m.connect("repos_groups", "/repo_groups",

                  action="create", conditions=dict(method=["POST"]))

        m.connect("repos_groups", "/repo_groups",

                  action="index", conditions=dict(method=["GET"]))

        m.connect("new_repos_group", "/repo_groups/new",

                  action="new", conditions=dict(method=["GET"]))

        m.connect("update_repos_group", "/repo_groups/{group_name:.*?}",

                  action="update", conditions=dict(method=["POST"],

                                                   function=check_group))

        m.connect("repos_group", "/repo_groups/{group_name:.*?}",

                  action="show", conditions=dict(method=["GET"],

                                                 function=check_group))

        #EXTRAS REPO GROUP ROUTES

        m.connect("edit_repo_group", "/repo_groups/{group_name:.*?}/edit",

                  action="edit",

                  conditions=dict(method=["GET"], function=check_group))

        m.connect("edit_repo_group_advanced", "/repo_groups/{group_name:.*?}/edit/advanced",

                  action="edit_repo_group_advanced",

                  conditions=dict(method=["GET"], function=check_group))

        m.connect("edit_repo_group_perms", "/repo_groups/{group_name:.*?}/edit/permissions",

                  action="edit_repo_group_perms",

                  conditions=dict(method=["GET"], function=check_group))

        m.connect("edit_repo_group_perms_update", "/repo_groups/{group_name:.*?}/edit/permissions",

                  action="update_perms",

                  conditions=dict(method=["POST"], function=check_group))

        m.connect("edit_repo_group_perms_delete", "/repo_groups/{group_name:.*?}/edit/permissions/delete",

                  action="delete_perms",

                  conditions=dict(method=["POST"], function=check_group))

        m.connect("delete_repo_group", "/repo_groups/{group_name:.*?}/delete",

                  action="delete", conditions=dict(method=["POST"],

                                                   function=check_group_skip_path))

    #ADMIN USER ROUTES

    with rmap.submapper(path_prefix=ADMIN_PREFIX,

                        controller='admin/users') as m:

        m.connect("users", "/users",

                  action="create", conditions=dict(method=["POST"]))

        m.connect("users", "/users",

                  action="index", conditions=dict(method=["GET"]))

        m.connect("formatted_users", "/users.{format}",

                  action="index", conditions=dict(method=["GET"]))

        m.connect("new_user", "/users/new",

                  action="new", conditions=dict(method=["GET"]))

        m.connect("update_user", "/users/{id}",

                  action="update", conditions=dict(method=["POST"]))

        m.connect("delete_user", "/users/{id}/delete",

                  action="delete", conditions=dict(method=["POST"]))

        m.connect("edit_user", "/users/{id}/edit",

                  action="edit", conditions=dict(method=["GET"]))

        #EXTRAS USER ROUTES

        m.connect("edit_user_advanced", "/users/{id}/edit/advanced",

                  action="edit_advanced", conditions=dict(method=["GET"]))

        m.connect("edit_user_api_keys", "/users/{id}/edit/api_keys",

                  action="edit_api_keys", conditions=dict(method=["GET"]))

        m.connect("edit_user_api_keys", "/users/{id}/edit/api_keys",

                  action="add_api_key", conditions=dict(method=["POST"]))

        m.connect("edit_user_api_keys_delete", "/users/{id}/edit/api_keys/delete",

                  action="delete_api_key", conditions=dict(method=["POST"]))

        m.connect("edit_user_perms", "/users/{id}/edit/permissions",

                  action="edit_perms", conditions=dict(method=["GET"]))

        m.connect("edit_user_perms", "/users/{id}/edit/permissions",

                  action="update_perms", conditions=dict(method=["PUT"]))

        m.connect("edit_user_emails", "/users/{id}/edit/emails",

                  action="edit_emails", conditions=dict(method=["GET"]))

        m.connect("edit_user_emails_update", "/users/{id}/edit/emails",

                  action="add_email", conditions=dict(method=["POST"]))

