker_base/__init__.py
@@ -1,10 +1,10 @@
 """Common code for machine learning studio and notebooks"""
-from typing import List
+from typing import Set
 
 from dataall.modules.loader import ModuleInterface, ImportMode
 
 
 class SagemakerCdkModuleInterface(ModuleInterface):
     @staticmethod
-    def is_supported(modes: List[ImportMode]) -> bool:
+    def is_supported(modes: Set[ImportMode]) -> bool:
         return ImportMode.CDK in modes
diff --git a/backend/dataall/modules/worksheets/__init__.py b/backend/dataall/modules/worksheets/__init__.py
index 9c9acdaf8..c4354a8b3 100644
--- a/backend/dataall/modules/worksheets/__init__.py
+++ b/backend/dataall/modules/worksheets/__init__.py
@@ -12,8 +12,8 @@
 class WorksheetApiModuleInterface(ModuleInterface):
     """Implements ModuleInterface for worksheet GraphQl lambda"""
 
-    @classmethod
-    def is_supported(cls, modes):
+    @staticmethod
+    def is_supported(modes):
         return ImportMode.API in modes
 
     def __init__(self):
diff --git a/backend/dataall/tasks/__init__.py b/backend/dataall/tasks/__init__.py
index 89cb28e27..e69de29bb 100644
--- a/backend/dataall/tasks/__init__.py
+++ b/backend/dataall/tasks/__init__.py
@@ -1 +0,0 @@
-from .catalog_indexer import index_objects
diff --git a/backend/dataall/tasks/catalog_indexer.py b/backend/dataall/tasks/catalog_indexer.py
index bbdc07df8..99313d5a8 100644
--- a/backend/dataall/tasks/catalog_indexer.py
+++ b/backend/dataall/tasks/catalog_indexer.py
@@ -15,7 +15,7 @@
     root.addHandler(logging.StreamHandler(sys.stdout))
 log = logging.getLogger(__name__)
 
-load_modules([ImportMode.CATALOG_INDEXER_TASK])
+load_modules({ImportMode.CATALOG_INDEXER_TASK})
 
 
 class CatalogIndexer(ABC):
diff --git a/backend/dataall/tasks/stacks_updater.py b/backend/dataall/tasks/stacks_updater.py
index 77bf6fc47..535e42d30 100644
--- a/backend/dataall/tasks/stacks_updater.py
+++ b/backend/dataall/tasks/stacks_updater.py
@@ -22,7 +22,7 @@
 SLEEP_TIME = 30
 
 
-load_modules([ImportMode.STACK_UPDATER_TASK])
+load_modules({ImportMode.STACK_UPDATER_TASK})
 
 
 class StackFinder(ABC):
@@ -53,6 +53,8 @@ def update_stacks(engine, envname):
         for stack_uri in additional_stacks:
             update_stack(session=session, envname=envname, target_uri=stack_uri, wait=False)
 
+        return len(all_environments), len(additional_stacks)
+
 
 def update_stack(session, envname, target_uri, wait=False):
     stack: models.Stack = db.api.Stack.get_stack_by_target_uri(
diff --git a/backend/local_graphql_server.py b/backend/local_graphql_server.py
index 98e99cd73..114fdce4b 100644
--- a/backend/local_graphql_server.py
+++ b/backend/local_graphql_server.py
@@ -30,7 +30,7 @@
 es = connect(envname=ENVNAME)
 logger.info('Connected')
 # create_schema_and_tables(engine, envname=ENVNAME)
-load_modules(modes=[ImportMode.API, ImportMode.HANDLERS])
+load_modules(modes={ImportMode.API, ImportMode.HANDLERS})
 Base.metadata.create_all(engine.engine)
 CDKPROXY_URL = (
     'http://cdkproxy:2805' if ENVNAME == 'dkrcompose' else 'http://localhost:2805'
diff --git a/tests/conftest.py b/tests/conftest.py
index 2767a66a3..e9d0138b2 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -3,7 +3,7 @@
 import dataall
 from dataall.modules.loader import load_modules, ImportMode
 
-load_modules(modes=[ImportMode.HANDLERS, ImportMode.API, ImportMode.CDK])
+load_modules(modes=ImportMode.all())
 ENVNAME = os.environ.get('envname', 'pytest')
 
 
diff --git a/tests/modules/test_loader.py b/tests/modules/test_loader.py
index 9db12b408..8e834b0bb 100644
--- a/tests/modules/test_loader.py
+++ b/tests/modules/test_loader.py
@@ -1,5 +1,5 @@
 from abc import ABC
-from typing import List, Type
+from typing import List, Type, Set
 
 import pytest
 
@@ -20,7 +20,7 @@ def name(cls) -> str:
 
 class TestApiModule(TestModule):
     @staticmethod
-    def is_supported(modes: List[ImportMode]) -> bool:
+    def is_supported(modes: Set[ImportMode]) -> bool:
         return ImportMode.API in modes
 
 
@@ -106,27 +106,35 @@ def patch_loading(mocker, all_modules, in_config):
     )
 
 
+@pytest.fixture(scope="function", autouse=True)
+def patch_modes(mocker):
+    mocker.patch(
+        'dataall.modules.loader._ACTIVE_MODES', set()
+    )
+    yield
+
+
 def test_nothing_to_load(mocker):
     patch_loading(mocker, [], set())
-    loader.load_modules([ImportMode.API, ImportMode.CDK])
+    loader.load_modules({ImportMode.API, ImportMode.CDK})
     assert len(order) == 0
 
 
 def test_import_with_one_dependency(mocker):
     patch_loading(mocker, [AModule, BModule], {BModule})
-    loader.load_modules([ImportMode.API])
+    loader.load_modules({ImportMode.API})
     assert order == [AModule, BModule]
 
 
 def test_load_with_cdk_mode(mocker):
     patch_loading(mocker, [DModule, CModule, BModule], {CModule})
-    loader.load_modules([ImportMode.CDK])
+    loader.load_modules({ImportMode.CDK})
     assert order == [CModule]
 
 
 def test_many_nested_layers(mocker):
     patch_loading(mocker, [BModule, CModule, AModule, DModule], {DModule, CModule})
-    loader.load_modules([ImportMode.API])
+    loader.load_modules({ImportMode.API})
     correct_order = [AModule, BModule, DModule]
     assert order == correct_order
     assert CModule not in correct_order
@@ -137,16 +145,16 @@ def test_complex_loading(mocker):
         AModule, BModule, CModule, DModule, EModule, FModule, GModule, IModule, JModule, KModule
     ], {CModule, FModule, GModule, IModule, KModule})
 
-    loader.load_modules([ImportMode.API])
+    loader.load_modules({ImportMode.API})
     assert order == [AModule, JModule, BModule, DModule, EModule, GModule, FModule, IModule, KModule]
 
 
 def test_incorrect_loading(mocker):
-    patch_loading(mocker, [AModule], set())  # A is not specified in config, but was found
+    patch_loading(mocker, [CModule], set())  # A is not specified in config, but was found
     with pytest.raises(ImportError):
-        loader.load_modules([ImportMode.API])
+        loader.load_modules({ImportMode.CDK})
 
     patch_loading(mocker, [AModule, BModule], {AModule})
     with pytest.raises(ImportError):
-        loader.load_modules([ImportMode.API])
+        loader.load_modules({ImportMode.API})
 
diff --git a/tests/tasks/test_stacks_updater.py b/tests/tasks/test_stacks_updater.py
index 701d7c50d..88c5dbd71 100644
--- a/tests/tasks/test_stacks_updater.py
+++ b/tests/tasks/test_stacks_updater.py
@@ -72,5 +72,5 @@ def test_stacks_update(db, org, env, sync_dataset, mocker):
     envs, datasets = dataall.tasks.stacks_updater.update_stacks(
         engine=db, envname='local'
     )
-    assert len(envs) == 1
-    assert len(datasets) == 1
+    assert envs == 1
+    assert datasets == 1

From 4c8b91c0306829b6320b4924b6c133b71a392196 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 19 May 2023 10:29:40 +0200
Subject: [PATCH 205/346] Moved share/dataset related tests

---
 .../datasets/test_dataset_catalog_indexer.py} |  0
 .../datasets/test_dataset_policies.py}        |  0
 .../datasets/test_dataset_subscriptions.py}   |  0
 .../datasets/test_dataset_tables_sync.py}     |  0
 .../datasets}/test_lf_share_manager.py        |  0
 .../datasets}/test_s3_share_manager.py        |  0
 .../test_stacks_updater_with_datasets.py      | 75 +++++++++++++++++++
 tests/tasks/test_stacks_updater.py            | 34 +--------
 8 files changed, 79 insertions(+), 30 deletions(-)
 rename tests/{tasks/test_catalog_indexer.py => modules/datasets/test_dataset_catalog_indexer.py} (100%)
 rename tests/{tasks/test_policies.py => modules/datasets/test_dataset_policies.py} (100%)
 rename tests/{tasks/test_subscriptions.py => modules/datasets/test_dataset_subscriptions.py} (100%)
 rename tests/{tasks/test_tables_sync.py => modules/datasets/test_dataset_tables_sync.py} (100%)
 rename tests/{tasks => modules/datasets}/test_lf_share_manager.py (100%)
 rename tests/{tasks => modules/datasets}/test_s3_share_manager.py (100%)
 create mode 100644 tests/modules/datasets/test_stacks_updater_with_datasets.py

diff --git a/tests/tasks/test_catalog_indexer.py b/tests/modules/datasets/test_dataset_catalog_indexer.py
similarity index 100%
rename from tests/tasks/test_catalog_indexer.py
rename to tests/modules/datasets/test_dataset_catalog_indexer.py
diff --git a/tests/tasks/test_policies.py b/tests/modules/datasets/test_dataset_policies.py
similarity index 100%
rename from tests/tasks/test_policies.py
rename to tests/modules/datasets/test_dataset_policies.py
diff --git a/tests/tasks/test_subscriptions.py b/tests/modules/datasets/test_dataset_subscriptions.py
similarity index 100%
rename from tests/tasks/test_subscriptions.py
rename to tests/modules/datasets/test_dataset_subscriptions.py
diff --git a/tests/tasks/test_tables_sync.py b/tests/modules/datasets/test_dataset_tables_sync.py
similarity index 100%
rename from tests/tasks/test_tables_sync.py
rename to tests/modules/datasets/test_dataset_tables_sync.py
diff --git a/tests/tasks/test_lf_share_manager.py b/tests/modules/datasets/test_lf_share_manager.py
similarity index 100%
rename from tests/tasks/test_lf_share_manager.py
rename to tests/modules/datasets/test_lf_share_manager.py
diff --git a/tests/tasks/test_s3_share_manager.py b/tests/modules/datasets/test_s3_share_manager.py
similarity index 100%
rename from tests/tasks/test_s3_share_manager.py
rename to tests/modules/datasets/test_s3_share_manager.py
diff --git a/tests/modules/datasets/test_stacks_updater_with_datasets.py b/tests/modules/datasets/test_stacks_updater_with_datasets.py
new file mode 100644
index 000000000..823b62e3f
--- /dev/null
+++ b/tests/modules/datasets/test_stacks_updater_with_datasets.py
@@ -0,0 +1,75 @@
+import pytest
+import dataall
+from dataall.api.constants import OrganisationUserRole
+from dataall.modules.datasets_base.db.models import Dataset
+from dataall.tasks.stacks_updater import update_stacks
+
+
+@pytest.fixture(scope='module', autouse=True)
+def org(db):
+    with db.scoped_session() as session:
+        org = dataall.db.models.Organization(
+            label='org',
+            owner='alice',
+            tags=[],
+            description='desc',
+            SamlGroupName='admins',
+            userRoleInOrganization=OrganisationUserRole.Owner.value,
+        )
+        session.add(org)
+    yield org
+
+
+@pytest.fixture(scope='module', autouse=True)
+def env(org, db):
+    with db.scoped_session() as session:
+        env = dataall.db.models.Environment(
+            organizationUri=org.organizationUri,
+            AwsAccountId='12345678901',
+            region='eu-west-1',
+            label='org',
+            owner='alice',
+            tags=[],
+            description='desc',
+            SamlGroupName='admins',
+            EnvironmentDefaultIAMRoleName='EnvRole',
+            EnvironmentDefaultIAMRoleArn='arn:aws::123456789012:role/EnvRole/GlueJobSessionRunner',
+            CDKRoleArn='arn:aws::123456789012:role/EnvRole',
+            userRoleInEnvironment='999',
+        )
+        session.add(env)
+    yield env
+
+
+@pytest.fixture(scope='module', autouse=True)
+def sync_dataset(org, env, db):
+    with db.scoped_session() as session:
+        dataset = Dataset(
+            organizationUri=org.organizationUri,
+            environmentUri=env.environmentUri,
+            label='label',
+            owner='foo',
+            SamlAdminGroupName='foo',
+            businessOwnerDelegationEmails=['foo@amazon.com'],
+            businessOwnerEmail=['bar@amazon.com'],
+            name='name',
+            S3BucketName='S3BucketName',
+            GlueDatabaseName='GlueDatabaseName',
+            KmsAlias='kmsalias',
+            AwsAccountId='123456789012',
+            region='eu-west-1',
+            IAMDatasetAdminUserArn=f'arn:aws:iam::123456789012:user/dataset',
+            IAMDatasetAdminRoleArn=f'arn:aws:iam::123456789012:role/dataset',
+        )
+        session.add(dataset)
+    yield dataset
+
+
+def test_stacks_update(db, org, env, sync_dataset, mocker):
+    mocker.patch(
+        'dataall.tasks.stacks_updater.update_stack',
+        return_value=True,
+    )
+    envs, datasets = update_stacks(engine=db, envname='local')
+    assert envs == 1
+    assert datasets == 1
diff --git a/tests/tasks/test_stacks_updater.py b/tests/tasks/test_stacks_updater.py
index 88c5dbd71..124768683 100644
--- a/tests/tasks/test_stacks_updater.py
+++ b/tests/tasks/test_stacks_updater.py
@@ -1,7 +1,7 @@
 import pytest
 import dataall
 from dataall.api.constants import OrganisationUserRole
-from dataall.modules.datasets_base.db.models import Dataset
+from dataall.tasks.stacks_updater import update_stacks
 
 
 @pytest.fixture(scope='module', autouse=True)
@@ -40,37 +40,11 @@ def env(org, db):
     yield env
 
 
-@pytest.fixture(scope='module', autouse=True)
-def sync_dataset(org, env, db):
-    with db.scoped_session() as session:
-        dataset = Dataset(
-            organizationUri=org.organizationUri,
-            environmentUri=env.environmentUri,
-            label='label',
-            owner='foo',
-            SamlAdminGroupName='foo',
-            businessOwnerDelegationEmails=['foo@amazon.com'],
-            businessOwnerEmail=['bar@amazon.com'],
-            name='name',
-            S3BucketName='S3BucketName',
-            GlueDatabaseName='GlueDatabaseName',
-            KmsAlias='kmsalias',
-            AwsAccountId='123456789012',
-            region='eu-west-1',
-            IAMDatasetAdminUserArn=f'arn:aws:iam::123456789012:user/dataset',
-            IAMDatasetAdminRoleArn=f'arn:aws:iam::123456789012:role/dataset',
-        )
-        session.add(dataset)
-    yield dataset
-
-
-def test_stacks_update(db, org, env, sync_dataset, mocker):
+def test_stacks_update(db, org, env, mocker):
     mocker.patch(
         'dataall.tasks.stacks_updater.update_stack',
         return_value=True,
     )
-    envs, datasets = dataall.tasks.stacks_updater.update_stacks(
-        engine=db, envname='local'
-    )
+    envs, others = update_stacks(engine=db, envname='local')
     assert envs == 1
-    assert datasets == 1
+    assert others == 0

From d75ebfd410061e429537a7d3831a21e79f8039e2 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 19 May 2023 10:37:47 +0200
Subject: [PATCH 206/346] Moved to tasks folder

---
 tests/modules/datasets/tasks/__init__.py                         | 0
 tests/{ => modules/datasets}/tasks/conftest.py                   | 1 +
 .../modules/datasets/{ => tasks}/test_dataset_catalog_indexer.py | 0
 tests/modules/datasets/{ => tasks}/test_dataset_policies.py      | 0
 tests/modules/datasets/{ => tasks}/test_dataset_subscriptions.py | 0
 tests/modules/datasets/{ => tasks}/test_dataset_tables_sync.py   | 0
 tests/modules/datasets/{ => tasks}/test_lf_share_manager.py      | 0
 tests/modules/datasets/{ => tasks}/test_s3_share_manager.py      | 0
 .../datasets/{ => tasks}/test_stacks_updater_with_datasets.py    | 0
 9 files changed, 1 insertion(+)
 create mode 100644 tests/modules/datasets/tasks/__init__.py
 rename tests/{ => modules/datasets}/tasks/conftest.py (99%)
 rename tests/modules/datasets/{ => tasks}/test_dataset_catalog_indexer.py (100%)
 rename tests/modules/datasets/{ => tasks}/test_dataset_policies.py (100%)
 rename tests/modules/datasets/{ => tasks}/test_dataset_subscriptions.py (100%)
 rename tests/modules/datasets/{ => tasks}/test_dataset_tables_sync.py (100%)
 rename tests/modules/datasets/{ => tasks}/test_lf_share_manager.py (100%)
 rename tests/modules/datasets/{ => tasks}/test_s3_share_manager.py (100%)
 rename tests/modules/datasets/{ => tasks}/test_stacks_updater_with_datasets.py (100%)

diff --git a/tests/modules/datasets/tasks/__init__.py b/tests/modules/datasets/tasks/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/tests/tasks/conftest.py b/tests/modules/datasets/tasks/conftest.py
similarity index 99%
rename from tests/tasks/conftest.py
rename to tests/modules/datasets/tasks/conftest.py
index 4fbbd49e3..e3556fed6 100644
--- a/tests/tasks/conftest.py
+++ b/tests/modules/datasets/tasks/conftest.py
@@ -216,6 +216,7 @@ def factory(
 
     yield factory
 
+
 @pytest.fixture(scope="module")
 def share_item_table(db):
     def factory(
diff --git a/tests/modules/datasets/test_dataset_catalog_indexer.py b/tests/modules/datasets/tasks/test_dataset_catalog_indexer.py
similarity index 100%
rename from tests/modules/datasets/test_dataset_catalog_indexer.py
rename to tests/modules/datasets/tasks/test_dataset_catalog_indexer.py
diff --git a/tests/modules/datasets/test_dataset_policies.py b/tests/modules/datasets/tasks/test_dataset_policies.py
similarity index 100%
rename from tests/modules/datasets/test_dataset_policies.py
rename to tests/modules/datasets/tasks/test_dataset_policies.py
diff --git a/tests/modules/datasets/test_dataset_subscriptions.py b/tests/modules/datasets/tasks/test_dataset_subscriptions.py
similarity index 100%
rename from tests/modules/datasets/test_dataset_subscriptions.py
rename to tests/modules/datasets/tasks/test_dataset_subscriptions.py
diff --git a/tests/modules/datasets/test_dataset_tables_sync.py b/tests/modules/datasets/tasks/test_dataset_tables_sync.py
similarity index 100%
rename from tests/modules/datasets/test_dataset_tables_sync.py
rename to tests/modules/datasets/tasks/test_dataset_tables_sync.py
diff --git a/tests/modules/datasets/test_lf_share_manager.py b/tests/modules/datasets/tasks/test_lf_share_manager.py
similarity index 100%
rename from tests/modules/datasets/test_lf_share_manager.py
rename to tests/modules/datasets/tasks/test_lf_share_manager.py
diff --git a/tests/modules/datasets/test_s3_share_manager.py b/tests/modules/datasets/tasks/test_s3_share_manager.py
similarity index 100%
rename from tests/modules/datasets/test_s3_share_manager.py
rename to tests/modules/datasets/tasks/test_s3_share_manager.py
diff --git a/tests/modules/datasets/test_stacks_updater_with_datasets.py b/tests/modules/datasets/tasks/test_stacks_updater_with_datasets.py
similarity index 100%
rename from tests/modules/datasets/test_stacks_updater_with_datasets.py
rename to tests/modules/datasets/tasks/test_stacks_updater_with_datasets.py

From 69daa0d128642ea81fdd4aca1fa34302c1042c1e Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 19 May 2023 11:10:07 +0200
Subject: [PATCH 207/346] Updated a version of pytest

---
 tests/requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/requirements.txt b/tests/requirements.txt
index d68c8d230..c7ac3c1a2 100644
--- a/tests/requirements.txt
+++ b/tests/requirements.txt
@@ -1,5 +1,5 @@
 munch==2.5.0
-pytest==6.2.5
+pytest==7.3.1
 pytest-cov==3.0.0
 pytest-mock==3.6.1
 pytest-dependency==0.5.1

From 9c47b30d04de4d0603c969367f618386d445bf72 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 19 May 2023 11:26:58 +0200
Subject: [PATCH 208/346] Fixed linting

---
 .../dataall/api/Objects/Glossary/registry.py  |  2 +-
 .../group/services/group_resource_manager.py  |  1 -
 .../modules/dataset_sharing/api/resolvers.py  |  1 +
 .../modules/dataset_sharing/db/models.py      |  1 -
 .../db/share_object_repository.py             |  3 --
 .../handlers/ecs_share_handler.py             | 15 ++++----
 .../services/dataset_alarm_service.py         |  2 --
 .../services/share_item_service.py            |  1 -
 .../services/share_object_service.py          |  7 ++--
 .../modules/datasets/api/dataset/enums.py     |  1 -
 .../modules/datasets/api/table/resolvers.py   |  2 +-
 .../datasets/aws/glue_dataset_client.py       |  1 -
 .../modules/datasets/cdk/dataset_s3_policy.py |  1 -
 .../datasets/db/dataset_column_repository.py  |  2 --
 .../db/dataset_location_repository.py         |  3 +-
 .../handlers/glue_table_sync_handler.py       |  1 -
 .../datasets_base/db/dataset_repository.py    |  1 -
 .../dataall/modules/datasets_base/db/enums.py |  1 -
 .../modules/datasets_base/db/models.py        |  2 --
 backend/dataall/modules/loader.py             |  4 +--
 .../dataall/modules/worksheets/__init__.py    |  2 +-
 .../modules/worksheets/api/resolvers.py       |  1 +
 .../modules/worksheets/aws/athena_client.py   | 35 ++++++++++---------
 .../modules/worksheets/db/repositories.py     |  2 +-
 .../services/worksheet_permissions.py         |  2 +-
 .../worksheets/services/worksheet_services.py |  4 +--
 backend/dataall/searchproxy/base_indexer.py   |  1 -
 ...fc49baecea4_add_enviromental_parameters.py | 22 ++++++------
 28 files changed, 51 insertions(+), 70 deletions(-)

diff --git a/backend/dataall/api/Objects/Glossary/registry.py b/backend/dataall/api/Objects/Glossary/registry.py
index 494d5d502..27c534368 100644
--- a/backend/dataall/api/Objects/Glossary/registry.py
+++ b/backend/dataall/api/Objects/Glossary/registry.py
@@ -65,4 +65,4 @@ def reindex(cls, session, target_type: str, target_uri: str):
     object_type="Dashboard",
     model=models.Dashboard,
     reindexer=DashboardIndexer
-))
\ No newline at end of file
+))
diff --git a/backend/dataall/core/group/services/group_resource_manager.py b/backend/dataall/core/group/services/group_resource_manager.py
index 950d66a7a..d2f3beb96 100644
--- a/backend/dataall/core/group/services/group_resource_manager.py
+++ b/backend/dataall/core/group/services/group_resource_manager.py
@@ -33,4 +33,3 @@ def count_group_resources(session, environment, group_uri) -> int:
     def delete_env(session, environment):
         for resource in EnvironmentResourceManager._resources:
             resource.delete_env(session, environment)
-
diff --git a/backend/dataall/modules/dataset_sharing/api/resolvers.py b/backend/dataall/modules/dataset_sharing/api/resolvers.py
index 9d32aed3d..8c4a4cfe7 100644
--- a/backend/dataall/modules/dataset_sharing/api/resolvers.py
+++ b/backend/dataall/modules/dataset_sharing/api/resolvers.py
@@ -73,6 +73,7 @@ def add_shared_item(context, source, shareUri: str = None, input: dict = None):
 def remove_shared_item(context, source, shareItemUri: str = None):
     return ShareItemService.remove_shared_item(uri=shareItemUri)
 
+
 def resolve_shared_item(context, source: ShareObjectItem, **kwargs):
     if not source:
         return None
diff --git a/backend/dataall/modules/dataset_sharing/db/models.py b/backend/dataall/modules/dataset_sharing/db/models.py
index 85883b00c..65807c5c9 100644
--- a/backend/dataall/modules/dataset_sharing/db/models.py
+++ b/backend/dataall/modules/dataset_sharing/db/models.py
@@ -56,4 +56,3 @@ class ShareObjectItem(Base):
     S3AccessPointName = Column(String, nullable=True)
     status = Column(String, nullable=False, default=ShareItemStatus.PendingApproval.value)
     action = Column(String, nullable=True)
-
diff --git a/backend/dataall/modules/dataset_sharing/db/share_object_repository.py b/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
index 30c7d4972..27a813d1a 100644
--- a/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
+++ b/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
@@ -1038,6 +1038,3 @@ def paginate_shared_datasets(session, env_uri, group_uri, data):
         return paginate(
             query=q, page=data.get('page', 1), page_size=data.get('pageSize', 10)
         ).to_dict()
-
-
-
diff --git a/backend/dataall/modules/dataset_sharing/handlers/ecs_share_handler.py b/backend/dataall/modules/dataset_sharing/handlers/ecs_share_handler.py
index 2707a0609..5be0c32df 100644
--- a/backend/dataall/modules/dataset_sharing/handlers/ecs_share_handler.py
+++ b/backend/dataall/modules/dataset_sharing/handlers/ecs_share_handler.py
@@ -37,11 +37,10 @@ def _manage_share(engine, task: models.Task, local_handler, ecs_handler: str):
     @staticmethod
     def _run_share_management_ecs_task(share_uri, handler):
         return Ecs.run_ecs_task(
-                task_definition_param='ecs/task_def_arn/share_management',
-                container_name_param='ecs/container/share_management',
-                context=[
-                    {'name': 'shareUri', 'value': share_uri},
-                    {'name': 'handler', 'value': handler},
-                ],
-            )
-
+            task_definition_param='ecs/task_def_arn/share_management',
+            container_name_param='ecs/container/share_management',
+            context=[
+                {'name': 'shareUri', 'value': share_uri},
+                {'name': 'handler', 'value': handler},
+            ],
+        )
diff --git a/backend/dataall/modules/dataset_sharing/services/dataset_alarm_service.py b/backend/dataall/modules/dataset_sharing/services/dataset_alarm_service.py
index c1a11c289..a5f2684dd 100644
--- a/backend/dataall/modules/dataset_sharing/services/dataset_alarm_service.py
+++ b/backend/dataall/modules/dataset_sharing/services/dataset_alarm_service.py
@@ -149,5 +149,3 @@ def trigger_revoke_folder_sharing_failure_alarm(
     - Region:                            {target_environment.region}
 """
         return self.publish_message_to_alarms_topic(subject, message)
-
-
diff --git a/backend/dataall/modules/dataset_sharing/services/share_item_service.py b/backend/dataall/modules/dataset_sharing/services/share_item_service.py
index 0cd683aac..ee4ad3bef 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_item_service.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_item_service.py
@@ -174,4 +174,3 @@ def paginated_shared_with_environment_datasets(session, uri, data) -> dict:
     def paginated_shared_with_environment_group_datasets(session, env_uri, group_uri, data) -> dict:
         # TODO THERE WAS NOT PERMISSION
         return ShareObjectRepository.paginate_shared_datasets(session, env_uri, group_uri, data)
-
diff --git a/backend/dataall/modules/dataset_sharing/services/share_object_service.py b/backend/dataall/modules/dataset_sharing/services/share_object_service.py
index d96265b60..a185443d6 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_object_service.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_object_service.py
@@ -5,7 +5,8 @@
 from dataall.db import utils
 from dataall.db.api import ResourcePolicy, Environment
 from dataall.db.exceptions import UnauthorizedOperation
-from dataall.db.models import Activity, PrincipalType, EnvironmentGroup, ConsumptionRole
+from dataall.db.models import Activity, PrincipalType, EnvironmentGroup, ConsumptionRole, Task
+from dataall.aws.handlers.service_handlers import Worker
 from dataall.modules.dataset_sharing.db.enums import ShareObjectActions, ShareableType, ShareItemStatus, \
     ShareObjectStatus
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
@@ -46,7 +47,7 @@ def create_share_object(
             if environment.region != dataset.region:
                 raise UnauthorizedOperation(
                     action=CREATE_SHARE_OBJECT,
-                    message=f'Requester Team {group_uri} works in region {environment.region} ' +
+                    message=f'Requester Team {group_uri} works in region {environment.region} '
                             f'and the requested dataset is stored in region {dataset.region}',
                 )
 
@@ -230,7 +231,7 @@ def delete_share_object(uri: str):
             if shared_share_items_states:
                 raise ShareItemsFound(
                     action='Delete share object',
-                    message='There are shared items in this request. ' +
+                    message='There are shared items in this request. '
                             'Revoke access to these items before deleting the request.',
                 )
 
diff --git a/backend/dataall/modules/datasets/api/dataset/enums.py b/backend/dataall/modules/datasets/api/dataset/enums.py
index 7169bb5c5..a68384648 100644
--- a/backend/dataall/modules/datasets/api/dataset/enums.py
+++ b/backend/dataall/modules/datasets/api/dataset/enums.py
@@ -15,4 +15,3 @@ class ConfidentialityClassification(GraphQLEnumMapper):
     Unclassified = 'Unclassified'
     Official = 'Official'
     Secret = 'Secret'
-
diff --git a/backend/dataall/modules/datasets/api/table/resolvers.py b/backend/dataall/modules/datasets/api/table/resolvers.py
index 8fb41b064..c6cd6fda5 100644
--- a/backend/dataall/modules/datasets/api/table/resolvers.py
+++ b/backend/dataall/modules/datasets/api/table/resolvers.py
@@ -4,7 +4,7 @@
 from dataall.db.exceptions import RequiredParameter
 from dataall.modules.datasets.api.dataset.resolvers import get_dataset
 from dataall.api.context import Context
-from dataall.db.api import  Glossary
+from dataall.db.api import Glossary
 from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
 from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 
diff --git a/backend/dataall/modules/datasets/aws/glue_dataset_client.py b/backend/dataall/modules/datasets/aws/glue_dataset_client.py
index cf5d432b1..cd68a6c85 100644
--- a/backend/dataall/modules/datasets/aws/glue_dataset_client.py
+++ b/backend/dataall/modules/datasets/aws/glue_dataset_client.py
@@ -102,4 +102,3 @@ def database_exists(self):
         except ClientError:
             log.info(f'Database {dataset.GlueDatabaseName} does not exist on account {dataset.AwsAccountId}...')
             return False
-
diff --git a/backend/dataall/modules/datasets/cdk/dataset_s3_policy.py b/backend/dataall/modules/datasets/cdk/dataset_s3_policy.py
index 404b43db0..bc68ae087 100644
--- a/backend/dataall/modules/datasets/cdk/dataset_s3_policy.py
+++ b/backend/dataall/modules/datasets/cdk/dataset_s3_policy.py
@@ -30,4 +30,3 @@ def _generate_dataset_statements(datasets: List[Dataset]):
                 resources=buckets,
             )
         ]
-
diff --git a/backend/dataall/modules/datasets/db/dataset_column_repository.py b/backend/dataall/modules/datasets/db/dataset_column_repository.py
index b4ae5e6ed..8febf1c63 100644
--- a/backend/dataall/modules/datasets/db/dataset_column_repository.py
+++ b/backend/dataall/modules/datasets/db/dataset_column_repository.py
@@ -43,5 +43,3 @@ def paginate_active_columns_for_table(session, table_uri: str, filter: dict):
             page=filter.get('page', 1),
             page_size=filter.get('pageSize', 10)
         ).to_dict()
-
-
diff --git a/backend/dataall/modules/datasets/db/dataset_location_repository.py b/backend/dataall/modules/datasets/db/dataset_location_repository.py
index a58527c75..d5aaed547 100644
--- a/backend/dataall/modules/datasets/db/dataset_location_repository.py
+++ b/backend/dataall/modules/datasets/db/dataset_location_repository.py
@@ -114,7 +114,7 @@ def count_dataset_locations(session, dataset_uri):
     def delete_dataset_locations(session, dataset_uri) -> bool:
         locations = (
             session.query(DatasetStorageLocation)
-            .filter(DatasetStorageLocation.datasetUri == dataset_uri )
+            .filter(DatasetStorageLocation.datasetUri == dataset_uri)
             .all()
         )
         for location in locations:
@@ -151,4 +151,3 @@ def paginated_dataset_locations(session, uri, data=None) -> dict:
         return paginate(
             query=query, page_size=data.get('pageSize', 10), page=data.get('page', 1)
         ).to_dict()
-
diff --git a/backend/dataall/modules/datasets/handlers/glue_table_sync_handler.py b/backend/dataall/modules/datasets/handlers/glue_table_sync_handler.py
index e376a05e2..fa7441840 100644
--- a/backend/dataall/modules/datasets/handlers/glue_table_sync_handler.py
+++ b/backend/dataall/modules/datasets/handlers/glue_table_sync_handler.py
@@ -67,4 +67,3 @@ def update_table_columns(engine, task: models.Task):
                     )
 
                     glue_client.update_table_for_column(column.name, updated_table)
-
diff --git a/backend/dataall/modules/datasets_base/db/dataset_repository.py b/backend/dataall/modules/datasets_base/db/dataset_repository.py
index aea0bb8bc..7481e33ba 100644
--- a/backend/dataall/modules/datasets_base/db/dataset_repository.py
+++ b/backend/dataall/modules/datasets_base/db/dataset_repository.py
@@ -406,4 +406,3 @@ def _set_import_data(dataset, data):
         dataset.importedGlueDatabase = True if data.get('glueDatabaseName') else False
         dataset.importedKmsKey = True if data.get('KmsKeyId') else False
         dataset.importedAdminRole = True if data.get('adminRoleName') else False
-
diff --git a/backend/dataall/modules/datasets_base/db/enums.py b/backend/dataall/modules/datasets_base/db/enums.py
index 5c2d89091..7eb8b2935 100644
--- a/backend/dataall/modules/datasets_base/db/enums.py
+++ b/backend/dataall/modules/datasets_base/db/enums.py
@@ -15,4 +15,3 @@ class DatasetRole(Enum):
     Admin = '900'
     Shared = '300'
     NoPermission = '000'
-
diff --git a/backend/dataall/modules/datasets_base/db/models.py b/backend/dataall/modules/datasets_base/db/models.py
index df15c19a4..45f7fe858 100644
--- a/backend/dataall/modules/datasets_base/db/models.py
+++ b/backend/dataall/modules/datasets_base/db/models.py
@@ -140,5 +140,3 @@ class Dataset(Resource, Base):
 
     def uri(self):
         return self.datasetUri
-
-
diff --git a/backend/dataall/modules/loader.py b/backend/dataall/modules/loader.py
index 49dbfe346..a625681bb 100644
--- a/backend/dataall/modules/loader.py
+++ b/backend/dataall/modules/loader.py
@@ -236,10 +236,10 @@ def _describe_loading(in_config: Set[str], inactive: Set[str]):
         name = module.name()
         log.debug(f"The {name} module was loaded")
         if name in inactive:
-            log.info(f"There is a module that depends on {module.name()}. " +
+            log.info(f"There is a module that depends on {module.name()}. "
                      "The module has been loaded despite it's inactive.")
         elif name not in in_config:
-            log.info(f"There is a module that depends on {module.name()}. " +
+            log.info(f"There is a module that depends on {module.name()}. "
                      "The module has been loaded despite it's not specified in the configuration file.")
 
 
diff --git a/backend/dataall/modules/worksheets/__init__.py b/backend/dataall/modules/worksheets/__init__.py
index c4354a8b3..f3208fe3d 100644
--- a/backend/dataall/modules/worksheets/__init__.py
+++ b/backend/dataall/modules/worksheets/__init__.py
@@ -25,4 +25,4 @@ def __init__(self):
 
         EnvironmentResourceManager.register(WorksheetRepository())
 
-        log.info("API of worksheets has been imported")
\ No newline at end of file
+        log.info("API of worksheets has been imported")
diff --git a/backend/dataall/modules/worksheets/api/resolvers.py b/backend/dataall/modules/worksheets/api/resolvers.py
index 154189fd4..6a606e9e6 100644
--- a/backend/dataall/modules/worksheets/api/resolvers.py
+++ b/backend/dataall/modules/worksheets/api/resolvers.py
@@ -11,6 +11,7 @@ class WorksheetRole(GraphQLEnumMapper):
     Admin = '900'
     NoPermission = '000'
 
+
 def create_worksheet(context: Context, source, input: dict = None):
     if not input:
         raise exceptions.RequiredParameter(input)
diff --git a/backend/dataall/modules/worksheets/aws/athena_client.py b/backend/dataall/modules/worksheets/aws/athena_client.py
index 88ebddfdc..cb9debe4e 100644
--- a/backend/dataall/modules/worksheets/aws/athena_client.py
+++ b/backend/dataall/modules/worksheets/aws/athena_client.py
@@ -1,27 +1,28 @@
 from pyathena import connect
 from dataall.aws.handlers.sts import SessionHelper
 
+
 class AthenaClient:
     """ Makes requests to AWS Athena """
 
     @staticmethod
     def run_athena_query(aws_account_id, env_group, s3_staging_dir, region, sql=None):
-            base_session = SessionHelper.remote_session(accountid=aws_account_id)
-            boto3_session = SessionHelper.get_session(base_session=base_session, role_arn=env_group.environmentIAMRoleArn)
-            creds = boto3_session.get_credentials()
-            connection = connect(
-                aws_access_key_id=creds.access_key,
-                aws_secret_access_key=creds.secret_key,
-                aws_session_token=creds.token,
-                work_group=env_group.environmentAthenaWorkGroup,
-                s3_staging_dir=s3_staging_dir,
-                region_name=region,
-            )
-            cursor = connection.cursor()
-            cursor.execute(sql)
-            
-            return cursor
-    
+        base_session = SessionHelper.remote_session(accountid=aws_account_id)
+        boto3_session = SessionHelper.get_session(base_session=base_session, role_arn=env_group.environmentIAMRoleArn)
+        creds = boto3_session.get_credentials()
+        connection = connect(
+            aws_access_key_id=creds.access_key,
+            aws_secret_access_key=creds.secret_key,
+            aws_session_token=creds.token,
+            work_group=env_group.environmentAthenaWorkGroup,
+            s3_staging_dir=s3_staging_dir,
+            region_name=region,
+        )
+        cursor = connection.cursor()
+        cursor.execute(sql)
+
+        return cursor
+
     @staticmethod
     def convert_query_output(cursor):
         columns = []
@@ -44,4 +45,4 @@ def convert_query_output(cursor):
             'ElapsedTime': cursor.total_execution_time_in_millis,
             'rows': rows,
             'columns': columns,
-        }
\ No newline at end of file
+        }
diff --git a/backend/dataall/modules/worksheets/db/repositories.py b/backend/dataall/modules/worksheets/db/repositories.py
index d8828c0cb..ff4267eb8 100644
--- a/backend/dataall/modules/worksheets/db/repositories.py
+++ b/backend/dataall/modules/worksheets/db/repositories.py
@@ -27,7 +27,7 @@ def count_resources(session, environment, group_uri) -> int:
     @staticmethod
     def find_worksheet_by_uri(session, uri) -> Worksheet:
         return session.query(Worksheet).get(uri)
-    
+
     @staticmethod
     def query_user_worksheets(session, username, groups, filter) -> Query:
         query = session.query(Worksheet).filter(
diff --git a/backend/dataall/modules/worksheets/services/worksheet_permissions.py b/backend/dataall/modules/worksheets/services/worksheet_permissions.py
index c255c1238..cad183f42 100644
--- a/backend/dataall/modules/worksheets/services/worksheet_permissions.py
+++ b/backend/dataall/modules/worksheets/services/worksheet_permissions.py
@@ -37,4 +37,4 @@
 ENVIRONMENT_ALL.append(RUN_ATHENA_QUERY)
 
 RESOURCES_ALL.append(RUN_ATHENA_QUERY)
-RESOURCES_ALL_WITH_DESC[RUN_ATHENA_QUERY] = RUN_ATHENA_QUERY
\ No newline at end of file
+RESOURCES_ALL_WITH_DESC[RUN_ATHENA_QUERY] = RUN_ATHENA_QUERY
diff --git a/backend/dataall/modules/worksheets/services/worksheet_services.py b/backend/dataall/modules/worksheets/services/worksheet_services.py
index 22abbf27a..9947f0f9b 100644
--- a/backend/dataall/modules/worksheets/services/worksheet_services.py
+++ b/backend/dataall/modules/worksheets/services/worksheet_services.py
@@ -25,11 +25,9 @@ def get_worksheet_by_uri(session, uri: str) -> Worksheet:
             raise exceptions.ObjectNotFound('Worksheet', uri)
         return worksheet
 
-
     @staticmethod
     @has_tenant_permission(MANAGE_WORKSHEETS)
-    def create_worksheet(
-        session, username, uri, data=None) -> Worksheet:
+    def create_worksheet(session, username, uri, data=None) -> Worksheet:
         worksheet = Worksheet(
             owner=username,
             label=data.get('label'),
diff --git a/backend/dataall/searchproxy/base_indexer.py b/backend/dataall/searchproxy/base_indexer.py
index 4f1f75322..5c6ae943e 100644
--- a/backend/dataall/searchproxy/base_indexer.py
+++ b/backend/dataall/searchproxy/base_indexer.py
@@ -71,4 +71,3 @@ def _get_target_glossary_terms(session, target_uri):
             )
         )
         return [t.path for t in q]
-
diff --git a/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py b/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py
index 7c1d13d1f..0e1aef85e 100644
--- a/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py
+++ b/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py
@@ -141,17 +141,17 @@ def downgrade():
         session.add_all(envs)
         op.drop_table("environment_parameters")
         op.create_table(
-                'worksheet_share',
-                sa.Column('worksheetShareUri', sa.String(), nullable=False),
-                sa.Column('worksheetUri', sa.String(), nullable=False),
-                sa.Column('principalId', sa.String(), nullable=False),
-                sa.Column('principalType', sa.String(), nullable=False),
-                sa.Column('canEdit', sa.Boolean(), nullable=True),
-                sa.Column('owner', sa.String(), nullable=False),
-                sa.Column('created', sa.DateTime(), nullable=True),
-                sa.Column('updated', sa.DateTime(), nullable=True),
-                sa.PrimaryKeyConstraint('worksheetShareUri'),
-            )
+            'worksheet_share',
+            sa.Column('worksheetShareUri', sa.String(), nullable=False),
+            sa.Column('worksheetUri', sa.String(), nullable=False),
+            sa.Column('principalId', sa.String(), nullable=False),
+            sa.Column('principalType', sa.String(), nullable=False),
+            sa.Column('canEdit', sa.Boolean(), nullable=True),
+            sa.Column('owner', sa.String(), nullable=False),
+            sa.Column('created', sa.DateTime(), nullable=True),
+            sa.Column('updated', sa.DateTime(), nullable=True),
+            sa.PrimaryKeyConstraint('worksheetShareUri'),
+        )
 
     except Exception as ex:
         print(f"Failed to execute the rollback script due to: {ex}")

From 53037720d61a012c376b8605debfc48c974c8826 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 19 May 2023 12:15:11 +0200
Subject: [PATCH 209/346] Moved queries to repositories

---
 .../db/share_object_repository.py             |  31 +-
 .../tasks/dataset_subscription_task.py        | 304 ++++++------------
 2 files changed, 116 insertions(+), 219 deletions(-)

diff --git a/backend/dataall/modules/dataset_sharing/db/share_object_repository.py b/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
index 27a813d1a..3a74abea6 100644
--- a/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
+++ b/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
@@ -660,9 +660,7 @@ def update_share_item_status_batch(
 
     @staticmethod
     def get_share_data(session, share_uri):
-        share: ShareObject = session.query(ShareObject).get(share_uri)
-        if not share:
-            raise exceptions.ObjectNotFound('Share', share_uri)
+        share: ShareObject = ShareObjectRepository.get_share_by_uri(session, share_uri)
 
         dataset: Dataset = DatasetRepository.get_dataset_by_uri(session, share.datasetUri)
 
@@ -721,9 +719,7 @@ def get_share_data(session, share_uri):
 
     @staticmethod
     def get_share_data_items(session, share_uri, status):
-        share: ShareObject = session.query(ShareObject).get(share_uri)
-        if not share:
-            raise exceptions.ObjectNotFound('Share', share_uri)
+        share: ShareObject = ShareObjectRepository.get_share_by_uri(session, share_uri)
 
         tables = ShareObjectRepository._find_all_share_item(
             session, share, status, DatasetTable, DatasetTable.tableUri
@@ -1038,3 +1034,26 @@ def paginate_shared_datasets(session, env_uri, group_uri, data):
         return paginate(
             query=q, page=data.get('page', 1), page_size=data.get('pageSize', 10)
         ).to_dict()
+
+    @staticmethod
+    def find_share_items_by_item_uri(session, item_uri):
+        return (
+            session.query(ShareObjectItem)
+            .filter(ShareObjectItem.itemUri == item_uri)
+            .all()
+        )
+
+    @staticmethod
+    def get_approved_share_object(session, item):
+        share_object: ShareObject = (
+            session.query(ShareObject)
+            .filter(
+                and_(
+                    ShareObject.shareUri == item.shareUri,
+                    ShareObject.status == ShareObjectStatus.Approved.value,
+                )
+            )
+            .first()
+        )
+        return share_object
+
diff --git a/backend/dataall/modules/datasets/tasks/dataset_subscription_task.py b/backend/dataall/modules/datasets/tasks/dataset_subscription_task.py
index 6d4c42fe2..85b02a2ae 100644
--- a/backend/dataall/modules/datasets/tasks/dataset_subscription_task.py
+++ b/backend/dataall/modules/datasets/tasks/dataset_subscription_task.py
@@ -4,7 +4,6 @@
 import sys
 
 from botocore.exceptions import ClientError
-from sqlalchemy import and_
 
 from dataall import db
 from dataall.aws.handlers.service_handlers import Worker
@@ -12,9 +11,10 @@
 from dataall.aws.handlers.sqs import SqsQueue
 from dataall.db import get_engine
 from dataall.db import models
-from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
-from dataall.modules.datasets.db.dataset_profiling_repository import DatasetProfilingRepository
+from dataall.modules.dataset_sharing.db.models import ShareObjectItem
+from dataall.modules.dataset_sharing.db.share_object_repository import ShareObjectRepository
 from dataall.modules.dataset_sharing.services.share_notification_service import ShareNotificationService
+from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.tasks.subscriptions import poll_queues
 from dataall.utils import json_utils
 from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
@@ -29,8 +29,8 @@
 
 
 class DatasetSubscriptionService:
-    def __init__(self):
-        pass
+    def __init__(self, engine):
+        self.engine = engine
 
     @staticmethod
     def get_environments(engine):
@@ -52,61 +52,34 @@ def get_queues(environments: [models.Environment]):
             )
         return queues
 
-    @staticmethod
-    def notify_consumers(engine, messages):
-
+    def notify_consumers(self, engine, messages):
         log.info(f'Notifying consumers with messages {messages}')
 
         with engine.scoped_session() as session:
-
             for message in messages:
-
-                DatasetSubscriptionService.publish_table_update_message(engine, message)
-
-                DatasetSubscriptionService.publish_location_update_message(session, message)
+                self.publish_table_update_message(session, message)
+                self.publish_location_update_message(session, message)
 
         return True
 
-    @staticmethod
-    def publish_table_update_message(engine, message):
-        with engine.scoped_session() as session:
-            table: DatasetTable = DatasetTableRepository.get_table_by_s3_prefix(
-                session,
-                message.get('prefix'),
-                message.get('accountid'),
-                message.get('region'),
+    def publish_table_update_message(self, session, message):
+        table: DatasetTable = DatasetTableRepository.get_table_by_s3_prefix(
+            session,
+            message.get('prefix'),
+            message.get('accountid'),
+            message.get('region'),
+        )
+        if not table:
+            log.info(f'No table for message {message}')
+        else:
+            log.info(
+                f'Found table {table.tableUri}|{table.GlueTableName}|{table.S3Prefix}'
             )
-            if not table:
-                log.info(f'No table for message {message}')
-            else:
-                log.info(
-                    f'Found table {table.tableUri}|{table.GlueTableName}|{table.S3Prefix}'
-                )
 
-                dataset: Dataset = session.query(Dataset).get(
-                    table.datasetUri
-                )
-                log.info(
-                    f'Found dataset {dataset.datasetUri}|{dataset.environmentUri}|{dataset.AwsAccountId}'
-                )
-                share_items: [ShareObjectItem] = (
-                    session.query(ShareObjectItem)
-                    .filter(ShareObjectItem.itemUri == table.tableUri)
-                    .all()
-                )
-                log.info(f'Found shared items for table {share_items}')
-
-                return DatasetSubscriptionService.publish_sns_message(
-                    engine,
-                    message,
-                    dataset,
-                    share_items,
-                    table.S3Prefix,
-                    table=table,
-                )
+            message['table'] = table.GlueTableName
+            self._publish_update_message(session, message, table, table)
 
-    @staticmethod
-    def publish_location_update_message(session, message):
+    def publish_location_update_message(self, session, message):
         location: DatasetStorageLocation = (
             DatasetLocationRepository.get_location_by_s3_prefix(
                 session,
@@ -120,161 +93,79 @@ def publish_location_update_message(session, message):
 
         else:
             log.info(f'Found location {location.locationUri}|{location.S3Prefix}')
+            self._publish_update_message(session, message, location)
 
-            dataset: Dataset = session.query(Dataset).get(
-                location.datasetUri
-            )
-            log.info(
-                f'Found dataset {dataset.datasetUri}|{dataset.environmentUri}|{dataset.AwsAccountId}'
-            )
-            share_items: [ShareObjectItem] = (
-                session.query(ShareObjectItem)
-                .filter(ShareObjectItem.itemUri == location.locationUri)
-                .all()
-            )
-            log.info(f'Found shared items for location {share_items}')
-
-            return DatasetSubscriptionService.publish_sns_message(
-                session, message, dataset, share_items, location.S3Prefix
-            )
-
-    @staticmethod
-    def store_dataquality_results(session, message):
-
-        table: DatasetTable = DatasetTableRepository.get_table_by_s3_prefix(
-            session,
-            message.get('prefix'),
-            message.get('accountid'),
-            message.get('region'),
-        )
-
-        run = DatasetProfilingRepository.start_profiling(
-            session=session,
-            datasetUri=table.datasetUri,
-            GlueTableName=table.GlueTableName,
-            tableUri=table.tableUri,
-        )
-
-        run.status = 'SUCCEEDED'
-        run.GlueTableName = table.GlueTableName
-        quality_results = message.get('dataQuality')
-
-        if message.get('datasetRegionId'):
-            quality_results['regionId'] = message.get('datasetRegionId')
-
-        if message.get('rows'):
-            quality_results['table_nb_rows'] = message.get('rows')
-
-        DatasetSubscriptionService.set_columns_type(quality_results, message)
-
-        data_types = DatasetSubscriptionService.set_data_types(message)
-
-        quality_results['dataTypes'] = data_types
-
-        quality_results['integrationDateTime'] = message.get('integrationDateTime')
-
-        results = json.dumps(json_utils.to_json(quality_results))
+    def _publish_update_message(self, session, message, entity, table: DatasetTable = None):
+        dataset: Dataset = DatasetRepository.get_dataset_by_uri(session, entity.datasetUri)
 
         log.info(
-            '>>> Stored dataQuality results received from the SNS notification: %s',
-            results,
+            f'Found dataset {dataset.datasetUri}|{dataset.environmentUri}|{dataset.AwsAccountId}'
         )
+        share_items: [ShareObjectItem] = ShareObjectRepository.find_share_items_by_item_uri(session, entity.uri())
+        log.info(f'Found shared items for location {share_items}')
 
-        run.results = results
-
-        session.commit()
-        return True
-
-    @staticmethod
-    def set_data_types(message):
-        data_types = []
-        for field in message.get('fields'):
-            added = False
-            for d in data_types:
-                if d.get('type').lower() == field[1].lower():
-                    d['count'] = d['count'] + 1
-                    added = True
-                    break
-            if not added:
-                data_types.append({'type': field[1], 'count': 1})
-        return data_types
-
-    @staticmethod
-    def set_columns_type(quality_results, message):
-        for c in quality_results.get('columns'):
-            if not c.get('Type'):
-                for field in message.get('fields'):
-                    if field[0].lower() == c['Name'].lower():
-                        c['Type'] = field[1]
+        return self.publish_sns_message(
+            session, message, dataset, share_items, entity.S3Prefix, table
+        )
 
-    @staticmethod
     def publish_sns_message(
-        engine, message, dataset, share_items, prefix, table: DatasetTable = None
+        self, session, message, dataset, share_items, prefix, table: DatasetTable = None
     ):
-        with engine.scoped_session() as session:
-            for item in share_items:
-
-                share_object = DatasetSubscriptionService.get_approved_share_object(
-                    session, item
+        for item in share_items:
+            share_object = ShareObjectRepository.get_approved_share_object(session, item)
+            if not share_object or not share_object.principalId:
+                log.error(
+                    f'Share Item with no share object or no principalId ? {item.shareItemUri}'
                 )
-
-                if not share_object or not share_object.principalId:
+            else:
+                environment = session.query(models.Environment).get(
+                    share_object.principalId
+                )
+                if not environment:
                     log.error(
-                        f'Share Item with no share object or no principalId ? {item.shareItemUri}'
+                        f'Environment of share owner was deleted ? {share_object.principalId}'
                     )
                 else:
-                    environment = session.query(models.Environment).get(
-                        share_object.principalId
+                    log.info(f'Notifying share owner {share_object.owner}')
+
+                    log.info(
+                        f'found environment {environment.environmentUri}|{environment.AwsAccountId} of share owner {share_object.owner}'
                     )
-                    if not environment:
-                        log.error(
-                            f'Environment of share owner was deleted ? {share_object.principalId}'
-                        )
-                    else:
-                        log.info(f'Notifying share owner {share_object.owner}')
 
+                    try:
                         log.info(
-                            f'found environment {environment.environmentUri}|{environment.AwsAccountId} of share owner {share_object.owner}'
+                            f'Producer message before notifications: {message}'
                         )
 
-                        try:
-
-                            if table:
-                                message['table'] = table.GlueTableName
-
-                            log.info(
-                                f'Producer message before notifications: {message}'
-                            )
-
-                            DatasetSubscriptionService.redshift_copy(
-                                engine, message, dataset, environment, table
-                            )
+                        self.redshift_copy(
+                            session, message, dataset, environment, table
+                        )
 
-                            message = {
-                                'location': prefix,
-                                'owner': dataset.owner,
-                                'message': f'Dataset owner {dataset.owner} '
-                                f'has updated the table shared with you {prefix}',
-                            }
+                        message = {
+                            'location': prefix,
+                            'owner': dataset.owner,
+                            'message': f'Dataset owner {dataset.owner} '
+                            f'has updated the table shared with you {prefix}',
+                        }
 
-                            response = DatasetSubscriptionService.sns_call(
-                                message, environment
-                            )
+                        response = DatasetSubscriptionService.sns_call(
+                            message, environment
+                        )
 
-                            log.info(f'SNS update publish response {response}')
+                        log.info(f'SNS update publish response {response}')
 
-                            notifications = ShareNotificationService.notify_new_data_available_from_owners(
-                                session=session,
-                                dataset=dataset,
-                                share=share_object,
-                                s3_prefix=prefix,
-                            )
-                            log.info(f'Notifications for share owners {notifications}')
+                        notifications = ShareNotificationService.notify_new_data_available_from_owners(
+                            session=session,
+                            dataset=dataset,
+                            share=share_object,
+                            s3_prefix=prefix,
+                        )
+                        log.info(f'Notifications for share owners {notifications}')
 
-                        except ClientError as e:
-                            log.error(
-                                f'Failed to deliver message {message} due to: {e}'
-                            )
+                    except ClientError as e:
+                        log.error(
+                            f'Failed to deliver message {message} due to: {e}'
+                        )
 
     @staticmethod
     def sns_call(message, environment):
@@ -286,9 +177,10 @@ def sns_call(message, environment):
         )
         return response
 
-    @staticmethod
+    # TODO redshift related code
     def redshift_copy(
-        engine,
+        self,
+        session,
         message,
         dataset: Dataset,
         environment: models.Environment,
@@ -299,35 +191,21 @@ def redshift_copy(
             f'{environment.environmentUri}|{dataset.datasetUri}'
             f'|{json_utils.to_json(message)}'
         )
-        with engine.scoped_session() as session:
-            task = models.Task(
-                action='redshift.subscriptions.copy',
-                targetUri=environment.environmentUri,
-                payload={
-                    'datasetUri': dataset.datasetUri,
-                    'message': json_utils.to_json(message),
-                    'tableUri': table.tableUri,
-                },
-            )
-            session.add(task)
-            session.commit()
 
-        response = Worker.queue(engine, [task.taskUri])
-        return response
-
-    @staticmethod
-    def get_approved_share_object(session, item):
-        share_object: ShareObject = (
-            session.query(ShareObject)
-            .filter(
-                and_(
-                    ShareObject.shareUri == item.shareUri,
-                    ShareObject.status == 'Approved',
-                )
-            )
-            .first()
+        task = models.Task(
+            action='redshift.subscriptions.copy',
+            targetUri=environment.environmentUri,
+            payload={
+                'datasetUri': dataset.datasetUri,
+                'message': json_utils.to_json(message),
+                'tableUri': table.tableUri,
+            },
         )
-        return share_object
+        session.add(task)
+        session.commit()
+
+        response = Worker.queue(self.engine, [task.taskUri])
+        return response
 
 
 if __name__ == '__main__':
@@ -335,7 +213,7 @@ def get_approved_share_object(session, item):
     ENGINE = get_engine(envname=ENVNAME)
     Worker.queue = SqsQueue.send
     log.info('Polling datasets updates...')
-    service = DatasetSubscriptionService()
+    service = DatasetSubscriptionService(ENGINE)
     queues = service.get_queues(service.get_environments(ENGINE))
     messages = poll_queues(queues)
     service.notify_consumers(ENGINE, messages)

From 9b3a179a95af2da964535afdc9cf3ee3c85ab7a0 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 19 May 2023 12:24:14 +0200
Subject: [PATCH 210/346] Moved queries to repositories

---
 .../db/share_object_repository.py             | 70 +++++++++++++++++
 .../datasets/tasks/bucket_policy_updater.py   | 78 +------------------
 2 files changed, 73 insertions(+), 75 deletions(-)

diff --git a/backend/dataall/modules/dataset_sharing/db/share_object_repository.py b/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
index 3a74abea6..8218529c8 100644
--- a/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
+++ b/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
@@ -1,4 +1,5 @@
 import logging
+from typing import List
 
 from sqlalchemy import and_, or_, func, case
 from sqlalchemy.orm import Query
@@ -1057,3 +1058,72 @@ def get_approved_share_object(session, item):
         )
         return share_object
 
+    @staticmethod
+    def get_shared_tables(session, dataset) -> List[ShareObjectItem]:
+        return (
+            session.query(
+                DatasetTable.GlueDatabaseName.label('GlueDatabaseName'),
+                DatasetTable.GlueTableName.label('GlueTableName'),
+                DatasetTable.S3Prefix.label('S3Prefix'),
+                DatasetTable.AWSAccountId.label('SourceAwsAccountId'),
+                DatasetTable.region.label('SourceRegion'),
+                models.Environment.AwsAccountId.label('TargetAwsAccountId'),
+                models.Environment.region.label('TargetRegion'),
+            )
+            .join(
+                ShareObjectItem,
+                and_(
+                    ShareObjectItem.itemUri == DatasetTable.tableUri
+                ),
+            )
+            .join(
+                ShareObject,
+                ShareObject.shareUri == ShareObjectItem.shareUri,
+            )
+            .join(
+                models.Environment,
+                models.Environment.environmentUri == ShareObject.environmentUri,
+            )
+            .filter(
+                and_(
+                    DatasetTable.datasetUri == dataset.datasetUri,
+                    DatasetTable.deleted.is_(None),
+                    ShareObjectItem.status == ShareObjectStatus.Approved.value,
+                )
+            )
+        ).all()
+
+    @staticmethod
+    def get_shared_folders(session, dataset) -> List[DatasetStorageLocation]:
+        return (
+            session.query(
+                DatasetStorageLocation.locationUri.label('locationUri'),
+                DatasetStorageLocation.S3BucketName.label('S3BucketName'),
+                DatasetStorageLocation.S3Prefix.label('S3Prefix'),
+                models.Environment.AwsAccountId.label('AwsAccountId'),
+                models.Environment.region.label('region'),
+            )
+            .join(
+                ShareObjectItem,
+                and_(
+                    ShareObjectItem.itemUri
+                    == DatasetStorageLocation.locationUri()
+                ),
+            )
+            .join(
+                ShareObject,
+                ShareObject.shareUri == ShareObjectItem.shareUri,
+            )
+            .join(
+                models.Environment,
+                models.Environment.environmentUri == ShareObject.environmentUri,
+            )
+            .filter(
+                and_(
+                    DatasetStorageLocation.datasetUri == dataset.datasetUri,
+                    DatasetStorageLocation.deleted.is_(None),
+                    ShareObjectItem.status == ShareObjectStatus.Approved.value,
+                )
+            )
+        ).all()
+
diff --git a/backend/dataall/modules/datasets/tasks/bucket_policy_updater.py b/backend/dataall/modules/datasets/tasks/bucket_policy_updater.py
index bfffe873c..2df2e0500 100644
--- a/backend/dataall/modules/datasets/tasks/bucket_policy_updater.py
+++ b/backend/dataall/modules/datasets/tasks/bucket_policy_updater.py
@@ -12,6 +12,7 @@
 from dataall.db import models
 from dataall.modules.dataset_sharing.db.enums import ShareObjectStatus
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
+from dataall.modules.dataset_sharing.db.share_object_repository import ShareObjectRepository
 from dataall.modules.datasets_base.db.models import DatasetStorageLocation, DatasetTable, Dataset
 
 root = logging.getLogger()
@@ -44,12 +45,12 @@ def sync_imported_datasets_bucket_policies(self):
             for dataset in imported_datasets:
                 account_prefixes = {}
 
-                shared_tables = self.get_shared_tables(dataset)
+                shared_tables = ShareObjectRepository.get_shared_tables(session, dataset)
                 log.info(
                     f'Found {len(shared_tables)} shared tables with dataset {dataset.S3BucketName}'
                 )
 
-                shared_folders = self.get_shared_folders(dataset)
+                shared_folders = ShareObjectRepository.get_shared_folders(session, dataset)
                 log.info(
                     f'Found {len(shared_folders)} shared folders with dataset {dataset.S3BucketName}'
                 )
@@ -166,79 +167,6 @@ def group_prefixes_by_accountid(cls, accountid, prefix, account_prefixes):
             account_prefixes[accountid] = [prefix]
         return account_prefixes
 
-    def get_shared_tables(self, dataset) -> typing.List[ShareObjectItem]:
-        with self.engine.scoped_session() as session:
-            tables = (
-                session.query(
-                    DatasetTable.GlueDatabaseName.label('GlueDatabaseName'),
-                    DatasetTable.GlueTableName.label('GlueTableName'),
-                    DatasetTable.S3Prefix.label('S3Prefix'),
-                    DatasetTable.AWSAccountId.label('SourceAwsAccountId'),
-                    DatasetTable.region.label('SourceRegion'),
-                    models.Environment.AwsAccountId.label('TargetAwsAccountId'),
-                    models.Environment.region.label('TargetRegion'),
-                )
-                .join(
-                    ShareObjectItem,
-                    and_(
-                        ShareObjectItem.itemUri == DatasetTable.tableUri
-                    ),
-                )
-                .join(
-                    ShareObject,
-                    ShareObject.shareUri == ShareObjectItem.shareUri,
-                )
-                .join(
-                    models.Environment,
-                    models.Environment.environmentUri
-                    == ShareObject.environmentUri,
-                )
-                .filter(
-                    and_(
-                        DatasetTable.datasetUri == dataset.datasetUri,
-                        DatasetTable.deleted.is_(None),
-                        ShareObjectItem.status == ShareObjectStatus.Approved.value,
-                    )
-                )
-            ).all()
-        return tables
-
-    def get_shared_folders(self, dataset) -> typing.List[DatasetStorageLocation]:
-        with self.engine.scoped_session() as session:
-            locations = (
-                session.query(
-                    DatasetStorageLocation.locationUri.label('locationUri'),
-                    DatasetStorageLocation.S3BucketName.label('S3BucketName'),
-                    DatasetStorageLocation.S3Prefix.label('S3Prefix'),
-                    models.Environment.AwsAccountId.label('AwsAccountId'),
-                    models.Environment.region.label('region'),
-                )
-                .join(
-                    ShareObjectItem,
-                    and_(
-                        ShareObjectItem.itemUri
-                        == DatasetStorageLocation.locationUri
-                    ),
-                )
-                .join(
-                    ShareObject,
-                    ShareObject.shareUri == ShareObjectItem.shareUri,
-                )
-                .join(
-                    models.Environment,
-                    models.Environment.environmentUri
-                    == ShareObject.environmentUri,
-                )
-                .filter(
-                    and_(
-                        DatasetStorageLocation.datasetUri == dataset.datasetUri,
-                        DatasetStorageLocation.deleted.is_(None),
-                        ShareObjectItem.status == ShareObjectStatus.Approved.value,
-                    )
-                )
-            ).all()
-        return locations
-
     @classmethod
     def init_s3_client(cls, dataset):
         session = SessionHelper.remote_session(accountid=dataset.AwsAccountId)

From 4ef4dddfb4c47d6d50bdd574c6241a3141d07092 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 19 May 2023 13:48:45 +0200
Subject: [PATCH 211/346] Fixed migration's imports

---
 .../versions/509997f0a51e_sharing_state_machines_v1_4_0.py    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/backend/migrations/versions/509997f0a51e_sharing_state_machines_v1_4_0.py b/backend/migrations/versions/509997f0a51e_sharing_state_machines_v1_4_0.py
index a5f5e74b0..14cfd3f6c 100644
--- a/backend/migrations/versions/509997f0a51e_sharing_state_machines_v1_4_0.py
+++ b/backend/migrations/versions/509997f0a51e_sharing_state_machines_v1_4_0.py
@@ -11,10 +11,10 @@
 from sqlalchemy.dialects import postgresql
 from sqlalchemy.ext.declarative import declarative_base
 
-from dataall.db import api, models, permissions, utils
-from dataall.db.models.Enums import ShareObjectStatus, ShareItemStatus
+from dataall.db import utils
 from datetime import datetime
 
+from dataall.modules.dataset_sharing.db.enums import ShareObjectStatus, ShareItemStatus
 
 # revision identifiers, used by Alembic.
 revision = '509997f0a51e'

From 2b7fd448f72c082de4ea58932b070d193d3aee33 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 19 May 2023 13:50:42 +0200
Subject: [PATCH 212/346] Fixed linting

---
 .../modules/dataset_sharing/db/share_object_repository.py        | 1 -
 1 file changed, 1 deletion(-)

diff --git a/backend/dataall/modules/dataset_sharing/db/share_object_repository.py b/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
index 8218529c8..a1fec68ae 100644
--- a/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
+++ b/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
@@ -1126,4 +1126,3 @@ def get_shared_folders(session, dataset) -> List[DatasetStorageLocation]:
                 )
             )
         ).all()
-

From 4fc225ca78fd4c09b8cba7d4d0499b06fd8c6605 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 19 May 2023 14:01:33 +0200
Subject: [PATCH 213/346] Fixed tests

---
 .../modules/dataset_sharing/db/share_object_repository.py      | 3 +--
 tests/modules/datasets/tasks/test_dataset_subscriptions.py     | 2 +-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/backend/dataall/modules/dataset_sharing/db/share_object_repository.py b/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
index a1fec68ae..ef7044283 100644
--- a/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
+++ b/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
@@ -1106,8 +1106,7 @@ def get_shared_folders(session, dataset) -> List[DatasetStorageLocation]:
             .join(
                 ShareObjectItem,
                 and_(
-                    ShareObjectItem.itemUri
-                    == DatasetStorageLocation.locationUri()
+                    ShareObjectItem.itemUri == DatasetStorageLocation.locationUri
                 ),
             )
             .join(
diff --git a/tests/modules/datasets/tasks/test_dataset_subscriptions.py b/tests/modules/datasets/tasks/test_dataset_subscriptions.py
index b27df8462..ee01b2b97 100644
--- a/tests/modules/datasets/tasks/test_dataset_subscriptions.py
+++ b/tests/modules/datasets/tasks/test_dataset_subscriptions.py
@@ -141,7 +141,7 @@ def test_subscriptions(org, env, otherenv, db, dataset, share, mocker):
         'dataall.modules.datasets.tasks.dataset_subscription_task.DatasetSubscriptionService.sns_call',
         return_value=True,
     )
-    subscriber = DatasetSubscriptionService()
+    subscriber = DatasetSubscriptionService(db)
     messages = [
         {
             'prefix': 's3://dataset/testtable/csv/',

From 3b85ad2acc8fd1107d7caf60d714e89b10130595 Mon Sep 17 00:00:00 2001
From: kukushking <kukushkin.anton@gmail.com>
Date: Mon, 22 May 2023 08:25:17 +0100
Subject: [PATCH 214/346] Fix lambda/ECS IAM permissions for AOSS (#467)

### Feature or Bugfix
- Bugfix

### Detail
- Add "aoss:APIAccessAll" to lambda/ECS task IAM roles required since
May 10th (see message below). Fixes 403 errors from APIs.

```
[Action required] Amazon OpenSearch Serverless requires mandatory IAM permission for access to resources
Starting May 10th, 2023, OpenSearch Serverless is mandating two new IAM permissions for collection resources. The two IAM permissions are "aoss:APIAccessAll" for Data Plane API access, and "aoss:DashboardsAccessAll" for Dashboards access from the browser.
You are required to add these two IAM permissions for your OpenSearch Serverless "aoss:APIAccessAll" for Data Plane API access, and "aoss:DashboardsAccessAll" for Dashboards access. You must complete this action by May 9th, 2023. Failure to add the two new IAM permissions will result in 403 errors starting on May 10th, 2023
For a sample data-plane policy [here](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/security-iam-serverless.html#security_iam_id-based-policy-examples-data-plane.html)
If you have any questions or concerns, please contact [AWS Support](https://aws.amazon.com/support)
```
By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.
---
 deploy/stacks/container.py  | 8 ++++++++
 deploy/stacks/lambda_api.py | 8 ++++++++
 2 files changed, 16 insertions(+)

diff --git a/deploy/stacks/container.py b/deploy/stacks/container.py
index a667c6898..997ad5d76 100644
--- a/deploy/stacks/container.py
+++ b/deploy/stacks/container.py
@@ -426,6 +426,14 @@ def create_task_role(self, envname, resource_prefix, pivot_role_name):
                     ],
                     resources=['*'],
                 ),
+                iam.PolicyStatement(
+                    actions=[
+                        'aoss:APIAccessAll',
+                    ],
+                    resources=[
+                        f'arn:aws:aoss:{self.region}:{self.account}:collection/*',
+                    ],
+                ),
             ],
         )
         task_role = iam.Role(
diff --git a/deploy/stacks/lambda_api.py b/deploy/stacks/lambda_api.py
index 19b42e754..95c670f78 100644
--- a/deploy/stacks/lambda_api.py
+++ b/deploy/stacks/lambda_api.py
@@ -243,6 +243,14 @@ def create_function_role(self, envname, resource_prefix, fn_name, pivot_role_nam
                     ],
                     resources=['*'],
                 ),
+                iam.PolicyStatement(
+                    actions=[
+                        'aoss:APIAccessAll',
+                    ],
+                    resources=[
+                        f'arn:aws:aoss:{self.region}:{self.account}:collection/*',
+                    ],
+                ),
             ],
         )
         role = iam.Role(

From 3097a3a30a7fd8981b409a1f7fcd1463881344c9 Mon Sep 17 00:00:00 2001
From: Rick Bernotas <97474536+rbernotas@users.noreply.github.com>
Date: Mon, 22 May 2023 03:41:49 -0500
Subject: [PATCH 215/346] 465 - Update Aurora default Parameter Group to
 'default.aurora-postgresql11'. (#466)

### Feature or Bugfix
- Bugfix

### Detail
- Update Aurora default Parameter Group to
'default.aurora-postgresql11'. Fixes an issue where the Aurora nested
stack deploy in the data.all backend deploy would fail and/or block
indefinitely due to 'default.aurora-postgresql10' mismatch with version
11 of the Aurora database engine.

### Relates
- https://github.com/awslabs/aws-dataall/issues/465

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.

Authored-by: rbernota <rbernota@yahooinc.com>
---
 deploy/stacks/aurora.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/deploy/stacks/aurora.py b/deploy/stacks/aurora.py
index 9e66d3684..5a96bea1a 100644
--- a/deploy/stacks/aurora.py
+++ b/deploy/stacks/aurora.py
@@ -125,7 +125,7 @@ def __init__(
             deletion_protection=True,
             cluster_identifier=f'{resource_prefix}-{envname}-db',
             parameter_group=rds.ParameterGroup.from_parameter_group_name(
-                self, 'ParameterGroup', 'default.aurora-postgresql10'
+                self, 'ParameterGroup', 'default.aurora-postgresql11'
             ),
             enable_data_api=True,
             default_database_name=f'{envname}db',

From efc06dd7ed08a190938f58b1e83f2842398a36d2 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 22 May 2023 16:31:59 +0200
Subject: [PATCH 216/346] User requests. Deleted TODOs

---
 .../modules/dataset_sharing/services/share_object_service.py    | 2 --
 1 file changed, 2 deletions(-)

diff --git a/backend/dataall/modules/dataset_sharing/services/share_object_service.py b/backend/dataall/modules/dataset_sharing/services/share_object_service.py
index a185443d6..b75b87f02 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_object_service.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_object_service.py
@@ -266,7 +266,6 @@ def resolve_share_object_statistics(uri):
 
     @staticmethod
     def list_shares_in_my_inbox(filter: dict):
-        # TODO THERE WAS NO PERMISSION CHECK
         context = get_context()
         with context.db_engine.scoped_session() as session:
             return ShareObjectRepository.list_user_received_share_requests(
@@ -278,7 +277,6 @@ def list_shares_in_my_inbox(filter: dict):
 
     @staticmethod
     def list_shares_in_my_outbox(filter):
-        # TODO THERE WAS NO PERMISSION CHECK
         context = get_context()
         with context.db_engine.scoped_session() as session:
             return ShareObjectRepository.list_user_sent_share_requests(

From c11082d0b1c793a9321996bbf09dc952e0ed4930 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 22 May 2023 16:32:51 +0200
Subject: [PATCH 217/346] Fixed loading issue

---
 backend/dataall/modules/loader.py             | 2 +-
 backend/dataall/modules/notebooks/__init__.py | 3 ++-
 backend/local_graphql_server.py               | 4 ++--
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/backend/dataall/modules/loader.py b/backend/dataall/modules/loader.py
index a625681bb..d925bde7c 100644
--- a/backend/dataall/modules/loader.py
+++ b/backend/dataall/modules/loader.py
@@ -198,7 +198,7 @@ def _check_loading_correct(in_config: Set[str], modes: Set[ImportMode]):
     """
     expected_load = set()
     for module in _all_modules():
-        if module.name() in in_config:
+        if module.is_supported(modes) and module.name() in in_config:
             expected_load.add(module)
 
     to_add = list(expected_load)
diff --git a/backend/dataall/modules/notebooks/__init__.py b/backend/dataall/modules/notebooks/__init__.py
index 0241bd2be..f272fb7ac 100644
--- a/backend/dataall/modules/notebooks/__init__.py
+++ b/backend/dataall/modules/notebooks/__init__.py
@@ -5,7 +5,6 @@
 from dataall.db.api import TargetType
 from dataall.modules.loader import ImportMode, ModuleInterface
 from dataall.modules.notebooks.db.repositories import NotebookRepository
-from dataall.modules.sagemaker_base import SagemakerCdkModuleInterface
 
 log = logging.getLogger(__name__)
 
@@ -35,6 +34,8 @@ def is_supported(modes):
 
     @staticmethod
     def depends_on() -> List[Type['ModuleInterface']]:
+        from dataall.modules.sagemaker_base import SagemakerCdkModuleInterface
+
         return [SagemakerCdkModuleInterface]
 
     def __init__(self):
diff --git a/backend/local_graphql_server.py b/backend/local_graphql_server.py
index 114fdce4b..428387994 100644
--- a/backend/local_graphql_server.py
+++ b/backend/local_graphql_server.py
@@ -8,8 +8,6 @@
 from flask_cors import CORS
 
 from dataall import db
-
-sts = boto3.client('sts', region_name='eu-west-1')
 from dataall.api import get_executable_schema
 from dataall.aws.handlers.service_handlers import Worker
 from dataall.db import get_engine, Base, create_schema_and_tables, init_permissions, api
@@ -23,6 +21,8 @@
 logger = logging.getLogger('graphql')
 logger.propagate = False
 logger.setLevel(logging.INFO)
+
+sts = boto3.client('sts', region_name='eu-west-1')
 Worker.queue = Worker.process
 ENVNAME = os.getenv('envname', 'local')
 logger.warning(f'Connecting to database `{ENVNAME}`')

From 3b2fb48f6f2b1e5126361b3dd2d26d0fd58b709f Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 22 May 2023 17:05:03 +0200
Subject: [PATCH 218/346] Fixed loading issue with redshift. Added more
 comments and removed imports

---
 backend/dataall/aws/handlers/redshift.py            |  5 +++--
 backend/dataall/db/api/redshift_cluster.py          | 13 +++++++++++--
 .../datasets/db/dataset_location_repository.py      |  6 ------
 backend/dataall/modules/loader.py                   |  8 ++++++--
 4 files changed, 20 insertions(+), 12 deletions(-)

diff --git a/backend/dataall/aws/handlers/redshift.py b/backend/dataall/aws/handlers/redshift.py
index 7bb1e096d..0810cbc09 100644
--- a/backend/dataall/aws/handlers/redshift.py
+++ b/backend/dataall/aws/handlers/redshift.py
@@ -9,8 +9,6 @@
 from .sts import SessionHelper
 from ... import db
 from ...db import models
-# TODO should be migrated in the redshift module
-from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
 from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 from ...modules.datasets_base.db.dataset_repository import DatasetRepository
 
@@ -440,6 +438,9 @@ def update_cluster_roles(engine, task: models.Task):
     @staticmethod
     @Worker.handler(path='redshift.subscriptions.copy')
     def copy_data(engine, task: models.Task):
+        # TODO should be migrated in the redshift module
+        from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
+
         with engine.scoped_session() as session:
 
             environment: models.Environment = session.query(models.Environment).get(
diff --git a/backend/dataall/db/api/redshift_cluster.py b/backend/dataall/db/api/redshift_cluster.py
index 15222738b..9f0e31fab 100644
--- a/backend/dataall/db/api/redshift_cluster.py
+++ b/backend/dataall/db/api/redshift_cluster.py
@@ -10,8 +10,6 @@
     NamingConventionPattern,
 )
 from dataall.utils.slugify import slugify
-from dataall.modules.dataset_sharing.db.models import ShareObject, ShareObjectItem
-from dataall.modules.dataset_sharing.db.share_object_repository import ShareItemSM
 
 log = logging.getLogger(__name__)
 
@@ -183,6 +181,11 @@ def get_redshift_cluster_by_uri(session, uri) -> models.RedshiftCluster:
     def list_available_datasets(
         session, username, groups, uri: str, data: dict = None, check_perm=None
     ):
+
+        # TODO deal with it in redshift module
+        from dataall.modules.dataset_sharing.db.models import ShareObject, ShareObjectItem
+        from dataall.modules.dataset_sharing.db.share_object_repository import ShareItemSM
+
         cluster: models.RedshiftCluster = RedshiftCluster.get_redshift_cluster_by_uri(
             session, uri
         )
@@ -298,9 +301,15 @@ def list_cluster_datasets(
     def list_available_cluster_tables(
         session, username, groups, uri: str, data: dict = None, check_perm=None
     ):
+
+        # TODO deal with it in redshift module
+        from dataall.modules.dataset_sharing.db.models import ShareObject, ShareObjectItem
+        from dataall.modules.dataset_sharing.db.share_object_repository import ShareItemSM
+
         cluster: models.RedshiftCluster = RedshiftCluster.get_redshift_cluster_by_uri(
             session, uri
         )
+
         share_item_shared_states = ShareItemSM.get_share_item_shared_states()
 
         shared = (
diff --git a/backend/dataall/modules/datasets/db/dataset_location_repository.py b/backend/dataall/modules/datasets/db/dataset_location_repository.py
index d5aaed547..bfac95845 100644
--- a/backend/dataall/modules/datasets/db/dataset_location_repository.py
+++ b/backend/dataall/modules/datasets/db/dataset_location_repository.py
@@ -2,14 +2,8 @@
 
 from sqlalchemy import and_, or_
 
-from dataall.core.context import get_context
-from dataall.db.api import Glossary
 from dataall.db import paginate, exceptions
-from dataall.modules.dataset_sharing.db.models import ShareObjectItem
-from dataall.modules.dataset_sharing.db.share_object_repository import ShareItemSM
-from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base.db.models import DatasetStorageLocation, Dataset
-from dataall.modules.datasets.services.dataset_permissions import DELETE_DATASET_FOLDER
 
 logger = logging.getLogger(__name__)
 
diff --git a/backend/dataall/modules/loader.py b/backend/dataall/modules/loader.py
index d925bde7c..20f698cef 100644
--- a/backend/dataall/modules/loader.py
+++ b/backend/dataall/modules/loader.py
@@ -197,10 +197,12 @@ def _check_loading_correct(in_config: Set[str], modes: Set[ImportMode]):
     some functionality may work wrongly.
     """
     expected_load = set()
+    # 1) Adds all modules to load
     for module in _all_modules():
         if module.is_supported(modes) and module.name() in in_config:
             expected_load.add(module)
 
+    # 2) Add all dependencies
     to_add = list(expected_load)
     while to_add:
         new_to_add = []
@@ -215,6 +217,7 @@ def _check_loading_correct(in_config: Set[str], modes: Set[ImportMode]):
                     new_to_add.append(dependency)
         to_add = new_to_add
 
+    # 3) Checks all found ModuleInterfaces
     for module in _all_modules():
         if module.is_supported(modes) and module not in expected_load:
             raise ImportError(
@@ -222,11 +225,12 @@ def _check_loading_correct(in_config: Set[str], modes: Set[ImportMode]):
                 "Declare the module in depends_on"
             )
 
-    loaded_module_names = {module.name() for module in expected_load}
+    # 4) Checks all references for modules (when ModuleInterfaces don't exist or not supported)
+    checked_module_names = {module.name() for module in expected_load} | in_config
     for module in sys.modules.keys():
         if module.startswith(_MODULE_PREFIX) and module != __name__:  # skip loader
             name = _get_module_name(module)
-            if name and name not in loaded_module_names:
+            if name and name not in checked_module_names:
                 raise ImportError(f"The package {module} has been imported, but it doesn't contain ModuleInterface")
 
 

From a1c51568f0ee1da34d0405116ce558855f42052c Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 22 May 2023 17:20:41 +0200
Subject: [PATCH 219/346] DatasetSummary is not used

---
 .../modules/datasets/api/dataset/mutations.py |  12 --
 .../modules/datasets/api/dataset/queries.py   |  10 --
 .../modules/datasets/api/dataset/resolvers.py |  10 --
 .../datasets/services/dataset_service.py      |  54 ------
 frontend/src/api/Dataset/getDatasetSummary.js |  14 --
 .../src/api/Dataset/saveDatasetSummary.js     |  15 --
 frontend/src/views/Datasets/DatasetSummary.js | 156 ------------------
 7 files changed, 271 deletions(-)
 delete mode 100644 frontend/src/api/Dataset/getDatasetSummary.js
 delete mode 100644 frontend/src/api/Dataset/saveDatasetSummary.js
 delete mode 100644 frontend/src/views/Datasets/DatasetSummary.js

diff --git a/backend/dataall/modules/datasets/api/dataset/mutations.py b/backend/dataall/modules/datasets/api/dataset/mutations.py
index a006797ce..c2e5364f4 100644
--- a/backend/dataall/modules/datasets/api/dataset/mutations.py
+++ b/backend/dataall/modules/datasets/api/dataset/mutations.py
@@ -9,7 +9,6 @@
     update_dataset,
     sync_tables,
     generate_dataset_access_token,
-    save_dataset_summary,
     delete_dataset,
     import_dataset,
     publish_dataset_update,
@@ -51,17 +50,6 @@
 )
 
 
-saveDatasetSummary = gql.MutationField(
-    name='saveDatasetSummary',
-    args=[
-        gql.Argument(name='datasetUri', type=gql.NonNullableType(gql.String)),
-        gql.Argument(name='content', type=gql.String),
-    ],
-    type=gql.Boolean,
-    resolver=save_dataset_summary,
-)
-
-
 deleteDataset = gql.MutationField(
     name='deleteDataset',
     args=[
diff --git a/backend/dataall/modules/datasets/api/dataset/queries.py b/backend/dataall/modules/datasets/api/dataset/queries.py
index 1d1cdb137..17295505a 100644
--- a/backend/dataall/modules/datasets/api/dataset/queries.py
+++ b/backend/dataall/modules/datasets/api/dataset/queries.py
@@ -5,7 +5,6 @@
     list_datasets,
     get_dataset_assume_role_url,
     get_dataset_etl_credentials,
-    get_dataset_summary,
     get_file_upload_presigned_url,
     list_dataset_share_objects,
     list_datasets_owned_by_env_group,
@@ -49,15 +48,6 @@
 )
 
 
-getDatasetSummary = gql.QueryField(
-    name='getDatasetSummary',
-    args=[gql.Argument(name='datasetUri', type=gql.NonNullableType(gql.String))],
-    type=gql.String,
-    resolver=get_dataset_summary,
-    test_scope='Dataset',
-)
-
-
 getDatasetPresignedUrl = gql.QueryField(
     name='getDatasetPresignedUrl',
     args=[
diff --git a/backend/dataall/modules/datasets/api/dataset/resolvers.py b/backend/dataall/modules/datasets/api/dataset/resolvers.py
index 388be6861..6af8c67e5 100644
--- a/backend/dataall/modules/datasets/api/dataset/resolvers.py
+++ b/backend/dataall/modules/datasets/api/dataset/resolvers.py
@@ -150,16 +150,6 @@ def generate_dataset_access_token(context, source, datasetUri: str = None):
     return DatasetService.generate_dataset_access_token(uri=datasetUri)
 
 
-def get_dataset_summary(context, source, datasetUri: str = None):
-    return DatasetService.get_dataset_summary(uri=datasetUri)
-
-
-def save_dataset_summary(
-    context: Context, source, datasetUri: str = None, content: str = None
-):
-    return DatasetService.save_dataset_summary(uri=datasetUri, content=content)
-
-
 def get_dataset_stack(context: Context, source: Dataset, **kwargs):
     if not source:
         return None
diff --git a/backend/dataall/modules/datasets/services/dataset_service.py b/backend/dataall/modules/datasets/services/dataset_service.py
index 3ba1cac19..891890100 100644
--- a/backend/dataall/modules/datasets/services/dataset_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_service.py
@@ -339,60 +339,6 @@ def generate_dataset_access_token(uri):
 
         return json.dumps(credentials)
 
-    @staticmethod
-    def get_dataset_summary(uri: str):
-        # TODO THERE WAS NO PERMISSION CHECK!!!
-        with get_context().db_engine.scoped_session() as session:
-            dataset = DatasetRepository.get_dataset_by_uri(session, uri)
-            environment = Environment.get_environment_by_uri(
-                session, dataset.environmentUri
-            )
-
-            pivot_session = SessionHelper.remote_session(dataset.AwsAccountId)
-            env_admin_session = SessionHelper.get_session(
-                base_session=pivot_session,
-                role_arn=environment.EnvironmentDefaultIAMRoleArn,
-            )
-            s3 = env_admin_session.client('s3', region_name=dataset.region)
-
-            try:
-                s3.head_object(
-                    Bucket=environment.EnvironmentDefaultBucketName,
-                    Key=f'summary/{uri}/summary.md',
-                )
-                response = s3.get_object(
-                    Bucket=environment.EnvironmentDefaultBucketName,
-                    Key=f'summary/{uri}/summary.md',
-                )
-                content = str(response['Body'].read().decode('utf-8'))
-                return content
-            except Exception as e:
-                raise e
-
-    @staticmethod
-    @has_resource_permission(SUMMARY_DATASET)
-    def save_dataset_summary(uri: str, content: str):
-        context = get_context()
-        with context.db_engine.scoped_session() as session:
-            dataset = DatasetRepository.get_dataset_by_uri(session, uri)
-            environment = Environment.get_environment_by_uri(
-                session, dataset.environmentUri
-            )
-
-            pivot_session = SessionHelper.remote_session(dataset.AwsAccountId)
-            env_admin_session = SessionHelper.get_session(
-                base_session=pivot_session,
-                role_arn=environment.EnvironmentDefaultIAMRoleArn,
-            )
-            s3 = env_admin_session.client('s3', region_name=dataset.region)
-
-            s3.put_object(
-                Bucket=environment.EnvironmentDefaultBucketName,
-                Key=f'summary/{uri}/summary.md',
-                Body=content,
-            )
-        return True
-
     @staticmethod
     def get_dataset_stack(dataset: Dataset):
         return stack_helper.get_stack_with_cfn_resources(
diff --git a/frontend/src/api/Dataset/getDatasetSummary.js b/frontend/src/api/Dataset/getDatasetSummary.js
deleted file mode 100644
index 0e6ae38d1..000000000
--- a/frontend/src/api/Dataset/getDatasetSummary.js
+++ /dev/null
@@ -1,14 +0,0 @@
-import { gql } from 'apollo-boost';
-
-const getDatasetSummary = (datasetUri) => ({
-  variables: {
-    datasetUri
-  },
-  query: gql`
-    query GetDatasetSummary($datasetUri: String!) {
-      getDatasetSummary(datasetUri: $datasetUri)
-    }
-  `
-});
-
-export default getDatasetSummary;
diff --git a/frontend/src/api/Dataset/saveDatasetSummary.js b/frontend/src/api/Dataset/saveDatasetSummary.js
deleted file mode 100644
index 46f508919..000000000
--- a/frontend/src/api/Dataset/saveDatasetSummary.js
+++ /dev/null
@@ -1,15 +0,0 @@
-import { gql } from 'apollo-boost';
-
-const saveDatasetSummary = ({ datasetUri, content }) => ({
-  variables: {
-    datasetUri,
-    content
-  },
-  mutation: gql`
-    mutation SaveDatasetSummary($datasetUri: String!, $content: String) {
-      saveDatasetSummary(datasetUri: $datasetUri, content: $content)
-    }
-  `
-});
-
-export default saveDatasetSummary;
diff --git a/frontend/src/views/Datasets/DatasetSummary.js b/frontend/src/views/Datasets/DatasetSummary.js
deleted file mode 100644
index d68a29ad3..000000000
--- a/frontend/src/views/Datasets/DatasetSummary.js
+++ /dev/null
@@ -1,156 +0,0 @@
-/* import Markdown from 'react-markdown/with-html';
-import { Box, Button, CircularProgress, Container, Paper } from '@mui/material';
-import PropTypes from 'prop-types';
-import { useEffect, useState } from 'react';
-import { useSnackbar } from 'notistack';
-import { styled } from '@mui/styles';
-import { LoadingButton } from '@mui/lab';
-import SimpleMDE from 'react-simplemde-editor';
-import useClient from '../../hooks/useClient';
-import { useDispatch } from '../../store';
-import { SET_ERROR } from '../../store/errorReducer';
-import getDatasetSummary from '../../api/Dataset/getDatasetSummary';
-import saveDatasetSummary from '../../api/Dataset/saveDatasetSummary';
-import PencilAlt from '../../icons/PencilAlt';
-
-const MarkdownWrapper = styled('div')(({ theme }) => ({
-  color: theme.palette.text.primary,
-  fontFamily: theme.typography.fontFamily,
-  '& p': {
-    marginBottom: theme.spacing(2)
-  }
-}));
-const DatasetSummary = (props) => {
-  const { dataset } = props;
-  const client = useClient();
-  const dispatch = useDispatch();
-  const { enqueueSnackbar } = useSnackbar();
-  const [content, setContent] = useState('');
-  const [isEditorMode, setIsEditorMode] = useState(false);
-  const [ready, setReady] = useState(false);
-  // const canEdit = ['BusinessOwner', 'Admin', 'DataSteward', 'Creator'].indexOf(dataset.userRoleForDataset) != -1;
-
-  const handleChange = (value) => {
-    setContent(value);
-  };
-  const fetchSummary = async () => {
-    setReady(false);
-    const response = await client.query(getDatasetSummary(dataset.datasetUri));
-    if (!response.errors) {
-      setContent(response.data.getDatasetSummary === '' ? 'No content found' : response.data.getDatasetSummary);
-    } else {
-      dispatch({ type: SET_ERROR, error: response.errors[0].message });
-    }
-    setReady(true);
-  };
-
-  const saveSummary = async () => {
-    const response = await client.mutate(saveDatasetSummary({ datasetUri: props.dataset.datasetUri, content }));
-    if (!response.errors) {
-      enqueueSnackbar('Dataset summary saved', {
-        anchorOrigin: {
-          horizontal: 'right',
-          vertical: 'top'
-        },
-        variant: 'success'
-      });
-      setIsEditorMode(false);
-    } else {
-      dispatch({ type: SET_ERROR, error: response.errors[0].message });
-    }
-  };
-  useEffect(() => {
-    if (client) {
-      fetchSummary().catch((e) => dispatch({ type: SET_ERROR, error: e.message }));
-    }
-  }, [client]);
-
-  if (!ready) {
-    return <CircularProgress />;
-  }
-  return (
-    <Box>
-      <Box
-        display="flex"
-        justifyContent="flex-end"
-        sx={{ p: 1 }}
-      >
-        {!isEditorMode && (
-        <Button
-          color="primary"
-          startIcon={<PencilAlt />}
-          sx={{ m: 1 }}
-          variant="outlined"
-          onClick={() => setIsEditorMode(true)}
-        >
-          Edit
-        </Button>
-        )}
-      </Box>
-      {!isEditorMode && (
-      <Paper
-        sx={{ mt: 1 }}
-        variant="outlined"
-      >
-        <Box sx={{ py: 3 }}>
-          <Container maxWidth="md">
-            <MarkdownWrapper>
-              <Markdown
-                skipHtml
-                source={content}
-              />
-            </MarkdownWrapper>
-          </Container>
-        </Box>
-      </Paper>
-      )}
-
-      {isEditorMode && (
-      <Box>
-        <Paper
-          sx={{ mt: 3, height: '100vh' }}
-          variant="outlined"
-        >
-          <SimpleMDE
-            value={content}
-            onChange={handleChange}
-          />
-
-        </Paper>
-        {isEditorMode && (
-        <Box
-          display="flex"
-          justifyContent="flex-end"
-          sx={{ p: 1 }}
-        >
-          <LoadingButton
-            color="primary"
-            sx={{ m: 1 }}
-            onClick={saveSummary}
-            variant="outlined"
-          >
-            Save
-          </LoadingButton>
-          <Button
-            color="primary"
-            sx={{ m: 1 }}
-            variant="outlined"
-            onClick={() => setIsEditorMode(false)}
-          >
-            Cancel
-          </Button>
-        </Box>
-        )}
-
-      </Box>
-
-      )}
-    </Box>
-  );
-};
-
-DatasetSummary.propTypes = {
-  dataset: PropTypes.object.isRequired
-};
-
-export default DatasetSummary; */

From fd7da756c8d73533131265950ca0ef8f0927ad69 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 23 May 2023 08:33:31 +0200
Subject: [PATCH 220/346] Bump requests from 2.27.1 to 2.31.0 in /backend
 (#469)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [requests](https://github.com/psf/requests) from 2.27.1 to 2.31.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/psf/requests/releases">requests's
releases</a>.</em></p>
<blockquote>
<h2>v2.31.0</h2>
<h2>2.31.0 (2023-05-22)</h2>
<p><strong>Security</strong></p>
<ul>
<li>
<p>Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to
potential
forwarding of <code>Proxy-Authorization</code> headers to destination
servers when
following HTTPS redirects.</p>
<p>When proxies are defined with user info (<a
href="https://user:pass@proxy:8080">https://user:pass@proxy:8080</a>),
Requests
will construct a <code>Proxy-Authorization</code> header that is
attached to the request to
authenticate with the proxy.</p>
<p>In cases where Requests receives a redirect response, it previously
reattached
the <code>Proxy-Authorization</code> header incorrectly, resulting in
the value being
sent through the tunneled connection to the destination server. Users
who rely on
defining their proxy credentials in the URL are <em>strongly</em>
encouraged to upgrade
to Requests 2.31.0+ to prevent unintentional leakage and rotate their
proxy
credentials once the change has been fully deployed.</p>
<p>Users who do not use a proxy or do not supply their proxy credentials
through
the user information portion of their proxy URL are not subject to this
vulnerability.</p>
<p>Full details can be read in our <a
href="https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q">Github
Security Advisory</a>
and <a
href="https://nvd.nist.gov/vuln/detail/CVE-2023-32681">CVE-2023-32681</a>.</p>
</li>
</ul>
<h2>v2.30.0</h2>
<h2>2.30.0 (2023-05-03)</h2>
<p><strong>Dependencies</strong></p>
<ul>
<li>
<p>⚠️ Added support for urllib3 2.0. ⚠️</p>
<p>This may contain minor breaking changes so we advise careful testing
and
reviewing <a
href="https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html">https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html</a>
prior to upgrading.</p>
<p>Users who wish to stay on urllib3 1.x can pin to
<code>urllib3&lt;2</code>.</p>
</li>
</ul>
<h2>v2.29.0</h2>
<h2>2.29.0 (2023-04-26)</h2>
<p><strong>Improvements</strong></p>
<ul>
<li>Requests now defers chunked requests to the urllib3 implementation
to improve
standardization. (<a
href="https://redirect.github.com/psf/requests/issues/6226">#6226</a>)</li>
<li>Requests relaxes header component requirements to support bytes/str
subclasses. (<a
href="https://redirect.github.com/psf/requests/issues/6356">#6356</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's
changelog</a>.</em></p>
<blockquote>
<h2>2.31.0 (2023-05-22)</h2>
<p><strong>Security</strong></p>
<ul>
<li>
<p>Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to
potential
forwarding of <code>Proxy-Authorization</code> headers to destination
servers when
following HTTPS redirects.</p>
<p>When proxies are defined with user info (<a
href="https://user:pass@proxy:8080">https://user:pass@proxy:8080</a>),
Requests
will construct a <code>Proxy-Authorization</code> header that is
attached to the request to
authenticate with the proxy.</p>
<p>In cases where Requests receives a redirect response, it previously
reattached
the <code>Proxy-Authorization</code> header incorrectly, resulting in
the value being
sent through the tunneled connection to the destination server. Users
who rely on
defining their proxy credentials in the URL are <em>strongly</em>
encouraged to upgrade
to Requests 2.31.0+ to prevent unintentional leakage and rotate their
proxy
credentials once the change has been fully deployed.</p>
<p>Users who do not use a proxy or do not supply their proxy credentials
through
the user information portion of their proxy URL are not subject to this
vulnerability.</p>
<p>Full details can be read in our <a
href="https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q">Github
Security Advisory</a>
and <a
href="https://nvd.nist.gov/vuln/detail/CVE-2023-32681">CVE-2023-32681</a>.</p>
</li>
</ul>
<h2>2.30.0 (2023-05-03)</h2>
<p><strong>Dependencies</strong></p>
<ul>
<li>
<p>⚠️ Added support for urllib3 2.0. ⚠️</p>
<p>This may contain minor breaking changes so we advise careful testing
and
reviewing <a
href="https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html">https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html</a>
prior to upgrading.</p>
<p>Users who wish to stay on urllib3 1.x can pin to
<code>urllib3&lt;2</code>.</p>
</li>
</ul>
<h2>2.29.0 (2023-04-26)</h2>
<p><strong>Improvements</strong></p>
<ul>
<li>Requests now defers chunked requests to the urllib3 implementation
to improve
standardization. (<a
href="https://redirect.github.com/psf/requests/issues/6226">#6226</a>)</li>
<li>Requests relaxes header component requirements to support bytes/str
subclasses. (<a
href="https://redirect.github.com/psf/requests/issues/6356">#6356</a>)</li>
</ul>
<h2>2.28.2 (2023-01-12)</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/psf/requests/commit/147c8511ddbfa5e8f71bbf5c18ede0c4ceb3bba4"><code>147c851</code></a>
v2.31.0</li>
<li><a
href="https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5"><code>74ea7cf</code></a>
Merge pull request from GHSA-j8r2-6x86-q33q</li>
<li><a
href="https://github.com/psf/requests/commit/302225334678490ec66b3614a9dddb8a02c5f4fe"><code>3022253</code></a>
test on pypy 3.8 and pypy 3.9 on windows and macos (<a
href="https://redirect.github.com/psf/requests/issues/6424">#6424</a>)</li>
<li><a
href="https://github.com/psf/requests/commit/b639e66c816514e40604d46f0088fbceec1a5149"><code>b639e66</code></a>
test on py3.12 (<a
href="https://redirect.github.com/psf/requests/issues/6448">#6448</a>)</li>
<li><a
href="https://github.com/psf/requests/commit/d3d504436ef0c2ac7ec8af13738b04dcc8c694be"><code>d3d5044</code></a>
Fixed a small typo (<a
href="https://redirect.github.com/psf/requests/issues/6452">#6452</a>)</li>
<li><a
href="https://github.com/psf/requests/commit/2ad18e0e10e7d7ecd5384c378f25ec8821a10a29"><code>2ad18e0</code></a>
v2.30.0</li>
<li><a
href="https://github.com/psf/requests/commit/f2629e9e3c7ce3c3c8c025bcd8db551101cbc773"><code>f2629e9</code></a>
Remove strict parameter (<a
href="https://redirect.github.com/psf/requests/issues/6434">#6434</a>)</li>
<li><a
href="https://github.com/psf/requests/commit/87d63de8739263bbe17034fba2285c79780da7e8"><code>87d63de</code></a>
v2.29.0</li>
<li><a
href="https://github.com/psf/requests/commit/51716c4ef390136b0d4b800ec7665dd5503e64fc"><code>51716c4</code></a>
enable the warnings plugin (<a
href="https://redirect.github.com/psf/requests/issues/6416">#6416</a>)</li>
<li><a
href="https://github.com/psf/requests/commit/a7da1ab3498b10ec3a3582244c94b2845f8a8e71"><code>a7da1ab</code></a>
try on ubuntu 22.04 (<a
href="https://redirect.github.com/psf/requests/issues/6418">#6418</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/psf/requests/compare/v2.27.1...v2.31.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=requests&package-manager=pip&previous-version=2.27.1&new-version=2.31.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/awslabs/aws-dataall/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 backend/requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/requirements.txt b/backend/requirements.txt
index ee569f2d8..16f1de1bc 100644
--- a/backend/requirements.txt
+++ b/backend/requirements.txt
@@ -11,7 +11,7 @@ PyAthena==2.3.0
 pygresql==5.2.2
 pyjwt==2.4.0
 PyYAML==6.0
-requests==2.27.1
+requests==2.31.0
 requests_aws4auth==1.1.1
 sqlalchemy==1.3.24
 starlette==0.27.0
\ No newline at end of file

From 65ea17b429edb3bea1be3bb00c9af836fe603f0c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 23 May 2023 08:34:11 +0200
Subject: [PATCH 221/346] Bump requests from 2.27.1 to 2.31.0 in
 /backend/dataall/cdkproxy (#470)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps [requests](https://github.com/psf/requests) from 2.27.1 to 2.31.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/psf/requests/releases">requests's
releases</a>.</em></p>
<blockquote>
<h2>v2.31.0</h2>
<h2>2.31.0 (2023-05-22)</h2>
<p><strong>Security</strong></p>
<ul>
<li>
<p>Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to
potential
forwarding of <code>Proxy-Authorization</code> headers to destination
servers when
following HTTPS redirects.</p>
<p>When proxies are defined with user info (<a
href="https://user:pass@proxy:8080">https://user:pass@proxy:8080</a>),
Requests
will construct a <code>Proxy-Authorization</code> header that is
attached to the request to
authenticate with the proxy.</p>
<p>In cases where Requests receives a redirect response, it previously
reattached
the <code>Proxy-Authorization</code> header incorrectly, resulting in
the value being
sent through the tunneled connection to the destination server. Users
who rely on
defining their proxy credentials in the URL are <em>strongly</em>
encouraged to upgrade
to Requests 2.31.0+ to prevent unintentional leakage and rotate their
proxy
credentials once the change has been fully deployed.</p>
<p>Users who do not use a proxy or do not supply their proxy credentials
through
the user information portion of their proxy URL are not subject to this
vulnerability.</p>
<p>Full details can be read in our <a
href="https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q">Github
Security Advisory</a>
and <a
href="https://nvd.nist.gov/vuln/detail/CVE-2023-32681">CVE-2023-32681</a>.</p>
</li>
</ul>
<h2>v2.30.0</h2>
<h2>2.30.0 (2023-05-03)</h2>
<p><strong>Dependencies</strong></p>
<ul>
<li>
<p>⚠️ Added support for urllib3 2.0. ⚠️</p>
<p>This may contain minor breaking changes so we advise careful testing
and
reviewing <a
href="https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html">https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html</a>
prior to upgrading.</p>
<p>Users who wish to stay on urllib3 1.x can pin to
<code>urllib3&lt;2</code>.</p>
</li>
</ul>
<h2>v2.29.0</h2>
<h2>2.29.0 (2023-04-26)</h2>
<p><strong>Improvements</strong></p>
<ul>
<li>Requests now defers chunked requests to the urllib3 implementation
to improve
standardization. (<a
href="https://redirect.github.com/psf/requests/issues/6226">#6226</a>)</li>
<li>Requests relaxes header component requirements to support bytes/str
subclasses. (<a
href="https://redirect.github.com/psf/requests/issues/6356">#6356</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's
changelog</a>.</em></p>
<blockquote>
<h2>2.31.0 (2023-05-22)</h2>
<p><strong>Security</strong></p>
<ul>
<li>
<p>Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to
potential
forwarding of <code>Proxy-Authorization</code> headers to destination
servers when
following HTTPS redirects.</p>
<p>When proxies are defined with user info (<a
href="https://user:pass@proxy:8080">https://user:pass@proxy:8080</a>),
Requests
will construct a <code>Proxy-Authorization</code> header that is
attached to the request to
authenticate with the proxy.</p>
<p>In cases where Requests receives a redirect response, it previously
reattached
the <code>Proxy-Authorization</code> header incorrectly, resulting in
the value being
sent through the tunneled connection to the destination server. Users
who rely on
defining their proxy credentials in the URL are <em>strongly</em>
encouraged to upgrade
to Requests 2.31.0+ to prevent unintentional leakage and rotate their
proxy
credentials once the change has been fully deployed.</p>
<p>Users who do not use a proxy or do not supply their proxy credentials
through
the user information portion of their proxy URL are not subject to this
vulnerability.</p>
<p>Full details can be read in our <a
href="https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q">Github
Security Advisory</a>
and <a
href="https://nvd.nist.gov/vuln/detail/CVE-2023-32681">CVE-2023-32681</a>.</p>
</li>
</ul>
<h2>2.30.0 (2023-05-03)</h2>
<p><strong>Dependencies</strong></p>
<ul>
<li>
<p>⚠️ Added support for urllib3 2.0. ⚠️</p>
<p>This may contain minor breaking changes so we advise careful testing
and
reviewing <a
href="https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html">https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html</a>
prior to upgrading.</p>
<p>Users who wish to stay on urllib3 1.x can pin to
<code>urllib3&lt;2</code>.</p>
</li>
</ul>
<h2>2.29.0 (2023-04-26)</h2>
<p><strong>Improvements</strong></p>
<ul>
<li>Requests now defers chunked requests to the urllib3 implementation
to improve
standardization. (<a
href="https://redirect.github.com/psf/requests/issues/6226">#6226</a>)</li>
<li>Requests relaxes header component requirements to support bytes/str
subclasses. (<a
href="https://redirect.github.com/psf/requests/issues/6356">#6356</a>)</li>
</ul>
<h2>2.28.2 (2023-01-12)</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/psf/requests/commit/147c8511ddbfa5e8f71bbf5c18ede0c4ceb3bba4"><code>147c851</code></a>
v2.31.0</li>
<li><a
href="https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5"><code>74ea7cf</code></a>
Merge pull request from GHSA-j8r2-6x86-q33q</li>
<li><a
href="https://github.com/psf/requests/commit/302225334678490ec66b3614a9dddb8a02c5f4fe"><code>3022253</code></a>
test on pypy 3.8 and pypy 3.9 on windows and macos (<a
href="https://redirect.github.com/psf/requests/issues/6424">#6424</a>)</li>
<li><a
href="https://github.com/psf/requests/commit/b639e66c816514e40604d46f0088fbceec1a5149"><code>b639e66</code></a>
test on py3.12 (<a
href="https://redirect.github.com/psf/requests/issues/6448">#6448</a>)</li>
<li><a
href="https://github.com/psf/requests/commit/d3d504436ef0c2ac7ec8af13738b04dcc8c694be"><code>d3d5044</code></a>
Fixed a small typo (<a
href="https://redirect.github.com/psf/requests/issues/6452">#6452</a>)</li>
<li><a
href="https://github.com/psf/requests/commit/2ad18e0e10e7d7ecd5384c378f25ec8821a10a29"><code>2ad18e0</code></a>
v2.30.0</li>
<li><a
href="https://github.com/psf/requests/commit/f2629e9e3c7ce3c3c8c025bcd8db551101cbc773"><code>f2629e9</code></a>
Remove strict parameter (<a
href="https://redirect.github.com/psf/requests/issues/6434">#6434</a>)</li>
<li><a
href="https://github.com/psf/requests/commit/87d63de8739263bbe17034fba2285c79780da7e8"><code>87d63de</code></a>
v2.29.0</li>
<li><a
href="https://github.com/psf/requests/commit/51716c4ef390136b0d4b800ec7665dd5503e64fc"><code>51716c4</code></a>
enable the warnings plugin (<a
href="https://redirect.github.com/psf/requests/issues/6416">#6416</a>)</li>
<li><a
href="https://github.com/psf/requests/commit/a7da1ab3498b10ec3a3582244c94b2845f8a8e71"><code>a7da1ab</code></a>
try on ubuntu 22.04 (<a
href="https://redirect.github.com/psf/requests/issues/6418">#6418</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/psf/requests/compare/v2.27.1...v2.31.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=requests&package-manager=pip&previous-version=2.27.1&new-version=2.31.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/awslabs/aws-dataall/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 backend/dataall/cdkproxy/requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/dataall/cdkproxy/requirements.txt b/backend/dataall/cdkproxy/requirements.txt
index b4630dc27..2cb7f41a4 100644
--- a/backend/dataall/cdkproxy/requirements.txt
+++ b/backend/dataall/cdkproxy/requirements.txt
@@ -9,7 +9,7 @@ starlette==0.27.0
 fastapi == 0.95.2
 Flask==2.3.2
 PyYAML==6.0
-requests==2.27.1
+requests==2.31.0
 tabulate==0.8.9
 uvicorn==0.15.0
 jinja2==3.1.2

From b59cf9ee9bfa3db63960f874d885aa6bf76077a3 Mon Sep 17 00:00:00 2001
From: dlpzx <71252798+dlpzx@users.noreply.github.com>
Date: Tue, 23 May 2023 15:40:09 +0200
Subject: [PATCH 222/346] hotfix: Remove GitHub template option from data.all
 Pipelines (#472)

### Feature or Bugfix
- Bugfix

### Detail
Remove the GitHub template development strategy from the possible types
of data.all pipelines.

The initial idea was to use the parameter `--template` from the [AWS DDK
CLI](https://awslabs.github.io/aws-ddk/release/stable/api/cli/aws_ddk.html#ddk-init)
which has been deprecated after its last major release (1.0.0). Using
templates would enable customers to use any cookiecutter template
directly in data.all.

