diff --git a/kallithea/model/repo_group.py b/kallithea/model/repo_group.py
--- a/kallithea/model/repo_group.py
+++ b/kallithea/model/repo_group.py
@@ -198,9 +198,11 @@ class RepoGroupModel(BaseModel):
             if isinstance(obj, RepoGroup):
                 self.grant_user_permission(repo_group=obj, user=user, perm=perm)
             elif isinstance(obj, Repository):
+                user = User.guess_instance(user)
+
                 # private repos will not allow to change the default permissions
                 # using recursive mode
-                if obj.private and user == User.DEFAULT_USER:
+                if obj.private and user.username == User.DEFAULT_USER:
                     return
 
                 # we set group permission but we have to switch to repo
diff --git a/kallithea/tests/models/test_user_permissions_on_repo_groups.py b/kallithea/tests/models/test_user_permissions_on_repo_groups.py
--- a/kallithea/tests/models/test_user_permissions_on_repo_groups.py
+++ b/kallithea/tests/models/test_user_permissions_on_repo_groups.py
@@ -1,7 +1,7 @@
 import functools
 
 from kallithea.model.repo_group import RepoGroupModel
-from kallithea.model.db import RepoGroup, User
+from kallithea.model.db import RepoGroup, Repository, User
 
 from kallithea.model.meta import Session
 from kallithea.tests.models.common import _create_project_tree, check_tree_perms, \
@@ -133,7 +133,9 @@ def test_user_permissions_on_group_with_
     _check_expected_count(items, repo_items, expected_count(group, True))
 
     for name, perm in repo_items:
-        check_tree_perms(name, perm, group, 'repository.write')
+        # default user permissions do not "recurse into" private repos
+        is_private = Repository.get_by_repo_name(name).private
+        check_tree_perms(name, perm, group, 'repository.none' if is_private else 'repository.write')
 
     for name, perm in items:
         check_tree_perms(name, perm, group, 'group.write')