        m.connect("edit_user_emails_delete", "/users/{id}/edit/emails/delete",

                  action="delete_email", conditions=dict(method=["POST"]))

        m.connect("edit_user_ips", "/users/{id}/edit/ips",

                  action="edit_ips", conditions=dict(method=["GET"]))

        m.connect("edit_user_ips_update", "/users/{id}/edit/ips",

                  action="add_ip", conditions=dict(method=["POST"]))

        m.connect("edit_user_ips_delete", "/users/{id}/edit/ips/delete",

                  action="delete_ip", conditions=dict(method=["POST"]))

    #ADMIN USER GROUPS REST ROUTES

    with rmap.submapper(path_prefix=ADMIN_PREFIX,

                        controller='admin/user_groups') as m:

        m.connect("users_groups", "/user_groups",

                  action="create", conditions=dict(method=["POST"]))

        m.connect("users_groups", "/user_groups",

                  action="index", conditions=dict(method=["GET"]))

        m.connect("new_users_group", "/user_groups/new",

                  action="new", conditions=dict(method=["GET"]))

        m.connect("update_users_group", "/user_groups/{id}",

        m.connect("delete_users_group", "/user_groups/{id}/delete",

                  action="delete", conditions=dict(method=["POST"]))

        m.connect("edit_users_group", "/user_groups/{id}/edit",

                  action="edit", conditions=dict(method=["GET"]),

                  function=check_user_group)

        #EXTRAS USER GROUP ROUTES

        m.connect("edit_user_group_default_perms", "/user_groups/{id}/edit/default_perms",

                  action="edit_default_perms", conditions=dict(method=["GET"]))

        m.connect("edit_user_group_default_perms", "/user_groups/{id}/edit/default_perms",

                  action="update_default_perms", conditions=dict(method=["PUT"]))

        m.connect("edit_user_group_perms", "/user_groups/{id}/edit/perms",

                  action="edit_perms", conditions=dict(method=["GET"]))

        m.connect("edit_user_group_perms", "/user_groups/{id}/edit/perms",

                  action="update_perms", conditions=dict(method=["PUT"]))

        m.connect("edit_user_group_perms_delete", "/user_groups/{id}/edit/perms/delete",

                  action="delete_perms", conditions=dict(method=["POST"]))

        m.connect("edit_user_group_advanced", "/user_groups/{id}/edit/advanced",

                  action="edit_advanced", conditions=dict(method=["GET"]))

        m.connect("edit_user_group_members", "/user_groups/{id}/edit/members",

                  action="edit_members", conditions=dict(method=["GET"]))

    #ADMIN PERMISSIONS ROUTES

    with rmap.submapper(path_prefix=ADMIN_PREFIX,

                        controller='admin/permissions') as m:

        m.connect("admin_permissions", "/permissions",

                  action="permission_globals", conditions=dict(method=["POST"]))

        m.connect("admin_permissions", "/permissions",

                  action="permission_globals", conditions=dict(method=["GET"]))

        m.connect("admin_permissions_ips", "/permissions/ips",

                  action="permission_ips", conditions=dict(method=["GET"]))

        m.connect("admin_permissions_perms", "/permissions/perms",

                  action="permission_perms", conditions=dict(method=["GET"]))

    #ADMIN DEFAULTS ROUTES

    with rmap.submapper(path_prefix=ADMIN_PREFIX,

                        controller='admin/defaults') as m:

        m.connect('defaults', 'defaults',

                  action="index")

        m.connect('defaults_update', 'defaults/{id}/update',

                  action="update", conditions=dict(method=["POST"]))

    #ADMIN AUTH SETTINGS

    rmap.connect('auth_settings', '%s/auth' % ADMIN_PREFIX,

                 controller='admin/auth_settings', action='auth_settings',

                 conditions=dict(method=["POST"]))

    rmap.connect('auth_home', '%s/auth' % ADMIN_PREFIX,

                 controller='admin/auth_settings')