However, from the way that it was implemented it exposed a
**vulnerability** in which customers could enter code instead of a
template and perform cmd code injections in data.all ECS deployment
task.

Given that this is a high-risk issue + AWS DDK 1.0.0 does not use CLI +
`templates` are not critical for any known customer we will remove it
for the moment to ensure security. In the future we will revisit other
ways of providing templates and accelerating data pipeline building in a
secure manner.


### Relates

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.
---
 .../api/Objects/DataPipeline/input_types.py   |  1 -
 .../api/Objects/DataPipeline/resolvers.py     | 10 -----
 backend/dataall/cdkproxy/cdk_cli_wrapper.py   | 20 ++--------
 .../cdkproxy/cdkpipeline/cdk_pipeline.py      | 37 ++-----------------
 backend/dataall/db/api/pipeline.py            |  2 +-
 documentation/userguide/docs/pipelines.md     | 19 +---------
 .../src/views/Pipelines/PipelineCreateForm.js | 22 +----------
 frontend/src/views/Pipelines/PipelineList.js  |  2 +-
 tests/api/conftest.py                         |  1 -
 tests/api/test_datapipelines.py               |  1 -
 10 files changed, 11 insertions(+), 104 deletions(-)

diff --git a/backend/dataall/api/Objects/DataPipeline/input_types.py b/backend/dataall/api/Objects/DataPipeline/input_types.py
index 07cf234fe..98ccf23b3 100644
--- a/backend/dataall/api/Objects/DataPipeline/input_types.py
+++ b/backend/dataall/api/Objects/DataPipeline/input_types.py
@@ -9,7 +9,6 @@
         gql.Argument(name='SamlGroupName', type=gql.NonNullableType(gql.String)),
         gql.Argument(name='tags', type=gql.ArrayType(gql.String)),
         gql.Argument(name='devStrategy', type=gql.NonNullableType(gql.String)),
-        gql.Argument(name='template', type=gql.String)
     ],
 )
 
diff --git a/backend/dataall/api/Objects/DataPipeline/resolvers.py b/backend/dataall/api/Objects/DataPipeline/resolvers.py
index d5db551bb..e431a0cbe 100644
--- a/backend/dataall/api/Objects/DataPipeline/resolvers.py
+++ b/backend/dataall/api/Objects/DataPipeline/resolvers.py
@@ -7,7 +7,6 @@
 from ...context import Context
 from ....aws.handlers.service_handlers import Worker
 from ....aws.handlers.sts import SessionHelper
-from ....aws.handlers.codecommit import CodeCommit
 from ....db import permissions, models, exceptions
 from ....db.api import Pipeline, Environment, ResourcePolicy, Stack, KeyValueTag
 
@@ -33,15 +32,6 @@ def create_pipeline(context: Context, source, input=None):
                 target_label=pipeline.label,
                 payload={'account': pipeline.AwsAccountId, 'region': pipeline.region},
             )
-        elif input['devStrategy'] == 'template':
-            Stack.create_stack(
-                session=session,
-                environment_uri=pipeline.environmentUri,
-                target_type='template',
-                target_uri=pipeline.DataPipelineUri,
-                target_label=pipeline.label,
-                payload={'account': pipeline.AwsAccountId, 'region': pipeline.region},
-            )
         else:
             Stack.create_stack(
                 session=session,
diff --git a/backend/dataall/cdkproxy/cdk_cli_wrapper.py b/backend/dataall/cdkproxy/cdk_cli_wrapper.py
index fccd192cf..d8fc98f8c 100644
--- a/backend/dataall/cdkproxy/cdk_cli_wrapper.py
+++ b/backend/dataall/cdkproxy/cdk_cli_wrapper.py
@@ -69,7 +69,7 @@ def deploy_cdk_stack(engine: Engine, stackid: str, app_path: str = None, path: s
             stack.status = 'PENDING'
             session.commit()
 
-            if stack.stack == 'cdkpipeline' or stack.stack == 'template':
+            if stack.stack == 'cdkpipeline':
                 cdkpipeline = CDKPipelineStack(stack.targetUri)
                 venv_name = cdkpipeline.venv_name if cdkpipeline.venv_name else None
                 pipeline = Pipeline.get_pipeline_by_uri(session, stack.targetUri)
@@ -106,18 +106,6 @@ def deploy_cdk_stack(engine: Engine, stackid: str, app_path: str = None, path: s
                         'AWS_SESSION_TOKEN': creds.get('Token'),
                     }
                 )
-            if stack.stack == 'template':
-                resp = subprocess.run(
-                    ['. ~/.nvm/nvm.sh && cdk ls'],
-                    cwd=cwd,
-                    text=True,
-                    shell=True,  # nosec
-                    encoding='utf-8',
-                    stdout=subprocess.PIPE,
-                    env=env,
-                )
-                logger.info(f'CDK Apps: {resp.stdout}')
-                stack.name = resp.stdout.split('\n')[0]
 
             app_path = app_path or './app.py'
 
@@ -150,9 +138,7 @@ def deploy_cdk_stack(engine: Engine, stackid: str, app_path: str = None, path: s
                 '--verbose',
             ]
 
-            if stack.stack == 'template' or stack.stack == 'cdkpipeline':
-                if stack.stack == 'template':
-                    cmd.insert(0, f'source {venv_name}/bin/activate;')
+            if stack.stack == 'cdkpipeline':
                 aws = SessionHelper.remote_session(stack.accountid)
                 creds = aws.get_credentials()
                 env.update(
@@ -177,7 +163,7 @@ def deploy_cdk_stack(engine: Engine, stackid: str, app_path: str = None, path: s
                 env=env,
                 cwd=cwd,
             )
-            if stack.stack == 'cdkpipeline' or stack.stack == 'template':
+            if stack.stack == 'cdkpipeline':
                 CDKPipelineStack.clean_up_repo(path=f'./{pipeline.repo}')
 
             if process.returncode == 0:
diff --git a/backend/dataall/cdkproxy/cdkpipeline/cdk_pipeline.py b/backend/dataall/cdkproxy/cdkpipeline/cdk_pipeline.py
index 114967db7..abb5fc036 100644
--- a/backend/dataall/cdkproxy/cdkpipeline/cdk_pipeline.py
+++ b/backend/dataall/cdkproxy/cdkpipeline/cdk_pipeline.py
@@ -45,7 +45,6 @@ def __init__(self, target_uri):
         self.env, aws = CDKPipelineStack._set_env_vars(self.pipeline_environment)
 
         self.code_dir_path = os.path.dirname(os.path.abspath(__file__))
-        template = self.pipeline.template
 
         try:
             codecommit_client = aws.client('codecommit', region_name=self.pipeline_environment.region)
@@ -82,12 +81,9 @@ def __init__(self, target_uri):
             else:
                 raise Exception
         except Exception as e:
-            if len(template):
-                self.venv_name = self.initialize_repo_template(template)
-            else:
-                self.venv_name = self.initialize_repo()
-                CDKPipelineStack.write_ddk_app_multienvironment(path=os.path.join(self.code_dir_path, self.pipeline.repo), output_file="app.py", pipeline=self.pipeline, development_environments=self.development_environments)
-                CDKPipelineStack.write_ddk_json_multienvironment(path=os.path.join(self.code_dir_path, self.pipeline.repo), output_file="ddk.json", pipeline_environment=self.pipeline_environment, development_environments=self.development_environments)
+            self.venv_name = self.initialize_repo()
+            CDKPipelineStack.write_ddk_app_multienvironment(path=os.path.join(self.code_dir_path, self.pipeline.repo), output_file="app.py", pipeline=self.pipeline, development_environments=self.development_environments)
+            CDKPipelineStack.write_ddk_json_multienvironment(path=os.path.join(self.code_dir_path, self.pipeline.repo), output_file="ddk.json", pipeline_environment=self.pipeline_environment, development_environments=self.development_environments)
             self.git_push_repo()
 
     def initialize_repo(self):
@@ -114,33 +110,6 @@ def initialize_repo(self):
 
             return venv_name
 
-    def initialize_repo_template(self, template):
-        venv_name = ".venv"
-        cmd_init = [
-            f"git clone {template} {self.pipeline.repo}",
-            f"cd {self.pipeline.repo}",
-            "rm -rf .git",
-            "git init --initial-branch main",
-            f"python3 -m venv {venv_name} && source {venv_name}/bin/activate",
-            "pip install -r requirements.txt",
-            f"ddk create-repository {self.pipeline.repo} -t application dataall -t team {self.pipeline.SamlGroupName}"
-        ]
-
-        logger.info(f"Running Commands: {'; '.join(cmd_init)}")
-
-        process = subprocess.run(
-            '; '.join(cmd_init),
-            text=True,
-            shell=True,  # nosec
-            encoding='utf-8',
-            cwd=self.code_dir_path,
-            env=self.env
-        )
-        if process.returncode == 0:
-            logger.info("Successfully Initialized New CDK/DDK App")
-
-            return venv_name
-
     @staticmethod
     def write_ddk_json_multienvironment(path, output_file, pipeline_environment, development_environments):
         json_envs = ""
diff --git a/backend/dataall/db/api/pipeline.py b/backend/dataall/db/api/pipeline.py
index 6007be39d..75cfb47d1 100644
--- a/backend/dataall/db/api/pipeline.py
+++ b/backend/dataall/db/api/pipeline.py
@@ -63,7 +63,7 @@ def create_pipeline(
             region=environment.region,
             repo=slugify(data['label']),
             devStrategy=data['devStrategy'],
-            template=data['template'] if data['devStrategy'] == 'template' else "",
+            template="",
         )
 
         session.add(pipeline)
diff --git a/documentation/userguide/docs/pipelines.md b/documentation/userguide/docs/pipelines.md
index 6ec6a2f40..478a467fa 100644
--- a/documentation/userguide/docs/pipelines.md
+++ b/documentation/userguide/docs/pipelines.md
@@ -42,7 +42,6 @@ data.all pipelines are created from the UI, under Pipelines. We need to fill the
     1. [**CDK Pipelines - Trunk-based**](#CDK-Pipelines-Overview) : A CICD pipeline based on [CDK Pipelines library](https://docs.aws.amazon.com/cdk/api/v2/python/aws_cdk.pipelines/README.html). It defines a DDK Core construct which deploys Continuous Integration and Delivery for your app. Specifically, it provisions a stack containing a self-mutating CDK code pipeline to deploy one or more copies of your CDK applications using CloudFormation with a minimal amount of effort on your part.
     2. [**CodePipeline - Trunk-based**](#CodePipeline-pipelines---Trunk-based-or-GitFlow-Overview) : A CICD pipeline similar to CDK Pipelines and with a trunk-based approach but is not self-mutating.
     3. [**CodePipeline - Gitflow**](#CodePipeline-pipelines---Trunk-based-or-GitFlow-Overview): A Gitflow branching strategy where each branch of the source repository has a corresponding CICD Pipeline that deploys resources for that branches environment.
-    4. [**GitHub Template**](#Github-Template-Pipelines-Overview) : This is a Bring-Your-Own-Template approach where users can specify they git clone path and deploy their own pipelines and IaC rather than using one of the previous 3 strategies. 
 
 Finally, we need to add **Development environments**. These are the AWS accounts and regions where the infrastructure defined in the CICD pipeline
 is deployed. 
@@ -168,17 +167,7 @@ The `dev` pipeline reads from the `dev` branch of the repository:
 
 ![created_pipeline](pictures/pipelines/pip_cp_gitflow2.png#zoom#shadow)
 
---- 
-### Github Template Pipelines Overview
-
-This pipeline strategy takes a pre-defined IaC CDK Application that exists in a github repository and deploys the pipeline to be managed by data all. An AWS CodeCommit repository with the code of the github repository is created in the CICD environment AWS account.
-
-**NOTE: You may have to specify a access token in the HTTPS Clone Path of the Github Repository if the repository is private**
-
-data.all performs the inital deployment of this pipeline by running `cdk deploy` for the code now existing in AWS CodeCommit in the CICD environment. Adding development environments here is on the responsibility of the pipeline creator to align with the deployment environments specified in the cloned repository.
-
-![created_pipeline](pictures/pipelines/github_template_create.png#zoom#shadow)
-
+---
 ## Editing a Data All Pipeline
 
 For users who would like to promote their pipeline deployments to new environments managed by data all, you can do so by first bootstrapping the new environment(s) to be deployed to (as mentioned in the [Pre-requisites](#Pre-requisites)) and then adding and/or editing the development environments.
@@ -189,7 +178,6 @@ Based on pipeline use case, editing a data all pipeline's development environmen
 - **CDK Pipelines**: On update, the `ddk.json` and `app.py` will be edited to update the new development environment information. The self-mutating, CICD Pipeline will trigger and deploy to the new environments based on the source CodeCommit repository changes.
 - **CodePipelines - Trunk-based**: On update the `ddk.json` will be edited. A new `cdk deploy` will run to update the CICD CloudFormation Stack for the AWS CodePipeline to add the new stages required for the additional environment deployment(s) (as well as manual approval steps between stages in the code pipeline). You will see these updates to the CICD stack in CloudFormaiton of the CICD environment.
 - **CodePipelines - Gitflow**: On update the `ddk.json` will be edited. A new `cdk deploy` will run to update the CICD CloudFormation Stack to add the new AWS CodePipelines required for the additional environment deployment(s). You will see these updates to the CICD stack in CloudFormaiton of the CICD environment.
-- **Github Template Pipelines**: Editing development environments **will NOT** re-deploy the application or update the CodeCommit repository. Editing of template pipeline's development environment(s) is the responsibility of the pipeline creator for proper data all pipeline management.
 
 ## Which development strategy should I choose?
 
@@ -204,11 +192,6 @@ Based on pipeline use case, editing a data all pipeline's development environmen
 2. Developers working on the pipeline cannot modify the CICD pipeline
 3. Cross-account deployments require specific definition of the environment in the code.
 
-**Github Template Pipelines**
-
-1. The aforementioned pipeline strategies do not align with your desired pipeline architecture
-2. You already have pipelines IaC written in AWS CDK and ready to be deployed rather than creating pipeline(s) and developing from scratch
-
 
 **Summary**
 
diff --git a/frontend/src/views/Pipelines/PipelineCreateForm.js b/frontend/src/views/Pipelines/PipelineCreateForm.js
index 1f3ffe456..00d195265 100644
--- a/frontend/src/views/Pipelines/PipelineCreateForm.js
+++ b/frontend/src/views/Pipelines/PipelineCreateForm.js
@@ -44,7 +44,7 @@ const PipelineCrateForm = (props) => {
   const [loading, setLoading] = useState(true);
   const [groupOptions, setGroupOptions] = useState([]);
   const [environmentOptions, setEnvironmentOptions] = useState([]);
-  const devOptions =[{value:"cdk-trunk", label:"CDK Pipelines - Trunk-based"},{value:"trunk", label:"CodePipeline - Trunk-based"},{value:"gitflow", label:"CodePipeline - Gitflow"},{value:"template", label:"GitHub Template"}];/*DBT Pipelines*/
+  const devOptions =[{value:"cdk-trunk", label:"CDK Pipelines - Trunk-based"},{value:"trunk", label:"CodePipeline - Trunk-based"},{value:"gitflow", label:"CodePipeline - Gitflow"}];/*DBT Pipelines*/
   const [triggerEnvSubmit, setTriggerEnvSubmit] = useState(false);
   const [countEnvironmentsValid, setCountEnvironmentsValid] = useState(false);
   const [pipelineUri, setPipelineUri] = useState('');
@@ -116,8 +116,7 @@ const PipelineCrateForm = (props) => {
                 description: values.description,
                 SamlGroupName: values.SamlGroupName,
                 tags: values.tags,
-                devStrategy: values.devStrategy,
-                template: values.template
+                devStrategy: values.devStrategy
               }
             })
           );
@@ -226,7 +225,6 @@ const PipelineCrateForm = (props) => {
                 environment: '',
                 tags: [],
                 devStrategy: 'cdk-trunk',
-                template: '',
               }}
               validationSchema={Yup.object().shape({
                 label: Yup.string()
@@ -238,7 +236,6 @@ const PipelineCrateForm = (props) => {
                 environment: Yup.object(),
                 devStrategy: Yup.string().required('*A CICD strategy is required'),
                 tags: Yup.array().nullable(),
-                template: Yup.string().nullable(),
               })}
               onSubmit={async (
                 values,
@@ -434,21 +431,6 @@ const PipelineCrateForm = (props) => {
                             ))}
                           </TextField>
                         </CardContent>
-                        <CardContent>
-                          {values.devStrategy === "template" && (
-                            <TextField
-                              error={Boolean(touched.template && errors.template)}
-                              fullWidth
-                              helperText={touched.template && errors.template}
-                              label="GitHub Template Clone Path"
-                              name="template"
-                              onBlur={handleBlur}
-                              onChange={handleChange}
-                              value={values.template}
-                              variant="outlined"
-                            />
-                          )}
-                        </CardContent>
                       </Card>
                     </Grid>
                     <Grid item lg={12} md={6} xs={12}>
diff --git a/frontend/src/views/Pipelines/PipelineList.js b/frontend/src/views/Pipelines/PipelineList.js
index e3ff00c95..4ea57ba81 100644
--- a/frontend/src/views/Pipelines/PipelineList.js
+++ b/frontend/src/views/Pipelines/PipelineList.js
@@ -86,7 +86,7 @@ const PipelineList = () => {
   const [inputValue, setInputValue] = useState('');
   const [loading, setLoading] = useState(true);
   const client = useClient();
-  const devOptions =[{value:"cdk-trunk", label:"CDK Pipelines - Trunk-based"},{value:"trunk", label:"CodePipeline - Trunk-based"},{value:"gitflow", label:"CodePipeline - Gitflow"},{value:"template", label:"GitHub Template"}];/*DBT Pipelines*/
+  const devOptions =[{value:"cdk-trunk", label:"CDK Pipelines - Trunk-based"},{value:"trunk", label:"CodePipeline - Trunk-based"},{value:"gitflow", label:"CodePipeline - Gitflow"}];/*DBT Pipelines*/
   const [filterItems] = useState([{title:'DevStrategy', options: devOptions},{title:'Tags'},{title: 'Region', options: AwsRegions}]);
 
   const fetchItems = useCallback(async () => {
diff --git a/tests/api/conftest.py b/tests/api/conftest.py
index fa3be8ade..f3666d850 100644
--- a/tests/api/conftest.py
+++ b/tests/api/conftest.py
@@ -740,7 +740,6 @@ def pipeline(client, tenant, group, env_fixture) -> models.DataPipeline:
             'tags': [group.name],
             'environmentUri': env_fixture.environmentUri,
             'devStrategy': 'trunk',
-            'template': '',
         },
         username='alice',
         groups=[group.name],
diff --git a/tests/api/test_datapipelines.py b/tests/api/test_datapipelines.py
index 81a8b4e03..9dcfd1446 100644
--- a/tests/api/test_datapipelines.py
+++ b/tests/api/test_datapipelines.py
@@ -40,7 +40,6 @@ def pipeline(client, tenant, group, env1):
             'tags': [group.name],
             'environmentUri': env1.environmentUri,
             'devStrategy': 'trunk',
-            'template': ''
         },
         username='alice',
         groups=[group.name],

From 3340610adb1f1897b3e8251f1b9b58b7ca578a90 Mon Sep 17 00:00:00 2001
From: David Mutune Kimengu <57294718+kimengu-david@users.noreply.github.com>
Date: Wed, 24 May 2023 10:24:11 +0100
Subject: [PATCH 223/346] fix: Upgrade aurora engine version to 11.16 (#471)

### Feature or Bugfix

- Bugfix


### Detail
Update Aurora engine version to 11.16. Fixes an issue where the Aurora
nested stack deployment in the data.all backend which goes to deployment
account would fail as AuroraPostgresEngineVersion.VER_10_18 is not
compatible with parameter group default.aurora-postgresql11
### Relates
- https://github.com/awslabs/aws-dataall/pull/466

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.
---
 deploy/stacks/aurora.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/deploy/stacks/aurora.py b/deploy/stacks/aurora.py
index 5a96bea1a..6fe1975b0 100644
--- a/deploy/stacks/aurora.py
+++ b/deploy/stacks/aurora.py
@@ -120,7 +120,7 @@ def __init__(
             self,
             f'AuroraDatabase{envname}',
             engine=rds.DatabaseClusterEngine.aurora_postgres(
-                version=rds.AuroraPostgresEngineVersion.VER_10_18
+                version=rds.AuroraPostgresEngineVersion.VER_11_16
             ),
             deletion_protection=True,
             cluster_identifier=f'{resource_prefix}-{envname}-db',

From b44125801d76e53557df4400c5d63600eedb4e9d Mon Sep 17 00:00:00 2001
From: Gezim Musliaj <102723839+gmuslia@users.noreply.github.com>
Date: Wed, 24 May 2023 15:20:51 +0200
Subject: [PATCH 224/346] Updated CDK Version to fix issue with cdkproxy/
 dataset stack creations (#476)

### Feature or Bugfix
- BugFix

### Detail
- cdkproxy was using an outdated version of aws-cdk-lib which uses
NODEJS_12_X for the AWS Custom Resources Lambda Functions, which are now
not anymore supported in the AWS Accounts and causes failure of the
creation of CloudFormation stacks in the case when you create a new
DataSet Stack
- The version change also triggered a minor type enforcement for the
AccountPrincipal AccountId to be explicitly ```string```

### Relates
- https://github.com/awslabs/aws-dataall/issues/475

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.
---
 backend/dataall/cdkproxy/requirements.txt  | 2 +-
 backend/dataall/cdkproxy/stacks/dataset.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/backend/dataall/cdkproxy/requirements.txt b/backend/dataall/cdkproxy/requirements.txt
index 2cb7f41a4..8a3e6fb98 100644
--- a/backend/dataall/cdkproxy/requirements.txt
+++ b/backend/dataall/cdkproxy/requirements.txt
@@ -1,4 +1,4 @@
-aws-cdk-lib==2.20.0
+aws-cdk-lib==2.61.1
 aws_cdk.aws_redshift_alpha==2.14.0a0
 boto3==1.24.85
 boto3-stubs==1.24.85
diff --git a/backend/dataall/cdkproxy/stacks/dataset.py b/backend/dataall/cdkproxy/stacks/dataset.py
index 410d4b79d..d5306f5f0 100644
--- a/backend/dataall/cdkproxy/stacks/dataset.py
+++ b/backend/dataall/cdkproxy/stacks/dataset.py
@@ -296,7 +296,7 @@ def __init__(self, scope, id, target_uri: str = None, **kwargs):
                 iam.ServicePrincipal('sagemaker.amazonaws.com'),
                 iam.ServicePrincipal('lambda.amazonaws.com'),
                 iam.ServicePrincipal('ec2.amazonaws.com'),
-                iam.AccountPrincipal(os.environ.get('CURRENT_AWS_ACCOUNT')),
+                iam.AccountPrincipal(str(os.environ.get('CURRENT_AWS_ACCOUNT'))),
                 iam.AccountPrincipal(dataset.AwsAccountId),
                 iam.ArnPrincipal(
                     f'arn:aws:iam::{dataset.AwsAccountId}:role/{self.pivot_role_name}'

From 8175d105c217b860ba3d443baebdaed873621ae4 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 24 May 2023 16:11:30 +0200
Subject: [PATCH 225/346] Created dashboard module

---
 backend/dataall/modules/dashboards/__init__.py  | 17 +++++++++++++++++
 .../dataall/modules/dashboards/api/__init__.py  |  0
 config.json                                     |  3 +++
 3 files changed, 20 insertions(+)
 create mode 100644 backend/dataall/modules/dashboards/__init__.py
 create mode 100644 backend/dataall/modules/dashboards/api/__init__.py

diff --git a/backend/dataall/modules/dashboards/__init__.py b/backend/dataall/modules/dashboards/__init__.py
new file mode 100644
index 000000000..2dddbce24
--- /dev/null
+++ b/backend/dataall/modules/dashboards/__init__.py
@@ -0,0 +1,17 @@
+"""Contains the code related to dashboards"""
+import logging
+
+from dataall.modules.loader import ImportMode, ModuleInterface
+
+log = logging.getLogger(__name__)
+
+
+class DashboardApiModuleInterface(ModuleInterface):
+    """Implements ModuleInterface for dashboard GraphQl lambda"""
+
+    @staticmethod
+    def is_supported(modes):
+        return ImportMode.API in modes
+
+    def __init__(self):
+        import dataall.modules.dashboards.api
diff --git a/backend/dataall/modules/dashboards/api/__init__.py b/backend/dataall/modules/dashboards/api/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/config.json b/config.json
index 6f60f494f..c8fa11ab5 100644
--- a/config.json
+++ b/config.json
@@ -8,6 +8,9 @@
         },
         "worksheets": {
             "active": true
+        },
+        "dashboards": {
+            "active": true
         }
     }
 }
\ No newline at end of file

From faebdafa3c496c33508a56bcec5e88e7de5e4f62 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 24 May 2023 16:13:33 +0200
Subject: [PATCH 226/346] Moved dashboard api into modules

---
 .../dataall/api/Objects/Dashboard/__init__.py   |  9 ---------
 .../dataall/modules/dashboards/api/__init__.py  |  9 +++++++++
 .../dashboards/api}/input_types.py              |  2 +-
 .../dashboards/api}/mutations.py                |  4 ++--
 .../dashboards/api}/queries.py                  |  4 ++--
 .../dashboards/api}/resolvers.py                | 17 ++++++++---------
 .../dashboards/api}/schema.py                   |  6 +++---
 7 files changed, 25 insertions(+), 26 deletions(-)
 delete mode 100644 backend/dataall/api/Objects/Dashboard/__init__.py
 rename backend/dataall/{api/Objects/Dashboard => modules/dashboards/api}/input_types.py (98%)
 rename backend/dataall/{api/Objects/Dashboard => modules/dashboards/api}/mutations.py (95%)
 rename backend/dataall/{api/Objects/Dashboard => modules/dashboards/api}/queries.py (93%)
 rename backend/dataall/{api/Objects/Dashboard => modules/dashboards/api}/resolvers.py (96%)
 rename backend/dataall/{api/Objects/Dashboard => modules/dashboards/api}/schema.py (95%)

diff --git a/backend/dataall/api/Objects/Dashboard/__init__.py b/backend/dataall/api/Objects/Dashboard/__init__.py
deleted file mode 100644
index dfa46b264..000000000
--- a/backend/dataall/api/Objects/Dashboard/__init__.py
+++ /dev/null
@@ -1,9 +0,0 @@
-from . import (
-    input_types,
-    mutations,
-    queries,
-    resolvers,
-    schema,
-)
-
-__all__ = ['resolvers', 'schema', 'input_types', 'queries', 'mutations']
diff --git a/backend/dataall/modules/dashboards/api/__init__.py b/backend/dataall/modules/dashboards/api/__init__.py
index e69de29bb..dfa46b264 100644
--- a/backend/dataall/modules/dashboards/api/__init__.py
+++ b/backend/dataall/modules/dashboards/api/__init__.py
@@ -0,0 +1,9 @@
+from . import (
+    input_types,
+    mutations,
+    queries,
+    resolvers,
+    schema,
+)
+
+__all__ = ['resolvers', 'schema', 'input_types', 'queries', 'mutations']
diff --git a/backend/dataall/api/Objects/Dashboard/input_types.py b/backend/dataall/modules/dashboards/api/input_types.py
similarity index 98%
rename from backend/dataall/api/Objects/Dashboard/input_types.py
rename to backend/dataall/modules/dashboards/api/input_types.py
index 1686c31e3..93e6cb5c1 100644
--- a/backend/dataall/api/Objects/Dashboard/input_types.py
+++ b/backend/dataall/modules/dashboards/api/input_types.py
@@ -1,4 +1,4 @@
-from ... import gql
+from dataall.api import gql
 
 ImportDashboardInput = gql.InputType(
     name='ImportDashboardInput',
diff --git a/backend/dataall/api/Objects/Dashboard/mutations.py b/backend/dataall/modules/dashboards/api/mutations.py
similarity index 95%
rename from backend/dataall/api/Objects/Dashboard/mutations.py
rename to backend/dataall/modules/dashboards/api/mutations.py
index 7af472838..5e7072d65 100644
--- a/backend/dataall/api/Objects/Dashboard/mutations.py
+++ b/backend/dataall/modules/dashboards/api/mutations.py
@@ -1,5 +1,5 @@
-from ... import gql
-from .resolvers import *
+from dataall.api import gql
+from dataall.modules.dashboards.api.resolvers import *
 
 
 importDashboard = gql.MutationField(
diff --git a/backend/dataall/api/Objects/Dashboard/queries.py b/backend/dataall/modules/dashboards/api/queries.py
similarity index 93%
rename from backend/dataall/api/Objects/Dashboard/queries.py
rename to backend/dataall/modules/dashboards/api/queries.py
index d8d3b9982..c690d52ce 100644
--- a/backend/dataall/api/Objects/Dashboard/queries.py
+++ b/backend/dataall/modules/dashboards/api/queries.py
@@ -1,5 +1,5 @@
-from ... import gql
-from .resolvers import *
+from dataall.api import gql
+from dataall.modules.dashboards.api.resolvers import *
 
 searchDashboards = gql.QueryField(
     name='searchDashboards',
diff --git a/backend/dataall/api/Objects/Dashboard/resolvers.py b/backend/dataall/modules/dashboards/api/resolvers.py
similarity index 96%
rename from backend/dataall/api/Objects/Dashboard/resolvers.py
rename to backend/dataall/modules/dashboards/api/resolvers.py
index 94372f5d1..b8470861c 100644
--- a/backend/dataall/api/Objects/Dashboard/resolvers.py
+++ b/backend/dataall/modules/dashboards/api/resolvers.py
@@ -1,13 +1,12 @@
 import os
-from .... import db
-from ....api.constants import DashboardRole
-from ....api.context import Context
-from ....aws.handlers.quicksight import Quicksight
-from ....aws.handlers.parameter_store import ParameterStoreManager
-from ....db import permissions, models
-from ....db.api import ResourcePolicy, Glossary, Vote
-from ....searchproxy import indexers
-from ....utils import Parameter
+from dataall import db
+from dataall.api.constants import DashboardRole
+from dataall.api.context import Context
+from dataall.aws.handlers.quicksight import Quicksight
+from dataall.aws.handlers.parameter_store import ParameterStoreManager
+from dataall.db import permissions, models
+from dataall.db.api import ResourcePolicy, Glossary, Vote
+from dataall.utils import Parameter
 from dataall.searchproxy.indexers import DashboardIndexer
 
 param_store = Parameter()
diff --git a/backend/dataall/api/Objects/Dashboard/schema.py b/backend/dataall/modules/dashboards/api/schema.py
similarity index 95%
rename from backend/dataall/api/Objects/Dashboard/schema.py
rename to backend/dataall/modules/dashboards/api/schema.py
index 58b6a30cb..9ef1682cb 100644
--- a/backend/dataall/api/Objects/Dashboard/schema.py
+++ b/backend/dataall/modules/dashboards/api/schema.py
@@ -1,6 +1,6 @@
-from ... import gql
-from .resolvers import *
-from ...constants import DashboardRole
+from dataall.api import gql
+from dataall.modules.dashboards.api.resolvers import *
+from dataall.api.constants import DashboardRole
 
 from dataall.api.Objects.Environment.resolvers import resolve_environment
 

From 92f6ca8510f0c72f0efda2cf888851b442bc2f3b Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 24 May 2023 16:18:00 +0200
Subject: [PATCH 227/346] Created DashboardRepository

---
 backend/dataall/db/api/__init__.py            |  1 -
 .../modules/dashboards/api/resolvers.py       | 33 ++++++++++---------
 .../dataall/modules/dashboards/db/__init__.py |  0
 .../dashboards/db/dashboard_repository.py}    | 24 +++++++-------
 .../modules/dashboards/services/__init__.py   |  0
 5 files changed, 29 insertions(+), 29 deletions(-)
 create mode 100644 backend/dataall/modules/dashboards/db/__init__.py
 rename backend/dataall/{db/api/dashboard.py => modules/dashboards/db/dashboard_repository.py} (94%)
 create mode 100644 backend/dataall/modules/dashboards/services/__init__.py

diff --git a/backend/dataall/db/api/__init__.py b/backend/dataall/db/api/__init__.py
index c1b1dd964..3242a0a9e 100644
--- a/backend/dataall/db/api/__init__.py
+++ b/backend/dataall/db/api/__init__.py
@@ -14,5 +14,4 @@
 from .redshift_cluster import RedshiftCluster
 from .vpc import Vpc
 from .sgm_studio_notebook import SgmStudioNotebook
-from .dashboard import Dashboard
 from .pipeline import Pipeline
diff --git a/backend/dataall/modules/dashboards/api/resolvers.py b/backend/dataall/modules/dashboards/api/resolvers.py
index b8470861c..9fe909154 100644
--- a/backend/dataall/modules/dashboards/api/resolvers.py
+++ b/backend/dataall/modules/dashboards/api/resolvers.py
@@ -6,6 +6,7 @@
 from dataall.aws.handlers.parameter_store import ParameterStoreManager
 from dataall.db import permissions, models
 from dataall.db.api import ResourcePolicy, Glossary, Vote
+from dataall.modules.dashboards.db.dashboard_repository import DashboardRepository
 from dataall.utils import Parameter
 from dataall.searchproxy.indexers import DashboardIndexer
 
@@ -42,7 +43,7 @@ def get_quicksight_reader_url(context, source, dashboardUri: str = None):
                 domain_name=DOMAIN_URL,
             )
         else:
-            shared_groups = db.api.Dashboard.query_all_user_groups_shareddashboard(
+            shared_groups = DashboardRepository.query_all_user_groups_shareddashboard(
                 session=session,
                 username=context.username,
                 groups=context.groups,
@@ -137,7 +138,7 @@ def import_dashboard(context: Context, source, input: dict = None):
             )
 
         input['environment'] = env
-        dashboard = db.api.Dashboard.import_dashboard(
+        dashboard = DashboardRepository.import_dashboard(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -153,11 +154,11 @@ def import_dashboard(context: Context, source, input: dict = None):
 
 def update_dashboard(context, source, input: dict = None):
     with context.engine.scoped_session() as session:
-        dashboard = db.api.Dashboard.get_dashboard_by_uri(
+        dashboard = DashboardRepository.get_dashboard_by_uri(
             session, input['dashboardUri']
         )
         input['dashboard'] = dashboard
-        db.api.Dashboard.update_dashboard(
+        DashboardRepository.update_dashboard(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -175,7 +176,7 @@ def list_dashboards(context: Context, source, filter: dict = None):
     if not filter:
         filter = {}
     with context.engine.scoped_session() as session:
-        return db.api.Dashboard.paginated_user_dashboards(
+        return DashboardRepository.paginated_user_dashboards(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -187,7 +188,7 @@ def list_dashboards(context: Context, source, filter: dict = None):
 
 def get_dashboard(context: Context, source, dashboardUri: str = None):
     with context.engine.scoped_session() as session:
-        return db.api.Dashboard.get_dashboard(
+        return DashboardRepository.get_dashboard(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -218,7 +219,7 @@ def request_dashboard_share(
     dashboardUri: str = None,
 ):
     with context.engine.scoped_session() as session:
-        return db.api.Dashboard.request_dashboard_share(
+        return DashboardRepository.request_dashboard_share(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -234,9 +235,9 @@ def approve_dashboard_share(
     shareUri: str = None,
 ):
     with context.engine.scoped_session() as session:
-        share = db.api.Dashboard.get_dashboard_share_by_uri(session, shareUri)
-        dashboard = db.api.Dashboard.get_dashboard_by_uri(session, share.dashboardUri)
-        return db.api.Dashboard.approve_dashboard_share(
+        share = DashboardRepository.get_dashboard_share_by_uri(session, shareUri)
+        dashboard = DashboardRepository.get_dashboard_by_uri(session, share.dashboardUri)
+        return DashboardRepository.approve_dashboard_share(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -252,9 +253,9 @@ def reject_dashboard_share(
     shareUri: str = None,
 ):
     with context.engine.scoped_session() as session:
-        share = db.api.Dashboard.get_dashboard_share_by_uri(session, shareUri)
-        dashboard = db.api.Dashboard.get_dashboard_by_uri(session, share.dashboardUri)
-        return db.api.Dashboard.reject_dashboard_share(
+        share = DashboardRepository.get_dashboard_share_by_uri(session, shareUri)
+        dashboard = DashboardRepository.get_dashboard_by_uri(session, share.dashboardUri)
+        return DashboardRepository.reject_dashboard_share(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -273,7 +274,7 @@ def list_dashboard_shares(
     if not filter:
         filter = {}
     with context.engine.scoped_session() as session:
-        return db.api.Dashboard.paginated_dashboard_shares(
+        return DashboardRepository.paginated_dashboard_shares(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -290,7 +291,7 @@ def share_dashboard(
     dashboardUri: str = None,
 ):
     with context.engine.scoped_session() as session:
-        return db.api.Dashboard.share_dashboard(
+        return DashboardRepository.share_dashboard(
             session=session,
             username=context.username,
             groups=context.groups,
@@ -302,7 +303,7 @@ def share_dashboard(
 
 def delete_dashboard(context: Context, source, dashboardUri: str = None):
     with context.engine.scoped_session() as session:
-        db.api.Dashboard.delete_dashboard(
+        DashboardRepository.delete_dashboard(
             session=session,
             username=context.username,
             groups=context.groups,
diff --git a/backend/dataall/modules/dashboards/db/__init__.py b/backend/dataall/modules/dashboards/db/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/backend/dataall/db/api/dashboard.py b/backend/dataall/modules/dashboards/db/dashboard_repository.py
similarity index 94%
rename from backend/dataall/db/api/dashboard.py
rename to backend/dataall/modules/dashboards/db/dashboard_repository.py
index bf6950002..58da82d9e 100644
--- a/backend/dataall/db/api/dashboard.py
+++ b/backend/dataall/modules/dashboards/db/dashboard_repository.py
@@ -3,8 +3,8 @@
 from sqlalchemy import or_, and_
 from sqlalchemy.orm import Query
 
-from .. import models, exceptions, permissions, paginate
-from . import (
+from dataall.db import models, exceptions, permissions, paginate
+from dataall.db.api import (
     Environment,
     has_tenant_perm,
     has_resource_perm,
@@ -16,7 +16,7 @@
 logger = logging.getLogger(__name__)
 
 
-class Dashboard:
+class DashboardRepository:
     @staticmethod
     @has_tenant_perm(permissions.MANAGE_DASHBOARDS)
     @has_resource_perm(permissions.CREATE_DASHBOARD)
@@ -76,7 +76,7 @@ def import_dashboard(
         )
         session.add(activity)
 
-        Dashboard.set_dashboard_resource_policy(
+        DashboardRepository.set_dashboard_resource_policy(
             session, env, dashboard, data['SamlGroupName']
         )
 
@@ -119,7 +119,7 @@ def get_dashboard(
         data: dict = None,
         check_perm: bool = False,
     ) -> models.Dashboard:
-        return Dashboard.get_dashboard_by_uri(session, uri)
+        return DashboardRepository.get_dashboard_by_uri(session, uri)
 
     @staticmethod
     def get_dashboard_by_uri(session, uri) -> models.Dashboard:
@@ -162,7 +162,7 @@ def paginated_user_dashboards(
         session, username, groups, uri, data=None, check_perm=None
     ) -> dict:
         return paginate(
-            query=Dashboard.query_user_dashboards(session, username, groups, data),
+            query=DashboardRepository.query_user_dashboards(session, username, groups, data),
             page=data.get('page', 1),
             page_size=data.get('pageSize', 10),
         ).to_dict()
@@ -220,7 +220,7 @@ def paginated_dashboard_shares(
         session, username, groups, uri, data=None, check_perm=None
     ) -> dict:
         return paginate(
-            query=Dashboard.query_dashboard_shares(
+            query=DashboardRepository.query_dashboard_shares(
                 session, username, groups, uri, data
             ),
             page=data.get('page', 1),
@@ -241,7 +241,7 @@ def update_dashboard(
 
         dashboard = data.get(
             'dashboard',
-            Dashboard.get_dashboard_by_uri(session, data['dashboardUri']),
+            DashboardRepository.get_dashboard_by_uri(session, data['dashboardUri']),
         )
 
         for k in data.keys():
@@ -258,7 +258,7 @@ def update_dashboard(
         environment: models.Environment = Environment.get_environment_by_uri(
             session, dashboard.environmentUri
         )
-        Dashboard.set_dashboard_resource_policy(
+        DashboardRepository.set_dashboard_resource_policy(
             session, environment, dashboard, dashboard.SamlGroupName
         )
         return dashboard
@@ -267,7 +267,7 @@ def update_dashboard(
     def delete_dashboard(
         session, username, groups, uri, data=None, check_perm=None
     ) -> bool:
-        dashboard = Dashboard.get_dashboard_by_uri(session, uri)
+        dashboard = DashboardRepository.get_dashboard_by_uri(session, uri)
         session.delete(dashboard)
         ResourcePolicy.delete_resource_policy(
             session=session, resource_uri=uri, group=dashboard.SamlGroupName
@@ -289,7 +289,7 @@ def request_dashboard_share(
         data: dict = None,
         check_perm: bool = False,
     ) -> models.DashboardShare:
-        dashboard = Dashboard.get_dashboard_by_uri(session, uri)
+        dashboard = DashboardRepository.get_dashboard_by_uri(session, uri)
         if dashboard.SamlGroupName == data['principalId']:
             raise exceptions.UnauthorizedOperation(
                 action=permissions.CREATE_DASHBOARD,
@@ -408,7 +408,7 @@ def share_dashboard(
         check_perm: bool = False,
     ) -> models.DashboardShare:
 
-        dashboard = Dashboard.get_dashboard_by_uri(session, uri)
+        dashboard = DashboardRepository.get_dashboard_by_uri(session, uri)
         share = models.DashboardShare(
             owner=username,
             dashboardUri=dashboard.dashboardUri,
diff --git a/backend/dataall/modules/dashboards/services/__init__.py b/backend/dataall/modules/dashboards/services/__init__.py
new file mode 100644
index 000000000..e69de29bb

From d528544f5ec75c61f63826890f2381a9c4ef43ef Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 24 May 2023 16:27:21 +0200
Subject: [PATCH 228/346] Moved dashboard models to the dashboard module

---
 backend/dataall/db/models/DashboardShare.py   |  24 ----
 backend/dataall/db/models/__init__.py         |   3 -
 .../modules/dashboards/api/resolvers.py       |  21 +--
 .../dashboards/db/dashboard_repository.py     | 121 +++++++++---------
 .../dashboards/db/models.py}                  |  23 +++-
 5 files changed, 94 insertions(+), 98 deletions(-)
 delete mode 100644 backend/dataall/db/models/DashboardShare.py
 rename backend/dataall/{db/models/Dashboard.py => modules/dashboards/db/models.py} (54%)

diff --git a/backend/dataall/db/models/DashboardShare.py b/backend/dataall/db/models/DashboardShare.py
deleted file mode 100644
index a8d25dca0..000000000
--- a/backend/dataall/db/models/DashboardShare.py
+++ /dev/null
@@ -1,24 +0,0 @@
-from enum import Enum
-
-from sqlalchemy import Column, String
-
-from .. import Base, utils
-
-
-class DashboardShareStatus(Enum):
-    REQUESTED = 'REQUESTED'
-    APPROVED = 'APPROVED'
-    REJECTED = 'REJECTED'
-
-
-class DashboardShare(Base):
-    __tablename__ = 'dashboardshare'
-    shareUri = Column(
-        String, nullable=False, primary_key=True, default=utils.uuid('shareddashboard')
-    )
-    dashboardUri = Column(String, nullable=False, default=utils.uuid('dashboard'))
-    SamlGroupName = Column(String, nullable=False)
-    owner = Column(String, nullable=True)
-    status = Column(
-        String, nullable=False, default=DashboardShareStatus.REQUESTED.value
-    )
diff --git a/backend/dataall/db/models/__init__.py b/backend/dataall/db/models/__init__.py
index 4e7e9a8b6..beb40102c 100644
--- a/backend/dataall/db/models/__init__.py
+++ b/backend/dataall/db/models/__init__.py
@@ -1,9 +1,6 @@
 from .Enums import *
 from .Activity import Activity
 from .KeyValueTag import KeyValueTag
-from .Dashboard import Dashboard
-from .DashboardShare import DashboardShare
-from .DashboardShare import DashboardShareStatus
 from .Environment import Environment
 from .EnvironmentGroup import EnvironmentGroup
 from .FeedMessage import FeedMessage
diff --git a/backend/dataall/modules/dashboards/api/resolvers.py b/backend/dataall/modules/dashboards/api/resolvers.py
index 9fe909154..0dfc65e82 100644
--- a/backend/dataall/modules/dashboards/api/resolvers.py
+++ b/backend/dataall/modules/dashboards/api/resolvers.py
@@ -7,6 +7,7 @@
 from dataall.db import permissions, models
 from dataall.db.api import ResourcePolicy, Glossary, Vote
 from dataall.modules.dashboards.db.dashboard_repository import DashboardRepository
+from dataall.modules.dashboards.db.models import Dashboard
 from dataall.utils import Parameter
 from dataall.searchproxy.indexers import DashboardIndexer
 
@@ -18,7 +19,7 @@
 
 def get_quicksight_reader_url(context, source, dashboardUri: str = None):
     with context.engine.scoped_session() as session:
-        dash: models.Dashboard = session.query(models.Dashboard).get(dashboardUri)
+        dash: Dashboard = session.query(Dashboard).get(dashboardUri)
         env: models.Environment = session.query(models.Environment).get(
             dash.environmentUri
         )
@@ -198,7 +199,7 @@ def get_dashboard(context: Context, source, dashboardUri: str = None):
         )
 
 
-def resolve_user_role(context: Context, source: models.Dashboard):
+def resolve_user_role(context: Context, source: Dashboard):
     if context.username and source.owner == context.username:
         return DashboardRole.Creator.value
     elif context.groups and source.SamlGroupName in context.groups:
@@ -206,7 +207,7 @@ def resolve_user_role(context: Context, source: models.Dashboard):
     return DashboardRole.Shared.value
 
 
-def get_dashboard_organization(context: Context, source: models.Dashboard, **kwargs):
+def get_dashboard_organization(context: Context, source: Dashboard, **kwargs):
     with context.engine.scoped_session() as session:
         org = session.query(models.Organization).get(source.organizationUri)
     return org
@@ -214,7 +215,7 @@ def get_dashboard_organization(context: Context, source: models.Dashboard, **kwa
 
 def request_dashboard_share(
     context: Context,
-    source: models.Dashboard,
+    source: Dashboard,
     principalId: str = None,
     dashboardUri: str = None,
 ):
@@ -231,7 +232,7 @@ def request_dashboard_share(
 
 def approve_dashboard_share(
     context: Context,
-    source: models.Dashboard,
+    source: Dashboard,
     shareUri: str = None,
 ):
     with context.engine.scoped_session() as session:
@@ -249,7 +250,7 @@ def approve_dashboard_share(
 
 def reject_dashboard_share(
     context: Context,
-    source: models.Dashboard,
+    source: Dashboard,
     shareUri: str = None,
 ):
     with context.engine.scoped_session() as session:
@@ -267,7 +268,7 @@ def reject_dashboard_share(
 
 def list_dashboard_shares(
     context: Context,
-    source: models.Dashboard,
+    source: Dashboard,
     dashboardUri: str = None,
     filter: dict = None,
 ):
@@ -286,7 +287,7 @@ def list_dashboard_shares(
 
 def share_dashboard(
     context: Context,
-    source: models.Dashboard,
+    source: Dashboard,
     principalId: str = None,
     dashboardUri: str = None,
 ):
@@ -315,14 +316,14 @@ def delete_dashboard(context: Context, source, dashboardUri: str = None):
         return True
 
 
-def resolve_glossary_terms(context: Context, source: models.Dashboard, **kwargs):
+def resolve_glossary_terms(context: Context, source: Dashboard, **kwargs):
     with context.engine.scoped_session() as session:
         return Glossary.get_glossary_terms_links(
             session, source.dashboardUri, 'Dashboard'
         )
 
 
-def resolve_upvotes(context: Context, source: models.Dashboard, **kwargs):
+def resolve_upvotes(context: Context, source: Dashboard, **kwargs):
     with context.engine.scoped_session() as session:
         return Vote.count_upvotes(
             session, None, None, source.dashboardUri, data={'targetType': 'dashboard'}
diff --git a/backend/dataall/modules/dashboards/db/dashboard_repository.py b/backend/dataall/modules/dashboards/db/dashboard_repository.py
index 58da82d9e..41984e8a5 100644
--- a/backend/dataall/modules/dashboards/db/dashboard_repository.py
+++ b/backend/dataall/modules/dashboards/db/dashboard_repository.py
@@ -12,6 +12,7 @@
     Glossary,
     Vote,
 )
+from dataall.modules.dashboards.db.models import DashboardShare, DashboardShareStatus, Dashboard
 
 logger = logging.getLogger(__name__)
 
@@ -27,7 +28,7 @@ def import_dashboard(
         uri: str,
         data: dict = None,
         check_perm: bool = False,
-    ) -> models.Dashboard:
+    ) -> Dashboard:
         if not data:
             raise exceptions.RequiredParameter(data)
         if not data.get('environmentUri'):
@@ -51,7 +52,7 @@ def import_dashboard(
         env: models.Environment = data.get(
             'environment', Environment.get_environment_by_uri(session, uri)
         )
-        dashboard: models.Dashboard = models.Dashboard(
+        dashboard: Dashboard = Dashboard(
             label=data.get('label', 'untitled'),
             environmentUri=data.get('environmentUri'),
             organizationUri=env.organizationUri,
@@ -97,7 +98,7 @@ def set_dashboard_resource_policy(session, environment, dashboard, group):
             group=group,
             permissions=permissions.DASHBOARD_ALL,
             resource_uri=dashboard.dashboardUri,
-            resource_type=models.Dashboard.__name__,
+            resource_type=Dashboard.__name__,
         )
         if environment.SamlGroupName != dashboard.SamlGroupName:
             ResourcePolicy.attach_resource_policy(
@@ -105,7 +106,7 @@ def set_dashboard_resource_policy(session, environment, dashboard, group):
                 group=environment.SamlGroupName,
                 permissions=permissions.DASHBOARD_ALL,
                 resource_uri=dashboard.dashboardUri,
-                resource_type=models.Dashboard.__name__,
+                resource_type=Dashboard.__name__,
             )
 
     @staticmethod
@@ -118,12 +119,12 @@ def get_dashboard(
         uri: str,
         data: dict = None,
         check_perm: bool = False,
-    ) -> models.Dashboard:
+    ) -> Dashboard:
         return DashboardRepository.get_dashboard_by_uri(session, uri)
 
     @staticmethod
-    def get_dashboard_by_uri(session, uri) -> models.Dashboard:
-        dashboard: models.Dashboard = session.query(models.Dashboard).get(uri)
+    def get_dashboard_by_uri(session, uri) -> Dashboard:
+        dashboard: Dashboard = session.query(Dashboard).get(uri)
         if not dashboard:
             raise exceptions.ObjectNotFound('Dashboard', uri)
         return dashboard
@@ -131,19 +132,19 @@ def get_dashboard_by_uri(session, uri) -> models.Dashboard:
     @staticmethod
     def query_user_dashboards(session, username, groups, filter) -> Query:
         query = (
-            session.query(models.Dashboard)
+            session.query(Dashboard)
             .outerjoin(
-                models.DashboardShare,
-                models.Dashboard.dashboardUri == models.DashboardShare.dashboardUri,
+                DashboardShare,
+                Dashboard.dashboardUri == DashboardShare.dashboardUri,
             )
             .filter(
                 or_(
-                    models.Dashboard.owner == username,
-                    models.Dashboard.SamlGroupName.in_(groups),
+                    Dashboard.owner == username,
+                    Dashboard.SamlGroupName.in_(groups),
                     and_(
-                        models.DashboardShare.SamlGroupName.in_(groups),
-                        models.DashboardShare.status
-                        == models.DashboardShareStatus.APPROVED.value,
+                        DashboardShare.SamlGroupName.in_(groups),
+                        DashboardShare.status
+                        == DashboardShareStatus.APPROVED.value,
                     ),
                 )
             )
@@ -151,8 +152,8 @@ def query_user_dashboards(session, username, groups, filter) -> Query:
         if filter and filter.get('term'):
             query = query.filter(
                 or_(
-                    models.Dashboard.description.ilike(filter.get('term') + '%%'),
-                    models.Dashboard.label.ilike(filter.get('term') + '%%'),
+                    Dashboard.description.ilike(filter.get('term') + '%%'),
+                    Dashboard.label.ilike(filter.get('term') + '%%'),
                 )
             )
         return query
@@ -170,17 +171,17 @@ def paginated_user_dashboards(
     @staticmethod
     def query_dashboard_shares(session, username, groups, uri, filter) -> Query:
         query = (
-            session.query(models.DashboardShare)
+            session.query(DashboardShare)
             .join(
-                models.Dashboard,
-                models.Dashboard.dashboardUri == models.DashboardShare.dashboardUri,
+                Dashboard,
+                Dashboard.dashboardUri == DashboardShare.dashboardUri,
             )
             .filter(
                 and_(
-                    models.DashboardShare.dashboardUri == uri,
+                    DashboardShare.dashboardUri == uri,
                     or_(
-                        models.Dashboard.owner == username,
-                        models.Dashboard.SamlGroupName.in_(groups),
+                        Dashboard.owner == username,
+                        Dashboard.SamlGroupName.in_(groups),
                     ),
                 )
             )
@@ -188,10 +189,10 @@ def query_dashboard_shares(session, username, groups, uri, filter) -> Query:
         if filter and filter.get('term'):
             query = query.filter(
                 or_(
-                    models.DashboardShare.SamlGroupName.ilike(
+                    DashboardShare.SamlGroupName.ilike(
                         filter.get('term') + '%%'
                     ),
-                    models.Dashboard.label.ilike(filter.get('term') + '%%'),
+                    Dashboard.label.ilike(filter.get('term') + '%%'),
                 )
             )
         return query
@@ -199,11 +200,11 @@ def query_dashboard_shares(session, username, groups, uri, filter) -> Query:
     @staticmethod
     def query_all_user_groups_shareddashboard(session, username, groups, uri) -> Query:
         query = (
-            session.query(models.DashboardShare)
+            session.query(DashboardShare)
             .filter(
                 and_(
-                    models.DashboardShare.dashboardUri == uri,
-                    models.DashboardShare.SamlGroupName.in_(groups),
+                    DashboardShare.dashboardUri == uri,
+                    DashboardShare.SamlGroupName.in_(groups),
                 )
             )
         )
@@ -237,7 +238,7 @@ def update_dashboard(
         uri: str,
         data: dict = None,
         check_perm: bool = False,
-    ) -> models.Dashboard:
+    ) -> Dashboard:
 
         dashboard = data.get(
             'dashboard',
@@ -288,35 +289,35 @@ def request_dashboard_share(
         uri: str,
         data: dict = None,
         check_perm: bool = False,
-    ) -> models.DashboardShare:
+    ) -> DashboardShare:
         dashboard = DashboardRepository.get_dashboard_by_uri(session, uri)
         if dashboard.SamlGroupName == data['principalId']:
             raise exceptions.UnauthorizedOperation(
                 action=permissions.CREATE_DASHBOARD,
                 message=f'Team {dashboard.SamlGroupName} is the owner of the dashboard {dashboard.label}',
             )
-        share: models.DashboardShare = (
-            session.query(models.DashboardShare)
+        share: DashboardShare = (
+            session.query(DashboardShare)
             .filter(
-                models.DashboardShare.dashboardUri == uri,
-                models.DashboardShare.SamlGroupName == data['principalId'],
+                DashboardShare.dashboardUri == uri,
+                DashboardShare.SamlGroupName == data['principalId'],
             )
             .first()
         )
         if not share:
-            share = models.DashboardShare(
+            share = DashboardShare(
                 owner=username,
                 dashboardUri=dashboard.dashboardUri,
                 SamlGroupName=data['principalId'],
-                status=models.DashboardShareStatus.REQUESTED.value,
+                status=DashboardShareStatus.REQUESTED.value,
             )
             session.add(share)
         else:
-            if share.status not in models.DashboardShareStatus.__members__:
+            if share.status not in DashboardShareStatus.__members__:
                 raise exceptions.InvalidInput(
                     'Share status',
                     share.status,
-                    str(models.DashboardShareStatus.__members__),
+                    str(DashboardShareStatus.__members__),
                 )
             if share.status == 'REJECTED':
                 share.status = 'REQUESTED'
@@ -333,29 +334,29 @@ def approve_dashboard_share(
         uri: str,
         data: dict = None,
         check_perm: bool = False,
-    ) -> models.DashboardShare:
+    ) -> DashboardShare:
 
-        share: models.DashboardShare = data.get(
-            'share', session.query(models.DashboardShare).get(data['shareUri'])
+        share: DashboardShare = data.get(
+            'share', session.query(DashboardShare).get(data['shareUri'])
         )
 
-        if share.status not in models.DashboardShareStatus.__members__:
+        if share.status not in DashboardShareStatus.__members__:
             raise exceptions.InvalidInput(
                 'Share status',
                 share.status,
-                str(models.DashboardShareStatus.__members__),
+                str(DashboardShareStatus.__members__),
             )
-        if share.status == models.DashboardShareStatus.APPROVED.value:
+        if share.status == DashboardShareStatus.APPROVED.value:
             return share
 
-        share.status = models.DashboardShareStatus.APPROVED.value
+        share.status = DashboardShareStatus.APPROVED.value
 
         ResourcePolicy.attach_resource_policy(
             session=session,
             group=share.SamlGroupName,
             permissions=[permissions.GET_DASHBOARD],
             resource_uri=share.dashboardUri,
-            resource_type=models.Dashboard.__name__,
+            resource_type=Dashboard.__name__,
         )
 
         return share
@@ -370,28 +371,28 @@ def reject_dashboard_share(
         uri: str,
         data: dict = None,
         check_perm: bool = False,
-    ) -> models.DashboardShare:
+    ) -> DashboardShare:
 
-        share: models.DashboardShare = data.get(
-            'share', session.query(models.DashboardShare).get(data['shareUri'])
+        share: DashboardShare = data.get(
+            'share', session.query(DashboardShare).get(data['shareUri'])
         )
 
-        if share.status not in models.DashboardShareStatus.__members__:
+        if share.status not in DashboardShareStatus.__members__:
             raise exceptions.InvalidInput(
                 'Share status',
                 share.status,
-                str(models.DashboardShareStatus.__members__),
+                str(DashboardShareStatus.__members__),
             )
-        if share.status == models.DashboardShareStatus.REJECTED.value:
+        if share.status == DashboardShareStatus.REJECTED.value:
             return share
 
-        share.status = models.DashboardShareStatus.REJECTED.value
+        share.status = DashboardShareStatus.REJECTED.value
 
         ResourcePolicy.delete_resource_policy(
             session=session,
             group=share.SamlGroupName,
             resource_uri=share.dashboardUri,
-            resource_type=models.Dashboard.__name__,
+            resource_type=Dashboard.__name__,
         )
 
         return share
@@ -406,14 +407,14 @@ def share_dashboard(
         uri: str,
         data: dict = None,
         check_perm: bool = False,
-    ) -> models.DashboardShare:
+    ) -> DashboardShare:
 
         dashboard = DashboardRepository.get_dashboard_by_uri(session, uri)
-        share = models.DashboardShare(
+        share = DashboardShare(
             owner=username,
             dashboardUri=dashboard.dashboardUri,
             SamlGroupName=data['principalId'],
-            status=models.DashboardShareStatus.APPROVED.value,
+            status=DashboardShareStatus.APPROVED.value,
         )
         session.add(share)
         ResourcePolicy.attach_resource_policy(
@@ -421,13 +422,13 @@ def share_dashboard(
             group=data['principalId'],
             permissions=[permissions.GET_DASHBOARD],
             resource_uri=dashboard.dashboardUri,
-            resource_type=models.Dashboard.__name__,
+            resource_type=Dashboard.__name__,
         )
         return share
 
     @staticmethod
-    def get_dashboard_share_by_uri(session, uri) -> models.DashboardShare:
-        share: models.DashboardShare = session.query(models.DashboardShare).get(uri)
+    def get_dashboard_share_by_uri(session, uri) -> DashboardShare:
+        share: DashboardShare = session.query(DashboardShare).get(uri)
         if not share:
             raise exceptions.ObjectNotFound('DashboardShare', uri)
         return share
diff --git a/backend/dataall/db/models/Dashboard.py b/backend/dataall/modules/dashboards/db/models.py
similarity index 54%
rename from backend/dataall/db/models/Dashboard.py
rename to backend/dataall/modules/dashboards/db/models.py
index 0b12ecd96..2c5946f6e 100644
--- a/backend/dataall/db/models/Dashboard.py
+++ b/backend/dataall/modules/dashboards/db/models.py
@@ -1,7 +1,28 @@
+from enum import Enum
+
 from sqlalchemy import Column, String, ForeignKey
 from sqlalchemy.orm import query_expression
 
-from .. import Base, Resource, utils
+from dataall.db import Base, Resource, utils
+
+
+class DashboardShareStatus(Enum):
+    REQUESTED = 'REQUESTED'
+    APPROVED = 'APPROVED'
+    REJECTED = 'REJECTED'
+
+
+class DashboardShare(Base):
+    __tablename__ = 'dashboardshare'
+    shareUri = Column(
+        String, nullable=False, primary_key=True, default=utils.uuid('shareddashboard')
+    )
+    dashboardUri = Column(String, nullable=False, default=utils.uuid('dashboard'))
+    SamlGroupName = Column(String, nullable=False)
+    owner = Column(String, nullable=True)
+    status = Column(
+        String, nullable=False, default=DashboardShareStatus.REQUESTED.value
+    )
 
 
 class Dashboard(Resource, Base):

From c3e2b3715c541fc0e026bf88e30e57d54b2f0934 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 24 May 2023 16:42:23 +0200
Subject: [PATCH 229/346] Moved Dashboard's feed and glossary code

---
 backend/dataall/api/Objects/Feed/registry.py     |  1 -
 backend/dataall/api/Objects/Glossary/registry.py | 11 +----------
 backend/dataall/modules/dashboards/__init__.py   | 14 ++++++++++++++
 3 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/backend/dataall/api/Objects/Feed/registry.py b/backend/dataall/api/Objects/Feed/registry.py
index ad5ce108a..0f529e469 100644
--- a/backend/dataall/api/Objects/Feed/registry.py
+++ b/backend/dataall/api/Objects/Feed/registry.py
@@ -37,4 +37,3 @@ def types(cls):
 
 
 FeedRegistry.register(FeedDefinition("DataPipeline", models.DataPipeline))
-FeedRegistry.register(FeedDefinition("Dashboard", models.Dashboard))
diff --git a/backend/dataall/api/Objects/Glossary/registry.py b/backend/dataall/api/Objects/Glossary/registry.py
index 27c534368..132765a69 100644
--- a/backend/dataall/api/Objects/Glossary/registry.py
+++ b/backend/dataall/api/Objects/Glossary/registry.py
@@ -3,8 +3,7 @@
 
 from dataall.api import gql
 from dataall.api.gql.graphql_union_type import UnionTypeRegistry
-from dataall.db import Resource, models
-from dataall.searchproxy.indexers import DashboardIndexer
+from dataall.db import Resource
 from dataall.searchproxy.base_indexer import BaseIndexer
 
 
@@ -58,11 +57,3 @@ def reindex(cls, session, target_type: str, target_uri: str):
         definition = cls._DEFINITIONS[target_type]
         if definition.reindexer:
             definition.reindexer.upsert(session, target_uri)
-
-
-GlossaryRegistry.register(GlossaryDefinition(
-    target_type="Dashboard",
-    object_type="Dashboard",
-    model=models.Dashboard,
-    reindexer=DashboardIndexer
-))
diff --git a/backend/dataall/modules/dashboards/__init__.py b/backend/dataall/modules/dashboards/__init__.py
index 2dddbce24..e1ba86ab1 100644
--- a/backend/dataall/modules/dashboards/__init__.py
+++ b/backend/dataall/modules/dashboards/__init__.py
@@ -1,6 +1,7 @@
 """Contains the code related to dashboards"""
 import logging
 
+from dataall.modules.dashboards.db.models import Dashboard
 from dataall.modules.loader import ImportMode, ModuleInterface
 
 log = logging.getLogger(__name__)
@@ -15,3 +16,16 @@ def is_supported(modes):
 
     def __init__(self):
         import dataall.modules.dashboards.api
+        from dataall.api.Objects.Feed.registry import FeedRegistry, FeedDefinition
+        from dataall.api.Objects.Glossary.registry import GlossaryRegistry, GlossaryDefinition
+        from dataall.searchproxy.indexers import DashboardIndexer
+
+        FeedRegistry.register(FeedDefinition("Dashboard", Dashboard))
+
+        GlossaryRegistry.register(GlossaryDefinition(
+            target_type="Dashboard",
+            object_type="Dashboard",
+            model=Dashboard,
+            reindexer=DashboardIndexer
+        ))
+

From ace2b021b2ea15ecbbe7f124b0f897ceb1c3a62c Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 25 May 2023 10:54:14 +0200
Subject: [PATCH 230/346] Moved DashboardIndexer

---
 backend/dataall/api/Objects/Vote/resolvers.py |  5 ---
 .../dataall/modules/dashboards/__init__.py    |  5 ++-
 .../modules/dashboards/api/resolvers.py       |  2 +-
 .../modules/dashboards/indexers/__init__.py   |  0
 .../dashboards/indexers/dashboard_indexer.py} | 34 +++++++++----------
 5 files changed, 22 insertions(+), 24 deletions(-)
 create mode 100644 backend/dataall/modules/dashboards/indexers/__init__.py
 rename backend/dataall/{searchproxy/indexers.py => modules/dashboards/indexers/dashboard_indexer.py} (69%)

diff --git a/backend/dataall/api/Objects/Vote/resolvers.py b/backend/dataall/api/Objects/Vote/resolvers.py
index b9a14e117..5cbcff7c2 100644
--- a/backend/dataall/api/Objects/Vote/resolvers.py
+++ b/backend/dataall/api/Objects/Vote/resolvers.py
@@ -2,7 +2,6 @@
 
 from dataall import db
 from dataall.api.context import Context
-from dataall.searchproxy.indexers import DashboardIndexer
 from dataall.searchproxy.base_indexer import BaseIndexer
 
 _VOTE_TYPES: Dict[str, Type[BaseIndexer]] = {}
@@ -51,7 +50,3 @@ def get_vote(context: Context, source, targetUri: str = None, targetType: str =
             data={'targetType': targetType},
             check_perm=True,
         )
-
-
-# TODO should migrate after into the Dashboard module
-add_vote_type("dashboard", DashboardIndexer)
diff --git a/backend/dataall/modules/dashboards/__init__.py b/backend/dataall/modules/dashboards/__init__.py
index e1ba86ab1..ee6a15be7 100644
--- a/backend/dataall/modules/dashboards/__init__.py
+++ b/backend/dataall/modules/dashboards/__init__.py
@@ -18,7 +18,8 @@ def __init__(self):
         import dataall.modules.dashboards.api
         from dataall.api.Objects.Feed.registry import FeedRegistry, FeedDefinition
         from dataall.api.Objects.Glossary.registry import GlossaryRegistry, GlossaryDefinition
-        from dataall.searchproxy.indexers import DashboardIndexer
+        from dataall.api.Objects.Vote.resolvers import add_vote_type
+        from dataall.modules.dashboards.indexers.dashboard_indexer import DashboardIndexer
 
         FeedRegistry.register(FeedDefinition("Dashboard", Dashboard))
 
@@ -29,3 +30,5 @@ def __init__(self):
             reindexer=DashboardIndexer
         ))
 
+        add_vote_type("dashboard", DashboardIndexer)
+
diff --git a/backend/dataall/modules/dashboards/api/resolvers.py b/backend/dataall/modules/dashboards/api/resolvers.py
index 0dfc65e82..5545cf219 100644
--- a/backend/dataall/modules/dashboards/api/resolvers.py
+++ b/backend/dataall/modules/dashboards/api/resolvers.py
@@ -9,7 +9,7 @@
 from dataall.modules.dashboards.db.dashboard_repository import DashboardRepository
 from dataall.modules.dashboards.db.models import Dashboard
 from dataall.utils import Parameter
-from dataall.searchproxy.indexers import DashboardIndexer
+from dataall.modules.dashboards.indexers.dashboard_indexer import DashboardIndexer
 
 param_store = Parameter()
 ENVNAME = os.getenv("envname", "local")
diff --git a/backend/dataall/modules/dashboards/indexers/__init__.py b/backend/dataall/modules/dashboards/indexers/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/backend/dataall/searchproxy/indexers.py b/backend/dataall/modules/dashboards/indexers/dashboard_indexer.py
similarity index 69%
rename from backend/dataall/searchproxy/indexers.py
rename to backend/dataall/modules/dashboards/indexers/dashboard_indexer.py
index 4655de65a..8c17ca75d 100644
--- a/backend/dataall/searchproxy/indexers.py
+++ b/backend/dataall/modules/dashboards/indexers/dashboard_indexer.py
@@ -1,43 +1,43 @@
 import logging
 
-from .. import db
-from ..db import models
+from dataall import db
+from dataall.db import models
 from dataall.searchproxy.base_indexer import BaseIndexer
+from dataall.modules.dashboards.db.models import Dashboard
 
 log = logging.getLogger(__name__)
 
 
-# TODO Should be moved to dashboard module
 class DashboardIndexer(BaseIndexer):
     @classmethod
     def upsert(cls, session, dashboard_uri: str):
         dashboard = (
             session.query(
-                models.Dashboard.dashboardUri.label('uri'),
-                models.Dashboard.name.label('name'),
-                models.Dashboard.owner.label('owner'),
-                models.Dashboard.label.label('label'),
-                models.Dashboard.description.label('description'),
-                models.Dashboard.tags.label('tags'),
-                models.Dashboard.region.label('region'),
+                Dashboard.dashboardUri.label('uri'),
+                Dashboard.name.label('name'),
+                Dashboard.owner.label('owner'),
+                Dashboard.label.label('label'),
+                Dashboard.description.label('description'),
+                Dashboard.tags.label('tags'),
+                Dashboard.region.label('region'),
                 models.Organization.organizationUri.label('orgUri'),
                 models.Organization.name.label('orgName'),
                 models.Environment.environmentUri.label('envUri'),
                 models.Environment.name.label('envName'),
-                models.Dashboard.SamlGroupName.label('admins'),
-                models.Dashboard.created,
-                models.Dashboard.updated,
-                models.Dashboard.deleted,
+                Dashboard.SamlGroupName.label('admins'),
+                Dashboard.created,
+                Dashboard.updated,
+                Dashboard.deleted,
             )
             .join(
                 models.Organization,
-                models.Dashboard.organizationUri == models.Dashboard.organizationUri,
+                Dashboard.organizationUri == Dashboard.organizationUri,
             )
             .join(
                 models.Environment,
-                models.Dashboard.environmentUri == models.Environment.environmentUri,
+                Dashboard.environmentUri == models.Environment.environmentUri,
             )
-            .filter(models.Dashboard.dashboardUri == dashboard_uri)
+            .filter(Dashboard.dashboardUri == dashboard_uri)
             .first()
         )
         if dashboard:

From 1f340c06c659fd10d3dcb644d734b714c240410a Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 25 May 2023 10:56:48 +0200
Subject: [PATCH 231/346] Renamed the file name

---
 backend/dataall/modules/datasets/__init__.py                    | 2 +-
 .../indexers/{catalog_indexer.py => dataset_catalog_indexer.py} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)
 rename backend/dataall/modules/datasets/indexers/{catalog_indexer.py => dataset_catalog_indexer.py} (100%)

diff --git a/backend/dataall/modules/datasets/__init__.py b/backend/dataall/modules/datasets/__init__.py
index 61161caf1..08301b47b 100644
--- a/backend/dataall/modules/datasets/__init__.py
+++ b/backend/dataall/modules/datasets/__init__.py
@@ -138,6 +138,6 @@ def is_supported(modes: Set[ImportMode]) -> bool:
 
     def __init__(self):
         from dataall.tasks.catalog_indexer import register_catalog_indexer
-        from dataall.modules.datasets.indexers.catalog_indexer import DatasetCatalogIndexer
+        from dataall.modules.datasets.indexers.dataset_catalog_indexer import DatasetCatalogIndexer
 
         register_catalog_indexer(DatasetCatalogIndexer())
diff --git a/backend/dataall/modules/datasets/indexers/catalog_indexer.py b/backend/dataall/modules/datasets/indexers/dataset_catalog_indexer.py
similarity index 100%
rename from backend/dataall/modules/datasets/indexers/catalog_indexer.py
rename to backend/dataall/modules/datasets/indexers/dataset_catalog_indexer.py

From 880963e632055b5a77291760df0ffbb6749c968e Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 25 May 2023 11:55:50 +0200
Subject: [PATCH 232/346] Created dashboard_catalog_indexer

---
 .../indexers/dashboard_catalog_indexer.py     | 19 +++++++++++++++++++
 backend/dataall/tasks/catalog_indexer.py      |  9 +++++----
 2 files changed, 24 insertions(+), 4 deletions(-)
 create mode 100644 backend/dataall/modules/dashboards/indexers/dashboard_catalog_indexer.py

diff --git a/backend/dataall/modules/dashboards/indexers/dashboard_catalog_indexer.py b/backend/dataall/modules/dashboards/indexers/dashboard_catalog_indexer.py
new file mode 100644
index 000000000..74fa18fa0
--- /dev/null
+++ b/backend/dataall/modules/dashboards/indexers/dashboard_catalog_indexer.py
@@ -0,0 +1,19 @@
+import logging
+
+from dataall.modules.dashboards import Dashboard
+from dataall.modules.dashboards.indexers.dashboard_indexer import DashboardIndexer
+from dataall.tasks.catalog_indexer import CatalogIndexer
+
+log = logging.getLogger(__name__)
+
+
+class DashboardCatalogIndexer(CatalogIndexer):
+
+    def index(self, session) -> int:
+        all_dashboards: [Dashboard] = session.query(Dashboard).all()
+        log.info(f'Found {len(all_dashboards)} dashboards')
+        dashboard: Dashboard
+        for dashboard in all_dashboards:
+            DashboardIndexer.upsert(session=session, dashboard_uri=dashboard.dashboardUri)
+
+        return len(all_dashboards)
diff --git a/backend/dataall/tasks/catalog_indexer.py b/backend/dataall/tasks/catalog_indexer.py
index 99313d5a8..4f291941e 100644
--- a/backend/dataall/tasks/catalog_indexer.py
+++ b/backend/dataall/tasks/catalog_indexer.py
@@ -4,9 +4,10 @@
 from abc import ABC
 from typing import List
 
-from dataall.db import get_engine, models
+from dataall.db import get_engine
+from dataall.modules.dashboards.db.models import Dashboard
 from dataall.modules.loader import load_modules, ImportMode
-from dataall.searchproxy.indexers import DashboardIndexer
+from dataall.modules.dashboards.indexers.dashboard_indexer import DashboardIndexer
 from dataall.utils.alarm_service import AlarmService
 
 root = logging.getLogger()
@@ -37,9 +38,9 @@ def index_objects(engine):
             for indexer in _indexers:
                 indexed_objects_counter += indexer.index(session)
 
-            all_dashboards: [models.Dashboard] = session.query(models.Dashboard).all()
+            all_dashboards: [Dashboard] = session.query(Dashboard).all()
             log.info(f'Found {len(all_dashboards)} dashboards')
-            dashboard: models.Dashboard
+            dashboard: Dashboard
             for dashboard in all_dashboards:
                 DashboardIndexer.upsert(session=session, dashboard_uri=dashboard.dashboardUri)
                 indexed_objects_counter = indexed_objects_counter + 1

From c97b5e98c2f13a8d1d135ea74212d65978ac72f6 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 25 May 2023 12:02:37 +0200
Subject: [PATCH 233/346] Implemented EnvironmentResource for dashboards

---
 backend/dataall/db/api/environment.py         |  5 -----
 .../dataall/modules/dashboards/__init__.py    | 19 ++++++++++++++++++-
 .../dashboards/db/dashboard_repository.py     | 16 +++++++++++++++-
 3 files changed, 33 insertions(+), 7 deletions(-)

diff --git a/backend/dataall/db/api/environment.py b/backend/dataall/db/api/environment.py
index 360a07d3c..be33a07c2 100644
--- a/backend/dataall/db/api/environment.py
+++ b/backend/dataall/db/api/environment.py
@@ -361,10 +361,6 @@ def remove_group(session, username, groups, uri, data=None, check_perm=None):
                 models.DataPipeline,
                 models.DataPipeline.environmentUri == models.Environment.environmentUri,
             )
-            .outerjoin(
-                models.Dashboard,
-                models.Dashboard.environmentUri == models.Environment.environmentUri,
-            )
             .filter(
                 and_(
                     models.Environment.environmentUri == environment.environmentUri,
@@ -372,7 +368,6 @@ def remove_group(session, username, groups, uri, data=None, check_perm=None):
                         models.RedshiftCluster.SamlGroupName == group,
                         models.SagemakerStudioUserProfile.SamlAdminGroupName == group,
                         models.DataPipeline.SamlGroupName == group,
-                        models.Dashboard.SamlGroupName == group,
                     ),
                 )
             )
diff --git a/backend/dataall/modules/dashboards/__init__.py b/backend/dataall/modules/dashboards/__init__.py
index ee6a15be7..d85e9f9fe 100644
--- a/backend/dataall/modules/dashboards/__init__.py
+++ b/backend/dataall/modules/dashboards/__init__.py
@@ -1,6 +1,9 @@
 """Contains the code related to dashboards"""
 import logging
+from typing import Set
 
+from dataall.core.group.services.group_resource_manager import EnvironmentResourceManager
+from dataall.modules.dashboards.db.dashboard_repository import DashboardRepository
 from dataall.modules.dashboards.db.models import Dashboard
 from dataall.modules.loader import ImportMode, ModuleInterface
 
@@ -11,7 +14,7 @@ class DashboardApiModuleInterface(ModuleInterface):
     """Implements ModuleInterface for dashboard GraphQl lambda"""
 
     @staticmethod
-    def is_supported(modes):
+    def is_supported(modes: Set[ImportMode]) -> bool:
         return ImportMode.API in modes
 
     def __init__(self):
@@ -32,3 +35,17 @@ def __init__(self):
 
         add_vote_type("dashboard", DashboardIndexer)
 
+        EnvironmentResourceManager.register(DashboardRepository())
+
+
+class DatasetCatalogIndexerModuleInterface(ModuleInterface):
+
+    @staticmethod
+    def is_supported(modes: Set[ImportMode]) -> bool:
+        return ImportMode.CATALOG_INDEXER_TASK in modes
+
+    def __init__(self):
+        from dataall.tasks.catalog_indexer import register_catalog_indexer
+        from dataall.modules.dashboards.indexers.dashboard_catalog_indexer import DashboardCatalogIndexer
+
+        register_catalog_indexer(DashboardCatalogIndexer())
diff --git a/backend/dataall/modules/dashboards/db/dashboard_repository.py b/backend/dataall/modules/dashboards/db/dashboard_repository.py
index 41984e8a5..ac8cdd069 100644
--- a/backend/dataall/modules/dashboards/db/dashboard_repository.py
+++ b/backend/dataall/modules/dashboards/db/dashboard_repository.py
@@ -3,6 +3,7 @@
 from sqlalchemy import or_, and_
 from sqlalchemy.orm import Query
 
+from dataall.core.group.services.group_resource_manager import EnvironmentResource
 from dataall.db import models, exceptions, permissions, paginate
 from dataall.db.api import (
     Environment,
@@ -17,7 +18,20 @@
 logger = logging.getLogger(__name__)
 
 
-class DashboardRepository:
+class DashboardRepository(EnvironmentResource):
+
+    @staticmethod
+    def count_resources(session, environment, group_uri) -> int:
+        return (
+            session.query(Dashboard)
+            .filter(
+                and_(
+                    Dashboard.environmentUri == environment.environmentUri,
+                    Dashboard.SamlGroupName == group_uri
+                ))
+            .count()
+        )
+
     @staticmethod
     @has_tenant_perm(permissions.MANAGE_DASHBOARDS)
     @has_resource_perm(permissions.CREATE_DASHBOARD)

From 5d71bd6de1340dd7c744c767338447dd1f0606eb Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 25 May 2023 12:05:34 +0200
Subject: [PATCH 234/346] Fixed copy error

---
 backend/dataall/db/api/pipeline.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/dataall/db/api/pipeline.py b/backend/dataall/db/api/pipeline.py
index 6007be39d..02b313ee0 100644
--- a/backend/dataall/db/api/pipeline.py
+++ b/backend/dataall/db/api/pipeline.py
@@ -83,7 +83,7 @@ def create_pipeline(
             action='PIPELINE:CREATE',
             label='PIPELINE:CREATE',
             owner=username,
-            summary=f'{username} created dashboard {pipeline.label} in {environment.label}',
+            summary=f'{username} created pipeline {pipeline.label} in {environment.label}',
             targetUri=pipeline.DataPipelineUri,
             targetType='pipeline',
         )

From d0ea832bc8176baa7dc87624692e2f53701d9199 Mon Sep 17 00:00:00 2001
From: dlpzx <71252798+dlpzx@users.noreply.github.com>
Date: Thu, 25 May 2023 12:08:18 +0200
Subject: [PATCH 235/346] update auth-at-edge semantic version to latest 2.1.5
 (#480)

### Feature or Bugfix
- Bugfix

### Detail
Custom resources created by the
[cloudfront-authorization-at-edge](https://github.com/aws-samples/cloudfront-authorization-at-edge/blob/master/example-serverless-app-reuse/README.md)
application used in data.all use node12 for the version of the
application previously used (2.0.4). By upgrading to the latest version
(2.1.5) the Lambda custom resources used also use node14 at runtime.

After upgrading the semantic version, I performed the following tests:

- [X] upgrade a pre-existing deployment (Lambdas node12) and check that
the runtime has been updated to node14. See screenshot below.
- [X] open userguide (where auth at edge is used) in pre-existing
deployment
- [X] execute GraphQL APIs in pre-existing deployment
- [X] execute ES APIs in pre-existing deployment


![image](https://github.com/awslabs/aws-dataall/assets/71252798/4d50a8fb-0084-48ee-adb8-d11b20dd6b4a)

- [X] deploy data.all from scratch and check that the Lambdas deployed
use node14
- [X] open userguide (where auth at edge is used) in new deployment
- [X] execute GraphQL APIs in new deployment
- [X] execute ES APIs in new deployment


![image](https://github.com/awslabs/aws-dataall/assets/71252798/341124bd-c4c7-4a94-b53b-e451306e2653)

### Relates
- #479

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.
---
 deploy/stacks/auth_at_edge.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/deploy/stacks/auth_at_edge.py b/deploy/stacks/auth_at_edge.py
index c6d434867..052eb04b0 100644
--- a/deploy/stacks/auth_at_edge.py
+++ b/deploy/stacks/auth_at_edge.py
@@ -23,7 +23,7 @@ def __init__(self, scope, id, envname='dev', resource_prefix='dataall', **kwargs
             f'{resource_prefix}-{envname}-authatedge',
             location={
                 'applicationId': 'arn:aws:serverlessrepo:us-east-1:520945424137:applications/cloudfront-authorization-at-edge',
-                'semanticVersion': '2.0.4',
+                'semanticVersion': '2.1.5',
             },
             parameters={
                 'UserPoolArn': userpool_arn,

From f1a52a17fea4b9b4ee009aa866e66cba8fb07adb Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 25 May 2023 14:02:14 +0200
Subject: [PATCH 236/346] Added ShareEnvironmentResource

---
 backend/dataall/modules/dataset_sharing/__init__.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/backend/dataall/modules/dataset_sharing/__init__.py b/backend/dataall/modules/dataset_sharing/__init__.py
index 140fb4e0c..450d66047 100644
--- a/backend/dataall/modules/dataset_sharing/__init__.py
+++ b/backend/dataall/modules/dataset_sharing/__init__.py
@@ -1,6 +1,8 @@
 import logging
 from typing import List, Type, Set
 
+from dataall.core.group.services.group_resource_manager import EnvironmentResourceManager
+from dataall.modules.dataset_sharing.db.share_object_repository import ShareEnvironmentResource
 from dataall.modules.datasets_base import DatasetBaseModuleInterface
 from dataall.modules.loader import ModuleInterface, ImportMode
 
@@ -19,6 +21,8 @@ def depends_on() -> List[Type['ModuleInterface']]:
 
     def __init__(self):
         from dataall.modules.dataset_sharing import api
+
+        EnvironmentResourceManager.register(ShareEnvironmentResource())
         log.info("API of dataset sharing has been imported")
 
 

From 15d1a68f482cfb73c37cbcefe777cc8a1f8ba617 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 25 May 2023 15:46:40 +0200
Subject: [PATCH 237/346] Minor changes

---
 backend/dataall/modules/datasets/services/dataset_service.py  | 4 ++--
 .../dataall/modules/datasets_base/db/dataset_repository.py    | 4 ----
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/backend/dataall/modules/datasets/services/dataset_service.py b/backend/dataall/modules/datasets/services/dataset_service.py
index 891890100..f89f98b7c 100644
--- a/backend/dataall/modules/datasets/services/dataset_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_service.py
@@ -20,7 +20,7 @@
 from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
 from dataall.modules.datasets.services.dataset_permissions import CREDENTIALS_DATASET, SYNC_DATASET, CRAWL_DATASET, \
-    SUMMARY_DATASET, DELETE_DATASET, SUBSCRIPTIONS_DATASET, MANAGE_DATASETS, UPDATE_DATASET, LIST_ENVIRONMENT_DATASETS, \
+    DELETE_DATASET, SUBSCRIPTIONS_DATASET, MANAGE_DATASETS, UPDATE_DATASET, LIST_ENVIRONMENT_DATASETS, \
     CREATE_DATASET, DATASET_ALL, DATASET_READ
 from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base.db.enums import DatasetRole
@@ -105,7 +105,7 @@ def import_dataset(uri, admin_group, data):
     def get_dataset(uri):
         context = get_context()
         with context.db_engine.scoped_session() as session:
-            dataset = DatasetRepository.get_dataset(session, uri=uri)
+            dataset = DatasetRepository.get_dataset_by_uri(session, uri)
             if dataset.SamlAdminGroupName in context.groups:
                 dataset.userRoleForDataset = DatasetRole.Admin.value
             return dataset
diff --git a/backend/dataall/modules/datasets_base/db/dataset_repository.py b/backend/dataall/modules/datasets_base/db/dataset_repository.py
index 7481e33ba..d3697ca3f 100644
--- a/backend/dataall/modules/datasets_base/db/dataset_repository.py
+++ b/backend/dataall/modules/datasets_base/db/dataset_repository.py
@@ -148,10 +148,6 @@ def _set_dataset_aws_resources(dataset: Dataset, data, environment):
         dataset.GlueDataQualityTriggerName = f'{dataset.S3BucketName}-{dataset.datasetUri}-dqtrigger'
         return dataset
 
-    @staticmethod
-    def get_dataset(session, uri: str) -> Dataset:
-        return DatasetRepository.get_dataset_by_uri(session, uri)
-
     @staticmethod
     def paginated_dataset_tables(session, uri, data=None) -> dict:
         query = (

From 27076a35308e8c9e838710886c929317306928e3 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 25 May 2023 15:59:20 +0200
Subject: [PATCH 238/346] Moved dashboard permissions

---
 backend/dataall/db/permissions.py             | 28 -----------
 .../modules/dashboards/api/resolvers.py       | 19 ++++----
 .../dashboards/db/dashboard_repository.py     | 46 ++++++++++---------
 .../services/dashboard_permissions.py         | 43 +++++++++++++++++
 4 files changed, 77 insertions(+), 59 deletions(-)
 create mode 100644 backend/dataall/modules/dashboards/services/dashboard_permissions.py

diff --git a/backend/dataall/db/permissions.py b/backend/dataall/db/permissions.py
index 969509de7..e0ca1708b 100644
--- a/backend/dataall/db/permissions.py
+++ b/backend/dataall/db/permissions.py
@@ -23,7 +23,6 @@
 TENANT PERMISSIONS
 """
 MANAGE_REDSHIFT_CLUSTERS = 'MANAGE_REDSHIFT_CLUSTERS'
-MANAGE_DASHBOARDS = 'MANAGE_DASHBOARDS'
 MANAGE_PIPELINES = 'MANAGE_PIPELINES'
 MANAGE_GROUPS = 'MANAGE_GROUPS'
 MANAGE_ENVIRONMENT = 'MANAGE_ENVIRONMENT'
@@ -52,8 +51,6 @@
 LIST_ENVIRONMENT_REDSHIFT_CLUSTERS = 'LIST_ENVIRONMENT_REDSHIFT_CLUSTERS'
 CREATE_SGMSTUDIO_NOTEBOOK = 'CREATE_SGMSTUDIO_NOTEBOOK'
 LIST_ENVIRONMENT_SGMSTUDIO_NOTEBOOKS = 'LIST_ENVIRONMENT_SGMSTUDIO_NOTEBOOKS'
-CREATE_DASHBOARD = 'CREATE_DASHBOARD'
-LIST_ENVIRONMENT_DASHBOARDS = 'LIST_ENVIRONMENT_DASHBOARDS'
 CREATE_PIPELINE = 'CREATE_PIPELINE'
 LIST_PIPELINES = 'LIST_PIPELINES'
 CREATE_NETWORK = 'CREATE_NETWORK'
@@ -69,8 +66,6 @@
     LIST_ENVIRONMENT_REDSHIFT_CLUSTERS,
     CREATE_SGMSTUDIO_NOTEBOOK,
     LIST_ENVIRONMENT_SGMSTUDIO_NOTEBOOKS,
-    CREATE_DASHBOARD,
-    LIST_ENVIRONMENT_DASHBOARDS,
     INVITE_ENVIRONMENT_GROUP,
     ADD_ENVIRONMENT_CONSUMPTION_ROLES,
     CREATE_PIPELINE,
@@ -83,7 +78,6 @@
     ADD_ENVIRONMENT_CONSUMPTION_ROLES,
     CREATE_REDSHIFT_CLUSTER,
     CREATE_SGMSTUDIO_NOTEBOOK,
-    CREATE_DASHBOARD,
     CREATE_PIPELINE,
     CREATE_NETWORK,
 ]
@@ -105,8 +99,6 @@
     LIST_ENVIRONMENT_REDSHIFT_CLUSTERS,
     CREATE_SGMSTUDIO_NOTEBOOK,
     LIST_ENVIRONMENT_SGMSTUDIO_NOTEBOOKS,
-    CREATE_DASHBOARD,
-    LIST_ENVIRONMENT_DASHBOARDS,
     CREATE_PIPELINE,
     LIST_PIPELINES,
     CREATE_NETWORK,
@@ -145,7 +137,6 @@
 
 TENANT_ALL = [
     MANAGE_REDSHIFT_CLUSTERS,
-    MANAGE_DASHBOARDS,
     MANAGE_PIPELINES,
     MANAGE_GLOSSARIES,
     MANAGE_GROUPS,
@@ -155,7 +146,6 @@
 ]
 
 TENANT_ALL_WITH_DESC = {k: k for k in TENANT_ALL}
-TENANT_ALL_WITH_DESC[MANAGE_DASHBOARDS] = 'Manage dashboards'
 TENANT_ALL_WITH_DESC[MANAGE_REDSHIFT_CLUSTERS] = 'Manage Redshift clusters'
 TENANT_ALL_WITH_DESC[MANAGE_GLOSSARIES] = 'Manage glossaries'
 TENANT_ALL_WITH_DESC[MANAGE_ENVIRONMENTS] = 'Manage environments'
@@ -208,22 +198,6 @@
     SGMSTUDIO_NOTEBOOK_URL,
 ]
 
-"""
-DASHBOARDS
-"""
-GET_DASHBOARD = 'GET_DASHBOARD'
-UPDATE_DASHBOARD = 'UPDATE_DASHBOARD'
-DELETE_DASHBOARD = 'DELETE_DASHBOARD'
-DASHBOARD_URL = 'DASHBOARD_URL'
-SHARE_DASHBOARD = 'SHARE_DASHBOARD'
-DASHBOARD_ALL = [
-    GET_DASHBOARD,
-    UPDATE_DASHBOARD,
-    DELETE_DASHBOARD,
-    DASHBOARD_URL,
-    SHARE_DASHBOARD,
-]
-
 """
 PIPELINES
 """
@@ -260,13 +234,11 @@
     + REDSHIFT_CLUSTER_ALL
     + GLOSSARY_ALL
     + SGMSTUDIO_NOTEBOOK_ALL
-    + DASHBOARD_ALL
     + PIPELINE_ALL
     + NETWORK_ALL
 )
 
 RESOURCES_ALL_WITH_DESC = {k: k for k in RESOURCES_ALL}
-RESOURCES_ALL_WITH_DESC[CREATE_DASHBOARD] = 'Create dashboards on this environment'
 RESOURCES_ALL_WITH_DESC[CREATE_REDSHIFT_CLUSTER] = 'Create Redshift clusters on this environment'
 RESOURCES_ALL_WITH_DESC[CREATE_SGMSTUDIO_NOTEBOOK] = 'Create ML Studio profiles on this environment'
 RESOURCES_ALL_WITH_DESC[INVITE_ENVIRONMENT_GROUP] = 'Invite other teams to this environment'
diff --git a/backend/dataall/modules/dashboards/api/resolvers.py b/backend/dataall/modules/dashboards/api/resolvers.py
index 5545cf219..9b1ed5d5e 100644
--- a/backend/dataall/modules/dashboards/api/resolvers.py
+++ b/backend/dataall/modules/dashboards/api/resolvers.py
@@ -4,10 +4,11 @@
 from dataall.api.context import Context
 from dataall.aws.handlers.quicksight import Quicksight
 from dataall.aws.handlers.parameter_store import ParameterStoreManager
-from dataall.db import permissions, models
+from dataall.db import models
 from dataall.db.api import ResourcePolicy, Glossary, Vote
 from dataall.modules.dashboards.db.dashboard_repository import DashboardRepository
 from dataall.modules.dashboards.db.models import Dashboard
+from dataall.modules.dashboards.services.dashboard_permissions import GET_DASHBOARD, CREATE_DASHBOARD
 from dataall.utils import Parameter
 from dataall.modules.dashboards.indexers.dashboard_indexer import DashboardIndexer
 
@@ -28,11 +29,11 @@ def get_quicksight_reader_url(context, source, dashboardUri: str = None):
             username=context.username,
             groups=context.groups,
             resource_uri=dash.dashboardUri,
-            permission_name=permissions.GET_DASHBOARD,
+            permission_name=GET_DASHBOARD,
         )
         if not env.dashboardsEnabled:
             raise db.exceptions.UnauthorizedOperation(
-                action=permissions.GET_DASHBOARD,
+                action=GET_DASHBOARD,
                 message=f'Dashboards feature is disabled for the environment {env.label}',
             )
         if dash.SamlGroupName in context.groups:
@@ -52,7 +53,7 @@ def get_quicksight_reader_url(context, source, dashboardUri: str = None):
             )
             if not shared_groups:
                 raise db.exceptions.UnauthorizedOperation(
-                    action=permissions.GET_DASHBOARD,
+                    action=GET_DASHBOARD,
                     message='Dashboard has not been shared with your Teams',
                 )
 
@@ -87,12 +88,12 @@ def get_quicksight_designer_url(
             username=context.username,
             groups=context.groups,
             resource_uri=environmentUri,
-            permission_name=permissions.CREATE_DASHBOARD,
+            permission_name=CREATE_DASHBOARD,
         )
         env: models.Environment = session.query(models.Environment).get(environmentUri)
         if not env.dashboardsEnabled:
             raise db.exceptions.UnauthorizedOperation(
-                action=permissions.CREATE_DASHBOARD,
+                action=CREATE_DASHBOARD,
                 message=f'Dashboards feature is disabled for the environment {env.label}',
             )
 
@@ -113,7 +114,7 @@ def import_dashboard(context: Context, source, input: dict = None):
             username=context.username,
             groups=context.groups,
             resource_uri=input['environmentUri'],
-            permission_name=permissions.CREATE_DASHBOARD,
+            permission_name=CREATE_DASHBOARD,
         )
         env: models.Environment = db.api.Environment.get_environment_by_uri(
             session, input['environmentUri']
@@ -121,7 +122,7 @@ def import_dashboard(context: Context, source, input: dict = None):
 
         if not env.dashboardsEnabled:
             raise db.exceptions.UnauthorizedOperation(
-                action=permissions.CREATE_DASHBOARD,
+                action=CREATE_DASHBOARD,
                 message=f'Dashboards feature is disabled for the environment {env.label}',
             )
 
@@ -134,7 +135,7 @@ def import_dashboard(context: Context, source, input: dict = None):
 
         if not can_import:
             raise db.exceptions.UnauthorizedOperation(
-                action=permissions.CREATE_DASHBOARD,
+                action=CREATE_DASHBOARD,
                 message=f'User: {context.username} has not AUTHOR rights on quicksight for the environment {env.label}',
             )
 
diff --git a/backend/dataall/modules/dashboards/db/dashboard_repository.py b/backend/dataall/modules/dashboards/db/dashboard_repository.py
index ac8cdd069..7ba72c86a 100644
--- a/backend/dataall/modules/dashboards/db/dashboard_repository.py
+++ b/backend/dataall/modules/dashboards/db/dashboard_repository.py
@@ -4,7 +4,7 @@
 from sqlalchemy.orm import Query
 
 from dataall.core.group.services.group_resource_manager import EnvironmentResource
-from dataall.db import models, exceptions, permissions, paginate
+from dataall.db import models, exceptions, paginate
 from dataall.db.api import (
     Environment,
     has_tenant_perm,
@@ -14,6 +14,8 @@
     Vote,
 )
 from dataall.modules.dashboards.db.models import DashboardShare, DashboardShareStatus, Dashboard
+from dataall.modules.dashboards.services.dashboard_permissions import MANAGE_DASHBOARDS, CREATE_DASHBOARD, \
+    DASHBOARD_ALL, GET_DASHBOARD, SHARE_DASHBOARD, UPDATE_DASHBOARD
 
 logger = logging.getLogger(__name__)
 
@@ -33,8 +35,8 @@ def count_resources(session, environment, group_uri) -> int:
         )
 
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_DASHBOARDS)
-    @has_resource_perm(permissions.CREATE_DASHBOARD)
+    @has_tenant_perm(MANAGE_DASHBOARDS)
+    @has_resource_perm(CREATE_DASHBOARD)
     def import_dashboard(
         session,
         username: str,
@@ -60,7 +62,7 @@ def import_dashboard(
             groups=groups,
             uri=uri,
             group=data['SamlGroupName'],
-            permission_name=permissions.CREATE_DASHBOARD,
+            permission_name=CREATE_DASHBOARD,
         )
 
         env: models.Environment = data.get(
@@ -110,7 +112,7 @@ def set_dashboard_resource_policy(session, environment, dashboard, group):
         ResourcePolicy.attach_resource_policy(
             session=session,
             group=group,
-            permissions=permissions.DASHBOARD_ALL,
+            permissions=DASHBOARD_ALL,
             resource_uri=dashboard.dashboardUri,
             resource_type=Dashboard.__name__,
         )
@@ -118,14 +120,14 @@ def set_dashboard_resource_policy(session, environment, dashboard, group):
             ResourcePolicy.attach_resource_policy(
                 session=session,
                 group=environment.SamlGroupName,
-                permissions=permissions.DASHBOARD_ALL,
+                permissions=DASHBOARD_ALL,
                 resource_uri=dashboard.dashboardUri,
                 resource_type=Dashboard.__name__,
             )
 
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_DASHBOARDS)
-    @has_resource_perm(permissions.GET_DASHBOARD)
+    @has_tenant_perm(MANAGE_DASHBOARDS)
+    @has_resource_perm(GET_DASHBOARD)
     def get_dashboard(
         session,
         username: str,
@@ -229,8 +231,8 @@ def query_all_user_groups_shareddashboard(session, username, groups, uri) -> Que
         ]
 
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_DASHBOARDS)
-    @has_resource_perm(permissions.SHARE_DASHBOARD)
+    @has_tenant_perm(MANAGE_DASHBOARDS)
+    @has_resource_perm(SHARE_DASHBOARD)
     def paginated_dashboard_shares(
         session, username, groups, uri, data=None, check_perm=None
     ) -> dict:
@@ -243,8 +245,8 @@ def paginated_dashboard_shares(
         ).to_dict()
 
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_DASHBOARDS)
-    @has_resource_perm(permissions.UPDATE_DASHBOARD)
+    @has_tenant_perm(MANAGE_DASHBOARDS)
+    @has_resource_perm(UPDATE_DASHBOARD)
     def update_dashboard(
         session,
         username: str,
@@ -295,7 +297,7 @@ def delete_dashboard(
         return True
 
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_DASHBOARDS)
+    @has_tenant_perm(MANAGE_DASHBOARDS)
     def request_dashboard_share(
         session,
         username: str,
@@ -307,7 +309,7 @@ def request_dashboard_share(
         dashboard = DashboardRepository.get_dashboard_by_uri(session, uri)
         if dashboard.SamlGroupName == data['principalId']:
             raise exceptions.UnauthorizedOperation(
-                action=permissions.CREATE_DASHBOARD,
+                action=CREATE_DASHBOARD,
                 message=f'Team {dashboard.SamlGroupName} is the owner of the dashboard {dashboard.label}',
             )
         share: DashboardShare = (
@@ -339,8 +341,8 @@ def request_dashboard_share(
         return share
 
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_DASHBOARDS)
-    @has_resource_perm(permissions.SHARE_DASHBOARD)
+    @has_tenant_perm(MANAGE_DASHBOARDS)
+    @has_resource_perm(SHARE_DASHBOARD)
     def approve_dashboard_share(
         session,
         username: str,
@@ -368,7 +370,7 @@ def approve_dashboard_share(
         ResourcePolicy.attach_resource_policy(
             session=session,
             group=share.SamlGroupName,
-            permissions=[permissions.GET_DASHBOARD],
+            permissions=[GET_DASHBOARD],
             resource_uri=share.dashboardUri,
             resource_type=Dashboard.__name__,
         )
@@ -376,8 +378,8 @@ def approve_dashboard_share(
         return share
 
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_DASHBOARDS)
-    @has_resource_perm(permissions.SHARE_DASHBOARD)
+    @has_tenant_perm(MANAGE_DASHBOARDS)
+    @has_resource_perm(SHARE_DASHBOARD)
     def reject_dashboard_share(
         session,
         username: str,
@@ -412,8 +414,8 @@ def reject_dashboard_share(
         return share
 
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_DASHBOARDS)
-    @has_resource_perm(permissions.SHARE_DASHBOARD)
+    @has_tenant_perm(MANAGE_DASHBOARDS)
+    @has_resource_perm(SHARE_DASHBOARD)
     def share_dashboard(
         session,
         username: str,
@@ -434,7 +436,7 @@ def share_dashboard(
         ResourcePolicy.attach_resource_policy(
             session=session,
             group=data['principalId'],
-            permissions=[permissions.GET_DASHBOARD],
+            permissions=[GET_DASHBOARD],
             resource_uri=dashboard.dashboardUri,
             resource_type=Dashboard.__name__,
         )
diff --git a/backend/dataall/modules/dashboards/services/dashboard_permissions.py b/backend/dataall/modules/dashboards/services/dashboard_permissions.py
new file mode 100644
index 000000000..ac09a7780
--- /dev/null
+++ b/backend/dataall/modules/dashboards/services/dashboard_permissions.py
@@ -0,0 +1,43 @@
+from dataall.db.permissions import ENVIRONMENT_INVITED, ENVIRONMENT_INVITATION_REQUEST, ENVIRONMENT_ALL, TENANT_ALL, \
+    TENANT_ALL_WITH_DESC, RESOURCES_ALL, RESOURCES_ALL_WITH_DESC
+
+"""
+DASHBOARDS
+"""
+GET_DASHBOARD = 'GET_DASHBOARD'
+UPDATE_DASHBOARD = 'UPDATE_DASHBOARD'
+DELETE_DASHBOARD = 'DELETE_DASHBOARD'
+DASHBOARD_URL = 'DASHBOARD_URL'
+SHARE_DASHBOARD = 'SHARE_DASHBOARD'
+DASHBOARD_ALL = [
+    GET_DASHBOARD,
+    UPDATE_DASHBOARD,
+    DELETE_DASHBOARD,
+    DASHBOARD_URL,
+    SHARE_DASHBOARD,
+]
+
+RESOURCES_ALL.extend(DASHBOARD_ALL)
+for perm in DASHBOARD_ALL:
+    RESOURCES_ALL_WITH_DESC[perm] = perm
+
+"""
+TENANT PERMISSIONS
+"""
+MANAGE_DASHBOARDS = 'MANAGE_DASHBOARDS'
+
+TENANT_ALL.append(MANAGE_DASHBOARDS)
+TENANT_ALL_WITH_DESC[MANAGE_DASHBOARDS] = 'Manage dashboards'
+
+
+"""
+ENVIRONMENT PERMISSIONS
+"""
+CREATE_DASHBOARD = 'CREATE_DASHBOARD'
+
+
+ENVIRONMENT_INVITED.append(CREATE_DASHBOARD)
+ENVIRONMENT_INVITATION_REQUEST.append(CREATE_DASHBOARD)
+ENVIRONMENT_ALL.append(CREATE_DASHBOARD)
+RESOURCES_ALL.append(CREATE_DASHBOARD)
+RESOURCES_ALL_WITH_DESC[CREATE_DASHBOARD] = 'Create dashboards on this environment'

From f14d78997f41767a40cd0347ee502d6f3319a834 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 25 May 2023 16:03:09 +0200
Subject: [PATCH 239/346] Migrated dashboards to a new API for permission check

