# HG changeset patch
# User Mads Kiilerich <mads@kiilerich.com>
# Date 2018-12-29 19:16:56
# Node ID 6d0573ba0721986e963ce04439689f28dd0ef84a
# Parent  8eed16b2a99bebcfd5d81a0cc778d0b636d19773

auth: drop "multiple_counter" from computing permissions

This seems to have been something about having some permissions override
existing permissions. It is not clear to me why anybody should want that.

test_user_group_permissions_on_repo_groups.py seems to have been testing for
something we don't want. The new behaviour seems more reasonable. The test user
is inhering access from the default user, and thus in this case getting read
access (except when private).

diff --git a/kallithea/lib/auth.py b/kallithea/lib/auth.py
--- a/kallithea/lib/auth.py
+++ b/kallithea/lib/auth.py
@@ -285,14 +285,11 @@ def _cached_perms_data(user_id, user_is_
         .filter(UserGroupMember.user_id == user_id) \
         .all()
 
-    multiple_counter = collections.defaultdict(int)
     for perm in user_repo_perms_from_users_groups:
         r_k = perm.UserGroupRepoToPerm.repository.repo_name
-        multiple_counter[r_k] += 1
+        cur_perm = permissions[RK][r_k]
         p = perm.Permission.permission_name
-        cur_perm = permissions[RK][r_k]
-        if multiple_counter[r_k] > 1:
-            p = _choose_perm(p, cur_perm)
+        p = _choose_perm(p, cur_perm)
         permissions[RK][r_k] = p
 
     # user permissions for repositories
@@ -325,14 +322,11 @@ def _cached_perms_data(user_id, user_is_
      .filter(UserGroupMember.user_id == user_id) \
      .all()
 
-    multiple_counter = collections.defaultdict(int)
     for perm in user_repo_group_perms_from_users_groups:
         g_k = perm.UserGroupRepoGroupToPerm.group.group_name
-        multiple_counter[g_k] += 1
         p = perm.Permission.permission_name
         cur_perm = permissions[GK][g_k]
-        if multiple_counter[g_k] > 1:
-            p = _choose_perm(p, cur_perm)
+        p = _choose_perm(p, cur_perm)
         permissions[GK][g_k] = p
 
     # user explicit permissions for repository groups
@@ -362,14 +356,11 @@ def _cached_perms_data(user_id, user_is_
      .filter(UserGroup.users_group_active == True) \
      .all()
 
-    multiple_counter = collections.defaultdict(int)
     for perm in user_group_user_groups_perms:
         g_k = perm.UserGroupUserGroupToPerm.target_user_group.users_group_name
-        multiple_counter[g_k] += 1
         p = perm.Permission.permission_name
         cur_perm = permissions[UK][g_k]
-        if multiple_counter[g_k] > 1:
-            p = _choose_perm(p, cur_perm)
+        p = _choose_perm(p, cur_perm)
         permissions[UK][g_k] = p
 
     # user explicit permission for user groups
diff --git a/kallithea/tests/models/test_permissions.py b/kallithea/tests/models/test_permissions.py
--- a/kallithea/tests/models/test_permissions.py
+++ b/kallithea/tests/models/test_permissions.py
@@ -599,7 +599,7 @@ class TestPermissions(TestController):
 
         Session().commit()
         u1_auth = AuthUser(user_id=self.u1.user_id)
-        assert u1_auth.permissions['repositories']['myownrepo'] == 'repository.none' # temporarily, because multiple_counter
+        assert u1_auth.permissions['repositories']['myownrepo'] == 'repository.admin'
 
     def test_owner_permissions_doesnot_get_overwritten_by_others(self):
         # create repo as USER,
diff --git a/kallithea/tests/models/test_user_group_permissions_on_repo_groups.py b/kallithea/tests/models/test_user_group_permissions_on_repo_groups.py
--- a/kallithea/tests/models/test_user_group_permissions_on_repo_groups.py
+++ b/kallithea/tests/models/test_user_group_permissions_on_repo_groups.py
@@ -129,14 +129,14 @@ def test_user_permissions_on_group_with_
     _check_expected_count(items, repo_items, expected_count(group, True))
 
     for name, perm in repo_items:
-        check_tree_perms(name, perm, group, 'repository.none')
+        check_tree_perms(name, perm, group, 'repository.none' if name.endswith('_private') else 'repository.read')
 
     for name, perm in items:
-        check_tree_perms(name, perm, group, 'group.none')
+        check_tree_perms(name, perm, group, 'group.read')
 
 
 def test_user_permissions_on_group_with_recursive_mode_deepest():
-    ## set permission to g0_3 group to none
+    ## set permission to g0/g0_1/g0_1_1 group to write
     recursive = 'all'
     group = u'g0/g0_1/g0_1_1'
     permissions_setup_func(group, 'group.write', recursive=recursive)
@@ -153,7 +153,7 @@ def test_user_permissions_on_group_with_
 
 
 def test_user_permissions_on_group_with_recursive_mode_only_with_repos():
-    ## set permission to g0_3 group to none
+    ## set permission to g0/g0_2 group to admin
     recursive = 'all'
     group = u'g0/g0_2'
     permissions_setup_func(group, 'group.admin', recursive=recursive)
@@ -208,4 +208,4 @@ def test_user_permissions_on_group_with_
         check_tree_perms(name, perm, group, 'repository.read')
 
     for name, perm in items:
-        check_tree_perms(name, perm, group, 'group.none')
+        check_tree_perms(name, perm, group, 'group.read')