    #ADMIN SETTINGS ROUTES

    with rmap.submapper(path_prefix=ADMIN_PREFIX,

                        controller='admin/settings') as m:

        m.connect("admin_settings", "/settings",

                  action="settings_vcs", conditions=dict(method=["POST"]))

        m.connect("admin_settings", "/settings",

                  action="settings_vcs", conditions=dict(method=["GET"]))

        m.connect("admin_settings_mapping", "/settings/mapping",

                  action="settings_mapping", conditions=dict(method=["POST"]))

        m.connect("admin_settings_mapping", "/settings/mapping",

                  action="settings_mapping", conditions=dict(method=["GET"]))

        m.connect("admin_settings_global", "/settings/global",

                  action="settings_global", conditions=dict(method=["POST"]))

        m.connect("admin_settings_global", "/settings/global",

                  action="settings_global", conditions=dict(method=["GET"]))

        m.connect("admin_settings_visual", "/settings/visual",

                  action="settings_visual", conditions=dict(method=["POST"]))

        m.connect("admin_settings_visual", "/settings/visual",

                  action="settings_visual", conditions=dict(method=["GET"]))

        m.connect("admin_settings_email", "/settings/email",

                  action="settings_email", conditions=dict(method=["POST"]))

        m.connect("admin_settings_email", "/settings/email",

                  action="settings_email", conditions=dict(method=["GET"]))

        m.connect("admin_settings_hooks", "/settings/hooks",

                  action="settings_hooks", conditions=dict(method=["POST"]))

        m.connect("admin_settings_hooks_delete", "/settings/hooks/delete",

                  action="settings_hooks", conditions=dict(method=["POST"]))

        m.connect("admin_settings_hooks", "/settings/hooks",

                  action="settings_hooks", conditions=dict(method=["GET"]))

        m.connect("admin_settings_search", "/settings/search",

                  action="settings_search", conditions=dict(method=["POST"]))

        m.connect("admin_settings_search", "/settings/search",

            template.get_def("user_group_name")

            .render(user_group_id, user_group_name, _=_, h=h, c=c)

        )

        user_group_actions = lambda user_group_id, user_group_name: (

            template.get_def("user_group_actions")

            .render(user_group_id, user_group_name, _=_, h=h, c=c)

        )

        for user_gr in group_iter:

            user_groups_data.append({

                "raw_name": user_gr.users_group_name,

                "group_name": user_group_name(user_gr.users_group_id,

                                              user_gr.users_group_name),

                "desc": h.escape(user_gr.user_group_description),

                "members": len(user_gr.members),

                "active": h.boolicon(user_gr.users_group_active),

                "owner": h.person(user_gr.user.username),

                "action": user_group_actions(user_gr.users_group_id, user_gr.users_group_name)

            })

        c.data = json.dumps({

            "totalRecords": total_records,

            "startIndex": 0,

            "sort": None,

            "dir": "asc",

            "records": user_groups_data

        })

        return render('admin/user_groups/user_groups.html')

    @HasPermissionAnyDecorator('hg.admin', 'hg.usergroup.create.true')

    def create(self):

        users_group_form = UserGroupForm()()

        try:

            form_result = users_group_form.to_python(dict(request.POST))

            ug = UserGroupModel().create(name=form_result['users_group_name'],

                                         description=form_result['user_group_description'],

                                         owner=self.authuser.user_id,

                                         active=form_result['users_group_active'])

            gr = form_result['users_group_name']

            action_logger(self.authuser,

                          'admin_created_users_group:%s' % gr,

                          None, self.ip_addr, self.sa)

            h.flash(h.literal(_('Created user group %s') % h.link_to(h.escape(gr), url('edit_users_group', id=ug.users_group_id))),

                category='success')

            Session().commit()

        except formencode.Invalid as errors:

            return htmlfill.render(

                render('admin/user_groups/user_group_add.html'),

                defaults=errors.value,

                errors=errors.error_dict or {},

                prefix_error=False,

                encoding="UTF-8",

                force_defaults=False)