---
 .../dashboards/db/dashboard_repository.py     | 33 +++++++++----------
 1 file changed, 16 insertions(+), 17 deletions(-)

diff --git a/backend/dataall/modules/dashboards/db/dashboard_repository.py b/backend/dataall/modules/dashboards/db/dashboard_repository.py
index 7ba72c86a..ee2c46ffc 100644
--- a/backend/dataall/modules/dashboards/db/dashboard_repository.py
+++ b/backend/dataall/modules/dashboards/db/dashboard_repository.py
@@ -4,11 +4,10 @@
 from sqlalchemy.orm import Query
 
 from dataall.core.group.services.group_resource_manager import EnvironmentResource
+from dataall.core.permission_checker import has_tenant_permission, has_resource_permission
 from dataall.db import models, exceptions, paginate
 from dataall.db.api import (
     Environment,
-    has_tenant_perm,
-    has_resource_perm,
     ResourcePolicy,
     Glossary,
     Vote,
@@ -35,8 +34,8 @@ def count_resources(session, environment, group_uri) -> int:
         )
 
     @staticmethod
-    @has_tenant_perm(MANAGE_DASHBOARDS)
-    @has_resource_perm(CREATE_DASHBOARD)
+    @has_tenant_permission(MANAGE_DASHBOARDS)
+    @has_resource_permission(CREATE_DASHBOARD)
     def import_dashboard(
         session,
         username: str,
@@ -126,8 +125,8 @@ def set_dashboard_resource_policy(session, environment, dashboard, group):
             )
 
     @staticmethod
-    @has_tenant_perm(MANAGE_DASHBOARDS)
-    @has_resource_perm(GET_DASHBOARD)
+    @has_tenant_permission(MANAGE_DASHBOARDS)
+    @has_resource_permission(GET_DASHBOARD)
     def get_dashboard(
         session,
         username: str,
@@ -231,8 +230,8 @@ def query_all_user_groups_shareddashboard(session, username, groups, uri) -> Que
         ]
 
     @staticmethod
-    @has_tenant_perm(MANAGE_DASHBOARDS)
-    @has_resource_perm(SHARE_DASHBOARD)
+    @has_tenant_permission(MANAGE_DASHBOARDS)
+    @has_resource_permission(SHARE_DASHBOARD)
     def paginated_dashboard_shares(
         session, username, groups, uri, data=None, check_perm=None
     ) -> dict:
@@ -245,8 +244,8 @@ def paginated_dashboard_shares(
         ).to_dict()
 
     @staticmethod
-    @has_tenant_perm(MANAGE_DASHBOARDS)
-    @has_resource_perm(UPDATE_DASHBOARD)
+    @has_tenant_permission(MANAGE_DASHBOARDS)
+    @has_resource_permission(UPDATE_DASHBOARD)
     def update_dashboard(
         session,
         username: str,
@@ -297,7 +296,7 @@ def delete_dashboard(
         return True
 
     @staticmethod
-    @has_tenant_perm(MANAGE_DASHBOARDS)
+    @has_tenant_permission(MANAGE_DASHBOARDS)
     def request_dashboard_share(
         session,
         username: str,
@@ -341,8 +340,8 @@ def request_dashboard_share(
         return share
 
     @staticmethod
-    @has_tenant_perm(MANAGE_DASHBOARDS)
-    @has_resource_perm(SHARE_DASHBOARD)
+    @has_tenant_permission(MANAGE_DASHBOARDS)
+    @has_resource_permission(SHARE_DASHBOARD)
     def approve_dashboard_share(
         session,
         username: str,
@@ -378,8 +377,8 @@ def approve_dashboard_share(
         return share
 
     @staticmethod
-    @has_tenant_perm(MANAGE_DASHBOARDS)
-    @has_resource_perm(SHARE_DASHBOARD)
+    @has_tenant_permission(MANAGE_DASHBOARDS)
+    @has_resource_permission(SHARE_DASHBOARD)
     def reject_dashboard_share(
         session,
         username: str,
@@ -414,8 +413,8 @@ def reject_dashboard_share(
         return share
 
     @staticmethod
-    @has_tenant_perm(MANAGE_DASHBOARDS)
-    @has_resource_perm(SHARE_DASHBOARD)
+    @has_tenant_permission(MANAGE_DASHBOARDS)
+    @has_resource_permission(SHARE_DASHBOARD)
     def share_dashboard(
         session,
         username: str,

From ecb16b8e03d129f2100fec9f71fe6e8133f68b80 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 25 May 2023 18:01:38 +0200
Subject: [PATCH 240/346] Removed unused parameters

---
 .../modules/dashboards/api/resolvers.py       | 64 +++++--------
 .../dashboards/db/dashboard_repository.py     | 93 ++++---------------
 2 files changed, 41 insertions(+), 116 deletions(-)

diff --git a/backend/dataall/modules/dashboards/api/resolvers.py b/backend/dataall/modules/dashboards/api/resolvers.py
index 9b1ed5d5e..f18ac9d4d 100644
--- a/backend/dataall/modules/dashboards/api/resolvers.py
+++ b/backend/dataall/modules/dashboards/api/resolvers.py
@@ -6,8 +6,9 @@
 from dataall.aws.handlers.parameter_store import ParameterStoreManager
 from dataall.db import models
 from dataall.db.api import ResourcePolicy, Glossary, Vote
+from dataall.db.exceptions import InvalidInput
 from dataall.modules.dashboards.db.dashboard_repository import DashboardRepository
-from dataall.modules.dashboards.db.models import Dashboard
+from dataall.modules.dashboards.db.models import Dashboard, DashboardShareStatus
 from dataall.modules.dashboards.services.dashboard_permissions import GET_DASHBOARD, CREATE_DASHBOARD
 from dataall.utils import Parameter
 from dataall.modules.dashboards.indexers.dashboard_indexer import DashboardIndexer
@@ -47,7 +48,6 @@ def get_quicksight_reader_url(context, source, dashboardUri: str = None):
         else:
             shared_groups = DashboardRepository.query_all_user_groups_shareddashboard(
                 session=session,
-                username=context.username,
                 groups=context.groups,
                 uri=dashboardUri
             )
@@ -146,7 +146,6 @@ def import_dashboard(context: Context, source, input: dict = None):
             groups=context.groups,
             uri=env.environmentUri,
             data=input,
-            check_perm=True,
         )
 
         DashboardIndexer.upsert(session, dashboard_uri=dashboard.dashboardUri)
@@ -159,14 +158,12 @@ def update_dashboard(context, source, input: dict = None):
         dashboard = DashboardRepository.get_dashboard_by_uri(
             session, input['dashboardUri']
         )
-        input['dashboard'] = dashboard
         DashboardRepository.update_dashboard(
             session=session,
             username=context.username,
-            groups=context.groups,
             uri=dashboard.dashboardUri,
-            data=input,
-            check_perm=True,
+            dashboard=dashboard,
+            data=input
         )
 
         DashboardIndexer.upsert(session, dashboard_uri=dashboard.dashboardUri)
@@ -182,22 +179,13 @@ def list_dashboards(context: Context, source, filter: dict = None):
             session=session,
             username=context.username,
             groups=context.groups,
-            uri=None,
             data=filter,
-            check_perm=True,
         )
 
 
 def get_dashboard(context: Context, source, dashboardUri: str = None):
     with context.engine.scoped_session() as session:
-        return DashboardRepository.get_dashboard(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            uri=dashboardUri,
-            data=None,
-            check_perm=True,
-        )
+        return DashboardRepository.get_dashboard(session=session, uri=dashboardUri)
 
 
 def resolve_user_role(context: Context, source: Dashboard):
@@ -224,10 +212,8 @@ def request_dashboard_share(
         return DashboardRepository.request_dashboard_share(
             session=session,
             username=context.username,
-            groups=context.groups,
             uri=dashboardUri,
-            data={'principalId': principalId},
-            check_perm=True,
+            principal_id=principalId,
         )
 
 
@@ -238,14 +224,18 @@ def approve_dashboard_share(
 ):
     with context.engine.scoped_session() as session:
         share = DashboardRepository.get_dashboard_share_by_uri(session, shareUri)
+        if share.status not in DashboardShareStatus.__members__:
+            raise InvalidInput(
+                'Share status',
+                share.status,
+                str(DashboardShareStatus.__members__),
+            )
+
         dashboard = DashboardRepository.get_dashboard_by_uri(session, share.dashboardUri)
         return DashboardRepository.approve_dashboard_share(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=dashboard.dashboardUri,
-            data={'share': share, 'shareUri': shareUri},
-            check_perm=True,
+            share=share
         )
 
 
@@ -256,14 +246,18 @@ def reject_dashboard_share(
 ):
     with context.engine.scoped_session() as session:
         share = DashboardRepository.get_dashboard_share_by_uri(session, shareUri)
+        if share.status not in DashboardShareStatus.__members__:
+            raise InvalidInput(
+                'Share status',
+                share.status,
+                str(DashboardShareStatus.__members__),
+            )
+
         dashboard = DashboardRepository.get_dashboard_by_uri(session, share.dashboardUri)
         return DashboardRepository.reject_dashboard_share(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=dashboard.dashboardUri,
-            data={'share': share, 'shareUri': shareUri},
-            check_perm=True,
+            share=share
         )
 
 
@@ -282,7 +276,6 @@ def list_dashboard_shares(
             groups=context.groups,
             uri=dashboardUri,
             data=filter,
-            check_perm=True,
         )
 
 
@@ -296,23 +289,14 @@ def share_dashboard(
         return DashboardRepository.share_dashboard(
             session=session,
             username=context.username,
-            groups=context.groups,
             uri=dashboardUri,
-            data={'principalId': principalId},
-            check_perm=True,
+            principal_id=principalId,
         )
 
 
 def delete_dashboard(context: Context, source, dashboardUri: str = None):
     with context.engine.scoped_session() as session:
-        DashboardRepository.delete_dashboard(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            uri=dashboardUri,
-            data=None,
-            check_perm=True,
-        )
+        DashboardRepository.delete_dashboard(session=session, uri=dashboardUri)
         DashboardIndexer.delete_doc(doc_id=dashboardUri)
         return True
 
diff --git a/backend/dataall/modules/dashboards/db/dashboard_repository.py b/backend/dataall/modules/dashboards/db/dashboard_repository.py
index ee2c46ffc..cf2492add 100644
--- a/backend/dataall/modules/dashboards/db/dashboard_repository.py
+++ b/backend/dataall/modules/dashboards/db/dashboard_repository.py
@@ -42,7 +42,6 @@ def import_dashboard(
         groups: [str],
         uri: str,
         data: dict = None,
-        check_perm: bool = False,
     ) -> Dashboard:
         if not data:
             raise exceptions.RequiredParameter(data)
@@ -127,14 +126,7 @@ def set_dashboard_resource_policy(session, environment, dashboard, group):
     @staticmethod
     @has_tenant_permission(MANAGE_DASHBOARDS)
     @has_resource_permission(GET_DASHBOARD)
-    def get_dashboard(
-        session,
-        username: str,
-        groups: [str],
-        uri: str,
-        data: dict = None,
-        check_perm: bool = False,
-    ) -> Dashboard:
+    def get_dashboard(session, uri: str) -> Dashboard:
         return DashboardRepository.get_dashboard_by_uri(session, uri)
 
     @staticmethod
@@ -175,7 +167,7 @@ def query_user_dashboards(session, username, groups, filter) -> Query:
 
     @staticmethod
     def paginated_user_dashboards(
-        session, username, groups, uri, data=None, check_perm=None
+        session, username, groups, data=None
     ) -> dict:
         return paginate(
             query=DashboardRepository.query_user_dashboards(session, username, groups, data),
@@ -213,7 +205,7 @@ def query_dashboard_shares(session, username, groups, uri, filter) -> Query:
         return query
 
     @staticmethod
-    def query_all_user_groups_shareddashboard(session, username, groups, uri) -> Query:
+    def query_all_user_groups_shareddashboard(session, groups, uri) -> [str]:
         query = (
             session.query(DashboardShare)
             .filter(
@@ -224,16 +216,13 @@ def query_all_user_groups_shareddashboard(session, username, groups, uri) -> Que
             )
         )
 
-        return [
-            share.SamlGroupName
-            for share in query.all()
-        ]
+        return [share.SamlGroupName for share in query.all()]
 
     @staticmethod
     @has_tenant_permission(MANAGE_DASHBOARDS)
     @has_resource_permission(SHARE_DASHBOARD)
     def paginated_dashboard_shares(
-        session, username, groups, uri, data=None, check_perm=None
+        session, username, groups, uri, data=None
     ) -> dict:
         return paginate(
             query=DashboardRepository.query_dashboard_shares(
@@ -249,17 +238,10 @@ def paginated_dashboard_shares(
     def update_dashboard(
         session,
         username: str,
-        groups: [str],
         uri: str,
+        dashboard: Dashboard,
         data: dict = None,
-        check_perm: bool = False,
     ) -> Dashboard:
-
-        dashboard = data.get(
-            'dashboard',
-            DashboardRepository.get_dashboard_by_uri(session, data['dashboardUri']),
-        )
-
         for k in data.keys():
             setattr(dashboard, k, data.get(k))
 
@@ -280,9 +262,8 @@ def update_dashboard(
         return dashboard
 
     @staticmethod
-    def delete_dashboard(
-        session, username, groups, uri, data=None, check_perm=None
-    ) -> bool:
+    def delete_dashboard(session, uri) -> bool:
+        # TODO THERE WAS NO PERMISSION CHECK
         dashboard = DashboardRepository.get_dashboard_by_uri(session, uri)
         session.delete(dashboard)
         ResourcePolicy.delete_resource_policy(
@@ -300,13 +281,11 @@ def delete_dashboard(
     def request_dashboard_share(
         session,
         username: str,
-        groups: [str],
         uri: str,
-        data: dict = None,
-        check_perm: bool = False,
+        principal_id: str
     ) -> DashboardShare:
         dashboard = DashboardRepository.get_dashboard_by_uri(session, uri)
-        if dashboard.SamlGroupName == data['principalId']:
+        if dashboard.SamlGroupName == principal_id:
             raise exceptions.UnauthorizedOperation(
                 action=CREATE_DASHBOARD,
                 message=f'Team {dashboard.SamlGroupName} is the owner of the dashboard {dashboard.label}',
@@ -315,7 +294,7 @@ def request_dashboard_share(
             session.query(DashboardShare)
             .filter(
                 DashboardShare.dashboardUri == uri,
-                DashboardShare.SamlGroupName == data['principalId'],
+                DashboardShare.SamlGroupName == principal_id,
             )
             .first()
         )
@@ -323,7 +302,7 @@ def request_dashboard_share(
             share = DashboardShare(
                 owner=username,
                 dashboardUri=dashboard.dashboardUri,
-                SamlGroupName=data['principalId'],
+                SamlGroupName=principal_id,
                 status=DashboardShareStatus.REQUESTED.value,
             )
             session.add(share)
@@ -342,25 +321,7 @@ def request_dashboard_share(
     @staticmethod
     @has_tenant_permission(MANAGE_DASHBOARDS)
     @has_resource_permission(SHARE_DASHBOARD)
-    def approve_dashboard_share(
-        session,
-        username: str,
-        groups: [str],
-        uri: str,
-        data: dict = None,
-        check_perm: bool = False,
-    ) -> DashboardShare:
-
-        share: DashboardShare = data.get(
-            'share', session.query(DashboardShare).get(data['shareUri'])
-        )
-
-        if share.status not in DashboardShareStatus.__members__:
-            raise exceptions.InvalidInput(
-                'Share status',
-                share.status,
-                str(DashboardShareStatus.__members__),
-            )
+    def approve_dashboard_share(session, uri: str, share) -> DashboardShare:
         if share.status == DashboardShareStatus.APPROVED.value:
             return share
 
@@ -379,25 +340,7 @@ def approve_dashboard_share(
     @staticmethod
     @has_tenant_permission(MANAGE_DASHBOARDS)
     @has_resource_permission(SHARE_DASHBOARD)
-    def reject_dashboard_share(
-        session,
-        username: str,
-        groups: [str],
-        uri: str,
-        data: dict = None,
-        check_perm: bool = False,
-    ) -> DashboardShare:
-
-        share: DashboardShare = data.get(
-            'share', session.query(DashboardShare).get(data['shareUri'])
-        )
-
-        if share.status not in DashboardShareStatus.__members__:
-            raise exceptions.InvalidInput(
-                'Share status',
-                share.status,
-                str(DashboardShareStatus.__members__),
-            )
+    def reject_dashboard_share( session, uri: str, share) -> DashboardShare:
         if share.status == DashboardShareStatus.REJECTED.value:
             return share
 
@@ -418,23 +361,21 @@ def reject_dashboard_share(
     def share_dashboard(
         session,
         username: str,
-        groups: [str],
         uri: str,
-        data: dict = None,
-        check_perm: bool = False,
+        principal_id: str
     ) -> DashboardShare:
 
         dashboard = DashboardRepository.get_dashboard_by_uri(session, uri)
         share = DashboardShare(
             owner=username,
             dashboardUri=dashboard.dashboardUri,
-            SamlGroupName=data['principalId'],
+            SamlGroupName=principal_id,
             status=DashboardShareStatus.APPROVED.value,
         )
         session.add(share)
         ResourcePolicy.attach_resource_policy(
             session=session,
-            group=data['principalId'],
+            group=principal_id,
             permissions=[GET_DASHBOARD],
             resource_uri=dashboard.dashboardUri,
             resource_type=Dashboard.__name__,

From dfa7b6d3b70e7d9103b566f1adde34b2277c08db Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 25 May 2023 18:03:53 +0200
Subject: [PATCH 241/346] Moved validation to resolvers.py

---
 backend/dataall/modules/dashboards/api/resolvers.py | 13 ++++++++++++-
 .../modules/dashboards/db/dashboard_repository.py   | 11 -----------
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/backend/dataall/modules/dashboards/api/resolvers.py b/backend/dataall/modules/dashboards/api/resolvers.py
index f18ac9d4d..f37766ce6 100644
--- a/backend/dataall/modules/dashboards/api/resolvers.py
+++ b/backend/dataall/modules/dashboards/api/resolvers.py
@@ -6,7 +6,7 @@
 from dataall.aws.handlers.parameter_store import ParameterStoreManager
 from dataall.db import models
 from dataall.db.api import ResourcePolicy, Glossary, Vote
-from dataall.db.exceptions import InvalidInput
+from dataall.db.exceptions import InvalidInput, RequiredParameter
 from dataall.modules.dashboards.db.dashboard_repository import DashboardRepository
 from dataall.modules.dashboards.db.models import Dashboard, DashboardShareStatus
 from dataall.modules.dashboards.services.dashboard_permissions import GET_DASHBOARD, CREATE_DASHBOARD
@@ -108,6 +108,17 @@ def get_quicksight_designer_url(
 
 
 def import_dashboard(context: Context, source, input: dict = None):
+    if not input:
+        raise RequiredParameter(input)
+    if not input.get('environmentUri'):
+        raise RequiredParameter('environmentUri')
+    if not input.get('SamlGroupName'):
+        raise RequiredParameter('group')
+    if not input.get('dashboardId'):
+        raise RequiredParameter('dashboardId')
+    if not input.get('label'):
+        raise RequiredParameter('label')
+
     with context.engine.scoped_session() as session:
         ResourcePolicy.check_user_resource_permission(
             session=session,
diff --git a/backend/dataall/modules/dashboards/db/dashboard_repository.py b/backend/dataall/modules/dashboards/db/dashboard_repository.py
index cf2492add..e668f6738 100644
--- a/backend/dataall/modules/dashboards/db/dashboard_repository.py
+++ b/backend/dataall/modules/dashboards/db/dashboard_repository.py
@@ -43,17 +43,6 @@ def import_dashboard(
         uri: str,
         data: dict = None,
     ) -> Dashboard:
-        if not data:
-            raise exceptions.RequiredParameter(data)
-        if not data.get('environmentUri'):
-            raise exceptions.RequiredParameter('environmentUri')
-        if not data.get('SamlGroupName'):
-            raise exceptions.RequiredParameter('group')
-        if not data.get('dashboardId'):
-            raise exceptions.RequiredParameter('dashboardId')
-        if not data.get('label'):
-            raise exceptions.RequiredParameter('label')
-
         Environment.check_group_environment_permission(
             session=session,
             username=username,

From 07e315522ffd989311b65484650a0ec1cb3c9a53 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 26 May 2023 12:05:01 +0200
Subject: [PATCH 242/346] Introduced DashboardShareService

---
 .../modules/dashboards/api/resolvers.py       |  74 ++---------
 .../dashboards/db/dashboard_repository.py     | 120 +++--------------
 .../services/dashboard_share_service.py       | 123 ++++++++++++++++++
 3 files changed, 153 insertions(+), 164 deletions(-)
 create mode 100644 backend/dataall/modules/dashboards/services/dashboard_share_service.py

diff --git a/backend/dataall/modules/dashboards/api/resolvers.py b/backend/dataall/modules/dashboards/api/resolvers.py
index f37766ce6..eb4a300eb 100644
--- a/backend/dataall/modules/dashboards/api/resolvers.py
+++ b/backend/dataall/modules/dashboards/api/resolvers.py
@@ -6,10 +6,11 @@
 from dataall.aws.handlers.parameter_store import ParameterStoreManager
 from dataall.db import models
 from dataall.db.api import ResourcePolicy, Glossary, Vote
-from dataall.db.exceptions import InvalidInput, RequiredParameter
+from dataall.db.exceptions import RequiredParameter
 from dataall.modules.dashboards.db.dashboard_repository import DashboardRepository
-from dataall.modules.dashboards.db.models import Dashboard, DashboardShareStatus
+from dataall.modules.dashboards.db.models import Dashboard
 from dataall.modules.dashboards.services.dashboard_permissions import GET_DASHBOARD, CREATE_DASHBOARD
+from dataall.modules.dashboards.services.dashboard_share_service import DashboardShareService
 from dataall.utils import Parameter
 from dataall.modules.dashboards.indexers.dashboard_indexer import DashboardIndexer
 
@@ -219,57 +220,15 @@ def request_dashboard_share(
     principalId: str = None,
     dashboardUri: str = None,
 ):
-    with context.engine.scoped_session() as session:
-        return DashboardRepository.request_dashboard_share(
-            session=session,
-            username=context.username,
-            uri=dashboardUri,
-            principal_id=principalId,
-        )
-
-
-def approve_dashboard_share(
-    context: Context,
-    source: Dashboard,
-    shareUri: str = None,
-):
-    with context.engine.scoped_session() as session:
-        share = DashboardRepository.get_dashboard_share_by_uri(session, shareUri)
-        if share.status not in DashboardShareStatus.__members__:
-            raise InvalidInput(
-                'Share status',
-                share.status,
-                str(DashboardShareStatus.__members__),
-            )
+    return DashboardShareService.request_dashboard_share(uri=dashboardUri, principal_id=principalId)
 
-        dashboard = DashboardRepository.get_dashboard_by_uri(session, share.dashboardUri)
-        return DashboardRepository.approve_dashboard_share(
-            session=session,
-            uri=dashboard.dashboardUri,
-            share=share
-        )
 
+def approve_dashboard_share(context: Context, source: Dashboard, shareUri: str = None):
+    return DashboardShareService.approve_dashboard_share(uri=shareUri)
 
-def reject_dashboard_share(
-    context: Context,
-    source: Dashboard,
-    shareUri: str = None,
-):
-    with context.engine.scoped_session() as session:
-        share = DashboardRepository.get_dashboard_share_by_uri(session, shareUri)
-        if share.status not in DashboardShareStatus.__members__:
-            raise InvalidInput(
-                'Share status',
-                share.status,
-                str(DashboardShareStatus.__members__),
-            )
 
-        dashboard = DashboardRepository.get_dashboard_by_uri(session, share.dashboardUri)
-        return DashboardRepository.reject_dashboard_share(
-            session=session,
-            uri=dashboard.dashboardUri,
-            share=share
-        )
+def reject_dashboard_share(context: Context,source: Dashboard, shareUri: str = None):
+    return DashboardShareService.reject_dashboard_share(uri=shareUri)
 
 
 def list_dashboard_shares(
@@ -280,14 +239,7 @@ def list_dashboard_shares(
 ):
     if not filter:
         filter = {}
-    with context.engine.scoped_session() as session:
-        return DashboardRepository.paginated_dashboard_shares(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            uri=dashboardUri,
-            data=filter,
-        )
+    return DashboardShareService.list_dashboard_shares(uri=dashboardUri, data=filter)
 
 
 def share_dashboard(
@@ -296,13 +248,7 @@ def share_dashboard(
     principalId: str = None,
     dashboardUri: str = None,
 ):
-    with context.engine.scoped_session() as session:
-        return DashboardRepository.share_dashboard(
-            session=session,
-            username=context.username,
-            uri=dashboardUri,
-            principal_id=principalId,
-        )
+    return DashboardShareService.share_dashboard(uri=dashboardUri, principal_id=principalId)
 
 
 def delete_dashboard(context: Context, source, dashboardUri: str = None):
diff --git a/backend/dataall/modules/dashboards/db/dashboard_repository.py b/backend/dataall/modules/dashboards/db/dashboard_repository.py
index e668f6738..d25dc65c4 100644
--- a/backend/dataall/modules/dashboards/db/dashboard_repository.py
+++ b/backend/dataall/modules/dashboards/db/dashboard_repository.py
@@ -126,7 +126,7 @@ def get_dashboard_by_uri(session, uri) -> Dashboard:
         return dashboard
 
     @staticmethod
-    def query_user_dashboards(session, username, groups, filter) -> Query:
+    def _query_user_dashboards(session, username, groups, filter) -> Query:
         query = (
             session.query(Dashboard)
             .outerjoin(
@@ -159,13 +159,13 @@ def paginated_user_dashboards(
         session, username, groups, data=None
     ) -> dict:
         return paginate(
-            query=DashboardRepository.query_user_dashboards(session, username, groups, data),
+            query=DashboardRepository._query_user_dashboards(session, username, groups, data),
             page=data.get('page', 1),
             page_size=data.get('pageSize', 10),
         ).to_dict()
 
     @staticmethod
-    def query_dashboard_shares(session, username, groups, uri, filter) -> Query:
+    def _query_dashboard_shares(session, username, groups, uri, filter) -> Query:
         query = (
             session.query(DashboardShare)
             .join(
@@ -208,13 +208,11 @@ def query_all_user_groups_shareddashboard(session, groups, uri) -> [str]:
         return [share.SamlGroupName for share in query.all()]
 
     @staticmethod
-    @has_tenant_permission(MANAGE_DASHBOARDS)
-    @has_resource_permission(SHARE_DASHBOARD)
     def paginated_dashboard_shares(
         session, username, groups, uri, data=None
     ) -> dict:
         return paginate(
-            query=DashboardRepository.query_dashboard_shares(
+            query=DashboardRepository._query_dashboard_shares(
                 session, username, groups, uri, data
             ),
             page=data.get('page', 1),
@@ -266,109 +264,20 @@ def delete_dashboard(session, uri) -> bool:
         return True
 
     @staticmethod
-    @has_tenant_permission(MANAGE_DASHBOARDS)
-    def request_dashboard_share(
-        session,
-        username: str,
-        uri: str,
-        principal_id: str
-    ) -> DashboardShare:
-        dashboard = DashboardRepository.get_dashboard_by_uri(session, uri)
-        if dashboard.SamlGroupName == principal_id:
-            raise exceptions.UnauthorizedOperation(
-                action=CREATE_DASHBOARD,
-                message=f'Team {dashboard.SamlGroupName} is the owner of the dashboard {dashboard.label}',
-            )
-        share: DashboardShare = (
-            session.query(DashboardShare)
-            .filter(
-                DashboardShare.dashboardUri == uri,
-                DashboardShare.SamlGroupName == principal_id,
-            )
-            .first()
-        )
-        if not share:
-            share = DashboardShare(
-                owner=username,
-                dashboardUri=dashboard.dashboardUri,
-                SamlGroupName=principal_id,
-                status=DashboardShareStatus.REQUESTED.value,
-            )
-            session.add(share)
-        else:
-            if share.status not in DashboardShareStatus.__members__:
-                raise exceptions.InvalidInput(
-                    'Share status',
-                    share.status,
-                    str(DashboardShareStatus.__members__),
-                )
-            if share.status == 'REJECTED':
-                share.status = 'REQUESTED'
-
-        return share
-
-    @staticmethod
-    @has_tenant_permission(MANAGE_DASHBOARDS)
-    @has_resource_permission(SHARE_DASHBOARD)
-    def approve_dashboard_share(session, uri: str, share) -> DashboardShare:
-        if share.status == DashboardShareStatus.APPROVED.value:
-            return share
-
-        share.status = DashboardShareStatus.APPROVED.value
-
-        ResourcePolicy.attach_resource_policy(
-            session=session,
-            group=share.SamlGroupName,
-            permissions=[GET_DASHBOARD],
-            resource_uri=share.dashboardUri,
-            resource_type=Dashboard.__name__,
-        )
-
-        return share
-
-    @staticmethod
-    @has_tenant_permission(MANAGE_DASHBOARDS)
-    @has_resource_permission(SHARE_DASHBOARD)
-    def reject_dashboard_share( session, uri: str, share) -> DashboardShare:
-        if share.status == DashboardShareStatus.REJECTED.value:
-            return share
-
-        share.status = DashboardShareStatus.REJECTED.value
-
-        ResourcePolicy.delete_resource_policy(
-            session=session,
-            group=share.SamlGroupName,
-            resource_uri=share.dashboardUri,
-            resource_type=Dashboard.__name__,
-        )
-
-        return share
-
-    @staticmethod
-    @has_tenant_permission(MANAGE_DASHBOARDS)
-    @has_resource_permission(SHARE_DASHBOARD)
-    def share_dashboard(
+    def create_share(
         session,
         username: str,
-        uri: str,
-        principal_id: str
+        dashboard: Dashboard,
+        principal_id: str,
+        init_status: DashboardShareStatus = DashboardShareStatus.REQUESTED
     ) -> DashboardShare:
-
-        dashboard = DashboardRepository.get_dashboard_by_uri(session, uri)
         share = DashboardShare(
             owner=username,
             dashboardUri=dashboard.dashboardUri,
             SamlGroupName=principal_id,
-            status=DashboardShareStatus.APPROVED.value,
+            status=init_status.value,
         )
         session.add(share)
-        ResourcePolicy.attach_resource_policy(
-            session=session,
-            group=principal_id,
-            permissions=[GET_DASHBOARD],
-            resource_uri=dashboard.dashboardUri,
-            resource_type=Dashboard.__name__,
-        )
         return share
 
     @staticmethod
@@ -377,3 +286,14 @@ def get_dashboard_share_by_uri(session, uri) -> DashboardShare:
         if not share:
             raise exceptions.ObjectNotFound('DashboardShare', uri)
         return share
+
+    @staticmethod
+    def find_share_for_group(session, dashboard_uri, group) -> DashboardShare:
+        return (
+            session.query(DashboardShare)
+            .filter(
+                DashboardShare.dashboardUri == dashboard_uri,
+                DashboardShare.SamlGroupName == group,
+            )
+            .first()
+        )
diff --git a/backend/dataall/modules/dashboards/services/dashboard_share_service.py b/backend/dataall/modules/dashboards/services/dashboard_share_service.py
new file mode 100644
index 000000000..445a28285
--- /dev/null
+++ b/backend/dataall/modules/dashboards/services/dashboard_share_service.py
@@ -0,0 +1,123 @@
+from dataall.core.context import get_context
+from dataall.core.permission_checker import has_tenant_permission, has_resource_permission
+from dataall.db.api import ResourcePolicy
+from dataall.db.exceptions import InvalidInput, UnauthorizedOperation
+from dataall.modules.dashboards import DashboardRepository
+from dataall.modules.dashboards.db.models import DashboardShareStatus, Dashboard
+from dataall.modules.dashboards.services.dashboard_permissions import SHARE_DASHBOARD, MANAGE_DASHBOARDS, GET_DASHBOARD, \
+    CREATE_DASHBOARD
+
+
+class DashboardShareService:
+    @staticmethod
+    def _get_dashboard_uri_by_share_uri(session, uri):
+        share = DashboardRepository.get_dashboard_share_by_uri(session, uri)
+        dashboard = DashboardRepository.get_dashboard_by_uri(session, share.dashboardUri)
+        return dashboard.dashboardUri
+
+    @staticmethod
+    @has_tenant_permission(MANAGE_DASHBOARDS)
+    def request_dashboard_share(uri: str, principal_id: str):
+        context = get_context()
+        with context.db_engine.scoped_session() as session:
+            dashboard = DashboardRepository.get_dashboard_by_uri(session, uri)
+            if dashboard.SamlGroupName == principal_id:
+                raise UnauthorizedOperation(
+                    action=CREATE_DASHBOARD,
+                    message=f'Team {dashboard.SamlGroupName} is the owner of the dashboard {dashboard.label}',
+                )
+
+            share = DashboardRepository.find_share_for_group(session, dashboard.dashboardUri, principal_id)
+            if not share:
+                DashboardRepository.create_share(session, context.username, dashboard, principal_id)
+            else:
+                DashboardShareService._check_stare_status(share)
+
+                if share.status == DashboardShareStatus.REJECTED.value:
+                    share.status = DashboardShareStatus.REQUESTED.value
+
+            return share
+
+    @staticmethod
+    @has_tenant_permission(MANAGE_DASHBOARDS)
+    @has_resource_permission(SHARE_DASHBOARD, parent_resource=_get_dashboard_uri_by_share_uri)
+    def approve_dashboard_share(uri: str):
+        with get_context().db_engine.scoped_session() as session:
+            share = DashboardRepository.get_dashboard_share_by_uri(session, uri)
+            DashboardShareService._change_share_status(share, DashboardShareStatus.APPROVED)
+            DashboardShareService._create_share_policy(session, share.SamlGroupName, share.dashboardUri)
+            return share
+
+    @staticmethod
+    @has_tenant_permission(MANAGE_DASHBOARDS)
+    @has_resource_permission(SHARE_DASHBOARD, parent_resource=_get_dashboard_uri_by_share_uri)
+    def reject_dashboard_share(uri: str):
+        with get_context().db_engine.scoped_session() as session:
+            share = DashboardRepository.get_dashboard_share_by_uri(session, uri)
+            DashboardShareService._change_share_status(share, DashboardShareStatus.REJECTED)
+
+            ResourcePolicy.delete_resource_policy(
+                session=session,
+                group=share.SamlGroupName,
+                resource_uri=share.dashboardUri,
+                resource_type=Dashboard.__name__,
+            )
+
+            return share
+
+    @staticmethod
+    def list_dashboard_shares(uri: str, data: dict):
+        context = get_context()
+        with context.db_engine.scoped_session() as session:
+            return DashboardRepository.paginated_dashboard_shares(
+                session=session,
+                username=context.username,
+                groups=context.groups,
+                uri=uri,
+                data=data,
+            )
+
+    @staticmethod
+    @has_tenant_permission(MANAGE_DASHBOARDS)
+    @has_resource_permission(SHARE_DASHBOARD)
+    def share_dashboard(uri: str, principal_id: str):
+        context = get_context()
+        with context.db_engine.scoped_session() as session:
+            dashboard = DashboardRepository.get_dashboard_by_uri(session, uri)
+            share = DashboardRepository.create_share(
+                session=session,
+                username=context.username,
+                dashboard=dashboard,
+                principal_id=principal_id,
+                init_status=DashboardShareStatus.APPROVED
+            )
+
+            DashboardShareService._create_share_policy(session, principal_id, dashboard.dashboardUri)
+            return share
+
+    @staticmethod
+    def _change_share_status(share, status):
+        DashboardShareService._check_stare_status(share)
+        if share.status == status.value:
+            return share
+
+        share.status = status.value
+
+    @staticmethod
+    def _check_stare_status(share):
+        if share.status not in DashboardShareStatus.__members__:
+            raise InvalidInput(
+                'Share status',
+                share.status,
+                str(DashboardShareStatus.__members__),
+            )
+
+    @staticmethod
+    def _create_share_policy(session, principal_id, dashboard_uri):
+        ResourcePolicy.attach_resource_policy(
+            session=session,
+            group=principal_id,
+            permissions=[GET_DASHBOARD],
+            resource_uri=dashboard_uri,
+            resource_type=Dashboard.__name__,
+        )

From d174b435266119922a963b97043bd2c36be6743b Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 26 May 2023 16:06:21 +0200
Subject: [PATCH 243/346] Added missed handlers

---
 .../dataall/modules/dataset_sharing/handlers/__init__.py   | 3 +++
 backend/dataall/modules/datasets/handlers/__init__.py      | 7 +++++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/backend/dataall/modules/dataset_sharing/handlers/__init__.py b/backend/dataall/modules/dataset_sharing/handlers/__init__.py
index e69de29bb..eb86af3de 100644
--- a/backend/dataall/modules/dataset_sharing/handlers/__init__.py
+++ b/backend/dataall/modules/dataset_sharing/handlers/__init__.py
@@ -0,0 +1,3 @@
+from dataall.modules.dataset_sharing.handlers import ecs_share_handler
+
+__all__ = ["ecs_share_handler"]
diff --git a/backend/dataall/modules/datasets/handlers/__init__.py b/backend/dataall/modules/datasets/handlers/__init__.py
index 91d4aeff6..688f78fc3 100644
--- a/backend/dataall/modules/datasets/handlers/__init__.py
+++ b/backend/dataall/modules/datasets/handlers/__init__.py
@@ -6,7 +6,10 @@
     glue_table_sync_handler,
     glue_table_handler,
     glue_profiling_handler,
-    s3_folder_creator_handler
+    s3_folder_creator_handler,
+    sns_dataset_handler,
+    glue_dataset_handler
 )
 
-__all__ = ["glue_table_sync_handler", "glue_table_handler", "glue_profiling_handler", "s3_folder_creator_handler"]
+__all__ = ["glue_table_sync_handler", "glue_table_handler", "glue_profiling_handler", "s3_folder_creator_handler",
+           "sns_dataset_handler", "glue_dataset_handler"]

From 45194d58c6f6a91f8f601071020620e999cd816e Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 30 May 2023 13:20:16 +0200
Subject: [PATCH 244/346] Migrated quicksight policy to dashboards

---
 backend/dataall/api/Objects/__init__.py              |  1 -
 backend/dataall/modules/dashboards/__init__.py       | 12 +++++++++++-
 backend/dataall/modules/dashboards/cdk/__init__.py   |  3 +++
 .../dashboards/cdk/dashboard_quicksight_policy.py}   |  6 +++---
 4 files changed, 17 insertions(+), 5 deletions(-)
 create mode 100644 backend/dataall/modules/dashboards/cdk/__init__.py
 rename backend/dataall/{cdkproxy/stacks/policies/quicksight.py => modules/dashboards/cdk/dashboard_quicksight_policy.py} (89%)

diff --git a/backend/dataall/api/Objects/__init__.py b/backend/dataall/api/Objects/__init__.py
index 5ac0bccd3..d80dec4c0 100644
--- a/backend/dataall/api/Objects/__init__.py
+++ b/backend/dataall/api/Objects/__init__.py
@@ -19,7 +19,6 @@
     Activity,
     Group,
     Principal,
-    Dashboard,
     Organization,
     Stack,
     Test,
diff --git a/backend/dataall/modules/dashboards/__init__.py b/backend/dataall/modules/dashboards/__init__.py
index d85e9f9fe..3b4b150c3 100644
--- a/backend/dataall/modules/dashboards/__init__.py
+++ b/backend/dataall/modules/dashboards/__init__.py
@@ -38,7 +38,17 @@ def __init__(self):
         EnvironmentResourceManager.register(DashboardRepository())
 
 
-class DatasetCatalogIndexerModuleInterface(ModuleInterface):
+class DashboardCdkModuleInterface(ModuleInterface):
+
+    @staticmethod
+    def is_supported(modes: Set[ImportMode]) -> bool:
+        return ImportMode.CDK in modes
+
+    def __init__(self):
+        import dataall.modules.dashboards.cdk
+
+
+class DashboardCatalogIndexerModuleInterface(ModuleInterface):
 
     @staticmethod
     def is_supported(modes: Set[ImportMode]) -> bool:
diff --git a/backend/dataall/modules/dashboards/cdk/__init__.py b/backend/dataall/modules/dashboards/cdk/__init__.py
new file mode 100644
index 000000000..50217cecc
--- /dev/null
+++ b/backend/dataall/modules/dashboards/cdk/__init__.py
@@ -0,0 +1,3 @@
+from dataall.modules.dashboards.cdk import dashboard_quicksight_policy
+
+__all__ = ['dashboard_quicksight_policy']
diff --git a/backend/dataall/cdkproxy/stacks/policies/quicksight.py b/backend/dataall/modules/dashboards/cdk/dashboard_quicksight_policy.py
similarity index 89%
rename from backend/dataall/cdkproxy/stacks/policies/quicksight.py
rename to backend/dataall/modules/dashboards/cdk/dashboard_quicksight_policy.py
index e67b3436c..36f22748d 100644
--- a/backend/dataall/cdkproxy/stacks/policies/quicksight.py
+++ b/backend/dataall/modules/dashboards/cdk/dashboard_quicksight_policy.py
@@ -1,12 +1,12 @@
 from aws_cdk import aws_iam as iam
 
-from dataall.db import permissions
-from .service_policy import ServicePolicy
+from dataall.cdkproxy.stacks.policies.service_policy import ServicePolicy
+from dataall.modules.dashboards.services.dashboard_permissions import CREATE_DASHBOARD
 
 
 class QuickSight(ServicePolicy):
     def get_statements(self, group_permissions, **kwargs):
-        if permissions.CREATE_DASHBOARD not in group_permissions:
+        if CREATE_DASHBOARD not in group_permissions:
             return []
 
         return [

From 27ccfe360e588ae37bb6fa590dc38cf3ce04c398 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 30 May 2023 13:40:47 +0200
Subject: [PATCH 245/346] Moved dashboard API to the dashboard module

---
 .../dataall/api/Objects/Tenant/mutations.py   |   9 --
 backend/dataall/api/Objects/Tenant/queries.py |  32 +-----
 .../dataall/api/Objects/Tenant/resolvers.py   |  83 --------------
 .../modules/dashboards/api/mutations.py       |   9 ++
 .../dataall/modules/dashboards/api/queries.py |  29 +++++
 .../modules/dashboards/api/resolvers.py       | 102 +++++++++++++++++-
 6 files changed, 139 insertions(+), 125 deletions(-)

diff --git a/backend/dataall/api/Objects/Tenant/mutations.py b/backend/dataall/api/Objects/Tenant/mutations.py
index 7f57a5050..f01033c09 100644
--- a/backend/dataall/api/Objects/Tenant/mutations.py
+++ b/backend/dataall/api/Objects/Tenant/mutations.py
@@ -13,15 +13,6 @@
     resolver=update_group_permissions,
 )
 
-createQuicksightDataSourceSet = gql.MutationField(
-    name='createQuicksightDataSourceSet',
-    args=[
-        gql.Argument(name='vpcConnectionId', type=gql.NonNullableType(gql.String))
-    ],
-    type=gql.String,
-    resolver=create_quicksight_data_source_set,
-)
-
 updateSSMParameter = gql.MutationField(
     name='updateSSMParameter',
     args=[
diff --git a/backend/dataall/api/Objects/Tenant/queries.py b/backend/dataall/api/Objects/Tenant/queries.py
index 62cac727f..8b4218443 100644
--- a/backend/dataall/api/Objects/Tenant/queries.py
+++ b/backend/dataall/api/Objects/Tenant/queries.py
@@ -15,34 +15,4 @@
     ],
     type=gql.Ref('GroupSearchResult'),
     resolver=list_tenant_groups,
-)
-
-getMonitoringDashboardId = gql.QueryField(
-    name='getMonitoringDashboardId',
-    type=gql.String,
-    resolver=get_monitoring_dashboard_id,
-)
-
-getMonitoringVpcConnectionId = gql.QueryField(
-    name='getMonitoringVPCConnectionId',
-    type=gql.String,
-    resolver=get_monitoring_vpc_connection_id,
-)
-
-getPlatformAuthorSession = gql.QueryField(
-    name='getPlatformAuthorSession',
-    args=[
-        gql.Argument(name='awsAccount', type=gql.NonNullableType(gql.String)),
-    ],
-    type=gql.String,
-    resolver=get_quicksight_author_session,
-)
-
-getPlatformReaderSession = gql.QueryField(
-    name='getPlatformReaderSession',
-    args=[
-        gql.Argument(name='dashboardId', type=gql.NonNullableType(gql.String)),
-    ],
-    type=gql.String,
-    resolver=get_quicksight_reader_session,
-)
+)
\ No newline at end of file
diff --git a/backend/dataall/api/Objects/Tenant/resolvers.py b/backend/dataall/api/Objects/Tenant/resolvers.py
index 8bc57be62..5cdba0dee 100644
--- a/backend/dataall/api/Objects/Tenant/resolvers.py
+++ b/backend/dataall/api/Objects/Tenant/resolvers.py
@@ -47,86 +47,3 @@ def update_ssm_parameter(context, source, name: str = None, value: str = None):
     print(name)
     response = ParameterStoreManager.update_parameter(AwsAccountId=current_account, region=region, parameter_name=f'/dataall/{os.getenv("envname", "local")}/quicksightmonitoring/{name}', parameter_value=value)
     return response
-
-
-def get_monitoring_dashboard_id(context, source):
-    current_account = SessionHelper.get_account()
-    region = os.getenv('AWS_REGION', 'eu-west-1')
-    dashboard_id = ParameterStoreManager.get_parameter_value(AwsAccountId=current_account, region=region, parameter_path=f'/dataall/{os.getenv("envname", "local")}/quicksightmonitoring/DashboardId')
-    if not dashboard_id:
-        raise exceptions.AWSResourceNotFound(
-            action='GET_DASHBOARD_ID',
-            message='Dashboard Id could not be found on AWS Parameter Store',
-        )
-    return dashboard_id
-
-
-def get_monitoring_vpc_connection_id(context, source):
-    current_account = SessionHelper.get_account()
-    region = os.getenv('AWS_REGION', 'eu-west-1')
-    vpc_connection_id = ParameterStoreManager.get_parameter_value(AwsAccountId=current_account, region=region, parameter_path=f'/dataall/{os.getenv("envname", "local")}/quicksightmonitoring/VPCConnectionId')
-    if not vpc_connection_id:
-        raise exceptions.AWSResourceNotFound(
-            action='GET_VPC_CONNECTION_ID',
-            message='Dashboard Id could not be found on AWS Parameter Store',
-        )
-    return vpc_connection_id
-
-
-def create_quicksight_data_source_set(context, source, vpcConnectionId: str = None):
-    current_account = SessionHelper.get_account()
-    region = os.getenv('AWS_REGION', 'eu-west-1')
-    user = Quicksight.register_user_in_group(AwsAccountId=current_account, UserName=context.username, GroupName='dataall', UserRole='AUTHOR')
-
-    datasourceId = Quicksight.create_data_source_vpc(AwsAccountId=current_account, region=region, UserName=context.username, vpcConnectionId=vpcConnectionId)
-    # Data sets are not created programmatically. Too much overhead for the value added. However, an example API is provided:
-    # datasets = Quicksight.create_data_set_from_source(AwsAccountId=current_account, region=region, UserName='dataallTenantUser', dataSourceId=datasourceId, tablesToImport=['organization', 'environment', 'dataset', 'datapipeline', 'dashboard', 'share_object'])
-
-    return datasourceId
-
-
-def get_quicksight_author_session(context, source, awsAccount: str = None):
-    with context.engine.scoped_session() as session:
-        admin = db.api.TenantPolicy.is_tenant_admin(context.groups)
-
-        if not admin:
-            raise db.exceptions.TenantUnauthorized(
-                username=context.username,
-                action=db.permissions.TENANT_ALL,
-                tenant_name=context.username,
-            )
-        region = os.getenv('AWS_REGION', 'eu-west-1')
-
-        url = Quicksight.get_author_session(
-            AwsAccountId=awsAccount,
-            region=region,
-            UserName=context.username,
-            UserRole='AUTHOR',
-        )
-
-    return url
-
-
-def get_quicksight_reader_session(context, source, dashboardId: str = None):
-    with context.engine.scoped_session() as session:
-        admin = db.api.TenantPolicy.is_tenant_admin(context.groups)
-
-        if not admin:
-            raise db.exceptions.TenantUnauthorized(
-                username=context.username,
-                action=db.permissions.TENANT_ALL,
-                tenant_name=context.username,
-            )
-
-        region = os.getenv('AWS_REGION', 'eu-west-1')
-        current_account = SessionHelper.get_account()
-
-        url = Quicksight.get_reader_session(
-            AwsAccountId=current_account,
-            region=region,
-            UserName=context.username,
-            UserRole='READER',
-            DashboardId=dashboardId
-        )
-
-    return url
diff --git a/backend/dataall/modules/dashboards/api/mutations.py b/backend/dataall/modules/dashboards/api/mutations.py
index 5e7072d65..3e92b1995 100644
--- a/backend/dataall/modules/dashboards/api/mutations.py
+++ b/backend/dataall/modules/dashboards/api/mutations.py
@@ -70,3 +70,12 @@
     ],
     resolver=reject_dashboard_share,
 )
+
+createQuicksightDataSourceSet = gql.MutationField(
+    name='createQuicksightDataSourceSet',
+    args=[
+        gql.Argument(name='vpcConnectionId', type=gql.NonNullableType(gql.String))
+    ],
+    type=gql.String,
+    resolver=create_quicksight_data_source_set,
+)
diff --git a/backend/dataall/modules/dashboards/api/queries.py b/backend/dataall/modules/dashboards/api/queries.py
index c690d52ce..9dae022bb 100644
--- a/backend/dataall/modules/dashboards/api/queries.py
+++ b/backend/dataall/modules/dashboards/api/queries.py
@@ -15,6 +15,35 @@
     resolver=get_dashboard,
 )
 
+getMonitoringDashboardId = gql.QueryField(
+    name='getMonitoringDashboardId',
+    type=gql.String,
+    resolver=get_monitoring_dashboard_id,
+)
+
+getMonitoringVpcConnectionId = gql.QueryField(
+    name='getMonitoringVPCConnectionId',
+    type=gql.String,
+    resolver=get_monitoring_vpc_connection_id,
+)
+
+getPlatformAuthorSession = gql.QueryField(
+    name='getPlatformAuthorSession',
+    args=[
+        gql.Argument(name='awsAccount', type=gql.NonNullableType(gql.String)),
+    ],
+    type=gql.String,
+    resolver=get_quicksight_author_session,
+)
+
+getPlatformReaderSession = gql.QueryField(
+    name='getPlatformReaderSession',
+    args=[
+        gql.Argument(name='dashboardId', type=gql.NonNullableType(gql.String)),
+    ],
+    type=gql.String,
+    resolver=get_quicksight_reader_session,
+)
 
 getAuthorSession = gql.QueryField(
     name='getAuthorSession',
diff --git a/backend/dataall/modules/dashboards/api/resolvers.py b/backend/dataall/modules/dashboards/api/resolvers.py
index eb4a300eb..387530d95 100644
--- a/backend/dataall/modules/dashboards/api/resolvers.py
+++ b/backend/dataall/modules/dashboards/api/resolvers.py
@@ -4,9 +4,10 @@
 from dataall.api.context import Context
 from dataall.aws.handlers.quicksight import Quicksight
 from dataall.aws.handlers.parameter_store import ParameterStoreManager
+from dataall.aws.handlers.sts import SessionHelper
 from dataall.db import models
-from dataall.db.api import ResourcePolicy, Glossary, Vote
-from dataall.db.exceptions import RequiredParameter
+from dataall.db.api import ResourcePolicy, Glossary, Vote, TenantPolicy
+from dataall.db.exceptions import RequiredParameter, AWSResourceNotFound, TenantUnauthorized
 from dataall.modules.dashboards.db.dashboard_repository import DashboardRepository
 from dataall.modules.dashboards.db.models import Dashboard
 from dataall.modules.dashboards.services.dashboard_permissions import GET_DASHBOARD, CREATE_DASHBOARD
@@ -270,3 +271,100 @@ def resolve_upvotes(context: Context, source: Dashboard, **kwargs):
         return Vote.count_upvotes(
             session, None, None, source.dashboardUri, data={'targetType': 'dashboard'}
         )
+
+
+def get_monitoring_dashboard_id(context, source):
+    current_account = SessionHelper.get_account()
+    region = os.getenv('AWS_REGION', 'eu-west-1')
+    dashboard_id = ParameterStoreManager.get_parameter_value(
+        AwsAccountId=current_account,
+        region=region,
+        parameter_path=f'/dataall/{os.getenv("envname", "local")}/quicksightmonitoring/DashboardId'
+    )
+
+    if not dashboard_id:
+        raise AWSResourceNotFound(
+            action='GET_DASHBOARD_ID',
+            message='Dashboard Id could not be found on AWS Parameter Store',
+        )
+    return dashboard_id
+
+
+def get_monitoring_vpc_connection_id(context, source):
+    current_account = SessionHelper.get_account()
+    region = os.getenv('AWS_REGION', 'eu-west-1')
+    vpc_connection_id = ParameterStoreManager.get_parameter_value(
+        AwsAccountId=current_account,
+        region=region,
+        parameter_path=f'/dataall/{os.getenv("envname", "local")}/quicksightmonitoring/VPCConnectionId'
+    )
+
+    if not vpc_connection_id:
+        raise AWSResourceNotFound(
+            action='GET_VPC_CONNECTION_ID',
+            message='VPC Connection Id could not be found on AWS Parameter Store',
+        )
+    return vpc_connection_id
+
+
+def create_quicksight_data_source_set(context, source, vpcConnectionId: str = None):
+    current_account = SessionHelper.get_account()
+    region = os.getenv('AWS_REGION', 'eu-west-1')
+    user = Quicksight.register_user_in_group(
+        AwsAccountId=current_account,
+        UserName=context.username,
+        GroupName='dataall',
+        UserRole='AUTHOR')
+
+    datasourceId = Quicksight.create_data_source_vpc(AwsAccountId=current_account, region=region, UserName=context.username, vpcConnectionId=vpcConnectionId)
+    # Data sets are not created programmatically. Too much overhead for the value added. However, an example API is provided:
+    # datasets = Quicksight.create_data_set_from_source(AwsAccountId=current_account, region=region, UserName='dataallTenantUser', dataSourceId=datasourceId, tablesToImport=['organization', 'environment', 'dataset', 'datapipeline', 'dashboard', 'share_object'])
+
+    return datasourceId
+
+
+def get_quicksight_author_session(context, source, awsAccount: str = None):
+    with context.engine.scoped_session() as session:
+        admin = TenantPolicy.is_tenant_admin(context.groups)
+
+        if not admin:
+            raise TenantUnauthorized(
+                username=context.username,
+                action=db.permissions.TENANT_ALL,
+                tenant_name=context.username,
+            )
+        region = os.getenv('AWS_REGION', 'eu-west-1')
+
+        url = Quicksight.get_author_session(
+            AwsAccountId=awsAccount,
+            region=region,
+            UserName=context.username,
+            UserRole='AUTHOR',
+        )
+
+    return url
+
+
+def get_quicksight_reader_session(context, source, dashboardId: str = None):
+    with context.engine.scoped_session() as session:
+        admin = db.api.TenantPolicy.is_tenant_admin(context.groups)
+
+        if not admin:
+            raise TenantUnauthorized(
+                username=context.username,
+                action=db.permissions.TENANT_ALL,
+                tenant_name=context.username,
+            )
+
+        region = os.getenv('AWS_REGION', 'eu-west-1')
+        current_account = SessionHelper.get_account()
+
+        url = Quicksight.get_reader_session(
+            AwsAccountId=current_account,
+            region=region,
+            UserName=context.username,
+            UserRole='READER',
+            DashboardId=dashboardId
+        )
+
+    return url

From 4fb4a11ca90036b7ba538c08020dcf8e39e1a0c4 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 30 May 2023 15:05:57 +0200
Subject: [PATCH 246/346] Introduced DashboardService

---
 .../modules/dashboards/api/resolvers.py       |  72 +--------
 .../dashboards/db/dashboard_repository.py     | 124 +--------------
 .../dashboards/services/dashboard_service.py  | 143 ++++++++++++++++++
 3 files changed, 154 insertions(+), 185 deletions(-)
 create mode 100644 backend/dataall/modules/dashboards/services/dashboard_service.py

diff --git a/backend/dataall/modules/dashboards/api/resolvers.py b/backend/dataall/modules/dashboards/api/resolvers.py
index 387530d95..f9f9ef0b9 100644
--- a/backend/dataall/modules/dashboards/api/resolvers.py
+++ b/backend/dataall/modules/dashboards/api/resolvers.py
@@ -11,6 +11,7 @@
 from dataall.modules.dashboards.db.dashboard_repository import DashboardRepository
 from dataall.modules.dashboards.db.models import Dashboard
 from dataall.modules.dashboards.services.dashboard_permissions import GET_DASHBOARD, CREATE_DASHBOARD
+from dataall.modules.dashboards.services.dashboard_service import DashboardService
 from dataall.modules.dashboards.services.dashboard_share_service import DashboardShareService
 from dataall.utils import Parameter
 from dataall.modules.dashboards.indexers.dashboard_indexer import DashboardIndexer
@@ -121,68 +122,11 @@ def import_dashboard(context: Context, source, input: dict = None):
     if not input.get('label'):
         raise RequiredParameter('label')
 
-    with context.engine.scoped_session() as session:
-        ResourcePolicy.check_user_resource_permission(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            resource_uri=input['environmentUri'],
-            permission_name=CREATE_DASHBOARD,
-        )
-        env: models.Environment = db.api.Environment.get_environment_by_uri(
-            session, input['environmentUri']
-        )
-
-        if not env.dashboardsEnabled:
-            raise db.exceptions.UnauthorizedOperation(
-                action=CREATE_DASHBOARD,
-                message=f'Dashboards feature is disabled for the environment {env.label}',
-            )
-
-        can_import = Quicksight.can_import_dashboard(
-            AwsAccountId=env.AwsAccountId,
-            region=env.region,
-            UserName=context.username,
-            DashboardId=input.get('dashboardId'),
-        )
-
-        if not can_import:
-            raise db.exceptions.UnauthorizedOperation(
-                action=CREATE_DASHBOARD,
-                message=f'User: {context.username} has not AUTHOR rights on quicksight for the environment {env.label}',
-            )
-
-        input['environment'] = env
-        dashboard = DashboardRepository.import_dashboard(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            uri=env.environmentUri,
-            data=input,
-        )
-
-        DashboardIndexer.upsert(session, dashboard_uri=dashboard.dashboardUri)
-
-    return dashboard
+    return DashboardService.import_dashboard(uri=input['environmentUri'], data=input)
 
 
 def update_dashboard(context, source, input: dict = None):
-    with context.engine.scoped_session() as session:
-        dashboard = DashboardRepository.get_dashboard_by_uri(
-            session, input['dashboardUri']
-        )
-        DashboardRepository.update_dashboard(
-            session=session,
-            username=context.username,
-            uri=dashboard.dashboardUri,
-            dashboard=dashboard,
-            data=input
-        )
-
-        DashboardIndexer.upsert(session, dashboard_uri=dashboard.dashboardUri)
-
-        return dashboard
-
+    return DashboardService.update_dashboard(uri=input['dashboardUri'], data=input)
 
 def list_dashboards(context: Context, source, filter: dict = None):
     if not filter:
@@ -197,8 +141,7 @@ def list_dashboards(context: Context, source, filter: dict = None):
 
 
 def get_dashboard(context: Context, source, dashboardUri: str = None):
-    with context.engine.scoped_session() as session:
-        return DashboardRepository.get_dashboard(session=session, uri=dashboardUri)
+    return DashboardService.get_dashboard(uri=dashboardUri)
 
 
 def resolve_user_role(context: Context, source: Dashboard):
@@ -253,10 +196,7 @@ def share_dashboard(
 
 
 def delete_dashboard(context: Context, source, dashboardUri: str = None):
-    with context.engine.scoped_session() as session:
-        DashboardRepository.delete_dashboard(session=session, uri=dashboardUri)
-        DashboardIndexer.delete_doc(doc_id=dashboardUri)
-        return True
+    return DashboardService.delete_dashboard(uri=dashboardUri)
 
 
 def resolve_glossary_terms(context: Context, source: Dashboard, **kwargs):
@@ -347,7 +287,7 @@ def get_quicksight_author_session(context, source, awsAccount: str = None):
 
 def get_quicksight_reader_session(context, source, dashboardId: str = None):
     with context.engine.scoped_session() as session:
-        admin = db.api.TenantPolicy.is_tenant_admin(context.groups)
+        admin = TenantPolicy.is_tenant_admin(context.groups)
 
         if not admin:
             raise TenantUnauthorized(
diff --git a/backend/dataall/modules/dashboards/db/dashboard_repository.py b/backend/dataall/modules/dashboards/db/dashboard_repository.py
index d25dc65c4..f59235cde 100644
--- a/backend/dataall/modules/dashboards/db/dashboard_repository.py
+++ b/backend/dataall/modules/dashboards/db/dashboard_repository.py
@@ -4,17 +4,9 @@
 from sqlalchemy.orm import Query
 
 from dataall.core.group.services.group_resource_manager import EnvironmentResource
-from dataall.core.permission_checker import has_tenant_permission, has_resource_permission
-from dataall.db import models, exceptions, paginate
-from dataall.db.api import (
-    Environment,
-    ResourcePolicy,
-    Glossary,
-    Vote,
-)
+from dataall.db import exceptions, paginate
+from dataall.db.models import Environment
 from dataall.modules.dashboards.db.models import DashboardShare, DashboardShareStatus, Dashboard
-from dataall.modules.dashboards.services.dashboard_permissions import MANAGE_DASHBOARDS, CREATE_DASHBOARD, \
-    DASHBOARD_ALL, GET_DASHBOARD, SHARE_DASHBOARD, UPDATE_DASHBOARD
 
 logger = logging.getLogger(__name__)
 
@@ -34,27 +26,7 @@ def count_resources(session, environment, group_uri) -> int:
         )
 
     @staticmethod
-    @has_tenant_permission(MANAGE_DASHBOARDS)
-    @has_resource_permission(CREATE_DASHBOARD)
-    def import_dashboard(
-        session,
-        username: str,
-        groups: [str],
-        uri: str,
-        data: dict = None,
-    ) -> Dashboard:
-        Environment.check_group_environment_permission(
-            session=session,
-            username=username,
-            groups=groups,
-            uri=uri,
-            group=data['SamlGroupName'],
-            permission_name=CREATE_DASHBOARD,
-        )
-
-        env: models.Environment = data.get(
-            'environment', Environment.get_environment_by_uri(session, uri)
-        )
+    def create_dashboard(session, env: Environment, username: str, data: dict = None) -> Dashboard:
         dashboard: Dashboard = Dashboard(
             label=data.get('label', 'untitled'),
             environmentUri=data.get('environmentUri'),
@@ -69,55 +41,8 @@ def import_dashboard(
         )
         session.add(dashboard)
         session.commit()
-
-        activity = models.Activity(
-            action='DASHBOARD:CREATE',
-            label='DASHBOARD:CREATE',
-            owner=username,
-            summary=f'{username} created dashboard {dashboard.label} in {env.label}',
-            targetUri=dashboard.dashboardUri,
-            targetType='dashboard',
-        )
-        session.add(activity)
-
-        DashboardRepository.set_dashboard_resource_policy(
-            session, env, dashboard, data['SamlGroupName']
-        )
-
-        if 'terms' in data.keys():
-            Glossary.set_glossary_terms_links(
-                session,
-                username,
-                dashboard.dashboardUri,
-                'Dashboard',
-                data.get('terms', []),
-            )
         return dashboard
 
-    @staticmethod
-    def set_dashboard_resource_policy(session, environment, dashboard, group):
-        ResourcePolicy.attach_resource_policy(
-            session=session,
-            group=group,
-            permissions=DASHBOARD_ALL,
-            resource_uri=dashboard.dashboardUri,
-            resource_type=Dashboard.__name__,
-        )
-        if environment.SamlGroupName != dashboard.SamlGroupName:
-            ResourcePolicy.attach_resource_policy(
-                session=session,
-                group=environment.SamlGroupName,
-                permissions=DASHBOARD_ALL,
-                resource_uri=dashboard.dashboardUri,
-                resource_type=Dashboard.__name__,
-            )
-
-    @staticmethod
-    @has_tenant_permission(MANAGE_DASHBOARDS)
-    @has_resource_permission(GET_DASHBOARD)
-    def get_dashboard(session, uri: str) -> Dashboard:
-        return DashboardRepository.get_dashboard_by_uri(session, uri)
-
     @staticmethod
     def get_dashboard_by_uri(session, uri) -> Dashboard:
         dashboard: Dashboard = session.query(Dashboard).get(uri)
@@ -220,47 +145,8 @@ def paginated_dashboard_shares(
         ).to_dict()
 
     @staticmethod
-    @has_tenant_permission(MANAGE_DASHBOARDS)
-    @has_resource_permission(UPDATE_DASHBOARD)
-    def update_dashboard(
-        session,
-        username: str,
-        uri: str,
-        dashboard: Dashboard,
-        data: dict = None,
-    ) -> Dashboard:
-        for k in data.keys():
-            setattr(dashboard, k, data.get(k))
-
-        if 'terms' in data.keys():
-            Glossary.set_glossary_terms_links(
-                session,
-                username,
-                dashboard.dashboardUri,
-                'Dashboard',
-                data.get('terms', []),
-            )
-        environment: models.Environment = Environment.get_environment_by_uri(
-            session, dashboard.environmentUri
-        )
-        DashboardRepository.set_dashboard_resource_policy(
-            session, environment, dashboard, dashboard.SamlGroupName
-        )
-        return dashboard
-
-    @staticmethod
-    def delete_dashboard(session, uri) -> bool:
-        # TODO THERE WAS NO PERMISSION CHECK
-        dashboard = DashboardRepository.get_dashboard_by_uri(session, uri)
-        session.delete(dashboard)
-        ResourcePolicy.delete_resource_policy(
-            session=session, resource_uri=uri, group=dashboard.SamlGroupName
-        )
-        Glossary.delete_glossary_terms_links(
-            session, target_uri=dashboard.dashboardUri, target_type='Dashboard'
-        )
-        Vote.delete_votes(session, dashboard.dashboardUri, 'dashboard')
-        session.commit()
+    def delete_dashboard(session, dashboard_uri) -> bool:
+        session.delete(dashboard_uri)
         return True
 
     @staticmethod
diff --git a/backend/dataall/modules/dashboards/services/dashboard_service.py b/backend/dataall/modules/dashboards/services/dashboard_service.py
new file mode 100644
index 000000000..10416b75b
--- /dev/null
+++ b/backend/dataall/modules/dashboards/services/dashboard_service.py
@@ -0,0 +1,143 @@
+from dataall.aws.handlers.quicksight import Quicksight
+from dataall.core.context import get_context
+from dataall.core.permission_checker import has_tenant_permission, has_resource_permission, has_group_permission
+from dataall.db.api import ResourcePolicy, Glossary, Vote, Environment
+from dataall.db.exceptions import UnauthorizedOperation
+from dataall.db.models import Activity
+from dataall.modules.dashboards import DashboardRepository, Dashboard
+from dataall.modules.dashboards.indexers.dashboard_indexer import DashboardIndexer
+from dataall.modules.dashboards.services.dashboard_permissions import MANAGE_DASHBOARDS, GET_DASHBOARD, \
+    UPDATE_DASHBOARD, CREATE_DASHBOARD, DASHBOARD_ALL
+
+
+class DashboardService:
+    @staticmethod
+    @has_tenant_permission(MANAGE_DASHBOARDS)
+    @has_resource_permission(GET_DASHBOARD)
+    def get_dashboard(uri: str) -> Dashboard:
+        with get_context().db_engine.scoped_session() as session:
+            return DashboardRepository.get_dashboard_by_uri(session, uri)
+
+    @staticmethod
+    @has_tenant_permission(MANAGE_DASHBOARDS)
+    @has_resource_permission(CREATE_DASHBOARD)
+    def import_dashboard(uri: str, data: dict = None) -> Dashboard:
+        context = get_context()
+        with context.db_engine.scoped_session() as session:
+            env = Environment.get_environment_by_uri(session, data['environmentUri'])
+
+            if not env.dashboardsEnabled:
+                raise UnauthorizedOperation(
+                    action=CREATE_DASHBOARD,
+                    message=f'Dashboards feature is disabled for the environment {env.label}',
+                )
+
+            can_import = Quicksight.can_import_dashboard(
+                AwsAccountId=env.AwsAccountId,
+                region=env.region,
+                UserName=context.username,
+                DashboardId=data.get('dashboardId'),
+            )
+
+            if not can_import:
+                raise db.exceptions.UnauthorizedOperation(
+                    action=CREATE_DASHBOARD,
+                    message=f'User: {context.username} has not AUTHOR rights on quicksight for the environment {env.label}',
+                )
+            Environment.check_group_environment_permission(
+                session=session,
+                username=username,
+                groups=groups,
+                uri=uri,
+                group=data['SamlGroupName'],
+                permission_name=CREATE_DASHBOARD,
+            )
+
+            env = data.get(
+                'environment', Environment.get_environment_by_uri(session, uri)
+            )
+
+            dashboard = DashboardRepository.create_dashboard(session, env, context.username, data)
+
+            activity = Activity(
+                action='DASHBOARD:CREATE',
+                label='DASHBOARD:CREATE',
+                owner=username,
+                summary=f'{username} created dashboard {dashboard.label} in {env.label}',
+                targetUri=dashboard.dashboardUri,
+                targetType='dashboard',
+            )
+            session.add(activity)
+
+            DashboardService._set_dashboard_resource_policy(
+                session, env, dashboard, data['SamlGroupName']
+            )
+
+            DashboardService._update_glossary(session, dashboard, data)
+            DashboardIndexer.upsert(session, dashboard_uri=dashboard.dashboardUri)
+            return dashboard
+
+    @staticmethod
+    @has_tenant_permission(MANAGE_DASHBOARDS)
+    @has_resource_permission(UPDATE_DASHBOARD)
+    def update_dashboard(uri: str, data: dict = None) -> Dashboard:
+        with get_context().db_engine.scoped_session() as session:
+            dashboard = DashboardRepository.get_dashboard_by_uri(session, uri)
+            for k in data.keys():
+                setattr(dashboard, k, data.get(k))
+
+            DashboardService._update_glossary(session, dashboard, data)
+            environment = Environment.get_environment_by_uri(session, dashboard.environmentUri)
+            DashboardService._set_dashboard_resource_policy(
+                session, environment, dashboard, dashboard.SamlGroupName
+            )
+
+            DashboardIndexer.upsert(session, dashboard_uri=dashboard.dashboardUri)
+            return dashboard
+
+    @staticmethod
+    def delete_dashboard(uri) -> bool:
+        # TODO THERE WAS NO PERMISSION CHECK
+        with get_context().db_engine.scoped_session() as session:
+            dashboard = DashboardRepository.get_dashboard_by_uri(session, uri)
+            DashboardRepository.delete_dashboard(session, dashboard.dashboardUri)
+
+            ResourcePolicy.delete_resource_policy(
+                session=session, resource_uri=uri, group=dashboard.SamlGroupName
+            )
+            Glossary.delete_glossary_terms_links(
+                session, target_uri=dashboard.dashboardUri, target_type='Dashboard'
+            )
+            Vote.delete_votes(session, dashboard.dashboardUri, 'dashboard')
+
+        DashboardIndexer.delete_doc(doc_id=uri)
+        return True
+
+    @staticmethod
+    def _set_dashboard_resource_policy(session, environment, dashboard, group):
+        DashboardService._attach_dashboard_policy(session, group, dashboard)
+        if environment.SamlGroupName != dashboard.SamlGroupName:
+            DashboardService._attach_dashboard_policy(session, environment.SamlGroupName, dashboard)
+
+    @staticmethod
+    def _attach_dashboard_policy(session, group: str, dashboard: Dashboard):
+        ResourcePolicy.attach_resource_policy(
+            session=session,
+            group=group,
+            permissions=DASHBOARD_ALL,
+            resource_uri=dashboard.dashboardUri,
+            resource_type=Dashboard.__name__,
+        )
+
+    @staticmethod
+    def _update_glossary(session, dashboard, data):
+        context = get_context()
+        if 'terms' in data:
+            Glossary.set_glossary_terms_links(
+                session,
+                context.username,
+                dashboard.dashboardUri,
+                'Dashboard',
+                data['terms'],
+            )
+

From bfca075099864e09f68253910cbc9ef40a7126d9 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 30 May 2023 15:07:45 +0200
Subject: [PATCH 247/346] Renamed policy

---
 .../modules/dashboards/cdk/dashboard_quicksight_policy.py       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/dataall/modules/dashboards/cdk/dashboard_quicksight_policy.py b/backend/dataall/modules/dashboards/cdk/dashboard_quicksight_policy.py
index 36f22748d..fb237a22d 100644
--- a/backend/dataall/modules/dashboards/cdk/dashboard_quicksight_policy.py
+++ b/backend/dataall/modules/dashboards/cdk/dashboard_quicksight_policy.py
@@ -4,7 +4,7 @@
 from dataall.modules.dashboards.services.dashboard_permissions import CREATE_DASHBOARD
 
 
-class QuickSight(ServicePolicy):
+class QuickSightPolicy(ServicePolicy):
     def get_statements(self, group_permissions, **kwargs):
         if CREATE_DASHBOARD not in group_permissions:
             return []

From 130898273a5b64ceaa798c976b85df8f286b1f7c Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 30 May 2023 16:10:43 +0200
Subject: [PATCH 248/346] Introduced DashboardQuicksightService

---
 .../modules/dashboards/api/resolvers.py       | 199 ++---------------
 .../services/dashboard_quicksight_service.py  | 206 ++++++++++++++++++
 .../dashboards/services/dashboard_service.py  |   3 +-
 3 files changed, 224 insertions(+), 184 deletions(-)
 create mode 100644 backend/dataall/modules/dashboards/services/dashboard_quicksight_service.py

diff --git a/backend/dataall/modules/dashboards/api/resolvers.py b/backend/dataall/modules/dashboards/api/resolvers.py
index f9f9ef0b9..fbca97a71 100644
--- a/backend/dataall/modules/dashboards/api/resolvers.py
+++ b/backend/dataall/modules/dashboards/api/resolvers.py
@@ -1,113 +1,13 @@
-import os
-from dataall import db
 from dataall.api.constants import DashboardRole
 from dataall.api.context import Context
-from dataall.aws.handlers.quicksight import Quicksight
-from dataall.aws.handlers.parameter_store import ParameterStoreManager
-from dataall.aws.handlers.sts import SessionHelper
 from dataall.db import models
-from dataall.db.api import ResourcePolicy, Glossary, Vote, TenantPolicy
-from dataall.db.exceptions import RequiredParameter, AWSResourceNotFound, TenantUnauthorized
+from dataall.db.api import  Glossary, Vote
+from dataall.db.exceptions import RequiredParameter
 from dataall.modules.dashboards.db.dashboard_repository import DashboardRepository
 from dataall.modules.dashboards.db.models import Dashboard
-from dataall.modules.dashboards.services.dashboard_permissions import GET_DASHBOARD, CREATE_DASHBOARD
+from dataall.modules.dashboards.services.dashboard_quicksight_service import DashboardQuicksightService
 from dataall.modules.dashboards.services.dashboard_service import DashboardService
 from dataall.modules.dashboards.services.dashboard_share_service import DashboardShareService
-from dataall.utils import Parameter
-from dataall.modules.dashboards.indexers.dashboard_indexer import DashboardIndexer
-
-param_store = Parameter()
-ENVNAME = os.getenv("envname", "local")
-DOMAIN_NAME = param_store.get_parameter(env=ENVNAME, path="frontend/custom_domain_name") if ENVNAME not in ["local", "dkrcompose"] else None
-DOMAIN_URL = f"https://{DOMAIN_NAME}" if DOMAIN_NAME else "http://localhost:8080"
-
-
-def get_quicksight_reader_url(context, source, dashboardUri: str = None):
-    with context.engine.scoped_session() as session:
-        dash: Dashboard = session.query(Dashboard).get(dashboardUri)
-        env: models.Environment = session.query(models.Environment).get(
-            dash.environmentUri
-        )
-        ResourcePolicy.check_user_resource_permission(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            resource_uri=dash.dashboardUri,
-            permission_name=GET_DASHBOARD,
-        )
-        if not env.dashboardsEnabled:
-            raise db.exceptions.UnauthorizedOperation(
-                action=GET_DASHBOARD,
-                message=f'Dashboards feature is disabled for the environment {env.label}',
-            )
-        if dash.SamlGroupName in context.groups:
-            url = Quicksight.get_reader_session(
-                AwsAccountId=env.AwsAccountId,
-                region=env.region,
-                UserName=context.username,
-                DashboardId=dash.DashboardId,
-                domain_name=DOMAIN_URL,
-            )
-        else:
-            shared_groups = DashboardRepository.query_all_user_groups_shareddashboard(
-                session=session,
-                groups=context.groups,
-                uri=dashboardUri
-            )
-            if not shared_groups:
-                raise db.exceptions.UnauthorizedOperation(
-                    action=GET_DASHBOARD,
-                    message='Dashboard has not been shared with your Teams',
-                )
-
-            session_type = ParameterStoreManager.get_parameter_value(
-                parameter_path=f"/dataall/{os.getenv('envname', 'local')}/quicksight/sharedDashboardsSessions"
-            )
-
-            if session_type == 'reader':
-                url = Quicksight.get_shared_reader_session(
-                    AwsAccountId=env.AwsAccountId,
-                    region=env.region,
-                    UserName=context.username,
-                    GroupName=shared_groups[0],
-                    DashboardId=dash.DashboardId,
-                )
-            else:
-                url = Quicksight.get_anonymous_session(
-                    AwsAccountId=env.AwsAccountId,
-                    region=env.region,
-                    UserName=context.username,
-                    DashboardId=dash.DashboardId,
-                )
-    return url
-
-
-def get_quicksight_designer_url(
-    context, source, environmentUri: str = None, dashboardUri: str = None
-):
-    with context.engine.scoped_session() as session:
-        ResourcePolicy.check_user_resource_permission(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            resource_uri=environmentUri,
-            permission_name=CREATE_DASHBOARD,
-        )
-        env: models.Environment = session.query(models.Environment).get(environmentUri)
-        if not env.dashboardsEnabled:
-            raise db.exceptions.UnauthorizedOperation(
-                action=CREATE_DASHBOARD,
-                message=f'Dashboards feature is disabled for the environment {env.label}',
-            )
-
-        url = Quicksight.get_author_session(
-            AwsAccountId=env.AwsAccountId,
-            region=env.region,
-            UserName=context.username,
-            UserRole='AUTHOR',
-        )
-
-    return url
 
 
 def import_dashboard(context: Context, source, input: dict = None):
@@ -214,97 +114,30 @@ def resolve_upvotes(context: Context, source: Dashboard, **kwargs):
 
 
 def get_monitoring_dashboard_id(context, source):
-    current_account = SessionHelper.get_account()
-    region = os.getenv('AWS_REGION', 'eu-west-1')
-    dashboard_id = ParameterStoreManager.get_parameter_value(
-        AwsAccountId=current_account,
-        region=region,
-        parameter_path=f'/dataall/{os.getenv("envname", "local")}/quicksightmonitoring/DashboardId'
-    )
-
-    if not dashboard_id:
-        raise AWSResourceNotFound(
-            action='GET_DASHBOARD_ID',
-            message='Dashboard Id could not be found on AWS Parameter Store',
-        )
-    return dashboard_id
+    return DashboardQuicksightService.get_monitoring_dashboard_id()
 
 
 def get_monitoring_vpc_connection_id(context, source):
-    current_account = SessionHelper.get_account()
-    region = os.getenv('AWS_REGION', 'eu-west-1')
-    vpc_connection_id = ParameterStoreManager.get_parameter_value(
-        AwsAccountId=current_account,
-        region=region,
-        parameter_path=f'/dataall/{os.getenv("envname", "local")}/quicksightmonitoring/VPCConnectionId'
-    )
-
-    if not vpc_connection_id:
-        raise AWSResourceNotFound(
-            action='GET_VPC_CONNECTION_ID',
-            message='VPC Connection Id could not be found on AWS Parameter Store',
-        )
-    return vpc_connection_id
+    return DashboardQuicksightService.get_monitoring_vpc_connection_id()
 
 
 def create_quicksight_data_source_set(context, source, vpcConnectionId: str = None):
-    current_account = SessionHelper.get_account()
-    region = os.getenv('AWS_REGION', 'eu-west-1')
-    user = Quicksight.register_user_in_group(
-        AwsAccountId=current_account,
-        UserName=context.username,
-        GroupName='dataall',
-        UserRole='AUTHOR')
+    return DashboardQuicksightService.create_quicksight_data_source_set(vpcConnectionId)
 
-    datasourceId = Quicksight.create_data_source_vpc(AwsAccountId=current_account, region=region, UserName=context.username, vpcConnectionId=vpcConnectionId)
-    # Data sets are not created programmatically. Too much overhead for the value added. However, an example API is provided:
-    # datasets = Quicksight.create_data_set_from_source(AwsAccountId=current_account, region=region, UserName='dataallTenantUser', dataSourceId=datasourceId, tablesToImport=['organization', 'environment', 'dataset', 'datapipeline', 'dashboard', 'share_object'])
 
-    return datasourceId
+def get_quicksight_author_session(context, source, awsAccount: str = None):
+    return DashboardQuicksightService.get_quicksight_author_session(awsAccount)
 
 
-def get_quicksight_author_session(context, source, awsAccount: str = None):
-    with context.engine.scoped_session() as session:
-        admin = TenantPolicy.is_tenant_admin(context.groups)
-
-        if not admin:
-            raise TenantUnauthorized(
-                username=context.username,
-                action=db.permissions.TENANT_ALL,
-                tenant_name=context.username,
-            )
-        region = os.getenv('AWS_REGION', 'eu-west-1')
-
-        url = Quicksight.get_author_session(
-            AwsAccountId=awsAccount,
-            region=region,
-            UserName=context.username,
-            UserRole='AUTHOR',
-        )
+def get_quicksight_reader_session(context, source, dashboardId: str = None):
+    return DashboardQuicksightService.get_quicksight_reader_session(dashboardId)
 
-    return url
 
+def get_quicksight_reader_url(context, source, dashboardUri: str = None):
+    return DashboardQuicksightService.get_quicksight_reader_url(uri=dashboardUri)
 
-def get_quicksight_reader_session(context, source, dashboardId: str = None):
-    with context.engine.scoped_session() as session:
-        admin = TenantPolicy.is_tenant_admin(context.groups)
-
-        if not admin:
-            raise TenantUnauthorized(
-                username=context.username,
-                action=db.permissions.TENANT_ALL,
-                tenant_name=context.username,
-            )
-
-        region = os.getenv('AWS_REGION', 'eu-west-1')
-        current_account = SessionHelper.get_account()
-
-        url = Quicksight.get_reader_session(
-            AwsAccountId=current_account,
-            region=region,
-            UserName=context.username,
-            UserRole='READER',
-            DashboardId=dashboardId
-        )
 
-    return url
+def get_quicksight_designer_url(
+    context, source, environmentUri: str = None, dashboardUri: str = None
+):
+    return DashboardQuicksightService.get_quicksight_designer_url(environmentUri)
diff --git a/backend/dataall/modules/dashboards/services/dashboard_quicksight_service.py b/backend/dataall/modules/dashboards/services/dashboard_quicksight_service.py
new file mode 100644
index 000000000..f271f48d9
--- /dev/null
+++ b/backend/dataall/modules/dashboards/services/dashboard_quicksight_service.py
@@ -0,0 +1,206 @@
+import os
+
+from dataall.aws.handlers.parameter_store import ParameterStoreManager
+from dataall.aws.handlers.quicksight import Quicksight
+from dataall.aws.handlers.sts import SessionHelper
+from dataall.core.context import get_context
+from dataall.core.permission_checker import has_resource_permission
+from dataall.db.api import Environment, TenantPolicy
+from dataall.db.exceptions import UnauthorizedOperation, TenantUnauthorized, AWSResourceNotFound
+from dataall.db.permissions import TENANT_ALL
+from dataall.modules.dashboards import DashboardRepository, Dashboard
+from dataall.modules.dashboards.services.dashboard_permissions import GET_DASHBOARD, CREATE_DASHBOARD
+from dataall.utils import Parameter
+
+
+class DashboardQuicksightService:
+    _PARAM_STORE = Parameter()
+    _REGION = os.getenv('AWS_REGION', 'eu-west-1')
+
+    @staticmethod
+    def _get_env_uri(session, uri):
+        dashboard: Dashboard = DashboardRepository.get_dashboard_by_uri(session, uri)
+        return dashboard.environmentUri
+
+    @staticmethod
+    @has_resource_permission(GET_DASHBOARD, parent_resource=_get_env_uri)
+    def get_quicksight_reader_url(uri):
+        context = get_context()
+        with context.db_engine.scoped_session() as session:
+            dash: Dashboard = DashboardRepository.get_dashboard_by_uri(session, uri)
+            env = Environment.get_environment_by_uri(session, dash.environmentUri)
+            if not env.dashboardsEnabled:
+                raise UnauthorizedOperation(
+                    action=GET_DASHBOARD,
+                    message=f'Dashboards feature is disabled for the environment {env.label}',
+                )
+
+            if dash.SamlGroupName in context.groups:
+                url = Quicksight.get_reader_session(
+                    AwsAccountId=env.AwsAccountId,
+                    region=env.region,
+                    UserName=context.username,
+                    DashboardId=dash.DashboardId,
+                    domain_name=DashboardQuicksightService._get_domain_url(),
+                )
+
+            else:
+                shared_groups = DashboardRepository.query_all_user_groups_shareddashboard(
+                    session=session,
+                    groups=context.groups,
+                    uri=uri
+                )
+                if not shared_groups:
+                    raise UnauthorizedOperation(
+                        action=GET_DASHBOARD,
+                        message='Dashboard has not been shared with your Teams',
+                    )
+
+                session_type = ParameterStoreManager.get_parameter_value(
+                    parameter_path=f"/dataall/{os.getenv('envname', 'local')}/quicksight/sharedDashboardsSessions"
+                )
+
+                if session_type == 'reader':
+                    url = Quicksight.get_shared_reader_session(
+                        AwsAccountId=env.AwsAccountId,
+                        region=env.region,
+                        UserName=context.username,
+                        GroupName=shared_groups[0],
+                        DashboardId=dash.DashboardId,
+                    )
+                else:
+                    url = Quicksight.get_anonymous_session(
+                        AwsAccountId=env.AwsAccountId,
+                        region=env.region,
+                        UserName=context.username,
+                        DashboardId=dash.DashboardId,
+                    )
+        return url
+
+    @staticmethod
+    @has_resource_permission(CREATE_DASHBOARD)
+    def get_quicksight_designer_url(uri: str):
+        context = get_context()
+        with context.db_engine.scoped_session() as session:
+            env = Environment.get_environment_by_uri(session, uri)
+            if not env.dashboardsEnabled:
+                raise UnauthorizedOperation(
+                    action=CREATE_DASHBOARD,
+                    message=f'Dashboards feature is disabled for the environment {env.label}',
+                )
+
+            url = Quicksight.get_author_session(
+                AwsAccountId=env.AwsAccountId,
+                region=env.region,
+                UserName=context.username,
+                UserRole='AUTHOR',
+            )
+
+        return url
+
+    @staticmethod
+    def get_monitoring_dashboard_id():
+        current_account = SessionHelper.get_account()
+        dashboard_id = ParameterStoreManager.get_parameter_value(
+            AwsAccountId=current_account,
+            region=DashboardQuicksightService._REGION,
+            parameter_path=f'/dataall/{os.getenv("envname", "local")}/quicksightmonitoring/DashboardId'
+        )
+
+        if not dashboard_id:
+            raise AWSResourceNotFound(
+                action='GET_DASHBOARD_ID',
+                message='Dashboard Id could not be found on AWS Parameter Store',
+            )
+        return dashboard_id
+
+    @staticmethod
+    def get_monitoring_vpc_connection_id():
+        current_account = SessionHelper.get_account()
+        vpc_connection_id = ParameterStoreManager.get_parameter_value(
+            AwsAccountId=current_account,
+            region=DashboardQuicksightService._REGION,
+            parameter_path=f'/dataall/{os.getenv("envname", "local")}/quicksightmonitoring/VPCConnectionId'
+        )
+
+        if not vpc_connection_id:
+            raise AWSResourceNotFound(
+                action='GET_VPC_CONNECTION_ID',
+                message='VPC Connection Id could not be found on AWS Parameter Store',
+            )
+        return vpc_connection_id
+
+    @staticmethod
+    def create_quicksight_data_source_set(vpc_connection_id):
+        context = get_context()
+        current_account = SessionHelper.get_account()
+        Quicksight.register_user_in_group(
+            AwsAccountId=current_account,
+            UserName=context.username,
+            GroupName='dataall',
+            UserRole='AUTHOR')
+
+        datasource_id = Quicksight.create_data_source_vpc(
+            AwsAccountId=current_account,
+            region=DashboardQuicksightService._REGION,
+            UserName=context.username,
+            vpcConnectionId=vpc_connection_id
+        )
+        # Data sets are not created programmatically. Too much overhead for the value added.
+        # However, an example API is provided: datasets = Quicksight.create_data_set_from_source(
+        #   AwsAccountId=current_account, region=region, UserName='dataallTenantUser',
+        #   dataSourceId=datasourceId, tablesToImport=['organization',
+        #   'environment', 'dataset', 'datapipeline', 'dashboard', 'share_object']
+        # )
+
+        return datasource_id
+
+    @staticmethod
+    def get_quicksight_author_session(aws_account):
+        DashboardQuicksightService._check_user_must_be_admin()
+
+        return Quicksight.get_author_session(
+            AwsAccountId=aws_account,
+            region=DashboardQuicksightService._REGION,
+            UserName=get_context().username,
+            UserRole='AUTHOR',
+        )
+
+    @staticmethod
+    def get_quicksight_reader_session(dashboard_uri):
+        DashboardQuicksightService._check_user_must_be_admin()
+        current_account = SessionHelper.get_account()
+
+        return Quicksight.get_reader_session(
+            AwsAccountId=current_account,
+            region=DashboardQuicksightService._REGION,
+            UserName=get_context().username,
+            UserRole='READER',
+            DashboardId=dashboard_uri
+        )
+
+    @staticmethod
+    def _check_user_must_be_admin():
+        context = get_context()
+        admin = TenantPolicy.is_tenant_admin(context.groups)
+
+        if not admin:
+            raise TenantUnauthorized(
+                username=context.username,
+                action=TENANT_ALL,
+                tenant_name=context.username,
+            )
+
+    @staticmethod
+    def _get_domain_url():
+        envname = os.getenv("envname", "local")
+        if envname in ["local", "dkrcompose"]:
+            return "http://localhost:8080"
+
+        domain_name = DashboardQuicksightService._PARAM_STORE.get_parameter(
+            env=envname,
+            path="frontend/custom_domain_name"
+        )
+
+        return f"https://{domain_name}"
+
diff --git a/backend/dataall/modules/dashboards/services/dashboard_service.py b/backend/dataall/modules/dashboards/services/dashboard_service.py
index 10416b75b..83dc21e00 100644
--- a/backend/dataall/modules/dashboards/services/dashboard_service.py
+++ b/backend/dataall/modules/dashboards/services/dashboard_service.py
@@ -1,6 +1,6 @@
 from dataall.aws.handlers.quicksight import Quicksight
 from dataall.core.context import get_context
-from dataall.core.permission_checker import has_tenant_permission, has_resource_permission, has_group_permission
+from dataall.core.permission_checker import has_tenant_permission, has_resource_permission
 from dataall.db.api import ResourcePolicy, Glossary, Vote, Environment
 from dataall.db.exceptions import UnauthorizedOperation
 from dataall.db.models import Activity
@@ -11,6 +11,7 @@
 
 
 class DashboardService:
+    """Service that serves request related to dashboard"""
     @staticmethod
     @has_tenant_permission(MANAGE_DASHBOARDS)
     @has_resource_permission(GET_DASHBOARD)

From 67ce7873d9453f7037178f9375e658de1ef21783 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 30 May 2023 16:22:10 +0200
Subject: [PATCH 249/346] Moved dashboard enums

---
 backend/dataall/api/constants.py                    | 7 -------
 backend/dataall/db/models/Enums.py                  | 7 -------
 backend/dataall/modules/dashboards/api/enums.py     | 8 ++++++++
 backend/dataall/modules/dashboards/api/resolvers.py | 2 +-
 4 files changed, 9 insertions(+), 15 deletions(-)
 create mode 100644 backend/dataall/modules/dashboards/api/enums.py

diff --git a/backend/dataall/api/constants.py b/backend/dataall/api/constants.py
index 914663f38..eb5daf3b6 100644
--- a/backend/dataall/api/constants.py
+++ b/backend/dataall/api/constants.py
@@ -67,13 +67,6 @@ class ProjectMemberRole(GraphQLEnumMapper):
     NotContributor = '000'
 
 
-class DashboardRole(GraphQLEnumMapper):
-    Creator = '999'
-    Admin = '900'
-    Shared = '800'
-    NoPermission = '000'
-
-
 class DataPipelineRole(GraphQLEnumMapper):
     Creator = '999'
     Admin = '900'
diff --git a/backend/dataall/db/models/Enums.py b/backend/dataall/db/models/Enums.py
index 9e1674dbf..615188147 100644
--- a/backend/dataall/db/models/Enums.py
+++ b/backend/dataall/db/models/Enums.py
@@ -36,13 +36,6 @@ class ProjectMemberRole(Enum):
     NotContributor = '000'
 
 
-class DashboardRole(Enum):
-    Creator = '999'
-    Admin = '900'
-    Shared = '800'
-    NoPermission = '000'
-
-
 class DataPipelineRole(Enum):
     Creator = '999'
     Admin = '900'
diff --git a/backend/dataall/modules/dashboards/api/enums.py b/backend/dataall/modules/dashboards/api/enums.py
new file mode 100644
index 000000000..00b72d961
--- /dev/null
+++ b/backend/dataall/modules/dashboards/api/enums.py
@@ -0,0 +1,8 @@
+from dataall.api.constants import GraphQLEnumMapper
+
+
+class DashboardRole(GraphQLEnumMapper):
+    Creator = '999'
+    Admin = '900'
+    Shared = '800'
+    NoPermission = '000'
diff --git a/backend/dataall/modules/dashboards/api/resolvers.py b/backend/dataall/modules/dashboards/api/resolvers.py
index fbca97a71..735b94685 100644
--- a/backend/dataall/modules/dashboards/api/resolvers.py
+++ b/backend/dataall/modules/dashboards/api/resolvers.py
@@ -1,8 +1,8 @@
-from dataall.api.constants import DashboardRole
 from dataall.api.context import Context
 from dataall.db import models
 from dataall.db.api import  Glossary, Vote
 from dataall.db.exceptions import RequiredParameter
+from dataall.modules.dashboards.api.enums import DashboardRole
 from dataall.modules.dashboards.db.dashboard_repository import DashboardRepository
 from dataall.modules.dashboards.db.models import Dashboard
 from dataall.modules.dashboards.services.dashboard_quicksight_service import DashboardQuicksightService

From bf3d739480cf1b2cecdad82481aa4dde5c78d6c9 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 30 May 2023 16:24:31 +0200
Subject: [PATCH 250/346] Removed missed dashboard code

---
 backend/dataall/tasks/catalog_indexer.py | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/backend/dataall/tasks/catalog_indexer.py b/backend/dataall/tasks/catalog_indexer.py
index 4f291941e..e20697bcd 100644
--- a/backend/dataall/tasks/catalog_indexer.py
+++ b/backend/dataall/tasks/catalog_indexer.py
@@ -5,9 +5,7 @@
 from typing import List
 
 from dataall.db import get_engine
-from dataall.modules.dashboards.db.models import Dashboard
 from dataall.modules.loader import load_modules, ImportMode
-from dataall.modules.dashboards.indexers.dashboard_indexer import DashboardIndexer
 from dataall.utils.alarm_service import AlarmService
 
 root = logging.getLogger()
@@ -38,13 +36,6 @@ def index_objects(engine):
             for indexer in _indexers:
                 indexed_objects_counter += indexer.index(session)
 
-            all_dashboards: [Dashboard] = session.query(Dashboard).all()
-            log.info(f'Found {len(all_dashboards)} dashboards')
-            dashboard: Dashboard
-            for dashboard in all_dashboards:
-                DashboardIndexer.upsert(session=session, dashboard_uri=dashboard.dashboardUri)
-                indexed_objects_counter = indexed_objects_counter + 1
-
             log.info(f'Successfully indexed {indexed_objects_counter} objects')
             return indexed_objects_counter
     except Exception as e:

From e83833bb04afaf74d58022a299c4f01d625a52bd Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 31 May 2023 11:02:42 +0200
Subject: [PATCH 251/346] dashboardsEnabled has become a parameter

---
 .../api/Objects/Environment/input_types.py    |  2 -
 .../dataall/api/Objects/Environment/schema.py |  1 -
 .../cdkproxy/stacks/policies/__init__.py      |  5 +-
 backend/dataall/db/api/environment.py         |  8 +-
 backend/dataall/db/models/Environment.py      |  1 -
 .../dataall/modules/dashboards/api/schema.py  |  1 -
 .../dashboards/db/dashboard_repository.py     |  4 +-
 .../services/dashboard_quicksight_service.py  | 21 ++---
 .../dashboards/services/dashboard_service.py  | 15 ++--
 .../services/dashboard_share_service.py       |  2 +-
 .../share_managers/lf_share_manager.py        |  5 +-
 .../modules/datasets/cdk/dataset_stack.py     |  6 +-
 .../datasets/services/dataset_service.py      |  9 +-
 .../notebooks/services/notebook_service.py    |  4 +-
 ...fc49baecea4_add_enviromental_parameters.py | 10 +++
 .../src/api/Environment/createEnvironment.js  |  1 -
 .../src/api/Environment/getEnvironment.js     |  2 -
 .../listOrganizationEnvironments.js           |  1 -
 .../src/api/Environment/updateEnvironment.js  |  1 -
 .../Environments/EnvironmentCreateForm.js     |  6 +-
 .../views/Environments/EnvironmentEditForm.js |  9 +-
 .../views/Environments/EnvironmentFeatures.js | 10 +--
 tests/api/conftest.py                         |  9 +-
 tests/api/test_environment.py                 | 82 ++++++++++---------
 tests/api/test_organization.py                |  7 ++
 tests/modules/datasets/tasks/conftest.py      |  2 -
 .../datasets/test_dataset_resource_found.py   |  1 -
 tests/modules/datasets/test_share.py          |  2 -
 28 files changed, 121 insertions(+), 106 deletions(-)

diff --git a/backend/dataall/api/Objects/Environment/input_types.py b/backend/dataall/api/Objects/Environment/input_types.py
index 05f890e74..9a1086174 100644
--- a/backend/dataall/api/Objects/Environment/input_types.py
+++ b/backend/dataall/api/Objects/Environment/input_types.py
@@ -28,7 +28,6 @@
         gql.Argument('description', gql.String),
         gql.Argument('AwsAccountId', gql.NonNullableType(gql.String)),
         gql.Argument('region', gql.NonNullableType(gql.String)),
-        gql.Argument('dashboardsEnabled', type=gql.Boolean),
         gql.Argument('mlStudiosEnabled', type=gql.Boolean),
         gql.Argument('pipelinesEnabled', type=gql.Boolean),
         gql.Argument('warehousesEnabled', type=gql.Boolean),
@@ -52,7 +51,6 @@
         gql.Argument('vpcId', gql.String),
         gql.Argument('privateSubnetIds', gql.ArrayType(gql.String)),
         gql.Argument('publicSubnetIds', gql.ArrayType(gql.String)),
-        gql.Argument('dashboardsEnabled', type=gql.Boolean),
         gql.Argument('mlStudiosEnabled', type=gql.Boolean),
         gql.Argument('pipelinesEnabled', type=gql.Boolean),
         gql.Argument('warehousesEnabled', type=gql.Boolean),
diff --git a/backend/dataall/api/Objects/Environment/schema.py b/backend/dataall/api/Objects/Environment/schema.py
index bb5749065..dba9d20ad 100644
--- a/backend/dataall/api/Objects/Environment/schema.py
+++ b/backend/dataall/api/Objects/Environment/schema.py
@@ -83,7 +83,6 @@
             resolver=resolve_user_role,
         ),
         gql.Field('validated', type=gql.Boolean),
-        gql.Field('dashboardsEnabled', type=gql.Boolean),
         gql.Field('mlStudiosEnabled', type=gql.Boolean),
         gql.Field('pipelinesEnabled', type=gql.Boolean),
         gql.Field('warehousesEnabled', type=gql.Boolean),
diff --git a/backend/dataall/cdkproxy/stacks/policies/__init__.py b/backend/dataall/cdkproxy/stacks/policies/__init__.py
index 4391d0287..dd47a49dd 100644
--- a/backend/dataall/cdkproxy/stacks/policies/__init__.py
+++ b/backend/dataall/cdkproxy/stacks/policies/__init__.py
@@ -1,8 +1,7 @@
 """Contains the code for creating environment policies"""
 
 from dataall.cdkproxy.stacks.policies import (
-    _lambda, cloudformation, codestar, quicksight, redshift, stepfunctions, data_policy, service_policy
+    _lambda, cloudformation, codestar, redshift, stepfunctions, data_policy, service_policy
 )
 
-__all__ = ["_lambda", "cloudformation", "codestar", "quicksight",
-           "redshift", "stepfunctions", "data_policy", "service_policy", "mlstudio"]
+__all__ = ["_lambda", "cloudformation", "codestar", "redshift", "stepfunctions", "data_policy", "service_policy", "mlstudio"]
diff --git a/backend/dataall/db/api/environment.py b/backend/dataall/db/api/environment.py
index be33a07c2..464415776 100644
--- a/backend/dataall/db/api/environment.py
+++ b/backend/dataall/db/api/environment.py
@@ -57,7 +57,6 @@ def create_environment(session, username, groups, uri, data=None, check_perm=Non
             ),
             EnvironmentDefaultIAMRoleArn=f'arn:aws:iam::{data.get("AwsAccountId")}:role/{data.get("EnvironmentDefaultIAMRoleName")}',
             CDKRoleArn=f"arn:aws:iam::{data.get('AwsAccountId')}:role/{data['cdk_role_name']}",
-            dashboardsEnabled=data.get('dashboardsEnabled', False),
             mlStudiosEnabled=data.get('mlStudiosEnabled', True),
             pipelinesEnabled=data.get('pipelinesEnabled', True),
             warehousesEnabled=data.get('warehousesEnabled', True),
@@ -187,8 +186,6 @@ def update_environment(session, username, groups, uri, data=None, check_perm=Non
             environment.description = data.get('description', 'No description provided')
         if data.get('tags'):
             environment.tags = data.get('tags')
-        if 'dashboardsEnabled' in data.keys():
-            environment.dashboardsEnabled = data.get('dashboardsEnabled')
         if 'mlStudiosEnabled' in data.keys():
             environment.mlStudiosEnabled = data.get('mlStudiosEnabled')
         if 'pipelinesEnabled' in data.keys():
@@ -1024,3 +1021,8 @@ def check_group_environment_permission(
     @staticmethod
     def get_environment_parameters(session, env_uri):
         return EnvironmentParameterRepository(session).get_params(env_uri)
+
+    @staticmethod
+    def get_boolean_env_param(session, env: models.Environment, param: str) -> bool:
+        param = EnvironmentParameterRepository(session).get_param(env.environmentUri, param)
+        return param and param.value.lower() == "true"
diff --git a/backend/dataall/db/models/Environment.py b/backend/dataall/db/models/Environment.py
index 55246aabd..127e41e6c 100644
--- a/backend/dataall/db/models/Environment.py
+++ b/backend/dataall/db/models/Environment.py
@@ -24,7 +24,6 @@ class Environment(Resource, Base):
     EnvironmentDefaultAthenaWorkGroup = Column(String)
     roleCreated = Column(Boolean, nullable=False, default=False)
 
-    dashboardsEnabled = Column(Boolean, default=False)
     mlStudiosEnabled = Column(Boolean, default=True)
     pipelinesEnabled = Column(Boolean, default=True)
     warehousesEnabled = Column(Boolean, default=True)
diff --git a/backend/dataall/modules/dashboards/api/schema.py b/backend/dataall/modules/dashboards/api/schema.py
index 9ef1682cb..429696ab8 100644
--- a/backend/dataall/modules/dashboards/api/schema.py
+++ b/backend/dataall/modules/dashboards/api/schema.py
@@ -1,6 +1,5 @@
 from dataall.api import gql
 from dataall.modules.dashboards.api.resolvers import *
-from dataall.api.constants import DashboardRole
 
 from dataall.api.Objects.Environment.resolvers import resolve_environment
 
diff --git a/backend/dataall/modules/dashboards/db/dashboard_repository.py b/backend/dataall/modules/dashboards/db/dashboard_repository.py
index f59235cde..9fe040ff6 100644
--- a/backend/dataall/modules/dashboards/db/dashboard_repository.py
+++ b/backend/dataall/modules/dashboards/db/dashboard_repository.py
@@ -145,8 +145,8 @@ def paginated_dashboard_shares(
         ).to_dict()
 
     @staticmethod
-    def delete_dashboard(session, dashboard_uri) -> bool:
-        session.delete(dashboard_uri)
+    def delete_dashboard(session, dashboard) -> bool:
+        session.delete(dashboard)
         return True
 
     @staticmethod
diff --git a/backend/dataall/modules/dashboards/services/dashboard_quicksight_service.py b/backend/dataall/modules/dashboards/services/dashboard_quicksight_service.py
index f271f48d9..8c3b43c3c 100644
--- a/backend/dataall/modules/dashboards/services/dashboard_quicksight_service.py
+++ b/backend/dataall/modules/dashboards/services/dashboard_quicksight_service.py
@@ -29,11 +29,7 @@ def get_quicksight_reader_url(uri):
         with context.db_engine.scoped_session() as session:
             dash: Dashboard = DashboardRepository.get_dashboard_by_uri(session, uri)
             env = Environment.get_environment_by_uri(session, dash.environmentUri)
-            if not env.dashboardsEnabled:
-                raise UnauthorizedOperation(
-                    action=GET_DASHBOARD,
-                    message=f'Dashboards feature is disabled for the environment {env.label}',
-                )
+            DashboardQuicksightService._check_dashboards_enabled(session, env, GET_DASHBOARD)
 
             if dash.SamlGroupName in context.groups:
                 url = Quicksight.get_reader_session(
@@ -83,11 +79,7 @@ def get_quicksight_designer_url(uri: str):
         context = get_context()
         with context.db_engine.scoped_session() as session:
             env = Environment.get_environment_by_uri(session, uri)
-            if not env.dashboardsEnabled:
-                raise UnauthorizedOperation(
-                    action=CREATE_DASHBOARD,
-                    message=f'Dashboards feature is disabled for the environment {env.label}',
-                )
+            DashboardQuicksightService._check_dashboards_enabled(session, env, CREATE_DASHBOARD)
 
             url = Quicksight.get_author_session(
                 AwsAccountId=env.AwsAccountId,
@@ -204,3 +196,12 @@ def _get_domain_url():
 
         return f"https://{domain_name}"
 
+    @staticmethod
+    def _check_dashboards_enabled(session, env, action):
+        enabled = Environment.get_boolean_env_param(session, env, "dashboardsEnabled")
+        if not enabled:
+            raise UnauthorizedOperation(
+                action=action,
+                message=f'Dashboards feature is disabled for the environment {env.label}',
+            )
+
diff --git a/backend/dataall/modules/dashboards/services/dashboard_service.py b/backend/dataall/modules/dashboards/services/dashboard_service.py
index 83dc21e00..3638355f5 100644
--- a/backend/dataall/modules/dashboards/services/dashboard_service.py
+++ b/backend/dataall/modules/dashboards/services/dashboard_service.py
@@ -26,8 +26,9 @@ def import_dashboard(uri: str, data: dict = None) -> Dashboard:
         context = get_context()
         with context.db_engine.scoped_session() as session:
             env = Environment.get_environment_by_uri(session, data['environmentUri'])
+            enabled = Environment.get_boolean_env_param(session, env, "dashboardsEnabled")
 
-            if not env.dashboardsEnabled:
+            if not enabled:
                 raise UnauthorizedOperation(
                     action=CREATE_DASHBOARD,
                     message=f'Dashboards feature is disabled for the environment {env.label}',
@@ -41,14 +42,14 @@ def import_dashboard(uri: str, data: dict = None) -> Dashboard:
             )
 
             if not can_import:
-                raise db.exceptions.UnauthorizedOperation(
+                raise UnauthorizedOperation(
                     action=CREATE_DASHBOARD,
                     message=f'User: {context.username} has not AUTHOR rights on quicksight for the environment {env.label}',
                 )
             Environment.check_group_environment_permission(
                 session=session,
-                username=username,
-                groups=groups,
+                username=context.username,
+                groups=context.groups,
                 uri=uri,
                 group=data['SamlGroupName'],
                 permission_name=CREATE_DASHBOARD,
@@ -63,8 +64,8 @@ def import_dashboard(uri: str, data: dict = None) -> Dashboard:
             activity = Activity(
                 action='DASHBOARD:CREATE',
                 label='DASHBOARD:CREATE',
-                owner=username,
-                summary=f'{username} created dashboard {dashboard.label} in {env.label}',
+                owner=context.username,
+                summary=f'{context.username} created dashboard {dashboard.label} in {env.label}',
                 targetUri=dashboard.dashboardUri,
                 targetType='dashboard',
             )
@@ -101,7 +102,7 @@ def delete_dashboard(uri) -> bool:
         # TODO THERE WAS NO PERMISSION CHECK
         with get_context().db_engine.scoped_session() as session:
             dashboard = DashboardRepository.get_dashboard_by_uri(session, uri)
-            DashboardRepository.delete_dashboard(session, dashboard.dashboardUri)
+            DashboardRepository.delete_dashboard(session, dashboard)
 