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('Error occurred during creation of user group %s') \

                    % request.POST.get('users_group_name'), category='error')

        raise HTTPFound(location=url('users_groups'))

    @HasPermissionAnyDecorator('hg.admin', 'hg.usergroup.create.true')

    def new(self, format='html'):

        return render('admin/user_groups/user_group_add.html')

    @HasUserGroupPermissionAnyDecorator('usergroup.admin')

    def update(self, id):

        c.user_group = UserGroup.get_or_404(id)

        c.active = 'settings'

        self.__load_data(id)

        available_members = [safe_unicode(x[0]) for x in c.available_members]

        users_group_form = UserGroupForm(edit=True,

                                         old_data=c.user_group.get_dict(),

                                         available_members=available_members)()

        try:

            form_result = users_group_form.to_python(request.POST)

            UserGroupModel().update(c.user_group, form_result)

            gr = form_result['users_group_name']

            action_logger(self.authuser,

                          'admin_updated_users_group:%s' % gr,

                          None, self.ip_addr, self.sa)

            h.flash(_('Updated user group %s') % gr, category='success')

            Session().commit()

        except formencode.Invalid as errors:

            ug_model = UserGroupModel()

            defaults = errors.value

            e = errors.error_dict or {}

            defaults.update({

                'create_repo_perm': ug_model.has_perm(id,

                                                      'hg.create.repository'),

                'fork_repo_perm': ug_model.has_perm(id,

                                                    'hg.fork.repository'),

            })

            return htmlfill.render(

                render('admin/user_groups/user_group_edit.html'),

                defaults=defaults,

                errors=e,

                prefix_error=False,

                encoding="UTF-8",

                force_defaults=False)

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('Error occurred during update of user group %s') \

                    % request.POST.get('users_group_name'), category='error')

        raise HTTPFound(location=url('edit_users_group', id=id))

    @HasUserGroupPermissionAnyDecorator('usergroup.admin')

    def delete(self, id):

        usr_gr = UserGroup.get_or_404(id)

        try:

            UserGroupModel().delete(usr_gr)

            Session().commit()

            h.flash(_('Successfully deleted user group'), category='success')

        except UserGroupsAssignedException as e:

            h.flash(e, category='error')

        except Exception:

            log.error(traceback.format_exc())

            h.flash(_('An error occurred during deletion of user group'),

                    category='error')

        raise HTTPFound(location=url('users_groups'))

    @HasUserGroupPermissionAnyDecorator('usergroup.admin')

    def edit(self, id, format='html'):

        c.user_group = UserGroup.get_or_404(id)

        c.active = 'settings'

        self.__load_data(id)

        defaults = self.__load_defaults(id)

        return htmlfill.render(

            render('admin/user_groups/user_group_edit.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False

        )

    @HasUserGroupPermissionAnyDecorator('usergroup.admin')

    def edit_perms(self, id):

        c.user_group = UserGroup.get_or_404(id)

        c.active = 'perms'

        repo_model = RepoModel()

        c.users_array = repo_model.get_users_js()

        c.user_groups_array = repo_model.get_user_groups_js()

        defaults = {}

        # fill user group users

        for p in c.user_group.user_user_group_to_perm:

            defaults.update({'u_perm_%s' % p.user.username:

                             p.permission.permission_name})

        for p in c.user_group.user_group_user_group_to_perm:

            defaults.update({'g_perm_%s' % p.user_group.users_group_name:

                             p.permission.permission_name})

        return htmlfill.render(

            render('admin/user_groups/user_group_edit.html'),

            defaults=defaults,

            encoding="UTF-8",

            force_defaults=False

        )

    @HasUserGroupPermissionAnyDecorator('usergroup.admin')

    def update_perms(self, id):

        """

        grant permission for given usergroup

        :param id:

        """

        user_group = UserGroup.get_or_404(id)

        form = UserGroupPermsForm()().to_python(request.POST)

        # set the permissions !

        try:

            UserGroupModel()._update_permissions(user_group, form['perms_new'],

                                                 form['perms_updates'])

        except RepoGroupAssignmentError:

            h.flash(_('Target group cannot be the same'), category='error')

            raise HTTPFound(location=url('edit_user_group_perms', id=id))

        #TODO: implement this

        #action_logger(self.authuser, 'admin_changed_repo_permissions',

        #              repo_name, self.ip_addr, self.sa)

        Session().commit()

        h.flash(_('User group permissions updated'), category='success')

        raise HTTPFound(location=url('edit_user_group_perms', id=id))

    <div class="form">

        <!-- fields -->

            <div class="fields">

                 <div class="field">

                    <div class="label">

                        <label for="users_group_name">${_('Group name')}:</label>

                    </div>

                    <div class="input">

                        ${h.text('users_group_name',class_='large')}

                    </div>

                 </div>

                 <div class="field">

                    <div class="label label-textarea">

                        <label for="user_group_description">${_('Description')}:</label>

                    </div>

                    <div class="textarea-small editor">

                        ${h.textarea('user_group_description')}

                        <span class="help-block">${_('Short, optional description for this user group.')}</span>

                    </div>

                 </div>

                 <div class="field">

                    <div class="label label-checkbox">

                        <label for="users_group_active">${_('Active')}:</label>

                    </div>

                    <div class="checkboxes">

                        ${h.checkbox('users_group_active',value=True)}

                    </div>

                 </div>

                <div class="field">

                    <div class="label">

                        <label for="users_group_active">${_('Members')}:</label>

                    </div>

                    <div class="select">

                        <table>

                                <tr>

                                    <td>

                                        <div>

                                            <div style="float:left">

                                                <div class="text" style="padding: 0px 0px 6px;">${_('Chosen group members')}</div>

                                                ${h.select('users_group_members',[],c.group_members,multiple=True,size=8,style="min-width:210px")}

                                            </div>

                                            <div style="float:left;width:20px;padding-top:50px">

                                                <i style="cursor:pointer; font-size: 16px" id="add_element" class="icon-left-open" title="Choose selected available"></i>

                                                <div style="height:50px"></div>

                                                <i style="cursor:pointer; font-size: 16px" id="remove_element" class="icon-right-open" title="Remove selected chosen"></i>

                                            </div>

                                            <div style="float:left">

                                                 <div class="text" style="padding: 0px 0px 6px;">${_('Available members')}</div>

                                                 ${h.select('available_members',[],c.available_members,multiple=True,size=8,style="min-width:210px")}

                                            </div>

                                        </div>

                                    </td>

                                </tr>

                        </table>

                    </div>

                </div>

                <div class="buttons">

                  ${h.submit('Save',_('Save'),class_="btn")}

                </div>

            </div>

    </div>

${h.end_form()}

<script type="text/javascript">

  MultiSelectWidget('users_group_members','available_members','edit_users_group');

</script>

# -*- coding: utf-8 -*-

from kallithea.tests import *

from kallithea.model.db import UserGroup, UserGroupToPerm, Permission

from kallithea.model.meta import Session

TEST_USER_GROUP = u'admins_test'

class TestAdminUsersGroupsController(TestController):

    def test_index(self):

        self.log_user()

        response = self.app.get(url('users_groups'))