             ResourcePolicy.delete_resource_policy(
                 session=session, resource_uri=uri, group=dashboard.SamlGroupName
diff --git a/backend/dataall/modules/dashboards/services/dashboard_share_service.py b/backend/dataall/modules/dashboards/services/dashboard_share_service.py
index 445a28285..7bfafc126 100644
--- a/backend/dataall/modules/dashboards/services/dashboard_share_service.py
+++ b/backend/dataall/modules/dashboards/services/dashboard_share_service.py
@@ -29,7 +29,7 @@ def request_dashboard_share(uri: str, principal_id: str):
 
             share = DashboardRepository.find_share_for_group(session, dashboard.dashboardUri, principal_id)
             if not share:
-                DashboardRepository.create_share(session, context.username, dashboard, principal_id)
+                share = DashboardRepository.create_share(session, context.username, dashboard, principal_id)
             else:
                 DashboardShareService._check_stare_status(share)
 
diff --git a/backend/dataall/modules/dataset_sharing/services/share_managers/lf_share_manager.py b/backend/dataall/modules/dataset_sharing/services/share_managers/lf_share_manager.py
index 8321021e2..53c80c1ca 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_managers/lf_share_manager.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_managers/lf_share_manager.py
@@ -5,6 +5,7 @@
 
 from botocore.exceptions import ClientError
 
+from dataall.db.api import Environment
 from dataall.modules.dataset_sharing.aws.glue_client import GlueClient
 from dataall.modules.dataset_sharing.aws.lakeformation_client import LakeFormationClient
 from dataall.aws.handlers.quicksight import Quicksight
@@ -61,7 +62,9 @@ def get_share_principals(self) -> [str]:
         List of principals
         """
         principals = [f"arn:aws:iam::{self.target_environment.AwsAccountId}:role/{self.share.principalIAMRoleName}"]
-        if self.target_environment.dashboardsEnabled:
+        dashboard_enabled = Environment.get_boolean_env_param(self.session, self.target_environment, "dashboardsEnabled")
+
+        if dashboard_enabled:
             group = Quicksight.create_quicksight_group(AwsAccountId=self.target_environment.AwsAccountId)
             if group and group.get('Group'):
                 group_arn = group.get('Group').get('Arn')
diff --git a/backend/dataall/modules/datasets/cdk/dataset_stack.py b/backend/dataall/modules/datasets/cdk/dataset_stack.py
index 34df41906..0c66a15c0 100644
--- a/backend/dataall/modules/datasets/cdk/dataset_stack.py
+++ b/backend/dataall/modules/datasets/cdk/dataset_stack.py
@@ -78,6 +78,10 @@ def get_target(self) -> Dataset:
                 raise Exception('ObjectNotFound')
         return dataset
 
+    def has_quicksight_enabled(self, env) -> bool:
+        with self.get_engine().scoped_session() as session:
+            return Environment.get_boolean_env_param(session, env, "dashboardsEnabled")
+
     def __init__(self, scope, id, target_uri: str = None, **kwargs):
         super().__init__(
             scope,
@@ -97,7 +101,7 @@ def __init__(self, scope, id, target_uri: str = None, **kwargs):
         env_group = self.get_env_group(dataset)
 
         quicksight_default_group_arn = None
-        if env.dashboardsEnabled:
+        if self.has_quicksight_enabled(env):
             quicksight_default_group = Quicksight.create_quicksight_group(AwsAccountId=env.AwsAccountId)
             quicksight_default_group_arn = quicksight_default_group['Group']['Arn']
 
diff --git a/backend/dataall/modules/datasets/services/dataset_service.py b/backend/dataall/modules/datasets/services/dataset_service.py
index 891890100..6d164d09f 100644
--- a/backend/dataall/modules/datasets/services/dataset_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_service.py
@@ -33,8 +33,9 @@
 class DatasetService:
 
     @staticmethod
-    def check_dataset_account(environment):
-        if environment.dashboardsEnabled:
+    def check_dataset_account(session, environment):
+        dashboards_enabled = Environment.get_boolean_env_param(session, environment, "dashboardsEnabled")
+        if dashboards_enabled:
             quicksight_subscription = Quicksight.check_quicksight_enterprise_subscription(
                 AwsAccountId=environment.AwsAccountId)
             if quicksight_subscription:
@@ -50,7 +51,7 @@ def create_dataset(uri, admin_group, data: dict):
         context = get_context()
         with context.db_engine.scoped_session() as session:
             environment = Environment.get_environment_by_uri(session, uri)
-            DatasetService.check_dataset_account(environment=environment)
+            DatasetService.check_dataset_account(session=session, environment=environment)
 
             dataset = DatasetRepository.create_dataset(
                 session=session,
@@ -150,7 +151,7 @@ def update_dataset(uri: str, data: dict):
         with get_context().db_engine.scoped_session() as session:
             dataset = DatasetRepository.get_dataset_by_uri(session, uri)
             environment = Environment.get_environment_by_uri(session, dataset.environmentUri)
-            DatasetService.check_dataset_account(environment=environment)
+            DatasetService.check_dataset_account(session=session, environment=environment)
 
             username = get_context().username
             dataset: Dataset = DatasetRepository.get_dataset_by_uri(session, uri)
diff --git a/backend/dataall/modules/notebooks/services/notebook_service.py b/backend/dataall/modules/notebooks/services/notebook_service.py
index 041f2d044..668cb9c38 100644
--- a/backend/dataall/modules/notebooks/services/notebook_service.py
+++ b/backend/dataall/modules/notebooks/services/notebook_service.py
@@ -73,9 +73,9 @@ def create_notebook(*, uri: str, admin_group: str, request: NotebookCreationRequ
 
         with _session() as session:
             env = Environment.get_environment_by_uri(session, uri)
-            enabled = EnvironmentParameterRepository(session).get_param(uri, "notebooksEnabled")
+            enabled = Environment.get_boolean_env_param(session, env, "notebooksEnabled")
 
-            if not enabled and enabled.lower() != "true":
+            if not enabled:
                 raise exceptions.UnauthorizedOperation(
                     action=CREATE_NOTEBOOK,
                     message=f'Notebooks feature is disabled for the environment {env.label}',
diff --git a/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py b/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py
index 0e1aef85e..b17fe47da 100644
--- a/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py
+++ b/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py
@@ -33,6 +33,7 @@ class Environment(Resource, Base):
     __tablename__ = "environment"
     environmentUri = Column(String, primary_key=True)
     notebooksEnabled = Column(Boolean)
+    dashboardsEnabled = Column(Boolean)
 
 
 class EnvironmentParameter(Resource, Base):
@@ -76,11 +77,15 @@ def upgrade():
             _add_param_if_exists(
                 params, env, "notebooksEnabled", str(env.notebooksEnabled).lower()  # for frontend
             )
+            _add_param_if_exists(
+                params, env, "dashboardsEnabled", str(env.dashboardsEnabled).lower()  # for frontend
+            )
 
         session.add_all(params)
         print("Migration of the environmental parameters has been complete")
 
         op.drop_column("environment", "notebooksEnabled")
+        op.drop_column("environment", "dashbaordsEnabled")
         print("Dropped the columns from the environment table ")
 
         create_foreign_key_to_env(op, 'sagemaker_notebook')
@@ -129,6 +134,7 @@ def downgrade():
 
         op.drop_constraint("fk_notebook_env_uri", "sagemaker_notebook")
         op.add_column("environment", Column("notebooksEnabled", Boolean, default=True))
+        op.add_column("environment", Column("dashbaordsEnabled", Boolean, default=True))
 
         params = session.query(EnvironmentParameter).all()
         envs = []
@@ -137,6 +143,10 @@ def downgrade():
                 environmentUri=param.environmentUri,
                 notebooksEnabled=params["notebooksEnabled"] == "true"
             ))
+            envs.append(Environment(
+                environmentUri=param.environmentUri,
+                dashboardsEnabled=params["dashboardsEnabled"] == "true"
+            ))
 
         session.add_all(envs)
         op.drop_table("environment_parameters")
diff --git a/frontend/src/api/Environment/createEnvironment.js b/frontend/src/api/Environment/createEnvironment.js
index af4972d84..7917fabdf 100644
--- a/frontend/src/api/Environment/createEnvironment.js
+++ b/frontend/src/api/Environment/createEnvironment.js
@@ -13,7 +13,6 @@ const createEnvironment = (input) => ({
         SamlGroupName
         AwsAccountId
         created
-        dashboardsEnabled
         mlStudiosEnabled
         pipelinesEnabled
         warehousesEnabled
diff --git a/frontend/src/api/Environment/getEnvironment.js b/frontend/src/api/Environment/getEnvironment.js
index 70ccc54a5..5da41f4d5 100644
--- a/frontend/src/api/Environment/getEnvironment.js
+++ b/frontend/src/api/Environment/getEnvironment.js
@@ -14,7 +14,6 @@ const getEnvironment = ({ environmentUri }) => ({
         name
         label
         AwsAccountId
-        dashboardsEnabled
         mlStudiosEnabled
         pipelinesEnabled
         warehousesEnabled
@@ -49,7 +48,6 @@ const getEnvironment = ({ environmentUri }) => ({
           outputs
           resources
         }
-        dashboardsEnabled
         mlStudiosEnabled
         pipelinesEnabled
         warehousesEnabled
diff --git a/frontend/src/api/Environment/listOrganizationEnvironments.js b/frontend/src/api/Environment/listOrganizationEnvironments.js
index c5244c34b..3cd46e35f 100644
--- a/frontend/src/api/Environment/listOrganizationEnvironments.js
+++ b/frontend/src/api/Environment/listOrganizationEnvironments.js
@@ -32,7 +32,6 @@ const listOrganizationEnvironments = ({ organizationUri, filter }) => ({
             tags
             environmentType
             AwsAccountId
-            dashboardsEnabled
             mlStudiosEnabled
             pipelinesEnabled
             warehousesEnabled
diff --git a/frontend/src/api/Environment/updateEnvironment.js b/frontend/src/api/Environment/updateEnvironment.js
index ddd851637..41883f950 100644
--- a/frontend/src/api/Environment/updateEnvironment.js
+++ b/frontend/src/api/Environment/updateEnvironment.js
@@ -16,7 +16,6 @@ const updateEnvironment = ({ environmentUri, input }) => ({
         userRoleInEnvironment
         SamlGroupName
         AwsAccountId
-        dashboardsEnabled
         mlStudiosEnabled
         pipelinesEnabled
         warehousesEnabled
diff --git a/frontend/src/views/Environments/EnvironmentCreateForm.js b/frontend/src/views/Environments/EnvironmentCreateForm.js
index e955b556a..28ba90644 100644
--- a/frontend/src/views/Environments/EnvironmentCreateForm.js
+++ b/frontend/src/views/Environments/EnvironmentCreateForm.js
@@ -153,7 +153,6 @@ const EnvironmentCreateForm = (props) => {
           tags: values.tags,
           description: values.description,
           region: values.region,
-          dashboardsEnabled: values.dashboardsEnabled,
           mlStudiosEnabled: values.mlStudiosEnabled,
           pipelinesEnabled: values.pipelinesEnabled,
           warehousesEnabled: values.warehousesEnabled,
@@ -161,8 +160,11 @@ const EnvironmentCreateForm = (props) => {
           resourcePrefix: values.resourcePrefix,
           parameters: [
             {
-              key: "notebooksEnabled",
+              key: 'notebooksEnabled',
               value: String(values.notebooksEnabled)
+            }, {
+              key: 'dashboardsEnabled',
+              value: String(values.dashboardsEnabled)
             }
           ]
         })
diff --git a/frontend/src/views/Environments/EnvironmentEditForm.js b/frontend/src/views/Environments/EnvironmentEditForm.js
index 174a598a7..b1fd2d1c1 100644
--- a/frontend/src/views/Environments/EnvironmentEditForm.js
+++ b/frontend/src/views/Environments/EnvironmentEditForm.js
@@ -73,7 +73,6 @@ const EnvironmentEditForm = (props) => {
             label: values.label,
             tags: values.tags,
             description: values.description,
-            dashboardsEnabled: values.dashboardsEnabled,
             mlStudiosEnabled: values.mlStudiosEnabled,
             pipelinesEnabled: values.pipelinesEnabled,
             warehousesEnabled: values.warehousesEnabled,
@@ -82,6 +81,10 @@ const EnvironmentEditForm = (props) => {
               {
                 key: "notebooksEnabled",
                 value: String(values.notebooksEnabled)
+              },
+              {
+                key: "dashboardsEnabled",
+                value: String(values.dashboardsEnabled)
               }
             ]
           }
@@ -198,8 +201,8 @@ const EnvironmentEditForm = (props) => {
                 label: env.label,
                 description: env.description,
                 tags: env.tags || [],
-                dashboardsEnabled: env.dashboardsEnabled,
-                notebooksEnabled: env.parameters["notebooksEnabled"] === 'true',
+                dashboardsEnabled: env.parameters['dashboardsEnabled'] === 'true',
+                notebooksEnabled: env.parameters['notebooksEnabled'] === 'true',
                 mlStudiosEnabled: env.mlStudiosEnabled,
                 pipelinesEnabled: env.pipelinesEnabled,
                 warehousesEnabled: env.warehousesEnabled,
diff --git a/frontend/src/views/Environments/EnvironmentFeatures.js b/frontend/src/views/Environments/EnvironmentFeatures.js
index ac753df71..1ede63ef7 100644
--- a/frontend/src/views/Environments/EnvironmentFeatures.js
+++ b/frontend/src/views/Environments/EnvironmentFeatures.js
@@ -32,10 +32,8 @@ const EnvironmentFeatures = (props) => {
               Dashboards
             </Typography>
             <Typography color="textPrimary" variant="body2">
-              <Label
-                color={environment.dashboardsEnabled ? 'success' : 'error'}
-              >
-                {environment.dashboardsEnabled ? 'Enabled' : 'Disabled'}
+              <Label color={environment.parameters['dashboardsEnabled'] === 'true' ? 'success' : 'error'}>
+                {environment.parameters['dashboardsEnabled'] === 'true' ? 'Enabled' : 'Disabled'}
               </Label>
             </Typography>
           </ListItem>
@@ -51,8 +49,8 @@ const EnvironmentFeatures = (props) => {
               Notebooks
             </Typography>
             <Typography color="textPrimary" variant="body2">
-              <Label color={environment.parameters["notebooksEnabled"] === 'true' ? 'success' : 'error'}>
-                {environment.parameters["notebooksEnabled"] === 'true' ? 'Enabled' : 'Disabled'}
+              <Label color={environment.parameters['notebooksEnabled'] === 'true' ? 'success' : 'error'}>
+                {environment.parameters['notebooksEnabled'] === 'true' ? 'Enabled' : 'Disabled'}
               </Label>
             </Typography>
           </ListItem>
diff --git a/tests/api/conftest.py b/tests/api/conftest.py
index 6d5e019d2..3c2507da0 100644
--- a/tests/api/conftest.py
+++ b/tests/api/conftest.py
@@ -1,4 +1,3 @@
-import dataall.searchproxy.indexers
 from .client import *
 from dataall.db import models
 
@@ -24,7 +23,6 @@ def patch_check_env(module_mocker):
 def patch_es(module_mocker):
     module_mocker.patch('dataall.searchproxy.connect', return_value={})
     module_mocker.patch('dataall.searchproxy.search', return_value={})
-    module_mocker.patch('dataall.searchproxy.indexers.DashboardIndexer.upsert', return_value={})
     module_mocker.patch('dataall.searchproxy.base_indexer.BaseIndexer.delete_doc', return_value={})
 
 
@@ -170,8 +168,8 @@ def env(client):
     cache = {}
 
     def factory(org, envname, owner, group, account, region, desc='test', parameters=None):
-        if parameters == None:
-            parameters = {}
+        if not parameters:
+            parameters = {"dashboardsEnabled": "true"}
 
         key = f"{org.organizationUri}{envname}{owner}{''.join(group or '-')}{account}{region}"
         if cache.get(key):
@@ -205,7 +203,6 @@ def factory(org, envname, owner, group, account, region, desc='test', parameters
                 'tags': ['a', 'b', 'c'],
                 'region': f'{region}',
                 'SamlGroupName': f'{group}',
-                'dashboardsEnabled': True,
                 'vpcId': 'vpc-123456',
                 'parameters': [{'key': k, 'value': v} for k, v in parameters.items()]
             },
@@ -225,7 +222,6 @@ def factory(
         owner: str,
         samlGroupName: str,
         environmentDefaultIAMRoleName: str,
-        dashboardsEnabled: bool = False,
     ) -> models.Environment:
         with db.scoped_session() as session:
             env = models.Environment(
@@ -240,7 +236,6 @@ def factory(
                 EnvironmentDefaultIAMRoleName=environmentDefaultIAMRoleName,
                 EnvironmentDefaultIAMRoleArn=f"arn:aws:iam::{awsAccountId}:role/{environmentDefaultIAMRoleName}",
                 CDKRoleArn=f"arn:aws::{awsAccountId}:role/EnvRole",
-                dashboardsEnabled=dashboardsEnabled,
             )
             session.add(env)
             session.commit()
diff --git a/tests/api/test_environment.py b/tests/api/test_environment.py
index 01770b8d9..377b14a9b 100644
--- a/tests/api/test_environment.py
+++ b/tests/api/test_environment.py
@@ -29,7 +29,6 @@ def get_env(client, env1, group):
                 region
                 SamlGroupName
                 owner
-                dashboardsEnabled
                 mlStudiosEnabled
                 pipelinesEnabled
                 warehousesEnabled
@@ -56,12 +55,15 @@ def test_get_environment(client, org1, env1, group):
         response.data.getEnvironment.organization.organizationUri
         == org1.organizationUri
     )
-    assert response.data.getEnvironment.owner == 'alice'
-    assert response.data.getEnvironment.AwsAccountId == env1.AwsAccountId
-    assert response.data.getEnvironment.dashboardsEnabled
-    assert response.data.getEnvironment.mlStudiosEnabled
-    assert response.data.getEnvironment.pipelinesEnabled
-    assert response.data.getEnvironment.warehousesEnabled
+    body = response.data.getEnvironment
+    assert body.owner == 'alice'
+    assert body.AwsAccountId == env1.AwsAccountId
+    assert body.mlStudiosEnabled
+    assert body.pipelinesEnabled
+    assert body.warehousesEnabled
+
+    params = {p.key: p.value for p in body.parameters}
+    assert params["dashboardsEnabled"] == "true"
 
 
 def test_get_environment_object_not_found(client, org1, env1, group):
@@ -102,7 +104,6 @@ def test_update_env(client, org1, env1, group):
                 owner
                 tags
                 resourcePrefix
-                dashboardsEnabled
                 mlStudiosEnabled
                 pipelinesEnabled
                 warehousesEnabled
@@ -120,7 +121,6 @@ def test_update_env(client, org1, env1, group):
         input={
             'label': 'DEV',
             'tags': ['test', 'env'],
-            'dashboardsEnabled': False,
             'mlStudiosEnabled': False,
             'pipelinesEnabled': False,
             'warehousesEnabled': False,
@@ -128,6 +128,10 @@ def test_update_env(client, org1, env1, group):
                 {
                     'key': 'notebooksEnabled',
                     'value': 'True'
+                },
+                {
+                    'key': 'dashboardsEnabled',
+                    'value': 'False'
                 }
             ],
             'resourcePrefix': 'customer-prefix_AZ390 ',
@@ -142,38 +146,40 @@ def test_update_env(client, org1, env1, group):
         input={
             'label': 'DEV',
             'tags': ['test', 'env'],
-            'dashboardsEnabled': False,
             'mlStudiosEnabled': False,
             'pipelinesEnabled': False,
             'warehousesEnabled': False,
             'parameters': [
                 {
                     'key': 'notebooksEnabled',
-                    'value': 'True'
-                }
+                    'value': 'true'
+                },
+                {
+                    'key': 'dashboardsEnabled',
+                    'value': 'false'
+                },
             ],
             'resourcePrefix': 'customer-prefix',
         },
         groups=[group.name],
     )
     print(response)
-    assert (
-        response.data.updateEnvironment.organization.organizationUri
-        == org1.organizationUri
-    )
-    assert response.data.updateEnvironment.owner == 'alice'
-    assert response.data.updateEnvironment.AwsAccountId == env1.AwsAccountId
-    assert response.data.updateEnvironment.label == 'DEV'
-    assert str(response.data.updateEnvironment.tags) == str(['test', 'env'])
-    assert not response.data.updateEnvironment.dashboardsEnabled
-    assert not response.data.updateEnvironment.notebooksEnabled
-    assert not response.data.updateEnvironment.mlStudiosEnabled
-    assert not response.data.updateEnvironment.pipelinesEnabled
-    assert not response.data.updateEnvironment.warehousesEnabled
-    assert response.data.updateEnvironment.parameters
-    assert response.data.updateEnvironment.parameters[0]["key"] == "notebooksEnabled"
-    assert response.data.updateEnvironment.parameters[0]["value"] == "True"
-    assert response.data.updateEnvironment.resourcePrefix == 'customer-prefix'
+
+    body = response.data.updateEnvironment
+    assert body.organization.organizationUri == org1.organizationUri
+    assert body.owner == 'alice'
+    assert body.AwsAccountId == env1.AwsAccountId
+    assert body.label == 'DEV'
+    assert str(body.tags) == str(['test', 'env'])
+    assert not body.mlStudiosEnabled
+    assert not body.pipelinesEnabled
+    assert not body.warehousesEnabled
+
+    params = {p.key: p.value for p in body.parameters}
+    assert params["notebooksEnabled"] == "true"
+    assert params["dashboardsEnabled"] == "false"
+
+    assert body.resourcePrefix == 'customer-prefix'
 
 
 def test_update_params(client, org1, env1, group):
@@ -701,7 +707,6 @@ def test_create_environment(db, client, org1, env1, user, group):
                 owner
                 EnvironmentDefaultIAMRoleName
                 EnvironmentDefaultIAMRoleImported
-                dashboardsEnabled
                 resourcePrefix
                 networks{
                  VpcId
@@ -726,18 +731,17 @@ def test_create_environment(db, client, org1, env1, user, group):
             'vpcId': 'vpc-1234567',
             'privateSubnetIds': 'subnet-1',
             'publicSubnetIds': 'subnet-21',
-            'dashboardsEnabled': True,
             'resourcePrefix': 'customer-prefix',
         },
     )
-    assert response.data.createEnvironment.dashboardsEnabled
-    assert response.data.createEnvironment.networks
-    assert (
-        response.data.createEnvironment.EnvironmentDefaultIAMRoleName == 'myOwnIamRole'
-    )
-    assert response.data.createEnvironment.EnvironmentDefaultIAMRoleImported
-    assert response.data.createEnvironment.resourcePrefix == 'customer-prefix'
-    for vpc in response.data.createEnvironment.networks:
+
+    body = response.data.createEnvironment
+
+    assert body.networks
+    assert body.EnvironmentDefaultIAMRoleName == 'myOwnIamRole'
+    assert body.EnvironmentDefaultIAMRoleImported
+    assert body.resourcePrefix == 'customer-prefix'
+    for vpc in body.networks:
         assert vpc.privateSubnetIds
         assert vpc.publicSubnetIds
         assert vpc.default
diff --git a/tests/api/test_organization.py b/tests/api/test_organization.py
index 9b74e52a2..4d9c01787 100644
--- a/tests/api/test_organization.py
+++ b/tests/api/test_organization.py
@@ -1,6 +1,8 @@
 import dataall
 import pytest
 
+from dataall.core.environment.models import EnvironmentParameter
+
 
 @pytest.fixture(scope='module', autouse=True)
 def org1(org, user, group, tenant):
@@ -281,6 +283,11 @@ def test_group_invitation(db, client, org1, group2, user, group3, group, env):
     assert 'OrganizationResourcesFound' in response.errors[0].message
     with db.scoped_session() as session:
         env = session.query(dataall.db.models.Environment).get(env2.environmentUri)
+        (
+            session.query(EnvironmentParameter)
+            .filter(EnvironmentParameter.environmentUri == env2.environmentUri)
+            .delete()
+        )
         session.delete(env)
         session.commit()
 
diff --git a/tests/modules/datasets/tasks/conftest.py b/tests/modules/datasets/tasks/conftest.py
index e3556fed6..8b4e241ac 100644
--- a/tests/modules/datasets/tasks/conftest.py
+++ b/tests/modules/datasets/tasks/conftest.py
@@ -50,7 +50,6 @@ def factory(
         owner: str,
         samlGroupName: str,
         environmentDefaultIAMRoleName: str,
-        dashboardsEnabled: bool = False,
     ) -> models.Environment:
         with db.scoped_session() as session:
             env = models.Environment(
@@ -65,7 +64,6 @@ def factory(
                 EnvironmentDefaultIAMRoleName=environmentDefaultIAMRoleName,
                 EnvironmentDefaultIAMRoleArn=f"arn:aws:iam::{awsAccountId}:role/{environmentDefaultIAMRoleName}",
                 CDKRoleArn=f"arn:aws::{awsAccountId}:role/EnvRole",
-                dashboardsEnabled=dashboardsEnabled,
             )
             session.add(env)
             session.commit()
diff --git a/tests/modules/datasets/test_dataset_resource_found.py b/tests/modules/datasets/test_dataset_resource_found.py
index e8f056a61..984480c88 100644
--- a/tests/modules/datasets/test_dataset_resource_found.py
+++ b/tests/modules/datasets/test_dataset_resource_found.py
@@ -30,7 +30,6 @@ def get_env(client, env1, group):
                 region
                 SamlGroupName
                 owner
-                dashboardsEnabled
                 mlStudiosEnabled
                 pipelinesEnabled
                 warehousesEnabled
diff --git a/tests/modules/datasets/test_share.py b/tests/modules/datasets/test_share.py
index e1f6983c0..80d1fcf2b 100644
--- a/tests/modules/datasets/test_share.py
+++ b/tests/modules/datasets/test_share.py
@@ -40,7 +40,6 @@ def env1(environment: typing.Callable, org1: dataall.db.models.Organization, use
         owner=user.userName,
         samlGroupName=group.name,
         environmentDefaultIAMRoleName=f"source-{group.name}",
-        dashboardsEnabled=False,
     )
 
 
@@ -96,7 +95,6 @@ def env2(
         owner=user2.userName,
         samlGroupName=group2.name,
         environmentDefaultIAMRoleName=f"source-{group2.name}",
-        dashboardsEnabled=False,
     )
 
 

From 19ee2ff4d4bd78254d5ac73ea5c2f7bd9c1754d1 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 31 May 2023 12:55:33 +0200
Subject: [PATCH 252/346] Renamed Quicksight to QuicksightClient and extracted
 DashboardQuicksightClient

---
 .../dataall/api/Objects/Tenant/resolvers.py   |   2 -
 backend/dataall/aws/handlers/quicksight.py    | 377 +-----------------
 .../modules/dashboards/aws/__init__.py        |   0
 .../aws/dashboard_quicksight_client.py        | 270 +++++++++++++
 .../services/dashboard_quicksight_service.py  | 106 ++---
 .../dashboards/services/dashboard_service.py  |  10 +-
 .../share_managers/lf_share_manager.py        |   4 +-
 .../modules/datasets/cdk/dataset_stack.py     |   4 +-
 .../datasets/services/dataset_service.py      |   6 +-
 9 files changed, 331 insertions(+), 448 deletions(-)
 create mode 100644 backend/dataall/modules/dashboards/aws/__init__.py
 create mode 100644 backend/dataall/modules/dashboards/aws/dashboard_quicksight_client.py

diff --git a/backend/dataall/api/Objects/Tenant/resolvers.py b/backend/dataall/api/Objects/Tenant/resolvers.py
index 5cdba0dee..7a46239b1 100644
--- a/backend/dataall/api/Objects/Tenant/resolvers.py
+++ b/backend/dataall/api/Objects/Tenant/resolvers.py
@@ -3,8 +3,6 @@
 from .... import db
 from ....aws.handlers.sts import SessionHelper
 from ....aws.handlers.parameter_store import ParameterStoreManager
-from ....aws.handlers.quicksight import Quicksight
-from ....db import exceptions
 
 
 def update_group_permissions(context, source, input=None):
diff --git a/backend/dataall/aws/handlers/quicksight.py b/backend/dataall/aws/handlers/quicksight.py
index 886482f3f..703e3a09e 100644
--- a/backend/dataall/aws/handlers/quicksight.py
+++ b/backend/dataall/aws/handlers/quicksight.py
@@ -1,20 +1,15 @@
 import logging
 import re
-import os
-import ast
 
-from botocore.exceptions import ClientError
 from .sts import SessionHelper
-from .secrets_manager import SecretsManager
-from .parameter_store import ParameterStoreManager
 
 logger = logging.getLogger('QuicksightHandler')
 logger.setLevel(logging.DEBUG)
 
 
-class Quicksight:
+class QuicksightClient:
 
-    _DEFAULT_GROUP_NAME = 'dataall'
+    DEFAULT_GROUP_NAME = 'dataall'
 
     def __init__(self):
         pass
@@ -43,10 +38,10 @@ def get_identity_region(AwsAccountId):
         """
         identity_region_rex = re.compile('Please use the (?P<region>.*) endpoint.')
         identity_region = 'us-east-1'
-        client = Quicksight.get_quicksight_client(AwsAccountId=AwsAccountId, region=identity_region)
+        client = QuicksightClient.get_quicksight_client(AwsAccountId=AwsAccountId, region=identity_region)
         try:
             response = client.describe_group(
-                AwsAccountId=AwsAccountId, GroupName=Quicksight._DEFAULT_GROUP_NAME, Namespace='default'
+                AwsAccountId=AwsAccountId, GroupName=QuicksightClient._DEFAULT_GROUP_NAME, Namespace='default'
             )
         except client.exceptions.AccessDeniedException as e:
             match = identity_region_rex.findall(str(e))
@@ -66,7 +61,7 @@ def get_quicksight_client_in_identity_region(AwsAccountId):
         Returns : boto3.client ("quicksight")
 
         """
-        identity_region = Quicksight.get_identity_region(AwsAccountId)
+        identity_region = QuicksightClient.get_identity_region(AwsAccountId)
         session = SessionHelper.remote_session(accountid=AwsAccountId)
         return session.client('quicksight', region_name=identity_region)
 
@@ -80,7 +75,7 @@ def check_quicksight_enterprise_subscription(AwsAccountId, region=None):
             True if Quicksight Enterprise Edition is enabled in the AWS Account
         """
         logger.info(f'Checking Quicksight subscription in AWS account = {AwsAccountId}')
-        client = Quicksight.get_quicksight_client(AwsAccountId=AwsAccountId, region=region)
+        client = QuicksightClient.get_quicksight_client(AwsAccountId=AwsAccountId, region=region)
         try:
             response = client.describe_account_subscription(AwsAccountId=AwsAccountId)
             if not response['AccountInfo']:
@@ -104,7 +99,7 @@ def check_quicksight_enterprise_subscription(AwsAccountId, region=None):
         return False
 
     @staticmethod
-    def create_quicksight_group(AwsAccountId, GroupName=_DEFAULT_GROUP_NAME):
+    def create_quicksight_group(AwsAccountId, GroupName=DEFAULT_GROUP_NAME):
         """Creates a Quicksight group called GroupName
         Args:
             AwsAccountId(str):  aws account
@@ -113,12 +108,12 @@ def create_quicksight_group(AwsAccountId, GroupName=_DEFAULT_GROUP_NAME):
         Returns:dict
             quicksight.describe_group response
         """
-        client = Quicksight.get_quicksight_client_in_identity_region(AwsAccountId)
-        group = Quicksight.describe_group(client, AwsAccountId, GroupName)
+        client = QuicksightClient.get_quicksight_client_in_identity_region(AwsAccountId)
+        group = QuicksightClient.describe_group(client, AwsAccountId, GroupName)
         if not group:
-            if GroupName == Quicksight._DEFAULT_GROUP_NAME:
+            if GroupName == QuicksightClient.DEFAULT_GROUP_NAME:
                 logger.info(f'Initializing data.all default group = {GroupName}')
-                Quicksight.check_quicksight_enterprise_subscription(AwsAccountId)
+                QuicksightClient.check_quicksight_enterprise_subscription(AwsAccountId)
 
             logger.info(f'Attempting to create Quicksight group `{GroupName}...')
             response = client.create_group(
@@ -135,362 +130,18 @@ def create_quicksight_group(AwsAccountId, GroupName=_DEFAULT_GROUP_NAME):
         return group
 
     @staticmethod
-    def describe_group(client, AwsAccountId, GroupName=_DEFAULT_GROUP_NAME):
+    def describe_group(client, AwsAccountId, GroupName=DEFAULT_GROUP_NAME):
         try:
             response = client.describe_group(
                 AwsAccountId=AwsAccountId, GroupName=GroupName, Namespace='default'
             )
             logger.info(
                 f'Quicksight {GroupName} group already exists in {AwsAccountId} '
-                f'(using identity region {Quicksight.get_identity_region(AwsAccountId)}): '
+                f'(using identity region {QuicksightClient.get_identity_region(AwsAccountId)}): '
                 f'{response}'
             )
             return response
         except client.exceptions.ResourceNotFoundException:
             logger.info(
-                f'Creating Quicksight group in {AwsAccountId} (using identity region {Quicksight.get_identity_region(AwsAccountId)})'
+                f'Creating Quicksight group in {AwsAccountId} (using identity region {QuicksightClient.get_identity_region(AwsAccountId)})'
             )
-
-    @staticmethod
-    def describe_user(AwsAccountId, UserName):
-        """Describes a QS user, returns None if not found
-        Args:
-            AwsAccountId(str) : aws account
-            UserName(str) : name of the QS user
-        """
-        client = Quicksight.get_quicksight_client_in_identity_region(AwsAccountId)
-        try:
-            response = client.describe_user(
-                UserName=UserName, AwsAccountId=AwsAccountId, Namespace='default'
-            )
-            exists = True
-        except ClientError:
-            return None
-        return response.get('User')
-
-    @staticmethod
-    def get_quicksight_group_arn(AwsAccountId):
-        default_group_arn = None
-        group = Quicksight.describe_group(
-            client=Quicksight.get_quicksight_client_in_identity_region(
-                AwsAccountId=AwsAccountId
-            ),
-            AwsAccountId=AwsAccountId,
-        )
-        if group and group.get('Group', {}).get('Arn'):
-            default_group_arn = group.get('Group', {}).get('Arn')
-
-        return default_group_arn
-
-    @staticmethod
-    def list_user_groups(AwsAccountId, UserName):
-        client = Quicksight.get_quicksight_client_in_identity_region(AwsAccountId)
-        user = Quicksight.describe_user(AwsAccountId, UserName)
-        if not user:
-            return []
-        response = client.list_user_groups(
-            UserName=UserName, AwsAccountId=AwsAccountId, Namespace='default'
-        )
-        return response['GroupList']
-
-    @staticmethod
-    def register_user_in_group(AwsAccountId, UserName, GroupName, UserRole='READER'):
-        client = Quicksight.get_quicksight_client_in_identity_region(
-            AwsAccountId=AwsAccountId
-        )
-
-        Quicksight.create_quicksight_group(AwsAccountId, GroupName)
-
-        exists = False
-        user = Quicksight.describe_user(AwsAccountId, UserName=UserName)
-
-        if user is not None:
-            exists = True
-
-        if exists:
-            response = client.update_user(
-                UserName=UserName,
-                AwsAccountId=AwsAccountId,
-                Namespace='default',
-                Email=UserName,
-                Role=UserRole,
-            )
-        else:
-            response = client.register_user(
-                UserName=UserName,
-                Email=UserName,
-                AwsAccountId=AwsAccountId,
-                Namespace='default',
-                IdentityType='QUICKSIGHT',
-                UserRole=UserRole,
-            )
-        member = False
-
-        response = client.list_user_groups(
-            UserName=UserName, AwsAccountId=AwsAccountId, Namespace='default'
-        )
-        logger.info(
-            f'list_user_groups for {UserName}: {response})'
-        )
-        if GroupName not in [g['GroupName'] for g in response['GroupList']]:
-            logger.warning(f'Adding {UserName} to Quicksight group {GroupName} on {AwsAccountId}')
-            response = client.create_group_membership(
-                MemberName=UserName,
-                GroupName=GroupName,
-                AwsAccountId=AwsAccountId,
-                Namespace='default',
-            )
-        return Quicksight.describe_user(AwsAccountId, UserName)
-
-    @staticmethod
-    def get_reader_session(AwsAccountId, region, UserName, UserRole="READER", DashboardId=None, domain_name: str = None):
-
-        client = Quicksight.get_quicksight_client(AwsAccountId, region)
-        user = Quicksight.describe_user(AwsAccountId, UserName)
-        if user is None:
-            user = Quicksight.register_user_in_group(
-                AwsAccountId=AwsAccountId, UserName=UserName, GroupName=Quicksight._DEFAULT_GROUP_NAME, UserRole=UserRole
-            )
-
-        response = client.generate_embed_url_for_registered_user(
-            AwsAccountId=AwsAccountId,
-            SessionLifetimeInMinutes=120,
-            UserArn=user.get("Arn"),
-            ExperienceConfiguration={
-                "Dashboard": {
-                    "InitialDashboardId": DashboardId,
-                },
-            },
-            AllowedDomains=[domain_name],
-        )
-        return response.get('EmbedUrl')
-
-    @staticmethod
-    def check_dashboard_permissions(AwsAccountId, region, DashboardId):
-        client = Quicksight.get_quicksight_client(AwsAccountId, region)
-        response = client.describe_dashboard_permissions(
-            AwsAccountId=AwsAccountId,
-            DashboardId=DashboardId
-        )['Permissions']
-        logger.info(f"Dashboard initial permissions: {response}")
-        read_principals = []
-        write_principals = []
-
-        for a, p in zip([p["Actions"] for p in response], [p["Principal"] for p in response]):
-            write_principals.append(p) if "Update" in str(a) else read_principals.append(p)
-
-        logger.info(f"Dashboard updated permissions, Read principals: {read_principals}")
-        logger.info(f"Dashboard updated permissions, Write principals: {write_principals}")
-
-        return read_principals, write_principals
-
-    @staticmethod
-    def get_shared_reader_session(
-            AwsAccountId, region, UserName, GroupName, UserRole='READER', DashboardId=None
-    ):
-
-        client = Quicksight.get_quicksight_client(AwsAccountId, region)
-        identity_region = Quicksight.get_identity_region(AwsAccountId)
-        groupPrincipal = f"arn:aws:quicksight:{identity_region}:{AwsAccountId}:group/default/{GroupName}"
-
-        user = Quicksight.register_user_in_group(
-            AwsAccountId=AwsAccountId, UserName=UserName, GroupName=GroupName, UserRole=UserRole
-        )
-
-        read_principals, write_principals = Quicksight.check_dashboard_permissions(
-            AwsAccountId=AwsAccountId,
-            region=region,
-            DashboardId=DashboardId
-        )
-
-        if groupPrincipal not in read_principals:
-            permissions = client.update_dashboard_permissions(
-                AwsAccountId=AwsAccountId,
-                DashboardId=DashboardId,
-                GrantPermissions=[
-                    {
-                        'Principal': groupPrincipal,
-                        'Actions': [
-                            "quicksight:DescribeDashboard",
-                            "quicksight:ListDashboardVersions",
-                            "quicksight:QueryDashboard",
-                        ]
-                    },
-                ]
-            )
-            logger.info(f"Permissions granted: {permissions}")
-
-        response = client.get_dashboard_embed_url(
-            AwsAccountId=AwsAccountId,
-            DashboardId=DashboardId,
-            IdentityType='QUICKSIGHT',
-            SessionLifetimeInMinutes=120,
-            UserArn=user.get('Arn'),
-        )
-        return response.get('EmbedUrl')
-
-    @staticmethod
-    def get_anonymous_session(AwsAccountId, region, UserName, DashboardId=None):
-        client = Quicksight.get_quicksight_client(AwsAccountId, region)
-        response = client.generate_embed_url_for_anonymous_user(
-            AwsAccountId=AwsAccountId,
-            SessionLifetimeInMinutes=120,
-            Namespace='default',
-            SessionTags=[
-                {'Key': Quicksight._DEFAULT_GROUP_NAME, 'Value': UserName},
-            ],
-            AuthorizedResourceArns=[
-                f'arn:aws:quicksight:{region}:{AwsAccountId}:dashboard/{DashboardId}',
-            ],
-            ExperienceConfiguration={'Dashboard': {'InitialDashboardId': DashboardId}},
-        )
-        return response.get('EmbedUrl')
-
-    @staticmethod
-    def get_author_session(AwsAccountId, region, UserName, UserRole='AUTHOR'):
-        client = Quicksight.get_quicksight_client(AwsAccountId, region)
-        user = Quicksight.describe_user(AwsAccountId, UserName=UserName)
-        if user is None:
-            user = Quicksight.register_user_in_group(
-                AwsAccountId=AwsAccountId, UserName=UserName, GroupName=Quicksight._DEFAULT_GROUP_NAME, UserRole=UserRole
-            )
-        elif user.get("Role", None) not in ["AUTHOR", "ADMIN"]:
-            user = Quicksight.register_user_in_group(
-                AwsAccountId=AwsAccountId, UserName=UserName, GroupName=Quicksight._DEFAULT_GROUP_NAME, UserRole=UserRole
-            )
-        else:
-            pass
-        response = client.get_session_embed_url(
-            AwsAccountId=AwsAccountId,
-            EntryPoint='/start/dashboards',
-            SessionLifetimeInMinutes=120,
-            UserArn=user['Arn'],
-        )
-        return response['EmbedUrl']
-
-    @staticmethod
-    def can_import_dashboard(AwsAccountId, region, UserName, DashboardId):
-        client = Quicksight.get_quicksight_client(AwsAccountId, region)
-        user = Quicksight.describe_user(AwsAccountId, UserName)
-        if not user:
-            return False
-
-        groups = Quicksight.list_user_groups(AwsAccountId, UserName)
-        grouparns = [g['Arn'] for g in groups]
-        try:
-            response = client.describe_dashboard_permissions(
-                AwsAccountId=AwsAccountId, DashboardId=DashboardId
-            )
-        except ClientError as e:
-            raise e
-
-        permissions = response.get('Permissions', [])
-        for p in permissions:
-            if p['Principal'] == user.get('Arn') or p['Principal'] in grouparns:
-                for a in p['Actions']:
-                    if a in [
-                        'quicksight:UpdateDashboard',
-                        'UpdateDashboardPermissions',
-                    ]:
-                        return True
-
-        return False
-
-    @staticmethod
-    def create_data_source_vpc(AwsAccountId, region, UserName, vpcConnectionId):
-        client = Quicksight.get_quicksight_client(AwsAccountId, region)
-        identity_region = 'us-east-1'
-        user = Quicksight.register_user_in_group(
-            AwsAccountId=AwsAccountId, UserName=UserName, GroupName=Quicksight._DEFAULT_GROUP_NAME, UserRole='AUTHOR'
-        )
-        try:
-            response = client.describe_data_source(
-                AwsAccountId=AwsAccountId, DataSourceId="dataall-metadata-db"
-            )
-
-        except client.exceptions.ResourceNotFoundException:
-            aurora_secret_arn = ParameterStoreManager.get_parameter_value(AwsAccountId=AwsAccountId, region=region, parameter_path=f'/dataall/{os.getenv("envname", "local")}/aurora/secret_arn')
-            aurora_params = SecretsManager.get_secret_value(
-                AwsAccountId=AwsAccountId, region=region, secretId=aurora_secret_arn
-            )
-            aurora_params_dict = ast.literal_eval(aurora_params)
-            response = client.create_data_source(
-                AwsAccountId=AwsAccountId,
-                DataSourceId="dataall-metadata-db",
-                Name="dataall-metadata-db",
-                Type="AURORA_POSTGRESQL",
-                DataSourceParameters={
-                    'AuroraPostgreSqlParameters': {
-                        'Host': aurora_params_dict["host"],
-                        'Port': aurora_params_dict["port"],
-                        'Database': aurora_params_dict["dbname"]
-                    }
-                },
-                Credentials={
-                    "CredentialPair": {
-                        "Username": aurora_params_dict["username"],
-                        "Password": aurora_params_dict["password"],
-                    }
-                },
-                Permissions=[
-                    {
-                        "Principal": f"arn:aws:quicksight:{region}:{AwsAccountId}:group/default/dataall",
-                        "Actions": [
-                            "quicksight:UpdateDataSourcePermissions",
-                            "quicksight:DescribeDataSource",
-                            "quicksight:DescribeDataSourcePermissions",
-                            "quicksight:PassDataSource",
-                            "quicksight:UpdateDataSource",
-                            "quicksight:DeleteDataSource"
-                        ]
-                    }
-                ],
-                VpcConnectionProperties={
-                    'VpcConnectionArn': f"arn:aws:quicksight:{region}:{AwsAccountId}:vpcConnection/{vpcConnectionId}"
-                }
-            )
-
-        return "dataall-metadata-db"
-
-    @staticmethod
-    def create_analysis(AwsAccountId, region, UserName):
-        client = Quicksight.get_quicksight_client(AwsAccountId, region)
-        user = Quicksight.describe_user(AwsAccountId, UserName)
-        if not user:
-            return False
-
-        response = client.create_analysis(
-            AwsAccountId=AwsAccountId,
-            AnalysisId='dataallMonitoringAnalysis',
-            Name='dataallMonitoringAnalysis',
-            Permissions=[
-                {
-                    'Principal': user.get('Arn'),
-                    'Actions': [
-                        'quicksight:DescribeAnalysis',
-                        'quicksight:DescribeAnalysisPermissions',
-                        'quicksight:UpdateAnalysisPermissions',
-                        'quicksight:UpdateAnalysis'
-                    ]
-                },
-            ],
-            SourceEntity={
-                'SourceTemplate': {
-                    'DataSetReferences': [
-                        {
-                            'DataSetPlaceholder': 'environment',
-                            'DataSetArn': f"arn:aws:quicksight:{region}:{AwsAccountId}:dataset/<DATASET-ID>"
-                        },
-                    ],
-                    'Arn': '<TEMPLATE-THAT-WE-WANT-TO-MIGRATE'
-                }
-            },
-            Tags=[
-                {
-                    'Key': 'application',
-                    'Value': 'dataall'
-                },
-            ]
-        )
-
-        return True
diff --git a/backend/dataall/modules/dashboards/aws/__init__.py b/backend/dataall/modules/dashboards/aws/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/backend/dataall/modules/dashboards/aws/dashboard_quicksight_client.py b/backend/dataall/modules/dashboards/aws/dashboard_quicksight_client.py
new file mode 100644
index 000000000..171e6c371
--- /dev/null
+++ b/backend/dataall/modules/dashboards/aws/dashboard_quicksight_client.py
@@ -0,0 +1,270 @@
+import logging
+import re
+import os
+import ast
+
+from botocore.exceptions import ClientError
+
+from dataall.aws.handlers.parameter_store import ParameterStoreManager
+from dataall.aws.handlers.quicksight import QuicksightClient
+from dataall.aws.handlers.secrets_manager import SecretsManager
+from dataall.aws.handlers.sts import SessionHelper
+
+log = logging.getLogger(__name__)
+log.setLevel(logging.DEBUG)
+
+
+class DashboardQuicksightClient:
+    _DEFAULT_GROUP_NAME = QuicksightClient.DEFAULT_GROUP_NAME
+
+    def __init__(self, username, aws_account_id, region='eu-west-1'):
+        session = SessionHelper.remote_session(accountid=aws_account_id)
+        self._client = session.client('quicksight', region_name=region)
+        self._account_id = aws_account_id
+        self._region = region
+        self._username = username
+
+    def register_user_in_group(self, group_name, user_role='READER'):
+        QuicksightClient.create_quicksight_group(self._account_id, group_name)
+        exists = False
+        user = self._describe_user()
+
+        if user is not None:
+            exists = True
+
+        if exists:
+            self._client.update_user(
+                UserName=self._username,
+                AwsAccountId=self._account_id,
+                Namespace='default',
+                Email=self._username,
+                Role=user_role,
+            )
+        else:
+            self._client.register_user(
+                UserName=self._username,
+                Email=self._username,
+                AwsAccountId=self._account_id,
+                Namespace='default',
+                IdentityType='QUICKSIGHT',
+                UserRole=user_role,
+            )
+
+        response = self._client.list_user_groups(
+            UserName=self._username, AwsAccountId=self._account_id, Namespace='default'
+        )
+        log.info(f'list_user_groups for {self._username}: {response})')
+        if group_name not in [g['GroupName'] for g in response['GroupList']]:
+            log.warning(f'Adding {self._username} to Quicksight group {group_name} on {self._account_id}')
+            self._client.create_group_membership(
+                MemberName=self._username,
+                GroupName=group_name,
+                AwsAccountId=self._account_id,
+                Namespace='default',
+            )
+        return self._describe_user()
+
+    def get_reader_session(self, user_role="READER", dashboard_id=None, domain_name: str = None):
+        user = self._describe_user()
+        if user is None:
+            user = self.register_user_in_group(self._DEFAULT_GROUP_NAME, user_role)
+
+        response = self._client.generate_embed_url_for_registered_user(
+            AwsAccountId=self._account_id,
+            SessionLifetimeInMinutes=120,
+            UserArn=user.get("Arn"),
+            ExperienceConfiguration={
+                "Dashboard": {
+                    "InitialDashboardId": dashboard_id,
+                },
+            },
+            AllowedDomains=[domain_name],
+        )
+        return response.get('EmbedUrl')
+
+    def get_shared_reader_session(self,  group_name, user_role='READER', dashboard_id=None):
+        aws_account_id = self._account_id
+        identity_region = QuicksightClient.get_identity_region(aws_account_id)
+        group_principal = f"arn:aws:quicksight:{identity_region}:{aws_account_id}:group/default/{group_name}"
+
+        user = self.register_user_in_group(group_name, user_role)
+
+        read_principals, write_principals = self._check_dashboard_permissions(dashboard_id)
+
+        if group_principal not in read_principals:
+            permissions = self._client.update_dashboard_permissions(
+                AwsAccountId=aws_account_id,
+                DashboardId=dashboard_id,
+                GrantPermissions=[
+                    {
+                        'Principal': group_principal,
+                        'Actions': [
+                            "quicksight:DescribeDashboard",
+                            "quicksight:ListDashboardVersions",
+                            "quicksight:QueryDashboard",
+                        ]
+                    },
+                ]
+            )
+            log.info(f"Permissions granted: {permissions}")
+
+        response = self._client.get_dashboard_embed_url(
+            AwsAccountId=aws_account_id,
+            DashboardId=dashboard_id,
+            IdentityType='QUICKSIGHT',
+            SessionLifetimeInMinutes=120,
+            UserArn=user.get('Arn'),
+        )
+        return response.get('EmbedUrl')
+
+    def get_anonymous_session(self, dashboard_id=None):
+        response = self._client.generate_embed_url_for_anonymous_user(
+            AwsAccountId=self._account_id,
+            SessionLifetimeInMinutes=120,
+            Namespace='default',
+            SessionTags=[{'Key': self._DEFAULT_GROUP_NAME, 'Value': self._username}],
+            AuthorizedResourceArns=[
+                f'arn:aws:quicksight:{self._region}:{self._account_id}:dashboard/{dashboard_id}',
+            ],
+            ExperienceConfiguration={'Dashboard': {'InitialDashboardId': dashboard_id}},
+        )
+        return response.get('EmbedUrl')
+
+    def get_author_session(self):
+        user = self._describe_user()
+        if user is None or user.get("Role", None) not in ["AUTHOR", "ADMIN"]:
+            user = self.register_user_in_group(self._DEFAULT_GROUP_NAME, "AUTHOR")
+
+        response = self._client.get_session_embed_url(
+            AwsAccountId=self._account_id,
+            EntryPoint='/start/dashboards',
+            SessionLifetimeInMinutes=120,
+            UserArn=user['Arn'],
+        )
+        return response['EmbedUrl']
+
+    def can_import_dashboard(self, dashboard_id):
+        user = self._describe_user()
+        if not user:
+            return False
+
+        groups = self._list_user_groups()
+        grouparns = [g['Arn'] for g in groups]
+        try:
+            response = self._client.describe_dashboard_permissions(
+                AwsAccountId=self._account_id, DashboardId=dashboard_id
+            )
+        except ClientError as e:
+            raise e
+
+        permissions = response.get('Permissions', [])
+        for p in permissions:
+            if p['Principal'] == user.get('Arn') or p['Principal'] in grouparns:
+                for a in p['Actions']:
+                    if a in [
+                        'quicksight:UpdateDashboard',
+                        'UpdateDashboardPermissions',
+                    ]:
+                        return True
+
+        return False
+
+    def create_data_source_vpc(self, vpc_connection_id):
+        client = self._client
+        aws_account_id = self._account_id
+        region = self._region
+
+        self.register_user_in_group(self._DEFAULT_GROUP_NAME, 'AUTHOR')
+        try:
+            client.describe_data_source(
+                AwsAccountId=aws_account_id, DataSourceId="dataall-metadata-db"
+            )
+
+        except client.exceptions.ResourceNotFoundException:
+            aurora_secret_arn = ParameterStoreManager.get_parameter_value(
+                AwsAccountId=aws_account_id,
+                region=region,
+                parameter_path=f'/dataall/{os.getenv("envname", "local")}/aurora/secret_arn'
+            )
+
+            aurora_params = SecretsManager.get_secret_value(
+                AwsAccountId=aws_account_id, region=region, secretId=aurora_secret_arn
+            )
+            aurora_params_dict = ast.literal_eval(aurora_params)
+            client.create_data_source(
+                AwsAccountId=aws_account_id,
+                DataSourceId="dataall-metadata-db",
+                Name="dataall-metadata-db",
+                Type="AURORA_POSTGRESQL",
+                DataSourceParameters={
+                    'AuroraPostgreSqlParameters': {
+                        'Host': aurora_params_dict["host"],
+                        'Port': aurora_params_dict["port"],
+                        'Database': aurora_params_dict["dbname"]
+                    }
+                },
+                Credentials={
+                    "CredentialPair": {
+                        "Username": aurora_params_dict["username"],
+                        "Password": aurora_params_dict["password"],
+                    }
+                },
+                Permissions=[
+                    {
+                        "Principal": f"arn:aws:quicksight:{region}:{aws_account_id}:group/default/dataall",
+                        "Actions": [
+                            "quicksight:UpdateDataSourcePermissions",
+                            "quicksight:DescribeDataSource",
+                            "quicksight:DescribeDataSourcePermissions",
+                            "quicksight:PassDataSource",
+                            "quicksight:UpdateDataSource",
+                            "quicksight:DeleteDataSource"
+                        ]
+                    }
+                ],
+                VpcConnectionProperties={
+                    'VpcConnectionArn': f"arn:aws:quicksight:{region}:{aws_account_id}:vpcConnection/"
+                                        f"{vpc_connection_id}"
+                }
+            )
+
+        return "dataall-metadata-db"
+
+    def _check_dashboard_permissions(self, dashboard_id):
+        response = self._client.describe_dashboard_permissions(
+            AwsAccountId=self._account_id,
+            DashboardId=dashboard_id
+        )['Permissions']
+        log.info(f"Dashboard initial permissions: {response}")
+        read_principals = []
+        write_principals = []
+
+        for a, p in zip([p["Actions"] for p in response], [p["Principal"] for p in response]):
+            write_principals.append(p) if "Update" in str(a) else read_principals.append(p)
+
+        log.info(f"Dashboard updated permissions, Read principals: {read_principals}")
+        log.info(f"Dashboard updated permissions, Write principals: {write_principals}")
+
+        return read_principals, write_principals
+
+    def _list_user_groups(self):
+        client = QuicksightClient.get_quicksight_client_in_identity_region(self._account_id)
+        user = self._describe_user()
+        if not user:
+            return []
+        response = client.list_user_groups(
+            UserName=self._username, AwsAccountId=self._account_id, Namespace='default'
+        )
+        return response['GroupList']
+
+    def _describe_user(self):
+        """Describes a QS user, returns None if not found"""
+        client = QuicksightClient.get_quicksight_client_in_identity_region(self._username)
+        try:
+            response = client.describe_user(
+                UserName=self._username, AwsAccountId=self._account_id, Namespace='default'
+            )
+        except ClientError:
+            return None
+        return response.get('User')
+
diff --git a/backend/dataall/modules/dashboards/services/dashboard_quicksight_service.py b/backend/dataall/modules/dashboards/services/dashboard_quicksight_service.py
index 8c3b43c3c..15f8b8c2b 100644
--- a/backend/dataall/modules/dashboards/services/dashboard_quicksight_service.py
+++ b/backend/dataall/modules/dashboards/services/dashboard_quicksight_service.py
@@ -1,7 +1,6 @@
 import os
 
 from dataall.aws.handlers.parameter_store import ParameterStoreManager
-from dataall.aws.handlers.quicksight import Quicksight
 from dataall.aws.handlers.sts import SessionHelper
 from dataall.core.context import get_context
 from dataall.core.permission_checker import has_resource_permission
@@ -9,6 +8,7 @@
 from dataall.db.exceptions import UnauthorizedOperation, TenantUnauthorized, AWSResourceNotFound
 from dataall.db.permissions import TENANT_ALL
 from dataall.modules.dashboards import DashboardRepository, Dashboard
+from dataall.modules.dashboards.aws.dashboard_quicksight_client import DashboardQuicksightClient
 from dataall.modules.dashboards.services.dashboard_permissions import GET_DASHBOARD, CREATE_DASHBOARD
 from dataall.utils import Parameter
 
@@ -22,21 +22,19 @@ def _get_env_uri(session, uri):
         dashboard: Dashboard = DashboardRepository.get_dashboard_by_uri(session, uri)
         return dashboard.environmentUri
 
-    @staticmethod
+    @classmethod
     @has_resource_permission(GET_DASHBOARD, parent_resource=_get_env_uri)
-    def get_quicksight_reader_url(uri):
+    def get_quicksight_reader_url(cls, uri):
         context = get_context()
         with context.db_engine.scoped_session() as session:
             dash: Dashboard = DashboardRepository.get_dashboard_by_uri(session, uri)
             env = Environment.get_environment_by_uri(session, dash.environmentUri)
-            DashboardQuicksightService._check_dashboards_enabled(session, env, GET_DASHBOARD)
+            cls._check_dashboards_enabled(session, env, GET_DASHBOARD)
+            client = cls._client(env.AwsAccountId, env.region)
 
             if dash.SamlGroupName in context.groups:
-                url = Quicksight.get_reader_session(
-                    AwsAccountId=env.AwsAccountId,
-                    region=env.region,
-                    UserName=context.username,
-                    DashboardId=dash.DashboardId,
+                return client.get_reader_session(
+                    dashboard_id=dash.DashboardId,
                     domain_name=DashboardQuicksightService._get_domain_url(),
                 )
 
@@ -57,38 +55,22 @@ def get_quicksight_reader_url(uri):
                 )
 
                 if session_type == 'reader':
-                    url = Quicksight.get_shared_reader_session(
-                        AwsAccountId=env.AwsAccountId,
-                        region=env.region,
-                        UserName=context.username,
-                        GroupName=shared_groups[0],
-                        DashboardId=dash.DashboardId,
+                    return client.get_shared_reader_session(
+                        group_name=shared_groups[0],
+                        dashboard_id=dash.DashboardId,
                     )
                 else:
-                    url = Quicksight.get_anonymous_session(
-                        AwsAccountId=env.AwsAccountId,
-                        region=env.region,
-                        UserName=context.username,
-                        DashboardId=dash.DashboardId,
-                    )
-        return url
+                    return client.get_anonymous_session(dashboard_id=dash.DashboardId)
 
-    @staticmethod
+    @classmethod
     @has_resource_permission(CREATE_DASHBOARD)
-    def get_quicksight_designer_url(uri: str):
+    def get_quicksight_designer_url(cls, uri: str):
         context = get_context()
         with context.db_engine.scoped_session() as session:
             env = Environment.get_environment_by_uri(session, uri)
-            DashboardQuicksightService._check_dashboards_enabled(session, env, CREATE_DASHBOARD)
+            cls._check_dashboards_enabled(session, env, CREATE_DASHBOARD)
 
-            url = Quicksight.get_author_session(
-                AwsAccountId=env.AwsAccountId,
-                region=env.region,
-                UserName=context.username,
-                UserRole='AUTHOR',
-            )
-
-        return url
+            return cls._client(env.AwsAccountId, env.region).get_author_session()
 
     @staticmethod
     def get_monitoring_dashboard_id():
@@ -122,22 +104,12 @@ def get_monitoring_vpc_connection_id():
             )
         return vpc_connection_id
 
-    @staticmethod
-    def create_quicksight_data_source_set(vpc_connection_id):
-        context = get_context()
-        current_account = SessionHelper.get_account()
-        Quicksight.register_user_in_group(
-            AwsAccountId=current_account,
-            UserName=context.username,
-            GroupName='dataall',
-            UserRole='AUTHOR')
+    @classmethod
+    def create_quicksight_data_source_set(cls, vpc_connection_id):
+        client = cls._client()
+        client.register_user_in_group(group_name='dataall', user_role='AUTHOR')
 
-        datasource_id = Quicksight.create_data_source_vpc(
-            AwsAccountId=current_account,
-            region=DashboardQuicksightService._REGION,
-            UserName=context.username,
-            vpcConnectionId=vpc_connection_id
-        )
+        datasource_id = client.create_data_source_vpc(vpc_connection_id=vpc_connection_id)
         # Data sets are not created programmatically. Too much overhead for the value added.
         # However, an example API is provided: datasets = Quicksight.create_data_set_from_source(
         #   AwsAccountId=current_account, region=region, UserName='dataallTenantUser',
@@ -147,29 +119,16 @@ def create_quicksight_data_source_set(vpc_connection_id):
 
         return datasource_id
 
-    @staticmethod
-    def get_quicksight_author_session(aws_account):
+    @classmethod
+    def get_quicksight_author_session(cls, aws_account):
         DashboardQuicksightService._check_user_must_be_admin()
+        return cls._client(aws_account).get_author_session()
 
-        return Quicksight.get_author_session(
-            AwsAccountId=aws_account,
-            region=DashboardQuicksightService._REGION,
-            UserName=get_context().username,
-            UserRole='AUTHOR',
-        )
-
-    @staticmethod
-    def get_quicksight_reader_session(dashboard_uri):
-        DashboardQuicksightService._check_user_must_be_admin()
-        current_account = SessionHelper.get_account()
-
-        return Quicksight.get_reader_session(
-            AwsAccountId=current_account,
-            region=DashboardQuicksightService._REGION,
-            UserName=get_context().username,
-            UserRole='READER',
-            DashboardId=dashboard_uri
-        )
+    @classmethod
+    def get_quicksight_reader_session(cls, dashboard_uri):
+        cls._check_user_must_be_admin()
+        client = cls._client()
+        return client.get_reader_session(user_role='READER', dashboard_id=dashboard_uri)
 
     @staticmethod
     def _check_user_must_be_admin():
@@ -205,3 +164,12 @@ def _check_dashboards_enabled(session, env, action):
                 message=f'Dashboards feature is disabled for the environment {env.label}',
             )
 
+    @classmethod
+    def _client(cls, account_id: str = None, region: str = None):
+        if not account_id:
+            account_id = SessionHelper.get_account()
+
+        if not region:
+            region = cls._REGION
+        return DashboardQuicksightClient(get_context().username, account_id, cls._REGION)
+
diff --git a/backend/dataall/modules/dashboards/services/dashboard_service.py b/backend/dataall/modules/dashboards/services/dashboard_service.py
index 3638355f5..d626dfe9e 100644
--- a/backend/dataall/modules/dashboards/services/dashboard_service.py
+++ b/backend/dataall/modules/dashboards/services/dashboard_service.py
@@ -1,10 +1,10 @@
-from dataall.aws.handlers.quicksight import Quicksight
 from dataall.core.context import get_context
 from dataall.core.permission_checker import has_tenant_permission, has_resource_permission
 from dataall.db.api import ResourcePolicy, Glossary, Vote, Environment
 from dataall.db.exceptions import UnauthorizedOperation
 from dataall.db.models import Activity
 from dataall.modules.dashboards import DashboardRepository, Dashboard
+from dataall.modules.dashboards.aws.dashboard_quicksight_client import DashboardQuicksightClient
 from dataall.modules.dashboards.indexers.dashboard_indexer import DashboardIndexer
 from dataall.modules.dashboards.services.dashboard_permissions import MANAGE_DASHBOARDS, GET_DASHBOARD, \
     UPDATE_DASHBOARD, CREATE_DASHBOARD, DASHBOARD_ALL
@@ -34,12 +34,8 @@ def import_dashboard(uri: str, data: dict = None) -> Dashboard:
                     message=f'Dashboards feature is disabled for the environment {env.label}',
                 )
 
-            can_import = Quicksight.can_import_dashboard(
-                AwsAccountId=env.AwsAccountId,
-                region=env.region,
-                UserName=context.username,
-                DashboardId=data.get('dashboardId'),
-            )
+            aws_client = DashboardQuicksightClient(context.username, env.AwsAccountId, env.region)
+            can_import = aws_client.can_import_dashboard(data.get('dashboardId'))
 
             if not can_import:
                 raise UnauthorizedOperation(
diff --git a/backend/dataall/modules/dataset_sharing/services/share_managers/lf_share_manager.py b/backend/dataall/modules/dataset_sharing/services/share_managers/lf_share_manager.py
index 53c80c1ca..22fb9dac5 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_managers/lf_share_manager.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_managers/lf_share_manager.py
@@ -8,7 +8,7 @@
 from dataall.db.api import Environment
 from dataall.modules.dataset_sharing.aws.glue_client import GlueClient
 from dataall.modules.dataset_sharing.aws.lakeformation_client import LakeFormationClient
-from dataall.aws.handlers.quicksight import Quicksight
+from dataall.aws.handlers.quicksight import QuicksightClient
 from dataall.aws.handlers.sts import SessionHelper
 from dataall.aws.handlers.ram import Ram
 from dataall.db import exceptions, models
@@ -65,7 +65,7 @@ def get_share_principals(self) -> [str]:
         dashboard_enabled = Environment.get_boolean_env_param(self.session, self.target_environment, "dashboardsEnabled")
 
         if dashboard_enabled:
-            group = Quicksight.create_quicksight_group(AwsAccountId=self.target_environment.AwsAccountId)
+            group = QuicksightClient.create_quicksight_group(AwsAccountId=self.target_environment.AwsAccountId)
             if group and group.get('Group'):
                 group_arn = group.get('Group').get('Arn')
                 if group_arn:
diff --git a/backend/dataall/modules/datasets/cdk/dataset_stack.py b/backend/dataall/modules/datasets/cdk/dataset_stack.py
index 0c66a15c0..9637f69fb 100644
--- a/backend/dataall/modules/datasets/cdk/dataset_stack.py
+++ b/backend/dataall/modules/datasets/cdk/dataset_stack.py
@@ -19,7 +19,7 @@
 
 from dataall.cdkproxy.stacks.manager import stack
 from dataall import db
-from dataall.aws.handlers.quicksight import Quicksight
+from dataall.aws.handlers.quicksight import QuicksightClient
 from dataall.aws.handlers.sts import SessionHelper
 from dataall.db import models
 from dataall.db.api import Environment
@@ -102,7 +102,7 @@ def __init__(self, scope, id, target_uri: str = None, **kwargs):
 
         quicksight_default_group_arn = None
         if self.has_quicksight_enabled(env):
-            quicksight_default_group = Quicksight.create_quicksight_group(AwsAccountId=env.AwsAccountId)
+            quicksight_default_group = QuicksightClient.create_quicksight_group(AwsAccountId=env.AwsAccountId)
             quicksight_default_group_arn = quicksight_default_group['Group']['Arn']
 
         # Dataset S3 Bucket and KMS key
diff --git a/backend/dataall/modules/datasets/services/dataset_service.py b/backend/dataall/modules/datasets/services/dataset_service.py
index 6d164d09f..05049806a 100644
--- a/backend/dataall/modules/datasets/services/dataset_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_service.py
@@ -2,7 +2,7 @@
 import logging
 
 from dataall.api.Objects.Stack import stack_helper
-from dataall.aws.handlers.quicksight import Quicksight
+from dataall.aws.handlers.quicksight import QuicksightClient
 from dataall.aws.handlers.service_handlers import Worker
 from dataall.aws.handlers.sts import SessionHelper
 from dataall.core.context import get_context
@@ -36,10 +36,10 @@ class DatasetService:
     def check_dataset_account(session, environment):
         dashboards_enabled = Environment.get_boolean_env_param(session, environment, "dashboardsEnabled")
         if dashboards_enabled:
-            quicksight_subscription = Quicksight.check_quicksight_enterprise_subscription(
+            quicksight_subscription = QuicksightClient.check_quicksight_enterprise_subscription(
                 AwsAccountId=environment.AwsAccountId)
             if quicksight_subscription:
-                group = Quicksight.create_quicksight_group(AwsAccountId=environment.AwsAccountId)
+                group = QuicksightClient.create_quicksight_group(AwsAccountId=environment.AwsAccountId)
                 return True if group else False
         return True
 

From e9ee05624e1a0e5fb0a7d425a7369d56abb83e7d Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 31 May 2023 14:12:14 +0200
Subject: [PATCH 253/346] Moved dashboard tests into the module

---
 tests/api/test_vote.py                        | 87 -------------------
 tests/modules/dashboards/__init__.py          |  0
 tests/modules/dashboards/conftest.py          | 63 ++++++++++++++
 .../dashboards/test_dashboard_votes.py        | 40 +++++++++
 .../dashboards}/test_dashboards.py            | 62 -------------
 .../datasets/test_dataset_count_votes.py      | 18 +++-
 6 files changed, 120 insertions(+), 150 deletions(-)
 create mode 100644 tests/modules/dashboards/__init__.py
 create mode 100644 tests/modules/dashboards/conftest.py
 create mode 100644 tests/modules/dashboards/test_dashboard_votes.py
 rename tests/{api => modules/dashboards}/test_dashboards.py (82%)

diff --git a/tests/api/test_vote.py b/tests/api/test_vote.py
index 513f0b903..c67ee6935 100644
--- a/tests/api/test_vote.py
+++ b/tests/api/test_vote.py
@@ -1,58 +1,3 @@
-import pytest
-
-from dataall.db import models
-
-
-@pytest.fixture(scope='module')
-def org1(db, org, tenant, user, group) -> models.Organization:
-    org = org('testorg', user.userName, group.name)
-    yield org
-
-
-@pytest.fixture(scope='module')
-def env1(
-    db, org1: models.Organization, user, group, env
-) -> models.Environment:
-    env1 = env(org1, 'dev', user.userName, group.name, '111111111111', 'eu-west-1')
-    yield env1
-
-
-@pytest.fixture(scope='module')
-def dashboard(client, env1, org1, group, module_mocker, patch_es):
-    module_mocker.patch(
-        'dataall.aws.handlers.quicksight.Quicksight.can_import_dashboard',
-        return_value=True,
-    )
-    response = client.query(
-        """
-            mutation importDashboard(
-                $input:ImportDashboardInput,
-            ){
-                importDashboard(input:$input){
-                    dashboardUri
-                    name
-                    label
-                    DashboardId
-                    created
-                    owner
-                    SamlGroupName
-                }
-            }
-        """,
-        input={
-            'dashboardId': f'1234',
-            'label': f'1234',
-            'environmentUri': env1.environmentUri,
-            'SamlGroupName': group.name,
-            'terms': ['term'],
-        },
-        username='alice',
-        groups=[group.name],
-    )
-    assert response.data.importDashboard.owner == 'alice'
-    assert response.data.importDashboard.SamlGroupName == group.name
-    yield response.data.importDashboard
-
 
 def test_count_votes(client, dashboard, env1):
     response = count_votes_query(
@@ -93,38 +38,6 @@ def get_vote_query(client, target_uri, target_type, group):
     return response
 
 
-def test_upvote(patch_es, client, env1, dashboard):
-
-    response = upvote_mutation(
-        client, dashboard.dashboardUri, 'dashboard', True, env1.SamlGroupName
-    )
-    assert response.data.upVote.upvote
-    response = count_votes_query(
-        client, dashboard.dashboardUri, 'dashboard', env1.SamlGroupName
-    )
-    assert response.data.countUpVotes == 1
-    response = get_vote_query(
-        client, dashboard.dashboardUri, 'dashboard', env1.SamlGroupName
-    )
-    assert response.data.getVote.upvote
-
-    response = upvote_mutation(
-        client, dashboard.dashboardUri, 'dashboard', False, env1.SamlGroupName
-    )
-
-    assert not response.data.upVote.upvote
-
-    response = get_vote_query(
-        client, dashboard.dashboardUri, 'dashboard', env1.SamlGroupName
-    )
-    assert not response.data.getVote.upvote
-
-    response = count_votes_query(
-        client, dashboard.dashboardUri, 'dashboard', env1.SamlGroupName
-    )
-    assert response.data.countUpVotes == 0
-
-
 def upvote_mutation(client, target_uri, target_type, upvote, group):
     response = client.query(
         """
diff --git a/tests/modules/dashboards/__init__.py b/tests/modules/dashboards/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/tests/modules/dashboards/conftest.py b/tests/modules/dashboards/conftest.py
new file mode 100644
index 000000000..6d9b0de97
--- /dev/null
+++ b/tests/modules/dashboards/conftest.py
@@ -0,0 +1,63 @@
+from unittest.mock import MagicMock
+
+import pytest
+
+from tests.api.conftest import *
+
+@pytest.fixture(scope='module', autouse=True)
+def org1(org, user, group, tenant):
+    org1 = org('testorg', user.userName, group.name)
+    yield org1
+
+
+@pytest.fixture(scope='module', autouse=True)
+def env1(env, org1, user, group, tenant, module_mocker):
+    module_mocker.patch('requests.post', return_value=True)
+    module_mocker.patch(
+        'dataall.api.Objects.Environment.resolvers.check_environment', return_value=True
+    )
+    module_mocker.patch(
+        'dataall.api.Objects.Environment.resolvers.get_pivot_role_as_part_of_environment', return_value=False
+    )
+    env1 = env(org1, 'dev', user.userName, group.name, '111111111111', 'eu-west-1')
+    yield env1
+
+
+@pytest.fixture(scope='module')
+def dashboard(client, env1, org1, group, module_mocker, patch_es):
+    mock_client = MagicMock()
+    module_mocker.patch(
+        'dataall.modules.dashboards.services.dashboard_service.DashboardQuicksightClient',
+        mock_client
+    )
+    response = client.query(
+        """
+            mutation importDashboard(
+                $input:ImportDashboardInput,
+            ){
+                importDashboard(input:$input){
+                    dashboardUri
+                    name
+                    label
+                    DashboardId
+                    created
+                    owner
+                    SamlGroupName
+                    upvotes
+                    userRoleForDashboard
+                }
+            }
+        """,
+        input={
+            'dashboardId': f'1234',
+            'label': f'1234',
+            'environmentUri': env1.environmentUri,
+            'SamlGroupName': group.name,
+            'terms': ['term'],
+        },
+        username='alice',
+        groups=[group.name],
+    )
+    assert response.data.importDashboard.owner == 'alice'
+    assert response.data.importDashboard.SamlGroupName == group.name
+    yield response.data.importDashboard
\ No newline at end of file
diff --git a/tests/modules/dashboards/test_dashboard_votes.py b/tests/modules/dashboards/test_dashboard_votes.py
new file mode 100644
index 000000000..e8842fce9
--- /dev/null
+++ b/tests/modules/dashboards/test_dashboard_votes.py
@@ -0,0 +1,40 @@
+from tests.api.test_vote import upvote_mutation, count_votes_query, get_vote_query
+
+
+def test_dashboard_count_votes(client, dashboard, env1):
+    response = count_votes_query(
+        client, dashboard.dashboardUri, 'dashboard', env1.SamlGroupName
+    )
+    assert response.data.countUpVotes == 0
+
+
+def test_dashboard_upvote(patch_es, client, env1, dashboard):
+
+    response = upvote_mutation(
+        client, dashboard.dashboardUri, 'dashboard', True, env1.SamlGroupName
+    )
+    assert response.data.upVote.upvote
+    response = count_votes_query(
+        client, dashboard.dashboardUri, 'dashboard', env1.SamlGroupName
+    )
+    assert response.data.countUpVotes == 1
+    response = get_vote_query(
+        client, dashboard.dashboardUri, 'dashboard', env1.SamlGroupName
+    )
+    assert response.data.getVote.upvote
+
+    response = upvote_mutation(
+        client, dashboard.dashboardUri, 'dashboard', False, env1.SamlGroupName
+    )
+
+    assert not response.data.upVote.upvote
+
+    response = get_vote_query(
+        client, dashboard.dashboardUri, 'dashboard', env1.SamlGroupName
+    )
+    assert not response.data.getVote.upvote
+
+    response = count_votes_query(
+        client, dashboard.dashboardUri, 'dashboard', env1.SamlGroupName
+    )
+    assert response.data.countUpVotes == 0
\ No newline at end of file
diff --git a/tests/api/test_dashboards.py b/tests/modules/dashboards/test_dashboards.py
similarity index 82%
rename from tests/api/test_dashboards.py
rename to tests/modules/dashboards/test_dashboards.py
index cd0da17bd..aa4629fcb 100644
--- a/tests/api/test_dashboards.py
+++ b/tests/modules/dashboards/test_dashboards.py
@@ -4,71 +4,9 @@
 import dataall
 
 
-@pytest.fixture(scope='module', autouse=True)
-def org1(org, user, group, tenant):
-    org1 = org('testorg', user.userName, group.name)
-    yield org1
-
-
-@pytest.fixture(scope='module', autouse=True)
-def env1(env, org1, user, group, tenant, module_mocker):
-    module_mocker.patch('requests.post', return_value=True)
-    module_mocker.patch(
-        'dataall.api.Objects.Environment.resolvers.check_environment', return_value=True
-    )
-    module_mocker.patch(
-        'dataall.api.Objects.Environment.resolvers.get_pivot_role_as_part_of_environment', return_value=False
-    )
-    env1 = env(org1, 'dev', user.userName, group.name, '111111111111', 'eu-west-1')
-    yield env1
-
-
-@pytest.fixture(scope='module')
-def dashboard(client, env1, org1, group, module_mocker, patch_es):
-    module_mocker.patch(
-        'dataall.aws.handlers.quicksight.Quicksight.can_import_dashboard',
-        return_value=True,
-    )
-    response = client.query(
-        """
-            mutation importDashboard(
-                $input:ImportDashboardInput,
-            ){
-                importDashboard(input:$input){
-                    dashboardUri
-                    name
-                    label
-                    DashboardId
-                    created
-                    owner
-                    SamlGroupName
-                    upvotes
-                    userRoleForDashboard
-                }
-            }
-        """,
-        input={
-            'dashboardId': f'1234',
-            'label': f'1234',
-            'environmentUri': env1.environmentUri,
-            'SamlGroupName': group.name,
-            'terms': ['term'],
-        },
-        username='alice',
-        groups=[group.name],
-    )
-    assert response.data.importDashboard.owner == 'alice'
-    assert response.data.importDashboard.SamlGroupName == group.name
-    yield response.data.importDashboard
-
-
 def test_update_dashboard(
     client, env1, org1, group, module_mocker, patch_es, dashboard
 ):
-    module_mocker.patch(
-        'dataall.aws.handlers.quicksight.Quicksight.can_import_dashboard',
-        return_value=True,
-    )
     response = client.query(
         """
             mutation updateDashboard(
diff --git a/tests/modules/datasets/test_dataset_count_votes.py b/tests/modules/datasets/test_dataset_count_votes.py
index 2212d8ad9..d35be46ed 100644
--- a/tests/modules/datasets/test_dataset_count_votes.py
+++ b/tests/modules/datasets/test_dataset_count_votes.py
@@ -3,6 +3,22 @@
 from dataall.modules.datasets import Dataset
 from tests.api.test_vote import *
 
+from dataall.db import models
+
+
+@pytest.fixture(scope='module')
+def org1(db, org, tenant, user, group) -> models.Organization:
+    org = org('testorg', user.userName, group.name)
+    yield org
+
+
+@pytest.fixture(scope='module')
+def env1(
+    db, org1: models.Organization, user, group, env
+) -> models.Environment:
+    env1 = env(org1, 'dev', user.userName, group.name, '111111111111', 'eu-west-1')
+    yield env1
+
 
 @pytest.fixture(scope='module', autouse=True)
 def dataset1(db, env1, org1, group, user, dataset) -> Dataset:
@@ -11,7 +27,7 @@ def dataset1(db, env1, org1, group, user, dataset) -> Dataset:
     )
 
 
-def test_count_votes(client, dataset1, dashboard):
+def test_count_votes(client, dataset1):
     response = count_votes_query(
         client, dataset1.datasetUri, 'dataset', dataset1.SamlAdminGroupName
     )

From 238234ca20996ea763911e625891d707b60731f8 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 31 May 2023 14:13:02 +0200
Subject: [PATCH 254/346] Moved dashboard tests into the module

---
 tests/api/test_vote.py | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/tests/api/test_vote.py b/tests/api/test_vote.py
index c67ee6935..69183f150 100644
--- a/tests/api/test_vote.py
+++ b/tests/api/test_vote.py
@@ -1,11 +1,4 @@
 
-def test_count_votes(client, dashboard, env1):
-    response = count_votes_query(
-        client, dashboard.dashboardUri, 'dashboard', env1.SamlGroupName
-    )
-    assert response.data.countUpVotes == 0
-
-
 def count_votes_query(client, target_uri, target_type, group):
     response = client.query(
         """

From 071094dbe743471a281f0504face27d07dd03c90 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 31 May 2023 17:25:01 +0200
Subject: [PATCH 255/346] Fixed issue staticmethod is not callable for
 python3.8

---
 backend/dataall/core/permission_checker.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/backend/dataall/core/permission_checker.py b/backend/dataall/core/permission_checker.py
index 4101a9b67..b5e1ab593 100644
--- a/backend/dataall/core/permission_checker.py
+++ b/backend/dataall/core/permission_checker.py
@@ -84,7 +84,11 @@ def decorated(*args, **kwargs):
 
             with get_context().db_engine.scoped_session() as session:
                 if parent_resource:
-                    uri = parent_resource(session, uri)
+                    try:
+                        uri = parent_resource(session, uri)
+                    except TypeError:
+                        uri = parent_resource.__func__(session, uri)
+
                 _check_resource_permission(session, uri, permission)
 
             return fn(*args, **kwargs)

From 96f770d158282fe0db9d33fb951fbfc6edac08f4 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 1 Jun 2023 09:43:21 +0200
Subject: [PATCH 256/346] Returned missed return statement

---
 backend/dataall/modules/datasets/api/table_column/resolvers.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/dataall/modules/datasets/api/table_column/resolvers.py b/backend/dataall/modules/datasets/api/table_column/resolvers.py
index b4e6ca0df..2e8235a52 100644
--- a/backend/dataall/modules/datasets/api/table_column/resolvers.py
+++ b/backend/dataall/modules/datasets/api/table_column/resolvers.py
@@ -14,7 +14,7 @@ def list_table_columns(
         tableUri = source.tableUri
     if not filter:
         filter = {}
-    DatasetColumnService.paginate_active_columns_for_table(tableUri, filter)
+    return DatasetColumnService.paginate_active_columns_for_table(tableUri, filter)
 
 
 def sync_table_columns(context: Context, source, tableUri: str = None):

From 33d3d7f55a6c98c8940258d8d5ffd378330961ac Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 1 Jun 2023 09:51:26 +0200
Subject: [PATCH 257/346] Column name should be used instead of instance uri

---
 .../dataall/api/Objects/Glossary/registry.py  |  3 ++-
 backend/dataall/db/models/Dashboard.py        |  5 +++--
 .../modules/datasets_base/db/models.py        | 20 +++++++++++--------
 3 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/backend/dataall/api/Objects/Glossary/registry.py b/backend/dataall/api/Objects/Glossary/registry.py
index 27c534368..3c27f3796 100644
--- a/backend/dataall/api/Objects/Glossary/registry.py
+++ b/backend/dataall/api/Objects/Glossary/registry.py
@@ -9,7 +9,8 @@
 
 
 class Identifiable(Protocol):
-    def uri(self):
+    @classmethod
+    def uri(cls):
         ...
 
 
diff --git a/backend/dataall/db/models/Dashboard.py b/backend/dataall/db/models/Dashboard.py
index 0b12ecd96..61c4d1400 100644
--- a/backend/dataall/db/models/Dashboard.py
+++ b/backend/dataall/db/models/Dashboard.py
@@ -19,5 +19,6 @@ class Dashboard(Resource, Base):
 
     userRoleForDashboard = query_expression()
 
-    def uri(self):
-        return self.dashboardUri
+    @classmethod
+    def uri(cls):
+        return cls.dashboardUri
diff --git a/backend/dataall/modules/datasets_base/db/models.py b/backend/dataall/modules/datasets_base/db/models.py
index 45f7fe858..4f41f4919 100644
--- a/backend/dataall/modules/datasets_base/db/models.py
+++ b/backend/dataall/modules/datasets_base/db/models.py
@@ -19,8 +19,9 @@ class DatasetTableColumn(Resource, Base):
         String, default='column'
     )  # can be either "column" or "partition"
 
-    def uri(self):
-        return self.columnUri
+    @classmethod
+    def uri(cls):
+        return cls.columnUri
 
 
 class DatasetProfilingRun(Resource, Base):
@@ -53,8 +54,9 @@ class DatasetStorageLocation(Resource, Base):
     projectPermission = query_expression()
     environmentEndPoint = query_expression()
 
-    def uri(self):
-        return self.locationUri
+    @classmethod
+    def uri(cls):
+        return cls.locationUri
 
 
 class DatasetTable(Resource, Base):
@@ -79,8 +81,9 @@ class DatasetTable(Resource, Base):
     topics = Column(ARRAY(String), nullable=True)
     confidentiality = Column(String, nullable=False, default='C1')
 
-    def uri(self):
-        return self.tableUri
+    @classmethod
+    def uri(cls):
+        return cls.tableUri
 
 
 class Dataset(Resource, Base):
@@ -138,5 +141,6 @@ class Dataset(Resource, Base):
     importedAdminRole = Column(Boolean, default=False)
     imported = Column(Boolean, default=False)
 
-    def uri(self):
-        return self.datasetUri
+    @classmethod
+    def uri(cls):
+        return cls.datasetUri

From 8af93a3a4e1e2eec5c69e054cdb76e53d199df76 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 1 Jun 2023 10:00:50 +0200
Subject: [PATCH 258/346] Fixed description of the permissions

---
 .../modules/dataset_sharing/services/share_permissions.py       | 2 +-
 .../modules/worksheets/services/worksheet_permissions.py        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/backend/dataall/modules/dataset_sharing/services/share_permissions.py b/backend/dataall/modules/dataset_sharing/services/share_permissions.py
index 5ae4071da..fd7620ab3 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_permissions.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_permissions.py
@@ -56,4 +56,4 @@
     RESOURCES_ALL_WITH_DESC[perm] = perm
 
 RESOURCES_ALL_WITH_DESC[CREATE_SHARE_OBJECT] = 'Request datasets access for this environment'
-RESOURCES_ALL_WITH_DESC[LIST_ENVIRONMENT_SHARED_WITH_OBJECTS] = LIST_ENVIRONMENT_SHARED_WITH_OBJECTS
+RESOURCES_ALL_WITH_DESC[LIST_ENVIRONMENT_SHARED_WITH_OBJECTS] = "List datasets shared with this environments"
diff --git a/backend/dataall/modules/worksheets/services/worksheet_permissions.py b/backend/dataall/modules/worksheets/services/worksheet_permissions.py
index cad183f42..581ddfc36 100644
--- a/backend/dataall/modules/worksheets/services/worksheet_permissions.py
+++ b/backend/dataall/modules/worksheets/services/worksheet_permissions.py
@@ -37,4 +37,4 @@
 ENVIRONMENT_ALL.append(RUN_ATHENA_QUERY)
 
 RESOURCES_ALL.append(RUN_ATHENA_QUERY)
-RESOURCES_ALL_WITH_DESC[RUN_ATHENA_QUERY] = RUN_ATHENA_QUERY
+RESOURCES_ALL_WITH_DESC[RUN_ATHENA_QUERY] = "Run Athena queries on this environment"

From c33b248429d8445ddd68b149e63f24380a4247c1 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 1 Jun 2023 11:02:48 +0200
Subject: [PATCH 259/346] Added missed depends on statements

---
 backend/dataall/modules/dataset_sharing/__init__.py |  4 ++++
 backend/dataall/modules/datasets/__init__.py        | 12 ++++++++++++
 2 files changed, 16 insertions(+)

diff --git a/backend/dataall/modules/dataset_sharing/__init__.py b/backend/dataall/modules/dataset_sharing/__init__.py
index 450d66047..491a9bf66 100644
--- a/backend/dataall/modules/dataset_sharing/__init__.py
+++ b/backend/dataall/modules/dataset_sharing/__init__.py
@@ -33,6 +33,10 @@ class SharingAsyncHandlersModuleInterface(ModuleInterface):
     def is_supported(modes: List[ImportMode]):
         return ImportMode.HANDLERS in modes
 
+    @staticmethod
+    def depends_on() -> List[Type['ModuleInterface']]:
+        return [DatasetBaseModuleInterface]
+
     def __init__(self):
         import dataall.modules.dataset_sharing.handlers
         log.info("Sharing handlers have been imported")
diff --git a/backend/dataall/modules/datasets/__init__.py b/backend/dataall/modules/datasets/__init__.py
index 61161caf1..d7a7e6cae 100644
--- a/backend/dataall/modules/datasets/__init__.py
+++ b/backend/dataall/modules/datasets/__init__.py
@@ -97,6 +97,10 @@ class DatasetCdkModuleInterface(ModuleInterface):
     def is_supported(modes: Set[ImportMode]):
         return ImportMode.CDK in modes
 
+    @staticmethod
+    def depends_on() -> List[Type['ModuleInterface']]:
+        return [DatasetBaseModuleInterface]
+
     def __init__(self):
         import dataall.modules.datasets.cdk
         from dataall.cdkproxy.stacks.environment import EnvironmentSetup
@@ -117,6 +121,10 @@ class DatasetStackUpdaterModuleInterface(ModuleInterface):
     def is_supported(modes: Set[ImportMode]) -> bool:
         return ImportMode.STACK_UPDATER_TASK in modes
 
+    @staticmethod
+    def depends_on() -> List[Type['ModuleInterface']]:
+        return [DatasetBaseModuleInterface]
+
     def __init__(self):
         from dataall.tasks.stacks_updater import StackFinder
         from dataall.tasks.stacks_updater import register_stack_finder
@@ -136,6 +144,10 @@ class DatasetCatalogIndexerModuleInterface(ModuleInterface):
     def is_supported(modes: Set[ImportMode]) -> bool:
         return ImportMode.CATALOG_INDEXER_TASK in modes
 
+    @staticmethod
+    def depends_on() -> List[Type['ModuleInterface']]:
+        return [DatasetBaseModuleInterface]
+
     def __init__(self):
         from dataall.tasks.catalog_indexer import register_catalog_indexer
         from dataall.modules.datasets.indexers.catalog_indexer import DatasetCatalogIndexer

From f23eeca80eaf13ff9ba61ce8307d8a8bd2e96036 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 1 Jun 2023 11:08:56 +0200
Subject: [PATCH 260/346] Added missed return statement

---
 .../modules/dataset_sharing/services/share_object_service.py    | 2 --
 .../dataall/modules/datasets/services/dataset_column_service.py | 2 +-
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/backend/dataall/modules/dataset_sharing/services/share_object_service.py b/backend/dataall/modules/dataset_sharing/services/share_object_service.py
index b75b87f02..d90eed5d1 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_object_service.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_object_service.py
@@ -1,5 +1,3 @@
-from sqlalchemy import and_
-
 from dataall.core.context import get_context
 from dataall.core.permission_checker import has_resource_permission
 from dataall.db import utils
diff --git a/backend/dataall/modules/datasets/services/dataset_column_service.py b/backend/dataall/modules/datasets/services/dataset_column_service.py
index f50c5bdef..9e28878a1 100644
--- a/backend/dataall/modules/datasets/services/dataset_column_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_column_service.py
@@ -14,7 +14,7 @@ class DatasetColumnService:
     def paginate_active_columns_for_table(table_uri: str, filter=None):
         # TODO THERE WAS NO PERMISSION CHECK!!!
         with get_context().db_engine.scoped_session() as session:
-            DatasetColumnRepository.paginate_active_columns_for_table(session, table_uri, filter)
+            return DatasetColumnRepository.paginate_active_columns_for_table(session, table_uri, filter)
 
     @staticmethod
     def sync_table_columns(table_uri: str):

From e991e70aefd650d21c461091e66e3f403e6a3a5d Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 1 Jun 2023 11:32:39 +0200
Subject: [PATCH 261/346] Removed unused queries

---
 .../datasets/api/profiling/mutations.py       | 17 ++-----------
 .../modules/datasets/api/profiling/queries.py | 10 --------
 .../datasets/api/profiling/resolvers.py       |  9 -------
 .../db/dataset_profiling_repository.py        | 12 +--------
 .../services/dataset_profiling_service.py     | 17 -------------
 .../datasets/test_dataset_profiling.py        | 25 -------------------
 6 files changed, 3 insertions(+), 87 deletions(-)

diff --git a/backend/dataall/modules/datasets/api/profiling/mutations.py b/backend/dataall/modules/datasets/api/profiling/mutations.py
index e4bcd62cc..dcc5a0bb7 100644
--- a/backend/dataall/modules/datasets/api/profiling/mutations.py
+++ b/backend/dataall/modules/datasets/api/profiling/mutations.py
@@ -1,22 +1,9 @@
 from dataall.api import gql
-from dataall.modules.datasets.api.profiling.resolvers import (
-    start_profiling_run,
-    update_profiling_run_results
-)
+from dataall.modules.datasets.api.profiling.resolvers import start_profiling_run
 
 startDatasetProfilingRun = gql.MutationField(
     name='startDatasetProfilingRun',
     args=[gql.Argument(name='input', type=gql.Ref('StartDatasetProfilingRunInput'))],
     type=gql.Ref('DatasetProfilingRun'),
     resolver=start_profiling_run,
-)
-
-updateDatasetProfilingRunResults = gql.MutationField(
-    name='updateDatasetProfilingRunResults',
-    args=[
-        gql.Argument(name='profilingRunUri', type=gql.NonNullableType(gql.String)),
-        gql.Argument(name='results', type=gql.NonNullableType(gql.String)),
-    ],
-    type=gql.Ref('DatasetProfilingRun'),
-    resolver=update_profiling_run_results,
-)
+)
\ No newline at end of file
diff --git a/backend/dataall/modules/datasets/api/profiling/queries.py b/backend/dataall/modules/datasets/api/profiling/queries.py
index 8d2fbb25c..0481867ad 100644
--- a/backend/dataall/modules/datasets/api/profiling/queries.py
+++ b/backend/dataall/modules/datasets/api/profiling/queries.py
@@ -1,20 +1,10 @@
 from dataall.api import gql
 from dataall.modules.datasets.api.profiling.resolvers import (
-    get_profiling_run,
     list_profiling_runs,
     list_table_profiling_runs,
     get_last_table_profiling_run
 )
 
-
-getDatasetProfilingRun = gql.QueryField(
-    name='getDatasetProfilingRun',
-    args=[gql.Argument(name='profilingRunUri', type=gql.NonNullableType(gql.String))],
-    type=gql.Ref('DatasetProfilingRun'),
-    resolver=get_profiling_run,
-)
-
-
 listDatasetProfilingRuns = gql.QueryField(
     name='listDatasetProfilingRuns',
     args=[
diff --git a/backend/dataall/modules/datasets/api/profiling/resolvers.py b/backend/dataall/modules/datasets/api/profiling/resolvers.py
index 13cb232d9..8db0581b5 100644
--- a/backend/dataall/modules/datasets/api/profiling/resolvers.py
+++ b/backend/dataall/modules/datasets/api/profiling/resolvers.py
@@ -40,19 +40,10 @@ def get_profiling_results(context: Context, source: DatasetProfilingRun):
     else:
         return json.dumps(source.results)
 
-
-def update_profiling_run_results(context: Context, source, profilingRunUri, results):
-    return DatasetProfilingService.update_profiling_run_results(profilingRunUri, results)
-
-
 def list_profiling_runs(context: Context, source, datasetUri=None):
     return DatasetProfilingService.list_profiling_runs(datasetUri)
 
 
-def get_profiling_run(context: Context, source, profilingRunUri=None):
-    return DatasetProfilingService.get_profiling_run(profilingRunUri)
-
-
 def get_last_table_profiling_run(context: Context, source, tableUri=None):
     return DatasetProfilingService.get_last_table_profiling_run(tableUri)
 
diff --git a/backend/dataall/modules/datasets/db/dataset_profiling_repository.py b/backend/dataall/modules/datasets/db/dataset_profiling_repository.py
index 71a7c3016..02058b296 100644
--- a/backend/dataall/modules/datasets/db/dataset_profiling_repository.py
+++ b/backend/dataall/modules/datasets/db/dataset_profiling_repository.py
@@ -29,22 +29,12 @@ def save_profiling(session, dataset, env, glue_table_name):
         return run
 
     @staticmethod
-    def update_run(
-        session,
-        run_uri=None,
-        glue_job_run_id=None,
-        glue_job_state=None,
-        results=None,
-    ):
+    def update_run(session, run_uri, glue_job_run_id):
         run = DatasetProfilingRepository.get_profiling_run(
             session, profilingRunUri=run_uri, GlueJobRunId=glue_job_run_id
         )
         if glue_job_run_id:
             run.GlueJobRunId = glue_job_run_id
-        if glue_job_state:
-            run.status = glue_job_state
-        if results:
-            run.results = results
         session.commit()
         return run
 
diff --git a/backend/dataall/modules/datasets/services/dataset_profiling_service.py b/backend/dataall/modules/datasets/services/dataset_profiling_service.py
index 109bbcafd..87cd37d0f 100644
--- a/backend/dataall/modules/datasets/services/dataset_profiling_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_profiling_service.py
@@ -59,29 +59,12 @@ def queue_profiling_run(run_uri):
             session.add(task)
         Worker.queue(engine=context.db_engine, task_ids=[task.taskUri])
 
-    @staticmethod
-    def update_profiling_run_results(run_uri, results):
-        # TODO NO PERMISSION CHECK
-        with get_context().db_engine.scoped_session() as session:
-            run = DatasetProfilingRepository.update_run(
-                session=session, run_uri=run_uri, results=results
-            )
-            return run
-
     @staticmethod
     def list_profiling_runs(dataset_uri):
         # TODO NO PERMISSION CHECK
         with get_context().db_engine.scoped_session() as session:
             return DatasetProfilingRepository.list_profiling_runs(session, dataset_uri)
 
-    @staticmethod
-    def get_profiling_run(run_uri):
-        # TODO NO PERMISSION CHECK
-        with get_context().db_engine.scoped_session() as session:
-            return DatasetProfilingRepository.get_profiling_run(
-                session=session, profilingRunUri=run_uri
-            )
-
     @staticmethod
     def get_last_table_profiling_run(table_uri: str):
         # TODO NO PERMISSION CHECK
diff --git a/tests/modules/datasets/test_dataset_profiling.py b/tests/modules/datasets/test_dataset_profiling.py
index 852b4ea0b..d670e41c8 100644
--- a/tests/modules/datasets/test_dataset_profiling.py
+++ b/tests/modules/datasets/test_dataset_profiling.py
@@ -105,31 +105,6 @@ def list_profiling_runs(client, dataset1, group):
     return response.data.listDatasetProfilingRuns['nodes']
 
 
-def test_get_profiling_run(client, dataset1, env1, module_mocker, db, group):
-    runs = list_profiling_runs(client, dataset1, group)
-    module_mocker.patch(
-        'dataall.aws.handlers.service_handlers.Worker.queue',
-        return_value=update_runs(db, runs),
-    )
-    response = client.query(
-        """
-        query getDatasetProfilingRun($profilingRunUri:String!){
-            getDatasetProfilingRun(profilingRunUri:$profilingRunUri){
-                profilingRunUri
-                status
-            }
-        }
-        """,
-        profilingRunUri=runs[0]['profilingRunUri'],
-        groups=[group.name],
-    )
-    assert (
-        response.data.getDatasetProfilingRun['profilingRunUri']
-        == runs[0]['profilingRunUri']
-    )
-    assert response.data.getDatasetProfilingRun['status'] == 'SUCCEEDED'
-
-
 def test_get_table_profiling_run(
     client, dataset1, env1, module_mocker, table, db, group
 ):

From 28a2ef73c36dd9d6715acc542a07243d9d68f3bd Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 1 Jun 2023 11:46:46 +0200
Subject: [PATCH 262/346] Removed unused queries

---
 .../dataall/modules/datasets/api/dataset/queries.py  | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/backend/dataall/modules/datasets/api/dataset/queries.py b/backend/dataall/modules/datasets/api/dataset/queries.py
index 17295505a..2a202bcf8 100644
--- a/backend/dataall/modules/datasets/api/dataset/queries.py
+++ b/backend/dataall/modules/datasets/api/dataset/queries.py
@@ -58,18 +58,6 @@
     resolver=get_file_upload_presigned_url,
 )
 
-
-getGlueCrawlerStatus = gql.MutationField(
-    name='getGlueCrawlerStatus',
-    args=[
-        gql.Argument(name='datasetUri', type=gql.NonNullableType(gql.String)),
-        gql.Argument(name='name', type=gql.NonNullableType(gql.String)),
-    ],
-    resolver=lambda *_, **__: None,
-    type=gql.Ref('GlueCrawler'),
-)
-
-
 listShareObjects = gql.QueryField(
     name='listDatasetShareObjects',
     resolver=list_dataset_share_objects,

From a38be2e029ee8a2dcd3abcfab8e09fcb37fa69b6 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 1 Jun 2023 12:16:44 +0200
Subject: [PATCH 263/346] Renaming of the camelcase variables

---
 .../db/share_object_repository.py             | 18 +++++-------
 .../services/data_sharing_service.py          | 28 +++++++++----------
 .../services/share_notification_service.py    | 20 ++++++-------
 .../datasets/api/profiling/mutations.py       |  2 +-
 .../db/dataset_profiling_repository.py        | 12 ++++----
 .../handlers/glue_profiling_handler.py        |  2 +-
 .../datasets/services/dataset_service.py      |  4 +--
 .../datasets_base/db/dataset_repository.py    | 10 +++----
 8 files changed, 45 insertions(+), 51 deletions(-)

diff --git a/backend/dataall/modules/dataset_sharing/db/share_object_repository.py b/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
index ef7044283..f0aad8da7 100644
--- a/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
+++ b/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
@@ -30,7 +30,8 @@ def validate_transition(self, prev_state):
         elif prev_state not in self._all_source_states:
             raise exceptions.UnauthorizedOperation(
                 action=self._name,
-                message=f'This transition is not possible, {prev_state} cannot go to {self._all_target_states}. If there is a sharing or revoking in progress wait until it is complete and try again.',
+                message=f'This transition is not possible, {prev_state} cannot go to {self._all_target_states}. '
+                        f'If there is a sharing or revoking in progress wait until it is complete and try again.',
             )
         else:
             return True
@@ -146,7 +147,7 @@ def update_state(self, session, share, new_state):
         logger.info(f"Updating share object {share.shareUri} in DB from {self._state} to state {new_state}")
         ShareObjectRepository.update_share_object_status(
             session=session,
-            shareUri=share.shareUri,
+            share_uri=share.shareUri,
             status=new_state
         )
         self._state = new_state
@@ -532,8 +533,8 @@ def list_shareable_items(session, share, states, data):
                     )
                 )
             if 'isShared' in data.keys():
-                isShared = data.get('isShared')
-                query = query.filter(shareable_objects.c.isShared == isShared)
+                is_shared = data.get('isShared')
+                query = query.filter(shareable_objects.c.isShared == is_shared)
 
         return paginate(query, data.get('page', 1), data.get('pageSize', 10)).to_dict()
 
@@ -595,13 +596,8 @@ def get_share_by_dataset_and_environment(session, dataset_uri, environment_uri):
         return share
 
     @staticmethod
-    def update_share_object_status(
-            session,
-            shareUri: str,
-            status: str,
-    ) -> ShareObject:
-
-        share = ShareObjectRepository.get_share_by_uri(session, shareUri)
+    def update_share_object_status(session, share_uri: str, status: str) -> ShareObject:
+        share = ShareObjectRepository.get_share_by_uri(session, share_uri)
         share.status = status
         session.commit()
         return share
diff --git a/backend/dataall/modules/dataset_sharing/services/data_sharing_service.py b/backend/dataall/modules/dataset_sharing/services/data_sharing_service.py
index 53ab11c98..fdf9d95e2 100644
--- a/backend/dataall/modules/dataset_sharing/services/data_sharing_service.py
+++ b/backend/dataall/modules/dataset_sharing/services/data_sharing_service.py
@@ -44,9 +44,9 @@ def approve_share(cls, engine: Engine, share_uri: str) -> bool:
                 target_environment,
             ) = ShareObjectRepository.get_share_data(session, share_uri)
 
-            Share_SM = ShareObjectSM(share.status)
-            new_share_state = Share_SM.run_transition(ShareObjectActions.Start.value)
-            Share_SM.update_state(session, share, new_share_state)
+            share_sm = ShareObjectSM(share.status)
+            new_share_state = share_sm.run_transition(ShareObjectActions.Start.value)
+            share_sm.update_state(session, share, new_share_state)
 
             (
                 shared_tables,
@@ -94,8 +94,8 @@ def approve_share(cls, engine: Engine, share_uri: str) -> bool:
         approved_tables_succeed = processor.process_approved_shares()
         log.info(f'sharing tables succeeded = {approved_tables_succeed}')
 
-        new_share_state = Share_SM.run_transition(ShareObjectActions.Finish.value)
-        Share_SM.update_state(session, share, new_share_state)
+        new_share_state = share_sm.run_transition(ShareObjectActions.Finish.value)
+        share_sm.update_state(session, share, new_share_state)
 
         return approved_tables_succeed if approved_folders_succeed else False
 
@@ -131,19 +131,19 @@ def revoke_share(cls, engine: Engine, share_uri: str):
                 target_environment,
             ) = ShareObjectRepository.get_share_data(session, share_uri)
 
-            Share_SM = ShareObjectSM(share.status)
-            new_share_state = Share_SM.run_transition(ShareObjectActions.Start.value)
-            Share_SM.update_state(session, share, new_share_state)
+            share_sm = ShareObjectSM(share.status)
+            new_share_state = share_sm.run_transition(ShareObjectActions.Start.value)
+            share_sm.update_state(session, share, new_share_state)
 
-            revoked_item_SM = ShareItemSM(ShareItemStatus.Revoke_Approved.value)
+            revoked_item_sm = ShareItemSM(ShareItemStatus.Revoke_Approved.value)
 
             (
                 revoked_tables,
                 revoked_folders
             ) = ShareObjectRepository.get_share_data_items(session, share_uri, ShareItemStatus.Revoke_Approved.value)
 
-            new_state = revoked_item_SM.run_transition(ShareObjectActions.Start.value)
-            revoked_item_SM.update_state(session, share_uri, new_state)
+            new_state = revoked_item_sm.run_transition(ShareObjectActions.Start.value)
+            revoked_item_sm.update_state(session, share_uri, new_state)
 
             log.info(f'Revoking permissions to folders: {revoked_folders}')
 
@@ -212,9 +212,9 @@ def revoke_share(cls, engine: Engine, share_uri: str):
 
             existing_pending_items = ShareObjectRepository.check_pending_share_items(session, share_uri)
             if existing_pending_items:
-                new_share_state = Share_SM.run_transition(ShareObjectActions.FinishPending.value)
+                new_share_state = share_sm.run_transition(ShareObjectActions.FinishPending.value)
             else:
-                new_share_state = Share_SM.run_transition(ShareObjectActions.Finish.value)
-            Share_SM.update_state(session, share, new_share_state)
+                new_share_state = share_sm.run_transition(ShareObjectActions.Finish.value)
+            share_sm.update_state(session, share, new_share_state)
 
             return revoked_tables_succeed and revoked_folders_succeed
diff --git a/backend/dataall/modules/dataset_sharing/services/share_notification_service.py b/backend/dataall/modules/dataset_sharing/services/share_notification_service.py
index 4f1bb20df..b6297720b 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_notification_service.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_notification_service.py
@@ -9,18 +9,15 @@ class ShareNotificationService:
     def notify_share_object_submission(
             session, username: str, dataset: Dataset, share: ShareObject
     ):
-        notifications = []
+        notifications = [Notification.create(
+            session=session,
+            username=dataset.owner,
+            notification_type=models.NotificationType.SHARE_OBJECT_SUBMITTED,
+            target_uri=f'{share.shareUri}|{dataset.datasetUri}',
+            message=f'User {username} submitted share request for dataset {dataset.label}',
+        )]
         # stewards = Notification.get_dataset_stewards(session, dataset)
         # for steward in stewards:
-        notifications.append(
-            Notification.create(
-                session=session,
-                username=dataset.owner,
-                notification_type=models.NotificationType.SHARE_OBJECT_SUBMITTED,
-                target_uri=f'{share.shareUri}|{dataset.datasetUri}',
-                message=f'User {username} submitted share request for dataset {dataset.label}',
-            )
-        )
         session.add_all(notifications)
         return notifications
 
@@ -81,7 +78,8 @@ def notify_new_data_available_from_owners(
                     username=user,
                     notification_type=models.NotificationType.DATASET_VERSION,
                     target_uri=f'{share.shareUri}|{dataset.datasetUri}',
-                    message=f'New data (at {s3_prefix}) is available from dataset {dataset.datasetUri} shared by owner {dataset.owner}',
+                    message=f'New data (at {s3_prefix}) is available from dataset {dataset.datasetUri} '
+                            f'shared by owner {dataset.owner}',
                 )
             )
             session.add_all(notifications)
diff --git a/backend/dataall/modules/datasets/api/profiling/mutations.py b/backend/dataall/modules/datasets/api/profiling/mutations.py
index dcc5a0bb7..c0597a5c4 100644
--- a/backend/dataall/modules/datasets/api/profiling/mutations.py
+++ b/backend/dataall/modules/datasets/api/profiling/mutations.py
@@ -6,4 +6,4 @@
     args=[gql.Argument(name='input', type=gql.Ref('StartDatasetProfilingRunInput'))],
     type=gql.Ref('DatasetProfilingRun'),
     resolver=start_profiling_run,
-)
\ No newline at end of file
+)
diff --git a/backend/dataall/modules/datasets/db/dataset_profiling_repository.py b/backend/dataall/modules/datasets/db/dataset_profiling_repository.py
index 02058b296..c0f3d07eb 100644
--- a/backend/dataall/modules/datasets/db/dataset_profiling_repository.py
+++ b/backend/dataall/modules/datasets/db/dataset_profiling_repository.py
@@ -31,7 +31,7 @@ def save_profiling(session, dataset, env, glue_table_name):
     @staticmethod
     def update_run(session, run_uri, glue_job_run_id):
         run = DatasetProfilingRepository.get_profiling_run(
-            session, profilingRunUri=run_uri, GlueJobRunId=glue_job_run_id
+            session, profiling_run_uri=run_uri, glue_job_run_id=glue_job_run_id
         )
         if glue_job_run_id:
             run.GlueJobRunId = glue_job_run_id
@@ -40,17 +40,17 @@ def update_run(session, run_uri, glue_job_run_id):
 
     @staticmethod
     def get_profiling_run(
-        session, profilingRunUri=None, GlueJobRunId=None, GlueTableName=None
+        session, profiling_run_uri=None, glue_job_run_id=None, glue_table_name=None
     ):
-        if profilingRunUri:
+        if profiling_run_uri:
             run: DatasetProfilingRun = session.query(
                 DatasetProfilingRun
-            ).get(profilingRunUri)
+            ).get(profiling_run_uri)
         else:
             run: DatasetProfilingRun = (
                 session.query(DatasetProfilingRun)
-                .filter(DatasetProfilingRun.GlueJobRunId == GlueJobRunId)
-                .filter(DatasetProfilingRun.GlueTableName == GlueTableName)
+                .filter(DatasetProfilingRun.GlueJobRunId == glue_job_run_id)
+                .filter(DatasetProfilingRun.GlueTableName == glue_table_name)
                 .first()
             )
         return run
diff --git a/backend/dataall/modules/datasets/handlers/glue_profiling_handler.py b/backend/dataall/modules/datasets/handlers/glue_profiling_handler.py
index 81d37d36d..d001311b7 100644
--- a/backend/dataall/modules/datasets/handlers/glue_profiling_handler.py
+++ b/backend/dataall/modules/datasets/handlers/glue_profiling_handler.py
@@ -41,7 +41,7 @@ def start_profiling_run(engine, task: models.Task):
     def _get_job_data(session, task):
         profiling: DatasetProfilingRun = (
             DatasetProfilingRepository.get_profiling_run(
-                session, profilingRunUri=task.targetUri
+                session, profiling_run_uri=task.targetUri
             )
         )
         dataset: Dataset = session.query(Dataset).get(
diff --git a/backend/dataall/modules/datasets/services/dataset_service.py b/backend/dataall/modules/datasets/services/dataset_service.py
index f89f98b7c..2f12d3ca0 100644
--- a/backend/dataall/modules/datasets/services/dataset_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_service.py
@@ -496,8 +496,8 @@ def list_datasets_owned_by_env_group(env_uri: str, group_uri: str, data: dict):
         with get_context().db_engine.scoped_session() as session:
             return DatasetRepository.paginated_environment_group_datasets(
                 session=session,
-                envUri=env_uri,
-                groupUri=group_uri,
+                env_uri=env_uri,
+                group_uri=group_uri,
                 data=data,
             )
 
diff --git a/backend/dataall/modules/datasets_base/db/dataset_repository.py b/backend/dataall/modules/datasets_base/db/dataset_repository.py
index d3697ca3f..dbd60f476 100644
--- a/backend/dataall/modules/datasets_base/db/dataset_repository.py
+++ b/backend/dataall/modules/datasets_base/db/dataset_repository.py
@@ -318,11 +318,11 @@ def count_dataset_tables(session, dataset_uri):
         )
 
     @staticmethod
-    def query_environment_group_datasets(session, envUri, groupUri, filter) -> Query:
+    def query_environment_group_datasets(session, env_uri, group_uri, filter) -> Query:
         query = session.query(Dataset).filter(
             and_(
-                Dataset.environmentUri == envUri,
-                Dataset.SamlAdminGroupName == groupUri,
+                Dataset.environmentUri == env_uri,
+                Dataset.SamlAdminGroupName == group_uri,
                 Dataset.deleted.is_(None),
             )
         )
@@ -372,11 +372,11 @@ def paginated_environment_datasets(
 
     @staticmethod
     def paginated_environment_group_datasets(
-            session, envUri, groupUri, data=None
+            session, env_uri, group_uri, data=None
     ) -> dict:
         return paginate(
             query=DatasetRepository.query_environment_group_datasets(
-                session, envUri, groupUri, data
+                session, env_uri, group_uri, data
             ),
             page=data.get('page', 1),
             page_size=data.get('pageSize', 10),

From e0b67b173cfbd01234bd109dc46a8f107a8e67a4 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 1 Jun 2023 12:47:49 +0200
Subject: [PATCH 264/346] Indexers don't have queries. Removed big join queries

---
 .../datasets/db/dataset_table_repository.py   | 26 ++++++
 .../datasets/indexers/dataset_indexer.py      | 57 +++---------
 .../datasets/indexers/location_indexer.py     | 71 ++++-----------
 .../datasets/indexers/table_indexer.py        | 88 +++++--------------
 4 files changed, 77 insertions(+), 165 deletions(-)

diff --git a/backend/dataall/modules/datasets/db/dataset_table_repository.py b/backend/dataall/modules/datasets/db/dataset_table_repository.py
index 9fb6eeec7..76e7f2f7e 100644
--- a/backend/dataall/modules/datasets/db/dataset_table_repository.py
+++ b/backend/dataall/modules/datasets/db/dataset_table_repository.py
@@ -140,6 +140,32 @@ def update_existing_tables_status(existing_tables, glue_tables):
                     f'Table {existing_table.GlueTableName} status set to Deleted from Glue.'
                 )
 
+    @staticmethod
+    def find_all_active_tables(session, dataset_uri):
+        return (
+            session.query(DatasetTable)
+            .filter(
+                and_(
+                    DatasetTable.datasetUri == dataset_uri,
+                    DatasetTable.LastGlueTableStatus != 'Deleted',
+                )
+            )
+            .all()
+        )
+
+    @staticmethod
+    def find_all_deleted_tables(session, dataset_uri):
+        return (
+            session.query(DatasetTable)
+            .filter(
+                and_(
+                    DatasetTable.datasetUri == dataset_uri,
+                    DatasetTable.LastGlueTableStatus == 'Deleted',
+                )
+            )
+            .all()
+        )
+
     @staticmethod
     def sync_table_columns(session, dataset_table, glue_table):
 
diff --git a/backend/dataall/modules/datasets/indexers/dataset_indexer.py b/backend/dataall/modules/datasets/indexers/dataset_indexer.py
index 4036136ba..062964767 100644
--- a/backend/dataall/modules/datasets/indexers/dataset_indexer.py
+++ b/backend/dataall/modules/datasets/indexers/dataset_indexer.py
@@ -1,9 +1,7 @@
 """Indexes Datasets in OpenSearch"""
 
-from dataall.db import models
-from dataall.db.api import Vote
+from dataall.db.api import Vote, Environment, Organization
 from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
-from dataall.modules.datasets_base.db.models import Dataset
 from dataall.modules.datasets.db.dataset_location_repository import DatasetLocationRepository
 from dataall.searchproxy.base_indexer import BaseIndexer
 
@@ -12,39 +10,10 @@ class DatasetIndexer(BaseIndexer):
 
     @classmethod
     def upsert(cls, session, dataset_uri: str):
-        dataset = (
-            session.query(
-                Dataset.datasetUri.label('datasetUri'),
-                Dataset.name.label('name'),
-                Dataset.owner.label('owner'),
-                Dataset.label.label('label'),
-                Dataset.description.label('description'),
-                Dataset.confidentiality.label('classification'),
-                Dataset.tags.label('tags'),
-                Dataset.topics.label('topics'),
-                Dataset.region.label('region'),
-                models.Organization.organizationUri.label('orgUri'),
-                models.Organization.name.label('orgName'),
-                models.Environment.environmentUri.label('envUri'),
-                models.Environment.name.label('envName'),
-                Dataset.SamlAdminGroupName.label('admins'),
-                Dataset.GlueDatabaseName.label('database'),
-                Dataset.S3BucketName.label('source'),
-                Dataset.created,
-                Dataset.updated,
-                Dataset.deleted,
-            )
-            .join(
-                models.Organization,
-                Dataset.organizationUri == models.Organization.organizationUri,
-            )
-            .join(
-                models.Environment,
-                Dataset.environmentUri == models.Environment.environmentUri,
-            )
-            .filter(Dataset.datasetUri == dataset_uri)
-            .first()
-        )
+        dataset = DatasetRepository.get_dataset_by_uri(session, dataset_uri)
+        env = Environment.get_environment_by_uri(session, dataset.environmentUri)
+        org = Organization.get_organization_by_uri(session, dataset.organizationUri)
+
         count_tables = DatasetRepository.count_dataset_tables(session, dataset_uri)
         count_folders = DatasetLocationRepository.count_dataset_locations(session, dataset_uri)
         count_upvotes = Vote.count_upvotes(
@@ -59,19 +28,19 @@ def upsert(cls, session, dataset_uri: str):
                     'name': dataset.name,
                     'owner': dataset.owner,
                     'label': dataset.label,
-                    'admins': dataset.admins,
-                    'database': dataset.database,
-                    'source': dataset.source,
+                    'admins': dataset.SamlAdminGroupName,
+                    'database': dataset.GlueDatabaseName,
+                    'source': dataset.S3BucketName,
                     'resourceKind': 'dataset',
                     'description': dataset.description,
-                    'classification': dataset.classification,
+                    'classification': dataset.confidentiality,
                     'tags': [t.replace('-', '') for t in dataset.tags or []],
                     'topics': dataset.topics,
                     'region': dataset.region.replace('-', ''),
-                    'environmentUri': dataset.envUri,
-                    'environmentName': dataset.envName,
-                    'organizationUri': dataset.orgUri,
-                    'organizationName': dataset.orgName,
+                    'environmentUri': env.environmentUri,
+                    'environmentName': env.name,
+                    'organizationUri': org.organizationUri,
+                    'organizationName': org.name,
                     'created': dataset.created,
                     'updated': dataset.updated,
                     'deleted': dataset.deleted,
diff --git a/backend/dataall/modules/datasets/indexers/location_indexer.py b/backend/dataall/modules/datasets/indexers/location_indexer.py
index 9a6694d66..7856e4bea 100644
--- a/backend/dataall/modules/datasets/indexers/location_indexer.py
+++ b/backend/dataall/modules/datasets/indexers/location_indexer.py
@@ -1,7 +1,7 @@
 """Indexes DatasetStorageLocation in OpenSearch"""
-from dataall.modules.datasets_base.db.models import DatasetStorageLocation, Dataset
-
-from dataall.db import models
+from dataall.db.api import Environment, Organization
+from dataall.modules.datasets.db.dataset_location_repository import DatasetLocationRepository
+from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
 from dataall.searchproxy.base_indexer import BaseIndexer
 
@@ -10,64 +10,33 @@ class DatasetLocationIndexer(BaseIndexer):
 
     @classmethod
     def upsert(cls, session, folder_uri: str):
-        folder = (
-            session.query(
-                DatasetStorageLocation.datasetUri.label('datasetUri'),
-                DatasetStorageLocation.locationUri.label('uri'),
-                DatasetStorageLocation.name.label('name'),
-                DatasetStorageLocation.owner.label('owner'),
-                DatasetStorageLocation.label.label('label'),
-                DatasetStorageLocation.description.label('description'),
-                DatasetStorageLocation.tags.label('tags'),
-                DatasetStorageLocation.region.label('region'),
-                models.Organization.organizationUri.label('orgUri'),
-                models.Organization.name.label('orgName'),
-                models.Environment.environmentUri.label('envUri'),
-                models.Environment.name.label('envName'),
-                Dataset.SamlAdminGroupName.label('admins'),
-                Dataset.S3BucketName.label('source'),
-                Dataset.topics.label('topics'),
-                Dataset.confidentiality.label('classification'),
-                DatasetStorageLocation.created,
-                DatasetStorageLocation.updated,
-                DatasetStorageLocation.deleted,
-            )
-            .join(
-                Dataset,
-                Dataset.datasetUri == DatasetStorageLocation.datasetUri,
-            )
-            .join(
-                models.Organization,
-                Dataset.organizationUri == models.Organization.organizationUri,
-            )
-            .join(
-                models.Environment,
-                Dataset.environmentUri == models.Environment.environmentUri,
-            )
-            .filter(DatasetStorageLocation.locationUri == folder_uri)
-            .first()
-        )
+        folder = DatasetLocationRepository.get_location_by_uri(session, folder_uri)
+
         if folder:
+            dataset = DatasetRepository.get_dataset_by_uri(session, folder.datasetUri)
+            env = Environment.get_environment_by_uri(session, dataset.environmentUri)
+            org = Organization.get_organization_by_uri(session, dataset.environmentUri)
             glossary = BaseIndexer._get_target_glossary_terms(session, folder_uri)
+
             BaseIndexer._index(
                 doc_id=folder_uri,
                 doc={
                     'name': folder.name,
-                    'admins': folder.admins,
+                    'admins': dataset.SamlAdminGroupName,
                     'owner': folder.owner,
                     'label': folder.label,
                     'resourceKind': 'folder',
                     'description': folder.description,
-                    'source': folder.source,
-                    'classification': folder.classification,
+                    'source': dataset.S3BucketName,
+                    'classification': dataset.confidentiality,
                     'tags': [f.replace('-', '') for f in folder.tags or []],
-                    'topics': folder.topics,
+                    'topics': dataset.topics,
                     'region': folder.region.replace('-', ''),
                     'datasetUri': folder.datasetUri,
-                    'environmentUri': folder.envUri,
-                    'environmentName': folder.envName,
-                    'organizationUri': folder.orgUri,
-                    'organizationName': folder.orgName,
+                    'environmentUri': env.environmentUri,
+                    'environmentName': env.name,
+                    'organizationUri': org.organizationUri,
+                    'organizationName': org.name,
                     'created': folder.created,
                     'updated': folder.updated,
                     'deleted': folder.deleted,
@@ -79,11 +48,7 @@ def upsert(cls, session, folder_uri: str):
 
     @classmethod
     def upsert_all(cls, session, dataset_uri: str):
-        folders = (
-            session.query(DatasetStorageLocation)
-            .filter(DatasetStorageLocation.datasetUri == dataset_uri)
-            .all()
-        )
+        folders = DatasetLocationRepository.get_dataset_folders(session, dataset_uri)
         for folder in folders:
             DatasetLocationIndexer.upsert(session=session, folder_uri=folder.locationUri)
         return folders
diff --git a/backend/dataall/modules/datasets/indexers/table_indexer.py b/backend/dataall/modules/datasets/indexers/table_indexer.py
index edbf262b5..ca0b0b88d 100644
--- a/backend/dataall/modules/datasets/indexers/table_indexer.py
+++ b/backend/dataall/modules/datasets/indexers/table_indexer.py
@@ -2,6 +2,9 @@
 from operator import and_
 
 from dataall.db import models
+from dataall.db.api import Environment, Organization
+from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
+from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
 from dataall.searchproxy.base_indexer import BaseIndexer
@@ -11,68 +14,35 @@ class DatasetTableIndexer(BaseIndexer):
 
     @classmethod
     def upsert(cls, session, table_uri: str):
-        table = (
-            session.query(
-                DatasetTable.datasetUri.label('datasetUri'),
-                DatasetTable.tableUri.label('uri'),
-                DatasetTable.name.label('name'),
-                DatasetTable.owner.label('owner'),
-                DatasetTable.label.label('label'),
-                DatasetTable.description.label('description'),
-                Dataset.confidentiality.label('classification'),
-                DatasetTable.tags.label('tags'),
-                Dataset.topics.label('topics'),
-                Dataset.region.label('region'),
-                models.Organization.organizationUri.label('orgUri'),
-                models.Organization.name.label('orgName'),
-                models.Environment.environmentUri.label('envUri'),
-                models.Environment.name.label('envName'),
-                Dataset.SamlAdminGroupName.label('admins'),
-                Dataset.GlueDatabaseName.label('database'),
-                Dataset.S3BucketName.label('source'),
-                DatasetTable.created,
-                DatasetTable.updated,
-                DatasetTable.deleted,
-            )
-            .join(
-                Dataset,
-                Dataset.datasetUri == DatasetTable.datasetUri,
-            )
-            .join(
-                models.Organization,
-                Dataset.organizationUri == models.Organization.organizationUri,
-            )
-            .join(
-                models.Environment,
-                Dataset.environmentUri == models.Environment.environmentUri,
-            )
-            .filter(DatasetTable.tableUri == table_uri)
-            .first()
-        )
+        table = DatasetTableRepository.get_dataset_table_by_uri(session, table_uri)
 
         if table:
+            dataset = DatasetRepository.get_dataset_by_uri(session, table.datasetUri)
+            env = Environment.get_environment_by_uri(session, dataset.environmentUri)
+            org = Organization.get_organization_by_uri(session, dataset.environmentUri)
             glossary = BaseIndexer._get_target_glossary_terms(session, table_uri)
+
             tags = table.tags if table.tags else []
             BaseIndexer._index(
                 doc_id=table_uri,
                 doc={
                     'name': table.name,
-                    'admins': table.admins,
+                    'admins': dataset.SamlAdminGroupName,
                     'owner': table.owner,
                     'label': table.label,
                     'resourceKind': 'table',
                     'description': table.description,
-                    'database': table.database,
-                    'source': table.source,
-                    'classification': table.classification,
+                    'database': table.GlueDatabaseName,
+                    'source': table.S3BucketName,
+                    'classification': dataset.confidentiality,
                     'tags': [t.replace('-', '') for t in tags or []],
-                    'topics': table.topics,
-                    'region': table.region.replace('-', ''),
+                    'topics': dataset.topics,
+                    'region': dataset.region.replace('-', ''),
                     'datasetUri': table.datasetUri,
-                    'environmentUri': table.envUri,
-                    'environmentName': table.envName,
-                    'organizationUri': table.orgUri,
-                    'organizationName': table.orgName,
+                    'environmentUri': env.environmentUri,
+                    'environmentName': env.name,
+                    'organizationUri': org.organizationUri,
+                    'organizationName': org.name,
                     'created': table.created,
                     'updated': table.updated,
                     'deleted': table.deleted,
@@ -84,32 +54,14 @@ def upsert(cls, session, table_uri: str):
 
     @classmethod
     def upsert_all(cls, session, dataset_uri: str):
-        tables = (
-            session.query(DatasetTable)
-            .filter(
-                and_(
-                    DatasetTable.datasetUri == dataset_uri,
-                    DatasetTable.LastGlueTableStatus != 'Deleted',
-                )
-            )
-            .all()
-        )
+        tables = DatasetTableRepository.find_all_active_tables(session, dataset_uri)
         for table in tables:
             DatasetTableIndexer.upsert(session=session, table_uri=table.tableUri)
         return tables
 
     @classmethod
     def remove_all_deleted(cls, session, dataset_uri: str):
-        tables = (
-            session.query(DatasetTable)
-            .filter(
-                and_(
-                    DatasetTable.datasetUri == dataset_uri,
-                    DatasetTable.LastGlueTableStatus == 'Deleted',
-                )
-            )
-            .all()
-        )
+        tables = DatasetTableRepository.find_all_deleted_tables(session, dataset_uri)
         for table in tables:
             cls.delete_doc(doc_id=table.tableUri)
         return tables

From 0eee55684c0afe3059a08e5d3e6ee7b12b42d8c5 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 1 Jun 2023 14:30:35 +0200
Subject: [PATCH 265/346] Added default filter

---
 .../dataall/modules/datasets/services/dataset_column_service.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/dataall/modules/datasets/services/dataset_column_service.py b/backend/dataall/modules/datasets/services/dataset_column_service.py
index 9e28878a1..b3bf0b839 100644
--- a/backend/dataall/modules/datasets/services/dataset_column_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_column_service.py
@@ -24,7 +24,7 @@ def sync_table_columns(table_uri: str):
             task = models.Task(action='glue.table.columns', targetUri=table_uri)
             session.add(task)
         Worker.process(engine=context.db_engine, task_ids=[task.taskUri], save_response=False)
-        return DatasetColumnService.paginate_active_columns_for_table(table_uri)
+        return DatasetColumnService.paginate_active_columns_for_table(table_uri, {})
 
     @staticmethod
     def update_table_column_description(column_uri: str, description) -> DatasetTableColumn:

From bca586dec3f8db0f2c25eab771478645c712f4c8 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 1 Jun 2023 15:50:33 +0200
Subject: [PATCH 266/346] The method is under permission

---
 .../modules/datasets/services/dataset_profiling_service.py       | 1 -
 1 file changed, 1 deletion(-)

diff --git a/backend/dataall/modules/datasets/services/dataset_profiling_service.py b/backend/dataall/modules/datasets/services/dataset_profiling_service.py
index 87cd37d0f..69a9f83ea 100644
--- a/backend/dataall/modules/datasets/services/dataset_profiling_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_profiling_service.py
@@ -50,7 +50,6 @@ def start_profiling_run(uri, table_uri, glue_table_name):
 
     @staticmethod
     def queue_profiling_run(run_uri):
-        # TODO NO PERMISSION CHECK
         context = get_context()
         with context.db_engine.scoped_session() as session:
             task = Task(

From cf5e4c83b3335bc1435dba803d846826252f18a0 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 2 Jun 2023 09:38:05 +0200
Subject: [PATCH 267/346] Removed addDatasetTable since it's not used

---
 .../modules/datasets/api/table/input_types.py | 13 -------
 .../modules/datasets/api/table/mutations.py   | 16 +--------
 .../modules/datasets/api/table/resolvers.py   |  8 -----
 .../datasets/db/dataset_table_repository.py   | 34 -------------------
 .../services/dataset_table_service.py         | 30 ++--------------
 frontend/src/api/Dataset/addDatasetTable.js   | 18 ----------
 6 files changed, 3 insertions(+), 116 deletions(-)
 delete mode 100644 frontend/src/api/Dataset/addDatasetTable.js

diff --git a/backend/dataall/modules/datasets/api/table/input_types.py b/backend/dataall/modules/datasets/api/table/input_types.py
index 2e6649515..c8c36a5bc 100644
--- a/backend/dataall/modules/datasets/api/table/input_types.py
+++ b/backend/dataall/modules/datasets/api/table/input_types.py
@@ -1,19 +1,6 @@
 from dataall.api import gql
 from dataall.api.constants import SortDirection, GraphQLEnumMapper
 
-
-NewDatasetTableInput = gql.InputType(
-    name='NewDatasetTableInput',
-    arguments=[
-        gql.Argument('label', gql.String),
-        gql.Argument('name', gql.NonNullableType(gql.String)),
-        gql.Argument('tags', gql.ArrayType(gql.String)),
-        gql.Argument('description', gql.String),
-        gql.Argument('config', gql.String),
-        gql.Argument('region', gql.String),
-    ],
-)
-
 ModifyDatasetTableInput = gql.InputType(
     name='ModifyDatasetTableInput',
     arguments=[
diff --git a/backend/dataall/modules/datasets/api/table/mutations.py b/backend/dataall/modules/datasets/api/table/mutations.py
index 7a26a6c15..bc2531ebf 100644
--- a/backend/dataall/modules/datasets/api/table/mutations.py
+++ b/backend/dataall/modules/datasets/api/table/mutations.py
@@ -1,25 +1,11 @@
 from dataall.api import gql
-from dataall.modules.datasets.api.table.input_types import (
-    ModifyDatasetTableInput,
-    NewDatasetTableInput,
-)
+from dataall.modules.datasets.api.table.input_types import ModifyDatasetTableInput
 from dataall.modules.datasets.api.table.resolvers import (
-    create_table,
     update_table,
     delete_table,
     publish_table_update
 )
 
-createDatasetTable = gql.MutationField(
-    name='createDatasetTable',
-    args=[
-        gql.Argument(name='datasetUri', type=gql.NonNullableType(gql.String)),
-        gql.Argument(name='input', type=NewDatasetTableInput),
-    ],
-    type=gql.Ref('DatasetTable'),
-    resolver=create_table,
-)
-
 updateDatasetTable = gql.MutationField(
     name='updateDatasetTable',
     args=[
diff --git a/backend/dataall/modules/datasets/api/table/resolvers.py b/backend/dataall/modules/datasets/api/table/resolvers.py
index c6cd6fda5..bdd9f1bfd 100644
--- a/backend/dataall/modules/datasets/api/table/resolvers.py
+++ b/backend/dataall/modules/datasets/api/table/resolvers.py
@@ -1,7 +1,6 @@
 import logging
 
 from dataall import db
-from dataall.db.exceptions import RequiredParameter
 from dataall.modules.datasets.api.dataset.resolvers import get_dataset
 from dataall.api.context import Context
 from dataall.db.api import Glossary
@@ -11,13 +10,6 @@
 log = logging.getLogger(__name__)
 
 
-def create_table(context, source, datasetUri: str = None, input: dict = None):
-    if "name" not in input:
-        raise RequiredParameter("name")
-
-    return DatasetTableService.create_table(dataset_uri=datasetUri, table_data=input)
-
-
 def list_dataset_tables(context, source, filter: dict = None):
     if not source:
         return None
diff --git a/backend/dataall/modules/datasets/db/dataset_table_repository.py b/backend/dataall/modules/datasets/db/dataset_table_repository.py
index 76e7f2f7e..ac87aef65 100644
--- a/backend/dataall/modules/datasets/db/dataset_table_repository.py
+++ b/backend/dataall/modules/datasets/db/dataset_table_repository.py
@@ -18,40 +18,6 @@ class DatasetTableRepository:
     def save(session, table: DatasetTable):
         session.add(table)
 
-    @staticmethod
-    def exists(session, dataset_uri, glue_table_name):
-        return (
-            session.query(DatasetTable)
-            .filter(
-                and_(
-                    DatasetTable.datasetUri == dataset_uri,
-                    DatasetTable.GlueTableName == glue_table_name,
-                )
-            )
-            .count()
-        )
-
-    @staticmethod
-    def create_dataset_table(session, dataset: Dataset, data: dict = None) -> DatasetTable:
-        table = DatasetTable(
-            datasetUri=dataset.datasetUri,
-            label=data['name'],
-            name=data['name'],
-            description=data.get('description', 'No description provided'),
-            tags=data.get('tags', []),
-            S3BucketName=dataset.S3BucketName,
-            S3Prefix=data.get('S3Prefix', 'unknown'),
-            AWSAccountId=dataset.AwsAccountId,
-            GlueDatabaseName=dataset.GlueDatabaseName,
-            GlueTableConfig=data.get('config'),
-            GlueTableName=data['name'],
-            owner=dataset.owner,
-            region=dataset.region,
-        )
-        session.add(table)
-        session.commit()
-        return table
-
     @staticmethod
     def create_synced_table(session, dataset: Dataset, table: dict):
         updated_table = DatasetTable(
diff --git a/backend/dataall/modules/datasets/services/dataset_table_service.py b/backend/dataall/modules/datasets/services/dataset_table_service.py
index 521eb182a..866afaa71 100644
--- a/backend/dataall/modules/datasets/services/dataset_table_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_table_service.py
@@ -6,14 +6,14 @@
 from dataall.core.permission_checker import has_resource_permission, has_tenant_permission
 from dataall.db import models
 from dataall.db.api import ResourcePolicy, Environment, Glossary
-from dataall.db.exceptions import ResourceShared, ResourceAlreadyExists
+from dataall.db.exceptions import ResourceShared
 from dataall.modules.dataset_sharing.db.share_object_repository import ShareObjectRepository
 from dataall.modules.datasets.aws.athena_table_client import AthenaTableClient
 from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
 from dataall.modules.datasets_base.db.enums import ConfidentialityClassification
 from dataall.modules.datasets.services.dataset_permissions import UPDATE_DATASET_TABLE, MANAGE_DATASETS, \
-    DELETE_DATASET_TABLE, CREATE_DATASET_TABLE
+    DELETE_DATASET_TABLE
 from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 from dataall.modules.datasets_base.services.permissions import PREVIEW_DATASET_TABLE, DATASET_TABLE_READ
@@ -28,32 +28,6 @@ def _get_dataset_uri(session, table_uri):
         table = DatasetTableRepository.get_dataset_table_by_uri(session, table_uri)
         return table.datasetUri
 
-    @staticmethod
-    @has_tenant_permission(MANAGE_DATASETS)
-    @has_resource_permission(CREATE_DATASET_TABLE)
-    def create_table(uri: str, table_data: dict):
-        with get_context().db_engine.scoped_session() as session:
-            dataset = DatasetRepository.get_dataset_by_uri(session, uri)
-            glue_table = table_data['name']
-            exists = DatasetTableRepository.exists(session, dataset_uri=uri, glue_table_name=glue_table)
-
-            if exists:
-                raise ResourceAlreadyExists(
-                    action='Create Table',
-                    message=f'table: {glue_table} already exist on dataset {uri}',
-                )
-
-            table = DatasetTableRepository.create_dataset_table(session, dataset, table_data)
-
-            if 'terms' in table_data:
-                Glossary.set_glossary_terms_links(
-                    session, get_context().username, table.tableUri, 'DatasetTable', table_data['terms']
-                )
-
-            DatasetTableService._attach_dataset_table_permission(session, dataset, table.tableUri)
-        DatasetTableIndexer.upsert(session, table_uri=table.tableUri)
-        return table
-
     @staticmethod
     @has_tenant_permission(MANAGE_DATASETS)
     def list_dataset_tables(dataset_uri: str, filter):
diff --git a/frontend/src/api/Dataset/addDatasetTable.js b/frontend/src/api/Dataset/addDatasetTable.js
deleted file mode 100644
index faf6541d9..000000000
--- a/frontend/src/api/Dataset/addDatasetTable.js
+++ /dev/null
@@ -1,18 +0,0 @@
-import { gql } from 'apollo-boost';
-
-const createDatasetTable = ({ datasetUri, input }) => ({
-  variables: { datasetUri, input },
-  mutation: gql`
-    mutation CreateDatasetTable(
-      $datasetUri: String
-      $input: NewDatasetTableInput
-    ) {
-      createDatasetTable(datasetUri: $datasetUri, input: $input) {
-        tableUri
-        name
-      }
-    }
-  `
-});
-
-export default createDatasetTable;

From 3de2e09653ca4215cbc1bd8f1fbc2c20f547e2b2 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 2 Jun 2023 09:40:24 +0200
Subject: [PATCH 268/346] list_dataset_tables is not used

---
 .../modules/datasets/api/table/resolvers.py       |  8 --------
 .../datasets/db/dataset_table_repository.py       | 15 ---------------
 .../datasets/services/dataset_table_service.py    |  6 ------
 3 files changed, 29 deletions(-)

diff --git a/backend/dataall/modules/datasets/api/table/resolvers.py b/backend/dataall/modules/datasets/api/table/resolvers.py
index bdd9f1bfd..5fb5e99c5 100644
--- a/backend/dataall/modules/datasets/api/table/resolvers.py
+++ b/backend/dataall/modules/datasets/api/table/resolvers.py
@@ -10,14 +10,6 @@
 log = logging.getLogger(__name__)
 
 
-def list_dataset_tables(context, source, filter: dict = None):
-    if not source:
-        return None
-    if not filter:
-        filter = {}
-    return DatasetTableService.list_dataset_tables(dataset_uri=source.datasetUri, filter=filter)
-
-
 def get_table(context, source: Dataset, tableUri: str = None):
     return DatasetTableService.get_table(uri=tableUri)
 
diff --git a/backend/dataall/modules/datasets/db/dataset_table_repository.py b/backend/dataall/modules/datasets/db/dataset_table_repository.py
index ac87aef65..a045fce08 100644
--- a/backend/dataall/modules/datasets/db/dataset_table_repository.py
+++ b/backend/dataall/modules/datasets/db/dataset_table_repository.py
@@ -40,21 +40,6 @@ def create_synced_table(session, dataset: Dataset, table: dict):
         session.commit()
         return updated_table
 
-    @staticmethod
-    def paginate_dataset_tables(session, dataset_uri, filter: dict) -> dict:
-        query = (
-            session.query(DatasetTable)
-            .filter(DatasetTable.datasetUri == dataset_uri)
-            .order_by(DatasetTable.created.desc())
-        )
-        if 'term' in filter:
-            query = query.filter(DatasetTable.label.ilike('%' + filter['term'] + '%'))
-        return paginate(
-            query=query,
-            page=filter.get('page', 1),
-            page_size=filter.get('pageSize', 10)
-        ).to_dict()
-
     @staticmethod
     def delete(session, table: DatasetTable):
         session.delete(table)
diff --git a/backend/dataall/modules/datasets/services/dataset_table_service.py b/backend/dataall/modules/datasets/services/dataset_table_service.py
index 866afaa71..a8ee44153 100644
--- a/backend/dataall/modules/datasets/services/dataset_table_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_table_service.py
@@ -28,12 +28,6 @@ def _get_dataset_uri(session, table_uri):
         table = DatasetTableRepository.get_dataset_table_by_uri(session, table_uri)
         return table.datasetUri
 
-    @staticmethod
-    @has_tenant_permission(MANAGE_DATASETS)
-    def list_dataset_tables(dataset_uri: str, filter):
-        with get_context().db_engine.scoped_session() as session:
-            return DatasetTableRepository.paginate_dataset_tables(session, dataset_uri, filter)
-
     @staticmethod
     @has_tenant_permission(MANAGE_DATASETS)
     def get_table(uri: str):

From 345db03b6c469879ad4e7623e770e56d6097f835 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 2 Jun 2023 09:54:55 +0200
Subject: [PATCH 269/346] Removed unused API

---
 .../modules/datasets/api/table/mutations.py   | 10 ------
 .../modules/datasets/api/table/resolvers.py   |  4 ---
 .../services/dataset_table_service.py         | 24 --------------
 .../DatasetTable/getDatasetProfilingReport.js | 14 --------
 .../listDatasetTableProfilingJobs.js          | 33 -------------------
 frontend/src/api/DatasetTable/previewTable.js | 22 -------------
 .../DatasetTable/publishDatasetTableUpdate.js | 14 --------
 .../src/api/DatasetTable/startProfilingJob.js | 16 ---------
 8 files changed, 137 deletions(-)
 delete mode 100644 frontend/src/api/DatasetTable/getDatasetProfilingReport.js
 delete mode 100644 frontend/src/api/DatasetTable/listDatasetTableProfilingJobs.js
 delete mode 100644 frontend/src/api/DatasetTable/previewTable.js
 delete mode 100644 frontend/src/api/DatasetTable/publishDatasetTableUpdate.js
 delete mode 100644 frontend/src/api/DatasetTable/startProfilingJob.js

diff --git a/backend/dataall/modules/datasets/api/table/mutations.py b/backend/dataall/modules/datasets/api/table/mutations.py
index bc2531ebf..61b805cdd 100644
--- a/backend/dataall/modules/datasets/api/table/mutations.py
+++ b/backend/dataall/modules/datasets/api/table/mutations.py
@@ -3,7 +3,6 @@
 from dataall.modules.datasets.api.table.resolvers import (
     update_table,
     delete_table,
-    publish_table_update
 )
 
 updateDatasetTable = gql.MutationField(
@@ -22,12 +21,3 @@
     type=gql.Boolean,
     resolver=delete_table,
 )
-
-publishDatasetTableUpdate = gql.MutationField(
-    name='publishDatasetTableUpdate',
-    args=[
-        gql.Argument(name='tableUri', type=gql.NonNullableType(gql.String)),
-    ],
-    resolver=publish_table_update,
-    type=gql.Boolean,
-)
diff --git a/backend/dataall/modules/datasets/api/table/resolvers.py b/backend/dataall/modules/datasets/api/table/resolvers.py
index 5fb5e99c5..dbae3b818 100644
--- a/backend/dataall/modules/datasets/api/table/resolvers.py
+++ b/backend/dataall/modules/datasets/api/table/resolvers.py
@@ -55,10 +55,6 @@ def resolve_glossary_terms(context: Context, source: DatasetTable, **kwargs):
         )
 
 
-def publish_table_update(context: Context, source, tableUri: str = None):
-    return DatasetTableService.publish_table_update(uri=tableUri)
-
-
 def resolve_redshift_copy_schema(context, source: DatasetTable, clusterUri: str):
     if not source:
         return None
diff --git a/backend/dataall/modules/datasets/services/dataset_table_service.py b/backend/dataall/modules/datasets/services/dataset_table_service.py
index a8ee44153..d53236ce8 100644
--- a/backend/dataall/modules/datasets/services/dataset_table_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_table_service.py
@@ -103,30 +103,6 @@ def get_glue_table_properties(table_uri: str):
             table: DatasetTable = DatasetTableRepository.get_dataset_table_by_uri(session, table_uri)
             return json_utils.to_string(table.GlueTableProperties).replace('\\', ' ')
 
-    @staticmethod
-    @has_resource_permission(UPDATE_DATASET_TABLE, parent_resource=_get_dataset_uri)
-    def publish_table_update(uri: str):
-        context = get_context()
-        with context.db_engine.scoped_session() as session:
-            table: DatasetTable = DatasetTableRepository.get_dataset_table_by_uri(session, uri)
-            dataset = DatasetRepository.get_dataset_by_uri(session, table.datasetUri)
-            env = Environment.get_environment_by_uri(session, dataset.environmentUri)
-            if not env.subscriptionsEnabled or not env.subscriptionsProducersTopicName:
-                raise Exception(
-                    'Subscriptions are disabled. '
-                    "First enable subscriptions for this dataset's environment then retry."
-                )
-
-            task = models.Task(
-                targetUri=table.datasetUri,
-                action='sns.dataset.publish_update',
-                payload={'s3Prefix': table.S3Prefix},
-            )
-            session.add(task)
-
-        Worker.process(engine=context.db_engine, task_ids=[task.taskUri], save_response=False)
-        return True
-
     @staticmethod
     def list_shared_tables_by_env_dataset(dataset_uri: str, env_uri: str):
         # TODO THERE WAS NO PERMISSION CHECK
diff --git a/frontend/src/api/DatasetTable/getDatasetProfilingReport.js b/frontend/src/api/DatasetTable/getDatasetProfilingReport.js
deleted file mode 100644
index eb2ca82b7..000000000
--- a/frontend/src/api/DatasetTable/getDatasetProfilingReport.js
+++ /dev/null
@@ -1,14 +0,0 @@
-import { gql } from 'apollo-boost';
-
-const getDatasetTableProfilingReport = (jobUri) => ({
-  variables: {
-    jobUri
-  },
-  query: gql`
-    query getDatasetTableProfilingReport($jobUri: String!) {
-      getDatasetTableProfilingReport(jobUri: $jobUri)
-    }
-  `
-});
-
-export default getDatasetTableProfilingReport;
diff --git a/frontend/src/api/DatasetTable/listDatasetTableProfilingJobs.js b/frontend/src/api/DatasetTable/listDatasetTableProfilingJobs.js
deleted file mode 100644
index 3fcd4fbad..000000000
--- a/frontend/src/api/DatasetTable/listDatasetTableProfilingJobs.js
+++ /dev/null
@@ -1,33 +0,0 @@
-import { gql } from 'apollo-boost';
-
-const listDatasetTableProfilingJobs = (tableUri) => ({
-  variables: {
-    tableUri
-  },
-  query: gql`
-    query GetDatasetTable($tableUri: String!) {
-      getDatasetTable(tableUri: $tableUri) {
-        datasetUri
-        owner
-        created
-        tableUri
-        AwsAccountId
-        GlueTableName
-        profilingJobs {
-          count
-          page
-          pages
-          hasNext
-          hasPrevious
-          nodes {
-            jobUri
-            created
-            status
-          }
-        }
-      }
-    }
-  `
-});
-
-export default listDatasetTableProfilingJobs;
diff --git a/frontend/src/api/DatasetTable/previewTable.js b/frontend/src/api/DatasetTable/previewTable.js
deleted file mode 100644
index e9f442249..000000000
--- a/frontend/src/api/DatasetTable/previewTable.js
+++ /dev/null
@@ -1,22 +0,0 @@
-import { gql } from 'apollo-boost';
-
-const previewTable = ({ tableUri, queryExecutionId }) => ({
-  variables: {
-    tableUri,
-    queryExecutionId
-  },
-  query: gql`
-    query PreviewTable($tableUri: String!, $queryExecutionId: String) {
-      previewTable(tableUri: $tableUri, queryExecutionId: $queryExecutionId) {
-        count
-        status
-        queryExecutionId
-        nodes {
-          data
-        }
-      }
-    }
-  `
-});
-
-export default previewTable;
diff --git a/frontend/src/api/DatasetTable/publishDatasetTableUpdate.js b/frontend/src/api/DatasetTable/publishDatasetTableUpdate.js
deleted file mode 100644
index b8a44ff39..000000000
--- a/frontend/src/api/DatasetTable/publishDatasetTableUpdate.js
+++ /dev/null
@@ -1,14 +0,0 @@
-import { gql } from 'apollo-boost';
-
-const publishDatasetTableUpdate = ({ tableUri }) => ({
-  variables: {
-    tableUri
-  },
-  mutation: gql`
-    mutation publishDatasetTableUpdate($tableUri: String!) {
-      publishDatasetTableUpdate(tableUri: $tableUri)
-    }
-  `
-});
-
-export default publishDatasetTableUpdate;
diff --git a/frontend/src/api/DatasetTable/startProfilingJob.js b/frontend/src/api/DatasetTable/startProfilingJob.js
deleted file mode 100644
index 8e61cfa4c..000000000
--- a/frontend/src/api/DatasetTable/startProfilingJob.js
+++ /dev/null
@@ -1,16 +0,0 @@
-import { gql } from 'apollo-boost';
-
-const startProfilingJob = (tableUri) => ({
-  variables: {
-    tableUri
-  },
-  mutation: gql`
-    mutation StartProfilingJob($tableUri: String!) {
-      startProfilingJob(tableUri: $tableUri) {
-        jobUri
-      }
-    }
-  `
-});
-
-export default startProfilingJob;

From a25c9be44437e7f5ea8214de23df1e14548fad1e Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 2 Jun 2023 10:12:42 +0200
Subject: [PATCH 270/346] Removed unused API for datasets

---
 .../modules/datasets/api/dataset/mutations.py | 11 -----
 .../modules/datasets/api/dataset/queries.py   | 10 ----
 .../modules/datasets/api/dataset/resolvers.py | 10 ----
 .../api/storage_location/mutations.py         | 10 ----
 .../api/storage_location/resolvers.py         |  4 --
 .../modules/datasets/handlers/__init__.py     |  3 +-
 .../datasets/handlers/sns_dataset_handler.py  | 30 ------------
 .../services/dataset_location_service.py      | 23 ----------
 .../datasets/services/dataset_service.py      | 38 ---------------
 .../src/api/Dataset/addDatasetContributor.js  | 24 ----------
 frontend/src/api/Dataset/addDatasetLoader.js  | 15 ------
 .../src/api/Dataset/addTablePermission.js     | 26 -----------
 frontend/src/api/Dataset/archiveDataset.js    | 14 ------
 frontend/src/api/Dataset/getCrawlerStatus.js  | 18 --------
 .../api/Dataset/getDatasetETLCredentials.js   | 14 ------
 .../api/Dataset/listDatasetContributors.js    | 31 -------------
 .../src/api/Dataset/listDatasetLoaders.js     | 34 --------------
 .../src/api/Dataset/listDatasetObjects.js     | 46 -------------------
 .../api/Dataset/listDeltaLakeCrawlerRuns.js   | 23 ----------
 .../src/api/Dataset/listTablePermissions.js   | 25 ----------
 .../Dataset/publishDatasetLocationUpdate.js   | 14 ------
 .../src/api/Dataset/publishDatasetUpdate.js   | 15 ------
 .../api/Dataset/removeDatasetContributor.js   | 16 -------
 .../src/api/Dataset/removeDatasetLoader.js    | 12 -----
 .../src/api/Dataset/removeTablePermission.js  | 16 -------
 .../api/Dataset/updateDatasetContributor.js   | 24 ----------
 .../src/api/Dataset/updateDatasetStack.js     | 12 -----
 .../createDatasetQualityRule.js               | 25 ----------
 .../deleteDatasetqualityRule.js               | 14 ------
 .../getDatasetQualityRule.js                  | 21 ---------
 .../listDatasetQualityRules.js                | 32 -------------
 .../updateDatasetQualityRule.js               | 25 ----------
 32 files changed, 1 insertion(+), 634 deletions(-)
 delete mode 100644 backend/dataall/modules/datasets/handlers/sns_dataset_handler.py
 delete mode 100644 frontend/src/api/Dataset/addDatasetContributor.js
 delete mode 100644 frontend/src/api/Dataset/addDatasetLoader.js
 delete mode 100644 frontend/src/api/Dataset/addTablePermission.js
 delete mode 100644 frontend/src/api/Dataset/archiveDataset.js
 delete mode 100644 frontend/src/api/Dataset/getCrawlerStatus.js
 delete mode 100644 frontend/src/api/Dataset/getDatasetETLCredentials.js
 delete mode 100644 frontend/src/api/Dataset/listDatasetContributors.js
 delete mode 100644 frontend/src/api/Dataset/listDatasetLoaders.js
 delete mode 100644 frontend/src/api/Dataset/listDatasetObjects.js
 delete mode 100644 frontend/src/api/Dataset/listDeltaLakeCrawlerRuns.js
 delete mode 100644 frontend/src/api/Dataset/listTablePermissions.js
 delete mode 100644 frontend/src/api/Dataset/publishDatasetLocationUpdate.js
 delete mode 100644 frontend/src/api/Dataset/publishDatasetUpdate.js
 delete mode 100644 frontend/src/api/Dataset/removeDatasetContributor.js
 delete mode 100644 frontend/src/api/Dataset/removeDatasetLoader.js
 delete mode 100644 frontend/src/api/Dataset/removeTablePermission.js
 delete mode 100644 frontend/src/api/Dataset/updateDatasetContributor.js
 delete mode 100644 frontend/src/api/Dataset/updateDatasetStack.js
 delete mode 100644 frontend/src/api/DatasetQualityRule/createDatasetQualityRule.js
 delete mode 100644 frontend/src/api/DatasetQualityRule/deleteDatasetqualityRule.js
 delete mode 100644 frontend/src/api/DatasetQualityRule/getDatasetQualityRule.js
 delete mode 100644 frontend/src/api/DatasetQualityRule/listDatasetQualityRules.js
 delete mode 100644 frontend/src/api/DatasetQualityRule/updateDatasetQualityRule.js

diff --git a/backend/dataall/modules/datasets/api/dataset/mutations.py b/backend/dataall/modules/datasets/api/dataset/mutations.py
index c2e5364f4..bc63c6f88 100644
--- a/backend/dataall/modules/datasets/api/dataset/mutations.py
+++ b/backend/dataall/modules/datasets/api/dataset/mutations.py
@@ -11,7 +11,6 @@
     generate_dataset_access_token,
     delete_dataset,
     import_dataset,
-    publish_dataset_update,
     start_crawler
 )
 
@@ -69,16 +68,6 @@
     test_scope='Dataset',
 )
 
-publishDatasetUpdate = gql.MutationField(
-    name='publishDatasetUpdate',
-    args=[
-        gql.Argument(name='datasetUri', type=gql.NonNullableType(gql.String)),
-        gql.Argument(name='s3Prefix', type=gql.NonNullableType(gql.String)),
-    ],
-    resolver=publish_dataset_update,
-    type=gql.Boolean,
-)
-
 StartGlueCrawler = gql.MutationField(
     name='startGlueCrawler',
     args=[
diff --git a/backend/dataall/modules/datasets/api/dataset/queries.py b/backend/dataall/modules/datasets/api/dataset/queries.py
index 2a202bcf8..184b1fc6f 100644
--- a/backend/dataall/modules/datasets/api/dataset/queries.py
+++ b/backend/dataall/modules/datasets/api/dataset/queries.py
@@ -4,7 +4,6 @@
     get_dataset,
     list_datasets,
     get_dataset_assume_role_url,
-    get_dataset_etl_credentials,
     get_file_upload_presigned_url,
     list_dataset_share_objects,
     list_datasets_owned_by_env_group,
@@ -39,15 +38,6 @@
 )
 
 
-getDatasetETLCredentials = gql.QueryField(
-    name='getDatasetETLCredentials',
-    args=[gql.Argument(name='datasetUri', type=gql.NonNullableType(gql.String))],
-    type=gql.String,
-    resolver=get_dataset_etl_credentials,
-    test_scope='Dataset',
-)
-
-
 getDatasetPresignedUrl = gql.QueryField(
     name='getDatasetPresignedUrl',
     args=[
diff --git a/backend/dataall/modules/datasets/api/dataset/resolvers.py b/backend/dataall/modules/datasets/api/dataset/resolvers.py
index 6af8c67e5..e42967485 100644
--- a/backend/dataall/modules/datasets/api/dataset/resolvers.py
+++ b/backend/dataall/modules/datasets/api/dataset/resolvers.py
@@ -122,10 +122,6 @@ def get_dataset_statistics(context: Context, source: Dataset, **kwargs):
     return DatasetService.get_dataset_statistics(source)
 
 
-def get_dataset_etl_credentials(context: Context, source, datasetUri: str = None):
-    return DatasetService.get_dataset_etl_credentials(uri=datasetUri)
-
-
 def get_dataset_assume_role_url(context: Context, source, datasetUri: str = None):
     return DatasetService.get_dataset_assume_role_url(uri=datasetUri)
 
@@ -184,12 +180,6 @@ def get_dataset_glossary_terms(context: Context, source: Dataset, **kwargs):
     return paginate(terms, page_size=100, page=1).to_dict()
 
 
-def publish_dataset_update(
-    context: Context, source, datasetUri: str = None, s3Prefix: str = None
-):
-    return DatasetService.publish_dataset_update(uri=datasetUri, s3_prefix=s3Prefix)
-
-
 def resolve_redshift_copy_enabled(context, source: Dataset, clusterUri: str):
     if not source:
         return None
diff --git a/backend/dataall/modules/datasets/api/storage_location/mutations.py b/backend/dataall/modules/datasets/api/storage_location/mutations.py
index 14aafddc7..0a01d14e3 100644
--- a/backend/dataall/modules/datasets/api/storage_location/mutations.py
+++ b/backend/dataall/modules/datasets/api/storage_location/mutations.py
@@ -7,7 +7,6 @@
     create_storage_location,
     update_storage_location,
     remove_storage_location,
-    publish_location_update
 )
 from dataall.modules.datasets.api.storage_location.schema import DatasetStorageLocation
 
@@ -38,12 +37,3 @@
     resolver=remove_storage_location,
     type=gql.Boolean,
 )
-
-publishDatasetStorageLocationUpdate = gql.MutationField(
-    name='publishDatasetStorageLocationUpdate',
-    args=[
-        gql.Argument(name='locationUri', type=gql.NonNullableType(gql.String)),
-    ],
-    resolver=publish_location_update,
-    type=gql.Boolean,
-)
diff --git a/backend/dataall/modules/datasets/api/storage_location/resolvers.py b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
index ed29097e3..78ff2f601 100644
--- a/backend/dataall/modules/datasets/api/storage_location/resolvers.py
+++ b/backend/dataall/modules/datasets/api/storage_location/resolvers.py
@@ -46,10 +46,6 @@ def resolve_dataset(context, source: DatasetStorageLocation, **kwargs):
     return d
 
 
-def publish_location_update(context: Context, source, locationUri: str = None):
-    return DatasetLocationService.publish_location_update(uri=locationUri)
-
-
 def resolve_glossary_terms(
     context: Context, source: DatasetStorageLocation, **kwargs
 ):
diff --git a/backend/dataall/modules/datasets/handlers/__init__.py b/backend/dataall/modules/datasets/handlers/__init__.py
index 688f78fc3..6e5d2867c 100644
--- a/backend/dataall/modules/datasets/handlers/__init__.py
+++ b/backend/dataall/modules/datasets/handlers/__init__.py
@@ -7,9 +7,8 @@
     glue_table_handler,
     glue_profiling_handler,
     s3_folder_creator_handler,
-    sns_dataset_handler,
     glue_dataset_handler
 )
 
 __all__ = ["glue_table_sync_handler", "glue_table_handler", "glue_profiling_handler", "s3_folder_creator_handler",
-           "sns_dataset_handler", "glue_dataset_handler"]
+           "glue_dataset_handler"]
diff --git a/backend/dataall/modules/datasets/handlers/sns_dataset_handler.py b/backend/dataall/modules/datasets/handlers/sns_dataset_handler.py
deleted file mode 100644
index f2c3b8dd5..000000000
--- a/backend/dataall/modules/datasets/handlers/sns_dataset_handler.py
+++ /dev/null
@@ -1,30 +0,0 @@
-import logging
-
-from dataall.aws.handlers.service_handlers import Worker
-from dataall.db import models
-from dataall.db.api import Environment
-from dataall.modules.datasets.aws.sns_dataset_client import SnsDatasetClient
-from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
-
-logger = logging.getLogger(__name__)
-
-
-class SnsDatasetHandler:
-    def __init__(self):
-        pass
-
-    @staticmethod
-    @Worker.handler(path='sns.dataset.publish_update')
-    def publish_update(engine, task: models.Task):
-        with engine.scoped_session() as session:
-            dataset = DatasetRepository.get_dataset_by_uri(session, task.targetUri)
-            environment = Environment.get_environment_by_uri(session, dataset.environmentUri)
-
-            message = {
-                'prefix': task.payload['s3Prefix'],
-                'accountid': environment.AwsAccountId,
-                'region': environment.region,
-                'bucket_name': dataset.S3BucketName,
-            }
-
-            SnsDatasetClient(environment, dataset).publish_dataset_message(message)
diff --git a/backend/dataall/modules/datasets/services/dataset_location_service.py b/backend/dataall/modules/datasets/services/dataset_location_service.py
index 00cac9bb3..a801730dd 100644
--- a/backend/dataall/modules/datasets/services/dataset_location_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_location_service.py
@@ -98,29 +98,6 @@ def remove_storage_location(uri: str = None):
             DatasetLocationIndexer.delete_doc(doc_id=location.locationUri)
         return True
 
-    @staticmethod
-    @has_resource_permission(UPDATE_DATASET_FOLDER, parent_resource=_get_dataset_uri)
-    def publish_location_update(uri: str):
-        context = get_context()
-        with context.db_engine.scoped_session() as session:
-            location = DatasetLocationRepository.get_location_by_uri(session, uri)
-            dataset = DatasetRepository.get_dataset_by_uri(session, location.datasetUri)
-            env = Environment.get_environment_by_uri(session, dataset.environmentUri)
-            if not env.subscriptionsEnabled or not env.subscriptionsProducersTopicName:
-                raise Exception(
-                    'Subscriptions are disabled. '
-                    "First enable subscriptions for this dataset's environment then retry."
-                )
-            task = Task(
-                targetUri=location.datasetUri,
-                action='sns.dataset.publish_update',
-                payload={'s3Prefix': location.S3Prefix},
-            )
-            session.add(task)
-
-        Worker.process(engine=context.db_engine, task_ids=[task.taskUri], save_response=False)
-        return True
-
     @staticmethod
     def _create_glossary_links(session, location, terms):
         Glossary.set_glossary_terms_links(
diff --git a/backend/dataall/modules/datasets/services/dataset_service.py b/backend/dataall/modules/datasets/services/dataset_service.py
index 2f12d3ca0..f3b0914d9 100644
--- a/backend/dataall/modules/datasets/services/dataset_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_service.py
@@ -200,18 +200,6 @@ def get_dataset_statistics(dataset: Dataset):
             'upvotes': count_upvotes or 0,
         }
 
-    @staticmethod
-    @has_resource_permission(CREDENTIALS_DATASET)
-    def get_dataset_etl_credentials(uri):
-        context = get_context()
-        with context.db_engine.scoped_session() as session:
-            task = Task(targetUri=uri, action='iam.dataset.user.credentials')
-            session.add(task)
-        response = Worker.process(
-            engine=context.db_engine, task_ids=[task.taskUri], save_response=False
-        )[0]
-        return json.dumps(response['response'])
-
     @staticmethod
     @has_resource_permission(CREDENTIALS_DATASET)
     def get_dataset_assume_role_url(uri):
@@ -430,32 +418,6 @@ def delete_dataset(uri: str, delete_from_aws: bool = False):
             stack_helper.deploy_stack(dataset.environmentUri)
         return True
 
-    @staticmethod
-    @has_resource_permission(SUBSCRIPTIONS_DATASET)
-    def publish_dataset_update(uri: str, s3_prefix: str):
-        engine = get_context().db_engine
-        with engine.scoped_session() as session:
-            dataset = DatasetRepository.get_dataset_by_uri(session, uri)
-            env = Environment.get_environment_by_uri(session, dataset.environmentUri)
-            if not env.subscriptionsEnabled or not env.subscriptionsProducersTopicName:
-                raise Exception(
-                    'Subscriptions are disabled. '
-                    "First enable subscriptions for this dataset's environment then retry."
-                )
-
-            task = Task(
-                targetUri=uri,
-                action='sns.dataset.publish_update',
-                payload={'s3Prefix': s3_prefix},
-            )
-            session.add(task)
-
-        response = Worker.process(
-            engine=engine, task_ids=[task.taskUri], save_response=False
-        )[0]
-        log.info(f'Dataset update publish response: {response}')
-        return True
-
     @staticmethod
     def _deploy_dataset_stack(dataset: Dataset):
         """
diff --git a/frontend/src/api/Dataset/addDatasetContributor.js b/frontend/src/api/Dataset/addDatasetContributor.js
deleted file mode 100644
index 5e104b3cc..000000000
--- a/frontend/src/api/Dataset/addDatasetContributor.js
+++ /dev/null
@@ -1,24 +0,0 @@
-import { gql } from 'apollo-boost';
-
-const addDatasetContributor = ({ userName, datasetUri, role }) => ({
-  variables: { userName, datasetUri, role },
-  mutation: gql`
-    mutation AddDatasetContributor(
-      $datasetUri: String
-      $userName: String
-      $role: DatasetRole
-    ) {
-      addDatasetContributor(
-        datasetUri: $datasetUri
-        userName: $userName
-        role: $role
-      ) {
-        datasetUri
-        label
-        userRoleForDataset
-      }
-    }
-  `
-});
-
-export default addDatasetContributor;
diff --git a/frontend/src/api/Dataset/addDatasetLoader.js b/frontend/src/api/Dataset/addDatasetLoader.js
deleted file mode 100644
index 22241074d..000000000
--- a/frontend/src/api/Dataset/addDatasetLoader.js
+++ /dev/null
@@ -1,15 +0,0 @@
-import { gql } from 'apollo-boost';
-
-const createDatasetLoader = ({ datasetUri, input }) => ({
-  variables: { input, datasetUri },
-  mutation: gql`
-    mutation createDatasetLoader(
-      $datasetUri: String
-      $input: NewDatasetLoaderInput
-    ) {
-      createDatasetLoader(datasetUri: $datasetUri, input: $input)
-    }
-  `
-});
-
-export default createDatasetLoader;
diff --git a/frontend/src/api/Dataset/addTablePermission.js b/frontend/src/api/Dataset/addTablePermission.js
deleted file mode 100644
index 857b2fc57..000000000
--- a/frontend/src/api/Dataset/addTablePermission.js
+++ /dev/null
@@ -1,26 +0,0 @@
-import { gql } from 'apollo-boost';
-
-const addTablePermissions = ({ tableUri, role, userName }) => ({
-  variables: {
-    tableUri,
-    role,
-    userName
-  },
-  mutation: gql`
-    mutation AddTablePermission(
-      $tableUri: String!
-      $userName: String!
-      $role: DatasetRole!
-    ) {
-      addTablePermission(
-        tableUri: $tableUri
-        userName: $userName
-        role: $role
-      ) {
-        tableUri
-      }
-    }
-  `
-});
-
-export default addTablePermissions;
diff --git a/frontend/src/api/Dataset/archiveDataset.js b/frontend/src/api/Dataset/archiveDataset.js
deleted file mode 100644
index 686d13238..000000000
--- a/frontend/src/api/Dataset/archiveDataset.js
+++ /dev/null
@@ -1,14 +0,0 @@
-import { gql } from 'apollo-boost';
-
-const archiveDataset = (datasetUri) => ({
-  variables: {
-    datasetUri
-  },
-  mutation: gql`
-    mutation archiveDataset($datasetUri: String!) {
-      archiveDataset(datasetUri: $datasetUri)
-    }
-  `
-});
-
-export default archiveDataset;
diff --git a/frontend/src/api/Dataset/getCrawlerStatus.js b/frontend/src/api/Dataset/getCrawlerStatus.js
deleted file mode 100644
index 47d1c2258..000000000
--- a/frontend/src/api/Dataset/getCrawlerStatus.js
+++ /dev/null
@@ -1,18 +0,0 @@
-import { gql } from 'apollo-boost';
-
-const getCrawlerStatus = ({ datasetUri, name }) => ({
-  variables: {
-    datasetUri,
-    input: name
-  },
-  query: gql`query GetCrawlerStatus($datasetUri:String, name:String){
-            getCrawlerStatus(datasetUri:$datasetUri,name:$name){
-                Name
-                AwsAccountId
-                region
-                status
-            }
-        }`
-});
-
-export default getCrawlerStatus;
diff --git a/frontend/src/api/Dataset/getDatasetETLCredentials.js b/frontend/src/api/Dataset/getDatasetETLCredentials.js
deleted file mode 100644
index 616e579dd..000000000
--- a/frontend/src/api/Dataset/getDatasetETLCredentials.js
+++ /dev/null
@@ -1,14 +0,0 @@
-import { gql } from 'apollo-boost';
-
-const getDatasetETLCredentials = (datasetUri) => ({
-  variables: {
-    datasetUri
-  },
-  query: gql`
-    query GetDatasetETLCredentials($datasetUri: String!) {
-      getDatasetETLCredentials(datasetUri: $datasetUri)
-    }
-  `
-});
-
-export default getDatasetETLCredentials;
diff --git a/frontend/src/api/Dataset/listDatasetContributors.js b/frontend/src/api/Dataset/listDatasetContributors.js
deleted file mode 100644
index 12498db8f..000000000
--- a/frontend/src/api/Dataset/listDatasetContributors.js
+++ /dev/null
@@ -1,31 +0,0 @@
-import { gql } from 'apollo-boost';
-
-const listDatasetContributors = ({ datasetUri, filter }) => ({
-  variables: {
-    datasetUri,
-    filter
-  },
-  query: gql`
-    query GetDataset($filter: DatasetContributorFilter, $datasetUri: String!) {
-      getDataset(datasetUri: $datasetUri) {
-        datasetUri
-        contributors(filter: $filter) {
-          count
-          page
-          pageSize
-          hasNext
-          hasPrevious
-          pages
-          nodes {
-            userName
-            userRoleForDataset
-            userRoleInEnvironment
-            created
-          }
-        }
-      }
-    }
-  `
-});
-
-export default listDatasetContributors;
diff --git a/frontend/src/api/Dataset/listDatasetLoaders.js b/frontend/src/api/Dataset/listDatasetLoaders.js
deleted file mode 100644
index 963e19a2d..000000000
--- a/frontend/src/api/Dataset/listDatasetLoaders.js
+++ /dev/null
@@ -1,34 +0,0 @@
-import { gql } from 'apollo-boost';
-
-const listDatasetLoaders = ({ datasetUri, filter }) => ({
-  variables: {
-    datasetUri,
-    filter
-  },
-  query: gql`
-    query GetDataset($filter: DatasetLoaderFilter, $datasetUri: String!) {
-      getDataset(datasetUri: $datasetUri) {
-        datasetUri
-        loaders(filter: $filter) {
-          count
-          page
-          pageSize
-          hasNext
-          hasPrevious
-          pages
-          nodes {
-            loaderUri
-            description
-            label
-            IAMPrincipalArn
-            description
-            label
-            tags
-          }
-        }
-      }
-    }
-  `
-});
-
-export default listDatasetLoaders;
diff --git a/frontend/src/api/Dataset/listDatasetObjects.js b/frontend/src/api/Dataset/listDatasetObjects.js
deleted file mode 100644
index 2cda3f56d..000000000
--- a/frontend/src/api/Dataset/listDatasetObjects.js
+++ /dev/null
@@ -1,46 +0,0 @@
-import { gql } from 'apollo-boost';
-
-const listDatasetObjects = ({ datasetUri, filter }) => ({
-  variables: {
-    datasetUri,
-    filter
-  },
-  query: gql`
-            query GetDataset($datasetUri:String!,$filter:DatasetTableFilter){
-                getDataset(datasetUri:$datasetUri){
-                    datasetUri
-                    locations(filter:$filer){
-                        count
-                        page
-                        pages
-                        hasNext
-                        hasPrevious
-                        nodes{
-                            locationUri
-                            created
-                            label
-                        }
-                    }
-
-                }
-                    tables(filter:$filter){
-                        count
-                        page
-                        pages
-                        hasNext
-                        hasPrevious
-                        nodes{
-                            datasetUri
-                            tableUri
-                            created
-                            GlueTableName
-                            label
-                        }
-                    }
-
-                }
-            }
-        `
-});
-
-export default listDatasetObjects;
diff --git a/frontend/src/api/Dataset/listDeltaLakeCrawlerRuns.js b/frontend/src/api/Dataset/listDeltaLakeCrawlerRuns.js
deleted file mode 100644
index d610e297a..000000000
--- a/frontend/src/api/Dataset/listDeltaLakeCrawlerRuns.js
+++ /dev/null
@@ -1,23 +0,0 @@
-import { gql } from 'apollo-boost';
-
-const listDeltaLakeCrawlerRuns = ({ datasetUri }) => ({
-  variables: {
-    datasetUri
-  },
-  query: gql`
-    query listDeltaLakeCrawlerRuns($datasetUri: String!) {
-      listDeltaLakeCrawlerRuns(datasetUri: $datasetUri) {
-        datasetUri
-        GlueJobName
-        GlueJobRunId
-        AwsAccountId
-        GlueTriggerName
-        created
-        status
-        owner
-      }
-    }
-  `
-});
-
-export default listDeltaLakeCrawlerRuns;
diff --git a/frontend/src/api/Dataset/listTablePermissions.js b/frontend/src/api/Dataset/listTablePermissions.js
deleted file mode 100644
index 446a63804..000000000
--- a/frontend/src/api/Dataset/listTablePermissions.js
+++ /dev/null
@@ -1,25 +0,0 @@
-import { gql } from 'apollo-boost';
-
-const listTablePermissions = ({ tableUri }) => ({
-  variables: {
-    tableUri
-  },
-  query: gql`
-    query GetDatasetTable($tableUri: String!) {
-      getDatasetTable(tableUri: $tableUri) {
-        tableUri
-        userRoleForTable
-        permissions {
-          count
-          nodes {
-            userName
-            userRoleForTable
-            created
-          }
-        }
-      }
-    }
-  `
-});
-
-export default listTablePermissions;
diff --git a/frontend/src/api/Dataset/publishDatasetLocationUpdate.js b/frontend/src/api/Dataset/publishDatasetLocationUpdate.js
deleted file mode 100644
index 25bfbdc39..000000000
--- a/frontend/src/api/Dataset/publishDatasetLocationUpdate.js
+++ /dev/null
@@ -1,14 +0,0 @@
-import { gql } from 'apollo-boost';
-
-const publishDatasetStorageLocationUpdate = ({ locationUri }) => ({
-  variables: {
-    locationUri
-  },
-  mutation: gql`
-    mutation publishDatasetStorageLocationUpdate($locationUri: String!) {
-      publishDatasetStorageLocationUpdate(locationUri: $locationUri)
-    }
-  `
-});
-
-export default publishDatasetStorageLocationUpdate;
diff --git a/frontend/src/api/Dataset/publishDatasetUpdate.js b/frontend/src/api/Dataset/publishDatasetUpdate.js
deleted file mode 100644
index 2d542c9b2..000000000
--- a/frontend/src/api/Dataset/publishDatasetUpdate.js
+++ /dev/null
@@ -1,15 +0,0 @@
-import { gql } from 'apollo-boost';
-
-const publishDatasetUpdate = ({ datasetUri, s3Prefix }) => ({
-  variables: {
-    datasetUri,
-    s3Prefix
-  },
-  mutation: gql`
-    mutation publishDatasetUpdate($datasetUri: String!, $s3Prefix: String!) {
-      publishDatasetUpdate(datasetUri: $datasetUri, s3Prefix: $s3Prefix)
-    }
-  `
-});
-
-export default publishDatasetUpdate;
diff --git a/frontend/src/api/Dataset/removeDatasetContributor.js b/frontend/src/api/Dataset/removeDatasetContributor.js
deleted file mode 100644
index b44ce9f0f..000000000
--- a/frontend/src/api/Dataset/removeDatasetContributor.js
+++ /dev/null
@@ -1,16 +0,0 @@
-import { gql } from 'apollo-boost';
-
-const removeDatasetContributor = ({ userName, datasetUri }) => ({
-  variables: { userName, datasetUri },
-  mutation: gql`
-    mutation RemoveDatasetContributor($datasetUri: String, $userName: String) {
-      removeDatasetContributor(datasetUri: $datasetUri, userName: $userName) {
-        datasetUri
-        label
-        userRoleForDataset
-      }
-    }
-  `
-});
-
-export default removeDatasetContributor;
diff --git a/frontend/src/api/Dataset/removeDatasetLoader.js b/frontend/src/api/Dataset/removeDatasetLoader.js
deleted file mode 100644
index d99352f75..000000000
--- a/frontend/src/api/Dataset/removeDatasetLoader.js
+++ /dev/null
@@ -1,12 +0,0 @@
-import { gql } from 'apollo-boost';
-
-const removeDatasetLoader = ({ loaderUri }) => ({
-  variables: { loaderUri },
-  mutation: gql`
-    mutation RemoveDatasetLoader($loaderUri: String) {
-      removeDatasetLoader(loaderUri: $loaderUri)
-    }
-  `
-});
-
-export default removeDatasetLoader;
diff --git a/frontend/src/api/Dataset/removeTablePermission.js b/frontend/src/api/Dataset/removeTablePermission.js
deleted file mode 100644
index 45df8204f..000000000
--- a/frontend/src/api/Dataset/removeTablePermission.js
+++ /dev/null
@@ -1,16 +0,0 @@
-import { gql } from 'apollo-boost';
-
-const removeTablePermissions = ({ tableUri, role, userName }) => ({
-  variables: {
-    tableUri,
-    role,
-    userName
-  },
-  mutation: gql`
-    mutation RemoveTablePermission($tableUri: String!, $userName: String!) {
-      removeTablePermission(tableUri: $tableUri, userName: $userName)
-    }
-  `
-});
-
-export default removeTablePermissions;
diff --git a/frontend/src/api/Dataset/updateDatasetContributor.js b/frontend/src/api/Dataset/updateDatasetContributor.js
deleted file mode 100644
index 83a0ee6d7..000000000
--- a/frontend/src/api/Dataset/updateDatasetContributor.js
+++ /dev/null
@@ -1,24 +0,0 @@
-import { gql } from 'apollo-boost';
-
-const updateDatasetContributor = ({ userName, datasetUri, role }) => ({
-  variables: { userName, datasetUri, role },
-  mutation: gql`
-    mutation UpdateDatasetContributor(
-      $datasetUri: String
-      $userName: String
-      $role: DatasetRole
-    ) {
-      updateDatasetContributor(
-        datasetUri: $datasetUri
-        userName: $userName
-        role: $role
-      ) {
-        datasetUri
-        label
-        userRoleForDataset
-      }
-    }
-  `
-});
-
-export default updateDatasetContributor;
diff --git a/frontend/src/api/Dataset/updateDatasetStack.js b/frontend/src/api/Dataset/updateDatasetStack.js
deleted file mode 100644
index 66778b572..000000000
--- a/frontend/src/api/Dataset/updateDatasetStack.js
+++ /dev/null
@@ -1,12 +0,0 @@
-import { gql } from 'apollo-boost';
-
-const updateDatasetStack = (datasetUri) => ({
-  variables: { datasetUri },
-  mutation: gql`
-    mutation updateDatasetStack($datasetUri: String!) {
-      updateDatasetStack(datasetUri: $datasetUri)
-    }
-  `
-});
-
-export default updateDatasetStack;
diff --git a/frontend/src/api/DatasetQualityRule/createDatasetQualityRule.js b/frontend/src/api/DatasetQualityRule/createDatasetQualityRule.js
deleted file mode 100644
index 5143c173d..000000000
--- a/frontend/src/api/DatasetQualityRule/createDatasetQualityRule.js
+++ /dev/null
@@ -1,25 +0,0 @@
-import { gql } from 'apollo-boost';
-
-const createDatasetQualityRule = ({ datasetUri, input }) => ({
-  variables: {
-    datasetUri,
-    input
-  },
-  mutation: gql`
-    mutation CreateDatasetQualityRule(
-      $datasetUri: String!
-      $input: NewDatasetQualityRuleInput
-    ) {
-      createDatasetQualityRule(datasetUri: $datasetUri, input: $input) {
-        ruleUri
-        name
-        label
-        description
-        created
-        query
-      }
-    }
-  `
-});
-
-export default createDatasetQualityRule;
diff --git a/frontend/src/api/DatasetQualityRule/deleteDatasetqualityRule.js b/frontend/src/api/DatasetQualityRule/deleteDatasetqualityRule.js
deleted file mode 100644
index 2464047a8..000000000
--- a/frontend/src/api/DatasetQualityRule/deleteDatasetqualityRule.js
+++ /dev/null
@@ -1,14 +0,0 @@
-import { gql } from 'apollo-boost';
-
-const deleteDatasetQualityRule = (ruleUri) => ({
-  variables: {
-    ruleUri
-  },
-  mutation: gql`
-    mutation DeleteDatasetQualityRule($ruleUri: String!) {
-      deleteDatasetQualityRule(ruleUri: $ruleUri)
-    }
-  `
-});
-
-export default deleteDatasetQualityRule;
diff --git a/frontend/src/api/DatasetQualityRule/getDatasetQualityRule.js b/frontend/src/api/DatasetQualityRule/getDatasetQualityRule.js
deleted file mode 100644
index 038d229c5..000000000
--- a/frontend/src/api/DatasetQualityRule/getDatasetQualityRule.js
+++ /dev/null
@@ -1,21 +0,0 @@
-import { gql } from 'apollo-boost';
-
-const getDatasetQualityRule = (ruleUri) => ({
-  variables: {
-    ruleUri
-  },
-  query: gql`
-    query GetDatasetQualityRule($ruleUri: String!) {
-      getDatasetQualityRule(ruleUri: $ruleUri) {
-        ruleUri
-        name
-        label
-        description
-        created
-        query
-      }
-    }
-  `
-});
-
-export default getDatasetQualityRule;
diff --git a/frontend/src/api/DatasetQualityRule/listDatasetQualityRules.js b/frontend/src/api/DatasetQualityRule/listDatasetQualityRules.js
deleted file mode 100644
index 7e7aecd91..000000000
--- a/frontend/src/api/DatasetQualityRule/listDatasetQualityRules.js
+++ /dev/null
@@ -1,32 +0,0 @@
-import { gql } from 'apollo-boost';
-
-const listDatasetQualityRules = ({ datasetUri, filter }) => ({
-  variables: {
-    datasetUri,
-    filter
-  },
-  query: gql`
-    query ListDatasetQualityRules(
-      $datasetUri: String!
-      $filter: DatasetQualityRuleFilter
-    ) {
-      listDatasetQualityRules(datasetUri: $datasetUri, filter: $filter) {
-        count
-        page
-        pages
-        hasNext
-        hasPrevious
-        nodes {
-          ruleUri
-          name
-          label
-          description
-          created
-          query
-        }
-      }
-    }
-  `
-});
-
-export default listDatasetQualityRules;
diff --git a/frontend/src/api/DatasetQualityRule/updateDatasetQualityRule.js b/frontend/src/api/DatasetQualityRule/updateDatasetQualityRule.js
deleted file mode 100644
index e03fd63ed..000000000
--- a/frontend/src/api/DatasetQualityRule/updateDatasetQualityRule.js
+++ /dev/null
@@ -1,25 +0,0 @@
-import { gql } from 'apollo-boost';
-
-const updateDatasetQualityRule = ({ ruleUri, input }) => ({
-  variables: {
-    ruleUri,
-    input
-  },
-  mutation: gql`
-    mutation UpdateDatasetQualityRule(
-      $ruleUri: String!
-      $input: ModifyDatasetQualityRuleInput
-    ) {
-      updateDatasetQualityRule(ruleUri: $ruleUri, input: $input) {
-        ruleUri
-        name
-        label
-        description
-        created
-        query
-      }
-    }
-  `
-});
-
-export default updateDatasetQualityRule;

From 972d5339d5b00446ede8910865f8418105527469 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 2 Jun 2023 10:18:05 +0200
Subject: [PATCH 271/346] Fixed linting

---
 backend/dataall/modules/datasets/__init__.py                | 4 ----
 backend/dataall/modules/datasets/api/profiling/resolvers.py | 1 +
 2 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/backend/dataall/modules/datasets/__init__.py b/backend/dataall/modules/datasets/__init__.py
index d7a7e6cae..921dee297 100644
--- a/backend/dataall/modules/datasets/__init__.py
+++ b/backend/dataall/modules/datasets/__init__.py
@@ -110,10 +110,6 @@ def __init__(self):
 
         log.info("Dataset stacks have been imported")
 
-    @staticmethod
-    def depends_on() -> List[Type['ModuleInterface']]:
-        return [DatasetBaseModuleInterface]
-
 
 class DatasetStackUpdaterModuleInterface(ModuleInterface):
 
diff --git a/backend/dataall/modules/datasets/api/profiling/resolvers.py b/backend/dataall/modules/datasets/api/profiling/resolvers.py
index 8db0581b5..e579627a9 100644
--- a/backend/dataall/modules/datasets/api/profiling/resolvers.py
+++ b/backend/dataall/modules/datasets/api/profiling/resolvers.py
@@ -40,6 +40,7 @@ def get_profiling_results(context: Context, source: DatasetProfilingRun):
     else:
         return json.dumps(source.results)
 
+
 def list_profiling_runs(context: Context, source, datasetUri=None):
     return DatasetProfilingService.list_profiling_runs(datasetUri)
 

From 4cc4e0f16ccab1ac18b06e1b05bd0060f6ae51b5 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 2 Jun 2023 10:20:54 +0200
Subject: [PATCH 272/346] Handler was not used

---
 .../modules/datasets/handlers/__init__.py     |  4 +---
 .../handlers/s3_folder_creator_handler.py     | 23 -------------------
 2 files changed, 1 insertion(+), 26 deletions(-)
 delete mode 100644 backend/dataall/modules/datasets/handlers/s3_folder_creator_handler.py

diff --git a/backend/dataall/modules/datasets/handlers/__init__.py b/backend/dataall/modules/datasets/handlers/__init__.py
index 6e5d2867c..ff59697b1 100644
--- a/backend/dataall/modules/datasets/handlers/__init__.py
+++ b/backend/dataall/modules/datasets/handlers/__init__.py
@@ -6,9 +6,7 @@
     glue_table_sync_handler,
     glue_table_handler,
     glue_profiling_handler,
-    s3_folder_creator_handler,
     glue_dataset_handler
 )
 
-__all__ = ["glue_table_sync_handler", "glue_table_handler", "glue_profiling_handler", "s3_folder_creator_handler",
-           "glue_dataset_handler"]
+__all__ = ["glue_table_sync_handler", "glue_table_handler", "glue_profiling_handler", "glue_dataset_handler"]
diff --git a/backend/dataall/modules/datasets/handlers/s3_folder_creator_handler.py b/backend/dataall/modules/datasets/handlers/s3_folder_creator_handler.py
deleted file mode 100644
index 86bc21d2b..000000000
--- a/backend/dataall/modules/datasets/handlers/s3_folder_creator_handler.py
+++ /dev/null
@@ -1,23 +0,0 @@
-import logging
-
-from dataall.aws.handlers.service_handlers import Worker
-from dataall.db import models
-from dataall.modules.datasets.aws.s3_location_client import S3LocationClient
-from dataall.modules.datasets.db.dataset_location_repository import DatasetLocationRepository
-
-log = logging.getLogger(__name__)
-
-
-class S3FolderCreatorHandler:
-    """Handles async requests related to s3 for dataset folders"""
-
-    @staticmethod
-    @Worker.handler(path='s3.prefix.create')
-    def create_dataset_location(engine, task: models.Task):
-        with engine.scoped_session() as session:
-            location = DatasetLocationRepository.get_location_by_uri(
-                session, task.targetUri
-            )
-            S3LocationClient(location).create_bucket_prefix()
-            location.locationCreated = True
-            return location

From fa165fbc0a0a37611703acd92aa97978a46c180d Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 2 Jun 2023 13:06:11 +0200
Subject: [PATCH 273/346] Fixed tests

---
 .../services/share_object_service.py          | 43 ++++++++++---------
 .../datasets/indexers/location_indexer.py     |  2 +-
 .../datasets/indexers/table_indexer.py        |  2 +-
 .../datasets/services/dataset_service.py      |  2 +-
 .../modules/datasets/test_dataset_indexers.py | 21 ++++-----
 5 files changed, 36 insertions(+), 34 deletions(-)

diff --git a/backend/dataall/modules/dataset_sharing/services/share_object_service.py b/backend/dataall/modules/dataset_sharing/services/share_object_service.py
index d90eed5d1..df38acc6a 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_object_service.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_object_service.py
@@ -26,9 +26,10 @@ def get_share_object(uri):
         with get_context().db_engine.scoped_session() as session:
             return ShareObjectRepository.get_share_by_uri(session, uri)
 
-    @staticmethod
+    @classmethod
     @has_resource_permission(CREATE_SHARE_OBJECT)
     def create_share_object(
+            cls,
             uri: str,
             dataset_uri: str,
             item_uri: str,
@@ -72,7 +73,7 @@ def create_share_object(
                     message=f'Team: {group_uri} is managing the dataset {dataset.name}',
                 )
 
-            ShareObjectService._validate_group_membership(session, group_uri, environment.environmentUri)
+            cls._validate_group_membership(session, group_uri, environment.environmentUri)
 
             share = ShareObjectRepository.find_share(session, dataset, environment, principal_id, group_uri)
             if not share:
@@ -131,10 +132,10 @@ def create_share_object(
             # requester group (groupUri)
             # dataset.SamlAdminGroupName
             # environment.SamlGroupName
-            ShareObjectService._attach_share_resource_policy(session, share, group_uri)
-            ShareObjectService._attach_share_resource_policy(session, share, dataset.SamlAdminGroupName)
+            cls._attach_share_resource_policy(session, share, group_uri)
+            cls._attach_share_resource_policy(session, share, dataset.SamlAdminGroupName)
             if dataset.SamlAdminGroupName != environment.SamlGroupName:
-                ShareObjectService._attach_share_resource_policy(session, share, environment.SamlGroupName)
+                cls._attach_share_resource_policy(session, share, environment.SamlGroupName)
 
             # Attaching REQUESTER permissions to:
             # dataset.stewards (includes the dataset Admins)
@@ -147,12 +148,12 @@ def create_share_object(
             )
             return share
 
-    @staticmethod
+    @classmethod
     @has_resource_permission(SUBMIT_SHARE_OBJECT)
-    def submit_share_object(uri: str):
+    def submit_share_object(cls, uri: str):
         context = get_context()
         with context.db_engine.scoped_session() as session:
-            share, dataset, states = ShareObjectService._get_share_data(session, uri)
+            share, dataset, states = cls._get_share_data(session, uri)
 
             valid_states = [ShareItemStatus.PendingApproval.value]
             valid_share_items_states = [x for x in valid_states if x in states]
@@ -163,19 +164,19 @@ def submit_share_object(uri: str):
                     message='The request is empty of pending items. Add items to share request.',
                 )
 
-            ShareObjectService._run_transitions(session, share, states, ShareObjectActions.Submit)
+            cls._run_transitions(session, share, states, ShareObjectActions.Submit)
             ShareNotificationService.notify_share_object_submission(
                 session, context.username, dataset, share
             )
             return share
 
-    @staticmethod
+    @classmethod
     @has_resource_permission(APPROVE_SHARE_OBJECT)
-    def approve_share_object(uri: str):
+    def approve_share_object(cls, uri: str):
         context = get_context()
         with context.db_engine.scoped_session() as session:
-            share, dataset, states = ShareObjectService._get_share_data(session, uri)
-            ShareObjectService._run_transitions(session, share, states, ShareObjectActions.Approve)
+            share, dataset, states = cls._get_share_data(session, uri)
+            cls._run_transitions(session, share, states, ShareObjectActions.Approve)
 
             # GET TABLES SHARED AND APPROVE SHARE FOR EACH TABLE
             share_table_items = ShareObjectRepository.find_all_share_items(session, uri, ShareableType.Table.value)
@@ -202,13 +203,13 @@ def approve_share_object(uri: str):
 
         return share
 
-    @staticmethod
+    @classmethod
     @has_resource_permission(REJECT_SHARE_OBJECT)
-    def reject_share_object(uri: str):
+    def reject_share_object(cls, uri: str):
         context = get_context()
         with context.db_engine.scoped_session() as session:
-            share, dataset, states = ShareObjectService._get_share_data(session, uri)
-            ShareObjectService._run_transitions(session, share, states, ShareObjectActions.Reject)
+            share, dataset, states = cls._get_share_data(session, uri)
+            cls._run_transitions(session, share, states, ShareObjectActions.Reject)
             ResourcePolicy.delete_resource_policy(
                 session=session,
                 group=share.groupUri,
@@ -218,14 +219,14 @@ def reject_share_object(uri: str):
             ShareNotificationService.notify_share_object_rejection(session, context.username, dataset, share)
             return share
 
-    @staticmethod
+    @classmethod
     @has_resource_permission(DELETE_SHARE_OBJECT)
-    def delete_share_object(uri: str):
+    def delete_share_object(cls, uri: str):
         with get_context().db_engine.scoped_session() as session:
-            share, dataset, states = ShareObjectService._get_share_data(session, uri)
+            share, dataset, states = cls._get_share_data(session, uri)
             shared_share_items_states = [x for x in ShareItemSM.get_share_item_shared_states() if x in states]
 
-            new_state = ShareObjectService._run_transitions(session, share, states, ShareObjectActions.Delete)
+            new_state = cls._run_transitions(session, share, states, ShareObjectActions.Delete)
             if shared_share_items_states:
                 raise ShareItemsFound(
                     action='Delete share object',
diff --git a/backend/dataall/modules/datasets/indexers/location_indexer.py b/backend/dataall/modules/datasets/indexers/location_indexer.py
index 7856e4bea..419990dc0 100644
--- a/backend/dataall/modules/datasets/indexers/location_indexer.py
+++ b/backend/dataall/modules/datasets/indexers/location_indexer.py
@@ -15,7 +15,7 @@ def upsert(cls, session, folder_uri: str):
         if folder:
             dataset = DatasetRepository.get_dataset_by_uri(session, folder.datasetUri)
             env = Environment.get_environment_by_uri(session, dataset.environmentUri)
-            org = Organization.get_organization_by_uri(session, dataset.environmentUri)
+            org = Organization.get_organization_by_uri(session, dataset.organizationUri)
             glossary = BaseIndexer._get_target_glossary_terms(session, folder_uri)
 
             BaseIndexer._index(
diff --git a/backend/dataall/modules/datasets/indexers/table_indexer.py b/backend/dataall/modules/datasets/indexers/table_indexer.py
index ca0b0b88d..a5dd1fb0e 100644
--- a/backend/dataall/modules/datasets/indexers/table_indexer.py
+++ b/backend/dataall/modules/datasets/indexers/table_indexer.py
@@ -19,7 +19,7 @@ def upsert(cls, session, table_uri: str):
         if table:
             dataset = DatasetRepository.get_dataset_by_uri(session, table.datasetUri)
             env = Environment.get_environment_by_uri(session, dataset.environmentUri)
-            org = Organization.get_organization_by_uri(session, dataset.environmentUri)
+            org = Organization.get_organization_by_uri(session, dataset.organizationUri)
             glossary = BaseIndexer._get_target_glossary_terms(session, table_uri)
 
             tags = table.tags if table.tags else []
diff --git a/backend/dataall/modules/datasets/services/dataset_service.py b/backend/dataall/modules/datasets/services/dataset_service.py
index f3b0914d9..62701e667 100644
--- a/backend/dataall/modules/datasets/services/dataset_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_service.py
@@ -20,7 +20,7 @@
 from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
 from dataall.modules.datasets.services.dataset_permissions import CREDENTIALS_DATASET, SYNC_DATASET, CRAWL_DATASET, \
-    DELETE_DATASET, SUBSCRIPTIONS_DATASET, MANAGE_DATASETS, UPDATE_DATASET, LIST_ENVIRONMENT_DATASETS, \
+    DELETE_DATASET, MANAGE_DATASETS, UPDATE_DATASET, LIST_ENVIRONMENT_DATASETS, \
     CREATE_DATASET, DATASET_ALL, DATASET_READ
 from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base.db.enums import DatasetRole
diff --git a/tests/modules/datasets/test_dataset_indexers.py b/tests/modules/datasets/test_dataset_indexers.py
index 4dc979681..10c61e92f 100644
--- a/tests/modules/datasets/test_dataset_indexers.py
+++ b/tests/modules/datasets/test_dataset_indexers.py
@@ -104,6 +104,11 @@ def folder(org, env, db, dataset):
     yield location
 
 
+@pytest.fixture(scope='function', autouse=True)
+def patch_methods(mocker):
+    mocker.patch('dataall.searchproxy.base_indexer.BaseIndexer._index', return_value={})
+
+
 def test_es_request():
     body = '{"preference":"SearchResult"}\n{"query":{"match_all":{}},"size":8,"_source":{"includes":["*"],"excludes":[]},"from":0}\n'
     body = body.split('\n')
@@ -121,8 +126,7 @@ def test_es_request():
     }
 
 
-def test_upsert_dataset(db, dataset, env, mocker):
-    mocker.patch('dataall.searchproxy.base_indexer.BaseIndexer._index', return_value={})
+def test_upsert_dataset(db, dataset, env):
     with db.scoped_session() as session:
         dataset_indexed = DatasetIndexer.upsert(
             session, dataset_uri=dataset.datasetUri
@@ -130,24 +134,21 @@ def test_upsert_dataset(db, dataset, env, mocker):
         assert dataset_indexed.datasetUri == dataset.datasetUri
 
 
-def test_upsert_table(db, dataset, env, mocker, table):
-    mocker.patch('dataall.searchproxy.base_indexer.BaseIndexer._index', return_value={})
+def test_upsert_table(db, dataset, env, table):
     with db.scoped_session() as session:
         table_indexed = DatasetTableIndexer.upsert(session, table_uri=table.tableUri)
-        assert table_indexed.uri == table.tableUri
+        assert table_indexed.tableUri == table.tableUri
 
 
-def test_upsert_folder(db, dataset, env, mocker, folder):
-    mocker.patch('dataall.searchproxy.base_indexer.BaseIndexer._index', return_value={})
+def test_upsert_folder(db, dataset, env, folder):
     with db.scoped_session() as session:
         folder_indexed = DatasetLocationIndexer.upsert(
             session=session, folder_uri=folder.locationUri
         )
-        assert folder_indexed.uri == folder.locationUri
+        assert folder_indexed.locationUri == folder.locationUri
 
 
-def test_upsert_tables(db, dataset, env, mocker, folder):
-    mocker.patch('dataall.searchproxy.base_indexer.BaseIndexer._index', return_value={})
+def test_upsert_tables(db, dataset, env, folder):
     with db.scoped_session() as session:
         tables = DatasetTableIndexer.upsert_all(
             session, dataset_uri=dataset.datasetUri

From d493a7024cbe3ae0e6f33edbef07005e13603643 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 2 Jun 2023 14:55:49 +0200
Subject: [PATCH 274/346] Added more logging

---
 backend/dataall/modules/datasets/__init__.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/backend/dataall/modules/datasets/__init__.py b/backend/dataall/modules/datasets/__init__.py
index 921dee297..642649dc8 100644
--- a/backend/dataall/modules/datasets/__init__.py
+++ b/backend/dataall/modules/datasets/__init__.py
@@ -132,6 +132,7 @@ def find_stack_uris(self, session) -> List[str]:
                 return [dataset.datasetUri for dataset in all_datasets]
 
         register_stack_finder(DatasetStackFinder())
+        log.info("Dataset stack updater task has been loaded")
 
 
 class DatasetCatalogIndexerModuleInterface(ModuleInterface):
@@ -149,3 +150,4 @@ def __init__(self):
         from dataall.modules.datasets.indexers.catalog_indexer import DatasetCatalogIndexer
 
         register_catalog_indexer(DatasetCatalogIndexer())
+        log.info("Dataset catalog indexer task has been loaded")

From 684eb49d4901b5f57236e84ca3dd19b98ff2a789 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 2 Jun 2023 17:04:42 +0200
Subject: [PATCH 275/346] Removed unused method

---
 .../modules/datasets/api/dataset/resolvers.py     |  4 ----
 .../modules/datasets/services/dataset_service.py  | 15 ---------------
 2 files changed, 19 deletions(-)

diff --git a/backend/dataall/modules/datasets/api/dataset/resolvers.py b/backend/dataall/modules/datasets/api/dataset/resolvers.py
index e42967485..98555e0c5 100644
--- a/backend/dataall/modules/datasets/api/dataset/resolvers.py
+++ b/backend/dataall/modules/datasets/api/dataset/resolvers.py
@@ -155,10 +155,6 @@ def get_dataset_stack(context: Context, source: Dataset, **kwargs):
     )
 
 
-def get_crawler(context, source, datasetUri: str = None, name: str = None):
-    return DatasetService.get_crawler(uri=datasetUri, name=name)
-
-
 def delete_dataset(
     context: Context, source, datasetUri: str = None, deleteFromAWS: bool = False
 ):
diff --git a/backend/dataall/modules/datasets/services/dataset_service.py b/backend/dataall/modules/datasets/services/dataset_service.py
index 62701e667..5e5a062ea 100644
--- a/backend/dataall/modules/datasets/services/dataset_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_service.py
@@ -334,21 +334,6 @@ def get_dataset_stack(dataset: Dataset):
             environmentUri=dataset.environmentUri,
         )
 
-    @staticmethod
-    @has_resource_permission(CRAWL_DATASET)
-    def get_crawler(uri: str, name: str):
-        context = get_context()
-        with context.db_engine.scoped_session() as session:
-            dataset = DatasetRepository.get_dataset_by_uri(session, uri)
-
-        response = DatasetCrawler(dataset).get_crawler(crawler_name=name)
-        return {
-            'Name': name,
-            'AwsAccountId': dataset.AwsAccountId,
-            'region': dataset.region,
-            'status': response.get('LastCrawl', {}).get('Status', 'N/A'),
-        }
-
     @staticmethod
     @has_resource_permission(DELETE_DATASET)
     def delete_dataset(uri: str, delete_from_aws: bool = False):

From be05244cb70392d9776a79ce23bea7face233f31 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 5 Jun 2023 10:51:05 +0200
Subject: [PATCH 276/346] Replaced process with queue

---
 .../dataall/modules/datasets/services/dataset_column_service.py | 2 +-
 .../modules/datasets/services/dataset_profiling_service.py      | 2 +-
 backend/dataall/modules/datasets/services/dataset_service.py    | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/backend/dataall/modules/datasets/services/dataset_column_service.py b/backend/dataall/modules/datasets/services/dataset_column_service.py
index b3bf0b839..ff6f425de 100644
--- a/backend/dataall/modules/datasets/services/dataset_column_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_column_service.py
@@ -23,7 +23,7 @@ def sync_table_columns(table_uri: str):
             DatasetColumnService._check_resource_permission(session, table_uri, UPDATE_DATASET_TABLE)
             task = models.Task(action='glue.table.columns', targetUri=table_uri)
             session.add(task)
-        Worker.process(engine=context.db_engine, task_ids=[task.taskUri], save_response=False)
+        Worker.queue(engine=context.db_engine, task_ids=[task.taskUri], save_response=False)
         return DatasetColumnService.paginate_active_columns_for_table(table_uri, {})
 
     @staticmethod
diff --git a/backend/dataall/modules/datasets/services/dataset_profiling_service.py b/backend/dataall/modules/datasets/services/dataset_profiling_service.py
index 69a9f83ea..51a88918d 100644
--- a/backend/dataall/modules/datasets/services/dataset_profiling_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_profiling_service.py
@@ -44,7 +44,7 @@ def start_profiling_run(uri, table_uri, glue_table_name):
             )
             session.add(task)
 
-        Worker.process(engine=context.db_engine, task_ids=[task.taskUri])
+        Worker.queue(engine=context.db_engine, task_ids=[task.taskUri])
 
         return run
 
diff --git a/backend/dataall/modules/datasets/services/dataset_service.py b/backend/dataall/modules/datasets/services/dataset_service.py
index 5e5a062ea..effee1786 100644
--- a/backend/dataall/modules/datasets/services/dataset_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_service.py
@@ -250,7 +250,7 @@ def sync_tables(uri):
                 targetUri=dataset.datasetUri,
             )
             session.add(task)
-        Worker.process(engine=context.db_engine, task_ids=[task.taskUri], save_response=False)
+        Worker.queue(engine=context.db_engine, task_ids=[task.taskUri], save_response=False)
         with context.db_engine.scoped_session() as session:
             DatasetTableIndexer.upsert_all(
                 session=session, dataset_uri=dataset.datasetUri

From f9cf61abb5081f9964100b86a09c10042e02a615 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 5 Jun 2023 14:52:01 +0200
Subject: [PATCH 277/346] There was a nasty bug. It turns out that
 __main__.ClassName is not the same as real_path.ClassName Fixed by extracting
 common code in the different locations

---
 backend/dataall/core/catalog/__init__.py      |  0
 .../dataall/core/catalog/catalog_indexer.py   | 16 +++++++++++++
 backend/dataall/core/stack_finder.py          | 17 ++++++++++++++
 backend/dataall/modules/datasets/__init__.py  | 17 ++++----------
 ..._indexer.py => dataset_catalog_indexer.py} | 11 ++++++---
 .../datasets/tasks/dataset_stack_finder.py    | 19 +++++++++++++++
 ...log_indexer.py => catalog_indexer_task.py} | 21 ++++-------------
 backend/dataall/tasks/stacks_updater.py       | 23 ++++---------------
 deploy/stacks/container.py                    |  2 +-
 9 files changed, 74 insertions(+), 52 deletions(-)
 create mode 100644 backend/dataall/core/catalog/__init__.py
 create mode 100644 backend/dataall/core/catalog/catalog_indexer.py
 create mode 100644 backend/dataall/core/stack_finder.py
 rename backend/dataall/modules/datasets/indexers/{catalog_indexer.py => dataset_catalog_indexer.py} (70%)
 create mode 100644 backend/dataall/modules/datasets/tasks/dataset_stack_finder.py
 rename backend/dataall/tasks/{catalog_indexer.py => catalog_indexer_task.py} (78%)

diff --git a/backend/dataall/core/catalog/__init__.py b/backend/dataall/core/catalog/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/backend/dataall/core/catalog/catalog_indexer.py b/backend/dataall/core/catalog/catalog_indexer.py
new file mode 100644
index 000000000..1273cc414
--- /dev/null
+++ b/backend/dataall/core/catalog/catalog_indexer.py
@@ -0,0 +1,16 @@
+from abc import ABC
+from typing import List
+
+
+class CatalogIndexer(ABC):
+    _INDEXERS: List['CatalogIndexer'] = []
+
+    def __init__(self):
+        CatalogIndexer._INDEXERS.append(self)
+
+    @staticmethod
+    def all():
+        return CatalogIndexer._INDEXERS
+
+    def index(self, session) -> int:
+        raise NotImplementedError("index is not implemented")
\ No newline at end of file
diff --git a/backend/dataall/core/stack_finder.py b/backend/dataall/core/stack_finder.py
new file mode 100644
index 000000000..f6ee07db2
--- /dev/null
+++ b/backend/dataall/core/stack_finder.py
@@ -0,0 +1,17 @@
+from abc import ABC
+from typing import List
+
+
+class StackFinder(ABC):
+    _FINDERS: List['StackFinder'] = []
+
+    @staticmethod
+    def all():
+        return StackFinder._FINDERS
+
+    def __init__(self):
+        StackFinder._FINDERS.append(self)
+
+    def find_stack_uris(self, session) -> List[str]:
+        """Finds stacks to update"""
+        raise NotImplementedError("retrieve_stack_uris is not implemented")
diff --git a/backend/dataall/modules/datasets/__init__.py b/backend/dataall/modules/datasets/__init__.py
index 642649dc8..f5fa35b4a 100644
--- a/backend/dataall/modules/datasets/__init__.py
+++ b/backend/dataall/modules/datasets/__init__.py
@@ -2,6 +2,7 @@
 import logging
 from typing import List, Type, Set
 
+from dataall.core.catalog.catalog_indexer import CatalogIndexer
 from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base import DatasetBaseModuleInterface
 from dataall.modules.datasets_base.db.models import DatasetTableColumn, DatasetStorageLocation, DatasetTable, Dataset
@@ -122,16 +123,9 @@ def depends_on() -> List[Type['ModuleInterface']]:
         return [DatasetBaseModuleInterface]
 
     def __init__(self):
-        from dataall.tasks.stacks_updater import StackFinder
-        from dataall.tasks.stacks_updater import register_stack_finder
+        from dataall.modules.datasets.tasks.dataset_stack_finder import DatasetStackFinder
 
-        class DatasetStackFinder(StackFinder):
-            def find_stack_uris(self, session) -> List[str]:
-                all_datasets: [Dataset] = DatasetRepository.list_all_active_datasets(session)
-                log.info(f'Found {len(all_datasets)} datasets')
-                return [dataset.datasetUri for dataset in all_datasets]
-
-        register_stack_finder(DatasetStackFinder())
+        DatasetStackFinder()
         log.info("Dataset stack updater task has been loaded")
 
 
@@ -146,8 +140,7 @@ def depends_on() -> List[Type['ModuleInterface']]:
         return [DatasetBaseModuleInterface]
 
     def __init__(self):
-        from dataall.tasks.catalog_indexer import register_catalog_indexer
-        from dataall.modules.datasets.indexers.catalog_indexer import DatasetCatalogIndexer
+        from dataall.modules.datasets.indexers.dataset_catalog_indexer import DatasetCatalogIndexer
 
-        register_catalog_indexer(DatasetCatalogIndexer())
+        DatasetCatalogIndexer()
         log.info("Dataset catalog indexer task has been loaded")
diff --git a/backend/dataall/modules/datasets/indexers/catalog_indexer.py b/backend/dataall/modules/datasets/indexers/dataset_catalog_indexer.py
similarity index 70%
rename from backend/dataall/modules/datasets/indexers/catalog_indexer.py
rename to backend/dataall/modules/datasets/indexers/dataset_catalog_indexer.py
index cf573548b..00d1fe8a4 100644
--- a/backend/dataall/modules/datasets/indexers/catalog_indexer.py
+++ b/backend/dataall/modules/datasets/indexers/dataset_catalog_indexer.py
@@ -4,18 +4,23 @@
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
 from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base.db.models import Dataset
-from dataall.tasks.catalog_indexer import CatalogIndexer
+from dataall.tasks.catalog_indexer_task import CatalogIndexer
 
 log = logging.getLogger(__name__)
 
 
 class DatasetCatalogIndexer(CatalogIndexer):
+    """
+       Dataset indexer for the catalog. Indexes all tables and folders of datasets
+       Register automatically itself when CatalogIndexer instance is created
+    """
 
     def index(self, session) -> int:
         all_datasets: [Dataset] = DatasetRepository.list_all_active_datasets(session)
         log.info(f'Found {len(all_datasets)} datasets')
-        dataset: Dataset
+        indexed = 0
         for dataset in all_datasets:
             tables = DatasetTableIndexer.upsert_all(session, dataset.datasetUri)
             folders = DatasetLocationIndexer.upsert_all(session, dataset_uri=dataset.datasetUri)
-            return len(tables) + len(folders) + 1
+            indexed += len(tables) + len(folders) + 1
+        return indexed
diff --git a/backend/dataall/modules/datasets/tasks/dataset_stack_finder.py b/backend/dataall/modules/datasets/tasks/dataset_stack_finder.py
new file mode 100644
index 000000000..8d74b5fd2
--- /dev/null
+++ b/backend/dataall/modules/datasets/tasks/dataset_stack_finder.py
@@ -0,0 +1,19 @@
+import logging
+from typing import List
+
+from dataall.core.stack_finder import StackFinder
+from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
+from dataall.modules.datasets_base.db.models import Dataset
+
+log = logging.getLogger(__name__)
+
+
+class DatasetStackFinder(StackFinder):
+    """
+    Dataset stack finder. Looks for datasets stack to update
+    Register automatically itself when StackFinder instance is created
+    """
+    def find_stack_uris(self, session) -> List[str]:
+        all_datasets: [Dataset] = DatasetRepository.list_all_active_datasets(session)
+        log.info(f'Found {len(all_datasets)} datasets')
+        return [dataset.datasetUri for dataset in all_datasets]
diff --git a/backend/dataall/tasks/catalog_indexer.py b/backend/dataall/tasks/catalog_indexer_task.py
similarity index 78%
rename from backend/dataall/tasks/catalog_indexer.py
rename to backend/dataall/tasks/catalog_indexer_task.py
index 99313d5a8..e25f0902d 100644
--- a/backend/dataall/tasks/catalog_indexer.py
+++ b/backend/dataall/tasks/catalog_indexer_task.py
@@ -1,9 +1,8 @@
 import logging
 import os
 import sys
-from abc import ABC
-from typing import List
 
+from dataall.core.catalog.catalog_indexer import CatalogIndexer
 from dataall.db import get_engine, models
 from dataall.modules.loader import load_modules, ImportMode
 from dataall.searchproxy.indexers import DashboardIndexer
@@ -15,26 +14,12 @@
     root.addHandler(logging.StreamHandler(sys.stdout))
 log = logging.getLogger(__name__)
 
-load_modules({ImportMode.CATALOG_INDEXER_TASK})
-
-
-class CatalogIndexer(ABC):
-    def index(self, session) -> int:
-        raise NotImplementedError("index is not implemented")
-
-
-_indexers: List[CatalogIndexer] = []
-
-
-def register_catalog_indexer(indexer: CatalogIndexer):
-    _indexers.append(indexer)
-
 
 def index_objects(engine):
     try:
         indexed_objects_counter = 0
         with engine.scoped_session() as session:
-            for indexer in _indexers:
+            for indexer in CatalogIndexer.all():
                 indexed_objects_counter += indexer.index(session)
 
             all_dashboards: [models.Dashboard] = session.query(models.Dashboard).all()
@@ -54,4 +39,6 @@ def index_objects(engine):
 if __name__ == '__main__':
     ENVNAME = os.environ.get('envname', 'local')
     ENGINE = get_engine(envname=ENVNAME)
+
+    load_modules({ImportMode.CATALOG_INDEXER_TASK})
     index_objects(engine=ENGINE)
diff --git a/backend/dataall/tasks/stacks_updater.py b/backend/dataall/tasks/stacks_updater.py
index 535e42d30..646263441 100644
--- a/backend/dataall/tasks/stacks_updater.py
+++ b/backend/dataall/tasks/stacks_updater.py
@@ -2,9 +2,8 @@
 import os
 import sys
 import time
-from abc import ABC
-from typing import List
 