        # Test response...

    def test_create(self):

        self.log_user()

        users_group_name = TEST_USER_GROUP

        response = self.app.post(url('users_groups'),

                                 {'users_group_name': users_group_name,

                                  'user_group_description': u'DESC',

                                  'active': True,

                                  '_authentication_token': self.authentication_token()})

        response.follow()

        self.checkSessionFlash(response,

                               'Created user group <a href="/_admin/user_groups/')

        self.checkSessionFlash(response,

                               '/edit">%s</a>' % TEST_USER_GROUP)

    def test_new(self):

        response = self.app.get(url('new_users_group'))

    def test_update(self):

    def test_update_browser_fakeout(self):

    def test_delete(self):

        self.log_user()

        users_group_name = TEST_USER_GROUP + 'another'

        response = self.app.post(url('users_groups'),

                                 {'users_group_name':users_group_name,

                                  'user_group_description': u'DESC',

                                  'active': True,

                                  '_authentication_token': self.authentication_token()})

        response.follow()

        self.checkSessionFlash(response,

                               'Created user group ')

        gr = Session().query(UserGroup) \

            .filter(UserGroup.users_group_name == users_group_name).one()

        response = self.app.post(url('delete_users_group', id=gr.users_group_id),

            params={'_authentication_token': self.authentication_token()})

        gr = Session().query(UserGroup) \

            .filter(UserGroup.users_group_name == users_group_name).scalar()

        assert gr == None

    def test_default_perms_enable_repository_read_on_group(self):

        self.log_user()

        users_group_name = TEST_USER_GROUP + 'another2'

        response = self.app.post(url('users_groups'),

                                 {'users_group_name': users_group_name,

                                  'user_group_description': u'DESC',

                                  'active': True,

                                  '_authentication_token': self.authentication_token()})

        response.follow()

        ug = UserGroup.get_by_group_name(users_group_name)

        self.checkSessionFlash(response,

                               'Created user group ')

        ## ENABLE REPO CREATE ON A GROUP

        response = self.app.put(url('edit_user_group_default_perms',

                                    id=ug.users_group_id),

                                 {'create_repo_perm': True,

                                  '_authentication_token': self.authentication_token()})

        response.follow()

        ug = UserGroup.get_by_group_name(users_group_name)

        p = Permission.get_by_key('hg.create.repository')

        p2 = Permission.get_by_key('hg.usergroup.create.false')

        p3 = Permission.get_by_key('hg.fork.none')

        # check if user has this perms, they should be here since

        # defaults are on

        perms = UserGroupToPerm.query() \

            .filter(UserGroupToPerm.users_group == ug).all()

        assert sorted([[x.users_group_id, x.permission_id, ] for x in perms]) == sorted([[ug.users_group_id, p.permission_id],

                    [ug.users_group_id, p2.permission_id],

                    [ug.users_group_id, p3.permission_id]])

        ## DISABLE REPO CREATE ON A GROUP

        response = self.app.put(

            url('edit_user_group_default_perms', id=ug.users_group_id),

            params={'_authentication_token': self.authentication_token()})

        response.follow()

        ug = UserGroup.get_by_group_name(users_group_name)

        p = Permission.get_by_key('hg.create.none')

        p2 = Permission.get_by_key('hg.usergroup.create.false')

        p3 = Permission.get_by_key('hg.fork.none')

        # check if user has this perms, they should be here since

        # defaults are on

        perms = UserGroupToPerm.query() \

            .filter(UserGroupToPerm.users_group == ug).all()

        assert sorted([[x.users_group_id, x.permission_id, ] for x in perms]) == sorted([[ug.users_group_id, p.permission_id],

                    [ug.users_group_id, p2.permission_id],

                    [ug.users_group_id, p3.permission_id]])

        # DELETE !

        ug = UserGroup.get_by_group_name(users_group_name)

        ugid = ug.users_group_id

        response = self.app.post(url('delete_users_group', id=ug.users_group_id),

            params={'_authentication_token': self.authentication_token()})

        response = response.follow()

        gr = Session().query(UserGroup) \

            .filter(UserGroup.users_group_name == users_group_name).scalar()

        assert gr == None

        p = Permission.get_by_key('hg.create.repository')

        perms = UserGroupToPerm.query() \

            .filter(UserGroupToPerm.users_group_id == ugid).all()

        perms = [[x.users_group_id,

                  x.permission_id, ] for x in perms]

        assert perms == []

    def test_default_perms_enable_repository_fork_on_group(self):

        self.log_user()