+from dataall.core.stack_finder import StackFinder
 from dataall.modules.loader import ImportMode, load_modules
 from dataall import db
 from dataall.db import models
@@ -22,27 +21,11 @@
 SLEEP_TIME = 30
 
 
-load_modules({ImportMode.STACK_UPDATER_TASK})
-
-
-class StackFinder(ABC):
-    def find_stack_uris(self, session) -> List[str]:
-        """Finds stacks to update"""
-        raise NotImplementedError("retrieve_stack_uris is not implemented")
-
-
-_finders: List[StackFinder] = []
-
-
-def register_stack_finder(finder: StackFinder):
-    _finders.append(finder)
-
-
 def update_stacks(engine, envname):
     with engine.scoped_session() as session:
         all_environments: [models.Environment] = db.api.Environment.list_all_active_environments(session)
         additional_stacks = []
-        for finder in _finders:
+        for finder in StackFinder.all():
             additional_stacks.extend(finder.find_stack_uris(session))
 
         log.info(f'Found {len(all_environments)} environments, triggering update stack tasks...')
@@ -82,4 +65,6 @@ def update_stack(session, envname, target_uri, wait=False):
 if __name__ == '__main__':
     envname = os.environ.get('envname', 'local')
     engine = get_engine(envname=envname)
+
+    load_modules({ImportMode.STACK_UPDATER_TASK})
     update_stacks(engine=engine, envname=envname)
diff --git a/deploy/stacks/container.py b/deploy/stacks/container.py
index c6f8ace1b..845a3429d 100644
--- a/deploy/stacks/container.py
+++ b/deploy/stacks/container.py
@@ -118,7 +118,7 @@ def __init__(
 
         catalog_indexer_task, catalog_indexer_task_def = self.set_scheduled_task(
             cluster=cluster,
-            command=['python3.8', '-m', 'dataall.tasks.catalog_indexer'],
+            command=['python3.8', '-m', 'dataall.tasks.catalog_indexer_task'],
             container_id=f'container',
             ecr_repository=ecr_repository,
             environment=self._create_env('INFO'),

From c5180c27e4a28a6b36ffa1b38e45f3a065393ca5 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 5 Jun 2023 15:01:21 +0200
Subject: [PATCH 278/346] Removed used arguments

---
 .../dataall/modules/datasets/services/dataset_column_service.py | 2 +-
 backend/dataall/modules/datasets/services/dataset_service.py    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/backend/dataall/modules/datasets/services/dataset_column_service.py b/backend/dataall/modules/datasets/services/dataset_column_service.py
index ff6f425de..955d60b95 100644
--- a/backend/dataall/modules/datasets/services/dataset_column_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_column_service.py
@@ -23,7 +23,7 @@ def sync_table_columns(table_uri: str):
             DatasetColumnService._check_resource_permission(session, table_uri, UPDATE_DATASET_TABLE)
             task = models.Task(action='glue.table.columns', targetUri=table_uri)
             session.add(task)
-        Worker.queue(engine=context.db_engine, task_ids=[task.taskUri], save_response=False)
+        Worker.queue(engine=context.db_engine, task_ids=[task.taskUri])
         return DatasetColumnService.paginate_active_columns_for_table(table_uri, {})
 
     @staticmethod
diff --git a/backend/dataall/modules/datasets/services/dataset_service.py b/backend/dataall/modules/datasets/services/dataset_service.py
index effee1786..bc6ed4ef4 100644
--- a/backend/dataall/modules/datasets/services/dataset_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_service.py
@@ -250,7 +250,7 @@ def sync_tables(uri):
                 targetUri=dataset.datasetUri,
             )
             session.add(task)
-        Worker.queue(engine=context.db_engine, task_ids=[task.taskUri], save_response=False)
+        Worker.queue(engine=context.db_engine, task_ids=[task.taskUri])
         with context.db_engine.scoped_session() as session:
             DatasetTableIndexer.upsert_all(
                 session=session, dataset_uri=dataset.datasetUri

From 1d6a7b069bfed6016e35340f99d6c6b5ee74c2db Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 5 Jun 2023 15:46:16 +0200
Subject: [PATCH 279/346] Added missed dataset feed target

---
 backend/dataall/modules/datasets/__init__.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/backend/dataall/modules/datasets/__init__.py b/backend/dataall/modules/datasets/__init__.py
index f5fa35b4a..055c4f7ca 100644
--- a/backend/dataall/modules/datasets/__init__.py
+++ b/backend/dataall/modules/datasets/__init__.py
@@ -41,6 +41,7 @@ def __init__(self):
         FeedRegistry.register(FeedDefinition("DatasetTableColumn", DatasetTableColumn))
         FeedRegistry.register(FeedDefinition("DatasetStorageLocation", DatasetStorageLocation))
         FeedRegistry.register(FeedDefinition("DatasetTable", DatasetTable))
+        FeedRegistry.register(FeedDefinition("Dataset", Dataset))
 
         GlossaryRegistry.register(GlossaryDefinition("Column", "DatasetTableColumn", DatasetTableColumn))
         GlossaryRegistry.register(GlossaryDefinition(

From 0ab3cf32d0b173a241d40d4f99f4aecec45deb5e Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 9 Jun 2023 15:11:13 +0200
Subject: [PATCH 280/346] Returned synchronous code back

---
 .../dataall/modules/datasets/services/dataset_column_service.py | 2 +-
 .../modules/datasets/services/dataset_profiling_service.py      | 2 +-
 backend/dataall/modules/datasets/services/dataset_service.py    | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/backend/dataall/modules/datasets/services/dataset_column_service.py b/backend/dataall/modules/datasets/services/dataset_column_service.py
index 955d60b95..0daaca247 100644
--- a/backend/dataall/modules/datasets/services/dataset_column_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_column_service.py
@@ -23,7 +23,7 @@ def sync_table_columns(table_uri: str):
             DatasetColumnService._check_resource_permission(session, table_uri, UPDATE_DATASET_TABLE)
             task = models.Task(action='glue.table.columns', targetUri=table_uri)
             session.add(task)
-        Worker.queue(engine=context.db_engine, task_ids=[task.taskUri])
+        Worker.process(engine=context.db_engine, task_ids=[task.taskUri])
         return DatasetColumnService.paginate_active_columns_for_table(table_uri, {})
 
     @staticmethod
diff --git a/backend/dataall/modules/datasets/services/dataset_profiling_service.py b/backend/dataall/modules/datasets/services/dataset_profiling_service.py
index 51a88918d..69a9f83ea 100644
--- a/backend/dataall/modules/datasets/services/dataset_profiling_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_profiling_service.py
@@ -44,7 +44,7 @@ def start_profiling_run(uri, table_uri, glue_table_name):
             )
             session.add(task)
 
-        Worker.queue(engine=context.db_engine, task_ids=[task.taskUri])
+        Worker.process(engine=context.db_engine, task_ids=[task.taskUri])
 
         return run
 
diff --git a/backend/dataall/modules/datasets/services/dataset_service.py b/backend/dataall/modules/datasets/services/dataset_service.py
index bc6ed4ef4..4d496cf47 100644
--- a/backend/dataall/modules/datasets/services/dataset_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_service.py
@@ -250,7 +250,7 @@ def sync_tables(uri):
                 targetUri=dataset.datasetUri,
             )
             session.add(task)
-        Worker.queue(engine=context.db_engine, task_ids=[task.taskUri])
+        Worker.process(engine=context.db_engine, task_ids=[task.taskUri])
         with context.db_engine.scoped_session() as session:
             DatasetTableIndexer.upsert_all(
                 session=session, dataset_uri=dataset.datasetUri

From d19761cb4c132fe05ba642f57f5a1146c2aa498a Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 9 Jun 2023 15:17:46 +0200
Subject: [PATCH 281/346] Moved sync method to table API

---
 .../modules/datasets/api/dataset/mutations.py |  9 -------
 .../modules/datasets/api/dataset/resolvers.py |  4 ----
 .../modules/datasets/api/table/mutations.py   | 11 +++++++--
 .../modules/datasets/api/table/resolvers.py   |  4 ++++
 .../datasets/services/dataset_service.py      | 24 -------------------
 .../services/dataset_table_service.py         | 24 ++++++++++++++++---
 6 files changed, 34 insertions(+), 42 deletions(-)

diff --git a/backend/dataall/modules/datasets/api/dataset/mutations.py b/backend/dataall/modules/datasets/api/dataset/mutations.py
index bc63c6f88..075ec4d01 100644
--- a/backend/dataall/modules/datasets/api/dataset/mutations.py
+++ b/backend/dataall/modules/datasets/api/dataset/mutations.py
@@ -7,7 +7,6 @@
 from dataall.modules.datasets.api.dataset.resolvers import (
     create_dataset,
     update_dataset,
-    sync_tables,
     generate_dataset_access_token,
     delete_dataset,
     import_dataset,
@@ -33,14 +32,6 @@
     test_scope='Dataset',
 )
 
-syncTables = gql.MutationField(
-    name='syncTables',
-    args=[gql.Argument(name='datasetUri', type=gql.NonNullableType(gql.String))],
-    type=gql.Ref('DatasetTableSearchResult'),
-    resolver=sync_tables,
-)
-
-
 generateDatasetAccessToken = gql.MutationField(
     name='generateDatasetAccessToken',
     args=[gql.Argument(name='datasetUri', type=gql.NonNullableType(gql.String))],
diff --git a/backend/dataall/modules/datasets/api/dataset/resolvers.py b/backend/dataall/modules/datasets/api/dataset/resolvers.py
index 98555e0c5..93f394468 100644
--- a/backend/dataall/modules/datasets/api/dataset/resolvers.py
+++ b/backend/dataall/modules/datasets/api/dataset/resolvers.py
@@ -126,10 +126,6 @@ def get_dataset_assume_role_url(context: Context, source, datasetUri: str = None
     return DatasetService.get_dataset_assume_role_url(uri=datasetUri)
 
 
-def sync_tables(context: Context, source, datasetUri: str = None):
-    return DatasetService.sync_tables(uri=datasetUri)
-
-
 def start_crawler(context: Context, source, datasetUri: str, input: dict = None):
     return DatasetService.start_crawler(uri=datasetUri, data=input)
 
diff --git a/backend/dataall/modules/datasets/api/table/mutations.py b/backend/dataall/modules/datasets/api/table/mutations.py
index 61b805cdd..16c4e09ac 100644
--- a/backend/dataall/modules/datasets/api/table/mutations.py
+++ b/backend/dataall/modules/datasets/api/table/mutations.py
@@ -1,8 +1,7 @@
 from dataall.api import gql
 from dataall.modules.datasets.api.table.input_types import ModifyDatasetTableInput
 from dataall.modules.datasets.api.table.resolvers import (
-    update_table,
-    delete_table,
+    update_table, delete_table, sync_tables,
 )
 
 updateDatasetTable = gql.MutationField(
@@ -21,3 +20,11 @@
     type=gql.Boolean,
     resolver=delete_table,
 )
+
+syncTables = gql.MutationField(
+    name='syncTables',
+    args=[gql.Argument(name='datasetUri', type=gql.NonNullableType(gql.String))],
+    type=gql.Ref('DatasetTableSearchResult'),
+    resolver=sync_tables,
+)
+
diff --git a/backend/dataall/modules/datasets/api/table/resolvers.py b/backend/dataall/modules/datasets/api/table/resolvers.py
index dbae3b818..c69a13c72 100644
--- a/backend/dataall/modules/datasets/api/table/resolvers.py
+++ b/backend/dataall/modules/datasets/api/table/resolvers.py
@@ -36,6 +36,10 @@ def get_glue_table_properties(context: Context, source: DatasetTable, **kwargs):
     return DatasetTableService.get_glue_table_properties(source.tableUri)
 
 
+def sync_tables(context: Context, source, datasetUri: str = None):
+    return DatasetTableService.sync_tables_for_dataset(uri=datasetUri)
+
+
 def resolve_dataset(context, source: DatasetTable, **kwargs):
     if not source:
         return None
diff --git a/backend/dataall/modules/datasets/services/dataset_service.py b/backend/dataall/modules/datasets/services/dataset_service.py
index 4d496cf47..549bc8f9a 100644
--- a/backend/dataall/modules/datasets/services/dataset_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_service.py
@@ -238,30 +238,6 @@ def get_dataset_assume_role_url(uri):
         )
         return url
 
-    @staticmethod
-    @has_resource_permission(SYNC_DATASET)
-    def sync_tables(uri):
-        context = get_context()
-        with context.db_engine.scoped_session() as session:
-            dataset = DatasetRepository.get_dataset_by_uri(session, uri)
-
-            task = Task(
-                action='glue.dataset.database.tables',
-                targetUri=dataset.datasetUri,
-            )
-            session.add(task)
-        Worker.process(engine=context.db_engine, task_ids=[task.taskUri])
-        with context.db_engine.scoped_session() as session:
-            DatasetTableIndexer.upsert_all(
-                session=session, dataset_uri=dataset.datasetUri
-            )
-            DatasetTableIndexer.remove_all_deleted(session=session, dataset_uri=dataset.datasetUri)
-            return DatasetRepository.paginated_dataset_tables(
-                session=session,
-                uri=uri,
-                data={'page': 1, 'pageSize': 10},
-            )
-
     @staticmethod
     @has_resource_permission(CRAWL_DATASET)
     def start_crawler(uri: str, data: dict = None):
diff --git a/backend/dataall/modules/datasets/services/dataset_table_service.py b/backend/dataall/modules/datasets/services/dataset_table_service.py
index d53236ce8..403247e7f 100644
--- a/backend/dataall/modules/datasets/services/dataset_table_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_table_service.py
@@ -1,19 +1,18 @@
 import logging
 
 
-from dataall.aws.handlers.service_handlers import Worker
 from dataall.core.context import get_context
 from dataall.core.permission_checker import has_resource_permission, has_tenant_permission
-from dataall.db import models
 from dataall.db.api import ResourcePolicy, Environment, Glossary
 from dataall.db.exceptions import ResourceShared
 from dataall.modules.dataset_sharing.db.share_object_repository import ShareObjectRepository
 from dataall.modules.datasets.aws.athena_table_client import AthenaTableClient
+from dataall.modules.datasets.aws.glue_dataset_client import DatasetCrawler
 from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
 from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
 from dataall.modules.datasets_base.db.enums import ConfidentialityClassification
 from dataall.modules.datasets.services.dataset_permissions import UPDATE_DATASET_TABLE, MANAGE_DATASETS, \
-    DELETE_DATASET_TABLE
+    DELETE_DATASET_TABLE, SYNC_DATASET
 from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 from dataall.modules.datasets_base.services.permissions import PREVIEW_DATASET_TABLE, DATASET_TABLE_READ
@@ -114,6 +113,25 @@ def list_shared_tables_by_env_dataset(dataset_uri: str, env_uri: str):
                 )
             ]
 
+    @classmethod
+    @has_resource_permission(SYNC_DATASET)
+    def sync_tables_for_dataset(cls, uri):
+        context = get_context()
+        with context.db_engine.scoped_session() as session:
+            dataset = DatasetRepository.get_dataset_by_uri(session, uri)
+
+            tables = DatasetCrawler(dataset).list_glue_database_tables()
+            cls.sync_existing_tables(session, dataset.datasetUri, glue_tables=tables)
+            DatasetTableIndexer.upsert_all(
+                session=session, dataset_uri=dataset.datasetUri
+            )
+            DatasetTableIndexer.remove_all_deleted(session=session, dataset_uri=dataset.datasetUri)
+            return DatasetRepository.paginated_dataset_tables(
+                session=session,
+                uri=uri,
+                data={'page': 1, 'pageSize': 10},
+            )
+
     @staticmethod
     def sync_existing_tables(session, dataset_uri, glue_tables=None):
         dataset: Dataset = DatasetRepository.get_dataset_by_uri(session, dataset_uri)

From d9c287209f003aad57cc9dbc95167efcdf565f93 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 9 Jun 2023 15:29:39 +0200
Subject: [PATCH 282/346] Replaced creation of the task with direct invokation
 of code

---
 .../modules/datasets/handlers/__init__.py     |  7 +--
 .../datasets/handlers/glue_table_handler.py   | 26 -----------
 .../handlers/glue_table_sync_handler.py       | 15 -------
 .../services/dataset_column_service.py        | 45 ++++++++++---------
 4 files changed, 27 insertions(+), 66 deletions(-)
 delete mode 100644 backend/dataall/modules/datasets/handlers/glue_table_handler.py

diff --git a/backend/dataall/modules/datasets/handlers/__init__.py b/backend/dataall/modules/datasets/handlers/__init__.py
index ff59697b1..ce055bc1b 100644
--- a/backend/dataall/modules/datasets/handlers/__init__.py
+++ b/backend/dataall/modules/datasets/handlers/__init__.py
@@ -3,10 +3,7 @@
 processing in a separate lambda function
 """
 from dataall.modules.datasets.handlers import (
-    glue_table_sync_handler,
-    glue_table_handler,
-    glue_profiling_handler,
-    glue_dataset_handler
+    glue_table_sync_handler, glue_profiling_handler, glue_dataset_handler
 )
 
-__all__ = ["glue_table_sync_handler", "glue_table_handler", "glue_profiling_handler", "glue_dataset_handler"]
+__all__ = ["glue_table_sync_handler", "glue_profiling_handler", "glue_dataset_handler"]
diff --git a/backend/dataall/modules/datasets/handlers/glue_table_handler.py b/backend/dataall/modules/datasets/handlers/glue_table_handler.py
deleted file mode 100644
index c67b8423d..000000000
--- a/backend/dataall/modules/datasets/handlers/glue_table_handler.py
+++ /dev/null
@@ -1,26 +0,0 @@
-import logging
-
-from dataall.aws.handlers.glue import Glue
-from dataall.aws.handlers.service_handlers import Worker
-from dataall.db import models
-from dataall.modules.datasets.aws.glue_dataset_client import DatasetCrawler
-from dataall.modules.datasets.services.dataset_table_service import DatasetTableService
-from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
-from dataall.modules.datasets_base.db.models import Dataset
-
-log = logging.getLogger(__name__)
-
-
-class DatasetTableSyncHandler:
-    """A handler for dataset table"""
-
-    @staticmethod
-    @Worker.handler(path='glue.dataset.database.tables')
-    def sync_existing_tables(engine, task: models.Task):
-        with engine.scoped_session() as session:
-            dataset: Dataset = DatasetRepository.get_dataset_by_uri(
-                session, task.targetUri
-            )
-            tables = DatasetCrawler(dataset).list_glue_database_tables()
-            DatasetTableService.sync_existing_tables(session, dataset.datasetUri, glue_tables=tables)
-            return tables
diff --git a/backend/dataall/modules/datasets/handlers/glue_table_sync_handler.py b/backend/dataall/modules/datasets/handlers/glue_table_sync_handler.py
index fa7441840..d0a283251 100644
--- a/backend/dataall/modules/datasets/handlers/glue_table_sync_handler.py
+++ b/backend/dataall/modules/datasets/handlers/glue_table_sync_handler.py
@@ -14,21 +14,6 @@
 class DatasetColumnGlueHandler:
     """A handler for dataset table columns"""
 
-    @staticmethod
-    @Worker.handler('glue.table.columns')
-    def get_table_columns(engine, task: models.Task):
-        with engine.scoped_session() as session:
-            dataset_table: DatasetTable = session.query(DatasetTable).get(
-                task.targetUri
-            )
-            aws = SessionHelper.remote_session(dataset_table.AWSAccountId)
-            glue_table = GlueTableClient(aws, dataset_table).get_table()
-
-            DatasetTableRepository.sync_table_columns(
-                session, dataset_table, glue_table['Table']
-            )
-        return True
-
     @staticmethod
     @Worker.handler('glue.table.update_column')
     def update_table_columns(engine, task: models.Task):
diff --git a/backend/dataall/modules/datasets/services/dataset_column_service.py b/backend/dataall/modules/datasets/services/dataset_column_service.py
index 0daaca247..a02a54a7c 100644
--- a/backend/dataall/modules/datasets/services/dataset_column_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_column_service.py
@@ -1,7 +1,10 @@
 from dataall.aws.handlers.service_handlers import Worker
+from dataall.aws.handlers.sts import SessionHelper
 from dataall.core.context import get_context
+from dataall.core.permission_checker import has_resource_permission
 from dataall.db import models
 from dataall.db.api import ResourcePolicy
+from dataall.modules.datasets.aws.glue_table_client import GlueTableClient
 from dataall.modules.datasets.db.dataset_column_repository import DatasetColumnRepository
 from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
 from dataall.modules.datasets.services.dataset_permissions import UPDATE_DATASET_TABLE
@@ -10,28 +13,41 @@
 
 class DatasetColumnService:
 
+    @staticmethod
+    def _get_table_uri(session, column_uri):
+        column: DatasetTableColumn = DatasetColumnRepository.get_column(session, column_uri)
+        return column.tableUri
+
+    @staticmethod
+    def _get_dataset_uri(session, table_uri):
+        table = DatasetTableRepository.get_dataset_table_by_uri(session, table_uri)
+        return table.datasetUri
+
     @staticmethod
     def paginate_active_columns_for_table(table_uri: str, filter=None):
         # TODO THERE WAS NO PERMISSION CHECK!!!
         with get_context().db_engine.scoped_session() as session:
             return DatasetColumnRepository.paginate_active_columns_for_table(session, table_uri, filter)
 
-    @staticmethod
-    def sync_table_columns(table_uri: str):
+    @classmethod
+    @has_resource_permission(UPDATE_DATASET_TABLE, parent_resource=_get_dataset_uri)
+    def sync_table_columns(cls, table_uri: str):
         context = get_context()
         with context.db_engine.scoped_session() as session:
-            DatasetColumnService._check_resource_permission(session, table_uri, UPDATE_DATASET_TABLE)
-            task = models.Task(action='glue.table.columns', targetUri=table_uri)
-            session.add(task)
-        Worker.process(engine=context.db_engine, task_ids=[task.taskUri])
-        return DatasetColumnService.paginate_active_columns_for_table(table_uri, {})
+            table: DatasetTable = DatasetTableRepository.get_dataset_table_by_uri(session, table_uri)
+            aws = SessionHelper.remote_session(table.AWSAccountId)
+            glue_table = GlueTableClient(aws, table).get_table()
+
+            DatasetTableRepository.sync_table_columns(
+                session, table, glue_table['Table']
+            )
+        return cls.paginate_active_columns_for_table(table_uri, {})
 
     @staticmethod
+    @has_resource_permission(UPDATE_DATASET_TABLE, parent_resource=_get_table_uri)
     def update_table_column_description(column_uri: str, description) -> DatasetTableColumn:
         with get_context().db_engine.scoped_session() as session:
             column: DatasetTableColumn = DatasetColumnRepository.get_column(session, column_uri)
-            DatasetColumnService._check_resource_permission(session, column.tableUri, UPDATE_DATASET_TABLE)
-
             column.description = description
 
             task = models.Task(
@@ -43,14 +59,3 @@ def update_table_column_description(column_uri: str, description) -> DatasetTabl
         Worker.queue(engine=get_context().db_engine, task_ids=[task.taskUri])
         return column
 
-    @staticmethod
-    def _check_resource_permission(session, table_uri: str, permission):
-        context = get_context()
-        table: DatasetTable = DatasetTableRepository.get_dataset_table_by_uri(session, table_uri)
-        ResourcePolicy.check_user_resource_permission(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            resource_uri=table.datasetUri,
-            permission_name=permission,
-        )

From 9064636bb3e0df23b9c41320580bbf449525643e Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 9 Jun 2023 15:32:57 +0200
Subject: [PATCH 283/346] Replaced creation of the task with direct invokation
 of code

---
 .../handlers/glue_profiling_handler.py        | 35 ++++---------------
 .../services/dataset_profiling_service.py     | 12 ++++---
 2 files changed, 14 insertions(+), 33 deletions(-)

diff --git a/backend/dataall/modules/datasets/handlers/glue_profiling_handler.py b/backend/dataall/modules/datasets/handlers/glue_profiling_handler.py
index d001311b7..df3f90d69 100644
--- a/backend/dataall/modules/datasets/handlers/glue_profiling_handler.py
+++ b/backend/dataall/modules/datasets/handlers/glue_profiling_handler.py
@@ -3,6 +3,7 @@
 from dataall.aws.handlers.service_handlers import Worker
 from dataall.db import models
 from dataall.modules.datasets.aws.glue_profiler_client import GlueDatasetProfilerClient
+from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base.db.models import DatasetProfilingRun, Dataset
 from dataall.modules.datasets.db.dataset_profiling_repository import DatasetProfilingRepository
 
@@ -16,36 +17,14 @@ class DatasetProfilingGlueHandler:
     @Worker.handler('glue.job.profiling_run_status')
     def get_profiling_run(engine, task: models.Task):
         with engine.scoped_session() as session:
-            dataset, profiling = DatasetProfilingGlueHandler._get_job_data(session, task)
+            profiling: DatasetProfilingRun = (
+                DatasetProfilingRepository.get_profiling_run(
+                    session, profiling_run_uri=task.targetUri
+                )
+            )
+            dataset: Dataset = DatasetRepository.get_dataset_by_uri(session, profiling.datasetUri)
             status = GlueDatasetProfilerClient(dataset).get_job_status(profiling)
 
             profiling.status = status
             session.commit()
             return profiling.status
-
-    @staticmethod
-    @Worker.handler('glue.job.start_profiling_run')
-    def start_profiling_run(engine, task: models.Task):
-        with engine.scoped_session() as session:
-            dataset, profiling = DatasetProfilingGlueHandler._get_job_data(session, task)
-            run_id = GlueDatasetProfilerClient(dataset).run_job(profiling)
-
-            DatasetProfilingRepository.update_run(
-                session,
-                run_uri=profiling.profilingRunUri,
-                glue_job_run_id=run_id,
-            )
-            return run_id
-
-    @staticmethod
-    def _get_job_data(session, task):
-        profiling: DatasetProfilingRun = (
-            DatasetProfilingRepository.get_profiling_run(
-                session, profiling_run_uri=task.targetUri
-            )
-        )
-        dataset: Dataset = session.query(Dataset).get(
-            profiling.datasetUri
-        )
-
-        return dataset, profiling
diff --git a/backend/dataall/modules/datasets/services/dataset_profiling_service.py b/backend/dataall/modules/datasets/services/dataset_profiling_service.py
index 69a9f83ea..7048f4049 100644
--- a/backend/dataall/modules/datasets/services/dataset_profiling_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_profiling_service.py
@@ -6,6 +6,7 @@
 from dataall.db.api import Environment
 from dataall.db.exceptions import ObjectNotFound
 from dataall.db.models import Task
+from dataall.modules.datasets.aws.glue_profiler_client import GlueDatasetProfilerClient
 from dataall.modules.datasets.aws.s3_profiler_client import S3ProfilerClient
 from dataall.modules.datasets.db.dataset_profiling_repository import DatasetProfilingRepository
 from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
@@ -39,12 +40,13 @@ def start_profiling_run(uri, table_uri, glue_table_name):
                 glue_table_name=glue_table_name,
             )
 
-            task = Task(
-                targetUri=run.profilingRunUri, action='glue.job.start_profiling_run'
-            )
-            session.add(task)
+            run_id = GlueDatasetProfilerClient(dataset).run_job(run)
 
-        Worker.process(engine=context.db_engine, task_ids=[task.taskUri])
+            DatasetProfilingRepository.update_run(
+                session,
+                run_uri=run.profilingRunUri,
+                glue_job_run_id=run_id,
+            )
 
         return run
 

From 05414381c1033d434584c6af2c529dd391f23c9a Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 9 Jun 2023 15:58:26 +0200
Subject: [PATCH 284/346] Fixed tests

---
 backend/dataall/core/permission_checker.py         | 14 ++++++++++++--
 .../modules/datasets/api/table_column/resolvers.py |  4 ++--
 .../datasets/services/dataset_column_service.py    |  8 ++++----
 .../datasets/tasks/test_dataset_catalog_indexer.py |  2 +-
 tests/modules/datasets/test_dataset_profiling.py   | 12 +++++++++---
 5 files changed, 28 insertions(+), 12 deletions(-)

diff --git a/backend/dataall/core/permission_checker.py b/backend/dataall/core/permission_checker.py
index b5e1ab593..415f25835 100644
--- a/backend/dataall/core/permission_checker.py
+++ b/backend/dataall/core/permission_checker.py
@@ -64,13 +64,21 @@ def no_decorated(f):
     return fn, staticmethod if static_func else no_decorated
 
 
-def has_resource_permission(permission: str, resource_name: str = None, parent_resource: Callable = None):
+def has_resource_permission(
+        permission: str,
+        param_name: str = None,
+        resource_name: str = None,
+        parent_resource: Callable = None
+):
     """
     Decorator that check if a user has access to the resource.
     The method or function decorated with this decorator must have a URI of accessing resource
     Good rule of thumb: if there is a URI that accesses a specific resource,
     hence it has URI - it must be decorated with this decorator
     """
+    if not param_name:
+        param_name = "uri"
+
     def decorator(f):
         fn, fn_decorator = _process_func(f)
 
@@ -80,7 +88,9 @@ def decorated(*args, **kwargs):
                 resource: Identifiable = kwargs[resource_name]
                 uri = resource.get_resource_uri()
             else:
-                uri = kwargs["uri"]
+                if param_name not in kwargs:
+                    raise KeyError(f"{f.__name__} doesn't have parameter {param_name}")
+                uri = kwargs[param_name]
 
             with get_context().db_engine.scoped_session() as session:
                 if parent_resource:
diff --git a/backend/dataall/modules/datasets/api/table_column/resolvers.py b/backend/dataall/modules/datasets/api/table_column/resolvers.py
index 2e8235a52..034220eb0 100644
--- a/backend/dataall/modules/datasets/api/table_column/resolvers.py
+++ b/backend/dataall/modules/datasets/api/table_column/resolvers.py
@@ -20,7 +20,7 @@ def list_table_columns(
 def sync_table_columns(context: Context, source, tableUri: str = None):
     if tableUri is None:
         return None
-    return DatasetColumnService.sync_table_columns(tableUri)
+    return DatasetColumnService.sync_table_columns(table_uri=tableUri)
 
 
 def resolve_terms(context, source: DatasetTableColumn, **kwargs):
@@ -43,4 +43,4 @@ def update_table_column(
         input = {}
 
     description = input.get('description', 'No description provided')
-    return DatasetColumnService.update_table_column_description(columnUri, description)
+    return DatasetColumnService.update_table_column_description(column_uri=columnUri, description=description)
diff --git a/backend/dataall/modules/datasets/services/dataset_column_service.py b/backend/dataall/modules/datasets/services/dataset_column_service.py
index a02a54a7c..e6b16a790 100644
--- a/backend/dataall/modules/datasets/services/dataset_column_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_column_service.py
@@ -14,9 +14,9 @@
 class DatasetColumnService:
 
     @staticmethod
-    def _get_table_uri(session, column_uri):
+    def _get_dataset_uri_for_column(session, column_uri):
         column: DatasetTableColumn = DatasetColumnRepository.get_column(session, column_uri)
-        return column.tableUri
+        return DatasetColumnService._get_dataset_uri(session, column.tableUri)
 
     @staticmethod
     def _get_dataset_uri(session, table_uri):
@@ -30,7 +30,7 @@ def paginate_active_columns_for_table(table_uri: str, filter=None):
             return DatasetColumnRepository.paginate_active_columns_for_table(session, table_uri, filter)
 
     @classmethod
-    @has_resource_permission(UPDATE_DATASET_TABLE, parent_resource=_get_dataset_uri)
+    @has_resource_permission(UPDATE_DATASET_TABLE, parent_resource=_get_dataset_uri, param_name="table_uri")
     def sync_table_columns(cls, table_uri: str):
         context = get_context()
         with context.db_engine.scoped_session() as session:
@@ -44,7 +44,7 @@ def sync_table_columns(cls, table_uri: str):
         return cls.paginate_active_columns_for_table(table_uri, {})
 
     @staticmethod
-    @has_resource_permission(UPDATE_DATASET_TABLE, parent_resource=_get_table_uri)
+    @has_resource_permission(UPDATE_DATASET_TABLE, parent_resource=_get_dataset_uri_for_column, param_name="column_uri")
     def update_table_column_description(column_uri: str, description) -> DatasetTableColumn:
         with get_context().db_engine.scoped_session() as session:
             column: DatasetTableColumn = DatasetColumnRepository.get_column(session, column_uri)
diff --git a/tests/modules/datasets/tasks/test_dataset_catalog_indexer.py b/tests/modules/datasets/tasks/test_dataset_catalog_indexer.py
index 712f4a6f9..db4ebc6e3 100644
--- a/tests/modules/datasets/tasks/test_dataset_catalog_indexer.py
+++ b/tests/modules/datasets/tasks/test_dataset_catalog_indexer.py
@@ -90,7 +90,7 @@ def test_catalog_indexer(db, org, env, sync_dataset, table, mocker):
     mocker.patch(
         'dataall.modules.datasets.indexers.dataset_indexer.DatasetIndexer.upsert', return_value=sync_dataset
     )
-    indexed_objects_counter = dataall.tasks.catalog_indexer.index_objects(
+    indexed_objects_counter = dataall.tasks.catalog_indexer_task.index_objects(
         engine=db
     )
     assert indexed_objects_counter == 2
diff --git a/tests/modules/datasets/test_dataset_profiling.py b/tests/modules/datasets/test_dataset_profiling.py
index d670e41c8..d74993377 100644
--- a/tests/modules/datasets/test_dataset_profiling.py
+++ b/tests/modules/datasets/test_dataset_profiling.py
@@ -23,13 +23,19 @@ def dataset1(env1, org1, dataset, group, user) -> Dataset:
         org=org1, env=env1, name='dataset1', owner=user.userName, group=group.name
     )
 
+
 @pytest.fixture(scope='module', autouse=True)
 def patch_methods(module_mocker):
-    mock_client = MagicMock()
+    s3_mock_client = MagicMock()
+    glue_mock_client = MagicMock()
+    module_mocker.patch(
+        'dataall.modules.datasets.services.dataset_profiling_service.S3ProfilerClient', s3_mock_client
+    )
     module_mocker.patch(
-        'dataall.modules.datasets.services.dataset_profiling_service.S3ProfilerClient', mock_client
+        'dataall.modules.datasets.services.dataset_profiling_service.GlueDatasetProfilerClient', glue_mock_client
     )
-    mock_client().get_profiling_results_from_s3.return_value = '{"results": "yes"}'
+    s3_mock_client().get_profiling_results_from_s3.return_value = '{"results": "yes"}'
+    glue_mock_client().run_job.return_value = True
 
 
 def test_add_tables(table, dataset1, db):

From 1ec37ba356019e64a56e0e7151322df51daccdbe Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 15 Jun 2023 10:38:21 +0200
Subject: [PATCH 285/346] Removed unused imports

---
 .../dataall/modules/datasets/tasks/bucket_policy_updater.py | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/backend/dataall/modules/datasets/tasks/bucket_policy_updater.py b/backend/dataall/modules/datasets/tasks/bucket_policy_updater.py
index 2df2e0500..8071cb4bd 100644
--- a/backend/dataall/modules/datasets/tasks/bucket_policy_updater.py
+++ b/backend/dataall/modules/datasets/tasks/bucket_policy_updater.py
@@ -2,18 +2,14 @@
 import logging
 import os
 import sys
-import typing
 
 from botocore.exceptions import ClientError
 from sqlalchemy import and_
 
 from dataall.aws.handlers.sts import SessionHelper
 from dataall.db import get_engine
-from dataall.db import models
-from dataall.modules.dataset_sharing.db.enums import ShareObjectStatus
-from dataall.modules.dataset_sharing.db.models import ShareObjectItem, ShareObject
 from dataall.modules.dataset_sharing.db.share_object_repository import ShareObjectRepository
-from dataall.modules.datasets_base.db.models import DatasetStorageLocation, DatasetTable, Dataset
+from dataall.modules.datasets_base.db.models import Dataset
 
 root = logging.getLogger()
 root.setLevel(logging.INFO)

From 43a630597c602ad967af05c975ea1ad62cf3e841 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 15 Jun 2023 10:48:18 +0200
Subject: [PATCH 286/346] Fixed tests

---
 backend/dataall/modules/mlstudio/db/mlstudio_repository.py  | 6 +++---
 backend/dataall/modules/notebooks/db/notebook_repository.py | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/backend/dataall/modules/mlstudio/db/mlstudio_repository.py b/backend/dataall/modules/mlstudio/db/mlstudio_repository.py
index 3a5d81071..8cdff3da0 100644
--- a/backend/dataall/modules/mlstudio/db/mlstudio_repository.py
+++ b/backend/dataall/modules/mlstudio/db/mlstudio_repository.py
@@ -6,12 +6,12 @@
 from sqlalchemy.sql import and_
 from sqlalchemy.orm import Query
 
-from dataall.db import paginate, exceptions
+from dataall.db import paginate
 from dataall.modules.mlstudio.db.models import SagemakerStudioUser
-from dataall.core.group.services.group_resource_manager import GroupResource
+from dataall.core.group.services.group_resource_manager import EnvironmentResource
 
 
-class SageMakerStudioRepository(GroupResource):
+class SageMakerStudioRepository(EnvironmentResource):
     """DAO layer for ML Studio"""
     _DEFAULT_PAGE = 1
     _DEFAULT_PAGE_SIZE = 10
diff --git a/backend/dataall/modules/notebooks/db/notebook_repository.py b/backend/dataall/modules/notebooks/db/notebook_repository.py
index 608763b1b..8be5193f2 100644
--- a/backend/dataall/modules/notebooks/db/notebook_repository.py
+++ b/backend/dataall/modules/notebooks/db/notebook_repository.py
@@ -8,10 +8,10 @@
 
 from dataall.db import paginate
 from dataall.modules.notebooks.db.models import SagemakerNotebook
-from dataall.core.group.services.group_resource_manager import GroupResource
+from dataall.core.group.services.group_resource_manager import EnvironmentResource
 
 
-class NotebookRepository(GroupResource):
+class NotebookRepository(EnvironmentResource):
     """DAO layer for notebooks"""
     _DEFAULT_PAGE = 1
     _DEFAULT_PAGE_SIZE = 10

From f45eeed63aec52cc5899871f9f573de1a8f4f110 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 15 Jun 2023 12:30:55 +0200
Subject: [PATCH 287/346] Fix profiling

---
 .../modules/datasets/aws/glue_profiler_client.py     | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/backend/dataall/modules/datasets/aws/glue_profiler_client.py b/backend/dataall/modules/datasets/aws/glue_profiler_client.py
index 523dc2c20..2bb54f760 100644
--- a/backend/dataall/modules/datasets/aws/glue_profiler_client.py
+++ b/backend/dataall/modules/datasets/aws/glue_profiler_client.py
@@ -28,13 +28,11 @@ def get_job_status(self, profiling: DatasetProfilingRun):
 
     def run_job(self, profiling: DatasetProfilingRun):
         """Run glue job. Returns id of the job"""
-        args = {
-            'arguments': (
-                {'--table': profiling.GlueTableName}
-                if profiling.GlueTableName
-                else {}
-            ),
-        }
+        args = (
+            {'--table': profiling.GlueTableName}
+            if profiling.GlueTableName
+            else {}
+        ),
         try:
             response = self._client.start_job_run(
                 JobName=self._name, Arguments=args

From 7e259c3f38a14d3a99525935c7635e6ed2949ebe Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 15 Jun 2023 14:52:33 +0200
Subject: [PATCH 288/346] Fix ML studio migration script

---
 .../versions/4a0618805341_rename_sgm_studio_permissions.py      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/migrations/versions/4a0618805341_rename_sgm_studio_permissions.py b/backend/migrations/versions/4a0618805341_rename_sgm_studio_permissions.py
index 40a8324db..0033e970c 100644
--- a/backend/migrations/versions/4a0618805341_rename_sgm_studio_permissions.py
+++ b/backend/migrations/versions/4a0618805341_rename_sgm_studio_permissions.py
@@ -111,7 +111,7 @@ def upgrade():
                 .first()
             )
 
-            if existing_tenant_permissions.permissionUri:
+            if existing_tenant_permissions:
                 print(f"Permission already exists {existing_tenant_permissions.permissionUri}, skipping...")
             else:
                 print("Permission does not exist, adding it...")

From d66799628d1edafd941f42cbc0e06c437aea9947 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 15 Jun 2023 15:00:08 +0200
Subject: [PATCH 289/346] Removed return statement

---
 .../modules/dataset_sharing/services/share_object_service.py     | 1 -
 1 file changed, 1 deletion(-)

diff --git a/backend/dataall/modules/dataset_sharing/services/share_object_service.py b/backend/dataall/modules/dataset_sharing/services/share_object_service.py
index df38acc6a..271a03052 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_object_service.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_object_service.py
@@ -190,7 +190,6 @@ def approve_share_object(cls, uri: str):
                 )
 
             ShareNotificationService.notify_share_object_approval(session, context.username, dataset, share)
-            return share
 
             approve_share_task: Task = Task(
                 action='ecs.share.approve',

From f477f37eecfc4707c727e71d0425c73a58889188 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 16 Jun 2023 11:21:28 +0200
Subject: [PATCH 290/346] Fixed wrong order of params

---
 .../services/share_managers/lf_share_manager.py      | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/backend/dataall/modules/dataset_sharing/services/share_managers/lf_share_manager.py b/backend/dataall/modules/dataset_sharing/services/share_managers/lf_share_manager.py
index 8321021e2..b4eaab65b 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_managers/lf_share_manager.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_managers/lf_share_manager.py
@@ -180,9 +180,9 @@ def create_shared_database(
         )
 
         database = GlueClient(
-            target_environment.AwsAccountId,
-            shared_db_name,
-            target_environment.region
+            account_id=target_environment.AwsAccountId,
+            database=shared_db_name,
+            region=target_environment.region
         ).create_database(f's3://{dataset.S3BucketName}')
 
         LakeFormationClient.grant_pivot_role_all_database_permissions(
@@ -530,7 +530,7 @@ def handle_revoke_failure(
 
     def _create_glue_client(self):
         return GlueClient(
-            self.target_environment.AwsAccountId,
-            self.target_environment.region,
-            self.shared_db_name,
+            account_id=self.target_environment.AwsAccountId,
+            region=self.target_environment.region,
+            database=self.shared_db_name,
         )

From 3a0a521268db3ba6b0e7677eb7abc00c1b5d27b7 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 16 Jun 2023 15:45:17 +0200
Subject: [PATCH 291/346] Disable and skip module test directories for modules
 that are inactive

---
 backend/dataall/modules/datasets/aws/glue_profiler_client.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/backend/dataall/modules/datasets/aws/glue_profiler_client.py b/backend/dataall/modules/datasets/aws/glue_profiler_client.py
index 2bb54f760..c2c2412a5 100644
--- a/backend/dataall/modules/datasets/aws/glue_profiler_client.py
+++ b/backend/dataall/modules/datasets/aws/glue_profiler_client.py
@@ -28,11 +28,11 @@ def get_job_status(self, profiling: DatasetProfilingRun):
 
     def run_job(self, profiling: DatasetProfilingRun):
         """Run glue job. Returns id of the job"""
-        args = (
+        args = {
             {'--table': profiling.GlueTableName}
             if profiling.GlueTableName
             else {}
-        ),
+        },
         try:
             response = self._client.start_job_run(
                 JobName=self._name, Arguments=args

From 96cdeada390e0ad91917875e71b267587b23a821 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 19 Jun 2023 10:39:04 +0200
Subject: [PATCH 292/346] Fixed dict

---
 .../dataall/modules/datasets/aws/glue_profiler_client.py    | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/backend/dataall/modules/datasets/aws/glue_profiler_client.py b/backend/dataall/modules/datasets/aws/glue_profiler_client.py
index c2c2412a5..fb6a4bfb1 100644
--- a/backend/dataall/modules/datasets/aws/glue_profiler_client.py
+++ b/backend/dataall/modules/datasets/aws/glue_profiler_client.py
@@ -28,11 +28,7 @@ def get_job_status(self, profiling: DatasetProfilingRun):
 
     def run_job(self, profiling: DatasetProfilingRun):
         """Run glue job. Returns id of the job"""
-        args = {
-            {'--table': profiling.GlueTableName}
-            if profiling.GlueTableName
-            else {}
-        },
+        args = {'--table': profiling.GlueTableName} if profiling.GlueTableName else {}
         try:
             response = self._client.start_job_run(
                 JobName=self._name, Arguments=args

From bb7a1abf260fe2959cba9a6805e70f9c7adca98c Mon Sep 17 00:00:00 2001
From: nikpodsh <124577300+nikpodsh@users.noreply.github.com>
Date: Fri, 23 Jun 2023 12:58:23 +0200
Subject: [PATCH 293/346] Update backend/dataall/core/stack_finder.py

Co-authored-by: dbalintx <132444646+dbalintx@users.noreply.github.com>
---
 backend/dataall/core/stack_finder.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/dataall/core/stack_finder.py b/backend/dataall/core/stack_finder.py
index f6ee07db2..106fec5b6 100644
--- a/backend/dataall/core/stack_finder.py
+++ b/backend/dataall/core/stack_finder.py
@@ -14,4 +14,4 @@ def __init__(self):
 
     def find_stack_uris(self, session) -> List[str]:
         """Finds stacks to update"""
-        raise NotImplementedError("retrieve_stack_uris is not implemented")
+        raise NotImplementedError("find_stack_uris is not implemented")

From f052a4f4a54577daee60a1a8581106657073f5ab Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 23 Jun 2023 13:13:35 +0200
Subject: [PATCH 294/346] Renamed the file

---
 ...roup_resource_manager.py => environment_resource_manager.py} | 0
 backend/dataall/db/api/environment.py                           | 2 +-
 backend/dataall/modules/dataset_sharing/__init__.py             | 2 +-
 .../modules/dataset_sharing/db/share_object_repository.py       | 2 +-
 backend/dataall/modules/datasets/__init__.py                    | 2 +-
 backend/dataall/modules/datasets_base/db/dataset_repository.py  | 2 +-
 backend/dataall/modules/mlstudio/db/mlstudio_repository.py      | 2 +-
 backend/dataall/modules/notebooks/db/notebook_repository.py     | 2 +-
 backend/dataall/modules/worksheets/__init__.py                  | 2 +-
 backend/dataall/modules/worksheets/db/repositories.py           | 2 +-
 10 files changed, 9 insertions(+), 9 deletions(-)
 rename backend/dataall/core/group/services/{group_resource_manager.py => environment_resource_manager.py} (100%)

diff --git a/backend/dataall/core/group/services/group_resource_manager.py b/backend/dataall/core/group/services/environment_resource_manager.py
similarity index 100%
rename from backend/dataall/core/group/services/group_resource_manager.py
rename to backend/dataall/core/group/services/environment_resource_manager.py
diff --git a/backend/dataall/db/api/environment.py b/backend/dataall/db/api/environment.py
index a7a005ff7..04af5522e 100644
--- a/backend/dataall/db/api/environment.py
+++ b/backend/dataall/db/api/environment.py
@@ -29,7 +29,7 @@
     NamingConventionService,
     NamingConventionPattern,
 )
-from dataall.core.group.services.group_resource_manager import EnvironmentResourceManager
+from dataall.core.group.services.environment_resource_manager import EnvironmentResourceManager
 
 log = logging.getLogger(__name__)
 
diff --git a/backend/dataall/modules/dataset_sharing/__init__.py b/backend/dataall/modules/dataset_sharing/__init__.py
index 491a9bf66..616a129f2 100644
--- a/backend/dataall/modules/dataset_sharing/__init__.py
+++ b/backend/dataall/modules/dataset_sharing/__init__.py
@@ -1,7 +1,7 @@
 import logging
 from typing import List, Type, Set
 
-from dataall.core.group.services.group_resource_manager import EnvironmentResourceManager
+from dataall.core.group.services.environment_resource_manager import EnvironmentResourceManager
 from dataall.modules.dataset_sharing.db.share_object_repository import ShareEnvironmentResource
 from dataall.modules.datasets_base import DatasetBaseModuleInterface
 from dataall.modules.loader import ModuleInterface, ImportMode
diff --git a/backend/dataall/modules/dataset_sharing/db/share_object_repository.py b/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
index f0aad8da7..bdabbb837 100644
--- a/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
+++ b/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
@@ -4,7 +4,7 @@
 from sqlalchemy import and_, or_, func, case
 from sqlalchemy.orm import Query
 
-from dataall.core.group.services.group_resource_manager import EnvironmentResource
+from dataall.core.group.services.environment_resource_manager import EnvironmentResource
 from dataall.db import models, exceptions, paginate
 from dataall.db.models.Enums import PrincipalType
 from dataall.modules.dataset_sharing.db.enums import ShareObjectActions, ShareObjectStatus, ShareItemActions, \
diff --git a/backend/dataall/modules/datasets/__init__.py b/backend/dataall/modules/datasets/__init__.py
index 055c4f7ca..0cbec5ed1 100644
--- a/backend/dataall/modules/datasets/__init__.py
+++ b/backend/dataall/modules/datasets/__init__.py
@@ -31,7 +31,7 @@ def __init__(self):
         from dataall.api.Objects.Vote.resolvers import add_vote_type
         from dataall.api.Objects.Feed.registry import FeedRegistry, FeedDefinition
         from dataall.api.Objects.Glossary.registry import GlossaryRegistry, GlossaryDefinition
-        from dataall.core.group.services.group_resource_manager import EnvironmentResourceManager
+        from dataall.core.group.services.environment_resource_manager import EnvironmentResourceManager
         from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
         from dataall.modules.datasets.indexers.location_indexer import DatasetLocationIndexer
         from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
diff --git a/backend/dataall/modules/datasets_base/db/dataset_repository.py b/backend/dataall/modules/datasets_base/db/dataset_repository.py
index dbd60f476..878ac9a48 100644
--- a/backend/dataall/modules/datasets_base/db/dataset_repository.py
+++ b/backend/dataall/modules/datasets_base/db/dataset_repository.py
@@ -11,7 +11,7 @@
 from dataall.db.exceptions import ObjectNotFound
 from dataall.db.models.Enums import Language
 from dataall.modules.datasets_base.db.enums import ConfidentialityClassification
-from dataall.core.group.services.group_resource_manager import EnvironmentResource
+from dataall.core.group.services.environment_resource_manager import EnvironmentResource
 from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 from dataall.utils.naming_convention import (
     NamingConventionService,
diff --git a/backend/dataall/modules/mlstudio/db/mlstudio_repository.py b/backend/dataall/modules/mlstudio/db/mlstudio_repository.py
index 8cdff3da0..55717aec1 100644
--- a/backend/dataall/modules/mlstudio/db/mlstudio_repository.py
+++ b/backend/dataall/modules/mlstudio/db/mlstudio_repository.py
@@ -8,7 +8,7 @@
 
 from dataall.db import paginate
 from dataall.modules.mlstudio.db.models import SagemakerStudioUser
-from dataall.core.group.services.group_resource_manager import EnvironmentResource
+from dataall.core.group.services.environment_resource_manager import EnvironmentResource
 
 
 class SageMakerStudioRepository(EnvironmentResource):
diff --git a/backend/dataall/modules/notebooks/db/notebook_repository.py b/backend/dataall/modules/notebooks/db/notebook_repository.py
index 8be5193f2..f7d1f50f7 100644
--- a/backend/dataall/modules/notebooks/db/notebook_repository.py
+++ b/backend/dataall/modules/notebooks/db/notebook_repository.py
@@ -8,7 +8,7 @@
 
 from dataall.db import paginate
 from dataall.modules.notebooks.db.models import SagemakerNotebook
-from dataall.core.group.services.group_resource_manager import EnvironmentResource
+from dataall.core.group.services.environment_resource_manager import EnvironmentResource
 
 
 class NotebookRepository(EnvironmentResource):
diff --git a/backend/dataall/modules/worksheets/__init__.py b/backend/dataall/modules/worksheets/__init__.py
index f3208fe3d..ebff948cf 100644
--- a/backend/dataall/modules/worksheets/__init__.py
+++ b/backend/dataall/modules/worksheets/__init__.py
@@ -1,7 +1,7 @@
 """Contains the code related to worksheets"""
 import logging
 
-from dataall.core.group.services.group_resource_manager import EnvironmentResourceManager
+from dataall.core.group.services.environment_resource_manager import EnvironmentResourceManager
 from dataall.modules.loader import ImportMode, ModuleInterface
 from dataall.modules.worksheets.db.models import Worksheet
 from dataall.modules.worksheets.db.repositories import WorksheetRepository
diff --git a/backend/dataall/modules/worksheets/db/repositories.py b/backend/dataall/modules/worksheets/db/repositories.py
index ff4267eb8..e291f8061 100644
--- a/backend/dataall/modules/worksheets/db/repositories.py
+++ b/backend/dataall/modules/worksheets/db/repositories.py
@@ -4,7 +4,7 @@
 from sqlalchemy import or_
 from sqlalchemy.orm import Query
 
-from dataall.core.group.services.group_resource_manager import EnvironmentResource
+from dataall.core.group.services.environment_resource_manager import EnvironmentResource
 from dataall.db import paginate
 from dataall.modules.worksheets.db.models import Worksheet, WorksheetQueryResult
 

From a540db30f4dd5c762d9b5f4f1c98a1d6161016b6 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 23 Jun 2023 13:32:46 +0200
Subject: [PATCH 295/346] Renamed the previewTable

---
 backend/dataall/modules/datasets/__init__.py          | 1 -
 backend/dataall/modules/datasets/api/table/queries.py | 4 ++--
 frontend/src/api/DatasetTable/previewTable2.js        | 8 ++++----
 frontend/src/views/Tables/TablePreview.js             | 6 +++---
 4 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/backend/dataall/modules/datasets/__init__.py b/backend/dataall/modules/datasets/__init__.py
index 0cbec5ed1..d0baa03db 100644
--- a/backend/dataall/modules/datasets/__init__.py
+++ b/backend/dataall/modules/datasets/__init__.py
@@ -2,7 +2,6 @@
 import logging
 from typing import List, Type, Set
 
-from dataall.core.catalog.catalog_indexer import CatalogIndexer
 from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base import DatasetBaseModuleInterface
 from dataall.modules.datasets_base.db.models import DatasetTableColumn, DatasetStorageLocation, DatasetTable, Dataset
diff --git a/backend/dataall/modules/datasets/api/table/queries.py b/backend/dataall/modules/datasets/api/table/queries.py
index a6d8d48cf..fbdbd9d6e 100644
--- a/backend/dataall/modules/datasets/api/table/queries.py
+++ b/backend/dataall/modules/datasets/api/table/queries.py
@@ -34,8 +34,8 @@
     ],
 )
 
-previewTable2 = gql.QueryField(
-    name='previewTable2',
+previewTable = gql.QueryField(
+    name='previewTable',
     args=[gql.Argument(name='tableUri', type=gql.NonNullableType(gql.String))],
     resolver=preview,
     type=gql.Ref('QueryPreviewResult'),
diff --git a/frontend/src/api/DatasetTable/previewTable2.js b/frontend/src/api/DatasetTable/previewTable2.js
index ffeef03a3..2c3dc0a4c 100644
--- a/frontend/src/api/DatasetTable/previewTable2.js
+++ b/frontend/src/api/DatasetTable/previewTable2.js
@@ -1,12 +1,12 @@
 import { gql } from 'apollo-boost';
 
-const previewTable2 = (tableUri) => ({
+const previewTable = (tableUri) => ({
   variables: {
     tableUri
   },
   query: gql`
-    query PreviewTable2($tableUri: String!) {
-      previewTable2(tableUri: $tableUri) {
+    query PreviewTable($tableUri: String!) {
+      previewTable(tableUri: $tableUri) {
         rows
         fields
       }
@@ -14,4 +14,4 @@ const previewTable2 = (tableUri) => ({
   `
 });
 
-export default previewTable2;
+export default previewTable;
diff --git a/frontend/src/views/Tables/TablePreview.js b/frontend/src/views/Tables/TablePreview.js
index 73878f678..f2ce1ea39 100644
--- a/frontend/src/views/Tables/TablePreview.js
+++ b/frontend/src/views/Tables/TablePreview.js
@@ -4,7 +4,7 @@ import { Card, CircularProgress } from '@mui/material';
 import * as PropTypes from 'prop-types';
 import { DataGrid } from '@mui/x-data-grid';
 import { styled } from '@mui/styles';
-import previewTable2 from '../../api/DatasetTable/previewTable2';
+import previewTable from '../../api/DatasetTable/previewTable';
 import { SET_ERROR } from '../../store/errorReducer';
 import { useDispatch } from '../../store';
 import useClient from '../../hooks/useClient';
@@ -25,9 +25,9 @@ const TablePreview = (props) => {
   const [result, setResult] = useState({ rows: [], fields: [] });
   const fetchData = useCallback(async () => {
     setRunning(true);
-    const response = await client.query(previewTable2(table.tableUri));
+    const response = await client.query(previewTable(table.tableUri));
     if (!response.errors) {
-      setResult(response.data.previewTable2);
+      setResult(response.data.previewTable);
     } else {
       dispatch({ type: SET_ERROR, error: response.errors[0].message });
     }

From 7e1aed49e6258e7fa263088ff100e45dbca615ae Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 26 Jun 2023 10:41:50 +0200
Subject: [PATCH 296/346] Removed in_config union

---
 backend/dataall/modules/loader.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/dataall/modules/loader.py b/backend/dataall/modules/loader.py
index 20f698cef..36d4f5c54 100644
--- a/backend/dataall/modules/loader.py
+++ b/backend/dataall/modules/loader.py
@@ -226,7 +226,7 @@ def _check_loading_correct(in_config: Set[str], modes: Set[ImportMode]):
             )
 
     # 4) Checks all references for modules (when ModuleInterfaces don't exist or not supported)
-    checked_module_names = {module.name() for module in expected_load} | in_config
+    checked_module_names = {module.name() for module in expected_load}
     for module in sys.modules.keys():
         if module.startswith(_MODULE_PREFIX) and module != __name__:  # skip loader
             name = _get_module_name(module)

From 6e5869078e7490645140595beed5c189fc8a1c94 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 26 Jun 2023 10:44:41 +0200
Subject: [PATCH 297/346] LIST_ENVIRONMENT_NOTEBOOKS is not used

---
 .../modules/notebooks/services/notebook_permissions.py     | 7 -------
 .../versions/5fc49baecea4_add_enviromental_parameters.py   | 6 ++----
 2 files changed, 2 insertions(+), 11 deletions(-)

diff --git a/backend/dataall/modules/notebooks/services/notebook_permissions.py b/backend/dataall/modules/notebooks/services/notebook_permissions.py
index 073286e9f..cb20a2d4e 100644
--- a/backend/dataall/modules/notebooks/services/notebook_permissions.py
+++ b/backend/dataall/modules/notebooks/services/notebook_permissions.py
@@ -25,13 +25,8 @@
     UPDATE_NOTEBOOK,
 ]
 
-LIST_ENVIRONMENT_NOTEBOOKS = 'LIST_ENVIRONMENT_NOTEBOOKS'
-
-ENVIRONMENT_ALL.append(LIST_ENVIRONMENT_NOTEBOOKS)
 ENVIRONMENT_ALL.append(CREATE_NOTEBOOK)
-ENVIRONMENT_INVITED.append(LIST_ENVIRONMENT_NOTEBOOKS)
 ENVIRONMENT_INVITED.append(CREATE_NOTEBOOK)
-ENVIRONMENT_INVITATION_REQUEST.append(LIST_ENVIRONMENT_NOTEBOOKS)
 ENVIRONMENT_INVITATION_REQUEST.append(CREATE_NOTEBOOK)
 
 TENANT_ALL.append(MANAGE_NOTEBOOKS)
@@ -40,10 +35,8 @@
 
 RESOURCES_ALL.append(CREATE_NOTEBOOK)
 RESOURCES_ALL.extend(NOTEBOOK_ALL)
-RESOURCES_ALL.append(LIST_ENVIRONMENT_NOTEBOOKS)
 
 RESOURCES_ALL_WITH_DESC[CREATE_NOTEBOOK] = "Create notebooks on this environment"
-RESOURCES_ALL_WITH_DESC[LIST_ENVIRONMENT_NOTEBOOKS] = "List notebooks on this environment"
 RESOURCES_ALL_WITH_DESC[GET_NOTEBOOK] = "General permission to get a notebook"
 RESOURCES_ALL_WITH_DESC[DELETE_NOTEBOOK] = "Permission to delete a notebook"
 RESOURCES_ALL_WITH_DESC[UPDATE_NOTEBOOK] = "Permission to edit a notebook"
diff --git a/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py b/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py
index 940b7db40..d7cea6746 100644
--- a/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py
+++ b/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py
@@ -14,9 +14,8 @@
 from sqlalchemy.ext.declarative import declarative_base
 from dataall.db import Resource, models
 from dataall.db.api import ResourcePolicy
-from dataall.db.models import TenantPolicyPermission, PermissionType, EnvironmentGroup
+from dataall.db.models import EnvironmentGroup
 from dataall.modules.datasets.services.dataset_permissions import LIST_ENVIRONMENT_DATASETS, CREATE_DATASET
-from dataall.modules.notebooks.services.notebook_permissions import MANAGE_NOTEBOOKS, LIST_ENVIRONMENT_NOTEBOOKS, CREATE_NOTEBOOK
 
 # revision identifiers, used by Alembic.
 revision = "5fc49baecea4"
@@ -159,8 +158,7 @@ def migrate_groups_permissions(session):
     """
     Adds new permission if the old exist. needed to get rid of old hacks in the code
     """
-    permissions = [(CREATE_DATASET, LIST_ENVIRONMENT_DATASETS),
-                   (CREATE_NOTEBOOK, LIST_ENVIRONMENT_NOTEBOOKS)]
+    permissions = [CREATE_DATASET, LIST_ENVIRONMENT_DATASETS]
 
     groups = find_all_groups(session)
     for group in groups:

From 314a6aab3d89dbda5ea1f6ee35da3dbdade0d4b0 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 26 Jun 2023 10:55:23 +0200
Subject: [PATCH 298/346] Delete unused permissions

---
 .../datasets/services/dataset_permissions.py  | 22 -----------------
 .../datasets/services/dataset_service.py      |  3 +--
 ...fc49baecea4_add_enviromental_parameters.py | 24 +++++++++++++++++--
 3 files changed, 23 insertions(+), 26 deletions(-)

diff --git a/backend/dataall/modules/datasets/services/dataset_permissions.py b/backend/dataall/modules/datasets/services/dataset_permissions.py
index c17f43e9d..5c81f120c 100644
--- a/backend/dataall/modules/datasets/services/dataset_permissions.py
+++ b/backend/dataall/modules/datasets/services/dataset_permissions.py
@@ -14,17 +14,11 @@
 """
 
 GET_DATASET = 'GET_DATASET'
-LIST_DATASETS = 'LIST_DATASETS'
-LIST_DATASET_TABLES = 'LIST_DATASET_TABLES'
-LIST_DATASET_SHARES = 'LIST_DATASET_SHARES'
 LIST_DATASET_FOLDERS = 'LIST_DATASET_FOLDERS'
 CREDENTIALS_DATASET = 'CREDENTIALS_DATASET'
 
 DATASET_READ = [
     GET_DATASET,
-    LIST_DATASETS,
-    LIST_DATASET_TABLES,
-    LIST_DATASET_SHARES,
     LIST_DATASET_FOLDERS,
     CREDENTIALS_DATASET,
 ]
@@ -32,40 +26,24 @@
 
 UPDATE_DATASET = 'UPDATE_DATASET'
 SYNC_DATASET = 'SYNC_DATASET'
-SUMMARY_DATASET = 'SUMMARY_DATASET'
-IMPORT_DATASET = 'IMPORT_DATASET'
-UPLOAD_DATASET = 'UPLOAD_DATASET'
-URL_DATASET = 'URL_DATASET'
 CRAWL_DATASET = 'CRAWL_DATASET'
 DELETE_DATASET = 'DELETE_DATASET'
-STACK_DATASET = 'STACK_DATASET'
-SUBSCRIPTIONS_DATASET = 'SUBSCRIPTIONS_DATASET'
-CREATE_DATASET_TABLE = 'CREATE_DATASET_TABLE'
 DELETE_DATASET_TABLE = 'DELETE_DATASET_TABLE'
 UPDATE_DATASET_TABLE = 'UPDATE_DATASET_TABLE'
 PROFILE_DATASET_TABLE = 'PROFILE_DATASET_TABLE'
 CREATE_DATASET_FOLDER = 'CREATE_DATASET_FOLDER'
 DELETE_DATASET_FOLDER = 'DELETE_DATASET_FOLDER'
-GET_DATASET_FOLDER = 'DELETE_DATASET_FOLDER'
 UPDATE_DATASET_FOLDER = 'UPDATE_DATASET_FOLDER'
 
 DATASET_WRITE = [
     UPDATE_DATASET,
     SYNC_DATASET,
-    SUMMARY_DATASET,
-    IMPORT_DATASET,
-    UPLOAD_DATASET,
     CREDENTIALS_DATASET,
-    URL_DATASET,
     CRAWL_DATASET,
     DELETE_DATASET,
-    STACK_DATASET,
-    SUBSCRIPTIONS_DATASET,
     UPDATE_DATASET_TABLE,
     DELETE_DATASET_TABLE,
-    CREATE_DATASET_TABLE,
     PROFILE_DATASET_TABLE,
-    LIST_DATASET_SHARES,
     CREATE_DATASET_FOLDER,
     DELETE_DATASET_FOLDER,
     UPDATE_DATASET_FOLDER,
diff --git a/backend/dataall/modules/datasets/services/dataset_service.py b/backend/dataall/modules/datasets/services/dataset_service.py
index 549bc8f9a..b0193ec77 100644
--- a/backend/dataall/modules/datasets/services/dataset_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_service.py
@@ -18,8 +18,7 @@
 from dataall.modules.datasets.db.dataset_location_repository import DatasetLocationRepository
 from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
 from dataall.modules.datasets.indexers.dataset_indexer import DatasetIndexer
-from dataall.modules.datasets.indexers.table_indexer import DatasetTableIndexer
-from dataall.modules.datasets.services.dataset_permissions import CREDENTIALS_DATASET, SYNC_DATASET, CRAWL_DATASET, \
+from dataall.modules.datasets.services.dataset_permissions import CREDENTIALS_DATASET, CRAWL_DATASET, \
     DELETE_DATASET, MANAGE_DATASETS, UPDATE_DATASET, LIST_ENVIRONMENT_DATASETS, \
     CREATE_DATASET, DATASET_ALL, DATASET_READ
 from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
diff --git a/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py b/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py
index d7cea6746..2c68b2a66 100644
--- a/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py
+++ b/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py
@@ -13,8 +13,8 @@
 from sqlalchemy import Boolean, Column, String, orm
 from sqlalchemy.ext.declarative import declarative_base
 from dataall.db import Resource, models
-from dataall.db.api import ResourcePolicy
-from dataall.db.models import EnvironmentGroup
+from dataall.db.api import ResourcePolicy, Permission
+from dataall.db.models import EnvironmentGroup, PermissionType, ResourcePolicyPermission
 from dataall.modules.datasets.services.dataset_permissions import LIST_ENVIRONMENT_DATASETS, CREATE_DATASET
 
 # revision identifiers, used by Alembic.
@@ -25,6 +25,10 @@
 
 Base = declarative_base()
 
+UNUSED_PERMISSIONS = ['LIST_DATASETS',  'LIST_DATASET_TABLES', 'LIST_DATASET_SHARES', 'SUMMARY_DATASET',
+                      'IMPORT_DATASET', 'UPLOAD_DATASET', 'URL_DATASET', 'STACK_DATASET', 'SUBSCRIPTIONS_DATASET',
+                      'CREATE_DATASET_TABLE']
+
 
 class Environment(Resource, Base):
     __tablename__ = "environment"
@@ -93,6 +97,7 @@ def upgrade():
         session.commit()
 
         migrate_groups_permissions(session)
+        delete_unused_resource_permissions(session)
 
     except Exception as ex:
         print(f"Failed to execute the migration script due to: {ex}")
@@ -125,10 +130,14 @@ def downgrade():
                 mlStudiosEnabled=params["mlStudiosEnabled"] == "true"
             ))
 
+        for name in UNUSED_PERMISSIONS:
+            Permission.save_permission(session, name, name, PermissionType.RESOURCE.value)
+
         session.add_all(envs)
         print("Dropping environment_parameter table...")
         op.drop_table("environment_parameters")
 
+
     except Exception as ex:
         print(f"Failed to execute the rollback script due to: {ex}")
 
@@ -180,3 +189,14 @@ def migrate_groups_permissions(session):
                 resource_uri=group.environmentUri,
                 resource_type=models.Environment.__name__
             )
+
+
+def delete_unused_resource_permissions(session):
+    for name in UNUSED_PERMISSIONS:
+        perm = Permission.get_permission_by_name(session, name, PermissionType.RESOURCE.value)
+        (
+            session.query(ResourcePolicyPermission)
+            .filter(ResourcePolicyPermission.permissionUri == perm.permissionUri)
+            .delete()
+        )
+        session.delete(perm)

From 13188c8c54a0f14c192d0a0a3358941421812739 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 26 Jun 2023 11:43:25 +0200
Subject: [PATCH 299/346] Removed the commented line

---
 .../dataset_sharing/services/share_notification_service.py      | 2 --
 1 file changed, 2 deletions(-)

diff --git a/backend/dataall/modules/dataset_sharing/services/share_notification_service.py b/backend/dataall/modules/dataset_sharing/services/share_notification_service.py
index b6297720b..7e35cbf8c 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_notification_service.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_notification_service.py
@@ -16,8 +16,6 @@ def notify_share_object_submission(
             target_uri=f'{share.shareUri}|{dataset.datasetUri}',
             message=f'User {username} submitted share request for dataset {dataset.label}',
         )]
-        # stewards = Notification.get_dataset_stewards(session, dataset)
-        # for steward in stewards:
         session.add_all(notifications)
         return notifications
 

From 4417ec95b764f3cb4c7b0df776534b095fc1ce72 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 26 Jun 2023 11:46:25 +0200
Subject: [PATCH 300/346] Moved client to a constructor

---
 .../share_managers/lf_share_manager.py        | 27 ++++++++-----------
 1 file changed, 11 insertions(+), 16 deletions(-)

diff --git a/backend/dataall/modules/dataset_sharing/services/share_managers/lf_share_manager.py b/backend/dataall/modules/dataset_sharing/services/share_managers/lf_share_manager.py
index b4eaab65b..cdf164cd9 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_managers/lf_share_manager.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_managers/lf_share_manager.py
@@ -41,6 +41,12 @@ def __init__(
         self.shared_db_name = self.build_shared_db_name()
         self.principals = self.get_share_principals()
 
+        self.glue_client = GlueClient(
+            account_id=self.target_environment.AwsAccountId,
+            region=self.target_environment.region,
+            database=self.shared_db_name,
+        )
+
     @abc.abstractmethod
     def process_approved_shares(self) -> [str]:
         return NotImplementedError
@@ -74,10 +80,6 @@ def build_shared_db_name(self) -> str:
         """
         Build Glue shared database name.
         Unique per share Uri.
-        Parameters
-        ----------
-        dataset : Dataset
-        share : ShareObject
 
         Returns
         -------
@@ -128,7 +130,7 @@ def check_share_item_exists_on_glue_catalog(
         -------
         exceptions.AWSResourceNotFound
         """
-        if not self._create_glue_client().table_exists(table.GlueTableName):
+        if not self.glue_client.table_exists(table.GlueTableName):
             raise exceptions.AWSResourceNotFound(
                 action='ProcessShare',
                 message=(
@@ -209,7 +211,7 @@ def delete_shared_database(self) -> bool:
         bool
         """
         logger.info(f'Deleting shared database {self.shared_db_name}')
-        return self._create_glue_client().delete_database()
+        return self.glue_client.delete_database()
 
     @classmethod
     def create_resource_link(cls, **data) -> dict:
@@ -274,7 +276,7 @@ def revoke_table_resource_link_access(self, table: DatasetTable, principals: [st
         -------
         True if revoke is successful
         """
-        glue_client = self._create_glue_client()
+        glue_client = self.glue_client
         if not glue_client.table_exists(table.GlueTableName):
             logger.info(
                 f'Resource link could not be found '
@@ -325,7 +327,7 @@ def revoke_source_table_access(self, table, principals: [str]):
         -------
         True if revoke is successful
         """
-        glue_client = self._create_glue_client()
+        glue_client = self.glue_client
         if not glue_client.table_exists(table.GlueTableName):
             logger.info(
                 f'Source table could not be found '
@@ -351,7 +353,7 @@ def revoke_source_table_access(self, table, principals: [str]):
 
     def delete_resource_link_table(self, table: DatasetTable):
         logger.info(f'Deleting shared table {table.GlueTableName}')
-        glue_client = self._create_glue_client()
+        glue_client = self.glue_client
 
         if not glue_client.table_exists(table.GlueTableName):
             return True
@@ -527,10 +529,3 @@ def handle_revoke_failure(
             table, self.share, self.target_environment
         )
         return True
-
-    def _create_glue_client(self):
-        return GlueClient(
-            account_id=self.target_environment.AwsAccountId,
-            region=self.target_environment.region,
-            database=self.shared_db_name,
-        )

From daa7046f389ea5865114ea449c1d98e63636c764 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 27 Jun 2023 10:40:24 +0200
Subject: [PATCH 301/346] Resolve merge conflict

---
 backend/dataall/db/api/environment.py                     | 2 --
 backend/dataall/modules/dashboards/__init__.py            | 8 +++++---
 .../dataall/modules/dashboards/db/dashboard_repository.py | 2 +-
 .../dashboards/indexers/dashboard_catalog_indexer.py      | 2 +-
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/backend/dataall/db/api/environment.py b/backend/dataall/db/api/environment.py
index a53e9dcaa..c08dcc425 100644
--- a/backend/dataall/db/api/environment.py
+++ b/backend/dataall/db/api/environment.py
@@ -59,8 +59,6 @@ def create_environment(session, username, groups, uri, data=None, check_perm=Non
             ),
             EnvironmentDefaultIAMRoleArn=f'arn:aws:iam::{data.get("AwsAccountId")}:role/{data.get("EnvironmentDefaultIAMRoleName")}',
             CDKRoleArn=f"arn:aws:iam::{data.get('AwsAccountId')}:role/{data['cdk_role_name']}",
-            dashboardsEnabled=data.get('dashboardsEnabled', False),
-            mlStudiosEnabled=data.get('mlStudiosEnabled', True),
             pipelinesEnabled=data.get('pipelinesEnabled', True),
             warehousesEnabled=data.get('warehousesEnabled', True),
             resourcePrefix=data.get('resourcePrefix'),
diff --git a/backend/dataall/modules/dashboards/__init__.py b/backend/dataall/modules/dashboards/__init__.py
index 3b4b150c3..9c2f4f10e 100644
--- a/backend/dataall/modules/dashboards/__init__.py
+++ b/backend/dataall/modules/dashboards/__init__.py
@@ -2,7 +2,7 @@
 import logging
 from typing import Set
 
-from dataall.core.group.services.group_resource_manager import EnvironmentResourceManager
+from dataall.core.group.services.environment_resource_manager import EnvironmentResourceManager
 from dataall.modules.dashboards.db.dashboard_repository import DashboardRepository
 from dataall.modules.dashboards.db.models import Dashboard
 from dataall.modules.loader import ImportMode, ModuleInterface
@@ -36,6 +36,7 @@ def __init__(self):
         add_vote_type("dashboard", DashboardIndexer)
 
         EnvironmentResourceManager.register(DashboardRepository())
+        log.info("Dashboard API has been loaded")
 
 
 class DashboardCdkModuleInterface(ModuleInterface):
@@ -46,6 +47,7 @@ def is_supported(modes: Set[ImportMode]) -> bool:
 
     def __init__(self):
         import dataall.modules.dashboards.cdk
+        log.info("Dashboard CDK code has been loaded")
 
 
 class DashboardCatalogIndexerModuleInterface(ModuleInterface):
@@ -55,7 +57,7 @@ def is_supported(modes: Set[ImportMode]) -> bool:
         return ImportMode.CATALOG_INDEXER_TASK in modes
 
     def __init__(self):
-        from dataall.tasks.catalog_indexer import register_catalog_indexer
         from dataall.modules.dashboards.indexers.dashboard_catalog_indexer import DashboardCatalogIndexer
 
-        register_catalog_indexer(DashboardCatalogIndexer())
+        DashboardCatalogIndexer()
+        log.info("Dashboard catalog indexer task has been loaded")
diff --git a/backend/dataall/modules/dashboards/db/dashboard_repository.py b/backend/dataall/modules/dashboards/db/dashboard_repository.py
index 9fe040ff6..7fa1febeb 100644
--- a/backend/dataall/modules/dashboards/db/dashboard_repository.py
+++ b/backend/dataall/modules/dashboards/db/dashboard_repository.py
@@ -3,7 +3,7 @@
 from sqlalchemy import or_, and_
 from sqlalchemy.orm import Query
 
-from dataall.core.group.services.group_resource_manager import EnvironmentResource
+from dataall.core.group.services.environment_resource_manager import EnvironmentResource
 from dataall.db import exceptions, paginate
 from dataall.db.models import Environment
 from dataall.modules.dashboards.db.models import DashboardShare, DashboardShareStatus, Dashboard
diff --git a/backend/dataall/modules/dashboards/indexers/dashboard_catalog_indexer.py b/backend/dataall/modules/dashboards/indexers/dashboard_catalog_indexer.py
index 74fa18fa0..44633e592 100644
--- a/backend/dataall/modules/dashboards/indexers/dashboard_catalog_indexer.py
+++ b/backend/dataall/modules/dashboards/indexers/dashboard_catalog_indexer.py
@@ -1,8 +1,8 @@
 import logging
 
+from dataall.core.catalog.catalog_indexer import CatalogIndexer
 from dataall.modules.dashboards import Dashboard
 from dataall.modules.dashboards.indexers.dashboard_indexer import DashboardIndexer
-from dataall.tasks.catalog_indexer import CatalogIndexer
 
 log = logging.getLogger(__name__)
 

From ab5960361650fbe176cffcccec845932486f917d Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 27 Jun 2023 11:35:33 +0200
Subject: [PATCH 302/346] Fix merge conflict

---
 backend/dataall/modules/dashboards/api/__init__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/dataall/modules/dashboards/api/__init__.py b/backend/dataall/modules/dashboards/api/__init__.py
index 9a57d36d3..e92cd6d66 100644
--- a/backend/dataall/modules/dashboards/api/__init__.py
+++ b/backend/dataall/modules/dashboards/api/__init__.py
@@ -1,4 +1,4 @@
-from dataall.modules.datapipelines.api import (
+from dataall.modules.dashboards.api import (
     input_types,
     mutations,
     queries,

From f12e2c05c9cf325808c071eacda091355405f910 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 28 Jun 2023 10:21:17 +0200
Subject: [PATCH 303/346] Fix tests

---
 .../share_managers/lf_share_manager.py        | 23 +++++++--------
 tests/api/test_organization.py                |  1 +
 .../datasets/test_dataset_count_votes.py      | 28 +++++++------------
 3 files changed, 23 insertions(+), 29 deletions(-)

diff --git a/backend/dataall/modules/dataset_sharing/services/share_managers/lf_share_manager.py b/backend/dataall/modules/dataset_sharing/services/share_managers/lf_share_manager.py
index c72a6b7a7..96940f518 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_managers/lf_share_manager.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_managers/lf_share_manager.py
@@ -42,12 +42,6 @@ def __init__(
         self.shared_db_name = self.build_shared_db_name()
         self.principals = self.get_share_principals()
 
-        self.glue_client = GlueClient(
-            account_id=self.target_environment.AwsAccountId,
-            region=self.target_environment.region,
-            database=self.shared_db_name,
-        )
-
     @abc.abstractmethod
     def process_approved_shares(self) -> [str]:
         return NotImplementedError
@@ -133,7 +127,7 @@ def check_share_item_exists_on_glue_catalog(
         -------
         exceptions.AWSResourceNotFound
         """
-        if not self.glue_client.table_exists(table.GlueTableName):
+        if not self.glue_client().table_exists(table.GlueTableName):
             raise exceptions.AWSResourceNotFound(
                 action='ProcessShare',
                 message=(
@@ -214,7 +208,7 @@ def delete_shared_database(self) -> bool:
         bool
         """
         logger.info(f'Deleting shared database {self.shared_db_name}')
-        return self.glue_client.delete_database()
+        return self.glue_client().delete_database()
 
     @classmethod
     def create_resource_link(cls, **data) -> dict:
@@ -279,7 +273,7 @@ def revoke_table_resource_link_access(self, table: DatasetTable, principals: [st
         -------
         True if revoke is successful
         """
-        glue_client = self.glue_client
+        glue_client = self.glue_client()
         if not glue_client.table_exists(table.GlueTableName):
             logger.info(
                 f'Resource link could not be found '
@@ -330,7 +324,7 @@ def revoke_source_table_access(self, table, principals: [str]):
         -------
         True if revoke is successful
         """
-        glue_client = self.glue_client
+        glue_client = self.glue_client()
         if not glue_client.table_exists(table.GlueTableName):
             logger.info(
                 f'Source table could not be found '
@@ -356,7 +350,7 @@ def revoke_source_table_access(self, table, principals: [str]):
 
     def delete_resource_link_table(self, table: DatasetTable):
         logger.info(f'Deleting shared table {table.GlueTableName}')
-        glue_client = self.glue_client
+        glue_client = self.glue_client()
 
         if not glue_client.table_exists(table.GlueTableName):
             return True
@@ -532,3 +526,10 @@ def handle_revoke_failure(
             table, self.share, self.target_environment
         )
         return True
+
+    def glue_client(self):
+        return GlueClient(
+            account_id=self.target_environment.AwsAccountId,
+            region=self.target_environment.region,
+            database=self.shared_db_name,
+        )
diff --git a/tests/api/test_organization.py b/tests/api/test_organization.py
index 6d6d353cc..8930f014b 100644
--- a/tests/api/test_organization.py
+++ b/tests/api/test_organization.py
@@ -282,6 +282,7 @@ def test_group_invitation(db, client, org1, group2, user, group3, group, env):
 
     assert 'OrganizationResourcesFound' in response.errors[0].message
     with db.scoped_session() as session:
+        session.query(EnvironmentParameter).filter(EnvironmentParameter.environmentUri == env2.environmentUri).delete()
         env = session.query(dataall.db.models.Environment).get(env2.environmentUri)
         session.delete(env)
         session.commit()
diff --git a/tests/modules/datasets/test_dataset_count_votes.py b/tests/modules/datasets/test_dataset_count_votes.py
index 5bf85f333..60af2e524 100644
--- a/tests/modules/datasets/test_dataset_count_votes.py
+++ b/tests/modules/datasets/test_dataset_count_votes.py
@@ -1,48 +1,40 @@
 import pytest
 
-from dataall.modules.datasets import Dataset
 from tests.api.test_vote import *
 
 
-@pytest.fixture(scope='module', autouse=True)
-def dataset1(db, env1, org1, group, user, dataset) -> Dataset:
-    yield dataset(
-        org=org1, env=env1, name='dataset1', owner=user.userName, group=group.name
-    )
-
-
-def test_count_votes(client, dataset1):
+def test_count_votes(client, dataset_fixture):
     response = count_votes_query(
-        client, dataset1.datasetUri, 'dataset', dataset1.SamlAdminGroupName
+        client, dataset_fixture.datasetUri, 'dataset', dataset_fixture.SamlAdminGroupName
     )
     assert response.data.countUpVotes == 0
 
 
-def test_upvote(patch_es, client, dataset1):
+def test_upvote(patch_es, client, dataset_fixture):
     response = upvote_mutation(
-        client, dataset1.datasetUri, 'dataset', True, dataset1.SamlAdminGroupName
+        client, dataset_fixture.datasetUri, 'dataset', True, dataset_fixture.SamlAdminGroupName
     )
     assert response.data.upVote.upvote
     response = count_votes_query(
-        client, dataset1.datasetUri, 'dataset', dataset1.SamlAdminGroupName
+        client, dataset_fixture.datasetUri, 'dataset', dataset_fixture.SamlAdminGroupName
     )
     assert response.data.countUpVotes == 1
     response = get_vote_query(
-        client, dataset1.datasetUri, 'dataset', dataset1.SamlAdminGroupName
+        client, dataset_fixture.datasetUri, 'dataset', dataset_fixture.SamlAdminGroupName
     )
     assert response.data.getVote.upvote
 
     response = upvote_mutation(
-        client, dataset1.datasetUri, 'dataset', False, dataset1.SamlAdminGroupName
+        client, dataset_fixture.datasetUri, 'dataset', False, dataset_fixture.SamlAdminGroupName
     )
     assert not response.data.upVote.upvote
 
     response = get_vote_query(
-        client, dataset1.datasetUri, 'dataset', dataset1.SamlAdminGroupName
+        client, dataset_fixture.datasetUri, 'dataset', dataset_fixture.SamlAdminGroupName
     )
     assert not response.data.getVote.upvote
 
     response = count_votes_query(
-        client, dataset1.datasetUri, 'dataset', dataset1.SamlAdminGroupName
+        client, dataset_fixture.datasetUri, 'dataset', dataset_fixture.SamlAdminGroupName
     )
-    assert response.data.countUpVotes == 0
\ No newline at end of file
+    assert response.data.countUpVotes == 0

From dff822869f8136d7381c95e54aaae2e0c53b50d8 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 28 Jun 2023 10:26:22 +0200
Subject: [PATCH 304/346] Simplified the indexer. SQL Alchemy caches the
 responses and it's likely that the requests are cached

---
 .../dashboards/indexers/dashboard_indexer.py  | 47 +++++--------------
 1 file changed, 12 insertions(+), 35 deletions(-)

diff --git a/backend/dataall/modules/dashboards/indexers/dashboard_indexer.py b/backend/dataall/modules/dashboards/indexers/dashboard_indexer.py
index 8c17ca75d..6988696ae 100644
--- a/backend/dataall/modules/dashboards/indexers/dashboard_indexer.py
+++ b/backend/dataall/modules/dashboards/indexers/dashboard_indexer.py
@@ -1,7 +1,8 @@
 import logging
 
 from dataall import db
-from dataall.db import models
+from dataall.db.api import Environment, Organization
+from dataall.modules.dashboards import DashboardRepository
 from dataall.searchproxy.base_indexer import BaseIndexer
 from dataall.modules.dashboards.db.models import Dashboard
 
@@ -11,36 +12,12 @@
 class DashboardIndexer(BaseIndexer):
     @classmethod
     def upsert(cls, session, dashboard_uri: str):
-        dashboard = (
-            session.query(
-                Dashboard.dashboardUri.label('uri'),
-                Dashboard.name.label('name'),
-                Dashboard.owner.label('owner'),
-                Dashboard.label.label('label'),
-                Dashboard.description.label('description'),
-                Dashboard.tags.label('tags'),
-                Dashboard.region.label('region'),
-                models.Organization.organizationUri.label('orgUri'),
-                models.Organization.name.label('orgName'),
-                models.Environment.environmentUri.label('envUri'),
-                models.Environment.name.label('envName'),
-                Dashboard.SamlGroupName.label('admins'),
-                Dashboard.created,
-                Dashboard.updated,
-                Dashboard.deleted,
-            )
-            .join(
-                models.Organization,
-                Dashboard.organizationUri == Dashboard.organizationUri,
-            )
-            .join(
-                models.Environment,
-                Dashboard.environmentUri == models.Environment.environmentUri,
-            )
-            .filter(Dashboard.dashboardUri == dashboard_uri)
-            .first()
-        )
+        dashboard: Dashboard = DashboardRepository.get_dashboard_by_uri(session, dashboard_uri)
+
         if dashboard:
+            env = Environment.get_environment_by_uri(session, dashboard.environmentUri)
+            org = Organization.get_organization_by_uri(session, env.organizationUri)
+
             glossary = BaseIndexer._get_target_glossary_terms(session, dashboard_uri)
             count_upvotes = db.api.Vote.count_upvotes(
                 session, None, None, dashboard_uri, {'targetType': 'dashboard'}
@@ -49,7 +26,7 @@ def upsert(cls, session, dashboard_uri: str):
                 doc_id=dashboard_uri,
                 doc={
                     'name': dashboard.name,
-                    'admins': dashboard.admins,
+                    'admins': dashboard.SamlGroupName,
                     'owner': dashboard.owner,
                     'label': dashboard.label,
                     'resourceKind': 'dashboard',
@@ -57,10 +34,10 @@ def upsert(cls, session, dashboard_uri: str):
                     'tags': [f.replace('-', '') for f in dashboard.tags or []],
                     'topics': [],
                     'region': dashboard.region.replace('-', ''),
-                    'environmentUri': dashboard.envUri,
-                    'environmentName': dashboard.envName,
-                    'organizationUri': dashboard.orgUri,
-                    'organizationName': dashboard.orgName,
+                    'environmentUri': env.environmentUri,
+                    'environmentName': env.name,
+                    'organizationUri': org.organizationUri,
+                    'organizationName': org.name,
                     'created': dashboard.created,
                     'updated': dashboard.updated,
                     'deleted': dashboard.deleted,

From 4e88625da018521297c1bd0c63ad0962650d04f8 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 28 Jun 2023 10:58:42 +0200
Subject: [PATCH 305/346] Fixed a merge error

---
 .../versions/5fc49baecea4_add_enviromental_parameters.py      | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py b/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py
index 8ac591d35..d1640246a 100644
--- a/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py
+++ b/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py
@@ -141,8 +141,8 @@ def downgrade():
                 environmentUri=param.environmentUri,
                 notebooksEnabled=params["notebooksEnabled"] == "true",
                 mlStudiosEnabled=params["mlStudiosEnabled"] == "true",
-                pipelinesEnabled=params["pipelinesEnabled"] == "true"
-                mlStudiosEnabled=params["dashboardsEnabled"] == "true"
+                pipelinesEnabled=params["pipelinesEnabled"] == "true",
+                dashboardsEnabled=params["dashboardsEnabled"] == "true"
             ))
 
         for name in UNUSED_PERMISSIONS:

From d93bd37893992c994b51b45c8e7cb204f56daaf9 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 28 Jun 2023 11:35:46 +0200
Subject: [PATCH 306/346] Fixed a typo

---
 .../versions/5fc49baecea4_add_enviromental_parameters.py        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py b/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py
index d1640246a..9242026cd 100644
--- a/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py
+++ b/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py
@@ -130,7 +130,7 @@ def downgrade():
         op.add_column("environment", Column("notebooksEnabled", Boolean, default=True))
         op.add_column("environment", Column("mlStudiosEnabled", Boolean, default=True))
         op.add_column("environment", Column("pipelinesEnabled", Boolean, default=True))
-        op.add_column("environment", Column("dashbaordsEnabled", Boolean, default=True))
+        op.add_column("environment", Column("dashboardsEnabled", Boolean, default=True))
 
         print("Filling environment table with parameters rows...")
         params = session.query(EnvironmentParameter).all()

From 7e4c209a579fb3e280aa2cba463200ba251fcef8 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 28 Jun 2023 12:09:11 +0200
Subject: [PATCH 307/346] Fixed a typo

---
 .../versions/5fc49baecea4_add_enviromental_parameters.py        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py b/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py
index 9242026cd..9150ce99b 100644
--- a/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py
+++ b/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py
@@ -95,7 +95,7 @@ def upgrade():
         op.drop_column("environment", "notebooksEnabled")
         op.drop_column("environment", "mlStudiosEnabled")
         op.drop_column("environment", "pipelinesEnabled")
-        op.drop_column("environment", "dashbaordsEnabled")
+        op.drop_column("environment", "dashboardsEnabled")
         print("Dropped the columns from the environment table ")
 
         create_foreign_key_to_env(op, 'sagemaker_notebook')

From b0444a78c57ffd76d1620d6df56eadfddd1412b4 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 28 Jun 2023 12:51:20 +0200
Subject: [PATCH 308/346] Renamed a file name

---
 .../src/api/DatasetTable/{previewTable2.js => previewTable.js}    | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename frontend/src/api/DatasetTable/{previewTable2.js => previewTable.js} (100%)

diff --git a/frontend/src/api/DatasetTable/previewTable2.js b/frontend/src/api/DatasetTable/previewTable.js
similarity index 100%
rename from frontend/src/api/DatasetTable/previewTable2.js
rename to frontend/src/api/DatasetTable/previewTable.js

From f25ffab9e5c8f014668d36fc5d91109019dcb9c5 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 28 Jun 2023 13:46:02 +0200
Subject: [PATCH 309/346] Fixed JS linting

---
 frontend/src/views/Environments/EnvironmentEditForm.js | 5 +++--
 frontend/src/views/Environments/EnvironmentFeatures.js | 2 +-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/frontend/src/views/Environments/EnvironmentEditForm.js b/frontend/src/views/Environments/EnvironmentEditForm.js
index dc4351b7a..9a3789985 100644
--- a/frontend/src/views/Environments/EnvironmentEditForm.js
+++ b/frontend/src/views/Environments/EnvironmentEditForm.js
@@ -91,7 +91,7 @@ const EnvironmentEditForm = (props) => {
                 value: String(values.pipelinesEnabled)
               },
               {
-                key: "dashboardsEnabled",
+                key: 'dashboardsEnabled',
                 value: String(values.dashboardsEnabled)
               }
             ]
@@ -213,7 +213,8 @@ const EnvironmentEditForm = (props) => {
                 notebooksEnabled: env.parameters['notebooksEnabled'] === 'true',
                 mlStudiosEnabled: env.parameters['mlStudiosEnabled'] === 'true',
                 pipelinesEnabled: env.parameters['pipelinesEnabled'] === 'true',
-                dashboardsEnabled: env.parameters['dashboardsEnabled'] === 'true',
+                dashboardsEnabled:
+                  env.parameters['dashboardsEnabled'] === 'true',
                 warehousesEnabled: env.warehousesEnabled,
                 resourcePrefix: env.resourcePrefix
               }}
diff --git a/frontend/src/views/Environments/EnvironmentFeatures.js b/frontend/src/views/Environments/EnvironmentFeatures.js
index 782ab89dd..d8d8ebf66 100644
--- a/frontend/src/views/Environments/EnvironmentFeatures.js
+++ b/frontend/src/views/Environments/EnvironmentFeatures.js
@@ -32,7 +32,7 @@ const EnvironmentFeatures = (props) => {
               Dashboards
             </Typography>
             <Typography color="textPrimary" variant="body2">
-             <Label
+              <Label
                 color={
                   environment.parameters['dashboardsEnabled'] === 'true'
                     ? 'success'

From f114ea88cb65ac71ea2e1da86ffc2ec007452084 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 28 Jun 2023 14:59:10 +0200
Subject: [PATCH 310/346] uri param must be a kwarg

---
 backend/dataall/modules/dashboards/api/resolvers.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/dataall/modules/dashboards/api/resolvers.py b/backend/dataall/modules/dashboards/api/resolvers.py
index 735b94685..6eda82237 100644
--- a/backend/dataall/modules/dashboards/api/resolvers.py
+++ b/backend/dataall/modules/dashboards/api/resolvers.py
@@ -140,4 +140,4 @@ def get_quicksight_reader_url(context, source, dashboardUri: str = None):
 def get_quicksight_designer_url(
     context, source, environmentUri: str = None, dashboardUri: str = None
 ):
-    return DashboardQuicksightService.get_quicksight_designer_url(environmentUri)
+    return DashboardQuicksightService.get_quicksight_designer_url(uri=environmentUri)

From cee05ca3506b724dd0008d7e144c23088dc9ff44 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 28 Jun 2023 14:59:10 +0200
Subject: [PATCH 311/346] The name error

---
 backend/dataall/modules/dashboards/api/resolvers.py | 2 +-
 frontend/src/api/Dashboard/deleteDashboard.js       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/backend/dataall/modules/dashboards/api/resolvers.py b/backend/dataall/modules/dashboards/api/resolvers.py
index 735b94685..6eda82237 100644
--- a/backend/dataall/modules/dashboards/api/resolvers.py
+++ b/backend/dataall/modules/dashboards/api/resolvers.py
@@ -140,4 +140,4 @@ def get_quicksight_reader_url(context, source, dashboardUri: str = None):
 def get_quicksight_designer_url(
     context, source, environmentUri: str = None, dashboardUri: str = None
 ):
-    return DashboardQuicksightService.get_quicksight_designer_url(environmentUri)
+    return DashboardQuicksightService.get_quicksight_designer_url(uri=environmentUri)
diff --git a/frontend/src/api/Dashboard/deleteDashboard.js b/frontend/src/api/Dashboard/deleteDashboard.js
index 7b9d71eac..e9dd2e1bd 100644
--- a/frontend/src/api/Dashboard/deleteDashboard.js
+++ b/frontend/src/api/Dashboard/deleteDashboard.js
@@ -5,7 +5,7 @@ const deleteDashboard = (dashboardUri) => ({
     dashboardUri
   },
   mutation: gql`
-    mutation importDashboard($dashboardUri: String!) {
+    mutation deleteDashboard($dashboardUri: String!) {
       deleteDashboard(dashboardUri: $dashboardUri)
     }
   `

From 6809ceecbc071229a8d68a30fac586c73686de99 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 29 Jun 2023 12:08:28 +0200
Subject: [PATCH 312/346] Fix username error

---
 .../modules/dashboards/aws/dashboard_quicksight_client.py       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/dataall/modules/dashboards/aws/dashboard_quicksight_client.py b/backend/dataall/modules/dashboards/aws/dashboard_quicksight_client.py
index 171e6c371..1e9a91eaf 100644
--- a/backend/dataall/modules/dashboards/aws/dashboard_quicksight_client.py
+++ b/backend/dataall/modules/dashboards/aws/dashboard_quicksight_client.py
@@ -259,7 +259,7 @@ def _list_user_groups(self):
 
     def _describe_user(self):
         """Describes a QS user, returns None if not found"""
-        client = QuicksightClient.get_quicksight_client_in_identity_region(self._username)
+        client = QuicksightClient.get_quicksight_client_in_identity_region(self._account_id)
         try:
             response = client.describe_user(
                 UserName=self._username, AwsAccountId=self._account_id, Namespace='default'

From e3d90e5778bb052e931a3f275e4c7fe5011f4663 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 29 Jun 2023 12:59:21 +0200
Subject: [PATCH 313/346] Fixed renamed variable

---
 backend/dataall/aws/handlers/quicksight.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/dataall/aws/handlers/quicksight.py b/backend/dataall/aws/handlers/quicksight.py
index 703e3a09e..e7c59dfb0 100644
--- a/backend/dataall/aws/handlers/quicksight.py
+++ b/backend/dataall/aws/handlers/quicksight.py
@@ -41,7 +41,7 @@ def get_identity_region(AwsAccountId):
         client = QuicksightClient.get_quicksight_client(AwsAccountId=AwsAccountId, region=identity_region)
         try:
             response = client.describe_group(
-                AwsAccountId=AwsAccountId, GroupName=QuicksightClient._DEFAULT_GROUP_NAME, Namespace='default'
+                AwsAccountId=AwsAccountId, GroupName=QuicksightClient.DEFAULT_GROUP_NAME, Namespace='default'
             )
         except client.exceptions.AccessDeniedException as e:
             match = identity_region_rex.findall(str(e))

From 7a64f89c57009de1695a443ec50f3846e050edb1 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 29 Jun 2023 18:13:17 +0200
Subject: [PATCH 314/346] Permissions are set on dashboard

---
 .../dashboards/services/dashboard_quicksight_service.py    | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/backend/dataall/modules/dashboards/services/dashboard_quicksight_service.py b/backend/dataall/modules/dashboards/services/dashboard_quicksight_service.py
index 15f8b8c2b..a09b3e6f9 100644
--- a/backend/dataall/modules/dashboards/services/dashboard_quicksight_service.py
+++ b/backend/dataall/modules/dashboards/services/dashboard_quicksight_service.py
@@ -17,13 +17,8 @@ class DashboardQuicksightService:
     _PARAM_STORE = Parameter()
     _REGION = os.getenv('AWS_REGION', 'eu-west-1')
 
-    @staticmethod
-    def _get_env_uri(session, uri):
-        dashboard: Dashboard = DashboardRepository.get_dashboard_by_uri(session, uri)
-        return dashboard.environmentUri
-
     @classmethod
-    @has_resource_permission(GET_DASHBOARD, parent_resource=_get_env_uri)
+    @has_resource_permission(GET_DASHBOARD)
     def get_quicksight_reader_url(cls, uri):
         context = get_context()
         with context.db_engine.scoped_session() as session:

From 80785ee03c5789e8e9d6a86c9ea8e79d5c55cf71 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 3 Jul 2023 12:35:07 +0200
Subject: [PATCH 315/346] Added missed permissions

---
 .../dashboards/services/dashboard_service.py  |  5 ++--
 .../datasets/api/profiling/resolvers.py       |  6 ++---
 .../modules/datasets/api/table/resolvers.py   |  2 +-
 .../datasets/api/table_column/resolvers.py    |  2 +-
 .../services/dataset_column_service.py        |  7 +++---
 .../services/dataset_profiling_service.py     | 25 ++++++++++---------
 .../services/dataset_table_service.py         |  9 ++++---
 7 files changed, 30 insertions(+), 26 deletions(-)

diff --git a/backend/dataall/modules/dashboards/services/dashboard_service.py b/backend/dataall/modules/dashboards/services/dashboard_service.py
index d626dfe9e..d890d3dda 100644
--- a/backend/dataall/modules/dashboards/services/dashboard_service.py
+++ b/backend/dataall/modules/dashboards/services/dashboard_service.py
@@ -7,7 +7,7 @@
 from dataall.modules.dashboards.aws.dashboard_quicksight_client import DashboardQuicksightClient
 from dataall.modules.dashboards.indexers.dashboard_indexer import DashboardIndexer
 from dataall.modules.dashboards.services.dashboard_permissions import MANAGE_DASHBOARDS, GET_DASHBOARD, \
-    UPDATE_DASHBOARD, CREATE_DASHBOARD, DASHBOARD_ALL
+    UPDATE_DASHBOARD, CREATE_DASHBOARD, DASHBOARD_ALL, DELETE_DASHBOARD
 
 
 class DashboardService:
@@ -94,8 +94,9 @@ def update_dashboard(uri: str, data: dict = None) -> Dashboard:
             return dashboard
 
     @staticmethod
+    @has_tenant_permission(MANAGE_DASHBOARDS)
+    @has_resource_permission(DELETE_DASHBOARD)
     def delete_dashboard(uri) -> bool:
-        # TODO THERE WAS NO PERMISSION CHECK
         with get_context().db_engine.scoped_session() as session:
             dashboard = DashboardRepository.get_dashboard_by_uri(session, uri)
             DashboardRepository.delete_dashboard(session, dashboard)
diff --git a/backend/dataall/modules/datasets/api/profiling/resolvers.py b/backend/dataall/modules/datasets/api/profiling/resolvers.py
index e579627a9..07cc48a2f 100644
--- a/backend/dataall/modules/datasets/api/profiling/resolvers.py
+++ b/backend/dataall/modules/datasets/api/profiling/resolvers.py
@@ -42,12 +42,12 @@ def get_profiling_results(context: Context, source: DatasetProfilingRun):
 
 
 def list_profiling_runs(context: Context, source, datasetUri=None):
-    return DatasetProfilingService.list_profiling_runs(datasetUri)
+    return DatasetProfilingService.list_profiling_runs(uri=datasetUri)
 
 
 def get_last_table_profiling_run(context: Context, source, tableUri=None):
-    return DatasetProfilingService.get_last_table_profiling_run(tableUri)
+    return DatasetProfilingService.get_last_table_profiling_run(uri=tableUri)
 
 
 def list_table_profiling_runs(context: Context, source, tableUri=None):
-    return DatasetProfilingService.list_table_profiling_runs(tableUri)
+    return DatasetProfilingService.list_table_profiling_runs(uri=tableUri)
diff --git a/backend/dataall/modules/datasets/api/table/resolvers.py b/backend/dataall/modules/datasets/api/table/resolvers.py
index c69a13c72..730878541 100644
--- a/backend/dataall/modules/datasets/api/table/resolvers.py
+++ b/backend/dataall/modules/datasets/api/table/resolvers.py
@@ -33,7 +33,7 @@ def preview(context, source, tableUri: str = None):
 def get_glue_table_properties(context: Context, source: DatasetTable, **kwargs):
     if not source:
         return None
-    return DatasetTableService.get_glue_table_properties(source.tableUri)
+    return DatasetTableService.get_glue_table_properties(uri=source.tableUri)
 
 
 def sync_tables(context: Context, source, datasetUri: str = None):
diff --git a/backend/dataall/modules/datasets/api/table_column/resolvers.py b/backend/dataall/modules/datasets/api/table_column/resolvers.py
index 034220eb0..4464d7d01 100644
--- a/backend/dataall/modules/datasets/api/table_column/resolvers.py
+++ b/backend/dataall/modules/datasets/api/table_column/resolvers.py
@@ -14,7 +14,7 @@ def list_table_columns(
         tableUri = source.tableUri
     if not filter:
         filter = {}
-    return DatasetColumnService.paginate_active_columns_for_table(tableUri, filter)
+    return DatasetColumnService.paginate_active_columns_for_table(uri=tableUri, filter=filter)
 
 
 def sync_table_columns(context: Context, source, tableUri: str = None):
diff --git a/backend/dataall/modules/datasets/services/dataset_column_service.py b/backend/dataall/modules/datasets/services/dataset_column_service.py
index e6b16a790..257317a4a 100644
--- a/backend/dataall/modules/datasets/services/dataset_column_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_column_service.py
@@ -9,6 +9,7 @@
 from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
 from dataall.modules.datasets.services.dataset_permissions import UPDATE_DATASET_TABLE
 from dataall.modules.datasets_base.db.models import DatasetTable, DatasetTableColumn
+from dataall.modules.datasets_base.services.permissions import GET_DATASET_TABLE
 
 
 class DatasetColumnService:
@@ -24,10 +25,10 @@ def _get_dataset_uri(session, table_uri):
         return table.datasetUri
 
     @staticmethod
-    def paginate_active_columns_for_table(table_uri: str, filter=None):
-        # TODO THERE WAS NO PERMISSION CHECK!!!
+    @has_resource_permission(GET_DATASET_TABLE)
+    def paginate_active_columns_for_table(uri: str, filter=None):
         with get_context().db_engine.scoped_session() as session:
-            return DatasetColumnRepository.paginate_active_columns_for_table(session, table_uri, filter)
+            return DatasetColumnRepository.paginate_active_columns_for_table(session, uri, filter)
 
     @classmethod
     @has_resource_permission(UPDATE_DATASET_TABLE, parent_resource=_get_dataset_uri, param_name="table_uri")
diff --git a/backend/dataall/modules/datasets/services/dataset_profiling_service.py b/backend/dataall/modules/datasets/services/dataset_profiling_service.py
index 7048f4049..7167a7453 100644
--- a/backend/dataall/modules/datasets/services/dataset_profiling_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_profiling_service.py
@@ -10,9 +10,10 @@
 from dataall.modules.datasets.aws.s3_profiler_client import S3ProfilerClient
 from dataall.modules.datasets.db.dataset_profiling_repository import DatasetProfilingRepository
 from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
-from dataall.modules.datasets.services.dataset_permissions import PROFILE_DATASET_TABLE
+from dataall.modules.datasets.services.dataset_permissions import PROFILE_DATASET_TABLE, GET_DATASET
 from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base.db.models import DatasetProfilingRun, DatasetTable
+from dataall.modules.datasets_base.services.permissions import GET_DATASET_TABLE
 
 
 class DatasetProfilingService:
@@ -61,22 +62,22 @@ def queue_profiling_run(run_uri):
         Worker.queue(engine=context.db_engine, task_ids=[task.taskUri])
 
     @staticmethod
-    def list_profiling_runs(dataset_uri):
-        # TODO NO PERMISSION CHECK
+    @has_resource_permission(GET_DATASET)
+    def list_profiling_runs(uri):
         with get_context().db_engine.scoped_session() as session:
-            return DatasetProfilingRepository.list_profiling_runs(session, dataset_uri)
+            return DatasetProfilingRepository.list_profiling_runs(session, uri)
 
     @staticmethod
-    def get_last_table_profiling_run(table_uri: str):
-        # TODO NO PERMISSION CHECK
+    @has_resource_permission(GET_DATASET_TABLE)
+    def get_last_table_profiling_run(uri: str):
         with get_context().db_engine.scoped_session() as session:
             run: DatasetProfilingRun = (
-                DatasetProfilingRepository.get_table_last_profiling_run(session, table_uri)
+                DatasetProfilingRepository.get_table_last_profiling_run(session, uri)
             )
 
             if run:
                 if not run.results:
-                    table = DatasetTableRepository.get_dataset_table_by_uri(session, table_uri)
+                    table = DatasetTableRepository.get_dataset_table_by_uri(session, uri)
                     dataset = DatasetRepository.get_dataset_by_uri(session, table.datasetUri)
                     environment = Environment.get_environment_by_uri(session, dataset.environmentUri)
                     content = S3ProfilerClient(environment).get_profiling_results_from_s3(dataset, table, run)
@@ -86,7 +87,7 @@ def get_last_table_profiling_run(table_uri: str):
 
                 if not run.results:
                     run_with_results = (
-                        DatasetProfilingRepository.get_table_last_profiling_run_with_results(session, table_uri)
+                        DatasetProfilingRepository.get_table_last_profiling_run_with_results(session, uri)
                     )
                     if run_with_results:
                         run = run_with_results
@@ -94,7 +95,7 @@ def get_last_table_profiling_run(table_uri: str):
             return run
 
     @staticmethod
-    def list_table_profiling_runs(table_uri: str):
-        # TODO NO PERMISSION CHECK
+    @has_resource_permission(GET_DATASET_TABLE)
+    def list_table_profiling_runs(uri: str):
         with get_context().db_engine.scoped_session() as session:
-            return DatasetProfilingRepository.list_table_profiling_runs(session, table_uri)
+            return DatasetProfilingRepository.list_table_profiling_runs(session, uri)
diff --git a/backend/dataall/modules/datasets/services/dataset_table_service.py b/backend/dataall/modules/datasets/services/dataset_table_service.py
index 403247e7f..3ec18d3dd 100644
--- a/backend/dataall/modules/datasets/services/dataset_table_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_table_service.py
@@ -15,7 +15,8 @@
     DELETE_DATASET_TABLE, SYNC_DATASET
 from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
-from dataall.modules.datasets_base.services.permissions import PREVIEW_DATASET_TABLE, DATASET_TABLE_READ
+from dataall.modules.datasets_base.services.permissions import PREVIEW_DATASET_TABLE, DATASET_TABLE_READ, \
+    GET_DATASET_TABLE
 from dataall.utils import json_utils
 
 log = logging.getLogger(__name__)
@@ -96,10 +97,10 @@ def preview(table_uri: str):
             return AthenaTableClient(env, table).get_table(dataset_uri=dataset.datasetUri)
 
     @staticmethod
-    def get_glue_table_properties(table_uri: str):
-        # TODO THERE WAS NO PERMISSION CHECK
+    @has_resource_permission(GET_DATASET_TABLE)
+    def get_glue_table_properties(uri: str):
         with get_context().db_engine.scoped_session() as session:
-            table: DatasetTable = DatasetTableRepository.get_dataset_table_by_uri(session, table_uri)
+            table: DatasetTable = DatasetTableRepository.get_dataset_table_by_uri(session, uri)
             return json_utils.to_string(table.GlueTableProperties).replace('\\', ' ')
 
     @staticmethod

From 2e0f591e8cbbfc89f5bccf0c2548c6fcbd640244 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 3 Jul 2023 14:01:29 +0200
Subject: [PATCH 316/346] Added user specific check

---
 .../modules/datasets/db/dataset_table_repository.py        | 7 ++++++-
 .../modules/datasets/services/dataset_table_service.py     | 6 +++---
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/backend/dataall/modules/datasets/db/dataset_table_repository.py b/backend/dataall/modules/datasets/db/dataset_table_repository.py
index a045fce08..dba4fb0fc 100644
--- a/backend/dataall/modules/datasets/db/dataset_table_repository.py
+++ b/backend/dataall/modules/datasets/db/dataset_table_repository.py
@@ -1,6 +1,7 @@
 import logging
 from datetime import datetime
 
+from sqlalchemy import or_
 from sqlalchemy.sql import and_
 
 from dataall.db import exceptions, paginate
@@ -46,7 +47,7 @@ def delete(session, table: DatasetTable):
 
     @staticmethod
     def query_dataset_tables_shared_with_env(
-        session, environment_uri: str, dataset_uri: str
+        session, environment_uri: str, dataset_uri: str, username: str, groups: [str]
     ):
         """For a given dataset, returns the list of Tables shared with the environment
         This means looking at approved ShareObject items
@@ -68,6 +69,10 @@ def query_dataset_tables_shared_with_env(
                     ShareObject.datasetUri == dataset_uri,  # for this dataset
                     ShareObject.environmentUri == environment_uri,  # for this environment
                     ShareObjectItem.status.in_(share_item_shared_states),
+                    or_(
+                        ShareObject.owner == username,
+                        ShareObject.principalId.in_(groups),
+                    ),
                 )
             )
             .all()
diff --git a/backend/dataall/modules/datasets/services/dataset_table_service.py b/backend/dataall/modules/datasets/services/dataset_table_service.py
index 3ec18d3dd..27b2c1376 100644
--- a/backend/dataall/modules/datasets/services/dataset_table_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_table_service.py
@@ -105,12 +105,12 @@ def get_glue_table_properties(uri: str):
 
     @staticmethod
     def list_shared_tables_by_env_dataset(dataset_uri: str, env_uri: str):
-        # TODO THERE WAS NO PERMISSION CHECK
-        with get_context().db_engine.scoped_session() as session:
+        context = get_context()
+        with context.db_engine.scoped_session() as session:
             return [
                 {"tableUri": t.tableUri, "GlueTableName": t.GlueTableName}
                 for t in DatasetTableRepository.query_dataset_tables_shared_with_env(
-                    session, env_uri, dataset_uri
+                    session, env_uri, dataset_uri, context.username, context.groups
                 )
             ]
 

From 98b79b20475f867b26ae27252f1e39db4fb65ab6 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 3 Jul 2023 14:45:36 +0200
Subject: [PATCH 317/346] Moved RamClient

---
 .../dataset_sharing/aws/ram_client.py}             | 14 +++++++-------
 .../services/share_managers/lf_share_manager.py    |  4 ++--
 .../lf_process_cross_account_share.py              |  6 +++---
 3 files changed, 12 insertions(+), 12 deletions(-)
 rename backend/dataall/{aws/handlers/ram.py => modules/dataset_sharing/aws/ram_client.py} (94%)

diff --git a/backend/dataall/aws/handlers/ram.py b/backend/dataall/modules/dataset_sharing/aws/ram_client.py
similarity index 94%
rename from backend/dataall/aws/handlers/ram.py
rename to backend/dataall/modules/dataset_sharing/aws/ram_client.py
index f089db15b..7cfe4c8ab 100644
--- a/backend/dataall/aws/handlers/ram.py
+++ b/backend/dataall/modules/dataset_sharing/aws/ram_client.py
@@ -3,12 +3,12 @@
 
 from botocore.exceptions import ClientError
 
-from .sts import SessionHelper
+from dataall.aws.handlers.sts import SessionHelper
 
 log = logging.getLogger('aws:ram')
 
 
-class Ram:
+class RamClient:
     @staticmethod
     def get_resource_share_invitations(
         client, resource_share_arns, sender_account, receiver_account
@@ -84,10 +84,10 @@ def accept_ram_invitation(**data):
             f'arn:aws:glue:{source["region"]}:{source["accountid"]}:'
             f'table/{data["source"]["database"]}/{data["source"]["tablename"]}'
         )
-        associations = Ram.list_resource_share_associations(source_ram, resource_arn)
+        associations = RamClient.list_resource_share_associations(source_ram, resource_arn)
         resource_share_arns = [a['resourceShareArn'] for a in associations]
 
-        ram_invitations = Ram.get_resource_share_invitations(
+        ram_invitations = RamClient.get_resource_share_invitations(
             target_ram, resource_share_arns, source['accountid'], target['accountid']
         )
         log.info(
@@ -99,7 +99,7 @@ def accept_ram_invitation(**data):
                     log.info(
                         f'Invitation {invitation} is in PENDING status accepting it ...'
                     )
-                    Ram.accept_resource_share_invitation(
+                    RamClient.accept_resource_share_invitation(
                         target_ram, invitation['resourceShareInvitationArn']
                     )
                     # Ram invitation acceptance is slow
@@ -159,7 +159,7 @@ def list_resource_share_associations(client, resource_arn):
     def delete_resource_shares(client, resource_arn):
         log.info(f'Cleaning RAM resource shares for resource: {resource_arn}')
         try:
-            associations = Ram.list_resource_share_associations(client, resource_arn)
+            associations = RamClient.list_resource_share_associations(client, resource_arn)
             for a in associations:
                 log.info(f"Deleting resource share: {a['resourceShareArn']}")
                 client.delete_resource_share(resourceShareArn=a['resourceShareArn'])
@@ -171,7 +171,7 @@ def delete_resource_shares(client, resource_arn):
     def delete_lfv1_resource_shares_for_table(client, resource_arn):
         log.info(f'Cleaning LF V1 RAM resource shares for resource: {resource_arn}')
         try:
-            associations = Ram.list_resource_share_associations(client, resource_arn)
+            associations = RamClient.list_resource_share_associations(client, resource_arn)
             for a in associations:
                 if (
                     'LakeFormation' in a['resourceShareName']
diff --git a/backend/dataall/modules/dataset_sharing/services/share_managers/lf_share_manager.py b/backend/dataall/modules/dataset_sharing/services/share_managers/lf_share_manager.py
index 96940f518..7a6848cd3 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_managers/lf_share_manager.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_managers/lf_share_manager.py
@@ -10,7 +10,7 @@
 from dataall.modules.dataset_sharing.aws.lakeformation_client import LakeFormationClient
 from dataall.aws.handlers.quicksight import QuicksightClient
 from dataall.aws.handlers.sts import SessionHelper
-from dataall.aws.handlers.ram import Ram
+from dataall.modules.dataset_sharing.aws.ram_client import RamClient
 from dataall.db import exceptions, models
 from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 from dataall.modules.dataset_sharing.services.dataset_alarm_service import DatasetAlarmService
@@ -467,7 +467,7 @@ def delete_ram_resource_shares(self, resource_arn: str) -> [dict]:
         list of ram associations
         """
         logger.info(f'Cleaning RAM resource shares for resource: {resource_arn} ...')
-        return Ram.delete_resource_shares(
+        return RamClient.delete_resource_shares(
             SessionHelper.remote_session(
                 accountid=self.source_environment.AwsAccountId
             ).client('ram', region_name=self.source_environment.region),
diff --git a/backend/dataall/modules/dataset_sharing/services/share_processors/lf_process_cross_account_share.py b/backend/dataall/modules/dataset_sharing/services/share_processors/lf_process_cross_account_share.py
index 64e46eb91..ce466ef7a 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_processors/lf_process_cross_account_share.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_processors/lf_process_cross_account_share.py
@@ -2,7 +2,7 @@
 
 from dataall.modules.dataset_sharing.db.enums import ShareItemStatus, ShareObjectActions, ShareItemActions
 from ..share_managers import LFShareManager
-from dataall.aws.handlers.ram import Ram
+from dataall.modules.dataset_sharing.aws.ram_client import RamClient
 from dataall.db import models
 from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 from dataall.modules.dataset_sharing.db.models import ShareObject
@@ -99,11 +99,11 @@ def process_approved_shares(self) -> bool:
                     (
                         retry_share_table,
                         failed_invitations,
-                    ) = Ram.accept_ram_invitation(**data)
+                    ) = RamClient.accept_ram_invitation(**data)
 
                     if retry_share_table:
                         self.share_table_with_target_account(**data)
-                        Ram.accept_ram_invitation(**data)
+                        RamClient.accept_ram_invitation(**data)
 
                     self.create_resource_link(**data)
 

From 0101da591eb752766346edeb43ff7bb6cc88c1b2 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 3 Jul 2023 14:55:47 +0200
Subject: [PATCH 318/346] Removed unused methods

---
 .../modules/dataset_sharing/aws/ram_client.py | 115 ++++--------------
 .../share_managers/lf_share_manager.py        |  19 ---
 2 files changed, 26 insertions(+), 108 deletions(-)

diff --git a/backend/dataall/modules/dataset_sharing/aws/ram_client.py b/backend/dataall/modules/dataset_sharing/aws/ram_client.py
index 7cfe4c8ab..7caff548b 100644
--- a/backend/dataall/modules/dataset_sharing/aws/ram_client.py
+++ b/backend/dataall/modules/dataset_sharing/aws/ram_client.py
@@ -9,15 +9,20 @@
 
 
 class RamClient:
-    @staticmethod
-    def get_resource_share_invitations(
-        client, resource_share_arns, sender_account, receiver_account
+    def __init__(self, account_id, region):
+        session = SessionHelper.remote_session(accountid=account_id)
+        self._client = session.client('ram', region_name=region)
+        self._account_id = account_id
+
+    def _get_resource_share_invitations(
+        self, resource_share_arns, receiver_account
     ):
+        sender_account = self._account_id
         log.info(f'Listing invitations for resourceShareArns: {resource_share_arns}')
         try:
             resource_share_invitations = []
 
-            paginator = client.get_paginator('get_resource_share_invitations')
+            paginator = self._client.get_paginator('get_resource_share_invitations')
             invitation_pages = paginator.paginate(resourceShareArns=resource_share_arns)
             for page in invitation_pages:
                 resource_share_invitations.extend(page.get('resourceShareInvitations'))
@@ -36,10 +41,9 @@ def get_resource_share_invitations(
             )
             raise e
 
-    @staticmethod
-    def accept_resource_share_invitation(client, resource_share_invitation_arn):
+    def _accept_resource_share_invitation(self, resource_share_invitation_arn):
         try:
-            response = client.accept_resource_share_invitation(
+            response = self._client.accept_resource_share_invitation(
                 resourceShareInvitationArn=resource_share_invitation_arn
             )
             log.info(f'Accepted ram invitation {resource_share_invitation_arn}')
@@ -74,21 +78,18 @@ def accept_ram_invitation(**data):
             log.debug('Skipping RAM invitation management for same account sharing.')
             return True
 
-        source_session = SessionHelper.remote_session(accountid=source['accountid'])
-        source_ram = source_session.client('ram', region_name=source['region'])
-
-        target_session = SessionHelper.remote_session(accountid=target['accountid'])
-        target_ram = target_session.client('ram', region_name=target['region'])
+        source_ram = RamClient(source['accountid'], target['region'])
+        target_ram = RamClient(target['accountid'], target['region'])
 
         resource_arn = (
             f'arn:aws:glue:{source["region"]}:{source["accountid"]}:'
             f'table/{data["source"]["database"]}/{data["source"]["tablename"]}'
         )
-        associations = RamClient.list_resource_share_associations(source_ram, resource_arn)
+        associations = source_ram._list_resource_share_associations(resource_arn)
         resource_share_arns = [a['resourceShareArn'] for a in associations]
 
-        ram_invitations = RamClient.get_resource_share_invitations(
-            target_ram, resource_share_arns, source['accountid'], target['accountid']
+        ram_invitations = target_ram._get_resource_share_invitations(
+            resource_share_arns, source['accountid'],
         )
         log.info(
             f'Found {len(ram_invitations)} RAM invitations for resourceShareArn: {resource_share_arns}'
@@ -99,8 +100,8 @@ def accept_ram_invitation(**data):
                     log.info(
                         f'Invitation {invitation} is in PENDING status accepting it ...'
                     )
-                    RamClient.accept_resource_share_invitation(
-                        target_ram, invitation['resourceShareInvitationArn']
+                    target_ram._accept_resource_share_invitation(
+                        invitation['resourceShareInvitationArn']
                     )
                     # Ram invitation acceptance is slow
                     time.sleep(5)
@@ -115,8 +116,8 @@ def accept_ram_invitation(**data):
                     )
                     failed_invitations.append(invitation)
                     retry_share_table = True
-                    source_ram.delete_resource_share(
-                        resourceShareArn=invitation['resourceShareArn']
+                    source_ram._delete_resource_share(
+                        resource_share_arn=invitation['resourceShareArn']
                     )
 
                 elif invitation['status'] == 'ACCEPTED':
@@ -131,13 +132,12 @@ def accept_ram_invitation(**data):
 
         return retry_share_table, failed_invitations
 
-    @staticmethod
-    def list_resource_share_associations(client, resource_arn):
+    def _list_resource_share_associations(self, resource_arn):
         associations = []
         try:
             log.debug(f'RAM list_resource_share_associations : {resource_arn}')
 
-            paginator = client.get_paginator(
+            paginator = self._client.get_paginator(
                 'get_resource_share_associations'
             ).paginate(
                 associationType='RESOURCE',
@@ -155,71 +155,8 @@ def list_resource_share_associations(client, resource_arn):
             )
             raise e
 
-    @staticmethod
-    def delete_resource_shares(client, resource_arn):
-        log.info(f'Cleaning RAM resource shares for resource: {resource_arn}')
-        try:
-            associations = RamClient.list_resource_share_associations(client, resource_arn)
-            for a in associations:
-                log.info(f"Deleting resource share: {a['resourceShareArn']}")
-                client.delete_resource_share(resourceShareArn=a['resourceShareArn'])
-            return associations
-        except ClientError as e:
-            log.error(f'Failed cleaning RAM resource shares due to: {e} ')
-
-    @staticmethod
-    def delete_lfv1_resource_shares_for_table(client, resource_arn):
-        log.info(f'Cleaning LF V1 RAM resource shares for resource: {resource_arn}')
-        try:
-            associations = RamClient.list_resource_share_associations(client, resource_arn)
-            for a in associations:
-                if (
-                    'LakeFormation' in a['resourceShareName']
-                    and 'LakeFormation-V2' in a['resourceShareName']
-                ):
-                    log.info(
-                        f"Found lakeformation V1 RAM association: {a['resourceShareName']}."
-                        'Deleting it ...'
-                    )
-                    client.delete_resource_share(resourceShareArn=a['resourceShareArn'])
-            return associations
-        except ClientError as e:
-            log.error(f'Failed cleaning RAM resource shares due to: {e} ')
-
-    @staticmethod
-    def delete_lakeformation_v1_resource_shares(client):
-        log.info('Cleaning LF V1 RAM resource shares...')
-
-        try:
-            resources = []
-            paginator = client.get_paginator('list_resources').paginate(
-                resourceOwner='SELF',
-                resourceRegionScope='REGIONAL',
-            )
-            for page in paginator:
-                resources.extend(page['resources'])
-
-            log.info(f'Found resources : {len(resources)}')
-            resource_shares = []
-            for r in resources:
-                paginator = client.get_paginator('get_resource_shares').paginate(
-                    resourceShareArns=[r['resourceShareArn']],
-                    resourceOwner='SELF',
-                )
-                for page in paginator:
-                    resource_shares.extend(page['resourceShares'])
-                for rs in resource_shares:
-                    if (
-                        'LakeFormation' in rs['name']
-                        and 'LakeFormation-V2' not in rs['name']
-                    ):
-                        log.info(
-                            f"Found lakeformation V1 RAM association: {rs['name']}."
-                            'Deleting it ...'
-                        )
-                        client.delete_resource_share(
-                            resourceShareArn=r['resourceShareArn']
-                        )
+    def _delete_resource_share(self, resource_share_arn):
+        self._client.delete_resource_share(
+            resource_share_arn=resource_share_arn
+        )
 
-        except ClientError as e:
-            log.error(f'Failed cleaning RAM resource shares due to: {e} ')
diff --git a/backend/dataall/modules/dataset_sharing/services/share_managers/lf_share_manager.py b/backend/dataall/modules/dataset_sharing/services/share_managers/lf_share_manager.py
index 7a6848cd3..b29e39468 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_managers/lf_share_manager.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_managers/lf_share_manager.py
@@ -455,25 +455,6 @@ def revoke_external_account_access_on_source_account(self) -> [dict]:
             )
         return revoke_entries
 
-    def delete_ram_resource_shares(self, resource_arn: str) -> [dict]:
-        """
-        Deletes resource share for the resource arn
-        Parameters
-        ----------
-        resource_arn : glue table arn
-
-        Returns
-        -------
-        list of ram associations
-        """
-        logger.info(f'Cleaning RAM resource shares for resource: {resource_arn} ...')
-        return RamClient.delete_resource_shares(
-            SessionHelper.remote_session(
-                accountid=self.source_environment.AwsAccountId
-            ).client('ram', region_name=self.source_environment.region),
-            resource_arn,
-        )
-
     def handle_share_failure(
         self,
         table: DatasetTable,

From b53dc8d03a15abf7917f3a57fcd5147f1448f55f Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 3 Jul 2023 15:05:23 +0200
Subject: [PATCH 319/346] Refactored kms client

---
 .../dataset_sharing/aws/kms_client.py}        | 45 +++++--------------
 .../share_managers/s3_share_manager.py        | 28 ++++--------
 2 files changed, 21 insertions(+), 52 deletions(-)
 rename backend/dataall/{aws/handlers/kms.py => modules/dataset_sharing/aws/kms_client.py} (52%)

diff --git a/backend/dataall/aws/handlers/kms.py b/backend/dataall/modules/dataset_sharing/aws/kms_client.py
similarity index 52%
rename from backend/dataall/aws/handlers/kms.py
rename to backend/dataall/modules/dataset_sharing/aws/kms_client.py
index 4614cbbcd..b1550ce54 100644
--- a/backend/dataall/aws/handlers/kms.py
+++ b/backend/dataall/modules/dataset_sharing/aws/kms_client.py
@@ -1,48 +1,33 @@
 import logging
 
-from .sts import SessionHelper
+from dataall.aws.handlers.sts import SessionHelper
 
 log = logging.getLogger(__name__)
 
 
-class KMS:
+class KmsClient:
 
-    @staticmethod
-    def client(account_id: str, region: str):
+    def __init__(self, account_id: str, region: str):
         session = SessionHelper.remote_session(accountid=account_id)
-        return session.client('kms', region_name=region)
+        self._client = session.client('kms', region_name=region)
+        self._account_id = account_id
 
-    @staticmethod
-    def put_key_policy(
-        account_id: str,
-        region: str,
-        key_id: str,
-        policy_name: str,
-        policy: str,
-    ):
+    def put_key_policy(self, key_id: str, policy_name: str, policy: str):
         try:
-            kms_client = KMS.client(account_id, region)
-            kms_client.put_key_policy(
+            self._client.put_key_policy(
                 KeyId=key_id,
                 PolicyName=policy_name,
                 Policy=policy,
             )
         except Exception as e:
             log.error(
-                f'Failed to attach policy to KMS key {key_id} on {account_id} : {e} '
+                f'Failed to attach policy to KMS key {key_id} on {self._account_id} : {e} '
             )
             raise e
 
-    @staticmethod
-    def get_key_policy(
-        account_id: str,
-        region: str,
-        key_id: str,
-        policy_name: str,
-    ):
+    def get_key_policy(self, key_id: str, policy_name: str):
         try:
-            kms_client = KMS.client(account_id, region)
-            response = kms_client.get_key_policy(
+            response = self._client.get_key_policy(
                 KeyId=key_id,
                 PolicyName=policy_name,
             )
@@ -54,15 +39,9 @@ def get_key_policy(
         else:
             return response['Policy']
 
-    @staticmethod
-    def get_key_id(
-        account_id: str,
-        region: str,
-        key_alias: str,
-    ):
+    def get_key_id(self, key_alias: str):
         try:
-            kms_client = KMS.client(account_id, region)
-            response = kms_client.describe_key(
+            response = self._client.describe_key(
                 KeyId=key_alias,
             )
         except Exception as e:
diff --git a/backend/dataall/modules/dataset_sharing/services/share_managers/s3_share_manager.py b/backend/dataall/modules/dataset_sharing/services/share_managers/s3_share_manager.py
index 46c448643..2d3024269 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_managers/s3_share_manager.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_managers/s3_share_manager.py
@@ -6,7 +6,7 @@
 from dataall.db import models, utils
 from dataall.aws.handlers.sts import SessionHelper
 from dataall.aws.handlers.s3 import S3
-from dataall.aws.handlers.kms import KMS
+from dataall.modules.dataset_sharing.aws.kms_client import KmsClient
 from dataall.aws.handlers.iam import IAM
 from dataall.modules.dataset_sharing.db.models import ShareObject
 from dataall.modules.dataset_sharing.services.dataset_alarm_service import DatasetAlarmService
@@ -276,8 +276,9 @@ def update_dataset_bucket_key_policy(self):
             'Updating dataset Bucket KMS key policy...'
         )
         key_alias = f"alias/{self.dataset.KmsAlias}"
-        kms_keyId = KMS.get_key_id(self.source_account_id, self.source_environment.region, key_alias)
-        existing_policy = KMS.get_key_policy(self.source_account_id, self.source_environment.region, kms_keyId, "default")
+        kms_client = KmsClient(self.source_account_id, self.source_environment.region)
+        kms_keyId = kms_client.get_key_id(key_alias)
+        existing_policy = kms_client.get_key_policy(kms_keyId, "default")
         target_requester_id = SessionHelper.get_role_id(self.target_account_id, self.target_requester_IAMRoleName)
         if existing_policy and f'{target_requester_id}:*' not in existing_policy:
             policy = json.loads(existing_policy)
@@ -297,13 +298,7 @@ def update_dataset_bucket_key_policy(self):
                     }
                 }
             )
-            KMS.put_key_policy(
-                self.source_account_id,
-                self.source_environment.region,
-                kms_keyId,
-                "default",
-                json.dumps(policy)
-            )
+            kms_client.put_key_policy(kms_keyId, "default", json.dumps(policy))
 
     def delete_access_point_policy(self):
         logger.info(
@@ -386,19 +381,14 @@ def delete_dataset_bucket_key_policy(
             'Deleting dataset bucket KMS key policy...'
         )
         key_alias = f"alias/{dataset.KmsAlias}"
-        kms_keyId = KMS.get_key_id(dataset.AwsAccountId, dataset.region, key_alias)
-        existing_policy = KMS.get_key_policy(dataset.AwsAccountId, dataset.region, kms_keyId, "default")
+        kms_client = KmsClient(dataset.AwsAccountId, dataset.region)
+        kms_keyId = kms_client.get_key_id(key_alias)
+        existing_policy = kms_client.get_key_policy(kms_keyId, "default")
         target_requester_id = SessionHelper.get_role_id(target_environment.AwsAccountId, share.principalIAMRoleName)
         if existing_policy and f'{target_requester_id}:*' in existing_policy:
             policy = json.loads(existing_policy)
             policy["Statement"] = [item for item in policy["Statement"] if item["Sid"] != f"{target_requester_id}"]
-            KMS.put_key_policy(
-                dataset.AwsAccountId,
-                dataset.region,
-                kms_keyId,
-                "default",
-                json.dumps(policy)
-            )
+            kms_client.put_key_policy(kms_keyId, "default", json.dumps(policy))
 
     def handle_share_failure(self, error: Exception) -> None:
         """

From 60b7571087147e03125a291d447c3df7df768e0a Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 3 Jul 2023 15:11:28 +0200
Subject: [PATCH 320/346] Simplified the code a little

---
 .../modules/dataset_sharing/aws/kms_client.py        |  9 +++++----
 .../services/share_managers/s3_share_manager.py      | 12 ++++++------
 2 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/backend/dataall/modules/dataset_sharing/aws/kms_client.py b/backend/dataall/modules/dataset_sharing/aws/kms_client.py
index b1550ce54..940f9722e 100644
--- a/backend/dataall/modules/dataset_sharing/aws/kms_client.py
+++ b/backend/dataall/modules/dataset_sharing/aws/kms_client.py
@@ -6,17 +6,18 @@
 
 
 class KmsClient:
+    _DEFAULT_POLICY_NAME = "default"
 
     def __init__(self, account_id: str, region: str):
         session = SessionHelper.remote_session(accountid=account_id)
         self._client = session.client('kms', region_name=region)
         self._account_id = account_id
 
-    def put_key_policy(self, key_id: str, policy_name: str, policy: str):
+    def put_key_policy(self, key_id: str, policy: str):
         try:
             self._client.put_key_policy(
                 KeyId=key_id,
-                PolicyName=policy_name,
+                PolicyName=self._DEFAULT_POLICY_NAME,
                 Policy=policy,
             )
         except Exception as e:
@@ -25,11 +26,11 @@ def put_key_policy(self, key_id: str, policy_name: str, policy: str):
             )
             raise e
 
-    def get_key_policy(self, key_id: str, policy_name: str):
+    def get_key_policy(self, key_id: str):
         try:
             response = self._client.get_key_policy(
                 KeyId=key_id,
-                PolicyName=policy_name,
+                PolicyName=self._DEFAULT_POLICY_NAME,
             )
         except Exception as e:
             log.error(
diff --git a/backend/dataall/modules/dataset_sharing/services/share_managers/s3_share_manager.py b/backend/dataall/modules/dataset_sharing/services/share_managers/s3_share_manager.py
index 2d3024269..f300f59da 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_managers/s3_share_manager.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_managers/s3_share_manager.py
@@ -277,8 +277,8 @@ def update_dataset_bucket_key_policy(self):
         )
         key_alias = f"alias/{self.dataset.KmsAlias}"
         kms_client = KmsClient(self.source_account_id, self.source_environment.region)
-        kms_keyId = kms_client.get_key_id(key_alias)
-        existing_policy = kms_client.get_key_policy(kms_keyId, "default")
+        kms_key_id = kms_client.get_key_id(key_alias)
+        existing_policy = kms_client.get_key_policy(kms_key_id)
         target_requester_id = SessionHelper.get_role_id(self.target_account_id, self.target_requester_IAMRoleName)
         if existing_policy and f'{target_requester_id}:*' not in existing_policy:
             policy = json.loads(existing_policy)
@@ -298,7 +298,7 @@ def update_dataset_bucket_key_policy(self):
                     }
                 }
             )
-            kms_client.put_key_policy(kms_keyId, "default", json.dumps(policy))
+            kms_client.put_key_policy(kms_key_id, json.dumps(policy))
 
     def delete_access_point_policy(self):
         logger.info(
@@ -382,13 +382,13 @@ def delete_dataset_bucket_key_policy(
         )
         key_alias = f"alias/{dataset.KmsAlias}"
         kms_client = KmsClient(dataset.AwsAccountId, dataset.region)
-        kms_keyId = kms_client.get_key_id(key_alias)
-        existing_policy = kms_client.get_key_policy(kms_keyId, "default")
+        kms_key_id = kms_client.get_key_id(key_alias)
+        existing_policy = kms_client.get_key_policy(kms_key_id)
         target_requester_id = SessionHelper.get_role_id(target_environment.AwsAccountId, share.principalIAMRoleName)
         if existing_policy and f'{target_requester_id}:*' in existing_policy:
             policy = json.loads(existing_policy)
             policy["Statement"] = [item for item in policy["Statement"] if item["Sid"] != f"{target_requester_id}"]
-            kms_client.put_key_policy(kms_keyId, "default", json.dumps(policy))
+            kms_client.put_key_policy(kms_key_id, json.dumps(policy))
 
     def handle_share_failure(self, error: Exception) -> None:
         """

From a7c3c5d70c67ac930ceec3460a5a304b6a765bf8 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 3 Jul 2023 15:47:26 +0200
Subject: [PATCH 321/346] Moved and simplified S3 client

---
 .../dataset_sharing/aws/s3_client.py}         | 125 +++++++++---------
 .../share_managers/s3_share_manager.py        |  41 +++---
 2 files changed, 84 insertions(+), 82 deletions(-)
 rename backend/dataall/{aws/handlers/s3.py => modules/dataset_sharing/aws/s3_client.py} (61%)

diff --git a/backend/dataall/aws/handlers/s3.py b/backend/dataall/modules/dataset_sharing/aws/s3_client.py
similarity index 61%
rename from backend/dataall/aws/handlers/s3.py
rename to backend/dataall/modules/dataset_sharing/aws/s3_client.py
index 2352ef791..b2437a08c 100755
--- a/backend/dataall/aws/handlers/s3.py
+++ b/backend/dataall/modules/dataset_sharing/aws/s3_client.py
@@ -1,70 +1,34 @@
 import logging
 
-from .sts import SessionHelper
+from dataall.aws.handlers.sts import SessionHelper
 
 log = logging.getLogger(__name__)
 
 
-class S3:
-    @staticmethod
-    def client(account_id: str, region: str, client_type: str):
+class S3ControlClient:
+    def __init__(self, account_id: str, region: str):
         session = SessionHelper.remote_session(accountid=account_id)
-        return session.client(client_type, region_name=region)
-
-    @staticmethod
-    def create_bucket_policy(account_id: str, region: str, bucket_name: str, policy: str):
-        try:
-            s3cli = S3.client(account_id=account_id, region=region, client_type='s3')
-            s3cli.put_bucket_policy(
-                Bucket=bucket_name,
-                Policy=policy,
-                ConfirmRemoveSelfBucketAccess=False,
-                ExpectedBucketOwner=account_id,
-            )
-            log.info(
-                f'Created bucket policy of {bucket_name} on {account_id} successfully'
-            )
-        except Exception as e:
-            log.error(
-                f'Bucket policy created failed on bucket {bucket_name} of {account_id} : {e}'
-            )
-            raise e
-
-    @staticmethod
-    def get_bucket_policy(account_id: str, region: str, bucket_name: str):
-        try:
-            s3cli = S3.client(account_id=account_id, region=region, client_type='s3')
-            response = s3cli.get_bucket_policy(Bucket=bucket_name, ExpectedBucketOwner=account_id)
-        except Exception as e:
-            log.warning(
-                f'Failed to get bucket policy of {bucket_name} : {e}'
-            )
-            return None
-        else:
-            return response['Policy']
+        self._client = session.client('s3control', region_name=region)
+        self._account_id = account_id
 
-    @staticmethod
-    def get_bucket_access_point_arn(account_id: str, region: str, access_point_name: str):
+    def get_bucket_access_point_arn(self, access_point_name: str):
         try:
-            s3control = S3.client(account_id, region, 's3control')
-            access_point = s3control.get_access_point(
-                AccountId=account_id,
+            access_point = self._client.get_access_point(
+                AccountId=self._account_id,
                 Name=access_point_name,
             )
         except Exception as e:
             log.info(
-                f'Failed to get S3 bucket access point {access_point_name} on {account_id} : {e}'
+                f'Failed to get S3 bucket access point {access_point_name} on {self._account_id} : {e}'
             )
             return None
         else:
             return access_point["AccessPointArn"]
 
-    @staticmethod
-    def create_bucket_access_point(account_id: str, region: str, bucket_name: str, access_point_name: str):
+    def create_bucket_access_point(self, bucket_name: str, access_point_name: str):
         try:
-            s3control = S3.client(account_id, region, 's3control')
-            access_point = s3control.create_access_point(
-                AccountId=account_id,
+            access_point = self._client.create_access_point(
+                AccountId=self._account_id,
                 Name=access_point_name,
                 Bucket=bucket_name,
             )
@@ -76,42 +40,36 @@ def create_bucket_access_point(account_id: str, region: str, bucket_name: str, a
         else:
             return access_point["AccessPointArn"]
 
-    @staticmethod
-    def delete_bucket_access_point(account_id: str, region: str, access_point_name: str):
+    def delete_bucket_access_point(self, access_point_name: str):
         try:
-            s3control = S3.client(account_id, region, 's3control')
-            s3control.delete_access_point(
-                AccountId=account_id,
+            self._client.delete_access_point(
+                AccountId=self._account_id,
                 Name=access_point_name,
             )
         except Exception as e:
             log.error(
-                f'Failed to delete S3 bucket access point {access_point_name}/{account_id} : {e}'
+                f'Failed to delete S3 bucket access point {access_point_name}/{self._account_id} : {e}'
             )
             raise e
 
-    @staticmethod
-    def get_access_point_policy(account_id: str, region: str, access_point_name: str):
+    def get_access_point_policy(self, access_point_name: str):
         try:
-            s3control = S3.client(account_id, region, 's3control')
-            response = s3control.get_access_point_policy(
-                AccountId=account_id,
+            response = self._client.get_access_point_policy(
+                AccountId=self._account_id,
                 Name=access_point_name,
             )
         except Exception as e:
             log.info(
-                f'Failed to get policy of access point {access_point_name} on {account_id} : {e}'
+                f'Failed to get policy of access point {access_point_name} on {self._account_id} : {e}'
             )
             return None
         else:
             return response['Policy']
 
-    @staticmethod
-    def attach_access_point_policy(account_id: str, region: str, access_point_name: str, policy: str):
+    def attach_access_point_policy(self, access_point_name: str, policy: str):
         try:
-            s3control = S3.client(account_id, region, 's3control')
-            s3control.put_access_point_policy(
-                AccountId=account_id,
+            self._client.put_access_point_policy(
+                AccountId=self._account_id,
                 Name=access_point_name,
                 Policy=policy
             )
@@ -162,3 +120,40 @@ def generate_access_point_policy_template(
             ]
         }
         return policy
+
+
+class S3Client:
+    def __init__(self, account_id, region):
+        session = SessionHelper.remote_session(accountid=account_id)
+        self._client = session.client('s3', region_name=region)
+        self._account_id = account_id
+
+    def create_bucket_policy(self, bucket_name: str, policy: str):
+        try:
+            s3cli = self._client
+            s3cli.put_bucket_policy(
+                Bucket=bucket_name,
+                Policy=policy,
+                ConfirmRemoveSelfBucketAccess=False,
+                ExpectedBucketOwner=self._account_id,
+            )
+            log.info(
+                f'Created bucket policy of {bucket_name} on {self._account_id} successfully'
+            )
+        except Exception as e:
+            log.error(
+                f'Bucket policy created failed on bucket {bucket_name} of {self._account_id} : {e}'
+            )
+            raise e
+
+    def get_bucket_policy(self, bucket_name: str):
+        try:
+            s3cli = self._client
+            response = s3cli.get_bucket_policy(Bucket=bucket_name, ExpectedBucketOwner=self._account_id)
+        except Exception as e:
+            log.warning(
+                f'Failed to get bucket policy of {bucket_name} : {e}'
+            )
+            return None
+        else:
+            return response['Policy']
diff --git a/backend/dataall/modules/dataset_sharing/services/share_managers/s3_share_manager.py b/backend/dataall/modules/dataset_sharing/services/share_managers/s3_share_manager.py
index f300f59da..dc5300dfc 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_managers/s3_share_manager.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_managers/s3_share_manager.py
@@ -5,7 +5,7 @@
 
 from dataall.db import models, utils
 from dataall.aws.handlers.sts import SessionHelper
-from dataall.aws.handlers.s3 import S3
+from dataall.modules.dataset_sharing.aws.s3_client import S3ControlClient, S3Client
 from dataall.modules.dataset_sharing.aws.kms_client import KmsClient
 from dataall.aws.handlers.iam import IAM
 from dataall.modules.dataset_sharing.db.models import ShareObject
@@ -86,7 +86,9 @@ def manage_bucket_policy(self):
         logger.info(
             f'Manage Bucket policy for {self.bucket_name}'
         )
-        bucket_policy = json.loads(S3.get_bucket_policy(self.source_account_id, self.source_environment.region, self.bucket_name))
+
+        s3_client = S3Client(self.source_account_id, self.source_environment.region)
+        bucket_policy = json.loads(s3_client.get_bucket_policy(self.bucket_name))
         for statement in bucket_policy["Statement"]:
             if statement.get("Sid") in ["AllowAllToAdmin", "DelegateAccessToAccessPoint"]:
                 return
@@ -126,7 +128,8 @@ def manage_bucket_policy(self):
         }
         bucket_policy["Statement"].append(allow_owner_access)
         bucket_policy["Statement"].append(delegated_to_accesspoint)
-        S3.create_bucket_policy(self.source_account_id, self.source_environment.region, self.bucket_name, json.dumps(bucket_policy))
+        s3_client = S3Client(self.source_account_id, self.source_environment.region)
+        s3_client.create_bucket_policy(self.bucket_name, json.dumps(bucket_policy))
 
     def grant_target_role_access_policy(self):
         """
@@ -194,21 +197,22 @@ def manage_access_point_and_policy(self):
         :return:
         """
 
-        access_point_arn = S3.get_bucket_access_point_arn(self.source_account_id, self.source_environment.region, self.access_point_name)
+        s3_client = S3ControlClient(self.source_account_id, self.source_environment.region)
+        access_point_arn = s3_client.get_bucket_access_point_arn(self.access_point_name)
         if not access_point_arn:
             logger.info(
                 f'Access point {self.access_point_name} does not exists, creating...'
             )
-            access_point_arn = S3.create_bucket_access_point(self.source_account_id, self.source_environment.region, self.bucket_name, self.access_point_name)
+            access_point_arn = s3_client.create_bucket_access_point(self.bucket_name, self.access_point_name)
             # Access point creation is slow
             retries = 1
-            while not S3.get_bucket_access_point_arn(self.source_account_id, self.source_environment.region, self.access_point_name) and retries < ACCESS_POINT_CREATION_RETRIES:
+            while not s3_client.get_bucket_access_point_arn(self.access_point_name) and retries < ACCESS_POINT_CREATION_RETRIES:
                 logger.info(
                     'Waiting 30s for access point creation to complete..'
                 )
                 time.sleep(ACCESS_POINT_CREATION_TIME)
                 retries += 1
-        existing_policy = S3.get_access_point_policy(self.source_account_id, self.source_environment.region, self.access_point_name)
+        existing_policy = s3_client.get_access_point_policy(self.access_point_name)
         # requester will use this role to access resources
         target_requester_id = SessionHelper.get_role_id(self.target_account_id, self.target_requester_IAMRoleName)
         if existing_policy:
@@ -233,7 +237,7 @@ def manage_access_point_and_policy(self):
                     statements[f"{target_requester_id}1"]["Resource"] = resource_list
                 existing_policy["Statement"] = list(statements.values())
             else:
-                additional_policy = S3.generate_access_point_policy_template(
+                additional_policy = S3ControlClient.generate_access_point_policy_template(
                     target_requester_id,
                     access_point_arn,
                     self.s3_prefix,
@@ -245,7 +249,7 @@ def manage_access_point_and_policy(self):
             logger.info(
                 f'Access point policy for access point {access_point_arn} does not exists, creating policy...'
             )
-            access_point_policy = S3.generate_access_point_policy_template(
+            access_point_policy = S3ControlClient.generate_access_point_policy_template(
                 target_requester_id,
                 access_point_arn,
                 self.s3_prefix,
@@ -267,9 +271,9 @@ def manage_access_point_and_policy(self):
                 }
             }
             access_point_policy["Statement"].append(admin_statement)
-        S3.attach_access_point_policy(
-            account_id=self.source_account_id, region=self.source_environment.region,
-            access_point_name=self.access_point_name, policy=json.dumps(access_point_policy))
+        s3_client.attach_access_point_policy(
+            access_point_name=self.access_point_name, policy=json.dumps(access_point_policy)
+        )
 
     def update_dataset_bucket_key_policy(self):
         logger.info(
@@ -304,8 +308,9 @@ def delete_access_point_policy(self):
         logger.info(
             f'Deleting access point policy for access point {self.access_point_name}...'
         )
-        access_point_policy = json.loads(S3.get_access_point_policy(self.source_account_id, self.source_environment.region, self.access_point_name))
-        access_point_arn = S3.get_bucket_access_point_arn(self.source_account_id, self.source_environment.region, self.access_point_name)
+        s3_client = S3ControlClient(self.source_account_id, self.source_environment.region)
+        access_point_policy = json.loads(s3_client.get_access_point_policy(self.access_point_name))
+        access_point_arn = s3_client.get_bucket_access_point_arn(self.access_point_name)
         target_requester_id = SessionHelper.get_role_id(self.target_account_id, self.target_requester_IAMRoleName)
         statements = {item["Sid"]: item for item in access_point_policy["Statement"]}
         if f"{target_requester_id}0" in statements.keys():
@@ -317,7 +322,7 @@ def delete_access_point_policy(self):
             else:
                 access_point_policy["Statement"].remove(statements[f"{target_requester_id}0"])
                 access_point_policy["Statement"].remove(statements[f"{target_requester_id}1"])
-        S3.attach_access_point_policy(self.source_account_id, self.source_environment.region, self.access_point_name, json.dumps(access_point_policy))
+        s3_client.attach_access_point_policy(self.access_point_name, json.dumps(access_point_policy))
 
     @staticmethod
     def delete_access_point(
@@ -328,10 +333,12 @@ def delete_access_point(
         logger.info(
             f'Deleting access point {access_point_name}...'
         )
-        access_point_policy = json.loads(S3.get_access_point_policy(dataset.AwsAccountId, dataset.region, access_point_name))
+
+        s3_client = S3ControlClient(dataset.AwsAccountId, dataset.region)
+        access_point_policy = json.loads(s3_client.get_access_point_policy(access_point_name))
         if len(access_point_policy["Statement"]) <= 1:
             # At least we have the 'AllowAllToAdmin' statement
-            S3.delete_bucket_access_point(dataset.AwsAccountId, dataset.region, access_point_name)
+            s3_client.delete_bucket_access_point(access_point_name)
             return True
         else:
             return False

From 75a2c9ee7323b7710635a666a5bd7f2a74219f0f Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 3 Jul 2023 15:50:52 +0200
Subject: [PATCH 322/346] Moved sqs poller to datasets

---
 .../dataall/modules/datasets/tasks/dataset_subscription_task.py | 2 +-
 .../{ => modules/datasets}/tasks/subscriptions/__init__.py      | 0
 .../{ => modules/datasets}/tasks/subscriptions/sqs_poller.py    | 0
 3 files changed, 1 insertion(+), 1 deletion(-)
 rename backend/dataall/{ => modules/datasets}/tasks/subscriptions/__init__.py (100%)
 rename backend/dataall/{ => modules/datasets}/tasks/subscriptions/sqs_poller.py (100%)

diff --git a/backend/dataall/modules/datasets/tasks/dataset_subscription_task.py b/backend/dataall/modules/datasets/tasks/dataset_subscription_task.py
index 85b02a2ae..49c751e7d 100644
--- a/backend/dataall/modules/datasets/tasks/dataset_subscription_task.py
+++ b/backend/dataall/modules/datasets/tasks/dataset_subscription_task.py
@@ -15,7 +15,7 @@
 from dataall.modules.dataset_sharing.db.share_object_repository import ShareObjectRepository
 from dataall.modules.dataset_sharing.services.share_notification_service import ShareNotificationService
 from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
-from dataall.tasks.subscriptions import poll_queues
+from dataall.modules.datasets.tasks.subscriptions import poll_queues
 from dataall.utils import json_utils
 from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
 from dataall.modules.datasets.db.dataset_location_repository import DatasetLocationRepository
diff --git a/backend/dataall/tasks/subscriptions/__init__.py b/backend/dataall/modules/datasets/tasks/subscriptions/__init__.py
similarity index 100%
rename from backend/dataall/tasks/subscriptions/__init__.py
rename to backend/dataall/modules/datasets/tasks/subscriptions/__init__.py
diff --git a/backend/dataall/tasks/subscriptions/sqs_poller.py b/backend/dataall/modules/datasets/tasks/subscriptions/sqs_poller.py
similarity index 100%
rename from backend/dataall/tasks/subscriptions/sqs_poller.py
rename to backend/dataall/modules/datasets/tasks/subscriptions/sqs_poller.py

From 743ad51e454b22a8d37e0d367d8aafa832774e78 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 3 Jul 2023 15:52:14 +0200
Subject: [PATCH 323/346] Secret manager is not used

---
 backend/dataall/utils/__init__.py        |  1 -
 backend/dataall/utils/secrets_manager.py | 25 ------------------------
 2 files changed, 26 deletions(-)
 delete mode 100644 backend/dataall/utils/secrets_manager.py

diff --git a/backend/dataall/utils/__init__.py b/backend/dataall/utils/__init__.py
index 14595b7ad..c5e3306f6 100644
--- a/backend/dataall/utils/__init__.py
+++ b/backend/dataall/utils/__init__.py
@@ -1,3 +1,2 @@
 from .parameter import Parameter
-from .secrets_manager import Secrets
 from .slugify import slugify
diff --git a/backend/dataall/utils/secrets_manager.py b/backend/dataall/utils/secrets_manager.py
deleted file mode 100644
index 0a7c41dd6..000000000
--- a/backend/dataall/utils/secrets_manager.py
+++ /dev/null
@@ -1,25 +0,0 @@
-import logging
-import os
-
-import boto3
-
-log = logging.getLogger('utils:Secrets')
-
-
-class Secrets:
-    prefix = 'dataall'
-
-    @classmethod
-    def get_secret(cls, env, secret_name):
-        print('will get secret', env, secret_name)
-        if not secret_name:
-            raise Exception('Secret name is None')
-        secret_name = f'/{cls.prefix}/{env}/{secret_name}'
-        secret_name = secret_name.replace('//', '/')
-        print(secret_name)
-        client = boto3.client(
-            'secretsmanager', region_name=os.getenv('AWS_REGION', 'eu-west-1')
-        )
-        secret = client.get_secret_value(SecretId=secret_name).get('SecretString')
-        print('secret = ', secret)
-        return secret

From d0e5c0170d5b1054db7c689e9895a027f85f7324 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 3 Jul 2023 16:39:24 +0200
Subject: [PATCH 324/346] Review remarks

---
 backend/dataall/modules/dashboards/api/resolvers.py | 12 ++++++++----
 .../dashboards/aws/dashboard_quicksight_client.py   |  4 ----
 .../dashboards/services/dashboard_permissions.py    |  2 --
 .../dashboards/services/dashboard_service.py        | 13 +++----------
 .../dashboards/services/dashboard_share_service.py  |  6 +++---
 .../5fc49baecea4_add_enviromental_parameters.py     |  2 +-
 6 files changed, 15 insertions(+), 24 deletions(-)

diff --git a/backend/dataall/modules/dashboards/api/resolvers.py b/backend/dataall/modules/dashboards/api/resolvers.py
index 6eda82237..8e1056244 100644
--- a/backend/dataall/modules/dashboards/api/resolvers.py
+++ b/backend/dataall/modules/dashboards/api/resolvers.py
@@ -1,6 +1,6 @@
 from dataall.api.context import Context
 from dataall.db import models
-from dataall.db.api import  Glossary, Vote
+from dataall.db.api import Glossary, Vote, Organization
 from dataall.db.exceptions import RequiredParameter
 from dataall.modules.dashboards.api.enums import DashboardRole
 from dataall.modules.dashboards.db.dashboard_repository import DashboardRepository
@@ -22,12 +22,17 @@ def import_dashboard(context: Context, source, input: dict = None):
     if not input.get('label'):
         raise RequiredParameter('label')
 
-    return DashboardService.import_dashboard(uri=input['environmentUri'], data=input)
+    return DashboardService.import_dashboard(
+        uri=input['environmentUri'],
+        admin_group=input['SamlGroupName'],
+        data=input
+    )
 
 
 def update_dashboard(context, source, input: dict = None):
     return DashboardService.update_dashboard(uri=input['dashboardUri'], data=input)
 
+
 def list_dashboards(context: Context, source, filter: dict = None):
     if not filter:
         filter = {}
@@ -54,8 +59,7 @@ def resolve_user_role(context: Context, source: Dashboard):
 
 def get_dashboard_organization(context: Context, source: Dashboard, **kwargs):
     with context.engine.scoped_session() as session:
-        org = session.query(models.Organization).get(source.organizationUri)
-    return org
+        return Organization.get_organization_by_uri(session, source.organizationUri)
 
 
 def request_dashboard_share(
diff --git a/backend/dataall/modules/dashboards/aws/dashboard_quicksight_client.py b/backend/dataall/modules/dashboards/aws/dashboard_quicksight_client.py
index 1e9a91eaf..3bbcda822 100644
--- a/backend/dataall/modules/dashboards/aws/dashboard_quicksight_client.py
+++ b/backend/dataall/modules/dashboards/aws/dashboard_quicksight_client.py
@@ -26,13 +26,9 @@ def __init__(self, username, aws_account_id, region='eu-west-1'):
 
     def register_user_in_group(self, group_name, user_role='READER'):
         QuicksightClient.create_quicksight_group(self._account_id, group_name)
-        exists = False
         user = self._describe_user()
 
         if user is not None:
-            exists = True
-
-        if exists:
             self._client.update_user(
                 UserName=self._username,
                 AwsAccountId=self._account_id,
diff --git a/backend/dataall/modules/dashboards/services/dashboard_permissions.py b/backend/dataall/modules/dashboards/services/dashboard_permissions.py
index ac09a7780..f5c55b89f 100644
--- a/backend/dataall/modules/dashboards/services/dashboard_permissions.py
+++ b/backend/dataall/modules/dashboards/services/dashboard_permissions.py
@@ -7,13 +7,11 @@
 GET_DASHBOARD = 'GET_DASHBOARD'
 UPDATE_DASHBOARD = 'UPDATE_DASHBOARD'
 DELETE_DASHBOARD = 'DELETE_DASHBOARD'
-DASHBOARD_URL = 'DASHBOARD_URL'
 SHARE_DASHBOARD = 'SHARE_DASHBOARD'
 DASHBOARD_ALL = [
     GET_DASHBOARD,
     UPDATE_DASHBOARD,
     DELETE_DASHBOARD,
-    DASHBOARD_URL,
     SHARE_DASHBOARD,
 ]
 
diff --git a/backend/dataall/modules/dashboards/services/dashboard_service.py b/backend/dataall/modules/dashboards/services/dashboard_service.py
index d626dfe9e..210d91873 100644
--- a/backend/dataall/modules/dashboards/services/dashboard_service.py
+++ b/backend/dataall/modules/dashboards/services/dashboard_service.py
@@ -1,5 +1,5 @@
 from dataall.core.context import get_context
-from dataall.core.permission_checker import has_tenant_permission, has_resource_permission
+from dataall.core.permission_checker import has_tenant_permission, has_resource_permission, has_group_permission
 from dataall.db.api import ResourcePolicy, Glossary, Vote, Environment
 from dataall.db.exceptions import UnauthorizedOperation
 from dataall.db.models import Activity
@@ -22,7 +22,8 @@ def get_dashboard(uri: str) -> Dashboard:
     @staticmethod
     @has_tenant_permission(MANAGE_DASHBOARDS)
     @has_resource_permission(CREATE_DASHBOARD)
-    def import_dashboard(uri: str, data: dict = None) -> Dashboard:
+    @has_group_permission(CREATE_DASHBOARD)
+    def import_dashboard(uri: str, admin_group: str, data: dict = None) -> Dashboard:
         context = get_context()
         with context.db_engine.scoped_session() as session:
             env = Environment.get_environment_by_uri(session, data['environmentUri'])
@@ -42,14 +43,6 @@ def import_dashboard(uri: str, data: dict = None) -> Dashboard:
                     action=CREATE_DASHBOARD,
                     message=f'User: {context.username} has not AUTHOR rights on quicksight for the environment {env.label}',
                 )
-            Environment.check_group_environment_permission(
-                session=session,
-                username=context.username,
-                groups=context.groups,
-                uri=uri,
-                group=data['SamlGroupName'],
-                permission_name=CREATE_DASHBOARD,
-            )
 
             env = data.get(
                 'environment', Environment.get_environment_by_uri(session, uri)
diff --git a/backend/dataall/modules/dashboards/services/dashboard_share_service.py b/backend/dataall/modules/dashboards/services/dashboard_share_service.py
index 7bfafc126..2431b653a 100644
--- a/backend/dataall/modules/dashboards/services/dashboard_share_service.py
+++ b/backend/dataall/modules/dashboards/services/dashboard_share_service.py
@@ -31,7 +31,7 @@ def request_dashboard_share(uri: str, principal_id: str):
             if not share:
                 share = DashboardRepository.create_share(session, context.username, dashboard, principal_id)
             else:
-                DashboardShareService._check_stare_status(share)
+                DashboardShareService._check_share_status(share)
 
                 if share.status == DashboardShareStatus.REJECTED.value:
                     share.status = DashboardShareStatus.REQUESTED.value
@@ -97,14 +97,14 @@ def share_dashboard(uri: str, principal_id: str):
 
     @staticmethod
     def _change_share_status(share, status):
-        DashboardShareService._check_stare_status(share)
+        DashboardShareService._check_share_status(share)
         if share.status == status.value:
             return share
 
         share.status = status.value
 
     @staticmethod
-    def _check_stare_status(share):
+    def _check_share_status(share):
         if share.status not in DashboardShareStatus.__members__:
             raise InvalidInput(
                 'Share status',
diff --git a/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py b/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py
index 9150ce99b..00552deff 100644
--- a/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py
+++ b/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py
@@ -27,7 +27,7 @@
 
 UNUSED_PERMISSIONS = ['LIST_DATASETS',  'LIST_DATASET_TABLES', 'LIST_DATASET_SHARES', 'SUMMARY_DATASET',
                       'IMPORT_DATASET', 'UPLOAD_DATASET', 'URL_DATASET', 'STACK_DATASET', 'SUBSCRIPTIONS_DATASET',
-                      'CREATE_DATASET_TABLE', 'LIST_PIPELINES']
+                      'CREATE_DATASET_TABLE', 'LIST_PIPELINES', 'DASHBOARD_URL']
 
 
 class Environment(Resource, Base):

From b12cecc1979ddd1c994c74410caeb44b89d3174e Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 3 Jul 2023 16:50:43 +0200
Subject: [PATCH 325/346] Fixed region

---
 .../modules/dashboards/services/dashboard_quicksight_service.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/dataall/modules/dashboards/services/dashboard_quicksight_service.py b/backend/dataall/modules/dashboards/services/dashboard_quicksight_service.py
index a09b3e6f9..46882a1ec 100644
--- a/backend/dataall/modules/dashboards/services/dashboard_quicksight_service.py
+++ b/backend/dataall/modules/dashboards/services/dashboard_quicksight_service.py
@@ -166,5 +166,5 @@ def _client(cls, account_id: str = None, region: str = None):
 
         if not region:
             region = cls._REGION
-        return DashboardQuicksightClient(get_context().username, account_id, cls._REGION)
+        return DashboardQuicksightClient(get_context().username, account_id, region)
 

From a728fc6a19eae25559199d4cc499efec337e5609 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 3 Jul 2023 17:09:47 +0200
Subject: [PATCH 326/346] Call to AWS should be done in clients

---
 .../aws/lakeformation_client.py               |  1 -
 .../modules/datasets/aws/s3_dataset_client.py | 80 +++++++++++++++++
 .../services/dataset_column_service.py        |  1 -
 .../datasets/tasks/bucket_policy_updater.py   | 85 +------------------
 4 files changed, 84 insertions(+), 83 deletions(-)

diff --git a/backend/dataall/modules/dataset_sharing/aws/lakeformation_client.py b/backend/dataall/modules/dataset_sharing/aws/lakeformation_client.py
index bec615958..737446503 100644
--- a/backend/dataall/modules/dataset_sharing/aws/lakeformation_client.py
+++ b/backend/dataall/modules/dataset_sharing/aws/lakeformation_client.py
@@ -29,7 +29,6 @@ def grant_permissions_to_database(
         principals,
         database_name,
         permissions,
-        permissions_with_grant_options=None,
     ):
         for principal in principals:
             log.info(
diff --git a/backend/dataall/modules/datasets/aws/s3_dataset_client.py b/backend/dataall/modules/datasets/aws/s3_dataset_client.py
index d6a92ab39..d4ca30630 100644
--- a/backend/dataall/modules/datasets/aws/s3_dataset_client.py
+++ b/backend/dataall/modules/datasets/aws/s3_dataset_client.py
@@ -1,4 +1,5 @@
 import json
+import logging
 
 from botocore.config import Config
 from botocore.exceptions import ClientError
@@ -6,6 +7,8 @@
 from dataall.aws.handlers.sts import SessionHelper
 from dataall.modules.datasets_base.db.models import Dataset
 
+log = logging.getLogger(__name__)
+
 
 class S3DatasetClient:
 
@@ -32,3 +35,80 @@ def get_file_upload_presigned_url(self, data):
             return json.dumps(response)
         except ClientError as e:
             raise e
+
+
+class S3BucketPolicyClient:
+    def __init__(self, dataset: Dataset):
+        session = SessionHelper.remote_session(accountid=dataset.AwsAccountId)
+        self._client = session.client('s3')
+        self._dataset = dataset
+
+    def get_bucket_policy(self):
+        dataset = self._dataset
+        try:
+            policy = self._client.get_bucket_policy(Bucket=dataset.S3BucketName)['Policy']
+            log.info(f'Current bucket policy---->:{policy}')
+            policy = json.loads(policy)
+        except ClientError as err:
+            if err.response['Error']['Code'] == 'NoSuchBucketPolicy':
+                log.info(f"No policy attached to '{dataset.S3BucketName}'")
+
+            elif err.response['Error']['Code'] == 'NoSuchBucket':
+                log.error(f'Bucket deleted {dataset.S3BucketName}')
+
+            elif err.response['Error']['Code'] == 'AccessDenied':
+                log.error(
+                    f'Access denied in {dataset.AwsAccountId} '
+                    f'(s3:{err.operation_name}, '
+                    f"resource='{dataset.S3BucketName}')"
+                )
+            else:
+                log.exception(
+                    f"Failed to get '{dataset.S3BucketName}' policy in {dataset.AwsAccountId}"
+                )
+            policy = {
+                'Version': '2012-10-17',
+                'Statement': [
+                    {
+                        'Sid': 'OwnerAccount',
+                        'Effect': 'Allow',
+                        'Action': ['s3:*'],
+                        'Resource': [
+                            f'arn:aws:s3:::{dataset.S3BucketName}',
+                            f'arn:aws:s3:::{dataset.S3BucketName}/*',
+                        ],
+                        'Principal': {
+                            'AWS': f'arn:aws:iam::{dataset.AwsAccountId}:root'
+                        },
+                    }
+                ],
+            }
+
+        return policy
+
+    def put_bucket_policy(self, policy):
+        dataset = self._dataset
+        update_policy_report = {
+            'datasetUri': dataset.datasetUri,
+            'bucketName': dataset.S3BucketName,
+            'accountId': dataset.AwsAccountId,
+        }
+        try:
+            policy_json = json.dumps(policy) if isinstance(policy, dict) else policy
+            log.info(
+                f"Putting new bucket policy on '{dataset.S3BucketName}' policy {policy_json}"
+            )
+            response = self._client.put_bucket_policy(
+                Bucket=dataset.S3BucketName, Policy=policy_json
+            )
+            log.info(f'Bucket Policy updated: {response}')
+            update_policy_report.update({'status': 'SUCCEEDED'})
+        except ClientError as e:
+            log.error(
+                f'Failed to update bucket policy '
+                f"on '{dataset.S3BucketName}' policy {policy} "
+                f'due to {e} '
+            )
+            update_policy_report.update({'status': 'FAILED'})
+
+        return update_policy_report
diff --git a/backend/dataall/modules/datasets/services/dataset_column_service.py b/backend/dataall/modules/datasets/services/dataset_column_service.py
index e6b16a790..a2e5b25b6 100644
--- a/backend/dataall/modules/datasets/services/dataset_column_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_column_service.py
@@ -3,7 +3,6 @@
 from dataall.core.context import get_context
 from dataall.core.permission_checker import has_resource_permission
 from dataall.db import models
-from dataall.db.api import ResourcePolicy
 from dataall.modules.datasets.aws.glue_table_client import GlueTableClient
 from dataall.modules.datasets.db.dataset_column_repository import DatasetColumnRepository
 from dataall.modules.datasets.db.dataset_table_repository import DatasetTableRepository
diff --git a/backend/dataall/modules/datasets/tasks/bucket_policy_updater.py b/backend/dataall/modules/datasets/tasks/bucket_policy_updater.py
index 8071cb4bd..96936f558 100644
--- a/backend/dataall/modules/datasets/tasks/bucket_policy_updater.py
+++ b/backend/dataall/modules/datasets/tasks/bucket_policy_updater.py
@@ -3,12 +3,11 @@
 import os
 import sys
 
-from botocore.exceptions import ClientError
 from sqlalchemy import and_
 
-from dataall.aws.handlers.sts import SessionHelper
 from dataall.db import get_engine
 from dataall.modules.dataset_sharing.db.share_object_repository import ShareObjectRepository
+from dataall.modules.datasets.aws.s3_dataset_client import S3BucketPolicyClient
 from dataall.modules.datasets_base.db.models import Dataset
 
 root = logging.getLogger()
@@ -81,13 +80,13 @@ def sync_imported_datasets_bucket_policies(self):
                         accountid, bucket, account_prefixes
                     )
 
-                client = self.init_s3_client(dataset)
+                client = S3BucketPolicyClient(dataset)
 
-                policy = self.get_bucket_policy(client, dataset)
+                policy = client.get_bucket_policy()
 
                 BucketPoliciesUpdater.update_policy(account_prefixes, policy)
 
-                report = self.put_bucket_policy(client, dataset, policy)
+                report = client.put_bucket_policy(policy)
 
                 self.reports.append(report)
 
@@ -163,82 +162,6 @@ def group_prefixes_by_accountid(cls, accountid, prefix, account_prefixes):
             account_prefixes[accountid] = [prefix]
         return account_prefixes
 
-    @classmethod
-    def init_s3_client(cls, dataset):
-        session = SessionHelper.remote_session(accountid=dataset.AwsAccountId)
-        client = session.client('s3')
-        return client
-
-    @classmethod
-    def get_bucket_policy(cls, client, dataset):
-        try:
-            policy = client.get_bucket_policy(Bucket=dataset.S3BucketName)['Policy']
-            log.info(f'Current bucket policy---->:{policy}')
-            policy = json.loads(policy)
-        except ClientError as err:
-            if err.response['Error']['Code'] == 'NoSuchBucketPolicy':
-                log.info(f"No policy attached to '{dataset.S3BucketName}'")
-
-            elif err.response['Error']['Code'] == 'NoSuchBucket':
-                log.error(f'Bucket deleted {dataset.S3BucketName}')
-
-            elif err.response['Error']['Code'] == 'AccessDenied':
-                log.error(
-                    f'Access denied in {dataset.AwsAccountId} '
-                    f'(s3:{err.operation_name}, '
-                    f"resource='{dataset.S3BucketName}')"
-                )
-            else:
-                log.exception(
-                    f"Failed to get '{dataset.S3BucketName}' policy in {dataset.AwsAccountId}"
-                )
-            policy = {
-                'Version': '2012-10-17',
-                'Statement': [
-                    {
-                        'Sid': 'OwnerAccount',
-                        'Effect': 'Allow',
-                        'Action': ['s3:*'],
-                        'Resource': [
-                            f'arn:aws:s3:::{dataset.S3BucketName}',
-                            f'arn:aws:s3:::{dataset.S3BucketName}/*',
-                        ],
-                        'Principal': {
-                            'AWS': f'arn:aws:iam::{dataset.AwsAccountId}:root'
-                        },
-                    }
-                ],
-            }
-
-        return policy
-
-    @staticmethod
-    def put_bucket_policy(s3_client, dataset, policy):
-        update_policy_report = {
-            'datasetUri': dataset.datasetUri,
-            'bucketName': dataset.S3BucketName,
-            'accountId': dataset.AwsAccountId,
-        }
-        try:
-            policy_json = json.dumps(policy) if isinstance(policy, dict) else policy
-            log.info(
-                f"Putting new bucket policy on '{dataset.S3BucketName}' policy {policy_json}"
-            )
-            response = s3_client.put_bucket_policy(
-                Bucket=dataset.S3BucketName, Policy=policy_json
-            )
-            log.info(f'Bucket Policy updated: {response}')
-            update_policy_report.update({'status': 'SUCCEEDED'})
-        except ClientError as e:
-            log.error(
-                f'Failed to update bucket policy '
-                f"on '{dataset.S3BucketName}' policy {policy} "
-                f'due to {e} '
-            )
-            update_policy_report.update({'status': 'FAILED'})
-
-        return update_policy_report
-
 
 if __name__ == '__main__':
     ENVNAME = os.environ.get('envname', 'local')

From 740830b1e37abc8d8c0a09bcf656f99083509f08 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 3 Jul 2023 17:13:11 +0200
Subject: [PATCH 327/346] Calls to AWS should be done in clients

---
 .../datasets/tasks/dataset_subscription_task.py | 17 +++--------------
 1 file changed, 3 insertions(+), 14 deletions(-)

diff --git a/backend/dataall/modules/datasets/tasks/dataset_subscription_task.py b/backend/dataall/modules/datasets/tasks/dataset_subscription_task.py
index 49c751e7d..d422651c5 100644
--- a/backend/dataall/modules/datasets/tasks/dataset_subscription_task.py
+++ b/backend/dataall/modules/datasets/tasks/dataset_subscription_task.py
@@ -14,6 +14,7 @@
 from dataall.modules.dataset_sharing.db.models import ShareObjectItem
 from dataall.modules.dataset_sharing.db.share_object_repository import ShareObjectRepository
 from dataall.modules.dataset_sharing.services.share_notification_service import ShareNotificationService
+from dataall.modules.datasets.aws.sns_dataset_client import SnsDatasetClient
 from dataall.modules.datasets_base.db.dataset_repository import DatasetRepository
 from dataall.modules.datasets.tasks.subscriptions import poll_queues
 from dataall.utils import json_utils
@@ -148,10 +149,8 @@ def publish_sns_message(
                             f'has updated the table shared with you {prefix}',
                         }
 
-                        response = DatasetSubscriptionService.sns_call(
-                            message, environment
-                        )
-
+                        sns_client = SnsDatasetClient(environment, dataset)
+                        response = sns_client.publish_dataset_message(message)
                         log.info(f'SNS update publish response {response}')
 
                         notifications = ShareNotificationService.notify_new_data_available_from_owners(
@@ -167,16 +166,6 @@ def publish_sns_message(
                             f'Failed to deliver message {message} due to: {e}'
                         )
 
-    @staticmethod
-    def sns_call(message, environment):
-        aws_session = SessionHelper.remote_session(environment.AwsAccountId)
-        sns = aws_session.client('sns', region_name=environment.region)
-        response = sns.publish(
-            TopicArn=f'arn:aws:sns:{environment.region}:{environment.AwsAccountId}:{environment.subscriptionsConsumersTopicName}',
-            Message=json.dumps(message),
-        )
-        return response
-
     # TODO redshift related code
     def redshift_copy(
         self,

From 578770e5ea3cfa9b49ea1c2cd2c8bb276b34b567 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 4 Jul 2023 11:00:19 +0200
Subject: [PATCH 328/346] Review remarks

---
 .../api/Objects/Environment/resolvers.py      |  7 ++--
 .../services/environment_resource_manager.py  | 38 +++++++++++++------
 backend/dataall/db/api/environment.py         |  2 -
 .../dashboards/db/dashboard_repository.py     |  8 +++-
 .../services/datapipelines_service.py         |  9 ++---
 .../mlstudio/services/mlstudio_service.py     |  5 +--
 6 files changed, 42 insertions(+), 27 deletions(-)

diff --git a/backend/dataall/api/Objects/Environment/resolvers.py b/backend/dataall/api/Objects/Environment/resolvers.py
index af7976e62..46b311526 100644
--- a/backend/dataall/api/Objects/Environment/resolvers.py
+++ b/backend/dataall/api/Objects/Environment/resolvers.py
@@ -14,6 +14,7 @@
 from ....aws.handlers.cloudformation import CloudFormation
 from ....aws.handlers.iam import IAM
 from ....aws.handlers.parameter_store import ParameterStoreManager
+from ....core.group.services.environment_resource_manager import EnvironmentResourceManager
 from ....db import exceptions, permissions
 from ....db.api import Environment, ResourcePolicy, Stack
 from ....utils.naming_convention import (
@@ -127,10 +128,8 @@ def update_environment(
             data=input,
             check_perm=True,
         )
-        if input.get('dashboardsEnabled') or (
-            environment.resourcePrefix != previous_resource_prefix
-        ):
-            stack_helper.deploy_stack(targetUri=environment.environmentUri)
+
+        EnvironmentResourceManager.deploy_updated_stack(session, previous_resource_prefix, environment)
     return environment
 
 
diff --git a/backend/dataall/core/group/services/environment_resource_manager.py b/backend/dataall/core/group/services/environment_resource_manager.py
index d2f3beb96..922a97c4b 100644
--- a/backend/dataall/core/group/services/environment_resource_manager.py
+++ b/backend/dataall/core/group/services/environment_resource_manager.py
@@ -1,35 +1,51 @@
 from abc import ABC
 from typing import List
 
+from dataall.api.Objects.Stack import stack_helper
+
 
 class EnvironmentResource(ABC):
     @staticmethod
     def count_resources(session, environment, group_uri) -> int:
-        raise NotImplementedError()
+        return 0
 
     @staticmethod
     def delete_env(session, environment):
         pass
 
+    @staticmethod
+    def update_env(session, environment):
+        pass
+
 
 class EnvironmentResourceManager:
     """
-    API for managing group resources
+    API for managing environment and environment group lifecycle.
+    Contains callbacks that are invoked when something is happened with the environment.
     """
     _resources: List[EnvironmentResource] = []
 
-    @staticmethod
-    def register(resource: EnvironmentResource):
-        EnvironmentResourceManager._resources.append(resource)
+    @classmethod
+    def register(cls, resource: EnvironmentResource):
+        cls._resources.append(resource)
 
-    @staticmethod
-    def count_group_resources(session, environment, group_uri) -> int:
+    @classmethod
+    def count_group_resources(cls, session, environment, group_uri) -> int:
         counter = 0
-        for resource in EnvironmentResourceManager._resources:
+        for resource in cls._resources:
             counter += resource.count_resources(session, environment, group_uri)
         return counter
 
-    @staticmethod
-    def delete_env(session, environment):
-        for resource in EnvironmentResourceManager._resources:
+    @classmethod
+    def deploy_updated_stack(cls, session, prev_prefix, environment):
+        deploy_stack = prev_prefix != environment.resourcePrefix
+        for resource in cls._resources:
+            deploy_stack |= resource.update_env(session, environment)
+
+        if deploy_stack:
+            stack_helper.deploy_stack(targetUri=environment.environmentUri)
+
+    @classmethod
+    def delete_env(cls, session, environment):
+        for resource in cls._resources:
             resource.delete_env(session, environment)
diff --git a/backend/dataall/db/api/environment.py b/backend/dataall/db/api/environment.py
index 81811becb..23f629b1a 100644
--- a/backend/dataall/db/api/environment.py
+++ b/backend/dataall/db/api/environment.py
@@ -18,8 +18,6 @@
 from ..models.Enums import (
     EnvironmentType,
     EnvironmentPermission,
-    PrincipalType
-
 )
 from ..models.Permission import PermissionType
 from ..paginator import paginate
diff --git a/backend/dataall/modules/dashboards/db/dashboard_repository.py b/backend/dataall/modules/dashboards/db/dashboard_repository.py
index 7fa1febeb..0a3059f0f 100644
--- a/backend/dataall/modules/dashboards/db/dashboard_repository.py
+++ b/backend/dataall/modules/dashboards/db/dashboard_repository.py
@@ -5,7 +5,7 @@
 
 from dataall.core.group.services.environment_resource_manager import EnvironmentResource
 from dataall.db import exceptions, paginate
-from dataall.db.models import Environment
+from dataall.db.api import Environment
 from dataall.modules.dashboards.db.models import DashboardShare, DashboardShareStatus, Dashboard
 
 logger = logging.getLogger(__name__)
@@ -26,7 +26,11 @@ def count_resources(session, environment, group_uri) -> int:
         )
 
     @staticmethod
-    def create_dashboard(session, env: Environment, username: str, data: dict = None) -> Dashboard:
+    def update_env(session, environment):
+        return Environment.get_boolean_env_param(session, environment, "dashboardsEnabled")
+
+    @staticmethod
+    def create_dashboard(session, env, username: str, data: dict = None) -> Dashboard:
         dashboard: Dashboard = Dashboard(
             label=data.get('label', 'untitled'),
             environmentUri=data.get('environmentUri'),
diff --git a/backend/dataall/modules/datapipelines/services/datapipelines_service.py b/backend/dataall/modules/datapipelines/services/datapipelines_service.py
index 35a9d48ba..c5ae7a269 100644
--- a/backend/dataall/modules/datapipelines/services/datapipelines_service.py
+++ b/backend/dataall/modules/datapipelines/services/datapipelines_service.py
@@ -2,7 +2,6 @@
 import logging
 
 from dataall.aws.handlers.sts import SessionHelper
-from dataall.core.environment.db.repositories import EnvironmentParameterRepository
 from dataall.core.permission_checker import has_resource_permission, has_tenant_permission, \
     has_group_permission
 from dataall.db.api import (
@@ -41,9 +40,9 @@ def create_pipeline(
     ) -> DataPipeline:
 
         environment = Environment.get_environment_by_uri(session, uri)
-        enabled = EnvironmentParameterRepository(session).get_param(uri, "pipelinesEnabled")
+        enabled = Environment.get_boolean_env_param(session, environment, "pipelinesEnabled")
 
-        if not enabled and enabled.lower() != "true":
+        if not enabled:
             raise exceptions.UnauthorizedOperation(
                 action=CREATE_PIPELINE,
                 message=f'Pipelines feature is disabled for the environment {environment.label}',
@@ -116,9 +115,9 @@ def create_pipeline_environment(
     ) -> DataPipelineEnvironment:
 
         environment = Environment.get_environment_by_uri(session, data['environmentUri'])
-        enabled = EnvironmentParameterRepository(session).get_param(uri, "pipelinesEnabled")
+        enabled = Environment.get_boolean_env_param(session, environment, "pipelinesEnabled")
 
-        if not enabled and enabled.lower() != "true":
+        if not enabled:
             raise exceptions.UnauthorizedOperation(
                 action=CREATE_PIPELINE,
                 message=f'Pipelines feature is disabled for the environment {environment.label}',
diff --git a/backend/dataall/modules/mlstudio/services/mlstudio_service.py b/backend/dataall/modules/mlstudio/services/mlstudio_service.py
index a890d4627..3492d11f3 100644
--- a/backend/dataall/modules/mlstudio/services/mlstudio_service.py
+++ b/backend/dataall/modules/mlstudio/services/mlstudio_service.py
@@ -9,7 +9,6 @@
 
 from dataall.api.Objects.Stack import stack_helper
 from dataall.core.context import get_context
-from dataall.core.environment.db.repositories import EnvironmentParameterRepository
 from dataall.db.api import (
     ResourcePolicy,
     Environment, KeyValueTag, Stack,
@@ -72,9 +71,9 @@ def create_sagemaker_studio_user(*, uri: str, admin_group: str, request: Sagemak
         """
         with _session() as session:
             env = Environment.get_environment_by_uri(session, uri)
-            enabled = EnvironmentParameterRepository(session).get_param(uri, "mlStudiosEnabled")
+            enabled = Environment.get_boolean_env_param(session, env, "mlStudiosEnabled")
 
-            if not enabled and enabled.lower() != "true":
+            if not enabled:
                 raise exceptions.UnauthorizedOperation(
                     action=CREATE_SGMSTUDIO_USER,
                     message=f'ML Studio feature is disabled for the environment {env.label}',

From f07922b6dd0fddd945251f3d6060cf782e729193 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 4 Jul 2023 11:12:23 +0200
Subject: [PATCH 329/346] Review remarks + linting

---
 backend/dataall/api/Objects/Environment/resolvers.py       | 4 +++-
 backend/dataall/api/Objects/Tenant/queries.py              | 2 +-
 backend/dataall/core/catalog/catalog_indexer.py            | 2 +-
 .../core/group/services/environment_resource_manager.py    | 7 ++-----
 backend/dataall/db/api/environment.py                      | 2 +-
 backend/dataall/modules/dashboards/api/resolvers.py        | 2 +-
 .../modules/dashboards/aws/dashboard_quicksight_client.py  | 3 +--
 .../dashboards/services/dashboard_quicksight_service.py    | 1 -
 .../modules/dashboards/services/dashboard_service.py       | 1 -
 backend/dataall/modules/datasets/api/table/mutations.py    | 1 -
 .../modules/datasets/services/dataset_column_service.py    | 1 -
 .../dataall/modules/notebooks/services/notebook_service.py | 1 -
 .../versions/5fc49baecea4_add_enviromental_parameters.py   | 3 +--
 tests/api/test_environment.py                              | 2 +-
 14 files changed, 12 insertions(+), 20 deletions(-)

diff --git a/backend/dataall/api/Objects/Environment/resolvers.py b/backend/dataall/api/Objects/Environment/resolvers.py
index 46b311526..903592cf2 100644
--- a/backend/dataall/api/Objects/Environment/resolvers.py
+++ b/backend/dataall/api/Objects/Environment/resolvers.py
@@ -129,7 +129,9 @@ def update_environment(
             check_perm=True,
         )
 
-        EnvironmentResourceManager.deploy_updated_stack(session, previous_resource_prefix, environment)
+        if EnvironmentResourceManager.deploy_updated_stack(session, previous_resource_prefix, environment):
+            stack_helper.deploy_stack(targetUri=environment.environmentUri)
+
     return environment
 
 
diff --git a/backend/dataall/api/Objects/Tenant/queries.py b/backend/dataall/api/Objects/Tenant/queries.py
index 8b4218443..4c4d6f089 100644
--- a/backend/dataall/api/Objects/Tenant/queries.py
+++ b/backend/dataall/api/Objects/Tenant/queries.py
@@ -15,4 +15,4 @@
     ],
     type=gql.Ref('GroupSearchResult'),
     resolver=list_tenant_groups,
-)
\ No newline at end of file
+)
diff --git a/backend/dataall/core/catalog/catalog_indexer.py b/backend/dataall/core/catalog/catalog_indexer.py
index 1273cc414..e2e7b4496 100644
--- a/backend/dataall/core/catalog/catalog_indexer.py
+++ b/backend/dataall/core/catalog/catalog_indexer.py
@@ -13,4 +13,4 @@ def all():
         return CatalogIndexer._INDEXERS
 
     def index(self, session) -> int:
-        raise NotImplementedError("index is not implemented")
\ No newline at end of file
+        raise NotImplementedError("index is not implemented")
diff --git a/backend/dataall/core/group/services/environment_resource_manager.py b/backend/dataall/core/group/services/environment_resource_manager.py
index 922a97c4b..d4c964514 100644
--- a/backend/dataall/core/group/services/environment_resource_manager.py
+++ b/backend/dataall/core/group/services/environment_resource_manager.py
@@ -1,8 +1,6 @@
 from abc import ABC
 from typing import List
 
-from dataall.api.Objects.Stack import stack_helper
-
 
 class EnvironmentResource(ABC):
     @staticmethod
@@ -15,7 +13,7 @@ def delete_env(session, environment):
 
     @staticmethod
     def update_env(session, environment):
-        pass
+        return False
 
 
 class EnvironmentResourceManager:
@@ -42,8 +40,7 @@ def deploy_updated_stack(cls, session, prev_prefix, environment):
         for resource in cls._resources:
             deploy_stack |= resource.update_env(session, environment)
 
-        if deploy_stack:
-            stack_helper.deploy_stack(targetUri=environment.environmentUri)
+        return deploy_stack
 
     @classmethod
     def delete_env(cls, session, environment):
diff --git a/backend/dataall/db/api/environment.py b/backend/dataall/db/api/environment.py
index 23f629b1a..c65d8cab8 100644
--- a/backend/dataall/db/api/environment.py
+++ b/backend/dataall/db/api/environment.py
@@ -1005,4 +1005,4 @@ def get_environment_parameters(session, env_uri):
     @staticmethod
     def get_boolean_env_param(session, env: models.Environment, param: str) -> bool:
         param = EnvironmentParameterRepository(session).get_param(env.environmentUri, param)
-        return param and param.value.lower() == "true"
+        return param is not None and param.value.lower() == "true"
diff --git a/backend/dataall/modules/dashboards/api/resolvers.py b/backend/dataall/modules/dashboards/api/resolvers.py
index 8e1056244..8f071db52 100644
--- a/backend/dataall/modules/dashboards/api/resolvers.py
+++ b/backend/dataall/modules/dashboards/api/resolvers.py
@@ -75,7 +75,7 @@ def approve_dashboard_share(context: Context, source: Dashboard, shareUri: str =
     return DashboardShareService.approve_dashboard_share(uri=shareUri)
 
 
-def reject_dashboard_share(context: Context,source: Dashboard, shareUri: str = None):
+def reject_dashboard_share(context: Context, source: Dashboard, shareUri: str = None):
     return DashboardShareService.reject_dashboard_share(uri=shareUri)
 
 
diff --git a/backend/dataall/modules/dashboards/aws/dashboard_quicksight_client.py b/backend/dataall/modules/dashboards/aws/dashboard_quicksight_client.py
index 3bbcda822..0c424eb68 100644
--- a/backend/dataall/modules/dashboards/aws/dashboard_quicksight_client.py
+++ b/backend/dataall/modules/dashboards/aws/dashboard_quicksight_client.py
@@ -78,7 +78,7 @@ def get_reader_session(self, user_role="READER", dashboard_id=None, domain_name:
         )
         return response.get('EmbedUrl')
 
-    def get_shared_reader_session(self,  group_name, user_role='READER', dashboard_id=None):
+    def get_shared_reader_session(self, group_name, user_role='READER', dashboard_id=None):
         aws_account_id = self._account_id
         identity_region = QuicksightClient.get_identity_region(aws_account_id)
         group_principal = f"arn:aws:quicksight:{identity_region}:{aws_account_id}:group/default/{group_name}"
@@ -263,4 +263,3 @@ def _describe_user(self):
         except ClientError:
             return None
         return response.get('User')
-
diff --git a/backend/dataall/modules/dashboards/services/dashboard_quicksight_service.py b/backend/dataall/modules/dashboards/services/dashboard_quicksight_service.py
index 46882a1ec..1f9a4548c 100644
--- a/backend/dataall/modules/dashboards/services/dashboard_quicksight_service.py
+++ b/backend/dataall/modules/dashboards/services/dashboard_quicksight_service.py
@@ -167,4 +167,3 @@ def _client(cls, account_id: str = None, region: str = None):
         if not region:
             region = cls._REGION
         return DashboardQuicksightClient(get_context().username, account_id, region)
-
diff --git a/backend/dataall/modules/dashboards/services/dashboard_service.py b/backend/dataall/modules/dashboards/services/dashboard_service.py
index 210d91873..156dddf5e 100644
--- a/backend/dataall/modules/dashboards/services/dashboard_service.py
+++ b/backend/dataall/modules/dashboards/services/dashboard_service.py
@@ -131,4 +131,3 @@ def _update_glossary(session, dashboard, data):
                 'Dashboard',
                 data['terms'],
             )
-
diff --git a/backend/dataall/modules/datasets/api/table/mutations.py b/backend/dataall/modules/datasets/api/table/mutations.py
index 16c4e09ac..c6e111fc3 100644
--- a/backend/dataall/modules/datasets/api/table/mutations.py
+++ b/backend/dataall/modules/datasets/api/table/mutations.py
@@ -27,4 +27,3 @@
     type=gql.Ref('DatasetTableSearchResult'),
     resolver=sync_tables,
 )
-
diff --git a/backend/dataall/modules/datasets/services/dataset_column_service.py b/backend/dataall/modules/datasets/services/dataset_column_service.py
index e6b16a790..08d299ae4 100644
--- a/backend/dataall/modules/datasets/services/dataset_column_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_column_service.py
@@ -58,4 +58,3 @@ def update_table_column_description(column_uri: str, description) -> DatasetTabl
 
         Worker.queue(engine=get_context().db_engine, task_ids=[task.taskUri])
         return column
-
diff --git a/backend/dataall/modules/notebooks/services/notebook_service.py b/backend/dataall/modules/notebooks/services/notebook_service.py
index ae79ce5a5..f40bb4395 100644
--- a/backend/dataall/modules/notebooks/services/notebook_service.py
+++ b/backend/dataall/modules/notebooks/services/notebook_service.py
@@ -10,7 +10,6 @@
 
 from dataall.api.Objects.Stack import stack_helper
 from dataall.core.context import get_context as context
-from dataall.core.environment.db.repositories import EnvironmentParameterRepository
 from dataall.db.api import (
     ResourcePolicy,
     Environment, KeyValueTag, Stack,
diff --git a/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py b/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py
index 00552deff..871a533e9 100644
--- a/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py
+++ b/backend/migrations/versions/5fc49baecea4_add_enviromental_parameters.py
@@ -25,7 +25,7 @@
 
 Base = declarative_base()
 
-UNUSED_PERMISSIONS = ['LIST_DATASETS',  'LIST_DATASET_TABLES', 'LIST_DATASET_SHARES', 'SUMMARY_DATASET',
+UNUSED_PERMISSIONS = ['LIST_DATASETS', 'LIST_DATASET_TABLES', 'LIST_DATASET_SHARES', 'SUMMARY_DATASET',
                       'IMPORT_DATASET', 'UPLOAD_DATASET', 'URL_DATASET', 'STACK_DATASET', 'SUBSCRIPTIONS_DATASET',
                       'CREATE_DATASET_TABLE', 'LIST_PIPELINES', 'DASHBOARD_URL']
 
@@ -152,7 +152,6 @@ def downgrade():
         print("Dropping environment_parameter table...")
         op.drop_table("environment_parameters")
 
-
     except Exception as ex:
         print(f"Failed to execute the rollback script due to: {ex}")
 
diff --git a/tests/api/test_environment.py b/tests/api/test_environment.py
index c53586056..c781c51e3 100644
--- a/tests/api/test_environment.py
+++ b/tests/api/test_environment.py
@@ -87,7 +87,7 @@ def test_get_environment_object_not_found(client, org1, env1, group):
 
 
 def test_update_env(client, org1, env1, group):
-    query =  """
+    query = """
         mutation UpdateEnv($environmentUri:String!,$input:ModifyEnvironmentInput){
             updateEnvironment(environmentUri:$environmentUri,input:$input){
                 organization{

From 400df74876532269633edfa209dafeeb4071d618 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Tue, 4 Jul 2023 16:54:03 +0200
Subject: [PATCH 330/346] Fixed tests

---
 TODO                                          |   0
 backend/dataall/db/connection.py              |   2 +-
 .../share_managers/s3_share_manager.py        |   5 +-
 .../datasets/tasks/bucket_policy_updater.py   |   2 +-
 .../tasks/dataset_subscription_task.py        |   1 -
 .../datasets/tasks/test_dataset_policies.py   |  19 +-
 .../tasks/test_dataset_subscriptions.py       |   8 +-
 .../datasets/tasks/test_s3_share_manager.py   | 317 +++++++-----------
 8 files changed, 139 insertions(+), 215 deletions(-)
 create mode 100644 TODO

diff --git a/TODO b/TODO
new file mode 100644
index 000000000..e69de29bb
diff --git a/backend/dataall/db/connection.py b/backend/dataall/db/connection.py
index 77a031461..8ed24cbcf 100644
--- a/backend/dataall/db/connection.py
+++ b/backend/dataall/db/connection.py
@@ -11,7 +11,7 @@
 from .. import db
 from ..db import Base
 from ..db.dbconfig import DbConfig
-from ..utils import Parameter, Secrets
+from ..utils import Parameter
 
 try:
     from urllib import quote_plus, unquote_plus
diff --git a/backend/dataall/modules/dataset_sharing/services/share_managers/s3_share_manager.py b/backend/dataall/modules/dataset_sharing/services/share_managers/s3_share_manager.py
index dc5300dfc..36ce18bbb 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_managers/s3_share_manager.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_managers/s3_share_manager.py
@@ -322,7 +322,10 @@ def delete_access_point_policy(self):
             else:
                 access_point_policy["Statement"].remove(statements[f"{target_requester_id}0"])
                 access_point_policy["Statement"].remove(statements[f"{target_requester_id}1"])
-        s3_client.attach_access_point_policy(self.access_point_name, json.dumps(access_point_policy))
+        s3_client.attach_access_point_policy(
+            access_point_name=self.access_point_name,
+            policy=json.dumps(access_point_policy)
+        )
 
     @staticmethod
     def delete_access_point(
diff --git a/backend/dataall/modules/datasets/tasks/bucket_policy_updater.py b/backend/dataall/modules/datasets/tasks/bucket_policy_updater.py
index 96936f558..6546ecffb 100644
--- a/backend/dataall/modules/datasets/tasks/bucket_policy_updater.py
+++ b/backend/dataall/modules/datasets/tasks/bucket_policy_updater.py
@@ -29,7 +29,7 @@ def sync_imported_datasets_bucket_policies(self):
                 session.query(Dataset)
                 .filter(
                     and_(
-                        Dataset.imported == True,
+                        Dataset.imported,
                         Dataset.deleted.is_(None),
                     )
                 )
diff --git a/backend/dataall/modules/datasets/tasks/dataset_subscription_task.py b/backend/dataall/modules/datasets/tasks/dataset_subscription_task.py
index d422651c5..fce49228b 100644
--- a/backend/dataall/modules/datasets/tasks/dataset_subscription_task.py
+++ b/backend/dataall/modules/datasets/tasks/dataset_subscription_task.py
@@ -7,7 +7,6 @@
 
 from dataall import db
 from dataall.aws.handlers.service_handlers import Worker
-from dataall.aws.handlers.sts import SessionHelper
 from dataall.aws.handlers.sqs import SqsQueue
 from dataall.db import get_engine
 from dataall.db import models
diff --git a/tests/modules/datasets/tasks/test_dataset_policies.py b/tests/modules/datasets/tasks/test_dataset_policies.py
index d0f369bcb..54242cdeb 100644
--- a/tests/modules/datasets/tasks/test_dataset_policies.py
+++ b/tests/modules/datasets/tasks/test_dataset_policies.py
@@ -1,3 +1,5 @@
+from unittest.mock import MagicMock
+
 from dataall.api.constants import OrganisationUserRole
 from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 from dataall.modules.datasets.tasks.bucket_policy_updater import BucketPoliciesUpdater
@@ -137,18 +139,11 @@ def test_group_prefixes_by_accountid(db, mocker):
 
 
 def test_handler(org, env, db, sync_dataset, mocker):
-    mocker.patch(
-        'dataall.modules.datasets.tasks.bucket_policy_updater.BucketPoliciesUpdater.init_s3_client',
-        return_value=True,
-    )
-    mocker.patch(
-        'dataall.modules.datasets.tasks.bucket_policy_updater.BucketPoliciesUpdater.get_bucket_policy',
-        return_value={'Version': '2012-10-17', 'Statement': []},
-    )
-    mocker.patch(
-        'dataall.modules.datasets.tasks.bucket_policy_updater.BucketPoliciesUpdater.put_bucket_policy',
-        return_value={'status': 'SUCCEEDED'},
-    )
+    s3_client = MagicMock()
+    mocker.patch('dataall.modules.datasets.tasks.bucket_policy_updater.S3BucketPolicyClient', s3_client)
+    s3_client().get_bucket_policy.return_value = {'Version': '2012-10-17', 'Statement': []}
+    s3_client().put_bucket_policy.return_value = {'status': 'SUCCEEDED'}
+
     updater = BucketPoliciesUpdater(db)
     assert len(updater.sync_imported_datasets_bucket_policies()) == 1
     assert updater.sync_imported_datasets_bucket_policies()[0]['status'] == 'SUCCEEDED'
diff --git a/tests/modules/datasets/tasks/test_dataset_subscriptions.py b/tests/modules/datasets/tasks/test_dataset_subscriptions.py
index ee01b2b97..ce7571a2a 100644
--- a/tests/modules/datasets/tasks/test_dataset_subscriptions.py
+++ b/tests/modules/datasets/tasks/test_dataset_subscriptions.py
@@ -1,3 +1,5 @@
+from unittest.mock import MagicMock
+
 import pytest
 
 import dataall
@@ -137,10 +139,12 @@ def share(
 
 
 def test_subscriptions(org, env, otherenv, db, dataset, share, mocker):
+    sns_client = MagicMock()
     mocker.patch(
-        'dataall.modules.datasets.tasks.dataset_subscription_task.DatasetSubscriptionService.sns_call',
-        return_value=True,
+        'dataall.modules.datasets.tasks.dataset_subscription_task.SnsDatasetClient',
+        sns_client
     )
+    sns_client.publish_dataset_message.return_value = True
     subscriber = DatasetSubscriptionService(db)
     messages = [
         {
diff --git a/tests/modules/datasets/tasks/test_s3_share_manager.py b/tests/modules/datasets/tasks/test_s3_share_manager.py
index 6595b9ee8..997ab8d69 100644
--- a/tests/modules/datasets/tasks/test_s3_share_manager.py
+++ b/tests/modules/datasets/tasks/test_s3_share_manager.py
@@ -1,9 +1,13 @@
+from unittest.mock import MagicMock
+
 import pytest
 import json
 
 from typing import Callable
 
+import dataall.modules.dataset_sharing.services.share_managers
 from dataall.db import models
+from dataall.modules.dataset_sharing.aws.s3_client import S3ControlClient
 from dataall.modules.dataset_sharing.db.models import ShareObject, ShareObjectItem
 
 from dataall.modules.dataset_sharing.services.share_managers import S3ShareManager
@@ -141,6 +145,43 @@ def admin_ap_delegation_bucket_policy():
     return bucket_policy
 
 
+def mock_s3_client(mocker):
+    mock_client = MagicMock()
+    mocker.patch(
+        'dataall.modules.dataset_sharing.services.share_managers.s3_share_manager.S3Client',
+        mock_client
+    )
+    mock_client.create_bucket_policy.return_value = None
+    return mock_client
+
+
+def mock_s3_control_client(mocker):
+    mock_client = MagicMock()
+    mocker.patch(
+        'dataall.modules.dataset_sharing.services.share_managers.s3_share_manager.S3ControlClient',
+        mock_client
+    )
+
+    mock_client.delete_bucket_access_point.return_value = None
+    mock_client.attach_access_point_policy.return_value = None
+
+    # original call
+    mock_client.generate_access_point_policy_template.side_effect = \
+        S3ControlClient.generate_access_point_policy_template
+
+    return mock_client
+
+
+def mock_kms_client(mocker):
+    mock_client = MagicMock()
+    mocker.patch(
+        'dataall.modules.dataset_sharing.services.share_managers.s3_share_manager.KmsClient',
+        mock_client
+    )
+    mock_client.put_key_policy.return_value = None
+    return mock_client
+
+
 @pytest.fixture(scope="module")
 def target_dataset_access_control_policy(request):
 
@@ -179,11 +220,8 @@ def test_manage_bucket_policy_no_policy(
 
     # Given
     bucket_policy = base_bucket_policy
-
-    mocker.patch(
-        "dataall.aws.handlers.s3.S3.get_bucket_policy",
-        return_value=json.dumps(bucket_policy),
-    )
+    s3_client = mock_s3_client(mocker)
+    s3_client().get_bucket_policy.return_value = json.dumps(bucket_policy)
 
     mocker.patch(
         "dataall.aws.handlers.sts.SessionHelper.get_delegation_role_arn",
@@ -195,11 +233,6 @@ def test_manage_bucket_policy_no_policy(
         return_value=[1, 2, 3],
     )
 
-    s3_create_bucket_mock = mocker.patch(
-        "dataall.aws.handlers.s3.S3.create_bucket_policy",
-        return_value=None,
-    )
-
     with db.scoped_session() as session:
         manager = S3ShareManager(
             session,
@@ -215,7 +248,9 @@ def test_manage_bucket_policy_no_policy(
         # When
         manager.manage_bucket_policy()
 
-        created_bucket_policy = json.loads(s3_create_bucket_mock.call_args.args[3])
+        created_bucket_policy = json.loads(
+            s3_client().create_bucket_policy.call_args.args[1]
+        )
 
         # Then
         print(f"Bucket policy generated {created_bucket_policy}")
@@ -243,16 +278,9 @@ def test_manage_bucket_policy_existing_policy(
 
     # Given
     bucket_policy = admin_ap_delegation_bucket_policy
+    s3_client = mock_s3_client(mocker)
 
-    mocker.patch(
-        "dataall.aws.handlers.s3.S3.get_bucket_policy",
-        return_value=json.dumps(bucket_policy),
-    )
-
-    s3_create_bucket_mock = mocker.patch(
-        "dataall.aws.handlers.s3.S3.create_bucket_policy",
-        return_value=None,
-    )
+    s3_client().get_bucket_policy.return_value = json.dumps(bucket_policy)
 
     with db.scoped_session() as session:
         manager = S3ShareManager(
@@ -270,7 +298,7 @@ def test_manage_bucket_policy_existing_policy(
         manager.manage_bucket_policy()
 
         # Then
-        s3_create_bucket_mock.assert_not_called()
+        s3_client.create_bucket_policy.assert_not_called()
 
 
 @pytest.mark.parametrize("target_dataset_access_control_policy", 
@@ -450,10 +478,8 @@ def test_update_dataset_bucket_key_policy_with_env_admin(
     target_environment: models.Environment,
 ):
     # Given
-    mocker.patch(
-        "dataall.aws.handlers.kms.KMS.get_key_id",
-        return_value=None,
-    )
+    kms_client = mock_kms_client(mocker)
+    kms_client().get_key_id.return_value = None
 
     existing_key_policy = {
         "Version": "2012-10-17",
@@ -469,21 +495,13 @@ def test_update_dataset_bucket_key_policy_with_env_admin(
         ],
     }
 
-    mocker.patch(
-        "dataall.aws.handlers.kms.KMS.get_key_policy",
-        return_value=json.dumps(existing_key_policy),
-    )
+    kms_client().get_key_policy.return_value = json.dumps(existing_key_policy)
 
     mocker.patch(
         "dataall.aws.handlers.sts.SessionHelper.get_role_id",
         return_value=target_environment.SamlGroupName,
     )
 
-    kms_put_key_policy_mock = mocker.patch(
-        "dataall.aws.handlers.kms.KMS.put_key_policy",
-        return_value=None,
-    )
-
     with db.scoped_session() as session:
         manager = S3ShareManager(
             session,
@@ -500,7 +518,7 @@ def test_update_dataset_bucket_key_policy_with_env_admin(
         manager.update_dataset_bucket_key_policy()
 
         # Then
-        kms_put_key_policy_mock.assert_not_called()
+        kms_client().put_key_policy.assert_not_called()
 
 
 def _generate_ap_policy_object(
@@ -567,10 +585,8 @@ def test_update_dataset_bucket_key_policy_without_env_admin(
     target_environment: models.Environment,
 ):
     # Given
-    mocker.patch(
-        "dataall.aws.handlers.kms.KMS.get_key_id",
-        return_value="kms-key",
-    )
+    kms_client = mock_kms_client(mocker)
+    kms_client().get_key_id.return_value = "kms-key"
 
     existing_key_policy = {
         "Version": "2012-10-17",
@@ -586,10 +602,7 @@ def test_update_dataset_bucket_key_policy_without_env_admin(
         ],
     }
 
-    mocker.patch(
-        "dataall.aws.handlers.kms.KMS.get_key_policy",
-        return_value=json.dumps(existing_key_policy),
-    )
+    kms_client().get_key_policy.return_value = json.dumps(existing_key_policy)
 
     mocker.patch(
         "dataall.aws.handlers.sts.SessionHelper.get_role_id",
@@ -605,11 +618,6 @@ def test_update_dataset_bucket_key_policy_without_env_admin(
         "Condition": {"StringLike": {"aws:userId": f"{target_environment.SamlGroupName}:*"}},
     }
 
-    kms_put_key_policy_mock = mocker.patch(
-        "dataall.aws.handlers.kms.KMS.put_key_policy",
-        return_value=None,
-    )
-
     with db.scoped_session() as session:
         manager = S3ShareManager(
             session,
@@ -630,7 +638,7 @@ def test_update_dataset_bucket_key_policy_without_env_admin(
         expected_complete_key_policy = existing_key_policy
 
         # Then
-        kms_put_key_policy_mock.assert_called_with(source_environment.AwsAccountId, "eu-central-1", "kms-key", "default", json.dumps(expected_complete_key_policy))
+        kms_client().put_key_policy.assert_called_with("kms-key", json.dumps(expected_complete_key_policy))
 
 
 # NO existing Access point and ap policy
@@ -647,25 +655,11 @@ def test_manage_access_point_and_policy_1(
     target_environment: models.Environment,
 ):
     # Given
-    mocker.patch(
-        "dataall.aws.handlers.s3.S3.get_bucket_access_point_arn",
-        return_value=None,
-    )
-
-    s3_create_bucket_access_point_mock = mocker.patch(
-        "dataall.aws.handlers.s3.S3.create_bucket_access_point",
-        return_value="new-access-point-arn",
-    )
-
-    mocker.patch(
-        "dataall.aws.handlers.s3.S3.get_bucket_access_point_arn",
-        return_value="new-access-point-arn"
-    )
-
-    mocker.patch(
-        "dataall.aws.handlers.s3.S3.get_access_point_policy",
-        return_value=None,
-    )
+    access_point_arn = "new-access-point-arn"
+    s3_control_client = mock_s3_control_client(mocker)
+    s3_control_client().create_bucket_access_point.return_value = access_point_arn
+    s3_control_client().get_bucket_access_point_arn.return_value = access_point_arn
+    s3_control_client().get_access_point_policy.return_value = None
 
     mocker.patch(
         "dataall.aws.handlers.sts.SessionHelper.get_role_id",
@@ -682,11 +676,6 @@ def test_manage_access_point_and_policy_1(
         return_value=None,
     )
 
-    s3_attach_access_point_policy_mock = mocker.patch(
-        "dataall.aws.handlers.s3.S3.attach_access_point_policy",
-        return_value=None,
-    )
-
     with db.scoped_session() as session:
         manager = S3ShareManager(
             session,
@@ -703,18 +692,18 @@ def test_manage_access_point_and_policy_1(
         manager.manage_access_point_and_policy()
 
         # Then
-        s3_attach_access_point_policy_mock.assert_called()
-        policy = s3_attach_access_point_policy_mock.call_args.kwargs.get('policy')
+        s3_control_client().attach_access_point_policy.assert_called()
+        policy = s3_control_client().attach_access_point_policy.call_args.kwargs.get('policy')
         new_ap_policy = json.loads(policy)
 
         # Asser that access point is in resource
-        assert new_ap_policy["Statement"][0]["Resource"] == s3_create_bucket_access_point_mock.return_value
+        assert new_ap_policy["Statement"][0]["Resource"] == access_point_arn
 
         # Assert that listbucket and getobject permissions were added for target environment admin
-        assert "s3:ListBucket" in [
+        assert "s3:GetObject" in [
             statement["Action"] for statement in new_ap_policy["Statement"] if statement["Sid"].startswith(target_environment.SamlGroupName)
         ]
-        assert "s3:GetObject" in [
+        assert "s3:ListBucket" in [
             statement["Action"] for statement in new_ap_policy["Statement"] if statement["Sid"].startswith(target_environment.SamlGroupName)
         ]
 
@@ -740,30 +729,21 @@ def test_manage_access_point_and_policy_2(
     # Given
 
     # Existing access point
-    s3_get_bucket_access_point_arn_mock = mocker.patch(
-        "dataall.aws.handlers.s3.S3.get_bucket_access_point_arn",
-        return_value="existing-access-point-arn",
-    )
+    access_point_arn = "existing-access-point-arn"
+    s3_client = mock_s3_control_client(mocker)
+    s3_client().get_bucket_access_point_arn.return_value = access_point_arn
 
     # target_env_admin is already in policy but current folder is NOT yet in prefix_list
-    existing_ap_policy = _generate_ap_policy_object(s3_get_bucket_access_point_arn_mock.return_value, [[target_environment.SamlGroupName, ["existing-prefix"]]])
+    existing_ap_policy = _generate_ap_policy_object(access_point_arn, [[target_environment.SamlGroupName, ["existing-prefix"]]])
 
     # Existing access point policy
-    mocker.patch(
-        "dataall.aws.handlers.s3.S3.get_access_point_policy",
-        return_value=json.dumps(existing_ap_policy),
-    )
+    s3_client().get_access_point_policy.return_value = json.dumps(existing_ap_policy)
 
     mocker.patch(
         "dataall.aws.handlers.sts.SessionHelper.get_role_id",
         return_value=target_environment.SamlGroupName,
     )
 
-    s3_attach_access_point_policy_mock = mocker.patch(
-        "dataall.aws.handlers.s3.S3.attach_access_point_policy",
-        return_value=None,
-    )
-
     with db.scoped_session() as session:
         manager = S3ShareManager(
             session,
@@ -780,8 +760,8 @@ def test_manage_access_point_and_policy_2(
         manager.manage_access_point_and_policy()
 
         # Then
-        s3_attach_access_point_policy_mock.assert_called()
-        policy = s3_attach_access_point_policy_mock.call_args.kwargs.get('policy')
+        s3_client().attach_access_point_policy.assert_called()
+        policy = s3_client().attach_access_point_policy.call_args.kwargs.get('policy')
 
         # Assert S3 Prefix of share folder in prefix_list
         new_ap_policy = json.loads(policy)
@@ -793,7 +773,7 @@ def test_manage_access_point_and_policy_2(
         # Assert s3 prefix is in resource_list
         resource_list = statements[f"{target_environment.SamlGroupName}1"]["Resource"]
 
-        assert f"{s3_get_bucket_access_point_arn_mock.return_value}/object/{location1.S3Prefix}/*" in resource_list
+        assert f"{access_point_arn}/object/{location1.S3Prefix}/*" in resource_list
 
 
 # Existing Access point and ap policy
@@ -814,30 +794,21 @@ def test_manage_access_point_and_policy_3(
     # Given
 
     # Existing access point
-    s3_get_bucket_access_point_arn_mock = mocker.patch(
-        "dataall.aws.handlers.s3.S3.get_bucket_access_point_arn",
-        return_value="existing-access-point-arn",
-    )
+    access_point_arn = "existing-access-point-arn"
+    s3_control_client = mock_s3_control_client(mocker)
+    s3_control_client().get_bucket_access_point_arn.return_value = access_point_arn
 
     # New target env admin and prefix are not in existing ap policy
-    existing_ap_policy = _generate_ap_policy_object(s3_get_bucket_access_point_arn_mock.return_value, [["another-env-admin", ["existing-prefix"]]])
+    existing_ap_policy = _generate_ap_policy_object(access_point_arn, [["another-env-admin", ["existing-prefix"]]])
 
     # Existing access point policy
-    mocker.patch(
-        "dataall.aws.handlers.s3.S3.get_access_point_policy",
-        return_value=json.dumps(existing_ap_policy),
-    )
+    s3_control_client().get_access_point_policy.return_value = json.dumps(existing_ap_policy)
 
     mocker.patch(
         "dataall.aws.handlers.sts.SessionHelper.get_role_id",
         return_value=target_environment.SamlGroupName,
     )
 
-    s3_attach_access_point_policy_mock = mocker.patch(
-        "dataall.aws.handlers.s3.S3.attach_access_point_policy",
-        return_value=None,
-    )
-
     with db.scoped_session() as session:
         manager = S3ShareManager(
             session,
@@ -854,10 +825,10 @@ def test_manage_access_point_and_policy_3(
         manager.manage_access_point_and_policy()
 
         # Then
-        s3_attach_access_point_policy_mock.assert_called()
+        s3_control_client().attach_access_point_policy.assert_called()
 
         # Assert S3 Prefix of share folder in prefix_list
-        policy = s3_attach_access_point_policy_mock.call_args.kwargs.get('policy')
+        policy = s3_control_client().attach_access_point_policy.call_args.kwargs.get('policy')
         new_ap_policy = json.loads(policy)
         statements = {item["Sid"]: item for item in new_ap_policy["Statement"]}
         prefix_list = statements[f"{target_environment.SamlGroupName}0"]["Condition"]["StringLike"]["s3:prefix"]
@@ -867,7 +838,7 @@ def test_manage_access_point_and_policy_3(
         # Assert s3 prefix is in resource_list
         resource_list = statements[f"{target_environment.SamlGroupName}1"]["Resource"]
 
-        assert f"{s3_get_bucket_access_point_arn_mock.return_value}/object/{location1.S3Prefix}/*" in resource_list
+        assert f"{access_point_arn}/object/{location1.S3Prefix}/*" in resource_list
 
 
 def test_delete_access_point_policy_with_env_admin_one_prefix(
@@ -885,33 +856,23 @@ def test_delete_access_point_policy_with_env_admin_one_prefix(
     # Given
 
     # Existing access point
-    s3_get_bucket_access_point_arn_mock = mocker.patch(
-        "dataall.aws.handlers.s3.S3.get_bucket_access_point_arn",
-        return_value="existing-access-point-arn",
-    )
+    access_point_arn = "existing-access-point-arn"
+    s3_control_client = mock_s3_control_client(mocker)
+    s3_control_client().get_bucket_access_point_arn.return_value = access_point_arn
 
     # New target env admin and prefix are already in existing ap policy
     # Another admin is part of this policy
     existing_ap_policy = _generate_ap_policy_object(
-        s3_get_bucket_access_point_arn_mock.return_value,
+        access_point_arn,
         [[target_environment.SamlGroupName, [location1.S3Prefix]], ["another-env-admin", [location1.S3Prefix]]],
     )
 
-    mocker.patch(
-        "dataall.aws.handlers.s3.S3.get_access_point_policy",
-        return_value=json.dumps(existing_ap_policy),
-    )
-
+    s3_control_client().get_access_point_policy.return_value = json.dumps(existing_ap_policy)
     mocker.patch(
         "dataall.aws.handlers.sts.SessionHelper.get_role_id",
         return_value=target_environment.SamlGroupName,
     )
 
-    s3_attach_access_point_policy_mock = mocker.patch(
-        "dataall.aws.handlers.s3.S3.attach_access_point_policy",
-        return_value=None,
-    )
-
     with db.scoped_session() as session:
         manager = S3ShareManager(
             session,
@@ -928,10 +889,10 @@ def test_delete_access_point_policy_with_env_admin_one_prefix(
         manager.delete_access_point_policy()
 
         # Then
-        s3_attach_access_point_policy_mock.assert_called()
+        s3_control_client().attach_access_point_policy.assert_called()
 
         # Assert statements for share have been removed
-        new_ap_policy = json.loads(s3_attach_access_point_policy_mock.call_args.args[3])
+        new_ap_policy = json.loads(s3_control_client().attach_access_point_policy.call_args.kwargs.get('policy'))
         deleted_statements = {item["Sid"]: item for item in new_ap_policy["Statement"] if item["Sid"].startswith(f"{target_environment.SamlGroupName}")}
 
         assert len(deleted_statements) == 0
@@ -956,31 +917,21 @@ def test_delete_access_point_policy_with_env_admin_multiple_prefix(
 ):
     # Given
 
-    s3_get_bucket_access_point_arn_mock = mocker.patch(
-        "dataall.aws.handlers.s3.S3.get_bucket_access_point_arn",
-        return_value="existing-access-point-arn",
-    )
+    access_point_arn = "existing-access-point-arn"
+    s3_control_client = mock_s3_control_client(mocker)
+    s3_control_client().get_bucket_access_point_arn.return_value = access_point_arn
 
     existing_ap_policy = _generate_ap_policy_object(
-        s3_get_bucket_access_point_arn_mock.return_value,
+        access_point_arn,
         [[target_environment.SamlGroupName, [location1.S3Prefix, "another-prefix"]], ["another-env-admin", [location1.S3Prefix]]],
     )
 
-    mocker.patch(
-        "dataall.aws.handlers.s3.S3.get_access_point_policy",
-        return_value=json.dumps(existing_ap_policy),
-    )
-
+    s3_control_client().get_access_point_policy.return_value = json.dumps(existing_ap_policy)
     mocker.patch(
         "dataall.aws.handlers.sts.SessionHelper.get_role_id",
         return_value=target_environment.SamlGroupName,
     )
 
-    s3_attach_access_point_policy_mock = mocker.patch(
-        "dataall.aws.handlers.s3.S3.attach_access_point_policy",
-        return_value=None,
-    )
-
     with db.scoped_session() as session:
         manager = S3ShareManager(
             session,
@@ -997,10 +948,10 @@ def test_delete_access_point_policy_with_env_admin_multiple_prefix(
         manager.delete_access_point_policy()
 
         # Then
-        s3_attach_access_point_policy_mock.assert_called()
+        s3_control_client().attach_access_point_policy.assert_called()
 
         # Assert statements for share have been removed
-        new_ap_policy = json.loads(s3_attach_access_point_policy_mock.call_args.args[3])
+        new_ap_policy = json.loads(s3_control_client().attach_access_point_policy.call_args.kwargs.get('policy'))
         statements = {item["Sid"]: item for item in new_ap_policy["Statement"]}
 
         remaining_prefix_list = statements[f"{target_environment.SamlGroupName}0"]["Condition"]["StringLike"]["s3:prefix"]
@@ -1024,16 +975,8 @@ def test_dont_delete_access_point_with_policy(
     # Given
     existing_ap_policy = _generate_ap_policy_object("access-point-arn", [[target_environment.SamlGroupName, ["existing-prefix"]]])
 
-    s3_delete_bucket_access_point_mock = mocker.patch(
-        "dataall.aws.handlers.s3.S3.get_access_point_policy",
-        return_value=json.dumps(existing_ap_policy),
-    )
-
-    s3_delete_bucket_access_point_mock = mocker.patch(
-        "dataall.aws.handlers.s3.S3.delete_bucket_access_point",
-        return_value=None,
-    )
-
+    s3_control_client = mock_s3_control_client(mocker)
+    s3_control_client().get_access_point_policy.return_value = json.dumps(existing_ap_policy)
     # When
     with db.scoped_session() as session:
         manager = S3ShareManager(
@@ -1052,7 +995,7 @@ def test_dont_delete_access_point_with_policy(
 
         # Then
         assert not is_deleted
-        assert not s3_delete_bucket_access_point_mock.called
+        assert not s3_control_client().delete_bucket_access_point.called
 
 
 def test_delete_access_point_without_policy(
@@ -1070,15 +1013,9 @@ def test_delete_access_point_without_policy(
     # Given ap policy that only includes AllowAllToAdminStatement
     existing_ap_policy = _generate_ap_policy_object("access-point-arn", [])
 
-    s3_delete_bucket_access_point_mock = mocker.patch(
-        "dataall.aws.handlers.s3.S3.get_access_point_policy",
-        return_value=json.dumps(existing_ap_policy),
-    )
-
-    s3_delete_bucket_access_point_mock = mocker.patch(
-        "dataall.aws.handlers.s3.S3.delete_bucket_access_point",
-        return_value=None,
-    )
+    s3_control_client = mock_s3_control_client(mocker)
+    s3_control_client().get_access_point_policy.return_value = json.dumps(existing_ap_policy)
+    s3_control_client().delete_bucket_access_point.return_value = None
 
     # When
     with db.scoped_session() as session:
@@ -1098,7 +1035,7 @@ def test_delete_access_point_without_policy(
 
         # Then
         assert is_deleted
-        assert s3_delete_bucket_access_point_mock.called
+        assert s3_control_client().delete_bucket_access_point.called
 
 
 def test_delete_target_role_access_policy_no_remaining_statement(
@@ -1265,10 +1202,8 @@ def test_delete_dataset_bucket_key_policy_existing_policy_with_additional_target
     target_environment: models.Environment,
 ):
     # Given
-    kms_get_key_mock = mocker.patch(
-        "dataall.aws.handlers.kms.KMS.get_key_id",
-        return_value="1",
-    )
+    kms_client = mock_kms_client(mocker)
+    kms_client().get_key_id.return_value = "1"
 
     # Includes target env admin to be removed and another, that should remain
     existing_key_policy = {
@@ -1307,21 +1242,13 @@ def test_delete_dataset_bucket_key_policy_existing_policy_with_additional_target
         ],
     }
 
-    mocker.patch(
-        "dataall.aws.handlers.kms.KMS.get_key_policy",
-        return_value=json.dumps(existing_key_policy),
-    )
+    kms_client().get_key_policy.return_value = json.dumps(existing_key_policy)
 
     mocker.patch(
         "dataall.aws.handlers.sts.SessionHelper.get_role_id",
         return_value=target_environment.SamlGroupName,
     )
 
-    kms_put_key_policy_mock = mocker.patch(
-        "dataall.aws.handlers.kms.KMS.put_key_policy",
-        return_value=None,
-    )
-
     with db.scoped_session() as session:
         manager = S3ShareManager(
             session,
@@ -1338,8 +1265,11 @@ def test_delete_dataset_bucket_key_policy_existing_policy_with_additional_target
         manager.delete_dataset_bucket_key_policy(share1, dataset1, target_environment)
 
         # Then
-        kms_put_key_policy_mock.assert_called()
-        kms_put_key_policy_mock.assert_called_with(source_environment.AwsAccountId, 'eu-central-1', kms_get_key_mock.return_value, "default", json.dumps(remaining_policy))
+        kms_client().put_key_policy.assert_called()
+        kms_client().put_key_policy.assert_called_with(
+            kms_client().get_key_id.return_value,
+            json.dumps(remaining_policy)
+        )
 
 
 # The kms key policy only includes the target env admin
@@ -1356,10 +1286,8 @@ def test_delete_dataset_bucket_key_policy_existing_policy_with_no_additional_tar
     target_environment: models.Environment,
 ):
     # Given
-    kms_get_key_mock = mocker.patch(
-        "dataall.aws.handlers.kms.KMS.get_key_id",
-        return_value="1",
-    )
+    kms_client = mock_kms_client(mocker)
+    kms_client().get_key_id.return_value = "1"
 
     # Includes target env admin to be removed and another, that should remain
     existing_key_policy = {
@@ -1381,21 +1309,13 @@ def test_delete_dataset_bucket_key_policy_existing_policy_with_no_additional_tar
         "Statement": [],
     }
 
-    mocker.patch(
-        "dataall.aws.handlers.kms.KMS.get_key_policy",
-        return_value=json.dumps(existing_key_policy),
-    )
+    kms_client().get_key_policy.return_value = json.dumps(existing_key_policy)
 
     mocker.patch(
         "dataall.aws.handlers.sts.SessionHelper.get_role_id",
         return_value=target_environment.SamlGroupName,
     )
 
-    kms_put_key_policy_mock = mocker.patch(
-        "dataall.aws.handlers.kms.KMS.put_key_policy",
-        return_value=None,
-    )
-
     with db.scoped_session() as session:
         manager = S3ShareManager(
             session,
@@ -1412,5 +1332,8 @@ def test_delete_dataset_bucket_key_policy_existing_policy_with_no_additional_tar
         manager.delete_dataset_bucket_key_policy(share1, dataset1, target_environment)
 
         # Then
-        kms_put_key_policy_mock.assert_called()
-        kms_put_key_policy_mock.assert_called_with(source_environment.AwsAccountId, 'eu-central-1', kms_get_key_mock.return_value, "default", json.dumps(remaining_policy))
+        kms_client().put_key_policy.assert_called()
+        kms_client().put_key_policy.assert_called_with(
+            kms_client().get_key_id.return_value,
+            json.dumps(remaining_policy)
+        )

From 4542e06528bc07b185207caa6e9d87f413d766d9 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 5 Jul 2023 11:19:56 +0200
Subject: [PATCH 331/346] Migrate environment to a new permission check API and
 remove unused parameters

---
 .../api/Objects/Environment/resolvers.py      |  65 +-----
 .../dataall/api/Objects/Group/resolvers.py    |   5 +-
 .../dataall/api/Objects/Stack/resolvers.py    |  10 +-
 .../dataall/cdkproxy/stacks/environment.py    |  11 +-
 backend/dataall/db/api/environment.py         | 220 ++++++------------
 .../services/datapipelines_service.py         |   4 -
 .../services/share_object_service.py          |   4 -
 .../datasets/tasks/test_dataset_policies.py   |   2 +-
 .../datasets/test_dataset_permissions.py      |   3 -
 9 files changed, 86 insertions(+), 238 deletions(-)

diff --git a/backend/dataall/api/Objects/Environment/resolvers.py b/backend/dataall/api/Objects/Environment/resolvers.py
index af7976e62..98b772e66 100644
--- a/backend/dataall/api/Objects/Environment/resolvers.py
+++ b/backend/dataall/api/Objects/Environment/resolvers.py
@@ -82,11 +82,8 @@ def create_environment(context: Context, source, input=None):
         input['cdk_role_name'] = cdk_role_name
         env = Environment.create_environment(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=input.get('organizationUri'),
             data=input,
-            check_perm=True,
         )
         Stack.create_stack(
             session=session,
@@ -121,11 +118,8 @@ def update_environment(
 
         environment = db.api.Environment.update_environment(
             session,
-            username=context.username,
-            groups=context.groups,
             uri=environmentUri,
             data=input,
-            check_perm=True,
         )
         if input.get('dashboardsEnabled') or (
             environment.resourcePrefix != previous_resource_prefix
@@ -138,11 +132,8 @@ def invite_group(context: Context, source, input):
     with context.engine.scoped_session() as session:
         environment, environment_group = db.api.Environment.invite_group(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=input['environmentUri'],
             data=input,
-            check_perm=True,
         )
 
     stack_helper.deploy_stack(targetUri=environment.environmentUri)
@@ -161,11 +152,8 @@ def add_consumption_role(context: Context, source, input):
             )
         consumption_role = db.api.Environment.add_consumption_role(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=input['environmentUri'],
             data=input,
-            check_perm=True,
         )
 
     return consumption_role
@@ -175,11 +163,8 @@ def update_group_permissions(context, source, input):
     with context.engine.scoped_session() as session:
         environment = db.api.Environment.update_group_permissions(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=input['environmentUri'],
             data=input,
-            check_perm=True,
         )
 
     stack_helper.deploy_stack(targetUri=environment.environmentUri)
@@ -191,11 +176,8 @@ def remove_group(context: Context, source, environmentUri=None, groupUri=None):
     with context.engine.scoped_session() as session:
         environment = db.api.Environment.remove_group(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=environmentUri,
-            data={'groupUri': groupUri},
-            check_perm=True,
+            group=groupUri,
         )
 
     stack_helper.deploy_stack(targetUri=environment.environmentUri)
@@ -207,11 +189,8 @@ def remove_consumption_role(context: Context, source, environmentUri=None, consu
     with context.engine.scoped_session() as session:
         status = db.api.Environment.remove_consumption_role(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=consumptionRoleUri,
-            data={'environmentUri': environmentUri},
-            check_perm=True,
+            env_uri=environmentUri,
         )
 
     return status
@@ -225,11 +204,8 @@ def list_environment_invited_groups(
     with context.engine.scoped_session() as session:
         return db.api.Environment.paginated_environment_invited_groups(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=environmentUri,
             data=filter,
-            check_perm=True,
         )
 
 
@@ -239,11 +215,8 @@ def list_environment_groups(context: Context, source, environmentUri=None, filte
     with context.engine.scoped_session() as session:
         return db.api.Environment.paginated_user_environment_groups(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=environmentUri,
             data=filter,
-            check_perm=True,
         )
 
 
@@ -255,11 +228,8 @@ def list_all_environment_groups(
     with context.engine.scoped_session() as session:
         return db.api.Environment.paginated_all_environment_groups(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=environmentUri,
             data=filter,
-            check_perm=True,
         )
 
 
@@ -271,11 +241,8 @@ def list_environment_consumption_roles(
     with context.engine.scoped_session() as session:
         return db.api.Environment.paginated_user_environment_consumption_roles(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=environmentUri,
             data=filter,
-            check_perm=True,
         )
 
 
@@ -287,11 +254,8 @@ def list_all_environment_consumption_roles(
     with context.engine.scoped_session() as session:
         return db.api.Environment.paginated_all_environment_consumption_roles(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=environmentUri,
             data=filter,
-            check_perm=True,
         )
 
 
@@ -313,14 +277,7 @@ def list_environments(context: Context, source, filter=None):
     if filter is None:
         filter = {}
     with context.engine.scoped_session() as session:
-        return db.api.Environment.paginated_user_environments(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            uri=None,
-            data=filter,
-            check_perm=True,
-        )
+        return db.api.Environment.paginated_user_environments(session, filter)
 
 
 def list_environment_networks(
@@ -331,11 +288,8 @@ def list_environment_networks(
     with context.engine.scoped_session() as session:
         return db.api.Environment.paginated_environment_networks(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=environmentUri,
             data=filter,
-            check_perm=True,
         )
 
 
@@ -392,11 +346,8 @@ def list_environment_group_permissions(
     with context.engine.scoped_session() as session:
         return db.api.Environment.list_group_permissions(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=environmentUri,
-            data={'groupUri': groupUri},
-            check_perm=True,
+            group_uri=groupUri
         )
 
 
@@ -525,11 +476,8 @@ def delete_environment(
         try:
             db.api.Environment.delete_environment(
                 session,
-                username=context.username,
-                groups=context.groups,
                 uri=environmentUri,
-                data={'environment': environment},
-                check_perm=True,
+                environment=environment
             )
         except exc.IntegrityError:
             raise exceptions.EnvironmentResourcesFound(
@@ -556,11 +504,8 @@ def list_environment_redshift_clusters(
     with context.engine.scoped_session() as session:
         return Environment.paginated_environment_redshift_clusters(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=environmentUri,
             data=filter,
-            check_perm=True,
         )
 
 
diff --git a/backend/dataall/api/Objects/Group/resolvers.py b/backend/dataall/api/Objects/Group/resolvers.py
index 3ef75f1ed..4370299b4 100644
--- a/backend/dataall/api/Objects/Group/resolvers.py
+++ b/backend/dataall/api/Objects/Group/resolvers.py
@@ -14,11 +14,8 @@ def resolve_group_environment_permissions(context, source, environmentUri):
     with context.engine.scoped_session() as session:
         return db.api.Environment.list_group_permissions(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=environmentUri,
-            data={'groupUri': source.groupUri},
-            check_perm=True,
+            group_uri=source.groupUri
         )
 
 
diff --git a/backend/dataall/api/Objects/Stack/resolvers.py b/backend/dataall/api/Objects/Stack/resolvers.py
index 8cd4b1edf..f306a983c 100644
--- a/backend/dataall/api/Objects/Stack/resolvers.py
+++ b/backend/dataall/api/Objects/Stack/resolvers.py
@@ -24,11 +24,8 @@ def get_stack(
         CloudFormation.describe_stack_resources(engine=context.engine, task=cfn_task)
         return db.api.Environment.get_stack(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=environmentUri,
-            data={'stackUri': stackUri},
-            check_perm=True,
+            stack_uri=stackUri,
         )
 
 
@@ -75,11 +72,8 @@ def get_stack_logs(
     with context.engine.scoped_session() as session:
         stack = db.api.Environment.get_stack(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=environmentUri,
-            data={'stackUri': stackUri},
-            check_perm=True,
+            stack_uri=stackUri
         )
         if not stack.EcsTaskArn:
             raise exceptions.AWSResourceNotFound(
diff --git a/backend/dataall/cdkproxy/stacks/environment.py b/backend/dataall/cdkproxy/stacks/environment.py
index 52b89c049..b7d2389ba 100644
--- a/backend/dataall/cdkproxy/stacks/environment.py
+++ b/backend/dataall/cdkproxy/stacks/environment.py
@@ -87,13 +87,10 @@ def get_target(self, target_uri) -> models.Environment:
     @staticmethod
     def get_environment_group_permissions(engine, environmentUri, group):
         with engine.scoped_session() as session:
-            group_permissions = db.api.Environment.list_group_permissions(
+            group_permissions = db.api.Environment.list_group_permissions_internal(
                 session=session,
-                username='cdk',
-                groups=None,
                 uri=environmentUri,
-                data={'groupUri': group},
-                check_perm=False,
+                group_uri=group
             )
             permission_names = [permission.name for permission in group_permissions]
             return permission_names
@@ -103,11 +100,7 @@ def get_environment_groups(engine, environment: models.Environment) -> [models.E
         with engine.scoped_session() as session:
             return db.api.Environment.list_environment_invited_groups(
                 session,
-                username='cdk',
-                groups=[],
                 uri=environment.environmentUri,
-                data=None,
-                check_perm=False,
             )
 
     @staticmethod
diff --git a/backend/dataall/db/api/environment.py b/backend/dataall/db/api/environment.py
index 81811becb..36ce1b3bf 100644
--- a/backend/dataall/db/api/environment.py
+++ b/backend/dataall/db/api/environment.py
@@ -7,8 +7,6 @@
 
 from .. import exceptions, permissions, models
 from . import (
-    has_resource_perm,
-    has_tenant_perm,
     ResourcePolicy,
     Permission,
     KeyValueTag
@@ -18,8 +16,6 @@
 from ..models.Enums import (
     EnvironmentType,
     EnvironmentPermission,
-    PrincipalType
-
 )
 from ..models.Permission import PermissionType
 from ..paginator import paginate
@@ -30,22 +26,25 @@
     NamingConventionPattern,
 )
 from dataall.core.group.services.environment_resource_manager import EnvironmentResourceManager
+from dataall.core.permission_checker import has_resource_permission, has_tenant_permission
+from ...core.context import get_context
 
 log = logging.getLogger(__name__)
 
 
 class Environment:
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_ENVIRONMENTS)
-    @has_resource_perm(permissions.LINK_ENVIRONMENT)
-    def create_environment(session, username, groups, uri, data=None, check_perm=None):
+    @has_resource_permission(permissions.MANAGE_ENVIRONMENTS)
+    @has_tenant_permission(permissions.LINK_ENVIRONMENT)
+    def create_environment(session, uri, data=None):
+        context = get_context()
         Environment._validate_creation_params(data, uri)
         organization = Organization.get_organization_by_uri(session, uri)
         env = models.Environment(
             organizationUri=data.get('organizationUri'),
             label=data.get('label', 'Unnamed'),
             tags=data.get('tags', []),
-            owner=username,
+            owner=context.username,
             description=data.get('description', ''),
             environmentType=data.get('type', EnvironmentType.Data.value),
             AwsAccountId=data.get('AwsAccountId'),
@@ -108,7 +107,7 @@ def create_environment(session, username, groups, uri, data=None, check_perm=Non
                 privateSubnetIds=data.get('privateSubnetIds', []),
                 publicSubnetIds=data.get('publicSubnetIds', []),
                 SamlGroupName=data['SamlGroupName'],
-                owner=username,
+                owner=context.username,
                 label=f"{env.name}-{data.get('vpcId')}",
                 name=f"{env.name}-{data.get('vpcId')}",
                 default=True,
@@ -143,8 +142,8 @@ def create_environment(session, username, groups, uri, data=None, check_perm=Non
         activity = models.Activity(
             action='ENVIRONMENT:CREATE',
             label='ENVIRONMENT:CREATE',
-            owner=username,
-            summary=f'{username} linked environment {env.AwsAccountId} to organization {organization.name}',
+            owner=context.username,
+            summary=f'{context.username} linked environment {env.AwsAccountId} to organization {organization.name}',
             targetUri=env.environmentUri,
             targetType='env',
         )
@@ -175,9 +174,9 @@ def _validate_resource_prefix(data):
             )
 
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_ENVIRONMENTS)
-    @has_resource_perm(permissions.UPDATE_ENVIRONMENT)
-    def update_environment(session, username, groups, uri, data=None, check_perm=None):
+    @has_tenant_permission(permissions.MANAGE_ENVIRONMENTS)
+    @has_resource_permission(permissions.UPDATE_ENVIRONMENT)
+    def update_environment(session, uri, data=None):
         Environment._validate_resource_prefix(data)
         environment = Environment.get_environment_by_uri(session, uri)
         if data.get('label'):
@@ -216,11 +215,9 @@ def _update_env_parameters(session, env: models.Environment, data):
         EnvironmentParameterRepository(session).update_params(env_uri, new_params)
 
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_ENVIRONMENTS)
-    @has_resource_perm(permissions.INVITE_ENVIRONMENT_GROUP)
-    def invite_group(
-        session, username, groups, uri, data=None, check_perm=None
-    ) -> (models.Environment, models.EnvironmentGroup):
+    @has_tenant_permission(permissions.MANAGE_ENVIRONMENTS)
+    @has_resource_permission(permissions.INVITE_ENVIRONMENT_GROUP)
+    def invite_group(session, uri, data=None) -> (models.Environment, models.EnvironmentGroup):
         Environment.validate_invite_params(data)
 
         group: str = data['groupUri']
@@ -260,7 +257,7 @@ def invite_group(
         environment_group = EnvironmentGroup(
             environmentUri=environment.environmentUri,
             groupUri=group,
-            invitedBy=username,
+            invitedBy=get_context().username,
             environmentIAMRoleName=env_group_iam_role_name,
             environmentIAMRoleArn=f'arn:aws:iam::{environment.AwsAccountId}:role/{env_group_iam_role_name}',
             environmentIAMRoleImported=env_role_imported,
@@ -317,16 +314,9 @@ def validate_permissions(session, uri, g_permissions, group):
             )
 
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_ENVIRONMENTS)
-    @has_resource_perm(permissions.REMOVE_ENVIRONMENT_GROUP)
-    def remove_group(session, username, groups, uri, data=None, check_perm=None):
-        if not data:
-            raise exceptions.RequiredParameter('data')
-        if not data.get('groupUri'):
-            raise exceptions.RequiredParameter('groupUri')
-
-        group: str = data['groupUri']
-
+    @has_tenant_permission(permissions.MANAGE_ENVIRONMENTS)
+    @has_resource_permission(permissions.REMOVE_ENVIRONMENT_GROUP)
+    def remove_group(session, uri, group):
         environment = Environment.get_environment_by_uri(session, uri)
 
         if group == environment.SamlGroupName:
@@ -381,11 +371,9 @@ def remove_group(session, username, groups, uri, data=None, check_perm=None):
         return environment
 
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_ENVIRONMENTS)
-    @has_resource_perm(permissions.UPDATE_ENVIRONMENT_GROUP)
-    def update_group_permissions(
-        session, username, groups, uri, data=None, check_perm=None
-    ):
+    @has_tenant_permission(permissions.MANAGE_ENVIRONMENTS)
+    @has_resource_permission(permissions.UPDATE_ENVIRONMENT_GROUP)
+    def update_group_permissions(session, uri, data=None):
         Environment.validate_invite_params(data)
 
         group = data['groupUri']
@@ -419,20 +407,19 @@ def update_group_permissions(
         return environment
 
     @staticmethod
-    @has_resource_perm(permissions.LIST_ENVIRONMENT_GROUP_PERMISSIONS)
-    def list_group_permissions(
-        session, username, groups, uri, data=None, check_perm=None
-    ):
-        if not data:
-            raise exceptions.RequiredParameter('data')
-        if not data.get('groupUri'):
-            raise exceptions.RequiredParameter('groupUri')
+    @has_resource_permission(permissions.LIST_ENVIRONMENT_GROUP_PERMISSIONS)
+    def list_group_permissions(session, uri, group_uri):
+        # the permission checked
+        return Environment.list_group_permissions(session, uri, group_uri)
 
+    @staticmethod
+    def list_group_permissions_internal(session, uri, group_uri):
+        """No permission check, only for internal usages"""
         environment = Environment.get_environment_by_uri(session, uri)
 
         return ResourcePolicy.get_resource_policy_permissions(
             session=session,
-            group_uri=data['groupUri'],
+            group_uri=group_uri,
             resource_uri=environment.environmentUri,
         )
 
@@ -452,11 +439,9 @@ def list_group_invitation_permissions(
         return group_invitation_permissions
 
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_ENVIRONMENTS)
-    @has_resource_perm(permissions.ADD_ENVIRONMENT_CONSUMPTION_ROLES)
-    def add_consumption_role(
-        session, username, groups, uri, data=None, check_perm=None
-    ) -> (models.Environment, models.EnvironmentGroup):
+    @has_tenant_permission(permissions.MANAGE_ENVIRONMENTS)
+    @has_resource_permission(permissions.ADD_ENVIRONMENT_CONSUMPTION_ROLES)
+    def add_consumption_role(session, uri, data=None) -> (models.Environment, models.EnvironmentGroup):
 
         group: str = data['groupUri']
         IAMRoleArn: str = data['IAMRoleArn']
@@ -492,15 +477,10 @@ def add_consumption_role(
         return consumption_role
 
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_ENVIRONMENTS)
-    @has_resource_perm(permissions.REMOVE_ENVIRONMENT_CONSUMPTION_ROLE)
-    def remove_consumption_role(session, username, groups, uri, data=None, check_perm=None):
-        if not data:
-            raise exceptions.RequiredParameter('data')
-        if not uri:
-            raise exceptions.RequiredParameter('consumptionRoleUri')
-
-        consumption_role = Environment.get_environment_consumption_role(session, uri, data.get('environmentUri'))
+    @has_tenant_permission(permissions.MANAGE_ENVIRONMENTS)
+    @has_resource_permission(permissions.REMOVE_ENVIRONMENT_CONSUMPTION_ROLE)
+    def remove_consumption_role(session, uri, env_uri):
+        consumption_role = Environment.get_environment_consumption_role(session, uri, env_uri)
 
         if consumption_role:
             session.delete(consumption_role)
@@ -543,17 +523,16 @@ def query_user_environments(session, username, groups, filter) -> Query:
         return query
 
     @staticmethod
-    def paginated_user_environments(
-        session, username, groups, uri, data=None, check_perm=None
-    ) -> dict:
+    def paginated_user_environments(session, data=None) -> dict:
+        context = get_context()
         return paginate(
-            query=Environment.query_user_environments(session, username, groups, data),
+            query=Environment.query_user_environments(session, context.username, context.groups, data),
             page=data.get('page', 1),
             page_size=data.get('pageSize', 5),
         ).to_dict()
 
     @staticmethod
-    def query_user_environment_groups(session, username, groups, uri, filter) -> Query:
+    def query_user_environment_groups(session, groups, uri, filter) -> Query:
         query = (
             session.query(models.EnvironmentGroup)
             .filter(models.EnvironmentGroup.environmentUri == uri)
@@ -569,13 +548,11 @@ def query_user_environment_groups(session, username, groups, uri, filter) -> Que
         return query
 
     @staticmethod
-    @has_resource_perm(permissions.LIST_ENVIRONMENT_GROUPS)
-    def paginated_user_environment_groups(
-        session, username, groups, uri, data=None, check_perm=None
-    ) -> dict:
+    @has_resource_permission(permissions.LIST_ENVIRONMENT_GROUPS)
+    def paginated_user_environment_groups(session, uri, data=None) -> dict:
         return paginate(
             query=Environment.query_user_environment_groups(
-                session, username, groups, uri, data
+                session, get_context().groups, uri, data
             ),
             page=data.get('page', 1),
             page_size=data.get('pageSize', 1000),
@@ -596,10 +573,8 @@ def query_all_environment_groups(session, uri, filter) -> Query:
         return query
 
     @staticmethod
-    @has_resource_perm(permissions.LIST_ENVIRONMENT_GROUPS)
-    def paginated_all_environment_groups(
-        session, username, groups, uri, data=None, check_perm=None
-    ) -> dict:
+    @has_resource_permission(permissions.LIST_ENVIRONMENT_GROUPS)
+    def paginated_all_environment_groups(session, uri, data=None) -> dict:
         return paginate(
             query=Environment.query_all_environment_groups(
                 session, uri, data
@@ -609,21 +584,17 @@ def paginated_all_environment_groups(
         ).to_dict()
 
     @staticmethod
-    @has_resource_perm(permissions.LIST_ENVIRONMENT_GROUPS)
-    def list_environment_groups(
-        session, username, groups, uri, data=None, check_perm=None
-    ) -> [str]:
+    @has_resource_permission(permissions.LIST_ENVIRONMENT_GROUPS)
+    def list_environment_groups(session, uri) -> [str]:
         return [
             g.groupUri
             for g in Environment.query_user_environment_groups(
-                session, username, groups, uri, data
+                session, get_context().groups, uri, {}
             ).all()
         ]
 
     @staticmethod
-    def query_environment_invited_groups(
-        session, username, groups, uri, filter
-    ) -> Query:
+    def query_environment_invited_groups(session, uri, filter) -> Query:
         query = (
             session.query(models.EnvironmentGroup)
             .join(
@@ -649,29 +620,20 @@ def query_environment_invited_groups(
         return query
 
     @staticmethod
-    @has_resource_perm(permissions.LIST_ENVIRONMENT_GROUPS)
-    def paginated_environment_invited_groups(
-        session, username, groups, uri, data=None, check_perm=None
-    ) -> dict:
+    @has_resource_permission(permissions.LIST_ENVIRONMENT_GROUPS)
+    def paginated_environment_invited_groups(session, uri, data=None) -> dict:
         return paginate(
-            query=Environment.query_environment_invited_groups(
-                session, username, groups, uri, data
-            ),
+            query=Environment.query_environment_invited_groups(session, uri, data),
             page=data.get('page', 1),
             page_size=data.get('pageSize', 10),
         ).to_dict()
 
     @staticmethod
-    @has_resource_perm(permissions.LIST_ENVIRONMENT_GROUPS)
-    def list_environment_invited_groups(
-        session, username, groups, uri, data=None, check_perm=None
-    ) -> dict:
-        return Environment.query_environment_invited_groups(
-            session, username, groups, uri, data
-        ).all()
+    def list_environment_invited_groups(session, uri):
+        return Environment.query_environment_invited_groups(session, uri, {}).all()
 
     @staticmethod
-    def query_user_environment_consumption_roles(session, username, groups, uri, filter) -> Query:
+    def query_user_environment_consumption_roles(session, groups, uri, filter) -> Query:
         query = (
             session.query(models.ConsumptionRole)
             .filter(models.ConsumptionRole.environmentUri == uri)
@@ -695,20 +657,18 @@ def query_user_environment_consumption_roles(session, username, groups, uri, fil
         return query
 
     @staticmethod
-    @has_resource_perm(permissions.LIST_ENVIRONMENT_CONSUMPTION_ROLES)
-    def paginated_user_environment_consumption_roles(
-        session, username, groups, uri, data=None, check_perm=None
-    ) -> dict:
+    @has_resource_permission(permissions.LIST_ENVIRONMENT_CONSUMPTION_ROLES)
+    def paginated_user_environment_consumption_roles(session, uri, data=None) -> dict:
         return paginate(
             query=Environment.query_user_environment_consumption_roles(
-                session, username, groups, uri, data
+                session, get_context().groups, uri, data
             ),
             page=data.get('page', 1),
             page_size=data.get('pageSize', 1000),
         ).to_dict()
 
     @staticmethod
-    def query_all_environment_consumption_roles(session, username, groups, uri, filter) -> Query:
+    def query_all_environment_consumption_roles(session, uri, filter) -> Query:
         query = session.query(models.ConsumptionRole).filter(
             models.ConsumptionRole.environmentUri == uri
         )
@@ -729,34 +689,20 @@ def query_all_environment_consumption_roles(session, username, groups, uri, filt
         return query
 
     @staticmethod
-    @has_resource_perm(permissions.LIST_ENVIRONMENT_CONSUMPTION_ROLES)
+    @has_resource_permission(permissions.LIST_ENVIRONMENT_CONSUMPTION_ROLES)
     def paginated_all_environment_consumption_roles(
-        session, username, groups, uri, data=None, check_perm=None
+        session, uri, data=None
     ) -> dict:
         return paginate(
             query=Environment.query_all_environment_consumption_roles(
-                session, username, groups, uri, data
+                session, uri, data
             ),
             page=data.get('page', 1),
             page_size=data.get('pageSize', 10),
         ).to_dict()
 
     @staticmethod
-    @has_resource_perm(permissions.LIST_ENVIRONMENT_CONSUMPTION_ROLES)
-    def list_environment_consumption_roles(
-        session, username, groups, uri, data=None, check_perm=None
-    ) -> [str]:
-        return [
-            {"value": g.IAMRoleArn, "label": g.consumptionRoleName}
-            for g in Environment.query_user_environment_consumption_roles(
-                session, username, groups, uri, data
-            ).all()
-        ]
-
-    @staticmethod
-    def find_consumption_roles_by_IAMArn(
-            session, uri, arn
-    ) -> Query:
+    def find_consumption_roles_by_IAMArn(session, uri, arn) -> Query:
         return session.query(models.ConsumptionRole).filter(
             and_(
                 models.ConsumptionRole.environmentUri == uri,
@@ -765,7 +711,7 @@ def find_consumption_roles_by_IAMArn(
         ).first()
 
     @staticmethod
-    def query_environment_networks(session, username, groups, uri, filter) -> Query:
+    def query_environment_networks(session, uri, filter) -> Query:
         query = session.query(models.Vpc).filter(
             models.Vpc.environmentUri == uri,
         )
@@ -780,14 +726,10 @@ def query_environment_networks(session, username, groups, uri, filter) -> Query:
         return query
 
     @staticmethod
-    @has_resource_perm(permissions.LIST_ENVIRONMENT_NETWORKS)
-    def paginated_environment_networks(
-        session, username, groups, uri, data=None, check_perm=None
-    ) -> dict:
+    @has_resource_permission(permissions.LIST_ENVIRONMENT_NETWORKS)
+    def paginated_environment_networks(session, uri, data=None) -> dict:
         return paginate(
-            query=Environment.query_environment_networks(
-                session, username, groups, uri, data
-            ),
+            query=Environment.query_environment_networks(session, uri, data),
             page=data.get('page', 1),
             page_size=data.get('pageSize', 10),
         ).to_dict()
@@ -900,10 +842,8 @@ def list_environment_redshift_clusters_query(session, environment_uri, filter):
         return q
 
     @staticmethod
-    @has_resource_perm(permissions.LIST_ENVIRONMENT_REDSHIFT_CLUSTERS)
-    def paginated_environment_redshift_clusters(
-        session, username, groups, uri, data=None, check_perm=None
-    ):
+    @has_resource_permission(permissions.LIST_ENVIRONMENT_REDSHIFT_CLUSTERS)
+    def paginated_environment_redshift_clusters(session, uri, data=None):
         query = Environment.list_environment_redshift_clusters_query(session, uri, data)
         return paginate(
             query=query,
@@ -912,18 +852,12 @@ def paginated_environment_redshift_clusters(
         ).to_dict()
 
     @staticmethod
-    @has_resource_perm(permissions.GET_ENVIRONMENT)
-    def get_stack(
-        session, username, groups, uri, data=None, check_perm=None
-    ) -> models.Stack:
-        return session.query(models.Stack).get(data['stackUri'])
+    @has_resource_permission(permissions.GET_ENVIRONMENT)
+    def get_stack(session, uri, stack_uri) -> models.Stack:
+        return session.query(models.Stack).get(stack_uri)
 
     @staticmethod
-    def delete_environment(session, username, groups, uri, data=None, check_perm=None):
-        environment = data.get(
-            'environment', Environment.get_environment_by_uri(session, uri)
-        )
-
+    def delete_environment(session, uri, environment):
         env_groups = (
             session.query(models.EnvironmentGroup)
             .filter(models.EnvironmentGroup.environmentUri == uri)
@@ -967,11 +901,7 @@ def check_group_environment_membership(
             )
         if group not in Environment.list_environment_groups(
             session=session,
-            username=username,
-            groups=user_groups,
             uri=environment_uri,
-            data={},
-            check_perm=True,
         ):
             raise exceptions.UnauthorizedOperation(
                 action=permission_name,
diff --git a/backend/dataall/modules/datapipelines/services/datapipelines_service.py b/backend/dataall/modules/datapipelines/services/datapipelines_service.py
index 35a9d48ba..71ff04b63 100644
--- a/backend/dataall/modules/datapipelines/services/datapipelines_service.py
+++ b/backend/dataall/modules/datapipelines/services/datapipelines_service.py
@@ -157,11 +157,7 @@ def validate_group_membership(
             )
         if pipeline_group not in Environment.list_environment_groups(
             session=session,
-            username=username,
-            groups=groups,
             uri=environment_uri,
-            data=None,
-            check_perm=True,
         ):
             raise exceptions.UnauthorizedOperation(
                 action=CREATE_PIPELINE,
diff --git a/backend/dataall/modules/dataset_sharing/services/share_object_service.py b/backend/dataall/modules/dataset_sharing/services/share_object_service.py
index 271a03052..b41f98075 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_object_service.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_object_service.py
@@ -326,11 +326,7 @@ def _validate_group_membership(
             )
         if share_object_group not in Environment.list_environment_groups(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=environment_uri,
-            data=None,
-            check_perm=True,
         ):
             raise UnauthorizedOperation(
                 action=CREATE_SHARE_OBJECT,
diff --git a/tests/modules/datasets/tasks/test_dataset_policies.py b/tests/modules/datasets/tasks/test_dataset_policies.py
index 54242cdeb..bd56748da 100644
--- a/tests/modules/datasets/tasks/test_dataset_policies.py
+++ b/tests/modules/datasets/tasks/test_dataset_policies.py
@@ -132,7 +132,7 @@ def test_group_prefixes_by_accountid(db, mocker):
                 ],
                 'Principal': {'AWS': '675534'},
             },
-        ],
+        ]
     }
     BucketPoliciesUpdater.update_policy(statements, policy)
     assert policy
diff --git a/tests/modules/datasets/test_dataset_permissions.py b/tests/modules/datasets/test_dataset_permissions.py
index 015f0fd4a..b3c95a387 100644
--- a/tests/modules/datasets/test_dataset_permissions.py
+++ b/tests/modules/datasets/test_dataset_permissions.py
@@ -139,8 +139,6 @@ def test_create_dataset(db, env, user, group, group_user, dataset, permissions,
         )
         env_with_perm = Environment.create_environment(
             session=session,
-            username=user.userName,
-            groups=[group.name],
             uri=org_with_perm.organizationUri,
             data={
                 'label': 'EnvWithPerm',
@@ -151,7 +149,6 @@ def test_create_dataset(db, env, user, group, group_user, dataset, permissions,
                 'region': 'eu-west-1',
                 'cdk_role_name': 'cdkrole',
             },
-            check_perm=True,
         )
 
         data = dict(

From 989d8cc28df641ddddaf56ade04497219c94fc24 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 5 Jul 2023 11:30:20 +0200
Subject: [PATCH 332/346] Migrate glossary to a new permission check API and
 remove unused parameters

---
 .../dataall/api/Objects/Glossary/resolvers.py | 45 +------------------
 backend/dataall/db/api/glossary.py            | 38 ++++++++--------
 2 files changed, 21 insertions(+), 62 deletions(-)

diff --git a/backend/dataall/api/Objects/Glossary/resolvers.py b/backend/dataall/api/Objects/Glossary/resolvers.py
index 42fae88ce..c5c4f7874 100644
--- a/backend/dataall/api/Objects/Glossary/resolvers.py
+++ b/backend/dataall/api/Objects/Glossary/resolvers.py
@@ -26,14 +26,7 @@ def create_glossary(
     context: Context, source, input: dict = None
 ) -> models.GlossaryNode:
     with context.engine.scoped_session() as session:
-        return db.api.Glossary.create_glossary(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            uri=None,
-            data=input,
-            check_perm=True,
-        )
+        return db.api.Glossary.create_glossary(session, input)
 
 
 def tree(context: Context, source: models.GlossaryNode):
@@ -93,11 +86,8 @@ def create_category(
     with context.engine.scoped_session() as session:
         return db.api.Glossary.create_category(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=parentUri,
             data=input,
-            check_perm=True,
         )
 
 
@@ -105,11 +95,8 @@ def create_term(context: Context, source, parentUri: str = None, input: dict = N
     with context.engine.scoped_session() as session:
         return db.api.Glossary.create_term(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=parentUri,
             data=input,
-            check_perm=True,
         )
 
 
@@ -119,11 +106,7 @@ def list_glossaries(context: Context, source, filter: dict = None):
     with context.engine.scoped_session() as session:
         return db.api.Glossary.list_glossaries(
             session=session,
-            username=context.username,
-            groups=context.groups,
-            uri=None,
             data=filter,
-            check_perm=True,
         )
 
 
@@ -137,11 +120,8 @@ def resolve_categories(
     with context.engine.scoped_session() as session:
         return db.api.Glossary.list_categories(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=source.nodeUri,
             data=filter,
-            check_perm=True,
         )
 
 
@@ -153,11 +133,8 @@ def resolve_terms(context: Context, source: models.GlossaryNode, filter: dict =
     with context.engine.scoped_session() as session:
         return db.api.Glossary.list_terms(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=source.nodeUri,
             data=filter,
-            check_perm=True,
         )
 
 
@@ -167,11 +144,8 @@ def update_node(
     with context.engine.scoped_session() as session:
         return db.api.Glossary.update_node(
             session,
-            username=context.username,
-            groups=context.groups,
             uri=nodeUri,
             data=input,
-            check_perm=True,
         )
 
 
@@ -193,14 +167,7 @@ def resolve_user_role(context: Context, source: models.GlossaryNode, **kwargs):
 
 def delete_node(context: Context, source, nodeUri: str = None) -> bool:
     with context.engine.scoped_session() as session:
-        return db.api.Glossary.delete_node(
-            session,
-            username=context.username,
-            groups=context.groups,
-            uri=nodeUri,
-            data=None,
-            check_perm=True,
-        )
+        return db.api.Glossary.delete_node(session, nodeUri)
 
 
 def hierarchical_search(context: Context, source, filter: dict = None):
@@ -210,11 +177,7 @@ def hierarchical_search(context: Context, source, filter: dict = None):
     with context.engine.scoped_session() as session:
         return db.api.Glossary.hierarchical_search(
             session=session,
-            username=context.username,
-            groups=context.groups,
-            uri=None,
             data=filter,
-            check_perm=True,
         )
 
 
@@ -251,11 +214,7 @@ def search_terms(context: Context, source, filter: dict = None):
     with context.engine.scoped_session() as session:
         return db.api.Glossary.search_terms(
             session=session,
-            username=context.username,
-            groups=context.groups,
-            uri=None,
             data=filter,
-            check_perm=True,
         )
 
 
diff --git a/backend/dataall/db/api/glossary.py b/backend/dataall/db/api/glossary.py
index 2dc97c62c..270de5543 100644
--- a/backend/dataall/db/api/glossary.py
+++ b/backend/dataall/db/api/glossary.py
@@ -5,19 +5,19 @@
 from sqlalchemy.orm import with_expression, aliased
 
 from .. import models, exceptions, permissions, paginate, Resource
-from .permission_checker import has_tenant_perm
 from ..models.Glossary import GlossaryNodeStatus
 from ..paginator import Page
 from dataall.core.permission_checker import has_tenant_permission
 from dataall.core.context import get_context
+from dataall.core.permission_checker import has_tenant_permission
 
 logger = logging.getLogger(__name__)
 
 
 class Glossary:
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_GLOSSARIES)
-    def create_glossary(session, username, groups, uri, data=None, check_perm=None):
+    @has_tenant_permission(permissions.MANAGE_GLOSSARIES)
+    def create_glossary(session, data=None):
         Glossary.validate_params(data)
         g: models.GlossaryNode = models.GlossaryNode(
             label=data.get('label'),
@@ -25,7 +25,7 @@ def create_glossary(session, username, groups, uri, data=None, check_perm=None):
             parentUri='',
             path='/',
             readme=data.get('readme', 'no description available'),
-            owner=username,
+            owner=get_context().username,
             admin=data.get('admin'),
             status=GlossaryNodeStatus.approved.value,
         )
@@ -35,8 +35,8 @@ def create_glossary(session, username, groups, uri, data=None, check_perm=None):
         return g
 
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_GLOSSARIES)
-    def create_category(session, username, groups, uri, data=None, check_perm=None):
+    @has_tenant_permission(permissions.MANAGE_GLOSSARIES)
+    def create_category(session, uri, data=None):
         Glossary.validate_params(data)
         parent: models.GlossaryNode = session.query(models.GlossaryNode).get(uri)
         if not parent:
@@ -47,7 +47,7 @@ def create_category(session, username, groups, uri, data=None, check_perm=None):
             parentUri=parent.nodeUri,
             nodeType='C',
             label=data.get('label'),
-            owner=username,
+            owner=get_context().username,
             readme=data.get('readme'),
         )
         session.add(cat)
@@ -56,8 +56,8 @@ def create_category(session, username, groups, uri, data=None, check_perm=None):
         return cat
 
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_GLOSSARIES)
-    def create_term(session, username, groups, uri, data=None, check_perm=None):
+    @has_tenant_permission(permissions.MANAGE_GLOSSARIES)
+    def create_term(session, uri, data=None):
         Glossary.validate_params(data)
         parent: models.GlossaryNode = session.query(models.GlossaryNode).get(uri)
         if not parent:
@@ -73,7 +73,7 @@ def create_term(session, username, groups, uri, data=None, check_perm=None):
             nodeType='T',
             label=data.get('label'),
             readme=data.get('readme'),
-            owner=username,
+            owner=get_context().username,
         )
         session.add(term)
         session.commit()
@@ -81,8 +81,8 @@ def create_term(session, username, groups, uri, data=None, check_perm=None):
         return term
 
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_GLOSSARIES)
-    def delete_node(session, username, groups, uri, data=None, check_perm=None):
+    @has_tenant_permission(permissions.MANAGE_GLOSSARIES)
+    def delete_node(session, uri):
         count = 0
         node: models.GlossaryNode = session.query(models.GlossaryNode).get(uri)
         if not node:
@@ -102,8 +102,8 @@ def delete_node(session, username, groups, uri, data=None, check_perm=None):
         return count
 
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_GLOSSARIES)
-    def update_node(session, username, groups, uri, data=None, check_perm=None):
+    @has_tenant_permission(permissions.MANAGE_GLOSSARIES)
+    def update_node(session, uri, data=None):
         node: models.GlossaryNode = session.query(models.GlossaryNode).get(uri)
         if not node:
             raise exceptions.ObjectNotFound('Node', uri)
@@ -143,7 +143,7 @@ def link_term(session, uri, target_model: Resource, data):
         return link
 
     @staticmethod
-    def list_glossaries(session, username, groups, uri, data=None, check_perm=None):
+    def list_glossaries(session, data=None):
         q = session.query(models.GlossaryNode).filter(
             models.GlossaryNode.nodeType == 'G', models.GlossaryNode.deleted.is_(None)
         )
@@ -160,7 +160,7 @@ def list_glossaries(session, username, groups, uri, data=None, check_perm=None):
         ).to_dict()
 
     @staticmethod
-    def list_categories(session, username, groups, uri, data=None, check_perm=None):
+    def list_categories(session, uri, data=None):
         q = session.query(models.GlossaryNode).filter(
             and_(
                 models.GlossaryNode.parentUri == uri,
@@ -182,7 +182,7 @@ def list_categories(session, username, groups, uri, data=None, check_perm=None):
         ).to_dict()
 
     @staticmethod
-    def list_terms(session, username, groups, uri, data=None, check_perm=None):
+    def list_terms(session, uri, data=None):
         q = session.query(models.GlossaryNode).filter(
             and_(
                 models.GlossaryNode.parentUri == uri,
@@ -203,7 +203,7 @@ def list_terms(session, username, groups, uri, data=None, check_perm=None):
         ).to_dict()
 
     @staticmethod
-    def hierarchical_search(session, username, groups, uri, data=None, check_perm=None):
+    def hierarchical_search(session, data=None):
         q = session.query(models.GlossaryNode).options(
             with_expression(models.GlossaryNode.isMatch, literal(True))
         )
@@ -281,7 +281,7 @@ def hierarchical_search(session, username, groups, uri, data=None, check_perm=No
         ).to_dict()
 
     @staticmethod
-    def search_terms(session, username, groups, uri, data=None, check_perm=None):
+    def search_terms(session, data=None):
         q = session.query(models.GlossaryNode).filter(
             models.GlossaryNode.deleted.is_(None)
         )

From b07675fb55338a75833820212887a8cd04386cbc Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 5 Jul 2023 11:34:34 +0200
Subject: [PATCH 333/346] Migrate keyvaluetag to a new permission check API and
 remove unused parameters

---
 .../api/Objects/KeyValueTag/resolvers.py      |  8 +----
 backend/dataall/db/api/keyvaluetag.py         | 29 +++++++------------
 2 files changed, 12 insertions(+), 25 deletions(-)

diff --git a/backend/dataall/api/Objects/KeyValueTag/resolvers.py b/backend/dataall/api/Objects/KeyValueTag/resolvers.py
index 3f9141862..237516c44 100644
--- a/backend/dataall/api/Objects/KeyValueTag/resolvers.py
+++ b/backend/dataall/api/Objects/KeyValueTag/resolvers.py
@@ -9,11 +9,8 @@ def list_key_value_tags(
     with context.engine.scoped_session() as session:
         return db.api.KeyValueTag.list_key_value_tags(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=targetUri,
-            data={'targetType': targetType},
-            check_perm=True,
+            target_type=targetType,
         )
 
 
@@ -21,11 +18,8 @@ def update_key_value_tags(context: Context, source, input=None):
     with context.engine.scoped_session() as session:
         kv_tags = db.api.KeyValueTag.update_key_value_tags(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=input['targetUri'],
             data=input,
-            check_perm=True,
         )
         stack_helper.deploy_stack(targetUri=input['targetUri'])
         return kv_tags
diff --git a/backend/dataall/db/api/keyvaluetag.py b/backend/dataall/db/api/keyvaluetag.py
index 90d3d4f97..66002f249 100644
--- a/backend/dataall/db/api/keyvaluetag.py
+++ b/backend/dataall/db/api/keyvaluetag.py
@@ -4,21 +4,14 @@
 from .resource_policy import ResourcePolicy
 from .. import exceptions
 from .. import models
+from ...core.context import get_context
 
 logger = logging.getLogger(__name__)
 
 
 class KeyValueTag:
     @staticmethod
-    def update_key_value_tags(
-        session,
-        username: str,
-        groups: [str],
-        uri: str,
-        data: dict = None,
-        check_perm: bool = False,
-    ) -> [models.KeyValueTag]:
-
+    def update_key_value_tags(session, uri: str, data: dict = None) -> [models.KeyValueTag]:
         if not uri:
             raise exceptions.RequiredParameter('targetUri')
         if not data:
@@ -26,10 +19,11 @@ def update_key_value_tags(
         if not data.get('targetType'):
             raise exceptions.RequiredParameter('targetType')
 
+        context = get_context()
         ResourcePolicy.check_user_resource_permission(
             session=session,
-            username=username,
-            groups=groups,
+            username=context.username,
+            groups=context.groups,
             resource_uri=uri,
             permission_name=TargetType.get_resource_update_permission_name(
                 data['targetType']
@@ -62,19 +56,18 @@ def update_key_value_tags(
         return tags
 
     @staticmethod
-    def list_key_value_tags(
-        session, username, groups, uri, data=None, check_perm=None
-    ) -> dict:
+    def list_key_value_tags(session, uri, target_type) -> dict:
+        context = get_context()
         ResourcePolicy.check_user_resource_permission(
             session=session,
-            username=username,
-            groups=groups,
+            username=context.username,
+            groups=context.groups,
             resource_uri=uri,
             permission_name=TargetType.get_resource_read_permission_name(
-                data['targetType']
+                target_type
             ),
         )
-        return KeyValueTag.find_key_value_tags(session, uri, data['targetType'])
+        return KeyValueTag.find_key_value_tags(session, uri, target_type)
 
     @staticmethod
     def find_key_value_tags(session, target_uri, target_type) -> [models.KeyValueTag]:

From b577f4f8e2286b652b721101dbdf121bb326f447 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 5 Jul 2023 11:49:19 +0200
Subject: [PATCH 334/346] Migrate organization to a new permission check API
 and remove unused parameters

---
 .../api/Objects/Organization/resolvers.py     | 35 +---------
 backend/dataall/db/api/notification.py        |  9 ---
 backend/dataall/db/api/organization.py        | 70 +++++++++----------
 .../datasets/test_dataset_permissions.py      |  4 --
 4 files changed, 33 insertions(+), 85 deletions(-)

diff --git a/backend/dataall/api/Objects/Organization/resolvers.py b/backend/dataall/api/Objects/Organization/resolvers.py
index 7c1bb7736..65a07b8f4 100644
--- a/backend/dataall/api/Objects/Organization/resolvers.py
+++ b/backend/dataall/api/Objects/Organization/resolvers.py
@@ -9,11 +9,7 @@ def create_organization(context: Context, source, input=None):
     with context.engine.scoped_session() as session:
         organization = Organization.create_organization(
             session=session,
-            username=context.username,
-            groups=context.groups,
-            uri=None,
             data=input,
-            check_perm=True,
         )
         return organization
 
@@ -22,11 +18,8 @@ def update_organization(context, source, organizationUri=None, input=None):
     with context.engine.scoped_session() as session:
         return Organization.update_organization(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=organizationUri,
             data=input,
-            check_perm=True,
         )
 
 
@@ -44,11 +37,7 @@ def list_organizations(context: Context, source, filter=None):
     with context.engine.scoped_session() as session:
         return Organization.paginated_user_organizations(
             session=session,
-            username=context.username,
-            groups=context.groups,
-            uri=None,
             data=filter,
-            check_perm=True,
         )
 
 
@@ -58,11 +47,8 @@ def list_groups(context, source: models.Organization, filter=None):
     with context.engine.scoped_session() as session:
         return Organization.paginated_organization_groups(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=source.organizationUri,
             data=filter,
-            check_perm=True,
         )
 
 
@@ -72,11 +58,8 @@ def list_organization_environments(context, source, filter=None):
     with context.engine.scoped_session() as session:
         return Organization.paginated_organization_environments(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=source.organizationUri,
             data=filter,
-            check_perm=True,
         )
 
 
@@ -111,11 +94,7 @@ def archive_organization(context: Context, source, organizationUri: str = None):
     with context.engine.scoped_session() as session:
         return Organization.archive_organization(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=organizationUri,
-            data=None,
-            check_perm=True,
         )
 
 
@@ -123,11 +102,8 @@ def invite_group(context: Context, source, input):
     with context.engine.scoped_session() as session:
         organization, organization_group = db.api.Organization.invite_group(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=input['organizationUri'],
             data=input,
-            check_perm=True,
         )
         return organization
 
@@ -136,11 +112,8 @@ def remove_group(context: Context, source, organizationUri=None, groupUri=None):
     with context.engine.scoped_session() as session:
         organization = db.api.Organization.remove_group(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=organizationUri,
-            data={'groupUri': groupUri},
-            check_perm=True,
+            group=groupUri
         )
         return organization
 
@@ -153,11 +126,8 @@ def list_organization_invited_groups(
     with context.engine.scoped_session() as session:
         return db.api.Organization.paginated_organization_invited_groups(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=organizationUri,
             data=filter,
-            check_perm=True,
         )
 
 
@@ -169,11 +139,8 @@ def list_organization_groups(
     with context.engine.scoped_session() as session:
         return db.api.Organization.paginated_organization_groups(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=organizationUri,
             data=filter,
-            check_perm=True,
         )
 
 
diff --git a/backend/dataall/db/api/notification.py b/backend/dataall/db/api/notification.py
index 0337e6a22..cf73bc25a 100644
--- a/backend/dataall/db/api/notification.py
+++ b/backend/dataall/db/api/notification.py
@@ -28,15 +28,6 @@ def create(
         session.commit()
         return notification
 
-    @staticmethod
-    def list_my_notifications(session, username):
-        return (
-            session.query(models.Notification)
-            .filter(models.Notification.username == username)
-            .order_by(models.Notification.created.desc())
-            .all()
-        )
-
     @staticmethod
     def paginated_notifications(session, username, filter=None):
         if not filter:
diff --git a/backend/dataall/db/api/organization.py b/backend/dataall/db/api/organization.py
index dd570eeae..d9b873091 100644
--- a/backend/dataall/db/api/organization.py
+++ b/backend/dataall/db/api/organization.py
@@ -5,9 +5,11 @@
 
 from .. import exceptions, permissions, paginate
 from .. import models
-from . import has_tenant_perm, ResourcePolicy, has_resource_perm
+from . import ResourcePolicy
 from ..models import OrganizationGroup
 from ..models.Enums import OrganisationUserRole
+from dataall.core.permission_checker import has_resource_permission, has_tenant_permission
+from ...core.context import get_context
 
 logger = logging.getLogger(__name__)
 
@@ -27,8 +29,8 @@ def find_organization_by_uri(session, uri) -> models.Organization:
         return session.query(models.Organization).get(uri)
 
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_ORGANIZATIONS)
-    def create_organization(session, username, groups, uri, data=None, check_perm=None) -> models.Organization:
+    @has_tenant_permission(permissions.MANAGE_ORGANIZATIONS)
+    def create_organization(session, data=None) -> models.Organization:
         if not data:
             raise exceptions.RequiredParameter(data)
         if not data.get('SamlGroupName'):
@@ -36,6 +38,7 @@ def create_organization(session, username, groups, uri, data=None, check_perm=No
         if not data.get('label'):
             raise exceptions.RequiredParameter('label')
 
+        username = get_context().username
         org = models.Organization(
             label=data.get('label'),
             owner=username,
@@ -73,18 +76,19 @@ def create_organization(session, username, groups, uri, data=None, check_perm=No
         return org
 
     @staticmethod
-    @has_resource_perm(permissions.UPDATE_ORGANIZATION)
-    def update_organization(session, username, groups, uri, data=None, check_perm=None):
+    @has_resource_permission(permissions.UPDATE_ORGANIZATION)
+    def update_organization(session, uri, data=None):
         organization = Organization.get_organization_by_uri(session, uri)
         for field in data.keys():
             setattr(organization, field, data.get(field))
         session.commit()
 
+        context = get_context()
         activity = models.Activity(
             action='org:update',
             label='org:create',
-            owner=username,
-            summary=f'{username} updated organization {organization.name} ',
+            owner=context.username,
+            summary=f'{context.username} updated organization {organization.name} ',
             targetUri=organization.organizationUri,
             targetType='org',
         )
@@ -124,9 +128,10 @@ def query_user_organizations(session, username, groups, filter) -> Query:
         return query
 
     @staticmethod
-    def paginated_user_organizations(session, username, groups, uri, data=None, check_perm=None) -> dict:
+    def paginated_user_organizations(session, data=None) -> dict:
+        context = get_context()
         return paginate(
-            query=Organization.query_user_organizations(session, username, groups, data),
+            query=Organization.query_user_organizations(session, context.username, context.groups, data),
             page=data.get('page', 1),
             page_size=data.get('pageSize', 10),
         ).to_dict()
@@ -144,9 +149,9 @@ def query_organization_environments(session, uri, filter) -> Query:
         return query
 
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_ORGANIZATIONS)
-    @has_resource_perm(permissions.GET_ORGANIZATION)
-    def paginated_organization_environments(session, username, groups, uri, data=None, check_perm=None) -> dict:
+    @has_tenant_permission(permissions.MANAGE_ORGANIZATIONS)
+    @has_resource_permission(permissions.GET_ORGANIZATION)
+    def paginated_organization_environments(session, uri, data=None) -> dict:
         return paginate(
             query=Organization.query_organization_environments(session, uri, data),
             page=data.get('page', 1),
@@ -154,10 +159,9 @@ def paginated_organization_environments(session, username, groups, uri, data=Non
         ).to_dict()
 
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_ORGANIZATIONS)
-    @has_resource_perm(permissions.DELETE_ORGANIZATION)
-    def archive_organization(session, username, groups, uri, data=None, check_perm=None) -> bool:
-
+    @has_tenant_permission(permissions.MANAGE_ORGANIZATIONS)
+    @has_resource_permission(permissions.DELETE_ORGANIZATION)
+    def archive_organization(session, uri) -> bool:
         org = Organization.get_organization_by_uri(session, uri)
         environments = session.query(models.Environment).filter(models.Environment.organizationUri == uri).count()
         if environments:
@@ -176,12 +180,9 @@ def archive_organization(session, username, groups, uri, data=None, check_perm=N
         return True
 
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_ORGANIZATIONS)
-    @has_resource_perm(permissions.INVITE_ORGANIZATION_GROUP)
-    def invite_group(
-        session, username, groups, uri, data=None, check_perm=None
-    ) -> (models.Organization, models.OrganizationGroup):
-
+    @has_tenant_permission(permissions.MANAGE_ORGANIZATIONS)
+    @has_resource_permission(permissions.INVITE_ORGANIZATION_GROUP)
+    def invite_group(session, username, uri, data=None) -> (models.Organization, models.OrganizationGroup):
         Organization.validate_invite_params(data)
 
         group: str = data['groupUri']
@@ -233,16 +234,9 @@ def validate_invite_params(data):
             raise exceptions.RequiredParameter('groupUri')
 
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_ORGANIZATIONS)
-    @has_resource_perm(permissions.REMOVE_ORGANIZATION_GROUP)
-    def remove_group(session, username, groups, uri, data=None, check_perm=None):
-        if not data:
-            raise exceptions.RequiredParameter(data)
-        if not data.get('groupUri'):
-            raise exceptions.RequiredParameter('groupUri')
-
-        group: str = data['groupUri']
-
+    @has_tenant_permission(permissions.MANAGE_ORGANIZATIONS)
+    @has_resource_permission(permissions.REMOVE_ORGANIZATION_GROUP)
+    def remove_group(session, uri, group):
         organization = Organization.get_organization_by_uri(session, uri)
 
         if group == organization.SamlGroupName:
@@ -292,9 +286,9 @@ def query_organization_groups(session, uri, filter) -> Query:
         return query
 
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_ORGANIZATIONS)
-    @has_resource_perm(permissions.GET_ORGANIZATION)
-    def paginated_organization_groups(session, username, groups, uri, data=None, check_perm=None) -> dict:
+    @has_tenant_permission(permissions.MANAGE_ORGANIZATIONS)
+    @has_resource_permission(permissions.GET_ORGANIZATION)
+    def paginated_organization_groups(session, uri, data=None) -> dict:
         return paginate(
             query=Organization.query_organization_groups(session, uri, data),
             page=data.get('page', 1),
@@ -325,9 +319,9 @@ def query_organization_invited_groups(session, organization, filter) -> Query:
         return query
 
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_ORGANIZATIONS)
-    @has_resource_perm(permissions.GET_ORGANIZATION)
-    def paginated_organization_invited_groups(session, username, groups, uri, data=None, check_perm=False) -> dict:
+    @has_tenant_permission(permissions.MANAGE_ORGANIZATIONS)
+    @has_resource_permission(permissions.GET_ORGANIZATION)
+    def paginated_organization_invited_groups(session, uri, data=None) -> dict:
         organization = Organization.get_organization_by_uri(session, uri)
         return paginate(
             query=Organization.query_organization_invited_groups(session, organization, data),
diff --git a/tests/modules/datasets/test_dataset_permissions.py b/tests/modules/datasets/test_dataset_permissions.py
index b3c95a387..3bfb5a155 100644
--- a/tests/modules/datasets/test_dataset_permissions.py
+++ b/tests/modules/datasets/test_dataset_permissions.py
@@ -126,16 +126,12 @@ def test_create_dataset(db, env, user, group, group_user, dataset, permissions,
         )
         org_with_perm = Organization.create_organization(
             session=session,
-            username=user.userName,
-            groups=[group.name],
-            uri=None,
             data={
                 'label': 'OrgWithPerm',
                 'SamlGroupName': group.name,
                 'description': 'desc',
                 'tags': [],
             },
-            check_perm=True,
         )
         env_with_perm = Environment.create_environment(
             session=session,

From bd58026f4bb1499da08b747dd4daba5bfd9fba56 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 5 Jul 2023 11:54:06 +0200
Subject: [PATCH 335/346] Migrate stack to a new permission check API and
 remove unused parameters

---
 backend/dataall/api/Objects/Stack/resolvers.py |  5 +----
 backend/dataall/db/api/stack.py                | 17 +++++++----------
 2 files changed, 8 insertions(+), 14 deletions(-)

diff --git a/backend/dataall/api/Objects/Stack/resolvers.py b/backend/dataall/api/Objects/Stack/resolvers.py
index f306a983c..46cb0f885 100644
--- a/backend/dataall/api/Objects/Stack/resolvers.py
+++ b/backend/dataall/api/Objects/Stack/resolvers.py
@@ -101,11 +101,8 @@ def update_stack(
     with context.engine.scoped_session() as session:
         stack = db.api.Stack.update_stack(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=targetUri,
-            data={'targetType': targetType},
-            check_perm=True,
+            target_type=targetType
         )
     stack_helper.deploy_stack(stack.targetUri)
     return stack
diff --git a/backend/dataall/db/api/stack.py b/backend/dataall/db/api/stack.py
index c6d6946ad..fd1881c9a 100644
--- a/backend/dataall/db/api/stack.py
+++ b/backend/dataall/db/api/stack.py
@@ -3,6 +3,7 @@
 from . import ResourcePolicy, TargetType
 from .. import exceptions
 from .. import models
+from ...core.context import get_context
 from ...utils.naming_convention import (
     NamingConventionService,
     NamingConventionPattern,
@@ -70,27 +71,23 @@ def create_stack(
     @staticmethod
     def update_stack(
         session,
-        username: str,
-        groups: [str],
         uri: str,
-        data: dict = None,
-        check_perm: bool = False,
+        target_type: str
     ) -> [models.Stack]:
 
         if not uri:
             raise exceptions.RequiredParameter('targetUri')
-        if not data:
-            raise exceptions.RequiredParameter('data')
-        if not data.get('targetType'):
+        if not target_type:
             raise exceptions.RequiredParameter('targetType')
 
+        context = get_context()
         ResourcePolicy.check_user_resource_permission(
             session=session,
-            username=username,
-            groups=groups,
+            username=context.username,
+            groups=context.groups,
             resource_uri=uri,
             permission_name=TargetType.get_resource_update_permission_name(
-                data['targetType']
+                target_type
             ),
         )
         stack = Stack.get_stack_by_target_uri(session, target_uri=uri)

From cef4390f304e73f8916871a96f1dbd9d859f9d9a Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 5 Jul 2023 12:13:49 +0200
Subject: [PATCH 336/346] Migrate vote to a new permission check API and remove
 unused parameters

---
 backend/dataall/api/Objects/Vote/resolvers.py | 17 ++++----------
 backend/dataall/db/api/vote.py                | 23 ++++---------------
 .../modules/dashboards/api/resolvers.py       |  2 +-
 .../dashboards/indexers/dashboard_indexer.py  |  2 +-
 .../datasets/indexers/dataset_indexer.py      |  2 +-
 .../datasets/services/dataset_service.py      |  2 +-
 6 files changed, 13 insertions(+), 35 deletions(-)

diff --git a/backend/dataall/api/Objects/Vote/resolvers.py b/backend/dataall/api/Objects/Vote/resolvers.py
index 5cbcff7c2..c7ff52995 100644
--- a/backend/dataall/api/Objects/Vote/resolvers.py
+++ b/backend/dataall/api/Objects/Vote/resolvers.py
@@ -17,11 +17,8 @@ def count_upvotes(
     with context.engine.scoped_session() as session:
         return db.api.Vote.count_upvotes(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=targetUri,
-            data={'targetType': targetType},
-            check_perm=True,
+            target_type=targetType
         )
 
 
@@ -29,11 +26,8 @@ def upvote(context: Context, source, input=None):
     with context.engine.scoped_session() as session:
         vote = db.api.Vote.upvote(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=input['targetUri'],
             data=input,
-            check_perm=True,
         )
 
         _VOTE_TYPES[vote.targetType].upsert(session, vote.targetUri)
@@ -42,11 +36,8 @@ def upvote(context: Context, source, input=None):
 
 def get_vote(context: Context, source, targetUri: str = None, targetType: str = None):
     with context.engine.scoped_session() as session:
-        return db.api.Vote.get_vote(
+        return db.api.Vote.find_vote(
             session=session,
-            username=context.username,
-            groups=context.groups,
-            uri=targetUri,
-            data={'targetType': targetType},
-            check_perm=True,
+            target_uri=targetUri,
+            target_type=targetType
         )
diff --git a/backend/dataall/db/api/vote.py b/backend/dataall/db/api/vote.py
index de3526a0a..f383a1ce1 100644
--- a/backend/dataall/db/api/vote.py
+++ b/backend/dataall/db/api/vote.py
@@ -3,21 +3,14 @@
 
 from .. import exceptions
 from .. import models
+from ...core.context import get_context
 
 logger = logging.getLogger(__name__)
 
 
 class Vote:
     @staticmethod
-    def upvote(
-        session,
-        username: str,
-        groups: [str],
-        uri: str,
-        data: dict = None,
-        check_perm: bool = False,
-    ) -> [models.Vote]:
-
+    def upvote(session, uri: str, data: dict = None) -> [models.Vote]:
         if not uri:
             raise exceptions.RequiredParameter('targetUri')
         if not data:
@@ -41,7 +34,7 @@ def upvote(
 
         else:
             vote: models.Vote = models.Vote(
-                username=username,
+                username=get_context().username,
                 targetUri=uri,
                 targetType=data['targetType'],
                 upvote=data['upvote'],
@@ -52,23 +45,17 @@ def upvote(
         return vote
 
     @staticmethod
-    def count_upvotes(
-        session, username, groups, uri, data=None, check_perm=None
-    ) -> dict:
+    def count_upvotes(session, uri, target_type) -> dict:
         return (
             session.query(models.Vote)
             .filter(
                 models.Vote.targetUri == uri,
-                models.Vote.targetType == data['targetType'],
+                models.Vote.targetType == target_type,
                 models.Vote.upvote == True,
             )
             .count()
         )
 
-    @staticmethod
-    def get_vote(session, username, groups, uri, data=None, check_perm=None) -> dict:
-        return Vote.find_vote(session, uri, data['targetType'])
-
     @staticmethod
     def find_vote(session, target_uri, target_type) -> [models.Vote]:
         return (
diff --git a/backend/dataall/modules/dashboards/api/resolvers.py b/backend/dataall/modules/dashboards/api/resolvers.py
index 8e1056244..746707f52 100644
--- a/backend/dataall/modules/dashboards/api/resolvers.py
+++ b/backend/dataall/modules/dashboards/api/resolvers.py
@@ -113,7 +113,7 @@ def resolve_glossary_terms(context: Context, source: Dashboard, **kwargs):
 def resolve_upvotes(context: Context, source: Dashboard, **kwargs):
     with context.engine.scoped_session() as session:
         return Vote.count_upvotes(
-            session, None, None, source.dashboardUri, data={'targetType': 'dashboard'}
+            session, source.dashboardUri, target_type='dashboard'
         )
 
 
diff --git a/backend/dataall/modules/dashboards/indexers/dashboard_indexer.py b/backend/dataall/modules/dashboards/indexers/dashboard_indexer.py
index 6988696ae..19291f278 100644
--- a/backend/dataall/modules/dashboards/indexers/dashboard_indexer.py
+++ b/backend/dataall/modules/dashboards/indexers/dashboard_indexer.py
@@ -20,7 +20,7 @@ def upsert(cls, session, dashboard_uri: str):
 
             glossary = BaseIndexer._get_target_glossary_terms(session, dashboard_uri)
             count_upvotes = db.api.Vote.count_upvotes(
-                session, None, None, dashboard_uri, {'targetType': 'dashboard'}
+                session, dashboard_uri, target_type='dashboard'
             )
             BaseIndexer._index(
                 doc_id=dashboard_uri,
diff --git a/backend/dataall/modules/datasets/indexers/dataset_indexer.py b/backend/dataall/modules/datasets/indexers/dataset_indexer.py
index 062964767..77abfe96b 100644
--- a/backend/dataall/modules/datasets/indexers/dataset_indexer.py
+++ b/backend/dataall/modules/datasets/indexers/dataset_indexer.py
@@ -17,7 +17,7 @@ def upsert(cls, session, dataset_uri: str):
         count_tables = DatasetRepository.count_dataset_tables(session, dataset_uri)
         count_folders = DatasetLocationRepository.count_dataset_locations(session, dataset_uri)
         count_upvotes = Vote.count_upvotes(
-            session, None, None, dataset_uri, {'targetType': 'dataset'}
+            session, dataset_uri, target_type='dataset'
         )
 
         if dataset:
diff --git a/backend/dataall/modules/datasets/services/dataset_service.py b/backend/dataall/modules/datasets/services/dataset_service.py
index 0f93d4d64..137fcce5b 100644
--- a/backend/dataall/modules/datasets/services/dataset_service.py
+++ b/backend/dataall/modules/datasets/services/dataset_service.py
@@ -192,7 +192,7 @@ def get_dataset_statistics(dataset: Dataset):
                 session, dataset.datasetUri
             )
             count_upvotes = Vote.count_upvotes(
-                session, None, None, dataset.datasetUri, {'targetType': 'dataset'}
+                session, dataset.datasetUri, target_type='dataset'
             )
         return {
             'tables': count_tables or 0,

From c40790a1bc8e5f5468b194991870aa20d9897333 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 5 Jul 2023 12:18:02 +0200
Subject: [PATCH 337/346] Migrate VPC to a new permission check API and remove
 unused parameters

---
 backend/dataall/api/Objects/Vpc/resolvers.py | 21 +---------
 backend/dataall/db/api/vpc.py                | 43 +++++++-------------
 2 files changed, 16 insertions(+), 48 deletions(-)

diff --git a/backend/dataall/api/Objects/Vpc/resolvers.py b/backend/dataall/api/Objects/Vpc/resolvers.py
index 830ec58b2..ddf6c1d0d 100644
--- a/backend/dataall/api/Objects/Vpc/resolvers.py
+++ b/backend/dataall/api/Objects/Vpc/resolvers.py
@@ -10,34 +10,17 @@ def create_network(context: Context, source, input):
     with context.engine.scoped_session() as session:
         vpc = Vpc.create_network(
             session=session,
-            username=context.username,
-            groups=context.groups,
             uri=input['environmentUri'],
             data=input,
-            check_perm=True,
         )
     return vpc
 
 
 def get_network(context: Context, source, vpcUri: str = None):
     with context.engine.scoped_session() as session:
-        return Vpc.get_network(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            uri=vpcUri,
-            data=None,
-            check_perm=True,
-        )
+        return Vpc.get_network(session=session, uri=vpcUri)
 
 
 def delete_network(context: Context, source, vpcUri=None):
     with context.engine.scoped_session() as session:
-        return Vpc.delete(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            uri=vpcUri,
-            data=None,
-            check_perm=True,
-        )
+        return Vpc.delete(session=session, uri=vpcUri)
diff --git a/backend/dataall/db/api/vpc.py b/backend/dataall/db/api/vpc.py
index daa37b1e6..559c799e2 100644
--- a/backend/dataall/db/api/vpc.py
+++ b/backend/dataall/db/api/vpc.py
@@ -5,11 +5,11 @@
 from .. import exceptions, permissions
 from .. import models
 from . import (
-    has_tenant_perm,
-    has_resource_perm,
     Environment,
     ResourcePolicy,
 )
+from dataall.core.permission_checker import has_resource_permission, has_tenant_permission
+from dataall.core.context import get_context
 
 log = logging.getLogger(__name__)
 
@@ -19,23 +19,15 @@ def __init__(self):
         pass
 
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_ENVIRONMENTS)
-    @has_resource_perm(permissions.CREATE_NETWORK)
-    def create_network(
-        session,
-        username: str,
-        groups: [str],
-        uri: str,
-        data: dict = None,
-        check_perm: bool = False,
-    ) -> models.Vpc:
-
+    @has_tenant_permission(permissions.MANAGE_ENVIRONMENTS)
+    @has_resource_permission(permissions.CREATE_NETWORK)
+    def create_network(session, uri: str, data: dict = None) -> models.Vpc:
         Vpc._validate_input(data)
-
+        context = get_context()
         Environment.check_group_environment_permission(
             session=session,
-            username=username,
-            groups=groups,
+            username=context.username,
+            groups=context.groups,
             uri=uri,
             group=data['SamlGroupName'],
             permission_name=permissions.CREATE_NETWORK,
@@ -116,22 +108,15 @@ def _validate_input(data):
             raise exceptions.RequiredParameter('label')
 
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_ENVIRONMENTS)
-    @has_resource_perm(permissions.GET_NETWORK)
-    def get_network(
-        session,
-        username: str,
-        groups: [str],
-        uri: str,
-        data: dict = None,
-        check_perm: bool = False,
-    ) -> models.Vpc:
+    @has_tenant_permission(permissions.MANAGE_ENVIRONMENTS)
+    @has_resource_permission(permissions.GET_NETWORK)
+    def get_network(session, uri: str) -> models.Vpc:
         return Vpc.get_vpc_by_uri(session, uri)
 
     @staticmethod
-    @has_tenant_perm(permissions.MANAGE_ENVIRONMENTS)
-    @has_resource_perm(permissions.DELETE_NETWORK)
-    def delete(session, username, groups, uri, data=None, check_perm=None) -> bool:
+    @has_tenant_permission(permissions.MANAGE_ENVIRONMENTS)
+    @has_resource_permission(permissions.DELETE_NETWORK)
+    def delete(session, uri) -> bool:
         vpc = Vpc.get_vpc_by_uri(session, uri)
         session.delete(vpc)
         ResourcePolicy.delete_resource_policy(

From 21bd055b48a798a4517f55a8a510a9e775e49869 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 5 Jul 2023 12:19:29 +0200
Subject: [PATCH 338/346] Remove old permission checker

---
 backend/dataall/db/api/__init__.py           |  1 -
 backend/dataall/db/api/permission_checker.py | 85 --------------------
 backend/dataall/db/api/redshift_cluster.py   | 23 +++---
 3 files changed, 12 insertions(+), 97 deletions(-)
 delete mode 100644 backend/dataall/db/api/permission_checker.py

diff --git a/backend/dataall/db/api/__init__.py b/backend/dataall/db/api/__init__.py
index 62de5dde1..426dc44af 100644
--- a/backend/dataall/db/api/__init__.py
+++ b/backend/dataall/db/api/__init__.py
@@ -2,7 +2,6 @@
 from .tenant import Tenant
 from .tenant_policy import TenantPolicy
 from .resource_policy import ResourcePolicy
-from .permission_checker import has_tenant_perm, has_resource_perm
 from .target_type import TargetType
 from .keyvaluetag import KeyValueTag
 from .stack import Stack
diff --git a/backend/dataall/db/api/permission_checker.py b/backend/dataall/db/api/permission_checker.py
deleted file mode 100644
index ba6ba8b24..000000000
--- a/backend/dataall/db/api/permission_checker.py
+++ /dev/null
@@ -1,85 +0,0 @@
-from ..api.resource_policy import ResourcePolicy
-from ..api.tenant_policy import TenantPolicy
-from deprecated import deprecated
-
-
-@deprecated(
-    reason="old API. Should be removed at the end of modularization. Use dataall.core.permission_checker",
-    action="once"
-)
-def has_resource_perm(permission):
-    def decorator(f):
-        static_func = False
-        try:
-            f.__func__
-            static_func = True
-            fn = f.__func__
-        except AttributeError:
-            fn = f
-
-        def decorated(
-            session,
-            username: str,
-            groups: [str],
-            uri: str,
-            data: dict = None,
-            check_perm: bool = True,
-        ):
-            if check_perm:
-                ResourcePolicy.check_user_resource_permission(
-                    session=session,
-                    username=username,
-                    groups=groups,
-                    resource_uri=uri,
-                    permission_name=permission,
-                )
-            return fn(session, username, groups, uri, data=data, check_perm=check_perm)
-
-        if static_func:
-            return staticmethod(decorated)
-        else:
-            return decorated
-
-    return decorator
-
-
-@deprecated(
-    reason="old API. Should be removed at the end of modularization. Use dataall.core.permission_checker",
-    action="once"
-)
-def has_tenant_perm(permission):
-    def decorator(f):
-        static_func = False
-        try:
-            f.__func__
-            static_func = True
-            fn = f.__func__
-        except AttributeError:
-            fn = f
-
-        def decorated(
-            session,
-            username: str,
-            groups: [str],
-            uri: str = None,
-            data: dict = None,
-            check_perm: bool = True,
-        ):
-            if check_perm:
-                TenantPolicy.check_user_tenant_permission(
-                    session=session,
-                    username=username,
-                    groups=groups,
-                    tenant_name='dataall',
-                    permission_name=permission,
-                )
-            return fn(
-                session, username, groups, uri=uri, data=data, check_perm=check_perm
-            )
-
-        if static_func:
-            return staticmethod(decorated)
-        else:
-            return decorated
-
-    return decorator
diff --git a/backend/dataall/db/api/redshift_cluster.py b/backend/dataall/db/api/redshift_cluster.py
index 9f0e31fab..799b398d4 100644
--- a/backend/dataall/db/api/redshift_cluster.py
+++ b/backend/dataall/db/api/redshift_cluster.py
@@ -3,13 +3,14 @@
 from sqlalchemy import and_, or_, literal
 
 from .. import models, exceptions, paginate, permissions
-from . import has_resource_perm, ResourcePolicy, Environment
+from . import ResourcePolicy, Environment
 from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 from dataall.utils.naming_convention import (
     NamingConventionService,
     NamingConventionPattern,
 )
 from dataall.utils.slugify import slugify
+from dataall.core.permission_checker import has_resource_permission
 
 log = logging.getLogger(__name__)
 
@@ -19,7 +20,7 @@ def __init__(self):
         pass
 
     @staticmethod
-    @has_resource_perm(permissions.CREATE_REDSHIFT_CLUSTER)
+    @has_resource_permission(permissions.CREATE_REDSHIFT_CLUSTER)
     def create(session, username, groups, uri: str, data: dict = None, check_perm=None):
 
         RedshiftCluster.__validate_cluster_data(data, uri)
@@ -177,7 +178,7 @@ def get_redshift_cluster_by_uri(session, uri) -> models.RedshiftCluster:
         return cluster
 
     @staticmethod
-    @has_resource_perm(permissions.LIST_REDSHIFT_CLUSTER_DATASETS)
+    @has_resource_permission(permissions.LIST_REDSHIFT_CLUSTER_DATASETS)
     def list_available_datasets(
         session, username, groups, uri: str, data: dict = None, check_perm=None
     ):
@@ -269,7 +270,7 @@ def list_available_datasets(
         ).to_dict()
 
     @staticmethod
-    @has_resource_perm(permissions.LIST_REDSHIFT_CLUSTER_DATASETS)
+    @has_resource_permission(permissions.LIST_REDSHIFT_CLUSTER_DATASETS)
     def list_cluster_datasets(
         session, username, groups, uri: str, data: dict = None, check_perm=None
     ):
@@ -297,7 +298,7 @@ def list_cluster_datasets(
         ).to_dict()
 
     @staticmethod
-    @has_resource_perm(permissions.LIST_REDSHIFT_CLUSTER_DATASETS)
+    @has_resource_permission(permissions.LIST_REDSHIFT_CLUSTER_DATASETS)
     def list_available_cluster_tables(
         session, username, groups, uri: str, data: dict = None, check_perm=None
     ):
@@ -388,13 +389,13 @@ def list_available_cluster_tables(
         ).to_dict()
 
     @staticmethod
-    @has_resource_perm(permissions.GET_REDSHIFT_CLUSTER)
+    @has_resource_permission(permissions.GET_REDSHIFT_CLUSTER)
     def get_cluster(session, username, groups, uri, data=None, check_perm=True):
         cluster = RedshiftCluster.get_redshift_cluster_by_uri(session, uri)
         return cluster
 
     @staticmethod
-    @has_resource_perm(permissions.ADD_DATASET_TO_REDSHIFT_CLUSTER)
+    @has_resource_permission(permissions.ADD_DATASET_TO_REDSHIFT_CLUSTER)
     def add_dataset(session, username, groups, uri, data=None, check_perm=True):
         cluster = RedshiftCluster.get_redshift_cluster_by_uri(session, uri)
 
@@ -424,7 +425,7 @@ def add_dataset(session, username, groups, uri, data=None, check_perm=True):
         return cluster, dataset
 
     @staticmethod
-    @has_resource_perm(permissions.REMOVE_DATASET_FROM_REDSHIFT_CLUSTER)
+    @has_resource_permission(permissions.REMOVE_DATASET_FROM_REDSHIFT_CLUSTER)
     def remove_dataset_from_cluster(
         session, username, groups, uri, data=None, check_perm=True
     ):
@@ -501,7 +502,7 @@ def get_cluster_dataset_table(
         return cluster_dataset_table
 
     @staticmethod
-    @has_resource_perm(permissions.ENABLE_REDSHIFT_TABLE_COPY)
+    @has_resource_permission(permissions.ENABLE_REDSHIFT_TABLE_COPY)
     def enable_copy_table(
         session, username, groups, uri, data=None, check_perm=True
     ) -> models.RedshiftClusterDatasetTable:
@@ -528,7 +529,7 @@ def enable_copy_table(
         return table
 
     @staticmethod
-    @has_resource_perm(permissions.DISABLE_REDSHIFT_TABLE_COPY)
+    @has_resource_permission(permissions.DISABLE_REDSHIFT_TABLE_COPY)
     def disable_copy_table(
         session, username, groups, uri, data=None, check_perm=True
     ) -> bool:
@@ -548,7 +549,7 @@ def disable_copy_table(
         return True
 
     @staticmethod
-    @has_resource_perm(permissions.LIST_REDSHIFT_CLUSTER_DATASETS)
+    @has_resource_permission(permissions.LIST_REDSHIFT_CLUSTER_DATASETS)
     def list_copy_enabled_tables(
         session, username, groups, uri, data=None, check_perm=True
     ) -> [models.RedshiftClusterDatasetTable]:

From 1901f3a8c926bc283853e7c337384a084ae35e8d Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 5 Jul 2023 12:42:15 +0200
Subject: [PATCH 339/346] Migrated direct call for permission check with a
 decorator

---
 .../api/Objects/Environment/resolvers.py        | 17 +----------------
 backend/dataall/db/api/environment.py           | 11 ++++-------
 2 files changed, 5 insertions(+), 23 deletions(-)

diff --git a/backend/dataall/api/Objects/Environment/resolvers.py b/backend/dataall/api/Objects/Environment/resolvers.py
index 98b772e66..f76faf3ab 100644
--- a/backend/dataall/api/Objects/Environment/resolvers.py
+++ b/backend/dataall/api/Objects/Environment/resolvers.py
@@ -307,15 +307,7 @@ def resolve_vpc_list(context: Context, source, **kwargs):
 
 def get_environment(context: Context, source, environmentUri: str = None):
     with context.engine.scoped_session() as session:
-        ResourcePolicy.check_user_resource_permission(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            resource_uri=environmentUri,
-            permission_name=permissions.GET_ENVIRONMENT,
-        )
-        environment = db.api.Environment.get_environment_by_uri(session, environmentUri)
-        return environment
+        return db.api.Environment.find_environment_by_uri(session, uri=environmentUri)
 
 
 def resolve_user_role(context: Context, source: models.Environment):
@@ -464,13 +456,6 @@ def delete_environment(
     context: Context, source, environmentUri: str = None, deleteFromAWS: bool = False
 ):
     with context.engine.scoped_session() as session:
-        ResourcePolicy.check_user_resource_permission(
-            session=session,
-            username=context.username,
-            groups=context.groups,
-            resource_uri=environmentUri,
-            permission_name=permissions.DELETE_ENVIRONMENT,
-        )
         environment = db.api.Environment.get_environment_by_uri(session, environmentUri)
 
         try:
diff --git a/backend/dataall/db/api/environment.py b/backend/dataall/db/api/environment.py
index 36ce1b3bf..eac111457 100644
--- a/backend/dataall/db/api/environment.py
+++ b/backend/dataall/db/api/environment.py
@@ -795,19 +795,15 @@ def get_environment_consumption_role(session, role_uri, environment_uri):
     def get_environment_by_uri(session, uri) -> models.Environment:
         if not uri:
             raise exceptions.RequiredParameter('environmentUri')
-        environment: models.Environment = Environment.find_environment_by_uri(
-            session, uri
-        )
+        environment: models.Environment = session.query(models.Environment).get(uri)
         if not environment:
             raise exceptions.ObjectNotFound(models.Environment.__name__, uri)
         return environment
 
     @staticmethod
+    @has_resource_permission(permissions.GET_ENVIRONMENT)
     def find_environment_by_uri(session, uri) -> models.Environment:
-        if not uri:
-            raise exceptions.RequiredParameter('environmentUri')
-        environment: models.Environment = session.query(models.Environment).get(uri)
-        return environment
+        return Environment.get_environment_by_uri(session, uri)
 
     @staticmethod
     def list_all_active_environments(session) -> [models.Environment]:
@@ -857,6 +853,7 @@ def get_stack(session, uri, stack_uri) -> models.Stack:
         return session.query(models.Stack).get(stack_uri)
 
     @staticmethod
+    @has_resource_permission(permissions.DELETE_ENVIRONMENT)
     def delete_environment(session, uri, environment):
         env_groups = (
             session.query(models.EnvironmentGroup)

From 4acc9817a2182d356601b243edc34c366f19488d Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 7 Jul 2023 15:56:43 +0200
Subject: [PATCH 340/346] removed unused method

---
 .../modules/dataset_sharing/api/queries.py    | 12 -----
 .../modules/dataset_sharing/api/resolvers.py  | 14 ------
 .../db/share_object_repository.py             |  3 +-
 .../services/share_item_service.py            |  7 +--
 .../listDataItemsSharedWithEnvGroup.js        | 50 -------------------
 5 files changed, 2 insertions(+), 84 deletions(-)
 delete mode 100644 frontend/src/api/Environment/listDataItemsSharedWithEnvGroup.js

diff --git a/backend/dataall/modules/dataset_sharing/api/queries.py b/backend/dataall/modules/dataset_sharing/api/queries.py
index 0ebe44c64..6d04415b2 100644
--- a/backend/dataall/modules/dataset_sharing/api/queries.py
+++ b/backend/dataall/modules/dataset_sharing/api/queries.py
@@ -23,18 +23,6 @@
     resolver=list_shares_in_my_inbox,
 )
 
-listDataItemsSharedWithEnvGroup = gql.QueryField(
-    name='listDataItemsSharedWithEnvGroup',
-    args=[
-        gql.Argument(name='environmentUri', type=gql.NonNullableType(gql.String)),
-        gql.Argument(name='groupUri', type=gql.NonNullableType(gql.String)),
-        gql.Argument(name='filter', type=gql.Ref('EnvironmentDataItemFilter')),
-    ],
-    resolver=list_data_items_shared_with_env_group,
-    type=gql.Ref('EnvironmentPublishedItemSearchResults'),
-    test_scope='Dataset',
-)
-
 searchEnvironmentDataItems = gql.QueryField(
     name='searchEnvironmentDataItems',
     args=[
diff --git a/backend/dataall/modules/dataset_sharing/api/resolvers.py b/backend/dataall/modules/dataset_sharing/api/resolvers.py
index 8c4a4cfe7..af0e9cbf9 100644
--- a/backend/dataall/modules/dataset_sharing/api/resolvers.py
+++ b/backend/dataall/modules/dataset_sharing/api/resolvers.py
@@ -209,20 +209,6 @@ def list_shares_in_my_outbox(context: Context, source, filter: dict = None):
     return ShareObjectService.list_shares_in_my_outbox(filter)
 
 
-def list_data_items_shared_with_env_group(
-    context, source, environmentUri: str = None, groupUri: str = None, filter: dict = None
-):
-    if not filter:
-        filter = {}
-    with context.engine.scoped_session() as session:
-        return ShareItemService.paginated_shared_with_environment_group_datasets(
-            session=session,
-            env_uri=environmentUri,
-            group_uri=groupUri,
-            data=filter,
-        )
-
-
 def list_shared_with_environment_data_items(
     context: Context, source, environmentUri: str = None, filter: dict = None
 ):
diff --git a/backend/dataall/modules/dataset_sharing/db/share_object_repository.py b/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
index bdabbb837..dcb58687a 100644
--- a/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
+++ b/backend/dataall/modules/dataset_sharing/db/share_object_repository.py
@@ -936,7 +936,7 @@ def delete_all_share_items(session, env_uri):
             session.delete(share)
 
     @staticmethod
-    def paginate_shared_datasets(session, env_uri, group_uri, data):
+    def paginate_shared_datasets(session, env_uri, data):
         share_item_shared_states = ShareItemSM.get_share_item_shared_states()
         q = (
             session.query(
@@ -1005,7 +1005,6 @@ def paginate_shared_datasets(session, env_uri, group_uri, data):
                 and_(
                     ShareObjectItem.status.in_(share_item_shared_states),
                     ShareObject.environmentUri == env_uri,
-                    ShareObject.principalId == group_uri if group_uri else True,
                 )
             )
         )
diff --git a/backend/dataall/modules/dataset_sharing/services/share_item_service.py b/backend/dataall/modules/dataset_sharing/services/share_item_service.py
index ee4ad3bef..bf8c62a5c 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_item_service.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_item_service.py
@@ -168,9 +168,4 @@ def list_shareable_objects(share, filter, is_revokable=False):
     @staticmethod
     @has_resource_permission(LIST_ENVIRONMENT_SHARED_WITH_OBJECTS)
     def paginated_shared_with_environment_datasets(session, uri, data) -> dict:
-        return ShareObjectRepository.paginate_shared_datasets(session, uri, None, data)
-
-    @staticmethod
-    def paginated_shared_with_environment_group_datasets(session, env_uri, group_uri, data) -> dict:
-        # TODO THERE WAS NOT PERMISSION
-        return ShareObjectRepository.paginate_shared_datasets(session, env_uri, group_uri, data)
+        return ShareObjectRepository.paginate_shared_datasets(session, uri, data)
diff --git a/frontend/src/api/Environment/listDataItemsSharedWithEnvGroup.js b/frontend/src/api/Environment/listDataItemsSharedWithEnvGroup.js
deleted file mode 100644
index 00f019c19..000000000
--- a/frontend/src/api/Environment/listDataItemsSharedWithEnvGroup.js
+++ /dev/null
@@ -1,50 +0,0 @@
-import { gql } from 'apollo-boost';
-
-const listDataItemsSharedWithEnvGroup = ({
-  filter,
-  environmentUri,
-  groupUri
-}) => ({
-  variables: {
-    environmentUri,
-    groupUri,
-    filter
-  },
-  query: gql`
-    query listDataItemsSharedWithEnvGroup(
-      $filter: EnvironmentDataItemFilter
-      $environmentUri: String
-      $groupUri: String
-    ) {
-      listDataItemsSharedWithEnvGroup(
-        environmentUri: $environmentUri
-        groupUri: $groupUri
-        filter: $filter
-      ) {
-        count
-        page
-        pages
-        hasNext
-        hasPrevious
-        nodes {
-          shareUri
-          environmentName
-          environmentUri
-          organizationName
-          organizationUri
-          datasetUri
-          datasetName
-          itemType
-          itemAccess
-          GlueDatabaseName
-          GlueTableName
-          S3AccessPointName
-          created
-          principalId
-        }
-      }
-    }
-  `
-});
-
-export default listDataItemsSharedWithEnvGroup;

From d6c290ba5e9785e5807503ba304f779b4ba08d1b Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Mon, 10 Jul 2023 11:10:37 +0200
Subject: [PATCH 341/346] Removed a new added file

---
 TODO | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 delete mode 100644 TODO

diff --git a/TODO b/TODO
deleted file mode 100644
index e69de29bb..000000000

From fef7f34403f7a05ca59728b0834b36d049e44b6a Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 13 Jul 2023 16:56:34 +0200
Subject: [PATCH 342/346] Review remarks

---
 backend/dataall/db/connection.py                         | 9 +++------
 .../services/share_managers/lf_share_manager.py          | 1 -
 2 files changed, 3 insertions(+), 7 deletions(-)

diff --git a/backend/dataall/db/connection.py b/backend/dataall/db/connection.py
index 8ed24cbcf..607bcbdce 100644
--- a/backend/dataall/db/connection.py
+++ b/backend/dataall/db/connection.py
@@ -9,6 +9,8 @@
 from sqlalchemy.orm import sessionmaker
 
 from .. import db
+from ..aws.handlers.secrets_manager import SecretsManager
+from ..aws.handlers.sts import SessionHelper
 from ..db import Base
 from ..db.dbconfig import DbConfig
 from ..utils import Parameter
@@ -115,13 +117,8 @@ def get_engine(envname=ENVNAME):
     schema = os.getenv('schema_name', envname)
     if envname not in ['local', 'pytest', 'dkrcompose']:
         param_store = Parameter()
-        secret = Secrets()
         credential_arn = param_store.get_parameter(env=envname, path='aurora/dbcreds')
-        secretsmanager = boto3.client(
-            'secretsmanager', region_name=os.environ.get('AWS_REGION', 'eu-west-1')
-        )
-        db_credentials_string = secretsmanager.get_secret_value(SecretId=credential_arn)
-        creds = json.loads(db_credentials_string['SecretString'])
+        creds = SessionHelper.get_secret(credential_arn)
         user = creds['username']
         pwd = creds['password']
         db_params = {
diff --git a/backend/dataall/modules/dataset_sharing/services/share_managers/lf_share_manager.py b/backend/dataall/modules/dataset_sharing/services/share_managers/lf_share_manager.py
index b29e39468..678af2099 100644
--- a/backend/dataall/modules/dataset_sharing/services/share_managers/lf_share_manager.py
+++ b/backend/dataall/modules/dataset_sharing/services/share_managers/lf_share_manager.py
@@ -10,7 +10,6 @@
 from dataall.modules.dataset_sharing.aws.lakeformation_client import LakeFormationClient
 from dataall.aws.handlers.quicksight import QuicksightClient
 from dataall.aws.handlers.sts import SessionHelper
-from dataall.modules.dataset_sharing.aws.ram_client import RamClient
 from dataall.db import exceptions, models
 from dataall.modules.datasets_base.db.models import DatasetTable, Dataset
 from dataall.modules.dataset_sharing.services.dataset_alarm_service import DatasetAlarmService

From 58626df912fdbacefae114a24c784951a40a42f6 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 13 Jul 2023 17:07:03 +0200
Subject: [PATCH 343/346] Clean up imports

---
 backend/dataall/db/connection.py | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/backend/dataall/db/connection.py b/backend/dataall/db/connection.py
index 607bcbdce..92c28a21e 100644
--- a/backend/dataall/db/connection.py
+++ b/backend/dataall/db/connection.py
@@ -1,15 +1,12 @@
-import json
 import logging
 import os
 from contextlib import contextmanager
 
-import boto3
 import sqlalchemy
 from sqlalchemy.engine import reflection
 from sqlalchemy.orm import sessionmaker
 
 from .. import db
-from ..aws.handlers.secrets_manager import SecretsManager
 from ..aws.handlers.sts import SessionHelper
 from ..db import Base
 from ..db.dbconfig import DbConfig

From cc3bf83e5222a0919d1ba1269090a52132554236 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Fri, 14 Jul 2023 10:31:40 +0200
Subject: [PATCH 344/346] Review remarks

---
 backend/dataall/modules/datasets/aws/s3_dataset_client.py     | 2 +-
 backend/dataall/modules/datasets/aws/sns_dataset_client.py    | 2 +-
 .../dataall/modules/datasets/tasks/bucket_policy_updater.py   | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/backend/dataall/modules/datasets/aws/s3_dataset_client.py b/backend/dataall/modules/datasets/aws/s3_dataset_client.py
index d4ca30630..3667862c7 100644
--- a/backend/dataall/modules/datasets/aws/s3_dataset_client.py
+++ b/backend/dataall/modules/datasets/aws/s3_dataset_client.py
@@ -37,7 +37,7 @@ def get_file_upload_presigned_url(self, data):
             raise e
 
 
-class S3BucketPolicyClient:
+class S3DatasetBucketPolicyClient:
     def __init__(self, dataset: Dataset):
         session = SessionHelper.remote_session(accountid=dataset.AwsAccountId)
         self._client = session.client('s3')
diff --git a/backend/dataall/modules/datasets/aws/sns_dataset_client.py b/backend/dataall/modules/datasets/aws/sns_dataset_client.py
index f6e82694a..17f785363 100644
--- a/backend/dataall/modules/datasets/aws/sns_dataset_client.py
+++ b/backend/dataall/modules/datasets/aws/sns_dataset_client.py
@@ -18,7 +18,7 @@ def __init__(self, environment: Environment, dataset: Dataset):
         )
 
         self._client = aws_session.client('sns', region_name=environment.region)
-        self._topic = f'arn:aws:sns:{environment.region}:{environment.AwsAccountId}:{environment.subscriptionsProducersTopicName}'
+        self._topic = f'arn:aws:sns:{environment.region}:{environment.AwsAccountId}:{environment.subscriptionsConsumersTopicName}'
         self._dataset = dataset
 
     def publish_dataset_message(self, message: dict):
diff --git a/backend/dataall/modules/datasets/tasks/bucket_policy_updater.py b/backend/dataall/modules/datasets/tasks/bucket_policy_updater.py
index 6546ecffb..04333adcb 100644
--- a/backend/dataall/modules/datasets/tasks/bucket_policy_updater.py
+++ b/backend/dataall/modules/datasets/tasks/bucket_policy_updater.py
@@ -7,7 +7,7 @@
 
 from dataall.db import get_engine
 from dataall.modules.dataset_sharing.db.share_object_repository import ShareObjectRepository
-from dataall.modules.datasets.aws.s3_dataset_client import S3BucketPolicyClient
+from dataall.modules.datasets.aws.s3_dataset_client import S3DatasetBucketPolicyClient
 from dataall.modules.datasets_base.db.models import Dataset
 
 root = logging.getLogger()
@@ -80,7 +80,7 @@ def sync_imported_datasets_bucket_policies(self):
                         accountid, bucket, account_prefixes
                     )
 
-                client = S3BucketPolicyClient(dataset)
+                client = S3DatasetBucketPolicyClient(dataset)
 
                 policy = client.get_bucket_policy()
 

From b0766e6f61aafd6f76623983dc461b37eea2f797 Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Wed, 19 Jul 2023 10:48:46 +0200
Subject: [PATCH 345/346] Fixed imports in merge conflicts

---
 backend/dataall/db/api/environment.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/backend/dataall/db/api/environment.py b/backend/dataall/db/api/environment.py
index a461523af..8c490f2e4 100644
--- a/backend/dataall/db/api/environment.py
+++ b/backend/dataall/db/api/environment.py
@@ -19,15 +19,15 @@
 )
 from ..models.Permission import PermissionType
 from ..paginator import paginate
-from dataall.core.environment.db.models import EnvironmentParameter
 from dataall.core.environment.db.repositories import EnvironmentParameterRepository
 from dataall.utils.naming_convention import (
     NamingConventionService,
     NamingConventionPattern,
 )
-from dataall.core.group.services.environment_resource_manager import EnvironmentResourceManager
 from dataall.core.permission_checker import has_resource_permission, has_tenant_permission
-from ...core.context import get_context
+from dataall.core.context import get_context
+from dataall.core.environment.db.models import EnvironmentParameter
+from dataall.core.environment.services.environment_resource_manager import EnvironmentResourceManager
 
 log = logging.getLogger(__name__)
 

From a984bfef6158e6375f193e1db419742ce2fa5e7e Mon Sep 17 00:00:00 2001
From: Nikita Podshivalov <nikpodsh@amazon.com>
Date: Thu, 20 Jul 2023 17:00:42 +0200
Subject: [PATCH 346/346] Review remarks

---
 backend/dataall/db/api/environment.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/backend/dataall/db/api/environment.py b/backend/dataall/db/api/environment.py
index 8c490f2e4..2f4541b5b 100644
--- a/backend/dataall/db/api/environment.py
+++ b/backend/dataall/db/api/environment.py
@@ -34,8 +34,8 @@
 
 class Environment:
     @staticmethod
-    @has_resource_permission(permissions.MANAGE_ENVIRONMENTS)
-    @has_tenant_permission(permissions.LINK_ENVIRONMENT)
+    @has_tenant_permission(permissions.MANAGE_ENVIRONMENTS)
+    @has_resource_permission(permissions.LINK_ENVIRONMENT)
     def create_environment(session, uri, data=None):
         context = get_context()
         Environment._validate_creation_params(data, uri)
@@ -385,7 +385,7 @@ def update_group_permissions(session, uri, data=None):
     @has_resource_permission(permissions.LIST_ENVIRONMENT_GROUP_PERMISSIONS)
     def list_group_permissions(session, uri, group_uri):
         # the permission checked
-        return Environment.list_group_permissions(session, uri, group_uri)
+        return Environment.list_group_permissions_internal(session, uri, group_uri)
 
     @staticmethod
     def list_group_permissions_internal(session, uri, group_uri):